What’s new from GitHub Changelog? November 2021 recap

Image of Sidi Merzouk

We shipped a ton of updates for you in November, from the push notification for pull request review activities when you’re on the go, to an easy but potent way to create links in Markdown (or, as we like to call it, to “linkify” text).

What was big in November?

We delivered on some key improvements that we think you’ll enjoy. Creating links in Markdown has never been easier. You can now copy a link, select the text you want to linkify, and for the final step, paste it. Et voila! Another feature we’re excited about is the light high contrast theme. It’s personally one of my favorites as it offers greater contrast between foreground and background elements. Make sure to check it out! Lastly, we launched a highly-requested feature from the community, which is to allow the reordering of tabs in the new GitHub Projects (in beta). We have a lot more to share!

We’re excited about the ability to quickly linkify text and the new light high contrast theme!

Literally everything we shipped

General updates

You can now preview renderings of Markdown files that you edit in GitHub Gist, just like you can preview renderings on GitHub.com. A “Preview” or “Preview changes” tab will display a Markdown rendering of your file contents.

If you use assistive technologies, like voice input, we’re happy to announce that you can now turn off keyboard shortcuts that use a single character (like a period) so that you don’t accidentally trigger them. Manage your keyboard shortcuts using our new accessibility settings page.

screenshot of accessibility settings page

We’ve also added native support for right-to-left languages in Markdown files, issues, pull requests, discussions, and comments! screenshot of right-to-left text

In other news, organization owners can now unsubscribe from email notifications when new deploy keys are added to repositories belonging to their organizations.

GitHub Actions

November was an Actions-packed month. 😄

To start, we made reusable workflows generally available. This feature reduces duplication by enabling you to reuse an entire workflow as if it were an action. We’ve made a few improvements since the October beta.

Also of note, the setup-python action now supports dependency caching, enabling you to run workflows for Python projects faster. It supports caching for both pip and pipenv projects. Check out the setup-python repository for examples.

You want to run workflows even _faster? _We have good news. Cache size has increased to 10GB per repository, which is double what it used to be, so that you can cache bigger dependencies from previous jobs.

A few more Actions updates:

GitHub API

If you use Actions self-hosted runners, you can now list, add, and remove runner labels via API. In addition, the expiration dates of SAML-authorized personal access tokens can now be retrieved via API.

GitHub Enterprise

GitHub’s latest 2021 SOC 1, Type 2 and SOC 2, Type 2 compliance reports are now available. If you’re a GHEC admin, you can find them in the “Compliance” tab of your enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.

For organizations, these reports are under the “Organization Security” tab of your organization: https://github.com/organizations/"your-org"/settings/security.

In other enterprise news:

GitHub Issues

The @mention suggester now ranks participants in issues, pull requests, and discussions higher than non-participants so that the person you’re looking for is more likely to be listed first.

screenshot showing relevant @mention suggestions

GitHub Mobile

If you’re the admin of an organization, you can now moderate disruptive behavior from your mobile device. Tap Block from organization from the comment menu on an issue, pull request, or discussion to block a user and hide their comments.

GitHub Mobile also now supports push notifications for activities related to pull request review. You’ll get notified when someone approves, comments, or requests changes.

GitHub pull requests

Pull requests settings become more customizable this month. You can now require that changes to a protected branch of your repository be made via pull request, but without requiring reviews. This can be useful when you want to use pull requests for tracking purposes or to simplify your CI configuration, but you don’t want to make merging contingent upon review.

A couple more quality-of-life improvements to the review process:

GitHub Pages

If you use custom GitHub Pages domains, you can now verify those custom domains to protect against takeover attacks. Learn how to verify your custom domain.

GitHub Repository

Did someone invite you to a repository? It just got easier to join and start contributing. For private repositories, you’ll now receive notifications just like you do for public repositories. Also, when you navigate to a private repository with a pending invitation, you’ll see a prompt to accept the invite (instead of a 404 error page 😅). Meanwhile, for pending invites to public repositories, a banner above the repository overview will indicate that you have a pending invite.

In other news:

GitHub Themes

If you want to specify whether an image is shown to viewers using a light or dark GitHub theme, you can now append #gh-dark-mode-only or #gh-light-mode-only to the end of an image URL. Try it out!
screenshot of image using both light and dark theme

GitHub Security

CodeQL had a big month. To start, we’ve added support for more Python libraries and frameworks and more Java and JavaScript libraries and frameworks, which means that CodeQL code scanning can now detect more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks in which this data could end up. In fact, Java now covers more than three times the endpoints of previous CodeQL versions, and JavaScript analysis now supports most common templating languages.

If you use CodeQL, you’re likely familiar with the help text that displays in the code scanning UI when a default query generates an alert, which provides details about the problem. With the latest CodeQL CLI release, you can add Markdown-rendered query help in SARIF files for your own custom queries. These will be uploaded to GitHub and displayed in code scanning.

screenshot showing help option for custom codeql query

It’s gotten easier to debug problems with CodeQL code scanning, too. An optional flag in the Actions workflow file will trigger diagnostic data to be uploaded as an artifact to your Actions run. The artifact contains the CodeQL logs, CodeQL databases, and SARIF files that were produced.

One final CodeQL update. Developers and security researchers using the CodeQL CLI and Visual Studio Code extension can now build databases and analyze code on machines powered by Apple Silicon (for example, Apple M1)!

A few more security-related updates:

GitHub Sponsors

Do you want to see which links your sponsors are coming to you from? Try adding custom parameters to your sponsorship URL!

Take a look at our public roadmap for what’s coming next, follow GitHub Changelog on Twitter, and check back on the GitHub Blog for another recap next month.