Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Sign-up for OpenAI o1 access on GitHub

You can now join the waitlist for early access to OpenAI o1 for use in GitHub Copilot in Visual Studio Code and GitHub Models. The waitlist is currently available to all Copilot users.

Join the waitlist for access to OpenAI o1 on GitHub.

In Visual Studio Code, you can choose to use o1-preview or o1-mini to power GitHub Copilot Chat in place of the current default model, GPT-4o.

Note: to access this feature, you’ll need to be on VS Code Insiders with the latest pre-release version of the Copilot Chat extension.

Model Picker in Visual Studio Code

In GitHub Models, you can use o1 models both in the playground and via the API. GitHub Models is currently in limited preview and you can sign up for access today.

OpenAI o1 in GitHub Models Playground

Access to these models will roll out progressively while in preview and usage will be rate-limited.

Join the discussion and share feedback with us via Discussions.

See more

Enable secret scanning for non-provider patterns for enterprises with the REST API

GitHub Advanced Security customers using secret scanning can now use the REST API to enable or disable support for non-provider patterns at the enterprise level. This enables you to manage your enterprise settings programatically.

The following endpoints have been updated:
Get code security and analysis features for an enterprise: check if non-provider patterns are enabled for the enterprise
Update code security and analysis features for an enterprise: enable or disable non-provider patterns for all new repositories in an enterprise
Enable or disable a security feature: enable or disable non-provider patterns for all existing repositories in an enterprise

Non-provider patterns scans for token types from generic providers, like private keys, auth headers, and connection strings.

Learn more about secret scanning and non-provider patterns.

See more

Secret scanning indicates known public leaks and duplicate alerts for private exposures (public beta)

To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a public leak label on the alert. The alert also indicates if the secret was exposed in other repositories across your organization or enterprise with a multi-repo label.

These labels provide additional understanding into the distribution of an exposed secret, while also making it easier to assess an alert’s risk and urgency. For example, a secret which has a known associated exposure in a public location has a higher likelihood of exploitation. Detection of public leaks is only currently supported for provider-based patterns.

The multi-repo label makes it easier to de-duplicate alerts and is supported for all secret types, including custom patterns. Both indicators apply only for newly created alerts.

In the future, GitHub will surface locations of the known public leak, as well as repository names with duplicate alerts. This metadata will also be surfaced via the REST API and webhooks.

Learn more

Learn more about how to secure your repositories with secret scanning. Let us know what you think by participating in a GitHub community discussion or signing up for a 60 minute feedback session.

See more

New commit details page (public beta)

A new version of the commit details page is now available in public beta!

This new page, which is enabled by default, lets you quickly understand and navigate the changes in a commit with improvements to filtering, commenting, and keyboard navigation.

Screen shot of the new commit details page that shows the metadata about the commit, a file tree showing the 3 files changed by the commit, diff snippets for each of the changed files, and a floating comment

What’s new 🎉

Here are a few of the noteworthy changes:

  • Floating comments: Code comments float over the diff when selected. To select, click on the commenter’s avatar to the right of the line.
  • Comment counts: To help you identify files with comments, the number of comments for a file now appears in the file tree.
  • Keyboard navigation within diffs: You can now navigate around changed lines in the diff using the up and down keys on your keyboard. A new context menu also makes it easier to comment, copy, and select.
  • Quick view switching: Switching between unified and split views no longer reloads the page.
  • Filter by file extension: Easily filter changed files by file extension in the diff to see the content most relevant to you.
  • Filtered out diffs hidden: When filtering the file tree, diffs are filtered as well, allowing you to reduce distraction and see the files you care about most.

Next steps 📣

To give feedback, ask questions, or report a bug join us in the feedback discussion.

To opt out of the preview, go the Feature Preview dialog on your profile, select New Commit Details Page, and click Disable.

To learn more about viewing commits, see About commits.

See more

New advanced filters for code security configurations

When reviewing code security configurations, you can now more easily filter repositories with new filter options.

The new filters allow you to sort repositories based on the status of specific features or GHAS itself:

  • advanced-security:enabled
  • dependabot-alerts:enabled
  • dependabot-security-updates:enabled
  • code-scanning-alerts:enabled
  • code-scanning-default-setup:enabled
  • code-scanning-pull-request-alerts:enabled
  • secret-scanning-alerts:enabled
  • secret-scanning-push-protection:enabled

Note that :disabled also works for each of the filters above to achieve the inverse.

Additionally, you can filter based on whether or not a repository is eligible for code scanning default setup:
– code-scanning-default-setup:eligible
– code-scanning-default-setup:not-eligible

These filters are available for organizations with GitHub Advanced Security (GHAS) enabled, and are only available in the UI at this time.

Learn more about code security configurations and send us your feedback.

See more

Now available for free on all public repositories: Copilot Autofix for CodeQL code scanning alerts

Now you can remediate existing security issues in your public repositories faster with Copilot Autofix for CodeQL alerts. Following our general availability release for all Advanced Security customers, Copilot Autofix for CodeQL alerts is now generally available (GA) for all public repositories, for free.

Powered by GitHub Copilot, this feature provides automatic fixes for vulnerabilities found by CodeQL, both on pull requests and for historical alerts that already exist in a codebase.

Importantly, you stay in full control of your codebase: Copilot Autofix will try and suggest fixes for CodeQL alerts in pull requests, but it’s ultimately up to you to decide whether you wish to accept Copilot’s suggestion wholly, partially, or not at all. The same applies to historical alerts in a codebase: you can request an autofix from Copilot, then review it, and decide whether you want to open a PR with the fix suggestion or commit straight to the affected branch (or neither).

Example of Copilot Autofix generation on the alert page

Copilot Autofix is available for all public repositories that use code scanning CodeQL, and is enabled by default for alerts on PRs. It does not generate additional notifications. If you would like to enable Copilot Autofix on your organization’s private repositories, please have a look at this blog post where we announce Autofix for GitHub Advanced Security.

For more information, see: About Copilot Autofix for CodeQL code scanning. If you have feedback for Copilot Autofix for code scanning, please join the discussion here.

See more

Manage secret scanning bypass requests at the organization level

GitHub Advanced Security customers that have enabled delegated bypass rules for push protection can now manage and review their bypass requests at the organization level. The list is located within the Security tab of your organization.

To view and manage requests from this list, you must either be an organization owner, security manager, or have the fine-grained permission to review and manage push protection bypass requests within your organization.

Learn more about secret scanning or delegated bypass. If you have feedback, we would love for you to join the discussion within GitHub Community.

See more

New Contribution Widget for Android

You can now can easily track your GitHub contributions right from your Android home screen with the new Contribution Widget for GitHub Mobile.

Add the widget by either long-pressing your home screen or long-pressing the GitHub app icon and selecting the widget option. Whether you’re on the move or just curious about your progress, the Contribution Widget makes it easier than ever to track your contributions.

This widget will be available on the Android GitHub Mobile Beta on September 17th, 2024. Join the beta for early access. The widget will be available to all users September 27th, 2024.

Download or update GitHub Mobile today from the Apple App Store or Google Play Store to get started.

Learn more about GitHub Mobile and share your feedback to help us improve.

See more

Announcing the Public Beta of GitHub Copilot Extensions 🎉

Copilot Extensions header image

GitHub Copilot Extensions are now available in public beta 🚀 to all GitHub Copilot users and open for any developer or organization to create extensions. Alongside, we’re introducing a comprehensive Copilot Extensions Toolkit,
designed to equip developers by centralizing the information they need
to build quality extensions.

💡 What are Copilot Extensions and how to use them

Copilot Extensions integrate with your favorite dev tools directly into Copilot Chat across Visual Studio, VS Code, and GitHub.com (with support for JetBrains IDE coming soon!). Interact with databases, testing frameworks, deployment tools, and more — all without leaving your flow. For example:
Docker’s extension can help you generate the right Docker assets for your project
New Relic’s extension can help instrument your system and onboard with New Relic from within your editor

Docker extension being invoked in chat

Additionally, enterprises and organizations have the ability to build private extensions. Copilot can interact with context from your internal developer tooling, execute workflows, and adhere to your organization’s best practices.

🏁 Getting Started

To use extensions
– If you have access to Copilot through a Copilot Business or Copilot Enterprise subscription, an organization or enterprise owner needs to enable the Copilot Extensions policy for your organization or enterprise.
– Visit the GitHub Marketplace to install extensions.
– Get started with our documentation and start using extensions in Copilot Chat in GitHub.com or in the VS Code and Visual Studio editors.

To build extensions
– Access our documentation and Copilot Extensions Toolkit for tutorials and tools
– Develop your extension, and decide whether you want to keep it private to your organization or submit it to the GitHub Marketplace.
– VS Code extension developers can also add Copilot functionality to their existing VS Code extensions. Learn more here.

Share your experiences to help us improve the platform!
– Join the discussion within the GitHub Community.
– To share feedback on specific extensions, let us know in our Copilot Extensions feedback hub.
– If you’re building extensions, fill out the Extension Developer Survey for detailed feedback and feature requests.

See more

Notice of upcoming deprecations and changes in GitHub Actions services

Over the next six months, we will be making the following changes and deprecations to the GitHub Actions service:

Reduction to Webhook rate limit in GitHub Actions
Starting October 1st, 2024 we will be adding a new rate limit of 1,250 requests per 10 seconds per repository for incoming Webhook events for GitHub Actions. After monitoring usage over the past several weeks, we believe that no customers will be impacted by this change, but if you believe you will need to exceed this in the future, please reach out to GitHub support.

Cache v1-v2 deprecation
Starting February 1st, 2025, Actions’ cache storage will move to a new architecture, resulting in the deprecation of v1-v2 of actions/cache. Attempting to use a version of the action after the announced deprecation date will result in a workflow failure. Please note: if you are pinned to a specific version or SHA of the action, your workflows will also fail after February 1st. We strongly encourage you to update your workflows to begin using v3 or v4 of actions/cache as soon as possible.

This deprecation will not impact any existing versions of GitHub Enterprise Server that are currently in use. Cached entries within their retention period will remain accessible from the UI or REST API regardless of the version used to upload. This announcement will also be added to the actions/cache repository.

See more

CSV exports for the CodeQL pull request alerts report

New Export CSV button highlighted on the CodeQL pull request alerts report

You can now export data from the CodeQL pull request alerts report in CSV format, enabling you to analyze prevention and autofix metrics offline or archive the data for future use. This functionality is available at both the organization and enterprise levels. Exports will respect all filters applied, allowing you to focus on the specific data most relevant to your needs. You can download all data where you have an appropriate level of access.

Learn more about tracking metrics on CodeQL pull request alerts and join the discussion within the GitHub Community.

See more

What’s New in Mobile, September Update

Edit profile status on Android

Recent Highlights: Update your Profile status on Android, plus enhanced accessibility and project search on both iOS and Android

You can now update your Profile status directly from GitHub Mobile on Android. On both iOS and Android, you will find improvements in large accessibility sizes, better content descriptions and keyboard navigation, with particular focus on the “Request Reviewers” and “Merge Options” screens.

Android (NEW) iOS
Android-UpdateStatus iOS-UpdateStatus

iOS

  • Project pickers for a repository shows projects owned by the repository owner.
  • Moving an item from one project group to another updates the title of the group.
  • You are now prompted to confirm dismissal before dismissing any input forms.
  • Tapping on links to issue and pull request comments now scrolls to the destination comments.
  • Improved support for large accessibility sizes throughout the app. This includes user profiles, account lists, pull request review line numbers, repository headers, the Explore view, code review view, comment author usernames, and the edit “My Work” view.
  • You can now iterate through reviewer information in the pull request view using assistive technologies such as VoiceOver.
  • You can now dismiss user status update, repository watch settings or the edit “My Work” view using the Escape key on a connected hardware keyboard.
  • Code lines in code search scale with accessibility font sizes.
  • On iPad, Markdown keyboard controls no longer appear outside of their container.
  • Improved accessibility when editing project field values for issues or pull requests.
  • Merge buttons on pull requests indicate to assistive technologies when not enabled.
  • Merge options appear as a button to assistive technologies.
  • Selected merge option announced as selective for assistive technologies.
  • The markdown formatting bar no longer overlaps with the text on iPad.
  • Fixed accessibility label to correctly distinguish between issue and pull request on share button.

Android

  • You can now personalize and update the status in your Profile.
  • You can now quickly return to the top of the screen by double tapping the icon of the active tab in the navigation bar.
  • Improved search results when searching in projects.
  • Improved error messages in the check log screen.
  • A new date picker makes it easier to read the dates using a device configured with a large font.
  • The Files Changed screen now has better content descriptions.
  • Merge option buttons are now more accessible with large fonts.
  • Accessibility improvements in the Pull Request “Request Reviewers” and “Merge Options” screens.
  • Accessibility improvements to keyboard navigation and reset all filters button.
  • Fixed a bug that prevented you from dispatching a workflow with no prior runs.
  • Fixed a crash when prompting for biometrics.
  • Fixed a bug where you could not add starred repositories to Lists in landscape.
  • Fixed a crash opening the Triage sheet (i) in the issue and pull request screens.
See more

GitHub security advisories support CVSS 4.0

GitHub security advisories now support the new CVSS 4.0 schema. CVSS, or the Common Vulnerability Scoring System, is an industry standard maintained by FIRST. The CVSS 4.0 standard adds new metrics for a more thorough assessment of the risk of a particular vulnerability.

When creating a repository security advisory, you can now calculate either a CVSS 4.0 or 3.1 base score and view this data on the published global advisory, related Dependabot alerts, and through the API.

Learn more about CVSS scores and GitHub security advisories and the GitHub Advisory Database.

See more

Inline Chat is now available in GitHub Copilot in JetBrains

You can now interact with GitHub Copilot directly within your active code file with Inline Chat for GitHub Copilot in JetBrains! This new feature is designed to enhance your coding experience by integrating interactive assistance directly within your code editor.

To start using it, ensure you have the GitHub Copilot plugin version 1.5.21.6667 or above installed in your JetBrains IDEs.

How to get started?

  1. Open Your File: Begin by opening the file you want to work on.
  2. Place Your Cursor: Position your cursor on the specific line or code block you want to discuss.
  3. Use the Shortcut: To access GitHub Copilot’s inline chat feature, press Shift+Ctrl+I (Mac) or Shift+Ctrl+G (Windows). Alternatively, right-click and choose “GitHub Copilot > Copilot: Inline Chat”. You can also simply click on the Copilot icon that appears when you select a line or section of code

How Inline Chat enhances your coding experience

  • Enhanced Workflow: Keep your focus on coding while receiving suggestions directly within the editor.
  • Contextual Awareness: Provide Copilot with specific code snippets for more relevant recommendations.
  • Focused Interaction: Enjoy a streamlined experience without the need for frequent context switching.

When to use Inline Chat

  • Refactoring: Request alternative methods to achieve the same functionality with cleaner, more maintainable code.
  • Testing: Get help generating unit tests for specific sections of your code.
  • Code Improvement: Seek assistance with restructuring complex logic, renaming variables, or adding comments for better readability.
  • Vulnerability Assessment: Consult Copilot about potential vulnerabilities, but remember to use established security tools for a comprehensive evaluation.
  • Performance Optimization: Obtain suggestions for improving your code’s efficiency.

How Inline Chat differs from Side Panel Chat

While both Inline Chat and Side Panel Chat allow interaction with Copilot, Inline Chat provides a more focused experience by integrating conversations directly with your active file. The Side Panel Chat, on the other hand, offers a dedicated space for broader discussions and tracking past interactions.

Start leveraging the power of Inline Chat in JetBrains Copilot today and make your coding experience more seamless and efficient!

Join the discussion within GitHub Community.

See more

GitHub CLI renews GPG signing key for Linux packages

The GPG key used to verify GitHub CLI Debian and RedHat packages expired on Friday, September 6. If you have installed gh via our official package repositories, we ask that you update your keyring to the new key to continue verifying GitHub CLI releases.

Please refer to this documentation for instructions on how to do so with your respective package manager.

For reference, a note on this was also included in the CLI v2.56.0 release notes, published earlier this week.

See more

Copilot Chat in GitHub.com is now aware of common support scenarios and GitHub’s documentation

Copilot Chat in GitHub.com is now trained on common support scenarios and GitHub’s documentation to provide you the most up to date context to help you resolve common issues that may arise when using GitHub.

Here are some examples of questions you can now ask:
Can I use Copilot knowledge bases with Copilot Individual?
How do I configure SSH?
A job is stuck in a post-build clean up step and it refuses to cancel or timeout. How do I stop it?

For more information, check out our documentation or join the discussion within GitHub Community.

See more

Push Rules are now generally available, and updates to custom properties

You can now restrict pushes into your private and internal repositories and their forks, with push rules – a new type of ruleset. Push rules enable you to limit updates to sensitive files like actions workflows, and help to enforce code hygiene by keeping unwanted objects out of your repositories.

In addition, organization owners can now allow repository property values to be set when repositories are created. This ensures appropriate rules are enforced from the moment of creation and improves discoverability of new repositories.

Push Rules

Organization and repository owners can now configure rules that govern what changes can be pushed to their repository, by attributes of the files changed – including their paths, extensions and sizes.

Screenshot showing the list of new push rules with options configured

Available push rules

  • Restrict file paths
    • This rule allows you to define files or file paths that cannot be pushed to. An example of when you might use this is if you wanted to limit changes to your Actions workflows in .github/workflows/**/*
  • Restrict file path length
    • You can limit the path length of folder and file names.
  • Restrict file extensions
    • You can keep binaries out of your repositories using this rule. By adding a list of extensions, you can exclude exe jar and more from entering the repository.
  • Restrict file size
    • Limit the size of files allowed to be pushed. Note: current GitHub limits are still enforced.

Push rules are available on GitHub Team plans for private repositories, and coverage extends to not just the repository, but also all forks of that repository. Additionally, GitHub Enterprise Cloud customers can set push rules on internal repositories and across organizations with custom repository properties. You can also access rule insights to see how push rules are applied across your repositories.

Additional details

  • Delegated bypass for push rules, currently in beta, allows your development teams to stay compliant with internal policies and keep a clean git history. Developers can easily request exceptions to push rules, that are reviewed and audited all within GitHub.
  • To ensure best performance push rules are designed to handle up to 1000 reference updates for branches and tags per push.

For more information, see the Push Rule documentation and to get started you can visit the ruleset-recipes repository to import an example push ruleset.

Custom properties

Organization owners can now allow their users to set custom properties during repository creation. Previously, this was only available to repository administrators or those with permissions to edit custom repository properties. By selecting Allow repository actors to set this property for your custom property, you can ensure repositories have properties attached from the start.

Screenshot of new repo being set up with a custom repository property

We want to hear from you

Questions or suggestions? Join the conversation in the community discussion.

See more

GitHub Desktop 3.4.4 – Introducing Custom Editor and Shell Integration

GitHub Desktop now allows you to open your repositories with any editor or shell, even if it’s not on the list of supported integrations. Supercharge your integrations with advanced configurations including specifying command line arguments.

Demonstrating adding a custom editor via the new integrations setting

Accessibility Improvements

  • Fixed: The “Open a Pull Request” and “About” dialog’s headings are announced via NVDA – #19107
  • Fixed: The branch selection popover in the “Open a Pull Request” dialog does not close on filter clearing – #19106
  • Fixed: The contrast ratio of icon in the diff file warnings is at least 3:1 – #19097
  • Fixed: The “Push Local Changes” confirmation dialog uses “alertdialog” role such that screen readers announce entire dialog contents – #19098
  • Fixed: Emoji’s provide descriptions for screen readers – #19101
  • Fixed: Stop improper announcement of \”dialog\” role on the autocompletion suggestions popover – #19114
  • Improved: Screen readers announces when users expand context in a diff – #19128
  • Improved: The squash dialog provides visual input labels – #19100
  • Improved: The search inputs across the app provide visual labeling in the form of a search icon – #19103

Community Contributions

  • Added: The external editor Cursor is supported on macOS – #17462. Thanks @bjorntechCarl!
  • Added: The external editor JetBrains RustRover is supported – #18802. Thanks @Radd-Sma!

Download GitHub Desktop

See more

Larger context window, improved test generation, and more in VS Code’s Copilot Chat

VS Code August recent updates

Since last month’s upgrade to GPT-4o, we now increased the available Chat context, so you can reference larger files and have longer chat conversations with GitHub Copilot Chat in VS Code. Additionally, you can now click Attach Context in Inline and Quick Chat to add more relevant context to your queries.

This month’s release also brings the following improvements to Copilot Chat in VS Code:

  • Easily generate tests using the Generate Tests using Copilot action or the /tests slash command. Copilot will now update and append tests to existing files or create a new test file if none exists. Learn more.

  • Revisit previous chat sessions with the Show Chats button. Sessions now have AI-generated names and can be manually renamed. Entries are sorted by the date of the last request and grouped by date buckets. Learn more.

  • Provide specifics on unsatisfactory Chat responses by selecting the Thumbs down button. A dropdown with detailed options helps you pick a problem type or report it as an issue to us, helping us improve Copilot. Learn more.

  • Code Actions now have clearer names: Generate Tests using Copilot and Generate Documentation using Copilot. Just place the cursor on an identifier and choose the action. Learn more.

Experimental New Features

Experimental settings are available in VS Code to gather your feedback and influence the future development of Copilot. Share your thoughts in our issues.

Check out the full release notes for VS Code’s August release (version 1.93) for more details and to learn more about the features in this release.

See more

Lower permissions for GitHub Enterprise Cloud Team Sync for Microsoft Entra ID

You can now use GitHub Enterprise Cloud Team Sync for Microsoft Entra ID with a new lower permission, GroupMember.Read.All, to sync group state into GitHub.

The new permission provides the least privileged permissions needed in order to access data and function correctly. New installations will request the new permission while existing installations will continue to work without interruption.

Administrators who wish to reduce the permissions of their existing installation can reinstall the application, or use the App Role Assignments API to modify the permissions of their existing service.

Learn more about team synchronization.

See more
View more changes