Last week GitHub released a feature that had a coworker whooping with joy. But we’ll get to that in a moment.
First, there is a more significant thing I want to look at. GitHub is working with EU policymakers on the Cyber Resilience Act. While I’m based out of the US and work at a US-based company, I still have unpleasant memories from the year before GDPR went into effect as we scrambled to comply with some legislation we didn’t understand. I’m very excited to hear that GitHub is working on this, and I hope the policymakers listen.
I’m slowly reading through the proposals for the Cyber Resilience Act or CRA, but it is slow going. It will be worth keeping an eye on this proposal.
Also, GitHub is officially starting its rollout process to move everyone to 2FA.
Now for the releases that GitHub made last week.
GitHub announced a fix to a bug where users retained access to an org after being removed. I couldn’t find any previous mention of this bug, but apparently, they have had a manual fix since Oct. 20, 2022. My guess is GitHub has a policy of waiting for the automated fix to be in place before discussing issues. I wish I had heard about this issue in October and suddenly got an update rather than finding everything out later.
Moving to happier news, I was surprised to see how excited some coworkers were about this change. You can now comment on an entire file in PRs. This is a public beta, and they are looking for feedback, so try it out.
There is also a new beta for slash commands in discussions, issues, PRs, and projects. I’m curious to see how much this becomes a part of my workflow. Adding code blocks doesn’t knock my socks off, but easy access to saved replies and creating markdown tables has my attention.
Enterprise customers can join a public beta to display members’ IP addresses in the audit logs.
Moving from public to private betas, GitHub is looking for folks to test a tool for migrating repos from BitBucket Server to GitHub.
Moving over to Generally Available features, we have a lot more.
Projects are now on GitHub Mobile. On the one hand, using a ticketing system from my phone sounds like hell; on the other, I recognize that I’ve done that with Jira.
Discussions can now be closed as either Resolved, Outdated, or Duplicate.
Creating and managing GitHub Action Runner Groups comes to the team plan. This functionality was already available to enterprises.
In the land of GitHub Advanced Security, code scanning now only shows alerts based on the files changed in a PR. Also, the change to notifications for secret scanning has gone into effect.
We saw runner groups get moved into the team plan, and I also hope we eventually see something like this for GitHub Advanced security.
Sticking with changes to the enterprise tier, apps can now call GitHub APIs using a user-to-server token. I haven’t used this functionality, but it apparently creates parity with OAuth apps.
Finally, we get to Dependabot, who also got some love this week. Dependabot now keeps Gradle version catalogs up-to-date. And, for anyone using versioned Reusable Workflows, Dependabot can now keep those up to date too.
Well, that about wraps it up. What new features stood out to you?
Dan Cook 