Merge branch 'main' into restore-procedural-image-wrapper

Author: sarahs

.github/PULL_REQUEST_TEMPLATE.md

@@ -25,3 +25,11 @@ Thanks again!
 - [ ] I have reviewed my changes in staging. (look for the **deploy-to-heroku** link in your pull request, then click **View deployment**)
 - [ ] For content changes, I have reviewed the [localization checklist](https://github.com/github/docs/blob/main/contributing/localization-checklist.md)
 - [ ] For content changes, I have reviewed the [Content style guide for GitHub Docs](https://github.com/github/docs/blob/main/contributing/content-style-guide.md).
+
+### Writer impact (This section is for GitHub staff members only):
+
+- [ ] This pull request impacts the contribution experience
+  - [ ] I have added the 'writer impact' label
+  - [ ] I have added a description and/or a video demo of the changes below (eg. a "before and after video")
+
+<!-- Description of the writer impact here -->

assets/images/help/repository/repo-transfer-complete.png

@@ -20,6 +20,7 @@ topics:
     {% link_in_list /exploring-the-dependencies-of-a-repository %}
 {% topic_link_in_list /keeping-your-dependencies-updated-automatically %}
     {% link_in_list /about-dependabot-version-updates %}
+    {% link_in_list /upgrading-from-dependabotcom-to-github-native-dependabot %}
     {% link_in_list /enabling-and-disabling-version-updates %}
     {% link_in_list /listing-dependencies-configured-for-version-updates %}
     {% link_in_list /managing-pull-requests-for-dependency-updates %}

assets/images/help/repository/repo-transfer-free-plan-warnings.png

@@ -0,0 +1,36 @@
+---
+title: Upgrading from Dependabot.com to GitHub-native Dependabot
+intro: 'You can upgrade to GitHub-native Dependabot by merging a pull request that will allow your dependencies to continue being updated.'
+versions:
+  free-pro-team: '*'
+topics:
+  - repositories
+---
+
+### About upgrading from Dependabot Preview to {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}
+
+Dependabot Preview has been built directly into {% data variables.product.prodname_dotcom %}, so you can use {% data variables.product.prodname_dependabot %} alongside all the other functionality in {% data variables.product.prodname_dotcom %} without having to install and use a separate application. By migrating to {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, we can also focus on bringing lots of exciting new features to {% data variables.product.prodname_dependabot %}, including more [ecosystem updates](https://github.com/github/roadmap/issues/150), [improved notifications](https://github.com/github/roadmap/issues/133), and {% data variables.product.prodname_dependabot %} support for [{% data variables.product.prodname_ghe_server %}](https://github.com/github/roadmap/issues/86) and [{% data variables.product.prodname_ghe_managed %}](https://github.com/github/roadmap/issues/135).
+
+### Differences between Dependabot Preview and {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}
+
+While most of the Dependabot Preview features exist in {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, a few remain unavailable: 
+- **Live updates:** We hope to bring these back in the future. For now, you can run {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_dependabot %} daily to catch new packages within one day of release.
+- **PHP environment variable registries:** For now, you can use {% data variables.product.prodname_actions %} to fetch dependencies from these registries.
+- **Auto-merge:** We always recommend verifying your dependencies before merging them; therefore, auto-merge will not be supported for the foreseeable future. For those of you who have vetted your dependencies, or are only using internal dependencies, we recommend adding third-party auto-merge apps, or setting up GitHub Actions to merge.
+
+In {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, you can configure all version updates using the configuration file. This file is similar to the Dependabot Preview configuration file with a few changes and improvements that will be automatically included in your upgrade pull request. For more information about the upgrade pull request, see "[Upgrading to GitHub-native Dependabot](/code-security/supply-chain-security/upgrading-from-dependabotcom-to-github-native-dependabot#upgrading-to-github-native-dependabot)".
+
+To see update logs for {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %} that were previously on the Dependabot.com dashboard:
+
+  1. Navigate to your repository’s **Insights** page.
+  2. Click **Dependency graph** to the left.
+  3. Click **{% data variables.product.prodname_dependabot %}**.
+
+For more information about version updates with {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, see "[About Dependabot version updates](/code-security/supply-chain-security/about-dependabot-version-updates)."
+
+### Upgrading to {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}
+
+Upgrading from Dependabot Preview to {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %} requires only one step: merge the *Upgrade to GitHub-native Dependabot* pull request in your repository. This pull request includes the updated configuration file needed for {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}.
+
+If you have any questions or need help migrating, you can view or open issues in the [dependabot/dependabot-core](https://github.com/dependabot/dependabot-core/issues) repository.
+

content/code-security/supply-chain-security/index.md

@@ -88,6 +88,12 @@ We strongly recommend you implement signature validation in your secret alert se
 
 You can retrieve the {% data variables.product.prodname_dotcom %} secret scanning public key from https://api.github.com/meta/public_keys/secret_scanning and validate the message using the `ECDSA-NIST-P256V1-SHA256` algorithm.
 
+{% note %}
+
+**Note**: When you send a request to the public key endpoint above, you may hit rate limits. To avoid hitting rate limits, you can use a personal access token as suggested below, or use a conditional request. For more information, see "[Getting started with the REST API](/rest/guides/getting-started-with-the-rest-api#conditional-requests)."
+
+{% endnote %}
+
 Assuming you receive the following message, the code snippets below demonstrate how you could perform signature validation.
 The code also assumes you've set an environment variable called `GITHUB_PRODUCTION_TOKEN` with a generated PAT (https://github.com/settings/tokens). The token does not need any permissions set.
 
@@ -358,4 +364,3 @@ A few important points:
 **Note:** Our request timeout is set to be higher (that is, 30 seconds) for partners who provide data about false positives. If you require a timeout higher than 30 seconds, email us at <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
 
 {% endnote %}
-

content/code-security/supply-chain-security/upgrading-from-dependabotcom-to-github-native-dependabot.md

@@ -21,7 +21,7 @@ Query parameters are optional parts of a URL you can customize to share a specif
 
 You must have the proper permissions for any action to use the equivalent query parameter. For example, you must have permission to add a label to an issue to use the `labels` query parameter.
 
-If you create an invalid URL using query parameters, or if you don’t have the proper permissions, the URL will return a 404 error page.  
+If you create an invalid URL using query parameters, or if you don’t have the proper permissions, the URL will return a `404 Not Found` error page. If you create a URL that exceeds the server limit, the URL will return a `414 URI Too Long` error page.
 
 ### Supported query parameters