User prompt improvement is now in public preview within the GitHub Models playground

You can now use the user prompt improvement feature in the GitHub Models playground. This new feature helps transform vague or broad prompts into clearer, more specific, and optimized ones for better model outputs. With just a few clicks, you can refine prompts to improve clarity, add focus, or adjust tone and style to match your needs. By providing specific suggestions—like requesting a particular format or style—you can save time and achieve high-quality, actionable results.

Try it out today and unlock more potential in your AI experimentation!

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

CodeQL improves JavaScript and Ruby analysis in version 2.21.1

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released version 2.21.1 of CodeQL. Here’s what’s new and improved in this release.

GitHub Actions

  • This CodeQL release coincides with the general availability of support for analyzing GitHub Actions workflows. Learn more in the dedicated changelog post.
  • We’ve improved alert fix suggestions for the actions/missing-workflow-permissions query, making it easier for you to resolve alerts.

JavaScript/TypeScript

  • We’ve added new detections of sources and sinks in Next.js and DOM element references, improving the detection of XSS issues.
  • We’ve enhanced path injection detection for several additional methods.
  • We’ve fixed an issue where tsconfig.json files containing array literals and trailing commas weren’t correctly extracted.

Ruby

  • We’ve improved the rb/useless-assignment-to-local query, so you’ll see fewer false positives and will get helpful documentation for alerts.
  • The rb/uninitialized-local-variable query now only generates an alert when a variable is used as a method call receiver. This should reduce noise. In addition, new help content is available for this query.
  • Calls to super without explicit arguments now have their implicit arguments generated, resulting in more accurate analysis.

For a full list of changes, check out the complete changelog for version 2.21.1. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on github.com. The new functionality in CodeQL 2.21.1 will also be included in GitHub Enterprise Server (GHES) version 3.18. If you’re using an older version of GHES, you can manually upgrade your CodeQL version.

See more

Users can now choose whether merging linked pull requests automatically closes the issue

Linking a pull request to an issue makes it easy for collaborators to see that work for the issue is underway. Today, when a linked pull request is merged, the associated issue is automatically closed.

But for many teams, merging a PR doesn’t mean the work is done. There might be QA, validation, or follow-up steps before an issue is truly resolved. With this new repository setting, you can choose whether merging a pull request should automatically close its linked issues.

Repository admins and maintainers can manage this setting under Repository settingsGeneralIssues. It’s enabled by default to preserve existing behavior.

Shows the repository setting for auto-closing issues

For questions and feedback, join the discussion in GitHub Community.

See more
View all changes