Merge branch 'main' into patch-1

Author: cmwilson21

.github/actions/rendered-content-link-checker.js

@@ -77,8 +77,15 @@ const deprecatedVersionPrefixesRegex = new RegExp(
 // When this file is invoked directly from action as opposed to being imported
 if (import.meta.url.endsWith(process.argv[1])) {
   // Optional env vars
-  const { ACTION_RUN_URL, LEVEL, FILES_CHANGED, REPORT_REPOSITORY, REPORT_AUTHOR, REPORT_LABEL } =
-    process.env
+  const {
+    ACTION_RUN_URL,
+    LEVEL,
+    FILES_CHANGED,
+    REPORT_REPOSITORY,
+    REPORT_AUTHOR,
+    REPORT_LABEL,
+    EXTERNAL_SERVER_ERRORS_AS_WARNINGS,
+  } = process.env
 
   const octokit = github()
 
@@ -113,6 +120,7 @@ if (import.meta.url.endsWith(process.argv[1])) {
     reportLabel: REPORT_LABEL,
     reportAuthor: REPORT_AUTHOR,
     actionContext: getActionContext(),
+    externalServerErrorsAsWarning: EXTERNAL_SERVER_ERRORS_AS_WARNINGS,
   }
 
   if (opts.shouldComment || opts.createReport) {
@@ -155,6 +163,7 @@ if (import.meta.url.endsWith(process.argv[1])) {
  *  random {boolean} - Randomize page order for debugging when true
  *  patient {boolean} - Wait longer and retry more times for rate-limited external URLS
  *  bail {boolean} - Throw an error on the first page (not permalink) that has >0 flaws
+ *  externalServerErrorsAsWarning {boolean} - Treat >=500 errors or temporary request errors as warning
  *
  */
 async function main(core, octokit, uploadArtifact, opts = {}) {
@@ -583,6 +592,7 @@ async function processPermalink(core, permalink, page, pageMap, redirects, opts,
     checkExternalLinks,
     verbose,
     patient,
+    externalServerErrorsAsWarning,
   } = opts
   const html = await renderInnerHTML(page, permalink)
   const $ = cheerio.load(html)
@@ -613,6 +623,7 @@ async function processPermalink(core, permalink, page, pageMap, redirects, opts,
         pageMap,
         checkAnchors,
         checkExternalLinks,
+        externalServerErrorsAsWarning,
         { verbose, patient },
         db
       )
@@ -758,6 +769,7 @@ async function checkHrefLink(
   pageMap,
   checkAnchors = false,
   checkExternalLinks = false,
+  externalServerErrorsAsWarning = false,
   { verbose = false, patient = false } = {},
   db = null
 ) {
@@ -815,11 +827,39 @@ async function checkHrefLink(
     }
     const { ok, ...info } = await checkExternalURLCached(core, href, { verbose, patient }, db)
     if (!ok) {
-      return { CRITICAL: `Broken external link (${JSON.stringify(info)})`, isExternal: true }
+      // By default, an not-OK problem with an external link is CRITICAL
+      // but if it was a `responseError` or the statusCode was >= 500
+      // then downgrade it to WARNING.
+      let problem = 'CRITICAL'
+      if (externalServerErrorsAsWarning) {
+        if (
+          (info.statusCode && info.statusCode >= 500) ||
+          (info.requestError && isTemporaryRequestError(info.requestError))
+        ) {
+          problem = 'WARNING'
+        }
+      }
+      return { [problem]: `Broken external link (${JSON.stringify(info)})`, isExternal: true }
     }
   }
 }
 
+// Return true if the request error is sufficiently temporary. For example,
+// a request to `https://exammmmple.org` will fail with `ENOTFOUND` because
+// the DNS entry doesn't exist. It means it won't have much hope if you
+// simply try again later.
+// However, an `ETIMEDOUT` means it could work but it didn't this time but
+// might if we try again a different hour or day.
+function isTemporaryRequestError(requestError) {
+  if (typeof requestError === 'string') {
+    // See https://betterstack.com/community/guides/scaling-nodejs/nodejs-errors/
+    // for a definition of each one.
+    const errorEnums = ['ECONNRESET', 'ECONNREFUSED', 'ETIMEDOUT', 'ECONNABORTED']
+    return errorEnums.some((enum_) => requestError.includes(enum_))
+  }
+  return false
+}
+
 // Can't do this memoization within the checkExternalURL because it can
 // return a Promise since it already collates multiple URLs under the
 // same cache key.
@@ -844,7 +884,10 @@ async function checkExternalURLCached(core, href, { verbose, patient }, db) {
     }
   }
 
-  const result = await checkExternalURL(core, href, { verbose, patient })
+  const result = await checkExternalURL(core, href, {
+    verbose,
+    patient,
+  })
 
   if (cacheMaxAge) {
     // By only cache storing successful results, we give the system a chance

.github/workflows/link-check-daily.yml

@@ -77,6 +77,9 @@ jobs:
           # But mind you that the number has a 10% chance of "jitter"
           # to avoid a stampeding herd when they all expire some day.
           EXTERNAL_LINK_CHECKER_MAX_AGE_DAYS: 7
+          # If we're unable to connect or the server returns a 50x error,
+          # treat it as a warning and not as a broken link.
+          EXTERNAL_SERVER_ERRORS_AS_WARNINGS: true
         timeout-minutes: 30
         run: node .github/actions/rendered-content-link-checker.js
 

.github/workflows/msft-create-translation-batch-pr.yml

@@ -55,9 +55,9 @@ jobs:
           #   language_dir: translations/ko-KR
           #   language_repo: github/docs-internal.ko-kr
 
-          # - language: fr
-          #   language_dir: translations/fr-FR
-          #   language_repo: github/docs-internal.fr-fr
+          - language: fr
+            language_dir: translations/fr-FR
+            language_repo: github/docs-internal.fr-fr
 
           # - language: de
           #   language_dir: translations/de-DE

.github/workflows/sync-search-elasticsearch.yml

@@ -36,7 +36,7 @@ jobs:
       fail-fast: false
       matrix:
         # This needs to match the languages we support
-        language: [en, ja, es, pt, cn, ru]
+        language: [en, ja, es, pt, cn, ru, fr]
     steps:
       - if: ${{ env.FREEZE == 'true' }}
         run: |

components/context/MainContext.tsx

@@ -40,7 +40,7 @@ type DataT = {
       version_was_deprecated: string
       version_will_be_deprecated: string
       deprecation_details: string
-      isOldestReleaseDeprecated: boolean
+      isOldestReleaseDeprecated?: boolean
     }
     policies: {
       translation: string
@@ -130,12 +130,27 @@ export const getMainContext = async (req: any, res: any): Promise<MainContextT>
     error: req.context.error ? req.context.error.toString() : '',
     data: {
       ui: req.context.site.data.ui,
+
       reusables: {
-        enterprise_deprecation: req.context.site.data.reusables.enterprise_deprecation,
-        policies: req.context.site.data.reusables.policies,
+        enterprise_deprecation: {
+          version_was_deprecated: req.context.getDottedData(
+            'reusables.enterprise_deprecation.version_was_deprecated'
+          ),
+          version_will_be_deprecated: req.context.getDottedData(
+            'reusables.enterprise_deprecation.version_will_be_deprecated'
+          ),
+          deprecation_details: req.context.getDottedData(
+            'reusables.enterprise_deprecation.deprecation_details'
+          ),
+        },
+        policies: {
+          translation: req.context.getDottedData('reusables.policies.translation'),
+        },
       },
       variables: {
-        release_candidate: req.context.site.data.variables.release_candidate,
+        release_candidate: {
+          version: req.context.getDottedData('variables.release_candidate.version') || null,
+        },
       },
     },
     currentCategory: req.context.currentCategory || '',

content/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability.md

@@ -47,7 +47,7 @@ Security researchers can privately report a security vulnerability to repository
 2. Fill in the advisory details form.
   {% tip %}
 
-  **Tip:** In this form, only the title and description are mandatory. (In the general draft security advisory form, which the repository maintainer initiates, specifying the ecosystem is also required.) However, we recommend security researchers provide as much information as possible on the form so that the maintainers can make an informed decision about the submitted report.
+  **Tip:** In this form, only the title and description are mandatory. (In the general draft security advisory form, which the repository maintainer initiates, specifying the ecosystem is also required.) However, we recommend security researchers provide as much information as possible on the form so that the maintainers can make an informed decision about the submitted report. You can adopt the template used by our security researchers from the {% data variables.product.prodname_security %}, which is available on the [`github/securitylab` repository](https://github.com/github/securitylab/blob/main/docs/report-template.md)."
 
   {% endtip %}
 

content/get-started/quickstart/github-glossary.md

@@ -13,7 +13,7 @@ versions:
 ---
 {% for glossary in glossaries %}
   ### {{ glossary.term }}
-  {{ glossary.description}}
+  {{ glossary.description }}
   ---
 {% endfor %}
 

content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/accessing-compliance-reports-for-your-organization.md

@@ -28,8 +28,8 @@ You can access {% data variables.product.company_short %}'s compliance reports i
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
-{% data reusables.organizations.security %}
-1. Under "Compliance reports", to the right of the report you want to access, click {% octicon "download" aria-label="The Download icon" %} **Download** or {% octicon "link-external" aria-label="The external link icon" %} **View**.
+{% data reusables.organizations.compliance %}
+1. To the right of the report you want to access, click {% octicon "download" aria-label="The Download icon" %} **Download** or {% octicon "link-external" aria-label="The external link icon" %} **View**.
 
    {% data reusables.security.compliance-report-screenshot %}
 

data/graphql/ghec/schema.docs.graphql

@@ -26160,6 +26160,13 @@ type Organization implements Actor & MemberStatusable & Node & PackageOwner & Pr
     """
     first: Int
 
+    """
+    Whether to include those events where this sponsorable acted as the sponsor.
+    Defaults to only including events where this sponsorable was the recipient
+    of a sponsorship.
+    """
+    includeAsSponsor: Boolean = false
+
     """
     Returns the last _n_ elements from the list.
     """
@@ -44993,6 +45000,13 @@ interface Sponsorable {
     """
     first: Int
 
+    """
+    Whether to include those events where this sponsorable acted as the sponsor.
+    Defaults to only including events where this sponsorable was the recipient
+    of a sponsorship.
+    """
+    includeAsSponsor: Boolean = false
+
     """
     Returns the last _n_ elements from the list.
     """
@@ -53893,6 +53907,13 @@ type User implements Actor & Node & PackageOwner & ProfileOwner & ProjectNextOwn
     """
     first: Int
 
+    """
+    Whether to include those events where this sponsorable acted as the sponsor.
+    Defaults to only including events where this sponsorable was the recipient
+    of a sponsorship.
+    """
+    includeAsSponsor: Boolean = false
+
     """
     Returns the last _n_ elements from the list.
     """

data/graphql/schema.docs.graphql

@@ -26160,6 +26160,13 @@ type Organization implements Actor & MemberStatusable & Node & PackageOwner & Pr
     """
     first: Int
 
+    """
+    Whether to include those events where this sponsorable acted as the sponsor.
+    Defaults to only including events where this sponsorable was the recipient
+    of a sponsorship.
+    """
+    includeAsSponsor: Boolean = false
+
     """
     Returns the last _n_ elements from the list.
     """
@@ -44993,6 +45000,13 @@ interface Sponsorable {
     """
     first: Int
 
+    """
+    Whether to include those events where this sponsorable acted as the sponsor.
+    Defaults to only including events where this sponsorable was the recipient
+    of a sponsorship.
+    """
+    includeAsSponsor: Boolean = false
+
     """
     Returns the last _n_ elements from the list.
     """
@@ -53893,6 +53907,13 @@ type User implements Actor & Node & PackageOwner & ProfileOwner & ProjectNextOwn
     """
     first: Int
 
+    """
+    Whether to include those events where this sponsorable acted as the sponsor.
+    Defaults to only including events where this sponsorable was the recipient
+    of a sponsorship.
+    """
+    includeAsSponsor: Boolean = false
+
     """
     Returns the last _n_ elements from the list.
     """

data/release-notes/enterprise-server/3-7/0.yml

@@ -285,6 +285,7 @@ sections:
         - |
           Users can write mathematical expressions using fenced code blocks with the `math` syntax in addition to the existing delimiters. `$$` is not required with this method. For more information, see "[Writing mathematical expressions](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions)."
 
+          - **Note**: This feature is unavailable in GitHub Enterprise Server 3.7. The feature will be available in an upcoming release. [Updated: 2022-11-16]
         # https://github.com/github/releases/issues/2105
         - |
           Users can render maps directly in Markdown using fenced code blocks with the `geojson` or `topojson` syntax, and embed STL 3D renders using `stl` syntax. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)."

data/reusables/dependabot/dependabot-alerts-dependency-scope.md

@@ -1,7 +1,9 @@
 The table below summarizes whether dependency scope is supported for various ecosystems and manifests, that is, whether {% data variables.product.prodname_dependabot %} can identify if a dependency is used for development or production.
 
 | **Language** | **Ecosystem** | **Manifest file** | **Dependency scope supported** |
-|:---|:---:|:---:|:---|
+|:---|:---:|:---:|:---|{% ifversion fpt or ghec or ghes > 3.7 %}
+| Dart | pub | pubspec.yaml |  ✔ |
+| Dart | pub | pubspec.lock |  ✔ |{% endif %}
 | Go | Go modules | go.mod | No, defaults to runtime |
 | Go | Go modules |	go.sum | No, defaults to runtime |
 | Java | Maven | pom.xml | ✔ `test` maps to development, else scope defaults to runtime |

data/reusables/organizations/compliance.md

@@ -0,0 +1 @@
+1. In the "Security" section of the sidebar, click **{% octicon "checklist" aria-label="The checklist icon" %} Compliance**.

data/reusables/secret-scanning/partner-secret-list-private-repo.md

@@ -24,8 +24,11 @@ Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key{% en
 Azure | Azure CosmosDB Key Identifiable | azure_cosmosdb_key_identifiable{% endif %}
 Azure | Azure DevOps {% data variables.product.pat_generic_title_case %} | azure_devops_personal_access_token
 {%- ifversion fpt or ghec or ghes > 3.8 or ghae > 3.8 %}
-Azure | Azure ML Studio (classic) Web Service Key | azure_ml_studio_classic_web_service_key{% endif %}
+Azure | Azure ML Studio (classic) Web Service Key | azure_ml_studio_classic_web_service_key, azure_ml_web_service_classic_identifiable_key{% endif %}
 Azure | Azure SAS Token | azure_sas_token
+{%- ifversion fpt or ghec or ghes > 3.8 or ghae > 3.8 %}
+Azure | Azure Search Admin Key | azure_search_admin_key
+Azure | Azure Search Query Key | azure_search_query_key{% endif %}
 Azure | Azure Service Management Certificate | azure_management_certificate
 {%- ifversion ghes < 3.4 or ghae < 3.4 %}
 Azure | Azure SQL Connection String | azure_sql_connection_string{% endif %}
@@ -78,7 +81,8 @@ GoCardless | GoCardless Live Access Token | gocardless_live_access_token
 GoCardless | GoCardless Sandbox Access Token | gocardless_sandbox_access_token
 Google | Firebase Cloud Messaging Server Key | firebase_cloud_messaging_server_key
 Google | Google API Key | google_api_key
-Google | Google Cloud Private Key ID | 
+{%- ifversion fpt or ghec or ghes > 3.5 or ghae > 3.5 %}
+Google | Google Cloud Private Key ID | google_cloud_private_key_id{% endif %}
 Google | Google Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_service_account_access_key_id </br>google_cloud_storage_access_key_secret
 Google | Google Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_user_access_key_id </br>google_cloud_storage_access_key_secret
 {%- ifversion fpt or ghec or ghes > 3.3 or ghae > 3.3 %}

data/reusables/secret-scanning/partner-secret-list-public-repo.md

@@ -15,6 +15,8 @@ Azure | Azure CosmosDB Key Identifiable
 Azure | Azure DevOps {% data variables.product.pat_generic_title_case %}
 Azure | Azure ML Studio (classic) Web Service Key
 Azure | Azure SAS Token
+Azure | Azure Search Admin Key
+Azure | Azure Search Query Key
 Azure | Azure Service Management Certificate
 Azure | Azure SQL Connection String
 Azure | Azure Storage Account Key

data/reusables/secret-scanning/secret-list-private-push-protection.md

@@ -15,7 +15,10 @@ Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key
 Azure | Azure CosmosDB Key Identifiable | azure_cosmosdb_key_identifiable{% endif %}
 Azure | Azure DevOps {% data variables.product.pat_generic_title_case %} | azure_devops_personal_access_token
 {%- ifversion fpt or ghec or ghes > 3.8 or ghae > 3.8 %}
-Azure | Azure ML Studio (classic) Web Service Key | azure_ml_studio_classic_web_service_key{% endif %}
+Azure | Azure ML Studio (classic) Web Service Key | azure_ml_web_service_classic_identifiable_key{% endif %}
+{%- ifversion fpt or ghec or ghes > 3.8 or ghae > 3.8 %}
+Azure | Azure Search Admin Key | azure_search_admin_key
+Azure | Azure Search Query Key | azure_search_query_key{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.6 or ghae > 3.6 %}
 Azure | Azure Storage Account Key | azure_storage_account_key{% endif %}
 Checkout.com | Checkout.com Production Secret Key | checkout_production_secret_key