Skip to content

Temporary private forks can now be deleted from repository advisories

If you are a security manager or a user with admin permissions to a repository, you can now delete the workspace directly from the repository advisory, regardless of the state of the advisory. Before this, there was no option to delete such private forks.

New delete private fork button

Enhanced Accessibility for Links in Text Blocks Public Beta

To improve accessibility for our users, we've introduced a new accessibility setting to underline links within text blocks. Links should be easily distinguishable from surrounding text, not just by color but by styling. You can now toggle an accessibility setting to either "show" or "hide" underlines for links in text blocks, ensuring clear visibility and differentiation. You can learn more about this functionality in the documentation.

During this public beta phase, your feedback is invaluable. If you spot a link within a text block that isn’t underlined when the setting is enabled, please let us know.

Thank you for supporting our commitment to making GitHub more accessible for everyone!

See more

CodeQL code scanning deprecates ML-powered alerts

In February 2022, we introduced experimental CodeQL queries that utilize machine learning to identify more potential vulnerabilities. This feature was only available for JavaScript / TypeScript code and was available to code scanning users that enabled the optional security-extended or security-and-quality query suites.

We disabled this experimental feature for new code scanning users in June 2023. Today, we're sunsetting it for all users.

Any currently open code scanning alerts from these queries (Rule ID starts with js/ml-powered/) will be closed. Closed alerts will still be visible in the code scanning alerts view in your repository’s Security tab. The complete history of each alert will remain accessible by clicking on the alert.

CodeQL will continue to run the existing non-ML versions of these queries and provide you with highly precise and actionable alerts.

We’ve learned a lot from the feedback and experience of the repositories that participated in this experiment, and we’ve since ramped up our investment in AI-powered security technology. This new technology is already boosting our ability to cover more sources and sinks of untrusted data in order to significantly increase the coverage and depth of all queries.

See more
View all changes