As of November 6, 2024, Dependabot will no longer support Composer version 1, which has reached its end-of-life. If you continue to use Composer version 1, there’s a risk that Dependabot will not create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of Composer. As of October 2024, the newest supported release of Composer is 2.8, and the long-term supported version is 2.2. View Composer’s official documentation for more information about supported releases.
Upcoming replacement of enterprise code security enablement UI and APIs
In the coming months, the current interface for managing code security settings for an enterprise will be deprecated and replaced with new and improved code security configurations that will provide you a more consistent and scalable way to manage security settings across repositories within your enterprise.
The current REST API endpoint to enable or disable a security feature for an enterprise is now deprecated. It will continue to work for an additional year in the current version of the REST API before being removed in September of 2025, but note that it may conflict with settings assigned in code security configurations if the configuration is unenforced, potentially resulting in a security configuration being unintentionally removed from a repository. To change the security settings for repositories at the enterprise level, you can use the current enterprise-level security settings UI or the upcoming code security configurations API.
Enterprise admins can now manage and apply content exclusions at the enterprise level. This expands upon previous capabilities where only org admins and repo admins could apply exclusions. Enterprise admins can now implement exclusions that apply to all users within the enterprise, providing a more comprehensive and centralized approach to managing content exclusions.
How to get started?
Enterprise admins can access Copilot Content Exclusions by navigating to the Policies tab, clicking on Copilot, and then selecting the Content Exclusions tab.
Enterprise admins can learn more about excluding content with Copilot in our detailed documentation: Configuring Content Exclusions For GitHub Copilot
How will repo-level rules change with the introduction of enterprise-level rules?
There are no changes to repo-level rules with the introduction of enterprise-level settings. If a repo admin has excluded certain files from that repository, those exclusions will continue to apply to all users working on that repo within the enterprise.
How will org-level rules change with the introduction of enterprise-level rules?
Currently, org-level rules apply to all users across the enterprise. However, once enterprise-level settings are available and applied by enterprise admins, org-level rules will only affect users who are assigned Copilot seats from that specific org. This change allows for more targeted control within each organization, ensuring that org rules are scoped more precisely.
Important Details for Org Admins
If you haven’t set any rules at the org level yet, any rules you set going forward will only apply to users getting Copilot seats from your org.
If you are an existing org with rules already set up for content exclusions, here’s what you need to know:
Before November 8th:
- If Enterprise Admins Do Not Set Rules: Org-level rules will continue to apply to all users across the enterprise, functioning as they do today.
- If Enterprise Admins Set Rules: Once enterprise-level rules are applied, org-level rules will only apply to users with Copilot seats from your specific org.
After November 8th:
- Org-level rules will no longer apply enterprise-wide. They will be limited to users who are assigned Copilot seats from your org, regardless of whether enterprise-level rules are applied.
Please coordinate with your enterprise admins to ensure that rules are set correctly for your organization.
Read Copilot content exclusions document to learn more about our exclusion rules.