diff --git a/.github/workflows/codeowners-legal.yml b/.github/workflows/codeowners-legal.yml index acb5778c824d..ca9edb14b8b0 100644 --- a/.github/workflows/codeowners-legal.yml +++ b/.github/workflows/codeowners-legal.yml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: # Picking this number is a "best guess". If we make it too large, - # the checkout will take potentially unnecessarily long. + # the checkout will take potentially unnecessariily long. # This reduces the chance that tj-actions/changed-files has to # fetch deeper history. But if it needs to, it will. fetch-depth: 10 @@ -58,14 +58,19 @@ jobs: CHANGED_FILE_PATHS: ${{ steps.changed-files.outputs.all_changed_files }} CONTENT_TYPE: 'rai' - - name: Check for reviewers-legal label, add if missing and request review + - name: Add Legal team as a reviewer if: steps.checkContentType.outputs.containsContentType == 'true' env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # The GH CLI uses a slightly different env name for + # the token than the GITHUB_TOKEN used by actions + GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }} PR: ${{ github.event.pull_request.html_url }} run: | - labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name') - if ! echo "$labels" | grep -q 'reviewers-legal'; then + has_reviewer=$( + gh pr view $PR --json reviews | + jq 'any(.reviews[]; select(length > 0))' + ) + if ! $has_reviewer + then gh pr edit $PR --add-reviewer github/legal-product - gh pr edit $PR --add-label reviewers-legal fi diff --git a/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls.md index f91bd86f89cf..77d300b9151e 100644 --- a/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls.md +++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls.md @@ -27,7 +27,7 @@ The {% data variables.product.prodname_ghe_server %} appliance will send HTTP St {% data reusables.enterprise_installation.terminating-tls %} -To allow users to use FIDO U2F for two-factor authentication, you must enable TLS for your instance. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)." +To allow users to use FIDO U2F for two-factor authentication or deploy {% data variables.product.prodname_pages %} sites with {% data variables.product.prodname_actions %}, you must enable TLS for your instance. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)." ## Prerequisites diff --git a/package-lock.json b/package-lock.json index 95946fef98a2..9b529170152b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -35,7 +35,7 @@ "dayjs": "^1.11.3", "dotenv": "^16.4.5", "escape-string-regexp": "5.0.0", - "express": "4.21.1", + "express": "4.21.2", "express-rate-limit": "7.4.0", "fastest-levenshtein": "1.0.16", "file-type": "19.6.0", @@ -7100,9 +7100,10 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -7123,7 +7124,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -7138,6 +7139,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express-rate-limit": { @@ -13330,9 +13335,10 @@ } }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==" + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "license": "MIT" }, "node_modules/path-type": { "version": "4.0.0", diff --git a/package.json b/package.json index 55ec139db022..ecefd4c9eb11 100644 --- a/package.json +++ b/package.json @@ -271,7 +271,7 @@ "dayjs": "^1.11.3", "dotenv": "^16.4.5", "escape-string-regexp": "5.0.0", - "express": "4.21.1", + "express": "4.21.2", "express-rate-limit": "7.4.0", "fastest-levenshtein": "1.0.16", "file-type": "19.6.0", diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json index 301d8357a1c6..10cd023e6a79 100644 --- a/src/audit-logs/data/fpt/organization.json +++ b/src/audit-logs/data/fpt/organization.json @@ -84,6 +84,36 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, + { + "action": "code_scanning.alert_appeared_in_branch", + "description": "An existing code scanning alert appeared in a branch.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_became_fixed", + "description": "A code scanning alert was fixed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_by_user", + "description": "A code scanning alert was manually dismissed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_created", + "description": "A code scanning alert was seen for the first time.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reappeared", + "description": "A code scanning alert that was previously fixed reappeared.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reopened_by_user", + "description": "A code scanning alert that was previously dismissed was reopened.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json index e80f962b4f09..c4258228dbd2 100644 --- a/src/audit-logs/data/ghec/enterprise.json +++ b/src/audit-logs/data/ghec/enterprise.json @@ -679,6 +679,36 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, + { + "action": "code_scanning.alert_appeared_in_branch", + "description": "An existing code scanning alert appeared in a branch.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_became_fixed", + "description": "A code scanning alert was fixed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_by_user", + "description": "A code scanning alert was manually dismissed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_created", + "description": "A code scanning alert was seen for the first time.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reappeared", + "description": "A code scanning alert that was previously fixed reappeared.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reopened_by_user", + "description": "A code scanning alert that was previously dismissed was reopened.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, { "action": "code.search", "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", diff --git a/src/audit-logs/data/ghec/organization.json b/src/audit-logs/data/ghec/organization.json index 301d8357a1c6..10cd023e6a79 100644 --- a/src/audit-logs/data/ghec/organization.json +++ b/src/audit-logs/data/ghec/organization.json @@ -84,6 +84,36 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, + { + "action": "code_scanning.alert_appeared_in_branch", + "description": "An existing code scanning alert appeared in a branch.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_became_fixed", + "description": "A code scanning alert was fixed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_by_user", + "description": "A code scanning alert was manually dismissed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_created", + "description": "A code scanning alert was seen for the first time.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reappeared", + "description": "A code scanning alert that was previously fixed reappeared.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reopened_by_user", + "description": "A code scanning alert that was previously dismissed was reopened.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.16/enterprise.json b/src/audit-logs/data/ghes-3.16/enterprise.json index 625e302610e0..62058277382f 100644 --- a/src/audit-logs/data/ghes-3.16/enterprise.json +++ b/src/audit-logs/data/ghes-3.16/enterprise.json @@ -454,6 +454,36 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, + { + "action": "code_scanning.alert_appeared_in_branch", + "description": "An existing code scanning alert appeared in a branch.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_became_fixed", + "description": "A code scanning alert was fixed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_by_user", + "description": "A code scanning alert was manually dismissed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_created", + "description": "A code scanning alert was seen for the first time.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reappeared", + "description": "A code scanning alert that was previously fixed reappeared.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reopened_by_user", + "description": "A code scanning alert that was previously dismissed was reopened.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, { "action": "code.search", "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", diff --git a/src/audit-logs/data/ghes-3.16/organization.json b/src/audit-logs/data/ghes-3.16/organization.json index 301d8357a1c6..10cd023e6a79 100644 --- a/src/audit-logs/data/ghes-3.16/organization.json +++ b/src/audit-logs/data/ghes-3.16/organization.json @@ -84,6 +84,36 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, + { + "action": "code_scanning.alert_appeared_in_branch", + "description": "An existing code scanning alert appeared in a branch.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_became_fixed", + "description": "A code scanning alert was fixed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_closed_by_user", + "description": "A code scanning alert was manually dismissed.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_created", + "description": "A code scanning alert was seen for the first time.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reappeared", + "description": "A code scanning alert that was previously fixed reappeared.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, + { + "action": "code_scanning.alert_reopened_by_user", + "description": "A code scanning alert that was previously dismissed was reopened.", + "docs_reference_links": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" + }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 2e63f0316bfe..6dda46ae69e7 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "7f0e0de9c0e5e07eb0280027a0e0ad583a5b0366" + "sha": "bd38c2b75ce822ad1034d23e80cb9c5e7266bc9a" } \ No newline at end of file