Keyboard Navigation Improvements for Hovercards

July 29, 2024

We are excited to announce new keyboard behavior for navigating and dismissing hovercards without the need for a mouse! This enhancement is designed to make our platform more user-friendly for everyone, particularly those who rely on keyboard navigation.

How It Works

When you focus on a link with a hovercard, you can now press Alt + Up to make the hovercard appear and move focus inside it. This ensures that you can interact with the hovercard content without leaving your keyboard. Focus is trapped within the hovercard, similar to how it would be in a dialog box. To dismiss the hovercard and restore focus to the link, press Esc.

Customizable Settings

In response to both community and internal feedback, we have also introduced a new user setting that allows you to disable all hovercards. This option can be found under Accessibility Settings.

Send us Feedback

You can reach out to us at GitHub Community. Your feedback is invaluable as we strive to create an inclusive and accessible environment for all users.

Automatically submit your Maven transitive dependencies to the dependency graph

July 29, 2024

To create a comprehensive model of the dependencies in a Maven project, it is essential to understand the the transitive dependencies that are resolved at build-time. This feature automatically performs build-time resolution of Maven dependencies and submits them to the dependency graph. This improves visibility into your project’s composition by including both the direct and transitive dependencies in your repository’s dependency graph and Dependabot alerts.

When you enable this feature, GitHub will monitor changes to the pom.xml file in the root of all branches of the repository, discover the dependencies referenced in this file, and automatically submit details about them to the dependency graph. This feature requires GitHub Actions, and it is compatible with both GitHub-hosted or self-hosted runners.

See the documentation to learn more about how to enable automatic dependency submission to help you secure your software supply chain.

See more See more

CodeQL 2.18.1: Kotlin & Swift mobile support is generally available, TypeScript 5.5 support, C# build-mode: none public beta

July 26, 2024

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.18.1 has been released and has now been rolled out to code scanning users on GitHub.com.

Important changes by version include:

For CodeQL 2.17.6:
- C# can now use build-mode: none, which allows scanning C# code without requiring working builds.
For CodeQL 2.18.0:
- Support for TypeScript 5.5.
For CodeQL 2.18.1:
- Kotlin & Swift support for mobile applications is now generally available.
- Java build-mode: none analyses now only report a warning on the tool status page when significant analysis problems are detected.
- Two new JavaScript queries js/functionality-from-untrusted-domain has been added to detect usage of scripts from untrusted domains, including polyfill.io content delivery network and js/insecure-helmet-configuration to detect instances where important Helmet security features are disabled.
- The precision of cpp/iterator-to-expired-container & cpp/unsafe-strncat have been increased to high. They have been moved to the default query suite.

For a full list of changes, please refer to the complete changelog for versions 2.17.6, 2.18.0, and 2.18.1. All new functionality will be included in GHES 3.15. Users of GHES 3.14 or older can upgrade their CodeQL version.

See more See more

View all changes