Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

You can now use the REST API to get global security advisories from the Advisory Database. This makes it easy to get access to the Advisory Database's free, open source list of actionable security advisories and CVEs which include machine readable mappings to the ecosystem, package name, and affected versions of impacted software.

Learn more about GitHub's global security advisories and the Advisory Database.

See more

Today's Changelog brings you board swimlanes and the ability to create issues in repository groups!

🏊 Board swimlanes

You can now configure swimlanes on your boards by selecting a Group by field from the view configuration menu. This allows you to break up your items by different workstreams, team members, or priorities, similar to groups on tables and roadmaps. Drag and drop your items between columns and groups to quickly make adjustments, or add a new item directly.

swimlane

➕ Create issues in repository groups

You can now create issues when grouped by Repository on the table and roadmap layout. Click Create new issue or start typing the title to get started.

repo_groups

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

Questions or suggestions? Join the conversation in the community discussion.

See more

CodeQL is the analysis engine that powers GitHub code scanning for over 100,000 repositories. We continuously improve our analysis capabilities, language support and performance to help open source developers and enterprises catch vulnerabilities before they make their way into production code. CodeQL is also an instrumental tool for the security researcher community and was used to identify 36 new CVE.

We release updates and improvements for CodeQL on a regular basis. We don’t get to call out all the improvements, but we want to highlight some of the most important updates we’ve shipped for CodeQL in the first half of the year:

  • Shortly before WWDC in June, we added beta support for Swift, which together with Kotlin completes CodeQL’s support for next-generation mobile development.
  • We’ve updated CodeQL to support these new language versions (view all): Swift 5.8.1, C#11 , .NET 7, Kotlin 1.8, Go 1.20, TypeScript 5.0 & 5.1, Ruby 3.2, Java 20.
  • We saw a 16% average performance improvement for CodeQL analyses.
  • We improved CodeQL modelling for popular Ruby libraries (SQLite, MySQL, Rack) and added coverage for more than 5000 API methods in Java, increasing analysis coverage and reducing false negatives.
  • We released a new mechanism called default setup, to configure CodeQL at the repo and the organization level.
  • We added 4 new memory-corruption queries for C/C++, 6 new queries for Java, 1 for Python and adjusted over 100 queries across all languages.
  • We started showing actionable information on the tool status page.
  • Enabled scanning Python repositories without installing dependencies.
  • We made the release process faster, 1 week, and optimised the roll-out strategy to get you on the latest release as quick as possible, benefiting from the latest updates in CodeQL.
  • Deprecated CodeQL Action v1 and enabled Dependabot to automatically move you to a newer version.

These features have been shipped across multiple versions of CodeQL from 2.12.0 up to 2.14.0, which are shipped with GHES 3.9 and upcoming 3.10. All users of CodeQL code scanning on GitHub.com automatically benefit from the latest improvements.

See more

Today, we are announcing public beta of the new experience for deployments across environments. 🎉

Developers and DevOps managers can now view and track the full history of deployments in a repository or filter them across environments to:

  • view active deployments across various environments and navigate to the deployment URLs or
  • understand who and what commits, PRs triggered a deployment in a given environment or
  • monitor the deployment status and duration of deployments or
  • trace any deployment to its source workflow and view logs to diagnose any issues or review any pending approvals etc.

New Deployment views

Learn more about viewing deployments in your repository through our documentation and watching this video.

For questions, visit the GitHub Actions community.
To see what’s next for Actions, visit our public roadmap.

See more

Starting today, publishing with provenance is restricted to public source repositories only. Private source repositories are no longer supported for use with provenance for public packages.

As announced on July 11, 2023: npm will verify the linked source commit and repository when users view a package's provenance information on npmjs.com. If the linked source commit or repository cannot be found, an error will be displayed. This can occur if a repository is deleted or if it is made private.

Read more about viewing npm provenance and publishing with provenance.

See more

GitHub Codespaces has introduced new access and ownership settings, providing organizations more granular control over which members and outside collaborators are able to create codespaces on organization-owned private and internal repositories.

Screenshot of an organization's Codespaces settings page. Sections titled “Codespaces access” and “Codespaces ownership” contain radio buttons for various options.

Owners of organizations on the Team or Enterprise plan can now select which of their organization's members or collaborators are allowed to use GitHub Codespaces on organization-owned private and internal repositories. In order to use GitHub Codespaces, an organization member or collaborator will need explicit access to GitHub Codespaces and either write or fork permissions on the repository.

Any members or collaborators not explicitly granted access will not be allowed to use GitHub Codespaces within the organization's private or internal repositories. Those members or collaborators may still use codespaces on public repositories owned by the organization, like any other GitHub user.

Screenshot of the Codespace ownership settings section, with radio buttons labeled “Organization ownership” and “User ownership.”

Additionally, organization administrators can select whether member or collaborator codespaces fall under organization or user ownership. Codespaces ownership dictates who pays for a codespace, which policies are applied, and where audit logs from codespace usage are sent. For organization owned codespaces, the organization pays for the codespace, organization policies apply, and the logs are sent to the organization. For an organization to own any codespaces, the organization administrator will need to set a spending limit in order to enable GitHub Codespaces within their organization. Enterprise Managed Users are not able to create user owned codespaces because their usage must be paid for by the enterprise.

Additional Resources

See more

On October 11, 2022, we annouced plans to deprecate the save-state and set-output workflow commands on May 31, 2023. We have since decided to postpone the removal given the amount of usage we are still seeing with these commands.

Workflows using save-state or set-output in their workflows will continue to work as expected, however, a warning will appear under annotations indicating the planned deprecation. We recommend customers using these commands to upgrade their workflows to use environment files.

For more information on environment files, please check out our documentation. To see what's next for Actions, visit our public roadmap.

See more

Repository rules are now generally available on GitHub.com.

Screenshot of Repository Rules overview

Repository rules allow you to easily govern protections for branches and tags on your repositories. Repository collaborators also gain access to see what rules are in place via the Web, git client, and the GitHub CLI.

For GitHub Enterprise Cloud customer, you gain the ability to enforce branch and tag protections across repositories in your organization. As well as insights on rule enforcement, evaluation mode to test rules before enforcing them and governance around commit messages.

Check out the blog post to learn more about repository rules. And if you have feedback, please share and let us know in our feedback discussion.

See more

Today's Changelog includes updates to project templates, a pinned item side panel, and pull request support in tasklists!

🎨 Project template updates

Since we announced the public beta of project templates for organizations, we've made improvements to what is included in a template. Any configured workflows (other than the Auto-add to project workflow), project insights, and custom fields for draft items are now included when you use a project template or make a copy of a project.

Select a template when creating a new project to see a preview of what is included.

template dialog

As we continue to build out more functionality for project templates we would love your feedback and to hear more about your experiences and requests. Check out the documentation for more details.

📌 Pinned item side panel

You can now pin the item side panel in your project by selecting the pin icon in the top right corner. This allows for triage mode where you can interact with the project view while an item remains open in the side panel.

image

🏗 Tasklists: pull request support + bug fixes and improvements

Tasklists now support pull requests as items and you can create tasklists inside of pull requests! If you have already been putting tasklists into pull requests only to have them fail on you, failure no more. ✨

We've also made the following improvements to tasklists:

  • You can now drag and drop issues between groups when grouped by Tracked by
  • Text in issue hovercards for issues with tasklists now correctly renders issue descriptions
  • We improved the rendering of tasklists in email notifications
  • Tasklists no longer cause legacy task lists to be "off by 1"
  • Clicking Esc after selecting a single-line metadata menu now maintains the focus
  • Long URLs no longer extend past the borders of tasklists

🤸 Reorder fields in settings

You can now reorder your custom fields in the project settings by dragging and dropping them in the list to update the order that they appear in the item side panel and on the issue page. Once you've rearranged your fields, open an issue in the side panel to see your changes!

Bug fixes and improvements

  • Using Delete or pasting an empty value now clears the cell on the table layout
  • You can now undo drag and drop actions and archiving of an item using Command/Ctrl + Z
  • Fixed a bug where switching between views autoscrolled you to the right

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

You now have the option to select either the "Extended" or "Default" query suite when setting up code scanning with default setup for eligible repositories within your organization.

The multi-repo enablement panel on the security coverage page with a focus on code scanning enablement and the new query suite selection menu

Code scanning's default query suite has been carefully designed to ensure that it looks for the security issues most relevant to developers, whilst also minimizing the occurrence of false positive results. However, if you and your developers are interested in seeing a wider range of alerts, you can enable the extended query suite. This suite includes everything from the default query suite, plus additional queries with slightly lower precision and severity.

Choose a query suite

The query suite selection can be made whenever you enable code scanning with default setup:

  • When using "Enable all" on the organization settings page.
  • When enabling a single or multiple repositories on the security coverage page.
  • When enabling on a repository's settings page.
  • When using the "Enable or disable a security feature for an organization" endpoint.

Previously, our system would automatically choose the default query suite when you enabled code scanning with default setup. Now, you can choose either the extended or default query suite.

Recommend a query suite

Additionally, you can specify either the extended or default query suite as the preferred choice for your organization. This preference determines which query suite is "recommended" when a user is enabling code scanning setup with default setup.

The recommended setting for code scanning query suites and the resulting recommended tag on the organization settings page

These improvements have shipped to GitHub.com and will be available in GitHub Enterprise Server 3.11.

Learn more about configuring default setup for code scanning and send us your feedback
Learn more about GitHub Advanced Security

See more

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Defined to scan for their tokens and help secure our mutual users on public repositories. Defined tokens allow users to access various administrative functions of their managed mesh networking offerings. GitHub will forward access tokens found in public repositories to Defined, which will then email the user. You can read more information about Defined's tokens here.

All users can scan for and block Defined's tokens from entering their public repositories for free with push protection. GitHub Advanced Security customers can also scan for and block Defined tokens in their private repositories.

See more

At GitHub, we store multiple copies of every Git repository our customers push up. Every once in a while, one copy of a Git repository can wind up in a broken state. Usually, our maintenance processes fix the copy automatically, and no one ever notices the problem. Under very rare circumstances, the automation is unable to fix the problem, requiring manual intervention. To prevent further damage from accruing, the automation marks the repository "broken" and doesn't allow further changes (pushes or maintenance).

The GitHub web interface has long shown an informative message informing viewers that the repository is broken. With this change, the Git client will also receive a similar message. Previously, Git would report an unactionable, confusing, and very low-level error such as "fatal: bad tree object 3c8f2e6c8252929ce8334d52bd33b2bc358e7e4c".

See more

Today, we're launching public beta support for Bitbucket Server and Bitbucket Data Center migrations in GitHub Enterprise Importer.

You can now easily use GitHub Enterprise Importer to migrate your source code, revision history, pull requests, reviews and comments when moving to GitHub from your self-hosted Bitbucket instance.

For a step-by-step guide on migrating from Bitbucket Server or Bitbucket Data Center, check out "Migrating repositories from Bitbucket Server to GitHub Enterprise Cloud" in the GitHub Docs.

We'd love to hear your feedback and questions; join us in the Community Discussion!

See more

Node12 has been out of support since April 2022. As a result we started the deprecation process of Node12 for GitHub Actions by migrating all actions to run on Node16 on June 14th.
We have seen no major issues reported and a minimal number of people opted out of the forced upgrade to Node16. Given this, we will remove Node12 from the Actions runner on the 14th of August 2023.

What you need to do

For Actions maintainers: Update your actions to run on Node16 instead of Node12 (Actions configuration settings)
For Actions users: Update your workflows with latest versions of the actions which runs on Node16 (Using versions for Actions)

See more

We continue our momentum with new capabilities for administrators and many improvements to Chat in our Visual Studio Code and Visual Studio extensions.

🤖 Automate GitHub Copilot access for your organization with User Management API (beta)

Note: This API is in Beta and is subject to change based on feedback.

Since the availability of GitHub Copilot for Business, we’ve heard feedback that assigning GitHub Copilot licenses to large sets of users through the UI can be tedious and time-consuming, particularly if you need to leverage Teams for your permissions management. Additionally, there has yet to be a way to routinely collect a list of stale users and revoke their access – forcing admins to spend precious time reviewing page after page of users’ last activity date and individually pruning access.

With the new User Management API for Copilot for Business, admins can list all Copilot-enabled organization members with their details and add/remove access for individuals and teams. This allows them to automate access at scale, fitting the company’s process and needs. Be sure to authenticate using an access token with the new manage_billing:copilot scope to get started.

Check out our documentation to try it out today and leave feedback for us in our Discussion post!

✍️ New Create commands in Visual Studio Code 1.80

To help you create projects and notebooks and search for text in your workspace, we have introduced preview-only slash commands in the Chat view.

Note: To get access to the Chat view, inline chat, and slash commands (for example /search/createWorkspace), sign up for the GitHub Copilot chat waitlist and install the Pre-Release version of the GitHub Copilot extension.

Create workspaces

You can ask Copilot to create workspaces for popular project types with the /createWorkspace slash command. Copilot will first generate a directory structure for your request.

Create workspaces

You can then use the Create Workspace button to create and open the project directory as a new workspace.

Create notebooks

You can ask Copilot to create Jupyter notebooks based on your requirements with the /createNotebook slash command. Copilot will generate an outline of the notebook based on your needs.

You can then use the Create Notebook command to create the notebook and fill in the code cells based on the suggested outline.

Visual Studio extension improvements

  • Better support for other programming languages – We have improved the quality of the results of questions for XAML, Blazor, C++, etc.
  • Save & Restore chat history – This prevents the user from losing the discussion/chat whenever they close Visual Studio. It is now persisted and restored.
  • Clear chat history – added the ability to clear the chat history so context from previous conversations is not considered in the prompt and answer by Copilot.
  • Multiline prompt box – We improved the prompt input to allow users to ask more extended questions easily.
  • Streaming support for displaying content in the Chat tool window – We have added streaming support to all chat experiences.
  • Specific insertions for test generation – Test generation sometimes requires insertion into separate files or projects. We now support special handling through action buttons in the chat window.
  • Quality of life updates – better context, UI refresh, and error messages throughout the Chat experiences.

Context-aware actions shown based on embeddings

We are introducing context-aware actions like documentation, explanation, and generating tests. These actions take the existing inline context and craft specific intents to provide an optimal and magical experience on those tasks.

Context-aware actions shown based on embeddings

Analyze method with GitHub Copilot in CPU usage tool

When triggered, Copilot Chat will explain why the issue occurred and suggest a fix. These show up in the diagnostics experience. These require using preview versions of Visual Studio.

Analyze method with GitHub Copilot in CPU usage tool

To learn more about Copilot and take full advantage of all of its power, visit our YouTube Copilot playlist. To sign up, see our Copilot features page.

See more

Codespaces is updating the domain used for forwarded ports

Starting in August, Codespaces will be updating web client port forwarding to improve security, reliability, and performance for users. As part of this update, the URL for forwarded ports will change from https://*.preview.app.github.dev to https://*.app.github.dev.

To prepare for this change, replace any hardcoded references to preview.app.github.dev in your code with the GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN environment variable by July 31 to avoid any disruptions. The environment variable value will be updated from preview.app.github.dev to app.github.dev when the migration completes. Learn more about environments variables here.

See more

Today's Changelog brings you sorting improvements, the ability to select a template or form when creating a new issue from your project and adding a new option to a single select field from the side panel!

🗄 Improvements to sorting fields

You can now sort items in a view using two different fields. Select Sort by in the view menu and select a primary sort field, and then hold down Alt (Option on MacOS) to select the secondary sort field.

Accessing issue templates in Projects

When creating a new issue directly from a project, you can now choose an issue template or form to apply.

Simply use the + button in the project omnibar and select Create new issue to get started.

image shows a number of options for different issue templates and forms

Adding a new single-select field option from the side panel

We've updated the side panel so that you can add a new option when editing a single-select field. Start typing and you'll be prompted to add a new option if the text doesn't match an existing option.

Bug fixes and improvements

  • Items can now be dragged into collapsed groups in the roadmap layout
  • Empty cells can now be copied and pasted in the table layout
  • Export view data now includes the URL for issues and pull requests
  • Emojis now render in the browser tab title
  • Fixed a bug where you could not copy and paste Assignee information outside of a project
  • Fixed a bug where you could not use Tab to navigate Assignee values on board items
  • Your classic project link now has a working URL after completing migration

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

Swiftly add content to new issues on GitHub Mobile

Introducing a new way of adding metadata while creating issues on GitHub Mobile

We are excited to enhance the Issue creation experience for GitHub Mobile by introducing a comprehensive Property Bar. This feature allows you to conveniently add assignees, labels, milestones, and projects while creating Issues on GitHub Mobile.

This powerful addition ensures that you have the necessary tools at your fingertips to create your issues with all relevant metadata even quicker than before.

Read more about GitHub Mobile and send us your feedback to help us improve.

See more