Merge branch 'main' into remove-fpt

Author: sarahs

content/developers/apps/scopes-for-oauth-apps.md

@@ -46,8 +46,8 @@ Name | Description
  `repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.
  `public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.
  `repo:invite` | Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites *without* granting access to the code.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
-&emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning).{% endif %}{% if currentVersion ver_gt "enterprise-server@2.21" and currentVersion ver_lt "enterprise-server@3.1" %}
-&emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning).{% endif %}
+&emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning) <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning) <br/> This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}{% if currentVersion ver_gt "enterprise-server@2.21" and currentVersion ver_lt "enterprise-server@3.1" %}
+&emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}
 **`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in public and private repositories. The `repo` and `public_repo` scopes grants full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
 &emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in public or private repositories.
 &emsp;`read:repo_hook`| Grants read and ping access to hooks in public or private repositories.

lib/warm-server.js

@@ -7,8 +7,8 @@ const loadSiteTree = require('./site-tree')
 // Instrument these functions so that
 // it's wrapped in a timer that reports to Datadog
 const dog = {
-  loadPages: statsd.timer(loadPages, 'load_pages'),
-  loadPageMap: statsd.timer(loadPageMap, 'load_page_map'),
+  loadPages: statsd.asyncTimer(loadPages, 'load_pages'),
+  loadPageMap: statsd.asyncTimer(loadPageMap, 'load_page_map'),
   loadRedirects: statsd.timer(loadRedirects, 'load_redirects'),
   loadSiteData: statsd.timer(loadSiteData, 'load_site_data'),
   loadSiteTree: statsd.asyncTimer(loadSiteTree, 'load_site_tree')

middleware/csp.js

@@ -56,7 +56,9 @@ module.exports = async (req, res, next) => {
 
   // Exception for Algolia instantsearch in deprecated Enterprise docs (Node.js era)
   if (versionSatisfiesRange(requestedVersion, '<=2.19') && versionSatisfiesRange(requestedVersion, '>2.12')) {
-    csp.directives.scriptSrc.push("'unsafe-eval'")
+    csp.directives.scriptSrc.push("'unsafe-eval'", "'unsafe-inline'", 'http://www.google-analytics.com', 'https://ssl.google-analytics.com')
+    csp.directives.connectSrc.push('https://www.google-analytics.com')
+    csp.directives.imgSrc.push('http://www.google-analytics.com', 'https://ssl.google-analytics.com')
   }
 
   // Exception for search in deprecated Enterprise docs <=2.12 (static site era)

tests/routing/deprecated-enterprise-versions.js

@@ -169,6 +169,16 @@ describe('JS and CSS assets', () => {
     expect(result.get('Content-Type')).toBe('image/svg+xml; charset=utf-8')
   })
 
+  it('returns the expected node_modules', async () => {
+    const result = await supertest(app)
+      .get('/node_modules/algoliasearch/dist/algoliasearch.min.js')
+      .set('Referrer', '/en/enterprise/2.17')
+
+    expect(result.statusCode).toBe(200)
+    expect(result.get('x-is-archived')).toBe('true')
+    expect(result.get('Content-Type')).toBe('application/javascript; charset=utf-8')
+  })
+
   it('returns the expected favicon', async () => {
     const result = await supertest(app)
       .get('/assets/images/site/favicon.svg')
@@ -179,7 +189,7 @@ describe('JS and CSS assets', () => {
     expect(result.get('Content-Type')).toBe('image/svg+xml; charset=utf-8')
   })
 
-  it('returns the expected CSS file  ( <2.13 )', async () => {
+  it('returns the expected CSS file ( <2.13 )', async () => {
     const result = await supertest(app)
       .get('/assets/stylesheets/application.css')
       .set('Referrer', '/en/enterprise/2.12')