Security & supply chainDependabot can finally pull from private GitHub Packages without a PAT
GitHub gave Dependabot its own GITHUB_TOKEN access to private GitHub Packages and GHCR, retiring one of the most awkward credentials in any CI setup. For pipeline owners, that closes a quiet but persistent rotation tax.