We’ve released the following improvements to your homepage feed.
2. You will now see cards for when someone has forked one of your repositories. 
We’ve added a new category to the GitHub Docs, “Contributing to GitHub Docs”, filled with resources used by the GitHub Docs team, the rest of the company, and the open source community to create documentation. The articles in this category explain the processes behind producing documentation, how GitHub approaches docs, and how to write docs according to GitHub’s style and content guidelines. If you’ve ever wanted to know the processes behind producing documentation or you’re about to begin documenting your own project and want to base your processes on our approach, you can now find that information in GitHub Docs.
GitHub Docs is an open source project that everyone is welcome to contribute to. To contribute, head to our github/docs repository and browse the open issues with the “help wanted” label.
In 3.2.8, GitHub Desktop is shipping two great community contributions of highly requested features — “Check Out a Commit” and “Double Click to Open in Your External Editor”.
Alongside that, we have a nice addition to the clone dialog where you can quickly see if a repository has been archived, as well as many accessibility enhancements.
A big thanks to @kitswas for his work in adding the ability to check out a commit from the history tab, a much asked for feature.
We would also like to give a shout out to @digitalmaster with another highly requested feature add of being able to double click on a file to open it in your external editor, whether that is in the history or changes view.
Another great add with this release is being able to tell at a glance which repositories in your cloning dialog are archived and likely not suitable for cloning.
GitHub Desktop is actively working to improve accessibility in support of GitHub’s mission to be a home for all developers.
In so, we have the:
– addition of aria-label and aria-expanded attributes to the diff options button – #17062
– number of pull requests found after refreshing the list screen reader announced – #17031
– ability to open the context menu for the History view items via keyboard shortcuts – #17035
– ability to navigate the “Clone a Repository” dialog list by keyboard – #16977
– checkboxes in dialogs receiving initial keyboard focus in order not to skip content – #17014
– progress state of the pull, push, fetch button announced by screen readers – #16985
– inline errors being consistently announced by screen readers – #16850
– group title and position correctly announced by screen readers in repository and branch lists – #16968
– addition of an aria-label attribute to the “pull, push, fetch” dropdown button for screen reader users – #16839
– aria role of alert applied to dialog error banners so they are announced by screen readers – #16809
– file statuses in the history view improved to be keyboard and screen reader accessible – #17192
– ability to open the file list context menu via the keyboard – #17143
– announcing of dialog titles and descriptions on macOS Ventura – #17148
– announcing of the “Overwrite Stash”, “Discard Stash”, “Delete Tag”, and “Delete Branch” confirmation dialogs as alert dialogs – #17197, #17166, #17210
– improvements of contrast in text to links – #17092
– tab panels in the branch dropdown announced by screen readers – #17172
– stash restore button description associated to the button via an aria-describedby – #17204
– warnings in the rename branch dialog placed before the input for better discoverability – #17164
– errors and warnings in the “Create a New Repository” dialog are screen reader announced – #16993
Automatic updates will roll out progressively, or you can download the latest GitHub Desktop here.
We've shipped a small fix to improve security around creation of pull requests in public repos.
Prior to this fix and under very specific conditions, a user could create a pull request in a public repo even though they did not have push access to either the base or head branch and were not a member of the repo's organization. Often these pull requests were created by mistake and quickly closed, but could still trigger unexpected GitHub Actions or other CI jobs.
This fix has no impact on the common open source workflow where a user forks a public repo, makes a change in their fork, and then proposes their change using a pull request. This fix also has no impact on pull requests already created.
We want to hear from you! Let us know if you have questions or feedback.
If you manage your node.js dependencies with the pnpm package manager, you can now use Dependabot to keep those dependencies updated with automatic pull requests. You can easily configure this feature by adding or updating your dependabot.yml file in your repository. At this time, Dependabot will not open security alerts against pnpm dependencies.
Secret scanning's push protection feature is now generally available for all free public repositories on GitHub.com.
You can enable push protection for any public repository on GitHub.com from your repository's "Code security and analysis" settings in the UI or REST API. If you're an organization or enterprise owner, you can also also bulk-enable secret scanning.
For your repositories that are not a part of an organization, you can bulk-enable secret scanning and push protection in your personal "Code security and analysis" settings.
We announced two weeks ago that we are changing how you receive notifications for secret scanning alerts. From today, those changes are in effect.
As long as you are not ignoring the repository in your watch settings, commit authors always receive notifications for new secrets that are leaked. This means you receive a notification for any secret committed after an initial historical scan has run on the repository.
We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with "All activity" or "Security alerts" and enable Dependabot email alerts to receive notifications.
Beginning March 16, here are the steps you need to take to continue to receive notifications from secret scanning:
Today's Changelog brings you roadmap markers and command line support for Projects!
Keep track of upcoming dates in your roadmap by visualizing the due dates of your milestones, iteration durations and breaks, and additional date fields as vertical markers. Configure these from the Markers menu to display them on the view.
Interact with projects, items, and fields from your favorite terminal with the GitHub CLI projects extension.
To install the extension in gh:
$ gh extension install github/gh-projectsUsage:
$ gh projects -h
Work with GitHub Projects. Note that the token you are using must have 'project' scope, which is not set by default. You can verify your token scope by running 'gh auth status' and add the project scope by running 'gh auth refresh -s project'.
Usage:
projects [command]
Available Commands:
close Close a project
copy Copy a project
create Create a project
delete Delete a project
edit Edit a project
field-create Create a field in a project
field-delete Delete a field in a project
field-list List the fields in a project
help Help about any command
item-add Add a pull request or an issue to a project
item-archive Archive an item in a project
item-create Create a draft issue item in a project
item-delete Delete an item from a project
item-edit Edit a draft issue in a project
item-list List the items in a project
list List the projects for a user or organization
view View a project
Flags:
-h, --help help for projects
Use "projects [command] --help" for more information about a command.Share your feedback in the repository.
Learn more about extensions (and how to build your own!) in this GitHub blog.
/ in the name couldn't be duplicated (Enterprise users only)See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.
You can now enable secret scanning alerts on all your personal public repositories from your account's code security and analysis settings.
As before, you can also enable secret scanning alerts on any individual public repository or on all public repositories within an organization or cloud enterprise.
Secret scanning is free on public repositories, and available as part of GitHub Advanced Security on private repositories.
Previously, only organizations with GitHub Advanced Security could enable secret scanning's user experience on their repositories. Now, any admin of a public repository on GitHub.com can detect leaked secrets in their repositories with GitHub secret scanning.
The new secret scanning user experience complements the secret scanning partner program, which alerts over 100 service providers if their tokens are exposed in public repositories. You can read more about this change and how secret scanning can protect your contributions in our blog post.
The npm CLI v9 is now generally available! As of today, running npm i -g npm will install the latest version (v9.1.1). Details on the major breaking changes, features and bug fixes of v9 can be found in our last changelog post.
A huge shout out to all of the contributors who helped make this release possible and who continue to make npm awesome.
Learn more about v9.1.1 in the release notes. You can also find references to previous releases in the project's CHANGELOG.md.
We’re excited to introduce a new beta version of GitHub’s home feed on your dashboard,
designed to help developers build community, find inspiration, and celebrate each other’s incredible work.
To try it out, head to github.com and click "For you." For more information, see the documentation.
We've added enhanced support for CITATION.cff files to GitHub. CITATION.cff files are plain text files with human- and machine-readable citation information, and with this new feature, GitHub parses this information into convenient formats such as APA and BibTeX that can be copied by others.
Under the hood, we’re using the ruby-cff RubyGem to parse the contents of the CITATION.cff file and build a citation string that is then shown in the GitHub user interface. Special thanks to the gem creators @sdruskat @jspaaks and @hainesr who worked with us to build this.
Issues submitted to open source projects often lack important information. Markdown issue templates can help by providing text that contributors can remove and replace with their own input – but sometimes contributors can miss details or get confused.
New, YAML configured issue forms enable maintainers to build structured forms with required fields and easy-to-follow steps so that they can capture every important detail.
Issue forms are now available in beta for all publicly accessible repositories.
