github · Octomerger · Feb 28, 2022 · Feb 28, 2022 · Feb 28, 2022 · Feb 28, 2022
diff --git a/content/actions/hosting-your-own-runners/about-self-hosted-runners.md b/content/actions/hosting-your-own-runners/about-self-hosted-runners.md
@@ -31,12 +31,12 @@ Your runner machine connects to {% data variables.product.product_name %} using
 
 For more information about installing and using self-hosted runners, see "[Adding self-hosted runners](/github/automating-your-workflow-with-github-actions/adding-self-hosted-runners)" and "[Using self-hosted runners in a workflow](/github/automating-your-workflow-with-github-actions/using-self-hosted-runners-in-a-workflow)."
 
-## {% ifversion fpt or ghes %}Differences between {% data variables.product.prodname_dotcom %}-hosted and {% elsif ghae %}Characteristics of {% endif %}self-hosted runners
+## {% ifversion fpt or ghec or ghes %}Differences between {% data variables.product.prodname_dotcom %}-hosted and {% elsif ghae %}Characteristics of {% endif %}self-hosted runners
 
-{% ifversion fpt or ghes %}
+{% ifversion fpt or ghec or ghes %}
 {% data variables.product.prodname_dotcom %}-hosted runners offer a quicker, simpler way to run your workflows, while self-hosted{% elsif ghae %}Self-hosted{% endif %} runners are a highly configurable way to run workflows in your own custom environment. {% ifversion ghae %}Self-hosted runners:{% endif %}
 
-{% ifversion fpt or ghes %}
+{% ifversion fpt or ghec or ghes %}
 **{% data variables.product.prodname_dotcom %}-hosted runners:**
 - Receive automatic updates for the operating system, preinstalled packages and tools, and the self-hosted runner application.
 - Are managed and maintained by {% data variables.product.prodname_dotcom %}.

diff --git a/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md b/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md
@@ -114,7 +114,7 @@ Allows you to find the universally unique identifier (UUID) of your node in `clu
 ```
 
 {% ifversion ghes %}
-Allows you to exempt a list of users from API rate limits. For more information, see "[Resources in the REST API](/rest/overview/resources-in-the-rest-api#rate-limiting)."
+Allows you to exempt a list of users from API rate limits. A hard limit of 120,000 requests will still apply to these users. For more information, see "[Resources in the REST API](/rest/overview/resources-in-the-rest-api#rate-limiting)."
 
 ``` shell
 $ ghe-config app.github.rate-limiting-exempt-users "<em>hubot</em> <em>github-actions</em>"

diff --git a/...-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md b/...-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
@@ -129,9 +129,11 @@ You can also configure allowed IP addresses for an individual organization. For
 
 You can use a SSH certificate authorities (CA) to allow members of any organization owned by your enterprise to access that organization's repositories using SSH certificates you provide. {% data reusables.organizations.can-require-ssh-cert %} For more information, see "[About SSH certificate authorities](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)."
 
+{% data reusables.organizations.add-extension-to-cert %}
+
 ### Adding an SSH certificate authority
 
-{% data reusables.organizations.add-extension-to-cert %}
+If you require SSH certificates for your enterprise, enterprise members should use a special URL for Git operations over SSH. For more information, see "[About SSH certificate authorities](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities#about-ssh-urls-with-ssh-certificates)."
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}

diff --git a/...-access-to-your-organizations-repositories/about-ssh-certificate-authorities.md b/...-access-to-your-organizations-repositories/about-ssh-certificate-authorities.md
@@ -28,9 +28,15 @@ For example, you can build an internal system that issues a new certificate to y
 Organization members can use their signed certificates for authentication even if you've enforced SAML single sign-on. Unless you make SSH certificates a requirement, organization members can continue to use other means of authentication to access your organization's resources with Git, including their username and password, personal access tokens, and their own SSH keys.
 {% endif %}
 
-Members will not be able to use their certificates to access forks of your repositories that are owned by their user accounts. 
+Members will not be able to use their certificates to access forks of your repositories that are owned by their personal accounts. 
 
-To prevent authentication errors, organization members should use a special URL that includes the organization ID to clone repositories using signed certificates. Anyone with read access to the repository can find this URL on the repository page. For more information, see "[Cloning a repository](/articles/cloning-a-repository)."
+## About SSH URLs with SSH certificates
+
+If your organization requires SSH certificates, to prevent authentication errors, organization members should use a special URL that includes the organization ID when performing Git operations over SSH. This special URL allows the client and server to more easily negotiate which key on the member's computer should be used for authentication. If a member uses the normal URL, which starts with `git@github.com`, the SSH client might offer the wrong key, causing the operation to fail.
+
+Anyone with read access to the repository can find this URL by selecting the **Code** dropdown menu on the main page of the repository, then clicking **Use SSH**.
+
+If your organization doesn't require SSH certificates, members can continue to use their own SSH keys, or other means of authentication. In that case, either the special URL or the normal URL, which starts with `git@github.com`, will work.
 
 ## Issuing certificates
 

diff --git a/...zations-repositories/managing-your-organizations-ssh-certificate-authorities.md b/...zations-repositories/managing-your-organizations-ssh-certificate-authorities.md
@@ -20,9 +20,11 @@ Organization owners can manage an organization's SSH certificate authorities (CA
 
 You can allow members to access your organization's repositories using SSH certificates you provide by adding an SSH CA to your organization. {% data reusables.organizations.can-require-ssh-cert %} For more information, see "[About SSH certificate authorities](/articles/about-ssh-certificate-authorities)."
 
+{% data reusables.organizations.add-extension-to-cert %}
+
 ## Adding an SSH certificate authority
 
-{% data reusables.organizations.add-extension-to-cert %}
+If you require SSH certificates for your enterprise, enterprise members should use a special URL for Git operations over SSH. For more information, see "[About SSH certificate authorities](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities#about-ssh-urls-with-ssh-certificates)."
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}

diff --git a/data/graphql/ghae/graphql_upcoming_changes.public-ghae.yml b/data/graphql/ghae/graphql_upcoming_changes.public-ghae.yml
@@ -114,3 +114,17 @@ upcoming_changes:
     date: '2021-10-01T00:00:00+00:00'
     criticality: breaking
     owner: synthead
+  - location: PullRequest.viewerCanOverrideMergeQueue
+    description:
+      '`viewerCanOverrideMergeQueue` will be removed. Use PullRequest.viewerCanMergeAsAdmin
+      instead.'
+    reason: '`viewer_can_override_merge_queue` will be removed'
+    date: '2022-04-01'
+    criticality: breaking
+    owner: cbeaman
+  - location: Repository.defaultMergeQueue
+    description: '`defaultMergeQueue` will be removed. Use `Repository.mergeQueue` instead.'
+    reason: '`defaultMergeQueue` will be removed.'
+    date: '2022-04-01'
+    criticality: breaking
+    owner: colinshum
diff --git a/data/graphql/ghae/schema.docs-ghae.graphql b/data/graphql/ghae/schema.docs-ghae.graphql
@@ -1,3 +1,7 @@
+directive @requiredCapabilities(
+  requiredCapabilities: [String!]
+) on ARGUMENT_DEFINITION | ENUM | ENUM_VALUE | FIELD_DEFINITION | INPUT_FIELD_DEFINITION | INPUT_OBJECT | INTERFACE | OBJECT | SCALAR | UNION
+
 """
 Marks an element of a GraphQL schema as only available via a preview header
 """
@@ -6,7 +10,7 @@ directive @preview(
   The identifier of the API preview that toggles this field.
   """
   toggledBy: String!
-) on SCALAR | OBJECT | FIELD_DEFINITION | ARGUMENT_DEFINITION | INTERFACE | UNION | ENUM | ENUM_VALUE | INPUT_OBJECT | INPUT_FIELD_DEFINITION
+) on ARGUMENT_DEFINITION | ENUM | ENUM_VALUE | FIELD_DEFINITION | INPUT_FIELD_DEFINITION | INPUT_OBJECT | INTERFACE | OBJECT | SCALAR | UNION
 
 """
 Defines what type of global IDs are accepted for a mutation argument of type ID.
@@ -25392,6 +25396,11 @@ type PullRequest implements Assignable & Closable & Comment & Labelable & Lockab
   """
   viewerCanEnableAutoMerge: Boolean!
 
+  """
+  Indicates whether the viewer can bypass branch protections and merge the pull request immediately
+  """
+  viewerCanMergeAsAdmin: Boolean!
+
   """
   Can user react to this subject
   """
@@ -35667,6 +35676,11 @@ type StarredRepositoryEdge {
 Autogenerated input type of StartRepositoryMigration
 """
 input StartRepositoryMigrationInput {
+  """
+  The Octoshift migration source access token.
+  """
+  accessToken: String
+
   """
   A unique identifier for the client performing the mutation.
   """
@@ -35682,6 +35696,11 @@ input StartRepositoryMigrationInput {
   """
   gitArchiveUrl: String
 
+  """
+  The GitHub personal access token of the user importing to the target repository.
+  """
+  githubPat: String
+
   """
   The signed URL to access the user-uploaded metadata archive
   """

diff --git a/data/graphql/ghec/graphql_upcoming_changes.public.yml b/data/graphql/ghec/graphql_upcoming_changes.public.yml
@@ -126,3 +126,25 @@ upcoming_changes:
     date: '2021-10-01T00:00:00+00:00'
     criticality: breaking
     owner: synthead
+  - location: PullRequest.viewerCanOverrideMergeQueue
+    description:
+      '`viewerCanOverrideMergeQueue` will be removed. Use PullRequest.viewerCanMergeAsAdmin
+      instead.'
+    reason: '`viewer_can_override_merge_queue` will be removed'
+    date: '2022-04-01'
+    criticality: breaking
+    owner: cbeaman
+  - location: Repository.defaultMergeQueue
+    description: '`defaultMergeQueue` will be removed. Use `Repository.mergeQueue` instead.'
+    reason: '`defaultMergeQueue` will be removed.'
+    date: '2022-04-01'
+    criticality: breaking
+    owner: colinshum
+  - location: Query.sponsorables.dependencyEcosystem
+    description:
+      '`dependencyEcosystem` will be removed. Use the ecosystem argument
+      instead.'
+    reason: The type is switching from SecurityAdvisoryEcosystem to DependencyGraphEcosystem.
+    date: '2022-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: cheshire137
diff --git a/data/graphql/ghec/schema.docs.graphql b/data/graphql/ghec/schema.docs.graphql
@@ -1,3 +1,7 @@
+directive @requiredCapabilities(
+  requiredCapabilities: [String!]
+) on ARGUMENT_DEFINITION | ENUM | ENUM_VALUE | FIELD_DEFINITION | INPUT_FIELD_DEFINITION | INPUT_OBJECT | INTERFACE | OBJECT | SCALAR | UNION
+
 """
 Marks an element of a GraphQL schema as only available via a preview header
 """
@@ -6,7 +10,7 @@ directive @preview(
   The identifier of the API preview that toggles this field.
   """
   toggledBy: String!
-) on SCALAR | OBJECT | FIELD_DEFINITION | ARGUMENT_DEFINITION | INTERFACE | UNION | ENUM | ENUM_VALUE | INPUT_OBJECT | INPUT_FIELD_DEFINITION
+) on ARGUMENT_DEFINITION | ENUM | ENUM_VALUE | FIELD_DEFINITION | INPUT_FIELD_DEFINITION | INPUT_OBJECT | INTERFACE | OBJECT | SCALAR | UNION
 
 """
 Defines what type of global IDs are accepted for a mutation argument of type ID.
@@ -7935,6 +7939,51 @@ type DependencyGraphDependencyEdge @preview(toggledBy: "hawkgirl-preview") {
   node: DependencyGraphDependency
 }
 
+"""
+The possible ecosystems of a dependency graph package.
+"""
+enum DependencyGraphEcosystem {
+  """
+  GitHub Actions
+  """
+  ACTIONS
+
+  """
+  PHP packages hosted at packagist.org
+  """
+  COMPOSER
+
+  """
+  Go modules
+  """
+  GO
+
+  """
+  Java artifacts hosted at the Maven central repository
+  """
+  MAVEN
+
+  """
+  JavaScript packages hosted at npmjs.com
+  """
+  NPM
+
+  """
+  .NET packages hosted at the NuGet Gallery
+  """
+  NUGET
+
+  """
+  Python packages hosted at PyPI.org
+  """
+  PIP
+
+  """
+  Ruby gems hosted at RubyGems.org
+  """
+  RUBYGEMS
+}
+
 """
 Dependency manifest for a repository
 """
@@ -28713,6 +28762,11 @@ type PullRequest implements Assignable & Closable & Comment & Labelable & Lockab
   """
   viewerCanEnableAutoMerge: Boolean!
 
+  """
+  Indicates whether the viewer can bypass branch protections and merge the pull request immediately
+  """
+  viewerCanMergeAsAdmin: Boolean!
+
   """
   Can user react to this subject
   """
@@ -31055,9 +31109,20 @@ type Query {
     Optional filter for which dependencies should be checked for sponsorable
     owners. Only sponsorable owners of dependencies in this ecosystem will be
     included. Used when onlyDependencies = true.
+
+    **Upcoming Change on 2022-07-01 UTC**
+    **Description:** `dependencyEcosystem` will be removed. Use the ecosystem argument instead.
+    **Reason:** The type is switching from SecurityAdvisoryEcosystem to DependencyGraphEcosystem.
     """
     dependencyEcosystem: SecurityAdvisoryEcosystem
 
+    """
+    Optional filter for which dependencies should be checked for sponsorable
+    owners. Only sponsorable owners of dependencies in this ecosystem will be
+    included. Used when onlyDependencies = true.
+    """
+    ecosystem: DependencyGraphEcosystem
+
     """
     Returns the first _n_ elements from the list.
     """
@@ -40957,6 +41022,11 @@ type StarredRepositoryEdge {
 Autogenerated input type of StartRepositoryMigration
 """
 input StartRepositoryMigrationInput {
+  """
+  The Octoshift migration source access token.
+  """
+  accessToken: String
+
   """
   A unique identifier for the client performing the mutation.
   """
@@ -40972,6 +41042,11 @@ input StartRepositoryMigrationInput {
   """
   gitArchiveUrl: String
 
+  """
+  The GitHub personal access token of the user importing to the target repository.
+  """
+  githubPat: String
+
   """
   The signed URL to access the user-uploaded metadata archive
   """

diff --git a/data/graphql/graphql_upcoming_changes.public.yml b/data/graphql/graphql_upcoming_changes.public.yml
@@ -126,3 +126,25 @@ upcoming_changes:
     date: '2021-10-01T00:00:00+00:00'
     criticality: breaking
     owner: synthead
+  - location: PullRequest.viewerCanOverrideMergeQueue
+    description:
+      '`viewerCanOverrideMergeQueue` will be removed. Use PullRequest.viewerCanMergeAsAdmin
+      instead.'
+    reason: '`viewer_can_override_merge_queue` will be removed'
+    date: '2022-04-01'
+    criticality: breaking
+    owner: cbeaman
+  - location: Repository.defaultMergeQueue
+    description: '`defaultMergeQueue` will be removed. Use `Repository.mergeQueue` instead.'
+    reason: '`defaultMergeQueue` will be removed.'
+    date: '2022-04-01'
+    criticality: breaking
+    owner: colinshum
+  - location: Query.sponsorables.dependencyEcosystem
+    description:
+      '`dependencyEcosystem` will be removed. Use the ecosystem argument
+      instead.'
+    reason: The type is switching from SecurityAdvisoryEcosystem to DependencyGraphEcosystem.
+    date: '2022-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: cheshire137