diff --git a/.github/workflows/sync-secret-scanning.yml b/.github/workflows/sync-secret-scanning.yml
index a51bdfc881db..5a78633eeb33 100644
--- a/.github/workflows/sync-secret-scanning.yml
+++ b/.github/workflows/sync-secret-scanning.yml
@@ -72,13 +72,27 @@ jobs:
--title "Sync secret scanning data" \
--body 'đź‘‹ humans. This PR updates the secret scanning data with the latest changes from github/token-scanning-service.
- /cc @github/docs-content-security-products
+ If CI passes, this PR will be auto-merged. :green_heart:
If CI does not pass or other problems arise, contact #docs-engineering on Slack.' \
--repo github/docs-internal \
- --label secret-scanning-pipeline,'skip FR board',ready-for-doc-review,workflow-generated \
+ --label secret-scanning-pipeline,'skip FR board',workflow-generated \
--head=$branchname
+ # can't approve your own PR, approve with Actions
+ echo "Approving pull request..."
+ unset GITHUB_TOKEN
+ gh auth login --with-token <<< "${{ secrets.GITHUB_TOKEN }}"
+ gh pr review --approve
+ echo "Approved pull request"
+
+ # Actions can't merge the PR so back to docs-bot to merge
+ echo "Setting pull request to auto merge..."
+ unset GITHUB_TOKEN
+ gh auth login --with-token <<< "${{ secrets.DOCS_BOT_PAT_BASE }}"
+ gh pr merge --auto --merge
+ echo "Set pull request to auto merge"
+
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
with:
diff --git a/assets/images/help/repository/multiple-paths-available.png b/assets/images/help/repository/multiple-paths-available.png
new file mode 100644
index 000000000000..b2cea13df9e5
Binary files /dev/null and b/assets/images/help/repository/multiple-paths-available.png differ
diff --git a/content/billing/how-tos/products/manage-ghas-licenses.md b/content/billing/how-tos/products/manage-ghas-licenses.md
index 3090f59071ad..2dbe381a2605 100644
--- a/content/billing/how-tos/products/manage-ghas-licenses.md
+++ b/content/billing/how-tos/products/manage-ghas-licenses.md
@@ -40,10 +40,6 @@ For information about using policies to control use of licenses in your enterpri
1. To the right of "{% data variables.product.prodname_AS %}", select {% octicon "kebab-horizontal" aria-label="Open menu" %}, then click **Cancel subscription**.
1. To confirm your cancellation, click **I understand, cancel {% data variables.product.prodname_AS %}**.
-{% ifversion disable-ghas-button %}
-
## Disabling {% data variables.product.prodname_GHAS %} in an enterprise
Enterprise owners can disable {% data variables.product.prodname_GHAS %} completely and set a policy to prevent future re-enablement. See [AUTOTITLE](/billing/how-tos/products/disable-ghas-for-enterprise).
-
-{% endif %}
diff --git a/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md b/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md
index 244ed74374fe..7a550e913d7b 100644
--- a/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md
+++ b/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md
@@ -64,6 +64,8 @@ If you configure {% data variables.product.prodname_code_scanning %} using {% da
When {% data variables.product.prodname_code_scanning %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_caps %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
+In some cases, the same vulnerability can be reached through multiple code paths, for example, when several different functions pass user input to the same unsafe operation. {% data variables.product.prodname_code_scanning_caps %} groups these related paths under a single alert rather than creating separate alerts for each path, so you can see the full scope of the vulnerability in one place.
+
{% data reusables.code-scanning.track-alert-in-issue %}
### About alerts from multiple configurations
diff --git a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md
index e604c43d557d..1e7333a33f0c 100644
--- a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md
+++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md
@@ -31,10 +31,14 @@ By default, the {% data variables.product.prodname_code_scanning %} alerts page
{% data reusables.code-scanning.explore-alert %}
{% data reusables.code-scanning.alert-default-branch %}
-1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used.
+1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used. The path view shows each step in the data flow as a numbered list, from the point where user-provided data enters the code (the source) to the point where it's used in a potentially unsafe operation (the sink).
+ Some alerts identify multiple paths through the code that could trigger the same vulnerability. When an alert has multiple paths, a dropdown appears above the path view showing the number of paths available. You can select each path from the dropdown to review it individually.
+
+ 
+
1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
{% data reusables.security.alert-assignee-step %}
diff --git a/content/code-security/reference/supply-chain-security/dependabot-options-reference.md b/content/code-security/reference/supply-chain-security/dependabot-options-reference.md
index 68c7ab10a858..f154cf80631d 100644
--- a/content/code-security/reference/supply-chain-security/dependabot-options-reference.md
+++ b/content/code-security/reference/supply-chain-security/dependabot-options-reference.md
@@ -218,42 +218,58 @@ You can specify the duration of the cooldown using the options below.
| `include` | List of dependencies to **apply cooldown** (up to **150 items**). Supports wildcards (`*`). |
| `exclude` | List of dependencies **excluded from cooldown** (up to **150 items**). Supports wildcards (`*`). |
-The table below shows the package managers for which SemVer is supported.
+The table below shows the package managers that support `cooldown`. The `default-days` option is supported for all package managers listed, while `semver-major-days`, `semver-minor-days`, and `semver-patch-days` are supported only where indicated.
-| Package manager | SemVer supported |
-|-----------------------|------------------|
+| Package manager | Default days supported | SemVer-bump days supported |
+|-----------------------|:----------------------:|:--------------------------:|
| {% ifversion dependabot-bazel-support %} |
-| Bazel | {% octicon "x" aria-label="Not supported" %} |
+| Bazel | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| {% endif %} |
-| Bundler | {% octicon "check" aria-label="Supported" %} |
-| Bun | {% octicon "check" aria-label="Supported" %} |
-| Cargo | {% octicon "check" aria-label="Supported" %} |
-| Composer | {% octicon "check" aria-label="Supported" %} |
-| Devcontainers | {% octicon "x" aria-label="Not supported" %} |
-| Docker | {% octicon "x" aria-label="Not supported" %} |
-| Docker Compose | {% octicon "x" aria-label="Not supported" %} |
-| Dotnet SDK | {% octicon "check" aria-label="Supported" %} |
-| Elm | {% octicon "check" aria-label="Supported" %} |
-| {% data variables.product.prodname_actions %} | {% octicon "x" aria-label="Not supported" %} |
-| Gitsubmodule | {% octicon "x" aria-label="Not supported" %} |
-| Gomod (Go Modules) | {% octicon "check" aria-label="Supported" %} |
-| Gradle | {% octicon "check" aria-label="Supported" %} |
-| Helm | {% octicon "x" aria-label="Not supported" %} |
-| Hex (Hex) | {% octicon "check" aria-label="Supported" %} |
+| Bundler | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Bun | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Cargo | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Composer | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% ifversion dependabot-conda-support %} |
+| Conda | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% endif %} |
+| Deno | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Devcontainers | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| Docker | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| Docker Compose | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| Dotnet SDK | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Elm | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% data variables.product.prodname_actions %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| Gitsubmodule | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| Gomod (Go Modules) | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Gradle | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Helm | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| Hex (Hex) | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
| {% ifversion dependabot-julia-support %} |
-| Julia | {% octicon "check" aria-label="Supported" %} |
+| Julia | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
| {% endif %} |
-| Maven | {% octicon "check" aria-label="Supported" %} |
-| NPM and Yarn | {% octicon "check" aria-label="Supported" %} |
-| NuGet | {% octicon "check" aria-label="Supported" %} |
+| Maven | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% ifversion dependabot-nix-support %} |
+| Nix flakes | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
+| NPM and Yarn | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| NuGet | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
| {% ifversion dependabot-opentofu-support %} |
-| OpenTofu | {% octicon "check" aria-label="Supported" %} |
+| OpenTofu | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
+| Pip | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% ifversion dependabot-pre-commit-support %} |
+| pre-commit | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
+| Pub | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% ifversion dependabot-rust-toolchain-support %} |
+| Rust toolchain | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% endif %} |
+| Swift | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Terraform | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| UV | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| {% ifversion dependabot-vcpkg-support %} |
+| vcpkg | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| {% endif %} |
-| Pip | {% octicon "check" aria-label="Supported" %} |
-| Pub | {% octicon "check" aria-label="Supported" %} |
-| Swift | {% octicon "check" aria-label="Supported" %} |
-| Terraform | {% octicon "x" aria-label="Not supported" %} |
-| UV | {% octicon "check" aria-label="Supported" %} |
> [!NOTE]
>
diff --git a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md
index 6f8747759a6e..df7f243e639f 100644
--- a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md
+++ b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md
@@ -80,6 +80,7 @@ For example schemas of the data returned by the APIs, see [AUTOTITLE](/copilot/r
| `chat_panel_ask_mode` | Captures user-initiated interactions in the chat panel with ask mode selected. |
| `chat_panel_custom_mode` | Captures user-initiated interactions in the chat panel with a custom agent selected. |
| `chat_panel_edit_mode` | Captures user-initiated interactions in the chat panel with edit mode selected. |
+| `chat_panel_plan_mode` | Captures user-initiated interactions in the chat panel with plan mode selected. |
| `chat_panel_unknown_mode` | Captures user-initiated interactions in the chat panel where the mode is unknown. |
| `code_generation_activity_count` | Number of distinct {% data variables.product.prodname_copilot_short %} output events generated.
**Includes:** All generated content, including comments and docstrings.
**Multiple blocks:** Each distinct code block from a single user prompt counts as a separate generation.
**Note:** This metric is not directly comparable to `user_initiated_interaction_count`, since one prompt can produce multiple generations. |
| `code_acceptance_activity_count` | Number of suggestions or code blocks accepted by users.
**Counts:** All built-in accept actions, such as “apply to file,” “insert at cursor,” “insert into terminal,” and use of the **Copy** button.
**Does not count:** Manual OS clipboard actions (for example, Ctrl+C).
**Granularity:** Each acceptance action increments the count once, regardless of how many code blocks were generated by the initial prompt. |
diff --git a/content/copilot/tutorials/use-an-ai-sme.md b/content/copilot/tutorials/use-an-ai-sme.md
index 9ab4edb553ed..0ce79949340b 100644
--- a/content/copilot/tutorials/use-an-ai-sme.md
+++ b/content/copilot/tutorials/use-an-ai-sme.md
@@ -20,7 +20,7 @@ When you start work on an unfamiliar codebase, or you're asked to change a part
When you need to understand an unfamiliar codebase, you usually rely on a teammate who knows the code. When that person isn't available, {% data variables.copilot.copilot_cli_short %} can fill the gap. In this tutorial, you'll ask {% data variables.copilot.copilot_cli_short %} questions about a repository's code, learn prompting techniques that produce code-grounded answers, and build the confidence to start making changes.
-## When to use an AI SME (or even When do I use an AI SME?)
+## When to use an AI SME
This tutorial is useful any time you need to understand a codebase faster. For example:
diff --git a/data/features/disable-ghas-button.yml b/data/features/disable-ghas-button.yml
index f1ba0ba79b37..d8d41a993f6f 100644
--- a/data/features/disable-ghas-button.yml
+++ b/data/features/disable-ghas-button.yml
@@ -3,4 +3,4 @@
versions:
fpt: '*'
ghec: '*'
- ghes: '>= 3.21'
+ ghes: '>= 3.22'
diff --git a/src/languages/lib/correct-translation-content.ts b/src/languages/lib/correct-translation-content.ts
index 5662d8e69cc8..f90bba6b81c2 100644
--- a/src/languages/lib/correct-translation-content.ts
+++ b/src/languages/lib/correct-translation-content.ts
@@ -58,13 +58,13 @@ export function correctTranslatedContentStrings(
)
// The translation pipeline frequently splits Markdown bullet markers
- // (`*`) and table-cell pipes (`|`) onto their own line, with the
- // actual content pushed to the next line as deeply indented text.
+ // (`*` and `-`) and table-cell pipes (`|`) onto their own line, with
+ // the actual content pushed to the next line as deeply indented text.
// This breaks list and table rendering and leaves `[AUTOTITLE]` links
// unexpanded. Rejoin the marker with its content. This corruption
- // affects every translated language (~47k bullets and ~11k cells in
- // total), so it lives in the universal pre-fixes block.
- content = content.replace(/^([ \t]*)\* ?\n[ \t]+/gm, '$1* ')
+ // affects every translated language, so it lives in the universal
+ // pre-fixes block.
+ content = content.replace(/^([ \t]*)([*-]) ?\n[ \t]+/gm, '$1$2 ')
content = content.replace(/^\|[ \t]*\n[ \t]+/gm, '| ')
// The same translator wrapping habit also strands heading markers
diff --git a/src/languages/tests/correct-translation-content.ts b/src/languages/tests/correct-translation-content.ts
index a46fc7d30c53..bcf19ea12698 100644
--- a/src/languages/tests/correct-translation-content.ts
+++ b/src/languages/tests/correct-translation-content.ts
@@ -1595,6 +1595,19 @@ describe('correctTranslatedContentStrings', () => {
expect(fix('* \n one\n* \n two', 'fr')).toBe('* one\n* two')
// Valid bullets are not modified
expect(fix('* normal\n* another', 'de')).toBe('* normal\n* another')
+
+ // Lone `-` (hyphen) bullet markers are also rejoined (same corruption)
+ const brokenHyphen = '- \n [AUTOTITLE](/orgs/transfer)'
+ const expectedHyphen = '- [AUTOTITLE](/orgs/transfer)'
+ for (const lang of ['ja', 'de', 'es', 'fr', 'ko', 'pt', 'ru', 'zh']) {
+ expect(fix(brokenHyphen, lang)).toBe(expectedHyphen)
+ }
+ // No trailing space variant
+ expect(fix('-\n [AUTOTITLE](/path)', 'ko')).toBe('- [AUTOTITLE](/path)')
+ // Multiple consecutive broken hyphen bullets
+ expect(fix('- \n one\n- \n two', 'fr')).toBe('- one\n- two')
+ // Valid hyphen bullets are not modified
+ expect(fix('- normal\n- another', 'de')).toBe('- normal\n- another')
})
test('rejoins broken table cells split across lines (all languages)', () => {