TL;DR
* Strict maximum length limits are now enforced for the cluster (128 characters) and deployment_name (256 characters) properties in deployment record requests.
* The tag-protection schema is no longer available in the API.
* Code security configuration endpoints now accept and return the secret_scanning_extended_metadata property.
* Dependabot alert queries for both organizations and enterprises now support filtering via an assignee parameter.
* A new endpoint is available for managing Copilot content exclusions at the organization level.
What Changed
Breaking
* /orgs/{org}/artifacts/metadata/deployment-record: The cluster request property maxLength was set to 128.
* /orgs/{org}/artifacts/metadata/deployment-record: The deployment_name request property maxLength was set to 256.
Behavior
* api: Removed the tag-protection schema.
* /orgs/{org}/artifacts/metadata/deployment-record: Increased the maxLength for both logical_environment and physical_environment request properties from 64 to 128.
* /orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster}: Increased the maxLength of the cluster path parameter from 64 to 128.
* /orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster}: Increased the maxLength for the deployments/items/deployment_name request property from 128 to 256.
* /orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster}: Increased the maxLength for logical_environment and physical_environment request properties from 64 to 128.
Feature
* /enterprises/{enterprise}/code-security/configurations (and related ID/defaults endpoints): Added the optional secret_scanning_extended_metadata property to requests and 200/201 responses.
* /orgs/{org}/code-security/configurations (and related ID/defaults endpoints): Added the optional secret_scanning_extended_metadata property to requests and 200/201 responses.
* /enterprises/{enterprise}/dependabot/alerts: Added the optional assignee query parameter.
* /orgs/{org}/dependabot/alerts: Added the optional assignee query parameter.
* /orgs/{org}/copilot/content_exclusion: Added a new endpoint.
* /orgs/{org}/rulesets: Added a new non-success response.
Who's Impacted
* If you send deployment record requests with cluster names exceeding 128 characters, you will experience API rejections due to the new length limits.
* If you rely on the tag-protection schema in your API integrations, you will encounter errors because the schema has been removed.
* If you manage Dependabot alerts at the organization or enterprise level, you can now filter these alerts using the new assignee query parameter.
Action Checklist
cluster property lengths.cluster names to ensure they are 128 characters or fewer before calling /orgs/{org}/artifacts/metadata/deployment-record.deployment_name values.deployment_name values sent to /orgs/{org}/artifacts/metadata/deployment-record do not exceed 256 characters.tag-protection schema.tag-protection schema.logical_environment to accept up to 128 characters.physical_environment to accept up to 128 characters./orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster} to allow 128 characters.secret_scanning_extended_metadata is applicable to your workflow.secret_scanning_extended_metadata.secret_scanning_extended_metadata.secret_scanning_extended_metadata field in 200 and 201 responses from code security configuration endpoints.assignee query parameter on /enterprises/{enterprise}/dependabot/alerts.assignee query parameter on /orgs/{org}/dependabot/alerts./orgs/{org}/copilot/content_exclusion endpoint into your Copilot management workflows./orgs/{org}/rulesets.Verification
* Sources:
* [Commit fc2c3bbd8e67](https://github.com/github/rest-api-description/commit/fc2c3bbd8e67364c9ed84ae528b44ae0a6cc1672)
* [GitHub REST API Spec Diff](https://github.com/github/rest-api-description/compare/b129d699e445db64e773d1b08df3b2b16f1e8cb9...fc2c3bbd8e67364c9ed84ae528b44ae0a6cc1672)
* Verified At: 2026-02-26T00:40:08.426600+00:00