惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recorded Future
Recorded Future
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
WordPress大学
WordPress大学
博客园 - 聂微东
L
LINUX DO - 最新话题
月光博客
月光博客
小众软件
小众软件
T
Troy Hunt's Blog
A
Arctic Wolf
量子位
I
Intezer
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
有赞技术团队
有赞技术团队
N
News and Events Feed by Topic
美团技术团队
The Cloudflare Blog
P
Privacy International News Feed
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
N
News | PayPal Newsroom
Apple Machine Learning Research
Apple Machine Learning Research
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
雷峰网
雷峰网

Archive: 2026 - GitHub Changelog

MAI-Code-1-Flash for Copilot Business and Copilot Enterprise - GitHub Changelog GitHub Desktop 3.6: Worktrees and deeper Copilot integration - GitHub Changelog Copilot code review: Analysis depth and efficiency updates - GitHub Changelog Enterprise-managed settings now support strictKnownMarketplaces in VS Code and GitHub Copilot CLI - GitHub Changelog Saved views for repository issues - Public Preview and adjustable row heights in projects - GitHub Changelog More control over your GitHub-hosted runners - GitHub Changelog Actions steps can now be run in parallel - GitHub Changelog npm adds preventive account protection for high-impact accounts - GitHub Changelog Red Hat Enterprise Linux runner images are now in public preview - GitHub Changelog GitHub Copilot for Jira is now generally available - GitHub Changelog Cost centers now support enterprise teams - GitHub Changelog Self-service credential revocation for incident response - GitHub Changelog Changes to model selection for Free and Student plans - GitHub Changelog Secret scanning adds extended metadata for Replicate secrets - GitHub Changelog Fetch Code Quality findings via REST API - GitHub Changelog Automatic Dependabot access to GitHub-hosted registries - GitHub Changelog Copilot CLI: New terminal interface is generally available - GitHub Changelog Deprecation of Python 3.9 for Dependabot - GitHub Changelog GitHub Copilot app support for BYOK - GitHub Changelog New features and Claude as agent provider preview in JetBrains IDEs - GitHub Changelog AI credits consumed per user now in the Copilot usage metrics API - GitHub Changelog Upcoming deprecation of Opus 4.6 (fast) - GitHub Changelog MAI-Code-1-Flash available on more Copilot surfaces - GitHub Changelog Copilot code review: AGENTS.md support and UI improvements - GitHub Changelog Detecting Duplicate Issues - Public Preview and issue fields MCP support for GitHub Issues - GitHub Changelog Copilot-authored pull requests now included in author searches - GitHub Changelog Repository switcher generally available in global navigation - GitHub Changelog Actions: Build custom images from custom images - GitHub Changelog Safer pull_request_target defaults for GitHub Actions checkout - GitHub Changelog Control who and what triggers GitHub Actions workflows - GitHub Changelog Generated release notes credit you for Copilot pull requests - GitHub Changelog Read remote repository content with GitHub CLI - GitHub Changelog Secret scanning updates - June 2026 - GitHub Changelog Enterprise-managed settings now support bypass permission controls - GitHub Changelog Auto mode in Copilot Chat available for all users - GitHub Changelog Limit open pull requests for users without write access - GitHub Changelog Agent finder for GitHub Copilot now available - GitHub Changelog Copilot individual plan sign-ups are reopening - GitHub Changelog GitHub Copilot app generally available - GitHub Changelog GitHub Models is no longer available to new customers - GitHub Changelog GitHub Code Quality generally available July 20, 2026 - GitHub Changelog Organization-level enablement for GitHub Code Quality - GitHub Changelog Copilot usage metrics now include more of your active users - GitHub Changelog Copilot code review: New configurations and controls GitHub Actions: Minimum version enforcement timeline for self-hosted runners GitHub Enterprise Server 3.21 is now generally available Bot-created pull requests can run workflows if approved AI usage report updates Copilot CLI: Configure everything from one place with /settings New runner images in public preview GitHub Agentic Workflows is now in public preview Agentic workflows no longer need a personal access token List, view, and create discussions in GitHub CLI Manage sub-issues, types, and dependencies from GitHub CLI Copilot Chat now sees your agent sessions Enterprises can now create up to 500 cost centers Incremental analysis for Go, C/C++, and CodeQL CLI Dedicated security review command now available in Copilot CLI Dependabot version updates now support the Deno ecosystem Upcoming breaking changes for npm v12 Claude Fable 5 is generally available for GitHub Copilot Periodic code scanning of inactive repositories GPT-5.2 and GPT-5.2-Codex deprecated CodeQL 2.25.6 adds Swift 6.3.2 support and improves C# coverage Enterprise-managed plugins in VS Code in public preview Fix with Copilot for failing Actions now in Pro, Pro+, and Max Agent tasks REST API now available for Copilot Pro, Pro+, and Max Budget and usage management APIs now generally available API access to billing usage reports now generally available Larger context windows and configurable reasoning levels for GitHub Copilot GitHub Copilot in Visual Studio — May update Enterprise Teams is now generally available Copilot Chat brings richer context to pull requests GitHub Copilot in Visual Studio Code, May releases GPT-4.1 deprecated Expanded technical preview availability for the GitHub Copilot app Copilot SDK is now generally available Copilot CLI: Improved UI, rubber duck, prompt scheduling, and voice input Cloud and local sandboxes for GitHub Copilot now in public preview GitHub Copilot code review for Azure Repos is now in technical preview Shape Copilot code review around your team Extend GitHub with agent apps Introducing Copilot CLI and agentic capabilities enhancements in JetBrains IDEs Gemini models in Copilot CLI, cloud agent, and the Copilot app GitHub Copilot in Eclipse: BYOK, skills, and chat updates Evaluation models in auto for individual plans Updates to GitHub Copilot billing and plans Copilot usage metrics API adds cohorts for AI adoption Hard budget limits now available for GitHub Advanced Security CodeQL 2.25.5 improves query accuracy for GitHub Actions Claude Opus 4.8 is generally available for GitHub Copilot Copilot Memory has more controls for deletion, scope, and the Copilot CLI GitHub Code Quality: Repository Enablement API Target Copilot models to organizations with model rules Dependabot version updates now support the sbt ecosystem Filter secret scanning approval requests by sort order and bypass status GitHub Classroom sign-ups are no longer available Code coverage on pull requests is now in public preview GitHub Copilot for Eclipse is open source Issue fields are now in public preview for all organizations
Staged publishing and new install-time controls for npm
Allison · 2026-05-23 · via Archive: 2026 - GitHub Changelog

Today we’re shipping two updates focused on supply-chain security for npm:

  1. Staged publishing is generally available.
  2. New --allow-* install source flags (--allow-file, --allow-remote, --allow-directory) complement the existing --allow-git flag.

Both are available in npm CLI 11.15.0 or newer.


Staged publishing is generally available

Staged publishing is now generally available on npm. Instead of a direct publish that immediately makes a package version available to consumers, the prebuilt tarball is uploaded to a stage queue where a maintainer must explicitly approve it before it becomes installable. The queue is visible both on npmjs.com and in the npm CLI.

Staged publishing reinforces proof of presence on every publish, including those that originate from non-interactive CI/CD workflows and those using trusted publishing with OIDC. A human maintainer with a 2FA challenge is required to approve a staged package before it is released to the registry.

Staged publishing is live today, and so are the docs.

Requirements

  • npm CLI 11.15.0 or newer is required to use npm stage.
  • Update CI/CD workflows to use npm stage publish instead of npm publish where you want staged behavior.

We recommend pairing staged publishing with trusted publishing (OIDC). A trusted publishing configuration can be limited to stage-only, which means npm publish from that workflow will be rejected and only npm stage publish is accepted. Your CI workflows continue to run non-interactively, and a maintainer later approves the staged version from the website or the CLI.

You can also run npm stage publish locally, but the highest-value setup is CI publishing to the stage queue and a maintainer approving from a trusted device.

If you already manage trusted publishing configurations in bulk, released Feb 2026, you can use it to migrate your packages to staged publishing. Remember to update your CI workflows to the new CLI version and to use npm stage publish.

New install source flags

In npm 11.10.0 we introduced --allow-git to give you control over whether npm install can resolve dependencies from Git sources. Starting in npm 11.15.0, we are adding three more flags so you can apply the same explicit-allowlist approach to every nonregistry install source:

  • --allow-file: Controls installs from local file paths and local tarballs.
  • --allow-remote: Controls installs from remote URLs, including https tarballs.
  • --allow-directory: Controls installs from local directories.
  • --allow-git (existing): Controls installs from any Git source, including github:, gitlab:, git+ URLs, and bare owner/repo shorthands.

Each flag accepts all (the current default) or none, and can also be set in .npmrc or package.json config.

Learn more by checking out our docs:

As a reminder from the Feb 2026 announcement, --allow-git will change its default from all to none in the next major version of the CLI (v12). The new --allow-file, --allow-remote, and --allow-directory flags are additions in 11.15.0—you can opt into stricter behavior today by setting them to none.


Join the discussion

We’d like to hear how you’re rolling this out. Share feedback and questions in the GitHub Community discussion.