The new GitHub Issues – April 7th update

Our latest updates to the projects (beta) experience include the highly requested ability to bulk add issues and pull requests to a project as well as an explorable archive and a new GitHub Action! ✨

✅ Bulk add issues and pull requests

Selecting one or more items from either the issues or pull requests repository index pages now provides the option to bulk add to a project. When items are selected, the top menu bar will now includes the option Projects (Beta) where you can select any of your available projects to add your issues and pull requests to.

 

🧭 Explorable archive

Archiving allows you to keep long lived projects focused on upcoming ideas while preserving custom metadata if an item is no longer relevant (for example, it is part of a completed iteration).

​With our new explorable archive you can:

  • Use the filter bar to quickly parse through all the items in your archive.
  • Automatically bulk restore or bulk delete items from the project archive.
  • From today forward, you’ll be able to see who archived an item and when it was archived.

🪄 “Auto-add to project” GitHub Action

We’ve released a beta version of an official GitHub Action for automatically adding newly opened, labeled or transferred issues and pull requests to a project.

Adding issues or pull requests to your project is as easy as creating a simple workflow in your target repository and watching the issues and pull requests auto-magically 🪄 roll in.

Check it out in the GitHub Marketplace or go straight to the README.

✨ Bug fixes & improvements

Other changes include:

  • Bug fix for pull requests to open in a new browser tab by default when selected from a project (this now matches the current behavior for issues).
  • Minor updates to the draft issue editing experience to align it with the current issues experience. Additional updates to improve this further are coming soon.
  • Projects (beta) now appear under the repositories section of the projects picker, making it easier to add an issue or pull request directly to a project.

See how to use GitHub for project planning with GitHub Issues, check out what’s on the roadmap, and learn more in the docs.

The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their repository, organization, or enterprise level custom patterns for security and compliance audits.

New events will be added to the audit log when a custom pattern is created, updated, or deleted.

See more

A new DependabotUpdate GraphQL object connects the relevant repository's Dependabot alert(s) – aka vulnerabilityAlerts – to the Dependabot generated pull request or error.

query($repo_owner:String!, $repo_name:String!) {
  repository(owner: $repo_owner, name: $repo_name) {
    vulnerabilityAlerts(first: 1) {
      nodes {
        dependabotUpdate {
          pullRequest {
            number
            title
          }
        }
      }
    }
  }
}
{
  "data": {
    "repository": {
      "vulnerabilityAlerts": {
        "nodes": [
          {
            "dependabotUpdate": {
              "pullRequest": {
                "number": 4772,
                "title": "build(deps): bump object-path from 0.11.5 to 0.11.8 in /npm_and_yarn/helpers"
              }
            }
          }
        ]
      }
    }
  }
}

In some cases, Dependabot fails to open a pull request. Previously, the error message that Dependabot generated was only visible in the Dependabot Alerts section of the Security tab.

Screenshot of Dependabot Security Tab

Now, if Dependabot runs into an error when trying to open a pull request for a Dependabot alert, you can see the error in the API.

query($repo_owner:String!, $repo_name:String!) {
  repository(owner: $repo_owner, name: $repo_name) {
    vulnerabilityAlerts(first: 1) {
      nodes {
        dependabotUpdate {
          pullRequest {
            number
            title
          }
          error {
            title
            body
            errorType
          }
        }
      }
    }
  }
}
{
  "data": {
    "repository": {
      "vulnerabilityAlerts": {
        "nodes": [
          {
            "dependabotUpdate": {
              "pullRequest": null,
              "error": {
                "title": "Dependabot cannot update braces to a non-vulnerable version",
                "body": "The latest possible version of braces that can be installed is `1.8.5`.\n\nThe earliest fixed version is `2.3.1`.",
                "errorType": "security_update_not_possible"
              }
            }
          }
        ]
      }
    }
  }
}

We want your feedback! Let us know how you are using DependabotUpdate and give us your feedback in this GitHub discussion.

See the full API documentation in our GraphQL docs.

See more