Repository ownership limits

Starting on April 28th, 2025, GitHub will implement a new limit of 100,000 repositories on the total number of repositories per owner for both user accounts and organizations.

We’re committed to keeping our platform safe and secure while delivering the experiences you expect. By capping repository ownership, we’re preventing slowdowns on administrators as well as ensuring the health of our infrastructure to provide a smooth and secure environment for all users. You can find more about the degraded performance large accounts can face exceeding 100,000 repositories in our documentation about repository limits.

Notification process

When an account surpasses 50,000 repositories, a banner noting the approaching limit will appear. Additionally, administrators will receive email notifications, and the audit log will update every additional 5,000 repositories created.

Temporary exemptions

For accounts at or nearing the 100,000-repository limit, GitHub will provide information on temporary exemptions and offer guidance on reducing repository counts. If you require more than 100,000 repositories, you can distribute ownership across multiple organizations, maintaining seamless operations.

Additional resources

The stale repos action that was launched in 2023 is designed to help organizations identify and report on repositories with no activity.

For further details and guidance on navigating these changes, please visit our documentation.

Or you could join the discussion in GitHub Community.

GPT-4o Copilot: Your new code completion model is now generally available

Header introducing GPT-4o Copilot model

What’s changing

The GPT-4o Copilot model released in preview last month and updated this month now provides code completions for all Copilot users. This model delivers higher quality suggestions and improved latency.

Getting ready

No additional action is required if you’re on the latest version of the GitHub Copilot extension for VS Code, Visual Studio, or JetBrains. If you’re on an older version of the GitHub Copilot extension, the model will roll out to you in the coming days. Updating your extension will ensure quicker access.

Retirement of GPT-3.5 Turbo based model

Over the coming days, your code completion experience will switch to GPT-4o Copilot. The GPT-3.5 Turbo based copilot-codex model, which was the previous model, will no longer be available.

Your feedback

Thank you to the tens of thousands of developers who used this new model in preview. Please continue to share your feedback directly and in the GitHub Community!

See more

Transitive dependencies are now available for Maven

Following the ship of transitive labeling for npm packages, the same capabilities are now available for Maven packages:

  • Dependabot alerts now contain a direct label if they are associated with a package you’ve directly included. In addition, there’s now a relationship:direct filter in the search bar to only show those alerts caused by your direct dependencies.
  • The direct dependency that led to a package’s inclusion in your dependency graph is visible both in the text of any new Dependabot alerts and the dependency insights page (click the button, then Show options to view it).
  • A repository’s SBOM will contain a relationships section that uses the SPDX relationshipType: DEPENDS_ON field to express the tree of package dependencies. Similarly, the GraphQL API will now return a relationship field with direct, transitive, or unknown values in the DependencyGraphDependency object.

Ability to refresh Dependabot alerts from the list view

In addition to the Maven-specific additions, the Alert Settings menu on Dependabot alert tables now provides a Refresh Dependabot alerts option which will rescan your repository’s manifest files, rebuild its dependency graph, and refresh its open Dependabot alerts.

New 'Refresh Dependabot alerts' option in the Alert Settings menu on the Dependabot alerts page.

Getting started

To get transitive dependency labeling on your repositories, make sure dependency graph is enabled, and either enable Automatic dependency submission on the same settings page or use a dependency submission action. As a beneficial side-effect of this change, other package ecosystems with actions that create transitive dependency trees – such as go – will also now receive transitive and direct labels.

To see the Dependabot labels, you’ll also need to enable Dependabot alerts.

Join the discussion within GitHub Community.

See more
View all changes