Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Secret scanning changes coming to how you opt-in to alert notifications

We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with "All activity" or "Security alerts" and enable Dependabot email alerts to receive notifications.

Beginning March 16, here are the steps you need to take to continue to receive notifications from secret scanning:

  1. (No change required) Watch repositories of interest by choosing "All activity" or "Security alerts". This help you choose what events GitHub will notify you about.
  2. (Action needed) In your user notification settings, choose "Email" in the "Watching" section. This tells GitHub how to notify you. Secret scanning only supports email notifications at this time.

watching settings

See more

GitHub Desktop 3.2 – Preview your Pull Request

In GitHub Desktop 3.1, we introduced viewing the diff of changes across multiple commits. This allows you to be certain there are no unintended changes in the group of commits you are about to push. Taking that feature to the next level, GitHub Desktop 3.2 allows you to Preview your Pull Request – see a diff of all the changes being introduced by your feature branch into your repository's default branch.

Preview Pull Request Image showing debugger in a diff

Learn more about GitHub Desktop here.

See more

SMS and TOTP can now both be registered 2FA methods

You can now set up both SMS and an authenticator app (TOTP) for two-factor authentication on your GitHub.com account. Previously these methods were mutually exclusive, and you needed to create a "fallback" SMS registration that could be used for account recovery.

2FA settings page showing both authenticator app and SMS registered

With this update, we are removing the fallback SMS option, and will migrate all fallback SMS registrations to be standard 2FA methods today. A small set of users had both a primary and fallback SMS registration on their account – they continue to have that fallback SMS registration, and will receive email about it today.

To learn more about setting up 2FA and GitHub's account recovery methods, see "Configuring 2FA" and "Configuring 2fa recovery methods"

See more

Accessibility improvements for the contribution graph

The contribution graph now supports keyboard interaction and compatibility with assistive technologies. Users can navigate the graph and filter contributions using the keyboard. While navigating the graph, a summary of each day is displayed visually in a tooltip and announced by screen readers.

Image of a Contribution Graph with the contributions done on June 16 showing in a tooltip

Users can move keyboard focus to the contribution graph and then navigate it using the following commands:

  • Press arrow keys to navigate cell by cell
  • Press Page Up to navigate to the first cell in a column
  • Press Page Down to navigate to the last cell in a column
  • Press Home to navigate to the first cell in a row
  • Press End to navigate to the last cell in a row
  • Press Enter to filter content in the Contribution Activity section by the current cell

If the user is running a screen reader, it will announce the following text when the graph receives keyboard focus:

Contribution Graph, table, 54 columns, 8 rows.
User activity over 1 year of time. Each column is one week, with older weeks to the left. Select a cell to filter the "Contribution Activity" section.

When the user navigates to a cell, the screen reader will read a summary such as:

11 contributions on Monday, February 21, 2022.

We are excited to make one of our favorite GitHub features available to more users! If you encounter any issues with these changes, please leave a reply on this feedback discussion.

See more

GitHub Issues & Projects – March 2nd update

Today's Changelog brings you roadmap markers and command line support for Projects!

📍 Markers on roadmaps

Keep track of upcoming dates in your roadmap by visualizing the due dates of your milestones, iteration durations and breaks, and additional date fields as vertical markers. Configure these from the Markers menu to display them on the view.

💻 Manage projects from the command line

Interact with projects, items, and fields from your favorite terminal with the GitHub CLI projects extension.

To install the extension in gh:

$ gh extension install github/gh-projects

Usage:

$ gh projects -h
Work with GitHub Projects. Note that the token you are using must have 'project' scope, which is not set by default. You can verify your token scope by running 'gh auth status' and add the project scope by running 'gh auth refresh -s project'.

Usage:
  projects [command]

Available Commands:
  close        Close a project
  copy         Copy a project
  create       Create a project
  delete       Delete a project
  edit         Edit a project
  field-create Create a field in a project
  field-delete Delete a field in a project
  field-list   List the fields in a project
  help         Help about any command
  item-add     Add a pull request or an issue to a project
  item-archive Archive an item in a project
  item-create  Create a draft issue item in a project
  item-delete  Delete an item from a project
  item-edit    Edit a draft issue in a project
  item-list    List the items in a project
  list         List the projects for a user or organization
  view         View a project

Flags:
  -h, --help   help for projects

Use "projects [command] --help" for more information about a command.

Share your feedback in the repository.

Learn more about extensions (and how to build your own!) in this GitHub blog.

Bug fixes and improvements

  • Implemented auto-scrolling in a board column when reordering items
  • Fixed a bug where an existing workflow couldn't be renamed
  • Fixed a clipped tooltip for the top item in a roadmap view
  • Fixed a bug where an auto-add workflow with / in the name couldn't be duplicated (Enterprise users only)
  • Added a confirmation dialog when deleting an additional auto-add workflow (Enterprise users only)

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

Code scanning default setup on the security coverage page (public beta)

Code scanning default setup can now be easily enabled for a single repository from the slide-out panel on your organization's "Security Coverage" page, without needing to navigate to the repository's "Settings" tab.

The feature automatically detects the languages in your repository and enables analysis for pull requests and pushes, without requiring you to commit a workflow file. Default setup currently supports JavaScript, Python, and Ruby, with more languages to come. The feature is available for repositories using GitHub Actions and can be accessed by organization owners, repository administrators and security managers. Expect one-click enablement functionality for all organization repositories to be rolled out next.

This has shipped as a public beta to GitHub.com and will be available in GitHub Enterprise Server 3.9.

code scanning on the slide-out enablement panel on the security coverage page

Learn more about automatically setting up code scanning for a repository and send us your feedback

Learn more about GitHub Advanced Security

See more

Feature Preview: Rich Jupyter Notebook Diffs

Rich diffs of Jupyter Notebook files in pull requests are now available in preview. With the feature preview enabled, you can compare cell-level inputs and outputs (including images), as well as notebook and cell metadata, thanks to nbdime. Check it out:

image

The rich diff functionality will need to be enabled via the Feature Preview menu found when clicking on your avatar. Click here to learn more about feature previews and how to enable it. Please note that this is an early-access feature and there are some limitations; most notably, you cannot currently comment on lines in rich diff mode and will need to toggle the source diff to do so.

We'd love to hear from you! Once you try it out, let us know what you think in this feedback discussion. Stay tuned for future updates!

Note: If you were previously enrolled in the private beta for this feature and no longer see rich diffs, you may have to re-enable the feature preview via the menu.

See more

GitHub Actions Importer General Availability

GitHub Actions Importer is now generally available to all GitHub users. You can now easily plan, forecast, and automate migrations from Azure DevOps, CircleCI, GitLab, Jenkins, and Travis CI to GitHub Actions. GitHub Actions Importer is a free extension of the official GitHub CLI and provides you with the confidence to migrate your CI/CD pipelines to continue delivering software efficiently.

gh-actions-importer

For details on how to get started, please check out our documentation. For questions and feedback, visit the GitHub Actions Importer community.

See more

GitHub Actions: Introducing the new, more powerful GitHub-hosted x64 macOS runners

People on the paid Team and Enterprise plans can now sign up for a beta to get access to new and powerful macOS runners for x64. Access is requested via the beta sign-up page. Once your request has been approved, an email will be sent with additional details. The new XL runner option provides developers with 12 cores to execute their Actions workflows on and improve build times.

To learn more visit the docs. Information on pricing for the new macOS XL runner is here.

See more

Enable secret scanning alerts on all your public repositories

You can now enable secret scanning alerts on all your personal public repositories from your account's code security and analysis settings.

As before, you can also enable secret scanning alerts on any individual public repository or on all public repositories within an organization or cloud enterprise.

Secret scanning is free on public repositories, and available as part of GitHub Advanced Security on private repositories.

See more

Dependabot alerts: enterprise enablement and status checking

What’s new?

This feature makes it easier to enable Dependabot alerts and check enablement status across all your repositories at an enterprise level, with updates across both enablement UI and APIs. These updates will ship today for GitHub.com and will ship for GitHub Enterprise Server users in 3.9.

Changes to the REST API

Dependabot alerts have been added to existing endpoints:

‘Code security and analysis’ settings

You can also adjust your enablement settings from your enterprise settings page (under ‘code security and analysis’). Options include enable all, disable all, and enable for new repositories for your enterprise.

Enable Dependabot alerts

Learn more about Dependabot alerts

See more

Codespaces support for JetBrains Rider (Beta)

The GitHub Codespaces plugin for the JetBrains Gateway now supports Rider as a remote IDE. .NET developers can now leverage the standardization and power of GitHub Codespaces with JetBrains Rider's singular code indexing, navigation, and debugging capabilities.

JetBrains Rider in Gateway

GitHub Codespaces support for Rider enables multiple solution file scenarios. If there is only one solution file in a given codespace, the GitHub Codespaces plugin will automatically select that solution file. If there are multiple, the plugin will prompt the user to select which solution file they intend to use to open their project. Repositories without solution files are still compatible with Rider, however some features will be limited when no solution file is selected.

Rider solution file picker

To get started with Rider, follow the documentation for installing GitHub Codespaces into the JetBrains Gateway. Once installed, users can connect to any of their existing codespaces with Rider as their selected IDE.

We are extremely excited to deliver our top requested feature since the beta announcement of JetBrains support in GitHub Codespaces.

Additional Resources:

See more

New Forks page view

screenshot of list of fork repos

We've made improvements to the Forks Insights tab to give you much more information on the forks of your project. Now when you visit the Insights tab for a repository the Forks section will display a sortable and filterable list of forks. You'll also now see more details about each of the forks, like how recently they were updated, their stars and pull requests. To see an example, check out the forks of GitHub's docs repository.

See more

No more waitlist – code search and code view are available to all in public beta

Reading and understanding code is an absolutely critical task for software developers. Research suggests developers spend far more time reading code than writing it. Reviewing a pull request, planning a new feature, researching a system’s architecture, or determining how to fix a bug are all activities that rely on finding critical information scattered across the codebase.

That’s why we’ve built the new code search and code view—to help developers search, navigate, and understand their code, their team’s code, and the world’s open source code.

At GitHub Universe in November we announced the beta waitlist for the new code search and code view. Today we’re removing that waitlist. Now any user can access the new search and code viewing experience using this link, or via the feature preview menu. To access the feature preview menu, click your avatar at the top-right of a GitHub page and select Feature preview. Then select the beta and click the Enable button.

mockup screenshot of new code view and code search features

This beta brings three powerful new capabilities to GitHub.com. First, an entirely new search interface, allowing you to construct powerful queries with suggestions, completions, and the ability to slice and dice your results.

The second capability is our entirely new code search engine, capable of searching and even understanding code. It delivers more relevant results with incredible speed. Curious about how it works? Read about the groundbreaking technology behind the new code search in the GitHub blog earlier this month.

The third capability is a redesigned code view. The new view integrates search, browsing, and code navigation, allowing developers to rapidly traverse their code to find answers.

This is a big step forward for code search and navigation at GitHub, but we’re far from done. Check it out yourself, and share your feedback with us here.

 

See more

GitHub Issues & Projects – February 23rd update

Today’s Changelog brings you updates to workflows, roadmaps, our API and makes cross organization projects a breeze!

➕ Automatically add items from multiple repositories

Last month, we shared the latest automation to help you automatically add relevant items to your project! However, if your project pulls from multiple repositories, this wasn’t enough. Today, we’re shipping the ability to create up to 3 copies of the auto-add workflow.

After configuring and enabling the initial auto-add workflow, open the context menu in the workflow list and select Duplicate workflow to create a new auto-add workflow.

Note Multi-repository auto-add is currently only shipped to Enterprise users

🗺 Reordering roadmap items

Alongside sorting your roadmap items by a field to organize your view, you can now reorder your items by dragging and dropping them in the table. Quickly make adjustments to the ordering of your items or move them to a different group altogether with the new drag-and-drop functionality.

↔️ Add cross-organization issues and pull requests to Projects

We’ve made it easier to use Projects across different organizations, previously this required pasting URLs to a project directly. With this improvement you can:

  • Search within different organizations for issues or pull requests directly from the omnibar. Just hit # followed by the organization name and a / to start searching within that organization.
  • Add items via the existing GraphQL API endpoint, addProjectV2ItemById, which will now accept an Issue or Pull Request from a different organization when adding to a Project.

a user searches for issues across organizations using the syntax org-name/repo-name

📊 Projects GraphQL API improvements

We’ve released new endpoints to our Projects GraphQL API providing the ability to create new projects, create project fields and delete project fields. Check out the docs below to find out more:

  • createProjectV2Field: https://docs.github.com/en/graphql/reference/mutations#createprojectv2field
  • deleteProjectV2Field: https://docs.github.com/en/graphql/reference/mutations#deleteprojectv2field
  • deleteProjectV2: https://docs.github.com/en/graphql/reference/mutations#deleteprojectv2

Bug fixes and improvements

  • Fixed a focus problem which caused the page to ‘jump’ when scrolling immediately after posting an issue comment.
  • Resolved a problem stopping TGZ file uploads working on Safari and Firefox.
  • Fixed file upload failures in Issue Forms when focus was quickly switched between markdown editors.
  • Fixed a bug where closed iterations couldn’t have their dates changed into the future
  • Fixed a minor bug where View tab width was incorrect when zoomed in
  • Fixed a small visual bug for Beta workflows where the pill was off-center

See how to use GitHub for project planning with GitHub issues, check out what’s on the roadmap, and learn more in the docs.

See more

Hardware accelerated Android virtualization on Actions Linux larger hosted runners

Starting on February 23, 2023, Actions users of GitHub-hosted larger Linux runners will be able to make use of hardware acceleration for Android testing. Testing on a 4-core machine with hardware acceleration is around 2-3 times faster than not using hardware acceleration and around 2 times faster than using MacOS.

To make use of this on Linux, Actions users will need to add the runner user to the KVM user group

      - name: Enable KVM group perms
        run: |
            echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
            sudo udevadm control --reload-rules
            sudo udevadm trigger --name-match=kvm

(Thank you gsauthof for the feedback on this!)

You will then be able to make use of hardware acceleration when making use of Android emulator actions such as reactivecircus/android-emulator-runner.

See more

Preferred 2FA methods and settings improvements

The Primary field on two-factor authentication methods has been removed, and replaced with a Preferred option. This new option sets your preferred 2FA method for account login and use of the sudo prompt. You can choose between TOTP, SMS, security keys, or GitHub Mobile as your preferred 2FA method.

Additionally, you can now update your 2FA methods inline at https://github.com/settings/security, rather than going through the initial 2FA setup flow again.

image

With this change, device-specific preferences for 2FA have been removed – each login will always default to your preferred method. If you previously set a default on one of your devices, your most recent choice has been copied to your account-wide preference. Otherwise, no preference will be set, and GitHub will select from your available second factors in this order: security keys, GitHub Mobile, TOTP, and then SMS.

To learn more, see "Changing your preferred two-factor authentication method" and "Configuring two-factor authentication".

See more
View more changes