Merge pull request #36239 from github/repo-sync

Repo sync

Author: docs-bot

Dockerfile

@@ -7,7 +7,7 @@
 # --------------------------------------------------------------------------------
 # To update the sha:
 # https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble
-FROM ghcr.io/github/gh-base-image/gh-base-noble:20250130-211232-g78f3af16c AS base
+FROM ghcr.io/github/gh-base-image/gh-base-noble:20250131-172559-g0fd5a2edc AS base
 
 # Install git for cloning docs-early-access & translations repos
 # Install curl for determining the early access branch

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md

@@ -43,7 +43,7 @@ The repository owner has full control of the repository. In addition to the acti
 | Manage security and analysis settings for the repository | [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository) |
 | {% endif %} |
 | {% ifversion fpt or ghec %} |
-| Enable the dependency graph for a private repository | [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository) |
+| Enable the dependency graph for a private {% ifversion ghec %}or internal {% endif %}repository, or public fork | [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph) |
 | {% endif %} |
 | Delete and restore packages | [AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package) |
 | Customize the repository's social media preview | [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/customizing-your-repositorys-social-media-preview) |

content/code-security/getting-started/quickstart-for-securing-your-repository.md

@@ -48,7 +48,7 @@ From the main page of your repository, click **{% octicon "gear" aria-hidden="tr
 
 {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 
-For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository).
+For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph).
 
 ## Managing {% data variables.product.prodname_dependabot_alerts %}
 

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md

@@ -145,11 +145,11 @@ Public repositories:
   You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account) or [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
 
 Private repositories:
-* **Dependency graph:** Not enabled by default. The feature can be enabled by repository administrators. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository).
+* **Dependency graph:** Not enabled by default. The feature can be enabled by repository administrators. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph).
 {% ifversion fpt %}
 * **Dependency review:** Available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
 {% elsif ghec %}
-* **Dependency review:** Available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) and [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository).
+* **Dependency review:** Available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) and [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph).
 {% endif %}
 * **{% data variables.product.prodname_dependabot_alerts %}:** Not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories.
   You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account) or [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).

content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md

@@ -21,32 +21,25 @@ shortTitle: Configure dependency graph
 
 For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
 
-{% ifversion fpt or ghec %}
-
-## Configuring the dependency graph
+{% ifversion ghes %}
 
-To generate a dependency graph, {% data variables.product.github %} needs read-only access to the dependency manifest and lock files for a repository. The dependency graph is automatically generated for all public repositories and you can choose to enable it for private {% ifversion ghec %}and internal {% endif %}repositories. For more information on viewing the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository).
+## Enabling the dependency graph
 
-{% data reusables.dependency-submission.dependency-submission-link %}
+{% data reusables.dependabot.ghes-enabling-dependency-graph %}
 
 {% endif %}
 
-{% ifversion ghes %}
-
-## Enabling the dependency graph
-
-{% data reusables.dependabot.ghes-enabling-dependency-graph %}{% endif %}
+{% ifversion fpt or ghec %}
 
-{% ifversion ghec %}
+## Configuring the dependency graph
 
-### Enabling and disabling the dependency graph for a private or internal repository
+To generate a dependency graph, {% data variables.product.github %} needs read-only access to the dependency manifest and lock files for a repository. The dependency graph is automatically generated for all public repositories and you can choose to enable it for private {% ifversion ghec %}and internal {% endif %}repositories, and public forks. For more information on viewing the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository).
 
-{% endif %}{% ifversion fpt %}
+{% data reusables.dependency-submission.dependency-submission-link %}
 
-### Enabling and disabling the dependency graph for a private repository
+### Enabling and disabling the dependency graph
 
-{% endif %}{% ifversion fpt or ghec %}
-{% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo %}
+{% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo-public-fork %}
 
 {% endif %}
 

content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md

@@ -24,7 +24,7 @@ This guide shows you how to add three very common customizations: failing builds
 
 This guide assumes that:
 
-* Dependency graph is enabled for the repository.{% ifversion fpt or ghec %} Dependency graph is enabled by default for public repositories and you can choose to enable it for private repositories.{% endif %} For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository).
+* Dependency graph is enabled for the repository.{% ifversion fpt or ghec %} Dependency graph is enabled by default for public repositories and you can choose to enable it for private{% ifversion ghec %} and internal{% endif %} repositories, and public forks.{% endif %} For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository).
 * {% data variables.product.prodname_actions %} is enabled for the repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository).
 
 ## Step 1: Adding the dependency review action

content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md

@@ -77,9 +77,9 @@ If vulnerabilities have been detected in the repository, these are shown at the
 
 For public repositories, the dependents view shows how the repository is used by other repositories. To show only the repositories that contain a library in a package manager, click **NUMBER Packages** immediately above the list of dependent repositories. The dependent counts are approximate and may not always match the dependents listed.
 
-## Enabling and disabling the dependency graph for a private repository
+## Enabling and disabling the dependency graph
 
-{% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo %}
+{% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo-public-fork %}
 
 ## Changing the "Used by" package
 

content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md

@@ -25,7 +25,7 @@ shortTitle: Review dependency changes
 
 {% data reusables.dependency-review.feature-overview %}
 
-{% ifversion ghec %}Before you can use dependency review in a private repository, you must enable the dependency graph. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository).{% endif %}
+{% ifversion ghec %}Before you can use dependency review in a private or internal repository, or a public fork, you must enable the dependency graph. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph).{% endif %}
 
 {% ifversion ghes %}Before you can use dependency review, you must enable the dependency graph and connect {% data variables.location.product_location %} to {% data variables.product.prodname_dotcom_the_website %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise).{% endif %}
 

content/pull-requests/collaborating-with-pull-requests/working-with-forks/detaching-a-fork.md

@@ -1,6 +1,6 @@
 ---
 title: Detaching a fork
-intro: You can delete a fork and recreate the same repository, without the connection to the original network.
+intro: You can disconnect a repository from its fork network by leaving the network or manually deleting the fork and recreating it without any connection to the original.
 versions:
   fpt: '*'
   ghes: '*'
@@ -10,15 +10,14 @@ topics:
 permissions: People with admin access for a forked repository can delete the forked repository.
 ---
 
-## About detaching forks
+## Converting a fork into a standalone repository
 
-To turn your fork into a standalone repository, you can clone the fork, use the clone to create a new repository, and then delete the fork. This is useful when you want to take the work you are doing in a different direction or maintain distinct versions.
+To turn your fork into a standalone repository, you can leave the fork network ensuring the new repository will no longer automatically sync with changes from the original repository. This is useful when you want to take the work you are doing in a different direction or maintain distinct versions.
 
-The new repository will no longer automatically sync with changes from the original repository.
-
-> [!NOTE]
+> [!WARNING]
 > * The new repository will not retain any of its issues, pull requests, wikis, stars, watchers, comments, child forks, or other metadata that may currently be associated with your current fork.
 > * All git commit metadata will be preserved. Commits may become eligible to be counted as contributions if they meet certain criteria. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile#your-local-git-commit-email-isnt-connected-to-your-account).
+> * Leaving the fork network is **permanent** and the new repository **cannot** be reconnected to the fork network.
 
 {% ifversion ghes %}
 
@@ -27,9 +26,25 @@ The new repository will no longer automatically sync with changes from the origi
 
 {% endif %}
 
-## Detaching a fork
+## Leaving the fork network
+
+You can only detach forks with the leave network option when:
+* The fork is public
+* The fork is less than 1GB
+* The fork does not have any child forks attached
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+1. On the "General" settings page (which is selected by default), scroll down to the "Danger Zone" section, and click **Leave fork network**.
+1. Read the warnings and click **I have read and understand these effects**.
+1. To verify that you're deleting the correct repository, in the text box, type the name of the fork.
+1. Click **Leave fork network**.
+
+While the fork is being detached, some operations will be briefly unavailable until the fork has been transitioned to a standalone repository.
+
+## Manually Leaving the fork network
 
-You can delete a fork and recreate the same repository, without the connection to the original network.
+To turn your fork into a standalone repository, you can clone the fork, use the clone to create a new repository, and then delete the fork removing the connection to the original network.
 
 {% data reusables.command_line.open_the_multi_os_terminal %}
 1. Create a bare clone of the fork.

data/features/actions-server-statistics.yml

@@ -1,4 +1,4 @@
-Repository administrators can enable or disable the dependency graph for private {% ifversion ghec %}or internal{% endif %} repositories.
+Repository administrators can enable or disable the dependency graph for private {% ifversion ghec %}or internal{% endif %} repositories, or public forks.
 
 You can enable or disable the dependency graph for all repositories owned by your user account. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account).
 

data/features/actions-setup-go-default-cache-enabled.yml

@@ -8,50 +8,69 @@ type DotcomCookies = {
 
 let cachedCookies: DotcomCookies | null = null
 let inFlightPromise: Promise<DotcomCookies> | null = null
-let tries = 0
 
 const GET_COOKIES_ENDPOINT = '/api/cookies'
-const MAX_TRIES = 3
+const LOCAL_STORAGE_KEY = 'dotcomCookies'
 
-// Fetches httpOnly cookies from the server and cache the result
-// We use an in-flight promise to avoid duplicate requests
+// Fetches httpOnly cookies from the server and caches the result.
+// We don't want to do this every time because of the load it would place on our servers
+// So on success, the data is stored in local storage and reused on subsequent loads
+// On failure, returns default empty values
+// If a user is staff and they didn't happen to be logged in when these cookies were saved,
+// we can instruct them as needed to update the cookies and correctly set the isStaff flag.
 async function fetchCookies(): Promise<DotcomCookies> {
+  // Return the cached object if we have it in memory.
   if (cachedCookies) {
     return cachedCookies
   }
 
-  // If request is already in progress, return the same promise
-  if (inFlightPromise) {
-    return inFlightPromise
-  }
-
-  if (tries > MAX_TRIES) {
-    // In prod, fail without a serious error
-    console.error('Failed to fetch cookies after 3 tries')
-    // In dev, be loud about the issue
-    if (process.env.NODE_ENV === 'development') {
-      throw new Error('Failed to fetch cookies after 3 tries')
+  // Try to load from local storage.
+  const storedCookies = localStorage.getItem(LOCAL_STORAGE_KEY)
+  if (storedCookies) {
+    try {
+      cachedCookies = JSON.parse(storedCookies) as DotcomCookies
+      return cachedCookies
+    } catch (e) {
+      console.error('Error parsing cookies from local storage:', e)
+      localStorage.removeItem(LOCAL_STORAGE_KEY)
     }
+  }
 
-    return Promise.resolve({})
+  // If a request is already in progress, reuse it.
+  if (inFlightPromise) {
+    return inFlightPromise
   }
 
+  // Make a single fetch request to the backend.
   inFlightPromise = fetch(GET_COOKIES_ENDPOINT)
     .then((response) => {
-      tries++
       if (!response.ok) {
         throw new Error(`Failed to fetch cookies: ${response.statusText}`)
       }
       return response.json() as Promise<DotcomCookies>
     })
     .then((data) => {
       cachedCookies = data
+      // Store the fetched cookies in local storage for future use.
+      try {
+        localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify(data))
+      } catch (e) {
+        console.error('Error storing cookies in local storage:', e)
+      }
       return data
     })
+    .catch((err) => {
+      console.error('Error fetching cookies:', err)
+      // On failure, return default values.
+      const defaultCookies: DotcomCookies = {
+        dotcomUsername: '',
+        isStaff: false,
+      }
+      cachedCookies = defaultCookies
+      return defaultCookies
+    })
     .finally(() => {
-      // Clear the in-flight promise regardless of success or failure
-      // On success, subsequent calls will return the cached value
-      // On failure, subsequent calls will retry the request up to MAX_TRIES times
+      // Clear the in-flight promise regardless of success or failure.
       inFlightPromise = null
     })