Skip to content

/ Blog

Use Copilot for free Contact sales

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open Source
- Open Source
  Everything open source on GitHub.
  - Git
    The latest Git updates.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
  - Gaming
    Explore open source games on GitHub.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Categories

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open Source
- Open Source
  Everything open source on GitHub.
  - Git
    The latest Git updates.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
  - Gaming
    Explore open source games on GitHub.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Contact sales Use Copilot for free

closing-down

Subscribe to all “closing-down” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog

→ ~/github-changelog|main git log main

showing all changes successfully

Deprecating “Featured Customers” section in GitHub Marketplace listings

January 17, 2025

GitHub Marketplace will be deprecating the “Featured Customers” section from app listing pages. This change will not cause any breaking changes. Here’s what publishers need to know:

Timeline:

January 27, 2025: Featured Customers sections will no longer be visible on public Marketplace listings
March 3, 2025: The Featured Customers section in publisher dashboards will be completely removed

Publishers can continue showcasing customer success stories directly in their app listing descriptions. However, GitHub will not review or approve customer lists provided in listing descriptions. Publishers are responsible for:

Obtaining explicit permission from customers before featuring them
Ensuring all customer usage claims are accurate and truthful

If a customer reports that they are falsely listed as a user of an app/extension, GitHub may review the authenticity of these claims. Listings found to be making false claims about customer usage will be notified, and may be removed from GitHub Marketplace.

Publishers with existing Featured Customers sections should save this information from the publisher settings before March 3rd if they wish to migrate it to their listing description.

This change helps streamline the Marketplace experience and aligns with our ongoing improvements to listing pages.

See more See more

GitHub Actions: Ubuntu 20 runner image brownout dates and other breaking changes

January 15, 2025

Ubuntu 20 image is closing down

We are beginning the process of closing down the Ubuntu 20 hosted runner image, following our N-1 OS support policy. This image will be fully retired by April 1, 2025. We recommend updating workflows to use ubuntu-22.04, or ubuntu-24.04.

Brownout dates

To raise awareness of the upcoming removal we will temporarily fail jobs using the ubuntu-20.04 label starting in March 2025. The brownouts will occur on the following dates and times:
– March 4 14:00 UTC – 22:00 UTC
– March 11 13:00 UTC – 21:00 UTC
– March 18 13:00 UTC – 21:00 UTC
– March 25 13:00 UTC – 21:00 UTC

Upcoming breaking changes to hosted runner images

For a full list of this month’s breaking changes to our hosted runner images, please see our announcement page.

Artifact actions v3 brownouts

Artifact actions v3 will be closing down by January 30th, 2025. To raise awareness of the upcoming removal, we will temporarily fail jobs using v3 of actions/upload-artifact or actions/download-artifact. Builds that are scheduled to run during the brownout periods will fail. The brownouts are scheduled for the following dates and times:
– January 16th 3pm – 7pm UTC
– January 23rd 2pm – 10pm UTC

Note: v3 of the artifact actions will continue to be supported for GitHub Enterprise Server customers. The brownouts and retirement will not affect your workflows.

actions/cache v1-v2 and actions/toolkit cache package closing down

Starting February 1st, 2025, Actions’ cache storage will move to a new architecture, as a result we are closing down v1-v2 of actions/cache. In conjunction, all previous versions of the @actions/cache package (prior to 4.0.0) in actions/toolkitwill be closing down. If users run workflows that call the retired versions after February 1st, 2025, the workflows will fail.

You should upgrade to actions/cache v4 or v3 as soon as possible to avoid any disruption in February. For information on how to migrate, see the announcements in the actions/cache and actions/toolkit repositories.

Note: all versions of actions/cache will continue to be supported for GitHub Enterprise Server customers. The retirement will not affect your workflows.

See more See more

Closing down notice: Dependabot will no longer support Python version 3.8

January 6, 2025

On February 5th, 2025, Dependabot will end support for Python version 3.8, which has reached its end-of-life. If you continue to use Python version 3.8, there’s a risk that Dependabot will not create pull requests to update dependencies. To prevent this from happening, please update to a supported release of Python. As of January 2025, the latest supported release of Python is version 3.13. View Python’s official documentation for more information about supported releases.

See more See more

Dependabot updates ceases supporting npm version 6 [Closing Down]

December 19, 2024

On January 20th, 2025, Dependabot will end support for npm version 6, which has reached its end-of-life. If you continue to use npm version 6, there’s a risk that Dependabot will not create pull requests to update dependencies. In that case, we recommend updating to a supported release of npm. As of December 2024, the newest supported release of npm is version 11. View NPM’s official documentation for more information about supported releases.

See more See more

Notice of upcoming releases and breaking changes for GitHub Actions

December 5, 2024

Ubuntu-latest upcoming breaking changes

We will migrate the ubuntu-latest label to ubuntu 24 starting on December 5, 2024 and ending on January 17, 2025. The ubuntu 24 image has a different set of tools and packages than ubuntu 22. We have made cuts to the list of packages so that we can maintain our SLA for free disk space. This may break your workflows if you depend on certain packages that have been removed. Please review this list to see if you are using any affected packages.

Ubuntu 20 image is closing down

We are beginning the process of closing down the Ubuntu 20 hosted runner image, following our N-1 OS support policy. This image will be fully retired by April 1, 2025. We recommend updating workflows to use ubuntu-22.04, or ubuntu-24.04.

Artifacts v3 brownouts

Artifact actions v3 will be closing down by January 30th, 2025. To raise awareness of the upcoming removal, we will temporarily fail jobs using v3 of actions/upload-artifact or actions/download-artifact. Builds that are scheduled to run during the brownout periods will fail. The brownouts are scheduled for the following dates and times:

January 9th 5pm – 6pm UTC
January 16th 3pm – 7pm UTC
January 23rd 2pm – 10pm UTC

actions/cache v1-v2 and actions/toolkit cache package closing down

Starting February 1st, 2025, Actions’ cache storage will move to a new architecture, as a result we are closing down v1-v2 of actions/cache. In conjunction, all previous versions of the @actions/cache package (prior to 4.0.0) in actions/toolkit will be closing down.

If users run workflows that call the retired versions after February 1st, 2025, the workflows will fail. Announcements have been posted in the actions/cache and actions/toolkit repositories with additional information on the migration. Note that this does not affect GitHub Enterprise Server customers, you can continue to use all versions without failure.

Updates to the network allow list for self-hosted runners and Azure private networking

With the upcoming GA of Immutable Actions, Actions will now be stored as packages in the GitHub Container Registry. Please ensure that your self-hosted runner allow lists are updated to accommodate the network traffic. Specifically, you should allow traffic to pkg.actions.githubusercontent.com to ensure Immutable Actions can be downloaded successfully and jobs don’t fail during setup. If you already allow *.actions.githubusercontent.com which is listed as an required domain then no action is necessary. Traffic will also be required to ghcr.io for publishing new versions of an Immutable Action in the future, which will be available with the GA release.

This update also affects runners in all versions of GitHub Enterprise Server that use the GitHub Connect feature to download actions directly from github.com. Customers are advised to update their self-hosted runner network allow lists accordingly. For further guidance on communication between self-hosted runners and GitHub, please refer to our documentation.

Additionally, our guidance for configuring Azure private networking has been updated to account for the new domains. The following IP addresses have been added to the NSG template in our documentation.

140.82.121.33/32
140.82.121.34/32
140.82.113.33/32
140.82.113.34/32
140.82.112.33/32
140.82.112.34/32
140.82.114.33/32
140.82.114.34/32
192.30.255.164/31
4.237.22.32/32
20.217.135.1/32
4.225.11.196/32
20.26.156.211/32

Upcoming breaking image changes

For a full list of this month’s breaking changes to our hosted runner images, please see our announcement page.

See more See more

Upcoming replacement of enterprise code security enablement UI and APIs

October 9, 2024

In the coming months, the current interface for managing code security settings for an enterprise will be deprecated and replaced with new and improved code security configurations that will provide you a more consistent and scalable way to manage security settings across repositories within your enterprise.

The current REST API endpoint to enable or disable a security feature for an enterprise is now deprecated. It will continue to work for an additional year in the current version of the REST API before being removed in September of 2025, but note that it may conflict with settings assigned in code security configurations if the configuration is unenforced, potentially resulting in a security configuration being unintentionally removed from a repository. To change the security settings for repositories at the enterprise level, you can use the current enterprise-level security settings UI or the upcoming code security configurations API.

Send us your feedback!.

See more See more

Deprecation notice – Dependabot will no longer support Composer v1

October 9, 2024

As of November 6, 2024, Dependabot will no longer support Composer version 1, which has reached its end-of-life. If you continue to use Composer version 1, there’s a risk that Dependabot will not create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of Composer. As of October 2024, the newest supported release of Composer is 2.8, and the long-term supported version is 2.2. View Composer’s official documentation for more information about supported releases.

See more See more

Deprecation – Dependabot no longer supports Bundler v1

October 7, 2024

As of October 7, 2024, Dependabot no longer supports Bundler version 1, which has reached its end-of-life. If you continue to use Bundler version 1, Dependabot will be unable to create pull requests to update your dependencies. If this affects you, we recommend updating to a supported release of Bundler. As of October 2024, the newest supported version is 2.5.

View Bundler’s official support policies for more information about supported releases.

See more See more

End of life for Actions Node16

September 25, 2024

Following our change to default customers to use Node20, Node16 will reach end of life in the Actions runner on November 12, 2024.

From November 12 onward, we will no longer include Node16 in the Actions runner and customers will no longer be able to use Node16 Actions or operating systems that do not support Node20.

To prevent disruption to your Actions workflows, if you’re an Actions maintainer, update your actions to run on Node20 instead of Node16. If you’re an Actions user, update your workflows with latest versions of the actions, which run on Node20.

Learn more about Actions configuration settings or using versions for Actions. Join the discussion within GitHub Community.

See more See more

Notice of upcoming deprecations and changes in GitHub Actions services

September 16, 2024

Over the next six months, we will be making the following changes and deprecations to the GitHub Actions service:

Reduction to Webhook rate limit in GitHub Actions
Starting October 1st, 2024 we will be adding a new rate limit of 1,250 requests per 10 seconds per repository for incoming Webhook events for GitHub Actions. After monitoring usage over the past several weeks, we believe that no customers will be impacted by this change, but if you believe you will need to exceed this in the future, please reach out to GitHub support.

Cache v1-v2 deprecation
Starting February 1st, 2025, Actions’ cache storage will move to a new architecture, resulting in the deprecation of v1-v2 of actions/cache. Attempting to use a version of the action after the announced deprecation date will result in a workflow failure. Please note: if you are pinned to a specific version or SHA of the action, your workflows will also fail after February 1st. We strongly encourage you to update your workflows to begin using v3 or v4 of actions/cache as soon as possible.

This deprecation will not impact any existing versions of GitHub Enterprise Server that are currently in use. Cached entries within their retention period will remain accessible from the UI or REST API regardless of the version used to upload. This announcement will also be added to the actions/cache repository.

See more See more

Deprecation notice: Dependabot dropping support for Bundler v1

September 5, 2024

As of October 7, 2024, Dependabot will no longer support Bundler version 1, which has reached its end-of-life. If you continue to use Bundler version 1, there’s a risk that Dependabot will not create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of Bundler. As of September 2024, the newest supported version of Bundler is 2.5. View Bundler’s official support policies for more information about supported releases.

See more See more

Notice of upcoming deprecations and breaking changes in GitHub Actions runners

August 19, 2024

GitHub Actions will be making the following deprecations and breaking changes in our runners and services over the next 6 months.

Exclude hidden files by default in Upload Artifact GitHub Actions
From September 2nd, 2024, we will no longer include hidden files and folders as part of the default upload of the v3 and v4 upload-artifact actions. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, ‘include-hidden-files’, to continue to do so.

Ubuntu 20 & Ubuntu 22 arm64 Images
On September 3rd, 2024, we are deprecating the Ubuntu 22/20 base images for our arm64 hosted runners as these are not widely used and customers are better served using the new Arm owned images. At that time all workflows using the Ubuntu 22 or 20 base image on arm64 will begin to fail. To change the image your runner is using, you can delete the runner and recreate a runner with the same name, to prevent failures. We recommend using the partner images provided by Arm:

Ubuntu 24.04 by Arm Limited
Ubuntu 22.04 by Arm Limited

.NET6 deprecation in the runner
In October, 2024, at the same time as we move to Node20 on the Actions runner, we will be deprecating .NET6 in the Actions runner and moving to .NET8. This is because .NET6 will reach end of life in November 2024. Any customers who are still using operating systems which are reliant on unsupported binaries will need to upgrade prior to this change. The removal of support for .NET6 means the following operating systems will no longer be supported from this time:
– Debian 10
– macOS 11.0
– macOS 10.15

Along with those already marked as unsupported in our changelog for the removal of Node16.

macOS12 runner image
We are beginning the deprecation process for the macOS 12 runner image, which allows us to balance our fleet capacity ahead of our upcoming macOS 15 launch. This image will be fully retired by the December 3rd, 2024. We recommend updating workflows to use `macos-14`, `macos-13`, or `macos-latest`.

Unsupported macOS labels
On December 3rd, 2024, we are deprecating some of our older and less used labels which are used for smaller numbers of workflows. The following runner labels will stop working from that time:

macos-11.0
macos-12-xl
macos-13-xl
macos-13-xl-arm64
macos-latest-xl
Macos-latest-xl-arm64

See more See more

Deprecation of enum field “detached” from the “get repositories associated with a code security configuration” endpoint

July 25, 2024

The enum field indicating a ‘detached’ status will be deprecated from the ‘Get repositories associated with a code security configuration’ endpoint.

The endpoint itself will remain.

We will replace the ‘detached’ status with a ‘removed’ status. We will also add an additional status of ‘removed_by_enterprise’ to indicate situations where enterprise level settings changes have caused an organization-level code security configuration to be removed from a repository.

This change ensures that the code security configurations API is more inline with the status filters in the UI.

See more See more

Deprecation of API endpoint to enable or disable a security feature for an organization

July 22, 2024

Code security configurations were made generally available on July 10th, 2024. This experience replaces our old settings experience and its API.

If you are currently using the REST API endpoint to enable or disable a security feature for an organization, this endpoint is now considered deprecated.

It will continue to work for an additional year in the current version of the REST API before being removed in July of 2025. However, users should note this will conflict with the settings assigned in code security configurations if the configuration is unenforced. This may result in a code security configuration being unintentionally removed from a repository.

The endpoint will be removed entirely in the next version of the REST API.

To change the security settings for repositories, you can use the code security configurations UI, the configurations API, or the unaffected enterprise-level security settings.

Send us your feedback!.

See more See more

Sunset Notice – Tag Protections

May 29, 2024

EDIT: Monday December 2nd, 2024

GitHub Enterprise Server Timeline changing sunset to GHES 3.17 as the final version instead of 3.16.

Starting today, we will begin work towards the sunset of tag protections, with a full deprecation planned for August 30, 2024. See below for a full sunset timeline. You can migrate existing tag protections with the import to ruleset feature.

We launched repository rules last year to meet the needs of tag protection rules, while also scaling support to provide new functionalities like org-wide rules, granular restrictions for creating, reading, and updating events, and a more granular bypass model that does not require repository administrator permissions. As we such, we will sunset tag protections in favor of our ongoing investment in the repository rulesets platform.

You can import existing tag protection rules today with the existing migration feature. If no action is taken before the sunset date, GitHub will migrate all existing tag protections into a corresponding ruleset.

When are changes happening?

GitHub.com Timeline

May 30 : Repositories without tag protection rules will no longer be able to add new protection rules via the GitHub.com UI
July 24 through August 14 : A series of API brownouts will be run, see below for additional details on dates and times.
August 30, 2024: All tag protection rules will be migrated to a new tag ruleset. All REST and GraphQL API endpoints will be deprecated

GitHub.com API Timeline

May 30: API responses will include a deprecation notice
July 24: 1 hour API brownout
August 7: 8 hour API brownout
August 14: 24 hour API brownout
August 30: The tag protection rule API will begin responding with NULL data
The tag protection rules API will be deprecated in the next calendar version

GitHub Enterprise Server Timeline

Version 3.14: Tag protection rules will be marked for deprecation with an in-product banner and API responses will include a deprecation notice
Version 3.15: No changes will be made
Version 3.16: No changes will be made
Version 3.17: Tag protection rules will be migrated to a ruleset and the tag protection rule feature will no longer be available

Join the discussion within GitHub Community.

See more See more

View more changes