Merge pull request #34441 from github/repo-sync

Repo sync

.github/branch_protection_settings/main.json

@@ -39,7 +39,8 @@
       "frame",
       "products",
       "workflows",
-      "lint-code"
+      "lint-code",
+      "secret-scanning",
     ],
     "contexts_url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks/contexts",
     "checks": [
@@ -81,7 +82,8 @@
       { "context": "frame", "app_id": 15368 },
       { "context": "products", "app_id": 15368 },
       { "context": "workflows", "app_id": 15368 },
-      { "context": "lint-code", "app_id": 15368 }
+      { "context": "lint-code", "app_id": 15368 },
+      { "context": "secret-scanning", "app_id": 15368 }
     ]
   },
   "restrictions": {

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md

@@ -16,7 +16,9 @@ shortTitle: Manage support entitlements
 
 People with support entitlements for your enterprise account can use the support portal to open, view, and comment on support tickets associated with the enterprise account.
 
-Enterprise owners and billing managers automatically have a support entitlement. Enterprise owners can add support entitlements to up to 20 additional members of organizations owned by their enterprise account.
+Enterprise owners and billing managers automatically have a support entitlement. Enterprise owners can add support entitlements to a limited number of enterprise members.
+* **{% data variables.product.premium_support_plan %}**: Up to 20 members
+* **{% data variables.product.premium_plus_support_plan %}**: Up to 40 members
 
 ## Adding a support entitlement to an enterprise member
 

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md

@@ -20,5 +20,3 @@ shortTitle: Delegated bypass
 {% data reusables.secret-scanning.push-protection-delegated-bypass-intro %}
 
 {% data reusables.secret-scanning.push-protection-delegated-bypass-overview %}
-
-For information about enabling delegated bypass, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection)."

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md

@@ -14,7 +14,7 @@ topics:
 shortTitle: Enable delegated bypass
 ---
 
-## Enabling delegated bypass for push protection
+## About enabling delegated bypass for push protection
 
 {% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
 
@@ -24,6 +24,8 @@ When you enable this feature, you will create a bypass list of roles and teams w
 
 >[!NOTE] You can't add secret teams to the bypass list.
 
+{% ifversion push-protection-bypass-fine-grained-permissions %}Alternatively, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions, which give you more refined control over which individuals and teams can approve and deny bypass requests. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %}
+
 ## Configuring delegated bypass for an organization
 
 {% data reusables.organizations.navigate-to-org %}
@@ -51,3 +53,16 @@ When you enable this feature, you will create a bypass list of roles and teams w
    >[!NOTE] You can't add secret teams to the bypass list.
 
 1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
+
+{% ifversion push-protection-bypass-fine-grained-permissions %}
+
+## Using fine-grained permissions to control who can review and manage bypass requests
+
+You can grant specific individuals or teams the ability to review and manage bypass requests using fine-grained permissions.
+
+1. Ensure that delegated bypass is enabled for the organization. For more information, follow steps 1-5 in "[Configuring delegated bypass for your organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)."
+1. Create (or edit) a custom organization role. For information on creating and editing custom roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles#creating-a-custom-role)."
+1. When choosing which permissions to add to the custom role, select the "Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests" permission.
+1. Assign the custom role to individual members or teams in your organization. For more information on assigning custom roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles#assigning-an-organization-role)."
+
+{% endif %}

content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md

@@ -27,7 +27,9 @@ After you index a repository it is automatically re-indexed every time a change
 1. On {% data variables.product.prodname_dotcom_the_website %}, browse to the repository you want to index.
 1. On any page, click the **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** icon in the upper-right corner.
 
-   The indexing status of the repository is displayed near top of the {% data variables.product.prodname_copilot_short %} Chat panel.
+   If the repository has been indexed, this is shown near top of the {% data variables.product.prodname_copilot_short %} Chat panel.
+
+   ![Screenshot showing 'Indexed for improved understanding and accuracy' highlighted with a dark orange outline.](/assets/images/help/copilot/indexed-repo.png)
 
 1. If the repository has not been indexed, an **Index REPOSITORY NAME** button is displayed. Click this button to start the indexing process.
 

content/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom.md

@@ -106,19 +106,31 @@ Depending on the question you ask, and your enterprise and organization settings
 
 {% data variables.product.prodname_copilot_short %} allows you to use natural language questions to explore repositories on {% data variables.product.prodname_dotcom %}. This can help you get a better understanding of where specific aspects of a codebase are implemented.
 
-{% data reusables.copilot.go-to-copilot-page %}
+1. On the {% data variables.product.prodname_dotcom %} website, go to the repository you want to chat about.
 
-{% data reusables.copilot.ask-copilot-not-displayed %}
+1. Click the **{% octicon "copilot" aria-hidden="true" %}** {% data variables.product.prodname_copilot %} icon at the top right of the page.
 
-1. In the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and press <kbd>Enter</kbd>.
+   The {% data variables.product.prodname_copilot_chat %} panel is displayed. To resize the panel, click and drag the top or left edge.
+
+1. The heading at the top of the panel should read "Chatting about" followed by the name of the current repository.
+
+   If the wrong repository name is displayed, because you were previously chatting about another repository, click **All repositories** then choose the repository you want to chat about.
+
+   ![Screenshot of the {% data variables.product.prodname_copilot_short %} chat panel page with "All repositories" highlighted with a dark orange outline.](/assets/images/help/copilot/copilot-chat-all-repositories.png)
+
+1. In the "Ask {% data variables.product.prodname_copilot_short %}" box, at the bottom of the chat panel, type a question and press <kbd>Enter</kbd>.
 
    For example, you could ask:
 
    * When was the most recent release?
    * Where is rate limiting implemented in our API?
    * How does the WidgetFactory class work?
-   * Where is the code for converting an organization member to be an outside collaborator?
+   * Where is the code for updating a phone number?
    * Where are SAT tokens generated?
+   * Show the most recently updated issues assigned to USERNAME
+   * List open issues about SUBJECT
+   * What was the last merged PR by USERNAME
+   * What are the latest commits to the main branch by USERNAME
 
    {% data variables.product.prodname_copilot_short %} replies in the chat panel.
 

content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md

@@ -51,5 +51,8 @@ Manage organization OAuth application policies | Access to the "OAuth applicatio
 |  {% ifversion actions-usage-metrics %} |
 | View organization Actions usage metrics | View {% data variables.product.prodname_actions %} usage metrics for your organization. | "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)" |
 |  {% endif %} |
+|  {% ifversion push-protection-bypass-fine-grained-permissions %} |
+| Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests | Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests for your organization. | "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection)" |
+|  {% endif %} |
 
 {% endrowheaders %}

content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md

@@ -205,6 +205,9 @@ Some of the features listed below are limited to organizations using {% data var
 | {% ifversion repo-rules-enterprise %} |
 | Manage organization-level rulesets (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
 | {% endif %} |
+| {% ifversion push-protection-bypass-fine-grained-permissions %} |
+| Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests (see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% endif %} |
 
 {% endrowheaders %}
 

content/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors.md

@@ -47,3 +47,11 @@ Featured sponsors allows you to spotlight your sponsors. You can opt to automati
     * A pop up window will display allowing you to search your sponsors. Click on the desired sponsors and click **Save**.
 
 {% data reusables.sponsors.save-profile %}
+
+## Sharing your profile
+
+Let others know about your Sponsors profile by sharing it out on social media or embedding it on your personal website.
+
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+1. From the left sidebar, click **Overview**.
+1. Under "Share it out", select the option to share your Sponsors profile on social media or embed it on a website.

content/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-goal.md

@@ -46,3 +46,11 @@ After you retire a goal, you won't be able to reactivate the goal. You must crea
 {% data reusables.sponsors.navigate-to-your-goals-tab %}
 {% data reusables.sponsors.edit-goal %}
 {% data reusables.sponsors.retire-goal %}
+
+## Sharing a goal
+
+You can share your sponsorship goal on social media or embed it on your personal website.
+
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-your-goals-tab %}
+1. Under your goal, click the **Share** or **Embed it** button.

content/support/learning-about-github-support/about-github-premium-support.md

@@ -48,7 +48,7 @@ There are two {% data variables.contact.premium_support %} plans: Premium and Pr
 | Initial response time | <ul><li>30 minutes for {% data variables.product.support_ticket_priority_urgent %} (including initial troubleshooting)</li><li>4 hours for {% data variables.product.support_ticket_priority_high %}</li></ul> | <ul><li>30 minutes for {% data variables.product.support_ticket_priority_urgent %} (including initial troubleshooting)</li><li>4 hours for {% data variables.product.support_ticket_priority_high %}</li></ul> |
 | Support channels | <ul><li>Online ticket submission</li><li>Phone support in English via callback request (when required for ticket resolution)</li><li>Screen share request for critical issues</li></ul> | <ul><li>Online ticket submission</li><li>Phone support in English via callback request (when required for ticket resolution)</li><li>Screen share request for critical issues</li></ul> |
 | Training | Access to premium content  | <ul><li>Access to premium content</li><li>1 virtual training class per year</li></ul> |
-| Members with support entitlements | 20 | 20 |
+| Members with support entitlements | 20 | 40 |
 | Resources | Priority ticket handling | <ul><li>Priority ticket handling</li><li>Named Customer Reliability Engineer</li></ul>   |
 Escalation management | For high and urgent priority tickets | For High and Urgent priority tickets
 Incident management | None | For urgent priority tickets, as needed

data/features/push-protection-bypass-fine-grained-permissions.yml

@@ -0,0 +1,5 @@
+# Issue 13329
+# Push protection bypass fine-grained permissions
+versions:
+  ghec: '*'
+  ghes: '>=3.16'

data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md

@@ -1,9 +1,13 @@
-When you enable push protection, by default, anyone with write access to the repository can choose to bypass the protection by specifying a reason for allowing the push containing a secret. With delegated bypass, contributors to a repository are instead obligated to request "bypass privileges." The request is sent to a designated group of reviewers, who either approve or deny the request to bypass push protection.
+When you enable push protection, by default, anyone with write access to the repository can choose to bypass the protection by specifying a reason for allowing the push containing a secret. With delegated bypass, only specific roles and teams can bypass push protection. All other contributors are instead obligated to make a request for "bypass privileges", which is sent to a designated group of reviewers who either approve or deny the request to bypass push protection.
 
 If the request to bypass push protection is approved, the contributor can push the commit containing the secret. If the request is denied, the contributor must remove the secret from the commit (or commits) containing the secret before pushing again.
 
-To configure delegated bypass, organization owners or repository administrators need to first create a "bypass list". The bypass list comprises specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-a-repository)."
+To configure delegated bypass, organization owners or repository administrators must change the "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}" setting in the UI from **Anyone with write access** to **Specific roles and teams**.
 
-Members of the bypass list view and manage requests through the "Push protection bypass" page in the **Security** tab of the repository. For more information, see "[Managing requests to bypass push protection](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection)."
+Organization owners or repository administrators are them prompted to create a "bypass list". The bypass list comprises the specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-a-repository)."
 
-Members of the bypass list are still protected from accidentally pushing secrets to a repository. When a member of the bypass list attempts to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. Members of the bypass list do not have to request bypass privileges from other members in order to override the block.
+{% ifversion push-protection-bypass-fine-grained-permissions %} Alternatively, instead of creating a bypass list, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %}
+
+Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review (approve or deny) bypass requests can manage these {% else %}of the bypass list can review and manage {% endif %}requests through the "Push protection bypass" page in the **Security** tab of the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection)."
+
+Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list{% endif %} are still protected from accidentally pushing secrets to a repository. If they attempt to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list {% endif %}do not have to request bypass privileges from other members in order to override the block.

src/github-apps/lib/config.json

@@ -60,5 +60,5 @@
       "2022-11-28"
     ]
   },
-  "sha": "f4af24ddbbf60c5b325b2c99e438c7f9c6d362a4"
+  "sha": "2a29b70c717f70a4afa122ed166a6a885a1d7d77"
 }

src/rest/data/fpt-2022-11-28/schema.json

@@ -513203,7 +513203,9 @@
               "type": "string",
               "enum": [
                 "updated",
-                "published"
+                "published",
+                "epss_percentage",
+                "epss_percentile"
               ],
               "default": "published"
             }