diff --git a/assets/images/help/docs/hover-card.png b/assets/images/help/docs/hover-card.png
new file mode 100644
index 0000000000..328c12e8d9
Binary files /dev/null and b/assets/images/help/docs/hover-card.png differ
diff --git a/content/actions/using-workflows/events-that-trigger-workflows.md b/content/actions/using-workflows/events-that-trigger-workflows.md
index 80dc9c1907..33383a477a 100644
--- a/content/actions/using-workflows/events-that-trigger-workflows.md
+++ b/content/actions/using-workflows/events-that-trigger-workflows.md
@@ -763,7 +763,7 @@ on:
 
 jobs:
   approved:
-    if: github.event.review.state == 'approved'
+    if: github.event.review.state == 'APPROVED'
     runs-on: ubuntu-latest
     steps:
       - run: echo "This PR was approved"
diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md b/content/admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
index 162de125ae..bafb1c1edf 100644
--- a/content/admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
+++ b/content/admin/configuration/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
@@ -200,3 +200,11 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth
 ## Using {% data variables.product.prodname_actions %} with an IP allow list
 
 {% data reusables.actions.ip-allow-list-self-hosted-runners %}
+
+{% ifversion not ghae %}
+
+## Using {% data variables.product.prodname_pages %} with an IP allow list
+
+{% data reusables.pages.ip-allow-list-pages %}
+
+{% endif %}
diff --git a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md b/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md
index 289ad80890..28e3fbae13 100644
--- a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md
+++ b/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md
@@ -219,3 +219,7 @@ You can also [use the API to trigger a manual sync](/rest/enterprise-admin#ldap)
 If [LDAP Sync is enabled](#enabling-ldap-sync), removing a user's LDAP credentials will suspend their account after the next synchronization run.
 
 If LDAP Sync is **not** enabled, you must manually suspend the {% data variables.product.prodname_ghe_server %} account after you remove the LDAP credentials. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/suspending-and-unsuspending-users)".
+
+## About logging for LDAP
+
+Log events for LDAP appear in systemd journal logs on {% data variables.location.product_location %}. You'll find events related to LDAP operations in the logs for `github-unicorn` and `github-resqued`. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#journal-logs-for-the-github-application)."
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
index 9cba2b8512..18ca663d86 100644
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
+++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
@@ -20,7 +20,7 @@ topics:
 
 ## About problems with SAML authentication
 
-{% data variables.product.product_name %} logs error messages for failed SAML authentication in the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% elsif ghes < 3.9 %}authentication log{% endif %} at {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}_/var/log/github/unicorn.log_ or _/var/log/github/resqued.log_{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %}. You can review responses in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}these log files{% elsif ghes < 3.9 %}this log file{% endif %}, and you can also configure more verbose logging.
+{% data variables.product.product_name %} logs error messages for failed SAML authentication in the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}systemd journal logs{% elsif ghes < 3.9 %}authentication log at{% endif %} {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}for the `github-unicorn` container{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %}. You can review responses in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}this log{% elsif ghes < 3.9 %}this log file{% endif %}, and you can also configure more verbose logging.
 
 For more information about SAML response requirements, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference#saml-response-requirements)."
 
@@ -42,12 +42,14 @@ You can configure {% data variables.product.product_name %} to write verbose deb
 {% data reusables.enterprise-accounts.options-tab %}
 1. Under "SAML debugging", select the drop-down and click **Enabled**.
 1. Attempt to sign into {% data variables.location.product_location %} through your SAML IdP.
-1. Review the debug output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}_/var/log/github/unicorn.log_ or _/var/log/github/resqued.log_{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} on {% data variables.location.product_location %}.
+1. Review the debug output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} on {% data variables.location.product_location %}. {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal-for-github-enterprise-server)."{% endif %}
 1. When you're done troubleshooting, select the drop-down and click **Disabled**.
 
 ## Decoding responses
 
-Some output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}_/var/log/github/unicorn.log_ or _/var/log/github/resqued.log_{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} may be Base64-encoded. You can access the administrative shell and use the `base64` utility on {% data variables.location.product_location %} to decode these responses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+Some output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} may be Base64-encoded. You can access the administrative shell and use the `base64` utility on {% data variables.location.product_location %} to decode these responses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+
+To decode the output, run the following command, replacing ENCODED_OUTPUT with the encoded output from the log.
 
 ```shell
 base64 --decode ENCODED_OUTPUT
diff --git a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md b/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md
index bff7f2d5cb..f2ed604a15 100644
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md
+++ b/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md
@@ -1,6 +1,6 @@
 ---
 title: About system logs
-intro: '{% data variables.product.product_name %} keeps error and message logs for system events. Logs are useful for identifying user, application and system-level actions and exceptions.'
+intro: 'To help administrators understand activity and errors, {% data variables.product.product_name %} stores system logs.'
 versions:
   ghes: '*'
 type: overview
@@ -14,55 +14,188 @@ redirect_from:
   - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs
 ---
 
-## System logs
+## About system logs for {% data variables.product.product_name %}
 
-By default, system logs for {% data variables.product.product_name %} are automatically rotated every 24 hours and are retained for seven days. System logs include system-level events, application logs, and Git events data. As log files are often being written to and can be large in size, it may be beneficial to extract and parse relevant log entries on a host separate to your {% data variables.product.prodname_ghe_server %} instance.
+To trace, review, and troubleshoot activity and exceptions on {% data variables.location.product_location %}, you can review system logs. Your instance stores the following two types of system logs.
 
-You can forward system logs to a third-party system or server for longer retention. For more information see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
+- Plain text log files on disk, stored by syslog or specific services
+- Binary log files, stored by journald
 
-In addition to reviewing your system logs, you can monitor activity in your enterprise in other ways, such as viewing audit logs, push logs and managing global webhooks. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise)."
+By default, {% data variables.product.product_name %} rotates system logs automatically every 24 hours and retains rotated logs for seven days. System logs include system-level events, application logs, and data about Git events. Because log files are written often and can be large in size, you may prefer to extract and parse log entries on a host separate from {% data variables.location.product_location %}.
 
-## Types of logs
+People with administrative SSH access to a {% data variables.product.product_name %} instance can access and read system logs. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
 
-Listed below are the main logs used by the {% data variables.product.product_name %} appliance and their functions:
+You can forward system logs and audit logs to an external system for analysis or longer retention. For more information see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
 
-| Path | Description​ |
-|------|-------------|
-| `/var/log/github/audit.log` | Audited user, repository and system events.
-| `/var/log/github/resqued.log` | Details about background jobs{% ifversion opentelemetry-and-otel-log-migration-phase-1 %}, including jobs that involve authentication{% endif %}.
-| `/var/log/github/unicorn.log` | API and web interface traffic{% ifversion opentelemetry-and-otel-log-migration-phase-1 %}, including authentication attempts{% endif %}.
-| `/var/log/github/exceptions.log` | Application-level errors.
-| `/var/log/haproxy.log` | All IP traffic reaching the appliance.
-| `/var/log/hookshot/resqued.log` | Webhook delivery and failures.
-{%- ifversion ghes < 3.9 %}
-| `/var/log/github/auth.log` | Authentication requests, whether through built in, LDAP, CAS or SAML methods.
+In addition to reviewing your system logs, you can monitor activity on your instance in other ways. For example, you can review audit logs and push logs, or configure global webhooks. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise)."
+
+{% note %}
+
+**Note**: The following lists of logs are not intended to be comprehensive.
+
+{% endnote %}
+
+## System log files
+
+{% data variables.product.product_name %} writes several categories of system logs to the instance's disk in plain text. People with administrative SSH access to the instance can parse these files using Linux command-line tools such as `cat`, `tail`, `head`, `less`, and `more`.
+
+{%- ifversion ghes < 3.10 %}
+- [Log files for authentication](#log-files-for-authentication)
 {%- endif %}
-| `/var/log/github/gitauth.log` | All Git authentication requests.
+- [Log files for databases](#log-files-for-databases)
+- [Log files for the {% data variables.product.prodname_dotcom %} application](#log-files-for-the-github-application)
+- [Log files for the HTTP server](#log-files-for-the-http-server)
+- [Log files for instance configuration](#log-files-for-instance-configuration)
+- [Log files for the {% data variables.enterprise.management_console %}](#log-files-for-themanagement-console)
+- [Log files for search](#log-files-for-search)
+- [Log files for storage](#log-files-for-storage)
+- [Log files for webhooks](#log-files-for-webhooks)
+- [Log files for system services](#log-files-for-system-services)
 
-Git activity and authentication requests are processed by the `babeld` service.
+{% ifversion ghes < 3.10 %}
 
-Several {% data variables.product.product_name %} services, such as the `babeld` service, are containerized. Containerized logs are written to the `systemd journal`, and can be queried at any time using the `journalctl` command.
+### Log files for authentication
 
-## Audited system events
+The following log files contain events from services that provide authentication functionality for your instance.
 
-All entries from the `audit.log` file use and can be filtered with the `github_audit` keyword.
+| Path | Description |
+| :- | :- |
+| <pre>/var/log/github/auth.log</pre> | Records authentication requests to the {% data variables.product.prodname_dotcom %} application on your instance. |
+| <pre>/var/log/github/ldap-sync.log</pre> | If LDAP is configured for the instance and LDAP Sync is enabled, records events associated with LDAP sync. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)." |
+| <pre>/var/log/github/ldap.log</pre> | If LDAP is configured for the instance, records events associated with LDAP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap)." |
 
-For example, this entry shows that a new repository was created.
+{% endif %}
 
-```text
-Oct 26 01:42:08 github-ent github_audit: {:created_at=>1351215728326, :actor_ip=>"10.0.0.51", :data=>{}, :user=>"some-user", :repo=>"some-user/some-repository", :actor=>"some-user", :actor_id=>2, :user_id=>2, :action=>"repo.create", :repo_id=>1, :from=>"repositories#create"}
+### Log files for databases
+
+The following log files record events from database services on your instance.
+
+| Path | Description |
+| :- | :- |
+| <pre>/var/log/mysql/mysql.log</pre> | Records events related to the instance's MySQL database. |
+| <pre>/var/log/mysql/mysql.err</pre> | Records errors related to the instance's MySQL database. |
+
+### Log files for the {% data variables.product.prodname_dotcom %} application
+
+The following log files record events from the {% data variables.product.prodname_dotcom %} application on your instance.
+
+| Path | Description |
+| :- | :- |
+| <pre>/var/log/github/audit.log</pre> | Records user, repository, and system events for activity in the {% data variables.product.prodname_dotcom %} application on your instance. You can filter entries in the log using the `github_audit` keyword. |
+| <pre>/var/log/github/exceptions.log</pre> | Records exceptions that the {% data variables.product.prodname_dotcom %} application encounters. |
+| <pre>/var/log/github/gitauth.log</pre> | Records Git authentication requests using HTTPS or SSH. The `babeld` service processes all Git authentication requests and activity. |
+| <pre>/var/log/github/production.log</pre> | Records internal events for the {% data variables.product.prodname_dotcom %} application. For requests to the website, includes the controller action that responded. May contain entries with different structures, depending on the origin of the job or request. |
+
+### Log files for the HTTP server
+
+The following log files record events from the instance's HTTP server.
+
+| Path | Description |
+| :- | :- |
+| <pre>/var/log/nginx/error.log*</pre> | Records errors for web requests. |
+| <pre>/var/log/nginx/gist.log</pre> | Records HTTP requests related to gists. For more information, see "[AUTOTITLE](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists)." |
+| <pre>/var/log/nginx/gist.error.log</pre> | Records errors related to HTTP requests for gists. |
+| <pre>/var/log/nginx/github.log</pre> | Records HTTP requests to the {% data variables.product.prodname_dotcom %} application. |
+| <pre>/var/log/nginx/github.error.log</pre> | Records errors associated with HTTP requests. |
+| <pre>/var/log/nginx/pages.log</pre> | Records HTTP requests associated with {% data variables.product.prodname_pages %}. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/about-github-pages)." |
+| <pre>/var/log/nginx/pages.error.log</pre> | Records errors related to HTTP requests for {% data variables.product.prodname_pages %}. |
+{%- ifversion ghes < 3.7 %}
+| <pre>/var/log/nginx/render.log</pre> | Records HTTP requests associated with the `render` service, which renders content in the web UI such as GeoJSON, Jupyter notebooks, PDF, PSD, Solidworks, and SVG. |
+| <pre>/var/log/nginx/render.error.log</pre> | Records errors associated with HTTP requests for the `render` service. |
+{%- endif %}
+
+### Log files for the {% data variables.enterprise.management_console %}
+
+The following log files contain events from your instance's {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/about-the-management-console)."
+
+| Path | Description |
+| :- | :- |
+{%- ifversion ghes > 3.6 %}
+| <pre>/var/log/enterprise-manage/audit.log</pre> | Records activity in the instance's {% data variables.enterprise.management_console %}. |
+{%- endif %}
+| <pre>/var/log/enterprise-manage/unicorn.log</pre> | Records HTTP and HTTPS operations that administrators perform in the {% data variables.enterprise.management_console %} using the web UI or REST API. |
+
+### Log files for instance configuration
+
+The following log files contain events related to the configuration of your instance.
+
+| Path | Description |
+| :- | :- |
+| <pre>/data/user/common/ghe-config.log</pre> | Records events associated with each configuration run. If a configuration run fails, output to the log stops. This log also records information about migrations that run during the process of upgrading an instance's software. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-config-apply)." |
+
+### Log files for search
+
+The following log files contain events from services that provide search functionality for your instance.
+
+| Path | Description |
+| :- | :- |
+| <pre>/var/log/elasticsearch/github-enterprise.log</pre> | Records events associated with the Elasticsearch service, which your instance uses to provide search services. |
+
+### Log files for webhooks
+
+The following log files contain events from the service that delivers webhook payloads for your instance. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks)."
+
+| Path | Description |
+| :- | :- |
+| <pre>/var/log/hookshot/resqued.log</pre> | Records webhook deliveries and failures from your instance. |
+| <pre>/var/log/hookshot/unicorn.log</pre> | Records webhook events that are triggered on your instance. |
+
+### Log files for system services
+
+The following logs contain events from system services on your instance.
+
+| Path | Description |
+| :- | :- |
+| <pre>/var/log/coredumps.log</pre> | Records information about system processes that terminate unexpectedly. |
+| <pre>/var/log/boot.log</pre> | Records information about the instance's boot process. |
+| <pre>/var/log/chrony/</pre> | This directory contains logs related to Network Time Protocol (NTP) synchronization and the instance's system clock. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-time-synchronization)." |
+| <pre>/var/log/haproxy.log</pre> | Records all web and API requests to the instance. For HTTP connections, entries include the URL that the client requested, as well as the HTTP method for the request. |
+| <pre>/var/log/ssh-console-audit.log</pre> | Records commands that administrators run using the administrative shell (SSH). For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." |
+| <pre>/var/log/mail-replies/metroplex.log</pre> | Records information about mail that your instance receives. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)." |
+
+## System logs in the systemd journal
+
+Several {% data variables.product.product_name %} services, such as the `babeld` service, are containerized. {% data variables.product.product_name %} writes system logs for these services to the systemd journal in a binary format.
+
+People with administrative SSH access to the instance can parse these logs using the `journalctl` command. For more information, see [journalctl(1)](http://man7.org/linux/man-pages/man1/journalctl.1.html) in the online Linux manual pages.
+
+To view logs in the systemd journal, run the following command, replacing SERVICE-NAME with a service name from the following list of logs.
+
+```shell
+journalctl -t SERVICE-NAME
 ```
 
-This example shows that commits were pushed to a repository.
+- [Journal logs for the {% data variables.product.prodname_dotcom %} application](#journal-logs-for-the-github-application)
+- [Journal logs for Git](#journal-logs-for-git)
+- [Journal logs for storage](#journal-logs-for-storage)
 
-```text
-Oct 26 02:19:31 github-ent github_audit: { "pid":22860, "ppid":22859, "program":"receive-pack", "git_dir":"/data/repositories/some-user/some-repository.git", "hostname":"github-ent", "pusher":"some-user", "real_ip":"10.0.0.51", "user_agent":"git/1.7.10.4", "repo_id":1, "repo_name":"some-user/some-repository", "transaction_id":"b031b7dc7043c87323a75f7a92092ef1456e5fbaef995c68", "frontend_ppid":1, "repo_public":true, "user_name":"some-user", "user_login":"some-user", "frontend_pid":18238, "frontend":"github-ent", "user_email":"some-user@github.example.com", "user_id":2, "pgroup":"github-ent_22860", "status":"post_receive_hook", "features":" report-status side-band-64k", "received_objects":3, "receive_pack_size":243, "non_fast_forward":false, "current_ref":"refs/heads/main" }
-```
+### Journal logs for the {% data variables.product.prodname_dotcom %} application
 
-## Support bundles
+The following logs record events from the {% data variables.product.prodname_dotcom %} application on your instance.
 
-The support bundle includes system logs and all audit information is logged to the `audit.log` file in the `github-logs` directory. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support)."
+| Service name | Description |
+| :- | :- |
+| <pre>github-resqued</pre> | Records events related to background jobs. {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}If the job involves built-in or external authentication, this log includes information about the request. <br/><br/> If the instance uses LDAP authentication and LDAP Sync is enabled, events for LDAP Sync appear in this log. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)."{% endif %} |
+| <pre>github-unicorn</pre> | Records HTTP and HTTPS operations that users perform in the instance's web UI or via the APIs. {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}If the operation involves built-in or external authentication, this log includes information about the request. <br/><br/> If debug logging is enabled for LDAP or SAML authentication, the debug-level information for authenticated requests appear in this log. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap)" or "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication#configuring-saml-debugging)."{% endif %} |
 
-## Further reading
+### Journal logs for Git
 
-- [Linux man page for the `journalctl` command](https://man7.org/linux/man-pages/man1/journalctl.1.html)
+The following logs contain events related to Git activity on your instance.
+
+| Service name | Description |
+| :- | :- |
+| <pre>babeld</pre> | Records events for all Git activity on the instance, including authentication to access the repository. |
+| <pre>codeload</pre> | Records events for activity related to the generation or retrieval of code archives for repositories on the instance. |
+| <pre>gpgverify</pre> | Records events related to commit signature verification. For more information, see "[AUTOTITLE](/authentication/managing-commit-signature-verification/about-commit-signature-verification)." |
+
+### Journal logs for storage
+
+The following logs contain events from services that store or retrieve data on your instance.
+
+| Service name | Description |
+| :- | :- |
+| <pre>alambic</pre> | Records events related to the storage and retrieval of files, such as {% data variables.large_files.product_name_short %} objects, avatar images, file attachments from comments in the web UI, and release archives. |
+
+## About system logs in support bundles
+
+If you generate a support bundle, the file includes system logs. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support)."
diff --git a/content/copilot/getting-started-with-github-copilot.md b/content/copilot/getting-started-with-github-copilot.md
index 5b10df27d5..24ec584ca9 100644
--- a/content/copilot/getting-started-with-github-copilot.md
+++ b/content/copilot/getting-started-with-github-copilot.md
@@ -47,6 +47,7 @@ If you use a JetBrains IDE, you can view and incorporate suggestions from {% dat
   - PyCharm (Professional, Community, Educational)
   - Rider
   - RubyMine
+  - RustRover
   - WebStorm
 
   For more information, see the [JetBrains IDEs](https://www.jetbrains.com/products/) tool finder.
diff --git a/content/get-started/learning-about-github/index.md b/content/get-started/learning-about-github/index.md
index 0ccdcbf2aa..4637cc412e 100644
--- a/content/get-started/learning-about-github/index.md
+++ b/content/get-started/learning-about-github/index.md
@@ -18,6 +18,7 @@ topics:
 children:
   - /githubs-plans
   - /about-versions-of-github-docs
+  - /using-hover-cards-on-github-docs
   - /github-language-support
   - /types-of-github-accounts
   - /access-permissions-on-github
diff --git a/content/get-started/learning-about-github/using-hover-cards-on-github-docs.md b/content/get-started/learning-about-github/using-hover-cards-on-github-docs.md
new file mode 100644
index 0000000000..9cecedbff3
--- /dev/null
+++ b/content/get-started/learning-about-github/using-hover-cards-on-github-docs.md
@@ -0,0 +1,24 @@
+---
+title: Using hover cards on GitHub Docs
+intro: 'Hover cards give you information about other articles on {% data variables.product.prodname_docs %}.'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+shortTitle: Hover cards on Docs
+---
+
+## About hover cards
+
+When you're reading an article on {% data variables.product.prodname_docs %} and find a link to another article, you can open a hover card to get more information about the article. The hover card provides basic information about the article, so you can determine whether it will be useful to you without leaving the article you're reading.
+
+If you navigate {% data variables.product.prodname_docs %} with a mouse, the hover card is displayed when you hover the cursor over a link.
+
+![Screenshot of part of an article on {% data variables.product.prodname_docs %}. A cursor hovers over a link to an article called "Create a repo," and a hover card displays the article's location, title, and introduction.](/assets/images/help/docs/hover-card.png)
+
+## Using hover cards with a keyboard
+
+When you have placed focus on a link to an article, you can press <kbd>Enter</kbd> to follow the link directly, or you can press <kbd>Alt</kbd>+<kbd>↑</kbd> (Windows/Linux) or <kbd>Option</kbd>+<kbd>↑</kbd> (Mac) to open the hover card.
+
+With the hover card open, you can press <kbd>Enter</kbd> to follow the link, or you can press <kbd>Esc</kbd> to close the hover card.
diff --git a/content/get-started/using-git/troubleshooting-the-2-gb-push-limit.md b/content/get-started/using-git/troubleshooting-the-2-gb-push-limit.md
index 367cbf2955..be0bc566b7 100644
--- a/content/get-started/using-git/troubleshooting-the-2-gb-push-limit.md
+++ b/content/get-started/using-git/troubleshooting-the-2-gb-push-limit.md
@@ -29,7 +29,7 @@ You can avoid hitting the limit by breaking your push into smaller parts, each o
    git log --oneline --reverse refs/heads/BRANCH-NAME | awk 'NR % 1000 == 0'
    ```
 
-  This command reveals every 1000th commit. You can increase or decrease the number to adjust the step size.
+    This command reveals every 1000th commit. You can increase or decrease the number to adjust the step size.
 
 1. Push each of these commits one at a time to your {% data variables.product.prodname_dotcom %} hosted repository.
 
diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md
index 1a1f7e81ae..b3e36dbde5 100644
--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md
@@ -115,3 +115,11 @@ For more information about how to create an allow list for a {% data variables.p
 ## Using {% data variables.product.prodname_actions %} with an IP allow list
 
 {% data reusables.actions.ip-allow-list-self-hosted-runners %}
+
+{% ifversion not ghae %}
+
+## Using {% data variables.product.prodname_pages %} with an IP allow list
+
+{% data reusables.pages.ip-allow-list-pages %}
+
+{% endif %}
diff --git a/data/release-notes/enterprise-server/3-10/0.yml b/data/release-notes/enterprise-server/3-10/0.yml
index e17422c763..41ad66927b 100644
--- a/data/release-notes/enterprise-server/3-10/0.yml
+++ b/data/release-notes/enterprise-server/3-10/0.yml
@@ -214,7 +214,7 @@ sections:
       - `log_message`, `msg`, or `message` is now `Body`.
       - `now` is now `Timestamp`.
       - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
-      - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job.
+      - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
 
       For a full list of field mappings, download the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv) and the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv). This change is part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/), and additional field names will change in upcoming releases.
 
diff --git a/data/release-notes/enterprise-server/3-9/0.yml b/data/release-notes/enterprise-server/3-9/0.yml
index e6e6d496c6..d23b5e9099 100644
--- a/data/release-notes/enterprise-server/3-9/0.yml
+++ b/data/release-notes/enterprise-server/3-9/0.yml
@@ -296,7 +296,7 @@ sections:
       - `log_message`, `msg`, or `message` is now `Body`.
       - `now` is now `Timestamp`.
       - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
-      - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job.
+      - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
 
       For a full list of field mappings, download the [OpenTelemetry attribute mapping CSV](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv). This change is part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/), and additional field names will change in upcoming releases.
 
diff --git a/data/reusables/actions/actions-group-concurrency.md b/data/reusables/actions/actions-group-concurrency.md
index a8c47bf599..a38c87ed0d 100644
--- a/data/reusables/actions/actions-group-concurrency.md
+++ b/data/reusables/actions/actions-group-concurrency.md
@@ -2,7 +2,10 @@ When a concurrent job or workflow is queued, if another job or workflow using th
 
 {% note %}
 
-**Note:** The concurrency group name is case insensitive. For example, `prod` and `Prod` will be treated as the same concurrency group.
+**Notes:**
+
+- The concurrency group name is case insensitive. For example, `prod` and `Prod` will be treated as the same concurrency group.
+- Ordering is not guaranteed for jobs or runs using concurrency groups, they are handled in the order that they are processed.
 
 {% endnote %}
 
diff --git a/data/reusables/actions/jobs/section-using-concurrency-jobs.md b/data/reusables/actions/jobs/section-using-concurrency-jobs.md
index 81aaf28d60..9bda5ba7d4 100644
--- a/data/reusables/actions/jobs/section-using-concurrency-jobs.md
+++ b/data/reusables/actions/jobs/section-using-concurrency-jobs.md
@@ -1,9 +1,3 @@
-{% note %}
-
-**Note:** When concurrency is specified at the job level, order is not guaranteed for jobs or runs that queue within 5 minutes of each other.
-
-{% endnote %}
-
 You can use `jobs.<job_id>.concurrency` to ensure that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. Allowed expression contexts: [`github`](/actions/learn-github-actions/contexts#github-context), [`inputs`](/actions/learn-github-actions/contexts#inputs-context), [`vars`](/actions/learn-github-actions/contexts#vars-context), [`needs`](/actions/learn-github-actions/contexts#needs-context), [`strategy`](/actions/learn-github-actions/contexts#strategy-context), and [`matrix`](/actions/learn-github-actions/contexts#matrix-context). For more information about expressions, see "[AUTOTITLE](/actions/learn-github-actions/expressions)."
 
 You can also specify `concurrency` at the workflow level. For more information, see [`concurrency`](/actions/using-workflows/workflow-syntax-for-github-actions#concurrency).
diff --git a/data/reusables/pages/ip-allow-list-pages.md b/data/reusables/pages/ip-allow-list-pages.md
new file mode 100644
index 0000000000..c2a4399a3f
--- /dev/null
+++ b/data/reusables/pages/ip-allow-list-pages.md
@@ -0,0 +1,3 @@
+If you use a custom {% data variables.product.prodname_actions %} workflow as a publishing source for your {% data variables.product.prodname_pages %} site, to permit the runner to connect and build the site, you must configure a rule for your IP allow list.
+
+If you don't use a custom workflow, the build runner will have access to the repository for the {% data variables.product.prodname_pages %} site by default. For more information about publishing sources, see "[Configuring a publishing source for your GitHub Pages site](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)."
diff --git a/src/archives/lib/is-archived-version.js b/src/archives/lib/is-archived-version.js
index ed801679dd..a99099b56a 100644
--- a/src/archives/lib/is-archived-version.js
+++ b/src/archives/lib/is-archived-version.js
@@ -21,7 +21,7 @@ export function isArchivedVersionByPath(pathToCheck) {
 
   // extract enterprise version from path, e.g. 2.16
   const requestedVersion = pathToCheck.includes('enterprise-server@')
-    ? pathToCheck.match(patterns.getEnterpriseServerNumber)[1]
+    ? pathToCheck.match(patterns.getEnterpriseServerNumber)?.[1]
     : pathToCheck.match(patterns.getEnterpriseVersionNumber)[1]
 
   // bail if the request version is not deprecated
diff --git a/src/ghes-releases/lib/enterprise-dates.json b/src/ghes-releases/lib/enterprise-dates.json
index f831add605..46f66ea5ec 100644
--- a/src/ghes-releases/lib/enterprise-dates.json
+++ b/src/ghes-releases/lib/enterprise-dates.json
@@ -121,7 +121,7 @@
   },
   "3.6": {
     "releaseDate": "2022-07-26",
-    "deprecationDate": "2023-09-12"
+    "deprecationDate": "2023-09-25"
   },
   "3.7": {
     "releaseDate": "2022-10-25",
diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json
index cc03cff154..e5af0051eb 100644
--- a/src/github-apps/lib/config.json
+++ b/src/github-apps/lib/config.json
@@ -60,5 +60,5 @@
       "2022-11-28"
     ]
   },
-  "sha": "1b91b04f33ca9cd793951478139283ed4f540421"
+  "sha": "cd15105abbd188f1d9bc5ac730932fff9fe5cd8e"
 }
\ No newline at end of file
diff --git a/src/links/components/LinkPreviewPopover.tsx b/src/links/components/LinkPreviewPopover.tsx
index 0acf6ce8dd..a0107493fc 100644
--- a/src/links/components/LinkPreviewPopover.tsx
+++ b/src/links/components/LinkPreviewPopover.tsx
@@ -309,6 +309,8 @@ function fillPopover(
     popover.style.top = `${top - popover.offsetHeight - 10}px`
   }
 
+  popover.style.setProperty('top', popover.style.top, 'important')
+
   if (callback) {
     callback(popover)
   }
@@ -410,16 +412,7 @@ export function LinkPreviewPopover() {
   }, [])
 
   useEffect(() => {
-    // If the current window is too narrow, the popover is not useful.
-    // Since this is tested on every event callback here in the handler,
-    // if the window width has changed since the mount, the number
-    // will change accordingly.
-    const wideEnough = window.innerWidth > 767
-
     function showPopover(event: MouseEvent) {
-      if (!wideEnough) {
-        return
-      }
       const target = event.currentTarget as HTMLLinkElement
       popoverShow(target)
 
diff --git a/src/pageinfo/middleware.js b/src/pageinfo/middleware.js
index 8399d5891f..741091210f 100644
--- a/src/pageinfo/middleware.js
+++ b/src/pageinfo/middleware.js
@@ -83,6 +83,22 @@ const pageinfoMiddleware = (req, res, next) => {
   return next()
 }
 
+// THIS IS AN EXPERIMENT. THIS CODE WILL BE DELETED IN THE NEAR FUTURE.
+// The cache-control headers (and surrogate-control) are set to be
+// aggressive. That means that in theory, after a deployment, when Fastly
+// has been purged accordingly, the next time a pageinfo is requested,
+// it'll come here to the backend code and produce the JSON response,
+// and once it's done it once, it won't be needed again, because,
+// in theory, the CDN will have cached it.
+// But pageinfo requests are very frequent. So frequent that sometimes,
+// the delay of CDN is longer than the chance of it being requested again
+// from the backend. This can possibly still happen even with a origin
+// shield.
+// In this experiment we want to measure how often this happens.
+// We are going to test how often the CDN requests the *same* pageinfo from the
+// backend.
+const CACHEABLE_PATHNAMES = new Map()
+
 router.get(
   '/v1',
   validationMiddleware,
@@ -159,8 +175,20 @@ router.get(
       intro,
     }
 
-    const tags = ['version:v1', `pathname:${pathname}`]
-    statsd.increment('api.pageinfo', 1, tags)
+    const tags = [
+      // According to https://docs.datadoghq.com/getting_started/tagging/#define-tags
+      // the max length of a tag is 200 characters. Most of ours are less than
+      // that but we truncate just to be safe.
+      `pathname:${pathname}`.slice(0, 200),
+    ]
+    statsd.increment('pageinfo.lookup', 1, tags)
+
+    // See lengthy comment above about the experiment and the
+    // CACHEABLE_PATHNAMES global Map object.
+    if (CACHEABLE_PATHNAMES.has(pathname)) {
+      statsd.increment('pageinfo.cacheable', CACHEABLE_PATHNAMES.get(pathname), tags)
+    }
+    CACHEABLE_PATHNAMES.set(pathname, (CACHEABLE_PATHNAMES.get(pathname) || 0) + 1)
 
     defaultCacheControl(res)
 
diff --git a/src/rest/data/fpt-2022-11-28/schema.json b/src/rest/data/fpt-2022-11-28/schema.json
index e8db26345d..f482c43884 100644
--- a/src/rest/data/fpt-2022-11-28/schema.json
+++ b/src/rest/data/fpt-2022-11-28/schema.json
@@ -136129,7 +136129,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -137698,7 +137698,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -138996,7 +138996,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -147492,7 +147492,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/data/ghae/schema.json b/src/rest/data/ghae/schema.json
index 450067f092..6669c21798 100644
--- a/src/rest/data/ghae/schema.json
+++ b/src/rest/data/ghae/schema.json
@@ -100935,7 +100935,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -102504,7 +102504,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -103802,7 +103802,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/github-ae@latest/rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/github-ae@latest/rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -112298,7 +112298,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/data/ghec-2022-11-28/schema.json b/src/rest/data/ghec-2022-11-28/schema.json
index 76db13dcfd..d0fb0b5a87 100644
--- a/src/rest/data/ghec-2022-11-28/schema.json
+++ b/src/rest/data/ghec-2022-11-28/schema.json
@@ -146433,7 +146433,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -148002,7 +148002,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -149300,7 +149300,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/enterprise-cloud@latest//rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/enterprise-cloud@latest//rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -157796,7 +157796,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/data/ghes-3.10-2022-11-28/schema.json b/src/rest/data/ghes-3.10-2022-11-28/schema.json
index e2b674a055..faaad605f7 100644
--- a/src/rest/data/ghes-3.10-2022-11-28/schema.json
+++ b/src/rest/data/ghes-3.10-2022-11-28/schema.json
@@ -142460,7 +142460,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -144029,7 +144029,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -145327,7 +145327,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/enterprise-server@3.10/rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/enterprise-server@3.10/rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -153823,7 +153823,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/data/ghes-3.6/schema.json b/src/rest/data/ghes-3.6/schema.json
index 9545fd5bb8..058492780e 100644
--- a/src/rest/data/ghes-3.6/schema.json
+++ b/src/rest/data/ghes-3.6/schema.json
@@ -135811,7 +135811,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -137380,7 +137380,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -138678,7 +138678,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/enterprise-server@3.6/rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/enterprise-server@3.6/rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -146869,7 +146869,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/data/ghes-3.7/schema.json b/src/rest/data/ghes-3.7/schema.json
index f4edceb45a..42c22494af 100644
--- a/src/rest/data/ghes-3.7/schema.json
+++ b/src/rest/data/ghes-3.7/schema.json
@@ -136782,7 +136782,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -138351,7 +138351,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -139649,7 +139649,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/enterprise-server@3.7/rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/enterprise-server@3.7/rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -147855,7 +147855,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/data/ghes-3.8/schema.json b/src/rest/data/ghes-3.8/schema.json
index b82adbce64..79b34185ef 100644
--- a/src/rest/data/ghes-3.8/schema.json
+++ b/src/rest/data/ghes-3.8/schema.json
@@ -140113,7 +140113,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -141682,7 +141682,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -142980,7 +142980,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/enterprise-server@3.8/rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/enterprise-server@3.8/rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -151186,7 +151186,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/data/ghes-3.9-2022-11-28/schema.json b/src/rest/data/ghes-3.9-2022-11-28/schema.json
index 33ff59e548..94e111f3cb 100644
--- a/src/rest/data/ghes-3.9-2022-11-28/schema.json
+++ b/src/rest/data/ghes-3.9-2022-11-28/schema.json
@@ -141267,7 +141267,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>",
+        "descriptionHTML": "<p>Updates a check run for a specific commit in a repository. Your GitHub App must have the <code>checks:write</code> permission to edit check runs.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -142836,7 +142836,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a check suite using its <code>id</code>. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -144134,7 +144134,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check runs for a commit ref. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to get check runs. OAuth apps and authenticated users must have the <code>repo</code> scope to get check runs in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array.</p>\n<p>If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the <a href=\"https://docs.github.com/enterprise-server@3.9/rest/reference/checks#list-check-suites-for-a-git-reference\">List check suites for a Git reference</a> endpoint and provide the <code>check_suite_id</code> parameter to the <a href=\"https://docs.github.com/enterprise-server@3.9/rest/reference/checks#list-check-runs-in-a-check-suite\">List check runs in a check suite</a> endpoint.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
@@ -152560,7 +152560,7 @@
           }
         ],
         "previews": [],
-        "descriptionHTML": "<p><strong>Note:</strong> The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>\n<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>",
+        "descriptionHTML": "<p>Lists check suites for a commit <code>ref</code>. The <code>ref</code> can be a SHA, branch name, or a tag name. GitHub Apps must have the <code>checks:read</code> permission on a private repository or pull access to a public repository to list check suites. OAuth apps and authenticated users must have the <code>repo</code> scope to get check suites in a private repository.</p>\n<p><strong>Note:</strong> The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty <code>pull_requests</code> array and a <code>null</code> value for <code>head_branch</code>.</p>",
         "statusCodes": [
           {
             "httpStatusCode": "200",
diff --git a/src/rest/lib/config.json b/src/rest/lib/config.json
index 8f000c48c8..1001766c12 100644
--- a/src/rest/lib/config.json
+++ b/src/rest/lib/config.json
@@ -36,5 +36,5 @@
       ]
     }
   },
-  "sha": "1b91b04f33ca9cd793951478139283ed4f540421"
+  "sha": "cd15105abbd188f1d9bc5ac730932fff9fe5cd8e"
 }
\ No newline at end of file
diff --git a/src/versions/scripts/toggle-ghae-feature-flags.js b/src/versions/scripts/toggle-ghae-feature-flags.js
index 5d252b66fe..ffcecc2894 100755
--- a/src/versions/scripts/toggle-ghae-feature-flags.js
+++ b/src/versions/scripts/toggle-ghae-feature-flags.js
@@ -4,8 +4,8 @@ import fs from 'fs'
 import path from 'path'
 import { program } from 'commander'
 import walk from 'walk-sync'
-import { execSync } from 'child_process'
-
+import { execSync, execFileSync } from 'child_process'
+import { escapeRegExp } from 'lodash-es'
 import frontmatter from '../../../lib/read-frontmatter.js'
 
 const scriptName = new URL(import.meta.url).pathname.split('/').pop()
@@ -76,11 +76,12 @@ if (options.toggleFlags) {
 if (options.toggleFlags) {
   // Refuse to proceed if repository has uncommitted changes.
 
-  const localChangesCount = execSync(
-    `git status ${contentDir} ${reusablesDir} ${dataDir} --porcelain=v1 2>/dev/null | wc -l`,
-  ).toString()
+  const cmd = 'git'
+  const args = ['status', contentDir, reusablesDir, dataDir, '--porcelain=v1']
+  const localChangesCount = execFileSync(cmd, args).toString().trim()
 
-  if (localChangesCount > 0) {
+  // localChangesCount can return an empty line, this conditional ignores that scenario
+  if (localChangesCount && localChangesCount.split(/\n/g).length > 0) {
     console.log("Error: refusing to proceed due to uncommitted changes (review 'git status')")
     process.exit(1)
   }
@@ -235,7 +236,7 @@ if (options.showFlags) {
     allFlags[flag].forEach((file) => {
       const fileContent = fs.readFileSync(file, 'utf8')
       const { data } = frontmatter(fileContent)
-      const liquidReplacementRegExp = new RegExp(`${plan}-${flag}`, 'g')
+      const liquidReplacementRegExp = new RegExp(`${plan}-${escapeRegExp(flag)}`, 'g')
       let newContent
 
       if (file.endsWith('.md')) {
@@ -250,7 +251,7 @@ if (options.showFlags) {
         }
         fs.writeFileSync(file, frontmatter.stringify(newContent, data, { lineWidth: 10000 }))
       } else if (file.endsWith('.yml')) {
-        const yamlReplacementRegExp = new RegExp(`${plan}: ['"]+${flag}['"]+`, 'g')
+        const yamlReplacementRegExp = new RegExp(`${plan}: ['"]+${escapeRegExp(flag)}['"]+`, 'g')
 
         // Update versions in YAML files for feature-based versioning.
 
@@ -296,7 +297,9 @@ if (options.showFlags) {
     // Check out any file that had syntax adjusted, but didn't contain one
     // or more feature flags to toggle.
 
-    execSync(`git checkout --quiet ${contentDir} ${reusablesDir} ${dataDir}`)
+    const cmd = 'git'
+    const args = ['checkout', '--quiet', contentDir, reusablesDir, dataDir]
+    execFileSync(cmd, args)
   })
 
   if (commitCount > 0) {
diff --git a/src/webhooks/lib/config.json b/src/webhooks/lib/config.json
index 6ebb613f88..460f7b0450 100644
--- a/src/webhooks/lib/config.json
+++ b/src/webhooks/lib/config.json
@@ -1,3 +1,3 @@
 {
-  "sha": "1b91b04f33ca9cd793951478139283ed4f540421"
+  "sha": "cd15105abbd188f1d9bc5ac730932fff9fe5cd8e"
 }
\ No newline at end of file