Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Introducing support for multiple GitHub accounts on a single host within the CLI! Log in with your work and personal accounts to manage your projects, wherever they're happening.

To add multiple accounts in the CLI, use the gh auth login command just as before. Now, instead of replacing your previous account, you will see the addition of a new account under gh auth status. This account will be marked as active, to indicate that gh will use it when communicating with GitHub. Run gh auth switch to change the active account, or gh auth logout to remove an account. Further details can be found in the v2.40.0 release notes.

Install or update the GitHub CLI today from your preferred source.

See more

In early November we announced a set of changes to improve troubleshooting SCIM activity at scale for enterprise managed users. Today, we are making each of those changes generally available. No updates were required during the public beta period. The following restates the beta changes that are now GA.

Enterprise audit log fields:

  • New field external_group.update_display_name: Our logs will now capture and report any changes made to an external group's display name.
  • New field external_group.add_member: When a team member is added to an external group, this action will be audit logged.
  • New field external_group.remove_member: When a team member is removed from an external group, this action will be audit logged.
  • Enhancements to external_group.update and external_identity.update to ensure consistency whenever an external group or identity is updated.

The SSO page for each user also now includes SCIM metadata for that user in addition to existing SAML metadata. Check out what's new by filling in this url https://github.com/enterprises/your-enterprise/people/username/sso with your enterprise and a valid username.

Team membership synchronization status checks GitHub's understanding of identity groups against the current members of linked teams. This allows us to flag mismatches for administrators related to license allocation or other concerns.

image

Learn more about external group audit log fields and troubleshooting EMU team memberships.

See more

Today's changelog brings you the general availability (GA) of organization project templates.

🎨 Organization project templates

We've shipped exciting updates that allow you to quickly create, share, and use project templates for your organizations, making it easy to get started with a new project and share inspiration and best practices with others.

🔄 Creating a project template

You can create a project template a few different ways:

  1. Using New template from the "Templates" section found in your organization, team, or repository "Projects" pages
  2. Converting a project to a template by toggling Make template from the project settings page
  3. Making a copy of an existing project or project template

templates section on the Projects index page

Once you set up your project template, any views, fields, workflows, insights, and draft items will be included when using the template or making a copy of it.

With a growing number of project templates within an organization, organization administrators can designate a set of recommended templates from the organization settings page. These will appear as "Recommended" templates when creating a new project, so they are surfaced more prominently to help guide you in the right direction when getting started.

organization recommended templates

Improved experience when creating a project

When you create a new project, you'll notice an improved experience to browse and search across all available templates and choose one to quickly get started. You will find a new set of "Featured" templates provided by GitHub to help you get started depending on your use case for a project, such as the "Team planning" or "Feature release" templates, as well as separate sections for templates from your organization and starting from scratch.

✍️ Tell us what you think!

Join the conversation in the community discussion to share your feedback.

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the documentation.

See more

We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the artifact actions includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.

  • Artifacts will be scoped to a job rather than a workflow. This allows the artifact to become immediately available to download from the API after being uploaded, which was not possible before.
  • Artifacts v4 is not cross-compatible with previous versions. For example, an artifact uploaded using v3 cannot be used with actions/download-artifact@v4.
  • Using upload-artifact@v4 ensures artifacts are immutable, improving performance and protecting objects from corruption, which would often happen with concurrent uploads. Artifacts should be uploaded separately and then downloaded into a single directory using the two new inputs, pattern and merge-multiple, available in download-artifact@v4. These objects can then be re-uploaded as a single artifact.
  • A single job can upload a maximum of 500 artifacts.

Customers will still be able to use v1v3 of the artifact actions. If you wish to upgrade your workflow to use v4, please carefully consider the impact the aforementioned major version changes will have on your project and any downstream dependencies.

Artifacts v4 is only available to GitHub.com customers today but we will be extending support to GitHub Enterprise Server (GHES) customers in the future.

To learn more about what is included in v4, visit the actions/upload-artifact and actions/download-artifact repositories.

See more

A screenshot of the five available types of Markdown alerts

Alerts are a Markdown extension displayed with distinctive colors and icons to indicate the significance of the content. Five different types of alerts are supported:

  • Note: Useful information that users should know, even when skimming content.
  • Tip: Helpful advice for doing things better or more easily.
  • Important: Key information users need to know to achieve their goal.
  • Warning: Urgent info that needs immediate user attention to avoid problems.
  • Caution: Advises about risks or negative outcomes of certain actions.

Learn more about how to use them within your Markdown content in the documentation.

See more

In the secret scanning list view, you can now apply a filter to display alerts that are the result of having bypassed push protection. This filter can be applied at the repository, organization, and enterprise levels from the sort menu in the list view UI or by adding bypassed:true to the search bar.

See more

CodeQL 2.15.4 is rolling out to users of GitHub code scanning on github.com this week, and all new functionality will also be included in GHES 3.12. Users of GHES 3.11 or older can upgrade their CodeQL version.

Important changes in this release include:

  • Performance improvements on large runners (instances with 8 to 16 vCPUs) lead to a reduction in end to end analysis time between 5% and 15%, due to more effective parallelization. Where possible, upgrading to larger instances is recommend for projects that currently use 4 or fewer vCPUs and take more than 10 minutes to analyze.
  • Analysis times for C and C++ code bases of any size are reduced on average by 6%
  • TypeScript 5.3, Java 21 and Python 3.12 are now supported.
  • We have resolved a problem causing scan timeouts on macOS (the default for Swift analysis). This problem affected up to 10% of scans for some projects. Although timeouts may still occur, they are now expected in less than 0.5% of scans. We are actively addressing the remaining issues.

For a full list of changes, please refer to the complete changelog for version 2.15.4.

See more

In January, GitHub Classroom will begin a public beta that will change the way student repositories are created from starter code repositories. Currently, starter code repositories must be template repositories, and GitHub Classroom creates a repository from a template for each student repository. After the change, student repositories will be created by forking the starter code repository.

This change allows us to enable one of our most-requested features from teachers: the ability to change starter code after an assignment has been accepted by students. Students will be able to sync their assignment repository with the upstream starter code, allowing teachers to correct starter code mistakes or add additional content after the assignment has gone live to students.

Because there are important differences between creating a repository from a template and forking a repository, there will be important changes in behavior for both new and existing assignments in GitHub Classroom. We recommend reviewing the following new behaviors and making adjustments to your assignments if necessary.

Important Changes starting in January

  • All new accepted assignments will be forks, including existing assignments that were created with a template repository. Existing assignment repositories will not be changed, so they will not be able to sync changes from upstream.
  • Starter code assignments cannot be empty. If you are using a starter code repository without any commits, students will not be able to accept your assignment. GitHub Classroom will enforce this requirement for new assignments, but you will need to manually create an initial commit to existing empty starter code repositories in order for students to accept assignments.
  • Starter code commits will no longer be automatically squashed in student repos. A new fork includes the entire commit history of the parent repository, while a repository created from a template starts with a single commit. This can affect teachers who may have assignment solutions in the commit history of the starter code. We recommend using Git on the command line or GitHub Desktop to squash commits of starter code repositories prior to distributing assignments to students if you previously had solutions filled-in the starter code.
  • Student repository visibility will be inherited from the starter code repository. Forks of public repositories cannot be made private on GitHub. As a result, if you wish to use a public template repository as starter code for an assignment where student repositories should remain private, we recommend creating a new repository from the public template and setting it to private prior to using it as starter code in a GitHub Classroom assignment.

Be on the lookout for another Changelog post when the public beta begins. Join the conversation in our Education community discussions for further clarifications.

See more

Reduce pull request noise and fix multiple security alerts at once with Dependabot grouped security updates.

Starting today, you can enable grouped security updates for Dependabot at the repository or organization-level. When you click “Enable” for this feature, Dependabot will collect all available security updates in a repository and attempt to open one pull request with all of them, per ecosystem, across directories. There is no further configuration available at this time.

Known limitations

  • Dependabot will NOT group across ecosystem (e.g. it will not group pip updates and npm updates together)
  • Dependabot WILL group across directories (e.g. if you have multiple package.json’s in different directories in the same repository)
  • If you have version updates enabled as well, Dependabot will NOT group security updates with version updates
  • If you use grouping for version updates, your groups configuration in dependabot.yml will NOT apply to security updates

To enable this feature, go to your repository or organization settings page, then go to the Code security and analysis tab, and click "Enable" for grouped security updates (this also requires each affected repository to enable Dependency graph, Dependabot alerts, and Dependabot security updates). When you enable this feature, Dependabot will immediately attempt to create grouped security pull requests for any available security updates in your repository.

We'd love to hear your feedback as you try this feature! Join the discussion within GitHub Community.

See more

We are rolling out a few minor updates to the user experience for GitHub repositories starting today, in order to be more responsive, performant and more easily accessed by a broader range of users.

Repository Overview:
Screenshot of repository overview page showing entering a letter to expand to go to file menu.

  • Go to file: Quickly get to the file you want from the top of every repository using our existing code search and navigation experience.
  • Special files: If you have Code of Conduct, License, or Security files in your repository, they are now shown in tabs alongside your README.

Branches:
Screenshot of branches page showing the overview tab for branches of GitHub Docs repos.

  • Status checks: At a glance, see the status checks’ details on any branch.
  • Stale Branches: The overview page for branches no longer defaults to showing stale branches to improve load times. You can still easily see stale branches by clicking the “Stale branches” tab.

Commits:
Screenshot of Commits page filtered by date and user.

  • Filters: New commits filters allow you to sort by users or limit results to specific date ranges.

These changes have been in a feature preview for the past few months and thanks to community insights, we’ve made several improvements that allowed us to now exit the preview, and bring these enhancements to everyone on GitHub. Join the conversation about this release in the community discussion.

See more

In October, we launched the beta of Repository Custom Properties, enabling you to attach key-value pairs to repositories in your organizations. Among many scenarios, one of the key components we had envisioned was the ability to filter your repository properties. Making it easier to find exactly the set of repositories you were looking for.

Starting today, you can enable a new list view for repositories. This update improves accessibility and performance and introduces a new filter bar supporting properties.

To enable select New organization repositories view option in the feature preview dialog.

PNG Custom Properties Feature Preview.

Learn more about managing custom properties for your organization and managing rulesets for your organization.

Head over to the community discussions to share your feedback.

See more

GitHub Enterprise Server 3.11 is generally available

GitHub Enterprise Server 3.11 is now generally available.
With this version, customers have access to tools and features that provide a better understanding and visibility into the security of their code.

Highlights of this version include:

  • Scale your application security testing with code scanning's default setup, which now helps you to schedule weekly scans and deploy across your organization in just a few clicks.
  • The new Activity view makes viewing repository history much easier by showing activities like pushes, merges, force pushes, tag changes, and branch changes.
  • Prevent secret leaks with data-driven insights and new metrics on secret leak prevention in security overview.
  • A GitHub CLI extension for the Manage GitHub Enterprise Server API to interact with your GitHub Enterprise Server instance via the gh command-line interface.

To learn more about GitHub Enterprise Server 3.11 read the release notes,
or download it now.
If you have any feedback or questions, please contact our Support team.

See more

GitHub Codespaces recently released multiple updates to improve visibility into monthly spend:

  • Organization administrators whose organization's codespace usage is paid for by the enterprise can now see month-to-date spending in their organization, even though their organization is not directly paying for this usage.
  • All organization administrators with access to billing reports can now see projected codespaces spend in the month. This calculation is an estimate based on the past seven days of codespace usage.

org admin billing screen with projected usage

With these improvements, organization administrators can get a better sense of how large of a bill they can expect to pay at the end of the month, and remain aware of how much they are billing back to their enterprise.

Additional Resources

See more

Today's changelog introduces a new global page to find all of your projects!

🌐 Global Projects page

You will now find all of your relevant and commonly used projects in a single place at github.com/projects. This page is found from the global navigation menu under Projects and can be used to find projects you've recently viewed or created, regardless of the organization or where they live. No more searching across organizations and tabs for the project you are looking for!

Bug fixes and improvements

  • Improved the table column ... menu and configuration options
  • Included Field sum configurations when copying a project or using a project template
  • Fixed a bug where uploaded files were not rendering in the project README or draft items
  • Fixed a bug where items could not be added to an empty roadmap view with a Group by field
  • Fixed a bug where invalid chart configurations prevented copying a project or using a project template
  • Fixed a bug where setting a project as a template gave an error message

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

Questions or suggestions? Join the conversation in the community discussion.

See more

This month, we made some big improvements to GitHub Copilot! Copilot Chat is now powered by GPT-4 and we updated the model used to detect off-topic chat queries. In VS Code, we are announcing the public beta of code referencing. We also introduced “agents” and the ability to generate commit messages with Copilot. In addition, we improved the context for explaining code and updated the Copilot menu UI. In JetBrains IDEs, we introduced partial acceptance of code suggestions.

Copilot Chat is powered by GPT4

We upgraded the Copilot Chat experience, bringing more accurate and useful code suggestions with OpenAI‘s GPT4 model.

Offtopic model improvements for Copilot Chat

As part of our safety featuresweve improved our off-topic model to detect chat queries which do not relate to programming. This should result in significantly fewer filtered responses.

Code referencing in VS Code is now in Public Beta

In August, we announced the Private Beta of code referencing in VS CodeThis feature searches across billions of files on public GitHub repositories for code that matches a Copilot suggestionSince then, we’ve heard your feedback, and we’re shipping with a new and redesigned experience. One of the top points of feedback was that the original flow resulted in too many notifications. To fix this, if theres a matchusers will find its information displayed in the Copilot console log, including where the match occurred, any applicable licensesand a deep link to learn more. If you are interested in code references, you can refer to the window, otherwise, it won’t be in your way.

The deep link will now take you to a navigable page on GitHub.com to browse examples of the code match and their repository licensesand see how many repositories — including ones without licenses — that code appears in, as well as links to those repositories.

Learn more about Copilot code referencing and let us know your thoughts in the GitHub Community!

Introducing “agents” in Copilot Chat in VS Code

We have introduced a new capability called “agents” to enhance your interaction with Copilot Chat. Agents are like specialized experts who can assist you with specific tasks. You can mention them in the chat using the @ symbol. Currently, there are two agents available:

  • @workspace: This agent has knowledge about the code in your workspace and can help you navigate it by finding relevant files or classes. The @workspace agent uses a meta prompt to determine what information to collect from the workspace to help answer your question.
  • @vscode: This agent is knowledgeable about commands and features in the VS Code editor itself, and can assist you in using them.

Each agent also supports slash commandsThe slash commands you may have used before should now be used with an agent. For example, /explain is now @workspace /explain.

Read more in the VS Code release notes.

Improved explanation context in Copilot Chat in VS Code

You can ask Copilot Chat to explain a code selection in your active editor either through the @workspace /explain command or through the “Explain with Copilot” action in the context menu. Copilot Chat has now integrated implementations of referenced symbolssuch as functions and classes, which leads to explanations that are more precise and useful. This works best across files when you have an extension contributing language services installed for one of the following languages: TypeScript/JavaScript, Python, Java, C#, C++, Go, or Ruby.

Commit message generation using Copilot in VS Code

Copilot can now generate commit messages based on the pending changes using the new “sparkle” action in the Source Control input box.

Updated Copilot menu in VS Code

Our Copilot menu in VS Code is now more visible and aligned with our design for JetBrains IDEs. It is now easier to understand the current status of Copilot, access the various settings or documentation.

The new menu is displayed when clicking on the Copilot icon in the lower right corner in the statusbar of VS Code.

JetBrains partial acceptance for code suggestions

The Copilot extension for JetBrains IDEs has leveled up! You now have the flexibility to incorporate code suggestions piece by piece, whether that’s word-by-word or line-by-line. Feel free to customize these shortcuts as you preferHappy coding!

We welcome your feedback on Copilot! Please join the discussion in the GitHub Community.

See more

A GitHub codespace is a development environment provided by a container that runs on a virtual machine (VM). The development environment that the developer works within is defined by the dev container configuration. The VM configuration defines the operating system which builds and runs the dev container. GitHub maintains this VM configuration, and regularly upgrades it to improve security, functionality, and performance.

While our regular security patching does not impact capabilities, occasionally we need to upgrade components that may have an impact on the way the container environment functions in certain cases. Therefore, we are introducing a way to opt into the beta image configuration, allowing you to test the changes in your specific environments and provide feedback before we ship the changes to the stable image.

host image preference screenshot

The upgraded host image is initially made available as a beta release, which enables you to ensure your existing dev container configurations are compatible with the next iteration of the VM configuration. Once enabled, all newly created or resumed codespaces will use the specified host configuration. This enables you to test your configurations without impacting other developers who use the same dev container. You may switch between the beta and stable host configurations at any time. Whenever you switch, all of your subsequently created or resumed codespaces will receive the configuration you specified. Changing this setting does not impact currently running codespaces.

Additional Resources

See more

Beginning January 8th, 2024, we will be making changes to the repository insights UI and API on GitHub for repositories with over 10,000 commits. The targeted UI and API have very low usage and rely on a legacy service we’re moving away from.

User Interface Updates

We are removing the following data:

  1. Under Insights > Contributors, we are removing addition/deletion counts for repositories with over 10,000 commits, as well as the dropdown that shows the graphs associated with additions and deletions. All the commit counts and commit count graphs will remain unchanged.
Current page Repos with over 10,000 commits after the change is made
The current Insights > Contributors tab The new tab which shows no dropdown for additions and deletions, and no addition and deletion counts
  1. Under Insights > Code Frequency, we will only show data for repos with under 10k commits.
Current page Repos with over 10,000 commits after the change is made
The current Insights > Code Frequency tab which shows a graph of additions and deletions over time The new tab which shows that there are too many commits to generate this graph

REST API Modifications

Alongside the UI changes, the following API changes will be implemented:

  1. The REST API responses for repositories with 10,000+ commits will report 0 values for the addition and deletion counts to improve performance. This impacts the /repos/{owner}/{repo}/stats/contributors endpoint to get all contributor commit activity
  2. The /repos/{owner}/{repo}/stats/code_frequency API endpoint will return a 422 status code for repos with 10,000 or more commits.
    • This is different from the previous two because this endpoint only returns additions/deletions, which we will no longer return for repos with over 10k commits. The previous two endpoints also return the total number of commits, which we will continue to generate.

For users who continue to need detailed addition and deletion statistics for large-scale repositories, we suggest using the following Git command, as described in the Git documentation:

git log --pretty="format:%m%ad----%ae%n%-(trailers:only,unfold)" --date=raw --shortstat --no-renames --no-merges

See more

GitHub Advanced Security users can now use the REST API to enable or disable secret scanning validity checks for a repository, organization, or enterprise. Validity checks retrieve a status for supported tokens from their relevant partner (active, inactive, or unknown). This status is displayed in the secret scanning alert view and the REST API.

See more