GitHub Upgrade – 3.2.0

GitHub version 3.2.0 is a feature release which includes a new dark mode, SSH Authentication with Security Keys and GitHub Actions Environments. It also includes multiple updates to markdown, repositories, GitHub Actions and more.

Features

  • DARK AND DARK DIMMED THEMES
    • Dark and dark dimmed themes are now available for the web UI. GitHub Enterprise Server will match your system preferences when you haven’t set theme preferences in GitHub Enterprise Server. You can also choose which themes are active during the day and night. For more information, see “Managing your theme settings.”
  • SSH AUTHENTICATION WITH SECURITY KEYS
    • SSH authentication using a FIDO2 security key is now supported when you add a sk-ecdsa-sha2-nistp256@openssh.com or sk-ssh-ed25519@openssh.com SSH key to your account. SSH security keys store secret key material on a separate hardware device that requires verification, such as a tap, to operate. For more information, see “Generating a new SSH key and adding it to the ssh-agent.”
  • GITHUB ACTIONS ENVIRONMENTS
    • Environments, environment protection rules, and environment secrets are now generally available for GitHub Actions on GitHub Enterprise Server. For more information, see “Environments.”

Changes

  • TOKEN CHANGES
    • The format of authentication tokens for GitHub Enterprise Server has changed. The change affects the format of personal access tokens and access tokens for OAuth Apps, as well as user-to-server, server-to-server, and refresh tokens for GitHub Apps.The different token types now have unique identifiable prefixes, which allows for secret scanning to detect the tokens so that you can mitigate the impact of someone accidentally committing a token to a repository. GitHub recommends updating existing tokens as soon as possible. For more information, see “About authentication to GitHub” and “About secret scanning.”
  • REPOSITORIES CHANGES
    • Repositories on user profiles and organization profiles now support sorting by star count.
    • When viewing the commit history of a single file, you can now click  to view that file at the selected point in history.
    • When a submodule is defined with a relative path in your GitHub Enterprise Server instance, the submodule is now clickable in the web UI. For more information about working with submodules, see Working with submodules on the GitHub Blog.
    • The web UI can now be used to synchronize an out-of-date branch of a fork with the fork’s upstream branch. For more information, see “Syncing a fork.”
  • MARKDOWN CHANGES
    • The markdown editor used when creating or editing a release in a repository now has a text-editing toolbar. For more information, see “Managing releases in a repository.”
    • Uploading video files is now supported everywhere you write Markdown on GitHub Enterprise Server. For more information, see “Attaching files.”
    • Markdown files will now automatically generate a table of contents in the header when there are 2 or more headings. The table of contents is interactive and links to the selected section. All 6 Markdown heading levels are supported.
    • There is a new keyboard shortcut, cmd+e on macOS or ctrl+e on Windows, to insert codeblocks in Markdown files, issues, pull requests, and comments.
    • Appending ?plain=1 to the URL for any Markdown file will now display the file without rendering and with line numbers. The plain view can be used to link other users to specific lines. For example, appending ?plain=1#L52 will highlight line 52 of a plain text Markdown file. For more information, “Creating a permanent link to a code snippet.”
  • ISSUES AND PULL REQUESTS CHANGES
    • A new “Require conversation resolution before merging” branch protection rule and “Conversations” menu is now available. For more information, see “About pull request reviews” and “About protected branches.”
    • To prevent the merge of unexpected changes after auto-merge is enabled for a pull request, auto-merge is now disabled automatically when new changes are pushed by a user without write access to the repository. For more information about auto-merge, see “Automatically merging a pull request.”
    • People with maintain permissions can now manage the repository-level “Allow auto-merge” setting. For more information, see “Managing auto-merge for pull requests in your repository.”
    • The assignees selection for issues and pull requests now supports type ahead searching so you can find users in your organization faster. Additionally, search result rankings have been updated to prefer matches at the start of a person’s username or profile name.
    • When a review is requested from a team of more than 100 people, developers are now shown a confirmation dialog box in order to prevent unnecessary notifications for large teams.
    • Back-tick code blocks are now supported in issue titles, pull request titles, and in any place issue and pull request titles are referenced in GitHub Enterprise Server.
    • Events for pull requests and pull request reviews are now included in the audit log for both enterprises and organizations. For more information, see “Reviewing the audit log for your organization.”
  • BRANCHES CHANGES
    • The default branch name for new repositories is now main. Existing repositories are not impacted by this change. If users, organization owners, or enterprise owners have previously specified a default branch for new repositories, they are also not impacted.If you want to set a different default branch name, you can do so in the userorganization, or enterprise settings.
    • Branches, including the default branch, can now be renamed using the the GitHub Enterprise Server web UI. When a branch is renamed, any open pull requests and draft releases targeting the renamed branch will be retargeted automatically, and branch protection rules that explicitly reference the renamed branch will be updated.Admin permissions are required to rename the default branch, but write permissions are sufficient to rename other branches.To help make the change as seamless as possible for users:
      • A notice is shown to contributors, maintainers, and admins on the repository homepage with instructions for updating their local repository.
      • Web requests to the old branch will be redirected.
      • A “moved permanently” HTTP response will be returned to REST API calls.
      • An informational message is displayed to Git command line users that push to the old branch.For more information, see “Renaming a branch.”
  • GITHUB PACKAGES CHANGES
    • Any package or package version for GitHub Packages can now be deleted from GitHub Enterprise Server’s web UI. You can also undo the deletion of any package or package version within 30 days. For more information, see “Deleting and restoring a package“.
  • CODE SCANNING AND SECRET SCANNING CHANGES
    • Code scanning with CodeQL now generates diagnostic information for all supported languages. This helps check the state of the created database to understand the status and quality of performed analysis. The diagnostic information is available starting in version 2.5.6 of the CodeQL CLI. You can see the detailed diagnostic information in the GitHub Actions logs for CodeQL. For more information, see “Viewing code scanning logs.”
    • Code scanning with CodeQL CLI now supports analyzing several languages during a single build. This makes it easier to run code analysis to use CI/CD systems other than GitHub Actions. The new mode of the codeql database create command is available starting version 2.5.6 of the CodeQL CLI. For more information about setting this up, see “Installing CodeQL CLI in your CI system.”
    • Code scanning alerts from all enabled tools are now shown in one consolidated list, so that you can easily prioritize across all alerts.
    • Code scanning with CodeQL now includes beta support for analyzing C++20 code. This is only available when building codebases with GCC on Linux. C++20 modules are not supported yet.
    • The depth of CodeQL’s analysis has been improved by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models for several languages (C++JavaScriptPython, and Java). For more information, see the GitHub changelog.
    • Code scanning now shows security-severity levels for CodeQL security alerts. For more information see “Defining which alert severity levels cause pull request check failure.”
    • Improvements to the branch filter for code scanning alerts make it clearer which code scanning alerts are being displayed on the alerts page.
    • Free text search is now available for code scanning alerts.
    • Secret scanning added patterns for 23 new service providers. For the updated list of supported secrets, see “About secret scanning.”
  • API CHANGES
    • Pagination support has been added to the Repositories REST API’s “compare two commits” endpoint, which returns a list of commits reachable from one commit or branch, but unreachable from another. The API can also now return the results for comparisons over 250 commits. For more information, see the “Repositories” REST API documentation and “Traversing with pagination.”
    • The REST API can now be used to programmatically resend or check the status of webhooks. For more information, see “Repositories,” “Organizations,” and “Apps” in the REST API documentation.

The update will be applied Monday October 4, 2021 at 5:00 PM EDT.

See the complete upgrade notes on the GitHub Enterprise site: https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.0