repo sync

Author: Octomerger

.github/workflows/repo-sync.yml

@@ -17,7 +17,6 @@ jobs:
   repo-sync:
     name: Repo Sync
     runs-on: ubuntu-latest
-    continue-on-error: true
     steps:
 
     - name: Exit if repo is frozen

content/github/administering-a-repository/configuration-options-for-dependency-updates.md

@@ -546,12 +546,6 @@ updates:
 
 Use the `vendor` option to tell {% data variables.product.prodname_dependabot_short %} to vendor dependencies when updating them.
 
-{% note %}
-
-Currently, {% data variables.product.prodname_dependabot_short %} only supports vendoring dependencies for Bundler.
-
-{% endnote %}
-
 ```yaml
 # Configure version updates for both dependencies defined in manifests and vendored dependencies
 
@@ -565,7 +559,13 @@ updates:
       interval: "weekly"
 ```
 
-{% data variables.product.prodname_dependabot_short %} only updates the vendored dependencies located in specific directories in a repository. For Bundler, the dependencies must be in the _vendor/cache_ directory. Other file paths are not supported. For more information, see the [`bundle cache` documentation](https://bundler.io/man/bundle-cache.1.html).
+{% data variables.product.prodname_dependabot_short %} only updates the vendored dependencies located in specific directories in a repository.
+
+| Package manager | Required file path for vendored dependencies | More information |
+  |------------------|-------------------------------|--------|
+  | `bundler` | The dependencies must be in the _vendor/cache_ directory.</br>Other file paths are not supported. | [`bundle cache` documentation](https://bundler.io/man/bundle-cache.1.html) |
+  | `gomod` | No path requirement (dependencies are usually located in the _vendor_ directory) | [`go mod vendor` documentation](https://golang.org/ref/mod#go-mod-vendor) |
+
 
 ### `versioning-strategy`
 

content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md

@@ -37,7 +37,7 @@ Anyone with read permission for a repository can see {% data variables.product.p
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
 {% data reusables.repositories.sidebar-code-scanning-alerts %}
-1. Under "{% data variables.product.prodname_code_scanning %}," click the alert you'd like to explore.
+1. Under "{% data variables.product.prodname_code_scanning_capc %}," click the alert you'd like to explore.
   ![Summary of alerts](/assets/images/help/repository/code-scanning-click-alert.png)
 1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used.
   ![The "Show paths" link on an alert](/assets/images/help/repository/code-scanning-show-paths.png)

content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system.md

@@ -9,6 +9,7 @@ versions:
   free-pro-team: '*'
   enterprise-server: '>=2.22'
 ---
+<!--UI-LINK: When GitHub Enterprise Server doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
 
 {% data reusables.code-scanning.beta-codeql-runner %}
 {% data reusables.code-scanning.beta %}

content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md

@@ -36,6 +36,8 @@ If you upload a SARIF file without fingerprint data using the `/code-scanning/sa
 
 ### Validating your SARIF file
 
+<!--UI-LINK: When code scanning fails, the error banner shown in the Security > Code scanning alerts view links to this anchor.-->
+
 You can check a SARIF file is compatible with {% data variables.product.prodname_code_scanning %} by testing it against the {% data variables.product.prodname_dotcom %} ingestion rules. For more information, visit the [Microsoft SARIF validator](https://sarifweb.azurewebsites.net/).
 
 ### Supported SARIF output file properties

data/reusables/dependabot/supported-package-managers.md

@@ -7,7 +7,7 @@ Docker: `docker` |
 Elm: `elm` |
 git submodule: `gitsubmodule` |
 GitHub Actions: `github-actions` |
-Go modules: `gomod` |
+Go modules: `gomod` | **X**
 Gradle: `gradle` |
 Maven: `maven` |
 Mix: `mix` |

middleware/handle-csrf-errors.js

@@ -0,0 +1,8 @@
+module.exports = async function handleCSRFError (error, req, res, next) {
+  // If the CSRF token is bad
+  if (error.code === 'EBADCSRFTOKEN') {
+    return res.sendStatus(403)
+  }
+
+  return next(error)
+}

middleware/handle-errors.js

@@ -48,10 +48,5 @@ module.exports = async function handleError (error, req, res, next) {
     }
   }
 
-  // If the CSRF token is bad
-  if (error.code === 'EBADCSRFTOKEN') {
-    return res.sendStatus(403)
-  }
-
   res.status(500).send(await liquid.parseAndRender(layouts['error-500'], req.context))
 }

middleware/index.js

@@ -28,6 +28,7 @@ module.exports = function (app) {
   app.use(require('./robots'))
   app.use(require('./cookie-parser'))
   app.use(require('./csrf'))
+  app.use(require('./handle-csrf-errors'))
   app.use(require('compression')())
   app.use(require('connect-slashes')(false))
   app.use('/dist', express.static('dist'))