GitHub / update detail

Safer pull_request_target defaults for GitHub Actions checkout

Official GitHub changelog summary with source attribution, release tags, and community reactions.

Track this GitHub release note alongside related changelog updates, risky changes, and weekly digest signals from the developer community.

GitHub·1 week ago · Jun 18, 2026, 02:06 PMFeatureSecurity-relevantAI-assisted summary

Safer pull_request_target defaults for GitHub Actions checkout

Summary

Updated the checkout action to use safer default behavior for pull_request_target events, reducing token and secret exposure
Workflows triggered by pull_request_target now run with limited permissions, mitigating common vulnerability patterns
Improves overall security posture of GitHub Actions without breaking existing workflows

Community impact

official source

Verify the original release note

Every summary should remain traceable to the original changelog or release source.

AI-assisted summarysource healthyLast checked 18 hours ago

Official changelog

related updates

More GitHub changelog updates

Product page

GitHub·20 hours agoFeatureSecurity-relevant

npm adds preventive account protection for high-impact accounts

Summary

Introduces a temporary preventive safeguard for high‑impact npm accounts.

Community impact

GitHub / update detail

Safer pull_request_target defaults for GitHub Actions checkout

Official GitHub changelog summary with source attribution, release tags, and community reactions.

Track this GitHub release note alongside related changelog updates, risky changes, and weekly digest signals from the developer community.

GitHub·1 week ago · Jun 18, 2026, 02:06 PMFeatureSecurity-relevantAI-assisted summary

Safer pull_request_target defaults for GitHub Actions checkout

Summary

Updated the checkout action to use safer default behavior for pull_request_target events, reducing token and secret exposure
Workflows triggered by pull_request_target now run with limited permissions, mitigating common vulnerability patterns
Improves overall security posture of GitHub Actions without breaking existing workflows

Community impact

official source

Verify the original release note

Every summary should remain traceable to the original changelog or release source.

AI-assisted summarysource healthyLast checked 18 hours ago

Official changelog

related updates

More GitHub changelog updates

Product page

GitHub·20 hours agoFeatureSecurity-relevant

npm adds preventive account protection for high-impact accounts

Summary

Introduces a temporary preventive safeguard for high‑impact npm accounts.

Safer pull_request_target defaults for GitHub Actions checkout

Safer pull_request_target defaults for GitHub Actions checkout

Community impact

Verify the original release note

More GitHub changelog updates

npm adds preventive account protection for high-impact accounts

Community impact

Safer pull_request_target defaults for GitHub Actions checkout

Safer pull_request_target defaults for GitHub Actions checkout

Community impact

Verify the original release note

More GitHub changelog updates

npm adds preventive account protection for high-impact accounts

Community impact

Red Hat Enterprise Linux runner images are now in public preview

Community impact

Self-service credential revocation for incident response

Community impact