releases.shpreview
Home/GitHub
GitHub

GitHub

$npx @buildinternet/releases get github
OverviewReleasesSources
May 8, 2026
Upcoming deprecation of Grok Code Fast 1
viaGitHub Changelog

We will deprecate Grok Code Fast 1 across all GitHub Copilot experiences (including Copilot Chat, inline edits, ask and agent modes, and code completions) on May 15th:

Model Deprecation date Suggested alternative

Grok Code Fast 1 2026-05-15 GPT-5 mini / Claude Haiku 4.5

The Grok Code Fast 1 deprecation date is accelerated due to the model provider deprecation.

Please update your workflows and integrations to use supported models before this date. Copilot Enterprise administrators may need to enable access to alternative models through their model policies in Copilot settings. As an administrator, you can verify availability by checking your individual Copilot settings and confirming that the policy is enabled for the specific model. Once enabled, you’ll see the model in the Copilot Chat model selector in VS Code and on github.com. No action is required to remove the models once they have been deprecated.

GitHub Enterprise customers with questions or concerns are encouraged to reach out to their account manager for further assistance.

Share your feedback

To learn more about the models available in Copilot, see our documentation on models and get started with Copilot today.

Join the GitHub Community to share your feedback.

The post Upcoming deprecation of Grok Code Fast 1 appeared first on The GitHub Blog.

Copilot code review comment types now in usage metrics API
viaGitHub Changelog

To help you understand the activity generated by Copilot code review users, the Copilot usage metrics API now breaks down Copilot code review suggestions by comment type. A new copilot_suggestions_by_comment_type array is available under pull_requests in both enterprise and organization reports.

What’s new

For each Copilot code review suggestion (i.e., a line-anchored review comment generated automatically by Copilot), the new array reports aggregated counts by the comment types Copilot assigned to the suggestion (e.g., security or bug_risk):

  • comment_type: The category Copilot assigned to the review suggestion.

  • total_copilot_suggestions: The total number of Copilot code review suggestions of that comment type posted during the reporting period.

  • total_copilot_applied_suggestions: The number of those suggestions that were applied by a developer.

The breakdown is available in single-day and 28-day rolling window reports at both the enterprise and organization levels. You cannot currently drill down to the repository level, though this is being investigated for the future.

Why this matters

  • Understand what Copilot is catching: See which categories of issues Copilot code review surfaces most often in your pull requests.

  • Measure which feedback developers act on: Compare suggestion volume to applied suggestions per type to see where Copilot code review delivers the most value.

  • Complete the code review picture: Combined with the existing Copilot code review user counts and pull request metrics, you now have visibility into not just how much Copilot code review is used, but what kinds of feedback it produces and how often it’s adopted.

Important notes

  • These metrics are available to enterprise administrators and organization owners who have access to Copilot usage metrics through the REST API.

  • Only suggestions posted by Copilot code review are included. The breakdown reflects the comment type Copilot assigned to each suggestion at the time it was posted.

Join the discussion within GitHub Community.

The post Copilot code review comment types now in usage metrics API appeared first on The GitHub Blog.

Disable commit comments on the user level
viaGitHub Changelog

You can now choose whether commit comments are enabled or disabled by default for repositories owned by your personal account. This makes it easier to manage commit comment behavior across multiple personal repositories without updating them one by one.

In user-level repository settings, you’ll find a new “Commit comments” section with two options:

  • Enabled by default

  • Disabled by default

When you choose a default, it applies to repositories owned by your personal account that don’t already have an explicit repository-level setting. You can still override the default in an individual repository with Allow comments on individual commits.

Repositories that already have an explicit repository-level choice keep that setting, even if you change your user-level default later.

If a repository inherits Disabled by default:

  • The comment form is hidden on commit pages.

  • Inline diff comment entry points and inline thread replies are hidden.

  • Creating commit comments through the REST API and GraphQL API is blocked.

  • Existing commit comments remain viewable, editable, and deletable.

To leave feedback, join the discussion within GitHub Community.

The post Disable commit comments on the user level appeared first on The GitHub Blog.

More flexible secrets and variables for Copilot cloud agent
viaGitHub Changelog

When you delegate a task to Copilot cloud agent, it works in the background in its own development environment powered by GitHub Actions. You can pass secrets and variables to the agent to give it access to private resources or to configure MCP servers.

Until now, these had to be configured one repository at a time, in a copilot environment under the repository’s Actions settings. That made it painful to roll out shared configuration (e.g., an internal package registry token or a common MCP server) across many repositories.

Today, Copilot cloud agent gets its own dedicated “Agents” secrets and variables, sitting alongside the existing “Actions”, “Codespaces”, and “Dependabot” types. This means you can:

  • Configure secrets and variables at the organization level for the first time, and share them across any or all repositories in your organization.

  • Manage repository-level secrets and variables in a dedicated “Agents” section in your repository settings, separate from your Actions configuration.

  • Choose which repositories in an organization can access each secret or variable, just like with Actions.

This makes it much easier to configure Copilot cloud agent at scale, without having to duplicate configurations across every repository.

To learn more, see “Configuring secrets and variables for Copilot cloud agent” in the GitHub Docs.

The post More flexible secrets and variables for Copilot cloud agent appeared first on The GitHub Blog.

2.25.3
CodeQL 2.25.3 adds Swift 6.3 support
viaGitHub Changelog

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.25.3, which adds support for Swift 6.3, promotes five C/C++ queries to the default code scanning query suite, and includes various accuracy improvements across languages.

Language and framework support

Swift

  • CodeQL now supports analysis of apps built with Swift 6.3.

Python

  • The Python extractor now supports the new lazy import ... and lazy from ... import ... syntax defined in PEP-810, which is part of Python 3.15.

Java/Kotlin

  • The java/xxe and java/xxe-local queries now detect sinks in the Woodstox StAX library, including direct uses of com.ctc.wstx.stax.WstxInputFactory and org.codehaus.stax2.XMLInputFactory2.

C/C++

  • We’ve added AllocationFunction models for aligned_alloc, std::aligned_alloc, and bsl::aligned_alloc.

Query changes

C/C++

  • We’ve promoted five queries to high precision and added them to the default code scanning query suite:

cpp/comparison-with-wider-type (Comparison of narrow type with wide type in loop condition).

C#

  • We’ve updated the cs/useless-tostring-call query to avoid false positives in calls to StringBuilder.AppendLine and in calls of the form base.ToString(), and we’ve made the alert message more precise.

JavaScript/TypeScript

  • The js/missing-rate-limiting query now accounts for Fastify per-route rate limiting.

Python

  • The py/bind-socket-all-network-interfaces query now uses the global data-flow library, leading to better precision and more results. The query also recognizes wrappers of socket.socket in the eventlet and gevent libraries as socket binding operations.

GitHub Actions

  • We’ve improved the alert messages and source locations for the actions/artifact-poisoning/critical and actions/artifact-poisoning/medium queries, making alerts easier to understand and aligning them with similar queries that report on potentially untrusted artifacts.

  • The actions/missing-workflow-permissions query no longer produces false positives on reusable workflows where all callers set permissions.

  • We’ve removed false positive injection sink models for the context input of docker/build-push-action and the allowed-endpoints input of step-security/harden-runner.

For a full list of changes, please refer to the complete changelog for version 2.25.3. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on github.com. The new functionality in CodeQL 2.25.3 will also be included in GitHub Enterprise Server (GHES) 3.22 release. If you use an older version of GHES, you can manually upgrade your CodeQL version.

The post CodeQL 2.25.3 adds Swift 6.3 support appeared first on The GitHub Blog.

4.1
Upcoming deprecation of GPT-4.1
viaGitHub Changelog

We will deprecate the following model across all GitHub Copilot experiences (including Copilot Chat, inline edits, ask and agent modes, and code completions) on 6/1/2026:

Model Deprecation date Suggested alternative

GPT-4.1 2026-06-01 GPT-5.5

Please update your workflows and integrations to use supported models before these dates. Copilot Enterprise administrators may need to enable access to alternative models through their model policies in Copilot settings. As an administrator, you can verify availability by checking your individual Copilot settings and confirming that the policy is enabled for the specific model. Once enabled, you’ll see the model in the Copilot Chat model selector in VS Code and on github.com. No action is required to remove the models once they have been deprecated.

GitHub Enterprise customers with questions or concerns are encouraged to reach out to their account manager for further assistance.

Share your feedback

To learn more about the models available in Copilot, see our documentation on models and get started with Copilot today.

Join the GitHub Community to share your feedback.

The post Upcoming deprecation of GPT-4.1 appeared first on The GitHub Blog.

May 7, 2026
Claude Sonnet 4 deprecated
viaGitHub Changelog

We have deprecated the following model across all GitHub Copilot experiences (including Copilot Chat, inline edits, ask and agent modes, and code completions) on May 6, 2026.

Model Deprecation date Suggested alternative

Claude Sonnet 4 2026-05-06 Claude Sonnet 4.6

Please update your workflows and integrations to use supported models. Copilot Enterprise administrators may need to enable access to alternative models through their model policies in Copilot settings. As an administrator, you can verify availability by checking your individual Copilot settings and confirming that the policy is enabled for the specific model. Once enabled, you’ll see the model in the Copilot Chat model selector in VS Code and on github.com. No action is required to remove the deprecated models.

GitHub Enterprise customers with questions or concerns are encouraged to reach out to their account manager for further assistance.

Share your feedback

To learn more about the models available in Copilot, see our documentation on models and get started with Copilot today.

Join the GitHub Community to share your feedback.

The post Claude Sonnet 4 deprecated appeared first on The GitHub Blog.

Enterprise Live Migrations is now in public preview
viaGitHub Changelog

Enterprise Live Migrations (ELM) is now available in public preview. ELM gives enterprise administrators a new way to migrate repositories from GitHub Enterprise Server (GHES) to GitHub Enterprise Cloud with data residency, without the extended code freezes and business disruption that come with traditional migrations. Key features of ELM to consider when selecting a tool for your next repository migration are:

  • Cutover in minutes, not days: ELM continuously syncs data from source to target, so developers keep working in their repositories throughout the migration. When you’re ready, the cutover only requires the time to drain remaining in-flight changes. This is especially valuable for business-critical repositories contributed to by geographically dispersed teams where there is no convenient downtime window to fit a migration into.

Built for the largest monorepos: ELM was purpose-built to handle the repositories that push existing tooling to its limits (i.e., massive monorepos with deep git history, large volumes of issues and pull requests, and constant activity around the clock). Resource-level progress tracking surfaces failures before cutover, so you can make an informed decision about when to proceed.

Use ELM alongside GitHub Enterprise Importer: ELM complements GEI, giving you flexibility to choose the right tool for each repository based on its size, shape, and activity. Use GEI for straightforward migrations where brief downtime is acceptable, and ELM for the repositories that need a zero-disruption approach. Run them concurrently as part of the same migration strategy.

ELM runs as a service on your GHES appliance, driven by the elm CLI. ELM is delivered as part of GHES versions 3.17.14+, 3.18.8+, 3.19.5+, and 3.20.2+. This release ships with the most recent GHES patch releases.

To get started, check out the Enterprise Live Migrations documentation. Have feedback or questions? Join our community discussion.

The post Enterprise Live Migrations is now in public preview appeared first on The GitHub Blog.

Rubber Duck in GitHub Copilot CLI now supports more models
viaGitHub Changelog

Rubber Duck, the cross-family review agent in GitHub Copilot CLI, is now available using a Claude-powered critic agent when your session is using a GPT model. For sessions using Claude as their orchestrator, we’ve upgraded the GPT model used to seek a second opinion.

What’s new

  • Rubber Duck for GPT sessions: When you’ve selected a GPT model as your orchestrator, and /experimental is enabled, Copilot will dispatch a Claude-powered Rubber Duck agent to provide a second opinion. The same second-opinion benefits (architectural catches, subtle bugs, and cross-file conflicts) now apply to GPT-driven sessions.

  • Stronger reviewer models for Claude sessions: Claude orchestrator sessions can now pair with GPT-5.5 as the Rubber Duck model for more effective second opinions.

To try it, run copilot and ensure /experimental on is toggled.

To learn more about how Rubber Duck combines model families to improve Copilot CLI’s performance, read our recent blog post.

The post Rubber Duck in GitHub Copilot CLI now supports more models appeared first on The GitHub Blog.

Repository rulesets: User bypass and branch renaming
viaGitHub Changelog

GitHub repository rulesets now support two frequently requested features: adding individual users as bypass actors and renaming branches covered by organization rulesets.

Add individual users as bypass actors

You can now add individual users as bypass actors on repository-level rulesets through the UI, REST API, and GraphQL. If you’ve been creating dedicated teams or roles just to grant bypass access for a single person or service account, you can now skip that step and add accounts directly.

Rename branches covered by rulesets

Repository administrators can now rename a branch that’s covered by an organization or enterprise ruleset, as long as the new branch name remains within the scope of every ruleset that applied to the original name. This removes the need to involve an organization or enterprise administrator for routine renames (e.g., migrating from master to main) when the rename doesn’t change which rules apply.

Enterprise-level setting:

Organization-level setting:

  • The rename is allowed only when every organization-level and enterprise-level rule that applied to the original branch also applies to the new branch name.

  • If the new name would fall outside the scope of any applicable ruleset, the rename is blocked and an administrator at that level must perform it.

  • Organization and enterprise administrators can disable this capability in their settings.

To learn more, see the rulesets documentation.

The post Repository rulesets: User bypass and branch renaming appeared first on The GitHub Blog.

May 6, 2026
Enterprise-managed plugins in GitHub Copilot CLI are now in public preview
viaGitHub Changelog

Enterprise administrators can now configure and distribute plugins to GitHub Copilot CLI users across their enterprise. Set baseline standards for your enterprise and make them available in every user’s Copilot CLI client. Plugins support many extensibility types and can be installed automatically, helping improve developer onboarding and reduce setup time by broadly sharing custom agents and skills. You can also strengthen your governance strategy by defining hooks and MCP configurations that are always enabled across your enterprise.

With this update, you can define plugin marketplaces in a settings.json file located at .github-private/.github/copilot/settings.json. GitHub Copilot CLI automatically pulls and applies these settings for users licensed through your enterprise account with Copilot Business or Copilot Enterprise. You can also specify plugins to be installed automatically whenever users authenticate with Copilot CLI.

If you’ve already configured a source organization for custom agents, your plugin settings will use that same .github-private repository. You can confirm if your configuration is active on the Agents page under AI controls in your enterprise settings.

To learn more, see our documentation on Enterprise managed client settings docs.

Join the discussion within GitHub Community.

The post Enterprise-managed plugins in GitHub Copilot CLI are now in public preview appeared first on The GitHub Blog.

GitHub Copilot in Visual Studio Code, April releases
viaGitHub Changelog

VS Code moved to weekly stable releases. This changelog covers releases v1.116 through v1.119, the releases we shipped throughout April and early May 2026.

Copilot can now search by meaning in any workspace and run grep-style queries across GitHub repos and orgs. An experimental /chronicle feature lets you query your own chat history to recall what you worked on, which files you touched, and which PRs you referenced. Smarter prompt caching, deferred tool loading, and purpose-built agentic tools reduce token usage without changing agent behavior.

Agents gain inline diffs in chat, browser tab sharing, and read/write access to any open terminal. Bring-your-own-key support extends to Copilot Business and Enterprise, letting teams connect their own model providers directly in VS Code. Admins get new group policies for controlling which domains agents can reach.

For longer-running work, Copilot CLI sessions can now be monitored and steered remotely from GitHub.com or the mobile app. Agent debug logs persist across sessions, and background terminal commands surface as notifications in chat.

Smarter context

  • Search across any codebase: Semantic indexing now works in all workspaces. Agents can also run grep-style searches across GitHub repos and orgs with the new githubTextSearch tool.

  • Query history with /chronicle (Experimental): Chronicle tracks your chat interactions in a local database so you can search past sessions, recall recent work, and get personalized workflow tips. Setting: ⚙️ github.copilot.chat.localIndex.enabled

  • Lower token usage: Smarter prompt caching, deferred tool loading, and new agentic tools reduce token usage on every request.

Agent experience

  • Review diffs in chat: Code changes now appear as diffs directly in the chat thread.

  • Generate agent customizations: Draft custom agents, skills, and instructions from a natural language description.

  • Bring your own model key: Copilot Business and Enterprise users can link their own API keys (OpenRouter, Microsoft Foundry, Google, Anthropic, OpenAI, and others) to use those models directly in VS Code chat. You can also run models locally with Ollama, Foundry Local, and more. Admins control access via the Bring Your Own Language Model Key policy on GitHub.com. BYOK is available for Copilot Free, Pro, and Pro users.

  • Agents can access any open terminal: Agents can read from and write to existing foreground terminals, including running REPLs and interactive scripts.

  • Integrated Browser: Give agents visibility into your live browser by sharing tabs on demand as context. Agents can read content, interact with pages, and validate changes in real time.

Chat Continuity

  • Continue Copilot CLI sessions across devices: This experimental feature requires enabling ⚙️ github.copilot.chat.cli.remote.enabled in Settings. After that, run /remote on to monitor and steer ongoing Copilot CLI sessions started in VS Code from GitHub.com or the mobile app.

  • Debug past agent sessions: The Agent Debug Log panel now persists logs locally so you can retrace what happened in earlier runs.

  • Track background commands: Long-running terminal commands inform you of their status with system notifications in chat.

Also new

  • UX improvements to help you work more efficiently with agent sessions: Incremental chat rendering, sortable agent sessions, and synced session titles for Copilot CLI.

  • New Markdown preview experience: Easily switch between Markdown source and preview using new toolbar buttons and commands.

Happy coding!

Join the discussion within GitHub Community.

The post GitHub Copilot in Visual Studio Code, April releases appeared first on The GitHub Blog.

Search and filter bar for repository security advisories
viaGitHub Changelog

You can now search and filter security advisories directly from your repository’s Security tab. Use the new search bar and filters at the top of the advisory list to find advisories by keyword (sort, package, ecosystems, severity) so you spend less time scrolling and more time responding to what matters.

Whether you’re triaging incoming vulnerability reports or reviewing previously published advisories, you can now get to the right advisory faster without leaving the page or relying on the API.

This changelog is part of our investment in improving the security advisory experience on GitHub. Join the discussion within GitHub Community.

The post Search and filter bar for repository security advisories appeared first on The GitHub Blog.

May 5, 2026
Secret scanning with GitHub MCP Server is now generally available
viaGitHub Changelog

GitHub secret scanning in the GitHub MCP (Model Context Protocol) server is now generally available. When you use an MCP-compatible AI coding agent or IDE (like GitHub Copilot CLI or Visual Studio Code), you can scan your code for exposed secrets before you commit or open a pull request, so leaked credentials don’t make it into your repository in the first place.

It’s been in public preview since March 2026, and it’s available for repositories with GitHub Secret Protection enabled.

What’s new

Secret scanning tools in the MCP server now honor your existing push protection customization, so detections and bypass behavior stay consistent with what you’ve already set up at the repository or organization level.

Get started

  • Set up the GitHub MCP server in your developer environment.

  • (Optional) Install the GitHub Advanced Security plugin for a more tailored secret scanning experience.

In GitHub Copilot CLI, run /plugin install advanced-security@copilot-plugins.

  • In Visual Studio Code, install the advanced-security agent plugin, then use /secret-scanning in Copilot Chat to start your prompt.

  • Ask your agent to scan your current changes for exposed secrets before you commit. For example:

Scan my current changes for exposed secrets and show me the files and lines I should update before I commit.

For the full set of setup options and configurations, see documentation for GitHub MCP server secret scanning setup options and configurations.

Learn more

Learn more about GitHub secret scanning and how to set up the GitHub MCP server.

Join the discussion in the GitHub Community.

The post Secret scanning with GitHub MCP Server is now generally available appeared first on The GitHub Blog.

Dependency scanning with GitHub MCP Server is in public preview
viaGitHub Changelog

The GitHub MCP Server can now scan your code changes for vulnerable dependencies before you commit or open a pull request. You’ll catch known vulnerabilities while you write code with MCP-compatible IDEs and AI coding agents. It’s now in public preview for repositories with Dependabot alerts enabled.

How it works

The dependency vulnerability scanning tools ship as part of the GitHub MCP Server’s dependabot toolset. Once enabled, your AI coding agent can run dependency vulnerability scanning based on your prompts. When you ask the agent to check for vulnerable dependencies, it invokes the toolset, sends dependency information to the GitHub Advisory Database, and returns structured results with affected packages, severity, and recommended fixed versions. For more thorough post-commit checks, the toolset can also run the Dependabot CLI locally to diff dependency graphs before and after your changes.

Get started

In GitHub Copilot CLI, the GitHub MCP Server is preinstalled. Run copilot --add-github-mcp-toolset dependabot to enable the dependabot toolset for your session.

  • In Visual Studio Code, add "X-MCP-Toolsets": "dependabot" to your GitHub MCP Server headers, or pick Dependabot from the toolset selector in Copilot Chat.

  • Install the advanced-security plugin for GitHub Copilot for a more tailored dependency vulnerability scanning experience. For example:

In GitHub Copilot CLI, run /plugin install advanced-security@copilot-plugins.

  • In Visual Studio Code, install the advanced-security agent plugin, then use /dependency-scanning in Copilot Chat to start your prompt.

  • Ask your agent to scan your current changes for vulnerable dependencies before you commit.

Here’s an example prompt you can use: Scan the dependencies I added on this branch for known vulnerabilities and tell me which versions to upgrade to before I commit.

Learn more

Join the discussion within GitHub Community.

The post Dependency scanning with GitHub MCP Server is in public preview appeared first on The GitHub Blog.

Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available
viaGitHub Changelog

This integration is now generally available. Since entering public preview, we’ve heard valuable feedback from customers, and we’ve shipped follow-up improvements that bring artifact and runtime context closer to the GitHub Advanced Security alert experience.

This integration connects code, build artifacts, and runtime context so you can track, prioritize, and remediate the security risks most relevant to your environment.

Code-to-cloud correlation with Microsoft Defender for Cloud

Defender for Cloud correlates what’s running in your cloud environments back to the source code that produced it. Defender maps container images deployed in your environments to the GitHub repositories that built them, using signals like GitHub artifact attestations alongside its own runtime intelligence.

Once Defender for Cloud links an artifact to its source, you can evaluate security findings in the context of where and how the code runs.

Runtime risk context from Microsoft Defender for Cloud

Defender for Cloud also brings workload details into GitHub through the Deployment Record API, populating the linked artifacts view with runtime context for each deployed artifact—such as whether it’s internet-exposed or processes sensitive data. With this context on GitHub, your security and development teams share a single source of truth for how build artifacts run and the risks they pose.

Runtime-aware filtering and campaign targeting

GitHub Advanced Security supports runtime context filters across GitHub code scanning, Dependabot, and security campaigns. You’ll find these filter options in organization-level alert lists and campaign creation flows:

  • Filter by deployment status using has:deployment.

  • Focus on runtime risks with runtime-risk: (for example, runtime-risk:internet-exposed or runtime-risk:sensitive-data).

Getting started

  • To enable the integration, follow the setup steps in the Microsoft Defender for Cloud documentation for GitHub Advanced Security. Once connected, Defender handles container deployments and runtime risk context automatically.

  • Use the new filter options in security views to focus triage and campaigns on what’s deployed and exposed.

  • Assign critical security issues or campaigns to the GitHub Copilot coding agent directly from the issue or campaign view.

Join the discussion in the GitHub Community.

The post Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available appeared first on The GitHub Blog.

Deprecation notice: code_scanning_upload field will be removed from rate_limit API endpoint
viaGitHub Changelog

On May 19, 2026, we’ll remove the code_scanning_upload field from the rate_limit REST API endpoint response.

Why did we make this change?

The code_scanning_upload field in the rate_limit response has been a source of confusion. While it appeared as a separate rate limit category, it shares the same limit pool as core. This led customers to incorrectly interpret their rate limit status.

What you need to do

If your code or scripts parse the /rate_limit endpoint and reference the code_scanning_upload field, update them before May 19, 2026 to avoid failures.

Before:

{
  "resources": {
    "core": { "limit": 5000, "used": 1, "remaining": 4999, "reset": 1372700873 },
    "code_scanning_upload": { "limit": 5000, "used": 1, "remaining": 4999, "reset": 1372700873 }
  }
}

After May 19, 2026:

{
  "resources": {
    "core": { "limit": 5000, "used": 1, "remaining": 4999, "reset": 1372700873 }
  }
}

The standard core rate limit continues to govern GitHub code scanning uploads. No replacement field is needed.

For more information about rate limits, see Rate limits for the REST API.

The post Deprecation notice: code_scanning_upload field will be removed from rate_limit API endpoint appeared first on The GitHub Blog.

May 1, 2026
5.2
Upcoming deprecation of GPT-5.2 and GPT-5.2-Codex
viaGitHub Changelog

We will deprecate the following models across all GitHub Copilot experiences (including Copilot Chat, inline edits, ask and agent modes, and code completions), with the exception of GPT-5.2-Codex in Copilot Code Review, on June 1st, 2026:

Model Deprecation date Suggested alternative

GPT-5.2 6-01-2026 GPT-5.5

GPT-5.2-Codex 6-01-2026 GPT-5.3-Codex

Please update your workflows and integrations to use supported models before these dates. Copilot Enterprise administrators may need to enable access to alternative models through their model policies in Copilot settings. As an administrator, you can verify availability by checking your individual Copilot settings and confirming that the policy is enabled for the specific model. Once enabled, you’ll see the model in the Copilot Chat model selector in VS Code and on github.com. No action is required to remove the models once they have been deprecated.

GitHub Enterprise customers with questions or concerns are encouraged to reach out to their account manager for further assistance.

Share your feedback

To learn more about the models available in Copilot, see our documentation on models and get started with Copilot today.

Join the GitHub Community to share your feedback.

The post Upcoming deprecation of GPT-5.2 and GPT-5.2-Codex appeared first on The GitHub Blog.

Apr 30, 2026
GitHub Copilot in Visual Studio — April update
viaGitHub Changelog

The April 2026 update to Visual Studio centers on agentic workflows: cloud agent sessions launch directly from the IDE, custom agents gain user-level support, and a new Debugger agent validates fixes against live runtime behavior.

Highlights

Here’s what’s new with GitHub Copilot in Visual Studio 2026. Check the Insiders channel for the latest:

  • Cloud agent integration: Start new cloud agent sessions directly from Visual Studio. Select Cloud from the agent picker, describe your task, and the cloud agent creates a GitHub issue and pull request on remote infrastructure while you keep working.

  • Build your own custom agents: Custom agents now support user-level definitions stored in %USERPROFILE%/.github/agents/, so your personal agents travel with you across projects.

  • Use agent skills: Agent skills are now discovered from additional locations including .claude/skills/ and .agents/skills/ directories alongside the existing .github/skills/ paths, broadening compatibility so teams can organize skills in the convention that fits their workflow. See awesome-copilot for community examples.

  • Agentic issue to resolution: A new debugger agent workflow validates bugs against real runtime behavior. Start from a GitHub or Azure DevOps issue, and the agent reproduces, instruments, diagnoses, and suggests a targeted fix through live execution.

  • Customizable Copilot keyboard shortcuts: Customize the keyboard shortcuts for accepting Copilot inline suggestions. Change the keys for Edit.AcceptSuggestion, Edit.AcceptNextWordInSuggestion, and Edit.AcceptNextLineInSuggestion in Tools > Options > Environment > Keyboard.

  • New chat history panel: Browse and navigate your Copilot chat sessions with a dedicated history panel that shows chat titles, message previews, and timestamps.

  • C++ code editing tools for agent mode: C++ Code Editing Tools are now generally available by default. The get_symbol_call_hierarchy and get_symbol_class_hierarchy tools give Copilot language-aware navigation for C++ codebases.

  • Auto-decoding in text visualizer: The Auto-detect and format button in the text visualizer uses Copilot to identify encoding or compression formats and decode strings automatically.

Download Visual Studio 2026 to experience all the new Copilot features today. To learn more about what’s new, check out the Visual Studio blog and release notes.

What’s next for Copilot in Visual Studio

Stay up to date on the latest Copilot features by following the Visual Studio blog, where you’ll find roadmap updates and opportunities to share feedback.

For the latest news, release notes, videos, and community conversations, visit the Visual Studio Hub, your central resource for all things Visual Studio.

The post GitHub Copilot in Visual Studio — April update appeared first on The GitHub Blog.

Apr 28, 2026
v2.92.0
GitHub CLI 2.92.0
viaGitHub CLI

Support GitHub Enterprise Cloud (GHEC) in skill commandset

Now gh skill subcommands (install, preview, publish, search, update) are able to work with GHEC hosts with data residency.

Add --allow-hidden-dirs flag to skill preview

Following the addition of --allow-hidden-dirs to skill install in the previous release, now the flag is also supported in skill preview, allowing users to preview skills located in hidden (dot-prefixed) directories such as .claude/skills/, .agents/skills/, and .github/skills/.

What's Changed

✨ Features

🐛 Fixes

📚 Docs & Chores

:dependabot: Dependencies

New Contributors

Full Changelog: https://github.com/cli/cli/compare/v2.91.0...v2.92.0

Last Checked
14m ago
Domain
github.com
Category
Developer Tools
Tags
ci-cdcollaborationgit
Accounts
github
Tracking since Jul 21, 2021
.json·.md·.atom