Evolving GitHub Issues (public preview)

Following our opt-in preview last year, we are excited to release sub-issues, issue types and advanced search for issues to everyone! 🎉

Thank you to everyone who opted-in and gave us feedback on these new additions. We will be rolling out these changes incrementally and expect all users to have access by the end of this week.

🔗 Break down and nest issues with sub-issues

Sub-issues allow you to break down and organize issues within a parent-child hierarchy. You can create sub-issues from any issue and use their nested structure to track progress and understand remaining work. You can also easily track sub-issues progress within your projects.

Learn more and share feedback on sub-issues.

📁 Organize your work with issue types

Issues types allow you to classify and manage your issues with a shared and consistent language across all repositories in an organization. You can quickly understand the progress of your bug backlog, find all of the high level initiatives teams are working on, and understand the breakdown of work in a project.

Issue types displayed as part of a repo index page

Learn more and share feedback on issue types.

From the repository issues page, you can build advanced searches using the AND and OR keywords and parentheses for nested searches. This allows you to build more complex filters to find the exact set of issues you’re looking for.

A user searches for type bug OR type task

Learn more and share feedback on advanced search for issues.

🎨 Issues UI updates

All these new features are based upon an update to the issues front end, designed to be fast and familiar. This means there are no new UI patterns to slow you down, but we did include a few tweaks to speed you up, including:

  • The issues index page has a new filter bar with autocomplete and syntax highlighting.
  • Creating multiple issues is faster with a ‘create more’ option to quickly get back to the creation screen.
  • Issue form and templates are now presented in alphabetical order based on file name, making it easier for you to set just the right order.
  • Easily share the URL to an issue with a new ‘copy link’ button.
  • On long issues, selecting ‘load more’ will now fetch 150 events instead of 50.

Learn more and share feedback on the updated issues UI.

👀 Not ready yet?

Head over to your account’s feature preview page to switch between the new and old experiences. Due to the incremental roll out of the new experiences over the course of this week, you may find you only have access to the feature preview toggle once the roll out has completed.

On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. In January 2024, we announced that CodeQL Action v2 would be deprecated at the same time as GitHub Enterprise Server (GHES) 3.11. This deprecation period has elapsed and CodeQL Action v2 is now discontinued. It will no longer be updated or supported, and while we will not be deleting it except in the case of a security vulnerability, workflows using it may eventually break. New CodeQL analysis capabilities will only be available to users of v3.

For more information about this deprecation, please see the original deprecation announcement from January 2024.

How does this affect me?

Default setup

Users of code scanning default setup do not need to take any action in order to automatically move to CodeQL Action v3.

Advanced setup

Users of code scanning advanced setup need to change their workflow files in order to start using CodeQL Action v3.

Users of GitHub.com and GitHub Enterprise Server 3.12 (and newer)

All users of GitHub code scanning (which by default uses the CodeQL analysis engine) on GitHub Actions on the following platforms should update their workflow files:

  • GitHub.com (including open source repositories, users of GitHub Teams and GitHub Enterprise Cloud)
  • GitHub Enterprise Server (GHES) 3.12 (and newer)

Users of the above-mentioned platforms should update their CodeQL workflow file(s) to refer to the new v3 version of the CodeQL Action. Note that the upcoming release of GitHub Enterprise Server 3.12 will ship with v3 of the CodeQL Action included.

Users of GitHub Enterprise Server 3.11 (and older)

GitHub Enterprise Server 3.11 (and older) is now deprecated. For more information on using the CodeQL Action on a deprecated GitHub Enterprise Server version, refer to the relevant sections of the CodeQL Action v2 deprecation announcement.

Exactly what do I need to change?

To upgrade to CodeQL Action v3, open your CodeQL workflow file(s) in the .github directory of your repository and look for references to:

  • github/codeql-action/init@v2
  • github/codeql-action/autobuild@v2
  • github/codeql-action/analyze@v2
  • github/codeql-action/upload-sarif@v2

These entries need to be replaced with their v3 equivalents:

  • github/codeql-action/init@v3
  • github/codeql-action/autobuild@v3
  • github/codeql-action/analyze@v3
  • github/codeql-action/upload-sarif@v3

Can I use Dependabot to help me with this upgrade?

Yes, you can! For more details on how to configure Dependabot to automatically upgrade your Actions dependencies, please see this page.

See more

GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.

The following new patterns were added over the last few months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.

Provider Token Partner User Push protection
Anthropic anthropic_admin_api_key
Asaas asaas_api_token
Asana asana_legacy_format_personal_access_token  ✓
Azure azure_openai_key
Azure microsoft_azure_common_annotated_security_key
Azure microsoft_azure_entra_id_token
Cfx.re cfxre_server_key
Cockroach Labs ccdb_api_key
Coveo coveo_access_token
Databento databento_api_key
Datastax datastax_astracs_token
Google google_cloud_service_account_credentials
Google google_gcp_api_key_bound_service_account ✓  
Hubspot hubspot_private_apps_user_token
Hubspot hubspot_smtp_credential
Hugging Face hf_user_access_token
Iterative iterative_dvc_studio_access_token
Lichess lichess_personal_access_token
Lichess lichess_oauth_access_token
MongoDB mongodb_atlas_db_uri_with_credentials
Netflix netflix_netkey
OpenRouter openrouter_api_key
Oracle oracle_api_key
Polar polar_access_token
Polar polar_authorization_code
Polar polar_client_registration_token
Polar polar_client_secret
Polar polar_personal_access_token
Polar polar_refresh_token
Replicate replicate_api_token
Scalr scalr_api_token
Sentry sentry_org_auth_token
Sentry sentry_user_auth_token
Sentry sentry_user_app_auth_token
Sentry sentry_integration_token
Shopee shopee_open_platform_partner_key
Siemens siemens_api_token
Sindri sindri_api_key
Tailscale tailscale_api_key

The following existing patterns were upgraded to be included in push protection. When push protection is enabled, secret scanning automatically blocks any pushes that contain a secret matching these patterns.

Provider Token
Contentful contentful_personal_access_token
GitLab gitlab_access_token
Ionic ionic_refresh_token
Orbit orbit_api_token
PyPI pypi_api_token
Thunderstore thunderstore_io_api_token
Yandex yandex_cloud_iam_access_secret

Learn more about securing your repositories with secret scanning.

See more