Skip to content

GitHub Actions: New settings for maintainers

Maintainers now have additional control over when they must approve Actions runs for new contributors.

preview

In April, we shipped an update for GitHub Actions that required maintainers to approve Actions runs for first-time contributors in their repositories. Based on your feedback we have added additional settings to give you more control over this behavior.

Learn more about approving first time contributor pull requests

We’ve improved the depth of CodeQL's analysis by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models for several languages (C++, JavaScript, Python, and Java). As a result, CodeQL can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks in which this data could end up. This results in an overall improvement of the quality of the code scanning alerts.

We carefully choose and prioritize the libraries and frameworks supported by CodeQL based on their popularity and through user feedback. The libraries and frameworks added and improved are listed below.

C/C++

JavaScript and TypeScript

Python

Java

Learn more about CodeQL and code scanning.

See more