Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Audit log streaming of API requests is generally available

Audit log streaming of API requests targeting your enterprise’s private assets is now generally available. This feature provides you as enterprise administrators new visibility into the API activity within your enterprise.

Audit logs play a critical role in an enterprise owners’ ability to monitor and secure their enterprise. Many enterprises leverage GitHub’s API ecosystem to automate and operate their enterprise at scale. However, API use can also create unique security and operational challenges that must be managed. To help manage these challenges, API requests targeting your enterprise’s private assets can be included in your enterprise’s audit log streams. Please note that API requests targeting public repositories will be omitted from your enterprise’s audit log stream. This new data will allow you as an enterprise owner to:

  • Better understand and analyze API usage targeting your private enterprise assets;
  • Identify and diagnose potentially misconfigured applications or integrations;
  • Track the authentication tokens being used by specific applications or integrations;
  • Troubleshoot API requests contributing to API rate limiting;
  • Analyze API activity when performing forensic investigations; and
  • Develop API specific anomaly detection algorithms to proactively identify potentially malicious API activity.

    An example event payload can be found below:

Example API request audit log event.

Note: Sensitive fields have been redacted for security reasons.

To start streaming API requests, you can follow the instructions in our docs for enabling audit log streaming of API requests. Once enabled, you should begin seeing API request events in your audit log stream.

See more

Codestral 25.01 is now available in GitHub Models (GA)

The latest AI model from Mistral, Codestral 25.01, is now available in GitHub Models.

Codestral 25.01 is explicitly designed for code generation tasks. It helps developers write and interact with code through a shared instruction and completion API endpoint. As it masters code and can also converse in a variety of languages, it can be used to design advanced AI applications for software developers.

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

Easily try, compare, and implement this model in your code for free in the playground or via the API. Compare it to other code generation models using the side-by-side feature in GitHub Models.

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

See more

Evolving GitHub Issues (public preview)

Following our opt-in preview last year, we are excited to release sub-issues, issue types and advanced search for issues to everyone! 🎉

Thank you to everyone who opted-in and gave us feedback on these new additions. We will be rolling out these changes incrementally and expect all users to have access by the end of this week.

🔗 Break down and nest issues with sub-issues

Sub-issues allow you to break down and organize issues within a parent-child hierarchy. You can create sub-issues from any issue and use their nested structure to track progress and understand remaining work. You can also easily track sub-issues progress within your projects.

Learn more and share feedback on sub-issues.

📁 Organize your work with issue types

Issues types allow you to classify and manage your issues with a shared and consistent language across all repositories in an organization. You can quickly understand the progress of your bug backlog, find all of the high level initiatives teams are working on, and understand the breakdown of work in a project.

Issue types displayed as part of a repo index page

Learn more and share feedback on issue types.

From the repository issues page, you can build advanced searches using the AND and OR keywords and parentheses for nested searches. This allows you to build more complex filters to find the exact set of issues you’re looking for.

A user searches for type bug OR type task

Learn more and share feedback on advanced search for issues.

🎨 Issues UI updates

All these new features are based upon an update to the issues front end, designed to be fast and familiar. This means there are no new UI patterns to slow you down, but we did include a few tweaks to speed you up, including:

  • The issues index page has a new filter bar with autocomplete and syntax highlighting.
  • Creating multiple issues is faster with a ‘create more’ option to quickly get back to the creation screen.
  • Issue form and templates are now presented in alphabetical order based on file name, making it easier for you to set just the right order.
  • Easily share the URL to an issue with a new ‘copy link’ button.
  • On long issues, selecting ‘load more’ will now fetch 150 events instead of 50.

Learn more and share feedback on the updated issues UI.

👀 Not ready yet?

Head over to your account’s feature preview page to switch between the new and old experiences. Due to the incremental roll out of the new experiences over the course of this week, you may find you only have access to the feature preview toggle once the roll out has completed.

See more

Code scanning: CodeQL Action v2 is now deprecated

On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. In January 2024, we announced that CodeQL Action v2 would be deprecated at the same time as GitHub Enterprise Server (GHES) 3.11. This deprecation period has elapsed and CodeQL Action v2 is now discontinued. It will no longer be updated or supported, and while we will not be deleting it except in the case of a security vulnerability, workflows using it may eventually break. New CodeQL analysis capabilities will only be available to users of v3.

For more information about this deprecation, please see the original deprecation announcement from January 2024.

How does this affect me?

Default setup

Users of code scanning default setup do not need to take any action in order to automatically move to CodeQL Action v3.

Advanced setup

Users of code scanning advanced setup need to change their workflow files in order to start using CodeQL Action v3.

Users of GitHub.com and GitHub Enterprise Server 3.12 (and newer)

All users of GitHub code scanning (which by default uses the CodeQL analysis engine) on GitHub Actions on the following platforms should update their workflow files:

  • GitHub.com (including open source repositories, users of GitHub Teams and GitHub Enterprise Cloud)
  • GitHub Enterprise Server (GHES) 3.12 (and newer)

Users of the above-mentioned platforms should update their CodeQL workflow file(s) to refer to the new v3 version of the CodeQL Action. Note that the upcoming release of GitHub Enterprise Server 3.12 will ship with v3 of the CodeQL Action included.

Users of GitHub Enterprise Server 3.11 (and older)

GitHub Enterprise Server 3.11 (and older) is now deprecated. For more information on using the CodeQL Action on a deprecated GitHub Enterprise Server version, refer to the relevant sections of the CodeQL Action v2 deprecation announcement.

Exactly what do I need to change?

To upgrade to CodeQL Action v3, open your CodeQL workflow file(s) in the .github directory of your repository and look for references to:

  • github/codeql-action/init@v2
  • github/codeql-action/autobuild@v2
  • github/codeql-action/analyze@v2
  • github/codeql-action/upload-sarif@v2

These entries need to be replaced with their v3 equivalents:

  • github/codeql-action/init@v3
  • github/codeql-action/autobuild@v3
  • github/codeql-action/analyze@v3
  • github/codeql-action/upload-sarif@v3

Can I use Dependabot to help me with this upgrade?

Yes, you can! For more details on how to configure Dependabot to automatically upgrade your Actions dependencies, please see this page.

See more

Secret scanning expands default pattern support

GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.

The following new patterns were added over the last few months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.

Provider Token Partner User Push protection
Anthropic anthropic_admin_api_key
Asaas asaas_api_token
Asana asana_legacy_format_personal_access_token  ✓
Azure azure_openai_key
Azure microsoft_azure_common_annotated_security_key
Azure microsoft_azure_entra_id_token
Cfx.re cfxre_server_key
Cockroach Labs ccdb_api_key
Coveo coveo_access_token
Databento databento_api_key
Datastax datastax_astracs_token
Google google_cloud_service_account_credentials
Google google_gcp_api_key_bound_service_account ✓  
Hubspot hubspot_private_apps_user_token
Hubspot hubspot_smtp_credential
Hugging Face hf_user_access_token
Iterative iterative_dvc_studio_access_token
Lichess lichess_personal_access_token
Lichess lichess_oauth_access_token
MongoDB mongodb_atlas_db_uri_with_credentials
Netflix netflix_netkey
OpenRouter openrouter_api_key
Oracle oracle_api_key
Polar polar_access_token
Polar polar_authorization_code
Polar polar_client_registration_token
Polar polar_client_secret
Polar polar_personal_access_token
Polar polar_refresh_token
Replicate replicate_api_token
Scalr scalr_api_token
Sentry sentry_org_auth_token
Sentry sentry_user_auth_token
Sentry sentry_user_app_auth_token
Sentry sentry_integration_token
Shopee shopee_open_platform_partner_key
Siemens siemens_api_token
Sindri sindri_api_key
Tailscale tailscale_api_key

The following existing patterns were upgraded to be included in push protection. When push protection is enabled, secret scanning automatically blocks any pushes that contain a secret matching these patterns.

Provider Token
Contentful contentful_personal_access_token
GitLab gitlab_access_token
Ionic ionic_refresh_token
Orbit orbit_api_token
PyPI pypi_api_token
Thunderstore thunderstore_io_api_token
Yandex yandex_cloud_iam_access_secret

Learn more about securing your repositories with secret scanning.

See more

GitHub Models introduces JSON schema support for response formats

You can now specify a custom JSON schema as a response format, alongside the existing text and recently released general JSON option. When JSON schema is selected, an input box will allow you to define your desired schema format directly in the playground.

JSON Schema support in Models

This enhancement provides more control if you’re working with models that require structured responses, helping to mitigate issues like models outputting unnecessary tokens. You can either specify a single object or an array of objects. Additionally, you can save this JSON schema as a preset so that you can use it again later.

JSON Schema structured outputs are currently only supported for the GPT 4o model, and specifically for the api-version: “2024-08-01-preview”.

GitHub Models is a catalog and playground of AI models to help you build AI features and products. You can start using models for free with just your GitHub PAT.

Learn more about GitHub Models or join the conversation in our community discussions.

See more

Copilot Workspace Changelog (January 6, 2025)

Happy New Year! We’ve got fresh Copilot Workspace updates for you this week, so let’s jump right in! 🎉

Copilot Workspace

Adding new files from file tree

You can now add a new file directly to the file tree, rather than having to modify the plan.

photo of adding a new file from the file tree

Error toggling

We’ve enabled an option to toggle errors on and off within your editor. This will allow you to hide errors when you’re not actively working on them.

gif of error toggling

Improved codespace creation

Now when you create a codespace, your codespace will be created in the region closest to you. This will improve the latency of your connection, providing a smoother experience while editing and using the terminal.

Copilot Workspace for pull requests

Accessibility improvements

Screen readers will now announce when suggestions are applied.

Bug fixes

Fixed a design regression where there was no border between the editor and the file.

Providing feedback

Please give feedback in our GitHub Discussion. We appreciate any and all feedback you have!

See more

Closing down notice: Dependabot will no longer support Python version 3.8

On February 5th, 2025, Dependabot will end support for Python version 3.8, which has reached its end-of-life. If you continue to use Python version 3.8, there’s a risk that Dependabot will not create pull requests to update dependencies. To prevent this from happening, please update to a supported release of Python. As of January 2025, the latest supported release of Python is version 3.13. View Python’s official documentation for more information about supported releases.

See more

Actions: Xcode 16.2 will replace Xcode 16.0 in macOS-14 Images

Starting January 6, 2025 GitHub-Hosted macOS runner images will be replacing Xcode 16.0 with Xcode 16.2. This change applies to both macOS-14 Intel and ARM64 based runner images. If you rely on Xcode 16.0, upgrade to Xcode 16.1 in order to maintain service continuity in your Actions workflows.

Our support policy for macOS-14 is:
Xcode 15: All minor releases with the full platform tools suite.
Xcode 16: Two minor releases (excluding visionOS tools), following a “last two” principle where the oldest version is replaced by the latest as updates are released. Beta versions are not included.

Additional Resources

See more

Expanding Access to the GitHub Copilot Workspace Technical Preview

We are excited to announce that all paying Copilot customers can now use the technical preview of GitHub Copilot Workspace.

hero image for the copilot workspace technical preview

Copilot Workspace is a Copilot-native development environment designed to help you with everyday tasks, from idea to merge.

Starting from a GitHub Issue or natural language task, you can work with Copilot Workspace to iterate on solving your problem. Together, you can:

  • Brainstorm your ideas: Ask Copilot questions about how your codebase currently works, and explore ideas for how to solve your task.
  • Plan your changes: Leverage Copilot Workspace to generate a comprehensive plan for your code change, surfacing relevant code and describing the changes necessary in each file to achieve your goal.
  • Implement and validate: Let Copilot Workspace propose code changes that you can iterate on and refine in natural language or code. You can even build, run, and test the code directly within Copilot Workspace with a fully functional compute environment provided by GitHub Codespaces before creating a pull request.

Everything that GitHub Copilot Workspace proposes – from the plan to the code – is fully editable, allowing you to rapidly iterate until you’re confident in the change.

To find out more, check out the blog that first launched Copilot Workspace to the world.

Getting Started

Sign up for the technical preview by logging into Copilot Workspace. Please note that Enterprise Managed Users are not eligible for the technical preview.

Once you have access, check out the user manual, or these 5 helpful tips and tricks for getting the most out of Copilot Workspace.

Organization administrators can enable members to use Copilot Workspace with repositories owned by their organization by approving the Copilot Workspace OAuth app for the organization. OAuth app restrictions are enabled by default when new organizations are created, so unless you’ve changed this setting, members of your organization will not have access to Copilot Workspace on organization-owned repositories by default. To enable Copilot Workspace for your organization’s repositories:

You can share any questions, concerns, or ideas in this discussion post. We can’t wait to see what you build!

See more

Copilot Workspace Changelog (December 20th, 2024)

Welcome to another week of Copilot Workspace updates! We have a bunch this week, so let’s jump right in! 🎉

Copilot Workspace

Handling large files

Workspace will now inform you when a file is too large to be displayed, and link you to view the file in the repo editor.

"image of file too large with correct warning"

Copying the branch name

Now when selecting a branch, you’ll be able to copy the branch name to your clipboard. You’ll will see a check mark after successfully copying the branch name.

Improvements to the diff editor

  • The scrolling experience has been improved, allowing you to scroll through all your files at once instead of each file individually.
  • We’ve enabled collapsing regions outside the diff, and are showing 3 lines of context padding the diff.
  • We’ve enabled word wrapping within the editor.

Bug fixes

  • Empty files now display correctly
  • Fixed a bug during plan creation that was causing Copilot Workspace to crash
  • No longer does renaming the spec question include a scroll bar
  • Fixed an issue where renamed files did not update all references across the plan, tabs, and editor. Now when you rename a file you will see that name change reflected everywhere.

Copilot Workspace for PRs

New file path auto-populating

Adding new files will auto-populate the path, making it easier to add new files to your repository.

Individual file resets

You can now reset individual files, rather than having to reset the state of all changes.

Hiding trailing whitespace

We’ve enabled an option for you to hide whitespace when viewing a diff.
showing trailing whitespace and then hiding it

Add indication when suggestion cannot be applied

We now alert you when a suggestion can’t be applied.
photo-of-improved-file-handler

Accessibility improvements

Accessibility continues to be core to the GitHub experience. Over the upcoming changelogs we’ll be highlighting improvements to our accessibility experience.

  • User operating system specific hints on keyboard shortcuts are enabled
  • A missing checkbox label on commit dialog has been added
  • Screen reader feedback on suggestions are now applied

Bug fixes

  • Copilot Workspace now informs users if a file is too large to be viewed
  • Changing files is enabled when focusing on a suggestion
  • Suggestions that would be applied to files you have removed are now deleted

Providing Feedback

Please give feedback in our GitHub Discussion. We appreciate any and all feedback you have!

See more

REST API insights for organizations is now generally available

As a GitHub Enterprise Cloud organization owner, you and your designated users can now use API insights to visualize REST API activity for your entire organization or specific apps and users. This new feature helps you understand the sources of your REST API activity and manage against your primary rate limits—giving you visibility into the timeframe, apps, and API endpoints involved.

Who can access it

The API insights feature is available only at the organization level. By default, only organization owners can access it. However, organization owners can grant access to non-owners by creating a custom role at the organization level, assigning the permission named View organization API insights to the custom role, and then assigning the custom role to an organization member or team. See the documentation for managing organization custom roles.

Where to find it

The API insights feature is available to all GitHub Enterprise Cloud organizations. To access it on your organization home page, select Insights near the top of the page, and then select REST API on the left side of the page.

An image of an organization homepage where selecting Insights and then REST API will navigate to the new API insights feature.

How to use it

Use the Period and Interval drop-downs to choose the range of time displayed in the chart and how granularly to display REST API requests on the chart. These drop-downs also set the time range for the “Total REST requests,” the “Primary-rate-limited requests,” and the Actors table below the chart.

An image of the API insights feature page showing the Period drop-down expanded for selecting the time period of REST API activity to include.

The Actors table displays the GitHub Apps and users that made REST API requests in the current organization within the selected time period. Select a GitHub App to display its REST API activity and any primary rate-limiting. Select a user to display their personal REST API activity from personal access tokens (PATs) and OAuth apps acting on their behalf.

An image of the API insights feature page showing a table of actors, including GitHub Apps and users, that created REST API activity in the selected time period.

Tell us what you think

We welcome your feedback in the Enterprise community discussions.

Refer to the documentation for API insights for more details about understanding your organization’s REST API activity and investigating primary rate-limiting.

See more

Audit log and webhook events for secret scan completions

To enhance auditing and troubleshooting, we’ve introduced new webhook and audit log events to track the completion of certain secret backfill scans on repositories.

The events specify the type of backfill scan completed (e.g., Git backfill or issues backfill) and the secret types scanned, including custom patterns. Note that secrets detected through Copilot Secret Scanning are not included.

Backfill scans cover the entire repository and occur when secret scanning is enabled or patterns are updated. These events do not include information on incremental scans, which focus on new content pushed to a repository.

A repository must have a GitHub Advanced Security license to access these events.

Learn more about how to secure your repositories with secret scanning.

See more

OpenAI o1 is now available in GitHub Copilot Chat (preview)

OpenAI’s brand new o1 model is now available in Copilot Chat for Copilot Pro, Business and Enterprise subscribers.

The new o1 model replaces o1-preview, and offers even better performance in complex tasks.

To try it, just pick o1 (Preview) from the model picker in Visual Studio Code or in the full-screen, immersive Copilot Chat experience at github.com/copilot.

Picking the o1 model in Copilot Chat in Visual Studio Code

Access to the o1 model is currently in public preview, so if you’re a Copilot Business or Copilot Enterprise subscriber, an administrator must enable access to the o1 family of models before o1 shows up in the model picker.

Support for o1 is coming soon to Visual Studio, and we’re working to bring the model picker to the JetBrains IDEs.

OpenAI o1 is also available in GitHub Models – to learn more, check out the changelog.

See more

OpenAI o1 is now available in GitHub Models

GitHub Models makes it easy for every developer on GitHub to build AI features and products, with access to top AI models via a playground, API, and more.

Today, we’ve added access to OpenAI’s brand new o1 model. The new o1 model replaces o1-preview, and offers even better performance in complex tasks. You can learn more about this launch and its availability on both GitHub Models and Copilot in our blog post.

Start working with o1 directly in our GitHub Models playground. You can even compare it side-by-side with GPT-4o to evaluate how they work differently.

OpenAI o1 in GitHub Models

If you’re ready to jump in and integrate o1 into your code, check out our API.

Learn more about GitHub Models or join the conversation in our community discussions to share your feedback!

See more

GitHub Copilot for JetBrains (update to support Free Plan) [GA]

Free Tier Support for GitHub Copilot Now Available on JetBrains IDEs

We’re excited to introduce the Free Tier for GitHub Copilot, now available for JetBrains IDEs! Starting today, you can enable GitHub Copilot in your JetBrains IDE with just a GitHub account—no trials or subscriptions required.

What’s included in the Free Tier?

The Free Tier provides everything you need to get started with GitHub Copilot:
* 2000 code completions/month
* 50 chat requests/month
* 64k context window for a seamless development experience

If you reach the limits, you can explore additional tiers to continue using GitHub Copilot’s powerful features.

Why it matters

GitHub Copilot in JetBrains IDEs empowers you to write code faster, focus on creative problem-solving, and enhance productivity—all with an AI assistant right in your IDE. With the Free Tier, more developers than ever can access these tools and start improving their workflows today.

Get started

We’d love for you to try the GitHub Copilot Plugin for JetBrains IDEs and share your thoughts. Your feedback plays a crucial role in helping us improve the product.

Join the discussion

Connect with the developer community in the GitHub Community Discussion to share your experiences, ask questions, and provide feedback.

See more

Dependabot updates ceases supporting npm version 6 [Closing Down]

On January 20th, 2025, Dependabot will end support for npm version 6, which has reached its end-of-life. If you continue to use npm version 6, there’s a risk that Dependabot will not create pull requests to update dependencies. In that case, we recommend updating to a supported release of npm. As of December 2024, the newest supported release of npm is version 11. View NPM’s official documentation for more information about supported releases.

See more

Windows Server 2025 is now in public preview

The Windows 2025 server image for GitHub Actions hosted runners is now available in public preview. To start using this image in your Actions workflows, update your workflow file to include runs-on: windows-2025.

Please note that the Windows 2025 image has a different list of installed tools and tool versions. See the full list of changed software including differences in the announcement.

If you spot any issues with your workflows when using Windows Server 2025, or if you have feedback on the software installed on the image, please let us know by creating an issue in the runner-images repository. While the runner image is in preview, you may experience longer queue times during peak usage hours.

See more

You can now view real-time token and latency usage in GitHub Models (GA)

The GitHub Models playground now shows your real-time token usage, including both input and output counts, as well as latency information in its responses. The analytics are accessible via the top bar, helping you more efficiently optimize prompts, evaluate model costs, and monitor response times.

Additionally, clicking on the information in the top bar now opens a modal with more details about the token and latency metrics:

Token and latency information in GitHub Models

GitHub Models makes it easy for every developer on GitHub to build AI features and products, with access to top AI models via a playground, API, and more.

To learn more about GitHub Models, check out the docs. You can also join our dedicated community discussion to discuss this update, swap tips, and share feedback.

See more
View more changes