You can now use a Beta API to approve workflow runs from public forks of first time contributors.
Learn more about using this API
Learn more about approving first time contributor pull requests
As previously communicated, on May 5th, 2021 we will be conducting the first scheduled brownout for API Authentication via Query Parameters and the OAuth Applications API. If you are passing credentials via query or path parameters, we will intermittently respond with client errors.
OAuth Application API
Please refer to this blog post on migrating to the replacement endpoints.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
Removal
- August 11 2021 at 14:00 UTC
Authentication via Query Parameters
Please refer to this blog post for authentication via headers.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
- August 11, 2021: For 48 hours starting at 14:00 UTC
Removal
- September 8 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.
In February 2020, to strengthen the security of our API, we deprecated API Authentication via Query Parameters and the OAuth Application API to avoid unintentional logging of in-transit access tokens. In the coming months, we'll be removing these endpoints and authentication flow according to the following schedule:
OAuth Application API
Please refer to this blog post on migrating to the replacement endpoints.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
Removal
- August 11 2021 at 14:00 UTC
Authentication via Query Parameters
Please refer to this blog post for authentication via headers.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
- August 11, 2021: For 48 hours starting at 14:00 UTC
Removal
- September 8 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.
You can now link discussions to new releases!
When drafting a new release, check the Create a discussion for this release box, choose a category, and publish. Your community will be able to react and comment on the release notes, giving projects more opportunities to celebrate and receive feedback. Release discussions are also available natively on GitHub Mobile.
For more information, see GitHub Discussions, GitHub Releases and GitHub Mobile documentation.
For questions or feedback, join the conversation in GitHub Product Feedback.
As we announced previously, the format of GitHub authentication tokens has changed. The following token types are affected:
- Personal Access Tokens
- OAuth Access Tokens
- GitHub App User-to-Server Tokens
- GitHub App Server-to-Server Tokens
- Refresh Tokens
If you use any of these tokens, we encourage you to reset them now. This will give you additional security benefits and allow Secret Scanning to detect the tokens.
Notably, the token formats now include the following updates:
- The character set changed from
[a-f0-9]to[A-Za-z0-9_] - The format now includes a prefix for each token type:
ghp_for Personal Access Tokensgho_for OAuth Access tokensghu_for GitHub App user-to-server tokensghs_for GitHub App server-to-server tokensghr_for GitHub App refresh tokens
The length of our tokens is remaining the same for now. However, GitHub tokens will likely increase in length in future updates, so integrators should plan to support tokens up to 255 characters after June 1, 2021.
The "Compare two commits" REST API, which returns a list of commits reachable from one commit (or branch) but not reachable from another, now supports pagination. It can also now return the results for comparisons over 250 commits.
To learn more, see the compare two commits API reference or the guide for using pagination.
The GitHub Discussions GraphQL API public beta is now available. Get started with the GitHub Discussions API.
For questions or feedback, visit GitHub Discussions feedback.