google · gmlewis · May 22, 2026 · May 22, 2026 · May 22, 2026 · May 22, 2026
diff --git a/github/admin_users.go b/github/admin_users.go
@@ -31,13 +31,13 @@ func (s *AdminService) CreateUser(ctx context.Context, userReq CreateUserRequest
 		return nil, nil, err
 	}
 
-	var user User
+	var user *User
 	resp, err := s.client.Do(req, &user)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return &user, resp, nil
+	return user, resp, nil
 }
 
 // DeleteUser deletes a user in GitHub Enterprise.

diff --git a/github/git_commits_test.go b/github/git_commits_test.go
@@ -315,14 +315,14 @@ Commit Message.`
 		Parents: []*Commit{{SHA: Ptr("p")}},
 		Author:  &author,
 	}
-	wantBody := createCommit{
+	wantBody := &createCommit{
 		Message:   input.Message,
 		Tree:      Ptr("t"),
 		Parents:   []string{"p"},
 		Author:    &author,
 		Signature: &signature,
 	}
-	var gotBody createCommit
+	var gotBody *createCommit
 	mux.HandleFunc("/repos/o/r/git/commits", func(w http.ResponseWriter, r *http.Request) {
 		assertNilError(t, json.NewDecoder(r.Body).Decode(&gotBody))
 		testMethod(t, r, "POST")

diff --git a/github/issue_import.go b/github/issue_import.go
@@ -83,20 +83,20 @@ func (s *IssueImportService) Create(ctx context.Context, owner, repo string, iss
 
 	req.Header.Set("Accept", mediaTypeIssueImportAPI)
 
-	var i IssueImportResponse
+	var i *IssueImportResponse
 	resp, err := s.client.Do(req, &i)
 	if err != nil {
 		var aerr *AcceptedError
 		if errors.As(err, &aerr) {
 			if err := json.Unmarshal(aerr.Raw, &i); err != nil {
-				return &i, resp, err
+				return i, resp, err
 			}
-			return &i, resp, err
+			return i, resp, err
 		}
 		return nil, resp, err
 	}
 
-	return &i, resp, nil
+	return i, resp, nil
 }
 
 // CheckStatus checks the status of an imported issue.

diff --git a/github/private_registries.go b/github/private_registries.go
@@ -249,12 +249,12 @@ func (s *PrivateRegistriesService) ListOrganizationPrivateRegistries(ctx context
 		return nil, nil, err
 	}
 
-	var privateRegistries PrivateRegistries
+	var privateRegistries *PrivateRegistries
 	resp, err := s.client.Do(req, &privateRegistries)
 	if err != nil {
 		return nil, resp, err
 	}
-	return &privateRegistries, resp, nil
+	return privateRegistries, resp, nil
 }
 
 // CreateOrganizationPrivateRegistry creates a private registry configuration with an encrypted value for an organization.
@@ -270,12 +270,12 @@ func (s *PrivateRegistriesService) CreateOrganizationPrivateRegistry(ctx context
 		return nil, nil, err
 	}
 
-	var result PrivateRegistry
+	var result *PrivateRegistry
 	resp, err := s.client.Do(req, &result)
 	if err != nil {
 		return nil, resp, err
 	}
-	return &result, resp, nil
+	return result, resp, nil
 }
 
 // GetOrganizationPrivateRegistriesPublicKey retrieves the public key for encrypting secrets for an organization's private registries.
@@ -291,12 +291,12 @@ func (s *PrivateRegistriesService) GetOrganizationPrivateRegistriesPublicKey(ctx
 		return nil, nil, err
 	}
 
-	var publicKey PublicKey
+	var publicKey *PublicKey
 	resp, err := s.client.Do(req, &publicKey)
 	if err != nil {
 		return nil, resp, err
 	}
-	return &publicKey, resp, nil
+	return publicKey, resp, nil
 }
 
 // GetOrganizationPrivateRegistry gets a specific private registry for an organization.
@@ -313,13 +313,13 @@ func (s *PrivateRegistriesService) GetOrganizationPrivateRegistry(ctx context.Co
 		return nil, nil, err
 	}
 
-	var privateRegistry PrivateRegistry
+	var privateRegistry *PrivateRegistry
 	resp, err := s.client.Do(req, &privateRegistry)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return &privateRegistry, resp, nil
+	return privateRegistry, resp, nil
 }
 
 // UpdateOrganizationPrivateRegistry updates a specific private registry for an organization.

diff --git a/github/repos_forks.go b/github/repos_forks.go
@@ -79,20 +79,20 @@ func (s *RepositoriesService) CreateFork(ctx context.Context, owner, repo string
 		return nil, nil, err
 	}
 
-	var fork Repository
+	var fork *Repository
 	resp, err := s.client.Do(req, &fork)
 	if err != nil {
 		// Persist AcceptedError's metadata to the Repository object.
 		var aerr *AcceptedError
 		if errors.As(err, &aerr) {
 			if err := json.Unmarshal(aerr.Raw, &fork); err != nil {
-				return &fork, resp, err
+				return fork, resp, err
 			}
 
-			return &fork, resp, err
+			return fork, resp, err
 		}
 		return nil, resp, err
 	}
 
-	return &fork, resp, nil
+	return fork, resp, nil
 }
diff --git a/github/repos_forks_test.go b/github/repos_forks_test.go
@@ -131,6 +131,29 @@ func TestRepositoriesService_CreateFork_deferred(t *testing.T) {
 	}
 }
 
+func TestRepositoriesService_CreateFork_deferred_badBody(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	opt := &RepositoryCreateForkOptions{Organization: "o", Name: "n", DefaultBranchOnly: true}
+
+	mux.HandleFunc("/repos/o/r/forks", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "POST")
+		testJSONBody(t, r, opt)
+		w.WriteHeader(http.StatusAccepted)
+		fmt.Fprint(w, `{invalid json`)
+	})
+
+	ctx := t.Context()
+	repo, _, err := client.Repositories.CreateFork(ctx, "o", "r", opt)
+	if err == nil {
+		t.Fatal("Repositories.CreateFork returned nil error")
+	}
+	if repo != nil {
+		t.Errorf("Repositories.CreateFork returned non-nil repo: %+v", repo)
+	}
+}
+
 func TestRepositoriesService_CreateFork_invalidOwner(t *testing.T) {
 	t.Parallel()
 	client, _, _ := setup(t)

diff --git a/github/security_advisories.go b/github/security_advisories.go
@@ -168,21 +168,21 @@ func (s *SecurityAdvisoriesService) CreateTemporaryPrivateFork(ctx context.Conte
 		return nil, nil, err
 	}
 
-	var fork Repository
+	var fork *Repository
 	resp, err := s.client.Do(req, &fork)
 	if err != nil {
 		var aerr *AcceptedError
 		if errors.As(err, &aerr) {
 			if err := json.Unmarshal(aerr.Raw, &fork); err != nil {
-				return &fork, resp, err
+				return fork, resp, err
 			}
 
-			return &fork, resp, err
+			return fork, resp, err
 		}
 		return nil, resp, err
 	}
 
-	return &fork, resp, nil
+	return fork, resp, nil
 }
 
 // ListRepositorySecurityAdvisoriesForOrg lists the repository security advisories for an organization.

diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go
@@ -513,6 +513,26 @@ func TestSecurityAdvisoriesService_CreateTemporaryPrivateFork_deferred(t *testin
 	}
 }
 
+func TestSecurityAdvisoriesService_CreateTemporaryPrivateFork_deferred_badBody(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	mux.HandleFunc("/repos/o/r/security-advisories/ghsa_id/forks", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "POST")
+		w.WriteHeader(http.StatusAccepted)
+		fmt.Fprint(w, `{invalid json`)
+	})
+
+	ctx := t.Context()
+	fork, _, err := client.SecurityAdvisories.CreateTemporaryPrivateFork(ctx, "o", "r", "ghsa_id")
+	if err == nil {
+		t.Fatal("SecurityAdvisories.CreateTemporaryPrivateFork returned nil error")
+	}
+	if fork != nil {
+		t.Errorf("SecurityAdvisories.CreateTemporaryPrivateFork returned non-nil fork: %+v", fork)
+	}
+}
+
 func TestSecurityAdvisoriesService_CreateTemporaryPrivateFork_invalidOwner(t *testing.T) {
 	t.Parallel()
 	client, _, _ := setup(t)