Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog

→ ~/github-changelog|main git log main

showing all changes successfully

GitHub Issues & Projects: REST API support for issue types

March 18, 2025

Issue types can now be managed using the REST API, expanding the ability to automate and incorporate them in your workflows. Check out our documentation on issue types for more details. You can also review the examples below to get started.

Managing issue types for the organization

You can create, update, delete, and list issue types for an organization.

Creating a new issue type:

curl --request POST \
  --url https://api.github.com/orgs/{org}/issue-types \
  --header 'authorization: token <YOUR-TOKEN>' \
  --header 'content-type: application/json' \
  --data '{
      "name": "Initiative",
      "description": "A large body of work that spans a quarter.",
      "color": "orange",
      "is_enabled": true
    }'

Adding an issue type to an issue

You can specify the issue type when creating a new issue, or update it on an existing issue.

Creating a new issue:

curl --request POST \
  --url https://api.github.com/repos/{org}/{repo}/issues \
  --header 'authorization: ' \
  --header 'content-type: application/json' \
  --data '{
      "title": "Error when refreshing the settings page",
      "type": "Bug"
    }'

Updating an issue:

 curl --request PATCH \
  --url https://api.github.com/repos/{org}/{repo}/issues/{issue_number} \
  --header 'authorization: ' \
  --header 'content-type: application/json' \
  --data '{
      "type": "bug"
    }'

Searching for issues by issue type

You can search for issues by issue type at the repository or organization level.

Searching within a repository:

curl --request GET \
  --url 'https://api.github.com/repos/{org}/{repo}/issues?type=bug' \
  --header 'authorization: '

Join the discussion within GitHub Community.

See how to use GitHub for project planning with GitHub Issues, check out what’s on the roadmap, and learn more in the documentation.

See more See more

Fine-grained PATs are now generally available

March 18, 2025

Fine-grained Personal Access Tokens (PATs) have been used by millions of users to make tens of billions of API calls over the last two years in public preview. In that time, we’ve added requested features such as management APIs and webhooks, mandatory expiration policies, and usability improvements.

However, feedback has been clear on one item in particular – while fine-grained PATs solve a significant set of challenges in their current state, many organizations cannot fully adopt them due to the lack of support statements and the risk of breaking changes while they’re in public preview. Our goal at GitHub is to ensure that everyone can secure their workflows as best they can, which is why we’re graduating fine-grained PATs to a generally available (GA) state.

Changes with this release

This update brings two major changes to PATs at GitHub. Most notably, fine-grained PATs are now enabled by default for all organizations on GitHub, unless that organization or enterprise explicitly disabled them during the preview. The PAT approval flow is also enabled by default, so developers must request organization owner approval in order to successfully use their fine-grained PAT against their organizations.

We’re also updating the release state for both fine-grained PATs and PAT expiration policies. These features are now fully supported by GitHub and adhere to the same breaking change policies as the rest of the product. While there are some scenarios where fine-grained PATs are not yet supported, your organization should be confident in suggesting, or even requiring, the use of these more secure tokens.

Administrators, auditors, and security teams can also look for improved auditability of PATs – the token_id is now included in all API calls and supported as a built-in filter in the audit logs. With this filter, you can now easily track the use of a token throughout your enterprise or organization.

A screenshot of enterprise audit logs, filtered to a specific token_id

Customers on GHES should expect these changes to arrive in version 3.17.

Feature gaps in fine-grained PATs

There are several scenarios where fine-grained PATs are not a suitable solution at this time. GitHub continues to invest in building more secure access patterns and will implement these capabilities over time. You can track our progress and goals on our public roadmap. The most notable scenarios are:

Calling APIs that manage the Enterprise object (e.g. SCIM APIs or creating organizations)
Accessing multiple organizations with a single token
Contributing to repositories where you’re an outside collaborator or an unaffiliated open source contributor
Accessing internal repositories in your enterprise, outside of a targeted organization
Calling the Packages and Checks APIs

We’re currently focused on implementing enterprise access for GitHub Apps and fine-grained PATs so that enterprise owners can reduce the over-permissioning of their current automation solutions. After that, we’ll continue to invest in this area with a goal of enabling organizations to eventually disable the use of PATs (Classic) for their resources.

To learn more about fine-grained PATs and how your organization can control them, see our documentation on managing your personal access tokens, and enforcing policies for PATs in your enterprise.

See more See more

As of March 29, fine-grained PATs and GitHub Apps need updates to access GitHub Models playground

March 18, 2025

Starting March 29, 2025, fine-grained Personal Access Tokens (PATs) and GitHub Apps accessing the GitHub Models playground will require the models:read permission. If your tokens or GitHub Apps currently do not include the models:read permission, requests to the playground will return an Unauthorized response after this date. Please update your fine-grained PATs and GitHub Apps permissions proactively to avoid disruption.

PAT models permissions

Coarse-grained tokens are unaffected and will continue working without any changes.

To learn more about GitHub Models, check out the docs. You can also join our Community discussions.

See more See more

Planned GitHub Enterprise Importer (GEI) maintenance notice

March 18, 2025

migrations

Migrations will be undergoing maintenance starting at 21:00 UTC on Tuesday, March 18, 2025, with an expected duration of up to eight hours.

During this maintenance period, users will experience delays importing repositories into GitHub.

Once the maintenance period is complete, all pending imports will automatically proceed.

See more See more

GitHub Actions now supports a digest for validating your artifacts at runtime

March 18, 2025

actions

Developers using upload-artifact and download-artifact in their Actions workflows can now ensure the integrity of their artifacts with the new SHA256 digest. This feature automatically verifies that the artifact uploaded is identical to the one downloaded, providing security for Actions runs and ensuring the artifact remains unchanged.

How it works

Whenever upload-artifact is used, it now computes and stores an output called digest. This is the SHA256 digest of the artifact uploaded during the run.

When download-artifact is used to download that same artifact, it uses the same process to compute a digest for the downloaded file and compares the two digests to validate that they match.

If a mismatch is detected, the run displays a warning in the UI and in the job logs. The workflow won’t fail if the digests don’t match, but this may change in a future release.

Note: This functionality is only available with artifacts v4 or newer. It’s also not currently available on GitHub Enterprise Server.

Where can I view the digest?

The digest will appear in the logs of the workflow run under the “upload-artifact” step. They’ll also appear in the Artifact output that appears in the workflow run UI.

Learn more

To get started using the artifacts actions view our documentation on storing and sharing data from a workflow.

See more See more

Instant previews, flexible editing, and working with issues in Copilot available in public preview

March 18, 2025

Inspired by our previous release, working with Copilot Chat on GitHub has become even more seamless. You can instantly preview HTML files, edit files you’ve created, and work on issues right away. Several exciting new capabilities give you more control and flexibility.

What’s new

Preview your rendered HTML files directly in the side panel
Edit files in the side panel to seamlessly refine and adjust them
Generate and preview Mermaid diagrams for fast visualizations, whether they’re flowcharts or sequence diagrams
Keep tabs on your issues in the same right side panel, ensuring you can tackle open tasks while discussing them
Track issues or pull requests in responses that are rendered in a familiar GitHub style, making working with them easier

In addition, you can enjoy a smoother streaming experience and enhanced rendering of attachments.

Try it out

See the updated experience in action by submitting any of the following example prompts:

Join us as we continue to streamline Copilot Chat, giving you instant previews, flexible editing, and more power right where you need it! Your feedback drives our improvements. Let us know how these new changes enhance your workflow by using the in-product feedback option or sharing your thoughts in the GitHub Community.

See more See more

GitHub is now PCI DSS v4.0 compliant with our 4.0 service provider attestation available to customers

March 14, 2025

GitHub’s Payment Card Industry Data Security Standard (PCI DSS) v4.0 service provider Attestation of Compliance (AoC) as well as the corresponding shared responsibility matrix has been completed. This report is the first time GitHub has provided a PCI DSS service provider report for our customers. This enables customers to meet their own PCI DSS compliance needs using GitHub as part of their development environment.

Going forward, GitHub intends to provide this attestation of compliance each year.

If you’re an Enterprise customer and need to obtain copies of GitHub’s AoC or Shared Responsibility Matrix, please reach out to your account manager.

See more See more

Actions Performance Metrics are generally available and Enterprise-level metrics are in public preview

March 14, 2025

actions

Performance Metrics for GitHub Actions are now generally available for repositories and organizations. Repository members can view workflow and job performance data including queue times and failure rates going back as far as one year. Organization members can also view this data aggregated across all repositories in their organization. These metrics are available on all GitHub Cloud plans.

In addition, usage and performance metrics aggregated at the Enterprise level are now available in public preview to Enterprise admins. This includes usage metrics (ex. jobs run and minutes used), as well as performance metrics (ex. job failure rates and queue times) across all repositories and organizations in an enterprise. These metrics can be found in the Enterprise UI under the “Insights” tab.

Screenshot of Enterprise Actions usage metrics in the Enterprise Admin UI

See more See more

Dependabot version updates now support uv in general availability

March 13, 2025

Developers can now use Dependabot to automatically keep their uv dependencies up to date. For projects that use uv as a package manager, Dependabot version updates can now ensure dependencies stay current with the latest releases.

Engage with the Dependabot open source community on the topic of uv support
Learn more about Dependabot version updates
Learn more about uv

See more See more

Instant semantic code search indexing now generally available for GitHub Copilot

March 12, 2025

GitHub Copilot now features instant semantic code search indexing, dramatically reducing the time it takes for Copilot to understand and reference your codebase.

What’s changed

Previously, when you wanted GitHub Copilot to reference your repository’s code in its responses, the semantic code search indexing process would take approximately five minutes to complete. With this update, indexing now completes in just a few seconds in most cases, though it may take up to 60 seconds. This means you can get contextually-aware Copilot assistance almost immediately after opening a repository.

Why this matters

Semantic Code Search is one of GitHub Copilot’s most powerful capabilities, enabling GitHub Copilot to:

Provide responses specific to your codebase’s architecture and patterns.
Reference existing functions, classes, and implementations in your repo.
Suggest code that aligns with your project’s style and conventions.
Answer questions about your codebase with accurate, context-aware information.

With instant semantic code search indexing, there’s virtually no waiting period between opening a repository and receiving codebase-aware AI assistance, making your development workflow more efficient and interruption-free.

How it works

Semantic code search indexing is automatically triggered when you open GitHub Copilot Chat on github.com. For VS Code users with the GitHub Copilot extension, you can also manually trigger indexing through the Copilot UI if needed.

Availability

This feature is available to all GitHub Copilot users across all tiers, including the free tier. There are no limits on how many repositories can be indexed.

Learn more

For detailed information about repository indexing for GitHub Copilot, check out our documentation.

Join the discussion within GitHub Community.

See more See more

Updates to Enterprise account navigation now generally available

March 12, 2025

GitHub Enterprise users will now see a horizontal navigation bar at the top of their enterprise account. This update is designed to improve the user experience by providing a consistent, intuitive navigation structure that mirrors the rest of the GitHub experience.

Screenshot of the new enterprise account navigation

These changes are expected to come to GitHub Enterprise Server customers in release version 3.17.

To learn more about enterprise accounts, read our documentation.

See more See more

Refreshed commit details page now generally available

March 12, 2025

The refreshed commit details page is now generally available!

This improved page lets you view and navigate the changes within a commit with improvements to filtering, commenting, and keyboard navigation.

Screen shot of the new commit details page that shows the metadata about the commit, a file tree showing the three files changed by the commit, diff snippets for each of the changed files, and a floating comment

What’s new 🎉

Comment counts in tree: Easily spot files with comments by seeing the number of comments directly in the file tree.
Floating comments: Code comments now float on top of the diff to improve readability of the diffs. Click the commenter’s avatar on the right side of the line to open.
Instantly switch views: Switch between unified and split views without waiting for the page to reload.
Keyboard navigation in diffs: You can now navigate around changed lines in the diff using the up and down keys on your keyboard. A new context menu also makes it easier to comment, copy, and select.
Filtering: You can filter changes by file name or extension. Also, the diffs for filtered out files are hidden to help reduce distractions.

Fixes and enhancements

Feedback during the public preview really helped us improve this page. Some of the more notable enhancements:

Compact line height: New user setting that controls the height of lines in the diff, which can help reduce scrolling and improve readability.
Submodule changes: The files changed when updating a submodule reference are now listed again.
Full commit message: The full commit message was previously hidden behind “Show More”, but is now fully shown.

Some of the more notable bugs that were addressed:

Fixed: The native browser context menu replaced by a custom menu when right-clicking on a diff.
Fixed: Tab indents not rendering correctly on some browsers.
Fixed: Missing “no newline at end of file” indicator.
Fixed: Performance issues on some browsers when interacting with the page.

See the full list of fixes and enhancements in the public preview feedback discussion.

Get help

To learn more about viewing commits, see About commits.

To give feedback, ask questions, or report a bug join us in the GitHub Community.

See more See more

Code completion in GitHub Copilot for Eclipse is now generally available

March 11, 2025

copilot

Code completion in GitHub Copilot for Eclipse is now generally available

GitHub Copilot’s code completion is now generally available for Eclipse! If you’re an Eclipse user, you can now leverage AI-powered suggestions directly within your IDE to write code faster and with greater ease.

Smarter coding with AI-powered assistance development

With GitHub Copilot in Eclipse, you’ll receive real-time code suggestions as you type, helping you complete functions, write boilerplate code, and even generate entire lines or blocks of code. Copilot’s AI-powered completions work seamlessly within the Eclipse environment, enabling a more efficient development workflow.

Key features of GitHub Copilot in Eclipse code completion

Code completions: Copilot is now seamlessly integrated into Eclipse, offering real-time, context-aware code suggestions as you type.
Multi-language support: GitHub Copilot for Eclipse supports a wide range of programming languages, including Java, Python, C++, and more. This enables developers across different tech stacks to leverage Copilot’s AI-powered assistance.
Content filtering: Copilot incorporates advanced filtering mechanisms to screen out harmful or inappropriate content, helping ensure professional and responsible code recommendations.
Free Tier: Get 2,000 code completions and 50 chat messages per month, simply by signing in with your personal GitHub account or by creating a new one.

Get started with GitHub Copilot in Eclipse

To try out Copilot in Eclipse, install the GitHub Copilot plugin from the Eclipse Marketplace and sign in with your GitHub account. Once enabled, you can start using AI-powered code suggestions right away.

Experience the future of AI-assisted development

GitHub Copilot is transforming the way developers write code by providing intelligent suggestions and automation. Whether you’re working on a small project or a large-scale application, Copilot helps streamline your workflow and boost productivity.

For more details, visit our GitHub Copilot documentation and start leveraging AI-driven coding assistance in Eclipse.

Feedback

We’re continuing to refine Copilot’s experience in Eclipse based on your feedback. Let us know what works well and where we can improve by sharing your thoughts in the GitHub Copilot feedback forum.

Ready to start coding faster in Eclipse? Install the GitHub Copilot plugin today and experience the future of AI-powered development!

See more See more

Renaming secret scanning experimental alerts to generic alerts

March 11, 2025

Alerts for non-provider patterns and Copilot-detected passwords are now categorized as generic instead of experimental. This change applies to alert filters and the secondary inbox in your alert list views.

Non-provider patterns and Copilot secret scanning were made generally available in October 2024, after careful iteration to reach the level of quality you’ve come to know and expect from provider-based patterns. These alerts are not considered experimental and should be remediated in accordance with your organization’s standard policies.

Detection for these secret types are available for repositories with a GitHub Advanced Security license. They can be enabled through your repository settings or organization and enterprise code security configurations.

Learn more about how to secure your repositories with our documentation on secret scanning.

See more See more

GitHub Copilot Chat for Eclipse now in public preview

March 11, 2025

copilot

GitHub Copilot Chat for Eclipse now in public preview

GitHub Copilot Chat for Eclipse is now in public preview! You can enable GitHub Copilot in Eclipse with any  GitHub account and experience both code completions and in-editor chat assistance today.

What’s new

Chat view: Ask Copilot for help with coding tasks directly in the chat view. Learn More.
Model Selector for Chat: GitHub Copilot allows you to change the model during a chat. Learn More.
Slash commands: Use quick commands, like /explain for code explanations.
Reference code: Scope chats to specific files for more relevant assistance.
Free access: Get 2,000 code completions and 50 chat messages per month for free, simply by signing in with your GitHub account or by creating a new one.

Try it out

To access GitHub Copilot Chat for Eclipse, you’ll need a Copilot license.

Follow the steps outlined in the Getting Started guide.

Feedback

Your feedback drives improvements. Let us know what you think using the in-product feedback option, or share your thoughts with the GitHub Community.
Join us on this journey as we continue to enhance GitHub Copilot for Eclipse and deliver a smoother developer workflow!

See more See more

GitHub Copilot for Xcode Chat is now generally available

March 11, 2025

copilot

GitHub Copilot for Xcode Chat is now generally available

GitHub Copilot Chat is now generally available for Xcode! If you’re an Xcode user, you can now take advantage of AI-powered assistance with both code completions and in-editor chat assistance today.

AI-powered chat for coding assistance

With GitHub Copilot Chat in Xcode, you can ask questions, get explanations for code, receive debugging help, and even generate suggestions for complex implementations. This interactive experience allows developers to work more efficiently without leaving their coding environment.

Key features of GitHub Copilot for Xcode Chat

Chat view: Ask Copilot for help with coding tasks directly in the chat view.
Model Selector for Chat: GitHub Copilot allows you to change the model during a chat.
Slash commands: Use quick commands, like /releaseNotes for the latest update information.
Reference code: Scope chats to specific files for more relevant assistance.
Multiple conversations: Maintain different threads, each with their own context.
Extended version support: Currently supported the macOS version from macOS 12.0 to macOS 15.0.
Free access: Get 2,000 code completions and 50 chat messages per month for free, simply by signing in with your GitHub account or by creating a new one.

Get started with GitHub Copilot in Xcode

To try out Copilot Chat in Xcode, install GitHub Copilot for Xcode and sign in with your GitHub account. Once enabled, you can start interacting with Copilot Chat to receive intelligent coding assistance instantly.

Experience the future of AI-assisted development

GitHub Copilot is redefining software development by providing AI-driven guidance, improving code quality, and speeding up problem-solving. Whether you’re working on an iOS app or macOS software, Copilot Chat helps you stay focused and productive.

For more details, visit our GitHub Copilot documentation and start leveraging AI-driven coding assistance in Xcode. 

Feedback

We’re continuously improving Copilot Chat in Xcode based on user feedback. Let us know how it’s working for you and share your suggestions in the GitHub Copilot feedback forum.

Ready to enhance your development workflow? Try GitHub Copilot Chat in Xcode today and experience the future of AI-assisted coding!

See more See more

CodeQL adds support for Java 24 and other improvements in version 2.20.6

March 11, 2025

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.20.6, which brings support for a new version of Java and a variety of other improvements that improve the accuracy of your code scanning results:

Java

CodeQL now supports Java version 24
We’ve improved the accuracy of the (java/xss) query when javax.servlet.http.HttpServletResponse is used without an exploitable content type

JavaScript / TypeScript

We’ve added support for the response threat model, which can be enabled with advanced setup. When enabled, the response data coming back from an outgoing HTTP request is considered a tainted source.
We’ve improved the precision of data flow through arrays and call resolution logic, both resulting in improved analysis results

C/C++

We’ve improved the accuracy of the cpp/static-buffer-overflow query, resulting in improved results

We’ve improved the precision of the cs/call-to-object-tostring query, resulting in improved analysis results

GitHub Actions (Public Preview)

We’ve removed the query actions/unversioned-immutable-action from the public suite of queries, which will close any alerts triggered from it

For a full list of changes, please refer to the complete changelog for version 2.20.6. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on GitHub.com. The new functionality in CodeQL 2.20.6 will also be included in GitHub Enterprise Server (GHES) version 3.17. If you use an older version of GHES, you can manually upgrade your CodeQL version.

See more See more

GitHub Enterprise Server 3.16 is now generally available

March 11, 2025

GitHub Enterprise Server 3.16 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.16 release:

The reliability, observability, and efficiency of ghe-config-apply have been improved. As a result, you may experience reduced downtime when ghe-config-apply is run.
The monitor dashboard has been optimized with concise, actionable metrics, providing a quick overview of the appliance’s operational health. For more details, see the monitor dashboard.
When reviewing code security configurations, you can now filter repositories more easily with new options that sort by the status of specific GHAS features. For more details, see new advanced filters for code security configurations.
You can now apply code security configurations to archived repositories, simplifying rollouts and ensuring features like Dependabot, code scanning, and secret scanning are automatically reapplied if a repository is unarchived. Additionally, you can now create and manage code security settings at the enterprise level, reducing repetitive setup at the organization level. For more details, see enterprise-level code security configurations.
Monitor prevention metrics alongside detection and remediation metrics for Dependabot and GitHub Advanced Security features, including secret scanning and code scanning. This expanded visibility is now available in the enhanced security overview dashboard at both the organization and enterprise levels. For more information, see enhanced security overview dashboard.
Organization owners can now allow their users to set custom properties during repository creation. This ensures appropriate rules are enforced from the moment of creation and improves discoverability of new repositories. For more information, see custom properties.
Organization owners can now configure policies to restrict the usage of deploy keys across all the repositories of your organizations, giving you more control and greater security over your deploy keys. For more information, see enforcing a policy for deploy keys.

To learn more about GHES 3.16, check out the release notes or download it now. If you have any issues upgrading to version 3.16 or experience any issues using these new features, please contact our support team.

Join the community discussion to share your feedback and ask questions.

See more See more

Quick Action Tasks is now generally available in the GitHub Models playground

March 10, 2025

models

You can now use Quick Action Tasks in the GitHub Models playground . This is a new feature that streamlines your experimentation process by helping you choose faster or more cost-effective models, and even includes sources in your responses. This allows you to find the model that best fits your goals, whether you prioritize speed, cost-efficiency, or clarity of information.

Try it out today and take your experimentation to the next level!

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

See more See more

Enterprise-owned GitHub Apps are now generally available

March 10, 2025

The general availability of enterprise-owned GitHub Apps brings several updates based on feedback from the public preview.

Most significantly, organizations and users can now transfer private visibility Apps to their enterprise, where they will become usable by the entire enterprise.

In addition, permission updates made to an enterprise-owned App are now automatically accepted by all of the organizations in the enterprise.

These updates allow enterprise owners to consolidate multiple per-organization Apps into a single registration that is managed efficiently at the enterprise level.

For enterprise-managed (EMU) users and organizations, both private and internal Apps can be transferred to the enterprise. Private Apps are those that only the owning account can use, while internal Apps are those that any organization and user in the enterprise can use. However, Enterprise Classic organizations and standard user accounts can only transfer private Apps, as internal Apps are not supported in Enterprise Classic.

At this time, internal is the only visibility setting allowed for enterprise-owned Apps, which means that only organizations in that enterprise can install it, and only users in the enterprise can authorize it. Any App that is transferred to an enterprise will be updated to be internal and uninstalled from the user account that owned it, if applicable.

To reduce abuse vectors, enterprises cannot transfer Apps to another enterprise, and organizations and users cannot transfer an App to an enterprise that they are not part of.

As in the preview, only an enterprise owner can manage Apps owned by the enterprise. However, we are actively working on App manager roles and permissions that will allow users and teams to manage specific Apps, as well as manage all of the Apps in an enterprise. These new fine-grained permissions will be introduced for both the enterprise and the organization—keep an eye out for these in the middle of the year.

For more information about enterprise-owned Apps, see our docs page. These updates will be available in GHES 3.17.

To share feedback, ask questions, and more, please join our discussion in the GitHub Community.

See more See more

View more changes