We are expanding support for the
maintain roles in the REST API. Users with the
maintain role can now use endpoints that reflect what they can do in a repository, such as adding a label to an issue. Additionally, these new permissions can now be granted and managed via the API and will show up as assigned roles in API responses.
Token leaks are one of the most common security mistakes, and they can have disastrous consequences. GitHub token scanning looks for leaked tokens in public repositories and works with the issuer to notify the developer and/or revoke the token as appropriate. This protects users from fraud and data leaks.