What’s new from GitHub Changelog? November 2021 recap
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.
We shipped a ton of updates for you in November, from the push notification for pull request review activities when you’re on the go, to an easy but potent way to create links in Markdown (or, as we like to call it, to “linkify” text).
What was big in November?
We delivered on some key improvements that we think you’ll enjoy. Creating links in Markdown has never been easier. You can now copy a link, select the text you want to linkify, and for the final step, paste it. Et voila! Another feature we’re excited about is the light high contrast theme. It’s personally one of my favorites as it offers greater contrast between foreground and background elements. Make sure to check it out! Lastly, we launched a highly-requested feature from the community, which is to allow the reordering of tabs in the new GitHub Projects (in beta). We have a lot more to share!
We’re excited about the ability to quickly linkify text and the new light high contrast theme!
Literally everything we shipped
General updates
You can now preview renderings of Markdown files that you edit in GitHub Gist, just like you can preview renderings on GitHub.com. A “Preview” or “Preview changes” tab will display a Markdown rendering of your file contents.
If you use assistive technologies, like voice input, we’re happy to announce that you can now turn off keyboard shortcuts that use a single character (like a period) so that you don’t accidentally trigger them. Manage your keyboard shortcuts using our new accessibility settings page.
We’ve also added native support for right-to-left languages in Markdown files, issues, pull requests, discussions, and comments! 
In other news, organization owners can now unsubscribe from email notifications when new deploy keys are added to repositories belonging to their organizations.
GitHub Actions
November was an Actions-packed month. 😄
To start, we made reusable workflows generally available. This feature reduces duplication by enabling you to reuse an entire workflow as if it were an action. We’ve made a few improvements since the October beta.
Also of note, the setup-python action now supports dependency caching, enabling you to run workflows for Python projects faster. It supports caching for both pip and pipenv projects. Check out the setup-python repository for examples.
You want to run workflows even _faster? _We have good news. Cache size has increased to 10GB per repository, which is double what it used to be, so that you can cache bigger dependencies from previous jobs.
A few more Actions updates:
- You can now specify input types for manually triggered workflows. In addition to the default
stringtype, we now supportchoice,boolean, andenvironment. - Actions written in YAML (composite actions) now support if conditionals so that you can prevent specific steps from executing unless a condition has been met.
- You can now use GitHub Actions to run workflows when branch protection rules change on a repository.
- OpenID Connect support for Actions is generally available. Configure your workflows to request short-lived access tokens that are automatically rotated.
- Actions and Dependabot now work better together. Actions workflows triggered by Dependabot will be sent to the Dependabot secrets.
- Windows Server 2022 with Visual Studio 2022 is now generally available on GitHub-hosted runners.
GitHub API
If you use Actions self-hosted runners, you can now list, add, and remove runner labels via API. In addition, the expiration dates of SAML-authorized personal access tokens can now be retrieved via API.
GitHub Enterprise
GitHub’s latest 2021 SOC 1, Type 2 and SOC 2, Type 2 compliance reports are now available. If you’re a GHEC admin, you can find them in the “Compliance” tab of your enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
For organizations, these reports are under the “Organization Security” tab of your organization: https://github.com/organizations/"your-org"/settings/security.
In other enterprise news:
- Team sync for Okta is now generally available, allowing organizations to sync Okta group members to teams in GitHub.
- You can now customize your footers with links of your choosing. These are viewable to everyone in your organization.
- Standalone organizations paying by invoice can now update to an enterprise account via a self-service flow.
GitHub Issues
The @mention suggester now ranks participants in issues, pull requests, and discussions higher than non-participants so that the person you’re looking for is more likely to be listed first.
GitHub Mobile
If you’re the admin of an organization, you can now moderate disruptive behavior from your mobile device. Tap Block from organization from the comment menu on an issue, pull request, or discussion to block a user and hide their comments.
GitHub Mobile also now supports push notifications for activities related to pull request review. You’ll get notified when someone approves, comments, or requests changes.
GitHub pull requests
Pull requests settings become more customizable this month. You can now require that changes to a protected branch of your repository be made via pull request, but without requiring reviews. This can be useful when you want to use pull requests for tracking purposes or to simplify your CI configuration, but you don’t want to make merging contingent upon review.
A couple more quality-of-life improvements to the review process:
- If you’re an admin, you can now allow specific users and teams to bypass pull request requirements.
- Notifications for pull request review can now be configured independently of auto-assignment of pull request reviews.
GitHub Pages
If you use custom GitHub Pages domains, you can now verify those custom domains to protect against takeover attacks. Learn how to verify your custom domain.
GitHub Repository
Did someone invite you to a repository? It just got easier to join and start contributing. For private repositories, you’ll now receive notifications just like you do for public repositories. Also, when you navigate to a private repository with a pending invitation, you’ll see a prompt to accept the invite (instead of a 404 error page 😅). Meanwhile, for pending invites to public repositories, a banner above the repository overview will indicate that you have a pending invite.
In other news:
- The repository overview that displays in the sidebar will now highlight a
CODE_OF_CONDUCT.mdfile. - It’s now possible to use single-character prefixes for custom autolinks.
GitHub Themes
If you want to specify whether an image is shown to viewers using a light or dark GitHub theme, you can now append #gh-dark-mode-only or #gh-light-mode-only to the end of an image URL. Try it out!
GitHub Security
CodeQL had a big month. To start, we’ve added support for more Python libraries and frameworks and more Java and JavaScript libraries and frameworks, which means that CodeQL code scanning can now detect more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks in which this data could end up. In fact, Java now covers more than three times the endpoints of previous CodeQL versions, and JavaScript analysis now supports most common templating languages.
If you use CodeQL, you’re likely familiar with the help text that displays in the code scanning UI when a default query generates an alert, which provides details about the problem. With the latest CodeQL CLI release, you can add Markdown-rendered query help in SARIF files for your own custom queries. These will be uploaded to GitHub and displayed in code scanning.
It’s gotten easier to debug problems with CodeQL code scanning, too. An optional flag in the Actions workflow file will trigger diagnostic data to be uploaded as an artifact to your Actions run. The artifact contains the CodeQL logs, CodeQL databases, and SARIF files that were produced.
One final CodeQL update. Developers and security researchers using the CodeQL CLI and Visual Studio Code extension can now build databases and analyze code on machines powered by Apple Silicon (for example, Apple M1)!
A few more security-related updates:
- You can now export your Advanced Security license data as a CSV file in order to review usage across your business.
- Code scanning alerts now integrate with GitHub Issues task lists for easier prioritization and tracking (currently in beta).
- You can now dismiss Dependabot alerts via API.
- Meta is now a GitHub secret scanning partner.
GitHub Sponsors
Do you want to see which links your sponsors are coming to you from? Try adding custom parameters to your sponsorship URL!
Take a look at our public roadmap for what’s coming next, follow GitHub Changelog on Twitter, and check back on the GitHub Blog for another recap next month.
Tags:
Written by
Related posts
Announcing GitHub Secure Open Source Fund: Help secure the open source ecosystem for everyone
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Software is a team sport: Building the future of software development together
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.
Does GitHub Copilot improve code quality? Here’s what the data says
Findings in our latest study show that the quality of code written with GitHub Copilot is significantly more functional, readable, reliable, maintainable, and concise.