Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

JetBrains Copilot code referencing support is generally available

The GitHub Copilot plugin for JetBrains IDEs now includes the ability to view code references, designed to enhance your coding experience and improve productivity.

What’s new ✨

Viewing code references: When GitHub Copilot suggests code that matches public code, you will be notified of this match. Click “View matches” at the end of the response to access the reference information.

Benefits for developers ⚡️

Informed decisions with code suggestions: code referencing allows you to make more informed decisions about whether to use the suggested code.

Get involved 🛠

We encourage you to try out the latest version of the GitHub Copilot plugin and share your feedback. Your input is invaluable in helping us refine and improve the product.

Join the discussion 🚀

Connect with us and other developers in the GitHub Community to share your experiences, ask questions, and provide feedback.

See more

Copilot Workspace: Showing quota limits, issues in dashboard, and UX improvements

Copilot Workspace header

This week, we’ve added an indicator for your daily or hourly quotas, allocated a section of the dashboard to issues assigned to you, and introduced several UX improvements and bug fixes to ensure a smooth development process with Copilot Workspace.

Showing approaching quota limits

As you’re nearing your quota limit, Copilot Workspace will now display a counter so you can keep track of how many tokens you have left, and prioritize your usage accordingly.

quota limits

Issues listed in homepage dashboard

Your recently assigned issues are now listed in the homepage dashboard, providing another jumping point to start developing from!

recently assigned issues in homepage dashboard

UX improvements and bug fixes

  • The session list has been refactored to link directly to pull requests created from a session.
    Screenshot shows list of recent sessions with linked pull requests

  • The sessions index page now maintains scroll position when navigating across sessions.

  • When viewing a new file’s diff, the diff is now highlighted in green.

  • We’ve added an arrow to the current branch name, indicating that it is clickable.

  • You can now select file names in the Plan stage, allowing you to copy them as needed.

  • We fixed the “live preview” button on the run command.

  • We fixed the overlay of the file tree view on small viewports.

  • Light/dark mode is now fixed to match your settings theme.

  • Terminal commands are now correctly disposed of when exiting the command dialogue without saving.

  • There’s improved file name generation to remove excess backtick characters.

  • We fixed a bug where the plan was not being shown in mobile view.

  • The “Revise” button on file headers is now represented by a sparkling pencil icon instead of crosshairs.

  • There’s a new square circle button for stop buttons.

Providing feedback

Please give your feedback in our GitHub Discussion. We’d love to hear your thoughts!

See more

Mobile monthly: February’s general availability and more

What's new in Github Mobile, February update

January and February brought a number of improvements to GitHub Mobile, making it more powerful and flexible. We’re rolling out exciting new features designed to make coding and collaboration easier on the go. From third-party integrations that extend GitHub Copilot’s capabilities to in-chat coding assistance, sub-issues, and refined notification preferences, these updates are designed to boost productivity and keep you connected wherever you are.

What’s new:

Copilot Chat is now available for Free on GitHub Mobile

  • Introducing GitHub Copilot Chat to all users on GitHub Mobile for free. Just tap the Copilot button to start getting answers for coding questions, or chat about issues, pull requests, and repositories wherever you are.
  • Copilot Extensions on GitHub Mobile are generally available. Developers can extend Copilot’s capabilities on the go, integrating third-party tools, automating tasks, and receiving personalized code suggestions.
  • Introducing sub-issues on GitHub Mobile. Track progress and understand remaining work within a parent-child hierarchy on the go.
  • Review your notification preferences: from time to time, we’ll ask that you check in on your notification preferences to ensure that you’re receiving the kinds of notifications you want, at times you want to receive them.
Copilot Extensions Sub-issues
Copilot extensions.png sub-issues.png

iOS bug fixes:

  • Widgets reflect the accent color when tinted.
  • Add reactions to the latest release in the Releases view.
  • Inbox swipe actions get dismissed before entering batch selection mode.
  • In the Explore view, avatars load correctly with transparent background.
  • In the Issue view, remove an extra animation when data loads.
  • Navigate content in the Explore view’s “For You” feed using assistive technologies.
  • Pull request reviews from Copilot code review show the “Copilot” brand name.
  • Clearing a field used for a grouping within a project re-groups content without duplicate group titles.
  • Fixed an issue where the search bar was improperly updated during text input with marked text in Japanese or Chinese input methods.
  • Fixed an issue where pull-to-refresh in discussions failed to refresh data and the loading indicator remained stuck.
  • The pull request widget responds to user specified tints.
  • Issues in archived repositories no longer show update actions.
  • Code vulnerability alerts in Copilot chat are no longer duplicated.
  • Indented code blocks in Copilot chat display within a chat response.
  • Nested lists in markdown content display with less indentation when viewed with larger text sizes.
  • Issue and pull requests display their issue or pull request number when scoped to a single repository.
  • Shortcuts scoped to a single repository will no longer list the repository name for each issue or pull request.

Android bug fixes:

  • Improved scrolling performance for lists where list items contains web views.
  • The correct default commit message now appears when creating a new file in a repository.
  • Improved line wrapping in the Code view.
  • Various sub-issues design tweaks and improvements.
  • Fixed file header appearance in pull request reviews.
  • Pull request reviews now display the correct submission date.
  • Anchor links in markdown files will now scroll to the correct position.
  • The delete branch button will now be shown after closing a pull request.
  • Bots are now mentionable in pull request reviews if they are the author.

Learn more about GitHub Mobile and share your feedback to help us improve.

Join the discussion within GitHub Community.

See more

Java CSRF, Go 1.24 and C# 13 language features support available in CodeQL 2.20.5

CodeQL version 2.20.5 has been released and includes a host of coverage improvements, including extended support for C# 13 and new detection capabilities for Java and GitHub Actions workflow files.

CodeQL is the static analysis engine that powers GitHub code scanning, which finds and remediates security issues in your code.

CodeQL 2.20.5 adds full support for new language features introduced in C# 13 / .NET 9, as well improved coverage for .NET 9. This will improve the detection of alerts and reduce the chance of false negative results.

CodeQL Java analysis is improved with additional support for Cross Site Request Forgery (CSRF). The new analysis capability detects vulnerabilities that occur when using HTTP request types that are not protected against cross site requests by default.

Go analysis has been updated to support Go 1.24, which includes new language features and improvements. This will improve the detection of alerts and reduce the chance of false negative results.

For a full list of changes, please refer to the complete changelog for version 2.20.5. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on GitHub.com. The new functionality in CodeQL 2.20.5 will also be included in GitHub Enterprise Server (GHES) version 3.17. If you use an older version of GHES, you can manually upgrade your CodeQL version.

See more

Improved code scanning coverage for GitHub Actions (Public Preview)

We recently launched analysis capabilities for GitHub Actions workflow files in public preview.

With the release of CodeQL 2.20.5, we are expanding the analysis capabilities to detect additional types of security risks associated with Actions workflow files and we have adjusted some of the existing queries.

The analysis coverage is improved with the addition of five new queries that identify additional types of security risks associated with Actions workflow files. The new queries are:

  • actions/envpath-injection/medium detects situations where user-controlled sources (like the text of a GitHub issue) are used to populate the PATH environment variable. This could allow an attacker to alter the execution of system commands.
  • actions/envvar-injection/medium detects situations where environment variables which are not properly sanitized can lead to the injection of additional unwanted variables, using new lines or {delimiters}.
  • actions/code-injection/medium– detects situation where user-controlled input can end up in contexts like run: or script:, leading to malicious code being executed and secrets being leaked.
  • actions/artifact-poisoning/medium detects situations where artifacts are not correctly extracted, stored and verified, which could result in a poisoned artifact being executed, leading to repository compromise.
  • actions/untrusted-checkout/medium detects situations where workflows triggered by events like pull_request_target or issue_comment can execute arbitrary code from untrusted sources, if followed by an explicit checkout.

Because of its lower precision and the large number of alerts it generates, the query actions/unpinned-tag has been moved to the security-extended query suite from the default query suite, and all existing alerts for this query will be automatically closed if the security-extended suite is not being used.

Three queries have been removed from the default and security-extended query suites because they do not produce relevant security alerts. Alerts generated by these queries will be closed automatically.

These changes are now available with the release of CodeQL 2.20.5. For a full list of changes, please refer to the complete changelog for version 2.20.5. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on GitHub.com. The new functionality in CodeQL 2.20.5 will also be included in GitHub Enterprise Server (GHES) version 3.17. If you use an older version of GHES, you can manually upgrade your CodeQL version.

See more

OpenAI GPT-4.5 in GitHub Copilot now available in public preview

GitHub Copilot GPT-4.5

OpenAI’s latest model, GPT-4.5, is now available in GitHub Copilot Chat to Copilot Enterprise users. GPT-4.5 is a large language model designed with advanced capabilities in intuition, writing style, and broad knowledge. It performs effectively with creative prompts and provides reliable responses to obscure knowledge queries. GPT-4.5 will launch in Visual Studio Code and on github.com for Copilot Enterprise users with a limit of 10 requests every 12 hours per user. In the coming weeks, we’ll be scaling rate limits and extending support to Visual Studio and JetBrains.

GPT 4.5 in the VS Code Model Picker

As model releases have continued to accelerate, we’ve been thinking about how we can sustainably offer advanced AI models like GPT-4.5 to more GitHub users. This includes individual developers who want the most advanced capabilities from day one. Stay tuned for updates.

Enabling access

Copilot Enterprise administrators will need to enable access to GPT-4.5 via a new policy in Copilot settings. As an administrator, you can confirm availability by checking your individual Copilot settings and confirming the policy for GPT-4.5 is set to “enabled”. Once enabled, users will see GPT-4.5 in the Copilot Chat model selector in VS Code and on github.com.

See more

Scheduled Codespaces maintenance

Codespaces will be undergoing maintenance in Europe and Southeast Asia from 17:00 UTC on Friday, February 28 to 02:00 UTC on Saturday, March 1. Maintenance will begin in North Europe at 17:00 UTC on Friday, February 28. Once it is complete, maintenance will start in Southeast Asia, followed by UK South. Each region will take approximately two to three hours to complete.

During this time period, users may experience connectivity issues with new and existing Codespaces.

If you have uncommitted changes you may need during the maintenance window, you should verify they are committed and pushed before maintenance starts. Codespaces with any uncommitted changes will be accessible as usual once maintenance is complete.

See more

Changes and deprecation notice for npm replication APIs

We are making changes to npm replication APIs to optimize performance and availability. As part of this update, certain endpoints will be deprecated as of Thursday, May 29, 2025.

To facilitate a seamless transition, the new endpoints will be available starting Tuesday, March 18, 2025, operating in parallel with the existing endpoints. The existing endpoints will be fully deprecated on Thursday, May 29, 2025.

During the transition period, you may access the new endpoints by including the npm-replication-opt-in header with the value true in your requests. This option will be available from Tuesday, March 18, 2025 until the deprecation date, after which only the new endpoints will be available. Effective Thursday, May 29, 2025, the header will be ignored, and all requests will be directed to the new endpoints by default.

This notice is provided to ensure adequate time for necessary updates to replication implementations. We strongly encourage developers to migrate to the new endpoints as early as possible.

How to migrate?

To assist with migration, we have detailed documentation in our replication API migration community discussion, outlining alternative approaches for deprecated endpoints when available. This is the go-to place for questions and discussions.

Additional support for migration

If you have further questions or need additional assistance, please reach out to our support team.

See more

Manage push protection bypass requests for secret scanning with the REST API

Push protection for secret scanning blocks any push that contains a secret. By default, this block can be bypassed, which results in a secret scanning alert in the repository. Delegated bypass controls let you choose who is allowed to bypass push protection, and contributors without permissions to bypass must submit a request for approval by the listed reviewers. These controls can reduce the risk of secrets being accidentally exposed in your codebase.

Managing bypass requests is now available with the REST API, offering flexibility for triaging and reviewing by integrating with your existing workflows.

Reviewers can retrieve bypass requests for an organization or repository with the following endpoints:

Reviewers can review a request and dismiss a response to a request with the following endpoints:

Learn more about how to secure your repositories with secret scanning and push protection.

See more

It is easier to track your progress with fixed code scanning CodeQL security alerts on the Security Overview page

Now it is easier to see how many of your historical CodeQL alerts received autofix suggestions and how many of those alerts were resolved across all the repositories in your organization.

Historical alerts are those found in your default and protected branches, indicating potential existing security issues in your code. You can stay informed about the progress of historical alert resolution and expediting this process as it is essential for accurately assessing your security risks.

Screenshot of total alerts fixed with an accepted autofix out of all with a suggested autofix.

The new “Alerts fixed with autofix suggestions” tile on the Security Overview provides you with the total number of fixed vulnerabilities compared to the total suggested autofixes for existing alerts. This will help you stay informed about the security trends in your organization.

Learn more about Copilot Autofix for CodeQL code scanning and security overview.

To leave feedback for Copilot Autofix for code scanning, join the discussion.

See more

Phi-4-mini-instruct and Phi-4-multimodal-instruct are now available in GitHub Models (GA)

Phi-4-mini-instruct and Phi-4-multimodal-instruct models release
The latest AI models from Phi, 4-mini-instruct and 4-multimodal-instruct, are now available in GitHub Models.

Phi-4-mini-instruct is a 3.8B parameter lightweight model designed for chat-completion prompts and strong reasoning, particularly in math and logic. Its efficiency makes it well-suited for memory- and compute-constrained environments.

Phi-4-multimodal-instruct is a 5.6B parameter multimodal model that excels at generating text outputs from various inputs including text, images, and audio. This model demonstrates strength in reasoning across multiple modalities.

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

Try, compare, and implement these models in your code for free in the playground (Phi-4-mini-instruct and Phi-4-multimodal-instruct) or via the API.

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

See more

Increased items in GitHub Projects now in public preview

Following our opt-in preview last October, we’re excited to expand item limits for all projects — increasing from 1,200 to 50,000 items per project.

Since the last release, we’ve added support for project insights and mobile, addressed your top bug reports, and delivered key performance improvements.

We’re rolling out increased limits incrementally over the next week. If you see the Increased items preview pill in your project, you’re now in the preview.

Insights for all

With this release, we’re also making project insights fully accessible to all plans—removing paid gating entirely. All plans now have access to both current state and historical charts in public and private repositories, with no feature restrictions. Learn more about insights for projects.

For questions and feedback, join the discussion within the GitHub Community.

See more

Copilot secret scanning can be enabled through code security configurations

Copilot secret scanning, which scans for passwords using AI, offers greater precision for detecting unstructured credentials that can cause security breaches if exposed.

You can now use code security configurations to enable Copilot secret scanning across your enterprise or organization, allowing you to control which repositories are detecting passwords at scale.

Copilot secret scanning is available for all repositories with a GitHub Advanced Security license. You do not need a Copilot license. To give you control over how AI is used across your repositories, Copilot secret scanning is not included in the GitHub Recommended configuration.

Learn more about protecting your repositories with secret scanning and generic secret detection.

See more

Code review in GitHub Copilot is now in public preview

Copilot Code Review

No more wait: Copilot code review is here

Code review is one of the most critical parts of software development. Manual code reviews, while essential, can be time-consuming. Copilot code review helps you offload basic reviews to a Copilot agent that finds bugs, potential performance problems, and even suggests automatic fixes. This means you can start iterating on your code while you wait for a human review—helping you keep your code repositories more maintainable and focused on quality.

Today we’re excited to announce that all Copilot subscribers can now use Copilot code review, with a host of updates that we’ve made since its initial preview. To get started, sign up here.

What’s new

  • Review summary: Copilot gives you a detailed summary of the changes in a pull request—bridging the gap between automated feedback and human insight.
  • Smarter reviews: We’re leveraging the latest models to provide even more insightful and effective feedback, identifying potential issues you might otherwise miss.

Here’s Copilot code review in action, providing a summary of the pull request and some suggested improvements:

To request a code review from Copilot, you can set up automatic reviews in a repo through repository rules. Or, if you prefer, you can ask Copilot to review a pull request on demand.

You can also jump directly into the new Copilot Workspace experience from your pull request, to refine and validate Copilot’s suggestions. And don’t forget, you can always review your code in Visual Studio Code before you push it to GitHub, keeping your development process agile and efficient.

To learn more, check out the docs. We can’t wait for you to try out these improvements, and we’d love your feedback in this GitHub Community Discussion.

See more

GitHub Copilot now available for free in Windows Terminal Canary

GitHub Copilot now available for free in Windows Terminal Canary

GitHub Copilot on Windows Terminal Canary is now available for free! GitHub Copilot Free allows you to access 50 chat messages per month. If you reach your quota, you can upgrade on the web.

GitHub Copilot in Windows Terminal

You can access the power of GitHub Copilot to get command suggestions and explanations without leaving the terminal with Terminal Chat in Windows Terminal Canary. This is available for all Copilot customers.

Get started today

GitHub Copilot is available in Windows Terminal Canary. Consult the Terminal Chat documentation to learn how to connect Copilot and get started.

Share your feedback

We are dedicated to continuous improvement and innovation. Your feedback remains a crucial part of our development process.
Learn more about GitHub Copilot Free and share your feedback on Terminal Chat.

See more

Enhanced billing platform is now available for personal accounts

As of February 13, 2025, new GitHub Free and Pro plan customers now have access to the enhanced billing platform—a suite of features designed to help users manage and understand their GitHub spending. All new users, regardless of plan type, are onboarded to this new experience.

Benefits of the new platform include:

  • Spend transparency: view usage for repositories, products, and SKUs by day, month, or year
  • Improved control: set budgets to limit spending and configure alerts to stay informed of budget utilization

Image

What to expect

Existing users on personal accounts will gain access to the enhanced billing platform in the coming months. You will be informed via email and an in-app banner on the billing page in advance of the transition.

Here are some things to know about the transition:

  • Once transitioned, a new Billing & Licensing section will appear in the enterprise account menu.
  • Spending limits will be migrated and renamed as budgets in the new billing platform. For more details about budgets, visit Preventing overspending.
  • While the new billing platform will not visually display historical usage, you will be able to download a usage report to get your pre-transition historical usage.

Other important changes

  • Git Large File Storage will transition from prepaid, quota-based data packs to a usage-based metered billing model. If you use Git Large File Storage today, you’ll receive credits for any unused data packs. For more information, visit “About enhanced billing for Git Large File Storage.”

Learn more

For more information, visit Using the enhanced billing platform for organizations.

See more

Repositories – Updated insight views (General Availability)

We’ve updated the contributors and code frequency repository insight views to improve navigation, allow hiding a series by interacting with the chart legend, and enable viewing and downloading the data as a CSV or PNG.

Contributors

Screenshot of new contributors chart showing github/explore

  • Keyboard-navigable date range selector: You can select date ranges using either your mouse or keyboard for improved accessibility. The available date ranges remain weekly (Sunday to Sunday), and we will only display contributors active within the selected timeframe.
  • Shareable URLs for specific views: The URL now reflects the selected time period, making it easy to share or bookmark a particular view.

Code frequency

Screenshot of new code frequency chart showing github/explore

  • The two axes are now differentiated by line style as well as color.
  • Data points are navigable and show more detail in a tooltip. Previously, you could only reference the axes visually.

Join the discussion in GitHub Community.

See more

GitHub Enterprise Server 3.16 release candidate is now available

GitHub Enterprise Server 3.16 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.16 release:

  • The reliability, observability, and efficiency of ghe-config-apply have been improved. As a result, you may experience reduced downtime when ghe-config-apply is run.

  • The monitor dashboard has been optimized with concise, actionable metrics, providing a quick overview of the appliance’s operational health. For more details, see the monitor dashboard.

  • When reviewing code security configurations, you can now filter repositories more easily with new options that sort by the status of specific GHAS features. For more details, see new advanced filters for code security configurations.

  • You can now apply code security configurations to archived repositories, simplifying rollouts and ensuring features like Dependabot, code scanning, and secret scanning are automatically reapplied if a repository is unarchived. Additionally, you can now create and manage code security settings at the enterprise level, reducing repetitive setup at the organization level. For more details, see enterprise-level code security configurations.

  • Monitor prevention metrics alongside detection and remediation metrics for Dependabot and GitHub Advanced Security features, including secret scanning and code scanning. This expanded visibility is now available in the enhanced security overview dashboard at both organization and enterprise levels. For more information, see enhanced security overview dashboard.

  • Organization owners can now allow their users to set custom properties during repository creation. This ensures appropriate rules are enforced from the moment of creation and improves discoverability of new repositories. For more information, see custom properties.

  • Organization owners can now configure policies to restrict the usage of deploy keys across all the repositories of your organizations, giving you more control and greater security over your deploy keys. For more information, see enforcing a policy for deploy keys.

Release candidates are a way for you to try the latest features early, and they help us gather feedback to ensure the release works in your environment. They should be tested on non-production environments. Read more about the release candidate process.

To learn more about GHES 3.16, check out release notes, or download the 3.16 release candidate now.

If you have any feedback or questions about the release candidate, please contact our support team.

See more

Refining messages and reloading responses in Copilot Chat is now in public preview

A stylized image showing a 3D Copilot head looking at a user message that has been edited via the new editing functionality

The immersive mode of Copilot chat on GitHub now provides you with increased control and flexibility at every step.

What’s new:

  • ✏️ Edit your previously sent messages: Refine your messages whenever you need
  • 🔄 Reload responses: Get different variations instantly
  • 📝 Keep track of all iterations in one place: Easily view the history of your message edits and responses
  • 🔍 Compare different message and response pairs seamlessly: Switch between versions to see which one works best

Pro tips:

  • 🛠️ Fix typos or add context without starting over
  • 🧪 Experiment with different phrasings to get the best responses
  • 🔀 Toggle between versions to compare outcomes

These new refining capabilities make it easier to iterate with Copilot. Make adjustments and improvements while maintaining the full context of your conversations, helping you to stay focused when chatting with Copilot chat.

We hope these changes help keep you in the flow state when chatting with Copilot on GitHub.com 💫.

💬 Let us know what you think using the in-product feedback option or pop it into the GitHub Community at any time.

See more
View more changes