GitHub Enterprise Cloud users can now configure two new permissions when managing custom repository roles:
You can learn more about custom repository roles in our documentation.
In the latest update to our GitHub-hosted runners virtual environments, Node.js 16 has become the default version of node and npm 8 has become the default version of npm.
To select the version of Node.js that you use for your projects, we encourage you to use the setup-node action.
We have released improvements to the code scanning API:
fixed_at timestamp to alerts. This is the first time that the alert was not detected in an analysis. You can use this data to better understand when code scanning alerts are being fixed.sort and direction on either created, updated or number. Use this to see the alerts that are most important to you first. For more information, see List code scanning alerts for a repository.Last-Modified header to the alerts and alert endpoint response. For more information, see Last-Modified in the Mozilla documentation.relatedLocations to the SARIF response when you request a code scanning analysis. The field may contain locations which are not the primary location of the alert. See an example in the SARIF spec and read about getting a code scanning analysis for a repository.help and tags data to the webhook response alert rule object. For more information, see Code scanning alert webhooks events and payloads.public_repo scope now have write access for code scanning endpoints on public repos, if the user has permission. This is a bug fix and is now inline with the documentation. For more information, see the Code scanning in the API reference.