jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Remove deprecated content (#54476)

Browse Source
This commit is contained in:
Rachael Sewell
2025-02-19 16:12:45 -08:00
committed by GitHub
parent ec51e3b5f7
commit 899bb2074f
91 changed files with 127 additions and 336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings.md
View File

@@ -16,9 +16,7 @@ type: how_to
To create an experience on {% data variables.product.github %} that fits your needs, you can customize the user interface. Accessibility settings can be essential for people with disabilities, but can be useful to anyone. For example, customization of keyboard shortcuts is essential to people who navigate using voice control, but can be useful to anyone when a keyboard shortcut for {% data variables.product.github %} clashes with another application shortcut.
You can decide whether you want to use some or all keyboard shortcuts, and control the display of animated images{% ifversion link-underlines %} and how links are displayed{% endif %}.
{% ifversion link-underlines %}
You can decide whether you want to use some or all keyboard shortcuts, and control the display of animated images and how links are displayed.
## Managing the appearance of links
@@ -32,8 +30,6 @@ You can control whether links in text blocks are underlined and therefore more d
* To disable underlines on links in text blocks, under "Link underlines", select **Hide link underlines**.
* To disable hovercards for previewing link content, deselect **Hovercards**.
{% endif %}
## Managing keyboard shortcuts
You can perform actions across the {% data variables.product.github %} website by using your keyboard alone. Keyboard shortcuts can be useful to save time, but can be activated accidentally or interfere with assistive technology.

7
content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md
View File

@@ -51,7 +51,7 @@ Third-party systems can be observability systems, change management systems, cod
Use required reviewers to require a specific person or team to approve workflow jobs that reference the environment. You can list up to six users or teams as reviewers. The reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
{% ifversion deployments-prevent-self-approval %}You also have the option to prevent self-reviews for deployments to protected environments. If you enable this setting, users who initiate a deployment cannot approve the deployment job, even if they are a required reviewer. This ensures that deployments to protected environments are always reviewed by more than one person.{% endif %}
You also have the option to prevent self-reviews for deployments to protected environments. If you enable this setting, users who initiate a deployment cannot approve the deployment job, even if they are a required reviewer. This ensures that deployments to protected environments are always reviewed by more than one person.
For more information on reviewing jobs that reference an environment with required reviewers, see [AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments).
@@ -82,12 +82,11 @@ Use deployment branches{% ifversion deployment-protections-tag-patterns %} and t
{%- else %}
* **All branches:** All branches in the repository can deploy to the environment.
{%- endif %}
* **Protected branches{% ifversion deployment-protections-tag-patterns %} only{% endif %}:** Only branches with branch protection rules enabled can deploy to the environment. If no branch protection rules are defined for any branch in the repository, then all branches can deploy. For more information about branch protection rules, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).{% ifversion actions-protected-branches-restrictions %}
* **Protected branches{% ifversion deployment-protections-tag-patterns %} only{% endif %}:** Only branches with branch protection rules enabled can deploy to the environment. If no branch protection rules are defined for any branch in the repository, then all branches can deploy. For more information about branch protection rules, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
> [!NOTE]
> Deployment workflow runs triggered by tags with the same name as a protected branch and forks with branches that match the protected branch name cannot deploy to the environment.
{% endif %}
* **Selected branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}:** Only branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} that match your specified name patterns can deploy to the environment.
If you specify `releases/*` as a deployment branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} rule, only a branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} whose name begins with `releases/` can deploy to the environment. (Wildcard characters will not match `/`. To match branches{% ifversion deployment-protections-tag-patterns %} or tags{% endif %} that begin with `release/` and contain an additional single slash, use `release/*/*`.) If you add `main` as a branch rule, a branch named `main` can also deploy to the environment. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch).
@@ -180,7 +179,7 @@ Variables stored in an environment are only available to workflow jobs that refe
1. Optionally, specify people or teams that must approve workflow jobs that use this environment. For more information, see [Required reviewers](#required-reviewers).
1. Select **Required reviewers**.
1. Enter up to 6 people or teams. Only one of the required reviewers needs to approve the job for it to proceed.
{% ifversion deployments-prevent-self-approval %}1. Optionally, to prevent users from approving workflows runs that they triggered, select **Prevent self-review**.{% endif %}
1. Optionally, to prevent users from approving workflows runs that they triggered, select **Prevent self-review**.
1. Click **Save protection rules**.
1. Optionally, specify the amount of time to wait before allowing workflow jobs that use this environment to proceed. For more information, see [Wait timer](#wait-timer).
1. Select **Wait timer**.

4
content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md
View File

@@ -27,13 +27,9 @@ For more information about environments and required approvals, see [AUTOTITLE](
* To approve the job, click **Approve and deploy**. Once a job is approved (and any other deployment protection rules have passed), the job will proceed. At this point, the job can access any secrets stored in the environment.
* To reject the job, click **Reject**. If a job is rejected, the workflow will fail.
{% ifversion deployments-prevent-self-approval %}
> [!NOTE]
> If the targeted environment is configured to prevent self-approvals for deployments, you will not be able to approve a deployment from a workflow run you initiated. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#required-reviewers).
{% endif %}
## Bypassing deployment protection rules
If you have configured deployment protection rules that control whether software can be deployed to an environment, you can bypass these rules and force all pending jobs referencing the environment to proceed.

15
content/actions/managing-workflow-runs-and-deployments/managing-deployments/viewing-deployment-history.md
View File

@@ -13,7 +13,6 @@ redirect_from:
- /actions/deployment/viewing-deployment-history
- /actions/deployment/managing-your-deployments/viewing-deployment-history
---
{% ifversion actions-deployment-history-beta %}
## About deployment history
@@ -49,17 +48,3 @@ By default, the deployments page shows currently active deployments from select
1. Depending on the qualifier you chose, fill out information in the "Operator" and "Value" columns.
1. Optionally, click **{% octicon "plus" aria-hidden="true" %} Add a filter** to add another filter.
1. Click **Apply**.{% endif %}
{% else %}
{% data reusables.actions.about-deployment-with-github-actions %}
To view current and past deployments, click **Environments** in the sidebar of the home page of your repository.
The deployments page displays the last active deployment of each environment for your repository. If the deployment includes an environment URL, a **View deployment** button that links to the URL is shown next to the deployment.
The activity log shows the deployment history for your environments. By default, only the most recent deployment for an environment has an `Active` status; all previously active deployments have an `Inactive` status. For more information on automatic inactivation of deployments, see [AUTOTITLE](/rest/deployments#inactive-deployments).
You can also use the REST API to get information about deployments. For more information, see [AUTOTITLE](/rest/repos#deployments).
{% endif %}

4
content/actions/sharing-automations/creating-actions/creating-a-javascript-action.md
View File

@@ -36,7 +36,7 @@ Once you complete this project, you should understand how to build your own Java
Before you begin, you'll need to download Node.js and create a public {% data variables.product.prodname_dotcom %} repository.
1. Download and install Node.js {% ifversion actions-node20-support %}20.x{% else %}16.x{% endif %}, which includes npm.
1. Download and install Node.js 20.x, which includes npm.
https://nodejs.org/en/download/
1. Create a new public repository on {% data variables.product.github %} and call it "hello-world-javascript-action". For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository).
@@ -71,7 +71,7 @@ outputs:
time: # id of output
description: 'The time we greeted you'
runs:
using: {% ifversion actions-node20-support %}'node20'{% else %}'node16'{% endif %}
using: 'node20'
main: 'index.js'
```

10
content/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md
View File

@@ -150,11 +150,11 @@ For more information on how to use context syntax, see [AUTOTITLE](/actions/lear
**Required** Configures the path to the action's code and the runtime used to execute the code.
### Example: Using Node.js {% ifversion actions-node20-support %}v20{% else %}v16{% endif %}
### Example: Using Node.js v20
```yaml
runs:
using: {% ifversion actions-node20-support %}'node20'{% else %}'node16'{% endif %}
using: 'node20'
main: 'main.js'
```
@@ -162,7 +162,7 @@ runs:
**Required** The runtime used to execute the code specified in [`main`](#runsmain).
* Use {% ifversion actions-node20-support %}`node20` for Node.js v20{% else %}`node16` for Node.js v16{% endif %}.
* Use `node20` for Node.js v20.
### `runs.main`
@@ -176,7 +176,7 @@ In this example, the `pre:` action runs a script called `setup.js`:
```yaml
runs:
using: {% ifversion actions-node20-support %}'node20'{% else %}'node16'{% endif %}
using: 'node20'
pre: 'setup.js'
main: 'index.js'
post: 'cleanup.js'
@@ -203,7 +203,7 @@ In this example, the `post:` action runs a script called `cleanup.js`:
```yaml
runs:
using: {% ifversion actions-node20-support %}'node20'{% else %}'node16'{% endif %}
using: 'node20'
main: 'index.js'
post: 'cleanup.js'
```

20
content/actions/use-cases-and-examples/building-and-testing/building-and-testing-nodejs.md
View File

@@ -137,7 +137,7 @@ jobs:
- name: Use Node.js
uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'18.x'{% endif %}
node-version: '20.x'
- run: npm ci
- run: npm run build --if-present
- run: npm test
@@ -162,7 +162,7 @@ steps:
- name: Use Node.js
uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'18.x'{% endif %}
node-version: '20.x'
- name: Install dependencies
run: npm ci
```
@@ -175,7 +175,7 @@ steps:
- name: Use Node.js
uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'18.x'{% endif %}
node-version: '20.x'
- name: Install dependencies
run: npm install
```
@@ -190,7 +190,7 @@ steps:
- name: Use Node.js
uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'18.x'{% endif %}
node-version: '20.x'
- name: Install dependencies
run: yarn --frozen-lockfile
```
@@ -203,7 +203,7 @@ steps:
- name: Use Node.js
uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'18.x'{% endif %}
node-version: '20.x'
- name: Install dependencies
run: yarn
```
@@ -225,7 +225,7 @@ steps:
uses: {% data reusables.actions.action-setup-node %}
with:
always-auth: true
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'18.x'{% endif %}
node-version: '20.x'
registry-url: https://registry.npmjs.org
scope: '@octocat'
- name: Install dependencies
@@ -253,7 +253,7 @@ steps:
- uses: {% data reusables.actions.action-checkout %}
- uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20'{% else %}'18'{% endif %}
node-version: '20'
cache: 'npm'
- run: npm install
- run: npm test
@@ -266,7 +266,7 @@ steps:
- uses: {% data reusables.actions.action-checkout %}
- uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20'{% else %}'18'{% endif %}
node-version: '20'
cache: 'yarn'
- run: yarn
- run: yarn test
@@ -286,7 +286,7 @@ steps:
version: 6.10.0
- uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20'{% else %}'18'{% endif %}
node-version: '20'
cache: 'pnpm'
- run: pnpm install
- run: pnpm test
@@ -304,7 +304,7 @@ steps:
- name: Use Node.js
uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'18.x'{% endif %}
node-version: '20.x'
- run: npm install
- run: npm run build --if-present
- run: npm test

6
content/actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages.md
View File

@@ -78,7 +78,7 @@ jobs:
# Setup .npmrc file to publish to npm
- uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'16.x'{% endif %}
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
- run: npm ci
- run: npm publish {% ifversion artifact-attestations %}--provenance --access public{% endif %}
@@ -141,7 +141,7 @@ jobs:
# Setup .npmrc file to publish to GitHub Packages
- uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'16.x'{% endif %}
node-version: '20.x'
registry-url: 'https://npm.pkg.github.com'
# Defaults to the user or organization that owns the workflow file
scope: '@octocat'
@@ -176,7 +176,7 @@ jobs:
# Setup .npmrc file to publish to npm
- uses: {% data reusables.actions.action-setup-node %}
with:
node-version: {% ifversion actions-node20-support %}'20.x'{% else %}'16.x'{% endif %}
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
# Defaults to the user or organization that owns the workflow file
scope: '@octocat'

2
content/actions/writing-workflows/choosing-what-your-workflow-does/control-the-concurrency-of-workflows-and-jobs.md
View File

@@ -4,7 +4,7 @@ shortTitle: Concurrency
intro: Run a single job at a time.
versions:
fpt: '*'
ghes: '> 3.1'
ghes: '*'
ghec: '*'
redirect_from:
- /actions/using-jobs/using-concurrency

8
content/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token.md
View File

@@ -4,14 +4,12 @@ shortTitle: Permissions for `GITHUB_TOKEN`
intro: Modify the default permissions granted to `GITHUB_TOKEN`.
versions:
fpt: '*'
ghes: '> 3.1'
ghes: '*'
ghec: '*'
redirect_from:
- /actions/using-jobs/assigning-permissions-to-jobs
- >-
/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs
- >-
/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github-token
- /actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs
- /actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github-token
---
{% data reusables.actions.enterprise-github-hosted-runners %}

2
content/actions/writing-workflows/choosing-what-your-workflow-does/using-environments-for-deployment.md
View File

@@ -4,7 +4,7 @@ shortTitle: Environments
intro: Specify a deployment environment in your workflow.
versions:
fpt: '*'
ghes: '> 3.0'
ghes: '*'
ghec: '*'
redirect_from:
- /actions/using-jobs/using-environments-for-jobs

4
content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md
View File

@@ -649,13 +649,9 @@ You can make an environment variable available to any subsequent steps in a work
{% data reusables.actions.environment-variables-are-fixed %} For more information about the default environment variables, see [AUTOTITLE](/actions/learn-github-actions/environment-variables#default-environment-variables).
{% ifversion github-env-node-options %}
> [!NOTE]
> Due to security restrictions, `GITHUB_ENV` cannot be used to set the `NODE_OPTIONS` environment variable.
{% endif %}
### Example of writing an environment variable to `GITHUB_ENV`
{% bash %}

2
content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md
View File

@@ -543,7 +543,6 @@ This utility returns webhook delivery logs for administrators to review and iden
ghe-webhook-logs
```
{% ifversion ghes > 3.10 %}
To show all hook deliveries filtered by a given event:
```shell
@@ -554,7 +553,6 @@ To show all hook deliveries filtered by a given event and action:
```shell
ghe-webhook-logs --event issues.opened
{% endif %}
To show all failed hook deliveries in the past day:
```shell

4
content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md
View File

@@ -2,12 +2,12 @@
title: Configuring host keys for your instance
shortTitle: Configure host keys
intro: 'You can increase the security of {% data variables.location.product_location %} by configuring the algorithms that your instance uses to generate and advertise host keys for incoming SSH connections.'
permissions: 'Site administrators'
permissions: Site administrators
redirect_from:
- /admin/configuration/configuring-your-enterprise/configuring-host-keys-for-your-instance
- /admin/configuration/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance
versions:
ghes: '>= 3.6'
ghes: '*'
type: how_to
topics:
- Authentication

4
content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance.md
View File

@@ -2,12 +2,12 @@
title: Configuring SSH connections to your instance
shortTitle: Configure SSH connections
intro: 'You can increase the security of {% data variables.location.product_location %} by configuring the SSH algorithms that clients can use to establish a connection.'
permissions: 'Site administrators'
permissions: Site administrators
redirect_from:
- /admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance
- /admin/configuration/hardening-security-for-your-enterprise/configuring-ssh-connections-to-your-instance
versions:
ghes: '>= 3.6'
ghes: '*'
type: how_to
topics:
- Authentication

2
content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates.md
View File

@@ -6,7 +6,7 @@ redirect_from:
- /admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates
allowTitleToDifferFromFilename: true
versions:
ghes: '> 3.2'
ghes: '*'
topics:
- Enterprise
- Security

4
content/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md
View File

@@ -2,9 +2,9 @@
title: Enabling encrypted assertions
shortTitle: Enable encrypted assertions
intro: 'You can improve {% data variables.location.product_location %}''s security with SAML single sign-on (SSO) by encrypting the messages that your SAML identity provider (IdP) sends.'
permissions: 'Site administrators'
permissions: Site administrators
versions:
ghes: '> 3.3'
ghes: '*'
type: how_to
topics:
- Accounts

6
content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
View File

@@ -337,14 +337,10 @@ On Linux and macOS, the `autobuild` step reviews the files present in the reposi
#### Runner requirements for C/C++
{% ifversion codeql-cpp-autoinstall-dependencies %}
On Ubuntu Linux runners, `autobuild` may try to automatically install dependencies required by the detected configuration and build steps. By default, this behavior is enabled on {% data variables.product.prodname_dotcom %}-hosted runners and disabled on self-hosted runners. You can enable or disable this feature explicitly by setting `CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES` to `true` or `false` in the environment. For more information about defining environment variables, see [AUTOTITLE](/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow).
{% endif %}
For self-hosted runners{% ifversion codeql-cpp-autoinstall-dependencies %}, unless automatic installation of dependencies is enabled{% endif %}, you will likely need to install the `gcc` compiler, and specific projects may also require access to `clang` or `msvc` executables. You will also need to install the build system (for example `msbuild`, `make`, `cmake`, `bazel`) and utilities (such as `python`, `perl`, `lex`, and `yacc`) that your projects depend on.
{%- ifversion codeql-cpp-autoinstall-dependencies %}
For self-hosted runners, unless automatic installation of dependencies is enabled, you will likely need to install the `gcc` compiler, and specific projects may also require access to `clang` or `msvc` executables. You will also need to install the build system (for example `msbuild`, `make`, `cmake`, `bazel`) and utilities (such as `python`, `perl`, `lex`, and `yacc`) that your projects depend on.
If you enable automatic installation of dependencies, you must ensure that the runner is using Ubuntu and that it can run `sudo apt-get` without requiring a password.
{%- endif %}
Windows runners require `powershell.exe` to be on the `PATH`.

4
content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
View File

@@ -249,8 +249,6 @@ The `category` value will appear as the `<run>.automationDetails.id` property in
Your specified category will not overwrite the details of the `runAutomationDetails` object in the SARIF file, if included.
{% ifversion codeql-model-packs %}
## Extending {% data variables.product.prodname_codeql %} coverage with {% data variables.product.prodname_codeql %} model packs
If your codebase depends on a library or framework that is not recognized by the standard queries in {% data variables.product.prodname_codeql %}, you can extend the {% data variables.product.prodname_codeql %} coverage in your {% data variables.product.prodname_code_scanning %} workflow by specifying published {% data variables.product.prodname_codeql %} model packs. For more information about creating your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack).
@@ -275,8 +273,6 @@ To add one or more published {% data variables.product.prodname_codeql %} model
In this example, the default queries will be run for Java, as well as the queries from a version greater than or equal to `7.8.9` and less than `7.9.0` of the query pack `my-company/my-java-queries`. The dependencies modeled in the latest version of the model pack `my-repo/my-java-model-pack` will be available to both the default queries and those in `my-company/my-java-queries`.
{% endif %}
## Running additional queries
{% data reusables.code-scanning.run-additional-queries %}

12
content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
View File

@@ -24,8 +24,8 @@ With default setup for {% data variables.product.prodname_code_scanning %}, you
You can enable {% data variables.product.prodname_code_scanning %} for all repositories in your organization that are eligible for default setup. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in repositories in the organization will be scanned:
* On each push to the repository's default branch, or any protected branch. For more information on protected branches, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.{% ifversion default-setup-scan-on-schedule %}
* On a weekly schedule.{% endif %}
* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.
* On a weekly schedule.
For more information, see [Configuring default setup for all eligible repositories in an organization](#configuring-default-setup-for-all-eligible-repositories-in-an-organization).
@@ -42,8 +42,6 @@ For repositories that are not eligible for default setup, you can configure adva
### Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale
{% data reusables.code-scanning.beta-org-enable-all %}
A repository must meet all the following criteria to be eligible for default setup, otherwise you need to use advanced setup.
* {% ifversion fpt %}{% data variables.product.prodname_code_scanning_caps %}{% else %}Advanced setup for {% data variables.product.prodname_code_scanning %}{% endif %} is not already enabled.
@@ -63,14 +61,10 @@ A repository must meet all the following criteria to be eligible for default set
{% endif %}
{% ifversion code-scanning-default-setup-automatic-311 %}
### About adding languages to an existing default setup configuration
If the code in a repository changes to include {% ifversion code-scanning-default-setup-recommended-languages %}Go, JavaScript/TypeScript, Python, or Ruby,{% else %}a {% data variables.product.prodname_codeql %}-supported language,{% endif %} {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so the repository does not lose {% data variables.product.prodname_code_scanning %} coverage.
{% endif %}
{% ifversion org-private-registry %}
### Providing default setup access to private registries
@@ -85,8 +79,6 @@ When a repository uses code stored in a private registry, default setup needs ac
{% else %}
Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see [Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup).
{% data reusables.code-scanning.beta-org-enable-all %}
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}

2
content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
View File

@@ -23,7 +23,7 @@ With {% data variables.product.prodname_codeql %} {% data variables.product.prod
* `default` query suite.
* `security-extended` query suite. This suite is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
Currently, both the `default` query suite and the `security-extended` query suite are available for default setup for {% data variables.product.prodname_code_scanning %}. {% ifversion bulk-code-scanning-query-suite %}Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). For more information on configuring default setup at scale and recommending a query suite, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).{% else %}For more information on default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).{% endif %}
Currently, both the `default` query suite and the `security-extended` query suite are available for default setup for {% data variables.product.prodname_code_scanning %}. Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). For more information on configuring default setup at scale and recommending a query suite, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
To use a custom query suite, you must configure advanced setup for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. For more information on advanced setups and creating a query suite, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql) and [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites).

7
content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
View File

@@ -21,12 +21,8 @@ After running an initial analysis of your code with default setup, you may need
* The threat models ({% data variables.release-phases.public_preview %}) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the {% data variables.release-phases.public_preview %}, threat models are supported only for analysis of {% data variables.code-scanning.code_scanning_threat_model_support %}. For more information about threat models, see [Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup).
{% endif %}
{% ifversion codeql-model-packs %}
If your codebase depends on a library or framework that is not recognized by the standard libraries included with {% data variables.product.prodname_codeql %}, you can also extend the {% data variables.product.prodname_codeql %} coverage in default setup using {% data variables.product.prodname_codeql %} model packs. For more information, see [Extending CodeQL coverage with CodeQL model packs in default setup](#extending-codeql-coverage-with-codeql-model-packs-in-default-setup).
{% endif %}
If you need to change any other aspects of your {% data variables.product.prodname_code_scanning %} configuration, consider configuring advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning).
## Customizing your existing configuration of default setup
@@ -83,8 +79,6 @@ You can edit the threat model used in a default setup configuration. For more in
{% endif %}
{% ifversion codeql-model-packs %}
## Extending {% data variables.product.prodname_codeql %} coverage with {% data variables.product.prodname_codeql %} model packs in default setup
{% data reusables.code-scanning.beta-model-packs %}
@@ -124,4 +118,3 @@ For more information about {% data variables.product.prodname_codeql %} model pa
1. The model packs will be automatically detected and used when {% data variables.product.prodname_code_scanning %} runs on any repository in the organization with default setup enabled.
{% endif %}
{% endif %}

12
content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md
View File

@@ -22,16 +22,14 @@ redirect_from:
{% data variables.product.prodname_codeql %} packs are used to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. {% data variables.product.prodname_codeql %} packs contain queries, library files, query suites, and metadata. You can customize your {% data variables.product.prodname_codeql %} analysis by downloading packs created by others and running them on your codebase.
There are{% ifversion codeql-model-packs %} three{% else %} two{% endif %} types of {% data variables.product.prodname_codeql %} packs: {% ifversion codeql-model-packs %}query packs, library packs, and model packs{% else %} query packs and library packs{% endif %}.
There are three types of {% data variables.product.prodname_codeql %} packs: query packs, library packs, and model packs.
* Query packs contain a set of pre-compiled queries that can be evaluated on a {% data variables.product.prodname_codeql %} database. Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack.
* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately.{% ifversion codeql-model-packs %}
* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately.
* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. During the {% data variables.release-phases.public_preview %}, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
{% endif %}
The standard {% data variables.product.prodname_codeql %} packs for all supported languages are published in the [{% data variables.product.prodname_container_registry %}](https://github.com/orgs/codeql/packages). If you installed the {% data variables.product.prodname_codeql_cli %} in the standard way, using the {% data variables.product.prodname_codeql_cli %} bundle, the core query packs are already downloaded and available to you. They are:
* `codeql/cpp-queries`
@@ -49,7 +47,7 @@ You can publish {% data variables.product.prodname_codeql %} packs that you have
## Downloading and using {% data variables.product.prodname_codeql %} query packs
The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries{% ifversion codeql-model-packs %}, while model packs ({% data variables.release-phases.public_preview %}) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default{% endif %}. For more information about query packs, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries). {% ifversion codeql-model-packs %} For information about writing your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack).{% endif %}
The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries, while model packs ({% data variables.release-phases.public_preview %}) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. For more information about query packs, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries). For information about writing your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack).
Before you can use a {% data variables.product.prodname_codeql %} query pack to analyze a database, you must download any packages you require from the {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %}. This can be done either by using the `--download` flag as part of the `codeql database analyze` command, or running `codeql pack download`. If a package is not publicly available, you will need to use a {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} to authenticate. For more information and an example, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github#uploading-results-to-github).
@@ -154,8 +152,6 @@ pack.
>
> You can see the sources for these query suites in the [{% data variables.product.prodname_codeql %} repository](https://github.com/github/codeql/tree/main/cpp/ql/src/codeql-suites). Query suites for other languages are similar.
{% ifversion codeql-model-packs %}
## Using model packs to analyze calls to custom dependencies
You can include published model packs in a {% data variables.product.prodname_code_scanning %} analysis with the `--model-packs` option. For example:
@@ -172,8 +168,6 @@ You can specify multiple published model packs in an analysis.
For more information about writing your own model packs, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack).
{% endif %}
### About published packs
When a pack is published for use in analyses, the `codeql pack create` or `codeql pack publish` command verifies that the content is complete and also adds some additional pieces of content to it:

10
content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs.md
View File

@@ -21,13 +21,13 @@ redirect_from:
{% data variables.product.prodname_codeql %} packs are used to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. {% data variables.product.prodname_codeql %} packs contain queries, library files, query suites, and metadata. With {% data variables.product.prodname_codeql %} packs and the package management commands in the {% data variables.product.prodname_codeql_cli %}, you can publish your custom queries and integrate them into your codebase analysis.
There are{% ifversion codeql-model-packs %} three{% else %} two{% endif %} types of {% data variables.product.prodname_codeql %} packs: {% ifversion codeql-model-packs %}query packs, library packs, and model packs{% else %} query packs and library packs{% endif %}.
There are three types of {% data variables.product.prodname_codeql %} packs: query packs, library packs, and model packs.
* Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack.
* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately.{% ifversion codeql-model-packs %}
* Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately.
* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to include dependencies that are not supported by default. Model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. During the {% data variables.release-phases.public_preview %}, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see [Creating a {% data variables.product.prodname_codeql %} model pack](#creating-a-codeql-model-pack).{% endif %}
* Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to include dependencies that are not supported by default. Model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. During the {% data variables.release-phases.public_preview %}, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see [Creating a {% data variables.product.prodname_codeql %} model pack](#creating-a-codeql-model-pack).
You can use the `pack` command in the {% data variables.product.prodname_codeql_cli %} to create {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. You can also publish and download {% data variables.product.prodname_codeql %} packs using the `pack` command. For more information, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs).
@@ -70,8 +70,6 @@ You must specify:
The `codeql pack init` command creates the directory structure and configuration files for a {% data variables.product.prodname_codeql %} pack. By default, the command creates a query pack. If you want to create a library pack, you must edit the `qlpack.yml` file to explicitly declare the file as a library pack by including the `library:true` property.
{% ifversion codeql-model-packs %}
## Creating a {% data variables.product.prodname_codeql %} model pack
{% data reusables.code-scanning.beta-model-packs %}
@@ -101,8 +99,6 @@ In this example, the model pack will inject all the data extensions in `models/*
Once you've created a model pack, you can publish it in the same way as other {% data variables.product.prodname_codeql %} packs. For more information, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs). You can then use published model packs in a {% data variables.product.prodname_code_scanning %} analysis with the `--model-packs` option. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs#using-model-packs-to-analyze-calls-to-custom-dependencies).
{% endif %}
## Adding and installing dependencies on a {% data variables.product.prodname_codeql %} pack
> [!NOTE]

8
content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md
View File

@@ -227,17 +227,14 @@ The following properties are supported in `qlpack.yml` files.
version: 0.0.0
```
{% ifversion codeql-model-packs %}
#### `dataExtensions`
* Required by model packs.
* Takes a list of glob patterns that specify where data extension files are located relative to the root of the query pack or library pack.
{% endif %}
#### `dependencies`
* Required by query and library packs that define {% data variables.product.prodname_codeql %} package dependencies on other packs. {% ifversion codeql-model-packs %}Model packs cannot define any dependencies and use `extensionTargets` instead.{% endif %}
* Required by query and library packs that define {% data variables.product.prodname_codeql %} package dependencies on other packs. Model packs cannot define any dependencies and use `extensionTargets` instead.
* Defines a map from pack references to the semantic version range that is compatible with this pack. Supported for {% data variables.product.prodname_codeql_cli %} versions v2.6.0 and later. For example:
```yaml
@@ -270,13 +267,10 @@ The following properties are supported in `qlpack.yml` files.
precision: medium
```
{% ifversion codeql-model-packs %}
#### `extensionTargets`
* Required by model packs.
* Declares which query packs the extensions in the model pack apply to. The extension pack will inject its data extensions into each pack that is named in the `extensionTargets` dictionary, if the pack falls within the specified version range and it is used in the evaluation.
{% endif %}
#### `groups`

4
content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md
View File

@@ -59,12 +59,8 @@ To learn how to work with {% data variables.product.prodname_codeql %} databases
If you have already found, downloaded, or created a {% data variables.product.prodname_codeql %} database, you can learn how to use the extension to run queries on {% data variables.product.prodname_codeql %} databases and view the results. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries).
{% ifversion codeql-model-packs %}
To learn how to model additional dependencies of a codebase and improve your {% data variables.product.prodname_code_scanning %} results, see [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor).
{% endif %}
To learn how to configure access to a different version of the {% data variables.product.prodname_codeql_cli %} than the one installed with the extension, see [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli).
To learn how to set up a {% data variables.product.prodname_codeql %} workspace, see [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/setting-up-a-codeql-workspace).

4
content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/managing-codeql-packs.md
View File

@@ -56,12 +56,8 @@ For more information about creating and editing {% data variables.product.prodna
* Otherwise, you will see the definition stored in your package cache, where downloaded dependencies are saved. The package cache is a shared location that is stored in your home directory by default.
{% ifversion codeql-model-packs %}
## Working with {% data variables.product.prodname_codeql %} model packs
{% data reusables.code-scanning.beta-model-packs %}
{% data variables.product.prodname_codeql %} model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to include dependencies that are not supported by default. The {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} includes a dedicated editor for creating and editing model packs. For information on using the model editor, see [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor).
{% endif %}

2
content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md
View File

@@ -72,7 +72,7 @@ For information about access requirements for actions related to {% data variabl
When {% data variables.product.github %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the **Security** tab for the repository and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version.
{% data variables.product.github %} may also notify the maintainers of affected repositories about new alerts according to their notification preferences.{% ifversion dependabot-suppressed-notifications %} When {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository, only for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled.{% endif %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts).
{% data variables.product.github %} may also notify the maintainers of affected repositories about new alerts according to their notification preferences. When {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository, only for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts).
{% data reusables.dependabot.dependabot-alert-create-PR %}

2
content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md
View File

@@ -27,7 +27,7 @@ When {% data variables.product.prodname_dependabot %} detects vulnerable depende
{% data reusables.dependabot.no-dependabot-alerts-for-malware %}
{% ifversion dependabot-suppressed-notifications %}Regardless of your notification preferences, when {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository. Instead, you will receive notifications for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled, if your notification preferences allow it.{% endif %}
Regardless of your notification preferences, when {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository. Instead, you will receive notifications for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled, if your notification preferences allow it.
{% ifversion fpt or ghec %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether {% data variables.product.prodname_dependabot_alerts %} will be enabled or disabled for newly-created repositories. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added).
{% endif %}

2
content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
View File

@@ -11,7 +11,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '> 3.2'
ghes: '*'
type: overview
topics:
- Dependabot

4
content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
View File

@@ -13,7 +13,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '> 3.2'
ghes: '*'
type: overview
topics:
- Dependabot
@@ -52,7 +52,7 @@ If you enable _security updates_, {% data variables.product.prodname_dependabot
You specify how often to check each ecosystem for new versions in the configuration file: daily, weekly, or monthly.
{% data reusables.dependabot.initial-updates %} {% ifversion dependabot-version-updates-groups %}For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates).{% endif %}
{% data reusables.dependabot.initial-updates %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates).
If you've enabled security updates, you'll sometimes see extra pull requests for security updates. These are triggered by a {% data variables.product.prodname_dependabot %} alert for a dependency on your default branch. {% data variables.product.prodname_dependabot %} automatically raises a pull request to update the vulnerable dependency.

4
content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
View File

@@ -10,7 +10,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '> 3.2'
ghes: '*'
type: how_to
topics:
- Dependabot
@@ -27,7 +27,7 @@ shortTitle: Configure version updates
You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a `dependabot.yml` configuration file in to your repository's `.github` directory. {% data variables.product.prodname_dependabot %} then raises pull requests to keep the dependencies you configure up-to-date. For each package manager's dependencies that you want to update, you must specify the location of the package manifest files and how often to check for updates to the dependencies listed in those files. For information about enabling security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates).
{% data reusables.dependabot.initial-updates %} {% ifversion dependabot-version-updates-groups %}For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates).{% endif %}
{% data reusables.dependabot.initial-updates %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates).
{% data reusables.dependabot.version-updates-skip-scheduled-runs %}

4
content/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated.md
View File

@@ -122,7 +122,7 @@ Here are some examples showing how `ignore` can be used to customize which depen
If you want to un-ignore a dependency or ignore condition, you can delete the ignore conditions from the `dependabot.yml` file or reopen the pull request.
{% ifversion dependabot-version-updates-groups %}For pull requests for grouped {% ifversion dependabot-grouped-security-updates-config %}{% else %}version {% endif %}updates, you can also use `@dependabot unignore` comment commands. The `@dependabot unignore` comment commands enable you to do the following by commenting on a {% data variables.product.prodname_dependabot %} pull request:
For pull requests for grouped {% ifversion dependabot-grouped-security-updates-config %}{% else %}version {% endif %}updates, you can also use `@dependabot unignore` comment commands. The `@dependabot unignore` comment commands enable you to do the following by commenting on a {% data variables.product.prodname_dependabot %} pull request:
* Un-ignore a specific ignore condition
* Un-ignore a specific dependency
@@ -135,7 +135,7 @@ If you want to un-ignore a dependency or ignore condition, you can delete the ig
{% endif %}
For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-for-grouped-{% ifversion dependabot-grouped-security-updates-config %}{% else %}version-{% endif %}updates-with-comment-commands).{% endif %}
For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-for-grouped-{% ifversion dependabot-grouped-security-updates-config %}{% else %}version-{% endif %}updates-with-comment-commands).
## Allowing specific dependencies to be updated

4
content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-errors.md
View File

@@ -169,8 +169,6 @@ To allow {% data variables.product.prodname_dependabot %} to update the dependen
**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories).
{% ifversion dependabot-version-updates-groups %}
### {% data variables.product.prodname_dependabot %} fails to group a set of dependencies into a single pull request for {% data variables.product.prodname_dependabot_version_updates %}
{% ifversion dependabot-grouped-security-updates-config %}The [`groups`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups) configuration settings in the `dependabot.yml` file can apply to version updates and security updates. Use the `applies-to` key to specify where (version updates or security updates) a set of grouping rules is applied.
@@ -252,8 +250,6 @@ If the dependency still fails to update, there may be a problem with the depende
If you continue to see CI failures, you should remove the group configuration so that {% data variables.product.prodname_dependabot %} reverts to raising individual pull requests for each dependency. Then, you should check and confirm that the update works correctly for each individual pull request.
{% endif %}
## Triggering a {% data variables.product.prodname_dependabot %} pull request manually
If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request.

14
content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md
View File

@@ -145,13 +145,9 @@ When `commit-message` is defined:
| `prefix-development` | On supported systems, defines a different prefix to use for commits that update dependencies in the Development dependency group. |
| `include` | Follow the commit message prefix with additional information. |
{% ifversion dependabot-version-updates-groups %}
> [!TIP]
> When pull requests are raised for grouped updates, the branch name and pull request title are defined by the group `IDENTIFIER`, see {% ifversion dependabot-grouped-security-updates-config %}[`groups`](#groups--){% else %}[`groups`](#groups-){% endif %}.
{% endif %}
### `prefix`
* Used for all commit messages unless `prefix-development` is also defined.
@@ -195,8 +191,6 @@ If you need to use more than one block in the configuration file to define updat
Not currently in use.
{% ifversion dependabot-version-updates-groups %}
## `groups` {% ifversion dependabot-grouped-security-updates-config %}{% octicon "versions" aria-label="Version updates" height="24" %} {% octicon "shield-check" aria-label="Security updates" height="24" %}{% else %}{% octicon "versions" aria-label="Version updates only" height="24" %}{% endif %}
Define rules to create one or more sets of dependencies managed by a package manager, to group updates into fewer, targeted pull requests. For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates).
@@ -245,8 +239,6 @@ By default, a group will include updates for all semantic versions (SemVer). Sem
For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated#specifying-the-semantic-versioning-level-to-ignore).
{% endif %}
## `ignore` {% octicon "versions" aria-label="Version updates" height="24" %} {% octicon "shield-check" aria-label="Security updates" height="24" %}
Use with the [`allow`](#allow--) option to define exactly which dependencies to maintain for a package ecosystem. {% data variables.product.prodname_dependabot %} checks for all allowed dependencies and then filters out any ignored dependencies or versions. So a dependency that is matched by both an allow and an ignore will be ignored. For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated#ignoring-specific-dependencies).
@@ -400,9 +392,9 @@ Package manager | YAML value | Supported versions |
| pnpm | `npm` | v7, v8 <br>v9 (version updates only) |
| poetry | `pip` | v1 |
| pub | `pub` | v2 |
| {% ifversion dependabot-updates-swift-support %} |
| |
| Swift | `swift` | v5 |
| {% endif %} |
| |
| Terraform | `terraform` | >= 0.13, <= 1.8.x |
| yarn | `npm` | v1, v2, v3 |
@@ -476,7 +468,7 @@ Reviewers must have at least read access to the repository.
## `schedule` {% octicon "versions" aria-label="Version updates only" height="24" %}
**Required option.** Define how often to check for new versions for each package manager you configure using the `interval` parameter. Optionally, for daily and weekly intervals, you can customize when {% data variables.product.prodname_dependabot %} checks for updates. {% ifversion dependabot-version-updates-groups %}For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates).{% endif %}
**Required option.** Define how often to check for new versions for each package manager you configure using the `interval` parameter. Optionally, for daily and weekly intervals, you can customize when {% data variables.product.prodname_dependabot %} checks for updates. For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates).
| Parameters | Purpose |
|------------|---------|

2
content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md
View File

@@ -9,7 +9,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '> 3.2'
ghes: '*'
type: how_to
topics:
- Repositories

4
content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
View File

@@ -97,12 +97,8 @@ You can also proactively secure IP and maintain compliance for your organization
To ensure that all code is properly reviewed prior to being merged into the default branch, you can enable branch protection. By setting branch protection rules, you can enforce certain workflows or requirements before a contributor can push changes. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
{% ifversion repo-rules %}
{% data reusables.repositories.rulesets-alternative %}
{% endif %}
## Mitigate data leaks
If a user pushes sensitive data, ask them to remove it by using the `git filter-repo` tool. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository). Also, if the sensitive data has not been pushed yet, you can just undo those changes locally; for more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2015-06-08-how-to-undo-almost-anything-with-git/) (but note that `git revert` is not a valid way to undo the addition of sensitive data as it leaves the original sensitive commit in Git history).

3
content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md
View File

@@ -37,8 +37,7 @@ You can access any advisory in the {% data variables.product.prodname_advisory_d
The database is also accessible using the GraphQL API. By default, queries will return {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities unless you specify `type:malware`. For more information, see the [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory).
{% ifversion security-advisories-rest-api %}
Additionally, you can access the {% data variables.product.prodname_advisory_database %} using the REST API. For more information, see [AUTOTITLE](/rest/security-advisories/global-advisories).{% endif %}
Additionally, you can access the {% data variables.product.prodname_advisory_database %} using the REST API. For more information, see [AUTOTITLE](/rest/security-advisories/global-advisories).
## Editing an advisory in the {% data variables.product.prodname_advisory_database %}

2
content/code-security/security-overview/assessing-adoption-code-security.md
View File

@@ -16,7 +16,7 @@ versions:
ghec: '*'
---
{% data reusables.security-overview.beta-org-risk-coverage %}
## About adoption of code security features

2
content/code-security/security-overview/assessing-code-security-risk.md
View File

@@ -18,7 +18,7 @@ redirect_from:
- /code-security/security-overview/viewing-the-security-overview
---
{% data reusables.security-overview.beta-org-risk-coverage %}
## Exploring the security risks in your code

2
content/code-security/security-overview/filtering-alerts-in-security-overview.md
View File

@@ -116,8 +116,6 @@ In the "Risk" and "Coverage" views, you can show data only for repositories wher
### Extra filters for the "Coverage" view
{% data reusables.security-overview.beta-org-risk-coverage %}
| Qualifier | Description |
| -------- | -------- |
| `advanced-security` | Display data for repositories where {% data variables.product.prodname_GH_advanced_security %} is enabled or not enabled. |

9
content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
View File

@@ -5,7 +5,7 @@ product: '{% data reusables.gated-features.dependency-review %}'
shortTitle: Dependency review
versions:
fpt: '*'
ghes: '>= 3.2'
ghes: '*'
ghec: '*'
type: overview
topics:
@@ -58,16 +58,12 @@ The action is available for all {% ifversion fpt or ghec %}public repositories,
{% data reusables.dependency-review.action-enterprise %}
The action uses the dependency review REST API to get the diff of dependency changes between the base commit and head commit. You can use the dependency review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see [AUTOTITLE](/rest/dependency-graph/dependency-review).{% ifversion dependency-review-submission-api %} The action also considers dependencies submitted via the {% data variables.dependency-submission-api.name %}. For more information about the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
The action uses the dependency review REST API to get the diff of dependency changes between the base commit and head commit. You can use the dependency review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see [AUTOTITLE](/rest/dependency-graph/dependency-review). The action also considers dependencies submitted via the {% data variables.dependency-submission-api.name %}. For more information about the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
{% data reusables.dependency-review.works-with-submission-api-beta %}
You can configure the {% data variables.dependency-review.action_name %} to better suit your needs. For example, you can specify the severity level that will make the action fail{% ifversion dependency-review-action-licenses %}, or set an allow or deny list for licenses to scan{% endif %}. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-review-action).
{% endif %}
{% ifversion dependency-review-submission-api %}
## Best practices for using the dependency review API and the {% data variables.dependency-submission-api.name %} together
The dependency review API and the {% data variables.dependency-review.action_name %} both work by comparing dependency changes in a pull request with the state of your dependencies in the head commit of your target branch.
@@ -94,7 +90,6 @@ If you dont use {% data variables.product.prodname_actions %}, and your code
* When there are snapshots missing for either side of the comparison, you will see an explanation for that in the `x-github-dependency-graph-snapshot-warnings` header (as a base64-encoded string). Therefore, if the header is non-empty, you should consider retrying.
* Implement a retry logic with exponential backoff retries.
* Implement a reasonable number of retries to account for the typical runtime of your dependency submission code.
{% endif %}
## Further reading

4
content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md
View File

@@ -144,5 +144,5 @@ When customizing your dependency review configuration, there are some best pract
## Further reading
* [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-review-action){% ifversion repo-rules %}
* [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization){% endif %}
* [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-review-action)
* [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization)

9
content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md
View File

@@ -24,17 +24,15 @@ shortTitle: Explore dependencies
## Viewing the dependency graph
The dependency graph shows the dependencies{% ifversion fpt or ghec %} and dependents{% endif %} of your repository. {% ifversion dependency-graph-repository-view-update %} {% data reusables.dependency-graph.repository-view-update %}{% endif %} For information about the detection of dependencies and which ecosystems are supported, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems).
The dependency graph shows the dependencies{% ifversion fpt or ghec %} and dependents{% endif %} of your repository. {% data reusables.dependency-graph.repository-view-update %} For information about the detection of dependencies and which ecosystems are supported, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems).
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.accessing-repository-graphs %}
{% data reusables.repositories.click-dependency-graph %}{% ifversion dependency-graph-repository-view-update %}
{% data reusables.repositories.click-dependency-graph %}
1. Optionally, use the search bar to find a specific dependency or set of dependencies.
>[!NOTE] The search bar only searches based on the package name.
{% endif %}
{% ifversion fpt or ghec %}
1. Optionally, to view the repositories and packages that depend on your repository, under "Dependency graph", click **Dependents**.
@@ -59,8 +57,7 @@ For each dependency, you can see its ecosystem, the manifest file in which it wa
Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed{% ifversion ghes %}.{% else %}, grouped by ecosystem.{% endif %}
{% endif %}
{% ifversion dependency-graph-repository-view-update %}
Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted.{% elsif ghes %}Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %}, although also grouped by ecosystem, are shown separately from dependencies identified through manifest or lock files in the repository. These submitted dependencies appear in the dependency graph as "Snapshot dependencies" because they are submitted as a snapshot, or set, of dependencies.{% else %}{% endif %} For more information on using the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted. For more information on using the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}.

2
content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
View File

@@ -40,7 +40,7 @@ However, you can use the {% data variables.dependency-submission-api.name %} to
## Are there limits which affect the dependency graph data?
Yes, the dependency graph has {% ifversion dependency-graph-repository-view-update %}one category{% else %}two categories{% endif %} of limits:
Yes, the dependency graph has one category of limits:
1. **Processing limits**

10
content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema.md
View File

@@ -6,7 +6,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '> 3.8'
ghes: '*'
topics:
- Community
---
@@ -38,8 +38,8 @@ For example, the following form definition includes four form elements: a text a
multiple: false
options:
- 1.0.2 (Default)
- 1.0.3 (Edge){% ifversion issue-form-dropdown-defaults %}
default: 0{% endif %}
- 1.0.3 (Edge)
default: 0
validations:
required: true
- type: checkboxes
@@ -222,8 +222,8 @@ body:
- Built from source
- Homebrew
- MacPorts
- apt-get{% ifversion issue-form-dropdown-defaults %}
default: 0{% endif %}
- apt-get
default: 0
validations:
required: true
```

4
content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md
View File

@@ -52,9 +52,9 @@ You can set the following top-level keys for each issue form.
| {% ifversion issue-types %} |
| `type` | The issue type that will be automatically added to issues created with this template. Issue types are defined at the organization level and can be used to create a shared syntax across repos. | Optional | String |
| {% endif %} |
| {% ifversion projects-in-issue-forms %} |
| |
| `projects` | Projects that any issues created with this template will automatically be added to. The format of this key is `PROJECT-OWNER/PROJECT-NUMBER`. > [!NOTE] The person opening the issue must have write permissions for the specified projects. If you don't expect people using this template to have write access, consider enabling your project's auto-add workflow. For more information, see [Adding items automatically](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically). | Optional | Array or comma-delimited string |
| {% endif %} |
| |
For the available `body` input types and their syntaxes, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema).

4
content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-roadmap-layout.md
View File

@@ -48,14 +48,10 @@ You can choose the density of items on your roadmap. You can zoom in to show one
1. Select either **Month**, **Quarter**, or **Year**.
{% ifversion projects-v2-slice-panel %}
## Slicing by field values
{% data reusables.projects.customize.slice-panel %}
{% endif %}
## Sorting by field values
You can sort items by a field value.

23
content/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization.md
View File

@@ -17,13 +17,11 @@ allowTitleToDifferFromFilename: true
## About templates
You can {% ifversion projects-v2-org-templates-improvements %}create a template, or {% endif %}set a project as a template{% ifversion projects-v2-org-templates-improvements %},{% endif %} to share a pre-configured project with other people in your organization which they can then use as the base for their projects.
You can create a template, or set a project as a template, to share a pre-configured project with other people in your organization which they can then use as the base for their projects.
The projects you mark as templates are shown in the "Create a project" dialog when anyone creates a project in your organization. {% ifversion projects-v2-org-templates-GA-updates %}You can also configure up to six templates to recommend to your organization's members.{% endif %}
When someone creates a project from a template, the {% data reusables.projects.what-gets-copied %} are copied from the template to the new project. {% ifversion projects-v2-org-templates-improvements %}You can find the template that a project used from the project's settings page, under the "Templates" section.{% endif %}
{% ifversion projects-v2-org-templates-improvements %}
When someone creates a project from a template, the {% data reusables.projects.what-gets-copied %} are copied from the template to the new project. You can find the template that a project used from the project's settings page, under the "Templates" section.
## Creating a new template
@@ -33,8 +31,6 @@ When someone creates a project from a template, the {% data reusables.projects.w
{% data reusables.projects.templates-tab %}
1. Click **New template**.
{% endif %}
## Setting a project as a template
If you have admin permissions for a project in your organization, you can set the project as a template and make it available for others in your organization to use.
@@ -44,8 +40,6 @@ If you have admin permissions for a project in your organization, you can set th
## Finding templates in your organization
{% ifversion projects-v2-org-templates-improvements %}
You can find all the templates in your organization on the "Templates" page.
{% data reusables.profile.access_org %}
@@ -55,19 +49,6 @@ You can find all the templates in your organization on the "Templates" page.
You can also add templates to teams and repositories, to make them accessible and more visible from the team or repository's "Templates" page. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-team) and [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-repository).
{% else %}
You can filter the list of projects in your organization to only show projects set as templates.
{% data reusables.profile.access_org %}
{% data reusables.user-settings.access_org %}
{% data reusables.projects.projects-tab %}
1. In the text box above the list of projects, type `is:template`, and press **Enter**.
![Screenshot of the projects index page. The search text box is highlighted with an orange outline.](/assets/images/help/projects-v2/filter-for-templates.png)
{% endif %}
## Copying a project as a template
If you have write or admin permissions for a project in your organization, you can choose to copy the project as a template. This will make a duplicate of the current project—copying the {% data reusables.projects.what-gets-copied %} —and set that copied project as a template for your organization.

2
content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md
View File

@@ -120,7 +120,7 @@ If you're running Bitbucket Data Center in cluster mode with multiple notes, you
### `Repository rule violations found` error
If you receive a `Repository rule violations found` error, such as `GH013: Repository rule violations found for refs/heads/main`, data in the origin repository conflicts with rulesets configured on the destination organization. For more information, see [AUTOTITLE]({% ifversion repo-rules %}{% else %}/enterprise-cloud@latest{% endif %}/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
If you receive a `Repository rule violations found` error, such as `GH013: Repository rule violations found for refs/heads/main`, data in the origin repository conflicts with rulesets configured on the destination organization. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
You can temporarily disable your rulesets during your migration, or you can use bypass mode or the bypass list to exempt your migration from configured rules. For more information, see [AUTOTITLE]({% ifversion repo-rules-enterprise %}{% else %}/enterprise-cloud@latest{% endif %}/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization).

2
content/organizations/managing-organization-settings/deleting-an-organization-account.md
View File

@@ -38,9 +38,7 @@ Deleting your organization account removes all repositories, forks of private re
{% data reusables.package_registry.delete-account-namespace-retirement %}
{% ifversion archive-organizations %}
You can also archive an organization, instead of deleting it. Archiving an organization will make it read-only. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization).
{% endif %}
## Backing up your organization content

8
content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md
View File

@@ -116,11 +116,11 @@ Some of the features listed below are limited to organizations using {% data var
| {% ifversion copilot %} |
| View [content exclusion settings](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/about-content-exclusions-for-github-copilot) for {% data variables.product.prodname_copilot %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| {% endif %} |
| Manage [branch protection rules](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule){% ifversion repo-rules %} and [repository rulesets](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets){% endif %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| {% ifversion repo-rules %} |
| Manage [branch protection rules](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule) and [repository rulesets](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| |
| View [rulesets for a repository](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| {% endif %} |
| [Push to protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)</br>{% ifversion repo-rules %}Doesn't apply to rulesets as these have a different bypass model. See [Granting bypass permissions for your branch or tag ruleset](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset).{% endif %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| |
| [Push to protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)</br>Doesn't apply to rulesets as these have a different bypass model. See [Granting bypass permissions for your branch or tag ruleset](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset). | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| Merge pull requests on protected branches, even if there are no approving reviews | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| {% ifversion ghes < 3.16 %} |
| Create tags that match a [tag protection rule](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |

2
content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md
View File

@@ -15,7 +15,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '>= 3.5'
ghes: '*'
shortTitle: Container registry
---

2
content/pages/getting-started-with-github-pages/using-custom-workflows-with-github-pages.md
View File

@@ -4,7 +4,7 @@ intro: 'You can take advantage of using {% data variables.product.prodname_actio
product: '{% data reusables.gated-features.pages %}'
versions:
fpt: '*'
ghes: '>= 3.7'
ghes: '*'
ghec: '*'
topics:
- Pages

4
content/pull-requests/collaborating-with-pull-requests/getting-started/managing-and-standardizing-pull-requests.md
View File

@@ -30,8 +30,6 @@ You can define individuals or teams that you consider responsible for code or fi
You can use protected branches to prevent pull requests from being merged into important branches, such as `main`, until certain conditions are met. For example, you can require an approving review, or require that all status checks are passing. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
{% ifversion repo-rules %}
## Using rulesets
Working alongside protected branches, rulesets let you enforce policies across your repository, such as requiring status checks or workflows to pass before a pull request can be merged.
@@ -40,7 +38,7 @@ Rulesets are especially useful for maintaining repository security when combined
* You can use rulesets to enforce the dependency review action, a workflow that blocks pull requests that are introducing vulnerable dependencies into your codebase. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization). {% ifversion code-scanning-merge-protection-rulesets %}
* If your repository is configured with {% data variables.product.prodname_code_scanning %}, you can use rulesets to set {% data variables.product.prodname_code_scanning %} merge protection, which prevents pull requests from being merged if there is a {% data variables.product.prodname_code_scanning %} alert of a certain severity, or if a {% data variables.product.prodname_code_scanning %} analysis is still in progress. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection).{% endif %}
{% endif %}{% ifversion push-rulesets %}
{% ifversion push-rulesets %}
## Using push rulesets

4
content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request.md
View File

@@ -17,12 +17,8 @@ topics:
In a pull request, you propose that changes you've made on a head branch should be merged into a base branch. By default, any pull request can be merged at any time, unless the head branch is in conflict with the base branch. However, there may be restrictions on when you can merge a pull request into a specific branch. For example, you may only be able to merge a pull request into the default branch if required status checks are passing. Repository administrators can add constraints like this to branches using branch protection rules. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
{% ifversion repo-rules %}
{% data reusables.repositories.rulesets-alternative %}
{% endif %}
{% data reusables.pull_requests.you-can-auto-merge %}
If the pull request has merge conflicts, or if you'd like to test the changes before merging, you can [check out the pull request locally](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally) and merge it using the command line.

2
content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md
View File

@@ -4,7 +4,7 @@ intro: 'If a pull request contains changes to dependencies, you can view a summa
product: '{% data reusables.gated-features.dependency-review %}'
versions:
fpt: '*'
ghes: '>= 3.2'
ghes: '*'
ghec: '*'
type: how_to
topics:

2
content/repositories/archiving-a-github-repository/archiving-repositories.md
View File

@@ -40,9 +40,7 @@ When a repository is archived, its issues, pull requests, code, labels, mileston
You can search for archived repositories. For more information, see [AUTOTITLE](/search-github/searching-on-github/searching-for-repositories#search-based-on-whether-a-repository-is-archived). You can also search for issues and pull requests within archived repositories. For more information, see [AUTOTITLE](/search-github/searching-on-github/searching-issues-and-pull-requests#search-based-on-whether-a-repository-is-archived).
{% ifversion archive-organizations %}
To archive all repositories in an organization at once, you can archive the entire organization. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization).
{% endif %}
## Archiving a repository

2
content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-suggestions-to-update-pull-request-branches.md
View File

@@ -3,7 +3,7 @@ title: Managing suggestions to update pull request branches
intro: You can give users the ability to always update a pull request branch when it is not up to date with the base branch.
versions:
fpt: '*'
ghes: '> 3.4'
ghes: '*'
ghec: '*'
topics:
- Repositories

3
content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/viewing-branches-in-your-repository.md
View File

@@ -27,5 +27,4 @@ shortTitle: View branches
* [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository)
* [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/deleting-and-restoring-branches-in-a-pull-request)
{%- ifversion repository-activity-view %}
* [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository).{% endif %}
* [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository).

4
content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches.md
View File

@@ -37,13 +37,9 @@ By default, the restrictions of a branch protection rule don't apply to people w
{% data reusables.pull_requests.you-can-auto-merge %}
{% ifversion repo-rules %}
> [!NOTE]
> Only a single branch protection rule can apply at a time, which means it can be difficult to know which rule will apply when multiple versions of a rule target the same branch. {% ifversion repo-rules-enterprise %}Additionally, you may want to create a single set of rules that applies to multiple repositories in an organization. {% endif %}For information about an alternative to branch protection rules, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
{% endif %}
## About branch protection settings
For each branch protection rule, you can choose to enable or disable the following settings.

4
content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md
View File

@@ -42,13 +42,9 @@ To create an exception to an existing branch rule, you can create a new branch p
For more information about each of the available branch protection settings, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
{% ifversion repo-rules %}
> [!NOTE]
> Only a single branch protection rule can apply at a time, which means it can be difficult to know how which rule will apply when multiple versions of a rule target the same branch. {% ifversion repo-rules-enterprise %}Additionally, you may want to create a single set of rules that applies to multiple repositories in an organization. {% endif %}For information about an alternative to branch protection rules, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
{% endif %}
## Creating a branch protection rule
When you create a branch rule, the branch you specify doesn't have to exist yet in the repository.

8
content/repositories/creating-and-managing-repositories/creating-a-new-repository.md
View File

@@ -25,12 +25,8 @@ topics:
> [!TIP]
> You can also create a repository using the {% data variables.product.prodname_cli %}. For more information, see [`gh repo create`](https://cli.github.com/manual/gh_repo_create) in the {% data variables.product.prodname_cli %} documentation.
{% ifversion create-new-repos-with-query-params %}
## Creating a new repository from the web UI
{% endif %}
{% data reusables.repositories.create_new %}
1. Optionally, to create a repository with the directory structure and files of an existing repository, select the **Choose a template** dropdown menu and click a template repository. You'll see template repositories that are owned by you and organizations you're a member of or that you've used before. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template).
1. Optionally, if you chose to use a template, to include the directory structure and files from all branches in the template, and not just the default branch, select **Include all branches**.
@@ -49,8 +45,6 @@ topics:
1. At the bottom of the resulting Quick Setup page, under "Import code from an old repository", you can choose to import a project to your new repository. To do so, click **Import code**.
{% endif %}
{% ifversion create-new-repos-with-query-params %}
## Creating a new repository from a URL query
You can use query parameters to pre-fill form fields when creating a new repository. Query parameters are optional parts of a URL you can customize to share a specific web page view, such as search filter results or an issue template on {% data variables.product.prodname_dotcom %}. To specify values for the predefined query parameters, you must match the key and value pair.
@@ -69,8 +63,6 @@ If you create an invalid URL using query parameters, or if you dont have the
| `owner` | `https://{% data variables.product.product_url %}/new?owner=avocado-corp&visibility=public` creates a public repository owned by the "avocado-corp" organization. | Any valid organization name or username. Alternatively, while signed in use `@me` to specify your user account as the owner. |
| `template_owner` and `template_name` | `https://{% data variables.product.product_url %}/new?owner=avocado-corp&template_owner=avocado-corp&template_name=octo-repo` creates a repository owned by the "avocado-corp" using the avocado-corp's template "octo-repo". | The username of the template owner and the name of the repository template. |
{% endif %}
## Further reading
* [AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-repository)

4
content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners.md
View File

@@ -160,12 +160,8 @@ Repository owners can update branch protection rules to ensure that changed code
To protect a repository fully against unauthorized changes, you also need to define an owner for the CODEOWNERS file itself. The most secure method is to define a CODEOWNERS file in the `.github` directory of the repository and define the repository owner as the owner of either the CODEOWNERS file (``/.github/CODEOWNERS @owner_username``) or the whole directory (``/.github/ @owner_username``).
{% ifversion repo-rules %}
{% data reusables.repositories.rulesets-alternative %}
{% endif %}
## Further reading
* [AUTOTITLE](/repositories/working-with-files/managing-files/creating-new-files)

2
content/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/customizing-your-repositorys-social-media-preview.md
View File

@@ -17,7 +17,7 @@ Until you add an image, repository links expand to show basic information about
## Adding an image to customize the social media preview of your repository
{% ifversion repo-rules %}You can upload an image to a public repository, or to a private repository to which you have previously uploaded an image. Your image can only be shared from a public repository.{% else %}You can upload an image to a private repository, but your image can only be shared from a public repository.{% endif %}
You can upload an image to a public repository, or to a private repository to which you have previously uploaded an image. Your image can only be shared from a public repository.
> [!TIP]
> Your image should be a PNG, JPG, or GIF file under 1 MB in size. For the best quality rendering, we recommend a size of at least 640 by 320 pixels (1280 by 640 pixels for best display).

2
content/repositories/viewing-activity-and-data-for-your-repository/analyzing-changes-to-a-repositorys-content.md
View File

@@ -51,7 +51,5 @@ The code frequency graph displays the content additions and deletions for each w
{% data reusables.repositories.repositories-insights-graphs-download-steps %}
{% endif %}
{% ifversion repository-activity-view %}
{% data reusables.repositories.activity-view %}
For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository).
{% endif %}

2
content/repositories/viewing-activity-and-data-for-your-repository/using-pulse-to-view-a-summary-of-repository-activity.md
View File

@@ -22,10 +22,8 @@ You can view an overview of a repository's activity through Pulse. Pulse include
Commit co-authors are included in the commit activity summary if their commits were merged into the repository's default branch and they're in the top 15 users who have contributed the most commits.
{% ifversion repository-activity-view %}
{% data reusables.repositories.activity-view %}
For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository).
{% endif %}
## Accessing Pulse

4
content/rest/using-the-rest-api/troubleshooting-the-rest-api.md
View File

@@ -99,8 +99,6 @@ You can check the status of the REST API at [githubstatus.com](https://www.githu
If you are using a {% data variables.product.prodname_github_app %} or {% data variables.product.pat_v2 %} and you receive a "Resource not accessible by integration" or "Resource not accessible by {% data variables.product.pat_generic %}" error, then your token has insufficient permissions. For more information about the required permissions, see the documentation for the endpoint.
{% ifversion rest-permissions-header %}
You can use the `X-Accepted-GitHub-Permissions` header to identify the permissions that are required to access the REST API endpoint.
The value of the `X-Accepted-GitHub-Permissions` header is a comma separated list of the permissions that are required to use the endpoint. Occasionally, you can choose from multiple permission sets. In these cases, multiple comma-separated lists will be separated by a semicolon.
@@ -111,8 +109,6 @@ For example:
* `X-Accepted-GitHub-Permissions: pull_requests=write,contents=read` means that your {% data variables.product.prodname_github_app %} or {% data variables.product.pat_v2 %} needs write access to the pull request permission and read access to the contents permission.
* `X-Accepted-GitHub-Permissions: pull_requests=read,contents=read; issues=read,contents=read` means that your {% data variables.product.prodname_github_app %} or {% data variables.product.pat_v2 %} needs either read access to the pull request permission and read access to the contents permission, or read access to the issues permission and read access to the contents permission.
{% endif %}
## Problems parsing JSON
If you send invalid JSON in the request body, you may receive a `400 Bad Request` response and a "Problems parsing JSON" error message. You can use a linter or JSON validator to help you identify errors in your JSON.

6
data/reusables/actions/jobs/multi-dimension-matrix.md
View File

@@ -30,7 +30,7 @@ matrix:
- macos-latest
node:
- version: 14
- version: {% ifversion actions-node20-support %}20{% else %}16{% endif %}
- version: 20
env: NODE_OPTIONS=--openssl-legacy-provider
```
@@ -40,11 +40,11 @@ This matrix produces 4 jobs with corresponding contexts.
- matrix.os: ubuntu-latest
matrix.node.version: 14
- matrix.os: ubuntu-latest
matrix.node.version: {% ifversion actions-node20-support %}20{% else %}16{% endif %}
matrix.node.version: 20
matrix.node.env: NODE_OPTIONS=--openssl-legacy-provider
- matrix.os: macos-latest
matrix.node.version: 14
- matrix.os: macos-latest
matrix.node.version: {% ifversion actions-node20-support %}20{% else %}16{% endif %}
matrix.node.version: 20
matrix.node.env: NODE_OPTIONS=--openssl-legacy-provider
```

3
data/reusables/code-scanning/beta-model-packs.md
View File

@@ -1,8 +1,5 @@
{% ifversion codeql-model-packs %}
> [!NOTE]
> {% data variables.product.prodname_codeql %} model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. Model packs are supported for {% data variables.code-scanning.codeql_model_packs_support %} analysis.
>
> The {% data variables.product.prodname_codeql %} model editor in the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} supports modeling dependencies for {% data variables.code-scanning.codeql_model_editor_support %}.
{% endif %}

6
data/reusables/code-scanning/beta-org-enable-all.md
View File

@@ -1,6 +0,0 @@
{% ifversion ghes = 3.10 %}
> [!NOTE]
> The ability to enable and disable default setup for {% data variables.product.prodname_code_scanning %} for eligible repositories in an organization is currently in {% data variables.release-phases.public_preview %} and subject to change.
{% endif %}

8
data/reusables/community/issue-forms-sample.md
View File

@@ -2,8 +2,8 @@
name: Bug Report
description: File a bug report.
title: "[Bug]: "
labels: ["bug", "triage"]{% ifversion projects-in-issue-forms %}
projects: ["octo-org/1", "octo-org/44"]{% endif %}
labels: ["bug", "triage"]
projects: ["octo-org/1", "octo-org/44"]
assignees:
- octocat
body:
@@ -35,8 +35,8 @@ body:
description: What version of our software are you running?
options:
- 1.0.2 (Default)
- 1.0.3 (Edge){% ifversion issue-form-dropdown-defaults %}
default: 0{% endif %}
- 1.0.3 (Edge)
default: 0
validations:
required: true
- type: dropdown

2
data/reusables/dependabot/about-the-dependency-graph.md
View File

@@ -3,9 +3,7 @@ The dependency graph is a summary of the manifest and lock files stored in a rep
* Dependencies, the ecosystems and packages it depends on
* Dependents, the repositories and packages that depend on it{% else %} dependencies, the ecosystems and packages it depends on.{% endif %}
{% ifversion dependency-graph-repository-view-update %}
{% data reusables.dependency-graph.repository-view-update %}
{% endif %}
{% ifversion ghes %}
{% data variables.product.github %} does not retrieve license information for dependencies, and does not calculate information about dependents, the repositories and packages that depend on a repository.{% endif %}

4
data/reusables/dependabot/dependabot-alerts-dependency-scope.md
View File

@@ -8,9 +8,9 @@ The table below summarizes whether dependency scope is supported for various eco
| Java | Maven | pom.xml | {% octicon "check" aria-label="Supported" %} `test` maps to development, else scope defaults to runtime |
| JavaScript | npm | package.json | {% octicon "check" aria-label="Supported" %} |
| JavaScript | npm | package-lock.json | {% octicon "check" aria-label="Supported" %} |
| {% ifversion dependabot-dependency-graph-pnpm %} |
| |
| JavaScript | npm | pnpm-lock.yaml | {% octicon "check" aria-label="Supported" %} |
| {% endif %} |
| |
| JavaScript | yarn v1 | yarn.lock | No, defaults to runtime |
| PHP | Composer | composer.json | {% octicon "check" aria-label="Supported" %} |
| PHP | Composer | composer.lock | {% octicon "check" aria-label="Supported" %} |

2
data/reusables/dependabot/initial-updates.md
View File

@@ -5,4 +5,4 @@ When you first enable version updates, you may have many dependencies that are o
To keep pull requests manageable and easy to review, {% data variables.product.prodname_dependabot %} raises a maximum of five pull requests to start bringing dependencies up to the latest version. If you merge some of these first pull requests before the next scheduled update, remaining pull requests will be opened on the next update, up to that maximum. You can change the maximum number of open pull requests by setting the [`open-pull-requests-limit` configuration option](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#open-pull-requests-limit).
{% ifversion dependabot-version-updates-groups %}To further reduce the number of pull requests you may be seeing, you can use the [`groups`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups) configuration option to group sets of dependencies together (per package ecosystem). {% data variables.product.prodname_dependabot %} then raises a single pull request to update as many dependencies as possible in the group to the latest versions at the same time.{% endif %}
To further reduce the number of pull requests you may be seeing, you can use the [`groups`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups) configuration option to group sets of dependencies together (per package ecosystem). {% data variables.product.prodname_dependabot %} then raises a single pull request to update as many dependencies as possible in the group to the latest versions at the same time.

16
data/reusables/dependabot/supported-package-managers.md
View File

@@ -25,14 +25,14 @@ npm | `npm` | v7, v8, v9 | {% octicon "check" aria-label
[pip](#pip-and-pip-compile) | `pip` | v21.1.2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
pipenv | `pip` | <= 2021-05-29 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
[pip-compile](#pip-and-pip-compile) | `pip` | 6.1.0 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| {% ifversion dependabot-updates-pnpm-support %} |
| |
| {% ifversion dependabot-updates-pnpmv9-support %}pnpm{% else %}[pnpm](#pnpm){% endif %} | `npm` | v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} {% ifversion dependabot-updates-pnpmv9-support %}{% else %}(v7 and v8 only){% endif %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| {% endif %} |
| |
poetry | `pip` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
[pub](#pub) | `pub` | v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} |
| {% ifversion dependabot-updates-swift-support %} |
| |
[Swift](#swift) | `swift` | v5 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} |
| {% endif %} |
| |
[Terraform](#terraform) | `terraform` | >= 0.13, <= 1.10.x | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
[yarn](#yarn) | `npm` | v1, v2, v3 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}|
@@ -89,8 +89,6 @@ For more information about using {% data variables.product.prodname_dependabot_v
#### Gradle
{% ifversion dependabot-security-updates-gradle-support %}{% else %}Gradle is supported for {% data variables.product.prodname_dependabot_version_updates %} only.{% endif %}
{% data variables.product.prodname_dependabot %} doesn't run Gradle but supports updates to the following files:
* `build.gradle`, `build.gradle.kts` (for Kotlin projects)
* `gradle/libs.versions.toml` (for projects using a standard Gradle version catalog)
@@ -98,15 +96,12 @@ For more information about using {% data variables.product.prodname_dependabot_v
{% data variables.product.prodname_dependabot %} uses information from the `pom.xml` file of dependencies to add links to release information in update pull requests. If the information is omitted from the `pom.xml` file, then it cannot be included in {% data variables.product.prodname_dependabot %} pull requests, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/optimizing-java-packages-dependabot).
{% ifversion dependabot-security-updates-gradle-support %}
For {% data variables.product.prodname_dependabot_security_updates %}, Gradle support is limited to manual uploads of the dependency graph data using the {% data variables.dependency-submission-api.name %}. For more information about the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
> [!NOTE]
> * When you upload Gradle dependencies to the dependency graph using the {% data variables.dependency-submission-api.name %}, all project dependencies are uploaded, even transitive dependencies that aren't explicitly mentioned in any dependency file. When an alert is detected in a transitive dependency, {% data variables.product.prodname_dependabot %} isn't able to find the vulnerable dependency in the repository, and therefore won't create a security update for that alert.
> * {% data variables.product.prodname_dependabot_version_updates %} will, however, create pull requests when the parent dependency is explicitly declared as a direct dependency in the project's manifest file.
{% endif %}
#### Maven
{% data variables.product.prodname_dependabot %} doesn't run Maven but supports updates to `pom.xml` files.
@@ -140,12 +135,9 @@ You can use {% data variables.product.prodname_dependabot %} to keep Dart depend
{% endif %}
{% ifversion dependabot-updates-swift-support %}
#### Swift
Private registry support applies to git registries only. Swift registries are not supported. Non-declarative manifests are not supported. For more information on non-declarative manifests, see [Editing Non-Declarative Manifests](https://github.com/apple/swift-evolution/blob/7003da1439ad60896ec14657dfce829f04b0632c/proposals/0301-package-editing-commands.md#editing-non-declarative-manifests) in the Swift Evolution documentation.
{% endif %}
#### Terraform

3
data/reusables/dependabot/version-updates-skip-scheduled-runs.md
View File

@@ -1,2 +1 @@
{% ifversion dependabot-updates-failure-30-skip-schedule %}
Sometimes, due to a misconfiguration or an incompatible version, you might see that a {% data variables.product.prodname_dependabot %} run has failed. After {% ifversion dependabot-updates-failure-15-skip-schedule %}15 {% elsif ghes < 3.13 %}30 {% endif %}failed runs, {% data variables.product.prodname_dependabot_version_updates %} will skip subsequent scheduled runs until you manually trigger a check for updates from the dependency graph{% ifversion dependabot-updates-deprecate-rerun-failed-jobs %}{% else %}, or you update the manifest file{% endif %}. {% data variables.product.prodname_dependabot_security_updates %} will still run as usual.{% endif %}
Sometimes, due to a misconfiguration or an incompatible version, you might see that a {% data variables.product.prodname_dependabot %} run has failed. After {% ifversion dependabot-updates-failure-15-skip-schedule %}15 {% elsif ghes < 3.13 %}30 {% endif %}failed runs, {% data variables.product.prodname_dependabot_version_updates %} will skip subsequent scheduled runs until you manually trigger a check for updates from the dependency graph{% ifversion dependabot-updates-deprecate-rerun-failed-jobs %}{% else %}, or you update the manifest file{% endif %}. {% data variables.product.prodname_dependabot_security_updates %} will still run as usual.

4
data/reusables/dependency-graph/dependency-submission-API-short.md
View File

@@ -1,5 +1 @@
{% ifversion dependency-graph-repository-view-update %}
Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted.
{% elsif ghes %}
The dependency graph will display the submitted dependencies grouped by ecosystem, but separately from the dependencies parsed from manifest or lock files.
{% else %}{% endif %}

4
data/reusables/dependency-graph/supported-package-ecosystems.md
View File

@@ -8,9 +8,9 @@
| Maven | Java, Scala | `pom.xml` | `pom.xml` |
| npm | JavaScript | `package-lock.json` | `package-lock.json`, `package.json`|
| pip | Python | `requirements.txt`, `pipfile.lock` | `requirements.txt`, `pipfile`, `pipfile.lock`, `setup.py` |
| {% ifversion dependabot-dependency-graph-pnpm %} |
| |
| pnpm | JavaScript | `pnpm-lock.yaml` | `package.json`, `pnpm-lock.yaml` |
| {% endif %} |
| |
| pub | Dart | `pubspec.lock` | `pubspec.yaml`, `pubspec.lock` |
| Python Poetry | Python | `poetry.lock` | `poetry.lock`, `pyproject.toml` |
| RubyGems | Ruby | `Gemfile.lock` | `Gemfile.lock`, `Gemfile`, `*.gemspec` |

3
data/reusables/dependency-review/org-level-enforcement.md
View File

@@ -1,5 +1,2 @@
{% ifversion repo-rules %}
Organization owners can roll out dependency review at scale by enforcing the use of the {% data variables.dependency-review.action_name %} across repositories in the organization. This involves the use of repository rulesets for which you'll set the {% data variables.dependency-review.action_name %} as a required workflow, which means that pull requests can only be merged once the workflow passes all the required checks. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization).
{% endif %}

3
data/reusables/dependency-submission/about-dependency-submission.md
View File

@@ -4,7 +4,6 @@ The dependency graph shows any dependencies you submit using the API in addition
Submitted dependencies will receive {% data variables.product.prodname_dependabot_alerts %} and {% data variables.product.prodname_dependabot_security_updates %} for any known vulnerabilities. You will only get {% data variables.product.prodname_dependabot_alerts %} for dependencies that are from one of the supported ecosystems for the {% data variables.product.prodname_advisory_database %}. For more information about these ecosystems, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database#github-reviewed-advisories). For transitive dependencies submitted via the {% data variables.dependency-submission-api.name %}, {% data variables.product.prodname_dependabot %} will automatically open pull requests to update the parent dependency, if an update is available.
{% ifversion dependency-review-submission-api %}Submitted dependencies will be shown in dependency review, but are _not_ available in your organization's dependency insights.
Submitted dependencies will be shown in dependency review, but are _not_ available in your organization's dependency insights.
{% data reusables.dependency-review.works-with-submission-api-beta %}
{% else %}Submitted dependencies will _not_ be surfaced in dependency review or your organization's dependency insights.{% endif %}

2
data/reusables/dependency-submission/dependency-submission-link.md
View File

@@ -1,2 +1,2 @@
Additionally, you can use the {% data variables.dependency-submission-api.name %} to submit dependencies from the package manager or ecosystem of your choice, even if the ecosystem is not supported by dependency graph for manifest or lock file analysis.
{% ifversion dependency-graph-repository-view-update %}Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted.{% elsif ghes %} The dependency graph will display the submitted dependencies grouped by ecosystem, but separately from the dependencies parsed from manifest or lock files.{% else %}{% endif %} For more information on the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
Dependencies submitted to a project using the {% data variables.dependency-submission-api.name %} will show which detector was used for their submission and when they were submitted. For more information on the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).

3
data/reusables/enterprise/editor-role-note.md
View File

@@ -2,8 +2,7 @@
>The editor role is {% data variables.release-phases.closing_down %} in patch release
{%- ifversion ghes = 3.12 %} 3.12.2{%- endif %}
{%- ifversion ghes = 3.11 %} 3.11.8{%- endif %}
{%- ifversion ghes = 3.10 %} 3.10.10{%- endif %}
. For more information, see
{%- ifversion ghes = 3.12 %} [AUTOTITLE](/enterprise-server@3.12/admin/release-notes#3.12.2-security-fixes).{%- endif %}
{%- ifversion ghes = 3.11 %} [AUTOTITLE](/enterprise-server@3.11/admin/release-notes#3.11.8-security-fixes).{%- endif %}
{%- ifversion ghes = 3.10 %} [AUTOTITLE](/enterprise-server@3.10/admin/release-notes#3.10.10-security-fixes).{%- endif %}

3
data/reusables/enterprise_clustering/cluster-ip-note.md
View File

@@ -2,11 +2,10 @@
> On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. This was fixed in patch release
{%- ifversion ghes = 3.12 %} 3.12.2{%- endif %}
{%- ifversion ghes = 3.11 %} 3.11.8{%- endif %}
{%- ifversion ghes = 3.10 %} 3.10.10{%- endif %}
. For more information, see
{%- ifversion ghes = 3.12 %} [AUTOTITLE](/enterprise-server@3.12/admin/release-notes#3.12.2-security-fixes).{%- endif %}
{%- ifversion ghes = 3.11 %} [AUTOTITLE](/enterprise-server@3.11/admin/release-notes#3.11.8-security-fixes).{%- endif %}
{%- ifversion ghes = 3.10 %} [AUTOTITLE](/enterprise-server@3.10/admin/release-notes#3.10.10-security-fixes).{%- endif %}
>
> {% data reusables.enterprise_clustering.failover-blocks-ips %}

2
data/reusables/projects/what-gets-copied.md
View File

@@ -1 +1 @@
{% ifversion projects-v2-org-templates-improvements %}views, custom fields, draft issues and associated field values, configured workflows (except any auto-add workflows), and insights{% else %}views, custom fields, and draft issues{% endif %}
views, custom fields, draft issues and associated field values, configured workflows (except any auto-add workflows), and insights

2
data/reusables/releases/finish-release.md
View File

@@ -1,11 +1,9 @@
1. Optionally, to include binary files such as compiled programs in your release, drag and drop or manually select files in the binaries box.
1. Optionally, to notify users that the release is not ready for production and may be unstable, select **This is a pre-release**.
1. Optionally, select **Set as latest release**. If you do not select this option, the latest release label will automatically be assigned based on semantic versioning.
{%- ifversion discussions %}
1. Optionally, if {% data variables.product.prodname_discussions %} is enabled for the repository, create a discussion for the release.
* Select **Create a discussion for this release**.
* Select the **Category** dropdown menu, then click a category for the release discussion.
{%- endif %}
1. If you're ready to publicize your release, click **Publish release**. To work on the release later, click **Save draft**.
{%- ifversion fpt or ghec %}

3
data/reusables/rest-api/permission-header.md
View File

@@ -1,5 +1,2 @@
{% ifversion rest-permissions-header %}
To help you choose the correct permissions, you will receive the `X-Accepted-GitHub-Permissions` header in the REST API response. The header will tell you what permissions are required in order to access the endpoint. For more information, see [AUTOTITLE](/rest/overview/troubleshooting#resource-not-accessible).
{% endif %}

4
data/reusables/secret-scanning/push-protection-bypass.md
View File

@@ -1,4 +1,4 @@
If a contributor bypasses a push protection block for a secret, {% data variables.product.prodname_dotcom %}:
* Creates an alert in the **Security** tab of the repository.
* Adds the bypass event to the audit log.{% ifversion secret-scanning-push-protection-email %}
* Sends an email alert to organization or personal account owners, security managers, and repository administrators who are watching the repository, with a link to the secret and the reason why it was allowed.{% endif %}
* Adds the bypass event to the audit log.
* Sends an email alert to organization or personal account owners, security managers, and repository administrators who are watching the repository, with a link to the secret and the reason why it was allowed.

6
data/reusables/security-overview/beta-org-risk-coverage.md
View File

@@ -1,6 +0,0 @@
{% ifversion ghes < 3.11 %}
> [!NOTE]
> The "Security risk" and "Security coverage" views are currently in {% data variables.release-phases.public_preview %} and subject to change.
{% endif %}

4
data/variables/code-scanning.yml
View File

@@ -13,10 +13,10 @@ no_build_support: '{% ifversion codeql-no-build-csharp %}C# and{% endif %} Java'
compiled_languages: 'C/C++, C#, Go, Java, Kotlin, and Swift'
# List of languages where the libraries support expansion using CodeQL model packs at the repository level.
codeql_model_packs_support: '{% ifversion fpt or ghec or ghes > 3.14 %} C/C++, C#, Java/Kotlin, Python, and Ruby{% elsif ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% elsif ghes > 3.10 %}Java/Kotlin{% endif %}'
codeql_model_packs_support: '{% ifversion fpt or ghec or ghes > 3.14 %} C/C++, C#, Java/Kotlin, Python, and Ruby{% elsif ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% else %}Java/Kotlin{% endif %}'
# List of languages that the model editor in the CodeQL extension for VS Code supports
codeql_model_editor_support: '{% ifversion fpt or ghec or ghes > 3.14 %} C#, Java/Kotlin, Python, and Ruby{% elsif ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% elsif ghes > 3.10 %}Java/Kotlin{% endif %}'
codeql_model_editor_support: '{% ifversion fpt or ghec or ghes > 3.14 %} C#, Java/Kotlin, Python, and Ruby{% elsif ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% else %}Java/Kotlin{% endif %}'
# List of that allow threat models to be configurable for code scanning
code_scanning_threat_model_support: 'Java/Kotlin{% ifversion fpt or ghec or ghes > 3.12 %} and C#{% endif %}'

12
data/variables/product.yml
View File

@@ -94,7 +94,7 @@ prodname_codeql_cli: 'CodeQL CLI'
# CodeQL usually bumps its minor version for each minor version of GHES.
# Update this whenever a new enterprise version of CodeQL is being prepared.
codeql_cli_ghes_recommended_version: >-
{% ifversion ghes < 3.11 %}2.13.5{% elsif ghes < 3.12 %}2.14.6{% elsif ghes < 3.17 %}2.20.3{% endif %}
{% ifversion ghes < 3.12 %}2.14.6{% elsif ghes < 3.17 %}2.20.3{% endif %}
# Projects v2
prodname_projects_v2: 'Projects'
@@ -119,13 +119,13 @@ pat_v2_plural: 'fine-grained personal access tokens'
pat_v2_caps: 'Fine-grained personal access token'
pat_v2_caps_plural: 'Fine-grained personal access tokens'
pat_v1: >-
{% ifversion pat-v2 %}personal access token (classic){% else %}personal access token{% endif %}
personal access token (classic)
pat_v1_plural: >-
{% ifversion pat-v2 %}personal access tokens (classic){% else %}personal access tokens{% endif %}
personal access tokens (classic)
pat_v1_caps: >-
{% ifversion pat-v2 %}Personal access token (classic){% else %}Personal access token{% endif %}
Personal access token (classic)
pat_v1_caps_plural: >-
{% ifversion pat-v2 %}Personal access tokens (classic){% else %}Personal access tokens{% endif %}
Personal access tokens (classic)
pat_classic: 'token (classic)'
pat_classic_plural: 'tokens (classic)'
pat_classic_caps: 'Token (classic)'
@@ -147,7 +147,7 @@ prodname_unfurls: 'Content Attachments'
prodname_actions: 'GitHub Actions'
prodname_actions_runner_controller: 'Actions Runner Controller'
runner_required_version: >-
{% ifversion ghes < 3.11 %}2.304.0{% elsif ghes < 3.12 %}2.309.0{% elsif ghes < 3.13 %}2.311.0{% elsif ghes < 3.14 %}2.314.1{% elsif ghes < 3.15 %}2.317.0{% elsif ghes < 3.16 %}2.319.1{% endif %}
{% ifversion ghes < 3.12 %}2.309.0{% elsif ghes < 3.13 %}2.311.0{% elsif ghes < 3.14 %}2.314.1{% elsif ghes < 3.15 %}2.317.0{% elsif ghes < 3.16 %}2.319.1{% endif %}
# GitHub Debug
prodname_debug: 'GitHub Debug'