Repo sync

.github/agents/readability-editor.md

@@ -36,6 +36,7 @@ You are an expert editor for the GitHub Docs content team. Your job is to maximi
 - When two possible phrasings are equally clear, choose the one with fewer words. Brevity directly improves readability.
 - Use full terms and not their shortened versions.
 - Use active voice and personal pronouns ("you," "your"); favor present tense.
+- When “you can” introduces an instruction and does not convey optionality or permission, replace it with an active verb. For example, “You can enable” becomes “Enable”. Keep “you can” or add “optionally”/“if you want” when you need to express choice or permission.
 - Retain essential technical details, such as defaults, warnings, and admin options.
 - Do not alter the intent of verbs and actions (ex. "navigate" does not necessarily mean "select").
 - Start at least half of steps or instructions with a direct verb, unless another structure improves clarity.

.github/workflows/index-general-search.yml

@@ -232,7 +232,7 @@ jobs:
 
       - name: Upload failures artifact
         if: ${{ steps.check-failures.outputs.has_failures == 'true' }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: search-failures-${{ matrix.language }}
           path: /tmp/records/failures-summary.json
@@ -254,7 +254,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Download all failure artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           pattern: search-failures-*
           path: /tmp/failures

content/actions/how-tos/manage-runners/larger-runners/control-access.md

@@ -27,7 +27,7 @@ Runner groups are used to control which repositories can run jobs on your {% dat
 * **Runners at the enterprise level:** {% data reusables.actions.about-enterprise-level-runner-groups %}
 * **Runners at the organization level:** {% data reusables.actions.about-organization-level-runner-groups %}
 
-For example, the following diagram has a runner group named `grp-ubuntu-20.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access to the `octo-org` organization. You must then configure the group at the organization level to allow access to `octo-repo`.
+For example, the following diagram has a runner group named `grp-ubuntu-24.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access to the `octo-org` organization. You must then configure the group at the organization level to allow access to `octo-repo`.
 
 ![Diagram showing a runner group defined at the enterprise level with an organization configuration that allows access for two repositories.](/assets/images/help/actions/hosted-runner-mgmt.png)
 

content/actions/how-tos/manage-runners/larger-runners/use-larger-runners.md

@@ -85,15 +85,15 @@ Use the labels in the table below to run your workflows on the corresponding mac
 
 {% data reusables.actions.runner-labels-implicit %}
 
-In this example, the `runs-on` key sends the job to any available runner that has been assigned the `ubuntu-20.04-16core` label:
+In this example, the `runs-on` key sends the job to any available runner that has been assigned the `ubuntu-24.04-16core` label:
 
 ```yaml
 name: learn-github-actions
 on: [push]
 jobs:
   check-bats-version:
     runs-on:
-      labels: ubuntu-20.04-16core
+      labels: ubuntu-24.04-16core
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - uses: {% data reusables.actions.action-setup-node %}
@@ -148,7 +148,7 @@ name: learn-github-actions-testing
 on: [push]
 jobs:
   build:
-    runs-on: macos-13-xlarge
+    runs-on: macos-26-xlarge
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - name: Build

content/actions/reference/runners/github-hosted-runners.md

@@ -50,6 +50,9 @@ Single-CPU {% data variables.product.github %}-hosted runners are available in b
 
 `ubuntu-slim` runners execute Actions workflows in Ubuntu Linux, inside a container rather than a full VM instance. When the job begins, {% data variables.product.github %} automatically provisions a new container for that job. All steps in the job execute in the container, allowing the steps in that job to share information using the runner's file system. When the job has finished, the container is automatically decommissioned. Each container provides hypervisor level 2 isolation.
 
+> [!NOTE]
+> The container for `ubuntu-slim` runners runs in unprivileged mode. This means that some operations requiring elevated privileges—such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features—are not supported.
+
 A minimal set of tools is installed on the `ubuntu-slim` runner image, appropriate for lightweight tasks. For details on what software is installed on the `ubuntu-slim` image, see the [README file](https://github.com/actions/runner-images/blob/main/images/ubuntu-slim/ubuntu-slim-Readme.md) in the `actions/runner-images` repository.
 
 #### Usage limits

content/actions/reference/workflows-and-actions/workflow-syntax.md

@@ -953,7 +953,7 @@ jobs:
   example_matrix:
     strategy:
       matrix:
-        os: [ubuntu-22.04, ubuntu-20.04]
+        os: [ubuntu-22.04, ubuntu-24.04]
         version: [10, 12, 14]
     runs-on: {% raw %}${{ matrix.os }}{% endraw %}
     steps:

content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md

@@ -14,6 +14,12 @@ redirect_from:
 
 You can remove an organization that is owned by your enterprise account, so the organization stands alone.
 
+## Limitations
+
+If you use {% data variables.product.prodname_emus %} or {% data variables.enterprise.data_residency %}, removing organizations from your enterprise is not possible.
+
+If you use {% data variables.product.prodname_emus %}, you can instead migrate organizations with the {% data variables.product.prodname_importer_proper_name %}. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products).
+
 ## What happens when an organization is removed?
 
 When you remove an organization from your enterprise:

content/code-security/concepts/security-at-scale/security-configurations.md

@@ -87,6 +87,16 @@ Some situations can break the enforcement of {% data variables.product.prodname_
 * Self-hosted runners with the label `code-scanning` are not available.{% endif %}
 * The languages excluded from {% data variables.product.prodname_code_scanning %} default setup are changed at the repository level.
 
+{% ifversion security-configuration-enterprise-level %}
+
+## Preservation of default settings for new repositories
+
+If you had default security settings in place for newly created repositories, {% data variables.product.github %} will preserve these settings by automatically creating a "New repository default settings" {% data variables.product.prodname_security_configuration %} for your enterprise. The configuration matches your previous enterprise-level default settings for new repositories as of December 2024.
+
+The configuration will be automatically applied to any newly created repositories in your enterprise that do not belong to an organization with its own default settings.
+
+{% endif %}
+
 ## Next steps
 
 {% ifversion security-configurations-cloud %}

content/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities.md

@@ -84,11 +84,16 @@ Private vulnerability reporting provides a secure, structured way for security r
 
 Without clear guidance on how to contact maintainers, security researchers may feel forced to disclose vulnerabilities publicly, such as by posting on social media, opening public issues, or contacting maintainers through informal channels, which can expose users to unnecessary risk. Private vulnerability reporting helps avoid these situations by offering a dedicated, private reporting workflow.
 
-For security researchers, private vulnerability reporting offers:
+For security researchers, the benefits of using private vulnerability reporting are:
 
-* Less frustration, and less time spent trying to figure out how to contact the maintainer.
-* A smoother process for disclosing and discussing vulnerability details.
-* The opportunity to discuss vulnerability details privately with the repository maintainer.
+* A clear, structured way to contact maintainers
+* A smoother process for disclosing and discussing vulnerability details
+* The ability to discuss vulnerability details privately with the repository maintainer
+* Reduced risk of vulnerability details being in the public eye before a fix is available
+
+For maintainers, the benefits of using private vulnerability reporting are:
+
+{% data reusables.security-advisory.private-vulnerability-reporting-benefits %}
 
 For more information for security researchers and repository maintainers, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) and [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities), respectively.
 

content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md

@@ -23,7 +23,7 @@ redirect_from:
 
 Security advisories are published as JSON files in the Open Source Vulnerability (OSV) format. For more information about the OSV format, see [Open Source Vulnerability format](https://ossf.github.io/osv-schema/).
 
-## About types of security advisories
+## Types of security advisories
 
 Each advisory in the {% data variables.product.prodname_advisory_database %} is for a vulnerability in open source projects or for malicious open source software.
 
@@ -68,11 +68,11 @@ If you enable {% data variables.product.prodname_dependabot_alerts %} for your r
 
 Our malware advisories are mostly about substitution attacks. During this type of attack, an attacker publishes a package to the public registry with the same name as a dependency that users rely on from a third party or private registry, with the hope that the malicious version is consumed. {% data variables.product.prodname_dependabot %} doesn’t look at project configurations to determine if the packages are coming from a private registry, so we aren't sure if you're using the malicious version or a non-malicious version. Users who have their dependencies appropriately scoped should not be affected by malware.
 
-## About information in security advisories
+## Information in security advisories
 
 In this section, you can find more detailed information about specific data attributes of the {% data variables.product.prodname_advisory_database %}.
 
-### About GHSA IDs
+### GHSA IDs
 
 Each security advisory, regardless of its type, has a unique identifier referred to as a GHSA ID. A `GHSA-ID` qualifier is assigned when a new advisory is created on {% data variables.product.prodname_dotcom %} or added to the {% data variables.product.prodname_advisory_database %} from any of the supported sources.
 
@@ -89,7 +89,7 @@ You can validate a GHSA ID using a regular expression.
 /GHSA(-[23456789cfghjmpqrvwx]{4}){3}/
 ```
 
-### About CVSS levels
+### CVSS levels
 
 {% ifversion cvss-4 %} The {% data variables.product.prodname_advisory_database %} supports both CVSS version 3.1 and CVSS version 4.0.{% endif %}
 
@@ -105,7 +105,7 @@ The {% data variables.product.prodname_advisory_database %} uses the CVSS levels
 
 {% data reusables.repositories.github-security-lab %}
 
-### About EPSS scores
+### EPSS scores
 
 The Exploit Prediction Scoring System, or EPSS, is a system devised by the global Forum of Incident Response and Security Teams (FIRST) for quantifying the likelihood of vulnerability exploit. The model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. For more information about FIRST, see https://www.first.org/.
 
@@ -124,6 +124,13 @@ FIRST also provides additional information around the distribution of their EPSS
 
 At {% data variables.product.company_short %}, we do not author this data, but rather source it from FIRST, which means that this data is not editable in community contributions. For more information about community contributions, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database).
 
+## Community contributions
+
+A **community contribution** is a pull request submitted to the [`github/advisory-database`](https://github.com/github/advisory-database) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additional affected ecosystems, the severity level, or the description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted.
+
+{% ifversion security-advisories-credit-types %}
+If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories).{% endif %}
+
 ## Further reading
 
 * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)

content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository.md

@@ -15,14 +15,7 @@ redirect_from:
   - /code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
 ---
 
-## About privately reporting a security vulnerability
-
-Security researchers often feel responsible for alerting users to a vulnerability that could be exploited. If there are no clear instructions about contacting maintainers of the repository containing the vulnerability, security researchers may have no other choice but to post about the vulnerability on social media, send direct messages to the maintainer, or even create public issues. This situation can potentially lead to a public disclosure of the vulnerability details.
-
-{% data reusables.security-advisory.private-vulnerability-reporting-overview %}
-
-For maintainers, the benefits of using private vulnerability reporting are:
-{% data reusables.security-advisory.private-vulnerability-reporting-benefits %}
+Enabling private vulnerability reporting gives security researchers a secure, structured way to disclose vulnerabilities directly in your repository. Once enabled, researchers can submit reports through  without resorting to public disclosure or informal channels. For background on private vulnerability reporting and how it fits into coordinated disclosure, see [AUTOTITLE](/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities).
 
 The instructions in this article refer to enablement at repository level. For information about enabling the feature at organization level, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization).
 

content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-security-advisories-in-the-github-advisory-database.md

@@ -1,6 +1,6 @@
 ---
 title: Editing security advisories in the GitHub Advisory Database
-intro: You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %} by making a community contribution.
+intro: Improve advisories published in the {% data variables.product.prodname_advisory_database %} by making community contributions.
 permissions: '{% data reusables.permissions.global-security-advisories-edit %}'
 redirect_from:
   - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database
@@ -22,17 +22,11 @@ topics:
 shortTitle: Edit Advisory Database
 ---
 
-## Editing advisories in the {% data variables.product.prodname_advisory_database %}
-
-The advisories in the {% data variables.product.prodname_advisory_database %} are global security advisories. For more information about global security advisories, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories).
-
-Anyone can suggest improvements on any global security advisory in the {% data variables.product.prodname_advisory_database %} by making a **community contribution**. A **community contribution** is a pull request submitted to the [github/advisory-database](https://github.com/github/advisory-database) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted.
+{% ifversion ghes %}
 
-{% ifversion security-advisories-credit-types %}
-If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories).{% endif %}
+## Editing advisories in the {% data variables.product.prodname_advisory_database %}
 
-{% ifversion fpt or ghec %}
-Only repository owners and administrators can edit repository-level security advisories. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory).{% endif %}
+{% endif %}
 
 1. Navigate to https://github.com/advisories.
 1. Select the security advisory you would like to contribute to.

content/copilot/concepts/mcp-management.md

@@ -41,7 +41,7 @@ MCP management features are supported as follows:
 | {% data variables.copilot.copilot_coding_agent %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
 | Eclipse | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
 | JetBrains | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
-| {% data variables.product.prodname_vs %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% data variables.product.prodname_vs %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
 | {% data variables.product.prodname_vscode_shortname %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
 | {% data variables.product.prodname_vscode_shortname %} Insiders | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
 | Xcode | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |

content/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-registry.md

@@ -51,9 +51,9 @@ While the MCP registry launched using the v0 specification, that version is now
 | {% data variables.product.prodname_vscode_shortname %} Insiders | {% octicon "check" aria-label="Supported" %}  |
 | {% data variables.product.prodname_vscode_shortname %}   | {% octicon "check" aria-label="Supported" %} |
 | {% data variables.product.prodname_vs %}      | {% octicon "check" aria-label="Supported" %} |
-| Eclipse | Coming Dec 2025    |
-| JetBrains IDEs     | Coming Dec 2025    |
-| Xcode    | Coming Dec 2025    |
+| Eclipse | {% octicon "check" aria-label="Supported" %} |
+| JetBrains IDEs     | {% octicon "check" aria-label="Supported" %} |
+| Xcode    | {% octicon "check" aria-label="Supported" %} |
 
 ### Cross-Origin Resource Sharing requirements