Merge branch 'main' into feat/add-contributor-frontmatter

sarahs · web-flow · commit 90ced5fa387e · 2021-03-11T19:46:38.000-05:00
diff --git a/.github/workflows/remove-from-fr-board.yaml b/.github/workflows/remove-from-fr-board.yaml
@@ -2,7 +2,7 @@ name: Remove card from FR board
 
 on:
   repository_dispatch:
-    types: remove_from_FR_board
+    types: remove_from_docs_FR_board
 
 jobs:
   remove_from_FR_board:
diff --git a/content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md b/content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md
@@ -20,8 +20,7 @@ When your code depends on a package that has a security vulnerability, this vuln
  {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %} detects vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %}{% else %}{% data variables.product.product_name %} detects vulnerable dependencies and sends security alerts{% endif %} when:
 
 {% if currentVersion == "free-pro-team@latest" %}
-- A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)."
-- New vulnerability data from [WhiteSource](https://www.whitesourcesoftware.com/vulnerability-database) is processed.{% else %}
+- A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)."{% else %}
 - New advisory data is synchronized to {% data variables.product.prodname_ghe_server %} each hour from {% data variables.product.prodname_dotcom_the_website %}. For more information about advisory data, see "<a href="/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database" class="dotcom-only">Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}</a>."{% endif %}
 - The dependency graph for a repository changes. For example, when a contributor pushes a commit to change the packages or versions it depends on{% if currentVersion == "free-pro-team@latest" %}, or when the code of one of the dependencies changes{% endif %}. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
 
diff --git a/content/github/visualizing-repository-data-with-graphs/about-the-dependency-graph.md b/content/github/visualizing-repository-data-with-graphs/about-the-dependency-graph.md
@@ -64,6 +64,9 @@ When the dependency graph is first enabled, any manifest and lock files for supp
 
 The recommended formats explicitly define which versions are used for all direct and all indirect dependencies. If you use these formats, your dependency graph is more accurate. It also reflects the current build set up and enables the dependency graph to report vulnerabilities in both direct and indirect dependencies.{% if currentVersion == "free-pro-team@latest" %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for vulnerable dependencies.{% endif %}
 
+{% if currentVersion == "free-pro-team@latest" %}The ecosystems listed below are supported for the dependency graph, {% data variables.product.prodname_dependabot_alerts %}, and {% data variables.product.prodname_dependabot_security_updates %}.{% endif %}
+{% if currentVersion ver_gt "enterprise-server@2.21" %}The ecosystems listed below are supported for the dependency graph and {% data variables.product.prodname_dependabot_alerts %}.{% endif %}
+
 | Package manager | Languages | Recommended formats | All supported formats |
 | --- | --- | --- | ---|
 | Composer             | PHP           | `composer.lock` | `composer.json`, `composer.lock` |
diff --git a/data/release-notes/3-0/0.yml b/data/release-notes/3-0/0.yml
@@ -123,6 +123,7 @@ sections:
     - When GitHub Actions is enabled, use '`ghe-maintenance -u`' to unset maintenance mode.
     - 'Duplicated logging to `/var/log/messages`, `/var/log/syslog`, and `/var/log/user.log` results in increased root volume utilization.'
     - Users can dismiss a mandatory message without checking all checkboxes.
+    - '[Pre-receive hook scripts](/admin/policies/enforcing-policy-with-pre-receive-hooks) cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.'
     - Repository [deploy keys](/developers/overview/managing-deploy-keys) are unable to be used with repositories containing LFS objects.
     - Juypter Notebook rendering in the web UI may fail if the notebook includes non UTF-8 encoded characters.
     - Dependency graph fails to parse `setup.py` Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.
diff --git a/data/release-notes/3-0/1.yml b/data/release-notes/3-0/1.yml
@@ -36,6 +36,7 @@ sections:
     - 'When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact [GitHub Enterprise Support](https://enterprise.githubsupport.com/hc/en-us) or [GitHub Premium Support](https://premium.githubsupport.com/).'
     - 'Duplicated logging to `/var/log/messages`, `/var/log/syslog`, and `/var/log/user.log` results in increased root volume utilization.'
     - 'Users can dismiss a mandatory message without checking all checkboxes.'
+    - '[Pre-receive hook scripts](/admin/policies/enforcing-policy-with-pre-receive-hooks) cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.'
     - 'Repository [deploy keys](/developers/overview/managing-deploy-keys) are unable to be used with repositories containing LFS objects.'
     - 'Juypter Notebook rendering in the web UI may fail if the notebook includes non UTF-8 encoded characters.'
     - 'Dependency graph fails to parse `yarn.lock` Javascript manifest files, resulting in HTTP 500 errors in logs.'
diff --git a/middleware/abort.js b/middleware/abort.js
@@ -1,4 +1,4 @@
-module.exports = function (req, res, next) {
+module.exports = function abort (req, res, next) {
   // If the client aborts the connection, send an error
   req.once('aborted', () => {
     // NOTE: Node.js will also automatically set `req.aborted = true`
diff --git a/middleware/archived-enterprise-versions-assets.js b/middleware/archived-enterprise-versions-assets.js
@@ -11,7 +11,7 @@ const ONE_DAY = 24 * 60 * 60 // 1 day in seconds
 //
 // See also ./archived-enterprise-versions.js for non-CSS/JS paths
 
-module.exports = async (req, res, next) => {
+module.exports = async function archivedEnterpriseVersionsAssets (req, res, next) {
   const { isArchived, requestedVersion } = isArchivedVersion(req)
   if (!isArchived) return next()
 
diff --git a/middleware/archived-enterprise-versions.js b/middleware/archived-enterprise-versions.js
@@ -11,7 +11,7 @@ const archivedFrontmatterFallbacks = require('../lib/redirects/static/archived-f
 // This module handles requests for deprecated GitHub Enterprise versions
 // by routing them to static content in help-docs-archived-enterprise-versions
 
-module.exports = async (req, res, next) => {
+module.exports = async function archivedEnterpriseVersions (req, res, next) {
   const { isArchived, requestedVersion } = isArchivedVersion(req)
   if (!isArchived) return next()
 
diff --git a/middleware/block-robots.js b/middleware/block-robots.js
@@ -30,7 +30,7 @@ function blockIndex (path) {
   return pathRegExps.some(pathRe => pathRe.test(path))
 }
 
-const middleware = (req, res, next) => {
+const middleware = function blockRobots (req, res, next) {
   if (blockIndex(req.path)) res.set('x-robots-tag', 'noindex')
   return next()
 }
diff --git a/middleware/breadcrumbs.js b/middleware/breadcrumbs.js
@@ -3,7 +3,7 @@ const { getPathWithoutLanguage } = require('../lib/path-utils')
 const nonEnterpriseDefaultVersion = require('../lib/non-enterprise-default-version')
 const removeFPTFromPath = require('../lib/remove-fpt-from-path')
 
-module.exports = async (req, res, next) => {
+module.exports = async function breadcrumbs (req, res, next) {
   if (!req.context.page) return next()
   if (req.context.page.hidden) return next()
 
diff --git a/middleware/categories-for-support-team.js b/middleware/categories-for-support-team.js
@@ -8,7 +8,7 @@ const dotcomDir = path.join(__dirname, '../content/github')
 const dotcomIndex = path.join(dotcomDir, 'index.md')
 const linkRegex = /{% (?:topic_)?link_in_list ?\/(.*?) ?%}/g
 
-module.exports = async (req, res, next) => {
+module.exports = async function categoriesForSupportTeam (req, res, next) {
   if (req.path !== '/categories.json') return next()
   const categories = await generateCategories()
   return res.json(categories)
diff --git a/middleware/contextualizers/enterprise-release-notes.js b/middleware/contextualizers/enterprise-release-notes.js
@@ -66,7 +66,7 @@ async function renderPatchNotes (patch, ctx) {
   return patch
 }
 
-module.exports = async (req, res, next) => {
+module.exports = async function enterpriseReleaseNotesContext (req, res, next) {
   // The `/release-notes` sub-path
   if (!req.path.endsWith('/release-notes')) return next()
 
diff --git a/middleware/contextualizers/graphql.js b/middleware/contextualizers/graphql.js
@@ -8,7 +8,7 @@ const explorerUrl = process.env.NODE_ENV === 'production'
   ? 'https://graphql.github.com/explorer'
   : 'http://localhost:3000'
 
-module.exports = async (req, res, next) => {
+module.exports = function graphqlContext (req, res, next) {
   const currentVersionObj = allVersions[req.context.currentVersion]
   // ignore requests to non-GraphQL reference paths
   // and to versions that don't exist
diff --git a/middleware/contextualizers/rest.js b/middleware/contextualizers/rest.js
@@ -2,7 +2,7 @@ const path = require('path')
 const rest = require('../../lib/rest')
 const removeFPTFromPath = require('../../lib/remove-fpt-from-path')
 
-module.exports = async function (req, res, next) {
+module.exports = function restContext (req, res, next) {
   req.context.rest = rest
 
   // link to include in `Works with GitHub Apps` notes
diff --git a/middleware/contextualizers/webhooks.js b/middleware/contextualizers/webhooks.js
@@ -4,7 +4,7 @@ const webhookPayloads = require(path.join(process.cwd(), 'lib/webhooks'))
 const nonEnterpriseDefaultVersion = require('../../lib/non-enterprise-default-version')
 const allVersions = require('../../lib/all-versions')
 
-module.exports = async (req, res, next) => {
+module.exports = function webhooksContext (req, res, next) {
   const currentVersionObj = allVersions[req.context.currentVersion]
   // ignore requests to non-webhook reference paths
   // and to versions that don't exist
diff --git a/middleware/csp.js b/middleware/csp.js
@@ -7,7 +7,7 @@ const versionSatisfiesRange = require('../lib/version-satisfies-range')
 const AZURE_STORAGE_URL = 'githubdocs.azureedge.net'
 
 // module.exports = contentSecurityPolicy({
-module.exports = async (req, res, next) => {
+module.exports = function csp (req, res, next) {
   const csp = {
     directives: {
       defaultSrc: ["'none'"],
diff --git a/middleware/detect-language.js b/middleware/detect-language.js
@@ -1,7 +1,7 @@
 const languageCodes = Object.keys(require('../lib/languages'))
 
 // determine language code from first part of URL, or default to English
-module.exports = async function detectLanguage (req, res, next) {
+module.exports = function detectLanguage (req, res, next) {
   // /en/articles/foo
   //  ^^
   const firstPartOfPath = req.path.split('/')[1]
diff --git a/middleware/dev-toc.js b/middleware/dev-toc.js
@@ -1,7 +1,7 @@
 const { liquid } = require('../lib/render-content')
 const layouts = require('../lib/layouts')
 
-module.exports = async (req, res, next) => {
+module.exports = async function devToc (req, res, next) {
   if (process.env.NODE_ENV !== 'development') return next()
   if (!req.path.endsWith('/dev-toc')) return next()
 
diff --git a/middleware/disable-caching-on-safari.js b/middleware/disable-caching-on-safari.js
@@ -1,4 +1,4 @@
-module.exports = (req, res, next) => {
+module.exports = function disableCachingOnSafari (req, res, next) {
   const isSafari = /^((?!chrome|android).)*safari/i.test(req.headers['user-agent'])
   if (isSafari) {
     res.header('Last-Modified', (new Date()).toUTCString())
diff --git a/middleware/early-access-breadcrumbs.js b/middleware/early-access-breadcrumbs.js
@@ -5,7 +5,7 @@ const removeFPTFromPath = require('../lib/remove-fpt-from-path')
 
 // Early Access content doesn't conform to the same structure as other products, so we
 // can't derive breadcrumbs from the siteTree in the same way. Hence, this separate middleware.
-module.exports = async (req, res, next) => {
+module.exports = async function earlyAccessBreadcrumbs (req, res, next) {
   if (!req.context.page) return next()
   if (!req.context.page.hidden) return next()
 
diff --git a/middleware/enterprise-server-releases.js b/middleware/enterprise-server-releases.js
@@ -2,7 +2,7 @@ const { liquid } = require('../lib/render-content')
 const layouts = require('../lib/layouts')
 const getMiniTocItems = require('../lib/get-mini-toc-items')
 
-module.exports = async (req, res, next) => {
+module.exports = async function enterpriseServerReleases (req, res, next) {
   if (!req.path.endsWith('/enterprise-server-releases')) return next()
 
   const html = await liquid.parseAndRender(layouts['enterprise-server-releases'], req.context)
diff --git a/middleware/events.js b/middleware/events.js
@@ -10,7 +10,7 @@ const ajv = new Ajv()
 
 const router = express.Router()
 
-router.post('/', async (req, res, next) => {
+router.post('/', async function postEvents (req, res, next) {
   const isDev = process.env.NODE_ENV === 'development'
   const fields = omit(req.body, '_csrf')
 
diff --git a/middleware/featured-links.js b/middleware/featured-links.js
@@ -1,7 +1,7 @@
 const getLinkData = require('../lib/get-link-data')
 
 // this middleware adds properties to the context object
-module.exports = async (req, res, next) => {
+module.exports = async function featuredLinks (req, res, next) {
   if (!req.context.page) return next()
 
   if (!(req.context.page.relativePath.endsWith('index.md') || req.context.page.layout === 'product-landing')) return next()
diff --git a/middleware/handle-csrf-errors.js b/middleware/handle-csrf-errors.js
@@ -1,4 +1,4 @@
-module.exports = async function handleCSRFError (error, req, res, next) {
+module.exports = function handleCSRFError (error, req, res, next) {
   // If the CSRF token is bad
   if (error.code === 'EBADCSRFTOKEN') {
     return res.sendStatus(403)
diff --git a/middleware/handle-errors.js b/middleware/handle-errors.js
@@ -28,47 +28,52 @@ async function logException (error, req) {
 }
 
 module.exports = async function handleError (error, req, res, next) {
-  // If the headers have already been sent or the request was aborted...
-  if (res.headersSent || req.aborted) {
-    // Report to Failbot
-    await logException(error, req)
+  try {
+    // If the headers have already been sent or the request was aborted...
+    if (res.headersSent || req.aborted) {
+      // Report to Failbot
+      await logException(error, req)
 
-    // We MUST delegate to the default Express error handler
-    return next(error)
-  }
+      // We MUST delegate to the default Express error handler
+      return next(error)
+    }
 
-  // if the error is thrown before req.context is created (say, in the Page class),
-  // set req.context.site here so we can pass data/ui.yml text to the 500 layout
-  if (!req.context) {
-    const site = await loadSiteData()
-    req.context = { site: site[req.language || 'en'].site }
-  }
+    // if the error is thrown before req.context is created (say, in the Page class),
+    // set req.context.site here so we can pass data/ui.yml text to the 500 layout
+    if (!req.context) {
+      const site = await loadSiteData()
+      req.context = { site: site[req.language || 'en'].site }
+    }
 
-  // display error on the page in development, but not in production
-  if (process.env.NODE_ENV !== 'production' && req.context) {
-    req.context.error = error
-  }
+    // display error on the page in development, but not in production
+    if (process.env.NODE_ENV !== 'production' && req.context) {
+      req.context.error = error
+    }
 
-  // Special handling for when a middleware calls `next(404)`
-  if (error === 404) {
-    return res
-      .status(404)
-      .send(await liquid.parseAndRender(layouts['error-404'], req.context))
-  }
+    // Special handling for when a middleware calls `next(404)`
+    if (error === 404) {
+      return res
+        .status(404)
+        .send(await liquid.parseAndRender(layouts['error-404'], req.context))
+    }
 
-  // If the error contains a status code, just send that back. This is usually
-  // from a middleware like `express.json()` or `csrf`.
-  if (error.statusCode || error.status) {
-    return res.sendStatus(error.statusCode || error.status)
-  }
+    // If the error contains a status code, just send that back. This is usually
+    // from a middleware like `express.json()` or `csrf`.
+    if (error.statusCode || error.status) {
+      return res.sendStatus(error.statusCode || error.status)
+    }
 
-  if (process.env.NODE_ENV !== 'test') {
-    console.error('500 error!', req.path)
-    console.error(error)
-  }
+    if (process.env.NODE_ENV !== 'test') {
+      console.error('500 error!', req.path)
+      console.error(error)
+    }
 
-  res.status(500).send(await liquid.parseAndRender(layouts['error-500'], req.context))
+    res.status(500).send(await liquid.parseAndRender(layouts['error-500'], req.context))
 
-  // Report to Failbot AFTER responding to the user
-  await logException(error, req)
+    // Report to Failbot AFTER responding to the user
+    await logException(error, req)
+  } catch (error) {
+    console.error('An error occurred in the error handling middleware!', error)
+    return next(error)
+  }
 }
diff --git a/middleware/handle-invalid-paths.js b/middleware/handle-invalid-paths.js
@@ -1,6 +1,6 @@
 const patterns = require('../lib/patterns')
 
-module.exports = (req, res, next) => {
+module.exports = function handleInvalidPaths (req, res, next) {
   // prevent open redirect vulnerability
   if (req.path.match(patterns.multipleSlashes)) {
     return next(404)
@@ -10,12 +10,13 @@ module.exports = (req, res, next) => {
   // for paths like /%7B%
   try {
     decodeURIComponent(req.path)
-    return next()
   } catch (err) {
     if (process.env.NODE_ENV !== 'test') {
       console.log('unable to decode path', req.path, err)
     }
 
     return res.sendStatus(400)
   }
+
+  return next()
 }
diff --git a/middleware/index.js b/middleware/index.js
@@ -64,15 +64,15 @@ module.exports = function (app) {
   app.use(instrument('./redirects/handle-redirects')) // Must come before contextualizers
 
   // *** Config and context for rendering ***
-  app.use(instrument('./find-page')) // Must come before archived-enterprise-versions, breadcrumbs, featured-links, products, render-page
+  app.use(asyncMiddleware(instrument('./find-page'))) // Must come before archived-enterprise-versions, breadcrumbs, featured-links, products, render-page
   app.use(instrument('./block-robots'))
 
   // Check for a dropped connection before proceeding
   app.use(haltOnDroppedConnection)
 
   // *** Rendering, 2xx responses ***
   // I largely ordered these by use frequency
-  app.use(instrument('./archived-enterprise-versions-assets')) // Must come before static/assets
+  app.use(asyncMiddleware(instrument('./archived-enterprise-versions-assets'))) // Must come before static/assets
   app.use('/dist', express.static('dist', {
     index: false,
     etag: false,
@@ -92,12 +92,12 @@ module.exports = function (app) {
     lastModified: false,
     maxAge: '7 days' // A bit longer since releases are more sparse
   }))
-  app.use('/events', instrument('./events'))
-  app.use('/search', instrument('./search'))
-  app.use(instrument('./archived-enterprise-versions'))
+  app.use('/events', asyncMiddleware(instrument('./events')))
+  app.use('/search', asyncMiddleware(instrument('./search')))
+  app.use(asyncMiddleware(instrument('./archived-enterprise-versions')))
   app.use(instrument('./robots'))
   app.use(/(\/.*)?\/early-access$/, instrument('./contextualizers/early-access-links'))
-  app.use(instrument('./categories-for-support-team'))
+  app.use(asyncMiddleware(instrument('./categories-for-support-team')))
   app.use(instrument('./loaderio-verification'))
   app.get('/_500', asyncMiddleware(instrument('./trigger-error')))
 
@@ -109,12 +109,12 @@ module.exports = function (app) {
   app.use(instrument('./contextualizers/graphql'))
   app.use(instrument('./contextualizers/rest'))
   app.use(instrument('./contextualizers/webhooks'))
-  app.use(instrument('./breadcrumbs'))
-  app.use(instrument('./early-access-breadcrumbs'))
-  app.use(instrument('./enterprise-server-releases'))
-  app.use(instrument('./dev-toc'))
-  app.use(instrument('./featured-links'))
-  app.use(instrument('./learning-track'))
+  app.use(asyncMiddleware(instrument('./breadcrumbs')))
+  app.use(asyncMiddleware(instrument('./early-access-breadcrumbs')))
+  app.use(asyncMiddleware(instrument('./enterprise-server-releases')))
+  app.use(asyncMiddleware(instrument('./dev-toc')))
+  app.use(asyncMiddleware(instrument('./featured-links')))
+  app.use(asyncMiddleware(instrument('./learning-track')))
 
   // *** Headers for pages only ***
   app.use(require('./set-fastly-cache-headers'))
diff --git a/middleware/learning-track.js b/middleware/learning-track.js
@@ -1,7 +1,7 @@
 const { getPathWithoutLanguage, getPathWithoutVersion } = require('../lib/path-utils')
 const getLinkData = require('../lib/get-link-data')
 
-module.exports = async (req, res, next) => {
+module.exports = async function learningTrack (req, res, next) {
   const noTrack = () => {
     req.context.currentLearningTrack = {}
     return next()
diff --git a/middleware/loaderio-verification.js b/middleware/loaderio-verification.js
diff --git a/middleware/record-redirect.js b/middleware/record-redirect.js
diff --git a/middleware/redirects/external.js b/middleware/redirects/external.js
diff --git a/middleware/redirects/handle-redirects.js b/middleware/redirects/handle-redirects.js
diff --git a/middleware/redirects/help-to-docs.js b/middleware/redirects/help-to-docs.js
diff --git a/middleware/redirects/language-code-redirects.js b/middleware/redirects/language-code-redirects.js
diff --git a/middleware/req-utils.js b/middleware/req-utils.js
diff --git a/middleware/robots.js b/middleware/robots.js
diff --git a/middleware/search.js b/middleware/search.js
diff --git a/middleware/set-fastly-cache-headers.js b/middleware/set-fastly-cache-headers.js
diff --git a/middleware/set-fastly-surrogate-key.js b/middleware/set-fastly-surrogate-key.js
diff --git a/middleware/trigger-error.js b/middleware/trigger-error.js
diff --git a/server.js b/server.js

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-module.exports = function (req, res, next) {`
	`1`	`+module.exports = function abort (req, res, next) {`
`2`	`2`	`// If the client aborts the connection, send an error`
`3`	`3`	`req.once('aborted', () => {`
`4`	`4`	// NOTE: Node.js will also automatically set `req.aborted = true`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ function blockIndex (path) {`
`30`	`30`	`return pathRegExps.some(pathRe => pathRe.test(path))`
`31`	`31`	`}`
`32`	`32`
`33`		`-const middleware = (req, res, next) => {`
	`33`	`+const middleware = function blockRobots (req, res, next) {`
`34`	`34`	`if (blockIndex(req.path)) res.set('x-robots-tag', 'noindex')`
`35`	`35`	`return next()`
`36`	`36`	`}`