Merge branch 'main' into 7044-dependabot-version-settings

2022-06-02 15:03:04 +01:00 · 2022-06-02 15:03:04 +01:00 · 0fc1d964d2
--- a/.github/actions-scripts/content-changes-table-comment.js
+++ b/.github/actions-scripts/content-changes-table-comment.js
@ -39,78 +39,97 @@ const pathPrefix = 'content/'
 const articleFiles = files.filter(
  ({ filename }) => filename.startsWith(pathPrefix) && !filename.endsWith('/index.md')
 )
-for (const file of articleFiles) {
-  const sourceUrl = file.blob_url
-  const fileName = file.filename.slice(pathPrefix.length)
-  const fileUrl = fileName.slice(0, fileName.lastIndexOf('.'))

-  // get the file contents and decode them
-  // this script is called from the main branch, so we need the API call to get the contents from the branch, instead
-  const fileContents = await getContents(
-    context.repo.owner,
-    context.payload.repository.name,
-    context.payload.pull_request.head.sha,
-    file.filename
-  )
+const lines = await Promise.all(
+  articleFiles.map(async (file) => {
+    const sourceUrl = file.blob_url
+    const fileName = file.filename.slice(pathPrefix.length)
+    const fileUrl = fileName.slice(0, fileName.lastIndexOf('.'))

-  // parse the frontmatter
-  const { data } = parse(fileContents)
-
-  let contentCell = ''
-  let previewCell = ''
-  let prodCell = ''
-
-  if (file.status === 'added') contentCell = `New file: `
-  contentCell += `[\`${fileName}\`](${sourceUrl})`
-
-  try {
-    // the try/catch is needed because getApplicableVersions() returns either [] or throws an error when it can't parse the versions frontmatter
-    // try/catch can be removed if docs-engineering#1821 is resolved
-    // i.e. for feature based versioning, like ghae: 'issue-6337'
-    const fileVersions = getApplicableVersions(data.versions)
-
-    for (const plan in allVersionShortnames) {
-      // plan is the shortName (i.e., fpt)
-      // allVersionShortNames[plan] is the planName (i.e., free-pro-team)
-
-      // walk by the plan names since we generate links differently for most plans
-      const versions = fileVersions.filter((fileVersion) =>
-        fileVersion.includes(allVersionShortnames[plan])
-      )
-
-      if (versions.length === 1) {
-        // for fpt, ghec, and ghae
-
-        if (versions.toString() === nonEnterpriseDefaultVersion) {
-          // omit version from fpt url
-
-          previewCell += `[${plan}](${APP_URL}/${fileUrl})<br>`
-          prodCell += `[${plan}](${PROD_URL}/${fileUrl})<br>`
-        } else {
-          // for non-versioned releases (ghae, ghec) use full url
-
-          previewCell += `[${plan}](${APP_URL}/${versions}/${fileUrl})<br>`
-          prodCell += `[${plan}](${PROD_URL}/${versions}/${fileUrl})<br>`
-        }
-      } else if (versions.length) {
-        // for ghes releases, link each version
-
-        previewCell += `${plan}@ `
-        prodCell += `${plan}@ `
-
-        versions.forEach((version) => {
-          previewCell += `[${version.split('@')[1]}](${APP_URL}/${version}/${fileUrl}) `
-          prodCell += `[${version.split('@')[1]}](${PROD_URL}/${version}/${fileUrl}) `
-        })
-        previewCell += '<br>'
-        prodCell += '<br>'
-      }
-    }
-  } catch (e) {
-    console.error(
-      `Version information for ${file.filename} couldn't be determined from its frontmatter.`
+    // get the file contents and decode them
+    // this script is called from the main branch, so we need the API call to get the contents from the branch, instead
+    const fileContents = await getContents(
+      context.repo.owner,
+      context.payload.repository.name,
+      // Can't get its content if it no longer exists.
+      // Meaning, you'd get a 404 on the `getContents()` utility function.
+      // So, to be able to get necessary meta data about what it *was*,
+      // if it was removed, fall back to the 'base'.
+      file.status === 'removed'
+        ? context.payload.pull_request.base.sha
+        : context.payload.pull_request.head.sha,
+      file.filename
    )
-  }
-  markdownTable += `| ${contentCell} | ${previewCell} | ${prodCell} | |\n`
-}
+
+    // parse the frontmatter
+    const { data } = parse(fileContents)
+
+    let contentCell = ''
+    let previewCell = ''
+    let prodCell = ''
+
+    if (file.status === 'added') contentCell = 'New file: '
+    else if (file.status === 'removed') contentCell = 'Removed: '
+    contentCell += `[\`${fileName}\`](${sourceUrl})`
+
+    try {
+      // the try/catch is needed because getApplicableVersions() returns either [] or throws an error when it can't parse the versions frontmatter
+      // try/catch can be removed if docs-engineering#1821 is resolved
+      // i.e. for feature based versioning, like ghae: 'issue-6337'
+      const fileVersions = getApplicableVersions(data.versions)
+
+      for (const plan in allVersionShortnames) {
+        // plan is the shortName (i.e., fpt)
+        // allVersionShortNames[plan] is the planName (i.e., free-pro-team)
+
+        // walk by the plan names since we generate links differently for most plans
+        const versions = fileVersions.filter((fileVersion) =>
+          fileVersion.includes(allVersionShortnames[plan])
+        )
+
+        if (versions.length === 1) {
+          // for fpt, ghec, and ghae
+
+          if (versions.toString() === nonEnterpriseDefaultVersion) {
+            // omit version from fpt url
+
+            previewCell += `[${plan}](${APP_URL}/${fileUrl})<br>`
+            prodCell += `[${plan}](${PROD_URL}/${fileUrl})<br>`
+          } else {
+            // for non-versioned releases (ghae, ghec) use full url
+
+            previewCell += `[${plan}](${APP_URL}/${versions}/${fileUrl})<br>`
+            prodCell += `[${plan}](${PROD_URL}/${versions}/${fileUrl})<br>`
+          }
+        } else if (versions.length) {
+          // for ghes releases, link each version
+
+          previewCell += `${plan}@ `
+          prodCell += `${plan}@ `
+
+          versions.forEach((version) => {
+            previewCell += `[${version.split('@')[1]}](${APP_URL}/${version}/${fileUrl}) `
+            prodCell += `[${version.split('@')[1]}](${PROD_URL}/${version}/${fileUrl}) `
+          })
+          previewCell += '<br>'
+          prodCell += '<br>'
+        }
+      }
+    } catch (e) {
+      console.error(
+        `Version information for ${file.filename} couldn't be determined from its frontmatter.`
+      )
+    }
+    let note = ''
+    if (file.status === 'removed') {
+      note = 'removed'
+      // If the file was removed, the `previewCell` no longer makes sense
+      // since it was based on looking at the base sha.
+      previewCell = 'n/a'
+    }
+
+    return `| ${contentCell} | ${previewCell} | ${prodCell} | ${note} |`
+  })
+)
+markdownTable += lines.join('\n')
 setOutput('changesTable', markdownTable)
--- a/.github/workflows/autoupdate-branch.yml
+++ b/.github/workflows/autoupdate-branch.yml
@ -43,9 +43,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/azure-prod-build-deploy.yml
+++ b/.github/workflows/azure-prod-build-deploy.yml
@ -60,9 +60,9 @@ jobs:
        run: git lfs checkout

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Clone docs-early-access
--- a/.github/workflows/azure-staging-build-deploy.yml
+++ b/.github/workflows/azure-staging-build-deploy.yml
@ -78,9 +78,9 @@ jobs:
          echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ env.IMAGE_REPO }}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Clone docs-early-access
--- a/.github/workflows/browser-test.yml
+++ b/.github/workflows/browser-test.yml
@ -40,9 +40,9 @@ jobs:
        run: git lfs checkout

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/check-all-english-links.yml
+++ b/.github/workflows/check-all-english-links.yml
@ -28,9 +28,9 @@ jobs:
      - name: Check out repo's default branch
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
@ -53,6 +53,9 @@ jobs:
          DISABLE_RENDER_CACHING: true
          # We don't want or need the changelog entries in this context.
          CHANGELOG_DISABLED: true
+          # The default is 10s. But because this runs overnight, we can
+          # be a lot more patient.
+          REQUEST_TIMEOUT: 20000
        run: |
          node server.mjs &
          sleep 5
--- a/.github/workflows/check-broken-links-github-github.yml
+++ b/.github/workflows/check-broken-links-github-github.yml
@ -42,9 +42,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install Node.js dependencies
--- a/.github/workflows/code-lint.yml
+++ b/.github/workflows/code-lint.yml
@ -37,9 +37,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/content-changes-table-comment.yml
+++ b/.github/workflows/content-changes-table-comment.yml
@ -57,9 +57,9 @@ jobs:
        run: .github/actions-scripts/get-preview-app-info.sh

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install temporary dependencies
--- a/.github/workflows/create-translation-batch-pr.yml
+++ b/.github/workflows/create-translation-batch-pr.yml
@ -116,9 +116,9 @@ jobs:
          git commit -m "Add crowdin translations" || echo "Nothing to commit"

      - name: 'Setup node'
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'

      - run: npm ci

--- a/.github/workflows/crowdin-cleanup.yml
+++ b/.github/workflows/crowdin-cleanup.yml
@ -29,9 +29,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/docs-review-collect.yml
+++ b/.github/workflows/docs-review-collect.yml
@ -23,9 +23,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/enterprise-dates.yml
+++ b/.github/workflows/enterprise-dates.yml
@ -39,9 +39,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install Node.js dependencies
--- a/.github/workflows/enterprise-release-sync-search-index.yml
+++ b/.github/workflows/enterprise-release-sync-search-index.yml
@ -50,9 +50,9 @@ jobs:
          token: ${{ secrets.DOCUBOT_REPO_PAT }}

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/link-check-all.yml
+++ b/.github/workflows/link-check-all.yml
@ -30,9 +30,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install
--- a/.github/workflows/msft-create-translation-batch-pr.yml
+++ b/.github/workflows/msft-create-translation-batch-pr.yml
@ -95,9 +95,9 @@ jobs:
          git commit -m "Add crowdin translations" || echo "Nothing to commit"

      - name: 'Setup node'
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'

      - run: npm ci

--- a/.github/workflows/open-enterprise-issue.yml
+++ b/.github/workflows/open-enterprise-issue.yml
@ -22,9 +22,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/openapi-decorate.yml
+++ b/.github/workflows/openapi-decorate.yml
@ -42,9 +42,9 @@ jobs:
          token: ${{ secrets.DOCUBOT_REPO_PAT }}

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/openapi-schema-check.yml
+++ b/.github/workflows/openapi-schema-check.yml
@ -42,9 +42,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/orphaned-assets-check.yml
+++ b/.github/workflows/orphaned-assets-check.yml
@ -25,9 +25,9 @@ jobs:
          token: ${{ secrets.DOCUBOT_REPO_PAT }}

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install
--- a/.github/workflows/os-ready-for-review.yml
+++ b/.github/workflows/os-ready-for-review.yml
@ -47,9 +47,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/pa11y.yml
+++ b/.github/workflows/pa11y.yml
@ -21,9 +21,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/package-lock-lint.yml
+++ b/.github/workflows/package-lock-lint.yml
@ -27,9 +27,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'

      - name: Run check
        run: |
--- a/.github/workflows/ready-for-doc-review.yml
+++ b/.github/workflows/ready-for-doc-review.yml
@ -23,9 +23,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/remove-unused-assets.yml
+++ b/.github/workflows/remove-unused-assets.yml
@ -27,9 +27,9 @@ jobs:
      - name: Checkout
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm
      - name: npm ci
        run: npm ci
--- a/.github/workflows/repo-sync.yml
+++ b/.github/workflows/repo-sync.yml
@ -102,9 +102,9 @@ jobs:

      # Set up npm and run npm ci to run husky to get githooks for LFS
      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm
      - name: Install dependencies
        run: npm ci
--- a/.github/workflows/sync-search-indices.yml
+++ b/.github/workflows/sync-search-indices.yml
@ -56,9 +56,9 @@ jobs:
          token: ${{ secrets.DOCS_BOT_FR }}

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/sync-search-pr.yml
+++ b/.github/workflows/sync-search-pr.yml
@ -29,9 +29,9 @@ jobs:
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -123,9 +123,9 @@ jobs:
          echo "${{ steps.get_diff_files.outputs.files }}" > get_diff_files.txt

      - name: Setup node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/triage-unallowed-internal-changes.yml
+++ b/.github/workflows/triage-unallowed-internal-changes.yml
@ -59,9 +59,9 @@ jobs:
          token: ${{ secrets.DOCUBOT_REPO_PAT }}

      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm

      - name: Install dependencies
--- a/.github/workflows/update-graphql-files.yml
+++ b/.github/workflows/update-graphql-files.yml
@ -34,9 +34,9 @@ jobs:
      - name: Checkout
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
      - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
        with:
-          node-version: 16.15.x
+          node-version: '16.15.0'
          cache: npm
      - name: Install Node.js dependencies
        run: npm ci
--- a/assets/images/help/2fa/2fa-github-mobile-password-reset.png
+++ b/assets/images/help/2fa/2fa-github-mobile-password-reset.png
--- a/assets/images/help/2fa/2fa-mobile-challenge-password-reset.png
+++ b/assets/images/help/2fa/2fa-mobile-challenge-password-reset.png
--- a/assets/images/help/2fa/2fa-password-reset.png
+++ b/assets/images/help/2fa/2fa-password-reset.png
--- a/assets/images/help/enterprises/require-oidc.png
+++ b/assets/images/help/enterprises/require-oidc.png
--- a/assets/images/help/enterprises/saml-to-oidc-button.png
+++ b/assets/images/help/enterprises/saml-to-oidc-button.png
--- a/assets/images/help/repository/code-scanning-alert-drop-down-reason.png
+++ b/assets/images/help/repository/code-scanning-alert-drop-down-reason.png
--- a/assets/images/help/repository/code-scanning-pr-conversation-tab.png
+++ b/assets/images/help/repository/code-scanning-pr-conversation-tab.png
--- a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md
+++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md
@ -143,6 +143,8 @@ When you participate in certain programs, {% data variables.product.prodname_dot
 | {% octicon "star-fill" aria-label="The star icon" %} | **Pro** | If you use {% data variables.product.prodname_pro %} you'll get a PRO badge on your profile. For more information about {% data variables.product.prodname_pro %}, see "[{% data variables.product.prodname_dotcom %}'s products](/github/getting-started-with-github/githubs-products#github-pro)." |
 | {% octicon "lock" aria-label="The lock icon" %} | **Security Bug Bounty Hunter** | If you helped out hunting down security vulnerabilities, you'll get a Security Bug Bounty Hunter badge on your profile. For more information about the {% data variables.product.prodname_dotcom %} Security program, see [{% data variables.product.prodname_dotcom %} Security](https://bounty.github.com/). |
 | {% octicon "mortar-board" aria-label="The mortar-board icon" %} | **{% data variables.product.prodname_dotcom %} Campus Expert** | If you participate in the {% data variables.product.prodname_campus_program %}, you will get a {% data variables.product.prodname_dotcom %} Campus Expert badge on your profile. For more information about the Campus Experts program, see [Campus Experts](https://education.github.com/experts). |
+| {% octicon "shield" aria-label="The shield icon" %} | **Security advisory credit** | If a security advisory you submit to the [{% data variables.product.prodname_dotcom %} Advisory Database](https://github.com/advisories) is accepted, you'll get a Security advisory credit badge on your profile. For more information about {% data variables.product.prodname_dotcom %} Security Advisories, see [{% data variables.product.prodname_dotcom %} Security Advisories](/code-security/repository-security-advisories/about-github-security-advisories-for-repositories). |
+| {% octicon "check" aria-label="The check icon" %} | **Discussion answered** | If your reply to a discussion is marked as the answer, you'll get a Discussion answered badge on your profile. For more information about {% data variables.product.prodname_dotcom %} Discussions, see [About discussions](/discussions/collaborating-with-your-community-using-discussions/about-discussions). |

 ## Disabling badges on your profile

--- a/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md
+++ b/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md
@ -65,7 +65,14 @@ You can manage the runner service in the Windows **Services** application, or yo
   sudo ./svc.sh install
   ```

+1. Alternatively, the command takes an optional `user` argument to install the service as a different user.
+
+  ```shell
+  ./svc.sh install <em>USERNAME</em>
+  ```
+
 {% endlinux %}
+
 {% mac %}

 ## Installing the service
@ -78,12 +85,6 @@ You can manage the runner service in the Windows **Services** application, or yo
   ```
 {% endmac %}

-The command takes an optional `user` argument to install the service as a different user.
-
-```shell
-./svc.sh install <em>USERNAME</em>
-```
-
 ## Starting the service

 Start the service with the following command:
--- a/content/actions/learn-github-actions/contexts.md
+++ b/content/actions/learn-github-actions/contexts.md
@ -52,10 +52,7 @@ As part of an expression, you can access context information using one of two sy
 - Index syntax: `github['sha']`
 - Property dereference syntax: `github.sha`

-In order to use property dereference syntax, the property name must:
-
- start with `a-Z` or `_`.
- be followed by `a-Z` `0-9` `-` or `_`.
+In order to use property dereference syntax, the property name must start with a letter or `_` and contain only alphanumeric characters, `-`, or `_`.

 If you attempt to dereference a non-existent property, it will evaluate to an empty string.

--- a/content/actions/learn-github-actions/expressions.md
+++ b/content/actions/learn-github-actions/expressions.md
@ -68,7 +68,7 @@ env:
  myIntegerNumber: ${{ 711 }}
  myFloatNumber: ${{ -9.2 }}
  myHexNumber: ${{ 0xff }}
-  myExponentialNumber: ${{ -2.99-e2 }}
+  myExponentialNumber: ${{ -2.99e-2 }}
  myString: Mona the Octocat
  myStringInBraces: ${{ 'It''s open source!' }}
 ```
@ -324,34 +324,22 @@ steps:
    if: {% raw %}${{ failure() }}{% endraw %}
 ```

-{% ifversion fpt or ghes > 3.3 or ghae-issue-5504 or ghec %}
-### Evaluate Status Explicitly
+#### failure with conditions

-Instead of using one of the methods above, you can evaluate the status of the job or composite action that is executing the step directly:
+You can include extra conditions for a step to run after a failure, but you must still include `failure()` to override the default status check of `success()` that is automatically applied to `if` conditions that don't contain a status check function.

-#### Example for workflow step
+##### Example

 ```yaml
 steps:
  ...
-  - name: The job has failed
-    if: {% raw %}${{ job.status == 'failure' }}{% endraw %}
+  - name: Failing step
+    id: demo
+    run: exit 1
+  - name: The demo step has failed
+    if: {% raw %}${{ failure() && steps.demo.conclusion == 'failure' }}{% endraw %}
 ```

-This is the same as using `if: failure()` in a job step.
-
-#### Example for composite action step
-
-```yaml
-steps:
-  ...
-  - name: The composite action has failed
-    if: {% raw %}${{ github.action_status == 'failure' }}{% endraw %}
-```
-
-This is the same as using `if: failure()` in a composite action step.
-{% endif %}
-
 ## Object filters

 You can use the `*` syntax to apply a filter and select matching items in a collection.
--- a/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md
+++ b/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md
@ -1,6 +1,6 @@
 ---
 title: Using GitHub Enterprise Server with a load balancer
-intro: 'Use a load balancer in front of a single {% data variables.product.prodname_ghe_server %} appliance or a pair of appliances in a High Availability configuration.'
+intro: 'Use a load balancer in front of a single {% data variables.product.prodname_ghe_server %} instance or a pair of instances in a High Availability configuration.'
 redirect_from:
  - /enterprise/admin/guides/installation/using-github-enterprise-with-a-load-balancer
  - /enterprise/admin/installation/using-github-enterprise-server-with-a-load-balancer
@ -35,7 +35,7 @@ Because client connections to {% data variables.product.prodname_ghe_server %} c

 ### Enabling PROXY protocol support on {% data variables.product.product_location %}

-We strongly recommend enabling PROXY protocol support for both your appliance and the load balancer. Use the instructions provided by your vendor to enable the PROXY protocol on your load balancer. For more information, see [the PROXY protocol documentation](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).
+We strongly recommend enabling PROXY protocol support for both your instance and the load balancer. Use the instructions provided by your vendor to enable the PROXY protocol on your load balancer. For more information, see [the PROXY protocol documentation](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).

 {% data reusables.enterprise_installation.proxy-incompatible-with-aws-nlbs %}

@ -52,6 +52,12 @@ We strongly recommend enabling PROXY protocol support for both your appliance an

 {% data reusables.enterprise_clustering.x-forwarded-for %}

+{% warning %}
+
+**Warning**: If you configure `X-Forwarded-For` support on {% data variables.product.product_location %} and load balancer, you may not be able to connect to the {% data variables.enterprise.management_console %}. For more information, see "[Error: "Your session has expired" for connections to the {% data variables.enterprise.management_console %}](/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer#error-your-session-has-expired-for-connections-to-the-management-console)."
+
+{% endwarning %}
+
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.privacy %}
@ -63,7 +69,28 @@ We strongly recommend enabling PROXY protocol support for both your appliance an

 ## Configuring health checks

-Health checks allow a load balancer to stop sending traffic to a node that is not responding if a pre-configured check fails on that node. If the appliance is offline due to maintenance or unexpected failure, the load balancer can display a status page. In a High Availability (HA) configuration, a load balancer can be used as part of a failover strategy. However, automatic failover of HA pairs is not supported. You must manually promote the replica appliance before it will begin serving requests. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."
+Health checks allow a load balancer to stop sending traffic to a node that is not responding if a pre-configured check fails on that node. If the instance is offline due to maintenance or unexpected failure, the load balancer can display a status page. In a High Availability (HA) configuration, a load balancer can be used as part of a failover strategy. However, automatic failover of HA pairs is not supported. You must manually promote the replica instance before it will begin serving requests. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."

 {% data reusables.enterprise_clustering.health_checks %}
 {% data reusables.enterprise_site_admin_settings.maintenance-mode-status %}
+
+## Troubleshooting connectivity through a load balancer
+
+If you cannot connect to services on {% data variables.product.product_location %} through a load balancer, you can review the following information to troubleshoot the problem.
+
+{% note %}
+
+**Note**: Always test changes to your network infrastructure and instance configuration in a staging environment. For more information, see "[Setting up a staging instance](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
+
+{% endnote %}
+
+### Error: "Your session has expired" for connections to the {% data variables.enterprise.management_console %}
+
+If you enable support for the `X-Forwarded-For` header on your instance and load balancer, you may not be able to access your instance's {% data variables.enterprise.management_console %}. For more information about the {% data variables.enterprise.management_console %} and ports required for connections, see "[Accessing the management console](/admin/configuration/configuring-your-enterprise/accessing-the-management-console)" and "[Network ports](/admin/configuration/configuring-network-settings/network-ports)."
+
+If {% data variables.product.product_location %} indicates that your session has expired when you connect to the {% data variables.enterprise.management_console %} through a load balancer, try one of the following configurations on your load balancer.
+
+- Disable `X-Forwarded-For` headers for connections to your instance on ports 8080 and 8443.
+- Configure your load balancer to operate on Layer 4, and use the PROXY protocol instead of `X-Forwarded-For` for passthrough of client IP addresses. For more information, see "[Enabling PROXY protocol support on {% data variables.product.product_location %} ](#enabling-proxy-protocol-support-on-your-github-enterprise-server-instance)."
+
+For more information, refer to the documentation for your load balancer.
--- a/content/admin/configuration/configuring-your-enterprise/accessing-the-management-console.md
+++ b/content/admin/configuration/configuring-your-enterprise/accessing-the-management-console.md
@ -55,3 +55,11 @@ The first time that you access the {% data variables.enterprise.management_conso
 The {% data variables.enterprise.management_console %} locks after ten failed login attempts are made in the span of ten minutes. You must wait for the login screen to automatically unlock before attempting to log in again. The login screen automatically unlocks as soon as the previous ten minute period contains fewer than ten failed login attempts. The counter resets after a successful login occurs.

 To immediately unlock the {% data variables.enterprise.management_console %}, use the `ghe-reactivate-admin-login` command via the administrative shell. For more information, see "[Command line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-reactivate-admin-login)" and "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/)."
+
+## Troubleshooting failed connections to the {% data variables.enterprise.management_console %}
+
+If you cannot connect to the {% data variables.enterprise.management_console %} on {% data variables.product.product_location %}, you can review the following information to troubleshoot the problem.
+
+### Error: "Your session has expired" for connections through a load balancer
+
+If you access {% data variables.product.product_location %} through a load balancer and connections to the {% data variables.enterprise.management_console %} fail with a message that your session has expired, you may need to reconfigure your load balancer. For more information, see "[Using {% data variables.product.product_name %} with a load balancer](/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer#error-your-session-has-expired-for-connections-to-the-management-console)."
--- a/content/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode.md
+++ b/content/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode.md
@ -69,6 +69,8 @@ The IP exception list provides controlled and restricted access to {% data varia

 If you re-enable maintenance mode, the IP exception list will be disabled and {% data variables.product.product_location %} will return to maintenance mode. If you just disable the IP exception list, {% data variables.product.product_location %} will return to normal operation.

+You can also use a command-line utility to configure the IP exception list. For more information, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-maintenance)" and "[Accessing the administrative shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 1. At the top of the {% data variables.enterprise.management_console %}, click **Maintenance**, and confirm maintenance mode is already enabled.
--- a/content/admin/identity-and-access-management/index.md
+++ b/content/admin/identity-and-access-management/index.md
@ -19,7 +19,7 @@ children:
  - /using-cas-for-enterprise-iam
  - /using-ldap-for-enterprise-iam
  - /using-saml-for-enterprise-iam
-  - /using-enterprise-managed-users-and-saml-for-iam
+  - /using-enterprise-managed-users-for-iam
  - /managing-recovery-codes-for-your-enterprise
 ---

--- a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md
+++ b/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md
@ -1,7 +1,7 @@
 ---
 title: Accessing your enterprise account if your identity provider is unavailable
 shortTitle: Access your enterprise account
-intro: 'You can sign into {% data variables.product.product_name %} even if your identity provider is unavailable by bypassing SAML single sign-on (SSO) with a recovery code.'
+intro: 'You can sign into {% data variables.product.product_name %} even if your identity provider is unavailable by bypassing single sign-on (SSO) with a recovery code.'
 versions:
  ghec: '*'
 type: how_to
@ -13,9 +13,9 @@ topics:
 permissions: Enterprise owners can use a recovery code to access an enterprise account.
 ---

-You can use a recovery code to access your enterprise account when a SAML configuration error or an issue with your identity provider (IdP) prevents you from using SAML SSO. 
+You can use a recovery code to access your enterprise account when a authentication configuration error or an issue with your identity provider (IdP) prevents you from using SSO. 

-In order to access your enterprise account this way, you must have previously downloaded and stored the recovery codes for your enterprise. For more information, see "[Downloading your enterprise account's SAML single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes)."
+In order to access your enterprise account this way, you must have previously downloaded and stored the recovery codes for your enterprise. For more information, see "[Downloading your enterprise account's single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."

 {% data reusables.saml.recovery-code-caveats %}

--- a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes.md
+++ b/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes.md
@ -1,28 +0,0 @@
---
-title: Downloading your enterprise account's SAML single sign-on recovery codes
-shortTitle: Download recovery codes
-intro: "To ensure that you can access {% data variables.product.product_name %} if your identity provider (IdP) is unavailable, you should download your enterprise account's SAML single sign-on (SSO) recovery codes."
-versions:
-  ghec: '*'
-type: how_to
-topics:
-  - Accounts
-  - Authentication
-  - Enterprise
-  - SSO
-permissions: Enterprise owners can download the SAML SSO recovery codes for the enterprise account.
---
-
-In the event that your IdP is unavailable, you can use a recovery code to sign in and access your enterprise on {% data variables.product.product_location %}. For more information, see "[Accessing your enterprise account if your identity provider is unavailable](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)."
-
-If you did not save your recovery codes when you configured SAML SSO, you can still access the codes from your enterprise's settings.
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.security-tab %}
-
-1. Under "Require SAML authentication", click **Save your recovery codes**.
-![Screenshot of the button to test SAML configuration before enforcing](/assets/images/help/enterprises/saml-recovery-codes-link.png)
-
-2. To save your recovery codes, click **Download**, **Print**, or **Copy**.
-![Screenshot of the buttons to download, print, or copy your recovery codes](/assets/images/help/saml/saml_recovery_code_options.png)
--- a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md
+++ b/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md
@ -0,0 +1,37 @@
+---
+title: Downloading your enterprise account's single sign-on recovery codes
+shortTitle: Download recovery codes
+intro: "To ensure that you can access {% data variables.product.product_name %} if your identity provider (IdP) is unavailable, you should download your enterprise account's single sign-on (SSO) recovery codes."
+versions:
+  ghec: '*'
+type: how_to
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+redirect_from:
+  - /admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes
+permissions: Enterprise owners can download the SSO recovery codes for the enterprise account.
+---
+
+In the event that your IdP is unavailable, you can use a recovery code to sign in and access your enterprise on {% data variables.product.product_location %}. For more information, see "[Accessing your enterprise account if your identity provider is unavailable](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)."
+
+If you did not save your recovery codes when you configured SSO, you can still access the codes from your enterprise's settings.
+
+
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+
+1. Under{% if oidc-for-emu %} either{% endif %} "Require SAML authentication"{% if oidc-for-emu %} or "Require OIDC authentication"{% endif %}, click **Save your recovery codes**.{% if oidc-for-emu %}
+  {% note %}
+  
+  **Note:** OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[About Enterprise Managed Users](/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users)."
+  
+  {% endnote %}{% endif %}
+  
+  ![Screenshot of the button to test SAML configuration before enforcing](/assets/images/help/enterprises/saml-recovery-codes-link.png)
+1. To save your recovery codes, click **Download**, **Print**, or **Copy**.
+  ![Screenshot of the buttons to download, print, or copy your recovery codes](/assets/images/help/saml/saml_recovery_code_options.png)
--- a/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/index.md
+++ b/content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/index.md
@ -10,7 +10,7 @@ topics:
  - Enterprise
  - SSO
 children:
-  - /downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes
+  - /downloading-your-enterprise-accounts-single-sign-on-recovery-codes
  - /accessing-your-enterprise-account-if-your-identity-provider-is-unavailable
 ---

--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users.md
@ -8,6 +8,7 @@ redirect_from:
  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users
  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users
  - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users
+  - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users
 versions:
  ghec: '*'
 type: overview
@ -20,11 +21,17 @@ topics:

 ## About {% data variables.product.prodname_emus %}

-With {% data variables.product.prodname_emus %}, you can control the user accounts of your enterprise members through your identity provider (IdP). You can simplify authentication with SAML single sign-on (SSO) and provision, update, and deprovision user accounts for your enterprise members. Users assigned to the {% data variables.product.prodname_emu_idp_application %} application in your IdP are provisioned as new user accounts on {% data variables.product.prodname_dotcom %} and added to your enterprise. You control usernames, profile data, team membership, and repository access from your IdP.
+With {% data variables.product.prodname_emus %}, you can control the user accounts of your enterprise members through your identity provider (IdP). You can simplify authentication with SAML{% if oidc-for-emu %} or OIDC{% endif %} single sign-on (SSO) and provision, update, and deprovision user accounts for your enterprise members. Users assigned to the {% data variables.product.prodname_emu_idp_application %} application in your IdP are provisioned as new user accounts on {% data variables.product.prodname_dotcom %} and added to your enterprise. You control usernames, profile data, team membership, and repository access from your IdP.

 In your IdP, you can give each {% data variables.product.prodname_managed_user %} the role of user, enterprise owner, or billing manager. {% data variables.product.prodname_managed_users_caps %} can own organizations within your enterprise and can add other {% data variables.product.prodname_managed_users %} to the organizations and teams within. For more information, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/managing-users-in-your-enterprise/roles-in-an-enterprise)" and "[About organizations](/organizations/collaborating-with-groups-in-organizations/about-organizations)."

-Organization membership can be managed manually or updated automatically as {% data variables.product.prodname_managed_users %} are added to IdP groups that are connected to teams within the organization. When a {% data variables.product.prodname_managed_user %} is manually added to an organization, unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization. For more information about managing organization and team membership automatically, see "[Managing team memberships with identity provider groups](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/managing-team-memberships-with-identity-provider-groups)."
+Organization membership can be managed manually or updated automatically as {% data variables.product.prodname_managed_users %} are added to IdP groups that are connected to teams within the organization. When a {% data variables.product.prodname_managed_user %} is manually added to an organization, unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization. For more information about managing organization and team membership automatically, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
+
+{% if oidc-for-emu %}
+
+{% data reusables.enterprise-accounts.emu-cap-validates %} For more information, see "[About support for your IdP's Conditional Access Policy](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy)."
+
+{% endif %}

 You can grant {% data variables.product.prodname_managed_users %} access and the ability to contribute to repositories within your enterprise, but {% data variables.product.prodname_managed_users %} cannot create public content or collaborate with other users, organizations, and enterprises on the rest of {% data variables.product.prodname_dotcom %}. The {% data variables.product.prodname_managed_users %} provisioned for your enterprise cannot be invited to organizations or repositories outside of the enterprise, nor can the {% data variables.product.prodname_managed_users %} be invited to other enterprises. Outside collaborators are not supported by {% data variables.product.prodname_emus %}.

@ -39,10 +46,18 @@ To use {% data variables.product.prodname_emus %}, you need a separate type of e

 ## Identity provider support

-{% data variables.product.prodname_emus %} supports the following IdPs:
+{% data variables.product.prodname_emus %} supports the following IdPs{% if oidc-for-emu %} and authentication methods:
+
+|                                  | SAML                                          | OIDC (beta)                                   |
+|----------------------------------|-----------------------------------------------|-----------------------------------------------|
+| Azure Active Directory           | {% octicon "check" aria-label="Check icon" %} | {% octicon "check" aria-label="Check icon" %} |
+| Okta                             | {% octicon "check" aria-label="Check icon" %} |                                               |
+{% else %}:

 {% data reusables.enterprise-accounts.emu-supported-idps %}

+{% endif %}
+
 ## Abilities and restrictions of {% data variables.product.prodname_managed_users %}

 {% data variables.product.prodname_managed_users_caps %} can only contribute to private and internal repositories within their enterprise and private repositories owned by their user account. {% data variables.product.prodname_managed_users_caps %} have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions for users and content apply to all requests, including API requests.
@ -58,21 +73,36 @@ To use {% data variables.product.prodname_emus %}, you need a separate type of e
 * Only private and internal repositories can be created in organizations owned by an {% data variables.product.prodname_emu_enterprise %}, depending on organization and enterprise repository visibility settings. 
 * {% data variables.product.prodname_managed_users_caps %} are limited in their use of {% data variables.product.prodname_pages %}. For more information, see "[About {% data variables.product.prodname_pages %}](/pages/getting-started-with-github-pages/about-github-pages#limitations-for-enterprise-managed-users)."

-## About enterprises with managed users
+## Getting started with {% data variables.product.prodname_emus %}

-To use {% data variables.product.prodname_emus %}, you need a separate type of enterprise account with {% data variables.product.prodname_emus %} enabled. To try out {% data variables.product.prodname_emus %} or to discuss options for migrating from your existing enterprise, please contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
+Before your developers can use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}, you must follow a series of configuration steps.

-Your contact on the GitHub Sales team will work with you to create your new {% data variables.product.prodname_emu_enterprise %}. You'll need to provide the email address for the user who will set up your enterprise and a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %} For more information, see "[Usernames and profile information](#usernames-and-profile-information)."
-
-After we create your enterprise, you will receive an email from {% data variables.product.prodname_dotcom %} inviting you to choose a password for your enterprise's setup user, which will be the first owner in the enterprise. Use an incognito or private browsing window when setting the password. The setup user is only used to configure SAML single sign-on and SCIM provisioning integration for the enterprise. It will no longer have access to administer the enterprise account once SAML is successfully enabled.
-
-The setup user's username is your enterprise's shortcode suffixed with `_admin`. After you log in to your setup user, you can get started by configuring SAML SSO for your enterprise. For more information, see "[Configuring SAML single sign-on for Enterprise Managed Users](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-saml-single-sign-on-for-enterprise-managed-users)."
-
-{% note %}
-
-{% data reusables.enterprise-accounts.emu-password-reset-session %}
-
-{% endnote %}
+1. To use {% data variables.product.prodname_emus %}, you need a separate type of enterprise account with {% data variables.product.prodname_emus %} enabled. To try out {% data variables.product.prodname_emus %} or to discuss options for migrating from your existing enterprise, please contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
+  
+  Your contact on the GitHub Sales team will work with you to create your new {% data variables.product.prodname_emu_enterprise %}. You'll need to provide the email address for the user who will set up your enterprise and a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %} For more information, see "[Usernames and profile information](#usernames-and-profile-information)."
+  
+2. After we create your enterprise, you will receive an email from {% data variables.product.prodname_dotcom %} inviting you to choose a password for your enterprise's setup user, which will be the first owner in the enterprise. Use an incognito or private browsing window when setting the password. The setup user is only used to configure single sign-on and SCIM provisioning integration for the enterprise. It will no longer have access to administer the enterprise account once SSO is successfully enabled. The setup user's username is your enterprise's shortcode suffixed with `_admin`. 
+  
+  {% note %}
+  
+  {% data reusables.enterprise-accounts.emu-password-reset-session %}
+  
+  {% endnote %}
+  
+3. After you log in to your setup user, get started by configuring {% if oidc-for-emu %}how your members will authenticate. If you are using Azure Active Directory as your identity provider, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML). Both options provide a seamless sign-in experience for your members, but only OIDC includes support for Conditional Access Policies (CAP). If you are using Okta as your identity provider, you can use SAML to authenticate your members.{% else %}SAML SSO for your enterprise. For more information, see "[Configuring SAML single sign-on for Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."{% endif %}
+  
+  {% if oidc-for-emu %}
+  
+  To get started, read the guide for your chosen authentication method.
+  
+    - "[Configuring OIDC for Enterprise Managed Users](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)."
+    - "[Configuring SAML single sign-on for Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."
+  
+  {% endif %}
+  
+4. Once you have configured SSO, you can configure SCIM provisioning. SCIM is how your identity provider will provision and manage member accounts and teams on {% data variables.product.prodname_dotcom_the_website %}. For more information on configuring SCIM provisioning, see "[Configuring SCIM provisioning for enterprise managed users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."
+  
+5. Once authentication and provisioning are configured, you can start provisioning members and managing teams. For more information, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."

 ## Authenticating as a {% data variables.product.prodname_managed_user %}

--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy.md
@ -0,0 +1,47 @@
+---
+title: About support for your IdP's Conditional Access Policy
+shortTitle: Conditional access policy
+intro: 'When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will validate access to your enterprise and its resources using your IdP''s Conditional Access Policy (CAP).'
+product: '{% data reusables.gated-features.emus %}'
+versions:
+  feature: 'oidc-for-emu'
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+---
+
+{% data reusables.enterprise-accounts.oidc-beta-notice %}
+
+## About support for Conditional Access Policies
+
+{% data reusables.enterprise-accounts.emu-cap-validates %}
+
+CAP support is enabled automatically for any {% data variables.product.prodname_emu_enterprise %} that enables OIDC SSO and cannot be disabled. {% data variables.product.prodname_dotcom %} enforces your IdP's IP conditions but not device compliance conditions.
+
+For more information about using OIDC with {% data variables.product.prodname_emus %}, see "[Configuring OIDC for Enterprise Managed Users](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)" and "[Migrating from SAML to OIDC](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc)."
+
+## About using CAP with IP allow lists
+
+We recommend disabling your enterprise account's IP allow list and relying on your IdP's CAP. If you enable IP allow lists for your enterprise and also make use of your IdP's CAP, both the IP allow list and CAP will be enforced. If either restriction rejects a user's IP address, the request fails. For more information about IP allow lists, see "[Enforcing policies for security settings in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)."
+
+## Considerations for integrations and automations
+
+{% data variables.product.prodname_dotcom %} sends the originating IP address to your IdP for validation against your CAP. To make sure  actions and apps are not blocked by your IdP's CAP, you will need to make changes to your configuration.
+
+{% data reusables.enterprise-accounts.oidc-gei-warning %}
+
+### {% data variables.product.prodname_actions %}
+
+Actions that use a personal access token will likely be blocked by your IdP's CAP. We recommend that personal access tokens are created by a service account which is then exempted from IP controls in your IdP's CAP. 
+
+If you're unable to use a service account, another option for unblocking actions that use personal access tokens is to allow the IP ranges used by {% data variables.product.prodname_actions %}. For more information, see "[About GitHub's IP addresses](/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses)."
+
+### {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} 
+
+When {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} make requests on a member's behalf, {% data variables.product.prodname_dotcom %} will send the IP address of the app's server to your IdP for validation. If the IP address of the app's server is not validated by your IdP's CAP, the request will fail.
+
+You can contact the owners of the apps you want to use, ask for their IP ranges, and configure your IdP's CAP to allow access from those IP ranges. If you're unable to contact the owners, you can review your IdP sign-in logs to review the IP addresses seen in the requests, then allow-list those addresses. 
+
+You can also enable IP allow list configuration for installed {% data variables.product.prodname_github_apps %}. When enabled, all {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} will continue working regardless of the originating IP address. For more information, see "[Enforcing policies for security settings in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#allowing-access-by-github-apps)."
--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users.md
@ -0,0 +1,47 @@
+---
+title: Configuring OIDC for Enterprise Managed Users
+shortTitle: OIDC for managed users
+intro: 'You can automatically manage access to your enterprise account on {% data variables.product.prodname_dotcom %} by configuring OpenID Connect (OIDC) single sign-on (SSO) and enable support for your IdP''s Conditional Access Policy (CAP).'
+product: '{% data reusables.gated-features.emus %}'
+versions:
+  feature: 'oidc-for-emu'
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+---
+
+{% data reusables.enterprise-accounts.oidc-beta-notice %}
+
+## About OIDC for Enterprise Managed Users
+
+With {% data variables.product.prodname_emus %}, your enterprise uses your identity provider (IdP) to authenticate all members. You can use OpenID Connect (OIDC) to manage authentication for your {% data variables.product.prodname_emu_enterprise %}. Enabling OIDC SSO is a one-click setup process with certificates managed by {% data variables.product.prodname_dotcom %} and your IdP.
+
+{% data reusables.enterprise-accounts.emu-cap-validates %} For more information, see "[About support for your IdP's Conditional Access Policy](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy)."
+
+You can adjust the lifetime of a session, and how often a {% data variables.product.prodname_managed_user %} needs to reauthenticate with your IdP, by changing the lifetime policy property of the ID tokens issued for {% data variables.product.prodname_dotcom %} from  your IdP. The default lifetime is one hour. For more information, see "[Configurable token lifetimes in the Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes)" in the Azure AD documentation.
+
+If you currently use SAML SSO for authentication and would prefer to use OIDC and benefit from CAP support, you can follow a migration path. For more information, see "[Migrating from SAML to OIDC](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc)." 
+
+{% data reusables.enterprise-accounts.oidc-gei-warning %}
+
+## Identity provider support
+
+Support for OIDC is in public beta and available for customers using Azure Active Directory (Azure AD).
+
+## Configuring OIDC for Enterprise Managed Users
+
+1. Sign into {% data variables.product.prodname_dotcom_the_website %} as the setup user for your new enterprise with the username **@<em>SHORT-CODE</em>_admin**.
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Select **Require OIDC single sign-on**.  
+   ![Screenshot showing the "Require OIDC single sign-on" checkbox](/assets/images/help/enterprises/require-oidc.png)
+1. To continue setup and be redirected to Azure AD, click **Save**.
+{% data reusables.enterprise-accounts.emu-azure-admin-consent %}
+{% data reusables.enterprise-accounts.download-recovery-codes %}
+
+## Enabling provisioning
+
+After you enable OIDC SSO, enable provisioning. For more information, see "[Configuring SCIM provisioning for enterprise managed users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."
--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users.md
@ -7,6 +7,7 @@ redirect_from:
  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-saml-single-sign-on-for-enterprise-managed-users
  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-saml-single-sign-on-for-enterprise-managed-users
  - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users
+  - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users
 versions:
  ghec: '*'
 type: tutorial
@ -112,5 +113,5 @@ After you install and configure the {% data variables.product.prodname_emu_idp_a

 ### Enabling provisioning

-After you enable SAML SSO, enable provisioning. For more information, see "[Configuring SCIM provisioning for enterprise managed users](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users)."
+After you enable SAML SSO, enable provisioning. For more information, see "[Configuring SCIM provisioning for enterprise managed users](//admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."

--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta.md
@ -10,6 +10,7 @@ redirect_from:
  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
  - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
+  - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
 type: tutorial
 topics:
  - Accounts
@ -20,9 +21,9 @@ topics:

 ## About provisioning with Okta

-You can use {% data variables.product.prodname_emus %} with Okta as your identity provider to provision new accounts, manage enterprise membership, and manage team memberships for organizations in your enterprise. For more information about provisioning for {% data variables.product.prodname_emus %}, see "[Configuring SCIM provisioning for enterprise managed users](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users)."
+You can use {% data variables.product.prodname_emus %} with Okta as your identity provider to provision new accounts, manage enterprise membership, and manage team memberships for organizations in your enterprise. For more information about provisioning for {% data variables.product.prodname_emus %}, see "[Configuring SCIM provisioning for enterprise managed users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."

-Before you can configure provisioning with Okta, you must configure SAML single-sign on. For more information, see "[Configuring SAML single sign-on for Enterprise Managed Users](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-saml-single-sign-on-for-enterprise-managed-users)."
+Before you can configure provisioning with Okta, you must configure SAML single-sign on. For more information, see "[Configuring SAML single sign-on for Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."

 To configure provisioning with Okta, you must set your enterprise's name in the {% data variables.product.prodname_emu_idp_application %} application and enter your setup user's personal access token. You can then start provisioning users in Okta.

@ -83,7 +84,7 @@ After you have configured SAML SSO and provisioning, you will be able provision

 {% data reusables.scim.emu-scim-rate-limit %}

-You can also automatically manage organization membership by assigning groups to the application and adding them to the "Push Groups" tab in Okta. When the group is provisioned successfully, it will be available to connect to teams in the enterprise's organizations. For more information about managing teams, see "[Managing team memberships with identity provider groups](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/managing-team-memberships-with-identity-provider-groups)."
+You can also automatically manage organization membership by assigning groups to the application and adding them to the "Push Groups" tab in Okta. When the group is provisioned successfully, it will be available to connect to teams in the enterprise's organizations. For more information about managing teams, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."

 When assigning users, you can use the "Roles" attribute in the {% data variables.product.prodname_emu_idp_application %} application to set a user's role in your enterprise on {% data variables.product.product_name %}. For more information on roles, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/managing-users-in-your-enterprise/roles-in-an-enterprise)."

--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users.md
@ -7,6 +7,7 @@ redirect_from:
  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
  - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users
+  - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/configuring-scim-provisioning-for-enterprise-managed-users
 versions:
  ghec: '*'
 topics:
@ -18,13 +19,16 @@ topics:

 You must configure provisioning for {% data variables.product.prodname_emus %} to create, manage, and deactivate user accounts for your enterprise members. When you configure provisioning for {% data variables.product.prodname_emus %}, users assigned to the {% data variables.product.prodname_emu_idp_application %} application in your identity provider are provisioned as new user accounts on {% data variables.product.prodname_dotcom %} via SCIM, and the users are added to your enterprise. 

-When you update information associated with a user's identity on your IdP, your IdP will update the user's account on GitHub.com. When you unassign the user from the {% data variables.product.prodname_emu_idp_application %} application or deactivate a user's account on your IdP, your IdP will communicate with {% data variables.product.prodname_dotcom %} to invalidate any SAML sessions and disable the member's account. The disabled account's information is maintained and their username is changed to a hash of their original username with the short code appended. If you reassign a user to the {% data variables.product.prodname_emu_idp_application %} application or reactivate their account on your IdP, the {% data variables.product.prodname_managed_user %} account on {% data variables.product.prodname_dotcom %} will be reactivated and username restored.
+When you update information associated with a user's identity on your IdP, your IdP will update the user's account on GitHub.com. When you unassign the user from the {% data variables.product.prodname_emu_idp_application %} application or deactivate a user's account on your IdP, your IdP will communicate with {% data variables.product.prodname_dotcom %} to invalidate any sessions and disable the member's account. The disabled account's information is maintained and their username is changed to a hash of their original username with the short code appended. If you reassign a user to the {% data variables.product.prodname_emu_idp_application %} application or reactivate their account on your IdP, the {% data variables.product.prodname_managed_user %} account on {% data variables.product.prodname_dotcom %} will be reactivated and username restored.

-Groups in your IdP can be used to manage team membership within your enterprise's organizations, allowing you to configure repository access and permissions through your IdP. For more information, see "[Managing team memberships with identity provider groups](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/managing-team-memberships-with-identity-provider-groups)."
+Groups in your IdP can be used to manage team membership within your enterprise's organizations, allowing you to configure repository access and permissions through your IdP. For more information, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."

 ## Prerequisites

-Before you can configure provisioning for {% data variables.product.prodname_emus %}, you must configure SAML single-sign on. For more information, see "[Configuring SAML single sign-on for Enterprise Managed Users](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-saml-single-sign-on-for-enterprise-managed-users)."
+Before you can configure provisioning for {% data variables.product.prodname_emus %}, you must configure SAML{% if oidc-for-emu %} or OIDC{% endif %} single-sign on. {% if oidc-for-emu %}
+
+- For more information on configuring OIDC, see "[Configuring OIDC for Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users)" 
+- {% endif %}For information on configuring SAML, see "[Configuring SAML single sign-on for Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."

 ## Creating a personal access token

@ -55,11 +59,14 @@ To configure provisioning for your {% data variables.product.prodname_emu_enterp

 ## Configuring provisioning for {% data variables.product.prodname_emus %}

-After creating your personal access token and storing it securely, you can configure provisioning on your identity provider.
+After creating your personal access token and storing it securely, you can configure provisioning on your identity provider. 

 {% data reusables.scim.emu-scim-rate-limit %}

-To configure Azure Active Directory to provision users for your {% data variables.product.prodname_emu_enterprise %}, see [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial) in the Azure AD documentation.
-
-To configure Okta to provision users for your {% data variables.product.prodname_emu_enterprise %}, see "[Configuring SCIM provisioning for Enterprise Managed Users with Okta](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta)."
+To configure provisioning, follow the appropriate link from the table below.

+| Identity provider | SSO method | More information |
+|---|---|---|{% if oidc-for-emu %}
+| Azure AD | OIDC | [Tutorial: Configure GitHub Enterprise Managed User (OIDC) for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-enterprise-managed-user-oidc-provisioning-tutorial) in the Azure AD documentation |{% endif %}
+| Azure AD | SAML | [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial) in the Azure AD documentation |
+| Okta | SAML | [Configuring SCIM provisioning for Enterprise Managed Users with Okta](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users-with-okta) |
--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/index.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/index.md
@ -1,5 +1,5 @@
 ---
-title: Using Enterprise Managed Users and SAML for IAM
+title: Using Enterprise Managed Users for IAM
 shortTitle: Enterprise Managed Users
 product: '{% data reusables.gated-features.emus %}'
 intro: You can manage identity and access with your identity provider and provision accounts that can only contribute to your enterprise.
@ -7,6 +7,7 @@ redirect_from:
  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider
  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider
  - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users
+  - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam
 versions:
  ghec: '*'
 topics:
@ -15,8 +16,11 @@ topics:
 children:
  - /about-enterprise-managed-users
  - /configuring-saml-single-sign-on-for-enterprise-managed-users
+  - /configuring-oidc-for-enterprise-managed-users
  - /configuring-scim-provisioning-for-enterprise-managed-users
  - /configuring-scim-provisioning-for-enterprise-managed-users-with-okta
  - /managing-team-memberships-with-identity-provider-groups
+  - /about-support-for-your-idps-conditional-access-policy
+  - /migrating-from-saml-to-oidc
 ---

--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/managing-team-memberships-with-identity-provider-groups.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/managing-team-memberships-with-identity-provider-groups.md
@ -7,6 +7,7 @@ redirect_from:
  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/managing-team-memberships-with-identity-provider-groups
  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/managing-team-memberships-with-identity-provider-groups
  - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups
+  - /admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/managing-team-memberships-with-identity-provider-groups
 versions:
  ghec: '*'
 type: how_to
--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc.md
@ -0,0 +1,58 @@
+---
+title: Migrating from SAML to OIDC
+shortTitle: Migrating from SAML to OIDC
+intro: 'If you''re using SAML to authenticate members in your {% data variables.product.prodname_emu_enterprise %}, you can migrate to OpenID Connect (OIDC) and benefit from support for your IdP''s Conditional Access Policy.'
+product: '{% data reusables.gated-features.emus %}'
+versions:
+  feature: 'oidc-for-emu'
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+---
+
+{% data reusables.enterprise-accounts.oidc-beta-notice %}
+
+## About migrating your {% data variables.product.prodname_emu_enterprise %} from SAML to OIDC
+
+If your {% data variables.product.prodname_emu_enterprise %} uses SAML SSO to authenticate with Azure Active Directory (Azure AD), you can migrate to OIDC. {% data reusables.enterprise-accounts.emu-cap-validates %}
+
+When you migrate from SAML to OIDC, {% data variables.product.prodname_managed_users %} and groups that were previously provisioned for SAML but are not provisioned by the {% data variables.product.prodname_emu_idp_oidc_application %} application will have "(SAML)" appended to their display names.
+
+If you're new to {% data variables.product.prodname_emus %} and haven't yet configured authentication for your enterprise, you do not need to migrate and can set up OIDC single sign-on immediately. For more information, see "[Configuring OIDC for Enterprise Managed Users](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)."
+
+## Migrating your enterprise
+
+{% note %}
+
+**Note:** To sign in as the setup user, you will need a recovery code. If you do not already have your recovery codes, you can access the codes while signed in as an enterprise owner. For more information, see "[Downloading your enterprise account's single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."
+
+{% endnote %}
+
+1. Before you begin the migration, sign in to Azure and disable provisioning in the existing {% data variables.product.prodname_emu_idp_application %} application.
+1.  Sign into {% data variables.product.prodname_dotcom_the_website %} as the setup user for your enterprise with the username **@<em>SHORT-CODE</em>_admin**. 
+1. When prompted to continue to your identity provider, click **Use a recovery code** and sign in using one of your enterprise's recovery codes.
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. At the bottom of the page, next to "Migrate to OpenID Connect single sign-on", click **Configure with Azure**.  
+   {% warning %} 
+
+   **Warning:** The migration can take up to an hour, and it is important that no users are provisioned during the migration. You can confirm if the migration is still in progress by returning to your enterprise's security settings page; if "Require SAML authentication" is still checked, the migration is still in progress.
+
+   {% endwarning %}
+
+   ![Screenshot showing the "Configure with Azure" button](/assets/images/help/enterprises/saml-to-oidc-button.png)
+1. Read both warnings and click to continue.
+{% data reusables.enterprise-accounts.emu-azure-admin-consent %}
+1. In a new tab or window, while signed in as the setup user on {% data variables.product.prodname_dotcom_the_website %}, create a personal access token with the **admin:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[Creating a personal access token](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
+1. In the settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in Azure Portal, under "Tenant URL", type `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account.  
+   
+   For example, if your enterprise account's URL is `https://github.com/enterprises/octo-corp`, the name of the enterprise account is `octo-corp`.
+1. Under "Secret token", paste the personal access token with the **admin:enterprise** scope that you created earlier.
+1. To test the configuration, click **Test Connection**.
+1. To save your changes, at the top of the form, click **Save**.
+1. In Azure Portal, copy the users and groups from the old {% data variables.product.prodname_emu_idp_application %} application to the new {% data variables.product.prodname_emu_idp_oidc_application %} application.
+1. Test your configuration by provisioning a single new user.
+1. If your test is successful, start provisioning for all users by clicking **Start provisioning**.
--- a/content/admin/overview/about-github-ae.md
+++ b/content/admin/overview/about-github-ae.md
@ -35,6 +35,21 @@ Secure access to your enterprise on {% data variables.product.prodname_ghe_manag

 {% data variables.product.prodname_ghe_managed %} is available in the Azure Government cloud, the trusted cloud for US government agencies and their partners. {% data variables.product.prodname_ghe_managed %} is also available in the commercial cloud, so you can choose the hosting environment that is right for your organization.

+## Compliance accreditations
+
+{% data variables.product.company_short %} continues to invest in security best practices to make sure your data is safe, your developers are productive, and your team can focus on solving problems. As part of that commitment to security, {% data variables.product.prodname_ghe_managed %} maintains compliance with the following accreditations.
+
+- FedRAMP High Authorization to Operate (ATO)
+- SOC 1, SOC 2 Type II, and SOC 3
+- ISO/IEC certifications
+   - ISO/IEC 27001:2013 
+   - ISO/IEC 27701:2019
+   - ISO/IEC 9001:2015
+   - ISO/IEC 22301:2019 
+   - ISO/IEC 27018:2014 
+   - ISO/IEC 20000-1:2018 
+   - ISO/IEC 27017:2015
+
 ## Further reading

 - "[About versions of {% data variables.product.prodname_docs %}](/get-started/learning-about-github/about-versions-of-github-docs)"
--- a/content/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials.md
+++ b/content/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials.md
@ -24,8 +24,15 @@ shortTitle: Update access credentials
 2. Enter the email address associated with your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %}, then click **Send password reset email.** The email will be sent to the backup email address if you have one configured.
  ![Password reset email request dialog](/assets/images/help/settings/password-recovery-email-request.png)
 3. We'll email you a link that will allow you to reset your password. You must click on this link within 3 hours of receiving the email. If you didn't receive an email from us, make sure to check your spam folder.
-4. If you have enabled two-factor authentication, you will be prompted for your 2FA credentials. Type your authentication code or one of your recovery codes and click **Verify**. If you have added a security key to your account, you can insert the key and click **Use security key** instead of typing an authentication code.
-  ![Two-factor authentication prompt](/assets/images/help/2fa/2fa-password-reset.png)
+4. If you have enabled two-factor authentication, you will be prompted for your 2FA credentials:
+   * If you have {% data variables.product.prodname_mobile %}, you will be sent a push notification to verify your identity. Open the push notification or the {% data variables.product.prodname_mobile %} app and enter the two-digit code shown to you on the password reset page in your browser.
+   ![Two-factor {% data variables.product.prodname_mobile %} authentication prompt](/assets/images/help/2fa/2fa-mobile-challenge-password-reset.png)
+      * To skip using GitHub Mobile to verify, click **Enter two-factor authentication or recovery code**.
+      ![Two-factor GitHub Mobile authentication prompt on {% data variables.product.product_name %} with "Enter two-factor authentication or recovery code" highlighted](/assets/images/help/2fa/2fa-github-mobile-password-reset.png)
+   * Type your authentication code or one of your recovery codes and click **Verify**.
+      ![Two-factor authentication prompt](/assets/images/help/2fa/2fa-password-reset.png)
+     * If you have added a security key to your account, click **Use security key** instead of typing an authentication code.
+     * If you have set up [{% data variables.product.prodname_mobile %}](https://github.com/mobile), click **Authenticate with GitHub Mobile** instead.
 5. Type a new password, confirm your new password, and click **Change password**. For help creating a strong password, see "[Creating a strong password](/articles/creating-a-strong-password)."
  {% ifversion fpt or ghec %}![Password recovery box](/assets/images/help/settings/password-recovery-page.png){% else %}
  ![Password recovery box](/assets/images/enterprise/settings/password-recovery-page.png){% endif %}
--- a/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
+++ b/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
@ -186,7 +186,8 @@ When you dismiss an alert:
 - It's dismissed in all branches.
 - The alert is removed from the number of current alerts for your project.
 - The alert is moved to the "Closed" list in the summary of alerts, from where you can reopen it, if required.
- The reason why you closed the alert is recorded.
+- The reason why you closed the alert is recorded.{% if comment-dismissed-code-scanning-alert %} 
+- Optionally, you can comment on a dismissal to record the context of an alert dismissal.{% endif %}
 - Next time {% data variables.product.prodname_code_scanning %} runs, the same code won't generate an alert.

 {% if delete-code-scanning-alerts %}When you delete an alert:
@ -219,8 +220,11 @@ To dismiss {% if delete-code-scanning-alerts %}or delete{% endif %} alerts:
 {% else %}
  ![List of alerts from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.1/help/repository/code-scanning-click-alert.png)
 {% endif %}
-1. Review the alert, then click **Dismiss** and choose a reason for closing the alert.
-   ![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
+1. Review the alert, then click {% if comment-dismissed-code-scanning-alert %}**Dismiss alert** and choose, or type, a reason for closing the alert. 
+  ![Screenshot of code scanning alert with dropdown to choose dismissal reason emphasized](/assets/images/help/repository/code-scanning-alert-drop-down-reason.png)
+{% else %}**Dismiss** and choose a reason for closing the alert.
+  ![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
+{% endif %}

   {% data reusables.code-scanning.choose-alert-dismissal-reason %}

--- a/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md
+++ b/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md
@ -27,7 +27,16 @@ topics:

 ## About {% data variables.product.prodname_code_scanning %} results on pull requests

-In repositories where {% data variables.product.prodname_code_scanning %} is configured as a pull request check, {% data variables.product.prodname_code_scanning %} checks the code in the pull request. By default, this is limited to pull requests that target the default branch, but you can change this configuration within {% data variables.product.prodname_actions %} or in a third-party CI/CD system. If merging the changes would introduce new {% data variables.product.prodname_code_scanning %} alerts to the target branch, these are reported as check results in the pull request. The alerts are also shown as annotations in the **Files changed** tab of the pull request. If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)."
+In repositories where {% data variables.product.prodname_code_scanning %} is configured as a pull request check, {% data variables.product.prodname_code_scanning %} checks the code in the pull request. By default, this is limited to pull requests that target the default branch, but you can change this configuration within {% data variables.product.prodname_actions %} or in a third-party CI/CD system. If merging the changes would introduce new {% data variables.product.prodname_code_scanning %} alerts to the target branch, the alerts are reported in multiple places.
+
+- Check results in the pull request {% if code-scanning-pr-conversations-tab %}
+- The **Conversation** tab of the pull request, as part of a pull request review {% endif %} 
+- The **Files changed** tab of the pull request
+
+{% if code-scanning-pr-conversations-tab %} {% endif %} 
+
+If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)."
+
 {% ifversion fpt or ghes > 3.2 or ghae or ghec %}
 In repositories where {% data variables.product.prodname_code_scanning %} is configured to scan each time code is pushed, {% data variables.product.prodname_code_scanning %} will also map the results to any open pull requests and add the alerts as annotations in the same places as other pull request checks. For more information, see "[Scanning on push](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#scanning-on-push)."
 {% endif %}
@ -66,9 +75,18 @@ As with other pull request checks, you can see full details of the check failure

 ## Viewing an alert on your pull request

+{% if code-scanning-pr-conversations-tab %}
+You can see any {% data variables.product.prodname_code_scanning %} alerts introduced in a pull request by viewing the **Conversation** tab. {% data variables.product.prodname_code_scanning_capc %} posts a pull request review that shows each alert as an annotation on the lines of code that triggered the alert. You can comment on the alerts, dismiss the alerts, and view paths for the alerts, directly from the annotations. You can view the full details of an alert by clicking the "Show more details" link, which will take you to the alert details page.
+
+![Alert annotation within a pull request Conversations tab](/assets/images/help/repository/code-scanning-pr-conversation-tab.png)
+
+You can also view all {% data variables.product.prodname_code_scanning %} alerts in the **Files changed** tab of the pull request. Existing {% data variables.product.prodname_code_scanning %} alerts on a file that are outside the diff of the changes introduced in the pull request will only appear in the **Files changed** tab.
+
+{% else %} 
 You can see any {% data variables.product.prodname_code_scanning %} alerts introduced in a pull request by displaying the **Files changed** tab. Each alert is shown as an annotation on the lines of code that triggered the alert. The severity of the alert is displayed in the annotation. 

 ![Alert annotation within a pull request diff](/assets/images/help/repository/code-scanning-pr-annotation.png)
+{% endif %}

 If you have write permission for the repository, some annotations contain links with extra context for the alert. In the example above, from {% data variables.product.prodname_codeql %} analysis, you can click **user-provided value** to see where the untrusted data enters the data flow (this is referred to as the source). In this case you can also view the full path from the source to the code that uses the data (the sink) by clicking **Show paths**. This makes it easy to check whether the data is untrusted or if the analysis failed to recognize a data sanitization step between the source and the sink. For information about analyzing data flow using {% data variables.product.prodname_codeql %}, see "[About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)."

@ -85,6 +103,14 @@ In the detailed view for an alert, some {% data variables.product.prodname_code_
 {% else %}
 ![Alert description and link to show more information](/assets/images/enterprise/3.4/repository/code-scanning-pr-alert.png)
 {% endif %}
+
+{% if code-scanning-pr-conversations-tab %}
+## Commenting on an alert in a pull request
+
+You can comment on any {% data variables.product.prodname_code_scanning %} alert introduced by the changes in a pull request. Alerts appear as annotations in the **Conversation** tab of a pull request, as part of a  pull request review, and also are shown in the **Files changed** tab. You can only comment on alerts introduced by the changes in a pull request. Existing {% data variables.product.prodname_code_scanning %} alerts, on files that are outside the changes introduced in the pull request, will appear in the **Files changed** tab but cannot be commented on.
+
+You can choose to require all conversations in a pull request, including those on {% data variables.product.prodname_code_scanning %} alerts, to be resolved before a pull request can be merged. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-conversation-resolution-before-merging)."
+{% endif %}
 ## Fixing an alert on your pull request

 Anyone with push access to a pull request can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on that pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed.
@ -92,9 +118,11 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr
 ## Dismissing an alert on your pull request

 An alternative way of closing an alert is to dismiss it. You can dismiss an alert if you don't think it needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} If you have write permission for the repository, the **Dismiss** button is available in code annotations and in the alerts summary. When you click **Dismiss** you will be prompted to choose a reason for closing the alert.
-
+{% if comment-dismissed-code-scanning-alert %}
+![Screenshot of code scanning alert with dropdown to choose dismissal reason emphasized](/assets/images/help/repository/code-scanning-alert-drop-down-reason.png)
+{% else %}
 ![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
-
+{% endif %}
 {% data reusables.code-scanning.choose-alert-dismissal-reason %}

 {% data reusables.code-scanning.false-positive-fix-codeql %}
--- a/content/developers/overview/managing-deploy-keys.md
+++ b/content/developers/overview/managing-deploy-keys.md
@ -4,6 +4,9 @@ intro: Learn different ways to manage SSH keys on your servers when you automate
 redirect_from:
  - /guides/managing-deploy-keys
  - /v3/guides/managing-deploy-keys
+  - /deploy-keys
+  - /articles/managing-deploy-keys
+  - /multiple-keys
 versions:
  fpt: '*'
  ghes: '*'
--- a/content/developers/overview/using-ssh-agent-forwarding.md
+++ b/content/developers/overview/using-ssh-agent-forwarding.md
@ -4,6 +4,7 @@ intro: 'To simplify deploying to a server, you can set up SSH agent forwarding t
 redirect_from:
  - /guides/using-ssh-agent-forwarding
  - /v3/guides/using-ssh-agent-forwarding
+  - /articles/using-ssh-agent-forwarding
 versions:
  fpt: '*'
  ghes: '*'
--- a/content/developers/webhooks-and-events/webhooks/testing-webhooks.md
+++ b/content/developers/webhooks-and-events/webhooks/testing-webhooks.md
@ -4,6 +4,7 @@ intro: 'Review your webhook deliveries on {% data variables.product.prodname_dot
 redirect_from:
  - /webhooks/testing
  - /developers/webhooks-and-events/testing-webhooks
+  - /articles/testing-webhooks
 versions:
  fpt: '*'
  ghes: '*'
--- a/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md
+++ b/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md
@ -965,6 +965,40 @@ Key | Type | Description

 {{ webhookPayloadsForCurrentVersion.project_column.created }}

+{% if project-beta-webhooks %}
+
+## projects_v2_item
+
+{% note %}
+
+**Note:** Webhook events for Projects (beta) are currently in beta and subject to change. To share feedback about Projects (beta) webhooks with {% data variables.product.product_name %}, see the [Projects (beta) webhook feedback discussion](https://github.com/github/feedback/discussions/17405).
+
+{% endnote %}
+
+Activity related to items in a Projects (beta) project. {% data reusables.webhooks.action_type_desc %} For more information, see "[About projects (beta)](/issues/trying-out-the-new-projects-experience/about-projects)."
+
+### Availability
+
+- Organization webhooks
+- {% data variables.product.prodname_github_apps %} with the `organization_projects` permission
+
+### Webhook payload object
+
+Key | Type | Description
+----|------|-------------
+`action`|`string` | The action that was performed on the project item. Can be one of `archived`, `converted`, `created`, `edited`, `restored`, `deleted`, or `reordered`.
+`projects_v2_item`|`object` | The project item itself. To find more information about the project item, you can use `node_id` (the node ID of the project item) and `project_node_id` (the node ID of the project) to query information in the GraphQL API. For more information, see "[Using the API to manage projects (beta)](/issues/trying-out-the-new-projects-experience/using-the-api-to-manage-projects)."
+`changes`|`object` | The changes to the project item.
+{% data reusables.webhooks.org_desc %}
+{% data reusables.webhooks.app_desc %}
+{% data reusables.webhooks.sender_desc %}
+
+### Webhook payload example
+
+{{ webhookPayloadsForCurrentVersion.projects_v2_item.created }}
+
+{% endif %}
+
 ## public

 {% data reusables.webhooks.public_short_desc %}
--- a/content/education/manage-coursework-with-github-classroom/get-started-with-github-classroom/basics-of-setting-up-github-classroom.md
+++ b/content/education/manage-coursework-with-github-classroom/get-started-with-github-classroom/basics-of-setting-up-github-classroom.md
@ -11,7 +11,7 @@ redirect_from:

 You can watch a series of short video tutorials about the configuration and use of {% data variables.product.prodname_classroom %}. To watch all videos as part of a continuous playlist, see the [{% data variables.product.prodname_classroom %} Getting Started Guide](https://www.youtube.com/playlist?list=PLIRjfNq867bewk3ZGV6Z7a16YDNRCpK3u) on YouTube.

-For more information about terminology for {% data variables.product.prodname_classroom %}, see "[Glossary](/education/manage-coursework-with-github-classroom/glossary)".
+For more information about terminology for {% data variables.product.prodname_classroom %}, see "[Glossary](/education/manage-coursework-with-github-classroom/glossary)."

 1. <a href="https://youtu.be/xVVeqIDgCvM" target="_blank">Getting started</a> {% octicon "link-external" aria-label="The external link icon" %}
 2. <a href="https://youtu.be/DTzrKduaHj8" target="_blank">Adding your student roster</a> {% octicon "link-external" aria-label="The external link icon" %}
--- a/content/github/copilot/github-copilot-telemetry-terms.md
+++ b/content/github/copilot/github-copilot-telemetry-terms.md
@ -11,7 +11,7 @@ effectiveDate: '2021-10-04'

 ## Additional telemetry

-If you use {% data variables.product.prodname_copilot %}, the {% data variables.product.prodname_copilot %} extension/plugin will collect usage information about events generated by interacting with the integrated development environment (IDE). These events include {% data variables.product.prodname_copilot %} performance, features used, and suggestions accepted, modified and accepted, or dismissed. This information may include personal data, including your User Personal Information, as defined in the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement).
+If you use {% data variables.product.prodname_copilot %}, the {% data variables.product.prodname_copilot %} extension/plugin will collect usage information about events generated by interacting with the integrated development environment (IDE). These events include {% data variables.product.prodname_copilot %} performance, features used, and suggestions accepted, modified and accepted, or dismissed. This information may include personal data, including your personal information, as referenced in the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement).

 This usage information is used by {% data variables.product.company_short %}, and shared with Microsoft and OpenAI, to develop and improve the extension/plugin and related products. OpenAI also uses this usage information to perform other services related to {% data variables.product.prodname_copilot %}. For example, when you edit files with the {% data variables.product.prodname_copilot %} extension/plugin enabled, file content snippets, suggestions, and any modifications to suggestions will be shared with {% data variables.product.company_short %}, Microsoft, and OpenAI, and used for diagnostic purposes to improve suggestions and related products. {% data variables.product.prodname_copilot %} relies on file content for context, both in the file you are editing and potentially other files open in the same IDE instance. When you are using {% data variables.product.prodname_copilot %}, it may also collect the URLs of repositories or file paths for relevant files. {% data variables.product.prodname_copilot %} does not use these URLs, file paths, or snippets collected in your telemetry as suggestions for other users of {% data variables.product.prodname_copilot %}. This information is treated as confidential information and accessed on a need-to-know basis. You are prohibited from collecting telemetry data about other users of {% data variables.product.prodname_copilot %} from the {% data variables.product.prodname_copilot %} extension/plugin. For more details about {% data variables.product.prodname_copilot %} telemetry, please see "[About {% data variables.product.prodname_copilot %} telemetry](/github/copilot/about-github-copilot-telemetry)." You may revoke your consent to the telemetry and personal data processing operations described in this paragraph by contacting GitHub and requesting removal from the technical preview.

--- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/viewing-a-pull-request-review.md
+++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/viewing-a-pull-request-review.md
@ -28,3 +28,4 @@ When you view a full review, you'll see the same version of the pull request as

 - "[About pull request reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews)"
 - "[Reviewing proposed changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request)"
+- "[Triaging code scanning alerts in pull requests](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests)"
--- a/content/rest/overview/api-previews.md
+++ b/content/rest/overview/api-previews.md
@ -5,7 +5,6 @@ redirect_from:
  - /v3/previews
 versions:
  ghes: '<3.4'
-  ghae: '*'
 topics:
  - API
 ---
@ -161,7 +160,7 @@ You can now provide more information in GitHub for URLs that link to registered
 **Announced:** [2018-12-10](https://developer.github.com/changes/2018-12-10-content-attachments-api/)

 {% endif %}
-{% ifversion ghae or ghes < 3.3 %}
+{% ifversion ghes < 3.3 %}

 ## Enable and disable Pages

--- a/content/site-policy/acceptable-use-policies/github-acceptable-use-policies.md
+++ b/content/site-policy/acceptable-use-policies/github-acceptable-use-policies.md
@ -81,14 +81,14 @@ You may use information from our Service for the following reasons, regardless o

 Scraping refers to extracting information from our Service via an automated process, such as a bot or webcrawler. Scraping does not refer to the collection of information through our API. Please see Section H of our [Terms of Service](/articles/github-terms-of-service#h-api-terms) for our API Terms. 

-You may not use information from the Service (whether scraped, collected through our API, or obtained otherwise) for spamming purposes, including for the purposes of sending unsolicited emails to users or selling User Personal Information (as defined in the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement)), such as to recruiters, headhunters, and job boards.
+You may not use information from the Service (whether scraped, collected through our API, or obtained otherwise) for spamming purposes, including for the purposes of sending unsolicited emails to users or selling personal information, such as to recruiters, headhunters, and job boards.

 Your use of information from the Service must comply with the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement).

 ## 8. Privacy
-Misuse of User Personal Information is prohibited.
+Misuse of personal information is prohibited.

-Any person, entity, or service collecting data from the Service must comply with the [GitHub Privacy Statement](/articles/github-privacy-statement), particularly in regards to the collection of User Personal Information. If you collect any User Personal Information from the Service, you agree that you will only use that User Personal Information for the purpose for which that User has authorized it. You agree that you will reasonably secure any User Personal Information you have gathered from the Service, and you will respond promptly to complaints, removal requests, and "do not contact" requests from us or other users.
+Any person, entity, or service collecting data from the Service must comply with the [GitHub Privacy Statement](/articles/github-privacy-statement), particularly in regards to the collection of personal information. If you collect any personal information from the Service, you agree that you will only use that personal information for the purpose for which that User has authorized it. You agree that you will reasonably secure any personal information you have gathered from the Service, and you will respond promptly to complaints, removal requests, and "do not contact" requests from us or other users.

 ## 9. Excessive Bandwidth Use
 The Service's bandwidth limitations vary based on the features you use. If we determine your bandwidth usage to be significantly excessive in relation to other users of similar features, we reserve the right to suspend your Account, throttle your file hosting, or otherwise limit your activity until you can reduce your bandwidth consumption. We also reserve the right—after providing advance notice—to delete repositories that we determine to be placing undue strain on our infrastructure. For guidance on acceptable use of object storage in repositories, refer to "[What is my disk quota?](/github/managing-large-files/what-is-my-disk-quota)". For more details on specific features' bandwidth limitations, see the [GitHub Additional Product Terms](/github/site-policy/github-additional-product-terms).
--- a/content/site-policy/content-removal-policies/github-private-information-removal-policy.md
+++ b/content/site-policy/content-removal-policies/github-private-information-removal-policy.md
@ -23,7 +23,7 @@ For the purposes of this document, “private information” refers to content t
 - Access credentials, such as user names combined with passwords, access tokens, or other sensitive secrets that can grant access to your organization's server, network, or domain.
 - AWS tokens and other similar access credentials that grant access to a third party on your behalf. You must be able to show that the token does belong to you.
 - Documentation (such as network diagrams or architecture) that poses a specific security risk for an organization. 
- [Information](/github/site-policy/github-community-guidelines#doxxing-and-invasion-of-privacy) related to, and posing a security risk to, you as an individual (such as social security numbers or other government identification numbers).
+- [Information](/site-policy/acceptable-use-policies/github-doxxing-and-invasion-of-privacy) related to, and posing a security risk to, you as an individual (such as social security numbers or other government identification numbers).

 ### Private information removal requests are _not_ appropriate for:
 - Internal server names, IP addresses, and URLs, on their own. You must be able to show that their use in a particular file or piece of code poses a security threat.
--- a/content/site-policy/github-terms/github-corporate-terms-of-service.md
+++ b/content/site-policy/github-terms/github-corporate-terms-of-service.md
@ -129,7 +129,7 @@ Customer’s use of the Products must not violate any applicable laws, including
 Customer’s use of the Service must comply with [GitHub's Acceptable Use Policies](/articles/github-acceptable-use-policies) and [GitHub’s Community Guidelines](/articles/github-community-guidelines). Customer must not use the Service in any jurisdiction for unlawful, obscene, offensive or fraudulent Content or activity, such as advocating or causing harm, interfering with or violating the integrity or security of a network or system, evading filters, sending unsolicited, abusive, or deceptive messages, viruses or harmful code, or violating third party rights.

 ### 3. Privacy
-The [GitHub Privacy Statement](/articles/github-privacy-statement) and the [GitHub Data Protection Agreement](/github/site-policy/github-data-protection-agreement-non-enterprise-customers) provide detailed notice of GitHub's privacy and data use practices as well as GitHub's processing and security obligations with respect to Customer Personal Data. Any person, entity, or service collecting data from the Service must comply with the GitHub Privacy Statement, particularly in regards to the collection of Users' Personal Information (as defined in the GitHub Privacy Statement). If Customer collects any User Personal Information from GitHub, Customer will only use it for the purpose for which the External User has authorized it. Customer will reasonably secure any such Personal Information, and Customer will respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or External Users.
+The [GitHub Privacy Statement](/articles/github-privacy-statement) and the [GitHub Data Protection Agreement](/github/site-policy/github-data-protection-agreement-non-enterprise-customers) provide detailed notice of GitHub's privacy and data use practices as well as GitHub's processing and security obligations with respect to Customer Personal Data. Any person, entity, or service collecting data from the Service must comply with the GitHub Privacy Statement, particularly in regards to the collection of Users' Personal Information (as defined in the GitHub Privacy Statement). If Customer collects any personal information from GitHub, Customer will only use it for the purpose for which the External User has authorized it. Customer will reasonably secure any such Personal Information, and Customer will respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or External Users.

 ## D. Content Responsibility; Ownership; License Rights

--- a/content/site-policy/privacy-policies/github-privacy-statement.md
+++ b/content/site-policy/privacy-policies/github-privacy-statement.md
@ -15,9 +15,10 @@ topics:
  - Legal
 ---

-Effective date: December 19, 2020
+Effective date: May 31, 2022
+
+Thanks for entrusting GitHub Inc. or GitHub B.V. (“GitHub”, “we”, "us" or "our") with your source code, your projects, and your personal data. This Privacy Statement explains our practices regarding the collection, use, and disclosure of your data, including any personal data we collect and process in connection with our website and any applications, software, products, and services provided by GitHub, including any Beta Previews (collectively “Service”). 

-Thanks for entrusting GitHub Inc. (“GitHub”, “we”) with your source code, your projects, and your personal information. Holding on to your private information is a serious responsibility, and we want you to know how we're handling it.

 All capitalized terms have their definition in [GitHub’s Terms of Service](/github/site-policy/github-terms-of-service), unless otherwise noted here.

@ -26,23 +27,21 @@ All capitalized terms have their definition in [GitHub’s Terms of Service](/gi

 We use your personal information as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, we provide the same high standard of privacy protection to all our users around the world, regardless of their country of origin or location.

-Of course, the short version and the Summary below don't tell you everything, so please read on for more details.
+To see our Privacy Notice to residents of California, please go to [GitHub's Notice about the California Consumer Privacy Act](#githubs-notice-to-california-residents) or scroll down.
+

 ## Summary

 | Section | What can you find there? |
 |---|---|
-| [What information GitHub collects](#what-information-github-collects) | GitHub collects information directly from you for your registration, payment, transactions, and user profile. We also automatically collect from you your usage information, cookies, and device information, subject, where necessary, to your consent. GitHub may also collect User Personal Information from third parties. We only collect the minimum amount of personal information necessary from you, unless you choose to provide more. |
-| [What information GitHub does _not_ collect](#what-information-github-does-not-collect) | We don’t knowingly collect information from children under 13, and we don’t collect [Sensitive Personal Information](https://gdpr-info.eu/art-9-gdpr/). |
-| [How GitHub uses your information](#how-github-uses-your-information) | In this section, we describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security and compliance purposes, and to improve our Service. We also describe the legal basis upon which we process your information, where legally required. |
-| [How we share the information we collect](#how-we-share-the-information-we-collect) | We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units. We do not sell your personal information and we do not host advertising on GitHub. You can see a list of the service providers that access your information. |
-| [Other important information](#other-important-information) | We provide additional information specific to repository contents, public information, and Organizations on GitHub. |
-| [Additional services](#additional-services) | We provide information about additional service offerings, including third-party applications, GitHub Pages, and GitHub applications. |
-| [How you can access and control the information we collect](#how-you-can-access-and-control-the-information-we-collect) | We provide ways for you to access, alter, or delete your personal information. |
-| [Our use of cookies and tracking](#our-use-of-cookies-and-tracking) | We only use strictly necessary cookies to provide, secure and improve our service. We offer a page that makes this very transparent. Please see this section for more information. |
-| [How GitHub secures your information](#how-github-secures-your-information) | We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your personal information on GitHub and to protect the resilience of our servers. |
-| [GitHub's global privacy practices](#githubs-global-privacy-practices) | We provide the same high standard of privacy protection to all our users around the world. |
-| [How we communicate with you](#how-we-communicate-with-you) | We communicate with you by email. You can control the way we contact you in your account settings, or by contacting us. |
+| [Who is responsible for the processing of your information](#who-is-responsible-for-the-processing-of-your-information) | Subject to limited exceptions, GitHub is the controller and entity responsible for the processing of your Personal Data in connection with the Website or Service. |
+| [What information GitHub collects](#what-information-github-collects) | GitHub collects information directly from you for your registration, payment, transactions, and user profile. We also automatically collect from you your usage information, cookies, and device information, subject, where necessary, to your consent. GitHub may also collect Personal Data from third parties. We only collect the minimum amount of Personal Data necessary from you, unless you choose to provide more.|
+| [How GitHub uses your information](#how-github-uses-your-information) | In this section, we describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security and compliance purposes, and to improve our Website or Service or develop new features and functionality of our Website or Service. We also describe the legal basis upon which we process your information, where legally required. |
+| [How we share the information we collect](#how-we-share-the-information-we-collect) | We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units. We do not sell your personal information and we do not host advertising on GitHub. |
+| [Your choices regarding our processing of your personal data](#your-choices-regarding-our-processing-of-your-personal-data) | We provide ways for you to access, alter, or delete your personal information. |
+| [Cookies](#cookies) | We only use strictly necessary cookies to provide, secure, and improve our Website or Service or develop new features and functionality of our Website or Service. We offer a page that makes this very transparent. We do not send any information to third-party analytics services. |
+| [How GitHub secures your information](#how-github-secures-your-information) | We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your Personal Data on GitHub and to protect the resilience of our servers. |
+| [Communication preferences](#communication-preferences) | We communicate with you by email. You can control the way we contact you in your account settings, or by contacting us. |
 | [Resolving complaints](#resolving-complaints) | In the unlikely event that we are unable to resolve a privacy concern quickly and thoroughly, we provide a path of dispute resolution. |
 | [Changes to our Privacy Statement](#changes-to-our-privacy-statement) | We notify you of material changes to this Privacy Statement 30 days before any such changes become effective. You may also track changes in our Site Policy repository. |
 | [License](#license) | This Privacy Statement is licensed under the [Creative Commons Zero license](https://creativecommons.org/publicdomain/zero/1.0/). |
@ -51,260 +50,199 @@ Of course, the short version and the Summary below don't tell you everything, so

 ## GitHub Privacy Statement

+## Who is responsible for the processing of your information?
+The data controller of your personal data is GitHub, Inc. For individuals outside North America, the data controller is GitHub B.V. 
+ 
+This privacy statement does not apply to personal data we process as a service provider or data processor on behalf of our enterprise customers. Our data processing activities as service processor or data processor is governed by our [Data Protection Agreement](https://github.com/customer-terms/github-data-protection-agreement). If you are a consumer end-user of one of those organizations, you should read that organization’s privacy statement and direct any privacy inquiries to that organization. 
+
+## GitHub acting on your behalf
+
+In some cases, GitHub is acting only on your behalf for the personal data we collect and process in connection with our Service (for example, for the Personal Data added to a repository by the contributors to such repository). In such cases, GitHub will only process the data in order to provide the Service requested by you. Please note that subject to our [Private Information Removal  Policy](/site-policy/content-removal-policies/github-private-information-removal-policy) contributors’ requests to remove Personal Data generally require notice to and action from the repository owner.
+
 ## What information GitHub collects

-"**User Personal Information**" is any information about one of our Users which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them. Information such as a username and password, an email address, a real name, an Internet protocol (IP) address, and a photograph are examples of “User Personal Information.”
+The personal data we collect depends on how you interact with us, the services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our Service, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.

-User Personal Information does not include aggregated, non-personally identifying information that does not identify a User or cannot otherwise be reasonably linked or connected with them. We may use such aggregated, non-personally identifying information for research purposes and to operate, analyze, improve, and optimize our Website and Service.

 ### Information users provide directly to GitHub
+We collect personal data you provide to us. For example:

 #### Registration information
-We require some basic information at the time of account creation. When you create your own username and password, we ask you for a valid email address.
+We collect information such as your username, email address, and password during account creation.

-#### Payment information
-If you sign on to a paid Account with us, send funds through the GitHub Sponsors Program, or buy an application on GitHub Marketplace, we collect your full name, address, and credit card information or PayPal information. Please note, GitHub does not process or store your credit card information or PayPal information, but our third-party payment processor does.
+#### Demographic information
+In some cases, we request that you provide age, gender, and similar demographic details.

-If you list and sell an application on [GitHub Marketplace](https://github.com/marketplace), we require your banking information. If you raise funds through the [GitHub Sponsors Program](https://github.com/sponsors), we require some [additional information](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account#submitting-your-bank-information) through the registration process for you to participate in and receive funds through those services and for compliance purposes.
+#### Payment and billing information
+If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.

-#### Profile information
-You may choose to give us more information for your Account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third-party website. This information may include User Personal Information. Please note that your profile information may be visible to other Users of our Service.
+#### Content and files
+We collect any photographs, documents, or other files you upload to our Service; and if you send us email messages or other communications, we collect and retain those communications. For example, you may choose to give us more information for your Account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third-party website. Please note that your profile information may be visible to other Users of our Service.

-### Information GitHub automatically collects from your use of the Service
+### Information GitHub automatically collects.
+When you visit or use our Service, we collect some information automatically. For example:

-#### Transactional information
-If you have a paid Account with us, sell an application listed on [GitHub Marketplace](https://github.com/marketplace), or raise funds through the [GitHub Sponsors Program](https://github.com/sponsors), we automatically collect certain information about your transactions on the Service, such as the date, time, and amount charged.
+#### Transaction information
+If you have a paid Account with us, or make a purchase or sale using our Service, we automatically collect certain information about your transactions on the Service, such as your full name, address, region, state, country, zip code, the date, time, and amount charged. 

 #### Usage information
-If you're accessing our Service or Website, we automatically collect the same basic information that most services collect, subject, where necessary, to your consent. This includes information about how you use the Service, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to the Website, whether they have an Account or not. This information may include User Personal information.
+If you're accessing or using our Service, we may automatically collect information about how you use the Service, such as the pages you view, the referring site, your IP address and information about your device, session information, the date and time of each request, information contained in or relating to your contributions to individual repositories, and telemetry data (i.e., information about how a specific feature or service is performing) regarding your use of other features and functionality of the Service.

 #### Cookies
-As further described below, we automatically collect information from cookies (such as cookie ID and settings) to keep you logged in, to remember your preferences, to identify you and your device and to analyze your use of our service.
+As further described below, we automatically collect information from cookies (such as cookie ID and settings) in connection with our Service.

 #### Device information
-We may collect certain information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. This information may include User Personal information.
+We may collect information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. 
+
+#### Geolocation information
+In connection with certain features and depending on the functionality of the Service, we collect geolocation information such as through IP addresses or the location information you choose to provide in your Account profile.
+
+### Information we create or generate
+We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.

 ### Information we collect from third parties

-GitHub may collect User Personal Information from third parties. For example, this may happen if you sign up for training or to receive information about GitHub from one of our vendors, partners, or affiliates. GitHub does not purchase User Personal Information from third-party data brokers.
-
-## What information GitHub does not collect
-
-We do not intentionally collect “**[Sensitive Personal Information](https://gdpr-info.eu/art-9-gdpr/)**”, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.
-
-If you are a child under the age of 13, you may not have an Account on GitHub. GitHub does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a User who is under the age of 13, we will have to close your Account. We don't want to discourage you from learning to code, but those are the rules. Please see our [Terms of Service](/github/site-policy/github-terms-of-service) for information about Account termination. Different countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not have an Account on GitHub.
-
-We do not intentionally collect User Personal Information that is **stored in your repositories** or other free-form content inputs. Any personal information within a user's repository is the responsibility of the repository owner.
+Other companies with whom you choose to engage. GitHub may collect Personal Data about you from third parties. For example, this may happen if you sign up for training or to receive information about GitHub from one of our vendors, partners, or affiliates. GitHub does not purchase Personal Data from third-party data brokers. 
+ 
+Service Providers. We may also receive information from processors or service providers who process the data on our behalf, such as our payment processor who process payment and billing information in connection with our Service.
+ 
+Content you post on our Service. Information you store in, or contribute to, a public repository, provide for use in connection with a Community Feature or make otherwise publicly available through the Service will be collected by GitHub as described in this Privacy Statement. Such information may also be available to the GitHub user community as well as the general public. For more information, please review details regarding public repositories and community features [here](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-profile).
+ 
+Co-branding/marketing partners. We may receive information from partners with which we offer co-branded services or engage in joint marketing activities. 
+ 
+Publicly available sources. We may also obtain information from publicly available sources as GitHub repositories. 
+ 
+When you are asked to provide Personal Data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

 ## How GitHub uses your information
+We may use your information to provide, administer, analyze, manage, and operate our Service. For example, we use your information for the following purposes:
+- Provide our products and deliver our services including troubleshooting, improving, and personalizing the features on the Service.
+- Business operations such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
+- Improve and develop our products and services including to develop new services or features, and conduct research.
+- Personalization of our Service by understanding you and your preferences to enhance your experience and enjoyment using our Service.
+- Provide customer support and respond to your questions.
+- Deliver promotional communications with you about new services, features, offers, promotions, and other information about our Service.
+- Send you information, including confirmations, invoices, technical notices, updates, security alerts, support and administrative messages.

-We may use your information for the following purposes:
- We use your [Registration Information](#registration-information) to create your account, and to provide you the Service.
- We use your [Payment Information](#payment-information) to provide you with the Paid Account service, the Marketplace service, the Sponsors Program, or any other GitHub paid service you request.
- We use your User Personal Information, specifically your username, to identify you on GitHub.
- We use your [Profile Information](#profile-information) to fill out your Account profile and to share that profile with other users if you ask us to.
- We use your email address to communicate with you, if you've said that's okay, **and only for the reasons you’ve said that’s okay**. Please see our section on [email communication](#how-we-communicate-with-you) for more information.
- We use User Personal Information to respond to support requests.
- We use User Personal Information and other data to make recommendations for you, such as to suggest projects you may want to follow or contribute to. We learn from your public behavior on GitHub—such as the projects you star—to determine your coding interests, and we recommend similar projects. These recommendations are automated decisions, but they have no legal impact on your rights.
- We may use User Personal Information to invite you to take part in surveys, beta programs, or other research projects, subject, where necessary, to your consent .
- We use [Usage Information](#usage-information) and [Device Information](#device-information) to better understand how our Users use GitHub and to improve our Website and Service.
- We may use your User Personal Information if it is necessary for security purposes or to investigate possible fraud or attempts to harm GitHub or our Users.
- We may use your User Personal Information to comply with our legal obligations, protect our intellectual property, and enforce our [Terms of Service](/github/site-policy/github-terms-of-service).
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your [user profile](https://github.com/settings/admin).
-
-### Our legal bases for processing information
-
-To the extent that our processing of your User Personal Information is subject to certain international laws (including, but not limited to, the European Union's General Data Protection Regulation (GDPR)), GitHub is required to notify you about the legal basis on which we process User Personal Information. GitHub processes User Personal Information on the following legal bases:
-
- Contract Performance:
-  * When you create a GitHub Account, you provide your [Registration Information](#registration-information). We require this information for you to enter into the Terms of Service agreement with us, and we process that information on the basis of performing that contract. We also process your username and email address on other legal bases, as described below.
-  * If you have a paid Account with us, we collect and process additional [Payment Information](#payment-information) on the basis of performing that contract.
-  * When you buy or sell an application listed on our Marketplace or, when you send or receive funds through the GitHub Sponsors Program, we process [Payment Information](#payment-information) and additional elements in order to perform the contract that applies to those services.
- Consent:
-  * We rely on your consent to use your User Personal Information under the following circumstances: when you fill out the information in your [user profile](https://github.com/settings/admin); when you decide to participate in a GitHub training, research project, beta program, or survey; and for marketing purposes, where applicable. All of this User Personal Information is entirely optional, and you have the ability to access, modify, and delete it at any time. While you are not able to delete your email address entirely, you can make it private. You may withdraw your consent at any time.
- Legitimate Interests:
-  * Generally, the remainder of the processing of User Personal Information we perform is necessary for the purposes of our legitimate interest, for example, for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability, and resilience of GitHub’s systems, Website, and Service.
- If you would like to request deletion of data we process on the basis of consent or if you object to our processing of personal information, please use our [Privacy contact form](https://support.github.com/contact/privacy).
+We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.

 ## How we share the information we collect

-We may share your User Personal Information with third parties under one of the following circumstances:
+We share Personal Data with your consent or as necessary to complete your transactions or provide the services you have requested or authorized. In addition, we may share each of the categories of your Personal Data described above with the types of third parties  described below for the following business purposes:

-### With your consent
-We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why. For example, if you purchase an application listed on our Marketplace, we share your username to allow the application Developer to provide you with services. Additionally, you may direct us through your actions on GitHub to share your User Personal Information. For example, if you join an Organization, you indicate your willingness to provide the owner of the Organization with the ability to view your activity in the Organization’s access log.
+### Public information
+You may select options available through our Service to publicly display and share your name and/or username and certain other information, such as your profile, demographic data, content and files, or geolocation data. For example, if you would like your email address to remain private, even when you’re commenting on public repositories, [you can adjust your setting for your email address to be private in your user profile](https://github.com/settings/emails). You can also [update your local Git configuration to use your private email address](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address). Please see more about email addresses in commit messages [here](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address). 

-### With service providers
-We share User Personal Information with a limited number of service providers who process it on our behalf to provide or improve our Service, and who have agreed to privacy restrictions similar to the ones in our Privacy Statement by signing data protection agreements or making similar commitments. Our service providers perform payment processing, customer support ticketing, network data transmission, security, and other similar services. While GitHub processes all User Personal Information in the United States, our service providers may process data outside of the United States or the European Union. If you would like to know who our service providers are, please see our page on [Subprocessors](/github/site-policy/github-subprocessors-and-cookies).
+Please note that if you would like to compile GitHub data, you must comply with our [Terms of Service](/site-policy/github-terms/github-terms-of-service) regarding information usage and privacy, and you may only use any public-facing information you gather for the purpose for which our user authorized it. For example, where a GitHub user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for the purposes of sending unsolicited emails to users or selling personal information, such as to recruiters, headhunters, and job boards, or for commercial advertising. We expect you to reasonably secure information you have gathered from GitHub, and to respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or GitHub users.
+
+### Third-party applications
+We share your Personal Data with third parties when you tell us to do so. For example, if you purchase an application listed on our Marketplace, we share your username to allow the application developer to provide you with services. Additionally, you may direct us through your actions on GitHub to share your Personal Data. For example, if you join an Organization, you indicate your willingness to provide the owner of the Organization with the ability to view your activity in the Organization’s access log.
+ 
+You can enable or add third-party applications, known as "Developer Products" to your Account. These Developer Products are not necessary for your use of GitHub. We will share your Personal Data with such third-party applications when you ask us to; however, you are responsible for your use of the third-party Developer Product and for the amount of Personal Data you choose to share with it. You can check our [API documentation](/rest/reference/users) to see what information is provided when you authenticate into a Developer Product using your GitHub profile.
+
+### Organizations with which you engage
+You may indicate, through your actions on GitHub, that you are willing to share your Personal Data. If you collaborate on or become a member of an organization, then its Account owners may receive your Personal Data. When you accept an invitation to an organization, you will be notified of the types of information owners may be able to see (for more information, see [About Organization Membership](/github/setting-up-and-managing-your-github-user-account/about-organization-membership)). Please contact the Account owners for more information about how they might process your Personal Data in their Organization and the ways for you to access, update, alter, or delete your Personal Data stored in the Account. 
+
+### Service providers
+We share your Personal Data with service providers who process the information  on our behalf to provide or improve our Service. For example, our service providers may perform payment processing, customer support ticketing, network data transmission, security, and other similar services. While GitHub processes all Personal Data in the United States, our service providers may process data outside of the United States or the European Union. Such processing by service providers will be in compliance with applicable law including any relevant transfer mechanism. 
+ 
+ ### Affiliates
+ We enable access to Personal Data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access is needed to operate and provide the Service. 

 ### For security purposes
-If you are a member of an Organization, GitHub may share your username, [Usage Information](#usage-information), and [Device Information](#device-information) associated with that Organization with an owner and/or administrator of the Organization, to the extent that such information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.
+We will disclose Personal Data if we believe it is necessary to:
+- protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone; 
+- operate and maintain the security of the Service, including to prevent or stop an attack on our systems or networks; or 
+- protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
+

 ### For legal disclosure
-GitHub strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. GitHub may disclose User Personal Information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.
-
-For more information about our disclosure in response to legal requests, see our [Guidelines for Legal Requests of User Data](/github/site-policy/guidelines-for-legal-requests-of-user-data).
+GitHub may disclose Personal Data or other information we collect about you to law enforcement or other governmental agencies if required in response to a valid legal process. For more information about our disclosure in response to legal requests, see our [Guidelines for Legal Requests of User Data](/github/site-policy/guidelines-for-legal-requests-of-user-data).

 ### Change in control or sale
-We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate entities or business units. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.
+We may share your Personal Data if we are involved in a merger, sale, or acquisition of corporate entities or business units as described in this Privacy Statement.
+ 
+Please note that some of the features on our Service include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide Personal Data to any of those third parties, or allow us to share Personal Data with them, that data is governed by their privacy statements.
+ 
+Finally, we may share de-identified information in accordance with applicable law.

-### Aggregate, non-personally identifying information
-We share certain aggregated, non-personally identifying information with others about how our users, collectively, use GitHub, or how our users respond to our other offerings, such as our conferences or events.
+### No Selling of Personal Data
+We *do not* sell your Personal Data for monetary or other consideration as defined under California and Nevada state laws.
+You can learn more about the CCPA and how we comply with it [here](#githubs-notice-to-california-residents).

-We **do not** sell your User Personal Information for monetary or other consideration.
-
-Please note: The California Consumer Privacy Act of 2018 (“CCPA”) requires businesses to state in their privacy policy whether or not they disclose personal information in exchange for monetary or other valuable consideration. While CCPA only covers California residents, we voluntarily extend its core rights for people to control their data to _all_ of our users, not just those who live in California. You can learn more about the CCPA and how we comply with it [here](/github/site-policy/githubs-notice-about-the-california-consumer-privacy-act).
-
-## Repository contents
-
-### Access to private repositories
-
-If your repository is private, you control the access to your Content. If you include User Personal Information or Sensitive Personal Information, that information may only be accessible to GitHub in accordance with this Privacy Statement. GitHub personnel [do not access private repository content](/github/site-policy/github-terms-of-service#e-private-repositories) except for
- security purposes
- to assist the repository owner with a support matter
- to maintain the integrity of the Service
- to comply with our legal obligations
- if we have reason to believe the contents are in violation of the law, or
- with your consent.
-
-However, while we do not generally search for content in your repositories, we may scan our servers and content to detect certain tokens or security signatures, known active malware, known vulnerabilities in dependencies, or other content known to violate our Terms of Service, such as violent extremist or terrorist content or child exploitation imagery, based on algorithmic fingerprinting techniques (collectively, "automated scanning"). Our Terms of Service provides more details on [private repositories](/github/site-policy/github-terms-of-service#e-private-repositories).
-
-Please note, you may choose to disable certain access to your private repositories that is enabled by default as part of providing you with the Service (for example, automated scanning needed to enable Dependency Graph and Dependabot alerts).
-
-GitHub will provide notice regarding our access to private repository content, unless [for legal disclosure](/github/site-policy/github-privacy-statement#for-legal-disclosure), to comply with our legal obligations, or where otherwise bound by requirements under law, for automated scanning, or if in response to a security threat or other risk to security.
-
-### Public repositories
-
-If your repository is public, anyone may view its contents. If you include User Personal Information, [Sensitive Personal Information](https://gdpr-info.eu/art-9-gdpr/), or confidential information, such as email addresses or passwords, in your public repository, that information may be indexed by search engines or used by third parties.
-
-Please see more about [User Personal Information in public repositories](/github/site-policy/github-privacy-statement#public-information-on-github).
-
-## Other important information
-
-### Public information on GitHub
-
-Many of GitHub services and features are public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service, such as by viewing your profile or repositories or pulling data via our API. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing GitHub information. Other third parties, such as data brokers, have been known to scrape GitHub and compile data as well.
-
-Your User Personal Information associated with your content could be gathered by third parties in these compilations of GitHub data. If you do not want your User Personal Information to appear in third parties’ compilations of GitHub data, please do not make your User Personal Information publicly available and be sure to [configure your email address to be private in your user profile](https://github.com/settings/emails) and in your [git commit settings](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address). We currently set Users' email address to private by default, but legacy GitHub Users may need to update their settings.
-
-If you would like to compile GitHub data, you must comply with our Terms of Service regarding [information usage](/github/site-policy/github-acceptable-use-policies#6-information-usage-restrictions) and [privacy](/github/site-policy/github-acceptable-use-policies#7-privacy), and you may only use any public-facing User Personal Information you gather for the purpose for which our user authorized it. For example, where a GitHub user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for the purposes of sending unsolicited emails to users or selling User Personal Information, such as to recruiters, headhunters, and job boards, or for commercial advertising. We expect you to reasonably secure any User Personal Information you have gathered from GitHub, and to respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or GitHub users.
-
-Similarly, projects on GitHub may include publicly available User Personal Information collected as part of the collaborative process. If you have a complaint about any User Personal Information on GitHub, please see our section on [resolving complaints](/github/site-policy/github-privacy-statement#resolving-complaints).
-
-
-### Organizations
-
-You may indicate, through your actions on GitHub, that you are willing to share your User Personal Information. If you collaborate on or become a member of an Organization, then its Account owners may receive your User Personal Information. When you accept an invitation to an Organization, you will be notified of the types of information owners may be able to see (for more information, see [About Organization Membership](/github/setting-up-and-managing-your-github-user-account/about-organization-membership)). If you accept an invitation to an Organization with a [verified domain](/organizations/managing-organization-settings/verifying-your-organizations-domain), then the owners of that Organization will be able to see your full email address(es) within that Organization's verified domain(s).
-
-Please note, GitHub may share your username, [Usage Information](#usage-information), and [Device Information](#device-information) with the owner(s) of the Organization you are a member of, to the extent that your User Personal Information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.
-
-If you collaborate on or become a member of an Account that has agreed to the [Corporate Terms of Service](/github/site-policy/github-corporate-terms-of-service) and a Data Protection Addendum (DPA) to this Privacy Statement, then that DPA governs in the event of any conflicts between this Privacy Statement and the DPA with respect to your activity in the Account.
-
-Please contact the Account owners for more information about how they might process your User Personal Information in their Organization and the ways for you to access, update, alter, or delete the User Personal Information stored in the Account.
-
-## Additional services
-
-### Third party applications
-
-You have the option of enabling or adding third-party applications, known as "Developer Products," to your Account. These Developer Products are not necessary for your use of GitHub. We will share your User Personal Information with third parties when you ask us to, such as by purchasing a Developer Product from the Marketplace; however, you are responsible for your use of the third-party Developer Product and for the amount of User Personal Information you choose to share with it. You can check our [API documentation](/rest/reference/users) to see what information is provided when you authenticate into a Developer Product using your GitHub profile.
-
-### GitHub Pages
-
-If you create a GitHub Pages website, it is your responsibility to post a privacy statement that accurately describes how you collect, use, and share personal information and other visitor information, and how you comply with applicable data privacy laws, rules, and regulations. Please note that GitHub may collect User Personal Information from visitors to your GitHub Pages website, including logs of visitor IP addresses, to comply with legal obligations, and to maintain the security and integrity of the Website and the Service.
-
-### GitHub applications
-
-You can also add applications from GitHub, such as our Desktop app, our Atom application, or other application and account features, to your Account. These applications each have their own terms and may collect different kinds of User Personal Information; however, all GitHub applications are subject to this Privacy Statement, and we collect the amount of User Personal Information necessary, and use it only for the purpose for which you have given it to us.
-
-## How you can access and control the information we collect
-
-If you're already a GitHub user, you may access, update, alter, or delete your basic user profile information by [editing your user profile](https://github.com/settings/profile) or contacting [GitHub Support](https://support.github.com/contact?tags=docs-policy). You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, or by contacting [GitHub Support](https://support.github.com/contact?tags=docs-policy).
-
-If GitHub processes information about you, such as information [GitHub receives from third parties](#information-we-collect-from-third-parties), and you do not have an account, then you may, subject to applicable law, access, update, alter, delete, or object to the processing of your personal information by contacting [GitHub Support](https://support.github.com/contact?tags=docs-policy).
+## Your choices regarding our processing of your personal data
+We provide choices about the Personal Data we collect about you. The choices you make will not apply to any Personal Data associated with an Organization under your Account. 
+ 
+Access, correction, and deletion. If you're a GitHub user, you may access, update, alter, or delete your basic user profile information by [editing your user profile](https://github.com/settings/profile) or contacting [GitHub Support](https://support.github.com/contact) or [GitHub Premium Support](https://enterprise.githubsupport.com/hc/en-us). You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, or by contacting [GitHub Support](https://support.github.com/contact) or [GitHub Premium Support](https://enterprise.githubsupport.com/hc/en-us).
+ 
+We retain and use your information as described in this Privacy Statement, but barring legal requirements, we will delete your full profile within 90 days of your request. After an account has been deleted, certain data, such as contributions to other Users' repositories and comments in others' issues, will remain. However, we will delete or de-identify your Personal Data, including your username and email address, from the author field of issues, pull requests, and comments by associating them with a ghost user. That said, the email address you have provided via your Git commit settings will always be associated with your commits in the Git system. If you choose to make your email address private, you should also update your Git commit settings. We are unable to change or delete data in the Git commit history — the Git software is designed to maintain a record — but we do enable you to control what information you put in that record.
+ 
+If GitHub processes Personal Data other than your profile information, such as information about you GitHub receives from [third parties](/github/site-policy/github-privacy-statement#information-we-collect-from-third-parties), then you may, subject to applicable law, access, update, alter, delete, object to or restrict the processing of your Personal Data by contacting [GitHub Support](https://support.github.com/contact) or [GitHub Premium Support](https://enterprise.githubsupport.com/hc/en-us).  
+ 
+You can adjust the settings on your Account regarding the display of your Personal Data in private or public repositories or Personal Data processed in connection with Community Features (such as the GitHub Feed, the GitHub Globe, GitHub Explore, the GitHub Discussion Leaderboard) through [profile settings](https://github.com/settings/profile).
+ 
+Additionally, if you are unable to access certain Personal Data we have via the means described above, you can request access by contacting us as described at the bottom of this privacy statement.

 ### Data portability

 As a GitHub User, you can always take your data with you. You can [clone your repositories to your desktop](/desktop/contributing-to-projects/cloning-a-repository-from-github-to-github-desktop), for example, or you can use our [Data Portability tools](https://developer.github.com/changes/2018-05-24-user-migration-api/) to download information we have about you.

-### Data retention and deletion of data
+### Communication preferences
+We use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our Support team with a request, we respond to you via email. You have control over how your email address is used and shared on and through our Service. You may manage your communication preferences in your [profile](https://github.com/settings/emails).
+ 
+By design, the Git version control system associates many actions with a user's email address, such as commit messages. See more details regarding [setting your commit email address](https://github.com/settings/emails). 
+ 
+Depending on your [email settings](https://github.com/settings/emails), GitHub may occasionally send notification emails, for example, about changes in a repository you’re watching, new features, requests for feedback, important policy changes, or to offer customer support. We may also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There's an “unsubscribe” link located at the bottom of each of the marketing emails we send you. 
+ 
+Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications.

-Generally, GitHub retains User Personal Information for as long as your account is active or as needed to provide you services.
+### European Data Protection Rights
+ 
+If the processing of Personal Data about you is subject to European Union data protection law, you have certain rights with respect to that data:
+ 
+You can request access to, and rectification or erasure of, Personal Data;
+If any automated processing of Personal Data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the Personal Data in a usable and portable format;
+If the processing of Personal Data is based on your consent, you can withdraw consent at any time for future processing; 
+You can to object to, or obtain a restriction of, the processing of Personal Data under certain circumstances; and
+For residents of France, you can send us specific instructions regarding the use of your data after your death.
+ 
+To make such requests, please use the contact information at the bottom of this statement.  When we are processing data on behalf of another party (i.e., where GitHub is acting as a data processor) you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
+ 
+We rely on different lawful bases for collecting and processing Personal Data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.

-If you would like to cancel your account or delete your User Personal Information, you may do so in your [user profile](https://github.com/settings/admin). We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. You may contact [GitHub Support](https://support.github.com/contact?tags=docs-policy) to request the erasure of the data we process on the basis of consent within 30 days.
+## Our use of cookies and tracking technologies

-After an account has been deleted, certain data, such as contributions to other Users' repositories and comments in others' issues, will remain. However, we will delete or de-identify your User Personal Information, including your username and email address, from the author field of issues, pull requests, and comments by associating them with a [ghost user](https://github.com/ghost).
+### Cookies and tracking technologies

-That said, the email address you have supplied [via your Git commit settings](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address) will always be associated with your commits in the Git system. If you choose to make your email address private, you should also update your Git commit settings. We are unable to change or delete data in the Git commit history — the Git software is designed to maintain a record — but we do enable you to control what information you put in that record.
+GitHub uses cookies to provide, secure and improve our  Service or to develop new features and functionality of our Service. For example, we use them to keep you logged in, remember your preferences, identify your device for security purposes, compile statistical reports, and provide information for future development of GitHub. We use our own cookies and do not use any third-party service providers in this context. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use our Service. We provide more information about [cookies on GitHub](/github/site-policy/github-subprocessors-and-cookies#cookies-on-github) on our [GitHub Subprocessors and Cookies](/github/site-policy/github-subprocessors-and-cookies) page that describes the cookies we set, the needs we have for those cookies, and the expiration of such cookies.

-## Our use of cookies and tracking
-
-### Cookies
-
-GitHub only uses strictly necessary cookies. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors.
-
-We use cookies solely to provide, secure, and improve our service. For example, we use them to keep you logged in, remember your preferences, identify your device for security purposes, analyze your use of our service, compile statistical reports, and provide information for future development of GitHub. We use our own cookies for analytics purposes, but do not use any third-party analytics service providers.
-
-By using our service, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use our service.
-
-We provide more information about [cookies on GitHub](/github/site-policy/github-subprocessors-and-cookies#cookies-on-github) on our [GitHub Subprocessors and Cookies](/github/site-policy/github-subprocessors-and-cookies) page that describes the cookies we set, the needs we have for those cookies, and the expiration of such cookies.
+Our emails to users may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email communications more effective and to make sure we are not sending you unwanted email.

 ### DNT

 "[Do Not Track](https://www.eff.org/issues/do-not-track)" (DNT) is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. GitHub responds to browser DNT signals and follows the [W3C standard for responding to DNT signals](https://www.w3.org/TR/tracking-dnt/). If you would like to set your browser to signal that you would not like to be tracked, please check your browser's documentation for how to enable that signal. There are also good applications that block online tracking, such as [Privacy Badger](https://privacybadger.org/).

+## Retention of Personal Data
+We retain Personal Data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, we may retain your Personal Data for longer periods, where necessary, subject to applicable law, for security purposes. 
+
 ## How GitHub secures your information
+GitHub takes reasonable measures necessary to protect your Personal Data from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of your Personal Data. To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.

-GitHub takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
+In addition, if your account has private repositories, you control the access to that Content. GitHub personnel does not access private repository content except for
+- security purposes, 
+- automated scanning for known vulnerabilities, active malware, or other content known to violate our Terms of Service
+- to assist the repository owner with a support matter
+- to maintain the integrity of the Service
+- to comply with our legal obligations if we have reason to believe the contents are in violation of the law, 
+- or with your consent.

-GitHub enforces a written security information program. Our program:
- aligns with industry recognized frameworks;
- includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our Users' data;
- is appropriate to the nature, size, and complexity of GitHub’s business operations;
- includes incident response and data breach notification processes; and
- complies with applicable information security-related laws and regulations in the geographic regions where GitHub does business.
-
-In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected Users without undue delay.
-
-Transmission of data on GitHub is encrypted using SSH, HTTPS (TLS), and git repository content is encrypted at rest. We manage our own cages and racks at top-tier data centers with high level of physical and network security, and when data is stored with a third-party storage provider, it is encrypted.
-
-No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. For more information, see our [security disclosures](https://github.com/security).
-
-## GitHub's global privacy practices
-
-GitHub, Inc. and, for those in the European Economic Area, the United Kingdom, and Switzerland, GitHub B.V. are the controllers responsible for the processing of your personal information in connection with the Service, except (a) with respect to personal information that was added to a repository by its contributors, in which case the owner of that repository is the controller and GitHub is the processor (or, if the owner acts as a processor, GitHub will be the subprocessor); or (b) when you and GitHub have entered into a separate agreement that covers data privacy (such as a Data Processing Agreement).
-
-Our addresses are:
-
- GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107.
- GitHub B.V., Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands.
-
-We store and process the information that we collect in the United States in accordance with this Privacy Statement, though our service providers may store and process data outside the United States. However, we understand that we have Users from different countries and regions with different privacy expectations, and we try to meet those needs even when the United States does not have the same privacy framework as other countries.
-
-We provide the same high standard of privacy protection—as described in this Privacy Statement—to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.
-
-In particular:
-
- - GitHub provides clear methods of unambiguous, informed, specific, and freely given consent at the time of data collection, when we collect your User Personal Information using consent as a basis.
- - We collect only the minimum amount of User Personal Information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
- - We offer you simple methods of accessing, altering, or deleting the User Personal Information we have collected, where legally permitted.
- - We provide our Users notice, choice, accountability, security, and access regarding their User Personal Information, and we limit the purpose for processing it. We also provide our Users a method of recourse and enforcement.
+Github will provide notice regarding private repository access where not prohibited by law or if in response to a security threat or other risk to security.

 ### Cross-border data transfers
+GitHub processes Personal Data both inside and outside of the United States and relies on legal mechanisms such as Standard Contractual Clauses to lawfully transfer data from the European Economic Area, the United Kingdom, and Switzerland to the United States. You may request a copy of the Standard Contractual Clauses using the contact details provided in the section entitled “Contacting GitHub” below. 

-GitHub processes personal information both inside and outside of the United States and relies on Standard Contractual Clauses as the legally provided mechanism to lawfully transfer data from the European Economic Area, the United Kingdom, and Switzerland to the United States. In addition, GitHub is certified to the EU-US and Swiss-US Privacy Shield Frameworks. To learn more about our cross-border data transfers, see our [Global Privacy Practices](/github/site-policy/global-privacy-practices).
-
-## How we communicate with you
-
-We use your email address to communicate with you, if you've said that's okay, **and only for the reasons you’ve said that’s okay**. For example, if you contact our Support team with a request, we respond to you via email. You have a lot of control over how your email address is used and shared on and through GitHub. You may manage your communication preferences in your [user profile](https://github.com/settings/emails).
-
-By design, the Git version control system associates many actions with a User's email address, such as commit messages. We are not able to change many aspects of the Git system. If you would like your email address to remain private, even when you’re commenting on public repositories, [you can create a private email address in your user profile](https://github.com/settings/emails). You should also [update your local Git configuration to use your private email address](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address). This will not change how we contact you, but it will affect how others see you. We set current Users' email address private by default, but legacy GitHub Users may need to update their settings. Please see more about email addresses in commit messages [here](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address).
-
-Depending on your [email settings](https://github.com/settings/emails), GitHub may occasionally send notification emails about changes in a repository you’re watching, new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There's an “unsubscribe” link located at the bottom of each of the marketing emails we send you. Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications.
-
-Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
-
-## Resolving complaints
-
-If you have concerns about the way GitHub is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by filling out the [Privacy contact form](https://support.github.com/contact/privacy). You may also email us directly at privacy@github.com with the subject line "Privacy Concerns." We will respond promptly — within 45 days at the latest.
+### Resolving complaints
+If you have concerns about the way GitHub is handling your Personal Data, please let us know immediately. We want to help. You may contact us by filling out the [Privacy contact form](https://support.github.com/contact/privacy). You may also email us directly at **(privacy [at] github [dot] com)** with the subject line "Privacy Concerns." We will respond promptly — within 45 days at the latest.

 You may also contact our Data Protection Officer directly.

@ -314,7 +252,7 @@ You may also contact our Data Protection Officer directly.
 | 88 Colin P. Kelly Jr. St. | Vijzelstraat 68-72 |
 | San Francisco, CA 94107 | 1017 HL Amsterdam |
 | United States | The Netherlands |
-| privacy@github.com | privacy@github.com |
+| **privacy [at] github [dot] com** | **privacy [at] github [dot] com** |

 ### Dispute resolution process

@ -341,3 +279,55 @@ Cliquez ici pour obtenir la version française: [Déclaration de confidentialit
 ### Other translations

 For translations of this statement into other languages, please visit [https://docs.github.com/](/) and select a language from the drop-down menu under “English.”
+
+## GitHub's notice to California residents
+The [California Consumer Privacy Act](https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201720180AB375) of 2018, (Cal. Civ. Code §1798.100 et seq., as amended, “CCPA”) gives California residents rights and control over their personal information. GitHub, Inc. ("GitHub", "we") provides this statement to those residents ("you") in accordance with requirements under the CCPA to make certain disclosures about the collection and processing of their personal information. This is GitHub’s California-specific description of consumers’ privacy rights under the CCPA. For information about how we’ve extended the CCPA core rights to control personal information to all of our users in the United States, please see our [Privacy Statement](/github/site-policy/github-privacy-statement).
+
+### Our handling of personal information
+While the table below contains information about the categories of personal information we collect, process, and share, please see the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement) for full details.
+
+| Category of personal information collected in last 12 months                                                                                                                               | Category of sources from which the personal information has been collected                                                                                     |
+|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Identifiers (such as real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, or other similar identifiers) | Information consumer provides directly or automatically through their interaction with our Service and/or Website or GitHub’s vendors, partners, or affiliates |
+| Personal information described in Cal. Civ. Code §1798.80 (e) such as name, address, credit card or debit card number)                                                                     | Information consumer may choose to provide directly, through service providers                                                                                 |
+| Characteristics of protected classifications under California or federal law (such as gender)                                                                                              | Information consumer may choose to provide directly                                                                                                            |
+| Commercial information (such as about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)                                   | Information consumer provides directly or automatically through their interaction with our Services                                                            |
+| Geolocation data (such as any information collected after giving users the opportunity to opt-in to location-based services, which rely upon a device’s precise location services. )       | Information consumer provides automatically through their interaction with our Services                                                                        |
+| Audio, electronic, visual, or similar information such as content and files uploaded to the Service.                                                                                       | Information consumer may choose to provide directly                                                                                                            |
+| Professional or employment information                                                                                                                                                     | Information consumer may choose to provide directly                                                                                                            |
+| Inferences drawn from any of the information identified in this table to create a profile about a consumer reflecting the consumer’s preferences                                           | Information consumer provides directly or automatically through their interaction with our Services |
+
+
+We use the categories of personal information described above for the purposes listed in the [“How GitHub uses your information”](/github/site-policy/github-privacy-statement#how-github-uses-your-information) section of our Privacy Statement. We also disclose the categories of personal information listed above for business purposes. Please see the [“How we share the information we collect”](/github/site-policy/github-privacy-statement#how-we-share-the-information-we-collect) section of our Privacy Statement for additional details. 
+ 
+### We do not sell your personal information
+Under the CCPA, a business that sells California residents' personal information to others: 1) must give notice to California residents before selling their personal information to others; and 2) must provide the right to opt out of the sale of their personal information.
+GitHub does not sell personal information, including personal information of anyone under 16 years old. 
+
+### Your rights under the CCPA
+The CCPA provides California residents with certain rights related to their personal information. To submit a request based on these rights, please contact us via our [contact form](https://support.github.com/contact?tags=docs-policy).
+
+
+
+When receiving a request, we will verify that the individual making the request is the resident to whom the personal information subject to the request pertains. California residents may exercise their rights themselves or may use an authorized agent, designated in writing or through a power of attorney, to make requests on their behalf. If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf, and we may need you to verify your identity directly with us.
+With respect to your personal information, California residents may exercise the rights described below.
+#### Right to Know. 
+You have a right to request that we disclose to you the personal information we have collected about you.  You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information.  Note that we have provided much of this information in this privacy statement. You can use GitHub’s User Migration API to access and download your data. Learn more here. You may also make such a “request to know” by contacting us here.
+#### Right to Request Deletion. 
+You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to delete, You can use GitHub’s User Migration API to access and download your data. Learn more here. You may also make such a “request to delete” by contacting us here.
+
+#### Right to Opt-Out. 
+You have a right to opt-out from future “sales” of personal information. Note that we do not “sell” personal information as defined by the CCPA and have not done so in the past 12 months. 
+
+#### Right to Non-Discrimination. 
+You have a right to not be discriminated against for exercising your CCPA rights. We will not discriminate against you for exercising your CCPA rights.
+
+You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
+Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to submit the request from the email address associated with your account or requiring you to provide information necessary to verify your account. [Please note that you may use two-factor authentication with your GitHub account.](/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication)  
+Finally, you have a right to receive notice of our practices at or before collection of personal information.
+ 
+Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.
+California Customers may request further information about our compliance with this law by emailing **(privacy [at] github [dot] com)**. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.
+
+California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted. To remove content or information you have publicly posted, [please submit a Private Information Removal request](https://support.github.com/contact/private-information). Alternatively, to request that we remove such content or information, please send a detailed description of the specific content or information you wish to have removed to [GitHub support](https://support.github.com/contact). Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
+If you have any questions about our privacy practices with respect to California residents, please contact us via our [contact form](https://support.github.com/contact?tags=docs-policy).
--- a/content/site-policy/privacy-policies/github-subprocessors-and-cookies.md
+++ b/content/site-policy/privacy-policies/github-subprocessors-and-cookies.md
@ -20,7 +20,7 @@ GitHub provides a great deal of transparency regarding how we use your data, how

 ## GitHub Subprocessors

-When we share your information with third party subprocessors, such as our vendors and service providers, we remain responsible for it. We work very hard to maintain your trust when we bring on new vendors, and we require all vendors to enter into data protection agreements with us that restrict their processing of Users' Personal Information (as defined in the [Privacy Statement](/articles/github-privacy-statement/)).
+When we share your information with third party subprocessors, such as our vendors and service providers, we remain responsible for it. We work very hard to maintain your trust when we bring on new vendors, and we require all vendors to enter into data protection agreements with us that restrict their processing of Users' Personal Information (as defined in the [Privacy Statement](/articles/github-privacy-statement/)). You can sign up to receive subprocessor list updates [here](https://www.github.com/privacy/subprocessors).

 | Name of Subprocessor | Description of Processing | Location of Processing | Corporate Location
 |:---|:---|:---|:---|
--- a/content/site-policy/privacy-policies/githubs-notice-about-the-california-consumer-privacy-act.md
+++ b/content/site-policy/privacy-policies/githubs-notice-about-the-california-consumer-privacy-act.md
@ -1,81 +0,0 @@
---
-title: GitHub's Notice about the California Consumer Privacy Act
-versions:
-  fpt: '*'
-topics:
-  - Policy
-  - Legal
-redirect_from:
-  - /github/site-policy/githubs-notice-about-the-california-consumer-privacy-act
---
-
-Effective January 1, 2020
-
-## GitHub's Notice to California Residents
-
-The [California Consumer Privacy Act](https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201720180AB375) of 2018, (Cal. Civ. Code §1798.100 et seq., as amended, “CCPA”) gives California residents rights and control over their personal information. GitHub, Inc. ("GitHub", "we") provides this statement to those residents ("you") in accordance with requirements under the CCPA to make certain disclosures about the collection and processing of their personal information. This is GitHub’s California-specific description of consumers’ privacy rights under the CCPA. For information about how we’ve extended the CCPA core rights to control personal information to all of our users in the United States, please see our [Privacy Statement](/github/site-policy/github-privacy-statement).
-
-## We do not sell your personal information
-
-Under the CCPA, a business that sells California residents' personal information to others: 1) must give notice to California residents before selling their personal information to others; and 2) must provide the right to opt out of the sale of their personal information.
-
-GitHub _does not_ sell personal information, including personal information of anyone under 16 years old. Thus, these notification and opt-out requirements do not apply to GitHub.
-
-## Your rights under the CCPA
-
-The CCPA provides California residents with certain rights related to their personal information. To submit a request based on these rights, please contact us via our [contact form](https://support.github.com/contact?tags=docs-policy).
-
-When receiving a request, we will verify that the individual making the request is the resident to whom the personal information subject to the request pertains. California residents may exercise their rights themselves or may use an authorized agent to make requests to disclose certain information about the processing of their personal information or to delete personal information on their behalf. If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf.
-
-With respect to their personal information, California residents may exercise the rights described below.
-
-## 1. Right to know what personal information is being collected, for what purposes and with whom it is shared
-
-California residents have the right to request from a business disclosure of the categories and specific pieces of personal information it has collected from them in the preceding 12 months, the categories of sources from which such personal information is collected, the business or commercial purpose for collecting or selling such personal information, and the categories of third parties with whom the business shares personal information.
-
-If you request that a business disclose categories and specific pieces of personal information collected about you, you have the right to receive that information, free of charge, twice a year. The information may be delivered by mail or electronically and, if provided electronically, shall be in a portable and, to the extent technically feasible, readily usable format that allows the California resident to relatively easily transmit this information to another entity. You can use GitHub’s [User Migration API](/rest/reference/migrations#users) to access and download your data. Learn more [here](https://github.blog/2018-12-19-download-your-data/).
-
-## 2. Right to know whether your personal information is sold or disclosed for a business purpose and to whom
-
-California residents have the right to request from a business that sells or discloses personal information for a business purpose separate lists of the categories of personal information collected, sold or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the personal information was sold or disclosed for a business purpose.
-
-## 3. Right to say no to the sale of your personal information
-
-As explained above, the CCPA requires businesses that sell personal information to allow residents the ability to opt out of the selling of their information.
-
-Again, GitHub does not sell personal information.
-
-## 4. Right to non-discrimination of service or price if you exercise your privacy rights
-
-The CCPA prohibits businesses from discriminating against a California resident for exercising any of their rights under the CCPA, including by
- denying goods or services
- charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties
- providing a different level or quality of goods or services
- suggesting that the person exercising their rights will receive a different price or rate for goods or services or a different level or quality of goods or services
-
-## 5. Right to deletion
-
-California residents have the right to request that a business delete any of their personal information that the business collected from them, subject to the exceptions in CCPA §1798.105.
-
-## Our Handling of Personal Information
-
-While the table below contains information about the categories of personal information we collect process and share, please see the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement) for full details.
-
-| **Category of personal information collected in last 12 months** | **Category of sources from which the personal information has been collected** | **Business or commercial purpose(s) for collecting the personal information** | **Categories of third parties with whom the personal information is shared** | **Categories of personal information disclosed for a business or commercial purpose** |
-| --- | --- | --- | --- | --- |
-| Identifiers (such as real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, or other similar identifiers) | Information consumer provides directly or automatically through their interaction with our Service and/or Website | Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity<br /><br />Debugging to identify and repair errors that impair existing intended functionality<br /><br />Performing services on behalf of the business or service provider<br /><br />Undertaking internal research for technological development and demonstration<br /><br />Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service | Service providers, applicable customers, law enforcement | This category of personal information has been disclosed for a business or commercial purpose |
-| Any categories of personal information described in subdivision (e) of Cal. Civ. Code §1798.80 ( which defines “personal information” as “any information that identifies, relates to, describes, or is capable of being associated with, a particular individual”— with examples including name, address, credit card or debit card number—and excludes publicly available information) | Information consumer provides directly | Prosecuting those responsible for malicious, deceptive, fraudulent, or illegal activity.<br /><br />Performing services on behalf of the business or service provider | Service providers, law enforcement | This category of personal information has been disclosed for a business or commercial purpose |
-| Characteristics of protected classifications under California or federal law (such as gender, age) | Information consumer may choose to provide directly | Performing services (user profile) |  Service providers | This category of personal information has been disclosed for a business or commercial purpose |
-| Commercial information (such as about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies) | Information consumer provides directly or automatically through their interaction with our Services | Debugging to identify and repair errors that impair existing intended functionality<br /><br />Performing services on behalf of the business or service provider | Service providers | This category of personal information has been disclosed for a business or commercial purpose | | Internet or other electronic network activity information (such as browsing history, search history, and information regarding a consumer’s interaction with an internet website, or application) | Information consumer provides automatically through their interaction with our Services |  Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity<br /><br />Debugging to identify and repair errors that impair existing intended functionality<br /><br />Performing services on behalf of the business or service provider<br /><br />Undertaking internal research for technological development and demonstration<br /><br />Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service | Service providers, applicable customers, law enforcement | This category of personal information has been disclosed for a business or commercial purpose |
-Geolocation data (such as IP address) | Information consumer provides automatically through their interaction with our Services | Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity <br /><br /> Debugging to identify and repair errors that impair existing intended functionality<br /><br />Performing services on behalf of the business or service provider<br /><br />Undertaking internal research for technological development and demonstration<br /><br />Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service | Service providers, applicable customers, law enforcement |  This category of personal information has been disclosed for a business or commercial purpose |
-Audio, electronic, visual, or similar information | Information consumer may choose to provide directly | Performing services (user profile) | Service providers | This category of personal information has been disclosed for a business or commercial purpose | Professional or employment-related information | Information consumer may choose to provide directly | Performing services (user profile) | Service providers | This category of personal information has been disclosed for a business or commercial purpose | Education information that is not publicly available personally identifiable | This category of personal information has been disclosed for a business or commercial purpose |
-Information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99) | Information consumer may choose to provide directly | Performing services (user profile) | Service providers | This category of personal information has been disclosed for a business or commercial purpose |
- Inferences drawn from any of the information identified in this table to create a profile about a consumer reflecting the consumer’s preferences | Information consumer provides directly or automatically through their interaction with our Services | Performing services on behalf of the business or service provider | Service providers | This category of personal information has been disclosed for a business or commercial purpose |
-
-## Exemptions under the CCPA
-
-The CCPA provides exemptions, until and including December 31, 2020, from certain of the above described disclosures pertaining to the last 12 months including a **business-to-business exemption**:
-
-  personal information reflecting a written or verbal communication or a transaction between GitHub and a natural person, where the natural person is acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government agency and whose communications or transaction with GitHub occur solely within the context of GitHub conducting due diligence regarding, or providing or receiving a product or service to or from such company, partnership, sole proprietorship, nonprofit or government agency.
-
-If you have any questions about this page, please contact us via our [contact form](https://support.github.com/contact?tags=docs-policy).
--- a/content/site-policy/privacy-policies/global-privacy-practices.md
+++ b/content/site-policy/privacy-policies/global-privacy-practices.md
@ -27,7 +27,7 @@ To learn more about SCCs, see this article on the [European Commission website](

 GitHub is certified to the EU-US and Swiss-US Privacy Shield Frameworks and the commitments they entail, although GitHub does not rely on the EU-US Privacy Shield Framework as a legal basis for transfers of personal information in light of the judgment of the Court of Justice of the EU in Case C-311/18.

-The EU-US and Swiss-US Privacy Shield Frameworks are set forth by the US Department of Commerce regarding the collection, use, and retention of User Personal Information transferred from the European Union, the UK, and Switzerland to the United States. GitHub has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If our vendors or affiliates process User Personal Information on our behalf in a manner inconsistent with the principles of either Privacy Shield Framework, GitHub remains liable unless we prove we are not responsible for the event giving rise to the damage.
+The EU-US and Swiss-US Privacy Shield Frameworks are set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the UK, and Switzerland to the United States. GitHub has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If our vendors or affiliates process personal information on our behalf in a manner inconsistent with the principles of either Privacy Shield Framework, GitHub remains liable unless we prove we are not responsible for the event giving rise to the damage.

 For purposes of our certifications under the Privacy Shield Frameworks, if there is any conflict between the terms in these Global Privacy Practices and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, visit the [Privacy Shield website](https://www.privacyshield.gov/).

--- a/content/site-policy/privacy-policies/index.md
+++ b/content/site-policy/privacy-policies/index.md
@ -10,7 +10,6 @@ children:
  - /global-privacy-practices
  - /github-data-protection-agreement
  - /github-subprocessors-and-cookies
-  - /githubs-notice-about-the-california-consumer-privacy-act
  - /github-codespaces-privacy-statement
  - /github-candidate-privacy-policy
 ---
--- a/data/features/code-scanning-pr-conversations-tab.yml
+++ b/data/features/code-scanning-pr-conversations-tab.yml
@ -0,0 +1,5 @@
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.7'
+  ghae: 'issue-5895'
--- a/data/features/comment-dismissed-code-scanning-alert.yml
+++ b/data/features/comment-dismissed-code-scanning-alert.yml
@ -0,0 +1,5 @@
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.6'
+  ghae: 'issue-2191'
--- a/data/features/oidc-for-emu.yml
+++ b/data/features/oidc-for-emu.yml
@ -0,0 +1,5 @@
+# Issues 6495 and 6494
+# OIDC/CAP for Enterprise Managed Users
+versions:
+  ghec: '*'
+  ghae: 'issue-6495'
--- a/data/features/project-beta-webhooks.yml
+++ b/data/features/project-beta-webhooks.yml
@ -0,0 +1,5 @@
+# Issue 2251
+# Projects (beta) webhooks
+versions:
+  fpt: '*'
+  ghec: '*'
--- a/data/graphql/ghae/schema.docs-ghae.graphql
+++ b/data/graphql/ghae/schema.docs-ghae.graphql
@ -22437,6 +22437,11 @@ type Organization implements Actor & MemberStatusable & Node & ProfileOwner & Pr
  """
  viewerIsAMember: Boolean!

+  """
+  Whether or not this Organization is followed by the viewer.
+  """
+  viewerIsFollowing: Boolean!
+
  """
  The organization's public profile URL.
  """
--- a/data/graphql/ghec/schema.docs.graphql
+++ b/data/graphql/ghec/schema.docs.graphql
@ -24950,6 +24950,11 @@ type Organization implements Actor & MemberStatusable & Node & PackageOwner & Pr
  """
  viewerIsAMember: Boolean!

+  """
+  Whether or not this Organization is followed by the viewer.
+  """
+  viewerIsFollowing: Boolean!
+
  """
  True if the viewer is sponsoring this user/organization.
  """
--- a/data/graphql/schema.docs.graphql
+++ b/data/graphql/schema.docs.graphql
@ -24950,6 +24950,11 @@ type Organization implements Actor & MemberStatusable & Node & PackageOwner & Pr
  """
  viewerIsAMember: Boolean!

+  """
+  Whether or not this Organization is followed by the viewer.
+  """
+  viewerIsFollowing: Boolean!
+
  """
  True if the viewer is sponsoring this user/organization.
  """
--- a/data/release-notes/enterprise-server/3-5/0-rc1.yml
+++ b/data/release-notes/enterprise-server/3-5/0-rc1.yml
@ -1,6 +1,6 @@
 date: '2022-05-10'
 release_candidate: true
-deprecated: false
+deprecated: true
 intro: |
  {% note %}

--- a/data/release-notes/enterprise-server/3-5/0.yml
+++ b/data/release-notes/enterprise-server/3-5/0.yml
@ -0,0 +1,418 @@
+date: '2022-05-31'
+intro: |
+
+  For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+sections:
+  features:
+    - heading: IP exception list for validation testing after maintenance
+      notes:
+        # https://github.com/github/releases/issues/2109
+        - |
+          You can now configure an allow list of IP addresses that can access application services on your GitHub Enterprise Server instance while maintenance mode is enabled. Administrators who visit the instance's web interface from an allowed IP address can validate the instance's functionality post-maintenance and before disabling maintenance mode. For more information, see "[Enabling and scheduling maintenance mode](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)."
+
+    - heading: Custom repository roles are generally available
+      notes:
+        # https://github.com/github/releases/issues/1945
+        - |
+          With custom repository roles, organizations now have more granular control over the repository access permissions they can grant to users. For more information, see "[Managing custom repository roles for an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)."
+
+          A custom repository role is created by an organization owner, and is available across all repositories in that organization. Each role can be given a custom name, and a description. It can be configured from a set of over 40 fine grained permissions. Once created, repository admins can assign a custom role to any user, team or outside collaborator in their repository.
+
+          Custom repository roles can be created, viewed, edited and deleted via the new **Repository roles** tab in an organization's settings. A maximum of 3 custom roles can be created within an organization. 
+
+          Custom repository roles are also fully supported in the GitHub Enterprise Server REST APIs. The Organizations API can be used to list all custom repository roles in an organization, and the existing APIs for granting repository access to individuals and teams have been extended to support custom repository roles. For more information, see "[Organizations](/rest/reference/orgs#list-custom-repository-roles-in-an-organization)" in the REST API documentation.
+
+    - heading: GitHub Container registry in public beta 
+      notes: 
+        # https://github.com/github/releases/issues/2005
+         - |
+           The GitHub Container registry (GHCR) is now available in GitHub Enterprise Server 3.5 as a public beta, offering developers the ability to publish, download, and manage containers. GitHub Packages container support implements the OCI standards for hosting Docker images. For more information, see "[GitHub Container registry](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)."
+    
+    - heading: Dependabot updates are generally available
+      notes:
+       # https://github.com/github/releases/issues/2089
+        - |
+          Dependabot version and security updates are now generally available in GitHub Enterprise Server 3.5. All the popular ecosystems and features that work on GitHub.com repositories now can be set up on your GitHub Enterprise Server instance. Dependabot on GitHub Enterprise Server requires GitHub Actions and a pool of self-hosted Dependabot runners, GitHub Connect enabled, and Dependabot enabled by an admin. 
+
+          Following on from the public beta release, we will be supporting the use of GitHub Actions runners hosted on a Kubernetes setup. 
+
+          For more information, see "[Setting up Dependabot updates](https://docs.github.com/en/enterprise-server@3.5/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates)."
+
+
+
+    - heading: Server Statistics in public beta
+      notes:
+        # https://github.com/github/releases/issues/2183
+        - |
+          You can now analyze how your team works, understand the value you get from GitHub Enterprise Server, and help us improve our products by reviewing your instance's usage data and sharing this aggregate data with GitHub. You can use your own tools to analyze your usage over time by downloading your data in a CSV or JSON file or by accessing it using the REST API. To see the list of aggregate metrics collected, see "[About Server Statistics](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)." Server Statistics data includes no personal data nor GitHub content, such as code, issues, comments, or pull requests content.  For a better understanding of how we store and secure Server Statistics data, see "[GitHub Security](https://github.com/security)."  For more information about Server Statistics, see "[Analyzing how your team works with Server Statistics](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics)." This feature is available in public beta.
+
+    - heading: GitHub Actions rate limiting is now configurable
+      notes:
+        # https://github.com/github/releases/issues/2123
+        - |
+          Site administrators can now enable and configure a rate limit for GitHub Actions. By default, the rate limit is disabled. When workflow jobs cannot immediately be assigned to an available runner, they will wait in a queue until a runner is available. However, if GitHub Actions experiences a sustained high load, the queue can back up faster than it can drain and the performance of the GitHub Enterprise Server instance may degrade. To avoid this, an administrator can configure a rate limit. When the rate limit is exceeded, additional workflow runs will fail immediately rather than being put in the queue. Once the rate has stabilized below the threshold, new runs can be queued again. For more information, see "[Configuring rate limits](/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-rate-limits-for-github-actions)."
+
+    - heading: OpenID Connect (OIDC) for secure deployments with GitHub Actions
+      notes:
+        # https://github.com/github/releases/issues/2066
+        - |
+          GitHub Actions on GitHub Enterprise Server now supports OIDC for secure deployments to cloud providers, which uses short-lived tokens that are automatically rotated for each deployment. OIDC enables the following functionality.
+
+          - Seamless authentication between cloud providers and GitHub Enterprise Server without the need for storing any long-lived cloud secrets on your instance
+          - Cloud administrators can rely on the security mechanisms of a particular cloud provider to ensure that GitHub Actions workflows have minimal access to cloud resources. There is no duplication of secret management between GitHub Enterprise Server and the cloud.
+          
+          For more information, see "[Security hardening your deployments](/actions/deployment/security-hardening-your-deployments)."
+
+    - heading: Sharing GitHub Actions within your enterprise is generally available
+      notes:
+        # https://github.com/github/releases/issues/2085
+        - |
+          Support for GitHub Actions in internal repositories is now generally available for organizations on your GitHub Enterprise Server instance. You can innersource automation by sharing actions in internal repositories. You can manage a repository's settings or use the REST API to allow access to workflows in other repositories within the organization or in any organization on the instance. For more information, see "[Sharing actions and workflows with your enterprise](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise)," "[Managing GitHub Actions settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-an-internal-repository)," and "[Actions Permissions](/rest/actions/permissions#get-the-level-of-access-for-workflows-outside-of-the-repository)" in the REST API documentation.
+    
+    - heading: Cache support for GitHub Actions on GitHub Enterprise Server is now generally available
+      notes:
+        # https://github.com/github/releases/issues/2110
+        - |
+          You can now use dependency caching to speed up your GitHub Actions workflows. To cache dependencies for a job, you can include the [actions/cache](https://github.com/actions/cache) action to create a cache with a unique key. You can share caches across all workflows in the same repository. These workflows can then restore the cache and run faster.
+
+          Actions users can also use our cache APIs to:
+
+          - Define the enterprise policy for cache size range allowed per repository.
+          - Query the cache usage within each repository and monitor if the total size of all caches is reaching the upper limit.
+          - Increase the maximum cache size for a repository within the allowed enterprise limits, based on the cache requirements of the repository.
+          - Monitor aggregate cache usage at organization level or at enterprise level.
+
+          The external blob storage that is configured within your enterprise account will now be shared across workflow artifacts, logs, and also the caches. For more information, see "[Caching dependencies to speed up workflows](/actions/using-workflows/caching-dependencies-to-speed-up-workflows)."
+
+
+    - heading: Automatically sign commits made in the web UI
+      notes:
+        # https://github.com/github/releases/issues/1963
+        - |
+          You can now configure GitHub Enterprise Server to automatically sign commits made in the web interface, such as from editing a file or merging a pull request. Signed commits increase confidence that changes come from trusted sources. This feature allows the [Require signed commits](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-signed-commits) branch protection setting to block unsigned commits from entering a repository, while allowing entry of signed commits – even those made in the web interface. For more information, see "[Configuring web commit signing](/admin/configuration/configuring-your-enterprise/configuring-web-commit-signing)."
+
+    - heading: Sync license usage any time
+      notes:
+        # https://github.com/github/releases/issues/2201
+        - |
+          For customers that sync license usage between GitHub Enterprise Server and GitHub Enterprise Cloud automatically using GitHub Connect, you now have the ability to sync your license usage independently of the automatic weekly sync. This feature also reports the status of sync job. For more information, see "[Syncing license usage between GitHub Enterprise Server and GitHub Enterprise Cloud](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud#manually-syncing-license-usage)."
+
+    - heading: Reusable workflows for GitHub Actions are generally available
+      notes:
+        # https://github.com/github/releases/issues/1767
+        # https://github.com/github/releases/issues/1950
+        # https://github.com/github/releases/issues/2114
+          - |
+            Reusable workflows are now generally available. Reusable workflows help you reduce duplication by enabling you to reuse an entire workflow as if it were an action. With the general availability release, a number of improvements are now available for GitHub Enterprise Server. For more information, see "[Reusing workflows](/actions/using-workflows/reusing-workflows)."
+            
+            - You can utilize outputs to pass data from reusable workflows to other jobs in the caller workflow.
+            - You can pass environment secrets to reusable workflows.
+            - The audit log includes information about which reusable workflows are used.
+            - Reusable workflows in the same repository as the calling repository can be referenced with just the path and filename (`PATH/FILENAME`). The called workflow will be from the same commit as the caller workflow.
+          
+    - heading: Self-hosted runners for GitHub Actions can now disable automatic updates
+      notes:
+        # https://github.com/github/releases/issues/2014
+        - |
+          You now have more control over when your self-hosted runners perform software updates. If you specify the `--disableupdate` flag to the runner then it will not try to perform an automatic software update if a newer version of the runner is available. This allows you to update the self-hosted runner on your own schedule, and is especially convenient if your self-hosted runner is in a container.
+
+           For compatibility with the GitHub Actions service, you will need to manually update your runner within 30 days of a new runner version being available.  For instructions on how to install the latest runner version, please see the installation instructions for [the latest release in the runner repo](https://github.com/actions/runner/releases).
+
+    - heading: Secure self-hosted runners for GitHub Actions by limiting workflows
+      notes:
+        # https://github.com/github/releases/issues/2013
+        - |
+          Organization owners can now increase the security of CI/CD workflows on self-hosted runners by choosing which workflows can access a runner group. Previously, any workflow in a repository, such as an issue labeler, could access the self-hosted runners available to an organization. For more information, see "[Managing access to self-hosted runners using groups](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups#changing-what-workflows-can-access-a-runner-group)" and the [GitHub Blog](https://github.blog/2022-03-23-github-actions-secure-self-hosted-runners-specific-workflows/).
+
+    - heading: Prevent GitHub Actions from approving pull requests
+      notes:
+        # https://github.com/github/releases/issues/1959
+        - |
+          You can now control whether GitHub Actions can approve pull requests. This feature protects against a user using GitHub Actions to satisfy the "Required approvals" branch protection requirement and merging a change that was not reviewed by another user. To prevent breaking existing workflows, **Allow GitHub Actions reviews to count towards required approval** is enabled by default. Organization owners can disable the feature in the organization's GitHub Actions settings. For more information, see "[Disabling or limiting GitHub Actions for your organization](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#preventing-github-actions-from-approving-pull-requests)."
+
+    - heading: Re-run failed or individual GitHub Actions jobs
+      notes:
+        # https://github.com/github/releases/issues/1503
+        - |
+          You can now re-run only failed jobs or an individual job in a GitHub Actions workflow run. For more information, see "[Re-running workflows and jobs](/actions/managing-workflow-runs/re-running-workflows-and-jobs)."
+
+    - heading: Dependency graph supports GitHub Actions
+      notes:
+        # https://github.com/github/releases/issues/1913
+        - |
+          The dependency graph now detects YAML files for GitHub Actions workflows. GitHub Enterprise Server will display the workflow files within the **Insights** tab's dependency graph section. Repositories that publish actions will also be able to see the number of repositories that depend on that action from the "Used By" control on the repository homepage. For more information, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
+
+    - heading: Security overview for enterprises in public beta
+      notes:
+        # https://github.com/github/releases/issues/2040
+        - |
+          GitHub Advanced Security customers can now view an overview of security alerts at the enterprise level. The new **Security** tab at the enterprise level provides a repository-centric view of application security risks, as well as an alert-centric view of all secret scanning alerts. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
+
+    - heading: Security view for organizations is generally available
+      notes:
+        # https://github.com/github/releases/issues/2096
+        - |
+          The overview of security alerts at the organization level is now generally available. GitHub Advanced Security customers can use the security overview to view a repository-centric view of application security risks, or an alert-centric view of all code scanning, Dependabot, and secret scanning alerts for all repositories in an organization. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
+
+    - heading: Code scanning detects more security issues, supports new language versions
+      notes:
+        # https://github.com/github/releases/issues/2097
+        - |
+          Code scanning now detects a larger number of CWEs, and CodeQL code scanning fully supports the standard language features in the following language releases.
+
+          - C# 10 / .NET 6
+          - Python 3.10
+          - Java 17
+          - TypeScript 4.5
+
+          For more information, see the [GitHub Blog](https://github.blog/changelog/2022-02-25-code-scanning-detects-more-security-issues-supports-new-language-versions/).
+
+    - heading: View code scanning alerts across an organization
+      notes:
+        # https://github.com/github/releases/issues/1792
+        - |
+          GitHub Advanced Security customers can now view code scanning alerts in an organization's **Security** tab. This view is available to organization owners and members of teams with the [security manager role](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization). For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
+
+        # https://github.com/github/releases/issues/1763
+        - |
+          Users can now retrieve code scanning alerts for an organization on your GitHub Enterprise Server instance via the REST API. This new API endpoint supplements the existing [endpoint for repositories](/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository). For more information, see [Code Scanning](/rest/code-scanning) in the REST API documentation.
+
+    - heading: Secret scanning available as a push protection
+      notes:
+        # 
+        - |
+          GitHub Enterprise Server can now block any pushes where a token is detected with high confidence. Developers can bypass the block by providing details of why the secret needs to be committed via a web UI. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
+
+    - heading: Dry runs for custom patterns with secret scanning
+      notes:
+        # https://github.com/github/releases/issues/1703
+        # https://github.com/github/releases/issues/2084
+        - |
+          GitHub Advanced Security customers can now dry run custom secret scanning patterns at the organization or repository level. Dry runs allow people with owner or admin access to review and hone their patterns before publishing them and generating alerts. You can compose a pattern, then use **Save and dry run** to retrieve results. The scans typically take just a few seconds, but GitHub Enterprise Server will also notify organization owners or repository admins via email when dry run results are ready. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-private-repositories)" and "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+
+    - heading: Secret scanning custom pattern events now in the audit log
+      notes:
+        # https://github.com/github/releases/issues/2154
+        - |
+          The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their [repository](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#repository_secret_scanning_custom_pattern-category-actions)-, [organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#org_secret_scanning_custom_pattern-category-actions)-, or [enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_custom_pattern-category-actions)-level custom patterns for security and compliance audits. For more information, see "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)" or "[Reviewing audit logs for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise)."
+
+    - heading: Configure permissions for secret scanning with custom repository roles
+      notes:
+        # https://github.com/github/releases/issues/1909
+        - |
+          You can now configure two new permissions for secret scanning when managing custom repository roles.
+
+          - View secret scanning results
+          - Dismiss or reopen secret scanning results
+
+          For more information, see  "[Managing custom repository roles for an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)."
+
+    - heading: Secret scanning now supports archived repositories
+      notes:
+        # https://github.com/github/releases/issues/2076
+        - |
+          GitHub Advanced Security customers can now enable secret scanning for archived repositories via the UI and API. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-private-repositories)," "[About archived repositories](/repositories/archiving-a-github-repository/archiving-repositories)," and "[Repositories](/rest/repos/repos#update-a-repository)" in the REST API documentation.
+
+    - heading: Secret scanning webhooks for alert locations
+      notes:
+        # https://github.com/github/releases/issues/2149
+        - |
+          GitHub Advanced Security customers using secret scanning can now opt to receive a webhook each time a secret is detected in a new location. The `secret_scanning_alert_location` webhook event includes location details, like the commit SHA, and the associated alert for the detection. A location is created for every new file path containing the detected secret. For more information, see "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert_location)."
+
+    - heading: View Dependabot alerts across an organization
+      notes:
+        # https://github.com/github/releases/issues/1992
+        - |
+          GitHub Advanced Security customers can now view Dependabot alerts in in an organization's **Security** tab. This view is available to organization owners and members of teams with the [security manager role](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization). For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
+
+    - heading: Configure permissions for Dependabot alerts with custom repository roles
+      notes:
+        # https://github.com/github/releases/issues/1958
+        - |
+          You can now configure two new permissions for Dependabot alerts when managing custom repository roles.
+          
+          - View Dependabot alerts
+          - Dismiss or reopen Dependabot alerts
+
+          For more information, see  "[Managing custom repository roles for an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)."
+
+    - heading: Reopen dismissed Dependabot alerts
+      notes:
+        # https://github.com/github/releases/issues/1923
+        - |
+          You can now reopen dismissed Dependabot alerts through the UI page for a closed alert. This does not affect Dependabot pull requests or the GraphQL API. For more information, see "[About Dependabot alerts](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
+
+    - heading: Pub support for Dependabot version updates is in public beta
+      notes:
+        # https://github.com/github/releases/issues/2086
+        - |
+          Users of Dependabot version updates can now proactively update dependencies for Flutter or Dart projects that use the Pub package manager.  
+
+          To test [version updates](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates) on your own Dart or Flutter repository, add the following configuration file in <code>[.github/dependabot.yaml](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates)</code>. Note the `package-ecosystem: "pub"` and `enable-beta-ecosystems: true` flags.
+          ```yaml
+          version: 2
+          enable-beta-ecosystems: true
+          updates:
+            - package-ecosystem: "pub"
+              directory: "/"
+              schedule:
+                interval: "weekly"
+          ```
+
+    - heading: See pull request associated with a repository's Dependabot alerts via GraphQL API
+      notes:
+        # https://github.com/github/releases/issues/2088
+        - |
+          The new `DependabotUpdate` GraphQL object lets you view information about what happens to your repository's security updates. When GitHub Enterprise Server detects that a dependency in your repository is vulnerable, Dependabot will attempt to open a pull request to update that dependency to a non-vulnerable version. You can now see the pull request that fixes the vulnerability. In some cases, Dependabot fails to open a pull request. Previously, the error message that Dependabot generated was only visible in the "Dependabot Alerts" section of the **Security** tab. Now, if Dependabot runs into an error when trying to open a pull request for a security alert, you can determine the reason using the GraphQL API. For more information, see "[Objects](/graphql/reference/objects#dependabotupdate)" in the GraphQL API documentation.
+
+    - heading: Access more information about Dependabot alerts via GraphQL API
+      notes:
+        # https://github.com/github/releases/issues/1922
+        - |
+          You can now view fixed alerts from Dependabot with the GraphQL API. You can also access and filter by state, as well as by unique numeric identifier, and you can filter by state on the vulnerability alert object. The following fields now exist for a `RepositoryVulnerabilityAlert`.
+
+          - `number`
+          - `fixed_at`
+          - `fix_reason`
+          - `state`
+
+          For more information, see "[Objects](/graphql/reference/objects#repositoryvulnerabilityalert)" in the GraphQL API documentation.
+
+    - heading: Git events in the enterprise audit log
+      notes:
+        # https://github.com/github/releases/issues/2205
+        - |
+          The following Git-related events can now appear in the enterprise audit log. If you enable the feature and set an audit log retention period, the new events will be available for search via the UI and API, or export via JSON or CSV.
+          
+          - `git.clone`
+          - `git.fetch`
+          - `git.push`
+          
+          Due to the large number of Git events logged, we recommend you monitor your instance's file storage and review your related alert configurations. For more information, see "[Audit log events for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#git-category-actions)" and "[Monitoring storage](/admin/enterprise-management/monitoring-your-appliance/recommended-alert-thresholds#monitoring-storage)."
+
+    - heading: Improvements to CODEOWNERS
+      notes:
+        # https://github.com/github/releases/issues/1994
+        - |
+          This release includes improvements to CODEOWNERS.
+          
+          - Syntax errors are now surfaced when viewing a CODEOWNERS file from the web. Previously, when a line in a CODEOWNERS file had a syntax error, the error would be ignored or in some cases cause the entire CODEOWNERS file to not load. GitHub Apps and Actions can access the same list of errors using new REST and GraphQL APIs. For more information, see "[Repositories](/rest/repos/repos#list-codeowners-errors)" in the REST API documentation or "[Objects](/graphql/reference/objects#repositorycodeowners)" in the GraphQL API documentation.
+          - After someone creates a new pull request or pushes new changes to a draft pull request, any code owners that will be requested for review are now listed in the pull request under "Reviewers". This feature gives you an early look at who will be requested to review once the pull request is marked ready for review.
+          - Comments in CODEOWNERS files can now appear at the end of a line, not just on dedicated lines.
+          
+          For more information, see "[About code owners](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners)."
+
+    - heading: More ways to keep a pull request's topic branch up to date
+      notes:
+        # https://github.com/github/releases/issues/1566
+        - |
+          The **Update branch** button on the pull request page lets you update your pull request's branch with the latest changes from the base branch. This is useful for verifying your changes are compatible with the current version of the base branch before you merge. Two enhancements now give you more ways to keep your branch up-to-date.
+
+          - When your pull request's topic branch is out of date with the base branch, you now have the option to update it by rebasing on the latest version of the base branch. Rebasing applies the changes from your branch onto the latest version of the base branch, resulting in a branch with a linear history since no merge commit is created. To update by rebasing, click the drop down menu next to the **Update Branch** button, click **Update with rebase**, and then click **Rebase branch**. Previously, **Update branch** performed a traditional merge that always resulted in a merge commit in your pull request branch. This option is still available, but now you have the choice. For more information, see "[Keeping your pull request in sync with the base branch](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/keeping-your-pull-request-in-sync-with-the-base-branch)."
+
+          - A new repository setting allows the **Update branch** button to always be available when a pull request's topic branch is not up to date with the base branch. Previously, this button was only available when the **Require branches to be up to date before merging** branch protection setting was enabled. People with admin or maintainer access can manage the **Always suggest updating pull request branches** setting from the **Pull Requests** section in repository settings. For more information, see "[Managing suggestions to update pull request branches](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-suggestions-to-update-pull-request-branches)."
+
+    - heading: Configure custom HTTP headers for GitHub Pages sites
+      notes: 
+        # https://github.com/github/releases/issues/2124
+        - |
+          You can now configure custom HTTP headers that apply to all GitHub Pages sites served from your GitHub Enterprise Server instance. For more information, see "[Configuring GitHub Pages for your enterprise](/admin/configuration/configuring-your-enterprise/configuring-github-pages-for-your-enterprise#configuring-github-pages-response-headers-for-your-enterprise)."
+
+    - heading: Ignore commits in blame view
+      notes:
+        # https://github.com/github/releases/issues/2090
+        - |
+          It's now possible to ignore revisions in the blame view by creating a _.git-blame-ignore-revs_ file in the root of your repository. For more information, see "[Viewing a file](/repositories/working-with-files/using-files/viewing-a-file#ignore-commits-in-the-blame-view)."
+
+    - heading: Light high contrast theme is generally available
+      notes:
+        # https://github.com/github/releases/issues/2011
+        - |
+          A light high contrast theme, with greater contrast between foreground and background elements, is now generally available. For more information, see "[Managing your theme settings](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings)."
+
+    - heading: Tag protection rules
+      notes:
+        # https://github.com/github/releases/issues/1793
+        - |
+          Repository owners can now configure tag protection rules to protect a repository's tags. Once protected by a tag protection rule, tags matching a specified name pattern can only be created and deleted by users with the Maintain or Admin role in the repository. For more information, see "[Configuring tag protection rules](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)."
+
+  bugs:
+    # https://github.com/github/releases/issues/1934
+    - |
+      It is now possible for GitHub Apps to upload release assets.
+
+  changes:
+    # https://github.com/github/releases/issues/2063
+    - |
+      To use the device authorization flow for OAuth and GitHub Apps, you must manually enable the feature. This change reduces the likelihood of apps being used in phishing attacks against GitHub Enterprise Server users by ensuring integrators are aware of the risks and make a conscious choice to support this form of authentication. If you own or manage an OAuth App or GitHub App and you want to use the device flow, you can enable it for your app via the app's settings page. The device flow API endpoints will respond with status code `400` to apps that have not enabled this feature. For more information, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)."
+
+    # https://github.com/github/releases/issues/2049
+    - |
+      The code scanning alert page now always shows the alert status and information for the default branch. There is a new "Affected branches" panel in the sidebar where you can see the status of the alert in other branches. If the alert does not exist in your default branch, the alert page will show the status as "In branch" or "In pull request" for the location where the alert was last seen. This improvement makes it easier to understand the status of alerts which have been introduced into your code base. For more information, see "[About code scanning alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details)."
+
+      The alert list page is not changed and can be filtered by `branch`. You can use the code scanning API to retrieve more detailed branch information for alerts. For more information, see "[Code Scanning](/rest/code-scanning)" in the REST API documentation.
+
+    # https://github.com/github/releases/issues/2050
+    - |
+      Code scanning now shows the details of the analysis origin of an alert. If an alert has more than one analysis origin, it is shown in the "Affected branches" sidebar and in the alert timeline. You can hover over the analysis origin icon in the "Affected branches" sidebar to see the alert status in each analysis origin. If an alert only has a single analysis origin, no information about analysis origins is displayed on the alert page. These improvements will make it easier to understand your alerts. In particular, it will help you understand those that have multiple analysis origins. This is especially useful for setups with multiple analysis configurations, such as monorepos. For more information, see "[About code scanning alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-analysis-origins)."
+
+    # https://github.com/github/releases/issues/2071
+    - |
+      Lists of repositories owned by a user or organization now have an additional filter option, "Templates", making it easier to find template repositories.
+
+    # https://github.com/github/releases/issues/1947
+    - |
+      GitHub Enterprise Server can display several common image formats, including PNG, JPG, GIF, PSD, and SVG, and provides several ways to compare differences between versions. Now when reviewing added or changed images in a pull request, previews of those images are shown by default. Previously, you would see a message indicating that binary files could not be shown and you would need to toggle the "Display rich diff" option. For more information, see  "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files)."
+
+    # https://github.com/github/releases/issues/2054
+    - |
+      New gists are now created with a default branch name of either `main` or the alternative default branch name defined in your user settings. This matches how other repositories are created on GitHub Enterprise Server. For more information, see "[About branches](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch)" and "[Managing the default branch name for your repositories](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-the-default-branch-name-for-your-repositories)."
+
+    # https://github.com/github/releases/issues/2028
+    - |
+      Gists now only show the 30 most recent comments when first displayed. You can click **Load earlier comments...** to view more. This allows gists that have many comments to appear more quickly. For more information, see "[Editing and sharing content with gists](/get-started/writing-on-github/editing-and-sharing-content-with-gists)."
+
+    # https://github.com/github/releases/issues/2036
+    - |
+      Settings pages for users, organizations, repositories, and teams have been redesigned, grouping similar settings pages into sections for improved information architecture and discoverability. For more information, see the [GitHub changelog](https://github.blog/changelog/2022-02-02-redesign-of-githubs-settings-pages/). 
+
+    # https://github.com/github/releases/issues/2129
+    - |
+        Focusing or hovering over a label now displays the label description in a tooltip.
+
+    # https://github.com/github/releases/issues/1983
+    - |
+        Creating and removing repository invitations, whether done through the API or web interface, are now subject to rate limits that may be enabled on your GitHub Enterprise Server instance. For more information about rate limits, see "[Configuring rate limits](/admin/configuration/configuring-your-enterprise/configuring-rate-limits)."
+
+    # https://github.com/github/releases/issues/2291
+    - |
+        MinIO has announced the removal of the MinIO Gateways starting June 1st, 2022. While MinIO Gateway for NAS continues to be one of the supported storage providers for Github Actions and Github Packages, we recommend moving to MinIO LTS support to avail support and bug fixes from MinIO. For more information about rate limits, see "[Scheduled removal of MinIO Gateway for GCS, Azure, HDFS in the minio/minio repository](https://github.com/minio/minio/issues/14331)."
+
+
+  deprecations:
+    - heading: Change to the format of authentication tokens
+      notes:
+        # https://github.com/github/releases/issues/1235
+        - |
+          GitHub Connect will no longer work after June 3rd for instances running GitHub Enterprise Server 3.1 or older, due to the format of GitHub authentication tokens changing. For more information, see the [GitHub changelog](https://github.blog/changelog/2021-03-31-authentication-token-format-updates-are-generally-available/).
+
+    - heading: CodeQL runner deprecated in favor of CodeQL CLI
+      notes:
+        # https://github.com/github/releases/issues/1632
+        - |
+          The CodeQL runner is deprecated in favor of the CodeQL CLI. GitHub Enterprise Server 3.4 and later no longer include the CodeQL runner. This deprecation only affects users who use CodeQL code scanning in 3rd party CI/CD systems. GitHub Actions users are not affected. GitHub strongly recommends that customers migrate to the CodeQL CLI, which is a feature-complete replacement for the CodeQL runner and has many additional features. For more information, see "[Migrating from the CodeQL runner to CodeQL CLI](/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli)."
+    
+    - heading: Theme picker for GitHub Pages has been removed
+      notes:
+        - |
+          The theme picker for GitHub Pages has been removed from the Pages settings. For more information about configuration of themes for GitHub Pages, see "[Adding a theme to your GitHub Pages site using Jekyll](/pages/setting-up-a-github-pages-site-with-jekyll/adding-a-theme-to-your-github-pages-site-using-jekyll)."
+        
+  known_issues:
+      - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+      - Custom firewall rules are removed during the upgrade process.
+      - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+      - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+      - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+      - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+      - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+      - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
--- a/data/reusables/code-scanning/choose-alert-dismissal-reason.md
+++ b/data/reusables/code-scanning/choose-alert-dismissal-reason.md
@ -1 +1,2 @@
-It's important to choose the appropriate reason from the drop-down menu as this may affect whether a query continues to be included in future analysis.
+It's important to choose the appropriate reason from the drop-down menu as this may affect whether a query continues to be included in future analysis. {% if comment-dismissed-code-scanning-alert %}Optionally, you can comment on a dismissal to record the context of an alert dismissal. The dismissal comment is added to the alert timeline and can be used as justification during auditing and reporting. You can retrieve or set a comment by using the code scanning REST API. The comment is contained in `dismissed_comment` for the `alerts/{alert_number}` endpoint. For more information, see "[Code Scanning](/rest/code-scanning#update-a-code-scanning-alert)."
+{% endif %}
--- a/data/reusables/enterprise-accounts/download-recovery-codes.md
+++ b/data/reusables/enterprise-accounts/download-recovery-codes.md
@ -1,3 +1,3 @@
-1. To ensure you can still access your enterprise in the event that your identity provider is ever unavailable in the future, click **Download**, **Print**, or **Copy** to save your recovery codes. For more information, see "[Downloading your enterprise account's SAML single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes)."
+1. To ensure you can still access your enterprise in the event that your identity provider is ever unavailable in the future, click **Download**, **Print**, or **Copy** to save your recovery codes. For more information, see "[Downloading your enterprise account's single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."

   ![Screenshot of the buttons to download, print, or copy your recovery codes](/assets/images/help/saml/saml_recovery_code_options.png)
--- a/data/reusables/enterprise-accounts/emu-azure-admin-consent.md
+++ b/data/reusables/enterprise-accounts/emu-azure-admin-consent.md
@ -0,0 +1,6 @@
+1. When redirected, sign in to your identity provider, then follow the instructions to give consent and install the {% data variables.product.prodname_emu_idp_oidc_application %} application.
+   {% warning %}
+
+   **Warning:** You must sign in to Azure AD as a user with global admin rights in order to consent to the installation of the {% data variables.product.prodname_emu_idp_oidc_application %} application.
+
+   {% endwarning %}
--- a/data/reusables/enterprise-accounts/emu-cap-validates.md
+++ b/data/reusables/enterprise-accounts/emu-cap-validates.md
@ -0,0 +1 @@
+When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate user interactions with {% data variables.product.prodname_dotcom %}, when members change IP addresses, and each time a personal access token or SSH key is used.
--- a/data/reusables/enterprise-accounts/oidc-beta-notice.md
+++ b/data/reusables/enterprise-accounts/oidc-beta-notice.md
@ -0,0 +1,5 @@
+{% note %}
+
+**Note:** OpenID Connect (OIDC) and Conditional Access Policy (CAP) support for {% data variables.product.prodname_emus %} is in public beta and only available for Azure AD.
+
+{% endnote %}
--- a/data/reusables/enterprise-accounts/oidc-gei-warning.md
+++ b/data/reusables/enterprise-accounts/oidc-gei-warning.md
@ -0,0 +1,5 @@
+{% warning %}
+
+**Warning:** If you use {% data variables.product.prodname_importer_proper_name %} to migrate an organization from {% data variables.product.product_location_enterprise %}, make sure to use a service account that is exempt from Azure AD's CAP otherwise your migration may be blocked.
+
+{% endwarning %}
--- a/data/variables/product.yml
+++ b/data/variables/product.yml
@ -45,6 +45,9 @@ prodname_github_connect: 'GitHub Connect'
 prodname_unified_contributions: 'unified contributions'
 prodname_unified_search: 'unified search'

+# GitHub Enterprise migration tool
+prodname_importer_proper_name: 'GitHub Enterprise Importer'
+
 # GitHub Education
 prodname_education: 'GitHub Education'
 prodname_education_community: 'Education Community'
@ -102,10 +105,11 @@ prodname_discussions: 'GitHub Discussions'

 # GitHub Enterprise Managed Users
 prodname_emu_idp_application: 'GitHub Enterprise Managed User'
+prodname_emu_idp_oidc_application: 'GitHub Enterprise Managed User (OIDC)'
 prodname_emus: 'Enterprise Managed Users'
-prodname_managed_user: 'managed user'
-prodname_managed_users: 'managed users'
-prodname_managed_users_caps: 'Managed users'
+prodname_managed_user: 'managed user account'
+prodname_managed_users: 'managed user accounts'
+prodname_managed_users_caps: 'Managed user accounts'
 prodname_emu_enterprise: 'enterprise with managed users'
 prodname_emu_org: 'organization with managed users'

--- a/data/variables/release_candidate.yml
+++ b/data/variables/release_candidate.yml
@ -1 +1 @@
-version: enterprise-server@3.5
+version: ''
--- a/lib/all-products.js
+++ b/lib/all-products.js
@ -1,13 +1,12 @@
 import fs from 'fs/promises'
 import path from 'path'
-import readFileAsync from './readfile-async.js'
 import frontmatter from './read-frontmatter.js'
 import getApplicableVersions from './get-applicable-versions.js'
 import removeFPTFromPath from './remove-fpt-from-path.js'

 // Both internal and external products are specified in content/index.md
 const homepage = path.posix.join(process.cwd(), 'content/index.md')
-const { data } = frontmatter(await readFileAsync(homepage, 'utf8'))
+const { data } = frontmatter(await fs.readFile(homepage, 'utf8'))

 export const productIds = data.children
 export const productGroups = []
@ -27,7 +26,7 @@ for (const productId of productIds) {
  }

  const toc = path.posix.join(dir, 'index.md')
-  const { data } = frontmatter(await readFileAsync(toc, 'utf8'))
+  const { data } = frontmatter(await fs.readFile(toc, 'utf8'))
  const applicableVersions = getApplicableVersions(data.versions, toc)
  const href = removeFPTFromPath(path.posix.join('/', applicableVersions[0], productId))

--- a/lib/check-node-version.js
+++ b/lib/check-node-version.js
@ -1,8 +1,8 @@
+import fs from 'fs/promises'
 import semver from 'semver'
 import path from 'path'
-import readFileAsync from './readfile-async.js'

-const packageFile = JSON.parse(await readFileAsync(path.join(process.cwd(), './package.json')))
+const packageFile = JSON.parse(await fs.readFile(path.join(process.cwd(), './package.json')))
 const { engines } = packageFile

 /* istanbul ignore next */
--- a/lib/enterprise-server-releases.js
+++ b/lib/enterprise-server-releases.js
@ -1,9 +1,10 @@
-import versionSatisfiesRange from './version-satisfies-range.js'
 import path from 'path'
-import readFileAsync from './readfile-async.js'
+import fs from 'fs/promises'
+
+import versionSatisfiesRange from './version-satisfies-range.js'

 export const dates = JSON.parse(
-  await readFileAsync(path.join(process.cwd(), './lib/enterprise-dates.json'))
+  await fs.readFile(path.join(process.cwd(), './lib/enterprise-dates.json'))
 )

 // GHES Release Lifecycle Dates:
--- a/lib/get-redirect.js
+++ b/lib/get-redirect.js
@ -39,6 +39,10 @@ export default function getRedirect(uri, context) {
  // the old formatting of the version. So to leverage the redirects
  // from `developer.json` we'll look at it right away.
  if (withoutLanguage in redirects) {
+    // But only inject the language if it's NOT an external redirect
+    if (redirects[withoutLanguage].includes('://')) {
+      return redirects[withoutLanguage]
+    }
    return `/${language}` + redirects[withoutLanguage]
  }

--- a/Показать больше
+++ b/Показать больше
				`@ -0,0 +1 @@`
				`When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate user interactions with {% data variables.product.prodname_dotcom %}, when members change IP addresses, and each time a personal access token or SSH key is used.`