GitHub
npx @buildinternet/releases get githubRecently shipped the new pull requests dashboard as GA, agentic autofix for code scanning, and AI-powered security detections on pull requests.
Code scanning gained AI-powered detections and self-validating autofix. Code scanning now surfaces AI security detections on pull requests, extending vulnerability coverage to languages and frameworks beyond CodeQL. Agentic autofix (public preview) explores the codebase, proposes a fix, reruns CodeQL to validate, and opens a draft PR—all in 2–4 minutes. CodeQL 2.26.0 added Kotlin 2.4.0 support and system prompt injection detection for JavaScript/TypeScript.
The pull requests dashboard is now GA. The new dashboard at github.com/pulls provides an inbox for review requests, CI failures, and merge-ready PRs, plus saved views for custom filters. Advanced search for Projects also reached GA, adding logical AND/OR to the filter bar.
Supply chain and secret scanning defenses tightened. Dependabot now waits three days by default before opening version update PRs, giving time for community signals on compromised releases. Repository admins can archive pull requests to remove them from public view. Secret scanning custom patterns can now be managed via REST API, the secret_scanning_alert webhook includes a secret_category field, and detector types were renamed for clarity. Resend joined the secret scanning partner program, and public monitoring shows insight cards for leaks.
Enterprise and governance tools expanded. REST API endpoints for Visual Studio Subscription management are now available, and Code Quality license estimates are in public preview. The SSO and Organizations settings pages were separated. Innersource security advisories remain GA, and enterprise-managed OpenTelemetry export and MDM-based settings deployment shipped for VS Code and CLI.
Agentic capabilities in Copilot expanded. The /security-review slash command in the Copilot app (public preview) scans in-flight code changes for vulnerabilities. Visual Studio gained Copilot usage tracking and trust validation for MCP servers. JetBrains Copilot expanded BYOK with custom endpoint support. OpenAI's GPT-5.6 Sol, Terra, and Luna continue rolling out in Copilot.
Desktop, Mobile, and CLI updates. Desktop 3.6.3 fixed Copilot errors on Windows and improved worktree handling. Mobile 1.267.0 added one-tap copy of PR head branch name. CLI 2.96.0 fixed a Codespace security vulnerability (gh codespace jupyter) and allows release downloads without authentication on public repos. CLI 2.95.0 added gh repo read-file and gh repo read-dir.
