Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

We have partnered with our sister team at Microsoft to bring some improvements to the NuGet ecosystem for Dependabot updates:

  • Updater logic re-written in C#, making it easier for users of NuGet to contribute to dependabot-core
  • Improvement in detection of where package dependencies are declared in .NET projects
  • Improved support for implicit dependencies
  • Improved support for peer dependencies

Learn more about Dependabot.

See more

 

Weve released the following improvements to your homepage feed.

  1. You now have the option to include or exclude events from starred repositories, in addition to the default events from repositories you sponsor or watch.

       2. You will now see cards for when someone has forked one of your repositories.

See more

We're committed to continually improving your experience with GitHub Support, and part of that commitment involves enhancing the personalization of our services.

Starting December 8, you will need to be signed-in to your GitHub account to access our Support portal. This change will be rolled out gradually to ensure a smooth transition for all our customers. If you already have a GitHub account, please sign in as usual when accessing the Support Portal. If you don't have an account or are unable to sign in, we'll guide you through a simple email verification process.

We're excited about this change and confident that it will make your experience with GitHub Support more secure and personalized.

See more

CodeQL 2.15.3 is rolling out to users of GitHub code scanning on github.com this week, and all new functionality will also be included in GHES 3.12. Users of GHES 3.11 or older can upgrade their CodeQL version.

Important changes in this release include:

For a full list of changes, please refer to the complete changelog for version 2.15.3.

See more

Shortly after releasing Copilot content exclusions on November 8, 2023, our team observed that the feature was causing clients to be incorrectly blocked from using Copilot. This necessitated an immediate rollback of this feature.

What Happened?
Once the feature was enabled for all Copilot Business customers, we observed a spike in errors and some end-users being completely blocked from using Copilot. The problem was related to the way content exclusions policies are fetched from the client.

Current Actions and Next Steps:
Our engineering team is engaged in deploying the necessary fixes. We have identified the faulty code in the client and are also deploying more verifications both server and client side to ensure this does not happen again. However, we want to approach the reintroduction of this feature with caution. Customers who had previously setup a content exclusions configuration are not affected by the rollback.

We expect to re-deploy the feature within the next few weeks.

Join the discussion within GitHub Community.

See more

Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. We've heard your feedback, which is helping us improve throughout this beta period.

Starting today, you can now create Dependabot auto-triage rules using CVE IDs or GHSA IDs to target subsets of alerts.

How do I learn more?

How do I provide feedback?

Let us know what you think by providing feedback — we’re listening!

See more

Organization owners can now create and assign custom organization roles, which grant members and teams specific sets of privileges within the organization. Like custom repository roles, organization roles are made up of one or more fine-grained permissions, such as “read audit logs” or “manage repository rulesets”, and apply to the organization itself rather than the repository. This feature is available in all Enterprise Cloud organizations and will come to GitHub Enterprise Server by version 3.13.

A screenshot of the role creation page, with a new role called "Auditor" that grants access to just the audit log permission.

Today, organization custom roles supports 10 permissions:

Roles can be assigned by an organization owner only, to prevent accidental escalation of privileges, and can be assigned to users and teams. Multiple organization roles can be assigned directly to a user or team. Users and teams inherit roles from the teams they are a part of.

A screenshot showing a user that's assigned to two different roles.

More organization permissions will be built over time, similar to how repository permissions were added as well. If you have a specific permission you’d like to see added please get in touch with your account team or let us know in the discussion below. Everything you can see in the organization settings menu is an option, and we’ll be working with teams across GitHub to get those permissions created.

To learn more about custom organization roles, see “About custom organization roles“, and for the REST APIs to manage and assign these roles programmatically see “Organization roles“. For feedback and suggestions for organization permissions, please join the discussion within GitHub Community.

See more

The GitHub Enterprise Server 3.11 release candidate is here

GitHub Enterprise Server 3.11 gives customers more visibility of their instance. Here are some highlights:

  • Code scanning's default setup now does even more to protect your code, by performing scans on a weekly scheudule (in addition to scanning pushes and pull requests) and allowing you to include Swift in your analysis.
  • View repository history using the new Activity view, to see repository activity like pushes, merges, force pushes, tag changes, and branch changes, and associate them with commits and users.
  • The value of secret scanning is now much more clear thanks to push protection metrics that are available in an organization's security overview pages.
  • A GitHub CLI extension for the Manage GitHub Enterprise Server API allows customers to interact with their GitHub Enterprise Server instance via the gh command-line interface.

Release Candidates are a way for you to try the latest features early, and they help us gather feedback to
ensure the release works in your environment. They should be tested on non-production environments.
Read more about the release candidate process.

Read more about GitHub Enterprise Server 3.11 in the release notes,
or download the release candidate now.
If you have any feedback or questions, please contact our Support team.

See more

We're simplifying how Dependabot operates! Previously, if Dependabot encountered errors in its last run, it would automatically re-run the job when there were changes in the package manifest (like adding or changing dependencies). This often led to Dependabot running more than needed and creating unscheduled pull requests. To streamline the process and stick to the schedules you set, this automated re-run feature is being deprecated.

Dependabot will still run jobs according to your schedule, and you'll have the option to manually trigger jobs whenever necessary.

See more

In the upcoming days, Codespaces will be adding the Australia region to prebuild configurations under region availability. This will enable users to have prebuilds specifically in Australia.

How do I get access to Prebuilds in the Australia region?

If you would like to have Australia selected as a region, go to your prebuilds and select the Australia region.

What if I already have all regions selected for my Prebuilds?

If you have all regions currently selected you will have all regions except for Australia selected once this change is implemented. This will be change to ensure users do not get billed in a region they do not want.

If you would like to have all regions, including Australia, selected, please go to your prebuilds and select all regions again.

What if I am already using the Southeast Asia as a region?

Prebuild configurations with Southeast Asia already selected as a region with users in Australia may experience decreased codespace creation time as Australia will now be a separate region from Southeast Asia. To continue to get improved codespace creation time, add Australia as a region under region availability.

Please contact support if you have any issues.

See more

copilot in the cli banner image

Learn your way around the command line with GitHub Copilot by your side!

We’re excited to announce the launch of a brand new GitHub CLI extension that’s now available as public beta — GitHub Copilot in the CLI.

GitHub Copilot in the CLI brings GitHub Copilot right to your terminal, where you can ask it to do things like explain how a command works or suggest a command for a task you want to perform. Learn more about the extension in our docs and provide us your feedback on our repo.

See more

Secret scanning will now use AI to detect unstructured passwords in git content and generate an alert. Alerts for passwords appear in a separated tab from regular secret scanning alerts.

Generic secret detection is available for repositories with a GitHub Advanced Security license. The feature is in a limited beta and access will be granted through a waitlist.

screenshot of a secret scanning alert for an AI-detected password

See more

Copilot Content Exclusion is now available in Public Beta

Starting now and over the next few days GitHub Copilot Business customers will be able to prevent specified files or repositories from being used to inform code completion suggestions made by GitHub Copilot. GitHub Copilot will not be available in excluded files. Organization administrators or repository owners can choose which files or repositories are excluded. During the beta program the feature is limited to Copilot Code Completion and VSCode only. Copilot Chat and the other IDEs will shortly follow.

Screenshot of content exclusion settings

You can learn more about Copilot Content Exclusion or join the discussion in the GitHub Community.

See more

Secret scanning has a new, AI-powered regular expression generator for custom patterns. Within the existing custom patterns page, GitHub Advanced Security users can launch a generative AI experience where you input a text description of what pattern you would like to detect, include optional example strings that should be detected, and get matching regular expressions in return.

The generator is in a limited beta and access will be granted through a waitlist.

screenshot of the regular expression generator

See more

GitHub Enterprise Cloud customers that use Enterprise Managed Users (EMUs) can now participate in a public beta for a new user role that has restricted visibility of internal repositories. The guest collaborator role is defined via SCIM and assigned to users by the identity provider. Guest collaborators helps companies who work with contractors and other short-term partners in a flexible and managed fashion on specific projects, while also sharing code and ideas without restrictions amongst full enterprise members. When a guest collaborator is added to an organization they will only receive access to internal visibility repositories within that organization.

add a guest collaborator

Learn more about guest collaborators.

See more

GitHub Enterprise Cloud Enterprise Managed User customers can join a limited beta waitlist to enable individual repository access for users within their enterprise without granting organization membership. This is useful in cases where you intend to limit repository access for a specific user to the least number of repositories and combines well with features like guest collaborators to execute a least privilege access strategy. Any enterprise member is eligible to be added to an organization-owned repository and will result in use of a seat license if the user is not already a member of any other organization.

Learn more about EMU repository access for non organization members and join the waitlist!

See more

Banner announcing the new overview dashboard states prioritization made simple with security insights

A new asset in security management is now available for GitHub enterprise users. Reinforcing the “shift left” philosophy, this feature is designed to integrate security into the heart of the development lifecycle, empowering your organization to proactively identify and address vulnerabilities.

Key advantages

Historical context

By comparing historical and current data, you can visibly track improvements in your security landscape and demonstrate the value of security investments.

Reporting period drop-down menu for the new overview dashboard

Customized focus

Sharpen your focus with filters that dissect your security data by teams, repositories, or any categorization that aligns with your goals. Whether it’s tracking team performance or monitoring metrics across a core group of repositories with the repository topic filter, there’s a plethora of options available to meet your needs.

Drop-down of filters for the new overview dashboard

Prioritization made simple

With clear insights into severity and net resolve rate—security’s version of developer velocity—the dashboard shows you if your resources are aligned with the most severe threats and if remediation speed is in harmony with security demands.

Security alerts trends graph grouped by severity and the net resolve rate tile from the new overview dashboard

Strategic alignment

Gain a strategic perspective with the Repositories “Top 10” list, which shows you repositories with the largest number of open alert counts, to understand where to direct your attention first.

Repositories top 10 list from the new overview dashboard

Shift left

The dashboard, which is accessible by everyone in the organization, helps you drive best security practices by understanding potential issues as early as possible, reducing risk and workload down the line.

New overview dashboard

This overview dashboard is now available as a beta on GitHub Enterprise Cloud and will be available in GitHub Enterprise Server 3.13.

Learn more about the new overview dashboard and send us your feedback

See more