{ "$schema": "https://changespec.org/schema/v1/vendor.json", "specversion": "1.0", "generated_at": "2026-05-12T10:23:48Z", "vendor": { "slug": "github", "name": "GitHub", "url": "https://github.com", "docs_url": "https://docs.github.com", "changelog_url": "https://github.blog/changelog/", "rss_url": "https://changespec.com/v/github.rss", "description": "Software development platform. Git hosting, Actions CI/CD, Packages, Copilot, and enterprise security tools.", "canonical_url": "https://changespec.com/v/github", "json_url": "https://changespec.com/data/vendors/github.json" }, "count": 5, "events": [ { "id": "cs_01HY3KXGITHUB001", "category": "tos", "severity": "low", "title": "Terms of Service updated - automated account restrictions clarified", "summary": "GitHub updated Section 2.4 of its Terms of Service to clarify restrictions on automated account creation and bulk repository scraping. The changes codify existing enforcement policy and do not restrict activity that was previously permitted. Organizations running CI/CD systems, dependency scanners, or similar automation using PATs are not affected.", "published_at": "2026-03-15T18:00:00Z", "effective_date": "2026-03-15", "source_type": "crawled", "confidence_score": 0.88, "source_url": "https://docs.github.com/en/site-policy/github-terms/github-terms-of-service", "action_required": false, "recommended_reviewers": [ "legal" ], "affected_sections": [ "Section 2 - Account Terms", "Section 2.4 - Account Requirements" ], "tags": [ "tos", "automation", "accounts" ], "specversion": "1.0", "vendor_id": "github" }, { "id": "cs_01HY3KXGITHUB002", "category": "api_breaking", "severity": "high", "title": "Actions runner token scope reduced - secrets no longer inherited by default", "summary": "GitHub Actions workflow runs now require explicit secrets inheritance declarations. Child reusable workflows no longer automatically inherit the calling workflow's secrets. This is a security hardening change. Workflows using reusable actions with secrets must add 'secrets: inherit' or pass individual secrets explicitly.", "published_at": "2026-04-01T12:00:00Z", "effective_date": "2026-04-01", "source_type": "crawled", "confidence_score": 0.91, "source_url": "https://docs.github.com/en/actions/using-workflows/reusing-workflows", "migration_hint": "Add 'secrets: inherit' to reusable workflow calls, or pass individual secrets explicitly using the 'secrets:' map. Audit all workflows calling external reusable workflows.", "action_required": true, "recommended_reviewers": [ "engineering", "security" ], "affected_systems": [ "GitHub Actions" ], "tags": [ "actions", "secrets", "security", "breaking" ], "specversion": "1.0", "vendor_id": "github" }, { "id": "cs_01HY3KXGITHUB003", "category": "pricing", "severity": "medium", "title": "GitHub Copilot for Business price increase - $19 to $21/user/month", "summary": "GitHub Copilot for Business pricing increases from $19 to $21 per user per month, effective June 1, 2026. Annual subscriptions locked in before May 1 retain current pricing for the remainder of the contract term. Per-seat pricing changes will appear in the May billing cycle for monthly subscribers.", "published_at": "2026-04-05T16:00:00Z", "effective_date": "2026-06-01", "source_type": "crawled", "confidence_score": 0.96, "source_url": "https://github.com/pricing", "action_required": false, "recommended_reviewers": [ "procurement" ], "affected_systems": [ "GitHub Copilot" ], "tags": [ "copilot", "pricing", "billing" ], "specversion": "1.0", "vendor_id": "github" }, { "id": "cs_01HY3KXGITHUB004", "category": "api_deprecation", "severity": "low", "title": "GitHub REST API v3 pagination Link header format deprecated", "summary": "GitHub is deprecating the Link header pagination format in REST API responses in favor of the newer X-GitHub-Next-Page-URL header. The Link header will continue to work until 2027-01-01. New API clients should use the dedicated pagination headers. GitHub Apps with GitHub's Octokit client libraries are unaffected as they will be updated automatically.", "published_at": "2026-03-20T09:00:00Z", "effective_date": "2026-03-20", "sunset_date": "2027-01-01", "source_type": "crawled", "confidence_score": 0.84, "source_url": "https://docs.github.com/en/rest/using-the-rest-api/using-pagination-in-the-rest-api", "action_required": false, "recommended_reviewers": [ "engineering" ], "affected_systems": [ "REST API" ], "tags": [ "api", "pagination", "deprecation" ], "specversion": "1.0", "vendor_id": "github" }, { "id": "cs_01HY3KXGITHUB005", "category": "security", "severity": "high", "title": "GitHub Advanced Security - secret scanning now covers 200+ additional token types", "summary": "GitHub expanded its secret scanning detection to cover 200+ additional third-party token formats from vendors including Databricks, MongoDB Atlas, and Pinecone. Organizations with GitHub Advanced Security enabled will see increased alerts if these token types are present in any repository, including private ones. No configuration changes required; scanning activates automatically.", "published_at": "2026-04-10T14:00:00Z", "effective_date": "2026-04-10", "source_type": "crawled", "confidence_score": 0.94, "source_url": "https://docs.github.com/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns", "action_required": false, "recommended_reviewers": [ "security", "engineering" ], "affected_systems": [ "GitHub Advanced Security", "Secret Scanning" ], "tags": [ "security", "secret-scanning", "ghas" ], "specversion": "1.0", "vendor_id": "github" } ] }