If your organization uses IP allow lists to restrict access, GitHub Packages now respects those settings.
GitHub will recommend you unwatch repositories that you are no longer interacting with. You will see these recommendations when:
When you dismiss recommendations we will not show you another recommendation for thirty days.
View your recommendations at https://github.com/watching
On October 1, 2020, we published a CVE outlining a vulnerability in the set-env and add-path workflow commands feature of GitHub Actions, and announced that we would be deprecating those features. In addition, we began flagging to customers in their Actions logs about the coming deprecation and provided guidance on how to migrate to the replacement functionality.
Specific vulnerabilities introduced by these commands have been patched, but in order to completely close the attack vector we need to disable the set-env and add-path workflow commands.
Security and transparency are essential to maintaining your trust. Therefore, while our investigations show no evidence at this time of this vulnerability being exploited, out of an abundance of caution, we will disable those commands and start failing workflow runs that use them on November 16, 2020.
For details on how to use the new functionality and prevent your workflows from breaking please see https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/.
Update 11/19/2020: Version v2.274.2 of the GitHub Actions runner removes support for these commands and has been rolled out across GitHub.