diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json
index 1c7791565cea..0880a344ac8e 100644
--- a/src/graphql/data/fpt/changelog.json
+++ b/src/graphql/data/fpt/changelog.json
@@ -1,4 +1,53 @@
[
+ {
+ "schemaChanges": [
+ {
+ "title": "The GraphQL schema includes these changes:",
+ "changes": [
+ "Type EnterpriseDisallowedMethodsSettingValue was added
",
+ "Type TwoFactorCredentialSecurityType was added
",
+ "Type UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput was added
",
+ "Type UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingPayload was added
",
+ "Field clientId was added to object type App
",
+ "Argument twoFactorMethodSecurity: TwoFactorCredentialSecurityType added to field Enterprise.members
",
+ "Field twoFactorDisallowedMethodsSetting was added to object type EnterpriseOwnerInfo
",
+ "Argument twoFactorMethodSecurity: TwoFactorCredentialSecurityType added to field EnterpriseOwnerInfo.admins
",
+ "Argument twoFactorMethodSecurity: TwoFactorCredentialSecurityType added to field EnterpriseOwnerInfo.outsideCollaborators
",
+ "Field updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting was added to object type Mutation
",
+ "Argument includeParents: Boolean (with default value) added to field Organization.ruleset
",
+ "Field fullDatabaseId was added to object type 'ProjectV2'
",
+ "Field fullDatabaseId was added to object type 'ProjectV2StatusUpdate'
",
+ "Field fullDatabaseId was added to object type 'ProjectV2View'
",
+ "Field fullDatabaseId was added to object type 'ProjectV2Workflow'
",
+ "Query object implements Node interface
",
+ "Field id was added to object type Query
",
+ "Field enterpriseOwner was added to object type RepositoryRulesetBypassActor
",
+ "Input field enterpriseOwner of type Boolean was added to input object type RepositoryRulesetBypassActorInput
",
+ "Member Enterprise was added to Union type RuleSource
",
+ "Enum value 'EPSS_PERCENTAGEwas added to enumSecurityAdvisoryOrderField'
",
+ "Enum value 'EPSS_PERCENTILEwas added to enumSecurityAdvisoryOrderField'
"
+ ]
+ }
+ ],
+ "previewChanges": [],
+ "upcomingChanges": [
+ {
+ "title": "The following changes will be made to the schema:",
+ "changes": [
+ "On member Enterprise.members.hasTwoFactorEnabled:hasTwoFactorEnabled will be removed. Use two_factor_method_security instead. Effective 2025-04-01.
",
+ "On member EnterpriseOwnerInfo.admins.hasTwoFactorEnabled:hasTwoFactorEnabled will be removed. Use two_factor_method_security instead. Effective 2025-04-01.
",
+ "On member EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled:hasTwoFactorEnabled will be removed. Use two_factor_method_security instead. Effective 2025-04-01.
",
+ "On member ProjectV2.databaseId:databaseId will be removed. Use fullDatabaseId instead. Effective 2025-04-01.
",
+ "On member ProjectV2Item.databaseId:databaseId will be removed. Use fullDatabaseId instead. Effective 2025-04-01.
",
+ "On member ProjectV2StatusUpdate.databaseId:databaseId will be removed. Use fullDatabaseId instead. Effective 2025-04-01.
",
+ "On member ProjectV2View.databaseId:databaseId will be removed. Use fullDatabaseId instead. Effective 2025-04-01.
",
+ "On member ProjectV2Workflow.databaseId:databaseId will be removed. Use fullDatabaseId instead. Effective 2025-04-01.
",
+ "On member SecurityAdvisory.cvss:cvss will be removed. New cvss_severities field will now contain both cvss_v3 and cvss_v4 properties. Effective 2025-10-01.
"
+ ]
+ }
+ ],
+ "date": "2024-10-08"
+ },
{
"schemaChanges": [
{
diff --git a/src/graphql/data/fpt/graphql_upcoming_changes.public.yml b/src/graphql/data/fpt/graphql_upcoming_changes.public.yml
index 2195c2f62610..b3124eef7031 100644
--- a/src/graphql/data/fpt/graphql_upcoming_changes.public.yml
+++ b/src/graphql/data/fpt/graphql_upcoming_changes.public.yml
@@ -666,3 +666,75 @@ upcoming_changes:
date: '2025-01-01T00:00:00+00:00'
criticality: breaking
owner: chriskirkland
+ - location: Enterprise.members.hasTwoFactorEnabled
+ description:
+ '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+ instead.'
+ reason: '`has_two_factor_enabled` will be removed.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: authentication
+ - location: EnterpriseOwnerInfo.admins.hasTwoFactorEnabled
+ description:
+ '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+ instead.'
+ reason: '`has_two_factor_enabled` will be removed.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: authentication
+ - location: EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled
+ description:
+ '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+ instead.'
+ reason: '`has_two_factor_enabled` will be removed.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: authentication
+ - location: ProjectV2.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2Item.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2StatusUpdate.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2View.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2Workflow.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: SecurityAdvisory.cvss
+ description:
+ '`cvss` will be removed. New `cvss_severities` field will now contain
+ both `cvss_v3` and `cvss_v4` properties.'
+ reason: '`cvss` will be removed.'
+ date: '2025-10-01T00:00:00+00:00'
+ criticality: breaking
+ owner: github/advisory-database
diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql
index 57ae80b147c9..7801324d05f0 100644
--- a/src/graphql/data/fpt/schema.docs.graphql
+++ b/src/graphql/data/fpt/schema.docs.graphql
@@ -1237,6 +1237,11 @@ interface AnnouncementBanner {
A GitHub App.
"""
type App implements Node {
+ """
+ The client ID of the app.
+ """
+ clientId: String
+
"""
Identifies the date and time when the object was created.
"""
@@ -8202,7 +8207,7 @@ input CreateRepositoryRulesetInput {
"""
The global relay id of the source in which a new ruleset should be created in.
"""
- sourceId: ID! @possibleTypes(concreteTypes: ["Organization", "Repository"], abstractType: "RuleSource")
+ sourceId: ID! @possibleTypes(concreteTypes: ["Enterprise", "Organization", "Repository"], abstractType: "RuleSource")
"""
The target of the ruleset.
@@ -12863,6 +12868,10 @@ type Enterprise implements AnnouncementBanner & Node {
"""
Only return members with this two-factor authentication status. Does not
include members who only have an account on a GitHub Enterprise Server instance.
+
+ **Upcoming Change on 2025-04-01 UTC**
+ **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead.
+ **Reason:** `has_two_factor_enabled` will be removed.
"""
hasTwoFactorEnabled: Boolean = null
@@ -12890,6 +12899,12 @@ type Enterprise implements AnnouncementBanner & Node {
The role of the user in the enterprise organization or server.
"""
role: EnterpriseUserAccountMembershipRole
+
+ """
+ Only return members with this type of two-factor authentication method. Does
+ not include members who only have an account on a GitHub Enterprise Server instance.
+ """
+ twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null
): EnterpriseMemberConnection!
"""
@@ -13309,6 +13324,21 @@ enum EnterpriseDefaultRepositoryPermissionSettingValue {
WRITE
}
+"""
+The possible values for an enabled/no policy enterprise setting.
+"""
+enum EnterpriseDisallowedMethodsSettingValue {
+ """
+ The setting prevents insecure 2FA methods from being used by members of the enterprise.
+ """
+ INSECURE
+
+ """
+ There is no policy set for preventing insecure 2FA methods from being used by members of the enterprise.
+ """
+ NO_POLICY
+}
+
"""
An edge in a connection.
"""
@@ -13902,6 +13932,10 @@ type EnterpriseOwnerInfo {
"""
Only return administrators with this two-factor authentication status.
+
+ **Upcoming Change on 2025-04-01 UTC**
+ **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead.
+ **Reason:** `has_two_factor_enabled` will be removed.
"""
hasTwoFactorEnabled: Boolean = null
@@ -13929,6 +13963,11 @@ type EnterpriseOwnerInfo {
The role to filter by.
"""
role: EnterpriseAdministratorRole
+
+ """
+ Only return outside collaborators with this type of two-factor authentication method.
+ """
+ twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null
): EnterpriseAdministratorConnection!
"""
@@ -14576,6 +14615,10 @@ type EnterpriseOwnerInfo {
"""
Only return outside collaborators with this two-factor authentication status.
+
+ **Upcoming Change on 2025-04-01 UTC**
+ **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead.
+ **Reason:** `has_two_factor_enabled` will be removed.
"""
hasTwoFactorEnabled: Boolean = null
@@ -14604,6 +14647,11 @@ type EnterpriseOwnerInfo {
"""
query: String
+ """
+ Only return outside collaborators with this type of two-factor authentication method.
+ """
+ twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null
+
"""
Only return outside collaborators on repositories with this visibility.
"""
@@ -14910,6 +14958,11 @@ type EnterpriseOwnerInfo {
value: Boolean!
): OrganizationConnection!
+ """
+ The setting value for what methods of two-factor authentication the enterprise prevents its users from having.
+ """
+ twoFactorDisallowedMethodsSetting: EnterpriseDisallowedMethodsSettingValue!
+
"""
The setting value for whether the enterprise requires two-factor authentication for its organizations and users.
"""
@@ -16297,8 +16350,7 @@ input FileDeletion {
}
"""
-Prevent commits that include files with specified file extensions from being
-pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"""
type FileExtensionRestrictionParameters {
"""
@@ -16308,8 +16360,7 @@ type FileExtensionRestrictionParameters {
}
"""
-Prevent commits that include files with specified file extensions from being
-pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"""
input FileExtensionRestrictionParametersInput {
"""
@@ -16319,8 +16370,7 @@ input FileExtensionRestrictionParametersInput {
}
"""
-Prevent commits that include changes in specified file paths from being pushed
-to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"""
type FilePathRestrictionParameters {
"""
@@ -16330,8 +16380,7 @@ type FilePathRestrictionParameters {
}
"""
-Prevent commits that include changes in specified file paths from being pushed
-to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"""
input FilePathRestrictionParametersInput {
"""
@@ -21063,8 +21112,7 @@ type MarketplaceListingEdge {
}
"""
-Prevent commits that include file paths that exceed a specified character limit
-from being pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"""
type MaxFilePathLengthParameters {
"""
@@ -21074,8 +21122,7 @@ type MaxFilePathLengthParameters {
}
"""
-Prevent commits that include file paths that exceed a specified character limit
-from being pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"""
input MaxFilePathLengthParametersInput {
"""
@@ -21085,8 +21132,7 @@ input MaxFilePathLengthParametersInput {
}
"""
-Prevent commits that exceed a specified file size limit from being pushed to the
-commit. NOTE: This rule is in beta and subject to change
+Prevent commits that exceed a specified file size limit from being pushed to the commit.
"""
type MaxFileSizeParameters {
"""
@@ -21096,8 +21142,7 @@ type MaxFileSizeParameters {
}
"""
-Prevent commits that exceed a specified file size limit from being pushed to the
-commit. NOTE: This rule is in beta and subject to change
+Prevent commits that exceed a specified file size limit from being pushed to the commit.
"""
input MaxFileSizeParametersInput {
"""
@@ -24890,6 +24935,16 @@ type Mutation {
input: UpdateEnterpriseTeamDiscussionsSettingInput!
): UpdateEnterpriseTeamDiscussionsSettingPayload
+ """
+ Sets the two-factor authentication methods that users of an enterprise may not use.
+ """
+ updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting(
+ """
+ Parameters for UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting
+ """
+ input: UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput!
+ ): UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingPayload
+
"""
Sets whether two factor authentication is required for all users in an enterprise.
"""
@@ -29899,6 +29954,11 @@ type Organization implements Actor & AnnouncementBanner & MemberStatusable & Nod
The ID of the ruleset to be returned.
"""
databaseId: Int!
+
+ """
+ Include rulesets configured at higher levels that apply to this organization.
+ """
+ includeParents: Boolean = true
): RepositoryRuleset
"""
@@ -33510,6 +33570,9 @@ type ProjectV2 implements Closable & Node & Updatable {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
A field of the project
@@ -33551,6 +33614,11 @@ type ProjectV2 implements Closable & Node & Updatable {
orderBy: ProjectV2FieldOrder = {field: POSITION, direction: ASC}
): ProjectV2FieldConfigurationConnection!
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
+
"""
The Node ID of the ProjectV2 object
"""
@@ -34290,6 +34358,9 @@ type ProjectV2Item implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
The field value of the first project field which matches the 'name' argument that is set on the item.
@@ -35616,6 +35687,14 @@ type ProjectV2StatusUpdate implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
+
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
"""
The Node ID of the ProjectV2StatusUpdate object
@@ -35741,6 +35820,9 @@ type ProjectV2View implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
The view's visible fields.
@@ -35777,6 +35859,11 @@ type ProjectV2View implements Node {
"""
filter: String
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
+
"""
The view's group-by field.
"""
@@ -36128,12 +36215,20 @@ type ProjectV2Workflow implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
Whether the workflow is enabled.
"""
enabled: Boolean!
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
+
"""
The Node ID of the ProjectV2Workflow object
"""
@@ -39584,7 +39679,7 @@ type PushAllowanceEdge {
"""
The query root of GitHub's GraphQL interface.
"""
-type Query {
+type Query implements Node {
"""
Look up a code of conduct by its key
"""
@@ -39670,6 +39765,11 @@ type Query {
invitationToken: String!
): EnterpriseMemberInvitation
+ """
+ ID of the object.
+ """
+ id: ID!
+
"""
Look up an open source license by its key
"""
@@ -47726,14 +47826,12 @@ enum RepositoryRuleType {
DELETION
"""
- Prevent commits that include files with specified file extensions from being
- pushed to the commit graph. NOTE: This rule is in beta and subject to change
+ Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"""
FILE_EXTENSION_RESTRICTION
"""
- Prevent commits that include changes in specified file paths from being pushed
- to the commit graph. NOTE: This rule is in beta and subject to change
+ Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"""
FILE_PATH_RESTRICTION
@@ -47743,15 +47841,12 @@ enum RepositoryRuleType {
LOCK_BRANCH
"""
- Prevent commits that include file paths that exceed a specified character
- limit from being pushed to the commit graph. NOTE: This rule is in beta and
- subject to change
+ Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"""
MAX_FILE_PATH_LENGTH
"""
- Prevent commits that exceed a specified file size limit from being pushed to
- the commit. NOTE: This rule is in beta and subject to change
+ Prevent commits that exceed a specified file size limit from being pushed to the commit.
"""
MAX_FILE_SIZE
@@ -47968,6 +48063,11 @@ type RepositoryRulesetBypassActor implements Node {
"""
deployKey: Boolean!
+ """
+ This actor represents the ability for an enterprise owner to bypass
+ """
+ enterpriseOwner: Boolean!
+
"""
The Node ID of the RepositoryRulesetBypassActor object
"""
@@ -48070,6 +48170,11 @@ input RepositoryRulesetBypassActorInput {
"""
deployKey: Boolean
+ """
+ For enterprise owner bypasses, true
+ """
+ enterpriseOwner: Boolean
+
"""
For organization owner bypasses, true
"""
@@ -48122,7 +48227,7 @@ type RepositoryRulesetEdge {
}
"""
-The targets supported for rulesets. NOTE: The push target is in beta and subject to change.
+The targets supported for rulesets.
"""
enum RepositoryRulesetTarget {
"""
@@ -49572,7 +49677,7 @@ input RuleParametersInput {
"""
Types which can have `RepositoryRule` objects.
"""
-union RuleSource = Organization | Repository
+union RuleSource = Enterprise | Organization | Repository
"""
The possible digest algorithms used to sign SAML requests for an identity provider.
@@ -49849,6 +49954,9 @@ type SecurityAdvisory implements Node {
The CVSS associated with this advisory
"""
cvss: CVSS!
+ @deprecated(
+ reason: "`cvss` will be removed. New `cvss_severities` field will now contain both `cvss_v3` and `cvss_v4` properties. Removal on 2025-10-01 UTC."
+ )
"""
CWEs associated with this Advisory
@@ -50180,6 +50288,16 @@ input SecurityAdvisoryOrder {
Properties by which security advisory connections can be ordered.
"""
enum SecurityAdvisoryOrderField {
+ """
+ Order advisories by EPSS percentage
+ """
+ EPSS_PERCENTAGE
+
+ """
+ Order advisories by EPSS percentile
+ """
+ EPSS_PERCENTILE
+
"""
Order advisories by publication time
"""
@@ -57251,6 +57369,26 @@ type TreeEntry {
type: String!
}
+"""
+Filters by whether or not 2FA is enabled and if the method configured is considered secure or insecure.
+"""
+enum TwoFactorCredentialSecurityType {
+ """
+ No method of two-factor authentication.
+ """
+ DISABLED
+
+ """
+ Has an insecure method of two-factor authentication. GitHub currently defines this as SMS two-factor authentication.
+ """
+ INSECURE
+
+ """
+ Has only secure methods of two-factor authentication.
+ """
+ SECURE
+}
+
"""
An RFC 3986, RFC 3987, and RFC 6570 (level 4) compliant URI string.
"""
@@ -59087,6 +59225,46 @@ type UpdateEnterpriseTeamDiscussionsSettingPayload {
message: String
}
+"""
+Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting
+"""
+input UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput {
+ """
+ A unique identifier for the client performing the mutation.
+ """
+ clientMutationId: String
+
+ """
+ The ID of the enterprise on which to set the two-factor authentication disallowed methods setting.
+ """
+ enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"])
+
+ """
+ The value for the two-factor authentication disallowed methods setting on the enterprise.
+ """
+ settingValue: EnterpriseDisallowedMethodsSettingValue!
+}
+
+"""
+Autogenerated return type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting.
+"""
+type UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingPayload {
+ """
+ A unique identifier for the client performing the mutation.
+ """
+ clientMutationId: String
+
+ """
+ The enterprise with the updated two-factor authentication disallowed methods setting.
+ """
+ enterprise: Enterprise
+
+ """
+ A message confirming the result of updating the two-factor authentication disallowed methods setting.
+ """
+ message: String
+}
+
"""
Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationRequiredSetting
"""
diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json
index 984b9008a3e8..c795ffb03604 100644
--- a/src/graphql/data/fpt/schema.json
+++ b/src/graphql/data/fpt/schema.json
@@ -149,6 +149,15 @@
}
]
},
+ {
+ "name": "id",
+ "type": "ID!",
+ "kind": "scalars",
+ "id": "id",
+ "href": "/graphql/reference/scalars#id",
+ "description": "ID of the object.
",
+ "args": []
+ },
{
"name": "license",
"type": "License",
@@ -8186,6 +8195,48 @@
}
]
},
+ {
+ "name": "updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting",
+ "kind": "mutations",
+ "id": "updateenterprisetwofactorauthenticationdisallowedmethodssetting",
+ "href": "/graphql/reference/mutations#updateenterprisetwofactorauthenticationdisallowedmethodssetting",
+ "description": "Sets the two-factor authentication methods that users of an enterprise may not use.
",
+ "inputFields": [
+ {
+ "name": "input",
+ "type": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput!",
+ "id": "updateenterprisetwofactorauthenticationdisallowedmethodssettinginput",
+ "kind": "input-objects",
+ "href": "/graphql/reference/input-objects#updateenterprisetwofactorauthenticationdisallowedmethodssettinginput"
+ }
+ ],
+ "returnFields": [
+ {
+ "name": "clientMutationId",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string",
+ "description": "A unique identifier for the client performing the mutation.
"
+ },
+ {
+ "name": "enterprise",
+ "type": "Enterprise",
+ "id": "enterprise",
+ "kind": "objects",
+ "href": "/graphql/reference/objects#enterprise",
+ "description": "The enterprise with the updated two-factor authentication disallowed methods setting.
"
+ },
+ {
+ "name": "message",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string",
+ "description": "A message confirming the result of updating the two-factor authentication disallowed methods setting.
"
+ }
+ ]
+ },
{
"name": "updateEnterpriseTwoFactorAuthenticationRequiredSetting",
"kind": "mutations",
@@ -9819,6 +9870,14 @@
}
],
"fields": [
+ {
+ "name": "clientId",
+ "description": "The client ID of the app.
",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string"
+ },
{
"name": "createdAt",
"description": "Identifies the date and time when the object was created.
",
@@ -21173,7 +21232,7 @@
},
{
"name": "hasTwoFactorEnabled",
- "description": "Only return members with this two-factor authentication status. Does not\ninclude members who only have an account on a GitHub Enterprise Server instance.
",
+ "description": "Only return members with this two-factor authentication status. Does not\ninclude members who only have an account on a GitHub Enterprise Server instance.
\nUpcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.
",
"type": {
"name": "Boolean",
"id": "boolean",
@@ -21230,6 +21289,16 @@
"kind": "enums",
"href": "/graphql/reference/enums#enterpriseuseraccountmembershiprole"
}
+ },
+ {
+ "name": "twoFactorMethodSecurity",
+ "description": "Only return members with this type of two-factor authentication method. Does\nnot include members who only have an account on a GitHub Enterprise Server instance.
",
+ "type": {
+ "name": "TwoFactorCredentialSecurityType",
+ "id": "twofactorcredentialsecuritytype",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype"
+ }
}
]
},
@@ -22431,7 +22500,7 @@
},
{
"name": "hasTwoFactorEnabled",
- "description": "Only return administrators with this two-factor authentication status.
",
+ "description": "Only return administrators with this two-factor authentication status.
\nUpcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.
",
"type": {
"name": "Boolean",
"id": "boolean",
@@ -22488,6 +22557,16 @@
"kind": "enums",
"href": "/graphql/reference/enums#enterpriseadministratorrole"
}
+ },
+ {
+ "name": "twoFactorMethodSecurity",
+ "description": "Only return outside collaborators with this type of two-factor authentication method.
",
+ "type": {
+ "name": "TwoFactorCredentialSecurityType",
+ "id": "twofactorcredentialsecuritytype",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype"
+ }
}
]
},
@@ -23728,7 +23807,7 @@
},
{
"name": "hasTwoFactorEnabled",
- "description": "Only return outside collaborators with this two-factor authentication status.
",
+ "description": "Only return outside collaborators with this two-factor authentication status.
\nUpcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.
",
"type": {
"name": "Boolean",
"id": "boolean",
@@ -23786,6 +23865,16 @@
"href": "/graphql/reference/scalars#string"
}
},
+ {
+ "name": "twoFactorMethodSecurity",
+ "description": "Only return outside collaborators with this type of two-factor authentication method.
",
+ "type": {
+ "name": "TwoFactorCredentialSecurityType",
+ "id": "twofactorcredentialsecuritytype",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype"
+ }
+ },
{
"name": "visibility",
"description": "Only return outside collaborators on repositories with this visibility.
",
@@ -24392,6 +24481,14 @@
}
]
},
+ {
+ "name": "twoFactorDisallowedMethodsSetting",
+ "description": "The setting value for what methods of two-factor authentication the enterprise prevents its users from having.
",
+ "type": "EnterpriseDisallowedMethodsSettingValue!",
+ "id": "enterprisedisallowedmethodssettingvalue",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue"
+ },
{
"name": "twoFactorRequiredSetting",
"description": "The setting value for whether the enterprise requires two-factor authentication for its organizations and users.
",
@@ -26201,7 +26298,7 @@
"kind": "objects",
"id": "fileextensionrestrictionparameters",
"href": "/graphql/reference/objects#fileextensionrestrictionparameters",
- "description": "Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.
",
"fields": [
{
"name": "restrictedFileExtensions",
@@ -26218,7 +26315,7 @@
"kind": "objects",
"id": "filepathrestrictionparameters",
"href": "/graphql/reference/objects#filepathrestrictionparameters",
- "description": "Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include changes in specified file paths from being pushed to the commit graph.
",
"fields": [
{
"name": "restrictedFilePaths",
@@ -31947,7 +32044,7 @@
"kind": "objects",
"id": "maxfilepathlengthparameters",
"href": "/graphql/reference/objects#maxfilepathlengthparameters",
- "description": "Prevent commits that include file paths that exceed a specified character limit\nfrom being pushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
",
"fields": [
{
"name": "maxFilePathLength",
@@ -31964,7 +32061,7 @@
"kind": "objects",
"id": "maxfilesizeparameters",
"href": "/graphql/reference/objects#maxfilesizeparameters",
- "description": "Prevent commits that exceed a specified file size limit from being pushed to the\ncommit. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that exceed a specified file size limit from being pushed to the commit.
",
"fields": [
{
"name": "maxFileSize",
@@ -41416,6 +41513,17 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#int"
}
+ },
+ {
+ "name": "includeParents",
+ "defaultValue": true,
+ "description": "Include rulesets configured at higher levels that apply to this organization.
",
+ "type": {
+ "name": "Boolean",
+ "id": "boolean",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#boolean"
+ }
}
]
},
@@ -45936,7 +46044,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "field",
@@ -46018,6 +46128,14 @@
}
]
},
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
+ },
{
"name": "id",
"description": "The Node ID of the ProjectV2 object.
",
@@ -46917,7 +47035,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "fieldValueByName",
@@ -48569,7 +48689,17 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
+ },
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
},
{
"name": "id",
@@ -48715,7 +48845,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "fields",
@@ -48785,6 +48917,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#string"
},
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
+ },
{
"name": "groupBy",
"description": "The view's group-by field.
",
@@ -49337,7 +49477,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "enabled",
@@ -49347,6 +49489,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#boolean"
},
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
+ },
{
"name": "id",
"description": "The Node ID of the ProjectV2Workflow object.
",
@@ -64747,6 +64897,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#boolean"
},
+ {
+ "name": "enterpriseOwner",
+ "description": "This actor represents the ability for an enterprise owner to bypass.
",
+ "type": "Boolean!",
+ "id": "boolean",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#boolean"
+ },
{
"name": "id",
"description": "The Node ID of the RepositoryRulesetBypassActor object.
",
@@ -66635,7 +66793,9 @@
"type": "CVSS!",
"id": "cvss",
"kind": "objects",
- "href": "/graphql/reference/objects#cvss"
+ "href": "/graphql/reference/objects#cvss",
+ "isDeprecated": true,
+ "deprecationReason": "cvss will be removed. New cvss_severities field will now contain both cvss_v3 and cvss_v4 properties. Removal on 2025-10-01 UTC.
"
},
{
"name": "cwes",
@@ -83830,6 +83990,23 @@
}
]
},
+ {
+ "name": "EnterpriseDisallowedMethodsSettingValue",
+ "kind": "enums",
+ "id": "enterprisedisallowedmethodssettingvalue",
+ "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue",
+ "description": "The possible values for an enabled/no policy enterprise setting.
",
+ "values": [
+ {
+ "name": "INSECURE",
+ "description": "The setting prevents insecure 2FA methods from being used by members of the enterprise.
"
+ },
+ {
+ "name": "NO_POLICY",
+ "description": "There is no policy set for preventing insecure 2FA methods from being used by members of the enterprise.
"
+ }
+ ]
+ },
{
"name": "EnterpriseEnabledDisabledSettingValue",
"kind": "enums",
@@ -87325,11 +87502,11 @@
},
{
"name": "FILE_EXTENSION_RESTRICTION",
- "description": "Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.
"
+ "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"
},
{
"name": "FILE_PATH_RESTRICTION",
- "description": "Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.
"
+ "description": "Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"
},
{
"name": "LOCK_BRANCH",
@@ -87337,11 +87514,11 @@
},
{
"name": "MAX_FILE_PATH_LENGTH",
- "description": "Prevent commits that include file paths that exceed a specified character\nlimit from being pushed to the commit graph. NOTE: This rule is in beta and\nsubject to change.
"
+ "description": "Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"
},
{
"name": "MAX_FILE_SIZE",
- "description": "Prevent commits that exceed a specified file size limit from being pushed to\nthe commit. NOTE: This rule is in beta and subject to change.
"
+ "description": "Prevent commits that exceed a specified file size limit from being pushed to the commit.
"
},
{
"name": "MAX_REF_UPDATES",
@@ -87435,7 +87612,7 @@
"kind": "enums",
"id": "repositoryrulesettarget",
"href": "/graphql/reference/enums#repositoryrulesettarget",
- "description": "The targets supported for rulesets. NOTE: The push target is in beta and subject to change.
",
+ "description": "The targets supported for rulesets.
",
"values": [
{
"name": "BRANCH",
@@ -87771,6 +87948,14 @@
"href": "/graphql/reference/enums#securityadvisoryorderfield",
"description": "Properties by which security advisory connections can be ordered.
",
"values": [
+ {
+ "name": "EPSS_PERCENTAGE",
+ "description": "Order advisories by EPSS percentage.
"
+ },
+ {
+ "name": "EPSS_PERCENTILE",
+ "description": "Order advisories by EPSS percentile.
"
+ },
{
"name": "PUBLISHED_AT",
"description": "Order advisories by publication time.
"
@@ -89502,6 +89687,27 @@
}
]
},
+ {
+ "name": "TwoFactorCredentialSecurityType",
+ "kind": "enums",
+ "id": "twofactorcredentialsecuritytype",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype",
+ "description": "Filters by whether or not 2FA is enabled and if the method configured is considered secure or insecure.
",
+ "values": [
+ {
+ "name": "DISABLED",
+ "description": "No method of two-factor authentication.
"
+ },
+ {
+ "name": "INSECURE",
+ "description": "Has an insecure method of two-factor authentication. GitHub currently defines this as SMS two-factor authentication.
"
+ },
+ {
+ "name": "SECURE",
+ "description": "Has only secure methods of two-factor authentication.
"
+ }
+ ]
+ },
{
"name": "UserBlockDuration",
"kind": "enums",
@@ -91427,6 +91633,11 @@
"href": "/graphql/reference/unions#rulesource",
"description": "Types which can have RepositoryRule objects.
",
"possibleTypes": [
+ {
+ "name": "Enterprise",
+ "id": "enterprise",
+ "href": "/graphql/reference/objects#enterprise"
+ },
{
"name": "Organization",
"id": "organization",
@@ -97499,7 +97710,7 @@
"kind": "inputObjects",
"id": "fileextensionrestrictionparametersinput",
"href": "/graphql/reference/input-objects#fileextensionrestrictionparametersinput",
- "description": "Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.
",
"inputFields": [
{
"name": "restrictedFileExtensions",
@@ -97516,7 +97727,7 @@
"kind": "inputObjects",
"id": "filepathrestrictionparametersinput",
"href": "/graphql/reference/input-objects#filepathrestrictionparametersinput",
- "description": "Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include changes in specified file paths from being pushed to the commit graph.
",
"inputFields": [
{
"name": "restrictedFilePaths",
@@ -98343,7 +98554,7 @@
"kind": "inputObjects",
"id": "maxfilepathlengthparametersinput",
"href": "/graphql/reference/input-objects#maxfilepathlengthparametersinput",
- "description": "Prevent commits that include file paths that exceed a specified character limit\nfrom being pushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
",
"inputFields": [
{
"name": "maxFilePathLength",
@@ -98360,7 +98571,7 @@
"kind": "inputObjects",
"id": "maxfilesizeparametersinput",
"href": "/graphql/reference/input-objects#maxfilesizeparametersinput",
- "description": "Prevent commits that exceed a specified file size limit from being pushed to the\ncommit. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that exceed a specified file size limit from being pushed to the commit.
",
"inputFields": [
{
"name": "maxFileSize",
@@ -100417,6 +100628,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#boolean"
},
+ {
+ "name": "enterpriseOwner",
+ "description": "For enterprise owner bypasses, true.
",
+ "type": "Boolean",
+ "id": "boolean",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#boolean"
+ },
{
"name": "organizationAdmin",
"description": "For organization owner bypasses, true.
",
@@ -103452,6 +103671,40 @@
}
]
},
+ {
+ "name": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput",
+ "kind": "inputObjects",
+ "id": "updateenterprisetwofactorauthenticationdisallowedmethodssettinginput",
+ "href": "/graphql/reference/input-objects#updateenterprisetwofactorauthenticationdisallowedmethodssettinginput",
+ "description": "Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting.
",
+ "inputFields": [
+ {
+ "name": "clientMutationId",
+ "description": "A unique identifier for the client performing the mutation.
",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string"
+ },
+ {
+ "name": "enterpriseId",
+ "description": "The ID of the enterprise on which to set the two-factor authentication disallowed methods setting.
",
+ "type": "ID!",
+ "id": "id",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#id",
+ "isDeprecated": false
+ },
+ {
+ "name": "settingValue",
+ "description": "The value for the two-factor authentication disallowed methods setting on the enterprise.
",
+ "type": "EnterpriseDisallowedMethodsSettingValue!",
+ "id": "enterprisedisallowedmethodssettingvalue",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue"
+ }
+ ]
+ },
{
"name": "UpdateEnterpriseTwoFactorAuthenticationRequiredSettingInput",
"kind": "inputObjects",
diff --git a/src/graphql/data/fpt/upcoming-changes.json b/src/graphql/data/fpt/upcoming-changes.json
index 4ca5619de54a..29b7742e051d 100644
--- a/src/graphql/data/fpt/upcoming-changes.json
+++ b/src/graphql/data/fpt/upcoming-changes.json
@@ -1,4 +1,80 @@
{
+ "2025-10-01": [
+ {
+ "location": "SecurityAdvisory.cvss",
+ "description": "cvss will be removed. New cvss_severities field will now contain both cvss_v3 and cvss_v4 properties.
",
+ "reason": "cvss will be removed.
",
+ "date": "2025-10-01",
+ "criticality": "breaking",
+ "owner": "github/advisory-database"
+ }
+ ],
+ "2025-04-01": [
+ {
+ "location": "ProjectV2Workflow.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2View.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2StatusUpdate.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2Item.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled",
+ "description": "hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.
",
+ "reason": "has_two_factor_enabled will be removed.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "authentication"
+ },
+ {
+ "location": "EnterpriseOwnerInfo.admins.hasTwoFactorEnabled",
+ "description": "hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.
",
+ "reason": "has_two_factor_enabled will be removed.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "authentication"
+ },
+ {
+ "location": "Enterprise.members.hasTwoFactorEnabled",
+ "description": "hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.
",
+ "reason": "has_two_factor_enabled will be removed.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "authentication"
+ }
+ ],
"2025-01-01": [
{
"location": "AddMobileDevicePublicKeyPayload.expiresAt",
diff --git a/src/graphql/data/ghec/graphql_upcoming_changes.public.yml b/src/graphql/data/ghec/graphql_upcoming_changes.public.yml
index 2195c2f62610..b3124eef7031 100644
--- a/src/graphql/data/ghec/graphql_upcoming_changes.public.yml
+++ b/src/graphql/data/ghec/graphql_upcoming_changes.public.yml
@@ -666,3 +666,75 @@ upcoming_changes:
date: '2025-01-01T00:00:00+00:00'
criticality: breaking
owner: chriskirkland
+ - location: Enterprise.members.hasTwoFactorEnabled
+ description:
+ '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+ instead.'
+ reason: '`has_two_factor_enabled` will be removed.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: authentication
+ - location: EnterpriseOwnerInfo.admins.hasTwoFactorEnabled
+ description:
+ '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+ instead.'
+ reason: '`has_two_factor_enabled` will be removed.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: authentication
+ - location: EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled
+ description:
+ '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+ instead.'
+ reason: '`has_two_factor_enabled` will be removed.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: authentication
+ - location: ProjectV2.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2Item.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2StatusUpdate.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2View.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: ProjectV2Workflow.databaseId
+ description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+ reason:
+ '`databaseId` will be removed because it does not support 64-bit signed
+ integer identifiers.'
+ date: '2025-04-01T00:00:00+00:00'
+ criticality: breaking
+ owner: dewski
+ - location: SecurityAdvisory.cvss
+ description:
+ '`cvss` will be removed. New `cvss_severities` field will now contain
+ both `cvss_v3` and `cvss_v4` properties.'
+ reason: '`cvss` will be removed.'
+ date: '2025-10-01T00:00:00+00:00'
+ criticality: breaking
+ owner: github/advisory-database
diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql
index 57ae80b147c9..7801324d05f0 100644
--- a/src/graphql/data/ghec/schema.docs.graphql
+++ b/src/graphql/data/ghec/schema.docs.graphql
@@ -1237,6 +1237,11 @@ interface AnnouncementBanner {
A GitHub App.
"""
type App implements Node {
+ """
+ The client ID of the app.
+ """
+ clientId: String
+
"""
Identifies the date and time when the object was created.
"""
@@ -8202,7 +8207,7 @@ input CreateRepositoryRulesetInput {
"""
The global relay id of the source in which a new ruleset should be created in.
"""
- sourceId: ID! @possibleTypes(concreteTypes: ["Organization", "Repository"], abstractType: "RuleSource")
+ sourceId: ID! @possibleTypes(concreteTypes: ["Enterprise", "Organization", "Repository"], abstractType: "RuleSource")
"""
The target of the ruleset.
@@ -12863,6 +12868,10 @@ type Enterprise implements AnnouncementBanner & Node {
"""
Only return members with this two-factor authentication status. Does not
include members who only have an account on a GitHub Enterprise Server instance.
+
+ **Upcoming Change on 2025-04-01 UTC**
+ **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead.
+ **Reason:** `has_two_factor_enabled` will be removed.
"""
hasTwoFactorEnabled: Boolean = null
@@ -12890,6 +12899,12 @@ type Enterprise implements AnnouncementBanner & Node {
The role of the user in the enterprise organization or server.
"""
role: EnterpriseUserAccountMembershipRole
+
+ """
+ Only return members with this type of two-factor authentication method. Does
+ not include members who only have an account on a GitHub Enterprise Server instance.
+ """
+ twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null
): EnterpriseMemberConnection!
"""
@@ -13309,6 +13324,21 @@ enum EnterpriseDefaultRepositoryPermissionSettingValue {
WRITE
}
+"""
+The possible values for an enabled/no policy enterprise setting.
+"""
+enum EnterpriseDisallowedMethodsSettingValue {
+ """
+ The setting prevents insecure 2FA methods from being used by members of the enterprise.
+ """
+ INSECURE
+
+ """
+ There is no policy set for preventing insecure 2FA methods from being used by members of the enterprise.
+ """
+ NO_POLICY
+}
+
"""
An edge in a connection.
"""
@@ -13902,6 +13932,10 @@ type EnterpriseOwnerInfo {
"""
Only return administrators with this two-factor authentication status.
+
+ **Upcoming Change on 2025-04-01 UTC**
+ **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead.
+ **Reason:** `has_two_factor_enabled` will be removed.
"""
hasTwoFactorEnabled: Boolean = null
@@ -13929,6 +13963,11 @@ type EnterpriseOwnerInfo {
The role to filter by.
"""
role: EnterpriseAdministratorRole
+
+ """
+ Only return outside collaborators with this type of two-factor authentication method.
+ """
+ twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null
): EnterpriseAdministratorConnection!
"""
@@ -14576,6 +14615,10 @@ type EnterpriseOwnerInfo {
"""
Only return outside collaborators with this two-factor authentication status.
+
+ **Upcoming Change on 2025-04-01 UTC**
+ **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead.
+ **Reason:** `has_two_factor_enabled` will be removed.
"""
hasTwoFactorEnabled: Boolean = null
@@ -14604,6 +14647,11 @@ type EnterpriseOwnerInfo {
"""
query: String
+ """
+ Only return outside collaborators with this type of two-factor authentication method.
+ """
+ twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null
+
"""
Only return outside collaborators on repositories with this visibility.
"""
@@ -14910,6 +14958,11 @@ type EnterpriseOwnerInfo {
value: Boolean!
): OrganizationConnection!
+ """
+ The setting value for what methods of two-factor authentication the enterprise prevents its users from having.
+ """
+ twoFactorDisallowedMethodsSetting: EnterpriseDisallowedMethodsSettingValue!
+
"""
The setting value for whether the enterprise requires two-factor authentication for its organizations and users.
"""
@@ -16297,8 +16350,7 @@ input FileDeletion {
}
"""
-Prevent commits that include files with specified file extensions from being
-pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"""
type FileExtensionRestrictionParameters {
"""
@@ -16308,8 +16360,7 @@ type FileExtensionRestrictionParameters {
}
"""
-Prevent commits that include files with specified file extensions from being
-pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"""
input FileExtensionRestrictionParametersInput {
"""
@@ -16319,8 +16370,7 @@ input FileExtensionRestrictionParametersInput {
}
"""
-Prevent commits that include changes in specified file paths from being pushed
-to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"""
type FilePathRestrictionParameters {
"""
@@ -16330,8 +16380,7 @@ type FilePathRestrictionParameters {
}
"""
-Prevent commits that include changes in specified file paths from being pushed
-to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"""
input FilePathRestrictionParametersInput {
"""
@@ -21063,8 +21112,7 @@ type MarketplaceListingEdge {
}
"""
-Prevent commits that include file paths that exceed a specified character limit
-from being pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"""
type MaxFilePathLengthParameters {
"""
@@ -21074,8 +21122,7 @@ type MaxFilePathLengthParameters {
}
"""
-Prevent commits that include file paths that exceed a specified character limit
-from being pushed to the commit graph. NOTE: This rule is in beta and subject to change
+Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"""
input MaxFilePathLengthParametersInput {
"""
@@ -21085,8 +21132,7 @@ input MaxFilePathLengthParametersInput {
}
"""
-Prevent commits that exceed a specified file size limit from being pushed to the
-commit. NOTE: This rule is in beta and subject to change
+Prevent commits that exceed a specified file size limit from being pushed to the commit.
"""
type MaxFileSizeParameters {
"""
@@ -21096,8 +21142,7 @@ type MaxFileSizeParameters {
}
"""
-Prevent commits that exceed a specified file size limit from being pushed to the
-commit. NOTE: This rule is in beta and subject to change
+Prevent commits that exceed a specified file size limit from being pushed to the commit.
"""
input MaxFileSizeParametersInput {
"""
@@ -24890,6 +24935,16 @@ type Mutation {
input: UpdateEnterpriseTeamDiscussionsSettingInput!
): UpdateEnterpriseTeamDiscussionsSettingPayload
+ """
+ Sets the two-factor authentication methods that users of an enterprise may not use.
+ """
+ updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting(
+ """
+ Parameters for UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting
+ """
+ input: UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput!
+ ): UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingPayload
+
"""
Sets whether two factor authentication is required for all users in an enterprise.
"""
@@ -29899,6 +29954,11 @@ type Organization implements Actor & AnnouncementBanner & MemberStatusable & Nod
The ID of the ruleset to be returned.
"""
databaseId: Int!
+
+ """
+ Include rulesets configured at higher levels that apply to this organization.
+ """
+ includeParents: Boolean = true
): RepositoryRuleset
"""
@@ -33510,6 +33570,9 @@ type ProjectV2 implements Closable & Node & Updatable {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
A field of the project
@@ -33551,6 +33614,11 @@ type ProjectV2 implements Closable & Node & Updatable {
orderBy: ProjectV2FieldOrder = {field: POSITION, direction: ASC}
): ProjectV2FieldConfigurationConnection!
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
+
"""
The Node ID of the ProjectV2 object
"""
@@ -34290,6 +34358,9 @@ type ProjectV2Item implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
The field value of the first project field which matches the 'name' argument that is set on the item.
@@ -35616,6 +35687,14 @@ type ProjectV2StatusUpdate implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
+
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
"""
The Node ID of the ProjectV2StatusUpdate object
@@ -35741,6 +35820,9 @@ type ProjectV2View implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
The view's visible fields.
@@ -35777,6 +35859,11 @@ type ProjectV2View implements Node {
"""
filter: String
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
+
"""
The view's group-by field.
"""
@@ -36128,12 +36215,20 @@ type ProjectV2Workflow implements Node {
Identifies the primary key from the database.
"""
databaseId: Int
+ @deprecated(
+ reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC."
+ )
"""
Whether the workflow is enabled.
"""
enabled: Boolean!
+ """
+ Identifies the primary key from the database as a BigInt.
+ """
+ fullDatabaseId: BigInt
+
"""
The Node ID of the ProjectV2Workflow object
"""
@@ -39584,7 +39679,7 @@ type PushAllowanceEdge {
"""
The query root of GitHub's GraphQL interface.
"""
-type Query {
+type Query implements Node {
"""
Look up a code of conduct by its key
"""
@@ -39670,6 +39765,11 @@ type Query {
invitationToken: String!
): EnterpriseMemberInvitation
+ """
+ ID of the object.
+ """
+ id: ID!
+
"""
Look up an open source license by its key
"""
@@ -47726,14 +47826,12 @@ enum RepositoryRuleType {
DELETION
"""
- Prevent commits that include files with specified file extensions from being
- pushed to the commit graph. NOTE: This rule is in beta and subject to change
+ Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"""
FILE_EXTENSION_RESTRICTION
"""
- Prevent commits that include changes in specified file paths from being pushed
- to the commit graph. NOTE: This rule is in beta and subject to change
+ Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"""
FILE_PATH_RESTRICTION
@@ -47743,15 +47841,12 @@ enum RepositoryRuleType {
LOCK_BRANCH
"""
- Prevent commits that include file paths that exceed a specified character
- limit from being pushed to the commit graph. NOTE: This rule is in beta and
- subject to change
+ Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"""
MAX_FILE_PATH_LENGTH
"""
- Prevent commits that exceed a specified file size limit from being pushed to
- the commit. NOTE: This rule is in beta and subject to change
+ Prevent commits that exceed a specified file size limit from being pushed to the commit.
"""
MAX_FILE_SIZE
@@ -47968,6 +48063,11 @@ type RepositoryRulesetBypassActor implements Node {
"""
deployKey: Boolean!
+ """
+ This actor represents the ability for an enterprise owner to bypass
+ """
+ enterpriseOwner: Boolean!
+
"""
The Node ID of the RepositoryRulesetBypassActor object
"""
@@ -48070,6 +48170,11 @@ input RepositoryRulesetBypassActorInput {
"""
deployKey: Boolean
+ """
+ For enterprise owner bypasses, true
+ """
+ enterpriseOwner: Boolean
+
"""
For organization owner bypasses, true
"""
@@ -48122,7 +48227,7 @@ type RepositoryRulesetEdge {
}
"""
-The targets supported for rulesets. NOTE: The push target is in beta and subject to change.
+The targets supported for rulesets.
"""
enum RepositoryRulesetTarget {
"""
@@ -49572,7 +49677,7 @@ input RuleParametersInput {
"""
Types which can have `RepositoryRule` objects.
"""
-union RuleSource = Organization | Repository
+union RuleSource = Enterprise | Organization | Repository
"""
The possible digest algorithms used to sign SAML requests for an identity provider.
@@ -49849,6 +49954,9 @@ type SecurityAdvisory implements Node {
The CVSS associated with this advisory
"""
cvss: CVSS!
+ @deprecated(
+ reason: "`cvss` will be removed. New `cvss_severities` field will now contain both `cvss_v3` and `cvss_v4` properties. Removal on 2025-10-01 UTC."
+ )
"""
CWEs associated with this Advisory
@@ -50180,6 +50288,16 @@ input SecurityAdvisoryOrder {
Properties by which security advisory connections can be ordered.
"""
enum SecurityAdvisoryOrderField {
+ """
+ Order advisories by EPSS percentage
+ """
+ EPSS_PERCENTAGE
+
+ """
+ Order advisories by EPSS percentile
+ """
+ EPSS_PERCENTILE
+
"""
Order advisories by publication time
"""
@@ -57251,6 +57369,26 @@ type TreeEntry {
type: String!
}
+"""
+Filters by whether or not 2FA is enabled and if the method configured is considered secure or insecure.
+"""
+enum TwoFactorCredentialSecurityType {
+ """
+ No method of two-factor authentication.
+ """
+ DISABLED
+
+ """
+ Has an insecure method of two-factor authentication. GitHub currently defines this as SMS two-factor authentication.
+ """
+ INSECURE
+
+ """
+ Has only secure methods of two-factor authentication.
+ """
+ SECURE
+}
+
"""
An RFC 3986, RFC 3987, and RFC 6570 (level 4) compliant URI string.
"""
@@ -59087,6 +59225,46 @@ type UpdateEnterpriseTeamDiscussionsSettingPayload {
message: String
}
+"""
+Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting
+"""
+input UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput {
+ """
+ A unique identifier for the client performing the mutation.
+ """
+ clientMutationId: String
+
+ """
+ The ID of the enterprise on which to set the two-factor authentication disallowed methods setting.
+ """
+ enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"])
+
+ """
+ The value for the two-factor authentication disallowed methods setting on the enterprise.
+ """
+ settingValue: EnterpriseDisallowedMethodsSettingValue!
+}
+
+"""
+Autogenerated return type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting.
+"""
+type UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingPayload {
+ """
+ A unique identifier for the client performing the mutation.
+ """
+ clientMutationId: String
+
+ """
+ The enterprise with the updated two-factor authentication disallowed methods setting.
+ """
+ enterprise: Enterprise
+
+ """
+ A message confirming the result of updating the two-factor authentication disallowed methods setting.
+ """
+ message: String
+}
+
"""
Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationRequiredSetting
"""
diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json
index 984b9008a3e8..c795ffb03604 100644
--- a/src/graphql/data/ghec/schema.json
+++ b/src/graphql/data/ghec/schema.json
@@ -149,6 +149,15 @@
}
]
},
+ {
+ "name": "id",
+ "type": "ID!",
+ "kind": "scalars",
+ "id": "id",
+ "href": "/graphql/reference/scalars#id",
+ "description": "ID of the object.
",
+ "args": []
+ },
{
"name": "license",
"type": "License",
@@ -8186,6 +8195,48 @@
}
]
},
+ {
+ "name": "updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting",
+ "kind": "mutations",
+ "id": "updateenterprisetwofactorauthenticationdisallowedmethodssetting",
+ "href": "/graphql/reference/mutations#updateenterprisetwofactorauthenticationdisallowedmethodssetting",
+ "description": "Sets the two-factor authentication methods that users of an enterprise may not use.
",
+ "inputFields": [
+ {
+ "name": "input",
+ "type": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput!",
+ "id": "updateenterprisetwofactorauthenticationdisallowedmethodssettinginput",
+ "kind": "input-objects",
+ "href": "/graphql/reference/input-objects#updateenterprisetwofactorauthenticationdisallowedmethodssettinginput"
+ }
+ ],
+ "returnFields": [
+ {
+ "name": "clientMutationId",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string",
+ "description": "A unique identifier for the client performing the mutation.
"
+ },
+ {
+ "name": "enterprise",
+ "type": "Enterprise",
+ "id": "enterprise",
+ "kind": "objects",
+ "href": "/graphql/reference/objects#enterprise",
+ "description": "The enterprise with the updated two-factor authentication disallowed methods setting.
"
+ },
+ {
+ "name": "message",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string",
+ "description": "A message confirming the result of updating the two-factor authentication disallowed methods setting.
"
+ }
+ ]
+ },
{
"name": "updateEnterpriseTwoFactorAuthenticationRequiredSetting",
"kind": "mutations",
@@ -9819,6 +9870,14 @@
}
],
"fields": [
+ {
+ "name": "clientId",
+ "description": "The client ID of the app.
",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string"
+ },
{
"name": "createdAt",
"description": "Identifies the date and time when the object was created.
",
@@ -21173,7 +21232,7 @@
},
{
"name": "hasTwoFactorEnabled",
- "description": "Only return members with this two-factor authentication status. Does not\ninclude members who only have an account on a GitHub Enterprise Server instance.
",
+ "description": "Only return members with this two-factor authentication status. Does not\ninclude members who only have an account on a GitHub Enterprise Server instance.
\nUpcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.
",
"type": {
"name": "Boolean",
"id": "boolean",
@@ -21230,6 +21289,16 @@
"kind": "enums",
"href": "/graphql/reference/enums#enterpriseuseraccountmembershiprole"
}
+ },
+ {
+ "name": "twoFactorMethodSecurity",
+ "description": "Only return members with this type of two-factor authentication method. Does\nnot include members who only have an account on a GitHub Enterprise Server instance.
",
+ "type": {
+ "name": "TwoFactorCredentialSecurityType",
+ "id": "twofactorcredentialsecuritytype",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype"
+ }
}
]
},
@@ -22431,7 +22500,7 @@
},
{
"name": "hasTwoFactorEnabled",
- "description": "Only return administrators with this two-factor authentication status.
",
+ "description": "Only return administrators with this two-factor authentication status.
\nUpcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.
",
"type": {
"name": "Boolean",
"id": "boolean",
@@ -22488,6 +22557,16 @@
"kind": "enums",
"href": "/graphql/reference/enums#enterpriseadministratorrole"
}
+ },
+ {
+ "name": "twoFactorMethodSecurity",
+ "description": "Only return outside collaborators with this type of two-factor authentication method.
",
+ "type": {
+ "name": "TwoFactorCredentialSecurityType",
+ "id": "twofactorcredentialsecuritytype",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype"
+ }
}
]
},
@@ -23728,7 +23807,7 @@
},
{
"name": "hasTwoFactorEnabled",
- "description": "Only return outside collaborators with this two-factor authentication status.
",
+ "description": "Only return outside collaborators with this two-factor authentication status.
\nUpcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.
",
"type": {
"name": "Boolean",
"id": "boolean",
@@ -23786,6 +23865,16 @@
"href": "/graphql/reference/scalars#string"
}
},
+ {
+ "name": "twoFactorMethodSecurity",
+ "description": "Only return outside collaborators with this type of two-factor authentication method.
",
+ "type": {
+ "name": "TwoFactorCredentialSecurityType",
+ "id": "twofactorcredentialsecuritytype",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype"
+ }
+ },
{
"name": "visibility",
"description": "Only return outside collaborators on repositories with this visibility.
",
@@ -24392,6 +24481,14 @@
}
]
},
+ {
+ "name": "twoFactorDisallowedMethodsSetting",
+ "description": "The setting value for what methods of two-factor authentication the enterprise prevents its users from having.
",
+ "type": "EnterpriseDisallowedMethodsSettingValue!",
+ "id": "enterprisedisallowedmethodssettingvalue",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue"
+ },
{
"name": "twoFactorRequiredSetting",
"description": "The setting value for whether the enterprise requires two-factor authentication for its organizations and users.
",
@@ -26201,7 +26298,7 @@
"kind": "objects",
"id": "fileextensionrestrictionparameters",
"href": "/graphql/reference/objects#fileextensionrestrictionparameters",
- "description": "Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.
",
"fields": [
{
"name": "restrictedFileExtensions",
@@ -26218,7 +26315,7 @@
"kind": "objects",
"id": "filepathrestrictionparameters",
"href": "/graphql/reference/objects#filepathrestrictionparameters",
- "description": "Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include changes in specified file paths from being pushed to the commit graph.
",
"fields": [
{
"name": "restrictedFilePaths",
@@ -31947,7 +32044,7 @@
"kind": "objects",
"id": "maxfilepathlengthparameters",
"href": "/graphql/reference/objects#maxfilepathlengthparameters",
- "description": "Prevent commits that include file paths that exceed a specified character limit\nfrom being pushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
",
"fields": [
{
"name": "maxFilePathLength",
@@ -31964,7 +32061,7 @@
"kind": "objects",
"id": "maxfilesizeparameters",
"href": "/graphql/reference/objects#maxfilesizeparameters",
- "description": "Prevent commits that exceed a specified file size limit from being pushed to the\ncommit. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that exceed a specified file size limit from being pushed to the commit.
",
"fields": [
{
"name": "maxFileSize",
@@ -41416,6 +41513,17 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#int"
}
+ },
+ {
+ "name": "includeParents",
+ "defaultValue": true,
+ "description": "Include rulesets configured at higher levels that apply to this organization.
",
+ "type": {
+ "name": "Boolean",
+ "id": "boolean",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#boolean"
+ }
}
]
},
@@ -45936,7 +46044,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "field",
@@ -46018,6 +46128,14 @@
}
]
},
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
+ },
{
"name": "id",
"description": "The Node ID of the ProjectV2 object.
",
@@ -46917,7 +47035,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "fieldValueByName",
@@ -48569,7 +48689,17 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
+ },
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
},
{
"name": "id",
@@ -48715,7 +48845,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "fields",
@@ -48785,6 +48917,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#string"
},
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
+ },
{
"name": "groupBy",
"description": "The view's group-by field.
",
@@ -49337,7 +49477,9 @@
"type": "Int",
"id": "int",
"kind": "scalars",
- "href": "/graphql/reference/scalars#int"
+ "href": "/graphql/reference/scalars#int",
+ "isDeprecated": true,
+ "deprecationReason": "databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.
"
},
{
"name": "enabled",
@@ -49347,6 +49489,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#boolean"
},
+ {
+ "name": "fullDatabaseId",
+ "description": "Identifies the primary key from the database as a BigInt.
",
+ "type": "BigInt",
+ "id": "bigint",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#bigint"
+ },
{
"name": "id",
"description": "The Node ID of the ProjectV2Workflow object.
",
@@ -64747,6 +64897,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#boolean"
},
+ {
+ "name": "enterpriseOwner",
+ "description": "This actor represents the ability for an enterprise owner to bypass.
",
+ "type": "Boolean!",
+ "id": "boolean",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#boolean"
+ },
{
"name": "id",
"description": "The Node ID of the RepositoryRulesetBypassActor object.
",
@@ -66635,7 +66793,9 @@
"type": "CVSS!",
"id": "cvss",
"kind": "objects",
- "href": "/graphql/reference/objects#cvss"
+ "href": "/graphql/reference/objects#cvss",
+ "isDeprecated": true,
+ "deprecationReason": "cvss will be removed. New cvss_severities field will now contain both cvss_v3 and cvss_v4 properties. Removal on 2025-10-01 UTC.
"
},
{
"name": "cwes",
@@ -83830,6 +83990,23 @@
}
]
},
+ {
+ "name": "EnterpriseDisallowedMethodsSettingValue",
+ "kind": "enums",
+ "id": "enterprisedisallowedmethodssettingvalue",
+ "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue",
+ "description": "The possible values for an enabled/no policy enterprise setting.
",
+ "values": [
+ {
+ "name": "INSECURE",
+ "description": "The setting prevents insecure 2FA methods from being used by members of the enterprise.
"
+ },
+ {
+ "name": "NO_POLICY",
+ "description": "There is no policy set for preventing insecure 2FA methods from being used by members of the enterprise.
"
+ }
+ ]
+ },
{
"name": "EnterpriseEnabledDisabledSettingValue",
"kind": "enums",
@@ -87325,11 +87502,11 @@
},
{
"name": "FILE_EXTENSION_RESTRICTION",
- "description": "Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.
"
+ "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.
"
},
{
"name": "FILE_PATH_RESTRICTION",
- "description": "Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.
"
+ "description": "Prevent commits that include changes in specified file paths from being pushed to the commit graph.
"
},
{
"name": "LOCK_BRANCH",
@@ -87337,11 +87514,11 @@
},
{
"name": "MAX_FILE_PATH_LENGTH",
- "description": "Prevent commits that include file paths that exceed a specified character\nlimit from being pushed to the commit graph. NOTE: This rule is in beta and\nsubject to change.
"
+ "description": "Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
"
},
{
"name": "MAX_FILE_SIZE",
- "description": "Prevent commits that exceed a specified file size limit from being pushed to\nthe commit. NOTE: This rule is in beta and subject to change.
"
+ "description": "Prevent commits that exceed a specified file size limit from being pushed to the commit.
"
},
{
"name": "MAX_REF_UPDATES",
@@ -87435,7 +87612,7 @@
"kind": "enums",
"id": "repositoryrulesettarget",
"href": "/graphql/reference/enums#repositoryrulesettarget",
- "description": "The targets supported for rulesets. NOTE: The push target is in beta and subject to change.
",
+ "description": "The targets supported for rulesets.
",
"values": [
{
"name": "BRANCH",
@@ -87771,6 +87948,14 @@
"href": "/graphql/reference/enums#securityadvisoryorderfield",
"description": "Properties by which security advisory connections can be ordered.
",
"values": [
+ {
+ "name": "EPSS_PERCENTAGE",
+ "description": "Order advisories by EPSS percentage.
"
+ },
+ {
+ "name": "EPSS_PERCENTILE",
+ "description": "Order advisories by EPSS percentile.
"
+ },
{
"name": "PUBLISHED_AT",
"description": "Order advisories by publication time.
"
@@ -89502,6 +89687,27 @@
}
]
},
+ {
+ "name": "TwoFactorCredentialSecurityType",
+ "kind": "enums",
+ "id": "twofactorcredentialsecuritytype",
+ "href": "/graphql/reference/enums#twofactorcredentialsecuritytype",
+ "description": "Filters by whether or not 2FA is enabled and if the method configured is considered secure or insecure.
",
+ "values": [
+ {
+ "name": "DISABLED",
+ "description": "No method of two-factor authentication.
"
+ },
+ {
+ "name": "INSECURE",
+ "description": "Has an insecure method of two-factor authentication. GitHub currently defines this as SMS two-factor authentication.
"
+ },
+ {
+ "name": "SECURE",
+ "description": "Has only secure methods of two-factor authentication.
"
+ }
+ ]
+ },
{
"name": "UserBlockDuration",
"kind": "enums",
@@ -91427,6 +91633,11 @@
"href": "/graphql/reference/unions#rulesource",
"description": "Types which can have RepositoryRule objects.
",
"possibleTypes": [
+ {
+ "name": "Enterprise",
+ "id": "enterprise",
+ "href": "/graphql/reference/objects#enterprise"
+ },
{
"name": "Organization",
"id": "organization",
@@ -97499,7 +97710,7 @@
"kind": "inputObjects",
"id": "fileextensionrestrictionparametersinput",
"href": "/graphql/reference/input-objects#fileextensionrestrictionparametersinput",
- "description": "Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.
",
"inputFields": [
{
"name": "restrictedFileExtensions",
@@ -97516,7 +97727,7 @@
"kind": "inputObjects",
"id": "filepathrestrictionparametersinput",
"href": "/graphql/reference/input-objects#filepathrestrictionparametersinput",
- "description": "Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include changes in specified file paths from being pushed to the commit graph.
",
"inputFields": [
{
"name": "restrictedFilePaths",
@@ -98343,7 +98554,7 @@
"kind": "inputObjects",
"id": "maxfilepathlengthparametersinput",
"href": "/graphql/reference/input-objects#maxfilepathlengthparametersinput",
- "description": "Prevent commits that include file paths that exceed a specified character limit\nfrom being pushed to the commit graph. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.
",
"inputFields": [
{
"name": "maxFilePathLength",
@@ -98360,7 +98571,7 @@
"kind": "inputObjects",
"id": "maxfilesizeparametersinput",
"href": "/graphql/reference/input-objects#maxfilesizeparametersinput",
- "description": "Prevent commits that exceed a specified file size limit from being pushed to the\ncommit. NOTE: This rule is in beta and subject to change.
",
+ "description": "Prevent commits that exceed a specified file size limit from being pushed to the commit.
",
"inputFields": [
{
"name": "maxFileSize",
@@ -100417,6 +100628,14 @@
"kind": "scalars",
"href": "/graphql/reference/scalars#boolean"
},
+ {
+ "name": "enterpriseOwner",
+ "description": "For enterprise owner bypasses, true.
",
+ "type": "Boolean",
+ "id": "boolean",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#boolean"
+ },
{
"name": "organizationAdmin",
"description": "For organization owner bypasses, true.
",
@@ -103452,6 +103671,40 @@
}
]
},
+ {
+ "name": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput",
+ "kind": "inputObjects",
+ "id": "updateenterprisetwofactorauthenticationdisallowedmethodssettinginput",
+ "href": "/graphql/reference/input-objects#updateenterprisetwofactorauthenticationdisallowedmethodssettinginput",
+ "description": "Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting.
",
+ "inputFields": [
+ {
+ "name": "clientMutationId",
+ "description": "A unique identifier for the client performing the mutation.
",
+ "type": "String",
+ "id": "string",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#string"
+ },
+ {
+ "name": "enterpriseId",
+ "description": "The ID of the enterprise on which to set the two-factor authentication disallowed methods setting.
",
+ "type": "ID!",
+ "id": "id",
+ "kind": "scalars",
+ "href": "/graphql/reference/scalars#id",
+ "isDeprecated": false
+ },
+ {
+ "name": "settingValue",
+ "description": "The value for the two-factor authentication disallowed methods setting on the enterprise.
",
+ "type": "EnterpriseDisallowedMethodsSettingValue!",
+ "id": "enterprisedisallowedmethodssettingvalue",
+ "kind": "enums",
+ "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue"
+ }
+ ]
+ },
{
"name": "UpdateEnterpriseTwoFactorAuthenticationRequiredSettingInput",
"kind": "inputObjects",
diff --git a/src/graphql/data/ghec/upcoming-changes.json b/src/graphql/data/ghec/upcoming-changes.json
index 4ca5619de54a..29b7742e051d 100644
--- a/src/graphql/data/ghec/upcoming-changes.json
+++ b/src/graphql/data/ghec/upcoming-changes.json
@@ -1,4 +1,80 @@
{
+ "2025-10-01": [
+ {
+ "location": "SecurityAdvisory.cvss",
+ "description": "cvss will be removed. New cvss_severities field will now contain both cvss_v3 and cvss_v4 properties.
",
+ "reason": "cvss will be removed.
",
+ "date": "2025-10-01",
+ "criticality": "breaking",
+ "owner": "github/advisory-database"
+ }
+ ],
+ "2025-04-01": [
+ {
+ "location": "ProjectV2Workflow.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2View.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2StatusUpdate.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2Item.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "ProjectV2.databaseId",
+ "description": "databaseId will be removed. Use fullDatabaseId instead.
",
+ "reason": "databaseId will be removed because it does not support 64-bit signed integer identifiers.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "dewski"
+ },
+ {
+ "location": "EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled",
+ "description": "hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.
",
+ "reason": "has_two_factor_enabled will be removed.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "authentication"
+ },
+ {
+ "location": "EnterpriseOwnerInfo.admins.hasTwoFactorEnabled",
+ "description": "hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.
",
+ "reason": "has_two_factor_enabled will be removed.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "authentication"
+ },
+ {
+ "location": "Enterprise.members.hasTwoFactorEnabled",
+ "description": "hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.
",
+ "reason": "has_two_factor_enabled will be removed.
",
+ "date": "2025-04-01",
+ "criticality": "breaking",
+ "owner": "authentication"
+ }
+ ],
"2025-01-01": [
{
"location": "AddMobileDevicePublicKeyPayload.expiresAt",
diff --git a/src/graphql/scripts/build-changelog.js b/src/graphql/scripts/build-changelog.js
index 5aa598669631..d08e9d18ce7c 100644
--- a/src/graphql/scripts/build-changelog.js
+++ b/src/graphql/scripts/build-changelog.js
@@ -51,12 +51,14 @@ export async function createChangelogEntry(
// Generate changes between the two schemas
const changes = await diff(oldSchema, newSchema)
const changesToReport = []
- changes.forEach(function (change) {
+ changes.forEach((change) => {
if (CHANGES_TO_REPORT.includes(change.type)) {
changesToReport.push(change)
} else if (CHANGES_TO_IGNORE.includes(change.type)) {
// Do nothing
} else {
+ console.error('Change object causing error:')
+ console.error(change)
throw new Error(
'This change type should be added to CHANGES_TO_REPORT or CHANGES_TO_IGNORE: ' +
change.type,
@@ -304,6 +306,7 @@ const CHANGES_TO_IGNORE = [
ChangeType.TypeDescriptionChanged,
ChangeType.TypeDescriptionRemoved,
ChangeType.TypeDescriptionAdded,
+ ChangeType.DirectiveUsageFieldDefinitionAdded,
]
export default { createChangelogEntry, cleanPreviewTitle, previewAnchor, prependDatedEntry }
diff --git a/src/graphql/scripts/utils/schema-helpers.js b/src/graphql/scripts/utils/schema-helpers.js
index 7b089adc2cf6..46ccb3e95276 100644
--- a/src/graphql/scripts/utils/schema-helpers.js
+++ b/src/graphql/scripts/utils/schema-helpers.js
@@ -1,14 +1,19 @@
#!/usr/bin/env node
import { renderContent } from '#src/content-render/index.js'
import fs from 'fs/promises'
-import { graphql } from 'graphql'
+import {
+ isScalarType,
+ isObjectType,
+ isInterfaceType,
+ isUnionType,
+ isEnumType,
+ isInputObjectType,
+} from 'graphql'
import path from 'path'
const graphqlTypes = JSON.parse(
await fs.readFile(path.join(process.cwd(), './src/graphql/lib/types.json')),
)
-const { isScalarType, isObjectType, isInterfaceType, isUnionType, isEnumType, isInputObjectType } =
- graphql
const singleQuotesInsteadOfBackticks = / '(\S+?)' /