09/2023

If you are a security manager or a user with admin permissions to a repository, you can now delete the workspace directly from the repository advisory, regardless of the state…

To improve accessibility for our users, we’ve introduced a new accessibility setting to underline links within text blocks. Links should be easily distinguishable from surrounding text, not just by color…

In February 2022, we introduced experimental CodeQL queries that utilize machine learning to identify more potential vulnerabilities. This feature was only available for JavaScript / TypeScript code and was available…

Today’s changelog brings you improvements to project templates (public beta), including new templates pages and the ability to create a template with a single click! 🏠 Find projects templates from…

You can now now see the list of recent jobs that Dependabot has run to check for updates and create or rebase pull requests directly from the repository-level dependency graph…

GitHub Advanced Security now automatically only consumes licenses for commits and pushes made after a repository is migrated to GitHub, rather than considering all historic contributions from before the migration.…

On September 27, 2023, we began blocking npm package publishes with differing name or version fields between the manifest and tarball package.json. This blocking protects against obfuscation. The different fields…

GitHub Enterprise and organization owners now have improved visibility into authentication activity via personal access token (classic), fine-grained personal access token (FGP), OAuth token, SSH key or deploy key. The…

Announcing changes to permissions for packages. We are restricting the refs REST API endpoint from accepting POSTs from users and apps that only have the permission to read and write…

To help users better understand the state of a pull request, we now provide more details in two specific cases. Merged indirectly If a pull request’s commits are merged into…

GitHub Enterprise Cloud customers can now participate in a public beta displaying SAML single sign-on (SSO) identities for relevant users in audit log events. SAML SSO gives organization and enterprise…

npm provenance is now generally available. npm packages built on a supported cloud CI/CD system can publish with provenance. Today this includes GitHub Actions and GitLab CI/CD. Publishing with provenance…

Starting tomorrow Tuesday, September 26, 2023 we are updating the service endpoints for organizations with GitHub Copilot Chat beta enabled. If your organization uses a firewall to restrict network traffic,…

Node 16 has reached its end of life, prompting us to initiate its deprecation process for GitHub Actions. Our plan is to transition all actions to run on Node 20…

Passkeys are a replacement for passwords when signing in, providing higher security, ease-of-use, and loss-protection. They are now generally available on GitHub.com for all users. By using a passkey you…