GitHub Advanced Security users can now use the REST API to enable or disable secret scanning validity checks for a repository, organization, or enterprise. Validity checks retrieve a status for supported tokens from their relevant partner (active
, inactive
, or unknown
). This status is displayed in the secret scanning alert view and the REST API.
Beginning January 8th, 2024, we will be making changes to the repository insights UI and API on GitHub for repositories with over 10,000 commits. The targeted UI and API have very low usage and rely on a legacy service we’re moving away from.
User Interface Updates
We are removing the following data:
- Under Insights > Contributors, we are removing addition/deletion counts for repositories with over 10,000 commits, as well as the dropdown that shows the graphs associated with additions and deletions. All the commit counts and commit count graphs will remain unchanged.
Current page | Repos with over 10,000 commits after the change is made |
---|---|
- Under Insights > Code Frequency, we will only show data for repos with under 10k commits.
Current page | Repos with over 10,000 commits after the change is made |
---|---|
REST API Modifications
Alongside the UI changes, the following API changes will be implemented:
- The REST API responses for repositories with 10,000+ commits will report
0
values for the addition and deletion counts to improve performance. This impacts the/repos/{owner}/{repo}/stats/contributors
endpoint to get all contributor commit activity - The
/repos/{owner}/{repo}/stats/code_frequency
API endpoint will return a 422 status code for repos with 10,000 or more commits.- This is different from the previous two because this endpoint only returns additions/deletions, which we will no longer return for repos with over 10k commits. The previous two endpoints also return the total number of commits, which we will continue to generate.
For users who continue to need detailed addition and deletion statistics for large-scale repositories, we suggest using the following Git command, as described in the Git documentation:
git log --pretty="format:%m%ad----%ae%n%-(trailers:only,unfold)" --date=raw --shortstat --no-renames --no-merges
We have partnered with our sister team at Microsoft to bring some improvements to the NuGet ecosystem for Dependabot updates:
- Updater logic re-written in C#, making it easier for users of NuGet to contribute to dependabot-core
- Improvement in detection of where package dependencies are declared in .NET projects
- Improved support for implicit dependencies
- Improved support for peer dependencies