Merge pull request #32268 from github/repo-sync

Repo sync
github · Mar 28, 2024 · e3f3b2a · e3f3b2a
2 parents 7fb2571 + cde44e6
commit e3f3b2a
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 13 deletions.
diff --git a/...ity/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/...ity/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
@@ -38,13 +38,11 @@ topics:
 
 The {% data variables.product.prodname_dependabot_security_updates %} feature is available for repositories where you have enabled the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. You will see a {% data variables.product.prodname_dependabot %} alert for every vulnerable dependency identified in your full dependency graph. However, security updates are triggered only for dependencies that are specified in a manifest or lock file. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#dependencies-included)."
 
-{% ifversion dependabot-security-updates-unlock-transitive-dependencies %}
-
 {% note %}
 
-**Note**: For npm, {% data variables.product.prodname_dependabot %} will raise a pull request to update an explicitly defined dependency to a secure version, even if it means updating the parent dependency or dependencies{% ifversion dependabot-security-updates-npm %}, or even removing a sub-dependency that is no longer needed by the parent{% endif %}. For other ecosystems, {% data variables.product.prodname_dependabot %} is unable to update an indirect or transitive dependency if it would also require an update to the parent dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-tries-to-update-dependencies-without-an-alert)."
+**Note**: For npm, {% data variables.product.prodname_dependabot %} will raise a pull request to update an explicitly defined dependency to a secure version, even if it means updating the parent dependency or dependencies, or even removing a sub-dependency that is no longer needed by the parent. For other ecosystems, {% data variables.product.prodname_dependabot %} is unable to update an indirect or transitive dependency if it would also require an update to the parent dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-tries-to-update-dependencies-without-an-alert)."
 
-{% endnote %}{% endif %}
+{% endnote %}
 
 You can enable a related feature, {% data variables.product.prodname_dependabot_version_updates %}, so that {% data variables.product.prodname_dependabot %} raises pull requests to update the manifest to the latest version of the dependency, whenever it detects an outdated dependency. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)."
 
@@ -66,8 +64,6 @@ When you merge a pull request that contains a security update, the corresponding
 
 ## About grouped security updates
 
-{% data reusables.dependabot.dependabot-grouped-security-updates-beta-note %}
-
 To further reduce the number of pull requests you may be seeing, you can enable grouped security updates to group sets of dependencies together (per package ecosystem). {% data variables.product.prodname_dependabot %} then raises a single pull request to update as many vulnerable dependencies as possible in the group to secure versions at the same time.
 
 For security updates, {% data variables.product.prodname_dependabot %} will only group dependencies from different directories per ecosystem under certain conditions and configurations. {% data variables.product.prodname_dependabot %} **will not** group dependencies from different package ecosystems together, and it **will not** group security updates with version updates.

diff --git a/...pendabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/...pendabot/dependabot-security-updates/configuring-dependabot-security-updates.md
@@ -62,8 +62,6 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec
 
 ## Grouping {% data variables.product.prodname_dependabot_security_updates %} into a single pull request
 
-{% data reusables.dependabot.dependabot-grouped-security-updates-beta-note %}
-
 To reduce the number of pull requests you may be seeing, you can enable grouped security updates for your repository or organization. When this is enabled, {% data variables.product.prodname_dependabot %} will group security updates into one pull request for each package ecosystem. In order to use grouped security updates, you must first enable the following features:
 
 - **Dependency graph**. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph)."

diff --git a/...ecurity/dependabot/dependabot-version-updates/customizing-dependency-updates.md b/...ecurity/dependabot/dependabot-version-updates/customizing-dependency-updates.md
@@ -149,10 +149,6 @@ updates:
 
 ## Grouping {% data variables.product.prodname_dependabot_updates %} into one pull request
 
-{% ifversion dependabot-grouped-security-updates-config %}
-{% data reusables.dependabot.dependabot-grouped-security-updates-beta-note %}
-{% endif %}
-
 {% data reusables.dependabot.dependabot-version-updates-groups-about %}
 
 {% data reusables.dependabot.dependabot-version-updates-groups-semver %}

diff --git a/data/features/dependabot-grouped-security-updates-config.yml b/data/features/dependabot-grouped-security-updates-config.yml
@@ -1,4 +1,4 @@
-# Reference: Issue #13341 Dependabot Grouped Security Updates: Configure Groups
+# Reference: Issue #13341 & 13345 Dependabot Grouped Security Updates: Configure Groups
 versions:
   fpt: '*'
   ghec: '*'