GitHub Copilot – June 29th Update

With GitHub Copilot being used by over 20K organizations 🎉 and the increased momentum of our Chat functionality, we wanted to take this opportunity to highlight recent updates and ships.

GitHub Copilot Chat (Visual Studio Code)

Note: To get access to the new chat-based GitHub Copilot features, you’ll need to sign up for the GitHub Copilot chat waitlist.

The GitHub Copilot Chat extension graduated from Insiders into Stable with the release of Visual Studio Code v1.79. Highlights include:
– Improvements to editor chat, most notably we have changed its default mode to be “livePreview”. In this mode, changes are applied directly to the document and shown with an embedded diff view.
– When using Copilot in a notebook document, Copilot can use the notebook context to provide more relevant suggestions.
– When running notebook cells, Copilot provides suggestions for cell execution failures.
– When viewing a review thread, it is now possible to directly apply a review comment using Copilot.
– An experiment using chat to ask quick programming questions without leaving context.
– You can now delete a chat request/response pair by clicking the X icon in the chat request.
– Added the ability to move chat sessions back and forth between the sidebar and editor.

VSCode-Copilot-Chat

For previous updates, reference the Insiders April 2023 (v1.78) release notes.

To learn more about GitHub Copilot as well as tips and tricks and best practices, have a look at the VS Code YouTube channel. There you’ll find an introduction to GitHub Copilot, language-specific usage, and guidance on effective prompting when using Copilot for development.

Copilot with your debugger (Visual Studio)

Copilot Chat in Visual Studio helps you figure out how to fix issues when you’ve hit an exception. Just hit the link in the exception dialog to see an explanation of the exception together with likely causes and suggested code solutions to fix the problem inline. Copilot gathers the data about your exception, code, and variable values to help form an exact question and get you a great answer. Combine that with the power of features like Hot Reload, and you can test out the suggested change and be on your way much faster.

VS-Copilot-Debugger

Visual Studio’s IntelliSense list can now steer GitHub Copilot code completions

GitHub Copilot and Visual Studio’s built-in AI assistance features are now better together. With the latest release (version 1.84+), Copilot predictions are not only visible when IntelliSense is open, but your IntelliSense selection also steers the prediction offered by Copilot. This helps you explore and get just the code completion you want. It’s particularly helpful with the starred completions that Visual Studio’s built-in IntelliCode AI provides with member ranking in the IntelliSense list.

Code completion improvements

  • GitHub Copilot is now even more powerful and responsive for developers, thanks to a new model powered by GPT-3.5 Turbo through the collaboration across OpenAI, Azure AI, and GitHub that offers 13% latency improvements.
  • Code completion uses an 8k context window that improves suggestions and acceptance rates.

Bug fixes and improvements

  • Added the ability to export a CSV of all users for an org. From the seat management page, you can export a flat list of all your users – helping address a significant pain point for our admins who want to avoid scrolling through page after page and want better insight into who within a Team is using Copilot.
  • We updated the Copilot signup flow to make signing up for a GitHub account AND Copilot in one fluid experience easier.
  • France is our newest region serving Copilot code completion requests, improving latency for European customers. This is in addition to our existing Switzerland presence.
  • In Visual Studio, we added the ability to preview code insertions back into your code using the same grey text approach we use for code completions.
  • In Visual Studio, you can now delete chat requests

Dependabot pull requests pause for inactivity in enterprises

Enterprise users will now notice added functionality where Dependabot security and version updates may be paused for repositories.

If you are an enterprise user that uses Dependabot updates and there has been no activity in a repository, such as merging, closing, or any other interaction, with Dependabot pull requests for a period exceeding 90 days, the updates will be paused. To resume activity, simply merge or close one of Dependabot's pull requests, or modify the Dependabot config file in the repository.

This change will help Dependabot be more focused to the repositories you care about and reduce use of GitHub Actions minutes on inactive Dependabot pull requests.

If you are using security overview with GitHub Advanced Security, you will be able to see which repositories in your organization have been paused from the security coverage view.

You will also be able to see whether Dependabot has been paused for a repository by querying the /repos/{owner}/{repo}/automated-security-fixes REST API endpoint, which will return both the enablement status and paused status of the repository.

When will Dependabot become paused?

This change only applies to repositories where Dependabot pull requests exist but remain untouched. If no Dependabot pull requests have been opened, Dependabot will never become paused.

The following must be true for at least 90 days:

  • Has not had a Dependabot PR merged
  • Has not had changes made to the Dependabot config file
  • Has not had any @dependabot comment-ops performed
  • Has not had any Dependabot PRs closed by the user
  • Has received at least one Dependabot PR before the 90 day window
  • Has at least one Dependabot PR open at the end of the 90 day window
  • Has had Dependabot enabled for this entire period

How will Dependabot let me know?

Dependabot will add a notice to the body of all open Dependabot pull requests and add a dependabot-paused label to them. Dependabot will also add a banner notice in the UI of your repository settings page (under “Dependabot”) as well as your Dependabot alerts page (if Dependabot security updates are affected).

Who can use this feature?

This change does not apply to Dependabot alerts or subsequent notifications. So, only repositories that have automated Dependabot version updates or security updates, but haven't interacted with these pull requests for a while, will be affected.

Learn more about this change
Learn more about how to interact with the REST API

See more

Code scanning default setup is now available for all CodeQL supported languages, excluding Swift

Code scanning default setup is now available for all CodeQL supported languages, excluding Swift. This includes supporting JavaScript/TypeScript, Ruby, Python, Go, Java/Kotlin, C/C++, and C# at the repository level. We will extend support to include Swift soon. We are also working to extend all CodeQL language support to the organization level.

Default setup detects the languages in the repository and automatically analyzes JavaScript/TypeScript, Ruby, Python, and Go. With this enhancement, you can customize the configuration to also analyze Java/Kotlin, C/C++, and C#. The configuration can be viewed and edited at any time, during or after set up.

You can also use the REST API to include CodeQL supported languages in the default setup configuration.

What if the analysis for a language fails in default setup?

It is possible for the CodeQL analysis for a particular language to fail, such as when the code can't be compiled. If the CodeQL analysis for a language fails in default setup, you will see an error message on the repository's settings page, in the code security and analysis section. To resolve the situation you can:

  1. Deselect the language from the configuration and continue to use default setup for the successful languages.
  1. Convert to advanced setup. The advanced setup uses a yml file and allows you to provide the build information required for the CodeQL analysis to succeed.
  1. Debug and fix the cause of the language failure. The Actions log will provide the failure reason so you can resolve this for a successful analysis.

Why aren't some languages automatically included in the default setup configuration ?

Java (including Kotlin), C/C++, and C# are not automatically included in the default setup configuration because they often require more advanced configuration. Code written in these languages needs to be compiled in order for CodeQL analysis to proceed. CodeQL will attempt to build your code automatically but may fail if your code requires bespoke build steps.

Java (including Kotlin), C/C++, and C# are not included in bulk code scanning setup from the organization level. We are working to extend all CodeQL language support to the organization level soon.

For more information on code scanning default setup, see Configuring code scanning automatically.

See more
View all changes