Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Today's Changelog brings you project templates, support for tasklists on mobile, and bulk edit support on boards!

🎨 Project templates for organizations

Project templates for organizations are now in public beta! Building upon the recently released ability to copy an existing project you can now create, save and reuse projects with templates, helping you save time and create a consistent approach to managing your projects.

To get started with project templates:

  • Project admins will see a new option Make template on the settings page that will set the project as a template.
  • If you want to keep your current project, but think it will make a great template, admins and write access users will see the option to Copy as template, which will create a new version without your issues and pull requests as a template.
  • To see all templates, simply search for is:template on the projects page.
  • When creating a new project, you will see available templates in the sidebar.

image shows a number of project template options when starting a new project

As we continue to build out more functionality for project templates we would love your feedback and to hear more about your experiences and requests. Check out the docs for more details.

📱 Tasklists on Mobile

mobile-tasklist

Tasklists now render on mobile! View progress on your initiatives, epics, umbrella issues (or whatever your team calls them) on the go!

Tasklists are currently in private beta, and you can sign your organization up on the waitlist.

💪 ⌨️ Bulk updates and keyboard navigation on boards

Kanban enthusiasts rejoice! We've added the ability for users to bulk update cards on their boards with either mouse drag and drop or keyboard navigation. To select more than one card, simply hold Ctrl/Command and click on the cards you wish to move. For keyboard warriors, tab to the card you wish to drag, hold shift and navigate to other cards you wish to update, and press enter to select and move the selected cards.

For more detailed information, find a full list of keyboard shortcuts in the docs.

👁️ Persistent collapsed groups on tables and roadmaps

When you collapse a group in the table or roadmap layout, the group will remain collapsed when you return to the view. This is only the case for your view and will not be applied for anyone else.

🎨 Updates to single-select color options

If other values in this field already have a color, a color will be auto-assigned to any new values added to the field.

📋 Copying values in tables

You can now select and copy a range of cells. Use Ctrl/Command + a keyboard command once to select a row and twice to select all cells, and Ctrl/Command + c to copy values. You can then paste values in other text editors using Ctrl/Command + v.

✨ Bug fixes & improvements

Tasklists bug fixes and improvements:

  • Updated the iconography for "saving" tasklists
  • Set a limit of 512 characters for draft tasks
  • Fixed a bug where users were seeing a red error banner with the message "An error occured while loading your tasklist."

Other changes include:

  • Updated the Auto-archive workflow confirmation dialog to show number of items archived
  • Removed the 30 projects return limit from allProjectsV2 GraphQL API
  • Fixed inconsistent text highlighting in code search filter input
  • Added the ability to exit the label dialog without using a mouse

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

GitHub secret scanning protects users by searching repositories for known types of tokens. By identifying and flagging these tokens, our scans help prevent data leaks and fraud.

We have partnered with Canadian Digital Service (CDS) to scan for their tokens and help secure our mutual users on public repositories. Candadian Digital Service tokens allow users to send email and text messages using the Government of Canada’s Notify service. GitHub will forward access tokens found in public repositories to CDS, which will then revoke the token and contact the impacted users to help them generate new tokens. You can read more information about CDS's tokens here.

All users can scan for and block CDS tokens from entering their public repositories for free with push protection. GitHub Advanced Security customers can also scan for and block CDS tokens in their private repositories.

See more

Bamboo Server and Data Center migrations to GitHub Actions are now in public beta! You can now plan, test, and automate the migration of your Bamboo pipelines to GitHub Actions easily and for free using GitHub Actions Importer.

For details on how to get started, check out our documentation. For questions and feedback about the public beta, please visit the GitHub Actions Importer community.

See more

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with LogicMonitor to scan for their tokens and help secure our mutual users on public repositories. LogicMonitor tokens allow users to authenticate requests to LogicMonitor's REST API. GitHub will forward access tokens found in public repositories to LogicMonitor, which will then inform their portal contacts for remediation. You can read more information about LogicMonitor's tokens here.

All users can scan for and block LogicMonitor tokens from entering their public repositories for free with push protection. GitHub Advanced Security customers can also scan for and block LogicMonitor tokens in their private repositories.

See more

In the coming week, GitHub will upgrade the host operating system for the virtual machines that build and run the dev containers in GitHub Codespaces from Ubuntu 18.04 to Ubuntu 22.04. Ubuntu 18.04 will reach its end of standard support on May 31, 2023, so we are upgrading in order to maintain the highest quality of support and security for all development environments. Most users will not be impacted by this update.

The host virtual machine is responsible for building and running the dev container configured in the devcontainer.json. When a developer connects to a codespace, they connect directly to the dev container, whose operating system is defined by the devcontainer.json configuration. This maintenance upgrade will not impact the development container configuration or prebuilds, and will not require any package updates within the development environment itself.

We recommend decoupling your dev container configuration from the host operating system. If your dev container depends on a specific host operating system version or Linux kernel version, this upgrade will impact you. For example, if you are installing specific kernel headers from the host into your dev container, you should change your configuration to install the generic linux headers, as this package will properly update independent of the host operating system kernel version.

If you see any issues that you believe are related to this change, please reach out to GitHub Support.

Helpful Links:

See more

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Highnote to scan for their tokens and help secure our mutual users on public repositories. Highnote tokens allow users to authenticate with Highnote’s GraphQL API. GitHub will forward access tokens found in public repositories to Highnote, which will then revoke the token and work with impacted users to generate a new token. You can read more information about Highnote’s tokens here.

GitHub Advanced Security customers can also scan for Highnote tokens and block them from entering their private repositories. All users can enable push protection for public repositories, for free.

See more

Many accessibility improvements have been deployed to npmjs.com. Highlights include:

  • Site-wide improvements to color contrast, text resize, and support for users with low vision.
  • Improvements that enable keyboard-only access including visual tracking of the focus indicator.
  • Improved support for assistive technologies including screen readers.

Your feedback is welcome! Please share feedback on the accessibility community discussions page and learn more about GitHub accessibility at accessibility.github.com.

See more

Edit workflow files on GitHub Mobile

Editing workflow files is now possible on GitHub Mobile! You can create and merge pull requests after modifying your workflow files using the Android or iOS app.

Simply navigate to the file you would like to edit by tapping Browse code in the repository view, then select Edit File in the dropdown menu in the top right hand corner.

More info on how to edit a file or create a pull request on GitHub Mobile can be found here.


Read more about GitHub Mobile and share your feedback to help us improve.

See more

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Aiven to scan for their tokens and help secure our mutual users on public repositories. Aiven tokens allow users to interact with Aiven hosted services and the Aiven API. GitHub will forward access tokens found in public repositories to Aiven, and the Aiven Customer Success Team will contact project owners via the normal service channel and work with them to rotate and revoke the affected credentials. Aiven will not revoke credentials without prior communication and acknowledgement from the project owner. You can read more information about Aiven’s tokens here.

GitHub Advanced Security customers can also scan for Aiven tokens and block them from entering their private repositories. All users can enable push protection for public repositories, for free.

See more

Secret scanning's push protection feature is now generally available for all free public repositories on GitHub.com.

You can enable push protection for any public repository on GitHub.com from your repository's "Code security and analysis" settings in the UI or REST API. If you're an organization or enterprise owner, you can also also bulk-enable secret scanning.

For your repositories that are not a part of an organization, you can bulk-enable secret scanning and push protection in your personal "Code security and analysis" settings.

See more

Secret scanning's push protection feature is now generally available for GitHub Advanced Security customers.

Customers can enable push protection for any private repository that has GitHub Advanced Security. Push protection can also be enabled for any public repository, for free. To bulk enable push protection, customers can visit their organization and enterprise's "Code security and analysis" settings in the UI or REST APIs.

Push protection is also available for any custom pattern defined at the repository, organization, and enterprise level. See step 11 under "Defining a custom pattern for a repository" for more details in our documentation.

See more

Actions on GitHub Mobile

Actions are coming to your Repositories on GitHub Mobile! Find all your repository's workflows in one convenient place.

Tapping on the new "Actions" row on a Repository now shows you a list of all of the Repository's workflows. Choosing a workflow will show you all of its runs, allowing you to check up on things while on the go. If you want to dig into the details, tapping on a run will lead you into the familiar workflow experience we brought you last year to explore everything from a run's overall status to its individual jobs and even logs.

A run didn't go as planned? No problem. Toggle the new debug-switch when re-running a workflow to see what's going on under the hood, just like you would on GitHub.com.


Read more about GitHub Mobile and share your feedback to help us improve.

See more

Previously, all attached (drag-and-dropped) images and videos on GitHub Issues, Pull Requests, Discussions, and wikis were available to view without authentication if you knew their direct URL. Now, future attachments associated with private repositories can only be viewed after logging in. This doesn’t apply retroactively to existing attachments, which are obfuscated by having a long, unguessable URL.

Email notifications sent from private repositories will no longer display images; each image is replaced by a link to view it on the web. Content inside a Git repository is not affected by this change and has always required authentication for private repositories.

Learn more about attaching files.

Questions or suggestions? Join the conversation in the community discussion.

See more

We are introducing a new method for incorporating LaTeX-based mathematical expressions inline within Markdown. In addition to the existing delimiters, we now support delimiting LaTeX-style math syntax with dollar signs and backticks (for example, $`\sqrt{3}`$). This new syntax is especially useful if the mathematical expressions you're writing contain characters that overlap with Markdown syntax.

To learn more about using mathematical expressions within Markdown on GitHub, check out "Writing mathematical expressions" in the GitHub Docs.

See more

At GitHub Universe last year, we announced a total redesign of GitHub's code search and navigation experience, powered by our all-new code search engine that we built from scratch. And in February, we announced our public beta.

Today, we are rolling out this feature to all GitHub users. Thanks to the members of the beta community for your excellent feedback and engagement throughout the beta!

Screenshot of code search results

Check out our blog post to learn more about how GitHub's new code search and code view can help you search, navigate, and understand your code. And if you have feedback, please share it with us in our feedback discussion.

See more

If you are an organization or enterprise owner, you will now receive a secret scanning summary email when the historical scan completes. The email notification will tell you how many, if any, secrets were detected across all repositories within your organization or enterprise. You'll also receive a link to your security overview page for each secret, where you can view details for each detected secret.

Previously, secret scanning would send one email per repository where secrets were detected, provided that you were watching the repository and had email notifications enabled in your user settings enabled. While repository administrators will still receive an email notification per repository, organization and enterprise owners will now receive only a single notification upon the historical scan's completion.

To receive notifications:

  • For the first historical scan after you enable secret scanning, you must have email notifications enabled in your user settings. You do not need to watch any repositories to receive the secret scanning summary email.
  • For future historical scans, such as for newly added patterns, you will receive an email notification for each repository where a secret was found. You must be watching the repository where the secret was detected and have email notifications enabled in your user settings.

summary email after backfill scan

See more

Codespaces now supports two-way Settings Sync with VS Code for the Web

Visual Studio Code enables users to Sync Settings between VS Code environments. Codespaces exposes this capability as a way to personalize your experience. Prior to this release, Settings Sync for the VS Code web client was one-way by default, and two-way sync had to be enabled manually for each codespace.

With today's release, you can now choose whether to enable Settings Sync. Settings Sync is off by default. If you enable Settings Sync, the sync is two-way for repositories you trust, and one-way for untrusted repositories. Codespaces will also remember your choice.

The quickest way to enable Settings Sync is to start a codespace using the VS Code for the Web client, then choose 'Turn on Settings Sync…'

Turn on Settings Sync in VS Code web client

You will then be prompted for permission to enable Settings Sync for the repository. If you authorize, the Settings Sync setting on your GitHub profile will be enabled, and the repository will be added to a list of trusted repositories so that future codespaces on that repository will automatically have Settings Sync enabled in VS Code for the Web.
cVS Code Settings Sync is requesting additional permissions

You can manage your Settings Sync and GPG verification settings from your GitHub Codespaces Settings page at
https://github.com/settings/codespaces.

On the Codespaces settings page you can manage which repositories you trust for GPG verification and Settings Sync.
Codespaces Settings for GPG verification and Settings Sync

Trusted repositories

Settings Sync and GPG verification now share a single set of trusted repositories. You can enable or disable GPG verification and Settings Sync independently. If you have Settings Sync enabled and you open a codespace from a repository that is not in your list of trusted repositories, the Settings Sync will be read only – your settings will be pulled from the Settings Sync server and applied to your codespace, but no settings changes will be written back. If you open a codespace for a repository you do trust, your settings will be synced both to and from the server.

If you have enabled GPG verification for all repositories, we advise you to restrict the repositories to a trusted list when you first enable Settings Sync.

VS Code Settings Sync is requesting additional permissions when all repositories are trusted

If you choose to enable Settings Sync for all repositories we will keep that setting for GPG verification as well, but we recommend restricting both Settings Sync and GPG verification to trusted repositories to improve your security posture.

See more