GitHub Enterprise Server 3.17 release candidate (#55411)

Co-authored-by: docs-bot <77750099+docs-bot@users.noreply.github.com>
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Co-authored-by: Pallavi <96553709+pallsama@users.noreply.github.com>
Co-authored-by: Stephanie Sabota <80356791+steph-sabotasan@users.noreply.github.com>
Co-authored-by: Casey Tucker <dctucker@github.com>
Co-authored-by: Hao Jiang <45571951+jianghao0718@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/integrating-jira-with-your-personal-projects.md

@@ -24,5 +24,6 @@ shortTitle: Integrate Jira with projects
 
 ## Further reading
 
-* [AUTOTITLE](/organizations/managing-organization-settings/integrating-jira-with-your-organization-project-board)
+{% ifversion projects-v1 %}
+* [AUTOTITLE](/organizations/managing-organization-settings/integrating-jira-with-your-organization-project-board){% endif %}
 * [Connect Jira Cloud to GitHub](https://confluence.atlassian.com/adminjiracloud/connect-jira-cloud-to-github-814188429.html) in the Atlassian documentation

content/admin/all-releases.md

@@ -52,6 +52,7 @@ If you run analysis in an external CI system, we recommend using the same versio
 
 | {% data variables.product.prodname_ghe_server %} version | Recommended {% data variables.product.prodname_codeql_cli %} version |
 | ------------------------------------------------- | ---------------------- |
+| 3.17 | 2.20.7 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.7/)) |
 | 3.16 | 2.20.3 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.3/)) |
 | 3.15 | 2.18.4 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.18.4/)) |
 | 3.14 | 2.17.6 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.17.6/)) |
@@ -70,6 +71,7 @@ For instances with {% data variables.product.prodname_actions %} enabled, self-h
 
 | {% data variables.product.prodname_ghe_server %} version | Minimum Runner version |
 | ------------------------------------------------- | ---------------------- |
+| 3.17 | 2.322.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.322.0)) |
 | 3.16 | 2.321.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.321.0)) |
 | 3.15 | 2.319.1 ([release notes](https://github.com/actions/runner/releases/tag/v2.319.1)) |
 | 3.14 | 2.317.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.317.0)) |

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/about-the-backup-service-for-github-enterprise-server.md

@@ -0,0 +1,54 @@
+---
+title: About the backup service for GitHub Enterprise Server
+shortTitle: About the backup service
+intro: 'Learn what the built-in backup service offers and how it differs from a High Availability replica.'
+versions:
+  ghes: '>=3.17'
+type: overview
+topics:
+  - Backups
+  - Enterprise
+  - Fundamentals
+  - Infrastructure
+---
+
+>[!NOTE] {% data variables.product.prodname_enterprise_backup_service %} is currently in {% data variables.release-phases.public_preview %} and is subject to change. During the public preview, the service is available at no additional cost.
+
+## About the {% data variables.product.prodname_enterprise_backup_service %}
+
+The {% data variables.product.prodname_enterprise_backup_service %} is a managed backup solution built directly into {% data variables.product.prodname_ghe_server %}. It offers a simplified alternative to the legacy {% data variables.product.prodname_enterprise_backup_utilities %}.
+
+With this service, you can:
+
+* Configure scheduled backups from the {% data variables.enterprise.management_console %}.
+* View backup status and history.
+
+Compared to the legacy backup utilities, the {% data variables.product.prodname_enterprise_backup_service %}:
+
+* Can be configured through the {% data variables.enterprise.management_console %}.
+* Doesn’t require a separate host for backup software.
+* Stores backups on a dedicated storage volume directly accessible by your instance.
+
+>[!NOTE] {% data variables.product.prodname_enterprise_backup_service %} is currently only supported on standalone instances and high availability primary nodes. Cluster configurations and replica nodes are not yet supported.
+
+## How does the backup service differ from a High Availability replica?
+
+While both the backup service and a High Availability (HA) replica contribute to data protection, they serve different purposes and are recommended together for a robust deployment.
+
+### High Availability replica
+
+An HA replica is a redundant, passive {% data variables.product.prodname_ghe_server %} instance that stays in sync with the primary instance via datastore replication. It minimizes service disruption during hardware failure or network outages.
+
+However, it’s not a replacement for backups—because any data corruption or loss on the primary can be immediately replicated to the HA node.
+
+### {% data variables.product.prodname_enterprise_backup_service %}
+
+The backup service is a disaster recovery solution. It captures full, timestamped snapshots of instance data that can be used to restore an instance or spin up a new one—without needing an always-on replica.
+
+## Further reading
+
+* [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance)
+* [About {% data variables.product.prodname_enterprise_backup_utilities %}](https://github.com/github/backup-utils#readme)
+* [AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)
+* [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)
+* [AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled)

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/backup-service-settings-reference.md

@@ -0,0 +1,46 @@
+---
+title: Backup service settings reference
+shortTitle: Backup settings
+intro: 'Reference for all configurable options available in the Backup Service section of the {% data variables.enterprise.management_console %}.'
+versions:
+  ghes: '>= 3.17'
+type: reference
+topics:
+  - Backups
+---
+
+You can configure the following options in the "Backup Service" section of the {% data variables.enterprise.management_console %}.
+
+## Snapshot retention
+
+* **Number of snapshots**: Sets how many backup snapshots to retain (default: `10`). Older snapshots are automatically pruned after each successful backup.
+
+## Restore options
+
+* **Skip audit logs restore**: Excludes audit logs during a restore.
+* **Restore Management Console password**: If enabled, restores the root site admin password from snapshot data (default: `true`).
+
+## Performance tuning
+
+* **Process priority**:
+
+  * **Nice**: Sets the CPU scheduling priority (`nice -n 19` by default).
+  * **Ionice**: Sets the I/O scheduling priority (`ionice -c 3` by default).
+
+* **Rsync compression**: Uses compression for `rsync` transfers during backup and restore, reducing bandwidth usage.
+
+## MSSQL backup schedule
+
+* **MSSQL backup cadence**: Sets the schedule for full, differential, and transaction log backups, in minutes (default: `10080,1440,15`).
+
+## Backup content
+
+* **Include Pages**: Adds {% data variables.product.prodname_pages %} data to snapshots.
+* **Skip search indices**: Excludes search index data from snapshots.
+
+## Parallelization settings
+
+* **Enable parallel jobs**: Allows multiple backup jobs to run concurrently.
+* **Max jobs**: Limits the total number of parallel backup jobs.
+* **Max rsync jobs**: Limits the number of parallel `rsync` jobs.
+* **Max system load**: Sets a load limit to throttle parallel processing when needed.

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md

@@ -0,0 +1,120 @@
+---
+title: Configuring the backup service
+shortTitle: Configure the backup service
+intro: 'Enable and configure the built-in backup service in the {% data variables.enterprise.management_console %}, and optionally migrate legacy settings.'
+versions:
+  ghes: '>=3.17'
+type: how_to
+topics:
+  - Backups
+  - Enterprise
+  - Fundamentals
+  - Infrastructure
+---
+
+Before configuring the backup service, ensure you have:
+
+* A {% data variables.product.prodname_ghe_server %} instance running version 3.17 or later.
+* A dedicated storage volume provisioned and managed for use as the backup target.
+
+## Storage requirements
+
+To ensure reliable and performant backups, your storage must meet the following requirements:
+
+* **Capacity:** Allocate at least five times the amount of storage used by your primary {% data variables.product.github %} appliance disk. This accounts for historical snapshots and future growth.
+* **Filesystem support:** The backup service uses hard links for efficient storage, and your {% data variables.product.github %} instance uses symbolic links. The backup target must support both symbolic and hard links, and it must use a case-sensitive filesystem to prevent conflicts.
+
+  You can test whether your filesystem supports hardlinking symbolic links by running:
+
+    ```shell
+    touch file
+    ln -s file symlink
+    ln symlink hardlink
+    ls -la
+    ```
+
+    If the `ln symlink hardlink` command completes successfully, the filesystem is supported.
+
+* **Performance:** Use high-performance storage with low latency and high IOPS to avoid slow backups and restores.
+* **NFS:** Avoid using an NFS mount for the backup directory (typically `/data/backup`), as this can lead to timeouts and degraded performance.
+
+## Configuring the backup service
+
+You can configure {% data variables.product.prodname_enterprise_backup_service %} through the {% data variables.enterprise.management_console %}.
+
+### Setting up the backup target
+
+Before configuring the service, you must prepare the storage volume where backups will be stored.
+
+#### Using a new block device
+
+If you're using a dedicated block device as your backup target, you need to initialize it via SSH before proceeding in the {% data variables.enterprise.management_console %}. This process will **format the device and erase all existing data**.
+
+1. Connect to your instance via SSH as the `admin` user. See [AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh).
+1. Attach your backup block device to the instance.
+1. Identify the device name using `lsblk` to list available block devices. Make sure you select the correct device to avoid data loss.
+
+    ```shell
+    lsblk
+    ```
+
+1. Run the initialization command, replacing `YOUR_DEVICE_NAME` with the actual device name identified in the previous step.
+
+    >[!WARNING] This command will permanently erase all data on the specified device. Double-check the device name and back up any important data before proceeding.
+
+    ```shell
+    ghe-storage-init-backup /dev/YOUR_DEVICE_NAME
+    ```
+
+    This command:
+    * Formats the device (erases all data).
+    * Prepares it for use by the backup service.
+    * Sets it to mount automatically at `/data/backup` on boot.
+
+#### Reusing a previously initialized disk
+
+If the device was already initialized using `ghe-storage-init-backup`, you can reuse it without reformatting:
+
+1. Connect to your instance via SSH as the `admin` user.
+1. Attach the disk to the instance.
+1. Create the mount point, if it doesn't exist.
+
+   ```shell
+   sudo mkdir -p /data/backup
+   ```
+
+1. Enable and start the mount service.
+
+   ```shell
+   sudo systemctl enable ghe-backup-disk.service
+   sudo systemctl start ghe-backup-disk.service
+   ```
+
+   This will mount the device at `/data/backup` and ensures it's mounted automatically in the future.
+
+### Configuring backup settings
+
+After the backup target is mounted, the Backup Service page will become available in the {% data variables.enterprise.management_console %}. If you're using a block device, this requires completing the initialization or mount steps above.
+
+>[!NOTE] The settings page won’t appear until the backup storage is mounted at `/data/backup`.
+
+If you're migrating from {% data variables.product.prodname_enterprise_backup_utilities %}, you can transfer your configuration in one of two ways:
+
+1. **Manual configuration**: Recreate your settings directly in the {% data variables.enterprise.management_console %}.
+1. **Command-line migration**: SSH into your instance, copy your `backup.config` file from backup-utils, and run:
+
+   ```shell
+   ghe-migrate-backup-config /path/to/your/backup.config
+   ```
+
+   Use the `--dry-run` flag to preview changes without applying them.
+
+### Scheduling automated backups
+
+Once the service is configured, you can define a backup schedule.
+
+1. In the {% data variables.enterprise.management_console %}, open the "Backup Service" page.
+1. In the "Backup Schedule" section, choose a predefined schedule (e.g., Daily) or enter a custom cron expression.
+1. Click **Save** to apply the changes.
+
+The first run will be a full backup. Future runs will be incremental. If a new backup attempt starts while a previous one is still running, it may be skipped or fail. In that case, adjust the schedule to avoid overlap.

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/creating-and-monitoring-backups.md

@@ -0,0 +1,70 @@
+---
+title: Creating and monitoring backups
+shortTitle: Create and monitor backups
+intro: 'Run manual backups, understand backup types, and monitor backup activity using the {% data variables.enterprise.management_console %} or command line.'
+versions:
+  ghes: '>= 3.17'
+type: how_to
+topics:
+  - Backups
+  - Monitoring
+---
+
+## About backup types
+
+{% data variables.product.prodname_enterprise_backup_service %} supports two types of backups:
+
+* **Full backups**: Capture a complete snapshot of all data. The first backup is always a full backup.
+* **Incremental backups**: Include only changes since the last backup, significantly reducing backup time and storage usage.
+
+The system automatically determines which type to create based on the schedule and backup history. For Git repositories and other file stores, hard links are used to ensure storage-efficient snapshots with full point-in-time recovery.
+
+## Creating backups
+
+Once the backup service is configured, it will automatically create backups based on your defined schedule. You can also trigger backups manually as needed.
+
+### Running a manual backup
+
+To create an on-demand backup—for example, before performing maintenance:
+
+1. Connect to your instance via SSH as the `admin` user. See [AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh).
+1. Run the backup command:
+
+   ```shell
+   ghe-backup
+   ```
+
+### Command line backup utilities
+
+You can also use these CLI tools for advanced backup management or troubleshooting:
+
+* `ghe-backup`: Triggers a full or incremental backup, depending on the state.
+* `ghe-prune-snapshots`: Deletes old snapshots based on your configured retention policy.
+
+## Monitoring backups
+
+You can monitor backup activity through the {% data variables.enterprise.management_console %} or from the command line.
+
+### Viewing backup status in the {% data variables.enterprise.management_console %}
+
+1. On the "Backup Service" page, navigate to the "Backup History" section.
+1. Review the status of recent backups.
+
+### Monitoring via SSH
+
+To check backup progress or troubleshoot issues from the command line:
+
+1. SSH into your instance as the `admin` user.
+1. View the most recent backup log:
+
+   ```shell
+   cat /var/log/github-backup/backup-verbose-$(date +%Y%m%d).log
+   ```
+
+1. To check if a backup is currently running, look for this file:
+
+   ```shell
+   ls /data/user/common/backup_utils_in_progress
+   ```
+
+   If the file exists, a backup is currently running.

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/index.md

@@ -0,0 +1,18 @@
+---
+title: Backup service for GitHub Enterprise Server
+shortTitle: Backup service
+intro: '{% data variables.product.github %} offers a managed backup solution built directly into {% data variables.product.prodname_ghe_server %} to protect your instance data.'
+versions:
+  ghes: '>=3.17'
+topics:
+  - Enterprise
+children:
+  - /about-the-backup-service-for-github-enterprise-server
+  - /understanding-the-backup-service
+  - /configuring-the-backup-service
+  - /creating-and-monitoring-backups
+  - /restoring-from-a-backup
+  - /restoring-with-github-actions-enabled
+  - /backup-service-settings-reference
+  - /understanding-the-snapshot-file-structure
+---

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/restoring-from-a-backup.md

@@ -0,0 +1,94 @@
+---
+title: Restoring from a backup
+shortTitle: Restore from backup
+intro: 'Restore a {% data variables.product.prodname_ghe_server %} instance using a previously created backup snapshot.'
+versions:
+  ghes: '>= 3.17'
+type: how_to
+topics:
+  - Backups
+---
+
+You can restore a {% data variables.product.prodname_ghe_server %} instance from a backup using the command line. The backup service supports full instance restoration, including configuration and user data.
+
+>[!WARNING] Restoring from a backup will **overwrite all existing data** on your instance. This operation cannot be undone.
+
+## Snapshot version requirements
+
+You can only restore a snapshot if it's from at most two feature versions behind the version of the target instance.
+
+For example:
+
+* A snapshot from version 3.17 can be restored to a target running 3.17.x, 3.18.x, or 3.19.x.
+* You cannot restore a 3.17 snapshot to 3.20 — that’s more than two versions ahead.
+
+You also can’t restore from a newer version to an older one. For example, trying to restore a 3.18 snapshot to a 3.17 instance will fail with: `Error: Snapshot can not be restored to an older release of GitHub Enterprise Server.`
+
+## Prerequisites
+
+Before restoring a backup:
+
+1. **Enable maintenance mode** on the target instance. See [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode).
+1. **Verify access** to the backup storage containing the snapshot.
+1. **Pause interfering services** — if using High Availability (HA), make sure replication is stopped.
+1. **Prepare for {% data variables.product.prodname_actions %}** — if enabled, ensure the target instance is configured with the correct external storage. See [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/restoring-with-github-actions-enabled) for details.
+
+## Starting the restore operation
+
+To restore from a snapshot:
+
+1. SSH into the target instance as the `admin` user.
+1. Run one of the following commands:
+
+   * Restore the latest snapshot:
+
+     ```shell
+     ghe-restore
+     ```
+
+   * Restore a specific snapshot. Replace `<SNAPSHOT_TIMESTAMP>` with the timestamp of the snapshot you want to restore (e.g., `YYYYMMDDTHHMMSS`).
+
+     ```shell
+     ghe-restore -s <SNAPSHOT_TIMESTAMP>
+     ```
+
+   * (Optional) Force overwrite of configuration, certificates, and license data:
+
+     ```shell
+     ghe-restore -c          # Latest snapshot
+     ghe-restore -s <SNAPSHOT_TIMESTAMP> -c  # Specific snapshot
+     ```
+
+1. **Finalize in {% data variables.enterprise.management_console %}:**
+
+    * Review all configuration settings (network, auth, TLS, etc.).
+    * Click **Save settings** to apply them and start services.
+    * The instance is not fully operational until this step is complete.
+
+1. **Validate the restored instance** to ensure everything works as expected.
+1. **If using HA**, complete the restore on a standalone instance first. Then reconfigure HA.
+
+   * If you run into sync issues (e.g., stale UUIDs in `ghe-repl-status`), run `ghe-repl-teardown`.
+   * For help, contact {% data variables.contact.github_support %}.
+
+1. **Re-register self-hosted {% data variables.product.prodname_actions %} runners**, as restore invalidates previous tokens.
+
+## Snapshot rotation and retention
+
+Snapshots are automatically pruned based on your retention settings:
+
+* Only the most recent n snapshots are kept (as configured).
+* Older snapshots are deleted after each successful backup.
+* Snapshots are named using timestamps (`YYYYMMDDTHHMMSS`) for easy reference.
+* Hard links are used to store unchanged files efficiently while preserving full restore capability.
+
+## Troubleshooting restoration failures
+
+If a restore operation fails, check:
+
+* **Backup completeness** – Make sure the snapshot wasn't interrupted or corrupted.
+* **Storage access** – Verify the instance can mount and read the backup volume.
+* **Version mismatch** – Confirm the snapshot version is compatible with the target instance.
+* **Logs** – Review `/var/log/github-backup/restore-verbose-[timestamp].log` for errors.
+
+If the {% data variables.enterprise.management_console %} shows a generic failure, SSH into the instance to access detailed logs.

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/restoring-with-github-actions-enabled.md

@@ -0,0 +1,36 @@
+---
+title: Restoring with GitHub Actions enabled
+shortTitle: Restore with Actions
+intro: 'Learn how to prepare for and restore backups when {% data variables.product.prodname_actions %} is enabled with external blob storage.'
+versions:
+  ghes: '>= 3.17'
+type: how_to
+topics:
+  - Backups
+---
+
+>[!IMPORTANT] Data stored in your configured external storage for {% data variables.product.prodname_actions %}—such as logs, artifacts, and other blobs—is not included in {% data variables.product.prodname_enterprise_backup_service %} snapshots. You must back up this data separately using your storage provider's tools and best practices.
+
+When restoring an instance with {% data variables.product.prodname_actions %} enabled, follow these steps to preserve compatibility with existing Actions data:
+
+1. Provision the target instance.
+1. Preconfigure Actions storage:
+
+   1. In the {% data variables.enterprise.management_console %}, enable {% data variables.product.prodname_actions %}.
+   1. Enter the exact same external storage provider and credentials used in the original instance.
+   1. Click **Save**.
+
+      This step ensures the restored Actions metadata correctly references your existing external data.
+
+1. Enable maintenance mode on the target instance.
+1. Restore the backup:
+
+   1. Run the ghe-restore command as described in Starting the restore operation.
+   1. The restoration process includes Actions metadata but assumes external storage is already accessible and configured.
+
+1. Finalize settings in the {% data variables.enterprise.management_console %}.
+1. Re-register self-hosted runners:
+
+   All runners must be re-registered with the restored instance, as previous registration tokens are invalid after a restore.
+
+For more information, see [AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled).

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/understanding-the-backup-service.md

@@ -0,0 +1,72 @@
+---
+title: Understanding the backup service
+shortTitle: Understand the backup service
+intro: 'Answers to common questions about using the backup service with {% data variables.product.prodname_ghe_server %}.'
+versions:
+  ghes: '>= 3.17'
+topics:
+  - Backups
+---
+
+## Does backing up or restoring impact performance?
+
+Yes, but minimally—especially for production workloads.
+
+* During backup and restore, Git background maintenance and storage jobs are paused for the affected stages (e.g., repositories, storage). This may result in a temporary backlog visible in instance metrics.
+* For frequently updated repositories, performance may degrade if maintenance jobs are delayed for extended periods.
+* Backup operations run with low CPU and I/O priority to minimize user impact. You may still observe short-term spikes in resource usage.
+
+We recommend letting the maintenance backlog fully drain before starting another backup.
+
+## How are MS SQL Server backups handled?
+
+If {% data variables.product.prodname_actions %} is enabled, the service backs up the MS SQL Server database using a tiered cadence:
+
+* **Full backup (F)**: Complete snapshot.
+* **Differential backup (D)**: Changes since the last full backup.
+* **Transaction log backup (T)**: Fine-grained changes since the last full or differential backup.
+
+Backup timing is controlled by the `MSSQL Backup Cadence` setting in the {% data variables.enterprise.management_console %}. Over time, a snapshot includes:
+
+* 1 full backup
+* 0 or more differential backups
+* 1 or more transaction log backups
+
+**Backup timeline example**
+
+```text
+M---8:00--16:00---T---8:00--16:00---W... (timeline)
+
+F-----------------F-----------------F... (full backup)
+#-----D-----D-----#-----D-----D-----#... (differential backup)
+T--T--T--T--T--T--T--T--T--T--T--T--T... (transaction log backup)
+```
+
+To optimize space, hard links point to previously created backups. Only new backup files are transferred during each run. Each new full or differential snapshot becomes the baseline for future transaction logs.
+
+During restore, backups are replayed in the order: full, differential, and transaction logs.
+
+## What is benchmark data?
+
+Each snapshot includes a benchmark log in the `benchmarks/` directory. This log shows how long each backup step took and can help identify performance bottlenecks.
+
+```text
+ghe-backup-settings took 2s
+ghe-export-authorized-keys took 0s
+ghe-export-ssh-host-keys took 0s
+ghe-backup-mysql-binary took 9s
+ghe-backup-mysql took 9s
+ghe-backup-minio took 0s
+ghe-backup-redis took 1s
+ghe-backup-es-audit-log took 1s
+ghe-backup-repositories - Generating routes took 3s
+ghe-backup-repositories - Fetching routes took 0s
+ghe-backup-repositories - Processing routes took 0s
+ghe-backup-pages - hostname took 1s
+ghe-backup-pages took 1s
+ghe-backup-storage - Generating routes took 2s
+ghe-backup-storage - Fetching routes took 0s
+ghe-backup-storage - Processing routes took 0s
+ghe-backup-git-hooks took 0s
+ghe-backup-es-rsync took 2s
+```

content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/understanding-the-snapshot-file-structure.md

@@ -0,0 +1,110 @@
+---
+title: Understanding the snapshot file structure
+shortTitle: Snapshot structure
+intro: 'Understand the structure and contents of backup snapshot directories, including what is stored and how hard links are used.'
+versions:
+  ghes: '>= 3.17'
+type: reference
+topics:
+  - Backups
+---
+
+Each backup snapshot is stored in a timestamped directory (e.g., `YYYYMMDDTHHMMSS`) under the backup target path (e.g., `/data/backup/data`). Snapshots include full exports of key data stores. Git repositories, {% data variables.product.prodname_pages %}, and other components are stored using hard links to optimize storage and enable efficient point-in-time restores.
+
+>[!NOTE] If you archive backup snapshots, you must preserve symbolic links. Dereferencing or excluding symbolic links—or storing snapshots on a filesystem that doesn’t support them—can cause restore failures.
+
+The `current` symlink always points to the most recent successful snapshot directory.
+
+## Contents of a snapshot directory (`<SNAPSHOT_TIMESTAMP>/`)
+
+Each snapshot directory contains files and folders for your instance’s configuration, data stores, and operational metadata. Below is a typical structure.
+
+### Settings and configuration
+
+```text
+settings.json             # Main appliance settings
+manage-password           # Management console password hash
+uuid                      # Appliance UUID
+version                   # GHES version at backup time
+strategy                  # Backup strategy used (e.g., rsync, cluster)
+cluster.conf              # Cluster configuration (if applicable)
+```
+
+### Datastore exports
+
+```text
+mysql.sql.gz              # Logical database dump (default) OR
+xtrabackup_checkpoints    # Binary backup metadata (if binary backups used)
+xtrabackup-export.log     # Log snippet from binary backup
+mysql-binary-backup-sentinel # Indicates binary backup type
+# May include other files related to logical or binary MySQL backups
+```
+
+### Redis
+
+```text
+redis.rdb                 # Redis database dump
+```
+
+### Elasticsearch
+
+```text
+audit-log/                # Audit log indices (uses hard links)
+elasticsearch/            # Search indices (if not skipped, uses hard links)
+```
+
+### {% data variables.product.github %} data
+
+```text
+repositories/             # Git repositories (uses hard links)
+pages/                    # GitHub Pages content (uses hard links)
+storage/                  # Alambic-managed storage: avatars, attachments, etc. (uses hard links)
+```
+
+### {% data variables.product.prodname_actions %} and CI/CD
+
+```text
+actions/                  # GitHub Actions blob storage (uses hard links)
+mssql/                    # MS SQL Server backups (.bak, .diff, .log) (uses hard links)
+minio/                    # MinIO object storage (if Actions or Packages enabled, uses hard links)
+```
+
+### Secrets and credentials
+
+```text
+authorized-keys.json      # SSH keys authorized for administrative access
+github-secrets.tar        # Tarball of various exported instance secrets
+saml-keys.tar             # SAML IdP keys (if applicable)
+ssh-host-keys.tar         # SSH host keys
+ssl-ca-certificates.tar   # Custom CA certificates (if applicable)
+# Includes other internal secrets and keys necessary for instance operation.
+```
+
+### Hooks and delivery data
+
+```text
+git-hooks/                # Custom Git hooks (uses hard links)
+hookshot/                 # Webhook delivery data (uses hard links)
+```
+
+### Miscellaneous
+
+```text
+enterprise.ghl            # License file (often restored separately)
+live-upgrade/             # Data for live upgrades or migrations (uses hard links)
+benchmarks/               # Performance logs for backup steps
+```
+
+## Backup root directory contents (`/data/backup/data/`)
+
+The root backup directory includes all snapshot folders and metadata used for incremental backup tracking and pruning:
+
+```text
+YYYYMMDDTHHMMSS/          # Snapshot directory (one per backup)
+...                       # Other snapshot directories
+current                   # Symlink to the most recent successful snapshot
+inc_full_backup           # Tracks base for MySQL incremental backups
+inc_snapshot_data         # Tracks incremental MySQL snapshots
+prune_*                   # Temporary directories marked for deletion
+inc_previous_*            # Renamed snapshot directories during pruning cycle
+```

content/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md

@@ -1,5 +1,6 @@
 ---
-title: Configuring backups on your instance
+title: Configuring backups on your instance using Backup Utilities
+allowTitleToDifferFromFilename: true
 shortTitle: Configuring backups
 redirect_from:
   - /enterprise/admin/categories/backups-and-restores
@@ -26,6 +27,18 @@ topics:
   - Fundamentals
   - Infrastructure
 ---
+
+{% ifversion ghes > 3.16 %}
+
+## About backup options for {% data variables.product.prodname_ghe_server %}
+
+{% data variables.product.company_short %} offers two options for backing up your {% data variables.product.prodname_ghe_server %} instance:
+
+* **{% data variables.product.prodname_enterprise_backup_utilities %}**: An open-source backup system that you install on a separate host. For more information, see the sections below.
+* **{% data variables.product.prodname_enterprise_backup_service %} (in {% data variables.release-phases.public_preview %})**: A managed backup service available in {% data variables.product.prodname_ghe_server %}. See [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server).
+
+{% endif %}
+
 ## About {% data variables.product.prodname_enterprise_backup_utilities %}
 
 {% data variables.product.prodname_enterprise_backup_utilities %} is a backup system you install on a separate host, which takes backup snapshots of {% data variables.location.product_location %} at regular intervals over a secure SSH network connection. You can use a snapshot to restore an existing {% data variables.product.prodname_ghe_server %} instance to a previous state from the backup host.

content/admin/backing-up-and-restoring-your-instance/index.md

@@ -8,6 +8,7 @@ topics:
   - Enterprise
 children:
   - /configuring-backups-on-your-instance
+  - /backup-service-for-github-enterprise-server
 redirect_from:
   - /admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance
 ---

content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md

@@ -98,7 +98,7 @@ Before you can enable {% data variables.product.prodname_dependabot_updates %}:
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.advanced-security-tab %}
-1. Under "Security", select **{% data variables.product.prodname_dependabot_security_updates %}**.
+1. Under "Security", select **{% data variables.product.prodname_dependabot_updates %}**.
 {% data reusables.enterprise_management_console.save-settings %}
 1. Click **Visit your instance**.
 1. Configure dedicated self-hosted runners to create the pull requests that will update dependencies. This is required because the workflows use a specific runner label. For more information, see [AUTOTITLE](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates).

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md

@@ -33,15 +33,15 @@ shortTitle: Security & analysis
 
 You can enforce policies to manage the use of security features within organizations owned by your enterprise. You can allow or disallow people with admin access to a repository to enable or disable the security and analysis features.
 
-Additionally, you can enforce policies for the use of {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} in your enterprise's organizations and repositories.
+Additionally, you can enforce policies for the use of {% data variables.product.prodname_GHAS_cs_or_sp %} in your enterprise's organizations and repositories.
 
 ## Enforcing a policy for the availability of {% data variables.product.prodname_AS %} in your enterprise's organizations
 
-{% data variables.product.github %} bills for {% data variables.product.prodname_AS %} products on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#managing-committers-and-costs).
+You are billed for {% data variables.product.prodname_GHAS_cs_and_sp %} products on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#managing-committers-and-costs).
 
 You can enforce a policy that controls whether repository administrators are allowed to enable features for {% data variables.product.prodname_AS %} in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
 
-Disallowing {% data variables.product.prodname_GH_cs_or_sp %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_GH_cs_or_sp %} features for additional repositories, but does not disable the features for repositories where the features are already enabled.
+Disallowing {% data variables.product.prodname_GHAS_cs_or_sp %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_GHAS_cs_or_sp %} features for additional repositories, but does not disable the features for repositories where the features are already enabled.
 
 {% data reusables.enterprise.role-permission-hierarchy %}
 
@@ -91,7 +91,7 @@ Across all of your enterprise's organizations, you can allow or disallow people
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
 {% ifversion ghas-products %}
-1. In the "Policies" section, under "Repository administrators can enable or disable `PRODUCT`", use the dropdown menu to define whether repository administrators can change the enablement of {% data variables.product.prodname_cs_and_sp %}.
+1. In the "Policies" section, under "Repository administrators can enable or disable `PRODUCT`", use the dropdown menu to define whether repository administrators can change the enablement of {% data variables.product.prodname_GHAS_cs_or_sp %}.
 {% else %}
 1. In the "{% data variables.product.prodname_GHAS %} policies" section, under "Enable or disable {% data variables.product.prodname_GHAS %} by repository admins", select the dropdown menu and click a policy.
 {% endif %}

content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md

@@ -33,7 +33,7 @@ For guidance on a phased deployment of {% data variables.product.prodname_GHAS %
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.license-tab %}
-1. If your license includes {% data variables.product.prodname_GH_cs_or_sp %}, the license page includes a section showing details of current usage.
+1. If your license includes {% data variables.product.prodname_GHAS_cs_or_sp %}, the license page includes a section showing details of current usage.
 
 ## Prerequisites for enabling {% data variables.product.prodname_cs_and_sp %}
 

content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md

@@ -15,9 +15,10 @@ topics:
 
 There are some additional {% data variables.product.prodname_secret_scanning %} settings that cannot be applied to repositories using {% data variables.product.prodname_security_configurations %}, so you must configure these settings separately:
 
-* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection)
+* [Configuring a resource link for push protection](#configuring-a-resource-link-for-push-protection)
+* [Controlling features for new repositories created in a user namespace](#controlling-features-for-new-repositories-created-in-a-user-namespace)
 
-These additional settings only apply to repositories with {% data variables.product.prodname_secret_scanning %} enabled and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} or {% data variables.product.prodname_GH_secret_protection %}{% endif %}.
+These additional settings apply only to repositories with {% data variables.product.prodname_secret_scanning %} and {% data variables.product.prodname_GHAS %} both enabled{% ifversion ghas-products %}, or with {% data variables.product.prodname_GH_secret_protection %} enabled{% endif %}.
 
 ## Accessing the additional settings for {% data variables.product.prodname_secret_scanning %}
 
@@ -32,3 +33,9 @@ To provide context for developers when {% data variables.product.prodname_secret
 
 1. Under "Additional settings", to the right of "Resource link for push protection", click **{% octicon "pencil" aria-hidden="true" %}**.
 1. In the text box, type the link to the desired resource, then click **{% octicon "check" aria-label="Save" %}**.
+
+### Controlling features for new repositories created in a user namespace
+
+To ensure that any repositories created by users outside of an organization are protected by the same security features as repositories created within an organization, you can enable or disable {% data variables.product.prodname_secret_scanning %} features for new repositories created in a user namespace.
+
+Under "Additional settings", use the options in the "User namespace repositories" section to enable or disable features for new repositories.

content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md

@@ -38,19 +38,19 @@ When creating a security configuration, keep in mind that:
 
 {% endif %}
 
-## Creating a {% data variables.product.prodname_custom_security_configuration %}
+{% ifversion ghas-products %}
 
-{% ifversion ghec %}
-<!-- Note: this article has two entirely separate procedures for cloud and server enterprises. The GHES 3.17+ version of the procedure is still to come. -->
+{% data reusables.advanced-security.bundled-vs-unbundled-ui %} See [Creating a {% data variables.product.prodname_GHAS %} configuration](#creating-a-github-advanced-security-configuration) or [Creating a {% data variables.product.prodname_cs_and_sp %} configuration](#creating-a-secret-protection-and-code-security-configuration).
 
->[!NOTE]
-> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable automatic dependency submission, {% data variables.product.prodname_dependabot_alerts %}, vulnerability exposure analysis, and security updates.
+## Creating a {% data variables.product.prodname_cs_and_sp %} configuration
+
+<!-- This section describes the view for users with an unbundled GHAS license. That is, separate calculation of usage of Secret Protection and Code Security features. -->
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.advanced-security-tab %}
-1. In the "Configurations" section, click **New configuration**.
-1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description.
+1. In the "{% data variables.product.prodname_security_configurations_caps %}" section, click **New configuration**.
+1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "{% data variables.product.prodname_security_configurations_caps %}" page, name your configuration and create a description.
 1. Optionally, enable "{% data variables.product.prodname_secret_protection %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. Enabling {% data variables.product.prodname_secret_protection %} enables alerts for {% data variables.product.prodname_secret_scanning %}. In addition, you can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_secret_scanning %} features:
     {% ifversion secret-scanning-validity-check-partner-patterns %}
     * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
@@ -58,7 +58,7 @@ When creating a security configuration, keep in mind that:
     * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
     * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion security-delegated-alert-dismissal %}
     * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
-1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private and internal repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features:
+1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features:
    * **Default setup**. To learn more, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). {% ifversion code-scanning-default-setup-customize-labels %}
    * **Runner type**. If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can choose to use custom-labeled runners at this step. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).{% endif %} {% ifversion security-delegated-alert-dismissal %}
     * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).{% endif %}
@@ -68,22 +68,58 @@ When creating a security configuration, keep in mind that:
       > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
-1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
-   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
-
         {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
+   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
 
 1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
 
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
 
-<!-- expires 2025-05-01 -->
-<!-- The updated procedure for GHES 3.17+ will be added here later, see ref: #17613 -->
-<!-- end expires 2025-05-01 -->
-{% elsif ghes < 3.17 %}
+## Creating a {% data variables.product.prodname_GHAS %} configuration
+
+<!-- This section describes the view for users with an bundled GHAS license. That is, a single calculation of usage of any GitHub Advanced Security features. -->
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.advanced-security-tab %}
+1. In the top section, click **New configuration**.
+1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "New configuration" page, name your configuration and create a description.
+1. In the "{% data variables.product.prodname_GHAS %} features" row, choose whether to include or exclude {% data variables.product.prodname_GHAS %} (GHAS) features.
+1. In the "{% data variables.product.prodname_secret_scanning_caps %}" table, choose whether you want to enable, disable, or keep the existing settings for the following security features:{% ifversion ghes > 3.16 %}
+    * **Alerts**. To learn about {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% endif %} {% ifversion secret-scanning-validity-check-partner-patterns %}
+    * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+    * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup.
+   * **Default setup**. To learn more, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). {% ifversion code-scanning-default-setup-customize-labels %}
+   * **Runner type**. If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can choose to use custom-labeled runners at this step. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).{% endif %} {% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).{% endif %}
+1. In the "Dependency scanning" table, choose whether you want to enable, disable, or keep the existing settings for the following dependency scanning features:
+   * **Dependency graph**. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
+      > [!TIP]
+      > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
+   * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
+   * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
+1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
+   * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
+        {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
+   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
+
+1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
+
+{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+
+{% else %}
+
+<!--This section describes the view for users with GHES 3.15 and 3.16. -->
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling {% data variables.secret-scanning.alerts %} will also disable non-provider patterns and push protection.

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md

@@ -34,8 +34,7 @@ You need pay to use {% data variables.product.prodname_AS %} features in private
 
 Licensing for {% data variables.product.prodname_AS %} products is flexible, making it easy for you to choose options that fit your business needs. {% ifversion ghec or ghes %}You can buy volume/subscription licenses for any combination of the following products or use metered billing to pay for your use:{% endif %}
 
-{% data reusables.advanced-security.ghas-products-bullets %}{% ifversion ghec or ghes %}
-* **{% data variables.product.prodname_GHAS %}**, which includes all features in {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_GH_code_security %}.{% endif %}
+{% data reusables.advanced-security.ghas-products-bullets+ghas %}
 
 For example, you might start by using {% data variables.product.prodname_GH_secret_protection %} across all repositories, and pilot {% data variables.product.prodname_GH_code_security %} in high-risk repositories. You {% ifversion ghec or ghes %}buy or {% endif %}pay only for the products you need, and expand as you see the benefits to the security of your code.
 
@@ -58,7 +57,10 @@ There are two different ways to pay for licenses.
   * Monthly bill for the number of licenses used by active committers.
   * No pre-defined license limit.
   * No overage state, you pay only for what you use.{% ifversion ghec or ghes %}
-  * {% data variables.product.prodname_ghe_server %} use of {% data variables.product.prodname_AS %} products is billed through the linked enterprise account on {% data variables.product.prodname_ghe_cloud %} for hybrid systems.{% endif %}
+  > [!NOTE]
+  > On {% data variables.product.prodname_ghe_server %}, metered use of {% data variables.product.prodname_AS %} products is billed through the linked enterprise account on {% data variables.product.prodname_ghe_cloud %}.
+
+{% endif %}
 
 * **Volume/subscription billing** available for {% data variables.product.prodname_enterprise %} plans only
 
@@ -81,7 +83,7 @@ The options available for managing committers and costs depend on your billing m
 
 {% endif %}
 
-Your use of {% data variables.product.prodname_AS %} is billed per committer and enabled by repository. If you remove a committer from an organization{% ifversion ghec or ghes %} or enterprise{% endif %}, or if you disable all {% data variables.product.prodname_GH_cs_or_sp %} features for a repository, the committers will remain billable until the end of the current monthly billing cycle. Prorated billing applies only when a committer starts partway through the month. For examples of how committers are tracked and billed, see [Understanding usage](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#understanding-usage).
+Your use of {% data variables.product.prodname_AS %} is billed per committer and enabled by repository. If you remove a committer from an organization{% ifversion ghec or ghes %} or enterprise{% endif %}, or if you disable all {% data variables.product.prodname_GHAS_cs_or_sp %} features for a repository, the committers will remain billable until the end of the current monthly billing cycle. Prorated billing applies only when a committer starts partway through the month. For examples of how committers are tracked and billed, see [Understanding usage](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#understanding-usage).
 
 You can control usage and costs with {% ifversion ghec %}cost centers, policies, {% endif %}budgets and alerts. See {% data reusables.advanced-security.control-use-cost-links %}.
 
@@ -99,9 +101,9 @@ If your enterprise uses {% data variables.product.prodname_AS %} on both {% data
 
 Each license specifies a maximum number of accounts that can use {% data variables.product.prodname_AS %}. Each active committer to at least one repository with the product enabled consumes one license. When you remove a user from your {% data variables.enterprise.enterprise_or_org %} account, the user's license is freed within 24 hours.
 
-If you exceed your license limit, features controlled by {% data variables.product.prodname_AS %} licensing continue to work on all repositories where they are already enabled. However, you will not be able to enable {% data variables.product.prodname_GH_cs_or_sp %} on any additional repositories. Any new repositories created in organizations where {% data variables.product.prodname_GH_cs_or_sp %} are configured to be enabled automatically will be created with the products disabled.
+If you exceed your license limit, features controlled by {% data variables.product.prodname_AS %} licensing continue to work on all repositories where they are already enabled. However, you will not be able to enable {% data variables.product.prodname_GHAS_cs_or_sp %} on any additional repositories. Any new repositories created in organizations where {% data variables.product.prodname_GHAS_cs_or_sp %} are configured to be enabled automatically will be created with the products disabled.
 
-As soon as you make licenses available, by disabling {% data variables.product.prodname_GH_cs_or_sp %} in some repositories, or by increasing your license size, the options for enabling {% data variables.product.prodname_GH_cs_and_sp %} will work again as normal. {% ifversion ghes %}All standalone instances of {% data variables.product.prodname_ghe_server %} use volume/subscription licenses. Contact [{% data variables.product.github %}'s Sales team](https://enterprise.github.com/contact) if you want to make changes to your license.{% endif %}
+As soon as you make licenses available, by disabling {% data variables.product.prodname_GHAS_cs_or_sp %} in some repositories, or by increasing your license size, the options for enabling {% data variables.product.prodname_GHAS_cs_and_sp %} will work again as normal. {% ifversion ghes %}All standalone instances of {% data variables.product.prodname_ghe_server %} use volume/subscription licenses. Contact [{% data variables.product.github %}'s Sales team](https://enterprise.github.com/contact) if you want to make changes to your license.{% endif %}
 
 You can enforce policies to allow or disallow the use of {% data variables.product.prodname_AS %} by organizations owned by your enterprise account. See [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise).
 

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/migrating-from-ghas-to-cs-and-sp.md

@@ -22,7 +22,7 @@ shortTitle: Migrating to new GHAS SKUs
 
 <!-- On expiry, check with the stakeholder. If nothing else, remove the date from the start of this paragraph and check the information for Metered-billing users is still appropriate. Possibly the whole article can be deleted. Reference: release 5202 -->
 
-From April 1, 2025, {% data variables.product.prodname_AS %} features are available under two separate stock keeping units (SKUs) for {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} users. {% data variables.product.prodname_ghe_server %} users will be able to use the two new SKUs from version 3.17.
+From April 1, 2025, {% data variables.product.prodname_AS %} features are also available under two separate stock keeping units (SKUs) for {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} users. {% data variables.product.prodname_ghe_server %} users can use the two new SKUs when upgrading to version 3.17.
 
 <!-- end expires 2025-05-31 -->
 
@@ -32,6 +32,8 @@ For detailed information about the separate SKUs, see [feature summary and prici
 
 ## New users of {% data variables.product.prodname_AS %}
 
+{% ifversion ghec %}
+
 {% data variables.product.prodname_ghe_cloud %} users who don't already use {% data variables.product.prodname_GHAS %}, and {% data variables.product.prodname_team %} users, can start using {% data variables.product.prodname_cs_and_sp %} with metered billing immediately.
 
 To get started, apply the GitHub-recommended security configuration or a custom configuration to one or more repositories. Applying a configuration with {% data variables.product.prodname_cs_or_sp %} enabled to internal or private repositories will be tracked and billed by active, unique committer.
@@ -45,16 +47,34 @@ For more information, see:
 
 In addition, enterprise customers can talk to their existing account team or [request a demo](https://github.com/security/advanced-security/secret-protection).
 
+{% elsif ghes %}
+
+If you use {% data variables.product.prodname_ghe_server %} with a volume/subscription license purchased through [{% data variables.product.github %}'s Sales team](https://enterprise.github.com/contact), you should talk to your contact about adding {% data variables.product.prodname_GHAS_cs_or_sp %} to your license.
+
+If you use {% data variables.product.prodname_ghe_server %} with a license downloaded from a linked instance of {% data variables.product.prodname_ghe_cloud %} with metered billing, you should be able to download a new license that allows metered use of {% data variables.product.prodname_cs_and_sp %}. This requires {% data variables.product.prodname_github_connect %}. See [AUTOTITLE](/enterprise-cloud@latest/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise) and [AUTOTITLE](/enterprise-server@latest/admin/configuring-settings/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise).
+
+{% endif %}
+
 ## Existing  {% data variables.product.prodname_AS %} users
 
 If you already pay to use {% data variables.product.prodname_AS %} features, the migration options available to you depend on your existing billing model.
 
 ### Metered billing users
 
+{% ifversion ghec %}
+
 If you are an existing self-serve customer, instructions on how to transition from the combined {% data variables.product.prodname_GHAS %} product to the new {% data variables.product.prodname_GH_cs_and_sp %} SKUs will be announced over the next 30 days.
 
 You'll receive an email notification when the new plans are available to your enterprise. Transitioning to the two separate products will be self-serve and optional.
 
+{% elsif ghes %}
+
+On {% data variables.product.prodname_ghe_server %}, metered use of {% data variables.product.prodname_AS %} products is billed through the linked enterprise account on {% data variables.product.prodname_ghe_cloud %} to ensure that committers are counted and billed accurately across the two platforms.
+
+{% endif %}
+
+If you have a hybrid {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %} system with metered billing, instructions on how to transition to the new SKUs will be sent to the email address associated with the enterprise account on {% data variables.product.prodname_ghe_cloud %}. Transitioning to the two separate products is self-serve and optional.
+
 ### Volume/subscription billing users
 
 When your license is due for renewal, you can choose to continue with licenses for {% data variables.product.prodname_GHAS %}, migrate to {% data variables.product.prodname_cs_or_sp %} subscription licenses, or migrate to metered billing.

content/code-security/getting-started/quickstart-for-securing-your-repository.md

@@ -80,9 +80,9 @@ Dependency review is a {% data variables.product.prodname_GH_code_security %} fe
 To enable dependency review for a repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_code_security %}.
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
-1. Click **{% data variables.product.UI_advanced_security %}**.{% ifversion fpt or ghec %}
-1. To the right of {% data variables.product.prodname_code_security %}, click **Enable**.
-1. Under {% data variables.product.prodname_code_security %}, check that dependency graph is enabled for the repository.
+1. Click **{% data variables.product.UI_advanced_security %}**.
+1. To the right of "{% data variables.product.prodname_code_security %}" or "{% data variables.product.prodname_GHAS %}", depending on your license type, click **Enable**.{% ifversion fpt or ghec %}
+1. Check that dependency graph is enabled for the repository.
    * For public repositories, dependency graph is always enabled.{% elsif ghes %}
 1. Check that dependency graph is configured for your enterprise.{% endif %}
 
@@ -112,8 +112,10 @@ To enable {% data variables.product.prodname_dependabot_version_updates %}, you
 
 ## Configuring {% ifversion ghas-products %}{% data variables.product.prodname_code_security %}{% else %}{% data variables.product.prodname_code_scanning %}{% endif %}
 
+{% ifversion fpt or ghec %}
 > [!NOTE]
-> {% ifversion ghas-products %}{% data variables.product.prodname_code_security %} features are available {% else %}{% data variables.product.prodname_code_scanning_caps %} is available {% endif %}{% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of a team or an enterprise that uses {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_code_security %}.
+> {% data variables.product.prodname_code_security %} features are available for all public repositories, and for private repositories owned by organizations that are part of a team or an enterprise that uses {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GHAS %}.
+{% endif %}
 
 {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} includes {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_codeql_cli %} and {% data variables.product.prodname_copilot_autofix_short %}, as well as other features that find and fix vulnerabilities in your codebase.{% endif %}
 
@@ -121,8 +123,8 @@ You can configure {% data variables.product.prodname_code_scanning %} to automat
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
 1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**.{% ifversion ghas-products %}
-1. If "{% data variables.product.prodname_code_security %}" is not already enabled, click **Enable**.
-1. Under "{% data variables.product.prodname_code_security %}", to the right of "CodeQL analysis", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% else %}
+1. If "{% data variables.product.prodname_code_security %}" or "{% data variables.product.prodname_GHAS %}" is not already enabled, click **Enable**.
+1. To the right of "CodeQL analysis", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% else %}
 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% endif %}
 1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**.{% ifversion code-scanning-autofix %}
 1. Choose whether you want to enable addition features, such as {% data variables.product.prodname_copilot_autofix_short %}.{% endif %}
@@ -131,23 +133,25 @@ As an alternative to default setup, you can use advanced setup, which generates
 
 ## Configuring {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %}
 
+{% ifversion fpt or ghec %}
 > [!NOTE]
-> {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %} features are available {% else %}{% data variables.product.prodname_secret_scanning_caps %} is available {% endif %}{% ifversion fpt or ghec %}for all public repositories, and for user-owned and organization-owned repositories that are part of a team or an enterprise that uses {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_secret_protection %}.
+> {% data variables.product.prodname_secret_protection %} features are available for all public repositories, and for private repositories owned by organizations that are part of a team or an enterprise that uses {% data variables.product.prodname_GH_secret_protection %} or {% data variables.product.prodname_GHAS %}.
+{% endif %}
 
 {% ifversion ghas-products %}{% data variables.product.prodname_GH_secret_protection %} includes {% data variables.product.prodname_secret_scanning %} and push protection, as well as other features that help you detect and prevent secret leaks in your repository.{% endif %}
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
 1. Click **{% data variables.product.UI_advanced_security %}**.
-1. If {% data variables.product.prodname_secret_protection %} is not already enabled, click **Enable**.{% ifversion ghes < 3.17 %}
-1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.{% endif %}{% ifversion ghas-products %}
-1. Choose whether you want to enable additional features, such as validity checks, scanning for non-provider patterns, and push protection.{% endif %}
+1. If "{% data variables.product.prodname_secret_protection %}" or "{% data variables.product.prodname_GHAS %}" is not already enabled, click **Enable**.
+1. If the option "{% data variables.product.prodname_secret_scanning_caps %}" is shown, click **Enable**.{% ifversion ghas-products %}
+1. Choose whether you want to enable additional features, such as scanning for non-provider patterns and push protection.{% endif %}
 
 ## Setting a security policy
 
 If you are a repository maintainer, it's good practice to specify a security policy for your repository by creating a file named `SECURITY.md` in the repository. This file instructs users about how to best contact you and collaborate with you when they want to report security vulnerabilities in your repository. You can view the security policy of a repository from the repository’s **Security** tab.
 
 1. From the main page of your repository, click **{% octicon "shield" aria-hidden="true" %} Security**.
-1. Click **Security policy**.
+1. In the left sidebar, under "Reporting", click **{% octicon "law" aria-hidden="true" %} Policy**.
 1. Click **Start setup**.
 1. Add information about supported versions of your project and how to report vulnerabilities.
 

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md

@@ -68,13 +68,20 @@ To update private dependencies of repositories in your organization, {% data var
 
 {% data reusables.code-scanning.about-code-scanning %}
 
+{% ifversion ghes > 3.16 %}
+<!-- There is only one bullet point in this section, so we don't display a list for GHES 3.17. -->
+{% else %}
+
 You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_code_scanning %}:
 
-* [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup){% ifversion code-scanning-autofix %}
+{% ifversion code-scanning-autofix %}
 * [Enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %}](#enabling-copilot-autofix-for-codeql)
-* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for third-party {% data variables.product.prodname_code_scanning %} tools](#enabling-copilot-autofix-for-third-party-code-scanning-tools) {% endif %}{% ifversion ghes < 3.17 %}
+* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for third-party {% data variables.product.prodname_code_scanning %} tools](#enabling-copilot-autofix-for-third-party-code-scanning-tools) {% endif %}
+* [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup){% ifversion ghes < 3.17 %}
 * [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests){% endif %}
 
+{% endif %}
+
 ### Recommending the extended query suite for default setup
 
 {% data variables.product.prodname_code_scanning_caps %} offers specific groups of {% data variables.product.prodname_codeql %} queries, called {% data variables.product.prodname_codeql %} query suites, to run against your code. By default, the "Default" query suite is run. {% data variables.product.company_short %} also offers the "Extended" query suite, which contains all the queries in the "Default" query suite, plus additional queries with lower precision and severity. To suggest the "Extended" query suite across your organization, select **Recommend the extended query suite for repositories enabling default setup**. For more information on built-in query suites for {% data variables.product.prodname_codeql %} default setup, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites).
@@ -113,7 +120,7 @@ You can customize several {% data variables.product.prodname_global_settings %}
 
 ### Adding a resource link for blocked commits
 
-To provide context for developers when {% data variables.product.prodname_secret_scanning %} blocks a commit, you can display a link with more information on why the commit was blocked. To include a link, select **Add a resource link in the CLI and the web UI when a commit is blocked**. In the text box, type the link to the desired resource, then click **Save**.
+To provide context for developers when {% data variables.product.prodname_secret_scanning %} blocks a commit, you can display a link with more information on why the commit was blocked. To include a link, select **Add a resource link in the CLI and the web UI when a commit is blocked**. In the text box, type the link to the desired resource, then click {% ifversion fpt or ghec or ghes > 3.15 %}**Save Link**{% else %}**Save**{% endif %}.
 
 ### Defining custom patterns
 

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md

@@ -38,13 +38,13 @@ You can also choose whether or not you want to include {% data variables.product
 * {% ifversion ghas-products %}Some features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance has purchased the relevant {% data variables.product.prodname_GHAS %} product ({% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %}){% else %}{% data variables.product.prodname_GHAS %} features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %} license{% endif %}.
 * Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.{% endif %}
 
-## Creating a {% data variables.product.prodname_custom_security_configuration %}
+{% ifversion ghas-products %}
 
-{% ifversion fpt or ghec %}
-<!-- Note: this article has two entirely separate procedures for cloud and server users. -->
+{% data reusables.advanced-security.bundled-vs-unbundled-ui %} See [Creating a {% data variables.product.prodname_GHAS %} configuration](#creating-a-github-advanced-security-configuration) or [Creating a {% data variables.product.prodname_cs_and_sp %} configuration](#creating-a-secret-protection-and-code-security-configuration).
 
->[!NOTE]
-> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation.
+## Creating a {% data variables.product.prodname_cs_and_sp %} configuration
+
+<!-- This section describes the view for users with an unbundled GHAS license. That is, separate calculation of usage of Secret Protection and Code Security features. -->
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
@@ -69,8 +69,8 @@ You can also choose whether or not you want to include {% data variables.product
       > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
-1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
         {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
@@ -80,14 +80,48 @@ You can also choose whether or not you want to include {% data variables.product
 
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
 
-{% endif %}
+## Creating a {% data variables.product.prodname_GHAS %} configuration
 
-<!-- expires 2025-05-01 -->
-<!-- The updated procedure for GHES 3.17+ will be added here later, see ref: #17613 -->
-<!-- end expires 2025-05-01 -->
+<!-- This section describes the view for users with an bundled GHAS license. That is, a single calculation of usage of any GitHub Advanced Security features. -->
 
-<!-- This content will be updated when there is a GHES 3.17+ test instance available. Issue #17613 -->
-{% ifversion ghes < 3.17 %}
+{% data reusables.profile.access_org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.security-configurations.view-configurations-page %}
+1. In the "Security configurations" section, click **New configuration**.
+1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "New configuration" page, name your configuration and create a description.
+1. In the "{% data variables.product.prodname_GHAS %} features" row, choose whether to include or exclude {% data variables.product.prodname_GHAS %} (GHAS) features.
+1. In the "{% data variables.product.prodname_secret_scanning_caps %}" table, choose whether you want to enable, disable, or keep the existing settings for the following security features:{% ifversion ghes > 3.16 %}
+    * **Alerts**. To learn about {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% endif %} {% ifversion secret-scanning-validity-check-partner-patterns %}
+    * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+    * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion push-protection-delegated-bypass-configurations %}
+    * **Bypass privileges**. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% endif %}{% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup.
+   * **Default setup**. To learn more, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). {% ifversion code-scanning-default-setup-customize-labels %}
+   * **Runner type**. If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can choose to use custom-labeled runners at this step. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).{% endif %} {% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).{% endif %}
+1. In the "Dependency scanning" table, choose whether you want to enable, disable, or keep the existing settings for the following dependency scanning features:
+   * **Dependency graph**. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
+      > [!TIP]
+      > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
+   * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
+   * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
+1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
+   * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
+        {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
+   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
+
+1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
+
+{% else %}
+
+<!--This section describes the view for users with GHES 3.15 and 3.16. -->
+
+## Creating a {% data variables.product.prodname_custom_security_configuration %}
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling {% data variables.secret-scanning.alerts %} will also disable non-provider patterns and push protection.
@@ -97,7 +131,7 @@ You can also choose whether or not you want to include {% data variables.product
 {% data reusables.security-configurations.view-configurations-page %}
 1. In the "Code security configurations" section, click **New configuration**.
 1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Code {% data variables.product.prodname_security_configurations %}" page, name your configuration and create a description.
-1. In the "{% data variables.product.prodname_GHAS %} features" row, choose whether to include or exclude {% data variables.product.prodname_GHAS %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+1. In the "{% data variables.product.prodname_GHAS %} features" row, choose whether to include or exclude {% data variables.product.prodname_GHAS %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 1. In the "Dependency graph and Dependabot" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
     * {% data variables.product.prodname_dependabot_alerts %}. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
     * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).

content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md

@@ -15,13 +15,15 @@ topics:
 
 {% ifversion ghas-products %}
 
-{% data variables.product.github %} has many features that help you improve and maintain the quality of your code. Some features are included in all {% data variables.product.github %} plans. Additional features are available to organizations {% ifversion ghec %}and enterprises{% endif %} on {% data variables.product.prodname_team %}{% ifversion ghec %} and {% data variables.product.prodname_ghe_cloud %}{% endif %} that purchase a {% data variables.product.prodname_GHAS %} product:
-  * **{% data variables.product.prodname_GH_code_security %}**, which includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review.
-  * **{% data variables.product.prodname_GH_secret_protection %}**, which includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection.
+{% data variables.product.github %} has many features that help you improve and maintain the quality of your code. Some features are included in all {% data variables.product.github %} plans. Additional features are available {% ifversion fpt or ghec %}to organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} that{% else %} if you {% endif %} purchase a {% data variables.product.prodname_GHAS %} product:
+
+{% data reusables.advanced-security.ghas-products-bullets+ghas %}
 
 {% else %}
 
-{% data variables.product.github %} offers many security features including {% data variables.product.prodname_GHAS %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more.{% endif %}
+{% data variables.product.github %} offers many security features including {% data variables.product.prodname_GHAS %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more.
+
+{% endif %}
 
 You can easily enable and manage {% data variables.product.github %}'s security features throughout your organization with {% data variables.product.prodname_security_configurations %}, which control repository-level security features, and {% data variables.product.prodname_global_settings %}, which control security features at the organization level. We recommend applying {% data variables.product.prodname_security_configurations %} _and_ customizing your {% data variables.product.prodname_global_settings %} to create a system that best meets the security needs of your organization.
 

content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md

@@ -16,14 +16,14 @@ topics:
 
 ## Requirements for enabling {% data variables.product.prodname_AS %} products
 
-To use {% data variables.product.prodname_GH_cs_or_sp %} on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for {% data variables.product.prodname_AS %}.
+To use {% data variables.product.prodname_GHAS_cs_or_sp %} on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for {% data variables.product.prodname_AS %}.
 
 * **Metered billing:** by default, there is no limit on how many licenses you can consume. See {% data reusables.advanced-security.control-use-cost-links %}.
-* **Volume/subscription billing** ({% data variables.product.prodname_enterprise %} only)**:**  once the licenses you have purchased are all in use, you cannot enable {% data variables.product.prodname_cs_or_sp %} on additional repositories until you free up or buy additional licenses.
+* **Volume/subscription billing** ({% data variables.product.prodname_enterprise %} only)**:**  once the licenses you have purchased are all in use, you cannot enable {% data variables.product.prodname_GHAS_cs_or_sp %} on additional repositories until you free up or buy additional licenses.
 
-With {% data variables.product.prodname_security_configurations %}, you can easily understand the license usage of repositories in your organization{% ifversion ghec or ghes %}, as well as the number of available {% data variables.product.prodname_GH_cs_and_sp %} licenses in your organization or enterprise. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable {% data variables.product.prodname_GH_cs_and_sp %} on private and internal repositories at scale{% endif %}.
+With {% data variables.product.prodname_security_configurations %}, you can easily understand the license usage of repositories in your organization, as well as the number of available {% data variables.product.prodname_GHAS_cs_or_sp %} licenses in your {% data variables.enterprise.enterprise_or_org %}. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable {% data variables.product.prodname_GHAS_cs_or_sp %}{% ifversion fpt or ghec %} on private and internal repositories{% endif %} at scale.
 
-To learn about licensing for {% data variables.product.prodname_GH_cs_and_sp %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+To learn about licensing for {% data variables.product.prodname_GHAS_cs_and_sp %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
 ## Understanding your license usage
 

content/get-started/learning-about-github/about-github-advanced-security.md

@@ -22,7 +22,7 @@ shortTitle: GitHub Advanced Security
 
 Other security features require you to purchase one of {% data variables.product.github %}'s {% data variables.product.prodname_AS %} products:
 
-{% data reusables.advanced-security.ghas-products-bullets %}
+{% data reusables.advanced-security.ghas-products-bullets+ghas %}
 
 {% ifversion fpt or ghec %}Some of these features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, are enabled for public repositories by default. To run the feature on your private or internal repositories, you must purchase the relevant {% data variables.product.prodname_GHAS %} product.{% endif %}
 

content/rest/orgs/bypass-requests.md

@@ -1,10 +1,10 @@
 ---
 title: REST API endpoints for organization push rule bypass requests
 shortTitle: Bypass requests
-intro: >-
-  Use the REST API to manage organization push rule bypass requests.
+intro: Use the REST API to manage organization push rule bypass requests.
 versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
   ghec: '*'
+  ghes: '>=3.17'
 topics:
   - API
 autogenerated: rest

content/rest/repos/bypass-requests.md

@@ -1,10 +1,10 @@
 ---
 title: REST API endpoints for repository push rule bypass requests
 shortTitle: Bypass requests
-intro: >-
-  Use the REST API to manage repository push rule bypass requests.
+intro: Use the REST API to manage repository push rule bypass requests.
 versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
   ghec: '*'
+  ghes: '>=3.17'
 topics:
   - API
 autogenerated: rest

content/rest/secret-scanning/delegated-bypass.md

@@ -1,9 +1,12 @@
 ---
 title: REST API endpoints for push protection bypass requests
 shortTitle: Push protection bypass
-intro: Use the REST API to manage push protection bypass requests for secret scanning.
+intro: >-
+  Use the REST API to manage push protection bypass requests for secret
+  scanning.
 versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
   ghec: '*'
+  ghes: '>=3.17'
 topics:
   - API
 autogenerated: rest

data/release-notes/enterprise-server/3-17/0-rc1.yml

@@ -0,0 +1,232 @@
+date: '2025-05-13'
+release_candidate: true
+deprecated: false
+intro: |
+  > [!NOTE] Release candidate (RC) builds are intended solely for use in a test environment. Do not install an RC in a production environment.
+  >
+  > Do not upgrade to an RC from a supported, earlier version.
+  >
+  > If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
+
+  For upgrade instructions, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process).
+sections:
+  # Remove section heading if the section contains no notes.
+
+  features:
+    # Remove a sub-section heading if the heading contains no notes. If sections
+    # that regularly recur are missing, add placeholders to this template.
+
+    - heading: Instance administration
+      notes:
+        # https://github.com/github/releases/issues/5569
+        - |
+          During the upgrade to 3.17, the database transitions will be run concurrently. You may notice the upgrade taking less time.
+        # https://github.com/github/releases/issues/5675
+        - |
+          GitHub Enterprise Server Backup Service is a managed backup solution built directly into the appliance. It provides simplified alternative to the `backup-utils`. The backup service is in public preview. See [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/about-the-backup-service-for-github-enterprise-server).
+
+    - heading: Secret Protection and Code Security
+      notes:
+        # https://github.com/github/releases/issues/4986
+        # https://github.com/github/releases/issues/5202
+        - |
+          Users can secure code in their organizations and enterprises in an easier, more affordable, and scalable way to secure their code with the new standalone GitHub Advanced Security (GHAS) products: Secret Protection and Code Security. See [Introducing GitHub Secret Protection and GitHub Code Security](https://github.blog/changelog/2025-03-04-introducing-github-secret-protection-and-github-code-security/) and [GitHub Secret Protection and GitHub Code Security for GitHub Enterprise](https://github.blog/changelog/2025-04-01-github-secret-protection-and-github-code-security-for-github-enterprise/) on the GitHub Blog.
+           * Secret Protection is a security feature designed to detect and prevent the exposure of sensitive information, such as API keys, tokens, and passwords, in your code repositories. It includes tools like secret scanning, which identifies hardcoded secrets in your repositories, and push protection, which prevents developers from committing secrets to repositories in the first place. See [Choosing GitHub Secret Protection](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection`)
+           * Code security is a security feature designed to help users identify, manage, and remediate vulnerabilities in their codebases, ensuring secure and compliant software development. It includes tools like code scanning, premium Dependabot features, and dependency review. See [GitHub Code Security](/get-started/learning-about-github/about-github-advanced-security#github-code-security).
+           Users on a GHAS subscription plans can transition at renewal time to a standalone subscription or a metered plan. Users on a Pay-as-You-Go plan can transition any time. See [Billing models for Advanced Security products](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#billing-models-for-advanced-security-products).
+
+    - heading: Secret Protection
+      notes:
+        # https://github.com/github/releases/issues/4986
+        - |
+          Organization owners can establish an approval process to control sensitive actions, such as restricting dismissal privileges of secret scanning alerts to designated individuals. This mitigates the risk of unauthorized changes and provides a documented record of bypass usage. See [Delegated alert dismissal for code scanning and secret scanning now available in public preview](https://github.blog/changelog/2025-03-05-delegated-alert-dismissal-for-code-scanning-and-secret-scanning-now-available-in-public-preview/) on the GitHub Blog, and [AUTOTITLE](/admin/overview/establishing-a-governance-framework-for-your-enterprise).
+        # https://github.com/github/releases/issues/4709
+        - |
+          Users can now access secret scanning scan events via the audit log and webhooks. Providing scan status visibility and reporting aims to enable users to independently diagnose unexpected scan behavior, as well as meet the auditing and compliance requirements of large enterprises by demonstrating scan activity. See [Audit log and webhook events for secret scan completions](https://github.blog/changelog/2024-12-20-audit-log-and-webhook-events-for-secret-scan-completions/) on the GitHub Blog.
+        # https://github.com/github/releases/issues/4898
+        - |
+          The detection of Base64-encoded GitHub tokens is now generally available, which means that users have better visibility into any leaked PATs. See [Secret scanning detects Base64-encoded GitHub tokens](https://github.blog/changelog/2025-02-14-secret-scanning-detects-base64-encoded-github-tokens/) on the GitHub Blog.
+        # https://github.com/github/releases/issues/5610
+        - |
+          The "Experimental" tab name for alerts, which caused confusion by leading certain users to underestimate the importance of its alerts, has been renamed "Generic".  This tab includes alerts for non-provider patterns, which are not necessarily low confidence alerts. See [Renaming secret scanning experimental alerts to generic alerts](https://github.blog/changelog/2025-03-11-renaming-secret-scanning-experimental-alerts-to-generic-alerts/).
+        # https://github.com/github/releases/issues/5330
+        # https://github.com/github/releases/issues/5334
+        - |
+          Enterprises can manage push protection bypass requests for secret scanning via the REST API, enabling integration with existing workflows for reviewing and triaging. Reviewers can retrieve and act on bypass requests at the organization or repository level using new endpoints. This functionality supports delegated bypass controls, allowing only authorized users to bypass push protection, while others must submit requests for approval. See the [GitHub Blog post](https://github.blog/changelog/2025-02-27-manage-push-protection-bypass-requests-for-secret-scanning-with-the-rest-api/).
+
+    - heading: Code Security
+      notes:
+        # https://github.com/github/releases/issues/4986
+        - |
+          Organization owners can establish an approval process to control sensitive actions, such as restricting dismissal privileges of code scanning alerts to designated individuals This mitigates the risk of unauthorized changes and provides a documented record of bypass usage. See [Delegated alert dismissal for code scanning and secret scanning now available in public preview](https://github.blog/changelog/2025-03-05-delegated-alert-dismissal-for-code-scanning-and-secret-scanning-now-available-in-public-preview/) on the GitHub Blog, and [AUTOTITLE](/admin/overview/establishing-a-governance-framework-for-your-enterprise).
+        # https://github.com/github/releases/issues/5116
+        - |
+          Users can access and search audit logs for code scanning-related events. These logs capture events impacting enterprises or organizations, including code scanning activities such as alert creation, resolution, reopening, or appearance in a new branch. See [Code scanning now creates alert-related events in audit log](https://github.blog/changelog/2024-12-03-code-scanning-now-creates-alert-related-events-in-audit-log/) on the GitHub Blog.
+        - |
+          This release comes installed with version **2.20.7** of the CodeQL CLI, used in the CodeQL action for code scanning. Significant updates since the default version installed on GitHub Enterprise Server 3.16 include:
+
+          * All experimental queries for C#, Java, and Kotlin have been promoted to the default query suite in the CodeQL community packs.
+          * Full support for C# 13 and .NET 9, including coverage improvements to enhance alert detection and reduce false negatives.
+          * Go 1.24 support, enabling analysis of the latest Go language features.
+          * Java 24 support, with improvements to query accuracy for XSS and CSRF vulnerabilities.
+          * JavaScript and TypeScript enhancements, including:
+            * Optional response threat model to treat HTTP responses as tainted sources.
+            * Improved precision for data flow through arrays and call resolution.
+          * C/C++ improvements, including better accuracy for `cpp/static-buffer-overflow`.
+
+    - heading: Dependabot
+      notes:
+        # https://github.com/github/releases/issues/5341
+        # https://github.com/github/releases/issues/5343
+        # https://github.com/github/releases/issues/5424
+        - |
+          Users can automatically keep their `bun`, `Docker Compose`, and `uv` dependencies up to date with Dependabot version updates. See [Supported ecosystems and repositories](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories#supported-ecosystems-and-repositories).
+        # https://github.com/github/releases/issues/4489
+        - |
+          Users can use EPSS scores to help prioritize dependency vulnerabilities based on exploit likelihood. Using EPSS scores allows users to address vulnerabilities that are more likely to be exploited, reducing the risk of actual attacks. See [Dependabot helps users focus on the most important alerts by including EPSS scores that indicate likelihood of exploitation, now generally available](https://github.blog/changelog/2025-02-19-dependabot-helps-users-focus-on-the-most-important-alerts-by-including-epss-scores-that-indicate-likelihood-of-exploitation-now-generally-available/).
+        # https://github.com/github/releases/issues/5434
+        - |
+          Developers using `pnpm` workspaces can ensure more reliable dependency updates with full Dependabot support for `pnpm` workspace catalogs. Dependabot prevents lockfile inconsistencies, avoids broken dependency trees, and improves update reliability in monorepos. See [the GitHub blog post](https://github.blog/changelog/2025-02-04-dependabot-now-supports-pnpm-workspace-catalogs-ga/).
+
+    - heading: Identity and access management
+      notes:
+        # https://github.com/github/releases/issues/5040
+        - |
+          Automated user provisioning with the System for Cross-domain Identity Management (SCIM) standard is generally available. SCIM is a leading standard for user lifecycle management in SaaS applications. GitHub Enterprise Server instances using SAML authentication can enable SCIM to provision and manage user accounts from an identity provider (IdP). GitHub supports common integrations such as Entra ID and Okta, or you can use a custom SAML IdP and SCIM implementation to meet your organization's needs. You can configure SCIM using a supported IdP application or the SCIM REST API. See [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes).
+
+    - heading: Authentication
+      notes:
+        # https://github.com/github/releases/issues/2579
+        # https://github.com/github/releases/issues/3181
+        - |
+          Fine-grained {% data variables.product.pat_generic_plural %} (PATs) and PAT lifetime policies are now generally available. These tokens offer improved security with per-organization access, token approval workflows, and better auditability through token ID tracking in audit logs. With lifetime policies you can also force the rotation of tokens on a configurable basis, helping drive down the use of long-lived PATs in your environment. See [Fine-grained PATs are now generally available](https://github.blog/changelog/2025-03-18-fine-grained-pats-are-now-generally-available/) on the GitHub Blog.
+
+    - heading: Migrations
+      notes:
+        # https://github.com/github/releases/issues/5649
+        - |
+          Administrators can use the GHES Management Console to configure repository exports with local storage, reducing reliance on external blob storage and simplifying the migration process. Exports are stored on the GHES disk, and customers can choose how to provide the archive to GitHub Enterprise Importer, including using GitHub-owned blob storage.
+
+    - heading: Audit logs
+      notes:
+        # https://github.com/github/releases/issues/4939
+        - |
+          Audit log streaming of API requests targeting your enterprise's private assets is generally available.
+
+    - heading: Repositories
+      notes:
+        # https://github.com/github/releases/issues/4042
+        - |
+          Push rulesets are generally available. Users can block pushes to private and internal repositories, and their forks, based on file type, path, or size. Unlike pre-receive hooks, push rules are built-in, configurable via the UI or API, and support audit logs, evaluate mode, and bypass lists. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets#push-rulesets).
+        # https://github.com/github/releases/issues/5128
+        - |
+          Enterprise administrators can manage rules more efficiently with the general availability of ruleset history, import, and export. Ruleset history allows tracking and rolling back changes, while import and export simplify sharing and reusing rulesets, including GitHub's ruleset-recipes. See [`github/ruleset-recipes`](https://github.com/github/ruleset-recipes).
+        # https://github.com/github/releases/issues/5129
+        - |
+          Repository administrators can easily convert a fork into a standalone repository by leaving the fork network, which stops automatic syncing with the upstream repository. This is useful for taking a project in a new direction or maintaining separate versions.
+        # https://github.com/github/releases/issues/5273
+        - |
+          Users can more easily explore contributors and code frequency insights with improved navigation, interactive chart legends for hiding data series, and options to view or download the data as a CSV or PNG. See [Repositories - Updated insight views (General Availability)](https://github.blog/changelog/2025-02-25-repositories-updated-insight-views-general-availability/) on the GitHub Blog.
+
+    - heading: Pull requests
+      notes:
+        # https://github.com/github/releases/issues/4318
+        - |
+          The refreshed pull request commits page is generally available. The updated page improves performance, aligns with GitHub's design system, and offers better accessibility.
+
+    - heading: Gist
+      notes:
+        # https://github.com/github/releases/issues/5192
+        - |
+          Users can moderate comments on gists by turning them off or deleting unwanted entries. See [AUTOTITLE](/get-started/writing-on-github/editing-and-sharing-content-with-gists/moderating-gist-comments).
+
+    - heading: Commits
+      notes:
+        # https://github.com/github/releases/issues/5192
+        - |
+          Verified commits are attached to persistent verification records, allowing users to identify the first actor to introduce a commit to a repository. Users can rotate, expire, or revoke their signing key without impacting existing verifications.
+
+          Verification records consume approximately 80 bytes on disk per signed commit. To limit data growth on large instances, site administrators can run `ghe-config app.persist-commit-signature-verification.enabled false` to disable persistent records.
+
+    - heading: GitHub Mobile
+      notes:
+        # https://github.com/github/releases/issues/3234
+         - |
+           GitHub Mobile users can quickly view their recent projects by clicking the Projects view from the Home screen.
+
+    - heading: Integrations and extensions
+      notes:
+        # https://github.com/github/releases/issues/4900
+        - |
+          GitHub App developers can improve security with a 25-key limit per app, encouraging safer key management practices. Apps exceeding the limit must delete excess keys before adding new ones. Additionally, scoped tokens can access more repositories. See [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps).
+        # https://github.com/github/releases/issues/5038
+        - |
+          Enterprise owners can centrally manage and share GitHub Apps across all organizations in their enterprise by creating enterprise-owned GitHub Apps. This eliminates the need to duplicate apps or make them `public`, reducing management overhead and improving security. `Private` and `internal` apps can be transferred to the enterprise level, with permission updates automatically applied across all organizations. Only `internal` visibility is supported, meaning only users and organizations within the enterprise can install and authorize these Apps. See [AUTOTITLE](/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise).
+
+  changes:
+    # https://github.com/github/releases/issues/5956
+    - |
+      SAML response processing includes additional validation and schema checks. We recommend testing your SAML configuration on an upgraded staging appliance before upgrading your production appliance. See the SAML configuration guide for details on the required pieces of data, [AUTOTITLE](/admin/managing-iam/iam-configuration-reference/saml-configuration-reference#saml-response-requirements).
+    # https://github.com/github/releases/issues/5484
+    - |
+      Users see a horizontal navigation bar at the top of their enterprise account. This update is designed to improve the user experience by providing a consistent, intuitive navigation structure that mirrors the rest of the GitHub experience.
+
+  known_issues:
+    - |
+      **Note:** This list is not complete. Any new known issues that are identified for the 3.17 release will be added between now and the general availability release.
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+    - |
+      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
+    - |
+      {% data reusables.release-notes.large-adoc-files-issue %}
+    - |
+      Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+    - |
+      When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+    - |
+      Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
+    - |
+      When restoring data originally backed up from an appliance with version 3.13 or greater, the Elasticsearch indices must be reindexed before the data will display. This happens via a nightly scheduled job.  It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+    - |
+      When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration.
+    - |
+      Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the ghe-cluster-repl-bootstrap command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories.
+    - |
+      In a cluster, the host running restore requires access the storage nodes via their private IPs.
+    - |
+      On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue.
+    - |
+      After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance.
+    - |
+      After a geo-replica is promoted to primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows.
+    - |
+      Repository Cache Replicas return `Repository not found` when changes have been pushed to the primary instance that have not yet synchronized to the Cache Replica. This issue can also occur in all previous patches of this release.
+    - |
+      When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages.
+
+  closing_down:
+    # https://github.com/github/releases/issues/5177
+    - |
+      In GitHub Enterprise Server 3.20, GitHub will retire the security manager API in favor of the organization roles API. See the [GitHub Blog](https://github.blog/changelog/2024-12-10-notice-of-breaking-changes-security-manager-rest-api-will-be-retired-and-replaced-with-the-organization-roles-rest-api/).
+    - |
+      Microsoft Exchange Online is retiring SMTP basic authentication in September 2025. If your GitHub Enterprise Server instance uses this method to send email, delivery may fail after the retirement date. Microsoft recommends switching to a supported alternative. As another option, you may consider using an SMTP OAuth proxy such as [email-oauth2-proxy](https://github.com/simonrob/email-oauth2-proxy), though this is not officially supported. For details and configuration guidance, see the [Microsoft announcement](https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750) and the proxy’s [documentation](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config).
+
+  retired:
+    # https://github.com/github/releases/issues/5433
+    - |
+      Real-time job status updates for GitHub Actions workflow notifications in Slack and Microsoft Teams are no longer available. Users still receive notifications when a workflow starts and completes, but intermediate job progress updates have been removed to improve system efficiency.
+    # https://github.com/github/releases/issues/3525
+    - |
+      In GitHub Enterprise Server 3.17, tag protection rules will be migrated to a ruleset, and the tag protection rule feature will no longer be available.
+    # https://github.com/github/releases/issues/5292
+    - |
+      Dependabot is no longer supporting Python 3.8, which has reached its end-of-life. If you continue to use Python 3.8, Dependabot will not be able to create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of Python. As of February 2025, Python 3.13 is the newest supported release.
+    # https://github.com/github/releases/issues/5204
+    - |
+      Dependabot is no longer supporting NPM version 6, which has reached its end-of-life. If you continue to use NPM version 6, Dependabot will be unable to create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of NPM. As of December 2024, NPM 9 is the newest supported release.
+    # https://github.com/github/releases/issues/4710
+    - |
+      The `cvss` field for GitHub security advisories in the REST and GraphQL APIs is no longer available, and is superseded by the new `cvss_severities` field. See [Deprecation of cvss field in security advisories API](https://github.blog/changelog/2025-03-27-deprecation-of-cvss-field-in-security-advisories-api/) on the GitHub Blog.

data/reusables/advanced-security/bundled-vs-unbundled-ui.md

@@ -0,0 +1,2 @@
+>[!IMPORTANT]
+> The order and names of some settings will differ depending on whether you are using licenses for the original {% data variables.product.prodname_GHAS %} product, or for the two new products: {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %}.

data/reusables/advanced-security/ghas-products-bullets+ghas.md

@@ -0,0 +1,2 @@
+{% data reusables.advanced-security.ghas-products-bullets %}{% ifversion ghec or ghes %}
+* **{% data variables.product.prodname_GHAS %}**, which includes all features in {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_GH_code_security %}.{% endif %}

data/reusables/billing/actions-usage-delay.md

@@ -1 +1 @@
-> [!NOTE] When you enable {% data variables.product.prodname_GH_cs_or_sp %}, there is a delay of up to two hours before the change is shown in the usage data on the "Billing & Licensing" tab.
+> [!NOTE] When you enable {% data variables.product.prodname_GHAS_cs_or_sp %}, there is a delay of up to two hours before the change is shown in the usage data on the "Billing & Licensing" tab.

data/reusables/enterprise-accounts/advanced-security-organization-policy-drop-down.md

@@ -1 +1 @@
-1. Under "{% data variables.product.prodname_AS %} availability", select the dropdown menu, then click a policy for the organizations owned by your enterprise.
+1. On the "Policies" tab of the "{% data variables.product.prodname_AS %}{% ifversion ghes = 3.16 %} policies{% endif %}" page, select the dropdown menu, then click a policy for the organizations owned by your enterprise.

data/reusables/security-configurations/apply-configuration.md

@@ -1,4 +1,4 @@
-1. Review the detailed information about how your changes will affect {% data variables.product.prodname_cs_and_sp %} license consumption. To apply the {% data variables.product.prodname_security_configuration %}, click **Apply**.
+1. Review the detailed information about how your changes will affect {% data variables.product.prodname_GHAS_cs_or_sp %} license consumption. To apply the {% data variables.product.prodname_security_configuration %}, click **Apply**.
 
 {% ifversion fpt or ghec or ghes > 3.15 %}The {% data variables.product.prodname_security_configuration %} is applied to both active and archived repositories because some security features run on archived repositories, for example, {% data variables.product.prodname_secret_scanning %}. In addition, if a repository is later unarchived you can be confident that it is protected by the chosen {% data variables.product.prodname_security_configuration %}.{% elsif ghes = 3.15 %}
    > [!NOTE]

data/variables/product.yml

@@ -34,6 +34,7 @@ prodname_team: 'GitHub Team'
 prodname_free_team: 'GitHub Free'
 
 prodname_enterprise_backup_utilities: 'GitHub Enterprise Server Backup Utilities'
+prodname_enterprise_backup_service: 'GitHub Enterprise Server Backup Service'
 
 # GitHub Connect (enterprise accounts, other unified features)
 prodname_github_connect: 'GitHub Connect'
@@ -94,7 +95,7 @@ prodname_codeql_cli: 'CodeQL CLI'
 # CodeQL usually bumps its minor version for each minor version of GHES.
 # Update this whenever a new enterprise version of CodeQL is being prepared.
 codeql_cli_ghes_recommended_version: >-
-  {% ifversion ghes < 3.17 %}2.20.3{% endif %}
+  {% ifversion ghes < 3.14 %}2.16.5{% elsif ghes < 3.15 %}2.17.6{% elsif ghes < 3.16 %}2.18.4{% elsif ghes < 3.17 %}2.20.3{% elsif ghes < 3.18 %}2.20.7{% endif %}
 codeql_cli_version_min_version_create_bundle: '2.17.6'
 # Projects v2
 prodname_projects_v2: 'Projects'
@@ -147,7 +148,7 @@ prodname_unfurls: 'Content Attachments'
 prodname_actions: 'GitHub Actions'
 prodname_actions_runner_controller: 'Actions Runner Controller'
 runner_required_version: >-
-  {% ifversion ghes < 3.14 %}2.314.1{% elsif ghes < 3.15 %}2.317.0{% elsif ghes < 3.16 %}2.319.1{% elsif ghes < 3.17 %}2.321.0{% endif %}
+  {% ifversion ghes < 3.14 %}2.314.1{% elsif ghes < 3.15 %}2.317.0{% elsif ghes < 3.16 %}2.319.1{% elsif ghes < 3.17 %}2.321.0{% elsif ghes < 3.18 %}2.322.0{% endif %}
 
 # GitHub Debug
 prodname_debug: 'GitHub Debug'

src/graphql/data/ghes-3.17/graphql_upcoming_changes.public-enterprise.yml

@@ -0,0 +1,618 @@
+---
+upcoming_changes:
+  - location: LegacyMigration.uploadUrlTemplate
+    description: '`uploadUrlTemplate` will be removed. Use `uploadUrl` instead.'
+    reason:
+      '`uploadUrlTemplate` is being removed because it is not a standard URL and
+      adds an extra user step.'
+    date: '2019-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: tambling
+  - location: AssignedEvent.user
+    description: '`user` will be removed. Use the `assignee` field instead.'
+    reason: Assignees can now be mannequins.
+    date: '2020-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: tambling
+  - location: UnassignedEvent.user
+    description: '`user` will be removed. Use the `assignee` field instead.'
+    reason: Assignees can now be mannequins.
+    date: '2020-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: tambling
+  - location: Issue.timeline
+    description: '`timeline` will be removed. Use Issue.timelineItems instead.'
+    reason: '`timeline` will be removed'
+    date: '2020-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: mikesea
+  - location: PullRequest.timeline
+    description: '`timeline` will be removed. Use PullRequest.timelineItems instead.'
+    reason: '`timeline` will be removed'
+    date: '2020-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: mikesea
+  - location: MergeStateStatus.DRAFT
+    description: '`DRAFT` will be removed. Use PullRequest.isDraft instead.'
+    reason:
+      DRAFT state will be removed from this enum and `isDraft` should be used
+      instead
+    date: '2021-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: nplasterer
+  - location: PackageType.DOCKER
+    description: '`DOCKER` will be removed.'
+    reason:
+      DOCKER will be removed from this enum as this type will be migrated to only
+      be used by the Packages REST API.
+    date: '2021-06-21'
+    criticality: breaking
+    owner: reybard
+  - location: ReactionGroup.users
+    description: '`users` will be removed. Use the `reactors` field instead.'
+    reason: Reactors can now be mannequins, bots, and organizations.
+    date: '2021-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: synthead
+  - location: AddPullRequestToMergeQueueInput.branch
+    description: '`branch` will be removed.'
+    reason:
+      PRs are added to the merge queue for the base branch, the `branch` argument
+      is now a no-op
+    date: '2022-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: jhunschejones
+  - location: DependencyGraphDependency.packageLabel
+    description:
+      '`packageLabel` will be removed. Use normalized `packageName` field
+      instead.'
+    reason: '`packageLabel` will be removed.'
+    date: '2022-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: github/dependency_graph
+  - location: RemovePullRequestFromMergeQueueInput.branch
+    description: '`branch` will be removed.'
+    reason:
+      PRs are removed from the merge queue for the base branch, the `branch` argument
+      is now a no-op
+    date: '2022-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: jhunschejones
+  - location: PackageType.NPM
+    description: '`NPM` will be removed.'
+    reason:
+      NPM will be removed from this enum as this type will be migrated to only
+      be used by the Packages REST API.
+    date: '2022-11-21'
+    criticality: breaking
+    owner: s-anupam
+  - location: PackageType.NUGET
+    description: '`NUGET` will be removed.'
+    reason:
+      NUGET will be removed from this enum as this type will be migrated to only
+      be used by the Packages REST API.
+    date: '2022-11-21'
+    criticality: breaking
+    owner: s-anupam
+  - location: PackageType.RUBYGEMS
+    description: '`RUBYGEMS` will be removed.'
+    reason:
+      RUBYGEMS will be removed from this enum as this type will be migrated to
+      only be used by the Packages REST API.
+    date: '2022-12-28'
+    criticality: breaking
+    owner: ankitkaushal01
+  - location: Commit.changedFiles
+    description: '`changedFiles` will be removed. Use `changedFilesIfAvailable` instead.'
+    reason: '`changedFiles` will be removed.'
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: adamshwert
+  - location: ProjectV2View.visibleFields
+    description:
+      '`visibleFields` will be removed. Check out the `ProjectV2View#fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#visibleFields` API is deprecated in favour of the more
+      capable `ProjectV2View#fields` API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: mattruggio
+  - location: PackageType.MAVEN
+    description: '`MAVEN` will be removed.'
+    reason:
+      MAVEN will be removed from this enum as this type will be migrated to only
+      be used by the Packages REST API.
+    date: '2023-02-10'
+    criticality: breaking
+    owner: ankitkaushal01
+  - location: ProjectV2View.groupBy
+    description:
+      '`groupBy` will be removed. Check out the `ProjectV2View#group_by_fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#order_by` API is deprecated in favour of the more capable
+      `ProjectV2View#group_by_field` API.
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: alcere
+  - location: ProjectV2View.sortBy
+    description:
+      '`sortBy` will be removed. Check out the `ProjectV2View#sort_by_fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#sort_by` API is deprecated in favour of the more capable
+      `ProjectV2View#sort_by_fields` API.
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: traumverloren
+  - location: ProjectV2View.verticalGroupBy
+    description:
+      '`verticalGroupBy` will be removed. Check out the `ProjectV2View#vertical_group_by_fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#vertical_group_by` API is deprecated in favour of the
+      more capable `ProjectV2View#vertical_group_by_fields` API.
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: traumverloren
+  - location: Repository.squashPrTitleUsedAsDefault
+    description:
+      '`squashPrTitleUsedAsDefault` will be removed. Use `Repository.squashMergeCommitTitle`
+      instead.'
+    reason: '`squashPrTitleUsedAsDefault` will be removed.'
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: github/pull_requests
+  - location: Commit.pushedDate
+    description: '`pushedDate` will be removed.'
+    reason: '`pushedDate` is no longer supported.'
+    date: '2023-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: darthwillis
+  - location: ProjectV2ItemFieldGroup.field
+    description:
+      '`field` will be removed. Check out the `ProjectV2ItemFieldGroup#groupByField`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2ItemFieldGroup#field` API is deprecated in favour of the more
+      capable `ProjectV2ItemFieldGroup#groupByField` API.
+    date: '2023-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: stevepopovich
+  - location: AddPullRequestReviewCommentInput.body
+    description:
+      '`body` will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply
+      instead'
+    reason: We are deprecating the addPullRequestReviewComment mutation
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: AddPullRequestReviewCommentInput.commitOID
+    description:
+      '`commitOID` will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply
+      instead'
+    reason: We are deprecating the addPullRequestReviewComment mutation
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: AddPullRequestReviewCommentInput.inReplyTo
+    description:
+      '`inReplyTo` will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply
+      instead'
+    reason: We are deprecating the addPullRequestReviewComment mutation
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: AddPullRequestReviewCommentInput.path
+    description:
+      '`path` will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply
+      instead'
+    reason: We are deprecating the addPullRequestReviewComment mutation
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: AddPullRequestReviewCommentInput.position
+    description:
+      '`position` will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply
+      instead'
+    reason: We are deprecating the addPullRequestReviewComment mutation
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: AddPullRequestReviewCommentInput.pullRequestId
+    description:
+      '`pullRequestId` will be removed. use addPullRequestReviewThread or
+      addPullRequestReviewThreadReply instead'
+    reason: We are deprecating the addPullRequestReviewComment mutation
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: AddPullRequestReviewCommentInput.pullRequestReviewId
+    description:
+      '`pullRequestReviewId` will be removed. use addPullRequestReviewThread
+      or addPullRequestReviewThreadReply instead'
+    reason: We are deprecating the addPullRequestReviewComment mutation
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: AddPullRequestReviewInput.comments
+    description: '`comments` will be removed. use the `threads` argument instead'
+    reason: We are deprecating comment fields that use diff-relative positioning
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: PullRequestReviewComment.originalPosition
+    description: '`originalPosition` will be removed.'
+    reason: We are phasing out diff-relative positioning for PR comments
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: PullRequestReviewComment.position
+    description:
+      '`position` will be removed. Use the `line` and `startLine` fields
+      instead, which are file line numbers instead of diff line numbers'
+    reason: We are phasing out diff-relative positioning for PR comments
+    date: '2023-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: aharpole
+  - location: TopicSuggestionDeclineReason.NOT_RELEVANT
+    description: '`NOT_RELEVANT` will be removed.'
+    reason: Suggested topics are no longer supported
+    date: '2024-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: calvinchilds
+  - location: TopicSuggestionDeclineReason.PERSONAL_PREFERENCE
+    description: '`PERSONAL_PREFERENCE` will be removed.'
+    reason: Suggested topics are no longer supported
+    date: '2024-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: calvinchilds
+  - location: TopicSuggestionDeclineReason.TOO_GENERAL
+    description: '`TOO_GENERAL` will be removed.'
+    reason: Suggested topics are no longer supported
+    date: '2024-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: calvinchilds
+  - location: TopicSuggestionDeclineReason.TOO_SPECIFIC
+    description: '`TOO_SPECIFIC` will be removed.'
+    reason: Suggested topics are no longer supported
+    date: '2024-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: calvinchilds
+  - location: CreateTeamDiscussionCommentInput.body
+    description:
+      '`body` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: CreateTeamDiscussionCommentInput.discussionId
+    description:
+      '`discussionId` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: CreateTeamDiscussionCommentPayload.teamDiscussionComment
+    description:
+      '`teamDiscussionComment` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: CreateTeamDiscussionInput.body
+    description:
+      '`body` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: CreateTeamDiscussionInput.private
+    description:
+      '`private` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: CreateTeamDiscussionInput.teamId
+    description:
+      '`teamId` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: CreateTeamDiscussionInput.title
+    description:
+      '`title` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: CreateTeamDiscussionPayload.teamDiscussion
+    description:
+      '`teamDiscussion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: OrganizationInvitation.inviter
+    description: '`inviter` will be removed. `inviter` will be replaced by `inviterActor`.'
+    reason: '`inviter` will be removed.'
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: jdennes
+  - location: PullRequest.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: JanKoszewski
+  - location: PullRequestReview.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: JanKoszewski
+  - location: PullRequestReviewComment.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: JanKoszewski
+  - location: TeamDiscussion.authorAssociation
+    description:
+      '`authorAssociation` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.bodyVersion
+    description:
+      '`bodyVersion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.comments
+    description:
+      '`comments` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.commentsResourcePath
+    description:
+      '`commentsResourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.commentsUrl
+    description:
+      '`commentsUrl` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.isPinned
+    description:
+      '`isPinned` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.isPrivate
+    description:
+      '`isPrivate` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.number
+    description:
+      '`number` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.resourcePath
+    description:
+      '`resourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.team
+    description:
+      '`team` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.title
+    description:
+      '`title` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.url
+    description:
+      '`url` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussion.viewerCanPin
+    description:
+      '`viewerCanPin` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussionComment.authorAssociation
+    description:
+      '`authorAssociation` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussionComment.bodyVersion
+    description:
+      '`bodyVersion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussionComment.discussion
+    description:
+      '`discussion` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussionComment.number
+    description:
+      '`number` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussionComment.resourcePath
+    description:
+      '`resourcePath` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: TeamDiscussionComment.url
+    description:
+      '`url` will be removed. Follow the guide at https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/
+      to find a suitable replacement.'
+    reason: The Team Discussions feature is deprecated in favor of Organization Discussions.
+    date: '2024-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: deborah-digges
+  - location: Workflow.hasWorkflowDispatchTrigger
+    description:
+      '`hasWorkflowDispatchTrigger` will be removed. Use `has_workflow_dispatch_trigger_for_branch(branch_ref)`
+      instead.'
+    reason:
+      "`has_workflow_dispatch_trigger` is being removed because it can be misleading
+      and only checks a repository's default branch"
+    date: '2024-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: stevepopovich
+  - location: AddMobileDevicePublicKeyPayload.expiresAt
+    description:
+      '`expiresAt` will be removed. Do not rely on this field, it is currently
+      set to a date far in the future if a device key is expirationless'
+    reason: We are deprecating expirations for mobile device keys used in mobile 2FA
+    date: '2025-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: chriskirkland
+  - location: Enterprise.members.hasTwoFactorEnabled
+    description:
+      '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+      instead.'
+    reason: '`has_two_factor_enabled` will be removed.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: authentication
+  - location: EnterpriseOwnerInfo.admins.hasTwoFactorEnabled
+    description:
+      '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+      instead.'
+    reason: '`has_two_factor_enabled` will be removed.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: authentication
+  - location: EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled
+    description:
+      '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security`
+      instead.'
+    reason: '`has_two_factor_enabled` will be removed.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: authentication
+  - location: ProjectV2.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: dewski
+  - location: ProjectV2Item.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: dewski
+  - location: ProjectV2StatusUpdate.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: dewski
+  - location: ProjectV2View.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: dewski
+  - location: ProjectV2Workflow.databaseId
+    description: '`databaseId` will be removed. Use `fullDatabaseId` instead.'
+    reason:
+      '`databaseId` will be removed because it does not support 64-bit signed
+      integer identifiers.'
+    date: '2025-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: dewski
+  - location: SecurityAdvisory.cvss
+    description:
+      '`cvss` will be removed. New `cvss_severities` field will now contain
+      both `cvss_v3` and `cvss_v4` properties.'
+    reason: '`cvss` will be removed.'
+    date: '2025-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: github/advisory-database

src/graphql/data/ghes-3.17/previews.json

@@ -0,0 +1 @@
+[]

src/graphql/data/ghes-3.17/upcoming-changes.json

@@ -0,0 +1,676 @@
+{
+  "2025-10-01": [
+    {
+      "location": "SecurityAdvisory.cvss",
+      "description": "<p><code>cvss</code> will be removed. New <code>cvss_severities</code> field will now contain both <code>cvss_v3</code> and <code>cvss_v4</code> properties.</p>",
+      "reason": "<p><code>cvss</code> will be removed.</p>",
+      "date": "2025-10-01",
+      "criticality": "breaking",
+      "owner": "github/advisory-database"
+    }
+  ],
+  "2025-04-01": [
+    {
+      "location": "ProjectV2Workflow.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "dewski"
+    },
+    {
+      "location": "ProjectV2View.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "dewski"
+    },
+    {
+      "location": "ProjectV2StatusUpdate.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "dewski"
+    },
+    {
+      "location": "ProjectV2Item.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "dewski"
+    },
+    {
+      "location": "ProjectV2.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "dewski"
+    },
+    {
+      "location": "EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled",
+      "description": "<p><code>hasTwoFactorEnabled</code> will be removed. Use <code>two_factor_method_security</code> instead.</p>",
+      "reason": "<p><code>has_two_factor_enabled</code> will be removed.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "authentication"
+    },
+    {
+      "location": "EnterpriseOwnerInfo.admins.hasTwoFactorEnabled",
+      "description": "<p><code>hasTwoFactorEnabled</code> will be removed. Use <code>two_factor_method_security</code> instead.</p>",
+      "reason": "<p><code>has_two_factor_enabled</code> will be removed.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "authentication"
+    },
+    {
+      "location": "Enterprise.members.hasTwoFactorEnabled",
+      "description": "<p><code>hasTwoFactorEnabled</code> will be removed. Use <code>two_factor_method_security</code> instead.</p>",
+      "reason": "<p><code>has_two_factor_enabled</code> will be removed.</p>",
+      "date": "2025-04-01",
+      "criticality": "breaking",
+      "owner": "authentication"
+    }
+  ],
+  "2025-01-01": [
+    {
+      "location": "AddMobileDevicePublicKeyPayload.expiresAt",
+      "description": "<p><code>expiresAt</code> will be removed. Do not rely on this field, it is currently set to a date far in the future if a device key is expirationless</p>",
+      "reason": "<p>We are deprecating expirations for mobile device keys used in mobile 2FA</p>",
+      "date": "2025-01-01",
+      "criticality": "breaking",
+      "owner": "chriskirkland"
+    }
+  ],
+  "2024-10-01": [
+    {
+      "location": "Workflow.hasWorkflowDispatchTrigger",
+      "description": "<p><code>hasWorkflowDispatchTrigger</code> will be removed. Use <code>has_workflow_dispatch_trigger_for_branch(branch_ref)</code> instead.</p>",
+      "reason": "<p><code>has_workflow_dispatch_trigger</code> is being removed because it can be misleading and only checks a repository's default branch</p>",
+      "date": "2024-10-01",
+      "criticality": "breaking",
+      "owner": "stevepopovich"
+    }
+  ],
+  "2024-07-01": [
+    {
+      "location": "TeamDiscussionComment.url",
+      "description": "<p><code>url</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussionComment.resourcePath",
+      "description": "<p><code>resourcePath</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussionComment.number",
+      "description": "<p><code>number</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussionComment.discussion",
+      "description": "<p><code>discussion</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussionComment.bodyVersion",
+      "description": "<p><code>bodyVersion</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussionComment.authorAssociation",
+      "description": "<p><code>authorAssociation</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.viewerCanPin",
+      "description": "<p><code>viewerCanPin</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.url",
+      "description": "<p><code>url</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.title",
+      "description": "<p><code>title</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.team",
+      "description": "<p><code>team</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.resourcePath",
+      "description": "<p><code>resourcePath</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.number",
+      "description": "<p><code>number</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.isPrivate",
+      "description": "<p><code>isPrivate</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.isPinned",
+      "description": "<p><code>isPinned</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.commentsUrl",
+      "description": "<p><code>commentsUrl</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.commentsResourcePath",
+      "description": "<p><code>commentsResourcePath</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.comments",
+      "description": "<p><code>comments</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.bodyVersion",
+      "description": "<p><code>bodyVersion</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "TeamDiscussion.authorAssociation",
+      "description": "<p><code>authorAssociation</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "PullRequestReviewComment.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "JanKoszewski"
+    },
+    {
+      "location": "PullRequestReview.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "JanKoszewski"
+    },
+    {
+      "location": "PullRequest.databaseId",
+      "description": "<p><code>databaseId</code> will be removed. Use <code>fullDatabaseId</code> instead.</p>",
+      "reason": "<p><code>databaseId</code> will be removed because it does not support 64-bit signed integer identifiers.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "JanKoszewski"
+    },
+    {
+      "location": "OrganizationInvitation.inviter",
+      "description": "<p><code>inviter</code> will be removed. <code>inviter</code> will be replaced by <code>inviterActor</code>.</p>",
+      "reason": "<p><code>inviter</code> will be removed.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "jdennes"
+    },
+    {
+      "location": "CreateTeamDiscussionPayload.teamDiscussion",
+      "description": "<p><code>teamDiscussion</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "CreateTeamDiscussionInput.title",
+      "description": "<p><code>title</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "CreateTeamDiscussionInput.teamId",
+      "description": "<p><code>teamId</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "CreateTeamDiscussionInput.private",
+      "description": "<p><code>private</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "CreateTeamDiscussionInput.body",
+      "description": "<p><code>body</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "CreateTeamDiscussionCommentPayload.teamDiscussionComment",
+      "description": "<p><code>teamDiscussionComment</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "CreateTeamDiscussionCommentInput.discussionId",
+      "description": "<p><code>discussionId</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    },
+    {
+      "location": "CreateTeamDiscussionCommentInput.body",
+      "description": "<p><code>body</code> will be removed. Follow the guide at <a href=\"https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/\">https://github.blog/changelog/2023-02-08-sunset-notice-team-discussions/</a> to find a suitable replacement.</p>",
+      "reason": "<p>The Team Discussions feature is deprecated in favor of Organization Discussions.</p>",
+      "date": "2024-07-01",
+      "criticality": "breaking",
+      "owner": "deborah-digges"
+    }
+  ],
+  "2024-04-01": [
+    {
+      "location": "TopicSuggestionDeclineReason.TOO_SPECIFIC",
+      "description": "<p><code>TOO_SPECIFIC</code> will be removed.</p>",
+      "reason": "<p>Suggested topics are no longer supported</p>",
+      "date": "2024-04-01",
+      "criticality": "breaking",
+      "owner": "calvinchilds"
+    },
+    {
+      "location": "TopicSuggestionDeclineReason.TOO_GENERAL",
+      "description": "<p><code>TOO_GENERAL</code> will be removed.</p>",
+      "reason": "<p>Suggested topics are no longer supported</p>",
+      "date": "2024-04-01",
+      "criticality": "breaking",
+      "owner": "calvinchilds"
+    },
+    {
+      "location": "TopicSuggestionDeclineReason.PERSONAL_PREFERENCE",
+      "description": "<p><code>PERSONAL_PREFERENCE</code> will be removed.</p>",
+      "reason": "<p>Suggested topics are no longer supported</p>",
+      "date": "2024-04-01",
+      "criticality": "breaking",
+      "owner": "calvinchilds"
+    },
+    {
+      "location": "TopicSuggestionDeclineReason.NOT_RELEVANT",
+      "description": "<p><code>NOT_RELEVANT</code> will be removed.</p>",
+      "reason": "<p>Suggested topics are no longer supported</p>",
+      "date": "2024-04-01",
+      "criticality": "breaking",
+      "owner": "calvinchilds"
+    }
+  ],
+  "2023-10-01": [
+    {
+      "location": "PullRequestReviewComment.position",
+      "description": "<p><code>position</code> will be removed. Use the <code>line</code> and <code>startLine</code> fields instead, which are file line numbers instead of diff line numbers</p>",
+      "reason": "<p>We are phasing out diff-relative positioning for PR comments</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "PullRequestReviewComment.originalPosition",
+      "description": "<p><code>originalPosition</code> will be removed.</p>",
+      "reason": "<p>We are phasing out diff-relative positioning for PR comments</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewInput.comments",
+      "description": "<p><code>comments</code> will be removed. use the <code>threads</code> argument instead</p>",
+      "reason": "<p>We are deprecating comment fields that use diff-relative positioning</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewCommentInput.pullRequestReviewId",
+      "description": "<p><code>pullRequestReviewId</code> will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply instead</p>",
+      "reason": "<p>We are deprecating the addPullRequestReviewComment mutation</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewCommentInput.pullRequestId",
+      "description": "<p><code>pullRequestId</code> will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply instead</p>",
+      "reason": "<p>We are deprecating the addPullRequestReviewComment mutation</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewCommentInput.position",
+      "description": "<p><code>position</code> will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply instead</p>",
+      "reason": "<p>We are deprecating the addPullRequestReviewComment mutation</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewCommentInput.path",
+      "description": "<p><code>path</code> will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply instead</p>",
+      "reason": "<p>We are deprecating the addPullRequestReviewComment mutation</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewCommentInput.inReplyTo",
+      "description": "<p><code>inReplyTo</code> will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply instead</p>",
+      "reason": "<p>We are deprecating the addPullRequestReviewComment mutation</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewCommentInput.commitOID",
+      "description": "<p><code>commitOID</code> will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply instead</p>",
+      "reason": "<p>We are deprecating the addPullRequestReviewComment mutation</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    },
+    {
+      "location": "AddPullRequestReviewCommentInput.body",
+      "description": "<p><code>body</code> will be removed. use addPullRequestReviewThread or addPullRequestReviewThreadReply instead</p>",
+      "reason": "<p>We are deprecating the addPullRequestReviewComment mutation</p>",
+      "date": "2023-10-01",
+      "criticality": "breaking",
+      "owner": "aharpole"
+    }
+  ],
+  "2023-07-01": [
+    {
+      "location": "ProjectV2ItemFieldGroup.field",
+      "description": "<p><code>field</code> will be removed. Check out the <code>ProjectV2ItemFieldGroup#groupByField</code> API as an example for the more capable alternative.</p>",
+      "reason": "<p>The <code>ProjectV2ItemFieldGroup#field</code> API is deprecated in favour of the more capable <code>ProjectV2ItemFieldGroup#groupByField</code> API.</p>",
+      "date": "2023-07-01",
+      "criticality": "breaking",
+      "owner": "stevepopovich"
+    },
+    {
+      "location": "Commit.pushedDate",
+      "description": "<p><code>pushedDate</code> will be removed.</p>",
+      "reason": "<p><code>pushedDate</code> is no longer supported.</p>",
+      "date": "2023-07-01",
+      "criticality": "breaking",
+      "owner": "darthwillis"
+    }
+  ],
+  "2023-04-01": [
+    {
+      "location": "Repository.squashPrTitleUsedAsDefault",
+      "description": "<p><code>squashPrTitleUsedAsDefault</code> will be removed. Use <code>Repository.squashMergeCommitTitle</code> instead.</p>",
+      "reason": "<p><code>squashPrTitleUsedAsDefault</code> will be removed.</p>",
+      "date": "2023-04-01",
+      "criticality": "breaking",
+      "owner": "github/pull_requests"
+    },
+    {
+      "location": "ProjectV2View.verticalGroupBy",
+      "description": "<p><code>verticalGroupBy</code> will be removed. Check out the <code>ProjectV2View#vertical_group_by_fields</code> API as an example for the more capable alternative.</p>",
+      "reason": "<p>The <code>ProjectV2View#vertical_group_by</code> API is deprecated in favour of the more capable <code>ProjectV2View#vertical_group_by_fields</code> API.</p>",
+      "date": "2023-04-01",
+      "criticality": "breaking",
+      "owner": "traumverloren"
+    },
+    {
+      "location": "ProjectV2View.sortBy",
+      "description": "<p><code>sortBy</code> will be removed. Check out the <code>ProjectV2View#sort_by_fields</code> API as an example for the more capable alternative.</p>",
+      "reason": "<p>The <code>ProjectV2View#sort_by</code> API is deprecated in favour of the more capable <code>ProjectV2View#sort_by_fields</code> API.</p>",
+      "date": "2023-04-01",
+      "criticality": "breaking",
+      "owner": "traumverloren"
+    },
+    {
+      "location": "ProjectV2View.groupBy",
+      "description": "<p><code>groupBy</code> will be removed. Check out the <code>ProjectV2View#group_by_fields</code> API as an example for the more capable alternative.</p>",
+      "reason": "<p>The <code>ProjectV2View#order_by</code> API is deprecated in favour of the more capable <code>ProjectV2View#group_by_field</code> API.</p>",
+      "date": "2023-04-01",
+      "criticality": "breaking",
+      "owner": "alcere"
+    }
+  ],
+  "2023-02-10": [
+    {
+      "location": "PackageType.MAVEN",
+      "description": "<p><code>MAVEN</code> will be removed.</p>",
+      "reason": "<p>MAVEN will be removed from this enum as this type will be migrated to only be used by the Packages REST API.</p>",
+      "date": "2023-02-10",
+      "criticality": "breaking",
+      "owner": "ankitkaushal01"
+    }
+  ],
+  "2023-01-01": [
+    {
+      "location": "ProjectV2View.visibleFields",
+      "description": "<p><code>visibleFields</code> will be removed. Check out the <code>ProjectV2View#fields</code> API as an example for the more capable alternative.</p>",
+      "reason": "<p>The <code>ProjectV2View#visibleFields</code> API is deprecated in favour of the more capable <code>ProjectV2View#fields</code> API.</p>",
+      "date": "2023-01-01",
+      "criticality": "breaking",
+      "owner": "mattruggio"
+    },
+    {
+      "location": "Commit.changedFiles",
+      "description": "<p><code>changedFiles</code> will be removed. Use <code>changedFilesIfAvailable</code> instead.</p>",
+      "reason": "<p><code>changedFiles</code> will be removed.</p>",
+      "date": "2023-01-01",
+      "criticality": "breaking",
+      "owner": "adamshwert"
+    }
+  ],
+  "2022-12-28": [
+    {
+      "location": "PackageType.RUBYGEMS",
+      "description": "<p><code>RUBYGEMS</code> will be removed.</p>",
+      "reason": "<p>RUBYGEMS will be removed from this enum as this type will be migrated to only be used by the Packages REST API.</p>",
+      "date": "2022-12-28",
+      "criticality": "breaking",
+      "owner": "ankitkaushal01"
+    }
+  ],
+  "2022-11-21": [
+    {
+      "location": "PackageType.NUGET",
+      "description": "<p><code>NUGET</code> will be removed.</p>",
+      "reason": "<p>NUGET will be removed from this enum as this type will be migrated to only be used by the Packages REST API.</p>",
+      "date": "2022-11-21",
+      "criticality": "breaking",
+      "owner": "s-anupam"
+    },
+    {
+      "location": "PackageType.NPM",
+      "description": "<p><code>NPM</code> will be removed.</p>",
+      "reason": "<p>NPM will be removed from this enum as this type will be migrated to only be used by the Packages REST API.</p>",
+      "date": "2022-11-21",
+      "criticality": "breaking",
+      "owner": "s-anupam"
+    }
+  ],
+  "2022-10-01": [
+    {
+      "location": "RemovePullRequestFromMergeQueueInput.branch",
+      "description": "<p><code>branch</code> will be removed.</p>",
+      "reason": "<p>PRs are removed from the merge queue for the base branch, the <code>branch</code> argument is now a no-op</p>",
+      "date": "2022-10-01",
+      "criticality": "breaking",
+      "owner": "jhunschejones"
+    },
+    {
+      "location": "DependencyGraphDependency.packageLabel",
+      "description": "<p><code>packageLabel</code> will be removed. Use normalized <code>packageName</code> field instead.</p>",
+      "reason": "<p><code>packageLabel</code> will be removed.</p>",
+      "date": "2022-10-01",
+      "criticality": "breaking",
+      "owner": "github/dependency_graph"
+    }
+  ],
+  "2022-07-01": [
+    {
+      "location": "AddPullRequestToMergeQueueInput.branch",
+      "description": "<p><code>branch</code> will be removed.</p>",
+      "reason": "<p>PRs are added to the merge queue for the base branch, the <code>branch</code> argument is now a no-op</p>",
+      "date": "2022-07-01",
+      "criticality": "breaking",
+      "owner": "jhunschejones"
+    }
+  ],
+  "2021-10-01": [
+    {
+      "location": "ReactionGroup.users",
+      "description": "<p><code>users</code> will be removed. Use the <code>reactors</code> field instead.</p>",
+      "reason": "<p>Reactors can now be mannequins, bots, and organizations.</p>",
+      "date": "2021-10-01",
+      "criticality": "breaking",
+      "owner": "synthead"
+    }
+  ],
+  "2021-06-21": [
+    {
+      "location": "PackageType.DOCKER",
+      "description": "<p><code>DOCKER</code> will be removed.</p>",
+      "reason": "<p>DOCKER will be removed from this enum as this type will be migrated to only be used by the Packages REST API.</p>",
+      "date": "2021-06-21",
+      "criticality": "breaking",
+      "owner": "reybard"
+    }
+  ],
+  "2021-01-01": [
+    {
+      "location": "MergeStateStatus.DRAFT",
+      "description": "<p><code>DRAFT</code> will be removed. Use PullRequest.isDraft instead.</p>",
+      "reason": "<p>DRAFT state will be removed from this enum and <code>isDraft</code> should be used instead</p>",
+      "date": "2021-01-01",
+      "criticality": "breaking",
+      "owner": "nplasterer"
+    }
+  ],
+  "2020-10-01": [
+    {
+      "location": "PullRequest.timeline",
+      "description": "<p><code>timeline</code> will be removed. Use PullRequest.timelineItems instead.</p>",
+      "reason": "<p><code>timeline</code> will be removed</p>",
+      "date": "2020-10-01",
+      "criticality": "breaking",
+      "owner": "mikesea"
+    },
+    {
+      "location": "Issue.timeline",
+      "description": "<p><code>timeline</code> will be removed. Use Issue.timelineItems instead.</p>",
+      "reason": "<p><code>timeline</code> will be removed</p>",
+      "date": "2020-10-01",
+      "criticality": "breaking",
+      "owner": "mikesea"
+    }
+  ],
+  "2020-01-01": [
+    {
+      "location": "UnassignedEvent.user",
+      "description": "<p><code>user</code> will be removed. Use the <code>assignee</code> field instead.</p>",
+      "reason": "<p>Assignees can now be mannequins.</p>",
+      "date": "2020-01-01",
+      "criticality": "breaking",
+      "owner": "tambling"
+    },
+    {
+      "location": "AssignedEvent.user",
+      "description": "<p><code>user</code> will be removed. Use the <code>assignee</code> field instead.</p>",
+      "reason": "<p>Assignees can now be mannequins.</p>",
+      "date": "2020-01-01",
+      "criticality": "breaking",
+      "owner": "tambling"
+    }
+  ],
+  "2019-04-01": [
+    {
+      "location": "LegacyMigration.uploadUrlTemplate",
+      "description": "<p><code>uploadUrlTemplate</code> will be removed. Use <code>uploadUrl</code> instead.</p>",
+      "reason": "<p><code>uploadUrlTemplate</code> is being removed because it is not a standard URL and adds an extra user step.</p>",
+      "date": "2019-04-01",
+      "criticality": "breaking",
+      "owner": "tambling"
+    }
+  ]
+}

src/rest/lib/config.json

@@ -17,6 +17,9 @@
     ],
     "ghes-3.16": [
       "2022-11-28"
+    ],
+    "ghes-3.17": [
+      "2022-11-28"
     ]
   },
   "versionMapping": {

src/versions/lib/enterprise-server-releases.js

@@ -9,13 +9,13 @@ export const dates = JSON.parse(await fs.readFile('src/ghes-releases/lib/enterpr
 // enterprise-releases/docs/supported-versions.md#release-lifecycle-dates
 
 // Some frontmatter may contain the upcoming GHES release number
-export const next = '3.17'
-export const nextNext = '3.18'
+export const next = '3.18'
+export const nextNext = '3.19'
 
-export const supported = ['3.16', '3.15', '3.14', '3.13']
+export const supported = ['3.17', '3.16', '3.15', '3.14', '3.13']
 
 // Edit this to `null` when it's no longer the release candidate
-export const releaseCandidate = null
+export const releaseCandidate = '3.17'
 
 // Ensure that:
 // "next" is ahead of "latest" by one minor or major release.