We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with "All activity" or "Security alerts" and enable Dependabot email alerts to receive notifications.
Beginning March 16, here are the steps you need to take to continue to receive notifications from secret scanning:
In GitHub Desktop 3.1, we introduced viewing the diff of changes across multiple commits. This allows you to be certain there are no unintended changes in the group of commits you are about to push. Taking that feature to the next level, GitHub Desktop 3.2 allows you to Preview your Pull Request – see a diff of all the changes being introduced by your feature branch into your repository's default branch.
You can now set up both SMS and an authenticator app (TOTP) for two-factor authentication on your GitHub.com account. Previously these methods were mutually exclusive, and you needed to create a "fallback" SMS registration that could be used for account recovery.
With this update, we are removing the fallback SMS option, and will migrate all fallback SMS registrations to be standard 2FA methods today. A small set of users had both a primary and fallback SMS registration on their account – they continue to have that fallback SMS registration, and will receive email about it today.
To learn more about setting up 2FA and GitHub's account recovery methods, see "Configuring 2FA" and "Configuring 2fa recovery methods"
