On June 5th, 2021 the GitHub Container Registry, ghcr.io, will be put into maintenance mode. The maintenance window will occur from 16:00 – 17:30 UTC. During this short time pushes to the service will be blocked, however pulls or downloads will remain available. For more detailed status information during maintenance, please refer to https://githubstatus.com
Learn more about GitHub Container Registry
You can now react with emoji to all releases on GitHub!
For more information, see the GitHub Releases documentation.
Free text search is now available for code scanning alerts. You can search code scanning results to quickly find specific alerts without having to know exact search terms. The search is applied across the alerts name, description, and help text.
The syntax is:
For more information, see "Searching code scanning alerts."
GitHub Desktop 2.8.2 now offers a native build for Apple silicon machines that use Apple's new M1 chip.
You can install it immediately from the GitHub Desktop site, and in upcoming releases Desktop will upgrade to the native build automatically.
On GitHub today, half of all pull request review conversations are left unresolved prior to merging. Now it is easier for authors to discover unresolved comments from the conversations menu in the files changed tab.
In addition to making it easier for you to discover conversations in your pull requests, a new branch protection option gives admins the ability to require all review conversations be resolved before the pull request can be merged. This helps ensure all review conversations are seen and addressed prior to merging.
Both features are currently in beta. Let us know what you think: give feedback.
Introducing an all new filtering experience. No matter what issue, pull request, or discussion you're looking for, finding it just got a whole lot easier!
We've added new metadata to issues and pull request list items so that it's easier to see assignees, checks status, review states, and comment counts.
Read more about GitHub Mobile and send us your feedback to help us improve.
We recently launched new and improved content for Codespaces. We heard from our beta testers that they wanted more task-focused documentation, more information on the benefits of Codespaces, and more specific examples on how to use it. We've restructured the content to make it easier for you to discover and added the following sections:
Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to quiet noisy dependencies or easily avoid major version bumps across multiple dependencies.
You can ignore semver updates by modifying the ignore configuration option to ignore one or more update-types:
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
ignore:
# ignore all GitHub linguist patch updates
- dependency-name: "github-linguist"
update-types: ["version-update:semver-patch"]Note: this feature only applies to version updates. If you have security updates enabled, you will still get pull requests updating you to the minimum patched version.
Learn more about Dependabot ignore conditions.
To see what's next for Dependabot, visit the public roadmap.
Starting June 16 2021, GitHub-hosted Ubuntu runners will only contain the latest patch release for each supported version of the .NET SDK.
You will not be affected if you use setup-dotnet action. However, If you use a global.json file with a rollForward: disable property, your workflow will fail. To continue using .NET SDK, change your workflow to use setup-dotnet action or use some other value for rollForward property.
The setup-dotnet action is the recommended way of using .NET with GitHub Actions because it ensures consistent behavior for your workflow runs and allows you specify exactly which version your code needs. For more information please see the GitHub Actions documentation and subscribe to the announcement in the actions/virtual-environments repository.
The GitHub Advisory Database now includes sixty curated Go advisories and will continue to grow as we curate existing and new advisories for the Go ecosystem. The addition of Go brings us to seven ecosystems including: Composer (PHP), Go, Maven, npm, NuGet, pip, and RubyGems. We are also in the process of reviewing repository security advisories for Go packages for possible inclusion in the GitHub Advisory Database.
Support for Go in dependency graph and Dependabot alerts and security updates will be available in the future.
Labels and a new announcements category format are now available as part of the GitHub Discussions public beta. Labels will help maintainers triage and organize their discussions. When creating a new custom category, maintainers may now select the Announcements format where only maintainers and admins can post discussions to these categories.
Get started with GitHub Discussions.
For questions or feedback, visit GitHub Discussions feedback.
GitHub Enterprise Cloud customers will now be able to approve domains for email notification routing that they are not able to verify. Enterprise and organization owners will be able to approve domains so that they may immediately augment their email notification restriction policy, allowing notifications to collaborators, consultants, acquisitions or other partners.
This capability, along with the generally available feature enterprise verified domains, will ship to GitHub Enterprise Server 3.2.
Learn more about restricting email notifications to an approved domain
Video upload is now supported everywhere you can author Markdown in GitHub, including from the mobile app. Share demos, show reproduction steps, and more in issue, pull request, and discussion comments as well as on repository Markdown files such as READMEs.
Learn more about uploading videos and check out the blog post for more details.
GitHub Enterprise Cloud self-service compliance reports have moved to the compliance tab. Enterprise owners may download and view current GitHub compliance reports from the Compliance tab of their enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
Enterprise plan organization owners may continue to view the reports from the Organization security settings tab of their organization: https://github.com/organizations/"your-org"/settings/security.
We are shipping improvements to pull request workflows on GitHub Mobile, making reviewing and merging pull requests much easier on the go!
Read more about GitHub Mobile and send us your feedback to help us improve.
Dark mode is now available on GitHub Docs. Manage your theme settings in the “Appearance” tab located in your profile settings, then navigate to docs.github.com.
Share your feedback on this update with the GitHub Docs team in this discussion.
You can now authenticate to SSH using a FIDO2 security key by adding a sk-ecdsa-sha2-nistp256@openssh.com or sk-ssh-ed25519@openssh.com SSH key to your account. SSH security keys store secret key material on a separate hardware device that requires verification, such as a tap, to operate.
This combination of storing the key on separate hardware and requiring physical interaction for your SSH key offers additional security. Since the key is stored on hardware and is non-extractable, it can't be read or stolen by software running on the computer. Additionally, the tap prevents unauthorized use of the key since the security key will not operate until you physically interact with it.
Learn more about this feature from the accompanying blog post.
GitHub Enterprise Server 3.1 is available now as a release candidate.
The latest version of GitHub Enterprise Server brings a host of features to help teams focus on the work that matters most. That includes:
Customers using GitHub Advanced Security will now benefit from the general availability of secret scanning, and support for more libraries and frameworks with code scanning than ever before.
For more information, see the full GitHub Enterprise Server 3.1 RC blog post.
You can now use a Beta API to approve workflow runs from public forks of first time contributors.
Learn more about using this API
Learn more about approving first time contributor pull requests