Merge pull request github#35656 from github/repo-sync

Repo sync
ebfork · Dec 13, 2024 · 4c822d8 · 4c822d8
2 parents 1a7a234 + 1f0cb7f
commit 4c822d8
Show file tree

Hide file tree

Showing 139 changed files with 672 additions and 720 deletions.
diff --git a/...advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md b/...advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
@@ -137,7 +137,7 @@ Dependency caching works with all build modes, and is supported by {% data varia
 
 ### Enabling dependency caching for {% data variables.product.prodname_codeql %}
 
-For default setup workflows, dependency caching is enabled by default for {% data variables.product.github %}-hosted runners in public repositories.
+For default setup workflows, dependency caching is enabled by default for {% data variables.product.github %}-hosted runners in public and private repositories.
 
 For advanced setup workflows, dependency caching is disabled by default. To enable dependency caching for {% data variables.product.prodname_codeql %}, use the `dependency-caching` setting for the {% data variables.product.prodname_codeql %} action in your advanced setup workflow. This setting accepts the following values:
 

diff --git a/...security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/...security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
@@ -67,34 +67,6 @@ The alert details page of alerts on development-scoped packages shows a "Tags" s
 
 ![Screenshot showing the "Tags" section in the alert details page. The label is highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-tags-section.png)
 
-{% ifversion dependabot-alerts-vulnerable-calls %}
-
-## About the detection of calls to vulnerable functions
-
-{% data reusables.dependabot.vulnerable-calls-beta %}
-
-When {% data variables.product.prodname_dependabot %} tells you that your repository uses a vulnerable dependency, you need to determine what the vulnerable functions are and check whether you are using them. Once you have this information, then you can determine how urgently you need to upgrade to a secure version of the dependency.
-
-For supported languages, {% data variables.product.prodname_dependabot %} automatically detects whether you use a vulnerable function and adds the label "Vulnerable call" to affected alerts. You can use this information in the {% data variables.product.prodname_dependabot_alerts %} view to triage and prioritize remediation work more effectively.
-
-> [!NOTE]
-> During the {% data variables.release-phases.public_preview %} release, this feature is available only for new Python advisories created _after_ April 14, 2022, and for a subset of historical Python advisories. {% data variables.product.prodname_dotcom %} is working to backfill data across additional historical Python advisories, which are added on a rolling basis. Vulnerable calls are highlighted only on the {% data variables.product.prodname_dependabot_alerts %} pages.
-
-![Screenshot showing an alert with the "Vulnerable call" label. The label is outlined in orange.](/assets/images/help/repository/dependabot-alerts-vulnerable-call-label.png)
-
-You can filter the view to show only alerts where {% data variables.product.prodname_dependabot %} detected at least one call to a vulnerable function using the `has:vulnerable-calls` filter in the search field.
-
-For alerts where vulnerable calls are detected, the alert details page shows additional information:
-
-* One or more code blocks showing where the function is used.
-* An annotation listing the function itself, with a link to the line where the function is called.
-
-![Screenshot showing a {% data variables.product.prodname_dependabot %} alert with a "Vulnerable call" label. A code block, showing "Vulnerable function called", and a link, titled "See all your affected repositories", are highlighted with a dark orange outline.](/assets/images/help/repository/review-calls-to-vulnerable-functions.png)
-
-For more information, see [Reviewing and fixing alerts](#reviewing-and-fixing-alerts) below.
-
-{% endif %}
-
 ## Viewing {% data variables.product.prodname_dependabot_alerts %}
 
 {% data reusables.dependabot.where-to-view-dependabot-alerts %} You can sort and filter {% data variables.product.prodname_dependabot_alerts %} by selecting a filter from the dropdown menu.
@@ -120,12 +92,6 @@ If a patched version of the dependency is available, you can generate a {% data
 
 In cases where a patched version is not available, or you can’t update to the secure version, {% data variables.product.prodname_dependabot %} shares additional information to help you determine next steps. When you click through to view a {% data variables.product.prodname_dependabot %} alert, you can see the full details of the security advisory for the dependency including the affected functions. You can then check whether your code calls the impacted functions. This information can help you further assess your risk level, and determine workarounds or if you’re able to accept the risk represented by the security advisory.
 
-{% ifversion dependabot-alerts-vulnerable-calls %}
-
-For supported languages, {% data variables.product.prodname_dependabot %} detects calls to vulnerable functions for you. When you view an alert labeled as "Vulnerable call", the details include the name of the function and a link to the code that calls it. Often you will be able to take decisions based on this information, without exploring further.
-
-{% endif %}
-
 {% ifversion copilot-chat-ghas-alerts %}
 
 With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand {% data variables.product.prodname_dependabot_alerts %} in repositories in your organization. For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).

diff --git a/...urity-features-in-your-organization/creating-a-custom-security-configuration.md b/...urity-features-in-your-organization/creating-a-custom-security-configuration.md
@@ -38,7 +38,7 @@ When creating a security configuration, keep in mind that:
 <!-- Note: this article has two entirely separate procedures for cloud and server users. -->
 
 >[!NOTE]
-> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, vulnerability exposure analysis, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}.
+> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}.
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
@@ -52,9 +52,6 @@ When creating a security configuration, keep in mind that:
     * {% data variables.product.prodname_dependabot %}. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
     * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
 
-    > [!NOTE]
-    > You cannot manually change the enablement settings for vulnerable function calls. If {% data variables.product.prodname_GH_advanced_security %} features and {% data variables.product.prodname_dependabot_alerts %} are enabled, vulnerable function calls is also enabled. Otherwise, it is disabled.
-
 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup.{% ifversion code-scanning-default-setup-customize-labels %}
  If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can also choose to use custom-labeled runners at this step.{% endif %} See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
 1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:

diff --git a/content/packages/learn-github-packages/about-permissions-for-github-packages.md b/content/packages/learn-github-packages/about-permissions-for-github-packages.md
@@ -30,7 +30,7 @@ The following {% data variables.product.prodname_registry %} registries support
 
 ## Permissions for repository-scoped packages
 
-A repository-scoped package inherits the permissions and visibility of the repository in which the package is published. You can find a package scoped to a repository by going to the main page of the repository and clicking the **Packages** link to the right of the page. {% ifversion fpt or ghec %}For more information, see "[AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package)."{% endif %}
+A repository-scoped package inherits the permissions and visibility of the repository in which the package is published. You can find a package scoped to a repository by going to the main page of the repository and clicking the **Packages** link to the right of the page. {% ifversion fpt or ghec %}For more information, see [AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package).{% endif %}
 
 The following {% data variables.product.prodname_registry %} registries **only** support repository-scoped permissions.
 
@@ -49,13 +49,13 @@ The following {% data variables.product.prodname_registry %} registries **only**
 * RubyGems registry
 {%- endif %}
 
-For {% ifversion ghes %}the {% data variables.product.prodname_container_registry %}{% else %}other registries{% endif %}, you can choose to allow packages to be scoped to a user or an organization, or linked to a repository. {% ifversion docker-ghcr-enterprise-migration %}For information about migration to the {% data variables.product.prodname_container_registry %}, see "[AUTOTITLE](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry)."{% endif %}
+For {% ifversion ghes %}the {% data variables.product.prodname_container_registry %}{% else %}other registries{% endif %}, you can choose to allow packages to be scoped to a user or an organization, or linked to a repository. {% ifversion docker-ghcr-enterprise-migration %}For information about migration to the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry).{% endif %}
 
 ## Visibility and access permissions for packages
 
 {% data reusables.package_registry.visibility-and-access-permissions %}
 
-For more information, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)."
+For more information, see [AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility).
 
 ## About scopes and permissions for package registries
 
@@ -65,7 +65,7 @@ To use or manage a package hosted by a package registry, you must use a {% data
 
 For example:
 * To download and install packages from a repository, your {% data variables.product.pat_v1 %} must have the `read:packages` scope, and your user account must have read permission.
-* To delete a package on {% data variables.product.product_name %}, your {% data variables.product.pat_v1 %} must at least have the `delete:packages` and `read:packages` scope. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."
+* To delete a package on {% data variables.product.product_name %}, your {% data variables.product.pat_v1 %} must at least have the `delete:packages` and `read:packages` scope. For more information, see [AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package).
 
 | Scope | Description | Required permission |
 | --- | --- | --- |
@@ -78,25 +78,25 @@ For example:
 When you create a {% data variables.product.prodname_actions %} workflow, you can use the `GITHUB_TOKEN` to publish, install, delete, and restore packages in {% data variables.product.prodname_registry %} without needing to store and manage a {% data variables.product.pat_generic %}.
 
 For more information, see:{% ifversion fpt or ghec %}
-* "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)"{% endif %}
-* "[AUTOTITLE](/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions)"
-* "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)"
-* "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes)"
+* [AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility){% endif %}
+* [AUTOTITLE](/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions)
+* [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
+* [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes)
 
 ## About repository transfers
 
-You can transfer a repository to another personal account or organization. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository)."
+You can transfer a repository to another personal account or organization. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository).
 
 When you transfer a repository, {% data variables.product.prodname_dotcom %} may transfer the packages associated with the repository, depending on the registry the packages belong to.
 
-* For registries that support granular permissions, packages are scoped to a personal account or organization, and the account associated with the package does not change when you transfer a repository. If you have linked a package to a repository, the link is removed when you transfer the repository to another user. Any {% ifversion fpt or ghec %}codespaces or {% endif %}{% data variables.product.prodname_actions %} workflows associated with the repository will lose access to the package. If the package inherited its access permissions from the linked repository, users will lose access to the package. For the list of these registries, see "[Granular permissions for user/organization-scoped packages](#granular-permissions-for-userorganization-scoped-packages)" above.
-* For registries that only support repository-scoped permissions, packages are published directly to repositories, and {% data variables.product.prodname_dotcom %} transfers the packages associated with a repository as part of the repository transfer. All billable usage associated with the packages will subsequently be billed to the new owner of the repository. If the previous repository owner is removed as a collaborator on the repository, they may no longer be able to access the packages associated with the repository. For the list of these registries, see "[Permissions for repository-scoped packages](#permissions-for-repository-scoped-packages)" above.
+* For registries that support granular permissions, packages are scoped to a personal account or organization, and the account associated with the package does not change when you transfer a repository. If you have linked a package to a repository, the link is removed when you transfer the repository to another user. Any {% ifversion fpt or ghec %}codespaces or {% endif %}{% data variables.product.prodname_actions %} workflows associated with the repository will lose access to the package. If the package inherited its access permissions from the linked repository, users will lose access to the package. For the list of these registries, see [Granular permissions for user/organization-scoped packages](#granular-permissions-for-userorganization-scoped-packages) above.
+* For registries that only support repository-scoped permissions, packages are published directly to repositories, and {% data variables.product.prodname_dotcom %} transfers the packages associated with a repository as part of the repository transfer. All billable usage associated with the packages will subsequently be billed to the new owner of the repository. If the previous repository owner is removed as a collaborator on the repository, they may no longer be able to access the packages associated with the repository. For the list of these registries, see [Permissions for repository-scoped packages](#permissions-for-repository-scoped-packages) above.
 
 ## Maintaining access to packages in {% data variables.product.prodname_actions %} workflows
 
 To ensure your workflows will maintain access to your packages, ensure that you're using the right access token in your workflow and that you've enabled {% data variables.product.prodname_actions %} access to your package.
 
-For more conceptual background on {% data variables.product.prodname_actions %} or examples of using packages in workflows, see "[AUTOTITLE](/packages/managing-github-packages-using-github-actions-workflows)."
+For more conceptual background on {% data variables.product.prodname_actions %} or examples of using packages in workflows, see [AUTOTITLE](/packages/managing-github-packages-using-github-actions-workflows).
 
 ### Access tokens
 
@@ -105,12 +105,12 @@ For more conceptual background on {% data variables.product.prodname_actions %}
 * To publish, install, delete, and restore packages associated with the workflow repository, use `GITHUB_TOKEN`.
 * To install packages associated with other private repositories that `GITHUB_TOKEN` can't access, use a {% data variables.product.pat_v1 %}
 
-For more information about `GITHUB_TOKEN` used in {% data variables.product.prodname_actions %} workflows, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow)."
+For more information about `GITHUB_TOKEN` used in {% data variables.product.prodname_actions %} workflows, see [AUTOTITLE](/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow).
 
 {% ifversion fpt or ghec %}
 
 ### {% data variables.product.prodname_actions %} access for packages with granular permissions
 
-To ensure your workflows have access to packages stored in registries that support granular permissions, you must give {% data variables.product.prodname_actions %} access to the repositories where your workflow is run. You can find this setting on your package's settings page. For more information, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package)."
+To ensure your workflows have access to packages stored in registries that support granular permissions, you must give {% data variables.product.prodname_actions %} access to the repositories where your workflow is run. You can find this setting on your package's settings page. For more information, see [AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package).
 
 {% endif %}