Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Repositories – Enterprise rules and custom properties updates

Custom properties

Screenshot depicting new filter options available

There are new search and filtering options for custom properties now generally available to ensure you can easily find the right property.

  • Managed by allows you to limit your result by the organization or enterprise who manages the property.
  • Property type allows you to limit your result by the available type of properties.
  • Text allows you to limit your result by the context of the property name or values.

Enterprise custom properties

Screenshot of custom property promotion screen

Enterprise custom properties as part of the current preview can now be promoted from an organization to an enterprise property. This ensures properties configured in one organization are available across all organizations in an enterprise.

Enterprise code rulesets

Screenshot of configuring enterprise workflow rule

Required workflows are now available as a new rule in the enterprise code rules preview. This will allow you to target workflows across specific organizations and repositories with a single workflow file managed at the enterprise.

[!NOTE]
GitHub Enterprise Cloud with data residency support for the enterprise workflow rule will be coming soon.

Join the discussion within GitHub Community.

See more

Recent improvements to Artifact Attestations

We released a collection of improvements to Artifact Attestations to make the verification of attestations easier and more consistent.

Artifact Attestations let you create provenance signatures, which provide an unforgeable paper trail that links your artifact back to its originating workflow run. By verifying the signature, you can gate deployments to ensure that what you deploy is exactly what you built, guaranteeing that the artifact has not been tampered with.

Today we are announcing multiple improvements based on the user feedback we have received:

  • Attestation verification defaults to build provenance: Build provenance is just one type of information that can be attested to an artifact. It provides a verifiable trail that links the artifact back to its originating workflow run, ensuring its authenticity and integrity. However, other types of information can also be attested to an artifact, for example a Software Bill of Materials (SBOM). Attestations can be verified by running gh attestation verify using the GitHub CLI. Previously, verification succeeded as soon as there was any attestation associated with the artifact. However, we observed that provenance is verified in the vast majority of cases. Therefore, we altered the CLI to default to provenance when no predicate type is specified. This change ensures that verification does not pass merely because, for example, an SBOM was attested to the artifact. To verify an SBOM, the predicate type must be explicitly supplied as a parameter using gh attestation verify with the --predicate-type parameter.
  • CLI outputs evaluated policies during verification: When verifying an attestation, the CLI now outputs all the policies it evaluated to determine whether the verification succeeds or fails. This increases transparency, making it easier to understand the reasons behind the verification outcome.
  • Attest actions support multiple subjects: Following the release to support attesting multiple subjects, we have enhanced our attest, attest-build-provenance and attest-sbom actions to also accept a checksum file that contains a list of artifacts and their corresponding digests as input.
  • Attestation verification is now monotonic: This means that once verification passes for an artifact, the addition of another attestation cannot change that status. Verification now succeeds if at least one attestation passes verification. This ensures that downstream processes, such as gated deployments, are not affected for any legitimate build that has a valid provenance attestation, even if someone adds another attestation that is bad or malformed.

For more information about Artifact Attestations, see Using artifact attestations to establish provenance for builds in the GitHub documentation. If you have any feedback on Artifact Attestations, join the discussion in the GitHub Community.

See more

New GPT-4o Copilot code completion model available now in public preview for Copilot in VS Code

Header introducing GPT-4o Copilot model

A new code completion model, GPT-4o Copilot, can now be enabled by VS Code users.

This new model based on GPT-4o mini has additional training on over 275,000 high-quality public repositories in over 30 popular programming languages. As a result, you can expect this model to provide more accurate suggestions and to have better performance.

Getting started with GPT-4o Copilot in VS Code

To get started, open the Copilot menu in the VS Code title bar, select Configure Code Completions... > Change Completions Model.... Alternatively, open the Command Palette and select GitHub Copilot: Change Completions Model....

GPT-4o Copilot access notes

If you are a Copilot Business or Enterprise user, you will first need your administrator to enable this model for your organization by opting in to Editor preview features in the Copilot policy settings on github.com.

If you are a Copilot Free user, using this model will count toward your 2,000 free monthly completions.

The model will also be available soon to Copilot users in all JetBrains IDEs.

Please share your feedback as you try out the new model. It will help us improve the experience for all Copilot users.

See more

GitHub Issues & Projects – February 18th update

Today’s changelog brings you a snappier issue creation flow in projects, the ability to convert checklist items to sub-issues, required fields on private repositories, and important updates on tasklist blocks and single issue templates.

✍️ Improved issue creation flow in projects

Creating a new issue from a project is now easier than ever. Previously, when you started typing in an issue title in a project, the default was to create a draft issue. However, we’ve heard from user feedback that the primary
desired use case is to create an issue instead of a draft. Now, with this update, you can directly create a new issue by pressing Enter or create a draft with Cmd / Ctrl + Enter.

🔒 Required fields on issue forms for private repositories

You can now specify required fields on issue forms in private repositories, which ensures that contributors provide essential information before submitting an issue.

➡️ Convert checklist items to sub-issues

You can now convert checklist items in issues directly to sub-issues, making it easier to turn draft or to-do tasks into actionable work items.

🌇 Tasklist blocks will be retired and replaced with sub-issues

The private preview feature, tasklist blocks, will be retired on April 30, 2025. Your feedback from the private preview has been invaluable, helping us shape the release of sub-issues, the replacement for tasklist blocks.

Sub-issues provide a dedicated section within each issue, making it easier to track related work without relying on Markdown. You can manage up to eight levels of hierarchy within a single issue and monitor progress directly in your projects.

Migrate to sub-issues

We recommend migrating your tasklists to sub-issues before the retirement date.

To migrate, first simply remove the tasklist Markdown syntax to display the list as an issue checklist.

- ```[tasklist]
- - [ ] task 1
- - [ ] https://github.com/github/github/issues/123
- ```
+ - [ ] task 1
+ - [ ] https://github.com/github/github/issues/123

Then, use the Convert to sub-issue feature to convert desired issues or checklist items into sub-issues.

After April 30, 2025, remaining tasklist blocks will no longer be rendered and will instead be converted to raw Markdown. The Tracked and Tracked by fields on projects will no longer be available.

🌅 Single issue templates (ISSUE_TEMPLATE.md) will be retired

The legacy ISSUE_TEMPLATE.md feature will be retired on March 30, 2025. As a replacement, we encourage creating an ISSUE_TEMPLATE/ subdirectory in any of the supported folders to store multiple issue templates. You can then use the template query parameter to specify which template should populate the issue body. For more details, see the documentation.

After March 30, 2025, repositories still using ISSUE_TEMPLATE.md will default to a blank issue form, allowing users to start fresh when creating issues.

Additional improvements

On top of the many bug fixes we’ve shipped, we’ve also introduced the following improvements:

  • You can now create new milestones directly from the milestone picker in any issue.
  • The issue template selection will now be bypassed if only one template is available and the blank issue template is disabled.
  • You can now create and edit iteration fields via the ProjectV2 GraphQL API.
  • We’ve introduced a move dialog in Projects, allowing you to rearrange items and views with precision. You can move views from a tab’s view options menu, while items can be moved through the row actions menu. This allows users who rely on screen readers, keyboards, and other assistive technology to use projects more accessibly.

Tell us what you think!

Join the discussion within the GitHub Community.

See how to use GitHub for project planning with GitHub Issues, check out what’s on the roadmap, and learn more in the documentation.

See more

Code completion in GitHub Copilot for Xcode is now generally available

Code completion in GitHub Copilot for Xcode is now generally available

GitHub Copilot for Xcode code completion [GA]

Code completion in GitHub Copilot for Xcode is now generally available. Developers using Xcode can now experience AI-powered, real-time code suggestions that enhance productivity and streamline the development process.

AI-Powered code suggestions for faster development

GitHub Copilot code completion integrates seamlessly into Xcode, offering context-aware suggestions as you type. Whether you’re writing function implementations, refactoring code, or handling repetitive tasks, Copilot intelligently predicts and completes your code, allowing you to focus on higher-level development.

Code Completion of GitHub Copilot for Xcode

Key benefits of GitHub Copilot in Xcode code completion

  • Real-time, context-aware code completion: Copilot provides intelligent, in-line code suggestions as you type, helping you write high-quality code faster. By understanding the context of your project, it predicts and generates relevant code snippets to accelerate your workflow.
  • Seamless integration with Xcode: Designed to work naturally within Xcode, Copilot enhances the existing coding experience without disrupting your development environment. There’s no need for additional setup—simply enable Copilot and start coding smarter.
  • Reduce repetitive coding tasks: Instead of manually writing boilerplate code, let Copilot generate common patterns, function definitions, and repetitive logic. This allows you to focus more on complex problem-solving and building innovative features.
  • Intelligent auto-completion for improved accuracy: Copilot not only speeds up coding. It also improves accuracy by reducing syntax errors and helping ensure best practices. The AI-powered suggestions help maintain clean and efficient code, minimizing debugging time.

Get started with GitHub Copilot in Xcode

To get started with GitHub Copilot in Xcode:

  1. Ensure you have a GitHub Copilot license.

  2. Enable Copilot in Xcode via your GitHub account.

  3. Start coding with AI-powered assistance today!

Experience the future of AI-assisted development

With GitHub Copilot, you can write code more efficiently, reduce errors, and enhance your overall development workflow. Try it out today and take your Xcode development to the next level!

For more details, visit our GitHub Copilot documentation and start leveraging AI-driven coding assistance in Xcode.

Feedback

To provide feedback or report issues, please open an issue on GitHub at https://github.com/github/CopilotForXcode/issues. Check existing issues and add a comment or ask questions if you find an issue similar to what you’re experiencing.

Join the community

Connect with other developers, share tips, and discuss other updates to Copilot in our dedicated Copilot community discussions.

See more

Personal custom instructions, Bing web search, and more in Copilot on github.com

Personal custom instructions are now available in public preview for Copilot on github.com 🎉

Copilot Chat on github.com now supports personal instructions! This means you can provide Copilot with important details about your preferences, such as your preferred language, response style, or even code standards.

To get started, open up Copilot Chat, click ..., and select Personal instructions. That’s it! Copilot will now incorporate your preferences for all chats in github.com.

💡 Looking for ideas? Here are some examples to kick things off:

  • Language preferences: “Always respond in Portuguese.”
  • Response preferences: “Be concise and to-the-point. Always cite your sources.”
  • Personal preferences: “You are a seasoned React developer with ten years of experience.”
  • Code preferences: “Always provide examples in TypeScript.”

Looking for more? Visit prompts.chat for more inspiration.

Search the web 🔍 in Copilot chat using Bing

Copilot Chat can now search Bing to answer questions and find information beyond its general knowledge or your codebase. This feature makes it easy to chat about recent events, trends, and new developments. It’s now generally available in VS Code, Visual Studio, and github.com.

Since our public preview, we’ve enhanced our web search capabilities to deliver more relevant and accurate responses to your questions.

Give it a try today:

  • “What’s the latest version of React?”
  • “What are the most recent updates in Python’s machine learning libraries?”

Quality improvements to Copilot Chat

In the last month, we have delivered a collection of quick wins and subtle enhancements ✨, making the product smoother and more delightful for everyone.

What’s new:

  • Better search in Copilot Chat for more relevant and complete answers, including expanded lexical search results and larger semantic search responses for better context
  • Improved memory in Copilot, now keeping more of your chat history for better context and flow
  • Improved Copilot Chat’s awareness of the README.md when asking about a repository
  • Enhanced Copilot’s awareness of time, showing times relative to you instead of UTC

We also recently added the ability to view and generate new code files to Copilot chat at github.com/copilot – check it out!

See more

Copilot Workspace: Follow ups and file search improvements

Copilot Workspace Changelog Header

This week’s Copilot Workspace updates center around improving multi-file code generation and search capabilities. Alongside continued improvements to performance and reliability, we are releasing two features: follow ups and a simplified file search experience.

Let’s dive in!

Follow ups

When you’re working within a large repository that has complex file dependencies, even simple changes can have significant impacts across the codebase. Invoking Copilot Workspace’s new follow up capability triggers a thorough check across the codebase, automatically editing the necessary files if any follow ups are detected.

Whether you have changed a function name, modified function parameters, or modified a shared class definition, Copilot’s follow ups can swiftly handle dependent fixes across your repository, saving you time and increasing confidence in your changes before you raise a PR!

File search experience improvements

We’ve updated the file search experience to help you maintain context in your file tree while searching for other files to open. Rather than filtering the file tree on search, we now return results in a separate menu that searches the entire repository rather than what is currently visible in the tree. You can open files in new tabs directly from this search.

Providing feedback

Please give your feedback in our GitHub Discussion. We’d love to hear your thoughts!

See more

Secret scanning detects Base64-encoded GitHub tokens

GitHub continually updates its detectors for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.

GitHub now automatically detects Base64-encoded secrets for the following token types:

  • GitHub personal access tokens
  • GitHub OAuth access tokens
  • GitHub user to server tokens
  • GitHub server to server tokens.

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. See the full list of supported secrets in the documentation.

Learn more about secret scanning or join the discussion on our dedicated GitHub community.

See more

Feed activity is now sorted chronologically

In your homepage activity Feed, you can see activity from other users, content GitHub recommends for you in “Suggested for you” modules, and trending developers/repositories.

The sorting algorithm we’ve had in place in the Feed could lead to these items being placed out of chronological sequence. We’ve heard your feedback, though, that the out-of-sequence ordering of activity can make it difficult to be effective with daily tasks in GitHub.

So now, we’re sorting all activity in the Feed chronologically. The newest activity appears first and older activity appears as you scroll down your Feed.

As part of this change, we also merged the design and UI to be more consistent across individual feeds and organization feeds, by slightly modifying the card layout in organization feeds. These minor template differences should not impact the content that appears for you.

Learn more and give us your feedback

For more information and discussion on these changes, join us in this discussion.

See more

Verify email address to secure Enterprise Managed User accounts

As previously announced, Enterprise Managed Users (EMUs) must now prove ownership of their email addresses to secure their accounts and prevent any accidental data leaks by third party GitHub Apps and OAuth applications. In January 2025, we also updated the /user/emails REST endpoint to return a placeholder email address with the enterprise’s shortcode appended (e.g. email+shortcode@domain.com) until the EMU user has verified their email address.

While unverified emails may not affect most of your actions on GitHub, some GitHub Apps and OAuth apps may not handle this placeholder email properly. This may prevent you from accessing those apps or result in incomplete data being displayed. These apps may also prompt you to verify your email on GitHub before proceeding.

For example, GitHub Desktop might incorrectly prompt users to update their email in their Git config to their placeholder email. However, updating your Git config email could lead to commit misattribution as opposed to fixing it. While this experience is updated in GitHub Desktop v3.4.17-beta3, we recommend users verify their email address in response to such prompts.

Learn more about how to verify your email address.
App developers should also review our best practices for OAuth and GitHub App implementation to avoid disrupting the user experience in your apps.

See more

GitHub Copilot Chat for Xcode now in public preview

GitHub Copilot Chat for Xcode is now in public preview! You can enable GitHub Copilot in Xcode with any GitHub account and experience both code completions and in-editor chat assistance today.

What’s new

  • Chat view: Ask Copilot for help with coding tasks directly in the chat view.
  • Slash commands: Use quick commands, like /explain for code explanations.
  • Reference code: Scope chats to specific files for more relevant assistance.
  • Multiple conversations: Maintain different threads, each with their own context.
  • Chat history management: Keep track of past conversations for future reference.
  • Free access: Get 2,000 code completions and 50 chat messages per month for free, simply by signing in with your GitHub account or by creating a new one.

Try it out

Share your feedback

Your feedback drives improvements. Let us know what you think using the in-product feedback option, or share your thoughts with the GitHub Community.
Join us on this journey as we continue to enhance GitHub Copilot for Xcode and deliver a smoother developer workflow!

See more

GitHub Copilot code completions now in public preview for Eclipse

We’re excited to announce that code completions with GitHub Copilot in Eclipse are now in public preview! You can enable GitHub Copilot in Eclipse with any GitHub account and start experiencing AI-powered code completion today.

What’s new

  • Code completions: Copilot is now seamlessly integrated into Eclipse, offering real-time, context-aware code suggestions as you type.
  • Multi-language support: GitHub Copilot for Eclipse supports a wide range of programming languages, including Java, Python, C++, and more. This enables developers across different tech stacks to leverage Copilot’s AI-powered assistance.
  • Content filtering: Copilot incorporates advanced filtering mechanisms to screen out harmful or inappropriate content, helping ensure professional and responsible code recommendations.
  • Free Tier: You will have 2,000 code completions and 50 chat messages per month, simply by signing in with your personal GitHub account or by creating a new one.

Try it out

Share your feedback

Your feedback drives our improvement! Let us know what you think using the in-product feedback option or share your thoughts with the GitHub Community.
Join us on this journey as we continue to enhance GitHub Copilot for Eclipse and deliver a smoother developer workflow!

See more

Dependabot version updates now support the bun package manager – [GA]

Developers can now use Dependabot to keep their bun dependencies up to date automatically. For projects that use bun as a package manager, Dependabot Version Updates can now ensure dependencies stay current with the latest releases.

Support for bun security updates will be added in the future.

See more

GitHub Copilot in Visual Studio 2022 Version 17.13

GitHub Copilot in Visual Studio 17.13: New features to supercharge your development workflow

Welcome to another exciting GitHub Copilot update for Visual Studio! This release introduces several powerful new features to enhance your workflow, improve transparency, and make coding with Copilot even more intuitive.

GitHub Copilot Free now available in Visual Studio

GitHub Copilot is now more accessible than ever with our new free plan for Visual Studio. With your GitHub account, you’ll get:

  • 2,000 code completions per month – Speed up development with AI-powered suggestions.
  • 50 chat messages per month – Get instant coding help, explanations, and debugging support.
  • Access to the latest AI models (Claude 3.5 Sonnet & GPT-4o) – Write, refactor, and improve your code with cutting-edge AI.

For developers who are just getting started with AI coding tools or those who only need occasional assistance, the free plan provides an easy way to experience the benefits of GitHub Copilot.

Ready to give it a try? Sign up for GitHub Copilot Free and start coding smarter today!

Start using GitHub Copilot for free in Visual Studio

Copilot Edits: Multi-file editing

Refactor and edit multiple files faster with Copilot Edits:

  • Preview with clarity – See which files are affected before making changes.
  • Review with flow – Accept (TAB) or reject (Alt+Del) changes inline with code diffs.
  • Iterate with confidence – Use checkpoints to revisit past iterations.

Copilot Edits helps you make large-scale changes more efficiently, helping to ensure accuracy and control over your codebase. Whether you’re refactoring, applying consistent patterns, or fixing issues across multiple files, GitHub Copilot Edits speeds up the process while keeping you in control.

To try it today, click the Edits thread button (a “+” symbol with a pencil icon) in the top-right corner of the GitHub Copilot Chat window to start a Copilot Edits session.

GitHub Copilot Edits

GitHub Copilot just got smarter: Automatically retrieve relevant context

GitHub Copilot can now pull in the information you need without requiring manual input, making it easier than ever to get accurate, context-aware suggestions. Copilot can search for information from:

  • Your current file, open files, and related files – Get relevant suggestions based on what you’re actively working on.
  • Your entire codebase – Surface insights from across your project without switching context.
  • Debugger data (locals, call stacks, etc.) – Use real-time debugging information to troubleshoot faster.
  • Visual Studio itself – Get answers about IDE settings, commands, and workflows.

Instead of manually copying code, searching through files, or retyping information, Copilot can now pull in the right context automatically—helping you write, debug, and refine code faster.

Need more control? Use #file, #method, or #solution in your prompts to specify exactly where Copilot should look.

Function calling

Code referencing for completions: More transparency, more control

Ever wondered where Copilot’s completions (gray text) come from? Now, with Code Referencing for Completions, you’ll get more visibility when Copilot suggests code that matches public GitHub repositories.

  • Toast notification – If you accept a completion that matches public code, you’ll see a toast notification in the bottom-right of your editor.
  • Copilot Output Window – View license details and links to the original repository in the Copilot Output Window (Ctrl+Alt+O).
  • Adjustable settings – Individual subscribers can block or allow suggestions that match public code in their GitHub settings.

By default, matches to public code are rare (less than 1% of completions), but this tool helps you code with more confidence and transparency.

Code referencing completions

Bug fixes & improvements

  • Added support for zooming in and out within Copilot windows for improved accessibility and readability.
  • Users can now easily retry their prompts for better responses.
  • Users can now pick which model GitHub Copilot is using for inline chat with the model picker, allowing for quick and easy model selection.

How to update

Make sure you’re using Visual Studio 2022 17.13 or later to access these features.

Download the latest version of Visual Studio 2022

We’d love to hear your feedback! Share your thoughts through the Developer Community or the Send Feedback button in Visual Studio.

Happy coding! 🚀

See more

Improved pull request merge experience enabled by default in public preview

The improved merge experience on the pull request page announced in December will be enabled by default over the next few days! The feature remains in public preview while we address feedback (keep it coming!) and make final improvements before making it generally available later this quarter.

Screenshot of the updated merge box page on the pull request page showing that 1 review is required, a list of status checks (some failing), and a message about not having any merge conflicts.

This improved experience, while still familiar, is designed to help you better understand the state of your pull request and get it merged faster. To learn more, see the public preview announcement.

Recent fixes

There have been numerous bugs fixed and feature gaps filled since the public preview launched last year. Here are some notable fixes:

  • Fixed: Enabling auto-merge, deleting branch (after merging), or restoring branch previously failed with an unexpected error message.
  • Fixed: In certain scenarios, the commit author email address shown when merging the pull request would not match the email address in the resulting merge (or squash) commit.
  • Fixed: GitHub Actions workflow runs could only be approved from the classic merge experience.
  • Fixed: Status check durations were missing.

We’ve also made various improvements, including natural ordering for status checks. For a more complete list, see the recently fixed section of this discussion.

How to turn it off

To switch back to the classic experience, click the Switch back to the classic merge experience just below the merge experience on the Conversation page:

A screenshot showing how to switch back to the classic merge experience

If you want to return to the improved experience, click Try the new merge experience below the merge box on the pull request page:

A screenshot showing how to re-enable the improved merge experience

You can also toggle the experience via the feature preview dialog.

How to provide feedback

We want to hear from you! To provide feedback, ask questions, and see a list of known issues, visit the GitHub Community improved merge box discussion.

See more

GitHub Models prompt editor now integrates with user repository code [GA]

You can now iterate on your prompt in any user repositories without breaking your flow. With just one click, jump from a prompt in your GitHub-hosted code to the GitHub Models prompt editor:

Screenshot of the GitHub UI with "Open as prompt in GitHub Models" menu item selected.

This feature detects files with “prompt” in the content and uses 10 lines above and below the selected line as context. Once in the prompt editor, you can experiment with models, fine-tune your prompts, and customize parameters.

GitHub Models is a catalog and prompt editor of AI models to help you build AI features and products. You can start using models for free with just your GitHub PAT. This is the first of more features to come that will help with seamless integration between your existing workflow and the GitHub Models prompt editor!

Learn more about GitHub Models or join the discussion in our community forums.

See more

Notice of upcoming deprecations and breaking changes for GitHub Actions

Changes to check run status modification

To ensure the trustworthiness and security of Actions Check Run results, developers will soon lose the ability to modify the conclusion and status of an Actions-created check run using the GitHub token from a workflow run. This change will take effect on March 31, 2025. Impacted workflows will start displaying annotations during the week of February 17, 2025.

Updates to the network allow list for self-hosted runners and Azure private networking

In preparation for the public preview of consuming Immutable Actions in February 2025, GitHub has started migrating standard hosted runner customers to immutable actions. There is no action required on your end. This means GitHub Actions will use as an immutable action where available and will default to traditional actions resolution where none exist.

For customers using self-hosted runners, please ensure your self-hosted runner allow lists are updated to accommodate the network traffic. Specifically, you should allow traffic to pkg.actions.githubusercontent.com to ensure immutable actions can be downloaded successfully and jobs don’t fail during setup. If you already allow *.actions.githubusercontent.com (which is listed as a required domain) then no action is necessary. You will also need to enable traffic to ghcr.io for publishing new versions of an immutable action in the future, which will be available with the GA release.

Customers who have not updated their allow lists will automatically be opted out from using immutable actions during the migration. Once GitHub confirms that the runners have been updated, you will automatically be opted back in once the allow lists are updated. If you need to manually opt out or in for using immutable actions, please contact support.

This update also affects runners in all versions of GitHub Enterprise Server that use the GitHub Connect feature to download actions directly from github.com. Customers are advised to update their self-hosted runner network allow lists accordingly. For further guidance on communication between self-hosted runners and GitHub, please refer to our documentation.

Additionally, we’ve updated our guidance for configuring Azure private networking to account for the new domains. The following IP addresses have been added to the NSG template in our documentation.

– 140.82.121.33/32
– 140.82.121.34/32
– 140.82.113.33/32
– 140.82.113.34/32
– 140.82.112.33/32
– 140.82.112.34/32
– 140.82.114.33/32
– 140.82.114.34/32
– 192.30.255.164/31
– 4.237.22.32/32
– 20.217.135.1/32
– 4.225.11.196/32
– 20.26.156.211/32

Ubuntu 20 image brownouts

To raise awareness of the upcoming removal of Ubuntu 20, we will temporarily fail jobs using the ubuntu-20.04 label starting in March 2025. The brownouts will occur on the following dates and times:

  • March 4 14:00 UTC – 22:00 UTC
  • March 11 13:00 UTC – 21:00 UTC
  • March 18 13:00 UTC – 21:00 UTC
  • March 25 13:00 UTC – 21:00 UTC

actions/cache v1-v2 and actions/toolkit cache package brownouts

To raise awareness of the upcoming removal, we have scheduled brownouts for the following dates/times, Actions jobs referencing a deprecated verion of the Cache action will fail.

  • February 18, 2pm – 10pm UTC
See more

CodeQL performance and coverage improvements in recent releases

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. The CodeQL engine has become faster, covers 28 more security queries, supports more ecosystems, and can now scan GitHub Actions (public preview)—among various other bug fixes and small improvements.

All of these improvements were automatically rolled out to code scanning users in the past few months. For users of the CodeQL CLI, here are some highlights of the past few CodeQL releases:

  • CodeQL 2.20.46 February 2025
    • Analysis support for GitHub Actions workflow files is now in public preview, and therefore the use of the actions language (for analysis of GitHub Actions workflows) no longer requires the CODEQL_ENABLE_EXPERIMENTAL_FEATURES environment variable to be set.
    • All experimental queries for C#, Java, and Kotlin have been migrated to the default query suite in the CodeQL community packs that are managed by GitHub Security Lab.
  • CodeQL 2.20.324 January 2025
    • Resolves a security vulnerability where CodeQL databases or logs produced by the CodeQL CLI may contain the environment variables from the time of database creation. This includes any secrets stored in an environment variables. For more information, see the CodeQL CLI security advisory.
  • CodeQL 2.20.222 January 2025
    • All data flow queries have been standardized on a single data flow library, which may result in differences for JavaScript and TypeScript analysis.
    • CodeQL databases now take 2-3x less space on disk, which makes them faster to transfer and read/manipulate. This is thanks to a new compressed database format.
  • CodeQL 2.20.19 January 2025
    • CodeQL is now easier to set up and roll out: automatic build command detection with automatic dependency installation for C/C++ is now supported on Ubuntu 24.04.
    • A new Server Side Template Injection query for Python has been released, thanks to a community contribution.
    • Swift 6.0.2 is now supported.
  • CodeQL 2.19.42 December 2024
  • CodeQL 2.19.37 November 2024
    • Analysis for .NET 8 and JDK 17 has been improved.
    • The CodeQL Bundle is now available as an artifact that is compressed using Zstandard. This artifact is smaller and faster to decompress than the original, gzip-compressed bundle. The CodeQL bundle is a tar archive containing tools, scripts, and various CodeQL-specific files.
  • CodeQL 2.19.221 October 2024
    • Analysis of Python apps now has significantly faster extraction and analysis times.
  • CodeQL 2.19.14 October 2024
    • Java 23 is now supported.
    • A new command, codeql resolve packs, shows each step in the pack search process, including what packs were found in each step.

Detailed changelogs for every CodeQL release are available in the CodeQL documentation, and new CodeQL releases occur roughly every two weeks.

For GitHub Enterprise Server customers: All new functionality from CodeQL releases 2.19.0 through 2.20.3 will be included in GHES 3.16 and the latest patch versions of 3.12-3.15. Functionality from 2.20.3 and later 2.20.X versions will be included in 3.17. If you use an older version of GHES, you can manually upgrade your CodeQL version.

See more

GitHub Copilot now available for free in mobile and the CLI

GitHub Copilot Chat in GitHub Mobile and Copilot Extension for the GitHub CLI are now available for free

GitHub Copilot Chat in GitHub Mobile and Copilot Extension for the GitHub CLI are now available for free!

GitHub Copilot Chat on GitHub Mobile

Whether you’re tackling coding questions, brainstorming ideas, or working on the go, GitHub Copilot Chat is here to make collaboration faster and easier, no matter where you are.

On mobile, simply sign in with your personal GitHub account and tap the Copilot button to access 2,000 code completions and 50 chat messages per month! If you reach your quota, you can upgrade through an in-app purchase to enjoy unlimited access.

Download or update GitHub Mobile apps today from the Apple App Store or Google Play Store to experience the AI coding assistance right at your fingertips.

GitHub Copilot Extension on GitHub CLI

In the GitHub CLI, install the gh-copilot extension to access gh copilot explain and gh copilot suggest. If you reach your quota, you can upgrade on the web.

Download the GitHub CLI and the GitHub Copilot Extension directly from your terminal to experience AI assistance in explaining and suggesting gh, git, and other terminal commands without leaving your shell.

Learn more about GitHub Copilot Chat in GitHub Mobile, GitHub Copilot in the CLI, Copilot Free and share your feedback.

See more
View more changes