The Wayback Machine - https://web.archive.org/web/20240811225241/https://github.blog/changelog/

Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog
→ ~/github-changelog|main git log main
showing all changes successfully

Copilot Metrics API Organization Team Metrics

We’re excited to share that usage metrics for GitHub Organization Teams are now available on the public beta of the GitHub Copilot Metrics API!

What metrics are available for GitHub Organization Teams?

  • Organization Team aggregates are available for teams with five or more Copilot license holders.
  • Teams must belong to the GitHub Organization which provisioned team members’ licenses.
  • The beta of the GitHub Copilot Metrics API is focused on serving metrics for Copilot Chat and code completions that take place in the IDE.
  • Code completion metrics include: Lines of Code Suggested, Lines of Code Accepted, Number of Suggestions, Number of Acceptances, and Active Users, with slices on language and IDE.
  • Copilot Chat metrics include: Number of Chats, Chat Suggestions Accepted, and Active Users. The endpoint does not currently feature slices on language or IDE for Chat metrics.

Documentation and Resources

See the following resources for help getting started:
– API Documentation: Explore the detailed API documentation, including metrics definitions here.
– Learning Pathway: You can find an extended article on measuring the impact of GitHub Copilot here.

Participate in the Public Beta!

Your feedback during this beta phase is invaluable to us. We encourage you to share your experiences, which will be instrumental in refining and enhancing the API as we look forward to the GA release.

Join the discussion within GitHub Community.

See more

Metrics for push protection bypass requests are included in the secret scanning metrics page

The secret scanning metrics page within an organization’s “Security” tab now includes metrics for push protection bypass requests.

If an organization uses delegated bypass controls for push protection, the following data is shown:

  • number of bypass requests, broken down by state
  • mean time to review the requests

The previous data tiles showing the number of blocked secrets and bypassed secrets has been condensed into one tile.

screenshot of new delegated bypass metrics

If an organization has not configured delegated bypass controls, the tiles will display no data.

This data is also available at the Enterprise level within the “Code security” tab on GHEC. It will be included in GHES 3.15.

See more

Enterprise Team Metrics Now Available on the Copilot Metrics API

We’re happy to announce that metrics for GitHub Enterprise Teams are now available on the public beta of the GitHub Copilot Metrics API as of today.

The GitHub Copilot Metrics API is designed to supply you with information about Copilot’s usage within your organizations. The data from the API is intended to be consumed and combined with your organization’s own data to create greater visibility into how Copilot engagement fits into the bigger picture of your software development cycle.

What metrics are available for GitHub Enterprise Teams?

  • This iteration of the GitHub Copilot Metrics API is focused on serving metrics for Copilot Chat and code completions that take place in the IDE.
  • Code completion metrics include: Lines of Code Suggested, Lines of Code Accepted, Number of Suggestions, Number of Acceptances, and Active Users with slices on language, and IDE.
  • Copilot Chat metrics include: Number of Chats, Chat Suggestions Accepted, and Active Users. The endpoint does not currently feature slices on language or IDE for Chat metrics.
  • Enterprise Team-level aggregates are available for teams with five or more Copilot license holders.

Documentation and Resources

See the following resources for help getting started:
– API Documentation: Explore the detailed API documentation, including metrics definitions here.
– Learning Pathway: You can find an extended article on measuring the impact of GitHub Copilot here.

Participate in the Public Beta!

Your feedback during this beta phase is invaluable to us. We encourage you to share your experiences, which will be instrumental in refining and enhancing the API as we look toward the future.

Stay tuned for updates and enhancements throughout the beta period. We’re committed to delivering a robust and feature-rich API that meets your needs and expectations.

Join the discussion within GitHub Community.

See more

The GitHub Enterprise Server 3.14 Release Candidate is available

The GitHub Enterprise Server 3.14 release candidate is here

GitHub Enterprise Server 3.14 gives customers enhanced deployment requirements and security controls. Here are a few highlights in the 3.14 release:

  • SCIM for GHES is a popularly requested enterprise identity management feature, now available in public beta! SCIM stands for “System for Cross-domain Identity Management” and is a leading standard for user lifecycle management in SaaS applications. Enterprise administrators can configure SCIM for their GitHub Enterprise Server instance, which supports automatic provisioning of new user accounts and groups through our SCIM API. We support several paved path applications such as Entra ID and Okta that combine SAML and SCIM support in one place. Additionally you may bring your own SAML identity provider and SCIM implementation to GitHub Enterprise Server to satisfy your unique identity and user lifecycle management needs. To get started, visit our SCIM documentation for GitHub Enterprise Server. While in public beta we recommend testing SCIM support for your identity system in a non-production GHES environment before adding SCIM to your current setup. SCIM support can be added onto existing SAML implementations, but will require using a new application that supports automated provisioning via SCIM in your IdP. Existing private beta customers should also reconfigure their implementation with updated IdP applications.

  • SAML settings are now visible as a read-only configuration in the enterprise settings page. Enterprise administrators are able to view these settings in the same place where SCIM support is configured for your enterprise instance.

  • We’re introducing custom organization roles, allowing you to delegate some of the organization’s administrative duties to trusted teams and users. Organization admins will have both the UI and API to manage these custom roles. See custom organization roles.

  • Code scanning option for repository rules is now available in public beta in GHES. Now, you can create a dedicated code scanning rule to block pull request merges instead of relying on status checks. This makes it easier than ever to prevent new vulnerabilities from being introduced into a code base. See set code scanning merge protection.

  • Dependabot grouped security updates are now generally available. This feature automatically groups Dependabot pull requests and lets you specify several additional options to fine tune groupings. You can enable grouped security updates for Dependabot at the repository or organization-level. If you would like more granular control over Dependabot’s grouping, you can also configure the dependabot.yml file in a repository.

  • With Generation 2 VM support, Operators can scale the GHES appliance vertically. New installs of 3.14 and later wll boot on newer generation hardware by supporting both boot firmwares, BIOS, and UEFI. See Generation 2 VMs.

  • On an instance with multiple replica nodes, to start or stop replication for all nodes in a single configuration run, Operators can use the ghe-repl-start-all and ghe-repl-stop-all commands.

Release Candidates are a way for you to try the latest features early, and they help us gather feedback to ensure the release works in your environment. They should be tested on non-production environments. Read more about the release candidate process.

To learn more about GHES 3.14, check out release notes, or download the 3.14 release candidate now.
If you have any feedback or questions about the release candidate, please contact our Support Team.

See more

What’s New in Mobile, July Update

In July, GitHub Mobile introduced three major improvements

  • App Lock! Securely unlock the GitHub app with just a glance. Enable App Lock in Settings to use FaceID, TouchID or pass code to protect your information in the GitHub app.
  • A smarter Copilot Chat! It knows where you are in the app. Ask Copilot about the file or repository you’re viewing to try it out.
  • Workflow Dispatching! Kick off new Actions on the go from the list of workflow runs for a given workflow.

As well as several other fixes and features to both iOS and Android apps

iOS

  • Edit files in full screen on iPad.
  • Introduced pinned issues! View pinned issues in a repository’s list of issues. Pin and unpin issues by tapping the … menu within an issue, or by long-pressing within a repository’s list of issues.
Pinning an issue Pinned repository issues
  • Fixed viewing file from a pull request on a fork.
  • Improved contrast on issue and pull request triage sheet.
  • Fixed an issue that caused discussions filter not to persist.
  • Fixed the overlapping Copilot button when editing items in Inbox.
  • Fixed the memory leaks across the app.
  • Fixed the crash that sometimes occurs when sanitizing diff lines.
  • The project item sheet now renders emoji codes in labels..
  • Edit a project content field updates the project view.
  • Mono-spaced font now changes its font size according to the settings.
  • Explore tab shows a loading indicator when initially loading content.
  • Project picker only shows projects for which users have write permissions.
  • Workflow run list paginates correctly.
  • Workflow run list shows the name of the workflow.
  • Select workflow runs deselect when navigating back to workflow runs.
  • Navigated to commit screen from release details no longer displays an error.
  • Triage sheets adapted to larger font sizes.
  • Navigate and interact with the “More Actions” button in issues and pull requests using a hardware keyboard.

Android

  • Added scrolling indication in markdown bar of actions when composing comments.
  • Editing metadata fields on an issue or pull request is now more accessible.
  • Fixed broken images in repository descriptions and user bios throughout the app.
  • Fixed list names showing the previous name after editing.
See more

Revised release plan for Copilot subscription-based network routing

On July 31 we announced that network requests for Copilot would be routed based on a user’s Copilot subscription, giving customers the ability to block access to Copilot Individual. This change enables Copilot Business and Copilot Enterprise customers to make sure all Copilot users on their networks are accessing Copilot through their Copilot Business or Copilot Enterprise subscription, and that all Copilot user data is handled according to the terms of their Copilot Business or Copilot Enterprise agreement.

We have rolled back that release in order to allow customers more time to make any necessary adjustments to their firewall settings.

On October 31, 2024 we will enable the feature and ensure that users are accessing Copilot through the specific endpoints for their Copilot subscriptions. This means only Copilot Business users will be able to connect to Copilot Business endpoints and only Copilot Enterprise users will be able to connect to Copilot Enterprise endpoints.

Important next steps to ensure continued access to Copilot

Between now and October 31, all Copilot customers should ensure they are following the firewall settings published in our docs. Specifically, this means customers should ensure access is allowed to the wildcard hostname https://*.githubcopilot.com, along with the other listed hostnames.

In order to ensure continued access to Copilot after October 31, all Copilot customers should:

  • Ensure access is allowed to the subscription-specific hostnames https://*.business.githubcopilot.com (for Copilot Business) or https://*.enterprise.githubcopilot.com (for Copilot Enterprise)
  • Update their IDE clients to at least these minimum versions:
  • For Visual Studio Code, use Copilot Chat version 0.17 or later
  • For JetBrains IDEs, use Copilot version 1.5.6.5692 or later
  • For Visual Studio, use version VS 2022 17.11 or later

Customers with an account rep that want to block access to Copilot Individual on their network before October 31 should follow these instructions instead of the previously published firewall docs:

  • Ask their account rep to opt them into the feature without waiting
  • Block access to https://*.individual.githubcopilot.com
  • Ensure access is allowed to the subscription-specific hostnames https://*.business.githubcopilot.com (for Copilot Business) or https://*.enterprise.githubcopilot.com (for Copilot Enterprise)
  • Update their IDE clients to at least these minimum versions:
  • For Visual Studio Code, use Copilot Chat version 0.17 or later
  • For JetBrains IDEs, use Copilot version 1.5.6.5692 or later
  • For Visual Studio, use version VS 2022 17.11 or later

Read more about subscription-based network routing here.

See more

App lock via Face ID or biometrics

A screenshot about the new feature lock app via Face ID

We’re excited to introduce a new security feature in GitHub Mobile: app lock via biometrics. This adds an extra layer of security, ensuring only you can access your GitHub account on your mobile device. With fingerprint or facial recognition, you can have peace of mind knowing your projects and data are protected, providing a secure experience on the go.

Join the discussion within GitHub Community.

See more

CSV exports for security alerts on the organization-level security overview dashboard

New Export CSV button highlighted on the overview dashboard on the Security tab at the organization level

Enhance your security workflows by exporting security alert data for offline analysis, reporting, and archival purposes with our new CSV export functionality, available at the organization level. CSV exports will respect all filters you’ve applied to the page, allowing you to generate multiple exports focusing on different datasets. You can download all data where you have an appropriate level of access.

Learn more about the security overview dashboard and send us your feedback

See more

Featured Sponsors

Maintainers can now display their top sponsors on their Sponsors profile. Users can opt to manually select up to 10 sponsors, automatically display their top funders or opt out of displaying featured sponsors altogether.

To learn more about featured sponsors, please visit our GitHub Sponsors docs.

See more

Secret scanning alerts for non-provider patterns and passwords are retrievable with the REST API

Secret scanning alerts for non-provider patterns and generic passwords can now be retrieved using the REST API.

With the “List secret scanning alerts” endpoint for an enterprise, organization, or repository, you can use the query parameter secret_type to request alerts for non-provider patterns or passwords. To retrieve alerts for non-provider patterns, use the “Token” value in this table. To retrieve alerts for passwords, use the value password.

The secret_type parameter can be used to return several secret types, separated by commas: e.g. api.github.com/orgs/ORG/secret-scanning/alerts?secret_type=rsa_private_key,password.

Alerts for non-provider patterns and passwords are not returned by default with the “List secret scanning alerts” endpoint; they must be specifically requested.

See more

Improving GitHub Copilot Completions in VS Code for C++ Developers

GitHub Copilot code completions are autocomplete-stye suggestions that appear inline as you code. Until today, they have used context from your active file and other tabs open in the editor to inform the suggestion that is returned. However, we know that more contextually relevant input leads to better suggestions. Our team has made changes to the C/C++ extension and the GitHub Copilot extension in VS Code to ensure that other relevant C++ context — like available types and methods — are also provided to Copilot completions.

When you use the latest version of the C/C++ extension and the GitHub Copilot extension together in VS Code, directly-referenced header files will be automatically considered when gathering additional context for Copilot completions, even if they’re not open in the editor. This helps to reduce hallucinations and provide more relevant suggestions.

To get started, make sure you’re using the GitHub Copilot extension version 1.205 or later and have an active GitHub Copilot subscription. You’ll also need the C/C++ extension version 1.21 or later with IntelliSense configured correctly. Our team is committed to C++ Copilot support in both Visual Studio and VS Code, and similar support is coming to Visual Studio in Visual Studio 2022 version 17.12.

See more details in the C++ team blog here.

See more

Enterprise Managed User accounts now require email verification

Enterprise managed users (EMUs) must now prove ownership of their email addresses. Existing EMU account email addresses do not have to take this step unless the email address matches one on another GitHub.com account.

Enterprises with EMU accounts that have conflicts have received notification from GitHub regarding specific accounts that have an email address which also exists on another github.com account. Certain 3rd party applications may not work correctly until they have reverified their email address.

New EMU accounts will have their enterprise’s shortcode appended to their email address’s prefix until it is verified, or their administrator changes the email address to another value.

To verify an email address, follow the steps outlined in our documentation. EMU account email addresses are defined by your identity provider, and cannot be changed directly within GitHub. You will need to work with your IdP administrator to change your email address if necessary.

Some users may find that 3rd party GitHub Apps and OAuth apps may not handle the placeholder email correctly, resulting in missing data in these apps. In rare cases, Enterprise Owners may also find that their email provider does not support the “plus addressing” scheme in use. Developers can review our best practices for OAuth and GitHub App implementation, including the use of the id field when storing user reference data so that email address changes are not disruptive to a user’s apps experience.

See more

Introducing metered billing for GitHub Enterprise and GitHub Advanced Security

Today, we are expanding our “pay-as-you-go” model to include GitHub Enterprise (GHE) and GitHub Advanced Security (GHAS) — unifying the GitHub product portfolio as metered services. This provides our customers a frictionless procurement & billing experience, adds flexibility with self-provisioning & pay-as-you-go pricing, and expands pathways to purchase GitHub products through Microsoft.

Enterprise accounts on GitHub.com, created on or after August 1, 2024, will support a consumption-based metered billing model for both GHE and GHAS — enabling you to pay for the licenses you consume in a given month at month’s end as opposed to pre-purchasing for the month ahead.

Further, as part of this release, pay-as-you-go enterprises will enjoy:

  • Access to our new, enhanced billing platform
  • Expanded self-provisioning experiences for GHE and GHAS – including the option to set up an Enterprise Managed Users (EMUs) configuration
  • The ability to add your Azure subscription as a new payment method across your entire account
  • Eligibility for Microsoft Azure Consumption Commitments (MACC) and Azure Commitment Discounts (ACD) when connected to an Azure subscription

For existing customers with GitHub Enterprise (GHE) already, your plan and existing billing method will remain as is. If you have an account team, please connect with them to discuss whether this new billing method is an option for you. For customers without an account team, an in-product prompt will be shown once your account is eligible for this option. If you are upgrading from a Free or Team plan through a GitHub Enterprise trial, your new enterprise will immediately support consumption-based metered billing for GHE and GHAS.

Learn more about this change by reading our article on our new metered billing offerings.

See more

Japanese Consumption Tax (JCT) on your GitHub Account

Starting on 1 October 2024, we will begin collecting Japanese Consumption Tax (JCT) from self-serve customers in Japan who pay with a credit card or a PayPal account to comply with Japan Tax Regulations. If you are a self-serve paying customer in Japan, there will be updates to your invoice that show GitHub Inc.’s Registration Number (T4700150079306), and the 10% consumption tax amount in USD and JPY.

See more

Delete discussions when blocking their author from your organization

When an organization administrator blocks an author of a discussion from a discussion page, they can now delete that discussion or all discussions that the user has authored in the organization.

Learn more in the documentation, and join the discussion in the community discussion to share your feedback.

See more

Copilot network requests are now routed based on subscription

Note: This feature has been rolled back. For the latest information about this capability, view this new post

Starting today, network requests for Copilot are routed based on a user’s Copilot subscription. Requests for Copilot Individual, Copilot Business, and Copilot Enterprise users now route through different endpoints.

This change enables Copilot Business and Copilot Enterprise customers to make sure all Copilot users on their networks are accessing Copilot through their Copilot Business or Copilot Enterprise subscription, and that all Copilot user data is handled according to the terms of their Copilot Business or Copilot Enterprise agreement. In essence, customers will be able to use their network firewall to explicitly allow access to Copilot Business or Copilot Enterprise, and/or block access to Copilot Individual.

In 90 days, on October 31, 2024 we will enable enforcement of the user’s subscription on the new endpoints, ensuring only Copilot Business users can connect to Copilot Business endpoints and only Copilot Enterprise users can connect to Copilot Enterprise endpoints.

Read more about subscription-based network routing here.

See more

GitHub Copilot Chat and pull request summaries are now powered by GPT-4o

Copilot Chat and pull request summary generation now use GPT-4o, bringing the performance of OpenAI’s latest flagship model to all developers.

Copilot Chat is available in Visual Studio, VS Code, JetBrains IDEs, GitHub Mobile apps, and GitHub.com.

To use the new GPT-4o model in your IDE, ensure you are using at least the minimum version of Copilot Chat specified here:

What this means for Copilot users

With this upgrade to GPT-4o, Copilot users will experience the following benefits:

  1. Faster response times – up to 55% faster TTFT (time to first byte)
  2. More accurate and reliable Copilot Chat responses – our testing showed a 60% increase in user satisfaction.

Commitment to quality

The upgrade process focused on our unwavering commitment to quality, safety, and security. Here’s what that entailed:

  1. Offline and online evaluation: We performed rigorous offline and online testing to ensure the model brings tangible benefits to users. This involved thorough benchmarking and running simulations of real-world software development scenarios to validate the improved performance and accuracy of GPT-4o.
  2. Red teaming: To preemptively address any potential safety issues, we conducted extensive red teaming exercises. These tests challenged the model to ensure it meets our high standards for safety and reliability in diverse coding environments.

We can’t wait to see what you create with the new GPT-4o-powered Copilot!

Let us know your feedback and join the discussion within the GitHub Community.

Happy coding!

See more

Repository updates July 31st 2024

We’re excited to bring an updated repository list view experience and the ruleset merge queue rule to general availability, as well as an update to the status check and workflow rules.

Finding repositories in your organization is now easier

With the introduction of custom properties earlier this year we wanted to make it easier to find repositories across your organization. With the new organization repository view and advanced filtering you find repositories based on common parameters like visibility and language, but also custom properties, size, license and a host of additional values.

Screenshot of repository list view filtered by visibility, archived status and a custom property showing a list of 64 repositories.

Repository Rules updates

Repository ruleset merge queue rule is now generally available

In addition to being able to manage your merge queue via rules, you can now see all the pull requests that merged in the same group along with the checks needed for the queue with rule insights.

Screenshot of repository rule merge queue options with default configurations.

Learn more about merge queues in our documentation and repository rules REST API

Avoid required status checks and required workflows when creating branches

Applying status check and actions workflow rules to newly created branches has been a point of friction in rulesets. When creating a new branch will fail unless you add bypass actors or create an intermediate unprotected branch. To alleviate this friction there is a new option available prevent checks and workflows from running on new branches.

Screenshot of require status check rule with the new "Do not require status checks on creation" option enabled

Learn more about status check rules and required workflows rules in our documentation.

Join the discussion within GitHub Community.

See more

Temporary PayPal authorization holds on metered products

PayPal users may start seeing a temporary authorization hold after accruing usage of metered products. This will appear as a pending charge in your account’s payment method and will be immediately reversed as soon as PayPal authorizes the amount. You will not be charged for the hold.
For more information, visit documentation for our metered products.

See more

Run workflows set as workflow_dispatch manually

Workflow dispatch screenshot on GitHub Mobile

Developers can now manually run workflows set with workflow_dispatch directly from the Workflow view (Repository -> Actions -> Workflows) on GitHub Mobile. This addition provides developers with greater flexibility and control over their workflows, enabling them to trigger workflows manually while on the go using GitHub Mobile. Whether they are away from their desks, traveling, or simply need to run a workflow quickly, this feature ensures developers can manage their projects efficiently from anywhere.

Join the discussion within GitHub Community.

See more
View more changes