From 15fdef26a6f817ed51b451173c1d05191a8dc5c2 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Mon, 9 Dec 2024 11:04:10 -0800 Subject: [PATCH 01/22] Mention interactive rebase for removing recently added large files (#53426) Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- .../managing-large-files/about-large-files-on-github.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/repositories/working-with-files/managing-large-files/about-large-files-on-github.md b/content/repositories/working-with-files/managing-large-files/about-large-files-on-github.md index af02277ad210..68c8040aed92 100644 --- a/content/repositories/working-with-files/managing-large-files/about-large-files-on-github.md +++ b/content/repositories/working-with-files/managing-large-files/about-large-files-on-github.md @@ -100,6 +100,14 @@ If the file was added with your most recent commit, and you have not pushed to { If you added a file in an earlier commit, you need to remove it from the repository's history. To remove files from the repository's history, we recommend the `git filter-repo` command. For more information see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." +> Alternatively, if you don't want to install an additional tool, you could use an interactive rebase to remove problematic commits. To do this: +> +> * You must know which commit(s) added or modified the file in question. +> * The commit(s) must be part of only one branch. +> * The one branch that the commits belong to must have had no merges since the commit(s) were applied. +> +> For more information about interactive rebases, see "[AUTOTITLE](/get-started/using-git/using-git-rebase-on-the-command-line)." If you are unsure if you meet the necessary conditions for fixing with an interactive rebase, you should use `git filter-repo`. + ## Distributing large binaries If you need to distribute large files within your repository, you can create releases on {% data variables.location.product_location %}. Releases allow you to package software, release notes, and links to binary files, for other people to use. For more information, visit "[AUTOTITLE](/repositories/releasing-projects-on-github/about-releases)." From 5690596493c10294e465254f6a15073e85ef48c3 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Mon, 9 Dec 2024 11:31:46 -0800 Subject: [PATCH 02/22] Fix problematic advice surrounding sensitive data (#53427) Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- .../removing-sensitive-data-from-a-repository.md | 4 +--- ...ctices-for-preventing-data-leaks-in-your-organization.md | 6 ++---- .../secret-scanning/introduction/about-secret-scanning.md | 4 +--- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md index 5cf648f9602b..be283d0a691d 100644 --- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md +++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md @@ -24,8 +24,6 @@ When altering your repository's history using tools like `git filter-repo`, it's The `git filter-repo` tool rewrites your repository's history, which changes the SHAs for existing commits that you alter and any dependent commits. Changed commit SHAs may affect open pull requests in your repository. We recommend merging or closing all open pull requests before removing files from your repository. -You can remove the file from the latest commit with `git rm`. For information on removing a file that was added with the latest commit, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github#removing-files-from-a-repositorys-history)." - ## About sensitive data exposure This article tells you how to make commits with sensitive data unreachable from any branches or tags in your repository on {% data variables.location.product_location %}. However, those commits may still be accessible elsewhere: @@ -199,7 +197,7 @@ If references are found in any forks, the results will look similar, but will st ghe-nwo NWO ``` -The same procedure using `git filter-repo` can be used to remove the sensitive data from the repository's forks. Alternatively, the forks can be deleted altogether, and if needed, the repository can be re-forked once the cleanup of the root repository is complete. +The sensitive data can be removed from a repository's forks by going to a clone of one, fetching from the cleaned up repository, then rebasing all branches and tags that contain the sensitive data on top of the relevant branch or tag from the cleaned up repository. Alternatively, the forks can be deleted altogether, and if needed, the repository can be re-forked once the cleanup of the root repository is complete. Once you have removed the commit's references, re-run the commands to double-check. diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md index c12dfa477933..7863412dda36 100644 --- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md +++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md @@ -105,11 +105,9 @@ To ensure that all code is properly reviewed prior to being merged into the defa ## Mitigate data leaks -If a user pushes sensitive data, ask them to remove it by using the `git filter-repo` tool. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." Also, it is possible to revert almost anything in Git. For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2015-06-08-how-to-undo-almost-anything-with-git/). +If a user pushes sensitive data, ask them to remove it by using the `git filter-repo` tool. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." Also, if the sensitive data has not been pushed yet, you can just undo those changes locally; for more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2015-06-08-how-to-undo-almost-anything-with-git/) (but note that `git revert` is not a valid way to undo the addition of sensitive data as it leaves the original sensitive commit in Git history). -At the organization level, if you're unable to coordinate with the user who pushed the sensitive data to remove it, we recommend you contact {% data variables.contact.contact_support %} with the concerning commit SHA. - -If you're unable to coordinate directly with the repository owner to remove data that you're confident you own, you can fill out a DMCA takedown notice form and tell GitHub Support. For more information, see [DMCA takedown notice](https://support.github.com/contact/dmca-takedown). +If you're unable to coordinate directly with the repository owner to remove data that you're confident you own, you can fill out a DMCA takedown notice form and tell GitHub Support. Make sure to include the problematic commit hashes. For more information, see [DMCA takedown notice](https://support.github.com/contact/dmca-takedown). > [!NOTE] > If one of your repositories has been taken down due to a false claim, you should fill out a DMCA diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/secret-scanning/introduction/about-secret-scanning.md index 494efd3b37c9..646f70a8b140 100644 --- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md +++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md @@ -54,9 +54,7 @@ Below is a typical workflow that explains how {% data variables.product.prodname * **Review:** When a secret is detected, you'll need to review the alert details provided. -* **Remediation:** You then need to take appropriate actions to remediate the exposure. This might include: - * Rotating the affected credential to ensure it is no longer usable. - * Removing the secret from the repository's history (using tools like `git-filter-repo` or {% data variables.product.prodname_dotcom %}'s built-in features). +* **Remediation:** You then need to take appropriate action to remediate the exposure. This should always include rotating the affected credential to ensure it is no longer usable. It may also include removing the secret from the repository's history (using tools like `git-filter-repo`; see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository) for more details") though this will likely involve a heavy cost in time and effort, and is usually unnecessary if the credentials have been revoked. * **Monitoring:** It's good practice to regularly audit and monitor your repositories to ensure no other secrets are exposed. From 16b3e6f5150190351b9a78b619affc00dd177081 Mon Sep 17 00:00:00 2001 From: Motaz Date: Mon, 9 Dec 2024 11:41:21 -0800 Subject: [PATCH 03/22] Skip documenting private visibility FGPs (#53497) Co-authored-by: Rachael Sewell --- .../server-to-server-permissions.json | 61 --- .../fine-grained-pat-permissions.json | 204 ---------- .../server-to-server-permissions.json | 347 ------------------ .../fine-grained-pat-permissions.json | 159 -------- .../server-to-server-permissions.json | 193 ---------- .../fine-grained-pat-permissions.json | 159 -------- .../server-to-server-permissions.json | 193 ---------- .../fine-grained-pat-permissions.json | 159 -------- .../server-to-server-permissions.json | 193 ---------- .../fine-grained-pat-permissions.json | 159 -------- .../server-to-server-permissions.json | 193 ---------- .../fine-grained-pat-permissions.json | 159 -------- .../server-to-server-permissions.json | 193 ---------- .../fine-grained-pat-permissions.json | 159 -------- .../server-to-server-permissions.json | 193 ---------- src/github-apps/scripts/sync.js | 5 + 16 files changed, 5 insertions(+), 2724 deletions(-) diff --git a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json index c4712c8991d3..ecaba5cfad02 100644 --- a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json @@ -1,65 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "copilot", - "slug": "list-all-copilot-seat-assignments-for-an-enterprise", - "subcategory": "copilot-user-management", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/billing/seats", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-enterprise-members", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise-team", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-an-enterprise-team", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - } - ] - }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json index 463d89842556..6cf79af39ec5 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json @@ -50,210 +50,6 @@ } ] }, - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "enterprise-admin", - "slug": "get-github-enterprise-server-statistics", - "subcategory": "admin-stats", - "verb": "get", - "requestPath": "/enterprise-installation/{enterprise_or_org}/server-statistics", - "additional-permissions": true, - "access": "read" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-the-github-actions-oidc-custom-issuer-policy-for-an-enterprise", - "subcategory": "oidc", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/actions/oidc/customization/issuer", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "list-enterprise-consumed-licenses", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/consumed-licenses", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-a-license-sync-status", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/license-sync-status", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-actions-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/actions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-github-packages-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/packages", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-shared-storage-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/shared-storage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json index c0ec77055407..635588b4fbe5 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json @@ -60,353 +60,6 @@ } ] }, - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "enterprise-admin", - "slug": "get-github-enterprise-server-statistics", - "subcategory": "admin-stats", - "verb": "get", - "requestPath": "/enterprise-installation/{enterprise_or_org}/server-statistics", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-the-github-actions-oidc-custom-issuer-policy-for-an-enterprise", - "subcategory": "oidc", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/actions/oidc/customization/issuer", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-enterprise-consumed-licenses", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/consumed-licenses", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "list-all-copilot-seat-assignments-for-an-enterprise", - "subcategory": "copilot-user-management", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/billing/seats", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-enterprise-members", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-a-license-sync-status", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/license-sync-status", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-actions-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/actions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-all-cost-centers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/cost-centers", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "add-users-to-a-cost-center", - "subcategory": "billing", - "verb": "post", - "requestPath": "/enterprises/{enterprise}/settings/billing/cost-centers/{cost_center_id}/resource", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "remove-users-from-a-cost-center", - "subcategory": "billing", - "verb": "delete", - "requestPath": "/enterprises/{enterprise}/settings/billing/cost-centers/{cost_center_id}/resource", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-packages-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/packages", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-shared-storage-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/shared-storage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-billing-usage-report-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/usage", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise-team", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-an-enterprise-team", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", diff --git a/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json index 342d207e3bbc..0d99c76feb19 100644 --- a/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json index 948c4f433505..8ec0331f068e 100644 --- a/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json index 7d239de7824c..570837d5feb7 100644 --- a/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json index 2570e98b676d..71846d9285a7 100644 --- a/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json index a72de06bf83c..01ded5525604 100644 --- a/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json index b086feb48d4d..f55300c7b612 100644 --- a/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json index 2e3516146022..e397fb1523e9 100644 --- a/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json index 42e83e4544f5..e85f18c5e339 100644 --- a/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json index d935819dae3a..d9a323e892bb 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json index 0849a3850942..eafcf726503d 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json index b3b5c5e4aad0..086873c62a9d 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json index 4877e9c9df40..dddfe4be48d7 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/scripts/sync.js b/src/github-apps/scripts/sync.js index 53a91b0b2a88..9e3c63554913 100755 --- a/src/github-apps/scripts/sync.js +++ b/src/github-apps/scripts/sync.js @@ -17,6 +17,9 @@ const ENABLED_APPS_DIR = 'src/github-apps/data' const CONFIG_FILE = 'src/github-apps/lib/config.json' export async function syncGitHubAppsData(openApiSource, sourceSchemas, progAccessSource) { + console.log( + `Generating GitHub Apps data from ${openApiSource}, ${sourceSchemas} and ${progAccessSource}`, + ) const { progAccessData, progActorResources } = await getProgAccessData(progAccessSource) for (const schemaName of sourceSchemas) { @@ -66,6 +69,8 @@ export async function syncGitHubAppsData(openApiSource, sourceSchemas, progAcces for (const permissionSet of progAccessData[operation.operationId].permissions) { for (const [permissionName, readOrWrite] of Object.entries(permissionSet)) { const { title, displayTitle } = getDisplayTitle(permissionName, progActorResources) + if (progActorResources[permissionName]['visibility'] === 'private') continue + const additionalPermissions = progAccessData[operation.operationId].permissions.length > 1 || progAccessData[operation.operationId].permissions.some( From bd8a45c75c372a1e5b3ed2cd478cfb374646777b Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Mon, 9 Dec 2024 11:48:42 -0800 Subject: [PATCH 04/22] Add more tips and tricks on preventing sharing sensitive data (#53428) Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- .../removing-sensitive-data-from-a-repository.md | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md index be283d0a691d..af4b26ae1cb6 100644 --- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md +++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md @@ -101,16 +101,6 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil > [!IMPORTANT] If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must run this command on those paths, as well. -1. Add your file with sensitive data to `.gitignore` to ensure that you don't accidentally commit it again. - - ```shell - $ echo "YOUR-FILE-WITH-SENSITIVE-DATA" >> .gitignore - $ git add .gitignore - $ git commit -m "Add YOUR-FILE-WITH-SENSITIVE-DATA to .gitignore" - > [main 051452f] Add YOUR-FILE-WITH-SENSITIVE-DATA to .gitignore - > 1 files changed, 1 insertions(+), 0 deletions(-) - ``` - 1. Double-check that you've removed everything you wanted to from your repository's history, and that all of your branches are checked out. 1. The `git filter-repo` tool will automatically remove your configured remotes. Use the `git remote set-url` command to restore your remotes, replacing `OWNER` and `REPO` with your repository details. For more information, see "[AUTOTITLE](/get-started/getting-started-with-git/managing-remote-repositories#adding-a-remote-repository)." @@ -215,8 +205,11 @@ Once garbage collection has successfully removed the commit, you'll want to brow Preventing contributors from making accidental commits can help you prevent sensitive information from being exposed. For more information see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)." -There are a few simple tricks to avoid committing things you don't want committed: +There are a few things you can do to avoid committing or pushing things that should not be shared: +* If the sensitive data is likely to be found in a file that should not be tracked by git, add that filename to `.gitignore` (and make sure to commit and push that change to `.gitignore` so other developers are protected). +* Avoid hardcoding secrets in code. Use environment variables, or secret management services like Azure Key Vault, AWS Secrets Manager, or HashiCorp Vault to manage and inject secrets at runtime. +* Create a pre-commit hook to check for sensitive data before it is committed or pushed anywhere, or use a well-known tool in a pre-commit hook like git-secrets or gitleaks. (Make sure to ask each collaborator to set up the pre-commit hook you have chosen.) * Use a visual program like [{% data variables.product.prodname_desktop %}](https://desktop.github.com/) or [gitk](https://git-scm.com/docs/gitk) to commit changes. Visual programs generally make it easier to see exactly which files will be added, deleted, and modified with each commit. * Avoid the catch-all commands `git add .` and `git commit -a` on the command line—use `git add filename` and `git rm filename` to individually stage files, instead. * Use `git add --interactive` to individually review and stage changes within each file. From b5e07c2f186a93acd3cf5c15010d83bad5a4be53 Mon Sep 17 00:00:00 2001 From: Siara <108543037+SiaraMist@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:07:28 -0800 Subject: [PATCH 05/22] [Bug] Fix confusing link text (#53536) --- .../configuring-openid-connect-in-google-cloud-platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md index c8c024f983ad..9841a0d84a40 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md @@ -39,7 +39,7 @@ To configure the OIDC identity provider in GCP, you will need to perform the fol Additional guidance for configuring the identity provider: -* For security hardening, make sure you've reviewed "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud)." For an example, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-subject-in-your-cloud-provider)." +* For security hardening, make sure you've reviewed "[Configuring the OIDC trust with the cloud](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud)." For an example, see "[Configuring the subject in your cloud provider](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-subject-in-your-cloud-provider)." * For the service account to be available for configuration, it needs to be assigned to the `roles/iam.workloadIdentityUser` role. For more information, see [the GCP documentation](https://cloud.google.com/iam/docs/workload-identity-federation?_ga=2.114275588.-285296507.1634918453#conditions). * The Issuer URL to use: {% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %} From db3b223ce1822167e4b3aad3b4dc31a2807c35d4 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Mon, 9 Dec 2024 12:08:23 -0800 Subject: [PATCH 06/22] Remove statements that make no sense from sensitive data removal guide (#53429) --- .../removing-sensitive-data-from-a-repository.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md index af4b26ae1cb6..13e0f697ac94 100644 --- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md +++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md @@ -101,14 +101,14 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil > [!IMPORTANT] If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must run this command on those paths, as well. -1. Double-check that you've removed everything you wanted to from your repository's history, and that all of your branches are checked out. +1. Double-check that you've removed everything you wanted to from your repository's history. 1. The `git filter-repo` tool will automatically remove your configured remotes. Use the `git remote set-url` command to restore your remotes, replacing `OWNER` and `REPO` with your repository details. For more information, see "[AUTOTITLE](/get-started/getting-started-with-git/managing-remote-repositories#adding-a-remote-repository)." ```shell git remote add origin https://github.com/OWNER/REPOSITORY.git ``` -1. Once you're happy with the state of your repository, and you have set the appropriate remote, force-push your local changes to overwrite your repository on {% data variables.location.product_location %}, as well as all the branches you've pushed up. A force push is required to remove sensitive data from your commit history. +1. Once you're happy with the state of your repository, and you have set the appropriate remote, force-push your local changes to overwrite your repository on {% data variables.location.product_location %}. A force push is required to remove sensitive data from your commit history. ```shell $ git push origin --force --all From e971fb97c7209f8ede6a2ee1a34bed6a2d4c8f6f Mon Sep 17 00:00:00 2001 From: Larissa Fortuna <56982181+lkfortuna@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:18:46 -0800 Subject: [PATCH 07/22] Update about-actions-usage-metrics-aggregation.md (#53513) Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- .../reusables/actions/about-actions-usage-metrics-aggregation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/data/reusables/actions/about-actions-usage-metrics-aggregation.md b/data/reusables/actions/about-actions-usage-metrics-aggregation.md index 89780d5d760f..fed1f480d41b 100644 --- a/data/reusables/actions/about-actions-usage-metrics-aggregation.md +++ b/data/reusables/actions/about-actions-usage-metrics-aggregation.md @@ -10,5 +10,6 @@ The time period selection feature allows you to view {% data variables.product.p | Last 30 days | Data from the last 30 days to when the page is viewed. | | Last 90 days | Data from the last 90 days to when the page is viewed. | | Last year | Data aggregated for the last 12 months. | +| Custom | Data from a custom date range. The range can be up to 100 days inclusive of start and end dates and go back as far as one year. | {% endrowheaders %} From 3f48876d41a93d9d2a733526c719c64423839a91 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Mon, 9 Dec 2024 12:30:41 -0800 Subject: [PATCH 08/22] Add critical details about side effects of history rewriting (#53430) Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- ...moving-sensitive-data-from-a-repository.md | 30 +++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md index 13e0f697ac94..30b70d2b3322 100644 --- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md +++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md @@ -1,6 +1,6 @@ --- title: Removing sensitive data from a repository -intro: 'If you commit sensitive data into a Git repository, you can remove it from the history.' +intro: 'Sensitive data can be removed from the history of a repository _if_ you can carefully coordinate with everyone who has cloned it and you are willing to manage the side effects.' redirect_from: - /remove-sensitive-data - /removing-sensitive-data @@ -20,13 +20,33 @@ shortTitle: Remove sensitive data ## About removing sensitive data from a repository -When altering your repository's history using tools like `git filter-repo`, it's crucial to understand the implications, especially regarding open pull requests and sensitive data. +When altering your repository's history using tools like `git filter-repo`, it's crucial to understand the implications. Rewriting history requires careful coordination with collaborators to successfully execute, and has a number of side effects that must be managed. -The `git filter-repo` tool rewrites your repository's history, which changes the SHAs for existing commits that you alter and any dependent commits. Changed commit SHAs may affect open pull requests in your repository. We recommend merging or closing all open pull requests before removing files from your repository. +It is important to note that if the sensitive data you need to remove is a secret (e.g. password/token/credential), as is often the case, then as a first step you need to revoke and/or rotate that secret. Once the secret is revoked or rotated, it can no longer be used for access, and that may be sufficient to solve your problem. Going through the extra steps to rewrite the history and remove the secret may not be warranted. + +## Side effects of rewriting history + +There are numerous side effects to rewriting history; these include: + + * High risk of recontamination: It is unfortunately easy to re-push the sensitive data to the repository and make a bigger mess. If a fellow developer has a clone from before your rewrite, and after your rewrite simply runs `git pull` followed by `git push`, the sensitive data will return. They need to either discard their clone and re-clone, or carefully walk through multiple steps to clean up their clone first. + * Risk of losing other developers' work: If other developers continue updating branches which contain the sensitive data while you are trying to clean up, you will be forced to either redo the cleanup, or to discard their work. + * Changed commit hashes: Rewriting history will change the hashes of the commits that introduced the sensitive data _and_ all commits that came after. Any tooling or automation that depends on commit hashes not changing will be broken or have problems. + * Branch protection challenges: If you have any branch protections that prevent force pushes, those protections will have to be turned off (at least temporarily) for the sensitive data to be removed. + * Broken diff view for closed pull requests: Removing the sensitive data will require removing the internal references used for displaying the diff view in pull requests, so you will no longer be able to see these diffs. This is true not only for the PR that introduced the sensitive data, but any PR that builds on a version of history after the sensitive data PR was merged (even if those later PRs didn't add or modify any file with sensitive data). + * Poor interaction with open pull requests: Changed commit SHAs will result in a different PR diff, and comments on the old PR diff may become invalidated and lost, which may cause confusion for authors and reviewers. We recommend merging or closing all open pull requests before removing files from your repository. + * Lost signatures on commits and tags: Signatures for commits or tags depend on commit hashes; since commit hashes are modified by history rewrites, signatures would no longer be valid and many history rewriting tools (including `git filter-repo`) will simply remove the signatures. In fact, `git filter-repo` will remove commit signatures and tag signatures for commits that pre-date the sensitive data removal as well. (Technically one can workaround this with the `--refs` option to `git filter-repo` if needed, but then you will need to be careful to ensure you specify all refs that have sensitive data in their history and that include the commits that introduced the sensitive data in your range). + * Leading others directly to the sensitive data: Git was designed with cryptographic checks built into commit identifiers so that nefarious individuals could not break into a server and modify history without being noticed. That's helpful from a security perspective, but from a sensitive data perspective it means that expunging sensitive data is a very involved process of coordination; it further means that when you do modify history, clueful users with an existing clone will notice the history divergence and can use it to quickly and easily find the sensitive data still in their clone that you removed from the central repository. ## About sensitive data exposure -This article tells you how to make commits with sensitive data unreachable from any branches or tags in your repository on {% data variables.location.product_location %}. However, those commits may still be accessible elsewhere: +Removing sensitive data from a repository involves four high-level steps: + + * Rewrite the repository locally, using git-filter-repo + * Update the repository on GitHub, using your locally rewritten history + * Coordinate with colleagues to clean up other clones that exist + * Prevent repeats and avoid future sensitive data spills + +If you only rewrite your history and force push it, the commits with sensitive data may still be accessible elsewhere: * In any clones or forks of your repository * Directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %} @@ -40,8 +60,6 @@ You cannot remove sensitive data from other users' clones of your repository, bu {% endif %} -Once you have pushed a commit to {% data variables.product.product_name %}, you should consider any sensitive data in the commit compromised. If you have committed a password, you should change it. If you have committed a key, generate a new one. - If the commit that introduced the sensitive data exists in any forks, it will continue to be accessible there. You will need to coordinate with the owners of the forks, asking them to remove the sensitive data or delete the fork entirely. {% ifversion fpt or ghec %}{% data variables.product.company_short %} cannot provide contact information for these owners. {% endif %} Consider these limitations and challenges in your decision to rewrite your repository's history. From e5b7465ea7b0fcdba52c406357940a9f150eb09d Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Mon, 9 Dec 2024 13:55:07 -0800 Subject: [PATCH 09/22] Update CodeQL CLI manual (#53528) --- .../codeql-cli/codeql-cli-manual/github-upload-results.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md b/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md index 3e7804c1b9eb..773fbc874afd 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md +++ b/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md @@ -91,8 +91,8 @@ version 2.1.0 (this is the default version of SARIF used by CodeQL). By default, the CLI will wait for GitHub to process the SARIF file for a maximum of 2 minutes, returning a non-zero exit code if there were any errors during processing of the analysis results. You can customize how -long the CLI will wait with `--wait-for-processing-timeout`, or -disable the feature with `--no-wait-for-processing`. +long the CLI will wait with `--wait-for-processing-timeout`, or disable +the feature with `--no-wait-for-processing`. #### `--wait-for-processing-timeout=` From 9e41eaeabcaa0be6b43730ef1bc291f004c48a90 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Mon, 9 Dec 2024 14:36:00 -0800 Subject: [PATCH 10/22] Take advantage of new git-filter-repo release in instructions (#53431) Co-authored-by: SiaraMist Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- ...moving-sensitive-data-from-a-repository.md | 139 +++++++----------- 1 file changed, 56 insertions(+), 83 deletions(-) diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md index 30b70d2b3322..4dc2a594ad26 100644 --- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md +++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md @@ -28,14 +28,14 @@ It is important to note that if the sensitive data you need to remove is a secre There are numerous side effects to rewriting history; these include: - * High risk of recontamination: It is unfortunately easy to re-push the sensitive data to the repository and make a bigger mess. If a fellow developer has a clone from before your rewrite, and after your rewrite simply runs `git pull` followed by `git push`, the sensitive data will return. They need to either discard their clone and re-clone, or carefully walk through multiple steps to clean up their clone first. - * Risk of losing other developers' work: If other developers continue updating branches which contain the sensitive data while you are trying to clean up, you will be forced to either redo the cleanup, or to discard their work. - * Changed commit hashes: Rewriting history will change the hashes of the commits that introduced the sensitive data _and_ all commits that came after. Any tooling or automation that depends on commit hashes not changing will be broken or have problems. - * Branch protection challenges: If you have any branch protections that prevent force pushes, those protections will have to be turned off (at least temporarily) for the sensitive data to be removed. - * Broken diff view for closed pull requests: Removing the sensitive data will require removing the internal references used for displaying the diff view in pull requests, so you will no longer be able to see these diffs. This is true not only for the PR that introduced the sensitive data, but any PR that builds on a version of history after the sensitive data PR was merged (even if those later PRs didn't add or modify any file with sensitive data). - * Poor interaction with open pull requests: Changed commit SHAs will result in a different PR diff, and comments on the old PR diff may become invalidated and lost, which may cause confusion for authors and reviewers. We recommend merging or closing all open pull requests before removing files from your repository. - * Lost signatures on commits and tags: Signatures for commits or tags depend on commit hashes; since commit hashes are modified by history rewrites, signatures would no longer be valid and many history rewriting tools (including `git filter-repo`) will simply remove the signatures. In fact, `git filter-repo` will remove commit signatures and tag signatures for commits that pre-date the sensitive data removal as well. (Technically one can workaround this with the `--refs` option to `git filter-repo` if needed, but then you will need to be careful to ensure you specify all refs that have sensitive data in their history and that include the commits that introduced the sensitive data in your range). - * Leading others directly to the sensitive data: Git was designed with cryptographic checks built into commit identifiers so that nefarious individuals could not break into a server and modify history without being noticed. That's helpful from a security perspective, but from a sensitive data perspective it means that expunging sensitive data is a very involved process of coordination; it further means that when you do modify history, clueful users with an existing clone will notice the history divergence and can use it to quickly and easily find the sensitive data still in their clone that you removed from the central repository. + * **High risk of recontamination**: It is unfortunately easy to re-push the sensitive data to the repository and make a bigger mess. If a fellow developer has a clone from before your rewrite, and after your rewrite simply runs `git pull` followed by `git push`, the sensitive data will return. They need to either discard their clone and re-clone, or carefully walk through multiple steps to clean up their clone first. + * **Risk of losing other developers' work**: If other developers continue updating branches which contain the sensitive data while you are trying to clean up, you will be forced to either redo the cleanup, or to discard their work. + * **Changed commit hashes**: Rewriting history will change the hashes of the commits that introduced the sensitive data _and_ all commits that came after. Any tooling or automation that depends on commit hashes not changing will be broken or have problems. + * **Branch protection challenges**: If you have any branch protections that prevent force pushes, those protections will have to be turned off (at least temporarily) for the sensitive data to be removed. + * **Broken diff view for closed pull requests**: Removing the sensitive data will require removing the internal references used for displaying the diff view in pull requests, so you will no longer be able to see these diffs. This is true not only for the PR that introduced the sensitive data, but any PR that builds on a version of history after the sensitive data PR was merged (even if those later PRs didn't add or modify any file with sensitive data). + * **Poor interaction with open pull requests**: Changed commit SHAs will result in a different PR diff, and comments on the old PR diff may become invalidated and lost, which may cause confusion for authors and reviewers. We recommend merging or closing all open pull requests before removing files from your repository. + * **Lost signatures on commits and tags**: Signatures for commits or tags depend on commit hashes; since commit hashes are modified by history rewrites, signatures would no longer be valid and many history rewriting tools (including `git filter-repo`) will simply remove the signatures. In fact, `git filter-repo` will remove commit signatures and tag signatures for commits that pre-date the sensitive data removal as well. (Technically one can workaround this with the `--refs` option to `git filter-repo` if needed, but then you will need to be careful to ensure you specify all refs that have sensitive data in their history and that include the commits that introduced the sensitive data in your range). + * **Leading others directly to the sensitive data**: Git was designed with cryptographic checks built into commit identifiers so that nefarious individuals could not break into a server and modify history without being noticed. That's helpful from a security perspective, but from a sensitive data perspective it means that expunging sensitive data is a very involved process of coordination; it further means that when you do modify history, clueful users with an existing clone will notice the history divergence and can use it to quickly and easily find the sensitive data still in their clone that you removed from the central repository. ## About sensitive data exposure @@ -52,7 +52,7 @@ If you only rewrite your history and force push it, the commits with sensitive d * Directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %} * Through any pull requests that reference them -You cannot remove sensitive data from other users' clones of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}. +You cannot remove sensitive data from other users' clones of your repository; you will have to send them the instructions from [Make sure other copies are cleaned up: clones of colleagues](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html#_make_sure_other_copies_are_cleaned_up_clones_of_colleagues) in the `git filter-repo` manual to have them do so themselves. However, you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}. {% ifversion fpt or ghec %} @@ -64,13 +64,9 @@ If the commit that introduced the sensitive data exists in any forks, it will co Consider these limitations and challenges in your decision to rewrite your repository's history. -## Purging a file from your repository's history using git-filter-repo +## Purging a file from your local repository's history using git-filter-repo -> [!WARNING] If you run `git filter-repo` after stashing changes, you won't be able to retrieve your changes with other stash commands. Before running `git filter-repo`, we recommend unstashing any changes you've made. To unstash the last set of changes you've stashed, run `git stash show -p | git apply -R`. For more information, see [Git Tools - Stashing and Cleaning](https://git-scm.com/book/en/v2/Git-Tools-Stashing-and-Cleaning). - -To illustrate how `git filter-repo` works, we'll show you how to remove your file with sensitive data from the history of your repository and add it to `.gitignore` to ensure that it is not accidentally re-committed. - -1. Install the latest release of the [git filter-repo](https://github.com/newren/git-filter-repo) tool. You can install `git-filter-repo` manually or by using a package manager. For example, to install the tool with HomeBrew, use the `brew install` command. +1. Install the latest release of [the `git filter-repo` tool](https://github.com/newren/git-filter-repo). You need a version with the `--sensitive-data-removal` flag, meaning at least version 2.47. You can install `git filter-repo` manually or by using a package manager. For example, to install the tool with HomeBrew, use the `brew install` command. ```shell brew install git-filter-repo @@ -78,16 +74,10 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil For more information, see [_INSTALL.md_](https://github.com/newren/git-filter-repo/blob/main/INSTALL.md) in the `newren/git-filter-repo` repository. -1. If you don't already have a local copy of your repository with sensitive data in its history, [clone the repository](/repositories/creating-and-managing-repositories/cloning-a-repository) to your local computer. +1. Clone the repository to your local computer. See [AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository). ```shell - $ git clone https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY - > Initialized empty Git repository in /Users/YOUR-FILE-PATH/YOUR-REPOSITORY/.git/ - > remote: Counting objects: 1301, done. - > remote: Compressing objects: 100% (769/769), done. - > remote: Total 1301 (delta 724), reused 910 (delta 522) - > Receiving objects: 100% (1301/1301), 164.39 KiB, done. - > Resolving deltas: 100% (724/724), done. + git clone https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY ``` 1. Navigate into the repository's working directory. @@ -96,90 +86,73 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil cd YOUR-REPOSITORY ``` -1. Run the following command, replacing `PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA` with the **path to the file you want to remove, not just its filename**. These arguments will: - * Force Git to process, but not check out, the entire history of every branch and tag - * Remove the specified file, as well as any empty commits generated as a result - * Remove some configurations, such as the remote URL, stored in the _.git/config_ file. You may want to back up this file in advance for restoration later. - * **Overwrite your existing tags** +1. Run a `git filter-repo` command to clean up the sensitive data. + + If you want to delete a specific file from all branches/tags/refs, run the following command replacing `PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA` with the **git path to the file you want to remove, not just its filename** (e.g. `src/module/phone-numbers.txt`): + + ```shell + git filter-repo --sensitive-data-removal --invert-paths --path PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA + ``` + + > [!IMPORTANT] If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must either add an extra `--path` argument for that file, or run this command a second time naming the alternative path. + + If you want to replace all text listed in `../passwords.txt` from any non-binary files found anywhere in your repository's history, run the following command: ```shell - $ git filter-repo --invert-paths --path PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA - Parsed 197 commits - New history written in 0.11 seconds; now repacking/cleaning... - Repacking your repo and cleaning out old unneeded objects - Enumerating objects: 210, done. - Counting objects: 100% (210/210), done. - Delta compression using up to 12 threads - Compressing objects: 100% (127/127), done. - Writing objects: 100% (210/210), done. - Building bitmaps: 100% (48/48), done. - Total 210 (delta 98), reused 144 (delta 75), pack-reused 0 - Completely finished after 0.64 seconds. - ``` - - > [!IMPORTANT] If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must run this command on those paths, as well. + git filter-repo --sensitive-data-removal --replace-text ../passwords.txt + ``` 1. Double-check that you've removed everything you wanted to from your repository's history. -1. The `git filter-repo` tool will automatically remove your configured remotes. Use the `git remote set-url` command to restore your remotes, replacing `OWNER` and `REPO` with your repository details. For more information, see "[AUTOTITLE](/get-started/getting-started-with-git/managing-remote-repositories#adding-a-remote-repository)." + +1. Find out how many pull requests will be adversely affected by this history rewrite. You will need this information below. ```shell - git remote add origin https://github.com/OWNER/REPOSITORY.git + $ grep -c '^refs/pull/.*/head$' .git/filter-repo/changed-refs + 4 ``` -1. Once you're happy with the state of your repository, and you have set the appropriate remote, force-push your local changes to overwrite your repository on {% data variables.location.product_location %}. A force push is required to remove sensitive data from your commit history. + You can drop the `-c` to see which pull requests are affected: ```shell - $ git push origin --force --all - > Counting objects: 1074, done. - > Delta compression using 2 threads. - > Compressing objects: 100% (677/677), done. - > Writing objects: 100% (1058/1058), 148.85 KiB, done. - > Total 1058 (delta 590), reused 602 (delta 378) - > To https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY.git - > + 48dc599...051452f main -> main (forced update) + $ grep '^refs/pull/.*/head$' .git/filter-repo/changed-refs + refs/pull/589/head + refs/pull/602/head + refs/pull/604/head + refs/pull/605/head ``` -1. In order to remove the sensitive file from [your tagged releases](/repositories/releasing-projects-on-github/about-releases), you'll also need to force-push against your Git tags: + This output includes the pull request number between the second and third slashes. If the [number of pull requests affected is larger than you expected](https://github.com/newren/git-filter-repo/blob/main/Documentation/FAQ.md#why-did-git-filter-repo-rewrite-more-commit-hashes-than-i-expected), you can discard this clone with no ill-effects and either redo the rewrite or abandon the sensitive data removal. Once you move on to the next step, the rewrite becomes irreversible. + +1. Once you're happy with the state of your repository, force-push your local changes to overwrite your repository on {% data variables.location.product_location %}. Even though `--force` is implied by `--mirror`, we include it below as a reminder that you are forcibly updating all branches, tags, and refs and you are discarding any changes others may have made to those refs while you were cleaning up the repository. ```shell - $ git push origin --force --tags - > Counting objects: 321, done. - > Delta compression using up to 8 threads. - > Compressing objects: 100% (166/166), done. - > Writing objects: 100% (321/321), 331.74 KiB | 0 bytes/s, done. - > Total 321 (delta 124), reused 269 (delta 108) - > To https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY.git - > + 48dc599...051452f main -> main (forced update) + git push --force --mirror origin ``` + This command will fail to push any refs starting with `refs/pull/`, since {% data variables.product.product_name %} marks those as read-only. Those push failures will be handled in the next section. If any other refs fail to push, you likely have branch protection turned on for that branch and will need to turn it off temporarily and redo the push. Repeat until the only failures to update are refs starting with `refs/pull/`. + ## Fully removing the data from {% data variables.product.prodname_dotcom %} After using `git filter-repo` to remove the sensitive data and pushing your changes to {% data variables.product.product_name %}, you must take a few more steps to fully remove the data from {% data variables.product.product_name %}. -{% ifversion ghec %} -1. If the repository was migrated using the {% data variables.product.prodname_importer_proper_name %}, there may be some non-standard Git references that follow the pattern `refs/github-services`, that neither the BFG tool or `git filter-repo` can remove. In this case, remove those references running the following commands in your local copy of the repository: +1. Contact {% data variables.contact.contact_support %}, and provide the following information: - ```shell - # fetch all refs - git ls-remote | grep refs/github-services | cut -f2 | sort -t'/' -k3,4n > github-services-refs.txt - - # inspect and validate refs to be deleted - cat github-services-refs.txt - - # delete refs in batches - export BATCH_SIZE=512 - cat github-services-refs.txt | xargs -n $BATCH_SIZE git push origin --delete - ``` - -{% endif %} + * The owner and repository name in question (e.g. YOUR-USERNAME/YOUR-REPOSITORY). + * The number of affected pull requests, found in the previous step. This is used by Support to verify you understand how much will be affected. + * The First Changed Commit(s) reported by `git filter-repo` (Look for `NOTE: First Changed Commit(s)` in its output.) + * If `NOTE: There were LFS Objects Orphaned by this rewrite` appears in the git-filter-repo output (right after the First Changed Commit), then mention you had LFS Objects Orphaned and upload the named file to the ticket as well. -1. Contact {% data variables.contact.contact_support %}, and ask to remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %}. Please provide the name of the repository and/or a link to the commit you need removed.{% ifversion ghes %} For more information about how site administrators can remove unreachable Git objects, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repo-gc)." For more information about how site administrators can identify reachable commits, see "[Identifying reachable commits](#identifying-reachable-commits)."{% endif %}{% ifversion fpt or ghec %} + If you have successfully cleaned up all references other than PRs, and no forks have references to the sensitive data, Support will then: - > [!IMPORTANT] {% data variables.contact.github_support %} won't remove non-sensitive data, and will only assist in the removal of sensitive data in cases where we determine that the risk can't be mitigated by rotating affected credentials. + * Dereference or delete any affected PRs on {% data variables.product.product_name %}. + * Run a garbage collection on the server to expunge the sensitive data from storage. + * Remove cached views. + * If LFS Objects are involved, delete and/or purge the orphaned LFS objects. - {% endif %} + {% ifversion ghes %}For more information about how site administrators can remove unreachable Git objects, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repo-gc)." For more information about how site administrators can identify reachable commits, see "[Identifying reachable commits](#identifying-reachable-commits)."{% endif %}{% ifversion fpt or ghec %} + >[!IMPORTANT] {% data variables.contact.github_support %} won't remove non-sensitive data, and will only assist in the removal of sensitive data in cases where we determine that the risk can't be mitigated by rotating affected credentials.{% endif %} -1. Tell your collaborators to [rebase](https://git-scm.com/book/en/v2/Git-Branching-Rebasing), _not_ merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging. +1. Collaborators must [rebase](https://git-scm.com/book/en/v2/Git-Branching-Rebasing), _not_ merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging. They may need to take additional steps as well; see [Make sure other copies are cleaned up: clones of colleagues](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html#_make_sure_other_copies_are_cleaned_up_clones_of_colleagues) in the `git filter-repo` manual. {% ifversion ghes %} @@ -236,6 +209,6 @@ There are a few things you can do to avoid committing or pushing things that sho ## Further reading -* [`git filter-repo` man page](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html) +* [`git filter-repo` man page](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html), especially the "Sensitive Data Removal" subsection of the "DISCUSSION" section. * [Pro Git: Git Tools - Rewriting History](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History) * "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)" From fda940b05ef9081c32fd341ce75770c447510c71 Mon Sep 17 00:00:00 2001 From: Vanessa Date: Tue, 10 Dec 2024 08:52:02 +1000 Subject: [PATCH 11/22] Fast follow: Reviewers can add a comment on push protection bypass requests for secret scanning [GA] (#53525) Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- .../managing-requests-to-bypass-push-protection.md | 3 +++ .../reviewing-requests-to-bypass-push-protection.md | 3 +++ data/features/push-protection-bypass-reviewer-comment.yml | 5 +++++ .../repositories/bypass-requests-reviewer-comment.md | 1 + 4 files changed, 12 insertions(+) create mode 100644 data/features/push-protection-bypass-reviewer-comment.yml create mode 100644 data/reusables/repositories/bypass-requests-reviewer-comment.md diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md index 09bf167bf822..89930abeef35 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md @@ -46,6 +46,9 @@ The contributor is notified of the decision by email and must take the required 1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review, and those that have been approved but for which the commits haven't been pushed to the repository yet. 1. Click the request that you want to review. 1. Review the details of the request. +{% ifversion push-protection-bypass-reviewer-comment -%} +{% data reusables.repositories.bypass-requests-reviewer-comment %} +{%- endif %} 1. To allow the contributor to push the commit containing the secret, click **Approve bypass request**. Or, to require the contributor to remove the secret from the commit, click **Deny bypass request**. {% ifversion security-overview-delegated-bypass-requests %} diff --git a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md index 206e1584b52a..3b8dd6bd697e 100644 --- a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md +++ b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md @@ -31,6 +31,9 @@ For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-adva 1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review, or that have been approved but for which the commits haven't been pushed to the repository yet. 1. Click the request that you want to review. 1. Review the details of the request. +{% ifversion push-protection-bypass-reviewer-comment -%} +{% data reusables.repositories.bypass-requests-reviewer-comment %} +{%- endif %} 1. To allow the contributor to push the commit containing the secret, click **Approve bypass request**. Or, to require the contributor to remove the secret from the commit, click **Deny bypass request**. ## Filtering requests diff --git a/data/features/push-protection-bypass-reviewer-comment.yml b/data/features/push-protection-bypass-reviewer-comment.yml new file mode 100644 index 000000000000..28fbd2ae50a5 --- /dev/null +++ b/data/features/push-protection-bypass-reviewer-comment.yml @@ -0,0 +1,5 @@ +# Reference: #16452 +# Documentation for reviewers can add a comment on push protection bypass requests for secret scanning [GA] +versions: + ghec: '*' + ghes: '>3.16' diff --git a/data/reusables/repositories/bypass-requests-reviewer-comment.md b/data/reusables/repositories/bypass-requests-reviewer-comment.md new file mode 100644 index 000000000000..c6b16d9fda59 --- /dev/null +++ b/data/reusables/repositories/bypass-requests-reviewer-comment.md @@ -0,0 +1 @@ +1. Optionally, add a review comment. The comment will be added to the review request timeline and the {% data variables.product.prodname_secret_scanning %} alert timeline. For example, you may wish to explain the reason for the approval or denial of the request for auditing and reporting reasons, and suggest next steps for the contributor to take. From 8d7d53326fb6e12ddfa783d46eb49c6d1cc426a6 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Mon, 9 Dec 2024 15:27:24 -0800 Subject: [PATCH 12/22] Delete orphaned features (2024-12-09-16-29) (#53529) Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> --- data/features/projects-v2-tasklists.yml | 5 ----- data/features/push-protection-custom-link-orgs.yml | 7 ------- data/features/query-pack-compatibility.yml | 6 ------ data/features/remove-code-scanning-configurations.yml | 6 ------ data/features/reopen-dependabot-alerts.yml | 5 ----- 5 files changed, 29 deletions(-) delete mode 100644 data/features/projects-v2-tasklists.yml delete mode 100644 data/features/push-protection-custom-link-orgs.yml delete mode 100644 data/features/query-pack-compatibility.yml delete mode 100644 data/features/remove-code-scanning-configurations.yml delete mode 100644 data/features/reopen-dependabot-alerts.yml diff --git a/data/features/projects-v2-tasklists.yml b/data/features/projects-v2-tasklists.yml deleted file mode 100644 index d8c6054aaa6b..000000000000 --- a/data/features/projects-v2-tasklists.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Issue 8331 -# Tasklists -versions: - fpt: '*' - ghec: '*' diff --git a/data/features/push-protection-custom-link-orgs.yml b/data/features/push-protection-custom-link-orgs.yml deleted file mode 100644 index 82b9ce2f42ce..000000000000 --- a/data/features/push-protection-custom-link-orgs.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Issue 7299 -# Push protection custom links -# See "push-protection-custom-link-orgs-beta" for the beta flags -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.7' diff --git a/data/features/query-pack-compatibility.yml b/data/features/query-pack-compatibility.yml deleted file mode 100644 index 14213cf01b6e..000000000000 --- a/data/features/query-pack-compatibility.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #8683 -# Documentation for stable precompiled query packs -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.9' diff --git a/data/features/remove-code-scanning-configurations.yml b/data/features/remove-code-scanning-configurations.yml deleted file mode 100644 index e15a5095508d..000000000000 --- a/data/features/remove-code-scanning-configurations.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #9108 - -versions: - fpt: '*' - ghec: '*' - ghes: '>3.8' diff --git a/data/features/reopen-dependabot-alerts.yml b/data/features/reopen-dependabot-alerts.yml deleted file mode 100644 index 65b41ef09704..000000000000 --- a/data/features/reopen-dependabot-alerts.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Reference 5861 -versions: - fpt: '*' - ghec: '*' - ghes: '>3.4' From 1e079b89396ef628407a3f15c280a5d853551caf Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Tue, 10 Dec 2024 07:18:14 +0000 Subject: [PATCH 13/22] Make advisory contribution phrasing more consistent (#53353) Co-authored-by: Shelby Cunningham --- .../about-the-github-advisory-database.md | 2 +- ...security-advisories-in-the-github-advisory-database.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md index 504d81027e08..93cb0f15e401 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md +++ b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database.md @@ -120,7 +120,7 @@ FIRST also provides additional information around the distribution of their EPSS >[!NOTE] {% data variables.product.company_short %} keeps EPSS data up to date with a daily synchronization action. While EPSS score percentages will always be fully synchronized, score percentiles will only be updated when significantly different. -At {% data variables.product.company_short %}, we do not author this data, but rather source it from FIRST, which means that this data is not editable in community contributions. +At {% data variables.product.company_short %}, we do not author this data, but rather source it from FIRST, which means that this data is not editable in community contributions. For more information about community contributions, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database)." ## Further reading diff --git a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md index 492d52ba735f..d7b73868bb64 100644 --- a/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md +++ b/content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database.md @@ -1,6 +1,6 @@ --- title: Editing security advisories in the GitHub Advisory Database -intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %}.' +intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %} by making a community contribution.' redirect_from: - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database @@ -24,10 +24,10 @@ shortTitle: Edit Advisory Database The advisories in the {% data variables.product.prodname_advisory_database %} are global security advisories. For more information about global security advisories, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories)." -Anyone can suggest improvements on any global security advisory in the {% data variables.product.prodname_advisory_database %}. You can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted improvements and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted. +Anyone can suggest improvements on any global security advisory in the {% data variables.product.prodname_advisory_database %} by making a **community contribution**. A **community contribution** is a pull request submitted to the [github/advisory-database](https://github.com/github/advisory-database) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted. {% ifversion security-advisories-credit-types %} -If we accept and publish the improvement, the person who submitted the improvement will automatically be assigned a credit type of "Analyst". For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories)."{% endif %} +If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories)."{% endif %} {% ifversion fpt or ghec %} Only repository owners and administrators can edit repository-level security advisories. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory)."{% endif %} @@ -38,7 +38,7 @@ Only repository owners and administrators can edit repository-level security adv 1. In the "Improve security advisory" form, make the desired improvements. You can edit or add any detail.{% ifversion fpt or ghec %} For information about correctly specifying information on the form, including affected versions, see "[AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories)."{% endif %} 1. Under **Reason for change**, explain why you want to make this improvement. If you include links to supporting material this will help our reviewers. 1. When you finish editing the advisory, click **Submit improvements**. -1. Once you submit your improvements, a pull request containing your changes will be created for review in [github/advisory-database](https://github.com/github/advisory-database) by the {% data variables.product.prodname_security %} curation team. If the advisory originated from a {% data variables.product.prodname_dotcom %} repository, we will also tag the original publisher for optional commentary. You can view the pull request and get notifications when it is updated or closed. +1. Once you submit your community contribution, a pull request containing your changes will be created for review in [github/advisory-database](https://github.com/github/advisory-database) by the {% data variables.product.prodname_security %} curation team. If the advisory originated from a {% data variables.product.prodname_dotcom %} repository, we will also tag the original publisher for optional commentary. You can view the pull request and get notifications when it is updated or closed. You can also open a pull request directly on an advisory file in the [github/advisory-database](https://github.com/github/advisory-database) repository. For more information, see the [contribution guidelines](https://github.com/github/advisory-database/blob/main/CONTRIBUTING.md). From e329e7ca45cf91aadbd4ef6a09929af7d8db3020 Mon Sep 17 00:00:00 2001 From: Ben Webb <92895514+benwebb-au@users.noreply.github.com> Date: Tue, 10 Dec 2024 15:38:17 +0800 Subject: [PATCH 14/22] Add kms:Decrypt (#53547) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- data/reusables/actions/enterprise-s3-permission.md | 1 + 1 file changed, 1 insertion(+) diff --git a/data/reusables/actions/enterprise-s3-permission.md b/data/reusables/actions/enterprise-s3-permission.md index a06ebb6c266f..8520e2684cba 100644 --- a/data/reusables/actions/enterprise-s3-permission.md +++ b/data/reusables/actions/enterprise-s3-permission.md @@ -8,3 +8,4 @@ * `s3:DeleteObject` * `s3:ListBucket` * `kms:GenerateDataKey` (if Key Management Service (KMS) encryption has been enabled) +* `kms:Decrypt` (if Key Management Service (KMS) encryption has been enabled) From 34059e564aa8c7f73979af9167d116fc1c0945dc Mon Sep 17 00:00:00 2001 From: Dan Hardej Date: Tue, 10 Dec 2024 18:54:15 +0800 Subject: [PATCH 15/22] Clarify retention period for GitHub Actions workflow runs (#53502) Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> --- .../usage-limits-billing-and-administration.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/actions/administering-github-actions/usage-limits-billing-and-administration.md b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md index fe7c4c29cf41..0c640f414040 100644 --- a/content/actions/administering-github-actions/usage-limits-billing-and-administration.md +++ b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md @@ -110,6 +110,10 @@ For more information, see: * "[AUTOTITLE](/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization)" * "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-artifact-and-log-retention-in-your-enterprise)" +## Workflow run history retention policy + +The workflow runs in a repository's workflow run history are retained for 400 days. After 400 days, workflow runs are archived. 10 days after archival, they are permanently deleted. The retention period for workflow runs cannot be modified. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-workflow-run-history)." + ## Disabling or limiting {% data variables.product.prodname_actions %} for your repository or organization {% data reusables.actions.disabling-github-actions %} From 3d33913d8e4f316c715870595da67e4f54ffd6ad Mon Sep 17 00:00:00 2001 From: Pantelis <85220850+Pantelis-Santorinios@users.noreply.github.com> Date: Tue, 10 Dec 2024 15:46:06 +0100 Subject: [PATCH 16/22] Update self-hosted-runner-configure.md (#53554) --- data/reusables/actions/self-hosted-runner-configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/reusables/actions/self-hosted-runner-configure.md b/data/reusables/actions/self-hosted-runner-configure.md index 4a1fa69b95b7..991e416c7406 100644 --- a/data/reusables/actions/self-hosted-runner-configure.md +++ b/data/reusables/actions/self-hosted-runner-configure.md @@ -11,6 +11,6 @@ The instructions walk you through completing these tasks: * Downloading and extracting the self-hosted runner application. - * Running the `config` script to configure the self-hosted runner application and register it with {% data variables.product.prodname_actions %}. The `config` script requires the destination URL and an automatically-generated time-limited token to authenticate the request. + * Running the `config` script to configure the self-hosted runner application and register it with {% data variables.product.prodname_actions %}. The `config` script requires the destination URL and an automatically-generated time-limited token to authenticate the request. The token expires after one hour. * On Windows, the `config` script also asks if you would like to install the self-hosted runner application as a service. For Linux and macOS, you can install a service after you finish adding the runner. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service)." * Running the self-hosted runner application to connect the machine to {% data variables.product.prodname_actions %}. From f53f320ae000c4884e09124a5b1a1a26ddbb69e2 Mon Sep 17 00:00:00 2001 From: Siara <108543037+SiaraMist@users.noreply.github.com> Date: Tue, 10 Dec 2024 07:54:24 -0800 Subject: [PATCH 17/22] Revert "Update about-actions-usage-metrics-aggregation.md" (#53557) --- .../reusables/actions/about-actions-usage-metrics-aggregation.md | 1 - 1 file changed, 1 deletion(-) diff --git a/data/reusables/actions/about-actions-usage-metrics-aggregation.md b/data/reusables/actions/about-actions-usage-metrics-aggregation.md index fed1f480d41b..89780d5d760f 100644 --- a/data/reusables/actions/about-actions-usage-metrics-aggregation.md +++ b/data/reusables/actions/about-actions-usage-metrics-aggregation.md @@ -10,6 +10,5 @@ The time period selection feature allows you to view {% data variables.product.p | Last 30 days | Data from the last 30 days to when the page is viewed. | | Last 90 days | Data from the last 90 days to when the page is viewed. | | Last year | Data aggregated for the last 12 months. | -| Custom | Data from a custom date range. The range can be up to 100 days inclusive of start and end dates and go back as far as one year. | {% endrowheaders %} From d0421c9cf71f09702e989dbd654ee1a49dfb9c68 Mon Sep 17 00:00:00 2001 From: Siara <108543037+SiaraMist@users.noreply.github.com> Date: Tue, 10 Dec 2024 08:14:25 -0800 Subject: [PATCH 18/22] Authentic Contributions: Persistent Commit Verification [GA] (#53499) --- .../settings/verified-persistent-commit.png | Bin 0 -> 67465 bytes .../adding-a-gpg-key-to-your-github-account.md | 9 ++++----- .../features/persistent-commit-verification.yml | 7 +++++++ 3 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 assets/images/help/settings/verified-persistent-commit.png create mode 100644 data/features/persistent-commit-verification.yml diff --git a/assets/images/help/settings/verified-persistent-commit.png b/assets/images/help/settings/verified-persistent-commit.png new file mode 100644 index 0000000000000000000000000000000000000000..1cf5552782f50ae4c8fd909ff1dc9382b4cb95b6 GIT binary patch literal 67465 zcmc$`Wmp`^_s5HCa1S2bg9Z2C?(Po3-JRg>1WB;qu7kT1+}+*X?qqk9?C<{f-F2!43ifS^@(FJj1?<Tx! z4Dj>kUkvd5^Payy!LvdCxf*yb8|>HB5bW9Dzm7pme%{9QUD*%#0c$I!?f?RUN%r#% zDy~3!1_HtlBK}c8$rbb{1NMvbHf~=Q&hT7ctBoOpW>x%AC}{#EndCc-+#0bw;h+S; zP#ATZXBs-Cgb*W1apQs3Q$Xd*>MGX?^X`(zNe0&ttAnYxY}R4(?(*2}7mxH?jO_2l$!mHCf^tdd$fB=2IN(_v4<+Q?9y#R3-jtgTmBy zWkp;5ud!s3fd+njNK=w1&kV1>lOpo_LFC(}oqg1w#u_f6oy2T9I$lJ=VvTPq{?`Ly zWMH%~AVupwsT)Z1Ou{PZkpD6Xehmube4V9_7PAYA1*5sw;oH}-e>Wh%7&44S%y@`Y zDyisAiIR0-cTT%_+^@zZO#m@)TC>4_8WH-P3o&&t0YzIQWgFIa@0iCi$c#@JL@9pN z1`HEuL)n@Q!PD`-Zr}hDkhfj)IXjcj`_qX0?!?)f4srvrI@WCE@qg765eBN5GbD5( zZs8fdgT!w;Q4In~#8ZW2hW?cWRj`4gwQT#YL`LS{?KFV`O3g7bKC+Ydcjj}c!3Ofz z_-*N$@^Xtjh6a8ooQn+lB;DPfLj{r5_0Of6KQ9eY>ZqmsohI<065_5NB@5yodu(We zh!gIJrPIVbNwRl3#T6y_Rb;VkhzbDQi^#X%Noe7NiL2Ne$&shbfoBT-tADML`nJWM z)uRUe>cvEN5OF1I{c&XP?y9$7{-lol4Vbt>$O^km`rkDJ{8GFFg#d8~LBl3+NqaZ& zcfrfv`MnQ)PT!|S9QgWACnv&36^rvHaUd;an^)gdx@F@Ozaf;bi}vb722y=L3Bj`AGKJM}(H_ z?-cxUQN?QfNtoUlD)gCn{OQSJY{23uHZ@K+%l&oI5B*(?8KkId@JBZ3uaespe+nLB z|MSYh%H96I&+P~Bf2&2;U*aM2;wEmE`1MFXBjWb9j5tUVu3t6*Y^c(;nD^F5hw;?# zzl$Q)9uM;Bd_mgj@XwuMDqx{1wpy*j$T)9;1k^z z#Mt1XbeIWh(Q$Xk`N#DW@RjVbskwg-a(~LszlS1rNl#s|KzXYnBpJKz z94(T3=+`Z#)ETrM{EqSqb(Tc>OlbHB^{IpR>K~?l-YK z9y8r6@b0*>Z0KX4&?`TLED}oSStYb69NZg$UjxdTAkhdV`-b8te*N*?;1i8X{oOU$ z0sVuK1Ez)I3@S;QzRkX9Nj0^Gt^Qb^QZ0qF)+mSF(Sh-tzFdC4C-VnR#mk=K#d_U~ zoe>fo=6qb)wkc1pt0h-ig=adr1qdDt3_nT^)Jbv5%Qdup{mXbg#A7kwxGYOa2vub^bs;NpUQ1)=5d#T8+qr2#C27x zKhaaahxTX+>yQQWZoF)s`KHJW2U=ltd$Zf+ z_Ee#wyTN9!bj;_+>%_A&mYiZKuXY}jz@W1lb7n{SRu{gf3b`idmcAU71wJ0Hhnj1E z!;O|yn2xReQhYcTgT^fQ;rE2N+?ULPsb3u`rZBtzzxHW(!zJWxE(+ z|K1P;acy)go|mYw@IbpCxE3Id)2Zobv0gTrhcUY?(D-adNV!C9yw=Kq$>a8ftk!ZC z6&5M}uw0UtCb4@s$ZCT^PLi&y?cstM*tq4us$DGZIBD@PejL?Sy@<~jyFB=Ulh)o~ zcRF~nJw(RYl#oCv@2{i)3hHwUQRchD6&p8$gS|Km?(hxbvv1|xdrZ8Ykny8^{tZV6 z)8M1uqXdx}#6+M!iJGndJi`k6&7O1CAu`|VRdwFl-b`sR&^7F+)v-4Y4x;Mmy`GLQ z=DKmffJvZI6gm5v`^IlLl_XC-2UpR=HtIma_qH2DvT5Y1U<(ADnr-4Zrvv_Pa}(Qy z5Y*|=k8aal5;xEtMohyB>u2tU&tW4hsBG?XNLoPcJM*hqFXCYVI4 zjsb3SNNn3+yY7F2)x6w2%<%4=;MqBPci4QH+KGIU1X(y%@;BjdjmxW&LpOqwUF6wX zbKn?~w^EWE8kOXEf8mB`m9fdu1I^trolKMomO0WT8Z9>7DV$I%YIoS!>4G>L$7o32 zv9T2LOfc6L9ddhq+V(18UF!g!DZBK@4{;0U(C$Jj7^zretABp$p?8W_W(#mWj#~!Y ziskpiP-!;RYz?PQ>W~STKh~1nUT!rl%HQR9S01drQcmCWe(*mHxz98ji0g5umulQ){ITjV<{Xk(<+Urr;d++cZeP*x zP_{joI8?2X#(k?~pA!E6?x8WNw%Ay4xhrqcl%|-2q3e=Z;Si6e{P9&40K;E6G|6Q% z4N?USTjj8q>_nmWU;Dds!k28?GAO{a-sUn`b_U*d6U2k3+9tcL_aqySzdNvCo%Dx`YXp}8D|az7VawWBCQqnlxK zg<1;?hXeN-K6sn9>)<8Fco(82u9IfX4>l_$i{(#Ng|lFUVc|)o*3;W9?#{`e2Lx{g z0Li-E%1PyF=2azzIU)$#dBhBNOAjB^#?}v}Esgdp%ehYY$RT@r0tUT`)2nJOl&;?3 zKcsm+?VGxv6syoqhOr(BDuIpd^vBw$J4xX@;9Xtuo6nwnFrWLLs!}suuB%Eem780pxqQ#j`88lu?jxvNz-aEZG z4DLxsxkh_qx2JQ_JZmc(EDA-_^9?elPu=M=Eg$abG+7j_2$>6DIiW7^?Ew@vE!TCP z?As)Lczw}Xlz04ZKYSwEOa#QH9TP*JD@^zudJKG$-JG58(JV8kZ+&XAzoVYWq+h99Kb8KjaO+DUm_-*!+de z&h*ANwXIYOL)DfHk_H4=jv0w$PMXBdc9@MI?E8b_@;vE9#IiwzDL=5|(NS%P#Wi<{ zicBF|0>IMZh-9PRx&HG-Z+cFyX*qOFPneesmQ_1X<3{8w$uqPo6`NGn7%$t$6%U{0 z7B10+nOa)yDkZ+Y%s~W}6pl;7{gvwaDlj`Fc5de*4<^q$F@|lZg$=IR77vE|OW6Vg z6yuobwpV(jtNq=E*-El^muoakd}*D7epY&B62Gf~C(oM{l%9CA%m6B!LxCTE~qJeC=zi**aIF5xk0 z6V4Cl=#4hI2PSIlHhm4Pn^`ZchB9)}7vQQLc4Y>KISO>JN77g|F?B+*n2ZltaGs8s z-6Qy4?k~&RuD}MTtQPAc(^N?YREgSXHE)VNpRd^-B3aRqWci*;s>DLQHp3p&e(><@ zsjJsgI};;VMlM=g=Fl;&Z(~!aP#EW2oO0Fi+5Kxkr`=|+hkDDN$U&CgtxazS&;8vd z&coGxhfqm<0eBj0!$e=irln=|1GeuBWRgigFyZ18dQeh?%vmg^xR@S}>+v=rHaWQMHgZ*< z()@zoxXHX-4QY6rd|l1zexx>{e}92dWxF0-Hba|V`g|9r@ctVDL=u0-=@Dh^;Y`vc zophVS9XTan4bD!~S(Wre>|cg6 z>hb8d?tmVq&sb>;HSx`;-#*+dE=m^2;5)@r5+<3-ZSXHF zO-N`gO=*3TOo}^}2z~7BXS-$wh1|Oo(uo_0=lyZL@wl5IZ(}w~@kB73dda8#eBTj} zYd<~6iBM0>CO&-1k-#aWJ)56#27ivp zxpTP^{>`eHVm<`X%wDD&g4m*2nF=ik=U80KQ;wMXXyxVN7HuSS9CD}_BI^$k9hqvFKs_sOy zS}#dN-^9<9+SK)yYt~2EOE#=FInyE+$YhZAetAr@q?Ras%bKt)0o_9M`5WZy7EX1S zBlgh?BjUy<{(G>{LHxYvy8`=d3Eo{}qgk zZwRhxcqB2Oo7J+qt~Yn*WtjShM(dsx7SocgFC$M_o_FYw_d;S$Px$$n&fUa=Jd zH~)t2CSqrD@r>UWjeB_4s#4@wir$~BOLY%*Xu?O$#sKgKrx(nBgF!BX$AB@ETpw&! zc4G754_OljdAn7sPl5-RH~TrdqJ($t!_`TOOUWIja*_N0xXpfK&5Q0v;Aq5bj;UOE60fkwS|`gd>A+dBD*zfPb-m~Ko?f#q!n=%d z7o|(L{@_8fM6+#$nt=0)?6Z9rI)CcrR(y22Vq2dKzKsho*V`WksXO{-UhC3wc}HJg zpbzmJDrnfGK+(ezY5Fvfh@e8Xy&vgDAB^q}%QXfO6rlwSSG^CV9n#he-)ELX$iDN1 zl11?BRIpAtfT>uJSNFx9ud^x^huTg_S-os@Xsg<}I7yLDvhOn5xIHe7B^fRRI#(O$ zz~xLKElQR>_~0AE5x+vA0RfjpC1*4a{9mF7m|u*t?OZtyJ&CmeExm1^V3(L+BCZ)U zO_Ut6;l&Y$sv0r&eA9>*qxIm(IKf9G-o*f=_LjC6jnfc){R8r?yT^lu$LVkC%;k^? z`|#Few$dF1(uZ@|X=+Bev*^vsEa5DZz21RC;jyfi8@()U?C;vYr_V|EdO_~cY8NF; zqw}6xqaM91_exn1Xr)J#RQ1fM6`&i+@$#Rjb_k6yUl-e_zOUK|>p>bloGrDi+T?NX zjb$&@(ujaK`I$u&2DVc$j;^0klmu^WN|Z5!d?od?FOXg;YLXsP#Na0V{?9_>VFAxymSP+=rP; z==9uapVtB;Dp7k%ALj0dR zeo9}czoakz1rp>cdg`cS&H7S1W&XKkiHIuj`X8A$ORPP!bagahM*^Z=)3Sx0x;{S) zcx`vvac}t{ZECaRt*PGYe%-v#>v#Q)DL;uvZWI`u!PRE9aUp8-(@{Se9mw6gDhca z%t_DKz=h@s*BnZBx27*V7BA3QR_2~N9zAzau~6xpUT`J-s^ zh4NNEgR$Z_4!9}tGA#}#m58uoeJop6d(~t$Nn8hOzPG|q7ZuN+KrvoTy7Jj2sn~{) zJRU7+RBAT3=PoxTp)c>lY>xPchLRZ$t1V<6%UB5nQoTM%7zqgaj78&x)@F9vHnbtU z{cyuk)%Y6H<2NT1x(qwC3!>UcB)1)$nq()*XidFib|K9}@LS6l4Cn9Huq8SxK%t~v zDq&x1GC<-Da}QOvo?D!zCb$h=944;CV-6%cr8_PH3y;D+Z)%_Jgu%?Y-0>=?lk?Pp zl>L;APSoY}22PP+^?a_ZKO>hfkzDP#aR zsL@y3%Yvo%%!s`XFf<`-E7Nx6sZ-u4gpf!md_sdYa*%snnR2%k6h)iF!NzH7x`G1L4=<&R1;@a#$EOwhW} z(MiTC_Om*vgoCs_mpyWp-a8@P$$_L_$g#hLgxrC{O5jJwuuj7JYFqk+B1YXe4X z*`Z%&!&=Gi3Hicu&T#|>w+1t15AJkqg*Jg`HR<2Z1CfP*`=N-fu5G}EM)d%)sIjh4 zvA`0|1)y6`<-oO5sV;rAP&o;=vad4B%#h4f`k`u4bO~Ou)pU#?UdfJgL(8#5irf>m z0+9SvwqdJOsxiGVI@_Q+B~SlGWTr%$CNF`bxe~dk+~0h`cu;h*B!e$zwN+cQQ0=S# z)>xKo8%OWr<~*U#H@d*1m8Z^UsI5sc{U)c`LgycB4o+AxFwQ;#4xg3$IlWLk*I z(!(HlEC@U8jrfCE?E;s1-wCM2@0gcgA=<4mJK~=1FEu1`>`tR@_Q9OjCxl^>-)rl< zNFYya^lUCM)SWKvyM%?#zg=)lSsF{;XKNwkaS0Oe)zC$CIQjCi$dx+gop9J)5hl~U zoCW^?%6I!NtrYpdlsfV((chx>4^reRIK;JH8FH9+aOd@2#RYLB#1e1-OSoP}FXD_9 z2!Oxbu(|oN@ zbe8-yS2I7@E0~7L?zgw6kR&--q+ATS*etl_E-!y92kxf;CZPBAjavTG3ld?317VS+ zqIWiZ9rcHcuM5-QT+^;$Em5Ya&)kifLLOOju;3kh=O}q+?J}hC;G`10ysn zj7d4cp0pS4jb@P&EO7Zw?bD{`H{F{FGvna8(JlV$325vmy6JEj<0($$PJu^5D=Bt6h2i~W-??FpZulI-Dx91R8qMaP1pZWv>DM8`3tK5BNQYoP&do7 z|AEOMYN~S&J%igj*przR<7m&L3yXv16ivXB_JdrY&}V9=C|L`9?RFf(C+Hf*VC61O z=riKJN1M&6x2|%E?5_X^5DO3`vd%-bSB%c6@Nz-hEZaC#$eyd1y;UB|v~iIYFEQv| z(WT5=%{ud&D)q^kDx8)3xy(PDLR$1+z+rZo4XcxaaOoDr`l*!Rd@#r@W%=N?)i00p zUN2kcqyB7yz433s!1_ayNYdY zQE?_KB@;JfrIU3-Wnt^>visE)?GDE;g9fq{w0<$p^04X$#7uUSsK5nPwkenU6~O-H z3g=ixp-4&mddDVOD)S+B#T*=Ct;km!8w>^F4EOd#t+B<>v}G=X*DK!{mS0Z-f?g{J z{q5>-x~Y}we6yQkXcWD%({h~^t}$JO#Ln=2R+)q8F8xHEv}MOlyek*L>>L%SDR~sX zuy22k%3z-eUwgs+DTZ!m`MgY9lQ~VLKL;MUDi(_%Oh)D;ycqDd*ZDKqb#BC0}2VhNcQ9 zOH7w^lBOIT9jV-|6S0hctYJB-ws_pe*IC(&OYk&;_mx5{S0;cm5bbN_5;nA~iqKW^X@Ted#gePY^S05of9I;hZQ_;67Hlo=Dbx0f$ zMNfuweN1Awf?x1C<^8!(En09rF7k>slEOI~>N}vM5)+EnTi7$%(ll>S`v}FG=}#w~ zMabPBivT$g&cIzTvRj!*g=t`YDM$h_UkyND=ak5yP>YaFV-eQHM@KST_0TOa9l4_v z2v>54g%K#(JyxhRnQ!85X97;EMmHtfrSR^_PKQYsBW#yW(?Re)sGdNnH`|+JC9>SDDzVE8 z=1A(jPR`TYyF0^)9MO6s9MM-^L^mD8q6~SxQZTZj{wNKG8Ps#KIj3GKuy~MW?y-9dV zaF~ojaK~1#9`#rv%H>pTp}a1n;435?uP8D5C`AEItj&~7+y z>TYtLd92I4TXx;Cwn7HYk0k<-M^@ zR|NKod!rjizp8dcjXE=O<^tJ7g`y}FS?dm0L||OF1oOf$vFcL=b}|(+Z`2yQ>kmZ> zl-H?|A1{rcq%9y|Z>0=nslUz5m@)sa`Ky~EY5hxx%Br~mcT z0HN6J4)3&qBIQE3uqjL!*j-I>&y%ZJy7oC^umH-=ipt zU&S+Yw2sU$hS3ff#XzFVQ!tHlb&qOz1D2}ok6rDvRGS(J7R}sP@vw0-{=4f@$^N7$-bgegmCT(3 zWF_BFa#$opumW^yts=V+danFPFmRpUO2vb~LP)HwixS2YdaHdeCRq_IPNK_INE}4X zTbbyxhpc2n#sUQ+>+dAoxr}Ve@9+^L@7nZ_C`o-3!68 zHn=Cbx!wmL3MO_9WIM&K>qF2;|Kfmvbm_iGho8sReybo`0reQJ;hoAaRqi7i zjI5*Nhrbj16TkY07*i4iHiwcu2|L2CwZ<F1?>-9LHK^P{=AKXcdb7>O8B;?EjR zT!N7a_|LD;f995(tL{IO79)dTI$3gImsc!I;j#R-Q2BS={zYEps)B_+187<=7rF1=O^Gvn^oRVubNXcE3WN45A3ZR{u%@2FYFI{2IF-#WsdD)NQ!mnD)iXJRsf ziKoS35>M)vLd~OPi^||E#lRPh&YBpE{xZ+h#}ymMRolHtM)QY-`Zt2czX8KPA1kVE zy)_ss?E;dV7_VBw`E)G?`I(QC_IF?XciW1gfX!EnXh=jE4#sVE21$DF3P66=<);1b zrl10ovo}&^WJl({YOvQlr%1wSnwMhQiq*8a0)Vg_Tv32<2H+^Ab5 ze??$_+UJxA2qTAHkKeMgOtH3#y@}&1AQdiZ%6XSP%NN%3a)jH>b4{`7Wv=p63^+%E zS*L5z7*u+kEOGF(^!JOwA{E3YKI=%Qu#1z+d?~3;qJLHnOQxlt)pf~e36mKEqE0{k z>k{49Xl0drDV+O*p|LBs>}R#efP{wi-hBImDXL|Fm$$%M85a*=tYP2I$Hp?`c(HEa z?tHVvf&AZgAV$QB+K-C!6$6iPcQpKNPClr(V9Iruy}%b{7|1jgu>qN;Qb$S(Af7-y zJ6lrBCz(tSzby$nxRlJGyT9i$Qp6hN@I@+(TR7A6K^-U}S1S-byVi-*?D{;{uGmq9 z`>30!$Fjq@{x;mdfXBiR{*S$Cj}h=#26WlW`67^?aWQs+ApCF-X6tv<>#enEtWX1> z5R#JUG!Msm!cWGXV^XIQr?O zXXx^ji_=S<_#Y~%3o1VXHBwT|y1C;zTXTHQn#mJJ^CPC~?TA;sZ&M}Os}ChF&$l(M zsmcdn;HWv zViZ+VWEvGBshPUZ?dPFW?`-vKCsb+JhbZbCo<#RE43DhK7bP>XCZ5UNn5S64HMy2} z9`|n(nP3Kj_6p<6qP_##0B2ZQq%-n1&wKkgpx5tf>Uy;&Ki}dJO%$S+ut4|CZ2g_Z zZpaevqG2=8pWC}AQLokjrK=R{9z`1;&&$>8@ONi4JB8p%{xn~u{CKQdq9*WTMp~iB z2g0h^^S(-p-K8T9^Fpd!CS_N*$x&VV(cCG5*+%d=o6o?|0K7Kf+Q7y}L zA?Ubt-TOg&Z`uW=m>W$IofVTvqq@)13ZEyLJY%l=%>GuFLwt|b?WPhaLd;i~S7+)1 zd9GZAJj>F@V|6yhU7&lOG?M-rABoF0hMU*&yl)MLeet z1uC;_1aRk_eXf+@BWbi3-gj3nRvB-DO|SnHOY#}<&_oVfx!gPB8o$e?I~W1ClwLBC zx-d(YyV~caQRdVi4JB556{%(@mAOE9mJS6CjYL!F{gl-Kug$|L-$0RbI+beKmxl!9 zF-y?$RmyIh4x7c9<3+sXQr&tTreM<_Zoqbh7{l#;`D8klDny;cP=0y*x>mmqT$I;V z>G3F4=z$*MsR)zneFE}Txf-=aY3D%Az^JE4+27J^r6zQ?h0o`u`RU=%em=jI3;LEY z0unkXK);kwZuB_Au@i_m>)P{<%r!)&%_vVHLJvAkC0EiCODyR4u1(5x3& zKp&yc)O1yQe3wRT!;{{GQE{}#Nuy?_7r8TAidecJ&BRWbK^9D%82-b;p^gB{*9JGa z#$(4r=d7?oWHr|e;Nmi2HaN1P>2zY79*29+{BVi%rZ`A7nf^9av6Nl2+3ag=c2DPt zIY!skXF^O3rz6-iH`6Ix1vRRGBmbbYmfP!!DrB0R&EtB>+e{=iH!&6q*8mmUVU-Re zAf#lLIC5{4q>!yea@xu!)B5nBNwZ37;=?3*=Eq{Spw=7ZjVqqGyAn;`d?9O4K5zwU z5`E<(MP>fNqCRsz%Ej5=?ia1O8!Eo$vY8W|&vlYz$`{RZ6LNL5vV6|XKVU06d!jO( zFTL52B1PMz>$)y{zl!A`o#a#^pVQR*FenM+Fvgi)A0bs^p=_2J=b>@8aYbk@}hwBL-&*MNX`(}@U$D`M- z+h%-cB;ARlHGI|kImq#7s^{Dzjm?GNv%lfXEnmMRL(9hH0u&-15zo|Z>c1y6WNg27 z6#>8N9*t1av(c1FrcZOYWj-MxP8lp*_7Yq<>Ag zA^rda&B}hHc6OdA5MgAD7#+>s8r_}6mfgaBskrM{G?%SJx{lNcMDp3Bo8|pM&kG-w zO6_Zs>;Z72V*7y!f5EnbN58`%!}$3lYFCpucjoc$rN1IPG1OfQ(PO4TaeS zY`g~9ZK${YveA!($ld*C6puGY^>r`Tstj|+;w|KA*>?)odMAWF52@S*=rH23q7O)C z#Y_CFK=dt&d+wBY*5knD=xaHGgR*t@2z9N4bh(b#)^`ONNNO6@5=Y=ko`fc^2i}s> zPVPq!k1Oo`#aooDRjjGc231}78ODz{$C)FFS9oxIfT}qMraPJI)7OSoOI*ec=?<6w z*+7Gg4XR-a(Mx4kYclqt_EVC4?9=3Hp11nGqGIURw71)H(dZr!7DTg>i%BD|^>DLq zH3A7ApmQKyU-@7*mz~MdRv1(_Gk13irCy=;l@^E-E(2paD;MV_`@G9YXDWC$3WRRo z%asZhgd6paV%Vk)a0EEVebPT1Uo|*cOeJeIc z-vAj}HbY_I?SyE)%&)RQO|08qJ%x3Xgpn&DK~aU#7+rTNU`Tiua5{ahpY$?8BjmV{ zQhA7WJ%$zb3fSyDRJ8Ta6Uxx2-3qC~R__TVWu@Tbob@=Sq9w^(u>awE_#;d>QG@6_q|Ny8M3J(j7hG{t#~2dICsqrHF}rFL=^Br2hPJ0~ zyMau@$9}xeMh9C+o=vZMl@?ePy_Zf3mxgx-q2LNN%)y+!I=!ljujfK5jh@1%Qe4v*()2B24S$9YM_}xA=jL zU)=pqFR2|G=pA|bHol!#+r!2}iC{Asru-ZZj*egNVphH)<2*5$3KYB*%&w5{T!eH8 z9*S!F%@%4ZnQ(lD+>3Sc6v)h1TQj)Nw-kR0h}VSoV@PiDy)9f&(k&1^zCJ9*aTqxu zCa)otwuYNKD%!O4y^*-Zh6F@tb{K1iHaqps$Al`{V?T{-llTKf89r(v*Psy%TbhK9 zrv5jAjgQy@UXwFh>mh7iuDF&!81NjC@Oft>O~QLSoX=#~!yN@Y8EFY#7buRoYzO0R zXz3qamlbPBtCUA*H@NkJs8<<dcN>&_?fi zp=fa;9?@wzc;)Fyv;ixIwRV!t&o^R)ss&{VaYnOV-MjVyFJ~RhX6Pz=^;Up7-b8Eb z&36oivo%(W&J2*C=mv5G?`9w{n{1ul@;qqkDu%GVQXsk1ROX0M2`gJImq{P0_^%Z? z*TbtJLVjEGwTD(AbT(gUE_~y4FU;ejc1xtw!*lCctqMztpjuLp%kfi_dCN zGwlqFR;j!VW!UNEQDyh>J|imC5`GItCi{4UZzwy}CbxwR`Pr`eEsuLiUdl&dU27v1 zih(bCtFQXzK8scwm7nS(-kt?cDx02V7fd}jExyH%IKDld-wobdw&r#LuX_9b-#$$? z>};R>&l1HEw|lF(w<|bLZ1*Ro%)2+jC>rTLsbEb6KFe${ zXBnjz>Y#04JjW%#osyo$Hamzg`MHIAZa-HC&EIPQa#h>&vow)3P7fT_vCDX&~=s7)5b`vEvzrPBL^B$Vv%Eq2xxkWv%V^ z1&x+C)w$JFacD5{{P1bcOr2G~Opa(i5x2kVS?CF!M6cTO-exD^ccA;H)<6jHQ%)J4 z?$@a_$YYg?CkJZVrk%|hb-Rl>_p_y%i%#_rQ+$>6je0UxXes5ReR$Zr9JUAZ z0KUSXwU6>IZcMSA^p4Mg4(CGgVU5@L8<7h1_ke{tnl58$I0^IoqYY z61EDOXzjD+C708dg{HwwLbIl(ht`EDDL|z^zf|E_s zmIIkQ0M$to2`ZB%`erz7CX3n9yhQDrcf;kt6$~CdDTU0Jir(;u2z1XQ`O&p&`=MISwW-EgSi=zMSR;{H2{r%Q?h!zOm z4UvjS13`$FeUZUr8k@MXJ~#_5VUo{fpAOANM;K*S8t`GHGIz&k>+<|)bN!dwcD3R! z@ifEUHWo{&#$R!!sZmni-LCp*W8mFi?p|78nL#am0)`+=jy&uOvdE=c2vo=*-s zD;l!Dehc7e&hB&G=R)U#8nY=Ob@^tl;vue3cQW%obj9RtzgHBKWeu-nD0{K4s&M3a+ z^LBqtMtkWd*S7U_b(rW?c-W=E>qw2Vq?0(MPgvn;-p~C7KVlIixeX(CDbLsiJaORu zQiuN*?tFc~9Oci)D8A=GBX(0$RbY#Mx4Aywq$p{`pwjA>0Fc39(wi9@YRX7-!lXO~ zs;K>Ve3a~aTFk)Aj6yTmz5A*YG|@ zuPE2ia3mN6w;yt^7O@tsTHgTQ+B=d;Q=nX9I7<&?q2_97M!|?x%P8xqhcAVQfU8p# zE&rbw&Haa`&b)9`di|#6<}f7WH-1h~&PDr|?cmfieHQmt+Y;(umjaS>?OZym1APP4 zeyq5eYJv3L?Zk07 z+e1BUTc3j!e)L*Q$N_3 zFeIZCh1W#+RmI!-nKAm0vOdB2Qyw})#FAgcNTVZR1MXcrL?md3$aZ=$$|+rH zB`a+EKpRft+ko7QkqyLZsC1fLwe;cg^!9;U`fkqtqH`GjqH~IW(m4=R?6x?i*5<}k z?0N&f_~Mw)ckxa^FzlA9QbfT}b92j38nsOv@|A=o0t)Q0c(Y2a{)&x3bm_~^yXO(p zv2&85Z;}Xjn)ZzKqSsuLC|XPE}e6@YW(L6m7~SVG*8{W_b$spIh=K!PH2E{bEVurxMkT` zxp71C{`{N)Q05ln^b1@>pzxBqu?^w}E-q;?S3R#I6K|xXGB~B_nA`_>v;q4;w1dYs z8kH>@>s_CD()S%w+!z#I4n>grhCWc?*s^TrrCqphXty%njpa zD(yCLOIc7?=bfRduxNFfKk_Qi5Z`$|mOAWWc(hE#$Q-cF8?LOmi?m+X&EBG6Y63+N zk#F=^5)qIm@$21M0NGd&U369}R9?BF8l9KJgSAzm6*?!FCOQ%aEN9FL$z?9*@ z2?6-mFZl9~#1RX%0ZBROJ>!bsSamIznb5N@cW3Ulxi5qMdf%=AgN6@P=#4HQJwH2;9OL#WxB#8ApJws zoMQ}6S8EH7dR(87I32Ejm%2I}DsOYM!NCD^eJt_e1Cv`Q=ZmpJ-rT&oIW8%xHt{mZ zi#^l2BPqAiESNBCN0Wt3z!B*P*u2_jcJz$d)p3pmpU(H_qx(n^KI$I0*0;DOwysEy%nwE3)4(*B1~Xv?Sh@{7B63gd-{RR2@nfBy&se;_?I)g5|!jpx+& z*cpG&j;n=L=VBHM#~h-$Rhxt8hq1O0W=P;J%M--QSJO;yi5C?gJj3FTv>=?T%gWZR zg^dXex-uVtd(=7!y=yQx)y`V)IvuE7YgK*B0AmmE46U?kSHRuE0u{=|uxBBV_$w=E z$K)Q@-f|274|`wPUPabKJA{N7geY-$C+9Lr=5(au`*5E8YY05l>;WBUBPL+ zF+Y`gHKm#o=*R2l6V&e=fa@gRb~&Yb5!;mtF*9Zd#Q7UBihjxhQ1&pJF!s>1m3l!; zq_P>;pIgM~<#D2%#4WecN~6IgxgU$|T$Qk{U3aASImw~PHXE00!kRBc)S9CNab49; zu-mTYOg6mdGJ4G&KUc6jv@)#VS3n%JgK(n|2$!v^D=5XjXDT7iHm&MASSd(P!7KC= zSu6^v1s4y%x3Sb-ji1Tq9tNZe8 z6HWs2{~+SuOAk&&fGP#d@?|V_;$V7STC}1jZm9vVp1-t%WZ4~#$dp#*Ac8J{m`m~K zU_k)%PN~j3g|I%OAP5503&E*%m~qqS(qG^yTUhpDbCvpT=6Y#*SDAr3(s;5^C2sNd zNCIr|CDc-GsphvviEoe7Dz4o;Qced;O^Ut2j*_%91|ttj0KqtZjOY4*A$7Lj8g8?z zjv{_zt*32=?IkYvSj}?ofY}Cs{jsJFqCE$=I(q`K+hF?&H6g{cyJMT?9bSVc0$fzS zr<_hOUg6qBvlBExQj61hfBGAB`Oq2h<2?@*5{cNE%x|}a7NZt<#dQj$8hU21LG%j@ zqxZfKKmgniY$4y#Ywc!eJMs44bwEZ@^`saDFJ}U5|EP?z7X3;uYnOZrTr)Gz<5C3Y zW>lq|Xe#AS(FC2nHGi|Hj9@G0H?$OWNQC8TUYil>8QKFw6_RNh^yUlTHi_AU+OsY< ztB_+Au=GU*!{RSh{IiF7)&D4x*3^D!)>ataVm`)g??rF)nsjqxmBZ6LU;M4F6 z_k~WU6`$=FqCnogd7vVybD|&$T;aL77t8T@u0$*V?)`)^U*|mpzx71sT>yaO4vw%$ zUJKSU*9({5kA~w*@N6?fD(Q|_O1;F#h|?ZCWv!pjpEgbFgpMI`Z~I=&wplMZ&{4HRZsy!6^w%>1dC41)z=7? zNHrqHo4^PlPj3V~3uANR;A{h>Zs&eJy0$|Bzv^~P;xzJdx!N^VzMYqORP{Dtb)IW5 zGl~zfs|VRvp_{c4=DK5jEcl3e|L9jVdXO-l^Res26$N|9a#O*c19hAAbvZ0m<$>1| zK&PU74heU1w=@UpJqG!IEHkR(k({P+sUsy5ID2)uKi?F45%F{zKAvk_ z#3cw)lvo)!I}4)i8`_oawsF8!+U=No?e)!~+5|JHbu1e4r>bNfcqc#y!MMhte1=wO zFq-HwSBwGm47{={>Esde^$vuvaE+?pW7x^forfmdl4UBVqsSv5-_szBe4=6snif={ zhQxF!k3UzV0(djAkp7rJ(Xn7gU@oYb@d!!V4vW=R$O2Y1Tj*n(tIDe=HqZUp2Ae!B zX`n(!$FyDFV@>}W#nM5m%Kh83%h@s=EG>{fz%X|tCjdKoiy|ks$F%C$d3|=%9~CLt z(l83thATBudS`NKgFYm`xX=`%PIV=xd3Y7-22a=x_2wQR@4d~NLZHLNU@==Q=Pp;} zR7Qy+|5$q5oQPXWO+WV7guZOK18D;~E-YJCSUAS!u-{qM?gr~PHq=(?WkGdj^BU>o zd+8}#^6L#O&7kaSPoQ9!m)dVh@+XiEK+)MB1uddwDs^y{ zGUR!6p}_tw5{37OP;a{%xnR9-2B(OsgwU=H7UV+p#9}sAyg*69p|<;-bf_cPmh$9r z8Yqm1@Etk=&dB_yypSg)@OdTc4+$Umx1OWi-#YCuXD|kQV4Iw0bhP6ofXWaF)Pykb zd;c_GFMGp2U&$^Mf1 zl6lr$L2np-F3HMx{iZG_{EefwmB;0bi?H0gy72OY9QC-&-I9=?SpJ27uhH-N_nY zAAD`U%uKwCt`Zvk{@SAsY14lQM1{+NoszRAJ6{xhy*il9BWy_WL=XU=X_^1an0VTL z_>H3qT<1E@);A(f^apU82woQq4g%!<%`5^sDwoywpxCA25C+b)f(5AijNOjFg*tKm z*|$H#JHEeUG=UZb`eLh1UYzxMDF=s04Mj|G1Arw~Adz?ya#Ox5iUEQDu!%oMjM%`bT$|Y42_Z=B=-^Wm3;}B10`Ka!rW-MU5p$SWhyJfW^*jME=>7H3NW>&0y@`V< z*z=;7#`48BL_pez$h}l`yYD~$_667~5{ZNr84LT;v&|1oWep{2ExnXsKVdunm^gp@ z8;$|xjmzP-kSGX(tLwjDDI!y5jt#=n2kKQ=?6%zlu&-ao?H6epq;#eD{6}XM`0#!Z%f1|@ z)&-5ERN8FQaFwB<$l1;fDUa1%KSq+vlB6i+DTpgy?OUg8@%#Yo{?(1)@L)~X*x^hj z-y#7JIB|A@;v$fG5LxxQ-Mll7X=XocQE!vd0E(KIO>>M zxHQCW@Dn`yFAD&MU#>#V+?vw%wtwJNuusiiV$D7{3=$0V47Ad_4?rG}*uk!~OM|3H zp)4YXa$3nz9Ago0IFY$_5azs=%#eQC7e_ng=fZ5kYr>b+@7VXu&RKP3;_nf)E znD_VD_4VNI@GLT4s*ZTNA(U#gt!~qf{Q+e8Gdm>-rdoR#?FtDe5_&M3BhypKy$>N{ zdDIEvsm#7`^e8M6yvv*hWRdzu7M(X{PNS@!Ivv$>q&mQ43O^y#?G2sdNxk=xNDud* z1$%ObaH-M$i-_~b19%%rPj07|2O)B_PDojpOo-U34D94)oAr`R=UZhf^#)_fAV3j> zf_k$9%X;6QK7ZGATy%I*!^XD?b_<9h?L|@=*n>W?3J1_}kye;((GDTH-8_>_`aO6d$R6Sv=BGCgwrAVSequEM?$zl;9 zo>aG2d5ro*b!~4>3t-L5_ehu{)O2vToz&93Jtqq6TI5=D)!Jnnv#Ge>%$0Ji_!h_S zL8JLVkiZZNx~MK^h86_rxLn$8+Fray!P?!?KbQG?r=WocqS8_@70SbWm=5K>#^uyi z<^>?kyynH4gA}xxBVlC3V8tR@)K-9QBzZhfnSAQZd+QL#wQh0~nAYfb3J_u46qml= z06r-qN{nnMHph|lz_=8#mZJFzhE@kcS~^?|Rx7!5$7<3m(Z3ed9~WL?D_)fnGmUn6 z2Xj@55=8Cls`*jnN90=_~m%_BS$?Y9(|mX0tSO zbe3NcW~(gPxYyFC=k5EB{Gs+aC6Cl(>b1D{7gAZR54;~vx1CZZcYGVqHm8?ogA(AR z!ORCjc#G-8uqoIUEI3iHj@06R_LhJd0UV}f%gt3&nq2vp=TkyW4#zReG3aieooceR z8^#p45$zq~Wb-6A1}v@DHiRi@gI-U^7qM+sq7-c=!{F_ao49=&kC6WWr0J2dfT%1s z4Ze)rMQeYGX<(q+W`2rSTO|8Sw5;t+HwDX3cEQG5qUJC;%TEj+ z;r{L%dBLC_nm$%N*%*r84@3@}e^ZSH=I2`^{xL>dw=0+0T0O?3`0(RsTAN|d3hzM(A2$_2 z=~jFUW$d&9xrgP>2?CoXZ^I0kCm*3~ZhejtpfL6B!#4%B*G2aAsq9RJyR`*}xT8Id zu5O;)(dE;UuZ<)%0_4G@`&XZ;yIqSG1{40#rMzHn&}cc&C{mWY*rLL?i}-xB3^kraW@D{O13-PPbSi$*Y`)%nrg>P#a-u|8oZeu>G%3R2Y$yRu zxmG)bCSS41SH@p=Y9JhOH2y3mjU&JC|Fih@dSSl zg@o{)QB4G)P!r8o>c>>k(N&sUbF(@2$m?zv)*$8}qvZsmp3a(-V8~++Ky@$qE6}ml znl6^2faOi_@uLCyDp|gP8fIZ-eRgHqHQTl)&Nq2ig}ZoVQ6; zwXhz(0jmaqMSF1>bE7V%ZT|tFBF3$y%nAFJzZK-Nk*SQYJIj&_SOa84*@1$QB^m3} z>`hv`YmX2RS57il#QiRycO5OsokSU8o=>VL>I{j`WG166#$b;JD&epXl3rjmR-z3j zDUJ$+1_#QYGzlVb{CwUpp{#Gj{$b^aJUjq(67jBRf~z;I&h?^%gW-d{E0)@15@ zjns=|(WL1wDHh};ChomR{@iwMgGvJx%@=O1C)#vGvR=kDD1+*$MaeQW*+|Y-9%CKh zWkqKywpi^Vhv4)#RoU;MLwGZ|2ssN9At24hAPl05vL?5RvIIwLA=n;CV-db}RX?yV z=rdf(_RLvmX9G)QHd**hnA*Mcewqjy6pc3iT>*gEbRjc_FaJ#rSZ$|v&lBBng&xfr z%VXWJ?rA&>G;e>nOr?Xx!c;dolV1@R4K-^ivsI|z-@?CL4-YPX{UNsF5*g2x;>sh- zD4XrIXpGqjILZ%jn$pqjFoYt9b*x^1BQ`Y)^NV z_HRZeTL-NC?b}GzhN$|$xyKEF=c2(8h{a{UP?*~F=IuqM@h-rO-?V{Wr`{`kgq!*Vdag%^suD#PTx(Qk|S{XzqFvElx89fN>-EK9TvIILb6i zWGXeSSK(pPq4i!Y$OrTGKZ6j^_8E9(VQtm+W=U`8U;8vgu(+6}?x*LFm!KN2fuTs^ zpotRoMMW#q)=H81>&Gy!dW<=U%|H|3_wT*c6dN+L4w*JZ26M$#FX9aVKGW#-$n>F9 zKbc%OO>S)}wK@e&ANd(pB%%&GN%)h57*!zGKu@=lHBl@W6-)YC=pJmo;2z(KmA8UX zxMWBaEDOSbPapAV_(u@#2BqcT&+i8W1;lE5@&zs-6H-B6Uea*n#Fu;o0?E<^+0q!| zK}B|CP%!5`yOAixLAy7`G~^l*lXiBM4dTO z1oQb<*Oh})^;eCa*V03&PYz=aa!{Rx_ zfu41Mjr|cg^WKq!GZbBGQ@bLqPWrJwtB=Owvf_hi4UUMfqC+f=MsLWh6qU%Se+%Qo zTZ-^_ph!bvAdd@izIg@1zBdKACXK~mB@&9wgTE^BF(cFs&#WlGYV@J>%(pN? zARt3YMyKr(8p$MSlU*t-2PLb$vcyio{$4f&fK#5&{nl!SFQk2De>Z>T(D6Oac(9Mv zVEtr_mcv)SWw(~Twi8nypHf`Bh))BQp`E;YOny*`{&I_+8$`be2&4}LdQXUtu=$E; zW}qgJ$n{yL{^OPY_^22HBw`d_F+u*ruLAp7OTuzhGh9)8K(IPJNJIv@lIw3q2^h9) zS+MV*a9}UDTU2+PABl{$6U7G>fX@pX+AXDn`FCUTy@4obRWg;bWNL5SE3f*o7&n`Y=|6C->3PzG-O1fm!9v*S!py{ljAF9e18;P z|FjEuAqY^mkl~E>v(3qJLUF%btBsfZcYd~2Kd$j6;ZJ}- zS>f4x$y9D?R+%5){H!C5hYY2=&}`=yO)jq%n#M^DD7oP`*&m0bIDD$#7)BuuF)s!H z0$a9fgBM|K;ZLva?KV!m|J5D8-%%!z_ePS3Hs)1QU7vx?b`Lqr+a!Q-^<|attY@01 z4-oahKId>gN?uPU{pB1X3XcS**FNcKd&u3EYEjWEP$~_U`1Z8zbbG%X;sioga+E8P zd$)a#`|kn&{y#!y;KgWID3sAL`$h7R0O)OB@{xU7G}cu4(&hS)Cwy*e`1Xel_+xAO z=MGo^$j-cvqxz_q_};VG(ROTHpeOqLf0DZYXlsF|N6yN3(f?@|0s?~Ov-qEJWq+k0 zc)?d{*nBjM&kR>@H#cz@Y%H^cDs#entN~_O10c<-*8E8tU<_u1 zpn%lZOLTgn-e7cMK&Y4AAQUJ}RSGF7DOC=8V*ev>{$r*R@p#&1tgr$a)yY6<0RX0L z#^E7j-z4+6Yf$oqVh5F^QmZlpsIVkmKvTlP`8xym-%}h=NM4J(z zj)*{*lX>n~zSj;3Ci+UJ5gMY`T(zeccqs)a40k#( zO1)`BsMW=h7>L=ScSG%dc{?v&JaGWXQu8bhSx8P!0-I`rjEr+OW!_CgqSPv^KjM&m zvsZ?`vnqhSt@vKRa!dylY9cUjdyZPoEcL!TNCYA0dP%zQLIcSO+FN30<=f*HeNszP%Z4>k_6bhf z;L*s)(1_c0eUsyPpwJpZz2kW-!pp0v5>@->@7iaCqw-|xj<|O2aorW@>S)J&wA0(!4;S^?ea$i&)Xv!nIW??!>`;x%e-y0|h3qgRqc}RN-S7sW`II!8QsWgr_h;3!+ zrSLmN-~a1Lc;GT5p1K7q^;YXI@TYvj!d~;Bz;*ObVP2OlIXLkZG|xWYPL-|LhIoC$ zK7CwO<6q^qzVs^kF|XJ5{>rQq4Ui%@zOB(VY;gbfZm!1pwNEt7X64jG!Pj@p>I#*t z6$Z!LbAx4oVJ(cV_w-~d0K^mIN=?y4Vg}|Aw{8NEY_Ck~zpBpC;|F%-48|FqZ&6n} zk7^90Qe&b}$c0lVIuT6a<*jayNE;fW`S@aI0B0}Ac7WYZqQSf&fpLh?zBXa;zPds>@Hg9RX?$BYoSHaLQaKUsL$XNAv)w>Mp6s)D1Z4yzrBbHo3 zK@1!YN10E!u6#{b2UV=1a_PL>7!SL@6-u`hj^6?}(Xset5ay;R>Tphfa_pp9u4F8^ zY+@_UlaGx34t-0D^(Muuy91jp3^J3x>TfttGOKVh|kmN7+ZCTo!WZC##SX z>kS6MItRt-b)I+47l{!8Jx4^i)uvygeP7;n(~C;*h0I&Mw5IxNvHw^brO-r8cv=3` z84UXMm1LH#P0;Qi!k~4!mDXj!z$!5o-$8pImn&3it!ih@jM82y0rFlnc?yT@O>*Yx z4E0U6&bg%G_FeS4LuGBMfVlPONJ>+I;Bj0u1YBrMGP_;k9+UB#EI<-&*|Cks_41Nz zkxHYsEeyNtNW87Am_3EV0-worPDD96ew1{pet13H^(T|`M=RUcCGcj+S>d~p!1n!b z6!5x1NzZh~VlkbHPruUM8G>ecsw1CAo%V>vD%n4RG^0Y!P}7c$4pa}5xm|siT(+O* z$<`Q8r90V~u*I}3UlVS2uG)6Wy=5D40@o4XaT;obQB%ofB@^il`SzJctv@> zDX&zWoxKM4aWTx?Ad-&Vw!-Gylk45t{#Sd0H0NB*5S&}$mdiH9n9V?LXqMz%2K`+#1HGYt5ZHO}A_=4rXbg0z`YWHuT4q z#fr&}x@8vuRpwIZ$71E0U<{^w14XmJsl(n=K~_SK%pV+m8=lt8kmNoZr6C{Qxt!L>MVI|nDO)a*6Wm7s6sZ^DYd4v;}2o!KmdiN zXK980I1E)do?al$oTjeTT5ms0j{`w*dGIwwg)yu&tUdklzEw~(w&d*{6qj}PjARls z_2EL}*Ydv8%gX>5JQKN$Qb{`!HO0YNY>onr7WTU@>t>&B*qUmmZ(4`Ec(cBhs+t9h zH{oSSXot>oewalC`=@7wdX}l1x6+=?$=%H{lT>*|iBH_xYmB4w^l+Q65+hRWwoW4d zGA_Vj*-`e8uzoi!Di3`!ZExZ0Ox+xt+k>ze2Nix{t4+aysrH->2~U{r$@i7f#mt40oui8xhr^y08Edb^P1KUh zI@8(NS>`6C0tO7MlEy@tB5AK^qK-zob^+p5DcM$UPaq0YX~3DkKkU}H{XK*d^g3C& z3-5rk4ZAXk-C#5|r(j%vtnm`_pmbA-mOJbm0#de$CeDVD^ za_9XR60yYjQE2N^I#DJ6nmoKvGf)x9HSLHT1?J=tB=Bbh#MTrBSPTELw@7 z3(Dk#Ivd7aVlvAdqiQfAGuoqyu6&jzY|Hd`$8Xr#EgY+uSf_=sDi4J2i6{4H13-i= zO-lzdd&y`2$I8W53V9L#Ee^7rLPH$rxcoSK5;C41K&UMhpzZKK_ zYG3xrrDNmxxNNK{^kz%7iT%{>xBa+xX>MZ2t&b!Ixym9Y(Ar-dtN4o%kJS$ zS8kp_WK~L&GP539b|2^VZzDtQ>7iIVgdRERnytV8o6?8&P5c5Cs~z5GG!s5y5ZvKQ z2oO-jVts2^-I?LiK<_<+P$3Kyg%1l479HA;W?ahM+a4RR*be3s_j~Q!hZF7W#qTbh zLhsy8N}YP|z$;UTqP_SvpPw?eqtNzcbY(CmlxV}p@eh`A-S0fyLh1EH$n}ASR8TYB|uCYrw=E+vw*!@6FRs^OrG%cPwUN2Dj%80W^O7)f(~Ogh~I{rfz5wpqPYzSN;uBuFhV(NfejIiVqubGlwsT zApgC{@xvb~^V?HajuxBj!$!)~oX()HDk!_&QH)IOQEcv~tUHif-@nRZCOe@_N^L&R zv15;8S2rG*BSPXT7utv<`CL^Br6Vr1yHo>v`R!BsIB_Dg(T3bsVY*G8J>x@>Mew*q z%Y58;n|?Z}$wWGE+RoRuB<67wi)Ni<5ZqjM-dV2y=bHYRQ=|gje#B^QSEn4y_?vB_ zyC)Exy^ep`XEvMd@lUb`Axm7T8BdQ(EXY)SSBMz)6GzsL*4r|m05rFK|pbrONus0Zi_Q3i3No9^%jR+8ueuyBV`arSzV47q5Pa&G!0RT9;Qu3Eto%b zUtU89={?crF&^YFWdMfK6`)EuK^kjw5K&7FJF?&caB(hm&$Nr+v=I1R(U-?B4gMdT9<2%nMK*-E_pIYQD2c&vH^eb zqOb@Ull9%J9L#_De%?U*6;u20Zj0gRY5fAL`>PZp4jC?Ht|@N}!(6eaiCS@>EM)fp z)zpaw2VZVG6t+CuP*`6Gx7j;G$7AjB^=3HzGjjE){qdfya+T^3!(t~^exWVJf zV%yI9b@c?h&39?2?5&uTz@WXFw+aW~DPs%Dvb&RUcSA8-@YaN9%o!0 znWgDL95LwAsg`7m=(vX!$j-J6V}tJ3U|Woq4vgfoR8R)*1)XNX*xrCTYp#HGknCI7!3z)VepnaT=v^;khZEuG7Eh7HA)E0uDr48yhM;3c+UC={y*;*So_r z8Kl}!aj-pgi&i{f`!4sVWNdtd&rHNjIfN~8NV zFpDsq#E$A>5`SUg@W8#>yAXw@VBoqNzZh}QYBUQ8&EMujOn2AdqrvtP{nuNofQ4xg z!jE3Z(dhu{$zW1}eck1zVb%XDYkWih8MiishGU=~drK>xz2fZTZ&c z%=GnX{>$Qg&xQmD;|Y+n{)PwxiHnO{TV9_n)7Lo$26A)TjS&E#mObLL&w^f62Lw02 ztFu^E7=Sap`%lC-oETr$D;|Iu67f_MUytc>PlBqw*rZKeZeo4^jm zc6$VykLs0@G3TcfUU`8zMJ0PYdqDlp#nlz+h-|Kq|C;nq5C6{;5}pylCn{tt3^rsG zmD!9zT}tp@K9|THjGRQ=^voUE`d3aEn4%te;O{$D$=QrZ|KkqmV3{jI^kIB2{$sv= z65&P0N{x)N|Mk4&jl{=;2_-rw)5ZJs5B`4x{(lerKlFfxus#tz{Lib>Q}Dye&E~l6 z!x}WZ>n4@Df3uLHh2Yqtv%@aH%yQP%5hDM7wh~ItrHJSgw;S?GT#U5=O!i8#BRQ+h zQM7fCHSX_rO!plyf&16!`tf}J%+3Pw$jJ#f%~HMCyu?wadfxTd8r5msR{q_02p%#! zBa0l!p3|42w!pb8F$NdIy!Z{GQn%^w1Bu*KUl755zb7~eFzLZxP%Zvsq3|l8-!HYk zE8=JQ61zShlA${o?gOJYDCsyefY+q?+wHwR5iYHT7n7IJ0u*nD)%_B7qtiY{N?0>* z-V8elBLGRUFNU3e|4IHOjbII|JTXt&h1I^A@t;qa2bW0+sy~Rp*1qx(GuM1i@wapu zd`g?;W`xd+n=uRZQk#e}+RB>Vd9-ej7kxBKP`xD4MHj2pE~DzuK{j^YRiUV3-eqoY z&%RUxXAaWc*jU?lhlnSD$cpYJy{ITPQXG3t3IiufCG+QIC`I)@v`CP^b2$jc%9j1K4({Ksm%P`<(k#c_E}ps6O$2&&&r27|&>-726xfxmumq zDO{LOQgx_k@ln>BLlP(hu}=AJ*;Z$SKu2y|59xOQWj%Odh)>8+uw-k8nYG_BQZ9N> zR8IN|ts%~IPGP~?)5?A(i>-pUqgZCQf+SKz1q%yrS5PoDov+}~D4VIa;u;tZgo^y{{3Gq^MDuH0$+*s>SrMNs!myp8W&A;#ffkaKDs$dJw9pE zd5-81Lv$6c%L>iceh@phpD==>`P`fa7PU<3aM;ypA%js&8nDI@nK*e1!G8rIC#*=k zywWM;Ij*y@nF~Uh7B9Nrb)2I&Sw%W&G%#!mNqY(&FE$Cjj&G@(&Pp;?Yjlbk@fG|6 z96-9;@mwt>Un%1unmB0xqM4%QIE7>55c~Szox=^zN0?(2KWCTt{Q^w-M>eN5#^qzS z;~Y$d|7ih;q|soA5X%3}luQd)tLvtsFFka&h>e zTz}jR&a}mn#P*257a(4dpJy~0mnp@XEfC2$i=O5A{55Tf&3zRSn-y6Eq>TU3flEOQ zSsy~ohn{#no9OE!4u@MLoF5Lprsgt8q9X&nPXS5^0Up8+1%({x_vQQjrM!9R3Cr1S zKZ`&FnUa&^r|&#|!;wgIptZd=Kj#a5ZASPcPK;=Pso!a z9K+Z(vdZQofF(aGfASDnR5b7vDbMhB&#pTc>4keu7ijfB!t!CG09@9Rw?dnY1voxq z2;&LeEYO!q`QfnFCJe-2Gosx%FohEemNVq*UiW3SoN%Jh2$1jeYXrrZU?qKh1agfV z1><{@*&o#hqA2~ONgo~{66?Oak((k5p7X5KnLcu@zHa}xH&Y0GTj3?JaY~&2ygZgx zm3?aHtyRH2DZNS#Ss}r}rU6bZ5tBz1Njf@sNBVjhYsl-QAnSJif3{ zkyb7MBc|BIJQ45yBWLL8K1o4qk{@Hb$Sq~P9X2Ozc9@Tew7hu~Q;SI)OdY#Rcg#q+ zYM=FZcbn2zzG%v~khh=izr++x8-9DIYP{f$F%=+d5K=l{Ybd77Fi*)89MxQ9cW=($ zu)4i1h@TTEizC6}v^Ine5I5lztlz&^%T95IlbRjt3CVRhTBsto%oGVkrV$c=K}r9n z1nuBoLI%tNd4t%}o1{huBT=KVY`VFhPTTT zrFuG~If3Ss^U>nGlvI{+ee_7Gd#Wh`A1ri=(kge^mQ%=BlM{pj{#v?t;E^bvW~2@U zr?JDbV~6#ake#o`4-R4Fn+VuoWa=oewVSsgnqtR}#_#1*^mF!QH^ESJiocbUj;e*G z)~7aLnCGqVQhl~67Grh3Oy1P%Ec3?PB&AKGyF#+wZoB_F1$*u2as;zxwbF3NS`&AI zwU1h|Yd%gSZLtqG?;JMclxfwXf*j3}M@MrIN1+jq^6cpREk;v=O-u|KJQ<3%jCs1m zOvL&OnUT`AFbq^Vc@%*36?&#zh2}{aRwWRq++h{EXkKk6f=6j#EMJ!0l(FFAvU?`q zXt|nctr}4ONx5M&osS*YfFDg>Y^4<@Q%GJ*pQ&egpr3>`~vBbN{V3r#G&8B25mE}GB z>oS*QWHvOZQn|A0uc0Z#{aB;KHV%{I@`PRuI*W+-d@`4^Twx<2h46zpaGc831#C-s zigniz3vejh7Jri~8Bb^mC;zr`z;DFQyzKQy-|#|sorkx%e`soC`^b1AX+#V4` zyLY~tR}BK+>=#I&zeC?9%+fZ;Gxt?6--&9l)|C}Oyl}q_Y=IplR^T-R5dTWY81tPF z=S3A+EA*5c@DAW!r;6({SPEbyIihc5&FNUf?(1Z}EYw>C@r7Y4mU3&wa46!T^x^7G z=0p=SfGG^TazI9D3v59fK+r<2>Puw>Lj|Mv zp&g{F)($rZj|h|!p~SV-5S zoW>Y<2Au9Dk-wJbKre|RIMcHN5)whgIrtY(A{gIGHj_8H_0xOI? z?fR!un#l2d58gH&Wi1fc?bl*E_tBXZanKRtY_diT)Nsn1@0^4U!Fchdwotbu$Hz|3k#O3TRGh4-*s&fM z1hq;G71pP-dNxQdT*5Yz(3x2;#WHEU7H6aWjlXz>{Ub@t3no^wIM0E>`Jh0c{2QwS zlANuKDh~?Iq9+nnxc@`~!3Nih6I%1kA?ou-P`fR$4}1TUavodW(K$2gDcn3;TZCo z&S42dai-V|5Fjyrc~U^BRu3PuVx@%{r#5@1;&Ai%iEJ4)8=y?t&*`f}&Y#$9Lrwbv zYfpT4JWugnc=h$o(l%|B8dhKb5bAnQJvOo3p4EsKVF891`TX$k>H zlgp?uXW2&YH#@=GZ=hjwS;-_=z1gDGj<;zf%p3JBnlQ{8O_qJv4ud)ba!bF`+$gi(`TOd-qjb=FOqoGumUJR zJ|u^JjaVloQ{`2l=+w_RTDn(%s<4e#^nvriCf3Bo^%6FMXOIZN1+hw8?ts|amRD}Lg*4pHU1msUW7OJkgbg}J zzcM|w$#G}P6}zZk5^nOXSP@v>1yU;r;Jj9Ngw?0jN@qtiKg_lEi-B&EIAYpE8C33` z0l_UOD&XAsP5GHI54bir7YK!d$uX082X0hrdcNjx5AL;yFWw^%r#N+ZO8kr&-T9l( zF{6tB`Ku|cC85Eq5`{~r=}(DXm0P)X8Q;btTZ-foo*0bAU$%&rP4Dw7Khlr)2jv+J z&GE=Nenza>?eCNiW}gYzkGETgjfgY+db9~1heQ3;ie6x~>$H*7%iZh6eS9=^^-vq( zmU>hxI^=XSQtcsQG^V6N(NJ4T=5i1U zTW@>x?D_6U$^6A=qx)_F9CgUCvBlG{be4#KEBcdp3#ct1w2&@-Fa#zy1!hykW++I= z%cqZBArx-7(!V{S&WToMZVH~}VKW_41 z2Gf@K*rk3WM<)aSMdG`03XRWjT8n=QofOH)iPM-nJ`+uH3GP8GI)}B`lIp5*~nOl$NsBn z^K{AVt}kBU(2K2CEHE2Og|RyrOJ43x1t75uj!?mjp6TwLm$}QehHZ@_d-FDe~Ty{%=9EvT{koN+lb6H71NJ=N3u`sE=9V(_LZd z?;e+B5Wdces^DGunGnvSNj*^R>FWjp>@(_|4;?*DRd`!!C z1@UCLVToo)^TcC~CWL{$v3jAD8Vv~;yI;<|x|qiu4>n1lQPX0Hh^J7@%{%(58YcaE7yUSMYvi+=uh1a26=nQlCANp~V6E+c56XPLbv1D0B zbKy~Aska*G4)?e7(hS7xq6XL=Xgsw#_F()9PA)HVWUv&$U~xg85MD&NlaaqEyYovm zp6MXIh?nsf*HW{_Q^2Zd~tVvDlDoe@rGgZG zdEnJzlY+kCrti|8wfeEuY_0?}OCvzIHXds($ynf>BPAnBWHQPxX0Z%|Qklq^x4GyF zYa=r=Q9HgrcApwkJ-*7pb;r<|y#P>A6AkkW_5&dz53A#u%1DKBbnNwCJUsb#YQD9U z5RjJ6nAnIHMUU>OitNx#58!G zT(UD3$lABuV<@7fx5DecoV87#>RJ?TGR2js@V5mg>5{ROXNLZ!s**wH-VbxP5fou> zwpf8&ZlcBRzjA$|`Ur_R@QREv9gDY-4hk9d5z<|t>8iYU`CU2R2}0WVz$^D!8H%og zujyzW2V1naEZk`M(NJ*WlOlp`o|-_It`yCS?um-z(=2uwEfeIzFD>HIjX`cLo=m23H zcXZbD+3EPP`_~C&*p#_WwGe!8G_#m~stTjWyjs;H@+Fkex6XGhZ zEHm_YpeNuHOYfMqpK02kisEZcs5!+sQ6PiqlrdH1O+~2^UV3>TZ$L~p;wLZ@Jr%>o zWt?<2oNw1avJo{^L;N19Y2rfHBs7sED41QqB%eOoK*Hi)Vq&^>&WT>1Oi$lD$$*Td zz0vJ7aUzCcbb>-AMyo=**1Dq6+*I%Gc6S?H^)cIW>A}?_;8R}hFsqJ`RSa8>au>TC z>%iV`yNa)U1SkheEqmdq{WUAh*A*1Z_ov@1Eo)yd22PZm;@6okW+a@)k^yV$^CZLq zH@q#f*RrV18>%c-Q>%Tl``12SgJ)r17QrM<`W)UPl*-E*4Cw_8?>O6)Q)4ule0S}t+0e8jvdz}Xa2L;JLNlyd zE_91_wSS+=eRz5`mLodRB50A*?rE(vpt(-&?smQKinG-ajM3X?I5xy2IQ3L*)wtSm zka?>nJhWW2Gn07G(QZZlPUpdbX3;hnZebyT(KR)(J>W_8Aup z_w}vH<>Pb7PQh2$TE!#zFQnbycHmxj#eF~+;=jgX?JlK z)a@9X^tIla&6|@261rc!4CpLp4DFu6`l~)|_ADXlaJaYQvSQ^HW~pC~n1wv85(c00 zzoRqgKr~)1tgwQ6rGFZRN7jKCy0Ar~(%ZaMxL_?|tP68z+4qD^5jCZfo$(I-Cg{=`(M_Cfcm}^th^$Gw+M$Z|r6M%Bs~n zja$?UVs6+L4CsDf2jgxQXyyu^UWAc)OGb zXoa`-P`X?8BLLOnb|%lJ0|KxPqIsl#%y2*Yo9w*(ItwyAh&9oh59H`8sg>*5hYV1U zs6z_v_1z&HEJo`HNiy_FnhJX|4J{Eq#EQAe8)-Cz;&Y6mlY+RO#3k;|mrj)&kb)sk ztqe3;6`xl!KB+e&aIFp>rG)+}LPr+iGlEO=H`(ZCj1)#x{0v*YCXN+)i^a-HVb0fF2fjUjW}LS>SVPchZtX|>9(_#Etu(aN{jfI40~V8SS-huQWoGR!YqHCQg!*fd5?BFz~B!s~g)a!r@@NvWy#h z)ySsj>W(chVt9<6do%8tds8xHC?yNv4hx&zvV9FFRaL8c%A~_23&Wj!~J%4_sN+2qKo1*ZXNiEq|>vn9r=*bjo}$d=rMrHTY4!*&H$` zn~X~@6tEhkb0taxQ?bT>@EiS7FsgFUsgR@m+-9|9k=<0qIvWi%S5?y{nnS4?qe~&< zl*VSD#oq#9)-wuCIDoI)Zn30_InxXQ{*)GvPZ?k#5>QOP(_uN|nk3EFKwwN3p%W7f z`la6D$JuO?tR>jJE2Y%RMzGuJvD6Bs5J4N;T5n@k)a^@U%I6&Bw*}jS;Jj=ns)sID zV8BtJ^qIH1O8<*(=x)Gxa@$f#*qwaYGj1F3W}!Ue74q`7^zMx3;#JX#U*rWtu zxyWQ%xZ2C8cpX_6rGuOgoZV&LO$4;C#qwHNGMXDKXMA6s9ZGM~nl2PHUri}MiVe3O zH^yzmfXUa5S0W_P;@nU;3goxC8r8M3abYZ(BxlWCd7Miy%JN#?kRUE~H*o;Wqn4C7 zI!CYdz)FTNxlgdBU~^Wkkt~o#w?V}T(E`WnsCMBCskfk(>N6%}6qg@!dPk0yEgn=~ z&dqdIkSP6ep&3Dk zHk+NsbF_n9`qVdqa#B?<1O&JGd&hV9FZe^)$rxb?8ZCa_S3IhTw6Y9%fqGXzhW>V6 z-LFq~fwyFGfkj;~bN$`PkGAB~6|WBiiT;~E)m;4mt6{etPwDDw^VQ zk7{w$Sda*r>Ectq!z$1!gS zro|$3Xq1K%zTyD2?97GX&}zmkZ1HTdIHK}F6YfsL;WKL6M6aI+MI<;PKylfV-skg8 zTdHdsc%a{Tv-5R7SM4Dxi`{DOXnBHlgayGBRwAlYJ`pE4FJA2VC33wHo`!s4xsJmp zXE&@C8#d6to3n@7Ip}<>J%iOFhqM20B@2kXzB@PHy25-eeu4+Rs#l^G_D9q%1nkm$ zZGh^xdVXSt8-?lKa& z@?;pKFO~jU`;!T?#YEd%bdaErwjPZZTzQdhqHQbLQfUDO#640MS004eoGN9YVyF|O z-y8^>k+SLBdGV|RYB?ndN|cMaSTO9oPW$C_&MT3|7DQ?bTd$V}Q`RyEgouu43h{

-5-pwed%ou@UM;MvPC%Mf+Q65 z8HFCG>FcZZrp{CLeY0SDpcIunVP@v=Bsb@c)bbnLE&we? zyoM!NVw2k%j~GdaWP^-QhYcw0w^}X8f;q&V+?_l89_xZcG2W~UbQ~F*Mxr%oh+wnI4t)~ z)bn;=aS5Ai;=Z;`w8LI;SJrircwSuQdG48OMw9ff{-(W$DHmt8c@(XvHScm}qq9ioYhWD_>SbS^{8JzmYmx zX3aDAa8LM2X~VqFoo&%UxZsL`8jBgy_6&(Du_~c2LhjOjs0bs&k=HmCzQj z?OG!o&g!$VNj^*J@NZFH?75-+taIQ(r5#_8DSuSgLOn!&P4_$c+&0d?yiUIk?p)u78SeuBrEG}+*S{v|;N8XSsSYkhE1Q6Os&jF9cYDZ6 zFkBOOh>QFAc0~~jUxw2AYnv~|Hb;UO6jA)s#Gzqn);;#odZb}C-Bx8!6|}$b2Ik?5 z_1}d#CvkXh=dai7_Bcgi#d2hHY1^5{3IARXf#$q)9LK2=mDPA9JQqM^QG6bEU(BP; zB!-^)-XgXyH9dM;){d*+XxYuP^#DK9A;@Ghp56Eum!LRoE^m$PR?&s%l<~M^FfBM1 z0DF%})w7uJ`-4wwIYat=ZF^EW9mRGJdTVnyQ<&Azhmq0RHTI;#p zN%zIQEJ$mAvoNYGJ@Si%q=K=*9DH0u^j6O$mJM>y4BXkdd}X43bPN7Ruig{=6YdRv?kUOb1gCp<;Ww(lI2rK|)f} zhJcda9Z0g_3mO^O576kH61F|XTs@YG@qbb_uL(#;Tu(^!)Lq?Igdr| znta;!^^x=!Om~*z0WJi)2lskUrP*{Z3>+O%wLg#x@tH+M(nhzY(TEmNk&G$c(qrfC ze$eP(s*+>>{WSDpT-NS%$fr|lViN365%(keDTUUuRu`M7 z2Ohxq&4)HZGO7m7j~8bRmXNA>0KlOM&y~GS729rP6INL9G**jFeZK$^TTQb81mfnk zWSEq|dT4u+dA`DNg+%67B+YQFUDx{(XCfY52VE5~+zMieN{fH0Qco!KV&E8ZEtZq{ z>RM?^JUqmgZfMBtBswtBa@6>XKmYoV>2&DP<-Lf(~YX-9+7T zEZ5j-jA3&i^7?6c!P7isP1~52h8Nr2zdp-oI)Ua@rD~&7!0)q~n`D>Q?lADBE%Yg! z3+(ER#y$0yR7|n!%V>h_dru$c;Z~vj-$$xlmD)>}IBZI;>O;t}kqk>Le1+O#Nee*c zD}{kNdS|Jgo51*(A>aA~ork~>aiBBtR6Q??qm!?O9Zq=Y2{B1b-SRNBod<)c!xml7 zJeWE;oIY%H=cC1W0Q+xD^afYGc?j@&|qK7Y|$R7418a;Nrr0z4x^t#or83Q-yObMRvySVcfXOti` z0uqnV#2w)bKFYh6$CX|(qqRW3i1U?3J7Dcx&_ymSPyFpS8Pok@Rybze?|H`Cn;vR! zcp5oxyqmO~tzw;uQhQjxg3;K5vHysqF80BKEgN5a9nbZwu5FYe4>EQJaucZFR!R#b z_9&Eq&Tvch>;03e!yUDz70xdn&Wn8C?2W?Sa$NmsdF%b5yi)+*yOE)SMEhGyNAT!M|7F9WD z%i3}$Y^I%=L>+>=2R@#Ax@Kh)m|48+s;Bw+{_v=2&$A|gPFMo3J!AM+KG!sia z*8B2OMzhjY?=cr7U7khWPVlyOXsSYw!IymZd5WJ{u&;r!P$`nfH6S{JYJqAs`^bt1 z=L;VGB93{>2fE4%HDxHax8wxs-;&j4Co-jKmGuhcTTOquJi|9T(bUwF13dPP5#unp zaePTSEOtLOgpX6mxt6PSsATkIwY%kFdEsy*Q+GZzC~ci^w9XtmyuEolpVQl#sZAd3 zKLvmGd9U2w+K{CtgY{3Pi_pOQV-+{n$Zh(p_ESSFEXwXc!UTf3f$3{!JVEZ7tv3#t z1x)b$Sg^6bGaed2>|VGYDw@wgLmSm%-Jjh>)S~Z~%lfw=#42UeeesO55DOX?h+B z$U`ANH=HbnTL|Xyyt!yT>#BB!ix|&N22uKqO5s`R78WWFRxYPs*HZ1c4A_5R)}N7L zF(Y_-wFwL{H+DW78ID_Dw|u(BHzk`Ue?OFJv&ALkIweU%gvJ<6ls@4|cjE1r=s+Pa znKJMMsGtg?A8y`Zn`KGJs8x=(Ap@MH+2yEq)C27-V~!lKOPFg~iTl9}l2(yZe%(cK zmq-N9$WCWVsR4V~TXQAo^`R9MXy5y2YSznID&2@fA=Rq%NQp+y(M@_#qsU$YcKVO% z_6-b)AL^5*4h({%q$-hOVw%#Mx4lsvN;Om$Xa|LJoufb5FqoE4Pd!B7c(AvOvo}r; z!HIC{UrRatW^O`0S<>3Sb+e2?Q8U#uTlHVxkUAIIcUJ)?Nt=}0io3PAxC}t?Vd@v$ zaDWCcQ-Y*;dQR{2DvZY4bJlzn@-H;$sd-+0Co%WWAuMkL)v8p~h*w6-FMdg&r<15n zw2&49tuU+Q%7auy^GHK_RuO{OR9qRZMXX`D7aw7v zH~-6o9pNPtqPLVD7Sxr<3;TVbdgjqg9a;)3zDZX527l=nom^yl~{fK@u4H*`);?yw?b1G;U3k^w_Nh)!$;#uR)yMTk3`Mj zr3@Hs%INeLp93fr61A4=7w&s{Wmqcx)dtJ_`}Nn|lU+$yoBh4{dKcXb!`rA6l8@sD z#9fj$o(yt!gQE#5w(J{qh9)HC!(P`t?}r(v!As?d?AW0R{!j>|Y)i3&36C{9{qhVD z{%Pp>DtDuU$#zIVA2D_1QfYRPK)G8Vu+YD3Ns+KSSdRjnqwPX_{{XlBiJkVXowZQ_ z%4!Pf=if(Te3QsZ{26S^A+V3uf5d+p$;T>HPznR81&heEy5D@RfM4fNeiSOjEY_=+ z94C|=LfVtPN)IygdDLflfyXbDD|p$9kKMi9s}pI}lD$BlLY_jMLZAB1A#U=Hly1^N zMbG?Fp+(J*v$%Qi`>TAMA=h@>s>JbPrA&^fEE@S+_1|s-d>sw6aEvf&MtGlrtdE+bvjbtqRW?35V1btO} z4{<9W+&+2gT4KJ=wkz$n>nvmm_`pK<@&Q-I51Uz>>y}9CF-v5Tp=WsP2 z0oH7bs5I&z_Hk>fBsy*T)Z5N}0V;rd@NUd>0*k|Z-C$JzN$*4fQhA8 zby4oaVWV3>ZbLnVY)0-UvQuexi^WRe??ubxG_4cSQ^Dvoc&Y+xVcuSwie-N^ zo2>J+(+O7mm)FVjmEh;QoE3X; zBAsQA{!~U76T_>+8HXjFk}slbV=vPBlau0)K2grPmfasr*6s615PWyl>xCQWL2_Q_ zr&hLV`Cu$yI0-o&WBBpb^GSQ2)9@EkD}K>gzL|qE-U^G2*5XmSvLDBdsJD#MN1PP5 zFjae+NOfxLp;n(J`}Xid;yApeIeR!+>-SVv(H7!l#fAiW#n4QjMno?@6aUuuWpfyq zM}M!^frI#hA@a#;NJ$i0xS!7kRo3+vdiA+Ti`PH&q;ttE_J8tem#~TKn$z}>(&_W!d;P^b4VJo?WLw&%WOULp^0&$|m0|3F zBv23dqcykO$D`Y>;|qrX{A?oVFELXY$BM(Jy?>59h3tRuPZ&@bXvWPq5dNXnF34uHp8MgAZpa3q zI!s(|#1C)^x*U?yJ8wN;t_i(-f0pNbI}ef8J3FABO;cV?C#Y}L9vd8$_5)iVW>`=SGNKlWmp63dQ3y^4%C!Yz^Clw$j@ZcwtqKxJeaGrvT%?O2gBi(u9Gj6Ys(_z&oz}rVHT;63S0QqK(@1)=c14a zY8l@SSIxl|qxx+5a2;EeYIlVk=T1phO~(Q@nt0k3Ev7iCT9(?ddJ97@U6-YH;!*6O zD@P-oOl^;kb$FQ*(#F6jJ;b*<9rrsOqH6nqWmc2;IH@r{HHpX158V811bmst44Gl` zIG5^;m4Ez|Ek*rech6Kk$_$!)w_1!sMl=13x7=a!d`GmV*I*4Cy5lisKBp+IJ(99D zv0XIj?G67ua+qUzu=7L#qQ7_55}UykztJe!(UKsR6>q(W58yVVAII;m1ti>8+0Z+ahy&rLWbz{C&TloYHnTPV|neR^L+L>in zs;uf~W%{E4UIYvysalfMQpKRN=TEXQh@<UY=SJiLxfdW9?{7F%(xJrij*&=5 zcFrJia3)Cxi8$L?$0`}*zkDrEKAF8EahbB2BWR)Fy=Ak4+c;49dFIywrB)C%utTh( z$_#$n5ZIeTDO=b_83(OI3Xo5DB|kWMICwem9j6k74fD)=+KDEKR7 zu;4_VlU`S-2YuG-$l2ZFTmyQ$Mc|Sku1;^~4EN{UIvAi}6t4N9zIW`r-FZ?)2YB17 zsk)>UySq-AZqqQh@=yy5Caj_0trE>Q5Z^i7{v~7-tB2f@kJ^^kk=@K&julF3`5ass zb`yn2p-NLe8rR?twanwlyip|@xlfXUoUVd7!S;I5)i?q_ijYPwx6he*%2uu`TA&#; zHjFs+u%kxMqU9WLO1v_W>l)AXdu$Y&qP-)pf>*ES`t=a~_S(Xxq#5_!1I+XJ;biI~ zRC(n>u}aXyC98r-rlV>p=Gmg@bc3S&O<}~*uI$G+XGQgT*OJoN3JX&S(@~G}IR*#> zG+5(D)y?8e{ehk2<$*ZKk9J51v|@Z35nf`1ds)SE32>=qZxBJgzr|!v`n=QN`r&&5 zH)+Ch$zLf!+P&^~l5Gv$?s@8YocsIE;9-9zi#G-Tkay9G4ih$P2jN?XEG#rRou56U z{Vm1aIn}P+Ui|3#i5*~6JVvt7Uq7mddXA59+Y0#6HX(at8O2czaNua=(5#HcP~c{c z-AQ5D4+|sr{Az%*BsQTXMk377<8$SYAqDxP{aosvSJQr%uF^a<-Q(@sa7SI+GhY&- z-~^JdAt;|dx)Ahh*@;%S&iY)cnzJCR{qlT?EN}`uN4(;xKjhB>+M9xQEDthYOW`hr z00bP?Bvqs$aF|D%eOdeIm3t!ms~2i*70zKQ|h@q%96WP{q0+jpl{tbyU>}?p1q%AS7-H{j)YD$i=&1#8K8zRMNONk zdg@M*zE4g{r7LX@=by9$UOdZbpV7i^;}S0h+#@K|IsB6n;wKbCFYU<$)E$OgBbp=C zbtyomkw+RW0TOv0ulLB;+aAH1A=obGl8f`2-1Kmn#F=?Oj42)daD=O|M*3C}fx;`R z*_4vT0Ap_2$!T?IgBC%>bG}rgSRgdO(X8`# zT%QlG!F<_k()=``AjmD(>fBjxk8rA`lf!5 z*?LjP{HebanhdRir%-Lq=iw*)C6GBwr9?eu!1!cx{n*|r)nOkqQ?E6aM8*b*4c2IL zsotu{n5EzKk2Mq4*lH#hH4qY#h``zv?iLa4F?#ZF?(p>$eTqIL4hQ;amF-0S+!t-W zJ6e`T4#}qKH{;G#$}iW-NCh=l_4IYIlscN(@QqYpI?>}ExJM@Flfj|28b0Val@g>y znvYDXu$gj1V^uO{X}gv~kE1m~Uk8SyRkrzmZ9fVB=9F13F=aQZ;Q}4^fSQ7j$uCEO zbo`zu2@`gXD!+^#JTQ+)CxCWabdtO-K2rmUWT#LF)M!AGaFk)U9i&@n>Yr;gv7l8L z;2!rW^~w#KNSuS!w-3}7*LPXuYfR<3xJ*CzuO`nUcCMqfzdPBgDwFsC$>Hj+a&2Lp9x^~~4E&Ytc0 zVcXdjaLuMNIdL{vZw|W}zsQv^7L#h_)K0gsa~ zVJmk<`4>4>$Kh^Q#oAl&mUci7Tb@t0a@qSJS$w_Csz}QplADn_9`GOR$W^}(R7}W| z1)J;x_l{wS7-F-LS}cMz5_cHErV9Y-weo7;PiagB8J2>8Qp4-G9=yDDkY67r~7p%NwT{^_$eJ{Hr4TZyIWW%*tk6=wqCnz z(3#3yzh=7Fn^sA=lG#Tl!wUMn_q_^6QU%W%ACAPtnN~g`_l+cjmdW-ICtftJaH;?m z)=T`thiPt0Cr8Q*>*vf`qvHrrHddqTjuqB4>)tVd9kO*T+tka8Ixd9!%kWirOJdkw zMd{@htV^JDAIka5NrH0d)i+iG1XZd`T{U^cCkDZ7@?zu!R{*I{cI;uhM!Hpo%^fEj zeD$7E{7Bc)>Y}hlu)2j?Nu+T+Un(Pa+3cP`r!1u$)GM{fsJVNHS=OBOz=tQ|N^H^7 z@QnO2)4Vu}GMe5<`?xGhwfxcZDk5|mLL@pa{jG|R50oDk#H~KDaJCq%)CURlkdJ zp3q%l{St10gtE@&U5|>-+e-x{`JsyBq`tJ3Zbu(r3zn>cvj0KO0f@G;{W4XW+AvTq zIFM8nSde;sB?_LryuK)$m^&&lbyO~*J(hj4;7*{%J4?+5^~~o8?olAa^sQP}T(6YT zAI)0ZXkQWDtg3zHHcHlfZ3k#)M+r%~3|h91c?|^M{MEXSxi79Z%grKLp-y2TTfqc+ zpFl5YQU>T{f^EXtNT7RLNn6Zjn#1@k_TZ5mRSo(EgQ^o}%h~t<>t&Fr?K!S2Ys@_K zOoN1{0~)mO*MAp&#WtQkl93; zZEh?Cc9hSZuRxva524oXiGH~Wd9sr3E|ymXn&8%W4%Eg0f7g8$qN2&9X;A;Cb>(nP zO4L>tYYV)--48)J9o$;*#wnMWc9|p? z+cM_U&AZ>jvNQ~YbKP47-YI4MJS+aajze|-Xc9ysYca^wD{_Ifu z=5Y|go`dJ#I|i0D$xBQUKs*8%L+>K9Cgb^C@9GwpJtHV*8nYHv?LYRznV&V5NPn7u zS!vB)erW1eXt1(nMc#CN-JC1Qy_l%^P6KjD~yiEVM=iqf39RVDq|Hfso8n*{1p=XJguGn8EbJiPUTiHkYaS0DQA~4nXB8w zrawCBa7>=BOq>)G3TWLCr>Tu|JX=~3Z}H>JzQnsy_j%r43=!d1a=^y!Uq77CHHjQW zu9wE@yBSDEU(F{Ndg1SUT5GY-4Jp9feYyFXd+zn#BjL$*Bu)Q*1tX|3Iq(FD3?mYIRx-zAmz_eIU28}{?@ zhuAQvn1~E^X}cK}9Cp|Nu?IRUT5qKTnn6GXB_s^P$eyWK2EXSPF^jI>pS#-6Hu-;Ug7wcFbIf?(yYh>Or;-T? z%M?bPJh;1F{7lD~Tacs$%@q@yAax+#sxBcGYG^`&Ejv`e_?Bv!{1XJQ(Y25bx5(qg zy2XgtM!`(1QC z=oT&iPyFtS-%kzf?=2sNv|$nZ_BggotaZ9Sp+l-bfBMnmr@Xf2w_ILHVN4a+9T?(+ zZs0PW(ImHyu24sp&h=dev_}OUwD#*i6Q6#rU;iO5;6C0fwwYbMDLWoi(hl1!bCZ>D zYdZX$h~?Tim*lJ^|KJjDW!X@(JEx-zv8;e5SFe>hvw)nh^e<|a!8f!E1QaX(+nzKp zgZAolsSSDVfc*br0YGasoc!Q&Sy4zP_3pDV^v=!B<{kkT8r}XE`ruOvzX2t??O05c zO*Krjwpm#Oa*$w^$aV4 zgN)q<4GW|auNeGHUUoI6_kWV?KOvKq`p9z4-w-V2tHYc#Hj2nM8{r=t4?}Bls-T&k zO|qlc$d(Mq18WPX2&%j!P5*TpK;3x~A#!H`!QNLu-kv>AN}cTPxHW0{tMPinTEu^i zcD(e5xYK80i_%5AMkaReE9i_)`$W1QI{9TyUpXpnwXw9=jTL{tw+WF~)a#gyYz{?1 zzSJt5OZj1@v(UrTIfeiJ*E?}@LVhy3ovuj)0euPotV@8Gqd5Hf?d9FZYsSw0h4tV^ z_=1)eCSg7VZhzQm+sQ==LBuR;Hx#2>L*=yp;%?Ho&WCUpPcO6{(cN}Z09`%u>H6-59QyN!-U>(9v9rTYs$en2{t?ZakMFgz^gUg`k*{8Hz4oLbd>Pd=gB zoXpv1Bh(j+;#O?eJnOo0o5HNOg+{I3PAQ$iJ)J==UOJfoQl)xX<0xV*kjV&ztTibB zgm#LhN+s!&6!Va(54-FeTkQgWPfkwMPOq+jmB!Dh4X=9O3ES)aWWQG|B}O%x%m|#7 z`M>kMmlpsLXSt7jeAEj04D*$D-wMRz$QK#`Bz_?wm&?pX2bjv|&C_$e7N9+Qk7W;4 zat4qxGN1mozSFwd_^L{zW;KnM0<6CG17Iha(%8;+f@0W=t5L} zR|MIh{GEX!iAJ+B6~JryquijrD{ycB@rTz2Ps)M@e$h$d-|Z4F5Xf2c7s_M__jNvw zpAmywtD3ECu8puUGT<87#Uq)Vo{@lEhFZ9g&0IE-)A?NH@q9(x7Ple6Z+wcPsbpa& zJ}~J*YTP@4s4}%`XhS9!7SLTRWYhlYXFRW;g_)G4Z7{2yLr>w07g>UCAC%g z0AK;mz30jPTnS&6xx=3;6Z+aoAo2FL5K2PHy5ZGDOsio4mSS-E0CSj})me}$9F`om zz7nipy0tZB2DBn&9D{3O&1Q(Z6vf2MiX13?KOr0blV+WL>h4az{qDmn=!St)ve_&g zK5sE!E?}k6Q2mnb-L)xt%LW=Ii6f6J0JgMcuS;*-?>nIK=+%-^+H|e}iFisPO$-kD ze?61`_2Z82g>T-=HPCsNp$^*y96EoAw;PEszq|TlrvYqvIpv49a^T%c;uu3+&F)ZuYpeKA@) z-iR~6Be(B(ZWpBQxaQRFO^M(0?00MWbr9(k$VJ$*A_iguAmIwD3$!I}vx9-}6wwdQ z-aootp4*I7G05MHDcSyDCyGgbo>z53B|^!ooVxu+c}uXj)^amfBFQGyA`h(Pju#rf z2gTP?K>}4QX{!}JW3!aqB~@Ha>;A$mdrOQYLpAS?S8H9N7Qgq!DaVuEL~_=#2xE}S zG$MV6gv-T-(=m1;ZN-WcQ#`)hPyXd!yd-kItmX@;tTr1vbF78_09o-WnHOm7mm~Lk zjgwVToXD=WTyDg8Z8NJ=WOF5=U3CP4)N((!Qq1m6r+$HiFMEYqh07FSiLm+ouCN_m zu8J6CcwF6tHJ@J??P6!$${^DkVx(L2opeV3?HLIan{+xdYt&iP*1Z?+X){9Wj3)#c z8|=)ZePJ@V>c2|;0uYV@?5R?b%hUlJeM~cYH?+stAd5&IfSkNKK6iGeS`xXzrpX87b|oSE381PO z;$0tyF|XdkQ}pxhQ=)76_lFYIC{v8vQMvo>1O)$(ho(Fcw0O&CNz3PVr3a$X3WLAJ z7bQb=>t}0743kkGkrbSAex|dZtM;+z_YL}#NH!fD_6CIk=-Mi?zrVLjGvB^@_x|vQ zgucen{H#=_A)J*9h$UwJu{@0M#m6!-cE6uIfW3=XcHUUL0cGHwDz0ugmC*^`X+PVH2Fs*9JU2 zsErQ*9PUvF1@%fp5Z8FIO;?fUlmAh~qHY6t+&|WFA^oZJ4fdi_n7;GR>Q9UF2S7ia zH=2;iFsW}kT7MKud*AhTjcC3)XaW;#*qm~E_!`Uk{`3buF-x`>CyrfXR$v+OA@7S& zFvuc|eu;&io&9$ziUn!s)*B6ig7yN=mH?avW~ zj+6QU3377HXx4T?D>Ai`fqaxJ*d6NRpBc!gO-Q)MON$XFF{Q<}F};yRJB~l#MNSH38y0KPnOTWw9o-a>NB=kMRd<1e>lW&WYsbq}tG)Ee5;+XfE=r+YVok z?vAZxSL*HZ;())y))nP9^}1!wX{^GUDB%Q*<8s#7)`>LghrsGqh(Ub4v(LNXWvYw3 z%;E9IuImAL?_=b)fiEr-npD4jiC&^HNVTMoO~+?hro~T?624TqBp)Cizc#J3J_m?b zI@^gCyRz`Tyo9xK$79-b-TeY$Hrt3^?q%#;OT-+{9+pTw??F_vCZ)Scx~Eov`1^|% zzs}*hP{vUH#xx`}qdPW@h6LZsEr?dPMqz%|2RO*Aa@Kz`_$SEp+WF`y>qN9b7MW%0 zuum&@pr>u}&+967P<%B!4&2`f>%>?tFHxHT=1mNFtpYkWO?1K7>BUgZiP?9{HG;7_ zMob5cwffsXR{xHeymUqThiod<`%kPnbBn_PQuav|E1 z$I>R|3;ZKUAA^!Z>5q_0nw#s7;ECOeiFHH*hoFEJh=Yl4Mw*-L4@nwIDU9jqc1B7{ zsS+x25%}rbmv8kpZw}wtTwE^5)1+nJ4%`w~P4*{WCoGpZ9xzWTs0}`6k3$g>*Pfsf zaSCR6Tm(ejwiu7`EeugU?6)_a*-sUBZms>Lnmu!vButLn+$_zQYc1_uvsE-~sStO- z<2rBoHnG-Z^DgOr>#g)qw>{x`P>u%*yj2#@{e@Amhe z;7SBUincg;c_zn4#bzUeI zt3nH2J74!W^*VjYg$xipH+KgtClHf-9EWz6^_J_Y>{Hn^evojR18Ml{Mxm~j(l4;4 zJW-IxTbJ8?Oy=XRUha>71URcpTvFzUg!CKicBfiXz65-Hh9(!08;j|KJvjl+%wng8 z)$hVlUCv2_U{T}m&sLIWi8Pyoaj#S^6P(oYf|9P3oX-?TVb9KIPU#fa4NtUlYyn-1N(o^VlVNA|Ir^0M$d*+f;`c*$THTKhKx zlkXQabLZL<>>lB(LX1jkzoRiSZuR5Y6p8f3(5PIT&@rnb2h$$`LsozWgRs9dN`x|Mckj@QQjp zc&ZAW;sF^06&!hJU@Vce5Y`T0E=4tAx6e3h1M&-Q&*z0MuPEUDTI6dqz}1yCX?}{w zh9f#6-y2Js9mSw2b~#(I!s)?(rC+RUj9PcTKdr$AjFYV{E$`u3*|J|Ug)cJKJLro> z823YBe!;7d?Jrr{Sn8>#ZMil*gB3L*@V}MIeZjj_8&y~uPuk0LdZpE-aDcU4Lhgu&d-Xhl$TUe&HA)34}R<6qyk({PdQLX|X9 z+}6|xam&8F(1xn0D~4iH?a1dR9Z#i6wD_IqmUT%>r)_N85yEb<`t)!;dv?*O)C)SeA2`GI|LIK3tl$#yqX&>RbKEmQpCi}b1K$SDa-<_ zp6>~sH+!bnx4*x%5=gaEbTTYg?ymV6K-fWFnz#%EUyM9#deYIRYA$@6v^OCRjiv3f znh_wdJMZ++I5bT6DEHA-9KXQ!gNv|-y84tzt4-5ovyp9xoBY8~+e1x-tPnl9=;4U% zkBT*S8Dx_8!@S1Rb{oA>>}Vu}Kx1P3sOqRwHziwYv2Vo%T{?x&TdTZ-YxOKtD+i5I zdLq@NhcBTPVz=ik>ZUo$Z+X4H!h8#$efR3sG6D&Vq9?Cv2M85tIU)f&sFP?_Q<=C4 z{Kb+-&=|A|3>xJ|p{x%_HeH`Igq48v`3jlzd8??#+M-D7ou|_0&1osk(eBzIu$2#g z1g!jFg6hGchHE2dgT*Q>iEy3zi%`tAtob)J_-=)7a?7nwX@v1NljKcpDw<`rm?`Do z;*{L?ZY59=f`VcYyfbIjU~&jB%SYg`4=LF^|59@OIk3eN?bED&4Bms?d16nf-Pmi7 z$|?46y2pQJev@&9%_C$qs($l;H{SWW?mqHx;`0Zge)IiNv7j=O`gaTj9;0J5$)1G< z!ag&!Kzs*~$JA9Aa1pFlhl5;d9g(G$t_s8R!JfyBS=4YVT?K;tT%%Nhv9j`4<~!SK+g z?DjDsqw%bf6VQ`rPYCWN-AT2mTqr!#3p>T;Y2_jP@}<+gKB-XV`gbs7q|bYYkV(lv ziZ~vgo(m-1zGKU8r5dJiXfB*YN|&#OcsKWJ9QG6Qsz>D8oKAZQ4fP;E)ldb$7Aq2t zOKqDVE+Lc7ZKiwvTFmlGjlb^`oWvJOtZvvna&9oOYNaz&$(mnKq`3M^_~@x3An|Pz zZWhBWk<0O4zFStQv{X;GR8^t$gEIheGrAVjg|^)3nOfAGl!w7^`$r49J6_}-q~Ew} zoL_8otXiWO9+S)QW>-}!2}H~IK)TSVNdX8~Q&5fGE7M~L1oc-*9-nyyN1{=T<}$p! z+2W#K;JKlPo3i(cM0DAxMEcGbk)eD$>|W2b3Ys5iY+q@O-`}7luC5EMubm6x?02`cQ2QDnvaZCI`}?XzEc#O%&5#*ns{;&IyTHKMjsV)Vw5 z7gm#zuE>M){gljd&K81$*pKrbrmo#iMs|L^-^lzsle;7P;&+B9*`)C0OxQQYJcg_p z_EKB=QJaqn@h6N4FXws1@(7`cSYCMuy;iJQmRhQxl60N$t2G!$k=x`OZq&LuS4v^9 zd2Q9jWMsZU_X=~2OU?B zlD{texH1?RH_NgrfiCdXELFSc74v#t+Lc|gIVh6$?wMyYEF9H>Eck@IBTG(s-M%VO zW{AwgzIMxVeN0g#Vyk`0N}rsAyPaOegL-4fXQF#4`W*hg#Q z%Cq=QpC%f7z4LJX6!DQP3A~-xM6Awt@&XeDr`eqqx}mhcYzLiWw&+*bH11#cte@4v zCA$+$&&VYn5ytA-sO@in4z;nO`m*(}`=O_#cAW_FBGWu+>B>P9Wsu_CaV7*Zqlz`+ zn?ixa^4%n$z`7`!NAc%Rg((5tU#gP>Gpte(}#D^2X1}15}qf=b_q&g z`a7?xGm|1Eh1Y+{Ul>>HBYT94@DAR@5igWuxl?Er?w$*dUqyxodq^OMC_xCbz1_x;BCvxF|@jah6s*H+zFN^NRz^+#Wtx+YjMW+0c8c5)m(L%EW-DnZ`0ueE6bE zVCl5~-LPx>X&4;=gTnpS}mfx!r(w=>|(>MLrg9C=Fi5|$lF6A0+q5=J#Bch$UUo=3bT7({?j z{G#@wlkq?qb@6}o_0(ZeZcmd+NwbKgAl;yXFwb-d9HF>&SR{T^gPv#nRP44?r7WAxdJ zSD9mN>pIz*bksGPJTi0NVFb0@RrM$vg@$*)8e1sxvx?1XO7k?VS5~nt=bN4cjWZs^ zMfDK($mr!8L6gj(?Na-Zkm}KwV#?zl@kMIX$y^UiN3Wl9Y`7S;*}h?~voA|1&}}J^ zymia$sT~nEAFC&?qoezvz)s7vu3j7}JT!8B&>%*iu-@+_HnBHfB~@Q}Gw7gYs^6EIBGLFmQ-}S>Kb-{tDNA+AyT1_;Spk zN$awLWP|;xwJt+=7iEL+?MVDF{=iO$)5?m$Ui5_*0K~MIw6Swi3qTn`Gi}n$cwE=n&zbI9m~cgy`(q9aUjPVe+gG~@LYHPB9LtORZkVX$L3gNvUgo_YwG4# zNZL?*WQ9{j1+Hy~iys`)kXe>$gjKa&TS^?iXRV%ZJQn7I_1ob9Ok{9o{Fu&-pWV%;o7Kl!@cvtv}kdLL}RRV5cVeF+- zF?~@@=i!)Brz1;*O6mNID>3)l`m}M_(>~r|^AL_^(Xvgn&n<_h5W%$x1Sg`A0DIJU z|JXo#pW6tOg3X*o8#~~xt97a zc74&bQFkHi!@Y3o=on9yd>1d;1>0C4%b%239J^ypT#CYLOt@$3;NP(!53|b&^ z2-J^_FMjl?!)QG;pU+)dNJKe9m!^A2HCI|*h4ErvkVQ3l&Lj7@V*a}ftw$&~R*{BD zf6D%onsz0g=tVY!4lNLDxKtd&$HHB1n<1tCLrciRX=rF#r)%<+XH(@S@7%-oc^aKr zui1FC0~+i51&<@Mk^GJF=d&uU2B5bfu*jVI#u7TrP{f}aSH#c-;z=2uHx z=cb&j(*rbiU6pybeYy@Yb6es*ki30R)8)W1UjQdf!jXGx)k~iZhf8&=ybEjkL{ky= z11l+G&1^~1%ewvpO%FxBNJhYfw%f_q9uyk*1>NTh*3yqm-8eYvB}mEh_L2tgb{ezJ zshc@F_%;CEc#>TThMhZXw^wJQ``C_%@u@w^bXzC=;!C?{1TWhw41i;2mYQ2^mf8$8 zT1jVaD3T2A`QD8$O-mxO(Y3%-GA6^!~M3$4ZJbLX`y%`@%6Yz%RJw~tPggV z8s&2p6qHb@{BX@92?QQctTeT!!lm~^}?&8_mTl6Zp;WG=+AuIqVPbsXK~ zwLRJ*X?B{(XSM%HsT?)uSXQ|MgEsGJjMBD7%+WSjmU#Gbz#{ElWoj~RoGt|v^y3dW z{EIR#qf|V}&la2w;lZB}hBKYKz{!))qNzJIdq`PRHQ#}WCAdV)Eo_>SALtUd3}-c) zDBtVB@+c*4P)NZtAYi`N4?w(Kq*(i$yE!ff#$N~kxjv)_h_S6yD> z>(Y&!;ZCRTd=Pd$-_1F1ee3}yR6z)CC;XA^WhN1QapNFIOY$|942O72kS#lDmZ!*B z07(;RTu%S~SP0iF^i*h>?NZsmvroLM^?D>HJ2ei`OnZq5la#cy=%sA_E^m5If-TO8 z2PS;Z+pS@e^S9jI*;uh?k+K*Lcrn?CkS;P-qe*dYOj9V1h0T_NSQ(1+CyZTLSb6Oo z9TE!=lA0EJoX!Y5BX(A_RL$eFh0k-%9-7xvOD3?C*a-G^KA>GaTMTHqoaDhuq4JlD zK~Jx^(rTbSsgm>dTN$!$JLBH%pImUYWz2Z?mB!#@M(CxRw>|h!fY;~?E1PQ{C-K4q zh`e{W*S?FJ&Lh_^ie?WAQ8STthl^{f2fz!INVOF5WkF89_K(IEC~|p@PmlR zd5veQ)r4Dkq9dF6%-Yh!)8a!847fB=f_%Bdf7ZA^B#$)IQaaRPY1q#Lly$+u_`tz~ zk7p6odDfd*H8raDG8R6aL67jo2~djxc%7!bg{nMi(bRBtX_W1moiwkGeG^a)H zyEC(dPc66WM0L5w+)b~yIP}Uq`gh4rH|f?)BC!QrXTQpk0*t(YPjq5}C#D_@kCO-L ziy{LeoL;stchB(V13pHa%4wA)eE|<3wu`AX+N3235m(tkYEcs$%S93eBKX&N)|^Ot zG7_0(uxO+rOK`v>tO4=bDx#Wd3BmAJr$-Xk+^QYrK;o>TM@sYBH_gR?Kw_L;a53L9 z8z;Mm_tdUBGcw?yOwbz}xrASS|8XHgpO_K&5HQN>%eOFg<7vNHsa<7|-#SKDg^fl! zi$jp~pzz4A0ta+qK1(n5mdKEpLN!G*m)5-3PZUpi0{xbYK^t36Y zPN%QFb$nohrD1<)lpEXr)CTYL>#>p;O;!)9-OZ@srer)$fGy9w=1FyuF8s-3UiLF} z@Iw!lL4zkx_#I=>xy-}a4c)FSYv@$-E6&`vr`JCAZ9X`VxK}JaG7M>z1{K}LdZa!( zti=yyIX;%G5?1qyxG3)eH=~w zETTEWtj*8XZdQ25-0AP~+kt zVe3l4)oSiCo=dONn_IO!+lRnxwqKmn$pY4=Zs(AgU`1!s7PRcGguY#{y__gd5H3)p zdD(nt5T;{sT}gv%!nDZepiI_F8G^rgop5asB0|Byp~9p|PTQ>nKM}D;+HBhJOn(U( zp8_eCGBfQ7mC$=`I3Hs>3~ww=Fg#>gJ(#@KZeV zY3KEFXXK{0z_V0)^89ZDcJubsYJBUS^24D7FNReRT8sN>5HfC@RkDj5<`+i&@F0+0 zK6xKS?(KJ61B7c2)~RAc-l&$o4cpV7wwcK>nr+2Tm ztNX}X+m{{WNM}uMckH4Q7ofd;vnHz(XiMEMlJU4T!Y;8Ez~zW?cihFlf<|T zOyMM;G#*_pFzWtn-ymRtgaBaFZEk#{p>eEfhk@jU_@ zd(jfmIOg57FvEMdxHxp9AUBgq4N3zxnQOS%W$0&677(5QgasgA@;>Pg3u z0v(MbA5=oEHWrSI4B(ZfSE9-675dJHCbx4*XXo0hl308C=%o!7)AQY_%(+84<)X(! z3sGnX&!Aett5D$Tk>ab}pbO5wY!8vP2xp|_MIY(osDmbE z>&`+c*aAd>Km&oSEScDjgvA}etN&|y-y0TwZ+3r z)|rbB9(ffGj@wZUmhZqW2tEpxgnvrxS-KHcIm|sZ69#z|2~NpoHBf(5Xw?MTeSb8< ztCum%j{QN)pe&!~*F(5}_NIXg1xIBD#9+h_B3sPW%gCm1(u%Y15G%29d^_|s`F2G0 z#Soj!r|((oW1>Wf^mD48PuDeoz?8rF@nLuxW>!vK*JGk77n&(2>_fQ>$36O6-BrA& zq_S|>|KOlI1SXx&-!h#|W!~};Xe*^Wua&ze3x1mwBG-`G3wOgJhlUzGuSF5x>ppM% z-F6>{#6xO_hJ;(;cBKzmJLN4Nh6Lb?d*4$G{)X9-Ti>C^uS#2_?2D@T+;}z!{Xa;j z5M(=2zG@@UC+ODYU8ovfv_wzIwO+^klf;ofFIUaszM3w7K7CM;i%U=R;Tb9&XLNg8 z$bH+@Z#Yo^rY9_Kg!O8?BLq)&*cJYrAbVy^BlSP#;ul)zcP$pM?@?`bLM>rOu)jo< zAmVJWYf7eX8`N^}-$RUU&6Xm^XV$^a@)fDZ&7AbsL}B27Q?SZt`FI_Xf>f}ulpXR= zIU?@QzsYK_kL(fM{OWS^7WcM;}2i9}64%Q!If? zHt^2fSE-Cv!6G3%K!r}TXV+fp-hU#)5iT0&iI*zOesY43mYlb`lHDyXnKuwwIITY8 z_6rg-(4`g?;1wWd;bLTg`egm+WU1uoajMpn`5lwUs(tRB;B=I8A10h^0R{1dfu?Bib=F9a%ZoXY1_TzJGE!L+NI2AHOf^Yu7kRqzQk}qo*L#(YU-v9 zAK#6ayRn^hHWL1m_`oFWAGdlicn}r9yc>r{D3?o{FgvMc)Q9-0un5IqSqW)|foWqv zH@f(G`SjuS79+i9_4-8ABx=PP(7nLA#$`f1D6|rnvd}a5>@{;?XxqZWL9=FR``T}q z$Hd2X7X%t3&eFmpzi0Ue0DMUixrawI70S_&EQ(M~N7?oW=X?|6Y(!IZR#(y-7b6Z` z6+h|<3sKRdA^8nntcoh&g9hbs_o7>+2~kRN>^IC%e6Mrsg7o-D|G@hLwJVMuAnt^! z@5~;-r(p;1VPRWEs?xNZFj{Qhqfs!a3KH;#9eynqvKpMOQvgwXtdmd{%E{wo!5Xw$ z5uzY2($Sk&Hp`7SZd6;G=q$sWnkk0)Y|@tKgXLM$Z_c;qOLLut*J8)B8y z(Csc(UBHc!*2s?1ShLSFuQrXm4|+vl?6BNPLE9)eeb7=~e3`wAj`Cr}Ev7au3~A)| zWgaYc7Z9#)+!r1-&NQAR1~D1O&}kM_p7C7Odi#1_8x)KyOr;|SUVgm|p*H>+pjfdI z3yqx4n{U_EZT3cMDvfl5Z zlsqS$R3MLA*8)F%99|7(Njy0;25|kWR5}(qDKS37;eIDISAe(+buzQ0 z7Q&f$mcJ17GykzRY)d zYm*Y%oEv&#ts{tuzkDX)_H5wewHcdBI&K#|h{r3?B2{Z{g=GF=<+yOS{}?1oFOTk8 z@C9w;VEk5Lx=6QuI!Vk;@a;lDllw;(qq~XR)%*zZY}X+7Z*#Q;^Zh;4{9?V)r@6*) zu8!^Y-aJaBdD5FiOql@9mHA?QWS2WIo8w%e=x%h3DRb8@(^~f0qcnR6(`r@BFssMw zb%D!o>FmQTw#a4*EqS5ZPiS@bf~qu|HomdA75e}SR&jYHPa z&m00xdgoP=bd^RNzt)mkZ5YmzG3%b=P$w-3=%x>uxTVjGC&p=i>7zuOqFTS8AsA3& z=QJa+MKlst;N>}kLrpQp>E6U~G-X|^C9kvVo(Roxb3HOp$+qri_>#k&I+@n$e3Y47 z+lqd@hJ^WF3&DuNr(Id5bDl%-AOH=TgLc-Go>tnlECI3+!f0x=Ru&A$0Y`DvV~}}t z(ew?%I_Qj{hOq5wkKVH@Ys?GaIoc4WXCD%kbGSv#er|(3PpD+)IIqeu=x_an;y(I?@7t$v|D5y|F^W=<3Ol#RauWS>7ptAyiX( zhMEu}>dX+RfNs4omtghER<^n*Bzj^ZJ(@JFgf3pS%ajB49ab!FWF`JAqXu~<^Cnxa zVe!rYSI$!wu0p1Cu8kqrgbkw21 zqbUNq7zKCEA^hVZp1h1Zj-8U11|RFKVpTDF+Z^Rp&rLB-_$0!%$`L#lzT2zh6kZy~ z0&@1`zVlJ+bnbm(ju_lhfo8j3wdFUnFn?|s)+UzP~ z)VIAdFw>>eVKi$Bsp=RSv6OPtLNy8h=yMAh+;Vx727Z2(3c8uQS=K4Gc)rnCBTw@p zxq88m@Nvm3NhbgMSkPcPTW13!$-j2lEN0k+G0UrY<`K>Ji7pU=hZbv{^cY%HUimeB zEnz{Cto=oZcz|z0>uyYkSg*g*aELx<%fYZfX=kJ%qt5>+7_F%(iz&$T@(?1tgD2*oew7jt!9)sOQ&@_b?N@XWd&RT(o&buQ{XlZ`ZeR&Wg`v zi$C@z;H+rGjzjV`23;Ysr}Kh!N2JQo4B=Y7%BTncK6$IwFB>~gl~)s8U%Mpx8lqY?LeH)f56h@+&Z)B4%_icq7VB(Y9;si15@eLcY;-6@q zrhYehZEU6r0fh<>9DjW<$iO+jcbM=`-Hgl-X_X5R!l7wssc6q2+Q30uQjBFD+e=NM z5g#4pq>*!EZNWoXcEW<41JF?`Gx*A%<3S*B8U0Qu%fXMFO@(pusT$3fcVA>8Jq*9L zqWJ2?DYpq_Yf0#?5Y$GvpBPb^$!A8cs#;-{IRc3(`1fpTU|1*m&x}q)wuZ|R_75OJ zbW$tR?@nf17-S(144HFE@@L76tU1Ahj$n$l?2S~)EYOxasMvy!VCa*-w3#I@brGB1 zt=?*bWqGw!Pv}{^nJV@nttPn=Nn=%l`_MuKj}M`sIlJAeg6InyQWX2z2|dz{XglbO zJss6B@Tj0jZK}n{J<0OV}b-QawC-2fU7YAp(N&b`VXS ziY&PM^W%}Kwt~&ehbl`Q$33e|OB!HrD+_r5iD)a9@u4(kp9j$j{2eV8jY2>bL-xV@ zy63rauQY>v9LGcR7&u00GUiHI4on?r3zOf2V0)-2zyqv(ihZhGqc4|SNeuZ^nPTKz z=adEK_dx@*Urev3r)l<73_H)}cSa`*4sK4zPRH`%@iCVF?|)u6pjt0lWNEX5OpGbVYhq{OUNzIhJFO>P^=Ok-lmu^7yujMgTq zR_42%4>>tBaIp;WOBI`qqh2R53F)8*Ok9jAL5t#;lktnrkFuy zCf`vZ>01Tb`ZVs&X1q<;5s77rxuCc4c-aTY!a>?JbKVegr{CPr-RbXgJ9OIN-U+Zb z1hPvJ1UtVfEBp9w0x`krvitV!$<;4-D1P~bSOVXqa~!6yv?6e_CWObyW zglC}jR2D#$6Hbqhp)2`fi|0lDDnC<;B08pC8RuY)K~sm;a1n$pegkjHYm}q*UA4$U ziS@aP@t6+B1W`h>>*12>|5S_}?ZKIdn%q}A!4V}&O~Yx%jC zYe$(ifiFoVl#sI5r+kS=Ts=EKYavU4BXtr5%<0}BTl+X*X9?Oa@binHxYF@R&*^PU z4kDxEJ=@3ueNM<|UiX|#(krr$doe+Phc>QR{R-D#^9+(Z=>cir{U3oJ?tOql;jm|X zIo(3L;6)MQB{%IfZx-ego2zX~JY3EqeH&|WjG#B8D{l;I8^hxQx^tY=U6iUhYZ}zn z8E9e4xia2P0@+yDs})$hvQRG`ZGXWJqR{_{%7It=E@~8){p16R4@KlG|8r*N}jx@TQUf({D4LIKJ<(f#h-JCE-x@?v5`=rPf zp82I3dWmTK9AU3}#7Qt-%qbtuU>uM=kX6Iw8ce)xf-o9)t|9wy*^*qB1x|VN&8;CC zpHY1dx~rw-&?8=<+K3~Ra1}px)#vK;w^j7PgG3{o$IjDbo0IuEquF?P53j4n#pPHE z>DG|&Oi;zaQddP!v&!t52|B;uYkI^7$gh0IUb59GZ^YU2(=nyneP=diqx}* zzfw`EjTYbb*YsWQ$o9@Zmcp_v*5G_1pn{B4#L1_2kn9S8m574FAI@+!Xkw%DF6bUD z@1_(A)g*mOu}zvAPNjx8(pIBx`;t$oL{bX7vn(H^Ms_WgF|0x>LAE&TvMw;?H4Ab~ zRotgfw+fG9I*tiH#@_S*ap(BVLyBj0A2N1C%v6PP;qMZ$FQ|qNMjv==tedv9cTw>l zDLi@BcO;T5+wFrBM4;WrZq18X`dxO>8nIdRp8*6=OA+N_-Btf=bJq60TP!x5&)tm& z`S&Wodd&naLzSe455`Q3qdeaS5u*G*Emd!vAs8tPZJi2L*eQm} z#)Whc;^OlHh{yNH;ble&aTN3BHMsjsrY)EBwa>B&{K!(|L7x*{fD=O7V-KIWJUFmW z>js5OU*2RvJ+~KvL#m@YToWyJ8I2VE`^mbZTdWfK9K8;b>hDZ_l6$8){T;X2TjDoX27DBVC&6J~zbz);ZK&072k#sSU2S|%Zj>9hj2JsI zWXikzc6ngBI&XG;x)2oM74l)Z=QKp{o{i-P_thbQTE6wn-px3rpFpcCL(+LXrH~UZ zeT;YlWuzQIr9j)YCBpddAoCZH3*TTp+kH5gRcXuU00>rh0j zqVCE;vk%4<5aG@v%T329U^tDteqZyvL|c6RKpk8S!>aYs|MDQR2gC}#0(XynKAQIq z{wCkl?o5zVQb*ENJ;E4t%B`cRbYogkuE8FfVri(w!tW?s%+$h%^Hj<;E?!1XIZl^K zc=LH%`B5{<6Vuy9&ra|wQ>Y5iI3SwBAu}mwE*oa1D~f6VK$40A|3<{`1>)$qi_}Il ztwGv^MZb$h>RRe`Ent_Zq0#q+b=VqU+7}30WuixE7Oi(=lzMt|j&2NFaq|^rxZY78 z1D$3}c5H^Fpr92y@ZbD>`P26hce33pN7^RkMhA0)+Y89WNaJBSc26fa-`9g*;O>YR^oJBou&F%RIZI1%IKDKjDP`;rewE7uhZ9cbP( zBJQKT2-qD}!5o{fE}LU9&*Gdn3!*#qir>#jsXM}d6+GcmyDSU^40ZzZ;h*4&`(o?4Q+9*Fw zqCh4pAfgx(i8~+Huj_i8F0Qlnt-HKNSmZ2TANjSUiY?V{hWC5Z`2fD=~iQEu- z=2=qNwFf}?|FJ3(BM|^Zat);G~R_b?(+Rfi@zNL;$$&MEDyw}d^Rj4e*bn47!C(kS1ks*oPPV9 z+4|w%qxspf;svaRjnU4M;l_Vr0D7aK55WI4df(TJps zf8gWvS`r-h;yR1G*A)r&&asCa9&GjNEVil!2d3v7Py|OAnj(_^#!1$XoC3A7JU8um z@Yf8sN|3!q6uWsv$C*M_ch55=fwgFzo3(lP_cLdu0f$h~FQU>`k^@I0U^IVIv+D@q zFgb{o)9!}l81@%Zw!|NOPq>+w_+lCcXa3l?faBDy3)1Rdp_4*C*}!L4j!YRPywY}~ zf*+O-_HXjQAZM||-kC_6w*C%z!G+pLIhnNUpOu@gAVvQfw|FZC?2XD7YpP#M_=o-f z3R@hSm{*${M~WlvgqXbg7v+8^45`S6H6W;5JWKtFfQ%bU9GZ*}w$flArC)Ziuldj0 zIlutSR_kXE@cS`G8;P)Vp%!Z93DH{|Ai{@t)h)L<6UM1 z7apVjI~4JyGT(NYKMLKeU|?Tjr8Hu4rf4jN&@Wz3Mb0YpZSxjDcUF7rkJrQe4h6uH zTSxg@wD?#^keykifGpa3J3{a)jlWO*a=1bLC_#U@?I}nZRExw}v* zb!;N_C##aa_g}@L5uo|Q1d#*?hnj24BJND)PBX`n?+zg6{Y)1IDjmkv)de z13@Uv;Xlbyf%{``8nr27|Iaajf2bgj&5Qn%9MB-l8-54B%fJVzZyvxvKN2Fc!X<)w GzW)bba#KnG literal 0 HcmV?d00001 diff --git a/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md b/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md index 23ba4dca0fa6..95d61b9c1e98 100644 --- a/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md +++ b/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md @@ -24,13 +24,12 @@ shortTitle: Add a GPG key To sign commits associated with your account on {% data variables.product.product_name %}, you can add a public GPG key to your personal account. Before you add a key, you should check for existing keys. If you don't find any existing keys, you can generate and copy a new key. For more information, see "[AUTOTITLE](/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys)" and "[AUTOTITLE](/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)." -You can add multiple public keys to your account on {% data variables.product.product_name %}. Commits signed by any of the corresponding private keys will show as verified. If you remove a public key, any commits signed by the corresponding private key will no longer show as verified. +You can add multiple public keys to your account on {% data variables.product.product_name %}. Commits signed by any of the corresponding private keys will show as verified. {% ifversion persistent-commit-verification %}Once a commit has been verified, any commits signed by the corresponding private key will continue to show as verified, even if the public key is removed.{% else %}If you remove a public key, any commits signed by the corresponding private key will no longer show as verified.{% endif %} -{% ifversion upload-expired-or-revoked-gpg-key %} -To verify as many of your commits as possible, you can add expired and revoked keys. If the key meets all other verification requirements, commits that were previously signed by any of the corresponding private keys will show as verified and indicate that their signing key is expired or revoked. +![Screenshot of a list of commits. One commit is marked with a "Verified" label. Next to the label, a dropdown explains that the commit was signed and shows a timestamp of when it was signed.](/assets/images/help/settings/verified-persistent-commit.png) -![Screenshot of a list of commits. One commit is marked with a "Verified" label. Below the label, a dropdown explains that the commit was signed, but the key has now expired.](/assets/images/help/settings/gpg-verified-with-expired-key.png) -{% endif %} +{% ifversion upload-expired-or-revoked-gpg-key %} +To verify as many of your commits as possible, you can add expired and revoked keys. If the key meets all other verification requirements, commits that were previously signed by any of the corresponding private keys will show as verified and indicate that their signing key is expired or revoked.{% endif %} {% data reusables.gpg.supported-gpg-key-algorithms %} diff --git a/data/features/persistent-commit-verification.yml b/data/features/persistent-commit-verification.yml new file mode 100644 index 000000000000..294b0df37ca5 --- /dev/null +++ b/data/features/persistent-commit-verification.yml @@ -0,0 +1,7 @@ +# Issue: 15674 +# Description: Once a commit signature is verified, it remains verified within its repository's network +# Usage: {% ifversion persistent-commit-verification %} ... {% endif %} +versions: + fpt: '*' + ghec: '*' + ghes: '>=3.17' From b0c51ebe4f4f8e6e6979ae6b7b4b4b99556f4948 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Dec 2024 08:36:30 -0800 Subject: [PATCH 19/22] Update audit log event data (#53559) --- src/audit-logs/lib/config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 83494db59184..33c021c99d56 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "c178e58df546775bddd4af9d8d197b08c9ada4ad" + "sha": "2c40dff92f97e4efcefcfd98ed9e6c9f3d69284b" } \ No newline at end of file From 2bd92cb881a82443973966a275b67b4840a3340e Mon Sep 17 00:00:00 2001 From: amrithss <89491847+amrithss@users.noreply.github.com> Date: Tue, 10 Dec 2024 12:45:32 -0600 Subject: [PATCH 20/22] Update gathering-insights-on-your-spending.md (#53467) Co-authored-by: Felicity Chapman Co-authored-by: felix Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> --- .../gathering-insights-on-your-spending.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/billing/using-the-new-billing-platform/gathering-insights-on-your-spending.md b/content/billing/using-the-new-billing-platform/gathering-insights-on-your-spending.md index 2ed879b3558a..ae8110ebaa33 100644 --- a/content/billing/using-the-new-billing-platform/gathering-insights-on-your-spending.md +++ b/content/billing/using-the-new-billing-platform/gathering-insights-on-your-spending.md @@ -48,7 +48,7 @@ You can view the usage of your {% data variables.enterprise.enterprise_or_org %} >[!NOTE] The usage graph is configured to represent the start of the month to the end of the month, not your specific billing period. -1. To request a CSV usage report, select **Get usage report** in the upper-right corner of the page. +1. To request a CSV usage report, select **Get usage report** in the upper-right corner of the page. You can choose a pre-selected option or use the Custom range option to specify a date range of up to 31 days. ## Viewing license usage From 05dcedc968aad2e9a4cbb36927e7e67709ce7cca Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Dec 2024 11:53:22 -0800 Subject: [PATCH 21/22] =?UTF-8?q?=F0=9F=A4=96=20src/ghes-releases/lib/ente?= =?UTF-8?q?rprise-dates.json=20update=20(#53558)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: heiskr <1221423+heiskr@users.noreply.github.com> --- src/ghes-releases/lib/enterprise-dates.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ghes-releases/lib/enterprise-dates.json b/src/ghes-releases/lib/enterprise-dates.json index 480888b91e4e..1bc483e6d941 100644 --- a/src/ghes-releases/lib/enterprise-dates.json +++ b/src/ghes-releases/lib/enterprise-dates.json @@ -141,7 +141,7 @@ }, "3.11": { "releaseDate": "2023-11-14", - "deprecationDate": "2024-12-05" + "deprecationDate": "2024-12-19" }, "3.12": { "releaseDate": "2024-02-13", @@ -157,7 +157,7 @@ }, "3.15": { "releaseDate": "2024-11-12", - "deprecationDate": "2025-11-19" + "deprecationDate": "2025-12-19" }, "3.16": { "releaseDate": "2025-02-18", From 5717650634d269943bc8c16ea1090e9c2b7847b0 Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Tue, 10 Dec 2024 13:08:25 -0800 Subject: [PATCH 22/22] [Style guide] Update link styling to remove quotation marks (#53423) --- .../style-guide.md | 136 +++++++++--------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/content/contributing/style-guide-and-content-model/style-guide.md b/content/contributing/style-guide-and-content-model/style-guide.md index e09ad94fb15c..0c2486d6edf9 100644 --- a/content/contributing/style-guide-and-content-model/style-guide.md +++ b/content/contributing/style-guide-and-content-model/style-guide.md @@ -8,7 +8,7 @@ redirect_from: --- > [!NOTE] -> These guidelines are specific to {% data variables.product.company_short %}'s documentation. For general style questions or guidance on topics not covered here, see the [Microsoft Style Guide](https://docs.microsoft.com/style-guide/welcome/). For markup specific to source content on docs.github.com, see "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs)." For any questions about the GitHub brand, see our "[GitHub Brand Guide](https://brand.github.com)." +> These guidelines are specific to {% data variables.product.company_short %}'s documentation. For general style questions or guidance on topics not covered here, see the [Microsoft Style Guide](https://docs.microsoft.com/style-guide/welcome/). For markup specific to source content on docs.github.com, see [AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs). For any questions about the GitHub brand, see our [GitHub Brand Guide](https://brand.github.com). ## The {% data variables.product.prodname_docs %} approach to style @@ -23,9 +23,9 @@ redirect_from: We document each of the events that may appear in the audit logs for each type of account: user, organization, and enterprise. -* "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events)" -* "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)" -* "[AUTOTITLE]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)" {% ifversion fpt %}in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %} +* [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/security-log-events) +* [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization) +* [AUTOTITLE]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise) {% ifversion fpt %}in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %} When writing the description for an audit log event, describe the event that took place in a way that applies to all versions, using past tense and passive voice. Do not begin the sentence with phrases that are already implied by the context of the article, such as "Triggered by." @@ -54,7 +54,7 @@ Notes are particularly useful for communicating parenthetical information that i * Caveats that might affect the outcome of a process, such as specific user settings. * Products and features that are subject to changes in availability, such as those in {% data variables.release-phases.public_preview %} or {% data variables.release-phases.closing_down %}. -For example, "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#reviewing-github-token-metadata)" uses a note to inform users that metadata for {% data variables.product.prodname_dotcom %} tokens is currently in {% data variables.release-phases.public_preview %}. +For example, [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#reviewing-github-token-metadata) uses a note to inform users that metadata for {% data variables.product.prodname_dotcom %} tokens is currently in {% data variables.release-phases.public_preview %}. > [!NOTE] > Metadata for {% data variables.product.prodname_dotcom %} tokens is currently in {% data variables.release-phases.public_preview %} and subject to change. @@ -63,7 +63,7 @@ For example, "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-se Recommendations, best practices or product hints. Tips contain non-essential information that users can follow at their discretion. Particularly useful in articles aimed at new users. -For example, "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile)" uses a tip alert to help users understand what to expect when they @mention an organization. +For example, [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile) uses a tip alert to help users understand what to expect when they @mention an organization. > [!TIP] > When you @mention an organization, only those that you're a member of will autocomplete. You can still @mention organizations that you're not a member of, like a previous employer, but the organization name won't autocomplete for you. @@ -74,7 +74,7 @@ Highlights potential risks that a user should be aware of before starting or con Warning alerts are particularly relevant for processes that occur outside the {% data variables.product.prodname_dotcom %} UI, such as in the command line or through an API. -For example, "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)" includes instructions for the command line, and uses a warning alert to inform users that once issued, certificates cannot be revoked: +For example, [AUTOTITLE](/enterprise-cloud@latest/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities) includes instructions for the command line, and uses a warning alert to inform users that once issued, certificates cannot be revoked: > [!WARNING] > After a certificate has been signed and issued, the certificate cannot be revoked. Make sure to use the -V flag to configure a lifetime for the certificate, or the certificate can be used indefinitely. @@ -121,19 +121,19 @@ Caution: Liquid syntax for alerts is still supported and may still appear in older articles, but should not be used for new alerts. -For more information on formatting alerts, see “Alerts” in "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#alerts)." +For more information on formatting alerts, see “Alerts” in [AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#alerts). ## Buttons -Landing pages and some articles have buttons that take people to relevant content in other articles or on other {% data variables.product.prodname_dotcom %} webpages. Buttons should be used when someone needs to navigate to another page to complete the task being described. For example, "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)" has a button that takes people to the trial sign up page since that is the next step in the process of setting up a trial. The "[AUTOTITLE](/migrations)" landing page uses a button to direct people to the article that most people will need to read to start a migration. +Landing pages and some articles have buttons that take people to relevant content in other articles or on other {% data variables.product.prodname_dotcom %} webpages. Buttons should be used when someone needs to navigate to another page to complete the task being described. For example, [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud) has a button that takes people to the trial sign up page since that is the next step in the process of setting up a trial. The [AUTOTITLE](/migrations) landing page uses a button to direct people to the article that most people will need to read to start a migration. If a button encourages people to navigate away from the {% data variables.product.prodname_docs %} site, follow the call to action (CTA) button guidelines. If you want to include another type of button on a landing page or article, you must get approval from the {% data variables.product.prodname_docs %} team. ## Call to action (CTA) buttons -CTA buttons emphasize a link that we expect or encourage people to navigate to after reading an article or as part of completing the task that an article describes. CTAs should only take people to {% data variables.product.company_short %}-owned domains. For example, the "Try {% data variables.product.prodname_copilot %}" CTA in "[AUTOTITLE](/free-pro-team@latest/copilot/using-github-copilot/getting-started-with-github-copilot)" links to the [GitHub Copilot settings menu](https://github.com/settings/copilot) on {% data variables.product.prodname_dotcom_the_website %}. +CTA buttons emphasize a link that we expect or encourage people to navigate to after reading an article or as part of completing the task that an article describes. CTAs should only take people to {% data variables.product.company_short %}-owned domains. For example, the "Try {% data variables.product.prodname_copilot %}" CTA in [AUTOTITLE](/free-pro-team@latest/copilot/using-github-copilot/getting-started-with-github-copilot) links to the [GitHub Copilot settings menu](https://github.com/settings/copilot) on {% data variables.product.prodname_dotcom_the_website %}. -Only include a CTA button if navigating to the link supports user needs. Do not use CTA buttons solely for marketing GitHub features or products. In the above example, someone who wants to try {% data variables.product.prodname_copilot %} must navigate to the {% data variables.product.prodname_copilot_short %} settings menu and would likely want to after reading the article. In contrast, even though someone might use {% data variables.product.prodname_copilot_short %} as part of writing code that they then create a pull request for, we would not add a "Try {% data variables.product.prodname_copilot %}" CTA to "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)" since {% data variables.product.prodname_copilot_short %} is not connected to the user needs of "Creating a pull request." Most people will create pull requests without using {% data variables.product.prodname_copilot_short %}. But people visiting articles about getting started with {% data variables.product.prodname_copilot_short %} are probably interested in trying {% data variables.product.prodname_copilot_short %} if they are not already using it. So we add the CTA button to help people get where they are trying to go. +Only include a CTA button if navigating to the link supports user needs. Do not use CTA buttons solely for marketing GitHub features or products. In the above example, someone who wants to try {% data variables.product.prodname_copilot %} must navigate to the {% data variables.product.prodname_copilot_short %} settings menu and would likely want to after reading the article. In contrast, even though someone might use {% data variables.product.prodname_copilot_short %} as part of writing code that they then create a pull request for, we would not add a "Try {% data variables.product.prodname_copilot %}" CTA to [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) since {% data variables.product.prodname_copilot_short %} is not connected to the user needs of "Creating a pull request." Most people will create pull requests without using {% data variables.product.prodname_copilot_short %}. But people visiting articles about getting started with {% data variables.product.prodname_copilot_short %} are probably interested in trying {% data variables.product.prodname_copilot_short %} if they are not already using it. So we add the CTA button to help people get where they are trying to go. Style your CTAs using the following format. @@ -150,10 +150,10 @@ Replace the placeholders with the relevant information for your CTA. ### Code blocks -Keep lines in code samples to about 60 characters, to avoid requiring readers to scroll horizontally in the code block. Locate explanatory text before the code block, rather than using comments inside the code block. See "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#code-sample-syntax-highlighting)" for more information on the syntax and formatting of code blocks. +Keep lines in code samples to about 60 characters, to avoid requiring readers to scroll horizontally in the code block. Locate explanatory text before the code block, rather than using comments inside the code block. See [AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#code-sample-syntax-highlighting) for more information on the syntax and formatting of code blocks. Within code blocks: -* Specify the language of the sample after the first code fence. For a list of all supported languages, see "[Code languages](https://github.com/github/docs/blob/main/data/code-languages.yml)" in the [`github/docs`](https://github.com/github/docs) repository. +* Specify the language of the sample after the first code fence. For a list of all supported languages, see [Code languages](https://github.com/github/docs/blob/main/data/code-languages.yml) in the [`github/docs`](https://github.com/github/docs) repository. * Do not use HTML to style or markup a code block. * Style any placeholders that people need to replace with their own values in all caps. * **Use:** `git checkout -b BRANCH-NAME` @@ -291,7 +291,7 @@ For example: When you include the text of an error message from a {% data variables.product.company_short %} product or interface in an article, format the text according to the interface where the message appears. -* If the message appears in {% data variables.product.prodname_dotcom %}'s web interface, or in a graphical client app like {% data variables.product.prodname_desktop %} or {% data variables.product.prodname_mobile %}, treat the message like other text in the UI. For more information, see "[User interface text](#user-interface-text)." +* If the message appears in {% data variables.product.prodname_dotcom %}'s web interface, or in a graphical client app like {% data variables.product.prodname_desktop %} or {% data variables.product.prodname_mobile %}, treat the message like other text in the UI. For more information, see [User interface text](#user-interface-text). * If the message appears in a command-line interface, log output, or a response from an API, reproduce the text exactly and use backticks to format the message using a monospaced font. @@ -299,7 +299,7 @@ When you include the text of an error message from a {% data variables.product.c In general, do not document content that will expire. Anyone who visits {% data variables.product.prodname_docs %} should be confident that the information is accurate and up to date. -If you must document content that you know will expire, you can use the content linter to tag and track the content's expiration date. This will flag the content as outdated and avoids tracking expiration dates outside of the content itself. See "[AUTOTITLE](/contributing/collaborating-on-github-docs/using-the-content-linter#syntax-for-expiring-and-expired-content)" for information on how to format expiring content tags. +If you must document content that you know will expire, you can use the content linter to tag and track the content's expiration date. This will flag the content as outdated and avoids tracking expiration dates outside of the content itself. See [AUTOTITLE](/contributing/collaborating-on-github-docs/using-the-content-linter#syntax-for-expiring-and-expired-content) for information on how to format expiring content tags. ## Footnotes @@ -471,7 +471,7 @@ For example, see [accompanying explanation of this diagram in the Actions docume #### Alt text for images of command-line interfaces -Do not use screenshots of command-line interfaces to convey commands and their output. Instead, directly provide the commands a user should use. For more information, see the "[Commands](#commands)" section of the style guide. +Do not use screenshots of command-line interfaces to convey commands and their output. Instead, directly provide the commands a user should use. For more information, see the [Commands](#commands) section of the style guide. When using a screenshot of a command-line interface to show user interface elements, follow standard alt text guidelines for screenshots. @@ -484,11 +484,11 @@ Be descriptive when naming image files: include the name, action, and UI element ### Screenshots -To learn about creating and versioning images, see "[Creating and updating screenshots](/contributing/writing-for-github-docs/creating-screenshots)." +To learn about creating and versioning images, see [Creating and updating screenshots](/contributing/writing-for-github-docs/creating-screenshots). ### Diagrams -To learn about creating diagrams, see "[AUTOTITLE](/contributing/writing-for-github-docs/creating-diagrams-for-github-docs)." +To learn about creating diagrams, see [AUTOTITLE](/contributing/writing-for-github-docs/creating-diagrams-for-github-docs). ## Inclusive language @@ -642,21 +642,23 @@ You can introduce links with just the verb "see" if the context makes it clear w Use the title of the documentation article, or external web page, as the link text. For any link that points to another article on the {% data variables.product.prodname_docs %} site, use the special keyword `AUTOTITLE` for the link text. See details in the [content markup reference](https://github.com/github/docs/blob/main/contributing/content-markup-reference.md#internal-links-with-autotitle). -* For links to other pages: `See "[AUTOTITLE](/PATH/TO/PAGE)."` -* For links to sections in other pages: `For more information, see "[AUTOTITLE](/PATH/TO/PAGE#SECTION-LINK)."` +Do not apply any styling to links or wrap them in quotation marks. + +* For links to other pages: `See [AUTOTITLE](/PATH/TO/PAGE).` +* For links to sections in other pages: `For more information, see [AUTOTITLE](/PATH/TO/PAGE#SECTION-LINK).` Do not use inline links, where words within the sentence are hyperlinked without any additional words to indicate that the sentence contains a link. This can be difficult to translate and read. -Do not include quotation marks within a hyperlink. +Do not include punctuation marks within a hyperlink. -* **Use:** `OAuth2 tokens can be acquired programmatically for applications that are not websites. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)" and "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps)."` +* **Use:** `OAuth2 tokens can be acquired programmatically for applications that are not websites. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app) and [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps).` * **Avoid:** `Read [more about OAuth2](/apps/building-integrations/setting-up-and-registering-oauth-apps/). Note that OAuth2 tokens can be [acquired programmatically](/enterprise-server@2.22/rest/reference/oauth-authorizations/#create-a-new-authorization), for applications that are not websites.` ### Links between versions Sometimes, you need to link from one version of {% data variables.product.prodname_docs %} to another. When you want to link to a different version of the _same_ page, you should use the `currentArticle` property. -For example, the Free, Pro, & Team version of "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)" might link to the {% data variables.product.prodname_ghe_cloud %} version of the same article like this: +For example, the Free, Pro, & Team version of [AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization) might link to the {% data variables.product.prodname_ghe_cloud %} version of the same article like this: ```text You can choose to allow or disallow the publication of GitHub Pages sites. @@ -667,7 +669,7 @@ You can choose to allow or disallow the publication of GitHub Pages sites. To link to a different article in a different version, use this format: ```markdown -For more information, see "[ARTICLE TITLE](/)" in the VERSION documentation. +For more information, see [ARTICLE TITLE](/) in the VERSION documentation. ``` To link to the same article in a different version, use this format: @@ -685,7 +687,7 @@ Links to specific sections of articles must be descriptive enough that someone u To link to a specific header in the same article, use this format: ```markdown -For more information, see "[HEADER TITLE](#HEADER-TITLE)," later in this article. +For more information, see [HEADER TITLE](#HEADER-TITLE), later in this article. ``` Same-page section links do **not** work with `AUTOTITLE`. Instead, you must type out the full header text. @@ -693,13 +695,13 @@ Same-page section links do **not** work with `AUTOTITLE`. Instead, you must type To link to a specific header in a different article, use this format: ```markdown -For more information, see "[AUTOTITLE](PATH-TO-ARTICLE#HEADER-TITLE)." +For more information, see [AUTOTITLE](PATH-TO-ARTICLE#HEADER-TITLE). ``` To link to two or more specific headers in a different article, use this format: ```markdown -For more information, see "[HEADER-TITLE-1](PATH-TO-ARTICLE#SECTION-LINK-1)" and "[HEADER-TITLE-2](PATH-TO-ARTICLE#SECTION-LINK-2)" in "ARTICLE-TITLE." +For more information, see [HEADER-TITLE-1](PATH-TO-ARTICLE#SECTION-LINK-1) and [HEADER-TITLE-2](PATH-TO-ARTICLE#SECTION-LINK-2) in "ARTICLE-TITLE." ``` ### Links to a specific tool @@ -707,7 +709,7 @@ For more information, see "[HEADER-TITLE-1](PATH-TO-ARTICLE#SECTION-LINK-1)" and If you link to content with a specific tool selected, make sure that it is clear that the link will be for a specific tool even if someone doesn't interact with the tool switcher tab in the article. ```markdown -For more information, see the TOOLNAME documentation in "[ARTICLE TITLE](/PATH/TO/ARTICLE?tool=TOOLNAME)." +For more information, see the TOOLNAME documentation in [ARTICLE TITLE](/PATH/TO/ARTICLE?tool=TOOLNAME). ``` ### Links to learning paths @@ -715,7 +717,7 @@ For more information, see the TOOLNAME documentation in "[ARTICLE TITLE](/PATH/T Use this format to link to a learning path. ```markdown -For more information, follow the "[LEARNING PATH TITLE](/)" learning path. +For more information, follow the [LEARNING PATH TITLE](/) learning path. ``` ### Links to external resources @@ -781,7 +783,7 @@ Together, permission statements and product callouts tell readers who can use th Consider what information belongs in a permission statement or a product callout. -For example, when creating permissions and product callouts for the article "[AUTOTITLE](/free-pro-team@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization)," the permission statement would answer "What role can manage policies and features for {% data variables.product.prodname_copilot %} in an organization?" And the product callout would answer "What {% data variables.product.prodname_copilot_short %} subscriptions do users need to manage {% data variables.product.prodname_copilot_short %} policies and features for an organization?" +For example, when creating permissions and product callouts for the article [AUTOTITLE](/free-pro-team@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/managing-policies-for-copilot-in-your-organization), the permission statement would answer "What role can manage policies and features for {% data variables.product.prodname_copilot %} in an organization?" And the product callout would answer "What {% data variables.product.prodname_copilot_short %} subscriptions do users need to manage {% data variables.product.prodname_copilot_short %} policies and features for an organization?" #### Focus on key information, not explanations @@ -903,7 +905,7 @@ steps: ``` Examples: -* See the code block in "[Publishing to package registries](/actions/guides/building-and-testing-python#publishing-to-package-registries)" +* See the code block in [Publishing to package registries](/actions/guides/building-and-testing-python#publishing-to-package-registries) #### Pinning version numbers to SHA @@ -921,7 +923,7 @@ steps: - uses: actions/javascript-action@main ``` -For more information, see "[Using SHAs](/actions/learn-github-actions/finding-and-customizing-actions#using-shas)" +For more information, see [Using SHAs](/actions/learn-github-actions/finding-and-customizing-actions#using-shas) ### {% data variables.product.prodname_codespaces %} @@ -956,7 +958,7 @@ You should use variables to refer to these types of tokens, as well as to {% dat * Use `{% raw %}{% data variables.product.pat_v2 %}{% endraw %}` or `{% raw %}{% data variables.product.pat_v2_caps %}{% endraw %}` to refer to {% data variables.product.pat_v2 %}s. * Use `{% raw %}{% data variables.product.pat_v1 %}{% endraw %}`, `{% raw %}{% data variables.product.pat_v1_plural %}{% endraw %}`, `{% raw %}{% data variables.product.pat_v1_caps %}{% endraw %}`, or `{% raw %}{% data variables.product.pat_v1_caps_plural %}{% endraw %}` to refer to {% data variables.product.pat_v1 %}. -For more information about {% data variables.product.prodname_dotcom %}'s {% data variables.product.pat_generic_plural %}, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#about-personal-access-tokens)." +For more information about {% data variables.product.prodname_dotcom %}'s {% data variables.product.pat_generic_plural %}, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#about-personal-access-tokens). ## Punctuation @@ -983,7 +985,7 @@ Each release note in a set describes one of the following changes. {%- endif %} * [Errata](#errata): correction to inaccurate release note or documentation -You can also review guidelines for updating release notes in "[Adding or updating a release note](#adding-or-updating-a-release-note)" and "[Removing a release note](#removing-a-release-note)." +You can also review guidelines for updating release notes in [Adding or updating a release note](#adding-or-updating-a-release-note) and [Removing a release note](#removing-a-release-note). ### Features @@ -1007,11 +1009,11 @@ A release note for a feature answers the following questions. #### Examples of feature release notes -* > Site administrators can increase the security of the Management Console by configuring the rate limit for sign-in attempts, as well as the lockout duration after exceeding the rate limit. For more information, see "[Configuring rate limits](/enterprise-server@3.7/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-rate-limits-for-authentication-to-the-management-console)." +* > Site administrators can increase the security of the Management Console by configuring the rate limit for sign-in attempts, as well as the lockout duration after exceeding the rate limit. For more information, see [Configuring rate limits](/enterprise-server@3.7/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-rate-limits-for-authentication-to-the-management-console). -* > Enterprise owners can control where users can fork repositories. Forking can be limited to preset combinations of organizations, the same organization as the parent repository, user accounts, or everywhere. For more information, see "[Enforcing repository management policies in your enterprise](/enterprise-server@3.7/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-forking-private-or-internal-repositories)." +* > Enterprise owners can control where users can fork repositories. Forking can be limited to preset combinations of organizations, the same organization as the parent repository, user accounts, or everywhere. For more information, see [Enforcing repository management policies in your enterprise](/enterprise-server@3.7/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-forking-private-or-internal-repositories). -* > Users can create files with geoJSON, topoJSON, and STL diagrams and render the diagrams in the web interface. For more information, see "[Working with non-code files](/enterprise-server@3.7/repositories/working-with-files/using-files/working-with-non-code-files)." +* > Users can create files with geoJSON, topoJSON, and STL diagrams and render the diagrams in the web interface. For more information, see [Working with non-code files](/enterprise-server@3.7/repositories/working-with-files/using-files/working-with-non-code-files). ### Security fixes @@ -1058,7 +1060,7 @@ A release note for a bug fix answers the following questions. * Language like "fixed a bug…" or "fixed an issue…" is implied and unnecessary. * To reduce repetition and unnecessary words, "now" is usually implied. * To clarify actors and impact, avoid passive language when possible. -* If the release note includes an error message, format the message according to the guidance in "[Error messages](#error-messages)." +* If the release note includes an error message, format the message according to the guidance in [Error messages](#error-messages). #### Examples of release notes for bug fixes @@ -1093,7 +1095,7 @@ A release note for a change answers the following questions. * > On an instance with a {% data variables.product.prodname_GH_advanced_security %} license, users who author custom patterns for secret scanning can provide expressions that must or must not match that are up to 2,000 characters. This limit is an increase from 1,000 characters. -* > For administrators who need to review or modify SAML mappings, the default path for output from `ghe-saml-mapping-csv -d` is `/data/user/tmp` instead of `/tmp`. For more information, see "[Command-line utilities](/enterprise-server@3.8/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-saml-mapping-csv)." +* > For administrators who need to review or modify SAML mappings, the default path for output from `ghe-saml-mapping-csv -d` is `/data/user/tmp` instead of `/tmp`. For more information, see [Command-line utilities](/enterprise-server@3.8/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-saml-mapping-csv). * > To avoid intermittent issues with the success of Git operations on an instance with multiple nodes, {% data variables.product.prodname_ghe_server %} checks the status of the MySQL container before attempting a SQL query. The timeout duration has also been reduced. @@ -1113,9 +1115,9 @@ A release note for a known issue answers the following questions. * To clarify actors and impact, avoid passive language when possible. * To reduce repetition and unnecessary words, "now" is usually implied. -* If the release note includes an error message, format the message according to the guidance in "[Error messages](#error-messages)." +* If the release note includes an error message, format the message according to the guidance in [Error messages](#error-messages). * If useful, include relevant links to GitHub Docs. -* Known issues are also a type of content on GitHub Docs. For more information, see "[AUTOTITLE](/contributing/style-guide-and-content-model/troubleshooting-content-type#known-issues)." If useful, write or link to more in-depth and contextually relevant content in the docs. +* Known issues are also a type of content on GitHub Docs. For more information, see [AUTOTITLE](/contributing/style-guide-and-content-model/troubleshooting-content-type#known-issues). If useful, write or link to more in-depth and contextually relevant content in the docs. #### Examples of release notes for known issues @@ -1138,7 +1140,7 @@ A release note for a deprecation answers the following questions. 1. If applicable, what replaces the deprecated functionality? 1. If applicable, where can I read more? -> _AUDIENCE_ (**1**) _DESCRIPTION OF DEPRECATED FUNCTIONALITY_ (**2**) _REPLACEMENT FUNCTIONALITY_ (**3**) For more information, see "[_ARTICLE TITLE_](/)" (**4**). +> _AUDIENCE_ (**1**) _DESCRIPTION OF DEPRECATED FUNCTIONALITY_ (**2**) _REPLACEMENT FUNCTIONALITY_ (**3**) For more information, see [_ARTICLE TITLE_](/) (**4**). * Notes are in the present tense, or the future tense for upcoming changes. If applicable, specify the upcoming release where the deprecation will occur. * To reduce repetition and unnecessary words, "now" is usually implied. @@ -1166,7 +1168,7 @@ A release note for a feature that is closing down answers the following question 1. If applicable, what replaces the closing down functionality? 1. If applicable, where can I read more? -> _AUDIENCE_ (**1**) _DESCRIPTION OF CLOSING DOWN FUNCTIONALITY_ (**2**) _REPLACEMENT FUNCTIONALITY_ (**3**) For more information, see "[_ARTICLE TITLE_](/)" (**4**). +> _AUDIENCE_ (**1**) _DESCRIPTION OF CLOSING DOWN FUNCTIONALITY_ (**2**) _REPLACEMENT FUNCTIONALITY_ (**3**) For more information, see [_ARTICLE TITLE_](/) (**4**). * Notes are in the present tense, or the future tense for upcoming changes. If applicable, specify the upcoming release when the retirement will occur. * To reduce repetition and unnecessary words, "now" is usually implied. @@ -1232,17 +1234,17 @@ To signal to readers that you've added or changed a note, or to indicate the pub ### Removing a release note -To signal that we have removed a release note, add an "Errata" section detailing which note you removed and (if relevant) which version the removed note actually pertains to. See "[Writing errata](#writing-errata)." +To signal that we have removed a release note, add an "Errata" section detailing which note you removed and (if relevant) which version the removed note actually pertains to. See [Writing errata](#writing-errata). ## Reusables and variables -Use reusable strings for individual nouns (e.g. product names) or for complete sentences or paragraphs. Sentence fragments and phrases should not be contained in reusable strings as they can cause problems when content is localized. For more information, see the [data directory](https://github.com/github/docs/tree/main/data) in the [`github/docs`](https://github.com/github/docs) repository, "[Creating reusable content](/contributing/writing-for-github-docs/creating-reusable-content)", and the “[Product names](#product-names)” section of this document. +Use reusable strings for individual nouns (e.g. product names) or for complete sentences or paragraphs. Sentence fragments and phrases should not be contained in reusable strings as they can cause problems when content is localized. For more information, see the [data directory](https://github.com/github/docs/tree/main/data) in the [`github/docs`](https://github.com/github/docs) repository, [Creating reusable content](/contributing/writing-for-github-docs/creating-reusable-content), and the [Product names](#product-names) section of this document. ## Sectional TOCs -If a section of an article uses `H3` or `H4` headers to further divide the content and only some of the content is relevant to a reader, you can use a sectional table of contents (TOC) to help readers identify and navigate to the information that is most relevant to them. For example, in "[AUTOTITLE](/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-amazon-s3)" people will probably only set up audit log streaming for one provider, so the sectional TOC in "Setting up audit log streaming" allows people to select their provider and navigate to the relevant content without reading the entire section. +If a section of an article uses `H3` or `H4` headers to further divide the content and only some of the content is relevant to a reader, you can use a sectional table of contents (TOC) to help readers identify and navigate to the information that is most relevant to them. For example, in [AUTOTITLE](/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-amazon-s3) people will probably only set up audit log streaming for one provider, so the sectional TOC in "Setting up audit log streaming" allows people to select their provider and navigate to the relevant content without reading the entire section. -Do not add a sectional TOC if `H3` or `H4` headers are used only to group content and all information could be of relevance to a reader. For example, in "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#identifying-the-best-authentication-method-for-your-enterprise)," people should read and consider each section as it relates to their enterprise. We do not include a sectional TOC in this article because people should be reading through each section, not picking and choosing between them. Adding a sectional TOC would also force people who use screenreaders or other adaptive technology to tab and scroll through more headers before finding what they need. +Do not add a sectional TOC if `H3` or `H4` headers are used only to group content and all information could be of relevance to a reader. For example, in [AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#identifying-the-best-authentication-method-for-your-enterprise), people should read and consider each section as it relates to their enterprise. We do not include a sectional TOC in this article because people should be reading through each section, not picking and choosing between them. Adding a sectional TOC would also force people who use screenreaders or other adaptive technology to tab and scroll through more headers before finding what they need. Format sectional TOCs as a list. Include all subsections in the order that they appear in the article and refer to them using the full header title. @@ -1294,13 +1296,13 @@ Tables are added to the {% data variables.product.prodname_docs %} using Markdow ### Use tables only for presenting tabular information -Tables work best for presenting tabular data, such as information that needs to be compared or values with multiple attributes. Do not use tables for simple lists - see the "[Lists](#lists)" section of this document. +Tables work best for presenting tabular data, such as information that needs to be compared or values with multiple attributes. Do not use tables for simple lists - see the [Lists](#lists) section of this document. ### Avoid describing table data A table’s data and why it is important should be clear from any preceding content, the column headers, and (if needed) the row headers. Avoid unneeded descriptions of the data in a table. If the data in a table is unclear without a lengthy description, consider if your table needs row headers or if the information would be better communicated in a different way. -For example, in "[AUTOTITLE](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners#recommended-autoscaling-solutions)," a table comparing the features between two supported autoscaling solutions is introduced with the sentence `Each solution has certain specifics that may be important to consider.` The article does not describe any of the different features that are compared because that information is clearly communicated by the table. +For example, in [AUTOTITLE](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners#recommended-autoscaling-solutions), a table comparing the features between two supported autoscaling solutions is introduced with the sentence `Each solution has certain specifics that may be important to consider.` The article does not describe any of the different features that are compared because that information is clearly communicated by the table. * **Use:** "Different size limits per repository apply depending on your GHES version." * **Avoid:** "The first row of the table shows the information for GitHub Enterprise Cloud. The second row shows the information for GitHub Enterprise Server." @@ -1355,30 +1357,30 @@ Every cell in a table must contain a value. For cells with no data, use "None" or "Not applicable". Do not use "NA" or "N/A". -For tables with row headers, the first cell (cell "A1") should describe the row headers to help people understand the whole table. However, if doing this would make the table less clear or add redundant information, you can leave this cell empty. For example, in the article "[AUTOTITLE](/actions/automating-builds-and-tests/building-and-testing-powershell#powershell-module-locations)," the first cell could be labeled as "Modules", but since each row header already includes the word "module", this header would repeat information that does not add descriptive value to understanding the table as a whole. +For tables with row headers, the first cell (cell "A1") should describe the row headers to help people understand the whole table. However, if doing this would make the table less clear or add redundant information, you can leave this cell empty. For example, in the article [AUTOTITLE](/actions/automating-builds-and-tests/building-and-testing-powershell#powershell-module-locations), the first cell could be labeled as "Modules", but since each row header already includes the word "module", this header would repeat information that does not add descriptive value to understanding the table as a whole. ### Use clear, consistent symbols and labels For tables that use symbols: * Populate all cells. For example in a permissions table, do not mark only the cells for things that require a permission. -* Use octicons or SVG. Do not use emoji. For more information about octicons, see "[AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#octicons)." +* Use octicons or SVG. Do not use emoji. For more information about octicons, see [AUTOTITLE](/contributing/syntax-and-versioning-for-github-docs/using-markdown-and-liquid-in-github-docs#octicons). * Use a [check mark](https://primer.style/octicons/check-16) for affirmative values ("Yes", "Required", "Supported") and a [cross](https://primer.style/octicons/x-16) for negative values ("No", "Optional", "Unsupported"). * Use `aria-label` to describe the meaning of the symbol, not its visual characteristics. For example, "Required", not "Check mark icon". -Where table data is not truly binary (every value is either "Yes" or "No", for example), text values may be needed in addition to, or instead of, symbols. For example on the page "[AUTOTITLE](/support/learning-about-github-support/about-github-support)", some features are marked as "Available to purchase". +Where table data is not truly binary (every value is either "Yes" or "No", for example), text values may be needed in addition to, or instead of, symbols. For example on the page [AUTOTITLE](/support/learning-about-github-support/about-github-support), some features are marked as "Available to purchase". ### Use footnotes sparingly -See "[Footnotes](#footnotes)." +See [Footnotes](#footnotes). ### Align table content consistently All columns in a table should be left-aligned, except for columns containing only octicons which should be center-aligned. If a column contains both text and octicons, use center alignment. -Table content is left-aligned by default. Use Markdown table formatting, colons (`:`) to either the right or left of the dashes in the header row, to specify the alignment of each column. Read "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/organizing-information-with-tables#formatting-content-within-your-table)" for more information. +Table content is left-aligned by default. Use Markdown table formatting, colons (`:`) to either the right or left of the dashes in the header row, to specify the alignment of each column. Read [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/organizing-information-with-tables#formatting-content-within-your-table) for more information. -The following example shows part of a table from "[AUTOTITLE](/free-pro-team@latest/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)." +The following example shows part of a table from [AUTOTITLE](/free-pro-team@latest/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file). @@ -1449,9 +1451,7 @@ The table is generated with the following alignment syntax. ## Titles -Use quotation marks around article titles, whether the article is hosted on GitHub Docs or elsewhere. Do not include quotation marks around the names of external sites. - -For further guidance, see “[Formatting titles](https://docs.microsoft.com/style-guide/text-formatting/formatting-titles)” in Microsoft’s Style Guide. +Use sentence casing for titles. ## Short titles @@ -1464,7 +1464,7 @@ We use short titles to populate the sidebar navigation. Since short titles appea * Short titles use the base form of verbs instead of gerunds. * **Use:** "Configure notifications" instead of "Configuring notifications." * Short titles for categories, map topics, and articles can omit product and feature names if it is clear what product or feature they relate to. - * **Use:** "Configure notifications" as the short title for "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)" since the article is in the "{% data variables.product.prodname_dependabot_alerts %}" map topic. + * **Use:** "Configure notifications" as the short title for [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts) since the article is in the "{% data variables.product.prodname_dependabot_alerts %}" map topic. * Short titles do not introduce new words that are not in the full title. * Short titles should be parallel to short titles for similar content. * **Use:** "Organizations and teams" and "Enterprise accounts" @@ -1564,7 +1564,7 @@ Microsoft Style Guide: You may add videos to reinforce text-based information but videos should never replace written content. Videos are inaccessible to some users and are also difficult to find by searching. -Videos on the GitHub Docs website must be well-produced and contain fewer barriers for people with disabilities, and conform to our content model for videos. For more information, see "[About using videos in GitHub Docs](/contributing/writing-for-github-docs/using-videos-in-github-docs)." +Videos on the GitHub Docs website must be well-produced and contain fewer barriers for people with disabilities, and conform to our content model for videos. For more information, see [About using videos in GitHub Docs](/contributing/writing-for-github-docs/using-videos-in-github-docs). ## Voice and tone @@ -1580,7 +1580,7 @@ To learn more about writing approachable content, see “[Microsoft's brand voic ## Word choice and terminology -For general guidance and GitHub-specific terms, see our "[Glossary](/get-started/learning-about-github/github-glossary)". For more detailed guidance, see the “[A-Z word list](https://docs.microsoft.com/style-guide)” in Microsoft’s style guide. +For general guidance and GitHub-specific terms, see our [Glossary](/get-started/learning-about-github/github-glossary). For more detailed guidance, see the “[A-Z word list](https://docs.microsoft.com/style-guide)” in Microsoft’s style guide. ### Abbreviations @@ -1598,7 +1598,7 @@ Do not use symbols or octicons that aren’t used in GitHub’s user interface. #### Product names and accounts -To avoid ambiguity and confusion, do not use product names as adjectives to describe accounts in any of our products. Instead, clarify the account type and choose clearer phrasing that avoids conflating accounts and products. When talking about accounts, only refer to the product name when needed to disambiguate between products. For more information about types of accounts available in GitHub's products, see "[AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts)." +To avoid ambiguity and confusion, do not use product names as adjectives to describe accounts in any of our products. Instead, clarify the account type and choose clearer phrasing that avoids conflating accounts and products. When talking about accounts, only refer to the product name when needed to disambiguate between products. For more information about types of accounts available in GitHub's products, see [AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts). * **Use:** Your organization on {% data variables.product.prodname_ghe_cloud %} * **Avoid:** Your {% data variables.product.prodname_ghe_cloud %} account * **Avoid:** Your {% data variables.product.prodname_ghe_server %} organization @@ -1631,17 +1631,17 @@ If the reader manages an enterprise account, and you're describing the people's The following documentation should reference "user accounts." -* The "[AUTOTITLE](/enterprise-cloud@latest/admin)" product -* Enterprise-specific billing documentation, like "[AUTOTITLE](/enterprise-cloud@latest/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)" -* Content within other products that's intended for an administrative audience, like "[AUTOTITLE](/enterprise-cloud@latest/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts)" in the "Code security" product or "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)" in the "Get started" product -* Enterprise-specific API content, like the "[AUTOTITLE](/enterprise-cloud@latest/rest/reference/enterprise-admin)" REST API reference documentation +* The [AUTOTITLE](/enterprise-cloud@latest/admin) product +* Enterprise-specific billing documentation, like [AUTOTITLE](/enterprise-cloud@latest/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise) +* Content within other products that's intended for an administrative audience, like [AUTOTITLE](/enterprise-cloud@latest/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts) in the "Code security" product or [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud) in the "Get started" product +* Enterprise-specific API content, like the [AUTOTITLE](/enterprise-cloud@latest/rest/reference/enterprise-admin) REST API reference documentation For enterprises on {% data variables.product.prodname_ghe_cloud %} that don't use {% data variables.product.prodname_emus %}, use "personal account" when describing members of organizations owned by the enterprise. * **Use:** If you configure SAML SSO, members of your organization will continue to sign into their personal accounts on {% data variables.product.prodname_dotcom_the_website %}. * **Avoid:** If you configure SAML SSO, members of your organization will continue to sign into their user accounts on {% data variables.product.prodname_dotcom_the_website %}. -Documentation that describes {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %} is generally in the "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization)" category. +Documentation that describes {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %} is generally in the [AUTOTITLE](/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization) category. #### People's accounts for other services @@ -1735,7 +1735,7 @@ When specifying the access required to take an action, refer only to the role at * **Use:** People with write access to a repository can do X to the repository. * **Avoid:** Organization owners and people with write access can do X to the repository. -For more information about word choice for permissions statements, see "[AUTOTITLE](/contributing/style-guide-and-content-model/contents-of-a-github-docs-article#permissions-statements)" in the content model. +For more information about word choice for permissions statements, see [AUTOTITLE](/contributing/style-guide-and-content-model/contents-of-a-github-docs-article#permissions-statements) in the content model. ### Prepositions