open-source

Subscribe to all “open-source” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

We announced two weeks ago that we are changing how you receive notifications for secret scanning alerts. From today, those changes are in effect.

What action should I take?

If you are a repository administrator, organization owner, security manager, or user with read access to secret scanning alerts:

  • Watch your repositories of interest by choosing "All activity" or "Security alerts." This helps you choose what events GitHub will notify you about.
  • In your user notification settings, you must choose "Email" in the "Watching" section. This tells GitHub how to notify you. Secret scanning only supports email notifications at this time.

If you're a commit author:

As long as you are not ignoring the repository in your watch settings, commit authors always receive notifications for new secrets that are leaked. This means you receive a notification for any secret committed after an initial historical scan has run on the repository.

Learn more

See more

We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with "All activity" or "Security alerts" and enable Dependabot email alerts to receive notifications.

Beginning March 16, here are the steps you need to take to continue to receive notifications from secret scanning:

  1. (No change required) Watch repositories of interest by choosing "All activity" or "Security alerts". This help you choose what events GitHub will notify you about.
  2. (Action needed) In your user notification settings, choose "Email" in the "Watching" section. This tells GitHub how to notify you. Secret scanning only supports email notifications at this time.

watching settings

See more

Today's Changelog brings you roadmap markers and command line support for Projects!

📍 Markers on roadmaps

Keep track of upcoming dates in your roadmap by visualizing the due dates of your milestones, iteration durations and breaks, and additional date fields as vertical markers. Configure these from the Markers menu to display them on the view.

💻 Manage projects from the command line

Interact with projects, items, and fields from your favorite terminal with the GitHub CLI projects extension.

To install the extension in gh:

$ gh extension install github/gh-projects

Usage:

$ gh projects -h
Work with GitHub Projects. Note that the token you are using must have 'project' scope, which is not set by default. You can verify your token scope by running 'gh auth status' and add the project scope by running 'gh auth refresh -s project'.

Usage:
  projects [command]

Available Commands:
  close        Close a project
  copy         Copy a project
  create       Create a project
  delete       Delete a project
  edit         Edit a project
  field-create Create a field in a project
  field-delete Delete a field in a project
  field-list   List the fields in a project
  help         Help about any command
  item-add     Add a pull request or an issue to a project
  item-archive Archive an item in a project
  item-create  Create a draft issue item in a project
  item-delete  Delete an item from a project
  item-edit    Edit a draft issue in a project
  item-list    List the items in a project
  list         List the projects for a user or organization
  view         View a project

Flags:
  -h, --help   help for projects

Use "projects [command] --help" for more information about a command.

Share your feedback in the repository.

Learn more about extensions (and how to build your own!) in this GitHub blog.

Bug fixes and improvements

  • Implemented auto-scrolling in a board column when reordering items
  • Fixed a bug where an existing workflow couldn't be renamed
  • Fixed a clipped tooltip for the top item in a roadmap view
  • Fixed a bug where an auto-add workflow with / in the name couldn't be duplicated (Enterprise users only)
  • Added a confirmation dialog when deleting an additional auto-add workflow (Enterprise users only)

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

You can now enable secret scanning alerts on all your personal public repositories from your account's code security and analysis settings.

As before, you can also enable secret scanning alerts on any individual public repository or on all public repositories within an organization or cloud enterprise.

Secret scanning is free on public repositories, and available as part of GitHub Advanced Security on private repositories.

See more

Previously, only organizations with GitHub Advanced Security could enable secret scanning's user experience on their repositories. Now, any admin of a public repository on GitHub.com can detect leaked secrets in their repositories with GitHub secret scanning.

The new secret scanning user experience complements the secret scanning partner program, which alerts over 100 service providers if their tokens are exposed in public repositories. You can read more about this change and how secret scanning can protect your contributions in our blog post.

See more

npm-v9

The npm CLI v9 is now generally available! As of today, running npm i -g npm will install the latest version (v9.1.1). Details on the major breaking changes, features and bug fixes of v9 can be found in our last changelog post.

A huge shout out to all of the contributors who helped make this release possible and who continue to make npm awesome.

Learn more about v9.1.1 in the release notes. You can also find references to previous releases in the project's CHANGELOG.md.

See more

We've added enhanced support for CITATION.cff files to GitHub. CITATION.cff files are plain text files with human- and machine-readable citation information, and with this new feature, GitHub parses this information into convenient formats such as APA and BibTeX that can be copied by others.

Under the hood, we’re using the ruby-cff RubyGem to parse the contents of the CITATION.cff file and build a citation string that is then shown in the GitHub user interface. Special thanks to the gem creators @sdruskat @jspaaks and @hainesr who worked with us to build this.

See more

Issues submitted to open source projects often lack important information. Markdown issue templates can help by providing text that contributors can remove and replace with their own input – but sometimes contributors can miss details or get confused.

New, YAML configured issue forms enable maintainers to build structured forms with required fields and easy-to-follow steps so that they can capture every important detail.

User submits an issue via issue forms.

Issue forms are now available in beta for all publicly accessible repositories.

Learn more about issue forms and send us your feedback.

See more