Dependency review beta

Dependency review helps reviewers and contributors understand dependency changes and their security impact at every pull request. It provides an easy to understand view of dependency changes with a rich diff on the Files Changed tab of a pull request. Dependency review informs you of which dependencies were added, removed, or updated, along with the release dates, how many projects use these components and vulnerability information for these dependencies.

Dependency review beta is now available for all public repositories and part of GitHub Advanced Security for private repositories.

Open Dependency Review For Package Manifest

Learn more about reviewing dependency changes in a pull request

GitHub Pages now gives you the option to limit access, making the site visible only to users with access to the repository that published the Page. With access control, you can use GitHub Pages to publish and share internal documentation and knowledge across your enterprise.

As part of this release, we are introducing the following capabilities:

  • Repo admins can select whether GitHub Pages sites are publicly visible or limited to users who have access to the repository.
  • Both private and internal repositories support private visibility. With an internal repository, everyone in your enterprise will be able to view the Page with the same credentials they use to login to github.com
  • Org admins can configure the visibility options that members will be able to select for their Page. For example, you can enforce that your members can only publish content privately.

This feature is generally available today on GitHub Enterprise Cloud. To enable access control on Pages, navigate to your repository settings, and click the dropdown menu to toggle between public and private visibility for your site.

Private publishing for GitHub Pages

For questions, visit the GitHub pages community

See more

On February 15th, GitHub Actions will remove support for referencing actions using the shortened version of a git commit SHA. This may cause some workflows in your repository to break. To fix these workflows, you will need to update the action reference to use the full commit SHA.

For example, if your workflow references actions/checkout@5a4ac90, you should change it to actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f. You can find the full commit SHA in the referenced action's repository.

This change is being made to align product functionality with our published security guidance

See more