Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Setup user for EMU enterprises requires 2FA or use of a recovery code

A setup user is responsible for configuring an identity provider for any new Enterprise Managed User (EMU) enterprise account. After your first login to this user account, we strongly recommend you setup 2FA in addition to saving your enterprise recovery codes.

All subsequent login attempts for the setup user account will require a successful 2FA challenge response or the use of an enterprise recovery code to complete authentication. If you do not at least save your enterprise recovery codes, you will be locked out of the account.

Learn more about the setup user on your GHEC enterprise account with Enterprise Managed Users – EMU or data residency.

See more

Deprecating “Featured Customers” section in GitHub Marketplace listings

GitHub Marketplace will be deprecating the “Featured Customers” section from app listing pages. This change will not cause any breaking changes. Here’s what publishers need to know:

Timeline:

  • January 27, 2025: Featured Customers sections will no longer be visible on public Marketplace listings
  • March 3, 2025: The Featured Customers section in publisher dashboards will be completely removed

Publishers can continue showcasing customer success stories directly in their app listing descriptions. However, GitHub will not review or approve customer lists provided in listing descriptions. Publishers are responsible for:

  • Obtaining explicit permission from customers before featuring them
  • Ensuring all customer usage claims are accurate and truthful

If a customer reports that they are falsely listed as a user of an app/extension, GitHub may review the authenticity of these claims. Listings found to be making false claims about customer usage will be notified, and may be removed from GitHub Marketplace.

Publishers with existing Featured Customers sections should save this information from the publisher settings before March 3rd if they wish to migrate it to their listing description.

This change helps streamline the Marketplace experience and aligns with our ongoing improvements to listing pages.

See more

Copilot Workspace Updates: improved navigation and file management

This week’s Copilot Workspace updates are focused on improvements to navigation and file management. As ever, drop your feedback into this discussion.

Simpler file tree navigation

When folders don’t have any direct file children but only have other folders as children, we now combine those into one folder to reduce the amount of nesting in the file tree.

In addition, when you open the file tree and have generated files, we now show Changed files as the default viewing mode.

combine paths with single child

Delete a file from the actions menu

By clicking on the ellipses in a file, you’re now able to delete a file directly from the actions menu of Copilot Workspace.

delete file navigation

Opening files now opens them in an ephemeral tab

When you click a file in the tree, a new ephemeral tab is opened. When you double-click a file in the tree, it opens as a new regular tab. This aligns with the experience of most other IDEs and keeps your open tab list to just the ones you need.

Forwarded ports are easier to access

Now, when a command action uses port forwarding, a globe icon is added next to the command row, allowing you to view a live preview of the running port.

port forwarding button example

Improved screen layout in pull requests for smaller devices

Now, when working on smaller screens, the commit panel and suggestions pane will close as necessary, to better fit within your screen.

We want to hear from you

Please drop any and all feedback in our GitHub Discussion. We appreciate any and all feedback you have!

See more

Updated headers for GitHub Copilot Extension requests

On March 31, 2025, GitHub Copilot Extensions will require an updated header format for agent requests. Both updated and previous versions of the request headers will be supported until then. These headers denote requests that come from GitHub and enable your extension to communicate with GitHub.

Updated headers:
X-GitHub-Public-Key-Identifier
X-GitHub-Public-Key-Signature

Previous headers, to be deprecated on March 31, 2025:
Github-Public-Key-Identifier
Github-Public-Key-Signature

Please update your relevant checks to the correct headers by March 31, 2025 for a consistent experience and to avoid breaking changes. To learn more, visit this page.

See more

Linux arm64 hosted runners now available for free in public repositories (Public Preview)

Now in public preview, Linux arm64 hosted runners are available for free in public repositories. Following the release of arm64 larger hosted runners in June, this offering now extends to the open source-community. Powered by the Cobalt 100-based processors, these 4 vCPU runners can deliver up to a 40% performance boost compared to Microsoft Azure’s previous generation of Arm-based VMs, providing a power-efficient compute layer for your workloads. Arm-native developers can now build, test and deploy entirely within the arm64 architecture without the need for virtualization on your Actions runs.

How to use the runners

To leverage the arm64 hosted runners, add the following labels in your public repository workflow runs:
ubuntu-24.04-arm
ubuntu-22.04-arm

Please note that these labels will not work in private repositories, and the workflow will fail if added. All runs in public repositories will adhere to our standard runners usage limits, with maximum concurrencies based on your plan type. While the arm64 runners are in public preview, you may experience longer queue times during peak usage hours.

Images

In partnership with Arm, GitHub provides the Ubuntu VM images for these runners, helping customers with a seamless start to building on Arm. To view the list of installed software, give feedback, or report issues with the image, visit the partner-runner-images repository.

Get started today!

To get started, simply add one of the new labels to theruns-on syntax in your public Actions workflow file. For more information on arm64 runners and how to use them, see our documentation and join the conversation in the community discussion.

See more

Copilot Users Can Ask About A Failed Actions Job (GA)

The ability to ask Copilot about Actions job failures is now Generally Available.

Simply press “Explain Error” from the pull request merge box or the Actions job page to chat with Copilot about why a job failed, and get tailored guidance on how to resolve the issue.

To get started, in the pull request merge box, select “More actions” for a failing check, and then “Explain Error” to get help. Or, on the job page for the failed job, hit the same button next to the search bar.

Image of Explain Error in the merge box of a PR

Copilot can analyze one job at a time. Each time it’s used, it consumes a chat message. See the Copilot subscriptions page for more information on chat allowances for each Copilot plan.

We’d love to hear your feedback! Do drop it in the discussion in the GitHub Community.

See more

Phi-4 is now available in GitHub Models (GA)

Phi-4 Model Release on GitHub Models

The latest AI model from Phi, Phi-4, is now available in GitHub Models.

Phi-4 is a 14B parameter state-of-the-art small language model (SLM) that excels at complex reasoning and conventional language processing.

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

Easily try, compare, and implement this model in your code for free in the playground or via the API. Compare it to a previous Phi model using the side-by-side feature in GitHub Models.

To learn more about GitHub Models, check out product documentation on GitHub Models. You can also join our community discussions.

See more

GitHub Actions: Ubuntu 20 runner image brownout dates and other breaking changes

Ubuntu 20 image is closing down

We are beginning the process of closing down the Ubuntu 20 hosted runner image, following our N-1 OS support policy. This image will be fully retired by April 1, 2025. We recommend updating workflows to use ubuntu-22.04, or ubuntu-24.04.

Brownout dates

To raise awareness of the upcoming removal we will temporarily fail jobs using the ubuntu-20.04 label starting in March 2025. The brownouts will occur on the following dates and times:
– March 4 14:00 UTC – 22:00 UTC
– March 11 13:00 UTC – 21:00 UTC
– March 18 13:00 UTC – 21:00 UTC
– March 25 13:00 UTC – 21:00 UTC

Upcoming breaking changes to hosted runner images

For a full list of this month’s breaking changes to our hosted runner images, please see our announcement page.

Artifact actions v3 brownouts

Artifact actions v3 will be closing down by January 30th, 2025. To raise awareness of the upcoming removal, we will temporarily fail jobs using v3 of actions/upload-artifact or actions/download-artifact. Builds that are scheduled to run during the brownout periods will fail. The brownouts are scheduled for the following dates and times:
– January 16th 3pm – 7pm UTC
– January 23rd 2pm – 10pm UTC

Note: v3 of the artifact actions will continue to be supported for GitHub Enterprise Server customers. The brownouts and retirement will not affect your workflows.

actions/cache v1-v2 and actions/toolkit cache package closing down

Starting February 1st, 2025, Actions’ cache storage will move to a new architecture, as a result we are closing down v1-v2 of actions/cache. In conjunction, all previous versions of the @actions/cache package (prior to 4.0.0) in actions/toolkitwill be closing down. If users run workflows that call the retired versions after February 1st, 2025, the workflows will fail.

You should upgrade to actions/cache v4 or v3 as soon as possible to avoid any disruption in February. For information on how to migrate, see the announcements in the actions/cache and actions/toolkit repositories.

Note: all versions of actions/cache will continue to be supported for GitHub Enterprise Server customers. The retirement will not affect your workflows.

See more

Audit log streaming of API requests is generally available

Audit log streaming of API requests targeting your enterprise’s private assets is now generally available. This feature provides you as enterprise administrators new visibility into the API activity within your enterprise.

Audit logs play a critical role in an enterprise owners’ ability to monitor and secure their enterprise. Many enterprises leverage GitHub’s API ecosystem to automate and operate their enterprise at scale. However, API use can also create unique security and operational challenges that must be managed. To help manage these challenges, API requests targeting your enterprise’s private assets can be included in your enterprise’s audit log streams. Please note that API requests targeting public repositories will be omitted from your enterprise’s audit log stream. This new data will allow you as an enterprise owner to:

  • Better understand and analyze API usage targeting your private enterprise assets;
  • Identify and diagnose potentially misconfigured applications or integrations;
  • Track the authentication tokens being used by specific applications or integrations;
  • Troubleshoot API requests contributing to API rate limiting;
  • Analyze API activity when performing forensic investigations; and
  • Develop API specific anomaly detection algorithms to proactively identify potentially malicious API activity.

    An example event payload can be found below:

Example API request audit log event.

Note: Sensitive fields have been redacted for security reasons.

To start streaming API requests, you can follow the instructions in our docs for enabling audit log streaming of API requests. Once enabled, you should begin seeing API request events in your audit log stream.

See more

Codestral 25.01 is now available in GitHub Models (GA)

The latest AI model from Mistral, Codestral 25.01, is now available in GitHub Models.

Codestral 25.01 is explicitly designed for code generation tasks. It helps developers write and interact with code through a shared instruction and completion API endpoint. As it masters code and can also converse in a variety of languages, it can be used to design advanced AI applications for software developers.

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

Easily try, compare, and implement this model in your code for free in the playground or via the API. Compare it to other code generation models using the side-by-side feature in GitHub Models.

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

See more

Evolving GitHub Issues (public preview)

Following our opt-in preview last year, we are excited to release sub-issues, issue types and advanced search for issues to everyone! 🎉

Thank you to everyone who opted-in and gave us feedback on these new additions. We will be rolling out these changes incrementally and expect all users to have access by the end of this week.

🔗 Break down and nest issues with sub-issues

Sub-issues allow you to break down and organize issues within a parent-child hierarchy. You can create sub-issues from any issue and use their nested structure to track progress and understand remaining work. You can also easily track sub-issues progress within your projects.

Learn more and share feedback on sub-issues.

📁 Organize your work with issue types

Issues types allow you to classify and manage your issues with a shared and consistent language across all repositories in an organization. You can quickly understand the progress of your bug backlog, find all of the high level initiatives teams are working on, and understand the breakdown of work in a project.

Issue types displayed as part of a repo index page

Learn more and share feedback on issue types.

From the repository issues page, you can build advanced searches using the AND and OR keywords and parentheses for nested searches. This allows you to build more complex filters to find the exact set of issues you’re looking for.

A user searches for type bug OR type task

Learn more and share feedback on advanced search for issues.

🎨 Issues UI updates

All these new features are based upon an update to the issues front end, designed to be fast and familiar. This means there are no new UI patterns to slow you down, but we did include a few tweaks to speed you up, including:

  • The issues index page has a new filter bar with autocomplete and syntax highlighting.
  • Creating multiple issues is faster with a ‘create more’ option to quickly get back to the creation screen.
  • Issue form and templates are now presented in alphabetical order based on file name, making it easier for you to set just the right order.
  • Easily share the URL to an issue with a new ‘copy link’ button.
  • On long issues, selecting ‘load more’ will now fetch 150 events instead of 50.

Learn more and share feedback on the updated issues UI.

👀 Not ready yet?

Head over to your account’s feature preview page to switch between the new and old experiences. Due to the incremental roll out of the new experiences over the course of this week, you may find you only have access to the feature preview toggle once the roll out has completed.

See more

Code scanning: CodeQL Action v2 is now retired

On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. In January 2024, we announced that CodeQL Action v2 would be retired at the same time as GitHub Enterprise Server (GHES) 3.11. This retirement period has elapsed and CodeQL Action v2 is now discontinued. It will no longer be updated or supported, and while we will not be deleting it except in the case of a security vulnerability, workflows using it may eventually break. New CodeQL analysis capabilities will only be available to users of v3.

For more information about this retirement, please see the original retirement announcement from January 2024.

How does this affect me?

Default setup

Users of code scanning default setup do not need to take any action in order to automatically move to CodeQL Action v3.

Advanced setup

Users of code scanning advanced setup need to change their workflow files in order to start using CodeQL Action v3.

Users of GitHub.com and GitHub Enterprise Server 3.12 (and newer)

All users of GitHub code scanning (which by default uses the CodeQL analysis engine) on GitHub Actions on the following platforms should update their workflow files:

  • GitHub.com (including open source repositories, users of GitHub Teams and GitHub Enterprise Cloud)
  • GitHub Enterprise Server (GHES) 3.12 (and newer)

Users of the above-mentioned platforms should update their CodeQL workflow file(s) to refer to the new v3 version of the CodeQL Action. Note that the upcoming release of GitHub Enterprise Server 3.12 will ship with v3 of the CodeQL Action included.

Users of GitHub Enterprise Server 3.11 (and older)

GitHub Enterprise Server 3.11 (and older) is now retired. For more information on using the CodeQL Action on a retired GitHub Enterprise Server version, refer to the relevant sections of the CodeQL Action v2 retirement announcement.

Exactly what do I need to change?

To upgrade to CodeQL Action v3, open your CodeQL workflow file(s) in the .github directory of your repository and look for references to:

  • github/codeql-action/init@v2
  • github/codeql-action/autobuild@v2
  • github/codeql-action/analyze@v2
  • github/codeql-action/upload-sarif@v2

These entries need to be replaced with their v3 equivalents:

  • github/codeql-action/init@v3
  • github/codeql-action/autobuild@v3
  • github/codeql-action/analyze@v3
  • github/codeql-action/upload-sarif@v3

Can I use Dependabot to help me with this upgrade?

Yes, you can! For more details on how to configure Dependabot to automatically upgrade your Actions dependencies, please see this page.

See more

Secret scanning expands default pattern support

GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.

The following new patterns were added over the last few months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.

Provider Token Partner User Push protection
Anthropic anthropic_admin_api_key
Asaas asaas_api_token
Asana asana_legacy_format_personal_access_token  ✓
Azure azure_openai_key
Azure microsoft_azure_common_annotated_security_key
Azure microsoft_azure_entra_id_token
Cfx.re cfxre_server_key
Cockroach Labs ccdb_api_key
Coveo coveo_access_token
Databento databento_api_key
Datastax datastax_astracs_token
Google google_cloud_service_account_credentials
Google google_gcp_api_key_bound_service_account ✓  
Hubspot hubspot_private_apps_user_token
Hubspot hubspot_smtp_credential
Hugging Face hf_user_access_token
Iterative iterative_dvc_studio_access_token
Lichess lichess_personal_access_token
Lichess lichess_oauth_access_token
MongoDB mongodb_atlas_db_uri_with_credentials
Netflix netflix_netkey
OpenRouter openrouter_api_key
Oracle oracle_api_key
Polar polar_access_token
Polar polar_authorization_code
Polar polar_client_registration_token
Polar polar_client_secret
Polar polar_personal_access_token
Polar polar_refresh_token
Replicate replicate_api_token
Scalr scalr_api_token
Sentry sentry_org_auth_token
Sentry sentry_user_auth_token
Sentry sentry_user_app_auth_token
Sentry sentry_integration_token
Shopee shopee_open_platform_partner_key
Siemens siemens_api_token
Sindri sindri_api_key
Tailscale tailscale_api_key

The following existing patterns were upgraded to be included in push protection. When push protection is enabled, secret scanning automatically blocks any pushes that contain a secret matching these patterns.

Provider Token
Contentful contentful_personal_access_token
GitLab gitlab_access_token
Ionic ionic_refresh_token
Orbit orbit_api_token
PyPI pypi_api_token
Thunderstore thunderstore_io_api_token
Yandex yandex_cloud_iam_access_secret

Learn more about securing your repositories with secret scanning.

See more

GitHub Models introduces JSON schema support for response formats

You can now specify a custom JSON schema as a response format, alongside the existing text and recently released general JSON option. When JSON schema is selected, an input box will allow you to define your desired schema format directly in the playground.

JSON Schema support in Models

This enhancement provides more control if you’re working with models that require structured responses, helping to mitigate issues like models outputting unnecessary tokens. You can either specify a single object or an array of objects. Additionally, you can save this JSON schema as a preset so that you can use it again later.

JSON Schema structured outputs are currently only supported for the GPT 4o model, and specifically for the api-version: “2024-08-01-preview”.

GitHub Models is a catalog and playground of AI models to help you build AI features and products. You can start using models for free with just your GitHub PAT.

Learn more about GitHub Models or join the conversation in our community discussions.

See more

Copilot Workspace Updates (January 6th, 2025)

Happy new year! We’ve got fresh Copilot Workspace updates for you this week, including the ability to add a new file directly to the file tree and reduced latency in the terminal.

Adding new files from file tree

You can now add a new file directly to the file tree, rather than having to modify the plan.

photo of adding a new file from the file tree

Error toggling

We’ve enabled an option to toggle errors on and off within your editor. This will allow you to hide errors when you’re not actively working on them.

gif of error toggling

Improved codespace creation

Now when you create a codespace, your codespace will be created in the region closest to you. This will improve the latency of your connection, providing a smoother experience while editing and using the terminal.

Accessibility improvements

Screen readers will now announce when suggestions are applied.

Bug fixes

Fixed a design regression where there was no border between the editor and the file.

We want to hear your feedback

Please drop your feedback in our GitHub Discussion. We appreciate any and all feedback you have!

See more

Closing down notice: Dependabot will no longer support Python version 3.8

On February 5th, 2025, Dependabot will end support for Python version 3.8, which has reached its end-of-life. If you continue to use Python version 3.8, there’s a risk that Dependabot will not create pull requests to update dependencies. To prevent this from happening, please update to a supported release of Python. As of January 2025, the latest supported release of Python is version 3.13. View Python’s official documentation for more information about supported releases.

See more

Actions: Xcode 16.2 will replace Xcode 16.0 in macOS-14 Images

Starting January 6, 2025 GitHub-Hosted macOS runner images will be replacing Xcode 16.0 with Xcode 16.2. This change applies to both macOS-14 Intel and ARM64 based runner images. If you rely on Xcode 16.0, upgrade to Xcode 16.1 in order to maintain service continuity in your Actions workflows.

Our support policy for macOS-14 is:
Xcode 15: All minor releases with the full platform tools suite.
Xcode 16: Two minor releases (excluding visionOS tools), following a “last two” principle where the oldest version is replaced by the latest as updates are released. Beta versions are not included.

Additional Resources

See more

Expanding Access to the GitHub Copilot Workspace Technical Preview

We are excited to announce that all paying Copilot customers can now use the technical preview of GitHub Copilot Workspace.

hero image for the copilot workspace technical preview

Copilot Workspace is a Copilot-native development environment designed to help you with everyday tasks, from idea to merge.

Starting from a GitHub Issue or natural language task, you can work with Copilot Workspace to iterate on solving your problem. Together, you can:

  • Brainstorm your ideas: Ask Copilot questions about how your codebase currently works, and explore ideas for how to solve your task.
  • Plan your changes: Leverage Copilot Workspace to generate a comprehensive plan for your code change, surfacing relevant code and describing the changes necessary in each file to achieve your goal.
  • Implement and validate: Let Copilot Workspace propose code changes that you can iterate on and refine in natural language or code. You can even build, run, and test the code directly within Copilot Workspace with a fully functional compute environment provided by GitHub Codespaces before creating a pull request.

Everything that GitHub Copilot Workspace proposes – from the plan to the code – is fully editable, allowing you to rapidly iterate until you’re confident in the change.

To find out more, check out the blog that first launched Copilot Workspace to the world.

Getting Started

Sign up for the technical preview by logging into Copilot Workspace. Please note that Enterprise Managed Users are not eligible for the technical preview.

Once you have access, check out the user manual, or these 5 helpful tips and tricks for getting the most out of Copilot Workspace.

Organization administrators can enable members to use Copilot Workspace with repositories owned by their organization by approving the Copilot Workspace OAuth app for the organization. OAuth app restrictions are enabled by default when new organizations are created, so unless you’ve changed this setting, members of your organization will not have access to Copilot Workspace on organization-owned repositories by default. To enable Copilot Workspace for your organization’s repositories:

You can share any questions, concerns, or ideas in this discussion post. We can’t wait to see what you build!

See more

Copilot Workspace Changelog (December 20th, 2024)

Welcome to another week of Copilot Workspace updates! We have a bunch this week, so let’s jump right in! 🎉

Copilot Workspace

Handling large files

Workspace will now inform you when a file is too large to be displayed, and link you to view the file in the repo editor.

"image of file too large with correct warning"

Copying the branch name

Now when selecting a branch, you’ll be able to copy the branch name to your clipboard. You’ll will see a check mark after successfully copying the branch name.

Improvements to the diff editor

  • The scrolling experience has been improved, allowing you to scroll through all your files at once instead of each file individually.
  • We’ve enabled collapsing regions outside the diff, and are showing 3 lines of context padding the diff.
  • We’ve enabled word wrapping within the editor.

Bug fixes

  • Empty files now display correctly
  • Fixed a bug during plan creation that was causing Copilot Workspace to crash
  • No longer does renaming the spec question include a scroll bar
  • Fixed an issue where renamed files did not update all references across the plan, tabs, and editor. Now when you rename a file you will see that name change reflected everywhere.

Copilot Workspace for PRs

New file path auto-populating

Adding new files will auto-populate the path, making it easier to add new files to your repository.

Individual file resets

You can now reset individual files, rather than having to reset the state of all changes.

Hiding trailing whitespace

We’ve enabled an option for you to hide whitespace when viewing a diff.
showing trailing whitespace and then hiding it

Add indication when suggestion cannot be applied

We now alert you when a suggestion can’t be applied.
photo-of-improved-file-handler

Accessibility improvements

Accessibility continues to be core to the GitHub experience. Over the upcoming changelogs we’ll be highlighting improvements to our accessibility experience.

  • User operating system specific hints on keyboard shortcuts are enabled
  • A missing checkbox label on commit dialog has been added
  • Screen reader feedback on suggestions are now applied

Bug fixes

  • Copilot Workspace now informs users if a file is too large to be viewed
  • Changing files is enabled when focusing on a suggestion
  • Suggestions that would be applied to files you have removed are now deleted

Providing Feedback

Please give feedback in our GitHub Discussion. We appreciate any and all feedback you have!

See more
View more changes