Deprecation – Dependabot updates drop support for Python 3.6 and 3.7
As of August 17, 2023, Dependabot updates no longer support Python 3.6 or 3.7, which have reached their end-of-life. If your code uses these versions, Dependabot will no longer be…
Enable or disable private vulnerability reporting on repositories via REST API
Repository admins or members of the security manager role can now enable or disable private vulnerability reporting on respositories via REST API. Learn more about private vulnerability reporting.
Secret scanning detects secrets in issues for free public repositories
Users with secret scanning enabled on their free public repositories will now receive alerts for any potential secrets exposed in an issue’s title, description, or comments, including historical revisions. Alerts…
GitHub Desktop community adds “Check Out a Commit” and “Double click to Open External Editor”
In 3.2.8, GitHub Desktop is shipping two great community contributions of highly requested features — “Check Out a Commit” and “Double Click to Open in Your External Editor”. Alongside that,…
Log in with multiple GitHub accounts on GitHub Mobile
Introducing support for multiple GitHub accounts within GitHub Mobile! Log in with your work and personal accounts to stay in touch with your projects, wherever they’re happening. To add multiple…
New dataflow API for writing custom CodeQL queries
We have released a new API for people who write custom CodeQL queries which make use of dataflow analysis. The new API offers additional flexibility, improvements that prevent common pitfalls…
GitHub Copilot – August 11th Update
Today’s update brings the ability to set an allowlist for languages within the IntelliJ extension, quickly switch to an annual GitHub Copilot for Individuals plan, and the private preview of…
Secret scanning supports on-demand token validity checks
GitHub Advanced Security customers can now perform on-demand validity checks for supported partner patterns, and the alert index view now shows if a secret is active. This builds on our…
Ignore or Unignore Updates for Grouped Dependabot Pull Requests
If you are using the Dependabot grouped version updates feature (currently in public beta), you can now tell Dependabot to ignore updates in the group (similar to how you can…
Group Dependabot Version Updates by Development or Production Dependencies
If you are using the Dependabot grouped version updates feature (currently in public beta), you can now group your pull requests by dependency type in ecosystems that support this. Instead…
GitHub Issues & Projects – August 10th update
Today’s Changelog brings you the brand new slice by, updates to issue forms, and a group menu across layouts! 🍕 Slice by You can now slice by field values in…
X-Accepted-GitHub-Permissions header for fine-grained permission actors
A new header will be sent back to API callers that use the fine-grained permission model (GitHub Apps and fine-grained PATs) to help developers discover which permissions are needed to…
Actions runs triggered from tags or forks with the same name as a protected branch will now be blocked
GitHub environments can be configured with deployment branch policies to allow-list the branches that can deploy to them. We are now security hardening these branch policies further by blocking runs…
Get repository security advisories for your organization via REST API
As an organization owner or member of the security manager role, you can now use the repository security advisories REST API to get all repository security advisories across your organization.…
Users can enable push protection for themselves
Secret scanning’s push protection feature prevents supported secrets from being pushed into repositories, and has to date been enabled at the repository, organization, or enterprise level. Now, everyone across GitHub…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
The GitHub Podcast
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.