From d9752894d8f36d549ae0de70e5eee6181a43116f Mon Sep 17 00:00:00 2001 From: Jess Hosman <1183847+jhosman@users.noreply.github.com> Date: Wed, 10 Jul 2024 09:31:30 -0600 Subject: [PATCH 1/7] Update Copilot landing page (#51593) --- content/copilot/index.md | 9 +++++---- .../reviewing-proposed-changes-in-a-pull-request.md | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/content/copilot/index.md b/content/copilot/index.md index 9e72b50b43bf..f1338e52551c 100644 --- a/content/copilot/index.md +++ b/content/copilot/index.md @@ -11,12 +11,13 @@ introLinks: quickstart: /copilot/quickstart featuredLinks: startHere: - - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot + - /copilot/about-github-copilot/what-is-github-copilot + - /copilot/quickstart popular: - /copilot/using-github-copilot/prompt-engineering-for-github-copilot - - /billing/managing-billing-for-github-copilot/about-billing-for-github-copilot - - /copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment - - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber + - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot + - /copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide + - /copilot/using-github-copilot/using-github-copilot-in-the-command-line layout: product-landing versions: feature: copilot diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md index 400e94d58f21..6f7105920c02 100644 --- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md +++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md @@ -34,7 +34,7 @@ You can change the format of the diff view in this tab by clicking {% octicon "g You can also choose to hide whitespace differences. The choice you make only applies to this pull request and will be remembered the next time you visit this page. 1. Optionally, filter the files to show only the files you want to review{% ifversion pr-tree-view %} or use the file tree to navigate to a specific file{% endif %}. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/filtering-files-in-a-pull-request)." {%- ifversion ghec %} -1. Optionally, if you have access to {% data variables.product.prodname_copilot_enterprise %}, you can ask {% data variables.product.prodname_copilot_short %} about the changes in a file in a pull request by clicking {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, clicking **Ask {% data variables.product.prodname_copilot_short %} about this diff**, then typing a request such as "Explain these changes." For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#finding-out-about-the-changes-in-a-pull-request)." +1. Optionally, if you have access to {% data variables.product.prodname_copilot_enterprise %}, you can ask {% data variables.product.prodname_copilot_short %} about the changes in a file in a pull request by clicking {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, clicking **Ask {% data variables.product.prodname_copilot_short %} about this diff**, then typing a request such as "Explain these changes." For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-questions-about-a-specific-pull-request)." {%- endif %} {% data reusables.repositories.start-line-comment %} {% data reusables.repositories.multiple-lines-comment %} From aa3ed55a606537f6e8c0050391000195e1dfdee9 Mon Sep 17 00:00:00 2001 From: Sarita Iyer <66540150+saritai@users.noreply.github.com> Date: Wed, 10 Jul 2024 11:43:30 -0400 Subject: [PATCH 2/7] Update troubleshooting article for converting advanced setup to default setup via security configurations (#51547) --- ...isting-advanced-setup-for-code-scanning.md | 36 ---------------- ...-using-advanced-setup-for-code-scanning.md | 42 +++++++++++++++++++ .../index.md | 2 +- 3 files changed, 43 insertions(+), 37 deletions(-) delete mode 100644 content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md create mode 100644 content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md deleted file mode 100644 index 0d0b076e8f1e..000000000000 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: A repository has an existing advanced setup for code scanning -shortTitle: Existing advanced setup -intro: 'You need to override existing advanced setups at the repository level before you can apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled.' -permissions: '{% data reusables.security-configurations.security-configurations-permissions %}' -versions: - feature: security-configurations -topics: - - Advanced Security - - Organizations - - Security ---- - -{% note %} - -**Note:** {% data reusables.security-configurations.security-configurations-beta-note-short %} - -{% endnote %} - -To successfully apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} default setup enabled, the target repository cannot have an existing advanced setup for {% data variables.product.prodname_code_scanning %}. {% data variables.product.prodname_security_configurations_caps %} cannot override advanced setups since advanced setups are tailored to the specific security needs of their repositories, and organization owners or security managers enabling default setup at scale may not realize they are overriding those custom settings. - -If you try to apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository with an existing advanced setup for {% data variables.product.prodname_code_scanning %}, security settings will be enabled as follows: - - * {% data variables.product.prodname_code_scanning_caps %} default setup _will not_ be enabled on the repository, and the existing advanced setup will continue to run as normal. - * Aside from {% data variables.product.prodname_code_scanning %}, all security features enabled in the configuration _will_ be enabled on the repository. - * The {% data variables.product.prodname_security_configuration %} _will not_ be attached to the repository, since only some features from the configuration are enabled. - -For all repositories without an existing advanced setup for {% data variables.product.prodname_code_scanning %}, the {% data variables.product.prodname_security_configuration %} will be applied as expected, and {% data variables.product.prodname_code_scanning %} default setup will be enabled. - -{% note %} - -**Note:** If you cannot successfully apply a configuration to a private{% ifversion ghec or ghes %} or internal{% endif %} repository without {% data variables.product.prodname_code_scanning %} advanced setup enabled, you should make sure you have sufficient available {% data variables.product.prodname_GH_advanced_security %} licenses to apply that configuration. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses)." - -{% endnote %} - -To apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository with advanced setup, you must first configure default setup at the repository level, then apply the {% data variables.product.prodname_security_configuration %} as normal. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md new file mode 100644 index 000000000000..7b093449b3b9 --- /dev/null +++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md @@ -0,0 +1,42 @@ +--- +title: A repository is using advanced setup for code scanning +shortTitle: Active advanced setup +intro: 'You cannot attach a {% data variables.product.prodname_security_configuration %} with code scanning enabled to repositories that are using advanced setup for code scanning.' +permissions: '{% data reusables.security-configurations.security-configurations-permissions %}' +versions: + feature: security-configurations +redirect_from: + - /code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning +topics: + - Advanced Security + - Organizations + - Security +--- + +## About the problem + +You cannot successfully apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} default setup enabled to a target repository that uses advanced setup for {% data variables.product.prodname_code_scanning %}. Advanced setups are tailored to the specific security needs of their repositories, so they are not intended to be overridden at scale. + +If you try to attach a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository already using advanced setup, security settings will be applied as follows: + +* **{% data variables.product.prodname_code_scanning_caps %} default setup will not be enabled**, and advanced setup will continue to run as normal. +* **All other security features enabled in the configuration will be enabled.** +* **The {% data variables.product.prodname_security_configuration %} will not be attached** to the repository, since only some features from the configuration are enabled. + +For all repositories without an active advanced setup, the {% data variables.product.prodname_security_configuration %} will be applied as expected, and {% data variables.product.prodname_code_scanning %} default setup will be enabled. + +{% note %} + +**Note:** If advanced setup is considered inactive for a repository, default setup _will_ still be enabled for that repository. Advanced setup is considered inactive for a repository if the repository meets any of the following criteria: +* The latest {% data variables.product.prodname_codeql %} analysis is more than 90 days old +* All {% data variables.product.prodname_codeql %} configurations have been deleted +* The workflow file has been deleted or disabled (exclusively for YAML-based advanced setup) + +{% endnote %} + +## Solving the problem + +There are two ways you can solve this problem: + +1. **Update the affected repositories to use default setup** for {% data variables.product.prodname_code_scanning %} at the repository level and then reapply your {% data variables.product.prodname_security_configuration %} to the repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." +1. **Create a new custom {% data variables.product.prodname_security_configuration %}** that does not include a setting for {% data variables.product.prodname_code_scanning %} and apply this {% data variables.product.prodname_security_configuration %} to repositories that use advanced setup. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md index 13214eb0e3c5..6b4e411c1381 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md +++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md @@ -9,6 +9,6 @@ topics: - Organizations - Security children: - - /a-repository-has-an-existing-advanced-setup-for-code-scanning + - /a-repository-is-using-advanced-setup-for-code-scanning - /not-enough-github-advanced-security-licenses --- From 4055eaa89e9b83ad509996ab33c77763bed8a0eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 16:03:11 +0000 Subject: [PATCH 3/7] Bump @typescript-eslint/parser from 7.15.0 to 7.16.0 (#51596) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 91 ++++++++++++++++++++++++++++++++++++++++++----- package.json | 2 +- 2 files changed, 84 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index cdaa9e7b0c3b..383012fdfb66 100644 --- a/package-lock.json +++ b/package-lock.json @@ -124,7 +124,7 @@ "@types/semver": "^7.5.8", "@types/tcp-port-used": "1.0.4", "@typescript-eslint/eslint-plugin": "^7.15.0", - "@typescript-eslint/parser": "^7.15.0", + "@typescript-eslint/parser": "^7.16.0", "chalk": "^5.0.1", "change-case": "^5.4.4", "commander": "^12.1.0", @@ -3512,15 +3512,15 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "7.15.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.15.0.tgz", - "integrity": "sha512-k9fYuQNnypLFcqORNClRykkGOMOj+pV6V91R4GO/l1FDGwpqmSwoOQrOHo3cGaH63e+D3ZiCAOsuS/D2c99j/A==", + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.16.0.tgz", + "integrity": "sha512-ar9E+k7CU8rWi2e5ErzQiC93KKEFAXA2Kky0scAlPcxYblLt8+XZuHUZwlyfXILyQa95P6lQg+eZgh/dDs3+Vw==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "7.15.0", - "@typescript-eslint/types": "7.15.0", - "@typescript-eslint/typescript-estree": "7.15.0", - "@typescript-eslint/visitor-keys": "7.15.0", + "@typescript-eslint/scope-manager": "7.16.0", + "@typescript-eslint/types": "7.16.0", + "@typescript-eslint/typescript-estree": "7.16.0", + "@typescript-eslint/visitor-keys": "7.16.0", "debug": "^4.3.4" }, "engines": { @@ -3539,6 +3539,81 @@ } } }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.16.0.tgz", + "integrity": "sha512-8gVv3kW6n01Q6TrI1cmTZ9YMFi3ucDT7i7aI5lEikk2ebk1AEjrwX8MDTdaX5D7fPXMBLvnsaa0IFTAu+jcfOw==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "7.16.0", + "@typescript-eslint/visitor-keys": "7.16.0" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.16.0.tgz", + "integrity": "sha512-fecuH15Y+TzlUutvUl9Cc2XJxqdLr7+93SQIbcZfd4XRGGKoxyljK27b+kxKamjRkU7FYC6RrbSCg0ALcZn/xw==", + "dev": true, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.16.0.tgz", + "integrity": "sha512-a5NTvk51ZndFuOLCh5OaJBELYc2O3Zqxfl3Js78VFE1zE46J2AaVuW+rEbVkQznjkmlzWsUI15BG5tQMixzZLw==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "7.16.0", + "@typescript-eslint/visitor-keys": "7.16.0", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "minimatch": "^9.0.4", + "semver": "^7.6.0", + "ts-api-utils": "^1.3.0" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.16.0.tgz", + "integrity": "sha512-rMo01uPy9C7XxG7AFsxa8zLnWXTF8N3PYclekWSrurvhwiw1eW88mrKiAYe6s53AUY57nTRz8dJsuuXdkAhzCg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "7.16.0", + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/scope-manager": { "version": "7.15.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.15.0.tgz", diff --git a/package.json b/package.json index b169ec16dc95..bcf9b44b701e 100644 --- a/package.json +++ b/package.json @@ -340,7 +340,7 @@ "@types/semver": "^7.5.8", "@types/tcp-port-used": "1.0.4", "@typescript-eslint/eslint-plugin": "^7.15.0", - "@typescript-eslint/parser": "^7.15.0", + "@typescript-eslint/parser": "^7.16.0", "chalk": "^5.0.1", "change-case": "^5.4.4", "commander": "^12.1.0", From 53a93814d420aad86042ec2c31f16c8ab746edad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 16:03:34 +0000 Subject: [PATCH 4/7] Bump rimraf from 5.0.0 to 6.0.0 (#51595) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 100 +++++++++++++++++++++++++++++++++++++++++++--- package.json | 2 +- 2 files changed, 95 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 383012fdfb66..9c0aac04ca5a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -156,7 +156,7 @@ "npm-merge-driver-install": "^3.0.0", "nth-check": "2.1.1", "prettier": "^3.3.2", - "rimraf": "^5.0.0", + "rimraf": "^6.0.0", "robots-parser": "^3.0.0", "sass": "^1.77.1", "start-server-and-test": "^2.0.3", @@ -11065,6 +11065,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/package-json-from-dist": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz", + "integrity": "sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==", + "dev": true + }, "node_modules/parent-module": { "version": "1.0.1", "dev": true, @@ -12705,17 +12711,99 @@ "dev": true }, "node_modules/rimraf": { - "version": "5.0.0", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.0.0.tgz", + "integrity": "sha512-u+yqhM92LW+89cxUQK0SRyvXYQmyuKHx0jkx4W7KfwLGLqJnQM5031Uv1trE4gB9XEXBM/s6MxKlfW95IidqaA==", "dev": true, - "license": "ISC", "dependencies": { - "glob": "^10.0.0" + "glob": "^11.0.0" }, "bin": { - "rimraf": "dist/cjs/src/bin.js" + "rimraf": "dist/esm/bin.mjs" }, "engines": { - "node": ">=14" + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/rimraf/node_modules/glob": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-11.0.0.tgz", + "integrity": "sha512-9UiX/Bl6J2yaBbxKoEBRm4Cipxgok8kQYcOPEhScPwebu2I0HoQOuYdIO6S3hLuWoZgpDpwQZMzTFxgpkyT76g==", + "dev": true, + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^4.0.1", + "minimatch": "^10.0.0", + "minipass": "^7.1.2", + "package-json-from-dist": "^1.0.0", + "path-scurry": "^2.0.0" + }, + "bin": { + "glob": "dist/esm/bin.mjs" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/rimraf/node_modules/jackspeak": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.0.1.tgz", + "integrity": "sha512-cub8rahkh0Q/bw1+GxP7aeSe29hHHn2V4m29nnDlvCdlgU+3UGxkZp7Z53jLUdpX3jdTO0nJZUDl3xvbWc2Xog==", + "dev": true, + "dependencies": { + "@isaacs/cliui": "^8.0.2" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + }, + "optionalDependencies": { + "@pkgjs/parseargs": "^0.11.0" + } + }, + "node_modules/rimraf/node_modules/lru-cache": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.0.tgz", + "integrity": "sha512-Qv32eSV1RSCfhY3fpPE2GNZ8jgM9X7rdAfemLWqTUxwiyIC4jJ6Sy0fZ8H+oLWevO6i4/bizg7c8d8i6bxrzbA==", + "dev": true, + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/rimraf/node_modules/minimatch": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.0.1.tgz", + "integrity": "sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==", + "dev": true, + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/rimraf/node_modules/path-scurry": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.0.tgz", + "integrity": "sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==", + "dev": true, + "dependencies": { + "lru-cache": "^11.0.0", + "minipass": "^7.1.2" + }, + "engines": { + "node": "20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" diff --git a/package.json b/package.json index bcf9b44b701e..ccc9a5b6801e 100644 --- a/package.json +++ b/package.json @@ -372,7 +372,7 @@ "npm-merge-driver-install": "^3.0.0", "nth-check": "2.1.1", "prettier": "^3.3.2", - "rimraf": "^5.0.0", + "rimraf": "^6.0.0", "robots-parser": "^3.0.0", "sass": "^1.77.1", "start-server-and-test": "^2.0.3", From 4cc56b7e42516da07cf8d9aa25cc7cd95bddad7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 16:10:20 +0000 Subject: [PATCH 5/7] Bump file-type from 19.0.0 to 19.1.0 (#51597) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 105 +++++++++++++++------------------------------- package.json | 2 +- 2 files changed, 34 insertions(+), 73 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9c0aac04ca5a..65a85cdc2d44 100644 --- a/package-lock.json +++ b/package-lock.json @@ -37,7 +37,7 @@ "express": "4.19.2", "express-rate-limit": "7.3.0", "fastest-levenshtein": "1.0.16", - "file-type": "19.0.0", + "file-type": "19.1.0", "flat": "^6.0.1", "github-slugger": "^2.0.0", "glob": "10.4.1", @@ -3149,7 +3149,8 @@ }, "node_modules/@tokenizer/token": { "version": "0.3.0", - "license": "MIT" + "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz", + "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==" }, "node_modules/@types/accept-language-parser": { "version": "1.5.6", @@ -6752,13 +6753,13 @@ } }, "node_modules/file-type": { - "version": "19.0.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-19.0.0.tgz", - "integrity": "sha512-s7cxa7/leUWLiXO78DVVfBVse+milos9FitauDLG1pI7lNaJ2+5lzPnr2N24ym+84HVwJL6hVuGfgVE+ALvU8Q==", + "version": "19.1.0", + "resolved": "https://registry.npmjs.org/file-type/-/file-type-19.1.0.tgz", + "integrity": "sha512-5rzeC2/GeStiAlYCenfrbKrQCiEzJTetCExFinFCH1UUz1XL7NlxRpLTwdWXzlVhLReRrWkfkNCH1Ap5zqOXtg==", "dependencies": { - "readable-web-to-node-stream": "^3.0.2", - "strtok3": "^7.0.0", - "token-types": "^5.0.1" + "strtok3": "^7.1.0", + "token-types": "^6.0.0", + "uint8array-extras": "^1.3.0" }, "engines": { "node": ">=18" @@ -8037,6 +8038,8 @@ }, "node_modules/ieee754": { "version": "1.2.1", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", + "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", "funding": [ { "type": "github", @@ -8050,8 +8053,7 @@ "type": "consulting", "url": "https://feross.org/support" } - ], - "license": "BSD-3-Clause" + ] }, "node_modules/ignore": { "version": "5.3.1", @@ -11204,8 +11206,9 @@ } }, "node_modules/peek-readable": { - "version": "5.0.0", - "license": "MIT", + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/peek-readable/-/peek-readable-5.1.1.tgz", + "integrity": "sha512-4hEOSH7KeEaZpMDF/xfm1W9fS5rT7Ett3BkXWHqAEzRLLwLaHkwOL+GvvpIEh9UrvX9BDhzfkvteslgraoH69w==", "engines": { "node": ">=14.16" }, @@ -12170,32 +12173,6 @@ "url": "https://opencollective.com/unified" } }, - "node_modules/readable-stream": { - "version": "3.6.0", - "license": "MIT", - "dependencies": { - "inherits": "^2.0.3", - "string_decoder": "^1.1.1", - "util-deprecate": "^1.0.1" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/readable-web-to-node-stream": { - "version": "3.0.2", - "license": "MIT", - "dependencies": { - "readable-stream": "^3.6.0" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/Borewit" - } - }, "node_modules/readdirp": { "version": "3.5.0", "devOptional": true, @@ -13407,31 +13384,6 @@ "node": ">=10.0.0" } }, - "node_modules/string_decoder": { - "version": "1.3.0", - "license": "MIT", - "dependencies": { - "safe-buffer": "~5.2.0" - } - }, - "node_modules/string_decoder/node_modules/safe-buffer": { - "version": "5.2.1", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "license": "MIT" - }, "node_modules/string-argv": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/string-argv/-/string-argv-0.3.2.tgz", @@ -13655,11 +13607,12 @@ "license": "MIT" }, "node_modules/strtok3": { - "version": "7.0.0", - "license": "MIT", + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-7.1.0.tgz", + "integrity": "sha512-19dQEwG6Jd+VabjPRyBhymIF069vZiqWSZa2jJBoKJTsqGKnTxowGoQaLnz+yLARfDI041IUQekyPUMWElOgsQ==", "dependencies": { "@tokenizer/token": "^0.3.0", - "peek-readable": "^5.0.0" + "peek-readable": "^5.1.1" }, "engines": { "node": ">=14.16" @@ -13923,8 +13876,9 @@ } }, "node_modules/token-types": { - "version": "5.0.1", - "license": "MIT", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.0.0.tgz", + "integrity": "sha512-lbDrTLVsHhOMljPscd0yitpozq7Ga2M5Cvez5AjGg8GASBjtt6iERCAJ93yommPmz62fb45oFIXHEZ3u9bfJEA==", "dependencies": { "@tokenizer/token": "^0.3.0", "ieee754": "^1.2.1" @@ -14575,6 +14529,17 @@ "integrity": "sha512-Y7HYmWaFwPUmkoQCUIAYpKqkOf+SbVj/2fJJZ4RJMCfZp0rTGwRbzQD+HghfnhKOjL9E01okqz+ncJskGYfBNw==", "dev": true }, + "node_modules/uint8array-extras": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.3.0.tgz", + "integrity": "sha512-npBAT0ZIX6mAIG7SF6G4LF1BIoRx3h+HVajSplHx0XmOD0Ug4qio5Yhcajn72i5OEj/qkk1OFaYh2PhqHBV33w==", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/unbox-primitive": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz", @@ -14928,10 +14893,6 @@ "dev": true, "license": "WTFPL" }, - "node_modules/util-deprecate": { - "version": "1.0.2", - "license": "MIT" - }, "node_modules/utils-merge": { "version": "1.0.1", "license": "MIT", diff --git a/package.json b/package.json index ccc9a5b6801e..1351698f8c50 100644 --- a/package.json +++ b/package.json @@ -253,7 +253,7 @@ "express": "4.19.2", "express-rate-limit": "7.3.0", "fastest-levenshtein": "1.0.16", - "file-type": "19.0.0", + "file-type": "19.1.0", "flat": "^6.0.1", "github-slugger": "^2.0.0", "glob": "10.4.1", From c3e73c780662d4d4bfafed526ef6502ff442d728 Mon Sep 17 00:00:00 2001 From: Courtney Claessens Date: Wed, 10 Jul 2024 12:30:35 -0400 Subject: [PATCH 6/7] Secret scanning: Adding del bypass for web UI sections (#51521) Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com> --- .../working-with-push-protection.md | 34 ++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/content/code-security/secret-scanning/working-with-push-protection.md b/content/code-security/secret-scanning/working-with-push-protection.md index 74105e744194..aad21451649b 100644 --- a/content/code-security/secret-scanning/working-with-push-protection.md +++ b/content/code-security/secret-scanning/working-with-push-protection.md @@ -104,7 +104,9 @@ For a blocked commit, you can remove the secret from the file using the web UI. Organization owners can provide a custom link that will be displayed when a push is blocked. This custom link can contain resources and advice specific to your organization. For example, the custom link can point to a README file with information about the organization's secret vault, which teams and individuals to escalate questions to, or the organization's approved policy for working with secrets and rewriting commit history. -You can bypass the block by specifying a reason for allowing the secret. For more information on how to bypass push protection and commit the blocked secret, see "[Bypassing push protection when working with the web UI](#bypassing-push-protection-when-working-with-the-web-ui)." +You may be able to bypass the block by specifying a reason for allowing the secret. For more information on how to bypass push protection and commit the blocked secret, see "[Bypassing push protection when working with the web UI](#bypassing-push-protection-when-working-with-the-web-ui)." + +{% ifversion push-protection-delegated-bypass %} Alternatively, you may be required to submit a request for "bypass privileges" in order to commit your changes. For information on how to request permission to bypass push protection and allow the commit containing the secret, see "[Requesting bypass privileges when working with the web UI](#requesting-bypass-privileges-when-working-with-the-web-ui)."{% endif %} ### Bypassing push protection when working with the web UI @@ -118,11 +120,41 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe {% data reusables.secret-scanning.push-protection-allow-email %} +{% ifversion push-protection-delegated-bypass %} + +If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to commit your changes. For more information, see "[Requesting bypass privileges when working with the web UI](#requesting-bypass-privileges-when-working-with-the-web-ui)." + +{% endif %} + 1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret. {% data reusables.secret-scanning.push-protection-choose-allow-secret-options %} {% data reusables.secret-scanning.push-protection-public-repos-bypass %} 1. Click **Allow secret**. +{% ifversion push-protection-delegated-bypass %} + +### Requesting bypass privileges when working with the web UI + +{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %} + +If your commit has been blocked by push protection, you can request permission to bypass the block. The request is sent to a designated group of reviewers, who will either approve or deny the request. + +Requests expire after 7 days. + +1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret. +1. Click **Start request**. The request will open in a new tab. +{% data reusables.secret-scanning.push-protection-bypass-request-add-comment %} +{% data reusables.secret-scanning.push-protection-submit-bypass-request %} +{% data reusables.secret-scanning.push-protection-bypass-request-check-email %} + +{% data reusables.secret-scanning.push-protection-bypass-request-decision-email %} + +If your request is approved, you can commit the changes containing the secret to the file. You can also commit any future changes that contain the same secret. + +If your request is denied, you will need to remove the secret from the file before you can commit your changes. + +{% endif %} + ## Further reading * "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection)" From 9621536386a7beef5ffbfc9769fd1c27e4297242 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Wed, 10 Jul 2024 09:34:36 -0700 Subject: [PATCH 7/7] Update audit log event data (#51610) --- src/audit-logs/data/ghec/enterprise.json | 5 +++++ src/audit-logs/lib/config.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json index 8b7a09ab1c2f..38bcdeff3f54 100644 --- a/src/audit-logs/data/ghec/enterprise.json +++ b/src/audit-logs/data/ghec/enterprise.json @@ -494,6 +494,11 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise" }, + { + "action": "business_secret_scanning_generic_secrets.enabled", + "description": "Generic secrets have been enabled at the business level", + "docs_reference_links": "N/A" + }, { "action": "business_secret_scanning_non_provider_patterns.disabled", "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 88016eb0958d..f45516373e73 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "819143c8fc8490b940a36fb91ba2ba43eb4ca68d" + "sha": "3ac2d4c716cc68acced9b36bcbca354f3bc44acd" } \ No newline at end of file