Secret scanning on private repositories now notifies commit authors when they push a change that includes a potential secret. The commit author can view the associated alert and mark it as revoked or false positive. As always, details of the last action taken on the alert are displayed in the UI and in the API.
Enterprise Domain Verification for GitHub Enterprise Cloud is generally available
GitHub Enterprise Cloud enterprise owners may verify domains across their enterprise account and restrict the sending of email notifications to addresses within those domains. This feature expands upon the existing organization verified domains functionality, allowing the email notification restrictions to apply to specific organizations or the entire enterprise.
The Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
Learn more about the Packages npm registry
For questions, visit the GitHub Packages community
To see what's next for Packages, visit our public roadmap
Note: This post originally inaccurately referred to time as not being returned in the “official npm specification”. While an “official npm specification” does not exist, time is referred to in the registry package-metadata documentation and used for some commands.