07/2022

The public npm registry is migrating away from the existing PGP signatures to ECDSA signatures that are more compact and can be verified without extra dependencies in the npm CLI.…

The dependency graph now shows additional metadata for Rust dependencies, and listed dependencies link back to the GitHub repositories for the package if available. Learn more about the dependency graph.

The macOS 10.15 Actions runner image started our deprecation process on 5/31/22 and will be fully unsupported by 8/30/22. To raise awareness of the upcoming removal, jobs using macOS 10.15…

Starting next week, workflow re-runs in GitHub Actions will use the initial run’s actor for privilege evaluation. The actor who triggered the re-run will continue to be displayed in the…

GitHub Advanced Security customers can now retrieve repository code scanning results at the enterprise level via the GitHub REST API. This new endpoint supplements the existing repository-level and organization-level endpoints.…

Dependabot alerts will now be easier to prioritize with a new “Most Important” sort. For the alerts repository list view, by default, alerts will be sorted in a way to…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

On June 15th, we announced GitHub added malware advisories to the GitHub Advisory Database and will send malware alerts through Dependabot. Since shipping this change, we have received feedback that…

Previously, when creating an autolink reference for a repository, you could only use a numeric identifier in the <num> parameter. This format didn’t support integration with platforms that use alphanumeric…