Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Codespaces Host Image Version Preference

A GitHub codespace is a development environment provided by a container that runs on a virtual machine (VM). The development environment that the developer works within is defined by the dev container configuration. The VM configuration defines the operating system which builds and runs the dev container. GitHub maintains this VM configuration, and regularly upgrades it to improve security, functionality, and performance.

While our regular security patching does not impact capabilities, occasionally we need to upgrade components that may have an impact on the way the container environment functions in certain cases. Therefore, we are introducing a way to opt into the beta image configuration, allowing you to test the changes in your specific environments and provide feedback before we ship the changes to the stable image.

host image preference screenshot

The upgraded host image is initially made available as a beta release, which enables you to ensure your existing dev container configurations are compatible with the next iteration of the VM configuration. Once enabled, all newly created or resumed codespaces will use the specified host configuration. This enables you to test your configurations without impacting other developers who use the same dev container. You may switch between the beta and stable host configurations at any time. Whenever you switch, all of your subsequently created or resumed codespaces will receive the configuration you specified. Changing this setting does not impact currently running codespaces.

Additional Resources

See more

Upcoming changes to repository insights

Beginning January 8th, 2024, we will be making changes to the repository insights UI and API on GitHub for repositories with over 10,000 commits. The targeted UI and API have very low usage and rely on a legacy service we’re moving away from.

User Interface Updates

We are removing the following data:

  1. Under Insights > Contributors, we are removing addition/deletion counts for repositories with over 10,000 commits, as well as the dropdown that shows the graphs associated with additions and deletions. All the commit counts and commit count graphs will remain unchanged.
Current page Repos with over 10,000 commits after the change is made
The current Insights > Contributors tab The new tab which shows no dropdown for additions and deletions, and no addition and deletion counts
  1. Under Insights > Code Frequency, we will only show data for repos with under 10k commits.
Current page Repos with over 10,000 commits after the change is made
The current Insights > Code Frequency tab which shows a graph of additions and deletions over time The new tab which shows that there are too many commits to generate this graph

REST API Modifications

Alongside the UI changes, the following API changes will be implemented:

  1. The REST API responses for repositories with 10,000+ commits will report 0 values for the addition and deletion counts to improve performance. This impacts the /repos/{owner}/{repo}/stats/contributors endpoint to get all contributor commit activity
  2. The /repos/{owner}/{repo}/stats/code_frequency API endpoint will return a 422 status code for repos with 10,000 or more commits.
    • This is different from the previous two because this endpoint only returns additions/deletions, which we will no longer return for repos with over 10k commits. The previous two endpoints also return the total number of commits, which we will continue to generate.

For users who continue to need detailed addition and deletion statistics for large-scale repositories, we suggest using the following Git command, as described in the Git documentation:

git log --pretty="format:%m%ad----%ae%n%-(trailers:only,unfold)" --date=raw --shortstat --no-renames --no-merges

See more

Enable or disable secret scanning validity checks with the REST API

GitHub Advanced Security users can now use the REST API to enable or disable secret scanning validity checks for a repository, organization, or enterprise. Validity checks retrieve a status for supported tokens from their relevant partner (active, inactive, or unknown). This status is displayed in the secret scanning alert view and the REST API.

See more

Improvements to NuGet support for Dependabot

We have partnered with our sister team at Microsoft to bring some improvements to the NuGet ecosystem for Dependabot updates:

  • Updater logic re-written in C#, making it easier for users of NuGet to contribute to dependabot-core
  • Improvement in detection of where package dependencies are declared in .NET projects
  • Improved support for implicit dependencies
  • Improved support for peer dependencies

Learn more about Dependabot.

See more

Improvements to the homepage feed

 

Weve released the following improvements to your homepage feed.

  1. You now have the option to include or exclude events from starred repositories, in addition to the default events from repositories you sponsor or watch.

       2. You will now see cards for when someone has forked one of your repositories.

See more

GitHub Support Portal will soon require login

We're committed to continually improving your experience with GitHub Support, and part of that commitment involves enhancing the personalization of our services.

Starting December 8, you will need to be signed-in to your GitHub account to access our Support portal. This change will be rolled out gradually to ensure a smooth transition for all our customers. If you already have a GitHub account, please sign in as usual when accessing the Support Portal. If you don't have an account or are unable to sign in, we'll guide you through a simple email verification process.

We're excited about this change and confident that it will make your experience with GitHub Support more secure and personalized.

See more

CodeQL 2.15.3 supports Swift 5.9, improves C# analysis speed

CodeQL 2.15.3 is rolling out to users of GitHub code scanning on github.com this week, and all new functionality will also be included in GHES 3.12. Users of GHES 3.11 or older can upgrade their CodeQL version.

Important changes in this release include:

For a full list of changes, please refer to the complete changelog for version 2.15.3.

See more

Copilot content exclusions – Temporary rollback and upcoming fix

Shortly after releasing Copilot content exclusions on November 8, 2023, our team observed that the feature was causing clients to be incorrectly blocked from using Copilot. This necessitated an immediate rollback of this feature.

What Happened?
Once the feature was enabled for all Copilot Business customers, we observed a spike in errors and some end-users being completely blocked from using Copilot. The problem was related to the way content exclusions policies are fetched from the client.

Current Actions and Next Steps:
Our engineering team is engaged in deploying the necessary fixes. We have identified the faulty code in the client and are also deploying more verifications both server and client side to ensure this does not happen again. However, we want to approach the reintroduction of this feature with caution. Customers who had previously setup a content exclusions configuration are not affected by the rollback.

We expect to re-deploy the feature within the next few weeks.

Join the discussion within GitHub Community.

See more

Dependabot auto-triage rules support CVE IDs and GHSA IDs

Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. We've heard your feedback, which is helping us improve throughout this beta period.

Starting today, you can now create Dependabot auto-triage rules using CVE IDs or GHSA IDs to target subsets of alerts.

How do I learn more?

How do I provide feedback?

Let us know what you think by providing feedback — we’re listening!

See more

Custom Organization Roles are now GA

Organization owners can now create and assign custom organization roles, which grant members and teams specific sets of privileges within the organization. Like custom repository roles, organization roles are made up of one or more fine-grained permissions, such as “read audit logs” or “manage repository rulesets”, and apply to the organization itself rather than the repository. This feature is available in all Enterprise Cloud organizations and will come to GitHub Enterprise Server by version 3.13.

A screenshot of the role creation page, with a new role called "Auditor" that grants access to just the audit log permission.

Today, organization custom roles supports 10 permissions:

Roles can be assigned by an organization owner only, to prevent accidental escalation of privileges, and can be assigned to users and teams. Multiple organization roles can be assigned directly to a user or team. Users and teams inherit roles from the teams they are a part of.

A screenshot showing a user that's assigned to two different roles.

More organization permissions will be built over time, similar to how repository permissions were added as well. If you have a specific permission you’d like to see added please get in touch with your account team or let us know in the discussion below. Everything you can see in the organization settings menu is an option, and we’ll be working with teams across GitHub to get those permissions created.

To learn more about custom organization roles, see “About custom organization roles“, and for the REST APIs to manage and assign these roles programmatically see “Organization roles“. For feedback and suggestions for organization permissions, please join the discussion within GitHub Community.

See more

The GitHub Enterprise Server 3.11 Release Candidate is available

The GitHub Enterprise Server 3.11 release candidate is here

GitHub Enterprise Server 3.11 gives customers more visibility of their instance. Here are some highlights:

  • Code scanning's default setup now does even more to protect your code, by performing scans on a weekly scheudule (in addition to scanning pushes and pull requests) and allowing you to include Swift in your analysis.
  • View repository history using the new Activity view, to see repository activity like pushes, merges, force pushes, tag changes, and branch changes, and associate them with commits and users.
  • The value of secret scanning is now much more clear thanks to push protection metrics that are available in an organization's security overview pages.
  • A GitHub CLI extension for the Manage GitHub Enterprise Server API allows customers to interact with their GitHub Enterprise Server instance via the gh command-line interface.

Release Candidates are a way for you to try the latest features early, and they help us gather feedback to
ensure the release works in your environment. They should be tested on non-production environments.
Read more about the release candidate process.

Read more about GitHub Enterprise Server 3.11 in the release notes,
or download the release candidate now.
If you have any feedback or questions, please contact our Support team.

See more

Dependabot will no longer automatically re-run failed jobs when package manifest changes

We're simplifying how Dependabot operates! Previously, if Dependabot encountered errors in its last run, it would automatically re-run the job when there were changes in the package manifest (like adding or changing dependencies). This often led to Dependabot running more than needed and creating unscheduled pull requests. To streamline the process and stick to the schedules you set, this automated re-run feature is being deprecated.

Dependabot will still run jobs according to your schedule, and you'll have the option to manually trigger jobs whenever necessary.

See more

Codespaces Prebuilds New Region: Australia

In the upcoming days, Codespaces will be adding the Australia region to prebuild configurations under region availability. This will enable users to have prebuilds specifically in Australia.

How do I get access to Prebuilds in the Australia region?

If you would like to have Australia selected as a region, go to your prebuilds and select the Australia region.

What if I already have all regions selected for my Prebuilds?

If you have all regions currently selected you will have all regions except for Australia selected once this change is implemented. This will be change to ensure users do not get billed in a region they do not want.

If you would like to have all regions, including Australia, selected, please go to your prebuilds and select all regions again.

What if I am already using the Southeast Asia as a region?

Prebuild configurations with Southeast Asia already selected as a region with users in Australia may experience decreased codespace creation time as Australia will now be a separate region from Southeast Asia. To continue to get improved codespace creation time, add Australia as a region under region availability.

Please contact support if you have any issues.

See more

GitHub Copilot in the CLI now in public beta

copilot in the cli banner image

Learn your way around the command line with GitHub Copilot by your side!

We’re excited to announce the launch of a brand new GitHub CLI extension that’s now available as public beta — GitHub Copilot in the CLI.

GitHub Copilot in the CLI brings GitHub Copilot right to your terminal, where you can ask it to do things like explain how a command works or suggest a command for a task you want to perform. Learn more about the extension in our docs and provide us your feedback on our repo.

See more

Secret scanning detects generic passwords with AI (limited beta)

Secret scanning will now use AI to detect unstructured passwords in git content and generate an alert. Alerts for passwords appear in a separated tab from regular secret scanning alerts.

Generic secret detection is available for repositories with a GitHub Advanced Security license. The feature is in a limited beta and access will be granted through a waitlist.

screenshot of a secret scanning alert for an AI-detected password

See more

Copilot Content Exclusion is now available in Public Beta

Copilot Content Exclusion is now available in Public Beta

Starting now and over the next few days GitHub Copilot Business customers will be able to prevent specified files or repositories from being used to inform code completion suggestions made by GitHub Copilot. GitHub Copilot will not be available in excluded files. Organization administrators or repository owners can choose which files or repositories are excluded. During the beta program the feature is limited to Copilot Code Completion and VSCode only. Copilot Chat and the other IDEs will shortly follow.

Screenshot of content exclusion settings

You can learn more about Copilot Content Exclusion or join the discussion in the GitHub Community.

See more

Generate custom patterns for secret scanning with AI

Secret scanning has a new, AI-powered regular expression generator for custom patterns. Within the existing custom patterns page, GitHub Advanced Security users can launch a generative AI experience where you input a text description of what pattern you would like to detect, include optional example strings that should be detected, and get matching regular expressions in return.

The generator is in a limited beta and access will be granted through a waitlist.

screenshot of the regular expression generator

See more
View more changes