Search results for: repository

Security Advisories and GitHub Advisory Database now include Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS) information for advisories. When you create a Security Advisory to disclose a…

Security vulnerabilities can be unpleasant to address, and that only gets worse the more you have. When you’re dealing with a large volume of vulnerabilities, you need to be able…

Dependabot version updates now support npm v7. Note that npm v7 uses the new lockfile format (“lockfileVersion”: 2). Dependabot will now respect this new format if you have installed with…

This is a partner post by Leonid Belkind, the Co-Founder and CTO at StackPulse Over the past decade, engineering-led practices have replaced traditional IT operations across the software development lifecycle.…

Pull request auto-merge is now generally available on GitHub and through GitHub Mobile. With auto-merge, pull requests can be set to merge automatically when all merge requirements are met. No…

After much anticipation, the npm CLI version 7 is now generally available!

Starting today, users with Dependabot alerts enabled can see which of their repositories are impacted by a given vulnerability by navigating to its entry in the GitHub Advisory Database. This…

Beginning March 1, 2021, we will remove .NET Core 3.0 from macOS 10.15, Ubuntu 16.04, and Ubuntu 18.04 virtual environments for GitHub-hosted runners. We follow a general guideline of removing…

GitHub Pages now gives you the option to limit access, making the site visible only to users with access to the repository that published the Page. With access control, you…

On February 15th, GitHub Actions will remove support for referencing actions using the shortened version of a git commit SHA. This may cause some workflows in your repository to break.…

If you haven’t seen it, the GitHub Changelog helps you keep up-to-date with all the latest features and updates to GitHub. We shipped a tonne of changes last year, and…

Dependabot version updates now support pip-compile 5.5.0. Note that with the version update of pip-compile from 5.4.0 to 5.5.0, the formatting of “via” annotations has changed to one dependency per…

You can now rename any branch, including the default branch, from the web. If you’ve been waiting to rename your default branch from master to main, we now recommend doing…

Today, we’re making GitHub Enterprise Server 3.0 available as a release candidate. Announced in the GitHub Universe Keynote, it’s the biggest ever change to Enterprise Server, bringing customers: Actions –…

You can now delete an entire directory of files including subdirectories from your web browser: Browse to the directory in the repository and branch that you want to delete In…

We’ve made huge advances in our security features at GitHub in 2020, with launches for code scanning, secret scanning, Dependabot version updates, dependency review, and more.

@derrickstolee recently discussed several different git clone options, but how do those options actually affect your Git performance? Which option is fastest for your client experience? Which option is fastest for your build machines?…

As your Git repositories grow, it becomes harder and harder for new developers to clone and start working on them. Git is designed as a distributed version control system. This means that…

This is the second post in a series about how we built our new homepage. How our globe is built How we collect and use the data behind the globe…

Learn about ghapi, a third-party Python library and CLI client for the GitHub API. It includes tab-completion, integrated documentation and automatic pagination of responses. ghapi automatically manages required headers, query strings, route parameters, post data, and much more.

Dependabot version updates now support Kotlin manifest files like .gradle.kts (gradle) PHP using the latest composer v2 (composer) These are possible thanks to community contributions to Dependabot. If you’d like…