Back to changelog

Improvement

September 26, 20231 Minute Read

Changes to token permission on packages

Announcing changes to permissions for packages.

We are restricting the refs REST API endpoint from accepting POSTs from users and apps that only have the permission to read and write packages. Previously, this endpoint accepted updates to both tags and branches.

If that ability is critical to your development flows you will now be required to add explicit contents permissions to create refs.

Users will need to add the public_repo scope to their PAT token.
Apps will need to use the read and write contents permission.
GitHub Actions customers will need to add contents:write to their workflow YAML.
```
permissions:
     contents: write
```
```
permissions:
     contents: write
```

A small cohort of customers relying on this flow have been notified of these changes and will have additional time to remediate.

We appreciate your feedback in GitHub's public feedback discussions.

Related Posts

JUN.15Improvement
Copilot usage metrics now include more of your active users
- Account Management
JUN.10Improvement
Enterprises can now create up to 500 cost centers
- Account Management
JUN.4Release
Budget and usage management APIs now generally available
- Account Management
MAY.29Improvement
Copilot usage metrics API adds cohorts for AI adoption
- Account Management
MAY.20Improvement
Copilot usage metrics reports now use GitHub-owned download URLs
- Account Management
MAY.14Release
Team-level Copilot usage metrics now available via API
- Account Management
MAY.8Release
Copilot code review comment types now in usage metrics API
- Account Management
APR.23Release
Copilot cloud agent fields added to usage metrics
- Account Management
APR.22Improvement
Upcoming change to Copilot usage metrics report download URLs
- Account Management

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

Changes to token permission on packages - GitHub Changelog