Merge branch 'main' into feat/add-contributor-frontmatter

Author: sarahs

assets/images/help/repository/code-scanning-branch-dropdown.png

@@ -25,6 +25,9 @@ Each workflow job is executed in a fresh instance of the {% data variables.actio
 
 To add {% data variables.actions.hosted_runner %}s to your organization or enterprise, see ["Adding {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/adding-ae-hosted-runners)."
 
+### Pool assignments for {% data variables.actions.hosted_runner %}s
+
+Your {% data variables.actions.hosted_runner %}s are allocated to the same pool as your {% data variables.product.prodname_ghe_managed %} instance. No other customers have access to this pool, and as a result, {% data variables.actions.hosted_runner %}s are not shared with any other customers.
 
 ### Billing
 

assets/images/help/repository/code-scanning-click-alert.png

@@ -22,6 +22,8 @@ When {% data variables.product.prodname_dependabot %} identifies an outdated dep
 
 If you enable security updates, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
 
+{% data reusables.dependabot.pull-request-security-vs-version-updates %}
+
 {% data reusables.dependabot.dependabot-tos %}
 
 ### Frequency of {% data variables.product.prodname_dependabot %} pull requests

content/actions/using-github-hosted-runners/about-ae-hosted-runners.md

@@ -11,10 +11,10 @@ versions:
 
 You must choose or generate a password for your {% data variables.product.product_name %} account that is at least:
 - Eight characters long, if it includes a number and a lowercase letter, or
-- 16 characters long with any combination of characters
+- 15 characters long with any combination of characters
 
 To keep your account secure, we recommend you follow these best practices:
-- Use a password manager, such as [LastPass](https://lastpass.com/) or [1Password](https://1password.com/), to generate a password more than 16 characters.
+- Use a password manager, such as [LastPass](https://lastpass.com/) or [1Password](https://1password.com/), to generate a password of at least 15 characters.
 - Generate a unique password for {% data variables.product.product_name %}. If you use your {% data variables.product.product_name %} password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your {% data variables.product.product_name %} account.
 - Configure two-factor authentication for your personal account. For more information, see "[About two-factor authentication](/articles/about-two-factor-authentication)."
 - Never share your password, even with a potential collaborator. Each person should use their own personal account on {% data variables.product.product_name %}. For more information on ways to collaborate, see: "[Inviting collaborators to a personal repository](/articles/inviting-collaborators-to-a-personal-repository)," "[About collaborative development models](/articles/about-collaborative-development-models/)," or "[Collaborating with groups in organizations](/articles/collaborating-with-groups-in-organizations/)."

content/github/administering-a-repository/about-dependabot-version-updates.md

@@ -22,6 +22,10 @@ The {% data variables.product.prodname_dependabot_security_updates %} feature is
 
 {% endnote %}
 
+You can enable a related feature, {% data variables.product.prodname_dependabot_version_updates %}, so that {% data variables.product.prodname_dependabot %} raises pull requests to update the manifest to the latest version of the dependency, whenever it detects an outdated dependency. For more information, see "[About {% data variables.product.prodname_dependabot %} version updates](/github/administering-a-repository/about-dependabot-version-updates)."
+
+{% data reusables.dependabot.pull-request-security-vs-version-updates %}
+
 ### About pull requests for security updates
 
 Each pull request contains everything you need to quickly and safely review and merge a proposed fix into your project. This includes information about the vulnerability like release notes, changelog entries, and commit details. Details of which vulnerability a pull request resolves are hidden from anyone who does not have access to {% data variables.product.prodname_dependabot_alerts %} for the repository.

content/github/authenticating-to-github/creating-a-strong-password.md

@@ -76,6 +76,8 @@ You can enable or disable features for all repositories. {% if currentVersion ==
    ![Button to enable feature for all the eligible repositories in the organization](/assets/images/enterprise/github-ae/organizations/security-and-analysis-enable-secret-scanning-existing-repos-ghae.png)
    {% endif %}
 
+   {% data reusables.security.displayed-information %}
+
 ### Enabling or disabling a feature automatically when new repositories are added
 
 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."

content/github/managing-security-vulnerabilities/about-dependabot-security-updates.md

@@ -28,6 +28,8 @@ For an overview of repository-level security, see "[About securing your reposito
 7. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories you own.
   ![Button to disable or enable feature](/assets/images/help/settings/security-and-analysis-enable-dependency-graph.png)
 
+{% data reusables.security.displayed-information %}
+
 ### Enabling or disabling features for new repositories
 
 {% data reusables.user_settings.access_settings %}

content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md

@@ -128,6 +128,7 @@ sections:
     - Juypter Notebook rendering in the web UI may fail if the notebook includes non UTF-8 encoded characters.
     - Dependency graph fails to parse `setup.py` Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.
     - A race condition can cause dependency graph database migrations to appear to fail.
+    - Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.
 
   deprecations:
     - heading: Deprecation of GitHub Enterprise Server 2.19

content/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account.md

@@ -40,3 +40,4 @@ sections:
     - 'Repository [deploy keys](/developers/overview/managing-deploy-keys) are unable to be used with repositories containing LFS objects.'
     - 'Juypter Notebook rendering in the web UI may fail if the notebook includes non UTF-8 encoded characters.'
     - 'Dependency graph fails to parse `yarn.lock` Javascript manifest files, resulting in HTTP 500 errors in logs.'
+    - 'Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.'