The 2.22.0 update is a feature update, bringing new functionality and changes. The 2.22.1 update is a bugfix patch addressing several issues from the 2.22.0 release. Note that while Actions, Packages, and Code Scanning are available as Beta Features, we have not opted into the beta for the NC State GitHub Service, and these features will not be available this patch.
Features
- Pull Request Retargeting – When a pull request’s head branch is merged and deleted, all other open pull requests in the same repository that target this branch are now retargeted to the merged pull request’s base branch. Previously these pull requests were closed.
- Improved Large Scale Performance – We have revised the approach we take to scheduling network maintenance for repositories, ensuring large monorepos are able to avoid failure states.
- Suspend and Unsuspend an App Installation – Administrators and users can suspend any GitHub App’s access for as long as needed, and unsuspend the app on command through Settings and the API. Suspended apps cannot access the GitHub API or webhook events. You can use this instead of uninstalling an application, which deauthorises every user.
Security Fixes
- MEDIUM: ImageMagick has been updated to address DSA-4715-1.
- Requests from a GitHub App integration to refresh an OAuth access token would be accepted if sent with a different, valid OAuth client ID and client secret than was used to create the refresh token.
- A user whose LDAP directory username standardizes to an existing GHES account login could authenticate into the existing account.
- Packages have been updated to the latest security versions.
Bug Fixes
- A logged in user trying to accept an email invitation could get a
404 Not Founderror. - If a user navigated to a repository whose name started with “repositories.”, they were redirected to the owner’s “Repositories” tab instead of landing on the repository overview page.
- Labels in the dashboard timeline did not have enough contrast.
- Links to GitHub Security Advisories would use a URL with the hostname of the GitHub Enterprise Server instance instead of GitHub.com, directing the user to a nonexistent URL.
- OAuth refresh tokens would be removed prematurely.
- The repository Settings page of a repository for a user or organization GitHub Pages sites would fail with a “500 Internal Server Error”.
Changes
- Repository administrators can now set their repository to any available visibility option from a single dialog in the repository’s settings. Previously, you had to navigate separate sections, buttons, and dialog boxes for changing between public and private and between private and internal.
- Two-factor recovery codes can no longer be used during the two-factor sign in process. One-Time-Passwords are the only acceptable values.
- The GitHub UI has undergone a design refresh, and the repositories homepage has been redesigned, including a responsive layout and improved mobile web experience.
- In the “Clone with SSH” repository dropdown menu, users will now be notified if they do not have any keys setup.
- Commits are now ordered chronologically in the pull request timeline and commits tab. This new ordering is also reflected in the “List commits on a pull request” REST API and GraphQL “PullRequest object” timeline connection.
- Users can now set a skin tone default for emoji autocomplete results in comment text areas.
- Tree-sitter improves syntax highlighting and is now the default library used for language parsing.
- Developers and organizations can now add their Twitter username to their profile
We will be applying the patch at 5:00 PM EST on Oct 19th.