Bypass branch protections with a new permission

You can now create a custom role to bypass branch protections without having to grant the Admin role. Previously, to bypass branch protections you had to be an Admin which provides additional permissions that may not be needed. For tighter control of Admin permissions, you can now craft a custom role that has the Bypass branch protections permission, allowing just the right amount of access.

Image of Custom roles Inherited from Maintain role that adds the new Bypass branch protections permission

To enforce branch protections for all Admins and roles with the "Bypass branch protections" permission, enable Do not allow bypassing the above settings in your branch protection rules.

Image of checkbox selecting Do not allow bypassing the above settings

This permission differs from the Push commits to protected branches permission, which allows pushing to a protected branch, but branch protection rules will still apply and could result in a push being denied.

For more information, visit Managing custom repository roles for an organization in the GitHub documentation.

We appreciate feedback on this and other topics in GitHub's public feedback discussions.

False-alert flags will appear in users security log due to a bug in 2FA recovery events

Users with 2FA enabled may see false-alert flags in their security log for recovery_code_regenerated events between July 15 and August 11, 2022.
These events were improperly emitted during an upgrade to the 2FA platform. The storage format of the per-user value GitHub uses to generate your recovery codes was updated, causing the watch job to trigger the erroneous recovery_code_regenerated event.

No action is required from impacted users with regards to these events. GitHub has a policy to not delete security log events, even ones generated in error. For this reason, we are adding flags to signal that these events are false-alerts. No recovery codes were regenerated, and your existing saved recovery codes are still valid.

image

See more

GitHub Issues – August 18th update

Today’s Changelog brings improved date filtering and the command palette (beta) to Projects!

📆 Date filter improvements

We’ve improved filters so you can use relative offsets for dates and iterations. Try it out by adding date:@today+7 or iteration:@current+2 to the filter bar.

🎨 Command palette (beta)

The command palette is now available in Projects as a beta release and includes project-specific commands.

With this update, the command palette enables users to navigate Repos and Projects and search for Issues and PRs across GitHub directly from Projects.

Quickly access commands related to the project you’re viewing:

Screenshot of the command palette with project-specific commands displayed. Commands shown are added items, filter by, group by, manage fields, and navigate to.

Or search and navigate throughout GitHub directly from a project:

Screenshot of command palette with search commands displayed. Navigation commands allow users to visit an org, repos, packages, people, teams.

✨ Bug fixes & improvements

Other changes include:

  • Ability to clear selection in the date picker
  • Provide a keyboard shortcut (cmd+s/ctrl+s) to save a project view
  • Visible highlighted row selection when deleting/archiving items

See how to use GitHub for project planning with GitHub Issues, check out what’s on the roadmap, and learn more in the docs.

See more
View all changes