Skip to content

GitHub Actions: MacOS Big Sur Preview

macOS Big Sur, or 11.0, is now available in preview for GitHub Actions. Try it by setting runs-on: macos-11.0 in your workflow file.

Screenshot of run using macOS 11

The MacOS 11.0 Big Sur virtual environment has different tools and tool versions than MacOS 10.15 Catalina. See the full list of changed software.

If you see any issues with your workflows when using Big Sur create an issue in the virtual-environments repository.

A quieter Dependabot

When a vulnerability is added to GitHub Advisory Database, the resulting Dependabot alert and security update notifications can be noisy. To help you focus on what matters, we've made a few changes to how Dependabot notifies you:

You can learn more about configuring your Dependabot notifications in our documentation.

See more

We have updated how webhooks on repositories, organizations, and apps can be configured via the API. We have a new configuration resource for full or partial updates to any or all attributes of a webhook. The endpoint can also be used to read the configuration.

Also, webhooks now send a header with a SHA-256 hash of the request body if the webhook is configured with an HMAC key in the optional "secret" field. Developers verifying the authenticity of a webhook should use the SHA-256 signature because it is a more modern cryptographic hash function. SHA-1 is still retained for backwards compatibility with existing integrations, but should not be used for security purposes to verify cryptographic identity due to known collisions. See the documentation for the new delivery headers for more information.

See more