GitHub now supports the WebAuthn standard for authentication. A broad array of security keys can be used across most major browsers (Apple will add support in Fall 2019). The following is supported: external hardware security keys, Android phones, Chrome with TouchID, iOS Brave with the Yubico 5Ci key, facial recognition or PIN with Windows Hello, as well as any new authenticators platform owners release in the future. No additional action is required for users with existing U2F hardware security keys.
GitHub Actions will stop running workflows written in HCL
On September 30, 2019, GitHub Actions will stop running workflows written in HCL. You’ll need to migrate your HCL workflows to the new YAML syntax using the migration script.
GitHub is now protecting users of CloudBees from accidental leaks of their API tokens. Token scanning scans all incoming commits in public repositories. If potential tokens are discovered, it sends them to partners for verification, and potential action, including contacting the token owner and/or revoking the token on the server-side.