Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

The refreshed pull request commits page, which was previously in public preview, is now generally available! This updated page improves performance, is more consistent with other pages across GitHub, and is accessible to more users.

Screenshot of the updated PR commits page showing a list of commits for a PR

Your feedback during the public preview helped us deliver a better experience, including better keyboard navigation. If you have additional feedback, please let us know in the GitHub Community.

See more

A dark background with two security-themed abstract shapes positioned in the top left and bottom right corners. In the center of the image, bold white text reads "Incident Resolved" with a white Octocat logo.

We will now post updates and status interruptions in real-time on GitHub Community. We understand that no product is perfect, and there will be times when unsuspected degradations or outages occur. To make information as open and accessible as possible, any incident that occurs and is on our GitHub status page will have a corresponding discussion post on GitHub Community.

This will give you a centralized thread in Community Discussions for you to share your experiences and find up to date information as it impacts your work.

What can you expect?

  • If an incident occurs and is on our GitHub status page, a discussion will post declaring the incident in the community
  • The ability to subscribe to an open incident discussion for real-time updates
  • Subsequent updates to post on the incident’s discussion thread
  • When an incident is resolved, you will see a marked answer and an image indicating the incident is resolved
  • If available, a link to the public incident summary

Questions or feedback? We want to hear from you! Join our Community discussion to share.

See more

Hero image showcasing the repository forking feature in GitHub Mobile

You can now fork a public repository to your personal account directly from GitHub Mobile! This new feature allows you to easily create your own copy of a public repository on the go, making it simpler to contribute to open source projects, experiment with new ideas, or collaborate with others. It’s easier than ever to contribute to your favorite projects anytime, anywhere.

Download or update GitHub Mobile today from the Apple App Store or Google Play Store to get started.


Learn more about GitHub Mobile and share your feedback to help us improve.

Join the discussion within GitHub Community.

See more

As part of our ongoing efforts to improve flexibility and control for managing the security manager role, we are retiring the security manager API and replacing it with the more robust organization roles API, which provides expanded functionality for managing roles in an organization, including security managers.

Endpoints Affected

The following security manager endpoints will be retired in 12 months:

  • GET /orgs/{org}/security-managers/teams
  • PUT /orgs/{org}/security-managers/teams/{team_slug}
  • DELETE /orgs/{org}/security-managers/teams/{team_slug}

After this period, these endpoints will no longer be available. Instead, you can use the organization roles API to perform the same actions and much more.

Retirement Timeline

  • GitHub.com: 2025-12-31
  • GitHub Enterprise Server: Version 3.20

Replacements

The organization roles API offers enhanced capabilities for managing roles across an organization. Use the following endpoint as a replacement:

  • GET /orgs/{org}/roles
  • GET /orgs/{org}/roles/{role_id}/teams
  • PUT /orgs/{org}/roles/{role_id}/teams/{team_slug}
  • DELETE /orgs/{org}/roles/{role_id}/teams/{team_slug}

You can start transitioning to the organization roles API today on GitHub.com. For GitHub Enterprise Server users, the organization roles API will support the security manager role starting in version 3.16.

Learn more about the organization roles API and send us your feedback

See more

We’re excited to announce that persistent commit signature verification is now generally available! This powerful feature ensures that commit signatures are verified once at the time of the push and remain permanently verified within their respective repository’s network.

With persistent commit signature verification, commit signatures retain their verified status even if signing keys are rotated, revoked, or contributors leave the organization. You can view verification timestamps by hovering over the Verified badge on GitHub or by accessing the verified_at field through the REST API.

A badge tooltip displaying the date when the signature was first verified.

This feature brings long-term reliability to your commit history, offering a consistent solution for managing commit signatures over time. New commits have had persistent records since the public preview launch. Existing commits progressively gain persistent records during their next verification, such as when viewing the Verified badge on GitHub or retrieving the commit via the REST API.

Learn more about commit signature verification and join the conversation in the GitHub Community.

See more

Reviewers can now add comments to push protection bypass requests in secret scanning. These comments help provide context, explaining the reasoning behind approving or denying a request. Requesters gain clarity on why their request was denied, and other reviewers can better understand why a request was approved or denied.

The comment is included in the response email sent to the requester, as well as in the timeline of the resulting alert, the API, the audit log, and webhook responses.

screenshot of an alert that has bypassed push protection, with a reviewer comment in the timeline

Learn more about how to secure your repositories with secret scanning and push protection bypass controls.

See more

The metrics overview for CodeQL pull request alerts now includes enhanced tracking and reporting mechanisms, resulting in greater accuracy and more CodeQL pull request alerts and Copilot Autofixes displayed on the dashboard.

These changes retroactively affect the dashboard numbers, allowing you to effectively monitor your organization’s security posture.

With these insights, you can proactively identify and address security risks before they reach your default branch. The metrics overview for CodeQL pull request alerts helps you understand how effectively CodeQL prevents vulnerabilities in your organization. You can use these metrics to easily identify the repositories where action is needed to mitigate security risks.

The change is now generally available on GitHub Enterprise Cloud.

Learn more about security overview and code scanning.

See more

context passing example

GitHub Copilot Extensions can now access local context in your editor and github.com to provide you with richer and more tailored responses.

As a developer, you can benefit from context passing when interacting with extensions. Passing context to extensions will continue to maintain security through permission controls set by your administrators and content exclusion rules.

Available contexts by development environment

Environment client.file client.selection github.repository github.current-url Additional contexts
Visual Studio Code ✔️ ✔️ ✔️ X Repository owner and branch
Visual Studio ✔️ ✔️ ✔️ X Repository owner and branch
github.com X X ✔️ ✔️ Repository information and other GitHub resources
GitHub Mobile X X X ✔️ X
JetBrains IDEs X X X X X

Local context is not passed to extensions by default.

Requirements for developers

  • Access to GitHub Copilot Extensions
  • Admin authorization to install on organization-owned repos

Requirements for builders

  • Explicit requests to receive editor context, configured in your GitHub app settings
  • Update your APIs to handle new reference types and account for certain references only being available in certain contexts

Connect with our community in our Discussion Forum, or relay your feedback here.

See more

Bring your GitHub contributions to life with the new GitHub Skyline CLI extension – visualize, customize, and 3D print your journey in open source, all from the command line!

🛠️ Features

  • Binary STL generation: Turn your contribution data into 3D-printed works of art.
  • Customizable year selection: Show off a single year or flex with multi-year masterpieces.
  • Automatic authentication: Uses your GitHub credentials or specify another user.
  • ASCII art previews: See your contribution skyline before it’s immortalized IRL.

💻 Quick Start

If you already have GitHub CLI installed, installation is as easy as:

gh extension install github/gh-skyline

Generate a skyline:

gh skyline --year 2024

Generate a skyline for a specific user and year range:

gh skyline –-user chrisreddington --year 2014-2024

Start printing your GitHub journey in 3D glory. Your desk, your shelf, and your ego will thank you 😎

 

An example of a 3D Printed GitHub Skyline

 

🌟 Did you know: If you don’t have a 3D printer, you can upload STL files to GitHub and see them rendered directly in your browser:

Share your virtual | IRL skylines with #GitHubSkyline on social or in the community discussion – we can’t wait to see your creations!

See more

As you may have seen in Discord a few weeks ago, Copilot Workspace is graduating! It is a very exciting time, and also a time of change. So before getting into the product changes from this week, we want to highlight a few logistical changes, because everyone loves logistics 💪

Changelog location: All future Copilot Workspace changelogs will be posted here, rather than in the user manual repository. Since you’re already reading this week’s changelog here, you’re ahead of the curve. Great work!

How to provide feedback: We are also transitioning from the current Discord to a GitHub Discussion as the primary place for feedback and discussions around Copilot Workspace. We will still be available in Discord, but posting in the discussion will ensure we see your feedback sooner.

Okay, now onto the product updates for this week! 🎉

Image Preview Support

Building on recent improvements to file and image support, you can now preview images directly in the Workspace editor. Selecting an image from the file tree will now display a full preview of the image, letting you open a preview tab directly within the editor.

copilot workspace with a rendered image in the open tab

Simplifying the Experience

Since our last changes dropped we have invested time into streamlining the Workspace experience, saving you clicks, headaches, and frustration.

Reducing Action Button Clicks

We updated the primary action button such that secondary actions available in the dropdown no longer require a second click of the primary button – when you select an action it will immediately take effect.

the copilot workspace primary action button dropdown

Consolidating the Plan Action Buttons

We have also consolidated plan action buttons like Regenerate and Add File to a kebab menu.

Before:
the previous copilot workspace planning experience

After:
the updated planning experience with actions under a kebab menu

VS Code Extension Updates

  • Stale View Fix: Resolved an issue where stale view states were retained in certain views.
  • Push to Branch / PR Creation Fix: Fixed failures when merging into an existing branch with updates to the same files.
  • Binary Detection Fix: Addressed a false positive issue where folders were incorrectly flagged as binary after session syncing stopped.
  • Enhanced Session List: Sessions now appear earlier in their lifecycle in the session list, supporting the new brainstorming feature in VS Code.
  • Error Message Visibility: Resolved cases where certain error messages did not display.
See more

Copilot Chat on GitHub.com, GitHub Mobile, the GitHub CLI, as well as officially supported IDEs now have a 64k token window available when working with OpenAI GPT-4o. With this change, customers working with large files and repositories should expect improved responses from Copilot. This change helps Copilot retrieve more information when executing skills to provide contextually relevant responses.

There is no action required on your part to benefit from this upgrade, it is automatically available for all GitHub Copilot users. For more information, check out our documentation and join the discussion within the GitHub Copilot Community.

Hungry for more? – 128k token window for VS Code Insiders

If you’re using GitHub Copilot with Visual Studio Code Insiders, you have access to an even larger 128k context window – the maximum supported by OpenAI GPT-4o. Download the Insiders build to try it out.

See more

Starting today, you can now view runner labels in the Jobs tab of your Actions metrics. You can filter by the runner label to view runner specific metrics and answer questions such as:
– “What is the average queue time for my runner?”
– “Which repositories are using my runner?”
– “Which jobs are using the ubuntu-latest label?”

Performance metrics screen with runner label filter applied

To access the feature, on your organization home page, select Insights near the top of the page, and then select ‘Actions Performance Metrics’ on the left side of the page.
To learn more about GitHub Actions Metrics, check out our public documentation or head to our community discussion to ask questions and provide feedback.

See more

GitHub Models now supports the ability to retrieve structured JSON responses from models, making it easier to integrate AI outputs into applications and workflows.

While this functionality was already available via our API, this update adds it to the UI.

JSON Response in GitHub Models Playground

Supported models include OpenAI (except for o1-mini and o1-preview) and Mistral models.

To learn more about GitHub Models, check out the docs. You can also join our dedicated community discussion to discuss this update, swap tips, and share feedback.

See more

We are pleased to announce that our most recent SOC reports (1, 2, and 3) are available now and include GitHub Enterprise Cloud for github.com with all new regions like the EU, as well as Copilot Business and Enterprise. These reports are applicable for the 6-month period April 1, 2024 to September 30, 2024 and are available on the GitHub Enterprise Trust Center for our customers.

This represents a significant milestone for GitHub and our customers for multiple reasons:
– Copilot Business and Enterprise are now gaining coverage of control operating effectiveness over the period represented by a Type II report (as opposed to the point-in-time reports represented by the previous Type I reports issued Spring 2024)
– Coverage for Enterprises hosted in either dotcom or the newly launched EU region.
– Future regions launched for GitHub Enterprise Cloud will also be compliant.

These efforts and the culminating SOC 2 Type II reports represent GitHub’s ongoing commitment to provide secure products to our customers, which continues to provide developers the assurance to build software better, together.

Looking forward, bridge letters will be coming mid-January 2025 for the gap period representing October through December 2024. Additionally, the next round of SOC reports covering October 1, 2024 to March 31, 2025 will be available to customers in June 2025.

See more

What’s Changing

On January 30, 2025, the actions/upload-artifact and actions/download-artifact actions will be deprecated and no longer supported. These actions are being replaced with v4 versions, offering improved performance and new features.

What You Need to Do

If your GitHub Page site is using a custom Actions workflow to deploy, it must be updated to use:

For detailed instructions and examples, see: Using custom workflows with GitHub Pages.

Key Details

  • Applies to GitHub.com only: This change does not affect GitHub Enterprise Server (GHES).
  • Deadline: Update your workflows before January 30, 2025 to avoid deployment failures.
See more

Ubuntu-latest upcoming breaking changes

We will migrate the ubuntu-latest label to ubuntu 24 starting on December 5, 2024 and ending on January 17, 2025. The ubuntu 24 image has a different set of tools and packages than ubuntu 22. We have made cuts to the list of packages so that we can maintain our SLA for free disk space. This may break your workflows if you depend on certain packages that have been removed. Please review this list to see if you are using any affected packages.

Ubuntu 20 image is closing down

We are beginning the process of closing down the Ubuntu 20 hosted runner image, following our N-1 OS support policy. This image will be fully retired by April 1, 2025. We recommend updating workflows to use ubuntu-22.04, or ubuntu-24.04.

Artifacts v3 brownouts

Artifact actions v3 will be closing down by January 30th, 2025. To raise awareness of the upcoming removal, we will temporarily fail jobs using v3 of actions/upload-artifact or actions/download-artifact. Builds that are scheduled to run during the brownout periods will fail. The brownouts are scheduled for the following dates and times:
– January 9th 5pm – 6pm UTC
– January 16th 3pm – 7pm UTC
– January 23rd 2pm – 10pm UTC

actions/cache v1-v2 and actions/toolkit cache package closing down

Starting February 1st, 2025, Actions’ cache storage will move to a new architecture, as a result we are closing down v1-v2 of actions/cache as well as all previous versions of the @actions/cache package(prior to 4.0.0) in actions/toolkit.
Attempting to use a version of the @actions/cache package after the announced deprecation date will result in a workflow failure. Announcements have been posted in the actions/cache and actions/toolkit repositories with additional information on the migration. Note that this does not affect GitHub Enterprise Server customers, you can continue to use all versions without failure.

Updates to the network allow list for self-hosted runners and Azure private networking

With the upcoming GA of Immutable Actions, Actions will now be stored as packages in the GitHub Container Registry. Please ensure that your self-hosted runner allow lists are updated to accommodate the network traffic. Specifically, you should allow traffic to pkg.actions.githubusercontent.com to ensure Immutable Actions can be downloaded successfully and jobs don’t fail during setup. If you already allow *.actions.githubusercontent.com which is listed as an required domain then no action is necessary. Traffic will also be required to ghcr.io for publishing new versions of an Immutable Action in the future, which will be available with the GA release.

This update also affects runners in all versions of GitHub Enterprise Server that use the GitHub Connect feature to download actions directly from github.com. Customers are advised to update their self-hosted runner network allow lists accordingly. For further guidance on communication between self-hosted runners and GitHub, please refer to our documentation.

Additionally, our guidance for configuring Azure private networking has been updated to account for the new domains. The following IP addresses have been added to the NSG template in our documentation.
– 140.82.121.33/32
– 140.82.121.34/32
– 140.82.113.33/32
– 140.82.113.34/32
– 140.82.112.33/32
– 140.82.112.34/32
– 140.82.114.33/32
– 140.82.114.34/32
– 192.30.255.164/31
– 4.237.22.32/32
– 20.217.135.1/32
– 4.225.11.196/32
– 20.26.156.211/32

Upcoming breaking image changes

For a full list of this month’s breaking changes to our hosted runner images, please see our announcement page.

See more

A screenshot of the GitHub dashboard showing the new Copilot input at the top, ready for users to write a prompt.

We know how much easier it is when you can find everything you’re looking for, right where you’ve landed. That’s why we’ve brought GitHub Copilot over to your GitHub dashboard, making it easier than ever to harness the power of AI-assisted coding in the place you already call home.

You can now ask Copilot anything you like using the input at the top of github.com, either by selecting one of our example prompts or by typing your own words. Doing so will open the immersive GitHub Copilot chat experience, where you can continue your conversation with Copilot.

Copilot on the dashboard is available to all users with access to Copilot chat on github.com.

See more

GitHub Copilot plugin now available for JetBrains IDEs version 2024.3

The GitHub Copilot plugin for JetBrains IDEs now fully supports version 2024.3 for you favorite IDEs, including IntelliJ IDEA, PyCharm, and more! This update allows you to take advantage of the latest features and improvements in your development environment, making your coding experience even more seamless and efficient.

What’s new ✨

  • Full compatibility: Use GitHub Copilot with the latest version of JetBrains IDEs.
  • Enhanced authentication: Enjoy a more efficient and secure authentication process.

Benefits for developers ⚡️

  • Stay updated: Leverage the newest features and enhancements in your preferred JetBrains IDE.
  • Improved security: Benefit from a streamlined and secure authentication process.
  • Seamless integration: Experience better compatibility and performance with your development tools.

Get Involved 🛠

If you use version 2024.3 of a JetBrains IDE, we encourage you to try the updated GitHub Copilot plugin and share your feedback. Your input is invaluable in helping us refine and improve the product.

Join the Discussion 🚀

Connect with us and other developers in the GitHub Community Discussion to share your experiences, ask questions, and provide feedback.

See more

Repository rules now allow you to enforce which merge methods are available when merging pull requests into a specified branch. The merge method rule is available for rulesets at the repository, organization and the enterprise level. Allowing you to choose between merge commit, squash, or rebase to ensure only the selected merge methods are allowed on the targeted branches across the user interface and APIs.

Screenshot of merge type rule selection

Learn more in the documentation and join the discussion within GitHub Community.

See more

Artifact Attestations now supports attesting multiple subjects simultaneously. When the attest-build-provenance or attest-sbom actions create multiple attestations, a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage. We published these changes as new versions of the respective actions. Please update your workflows to reference the new versions in order to leverage the new functionality.

Learn more about using Artifact Attestations to establish provenance for builds

See more