Dependabot Alerts default permissions: `write` and `maintain` roles

[github-product-roadmap]

Summary

Today by default, only those with the admin role for a repository can view or modify Dependabot alerts. With this change, anyone with write or maintain roles will also have permissions to view and modify Dependabot alerts by default.

Intended Outcome

Starting February 2023, default permissions for Dependabot alerts are changing so that the right collaborators can see and action on Dependabot alerts.

How will it work?

• Based on your repository permissions, if you have write or maintain access, you'll be able to view and action on Dependabot alerts.

• Based on your user notification settings and per-repository watching settings, you'll begin receiving notifications on Dependabot alerts.

You can adjust your user notifications settings and per-repository watching settings to make sure you're receiving notifications on Dependabot alerts for the repositories you care about.

[ankneis]

🚢 This has shipped to dotcom: https://github.blog/changelog/2023-02-07-dependabot-alerts-default-permissions-change.

Leaving open to track GHES release!

[ankneis]

🚢 This has shipped with GHES 3.9: https://docs.github.com/en/enterprise-server@3.9/admin/release-notes. Closing as complete.