Merge branch 'main' into actions-sha

data/features/integration-branch-protection-exceptions.yml

@@ -0,0 +1,7 @@
+# Reference: #6665
+# GitHub Apps are supported as actors in all types of exceptions to branch protections
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>= 3.6'
+  ghae: 'issue-6665'

data/features/math.yml

@@ -0,0 +1,7 @@
+# Issues 6054
+# Math support using LaTeX syntax
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.6'
+  ghae: 'issue-6054'

data/features/security-managers.yml

@@ -3,5 +3,5 @@
 versions:
   fpt: '*'
   ghes: '>=3.3'
-  ghae: 'issue-4999'
+  ghae: '*'
   ghec: '*'

data/features/security-overview-feature-specific-alert-page.yml

@@ -0,0 +1,7 @@
+# Reference: #7028.
+# Documentation for feature-specific page for security overview at enterprise-level.
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.5'
+  ghae: 'issue-7028'

data/graphql/ghae/schema.docs-ghae.graphql

@@ -5368,7 +5368,7 @@ input CreateBranchProtectionRuleInput {
   pattern: String!
 
   """
-  A list of User, Team or App IDs allowed to push to matching branches.
+  A list of User, Team, or App IDs allowed to push to matching branches.
   """
   pushActorIds: [ID!]
 
@@ -39257,7 +39257,7 @@ input UpdateBranchProtectionRuleInput {
   pattern: String
 
   """
-  A list of User, Team or App IDs allowed to push to matching branches.
+  A list of User, Team, or App IDs allowed to push to matching branches.
   """
   pushActorIds: [ID!]
 

data/graphql/ghec/schema.docs.graphql

@@ -5651,7 +5651,7 @@ input CreateBranchProtectionRuleInput {
   pattern: String!
 
   """
-  A list of User, Team or App IDs allowed to push to matching branches.
+  A list of User, Team, or App IDs allowed to push to matching branches.
   """
   pushActorIds: [ID!]
 
@@ -45282,7 +45282,7 @@ input UpdateBranchProtectionRuleInput {
   pattern: String
 
   """
-  A list of User, Team or App IDs allowed to push to matching branches.
+  A list of User, Team, or App IDs allowed to push to matching branches.
   """
   pushActorIds: [ID!]
 

data/graphql/schema.docs.graphql

@@ -5651,7 +5651,7 @@ input CreateBranchProtectionRuleInput {
   pattern: String!
 
   """
-  A list of User, Team or App IDs allowed to push to matching branches.
+  A list of User, Team, or App IDs allowed to push to matching branches.
   """
   pushActorIds: [ID!]
 
@@ -45282,7 +45282,7 @@ input UpdateBranchProtectionRuleInput {
   pattern: String
 
   """
-  A list of User, Team or App IDs allowed to push to matching branches.
+  A list of User, Team, or App IDs allowed to push to matching branches.
   """
   pushActorIds: [ID!]
 

data/release-notes/enterprise-server/3-1/21.yml

@@ -0,0 +1,24 @@
+date: '2022-05-17'
+sections:
+  security_fixes:
+    - '**MEDIUM:** A security issue in nginx resolver was identified, where an attacker who could forge UDP packets from the DNS server could cause 1-byte memory overwrite, resulting in worker process crashes or other potentially damaging impacts. The vulnerability has been assigned [CVE-2021-23017](https://nvd.nist.gov/vuln/detail/CVE-2021-23017).'
+    - Updated the `actions/checkout@v2` and `actions/checkout@v3` actions to address new vulnerabilities announced in the [Git security enforcement blog post](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
+    - Packages have been updated to the latest security versions. 
+  bugs:
+    - In some cluster topologies, the `ghe-cluster-status` command left behind empty directories in `/tmp`.
+    - SNMP incorrectly logged a high number of `Cannot statfs` error messages to syslog.
+    - For instances configured with SAML authentication and built-in fallback enabled, built-in users would get stuck in a “login” loop when attempting to sign in from the page generated after logging out.
+    - When using SAML encrypted assertions, some assertions were not correctly marking SSH keys as verified.
+  changes:
+    - In high availability configurations, clarify that the replication overview page in the Management Console only displays the current replication configuration, not the current replication status.
+    - When enabling {% data variables.product.prodname_registry %}, clarify that using a Shared Access Signature (SAS) token as connection string is not supported.
+    - Support bundles now include the row count of tables stored in MySQL.
+  known_issues:
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/release-notes/enterprise-server/3-2/13.yml

@@ -0,0 +1,26 @@
+date: '2022-05-17'
+sections:
+  security_fixes:
+    - '**MEDIUM:** A security issue in nginx resolver was identified, where an attacker who could forge UDP packets from the DNS server could cause 1-byte memory overwrite, resulting in worker process crashes or other potentially damaging impacts. The vulnerability has been assigned [CVE-2021-23017](https://nvd.nist.gov/vuln/detail/CVE-2021-23017).'
+    - Updated the `actions/checkout@v2` and `actions/checkout@v3` actions to address new vulnerabilities announced in the [Git security enforcement blog post](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - In some cluster topologies, the `ghe-cluster-status` command left behind empty directories in `/tmp`.
+    - SNMP incorrectly logged a high number of `Cannot statfs` error messages to syslog.
+    - For instances configured with SAML authentication and built-in fallback enabled, built-in users would get stuck in a “login” loop when attempting to sign in from the page generated after logging out.
+    - Videos uploaded to issue comments would not be rendered properly.
+    - When using SAML encrypted assertions, some assertions were not correctly marking SSH keys as verified.
+    - When using `ghe-migrator`, a migration would fail to import video file attachments in issues and pull requests.
+  changes:
+    - In high availability configurations, clarify that the replication overview page in the Management Console only displays the current replication configuration, not the current replication status.
+    - When enabling {% data variables.product.prodname_registry %}, clarify that using a Shared Access Signature (SAS) token as connection string is not currently supported.
+    - Support bundles now include the row count of tables stored in MySQL.
+    - Dependency Graph can now be enabled without vulnerability data, allowing you to see what dependencies are in use and at what versions. Enabling Dependency Graph without enabling {% data variables.product.prodname_github_connect %} will **not** provide vulnerability information.
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/release-notes/enterprise-server/3-3/8.yml

@@ -0,0 +1,33 @@
+date: '2022-05-17'
+sections:
+  security_fixes:
+    - '**MEDIUM:** A security issue in nginx resolver was identified, where an attacker who could forge UDP packets from the DNS server could cause 1-byte memory overwrite, resulting in worker process crashes or other potentially damaging impacts. The vulnerability has been assigned [CVE-2021-23017](https://nvd.nist.gov/vuln/detail/CVE-2021-23017).'
+    - Updated the `actions/checkout@v2` and `actions/checkout@v3` actions to address new vulnerabilities announced in the [Git security enforcement blog post](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - In some cluster topologies, the `ghe-cluster-status` command left behind empty directories in `/tmp`.
+    - SNMP incorrectly logged a high number of `Cannot statfs` error messages to syslog
+    - For instances configured with SAML authentication and built-in fallback enabled, built-in users would get stuck in a “login” loop when attempting to sign in from the page generated after logging out.
+    - Attempts to view the `git fsck` output from the `/stafftools/repositories/:owner/:repo/disk` page would fail with a `500 Internal Server Error`.
+    - When using SAML encrypted assertions, some assertions were not correctly marking SSH keys as verified.
+    - Videos uploaded to issue comments would not be rendered properly.
+    - When using the file finder on a repository page, typing the backspace key within the search field would result in search results being listed multiple times and cause rendering problems.
+    - When using GitHub Enterprise Importer to import a repository, some issues would fail to import due to incorrectly configured project timeline events.
+    - When using `ghe-migrator`, a migration would fail to import video file attachments in issues and pull requests.
+  changes:
+    - In high availability configurations, clarify that the replication overview page in the Management Console only displays the current replication configuration, not the current replication status.
+    - When enabling {% data variables.product.prodname_registry %}, clarify that using a Shared Access Signature (SAS) token as connection string is not currently supported.
+    - Support bundles now include the row count of tables stored in MySQL.
+    - When determining which repository networks to schedule maintenance on, we no longer count the size of unreachable objects.
+    - The `run_started_at` response field is now included in the [Workflow runs API](/rest/actions/workflow-runs) and the `workflow_run` event webhook payload.
+  known_issues:
+    - After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command.
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.'
+    - '{% data variables.product.prodname_ghe_server %} 3.3 instances installed on Azure and provisioned with 32+ CPU cores would fail to launch, due to a bug present in the current Linux kernel. [Updated: 2022-04-08]'

data/release-notes/enterprise-server/3-4/2.yml

@@ -79,6 +79,11 @@ sections:
           Repositories which were not present and active before upgrading to {% data variables.product.prodname_ghe_server %} 3.3 may not perform optimally until a repository maintenance task is run and has successfully completed.
 
           To start a repository maintenance task manually, browse to `https://<hostname>/stafftools/repositories/<owner>/<repository>/network` for each affected repository and click the Schedule button.
-
+    
+    - heading: Theme picker for GitHub Pages has been removed
+      notes:
+        - |
+          The theme picker for GitHub Pages has been removed from the Pages settings. For more information about configuration of themes for GitHub Pages, see "[Adding a theme to your GitHub Pages site using Jekyll](/pages/setting-up-a-github-pages-site-with-jekyll/adding-a-theme-to-your-github-pages-site-using-jekyll)."
+        
   backups:
     - '{% data variables.product.prodname_ghe_server %} 3.4 requires at least [GitHub Enterprise Backup Utilities 3.4.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).'

data/release-notes/enterprise-server/3-4/3.yml

@@ -0,0 +1,40 @@
+date: '2022-05-17'
+sections:
+  security_fixes:
+    - '**MEDIUM:** A security issue in nginx resolver was identified, where an attacker who could forge UDP packets from the DNS server could cause 1-byte memory overwrite, resulting in worker process crashes or other potentially damaging impacts. The vulnerability has been assigned [CVE-2021-23017](https://nvd.nist.gov/vuln/detail/CVE-2021-23017).'
+    - Updated the `actions/checkout@v2` and `actions/checkout@v3` actions to address new vulnerabilities announced in the [Git security enforcement blog post](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - In some cluster topologies, the `ghe-cluster-status` command left behind empty directories in `/tmp`.
+    - SNMP incorrectly logged a high number of `Cannot statfs` error messages to syslog.
+    - When adding custom patterns and providing non-UTF8 test strings, match highlighting was incorrect.
+    - LDAP users with an underscore character (`_`) in their user names can now login successfully.
+    - For instances configured with SAML authentication and built-in fallback enabled, built-in users would get stuck in a “login” loop when attempting to sign in from the page generated after logging out.
+    - After enabling SAML encrypted assertions with Azure as identity provider, the sign in page would fail with a `500` error.
+    - Character key shortcut preferences weren't respected.
+    - Attempts to view the `git fsck` output from the `/stafftools/repositories/:owner/:repo/disk` page would fail with a `500 Internal Server Error`.
+    - When using SAML encrypted assertions, some assertions were not correctly marking SSH keys as verified.
+    - Videos uploaded to issue comments would not be rendered properly.
+    - When using GitHub Enterprise Importer to import a repository, some issues would fail to import due to incorrectly configured project timeline events.
+    - When using `ghe-migrator`, a migration would fail to import video file attachments in issues and pull requests.
+  changes:
+    - In high availability configurations, clarify that the replication overview page in the Management Console only displays the current replication configuration, not the current replication status.
+    - The Nomad allocation timeout for Dependency Graph has been increased to ensure post-upgrade migrations can complete.
+    - When enabling {% data variables.product.prodname_registry %}, clarify that using a Shared Access Signature (SAS) token as connection string is not currently supported.
+    - Support bundles now include the row count of tables stored in MySQL.
+    - When determining which repository networks to schedule maintenance on, we no longer count the size of unreachable objects.
+    - The `run_started_at` response field is now included in the [Workflow runs API](/rest/actions/workflow-runs) and the `workflow_run` event webhook payload.
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - |
+      When using SAML encrypted assertions with {% data variables.product.prodname_ghe_server %} 3.4.0 and 3.4.1, a new XML attribute `WantAssertionsEncrypted` in the `SPSSODescriptor` contains an invalid attribute for SAML metadata. IdPs that consume this SAML metadata endpoint may encounter errors when validating the SAML metadata XML schema. A fix will be available in the next patch release. [Updated: 2022-04-11]
+      
+      To work around this problem, you can take one of the two following actions.
+      - Reconfigure the IdP by uploading a static copy of the SAML metadata without the `WantAssertionsEncrypted` attribute.
+      - Copy the SAML metadata, remove `WantAssertionsEncrypted` attribute, host it on a web server, and reconfigure the IdP to point to that URL.

data/release-notes/enterprise-server/3-5/0-rc1.yml

@@ -403,7 +403,12 @@ sections:
         # https://github.com/github/releases/issues/1632
         - |
           The CodeQL runner is deprecated in favor of the CodeQL CLI. GitHub Enterprise Server 3.4 and later no longer include the CodeQL runner. This deprecation only affects users who use CodeQL code scanning in 3rd party CI/CD systems. GitHub Actions users are not affected. GitHub strongly recommends that customers migrate to the CodeQL CLI, which is a feature-complete replacement for the CodeQL runner and has many additional features. For more information, see "[Migrating from the CodeQL runner to CodeQL CLI](/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli)."
-
+    
+    - heading: Theme picker for GitHub Pages has been removed
+      notes:
+        - |
+          The theme picker for GitHub Pages has been removed from the Pages settings. For more information about configuration of themes for GitHub Pages, see "[Adding a theme to your GitHub Pages site using Jekyll](/pages/setting-up-a-github-pages-site-with-jekyll/adding-a-theme-to-your-github-pages-site-using-jekyll)."
+        
   known_issues:
       - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
       - Custom firewall rules are removed during the upgrade process.
@@ -412,4 +417,4 @@ sections:
       - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
       - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
       - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
-      - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
+      - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.

data/release-notes/github-ae/2021-06/2021-12-06.yml

@@ -1,7 +1,7 @@
 date: '2021-12-06'
 friendlyDate: 'December 6, 2021'
 title: 'December 6, 2021'
-currentWeek: true
+currentWeek: false
 sections:
   features:
     - heading: 'Administration'

data/release-notes/github-ae/2022-05/2022-05-17.yml

@@ -0,0 +1,201 @@
+date: '2022-05-17'
+friendlyDate: 'May 17, 2022'
+title: 'May 17, 2022'
+currentWeek: true
+sections:
+  features:
+    - heading: 'GitHub Advanced Security features are generally available'
+      notes:
+        - |
+          Code scanning and secret scanning are now generally available for GitHub AE. For more information, see "[About code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)" and "[About secret scanning](/code-security/secret-scanning/about-secret-scanning)."
+        - |
+          Custom patterns for secret scanning is now generally available. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+
+    - heading: 'View all code scanning alerts for a pull request'
+      notes:
+        - |
+          You can now find all code scanning alerts associated with your pull request with the new pull request filter on the code scanning alerts page. The pull request checks page shows the alerts introduced in a pull request, but not existing alerts on the pull request branch.  The new "View all branch alerts" link on the Checks page takes you to the code scanning alerts page with the specific pull request filter already applied, so you can see all the alerts associated with your pull request. This can be useful to manage lots of alerts, and to see more detailed information for individual alerts. For more information, see "[Managing code scanning alerts for your repository](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts)."
+
+    - heading: 'Security overview for organizations'
+      notes:
+        - |
+          GitHub Advanced Security now offers an organization-level view of the application security risks detected by code scanning, Dependabot, and secret scanning. The security overview shows the enablement status of security features on each repository, as well as the number of alerts detected.
+
+          In addition, the security overview lists all secret scanning alerts at the organization level. Similar views for Dependabot and code scanning alerts are coming in future releases. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)." <!-- ⚠️ Article will be available when we toggle content feature flags -->
+
+          ![Screenshot of security overview](/assets/images/enterprise/3.2/release-notes/security-overview-UI.png)
+
+    - heading: 'Dependency graph'
+      notes:
+        - |
+          Dependency graph is now available on GitHub AE. The dependency graph helps you understand the open source software that you depend on by parsing the dependency manifests checked into repositories. For more information, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." <!-- ⚠️ Article will be available when we toggle content feature flags -->
+
+    - heading: 'Dependabot alerts'
+      notes:
+        - |
+          Dependabot alerts can now notify you of vulnerabilities in your dependencies on GitHub AE. You can enable Dependabot alerts by enabling the dependency graph, enabling GitHub Connect, and syncing vulnerabilities from the GitHub Advisory Database. This feature is in beta and subject to change. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)."
+
+          After you enable Dependabot alerts, members of your organization will receive notifications any time a new vulnerability that affects their dependencies is added to the GitHub Advisory Database or a vulnerable dependency is added to their manifest. Members can customize notification settings. For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies)." <!-- ⚠️ Articles will be available when we toggle content feature flags -->
+
+    - heading: 'Security manager role for organizations'
+      notes:
+        - |
+          Organizations can now grant teams permission to manage security alerts and settings on all their repositories. The "security manager" role can be applied to any team and grants the team's members the following permissions.
+
+          - Read access on all repositories in the organization
+          - Write access on all security alerts in the organization
+          - Access to the organization-level security tab
+          - Write access on security settings at the organization level
+          - Write access on security settings at the repository level
+
+          For more information, see "[Managing security managers in your organization](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)." <!-- ⚠️ Article will be available when we toggle content feature flags -->
+
+    - heading: 'Ephemeral runners and autoscaling webhooks for GitHub Actions'
+      notes:
+        - |
+          GitHub AE now supports ephemeral (single job) self-hosted runners and a new [`workflow_job`](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) webhook to make autoscaling runners easier.
+
+          Ephemeral runners are good for self-managed environments where each job is required to run on a clean image. After a job is run, GitHub AE automatically unregisteres ephemeral runners, allowing you to perform any post-job management.
+
+          You can combine ephemeral runners with the new `workflow_job` webhook to automatically scale self-hosted runners in response to job requests from GitHub Actions.
+
+          For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)" and "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job)." <!-- ⚠️ Article will be available when we toggle content feature flags -->
+
+    - heading: 'Composite actions for GitHub Actions'
+      notes:
+        - |
+          You can reduce duplication in your workflows by using composition to reference other actions. Previously, actions written in YAML could only use scripts. For more information, see "[Creating a composite action](/actions/creating-actions/creating-a-composite-action)."
+
+    - heading: 'New token scope for management of self-hosted runners'
+      notes:
+        - |
+          Managing self-hosted runners at the enterprise level no longer requires using personal access tokens with the `admin:enterprise` scope. You can instead use the `new manage_runners:enterprise` scope to restrict the permissions on your tokens. Tokens with this scope can authenticate to many REST API endpoints to manage your enterprise's self-hosted runners.
+
+    - heading: 'Audit log accessible via REST API'
+      notes:
+        - |
+          You can now use the REST API to programmatically interface with the audit log. While audit log forwarding provides you with the ability to retain and analyze data with your own toolkit and determine patterns over time, the new REST API will help you perform limited analysis on events of note that have happened in recent history. For more information, see "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#using-the-rest-api)." <!-- ⚠️ Article will be available when we toggle content feature flags -->
+
+    - heading: 'Expiration dates for personal access tokens'
+      notes:
+        - |
+          You can now set an expiration date on new and existing personal access tokens. GitHub AE will send you an email when it's time to renew a token that's about to expire. Tokens that have expired can be regenerated, giving you a duplicate token with the same properties as the original. When using a token with the GitHub AE API, you'll see a new header, `GitHub-Authentication-Token-Expiration`, indicating the token's expiration date. You can use this in scripts, for example to log a warning message as the expiration date approaches. For more information, see "[Creating a personal access token](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)" and "[Getting started with the REST API](/rest/guides/getting-started-with-the-rest-api#using-personal-access-tokens)."
+
+    - heading: 'Export a list of people with access to a repository'
+      notes:
+        - |
+          Organization owners can now export a list of the people with access to a repository in CSV format. For more information, see "[Viewing people with access to your repository](/organizations/managing-access-to-your-organizations-repositories/viewing-people-with-access-to-your-repository#exporting-a-list-of-people-with-access-to-your-repository)."
+
+    - heading: 'Improved management of code review assignments'
+      notes:
+        - |
+          New settings to manage code review assignment code review assignment help distribute a team's pull request review across the team members so reviews aren't the responsibility of just one or two team members.
+
+          - Child team members: Limit assignment to only direct members of the team. Previously, team review requests could be assigned to direct members of the team or members of child teams.
+          - Count existing requests: Continue with automatic assignment even if one or more members of the team are already requested. Previously, a team member who was already requested would be counted as one of the team's automatic review requests.
+          - Team review request: Keep a team assigned to review even if one or more members is newly assigned.
+
+          For more information, see "[Managing code review settings for your team](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team)."
+
+    - heading: 'New themes'
+      notes:
+        - |
+          Two new themes are available for the GitHub AE web UI.
+          
+          - A dark high contrast theme, with greater contrast between foreground and background elements
+          - Light and dark colorblind, which swap colors such as red and green for orange and blue
+          
+          For more information, see "[Managing your theme settings](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings)."
+
+    - heading: 'Markdown improvements'
+      notes:
+        - |
+          You can now use footnote syntax in any Markdown field to reference relevant information without disrupting the flow of your prose. Footnotes are displayed as superscript links. Click a footnote to jump to the reference, displayed in a new section at the bottom of the document. For more information, see "[Basic writing and formatting syntax](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#footnotes)." <!-- ⚠️ Section on page will be available when we toggle content feature flags -->
+
+        - |
+          You can now toggle between the source view and rendered Markdown view through the web UI by clicking the {% octicon "code" aria-label="The Code icon" %} button to "Display the source diff" at the top of any Markdown file. Previously, you needed to use the blame view to link to specific line numbers in the source of a Markdown file.
+          
+        - |
+          You can now add images and videos to Markdown files in gists by pasting them into the Markdown body or selecting them from the dialog at the bottom of the Markdown file. For information about supported file types, see "[Attaching files](/github/writing-on-github/working-with-advanced-formatting/attaching-files)."
+
+        - |
+          GitHub AE now automatically generates a table of contents for Wikis, based on headings.
+
+  changes:
+    - heading: 'Performance'
+      notes:
+        - |
+          Page loads and jobs are now significantly faster for repositories with many Git refs.
+
+    - heading: 'Administration'
+      notes:
+        - |
+          The user impersonation process is improved. An impersonation session now requires a justification for the impersonation, actions are recorded in the audit log as being performed as an impersonated user, and the user who is impersonated will receive an email notification that they have been impersonated by an enterprise owner. For more information, see "[Impersonating a user](/admin/user-management/managing-users-in-your-enterprise/impersonating-a-user)."
+
+    - heading: 'GitHub Actions'
+      notes:
+        - |
+          To mitigate insider man-in-the-middle attacks when using actions resolved through GitHub Connect to GitHub.com from GitHub AE, GitHub AE retires the actions namespace (`OWNER/NAME`) on use. Retiring the namespace prevents that namespace from being created in your enterprise, and ensures all workflows referencing the action will download it from GitHub.com. For more information, see "[Enabling automatic access to GitHub.com actions using GitHub Connect](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." <!-- ⚠️ Section on page will be available when we toggle content feature flags -->
+
+        - |
+          The audit log now includes additional events for GitHub Actions. GitHub AE now records audit log entries for the following events.
+
+          - A self-hosted runner is registered or removed.
+          - A self-hosted runner is added to a runner group, or removed from a runner group.
+          - A runner group is created or removed.
+          - A workflow run is created or completed.
+          - A workflow job is prepared. Importantly, this log includes the list of secrets that were provided to the runner.
+
+          For more information, see "[Security hardening for GitHub Actions](/actions/security-guides/security-hardening-for-github-actions)."
+
+    - heading: 'GitHub Advanced Security'
+      notes:
+        - |
+          Code scanning will now map alerts identified in `on:push` workflows to show up on pull requests, when possible.  The alerts shown on the pull request are those identified by comparing the existing analysis of the head of the branch to the analysis for the target branch that you are merging against. Note that if the pull request's merge commit is not used, alerts can be less accurate when compared to the approach that uses `on:pull_request` triggers. For more information, see "[About code scanning with CodeQL](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)."
+
+          Some other CI/CD systems can exclusively be configured to trigger a pipeline when code is pushed to a branch, or even exclusively for every commit. Whenever such an analysis pipeline is triggered and results are uploaded to the SARIF API, code scanning will try to match the analysis results to an open pull request. If an open pull request is found, the results will be published as described above. For more information, see "[Uploading a SARIF file to GitHub](/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github)."
+
+        - |
+          GitHub AE now detects secrets from additional providers. For more information, see "[Secret scanning patterns](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+
+    - heading: 'Pull requests'
+      notes:
+        - |
+          The timeline and Reviewers sidebar on the pull request page now indicate if a review request was automatically assigned to one or more team members because that team uses code review assignment.
+          
+          ![Screenshot of indicator for automatic assignment of code review](https://user-images.githubusercontent.com/2503052/134931920-409dea07-7a70-4557-b208-963357db7a0d.png)
+          
+        - |
+          You can now filter pull request searches to only include pull requests you are directly requested to review by choosing **Awaiting review from you**. For more information, see "[Searching issues and pull requests](https://docs.github.com/en/search-github/searching-on-github/searching-issues-and-pull-requests)."
+
+        - |
+          If you specify the exact name of a branch when using the branch selector menu, the result now appears at the top of the list of matching branches. Previously, exact branch name matches could appear at the bottom of the list.
+
+        - |
+          When viewing a branch that has a corresponding open pull request, GitHub AE now links directly to the pull request. Previously, there would be a prompt to contribute using branch comparison or to open a new pull request.
+
+        - |
+          You can now click a button to copy the full raw contents of a file to the clipboard. Previously, you would need to open the raw file, select all, and then copy. To copy the contents of a file, navigate to the file and click  in the toolbar. Note that this feature is currently only available in some browsers.
+
+        - |
+          A warning is now displayed when viewing a file that contains bidirectional Unicode text. Bidirectional Unicode text can be interpreted or compiled differently than it appears in a user interface. For example, hidden bidirectional Unicode characters can be used to swap segments of text in a file. For more information about replacing these characters, see the [GitHub Changelog](https://github.blog/changelog/2021-10-31-warning-about-bidirectional-unicode-text/).
+
+    - heading: 'Repositories'
+      notes:
+        - |
+          GitHub AE now includes enhanced support for _CITATION.cff_ files. _CITATION.cff_ files are plain text files with human- and machine-readable citation information. GitHub AE parses this information into convenient formats such as [APA](​​https://apastyle.apa.org) and [BibTeX](https://en.wikipedia.org/wiki/BibTeX) that can be copied by others. For more information, see "[About CITATION files](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-citation-files)." <!-- ⚠️ Article will be available when we toggle content feature flags -->
+
+        - |
+          You can now add, delete, or view autolinks through the Repositories API's Autolinks endpoint. For more information, see "[Autolinked references and URLs](/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls)" and "[Repositories](/rest/reference/repos#autolinks)" in the REST API documentation.
+
+    - heading: 'Releases'
+      notes:
+
+        - |
+          The tag selection component for GitHub releases is now a drop-down menu rather than a text field. For more information, see "[Managing releases in a repository](/repositories/releasing-projects-on-github/managing-releases-in-a-repository#creating-a-release)."
+
+    - heading: 'Markdown'
+      notes:
+
+        - |
+          When dragging and dropping files such as images and videos into a Markdown editor, GitHub AE now uses the mouse pointer location instead of the cursor location when placing the file.

data/reusables/actions/allow-specific-actions-intro.md

@@ -4,8 +4,8 @@
 
 When you choose {% data reusables.actions.policy-label-for-select-actions-workflows %}, local actions{% if actions-workflow-policy %} and reusable workflows{% endif %} are allowed, and there are additional options for allowing other specific actions{% if actions-workflow-policy %} and reusable workflows{% endif %}:
 
-- **Allow actions created by {% data variables.product.prodname_dotcom %}:** You can allow all actions created by {% data variables.product.prodname_dotcom %} to be used by workflows. Actions created by {% data variables.product.prodname_dotcom %} are located in the `actions` and `github` organizations. For more information, see the [`actions`](https://github.com/actions) and [`github`](https://github.com/github) organizations.{% ifversion fpt or ghes or ghae-issue-5094 or ghec %}
-- **Allow Marketplace actions by verified creators:** {% ifversion ghes or ghae-issue-5094 %}This option is available if you have {% data variables.product.prodname_github_connect %} enabled and configured with {% data variables.product.prodname_actions %}. For more information, see "[Enabling automatic access to GitHub.com actions using GitHub Connect](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)."{% endif %} You can allow all {% data variables.product.prodname_marketplace %} actions created by verified creators to be used by workflows. When GitHub has verified the creator of the action as a partner organization, the {% octicon "verified" aria-label="The verified badge" %} badge is displayed next to the action in {% data variables.product.prodname_marketplace %}.{% endif %}
+- **Allow actions created by {% data variables.product.prodname_dotcom %}:** You can allow all actions created by {% data variables.product.prodname_dotcom %} to be used by workflows. Actions created by {% data variables.product.prodname_dotcom %} are located in the `actions` and `github` organizations. For more information, see the [`actions`](https://github.com/actions) and [`github`](https://github.com/github) organizations.{% ifversion fpt or ghes or ghae or ghec %}
+- **Allow Marketplace actions by verified creators:** {% ifversion ghes or ghae %}This option is available if you have {% data variables.product.prodname_github_connect %} enabled and configured with {% data variables.product.prodname_actions %}. For more information, see "[Enabling automatic access to GitHub.com actions using GitHub Connect](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)."{% endif %} You can allow all {% data variables.product.prodname_marketplace %} actions created by verified creators to be used by workflows. When GitHub has verified the creator of the action as a partner organization, the {% octicon "verified" aria-label="The verified badge" %} badge is displayed next to the action in {% data variables.product.prodname_marketplace %}.{% endif %}
 - **Allow specified actions{% if actions-workflow-policy %} and reusable workflows{% endif %}:** You can restrict workflows to use actions{% if actions-workflow-policy %} and reusable workflows{% endif %} in specific organizations and repositories.
 
   To restrict access to specific tags or commit SHAs of an action{% if actions-workflow-policy %} or reusable workflow{% endif %}, use the same syntax used in the workflow to select the action{% if actions-workflow-policy %} or reusable workflow{% endif %}.

data/reusables/actions/jobs/section-defining-outputs-for-jobs.md

@@ -1,6 +1,8 @@
 You can use `jobs.<job_id>.outputs` to create a `map` of outputs for a job. Job outputs are available to all downstream jobs that depend on this job. For more information on defining job dependencies, see [`jobs.<job_id>.needs`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds).
 
-Job outputs are strings, and job outputs containing expressions are evaluated on the runner at the end of each job. Outputs containing secrets are redacted on the runner and not sent to {% data variables.product.prodname_actions %}.
+{% data reusables.actions.output-limitations %}
+
+Job outputs containing expressions are evaluated on the runner at the end of each job. Outputs containing secrets are redacted on the runner and not sent to {% data variables.product.prodname_actions %}.
 
 To use job outputs in a dependent job, you can use the `needs` context. For more information, see "[Contexts](/actions/learn-github-actions/contexts#needs-context)."
 

data/reusables/actions/jobs/using-matrix-strategy.md

@@ -1,4 +1,4 @@
-Use `jobs.<job_id>.strategy.matrix` to define a matrix of different job configurations. Within your matrix, define one or more variables followed by an array of values. For example, the following matrix has a veriable called `version` with the value `[10, 12, 14]` and a variable called `os` with the value `[ubuntu-latest, windows-latest]`:
+Use `jobs.<job_id>.strategy.matrix` to define a matrix of different job configurations. Within your matrix, define one or more variables followed by an array of values. For example, the following matrix has a variable called `version` with the value `[10, 12, 14]` and a variable called `os` with the value `[ubuntu-latest, windows-latest]`:
 
 ```yaml
 jobs:

data/reusables/actions/message-parameters.md

@@ -1,8 +1,8 @@
 | Parameter | Value |
-| :- | :- |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %}
+| :- | :- |{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
 | `title` | Custom title |{% endif %}
 | `file` | Filename |
-| `col` | Column number, starting at 1 |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %}
+| `col` | Column number, starting at 1 |{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
 | `endColumn` | End column number |{% endif %}
-| `line` | Line number, starting at 1 |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %}
+| `line` | Line number, starting at 1 |{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
 | `endLine` | End line number |{% endif %}

data/reusables/actions/output-limitations.md

@@ -0,0 +1 @@
+Outputs are Unicode strings, and can be a maximum of 1 MB. The total of all outputs in a workflow run can be a maximum of 50 MB.

data/reusables/apps/deprecating_auth_with_query_parameters.md

@@ -1,4 +1,3 @@
-{% ifversion fpt or ghes or ghae or ghec %}
 {% warning %}
 
 **Deprecation Notice:** {% data variables.product.prodname_dotcom %} will discontinue authentication to the API using query parameters. Authenticating to the API should be done with [HTTP basic authentication](/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens).{% ifversion fpt or ghec %} Using query parameters to authenticate to the API will no longer work on May 5, 2021. {% endif %}  For more information, including scheduled brownouts, see the [blog post](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/).
@@ -6,4 +5,3 @@
 {% ifversion ghes or ghae %} Authentication to the API using query parameters while available is no longer supported due to security concerns. Instead we recommend integrators move their access token, `client_id`, or `client_secret` in the header. {% data variables.product.prodname_dotcom %} will announce the removal of authentication by query parameters with advanced notice. {% endif %}
 
 {% endwarning %}
-{% endif %}

data/reusables/audit_log/audit-log-action-categories.md

@@ -28,7 +28,7 @@
 {%- ifversion ghes %}
 | `config_entry` |  Contains activities related to configuration settings. These events are only visible in the site admin audit log.
 {%- endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-4864 %} |
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %} |
 | `dependabot_alerts`  | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
 | `dependabot_alerts_new_repos`   | Contains organization-level configuration activities for  {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization.
 | `dependabot_repository_access` | Contains activities related to which private repositories in an organization {% data variables.product.prodname_dependabot %} is allowed to access.
@@ -37,7 +37,7 @@
 | `dependabot_security_updates`   | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)."
 | `dependabot_security_updates_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.
 {%- endif %}
-{%- ifversion fpt or ghec or ghes or ghae-issue-4864 %}
+{%- ifversion fpt or ghec or ghes or ghae %}
 | `dependency_graph` | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
 | `dependency_graph_new_repos`  | Contains organization-level configuration activities for new repositories created in the organization.
 {%- endif %}
@@ -155,7 +155,7 @@
 {%- ifversion fpt or ghec %}
 | `repository_visibility_change` | Contains activities related to allowing organization members to change repository visibilities for the organization.
 {%- endif %}
-{%- ifversion fpt or ghec or ghes or ghae-issue-4864 %}
+{%- ifversion fpt or ghec or ghes or ghae %}
 | `repository_vulnerability_alert`   | Contains activities related to [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies).
 {%- endif %}
 {%- ifversion fpt or ghec %}

data/reusables/cli/filter-issues-and-pull-requests-tip.md

@@ -1,7 +1,5 @@
-{% ifversion fpt or ghes or ghae or ghec %}
 {% tip %}
 
 **Tip**: You can also filter issues or pull requests using the {% data variables.product.prodname_cli %}. For more information, see "[`gh issue list`](https://cli.github.com/manual/gh_issue_list)" or "[`gh pr list`](https://cli.github.com/manual/gh_pr_list)" in the {% data variables.product.prodname_cli %} documentation.
 
 {% endtip %}
-{% endif %}

data/reusables/code-scanning/beta.md

@@ -1,4 +1,4 @@
-{% ifversion ghae-issue-5752 %}
+{% ifversion ghae %}
 
 <!-- Remove this reusable and all references for GA release -->
 

data/reusables/codespaces/click-remote-explorer-icon-vscode.md

@@ -1,2 +1,2 @@
-1. In {% data variables.product.prodname_vscode %}, in the left sidebar, click the Remote Explorer icon.
+1. In {% data variables.product.prodname_vscode_shortname %}, in the left sidebar, click the Remote Explorer icon.
   ![The Remote Explorer icon in {% data variables.product.prodname_vscode %}](/assets/images/help/codespaces/click-remote-explorer-icon-vscode.png)

data/reusables/codespaces/committing-link-to-procedure.md

@@ -1,3 +1,3 @@
-Once you've made changes to your codespace, either new code or configuration changes, you'll want to commit your changes. Committing changes to your repository ensures that anyone else who creates a codespace from this repository has the same configuration. This also means that any customization you do, such as adding {% data variables.product.prodname_vscode %} extensions, will appear for all users.
+Once you've made changes to your codespace, either new code or configuration changes, you'll want to commit your changes. Committing changes to your repository ensures that anyone else who creates a codespace from this repository has the same configuration. This also means that any customization you do, such as adding {% data variables.product.prodname_vscode_shortname %} extensions, will appear for all users.
 
 For information, see "[Using source control in your codespace](/codespaces/developing-in-codespaces/using-source-control-in-your-codespace#committing-your-changes)."

data/reusables/codespaces/connect-to-codespace-from-vscode.md

@@ -1 +1 @@
-You can connect to your codespace directly from {% data variables.product.prodname_vscode %}. For more information, see "[Using Codespaces in {% data variables.product.prodname_vscode %}](/github/developing-online-with-codespaces/using-codespaces-in-visual-studio-code)."
+You can connect to your codespace directly from {% data variables.product.prodname_vscode_shortname %}. For more information, see "[Using Codespaces in {% data variables.product.prodname_vscode_shortname %}](/github/developing-online-with-codespaces/using-codespaces-in-visual-studio-code)."

data/reusables/codespaces/creating-a-codespace-in-vscode.md

@@ -1,8 +1,8 @@
-After you connect your account on {% data variables.product.product_location %} to the {% data variables.product.prodname_github_codespaces %} extension, you can create a new codespace. For more information about the {% data variables.product.prodname_github_codespaces %} extension, see the [{% data variables.product.prodname_vscode %} marketplace](https://marketplace.visualstudio.com/items?itemName=GitHub.codespaces).
+After you connect your account on {% data variables.product.product_location %} to the {% data variables.product.prodname_github_codespaces %} extension, you can create a new codespace. For more information about the {% data variables.product.prodname_github_codespaces %} extension, see the [{% data variables.product.prodname_vs_marketplace_shortname %} marketplace](https://marketplace.visualstudio.com/items?itemName=GitHub.codespaces).
 
 {% note %}
 
-**Note**: Currently, {% data variables.product.prodname_vscode %} doesn't allow you to choose a dev container configuration when you create a codespace. If you want to choose a specific dev container configuration, use the {% data variables.product.prodname_dotcom %} web interface to create your codespace. For more information, click the **Web browser** tab at the top of this page.
+**Note**: Currently, {% data variables.product.prodname_vscode_shortname %} doesn't allow you to choose a dev container configuration when you create a codespace. If you want to choose a specific dev container configuration, use the {% data variables.product.prodname_dotcom %} web interface to create your codespace. For more information, click the **Web browser** tab at the top of this page.
 
 {% endnote %}
 

data/reusables/codespaces/deleting-a-codespace-in-vscode.md

@@ -1,4 +1,4 @@
-You can delete codespaces from within {% data variables.product.prodname_vscode %} when you are not currently working in a codespace.
+You can delete codespaces from within {% data variables.product.prodname_vscode_shortname %} when you are not currently working in a codespace.
 
 {% data reusables.codespaces.click-remote-explorer-icon-vscode %}
 1. Under "GITHUB CODESPACES", right-click the codespace you want to delete.

data/reusables/codespaces/more-info-devcontainer.md

@@ -1 +1 @@
-For information about the settings and properties that you can set in a `devcontainer.json` file, see "[devcontainer.json reference](https://aka.ms/vscode-remote/devcontainer.json)" in the {% data variables.product.prodname_vscode %} documentation.
+For information about the settings and properties that you can set in a `devcontainer.json` file, see "[devcontainer.json reference](https://aka.ms/vscode-remote/devcontainer.json)" in the {% data variables.product.prodname_vscode_shortname %} documentation.

data/reusables/codespaces/use-visual-studio-features.md

@@ -1 +1 @@
-You can edit code, debug, and use Git commands while developing in a codespace with {% data variables.product.prodname_vscode %}. For more information, see the [{% data variables.product.prodname_vscode %} documentation](https://code.visualstudio.com/docs).
+You can edit code, debug, and use Git commands while developing in a codespace with {% data variables.product.prodname_vscode_shortname %}. For more information, see the [{% data variables.product.prodname_vscode_shortname %} documentation](https://code.visualstudio.com/docs).

data/reusables/codespaces/vscode-settings-order.md

@@ -1 +1 @@
-When you configure editor settings for {% data variables.product.prodname_vscode %}, there are three scopes available: _Workspace_, _Remote [Codespaces]_, and _User_. If a setting is defined in multiple scopes, _Workspace_ settings take priority, then _Remote [Codespaces]_, then _User_.
+When you configure editor settings for {% data variables.product.prodname_vscode_shortname %}, there are three scopes available: _Workspace_, _Remote [Codespaces]_, and _User_. If a setting is defined in multiple scopes, _Workspace_ settings take priority, then _Remote [Codespaces]_, then _User_.

data/reusables/dependabot/dependabot-alerts-beta.md

@@ -1,4 +1,4 @@
-{% ifversion ghae-issue-4864 %}
+{% ifversion ghae %}
 {% note %}
 
 **Note:** {% data variables.product.prodname_dependabot_alerts %} is currently in beta and is subject to change.

data/reusables/dependabot/dependabot-alerts-dependency-graph-enterprise.md

@@ -1,3 +1,3 @@
-{% ifversion ghes or ghae-issue-4864 %}
+{% ifversion ghes or ghae %}
 Enterprise owners can configure {% ifversion ghes %}the dependency graph and {% endif %}{% data variables.product.prodname_dependabot_alerts %} for an enterprise. For more information, see {% ifversion ghes %}"[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
 {% endif %} 

data/reusables/gated-features/dependency-review.md

@@ -7,7 +7,7 @@ Dependency review is included in {% data variables.product.product_name %} for p
 {%- elsif ghes > 3.1 %}
 Dependency review is available for organization-owned repositories in {% data variables.product.product_name %}. This feature requires a license for {% data variables.product.prodname_GH_advanced_security %}.
 
-{%- elsif ghae-issue-4864 %}
+{%- elsif ghae %}
 Dependency review is available for organization-owned repositories in {% data variables.product.product_name %}. This is a {% data variables.product.prodname_GH_advanced_security %} feature (free during the beta release).
 
-{%- endif %} {% data reusables.advanced-security.more-info-ghas %}
+{%- endif %} {% data reusables.advanced-security.more-info-ghas %}

data/reusables/notifications/vulnerable-dependency-notification-delivery-method-customization.md

@@ -1,3 +1,3 @@
-{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
+{% ifversion fpt or ghes or ghae or ghec %}
 You can choose the delivery method and frequency of notifications about {% data variables.product.prodname_dependabot_alerts %} on repositories that you are watching or where you have subscribed to notifications for security alerts.
 {% endif %}

data/reusables/notifications/vulnerable-dependency-notification-options.md

@@ -1,5 +1,5 @@
-{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %}
-{% ifversion fpt or ghec %}By default, you will receive notifications:{% endif %}{% ifversion ghes > 3.1 or ghae-issue-4864 %}By default, if your enterprise owner has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}
+{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
+{% ifversion fpt or ghec %}By default, you will receive notifications:{% endif %}{% ifversion ghes > 3.1 or ghae %}By default, if your enterprise owner has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}
 
 - by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option).
 - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option).

data/reusables/organizations/security-overview-feature-specific-page.md

@@ -0,0 +1 @@
+1. Alternatively and optionally, use the sidebar on the left to filter information per security feature. On each page, you can use filters that are specific to that feature to fine-tune your search.

data/reusables/organizations/team_maintainers_can.md

@@ -10,6 +10,6 @@ Members with team maintainer permissions can:
 - [Add organization members to the team](/articles/adding-organization-members-to-a-team)
 - [Remove organization members from the team](/articles/removing-organization-members-from-a-team)
 - [Promote an existing team member to team maintainer](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)
-- Remove the team's access to repositories{% ifversion fpt or ghes or ghae or ghec %}
-- [Manage code review settings for the team](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team){% endif %}{% ifversion fpt or ghec %}
+- Remove the team's access to repositories
+- [Manage code review settings for the team](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team){% ifversion fpt or ghec %}
 - [Manage scheduled reminders for pull requests](/github/setting-up-and-managing-organizations-and-teams/managing-scheduled-reminders-for-pull-requests){% endif %}

data/reusables/pull_requests/close-issues-using-keywords.md

@@ -1 +1 @@
-You can link a pull request to an issue to{% ifversion fpt or ghes or ghae or ghec %} show that a fix is in progress and to{% endif %} automatically close the issue when someone merges the pull request. For more information, see "[Linking a pull request to an issue](/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue)."
+You can link a pull request to an issue to show that a fix is in progress and to automatically close the issue when someone merges the pull request. For more information, see "[Linking a pull request to an issue](/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue)."

data/reusables/repositories/copy-clone-url.md

@@ -1,6 +1,8 @@
 1. Above the list of files, click {% octicon "download" aria-label="The download icon" %} **Code**.
   !["Code" button](/assets/images/help/repository/code-button.png)
-1. To clone the repository using HTTPS, under "Clone with HTTPS", click {% octicon "clippy" aria-label="The clipboard icon" %}. To clone the repository using an SSH key, including a certificate issued by your organization's SSH certificate authority, click **Use SSH**, then click {% octicon "clippy" aria-label="The clipboard icon" %}. To clone a repository using {% data variables.product.prodname_cli %}, click **Use {% data variables.product.prodname_cli %}**, then click {% octicon "clippy" aria-label="The clipboard icon" %}.
-  ![The clipboard icon for copying the URL to clone a repository](/assets/images/help/repository/https-url-clone.png)
-  {% ifversion fpt or ghes or ghae or ghec %}
-  ![The clipboard icon for copying the URL to clone a repository with GitHub CLI](/assets/images/help/repository/https-url-clone-cli.png){% endif %}
+1. Copy the URL for the repository.
+
+   - To clone the repository using HTTPS, under "HTTPS", click {% octicon "clippy" aria-label="The clipboard icon" %}. 
+   - To clone the repository using an SSH key, including a certificate issued by your organization's SSH certificate authority, click **SSH**, then click {% octicon "clippy" aria-label="The clipboard icon" %}. 
+   - To clone a repository using {% data variables.product.prodname_cli %}, click **{% data variables.product.prodname_cli %}**, then click {% octicon "clippy" aria-label="The clipboard icon" %}.
+  ![The clipboard icon for copying the URL to clone a repository with GitHub CLI](/assets/images/help/repository/https-url-clone-cli.png)

data/reusables/repositories/default-issue-templates.md

@@ -1,2 +1 @@
-You can create default issue templates{% ifversion fpt or ghes or ghae or ghec %} and a default configuration file for issue templates{% endif %} for your organization{% ifversion fpt or ghes or ghae or ghec %} or personal account{% endif %}. For more information, see "[Creating a default community health file](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)."
-
+You can create default issue templates and a default configuration file for issue templates for your organization or personal account. For more information, see "[Creating a default community health file](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)."

data/reusables/repositories/dependency-review.md

@@ -1,3 +1,3 @@
-{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %}
+{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
 Additionally, {% data variables.product.prodname_dotcom %} can review any dependencies added, updated, or removed in a pull request made against the default branch of a repository, and flag any changes that would introduce a vulnerability into your project. This allows you to spot and deal with vulnerable dependencies before, rather than after, they reach your codebase. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request)."
 {% endif %}

data/reusables/repositories/enable-security-alerts.md

@@ -1,3 +1,3 @@
-{% ifversion ghes or ghae-issue-4864 %}
+{% ifversion ghes or ghae %}
 Enterprise owners must enable {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
 {% endif %}

data/reusables/repositories/squash-and-rebase-linear-commit-hisitory.md

@@ -1 +1 @@
-{% ifversion fpt or ghes or ghae or ghec %}If there is a protected branch rule in your repository that requires a linear commit history, you must allow squash merging, rebase merging, or both. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging)."{% endif %}
+If there is a protected branch rule in your repository that requires a linear commit history, you must allow squash merging, rebase merging, or both. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging)."

data/reusables/repositories/start-line-comment.md

@@ -1,2 +1,2 @@
-1. Hover over the line of code where you'd like to add a comment, and click the blue comment icon.{% ifversion fpt or ghes or ghae or ghec %} To add a comment on multiple lines, click and drag to select the range of lines, then click the blue comment icon.{% endif %}
+1. Hover over the line of code where you'd like to add a comment, and click the blue comment icon. To add a comment on multiple lines, click and drag to select the range of lines, then click the blue comment icon.
 ![Blue comment icon](/assets/images/help/commits/hover-comment-icon.gif)

data/reusables/repositories/suggest-changes.md

@@ -1,2 +1,2 @@
-1. Optionally, to suggest a specific change to the line{% ifversion fpt or ghes or ghae or ghec %} or lines{% endif %}, click {% octicon "diff" aria-label="The diff symbol" %}, then edit the text within the suggestion block.
+1. Optionally, to suggest a specific change to the line or lines, click {% octicon "diff" aria-label="The diff symbol" %}, then edit the text within the suggestion block.
 ![Suggestion block](/assets/images/help/pull_requests/suggestion-block.png)

data/reusables/secret-scanning/beta.md

@@ -1,4 +1,4 @@
-{% ifversion ghae-issue-5752 %}
+{% ifversion ghae %}
 
 <!-- Remove this reusable and all references for GA release -->
 

data/reusables/secret-scanning/partner-secret-list-private-repo.md

@@ -17,9 +17,9 @@ Amazon | Amazon OAuth Client ID | amazon_oauth_client_id{% endif %}
 Amazon | Amazon OAuth Client Secret | amazon_oauth_client_secret{% endif %}
 Amazon Web Services (AWS) | Amazon AWS Access Key ID | aws_access_key_id
 Amazon Web Services (AWS) | Amazon AWS Secret Access Key | aws_secret_access_key
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Amazon Web Services (AWS) | Amazon AWS Session Token | aws_session_token{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Amazon Web Services (AWS) | Amazon AWS Temporary Access Key ID | aws_temporary_access_key_id{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 Asana | Asana Personal Access Token | asana_personal_access_token{% endif %}
@@ -37,7 +37,7 @@ Azure | Azure Service Management Certificate | azure_management_certificate
 {%- ifversion ghes < 3.4 or ghae or ghae-issue-5342 %}
 Azure | Azure SQL Connection String | azure_sql_connection_string{% endif %}
 Azure | Azure Storage Account Key | azure_storage_account_key
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Beamer | Beamer API Key | beamer_api_key{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 Checkout.com | Checkout.com Production Secret Key | checkout_production_secret_key{% endif %}
@@ -46,7 +46,7 @@ Checkout.com | Checkout.com Test Secret Key | checkout_test_secret_key{% endif %
 Clojars | Clojars Deploy Token | clojars_deploy_token
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 CloudBees CodeShip | CloudBees CodeShip Credential | codeship_credential{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Contentful | Contentful Personal Access Token | contentful_personal_access_token{% endif %}
 Databricks | Databricks Access Token | databricks_access_token
 {%- ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6944 %}
@@ -82,7 +82,7 @@ Flutterwave | Flutterwave Live API Secret Key | flutterwave_live_api_secret_key{
 Flutterwave | Flutterwave Test API Secret Key | flutterwave_test_api_secret_key{% endif %}
 Frame.io | Frame.io JSON Web Token | frameio_jwt
 Frame.io| Frame.io Developer Token | frameio_developer_token
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 FullStory | FullStory API Key | fullstory_api_key{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 GitHub | GitHub Personal Access Token | github_personal_access_token{% endif %}
@@ -97,15 +97,15 @@ GitHub | GitHub SSH Private Key | github_ssh_private_key
 GitLab | GitLab Access Token | gitlab_access_token{% endif %}
 GoCardless | GoCardless Live Access Token | gocardless_live_access_token
 GoCardless | GoCardless Sandbox Access Token | gocardless_sandbox_access_token
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Google | Firebase Cloud Messaging Server Key | firebase_cloud_messaging_server_key{% endif %}
 Google | Google API Key | google_api_key
 Google | Google Cloud Private Key ID | google_cloud_private_key_id
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Google | Google Cloud Storage Access Key Secret | google_cloud_storage_access_key_secret{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Google | Google Cloud Storage Service Account Access Key ID | google_cloud_storage_service_account_access_key_id{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Google | Google Cloud Storage User Access Key ID | google_cloud_storage_user_access_key_id{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5845 %}
 Google | Google OAuth Access Token | google_oauth_access_token{% endif %}
@@ -129,9 +129,9 @@ Ionic | Ionic Personal Access Token | ionic_personal_access_token{% endif %}
 Ionic | Ionic Refresh Token | ionic_refresh_token{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6944 %}
 JD Cloud | JD Cloud Access Key | jd_cloud_access_key{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 JFrog | JFrog Platform Access Token | jfrog_platform_access_token{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 JFrog | JFrog Platform API Key | jfrog_platform_api_key{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 Linear | Linear API Key | linear_api_key{% endif %}
@@ -153,13 +153,13 @@ Meta | Facebook Access Token | facebook_access_token{% endif %}
 Midtrans | Midtrans Production Server Key | midtrans_production_server_key{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5845 %}
 Midtrans | Midtrans Sandbox Server Key | midtrans_sandbox_server_key{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 New Relic | New Relic Personal API Key | new_relic_personal_api_key{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 New Relic | New Relic REST API Key | new_relic_rest_api_key{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 New Relic | New Relic Insights Query Key | new_relic_insights_query_key{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 New Relic | New Relic License Key | new_relic_license_key{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5845 %}
 Notion | Notion Integration Token | notion_integration_token{% endif %}
@@ -176,15 +176,15 @@ Onfido | Onfido Sandbox API Token | onfido_sandbox_api_token{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 OpenAI | OpenAI API Key | openai_api_key{% endif %}
 Palantir | Palantir JSON Web Token | palantir_jwt
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 PlanetScale | PlanetScale Database Password | planetscale_database_password{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 PlanetScale | PlanetScale OAuth Token | planetscale_oauth_token{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 PlanetScale | PlanetScale Service Token | planetscale_service_token{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Plivo | Plivo Auth ID | plivo_auth_id{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Plivo | Plivo Auth Token | plivo_auth_token{% endif %}
 Postman | Postman API Key | postman_api_key
 Proctorio | Proctorio Consumer Key | proctorio_consumer_key
@@ -202,9 +202,9 @@ Samsara | Samsara OAuth Access Token | samsara_oauth_access_token
 Segment | Segment Public API Token | segment_public_api_token{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 SendGrid | SendGrid API Key | sendgrid_api_key{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Sendinblue | Sendinblue API Key | sendinblue_api_key{% endif %}
-{%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-5844 %}
+{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
 Sendinblue | Sendinblue SMTP Key | sendinblue_smtp_key{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 Shippo | Shippo Live API Token | shippo_live_api_token{% endif %}

data/reusables/security-center/permissions.md

@@ -0,0 +1 @@
+Organization owners and security managers can access the security overview for organizations{% ifversion ghec or ghes > 3.4 or ghae-issue-6199 %} and view their organization's repositories via the enterprise-level security overview. Enterprise owners can use the enterprise-level security overview to view all repositories in their enterprise's organizations{% endif %}. Members of a team can see the security overview for repositories that the team has admin privileges for.

data/reusables/security/compliance-report-list.md

@@ -1,4 +1,5 @@
 - SOC 1, Type 2
 - SOC 2, Type 2
 - Cloud Security Alliance CAIQ self-assessment (CSA CAIQ)
+- ISO/IEC 27001:2013 certification
 - {% data variables.product.prodname_dotcom_the_website %} Services Continuity and Incident Management Plan

data/reusables/ssh/key-type-support.md

@@ -1,3 +1,4 @@
+{% ifversion fpt or ghec %}
 {% note %}
 
 **Note:** {% data variables.product.company_short %} improved security by dropping older, insecure key types on March 15, 2022.
@@ -7,3 +8,4 @@ As of that date, DSA keys (`ssh-dss`) are no longer supported. You cannot add ne
 RSA keys (`ssh-rsa`) with a `valid_after` before November 2, 2021 may continue to use any signature algorithm. RSA keys generated after that date must use a SHA-2 signature algorithm. Some older clients may need to be upgraded in order to use SHA-2 signatures.
 
 {% endnote %}
+{% endif %}

data/reusables/user-settings/removes-personal-access-tokens.md

@@ -1 +1 @@
-As a security precaution, {% data variables.product.company_short %} automatically removes personal access tokens that haven't been used in a year.{% ifversion fpt or ghes > 3.1 or ghae-issue-4374 or ghec %} To provide additional security, we highly recommend adding an expiration to your personal access tokens.{% endif %}
+As a security precaution, {% data variables.product.company_short %} automatically removes personal access tokens that haven't been used in a year.{% ifversion fpt or ghes > 3.1 or ghae or ghec %} To provide additional security, we highly recommend adding an expiration to your personal access tokens.{% endif %}

data/reusables/webhooks/check_run_properties.md

@@ -3,7 +3,7 @@ Key | Type | Description
 `action`|`string` | The action performed. Can be one of: <ul><li> `created` - A new check run was created.</li><li> `completed` - The `status` of the check run is `completed`.</li><li> `rerequested` - Someone requested to re-run your check run from the pull request UI. See "[About status checks](/articles/about-status-checks#checks)" for more details about the GitHub UI. When you receive a `rerequested` action, you'll need to [create a new check run](/rest/reference/checks#create-a-check-run). Only the {% data variables.product.prodname_github_app %} that someone requests to re-run the check will receive the `rerequested` payload.</li><li> `requested_action` - Someone requested an action your app provides to be taken. Only the {% data variables.product.prodname_github_app %} someone requests to perform an action will receive the `requested_action` payload. To learn more about check runs and requested actions, see "[Check runs and requested actions](/rest/reference/checks#check-runs-and-requested-actions)."</li></ul>
 `check_run`|`object` | The [check_run](/rest/reference/checks#get-a-check-run).
 `check_run[status]`|`string` | The current status of the check run. Can be `queued`, `in_progress`, or `completed`.
-`check_run[conclusion]`|`string` | The result of the completed check run. Can be one of `success`, `failure`, `neutral`, `cancelled`, `timed_out`,  {% ifversion fpt or ghes or ghae or ghec %}`action_required` or `stale`{% else %}or `action_required`{% endif %}. This value will be `null` until the check run has `completed`.
+`check_run[conclusion]`|`string` | The result of the completed check run. Can be one of `success`, `failure`, `neutral`, `cancelled`, `timed_out`,  `action_required` or `stale`. This value will be `null` until the check run has `completed`.
 `check_run[name]`|`string` | The name of the check run.
 `check_run[check_suite][id]`|`integer` | The id of the check suite that this check run is part of.
 `check_run[check_suite][pull_requests]`|`array`| An array of pull requests that match this check suite. A pull request matches a check suite if they have the same `head_branch`.<br/><br/>**Note:**<ul><li>The `head_sha` of the check suite can differ from the `sha` of the pull request if subsequent pushes are made into the PR.</li><li>When the check suite's `head_branch` is in a forked repository it will be `null` and the `pull_requests` array will be empty.</li></ul>

data/reusables/webhooks/check_suite_properties.md

@@ -5,6 +5,6 @@ Key | Type | Description
 `check_suite[head_branch]`|`string` | The head branch name the changes are on.
 `check_suite[head_sha]`|`string` | The SHA of the most recent commit for this check suite.
 `check_suite[status]`|`string` | The summary status for all check runs that are part of the check suite. Can be `requested`, `in_progress`, or `completed`.
-`check_suite[conclusion]`|`string`| The summary conclusion for all check runs that are part of the check suite. Can be one of `success`, `failure`, `neutral`, `cancelled`, `timed_out`,  {% ifversion fpt or ghes or ghae or ghec %}`action_required` or `stale`{% else %}or `action_required`{% endif %}. This value will be `null` until the check run has `completed`.
+`check_suite[conclusion]`|`string`| The summary conclusion for all check runs that are part of the check suite. Can be one of `success`, `failure`, `neutral`, `cancelled`, `timed_out`,  `action_required` or `stale`. This value will be `null` until the check run has `completed`.
 `check_suite[url]`|`string` | URL that points to the check suite API resource.
 `check_suite[pull_requests]`|`array`| An array of pull requests that match this check suite. A pull request matches a check suite if they have the same `head_branch`.<br/><br/>**Note:**<ul><li>The `head_sha` of the check suite can differ from the `sha` of the pull request if subsequent pushes are made into the PR.</li><li>When the check suite's `head_branch` is in a forked repository it will be `null` and the `pull_requests` array will be empty.</li></ul>

data/reusables/webhooks/installation_properties.md

@@ -1,4 +1,4 @@
 Key | Type | Description
 ----|------|------------
-`action` | `string` | The action that was performed. Can be one of:<ul><li>`created` - Someone installs a {% data variables.product.prodname_github_app %}.</li><li>`deleted` - Someone uninstalls a {% data variables.product.prodname_github_app %}</li>{% ifversion fpt or ghes or ghae or ghec %}<li>`suspend` - Someone suspends a {% data variables.product.prodname_github_app %} installation.</li><li>`unsuspend` - Someone unsuspends a {% data variables.product.prodname_github_app %} installation.</li>{% endif %}<li>`new_permissions_accepted` - Someone accepts new permissions for a {% data variables.product.prodname_github_app %} installation. When a {% data variables.product.prodname_github_app %} owner requests new permissions, the person who installed the {% data variables.product.prodname_github_app %} must accept the new permissions request. </li></ul>
+`action` | `string` | The action that was performed. Can be one of:<ul><li>`created` - Someone installs a {% data variables.product.prodname_github_app %}.</li><li>`deleted` - Someone uninstalls a {% data variables.product.prodname_github_app %}</li><li>`suspend` - Someone suspends a {% data variables.product.prodname_github_app %} installation.</li><li>`unsuspend` - Someone unsuspends a {% data variables.product.prodname_github_app %} installation.</li><li>`new_permissions_accepted` - Someone accepts new permissions for a {% data variables.product.prodname_github_app %} installation. When a {% data variables.product.prodname_github_app %} owner requests new permissions, the person who installed the {% data variables.product.prodname_github_app %} must accept the new permissions request. </li></ul>
 `repositories` | `array` | An array of repository objects that the installation can access.

data/variables/product.yml

@@ -178,10 +178,14 @@ prodname_codeql_workflow: 'CodeQL analysis workflow'
 
 # Visual Studio
 prodname_vs: 'Visual Studio'
+prodname_vscode_shortname: 'VS Code'
 prodname_vscode: 'Visual Studio Code'
 prodname_vss_ghe: 'Visual Studio subscriptions with GitHub Enterprise'
 prodname_vss_admin_portal_with_url: 'the [administrator portal for Visual Studio subscriptions](https://visualstudio.microsoft.com/subscriptions-administration/)'
-prodname_vscode_command_palette: 'VS Code Command Palette'
+prodname_vscode_command_palette_shortname: 'VS Code Command Palette'
+prodname_vscode_command_palette: 'Visual Studio Code Command Palette'
+prodname_vscode_marketplace: 'Visual Studio Code Marketplace'
+prodname_vs_marketplace_shortname: 'VS Code Marketplace'
 
 # GitHub Dependabot
 prodname_dependabot: 'Dependabot'