From d2ae09859e0621af8d5e56ebd098664b87004580 Mon Sep 17 00:00:00 2001
From: Nikola Jokic <97525037+nikola-jokic@users.noreply.github.com>
Date: Wed, 6 Apr 2022 20:08:32 +0200
Subject: [PATCH 1/3] Fixing explanation related to the --disableupdate
 (#16802)

---
 .../autoscaling-with-self-hosted-runners.md                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md b/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md
index 6e20859156..6bc28e5c75 100644
--- a/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md
+++ b/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md
@@ -58,10 +58,10 @@ The {% data variables.product.prodname_actions %} service will then automaticall
 
 By default, self-hosted runners will automatically perform a software update whenever a new version of the runner software is available.  If you use ephemeral runners in containers then this can lead to repeated software updates when a new runner version is released.  Turning off automatic updates allows you to update the runner version on the container image directly on your own schedule.
 
-If you want to turn off automatic software updates and install software updates yourself, you can specify the `--disableupdate` parameter when starting the runner.  For example:
+To turn off automatic software updates and install software updates yourself, specify the `--disableupdate` flag when registering your runner using `config.sh`. For example:
 
 ```shell
-./run.sh --disableupdate
+./config.sh --url <em>https://github.com/octo-org</em> --token <em>example-token</em> --disableupdate
 ```
 
 If you disable automatic updates, you must still update your runner version regularly.  New functionality in {% data variables.product.prodname_actions %} requires changes in both the {% data variables.product.prodname_actions %} service _and_ the runner software.  The runner may not be able to correctly process jobs that take advantage of new features in {% data variables.product.prodname_actions %} without a software update.

From 158111374f70456fc732432b64be1b24f15628e9 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Wed, 6 Apr 2022 14:17:47 -0400
Subject: [PATCH 2/3] Warn re:status for official octokit libraries (#16718)

---
 content/rest/overview/libraries.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/content/rest/overview/libraries.md b/content/rest/overview/libraries.md
index 0128487f72..0dec46d608 100644
--- a/content/rest/overview/libraries.md
+++ b/content/rest/overview/libraries.md
@@ -18,12 +18,18 @@ topics:
   <h1>Octokit comes in many flavors</h1>
   <p class="lead">Use the official Octokit library, or choose between any of the available third party libraries.</p>
   <div class="octokit-links"><br/>
-     <div class="octokit-language"> <span>Ruby → </span><a href="https://github.com/octokit/octokit.rb">octokit.rb</a></div><br/>
+     <div class="octokit-language"><span>Ruby → </span><a href="https://github.com/octokit/octokit.rb">octokit.rb</a></div><br/>
      <div class="octokit-language"><span>.NET → </span> <a href="https://github.com/octokit/octokit.net">octokit.net</a></div><br/>
      <div class="octokit-language"><span>JavaScript → </span> <a href="https://github.com/octokit/octokit.js">octokit/octokit.js</a></div><br/>
   </div>
 </div>
 
+{% warning %}
+
+Warning: As of late October 2021, the offical Octokit libraries are not currently maintained.
+
+{% endwarning %}
+
 # Third-party libraries
 
 ### Clojure

From b588d2ec140fbadce295684c8d2353fc0aadb483 Mon Sep 17 00:00:00 2001
From: Mounil Shah <47925568+mounilKshah@users.noreply.github.com>
Date: Thu, 7 Apr 2022 00:36:47 +0530
Subject: [PATCH 3/3] Add warning for write level rights with regards to repo
 secrets (#15553)

---
 .../security-hardening-for-github-actions.md                | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/content/actions/security-guides/security-hardening-for-github-actions.md b/content/actions/security-guides/security-hardening-for-github-actions.md
index 63f865b05d..efbb783477 100644
--- a/content/actions/security-guides/security-hardening-for-github-actions.md
+++ b/content/actions/security-guides/security-hardening-for-github-actions.md
@@ -48,6 +48,12 @@ To help prevent accidental disclosure, {% data variables.product.product_name %}
 - **Consider requiring review for access to secrets**
     - You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[Encrypted secrets](/actions/reference/encrypted-secrets)" and "[Using environments for deployment](/actions/deployment/using-environments-for-deployment)."
 
+{% warning %}
+
+**Warning**: Any user with write access to your repository has read access to all secrets configured in your repository. Therefore, you should ensure that the credentials being used within workflows have the least privileges required.
+
+{% endwarning %}
+
 ## Using `CODEOWNERS` to monitor changes
 
 You can use the `CODEOWNERS` feature to control how changes are made to your workflow files. For example, if all your workflow files are stored in `.github/workflows`, you can add this directory to the code owners list, so that any proposed changes to these files will first require approval from a designated reviewer.