GitHub Actions; All Actions will run on Node20 instead of Node16 by default

Node16 has been out of support since September 2023. As a result we have started the deprecation process of Node16 for GitHub Actions. We plan to migrate all actions to run on Node20 by Spring 2024.
Following on from our warning in workflows using Node16 we will start enforcing the use of Node20 rather than Node16 on the 3rd of June.

If you would like to test this ahead of timer, you can choose to set
FORCE_JAVASCRIPT_ACTIONS_TO_NODE20=true
as an ‘env’ in their workflow or as an environment variable on your runner machine to force the use of Node20 now.

To opt out of this and continue using Node16 while it is still available in the runner, you can choose to set ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true
as an ‘env’ in their workflow or as an environment variable on your runner machine. This will only work until we upgrade the runner removing Node16 later in the spring.

Removal of Operating System support for non-Node20 OS versions

To support this change, we will be removing the Action runner support for the following operating systems which do not have official support for Node20:
– Red Hat Enterprise Linux 7
– CentOS 7
– Oracle Linux 7
– Debian 9
– Ubuntu 16.04
– Linux Mint 18
– openSUSE 15
– SUSE Enterprise Linux (SLES) 12 SP2
– Windows 7 64-bit
– Windows 8.1 64-bit

To find out more about our currently supported OS versions, please read our public docs

What you need to do

For Actions maintainers: Update your actions to run on Node20 instead of Node16 (Actions configuration settings)
For Actions users: Update your workflows with latest versions of the actions which runs on Node20 (Using versions for Actions)

We’re excited to announce the launch of our redesigned Support Portal! Our aim is to enhance your support experience, and we’ve tailored the portal with your needs in mind.

The redesign focuses on increased user-friendliness, accessibility, and intuitive navigation, enabling us to provide you with more personalized content. This ensures you can quickly and easily find the answers you’re looking for.

Whether you have a question, an issue, or a suggestion, our Support Portal is designed to help you get the most out of our products and services.

Explore the new look at https://support.github.com and share your feedback with us!

transition between the old support portal to new

See more

Dependabot security updates help you keep your dependencies secure by opening pull requests when a Dependabot alert is raised. With today’s release, you can now use flexible grouping options in dependabot.yml to control how Dependabot structures its security pull requests to make them more mergeable for you based on your context. Whether you’d like to simply update as many dependencies at once as possible (patterns: '*') or minimize the risk of breaking changes (dependency-type: development or update-types: "patch"), there are grouping options for you.

By specifying applies-to: security-updates in your group rule configuration, you can specify how you would like Dependabot to group your security updates. If you would like Dependabot to group together all possible updates for an ecosystem, you can instead use the UI located in your repository settings to do so. To learn more about this, check out our documentation here.

The available grouping options are:

  • patterns, which will match based on package names
  • dependency-type, which will group based on development or production dependencies, for ecosystems where this is supported, and
  • update-types, which will group based on SemVer level update

Learn more about grouping configuration options here.

See more