GitHub releases
GitHub changelog, platform updates, and Copilot coding-assistant releases. New features, breaking changes, security advisories and deprecations - each summarised in plain English and updated continuously.
Tracking 72 GitHub releases · Updated
- GitHub Changelog securityinfraengineer ·
GitHub Actions checkout v7 enhances security for pull_request_target
GitHub Actions checkout v7 now defaults to refusing common 'pwn request' patterns, preventing vulnerabilities in workflows triggered by pull_request_target events from forks. This change is crucial for supply-chain security, affecting users who rely on checking out unreviewed pull request code. The update is available now for workflows pinned to floating major tags, with enforcement backported to supported major versions by July 2026.
feature security - GitHub Changelog infraengineer ·
npm v12 to enforce stricter security defaults for package installation
npm v12, slated for July 2026, introduces security enhancements by defaulting to stricter controls for package installation scripts and Git/remote dependencies. These changes aim to mitigate code execution risks by requiring explicit user opt-in for potentially risky operations. Users on npm 11.16.0 or newer can prepare by reviewing warnings and using `npm approve-scripts` to manage trusted packages.
breaking feature security