Repo sync

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md

@@ -21,7 +21,7 @@ shortTitle: Add an email address
 
 **Notes**:
 - {% data reusables.user-settings.no-verification-disposable-emails %}
--  If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you cannot make changes to your email address on {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.enterprise-accounts.emu-more-info-account %}
+- If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you cannot make changes to your email address on {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.enterprise-accounts.emu-more-info-account %}
 
 {% endnote %}
 

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md

@@ -51,7 +51,7 @@ You can also convert your personal account directly into an organization. Conver
 When you convert a personal account into an organization, we'll add collaborators on repositories that belong to the account to the new organization as outside collaborators. You can then invite outside collaborators to become members of your new organization if you wish. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators)."
 
 1. Create a new personal account, which you'll use to sign into GitHub and access the organization and your repositories after you convert.
-2.  [Leave any organizations](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization) the personal account you're converting has joined.
+2. [Leave any organizations](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization) the personal account you're converting has joined.
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.organizations %}
 1. In the "Transform account" section, click **Turn USERNAME into an organization**.

content/actions/migrating-to-github-actions/automated-migrations/migrating-from-azure-devops-with-github-actions-importer.md

@@ -441,7 +441,7 @@ You can transform Azure DevOps templates with {% data variables.product.prodname
 {% data variables.product.prodname_actions_importer %} is able to transform Azure DevOps templates with some limitations.
 
 - Azure DevOps templates used under the `stages`, `deployments`, and `jobs` keys are converted into reusable workflows in {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)."
--  Azure DevOps templates used under the `steps` key are converted into composite actions. For more information, see "[AUTOTITLE](/actions/creating-actions/creating-a-composite-action)."
+- Azure DevOps templates used under the `steps` key are converted into composite actions. For more information, see "[AUTOTITLE](/actions/creating-actions/creating-a-composite-action)."
 - If you currently have job templates that reference other job templates, {% data variables.product.prodname_actions_importer %} converts the templates into reusable workflows. Because reusable workflows cannot reference other reusable workflows, this is invalid syntax in {% data variables.product.prodname_actions %}. You must manually correct nested reusable workflows.
 - If a template references an external Azure DevOps organization or {% data variables.product.prodname_dotcom %} repository, you must use the `--credentials-file` option to provide credentials to access this template. For more information, see "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/supplemental-arguments-and-settings#using-a-credentials-file-for-authentication)."
 - You can dynamically generate YAML using `each` expressions with the following caveats:

content/actions/security-guides/security-hardening-for-github-actions.md

@@ -282,7 +282,7 @@ We have [a plan on the {% data variables.product.prodname_dotcom %} roadmap](htt
 This list describes the recommended approaches for accessing repository data within a workflow, in descending order of preference:
 
 1. **The `GITHUB_TOKEN`**
-    -  This token is intentionally scoped to the single repository that invoked the workflow, and can have the same level of access as a write-access user on the repository. The token is created before each job begins and expires when the job is finished. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)."
+    - This token is intentionally scoped to the single repository that invoked the workflow, and can have the same level of access as a write-access user on the repository. The token is created before each job begins and expires when the job is finished. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)."
     - The `GITHUB_TOKEN` should be used whenever possible.
 2. **Repository deploy key**
     - Deploy keys are one of the only credential types that grant read or write access to a single repository, and can be used to interact with another repository within a workflow. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys)."

content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md

@@ -83,7 +83,7 @@ To discover how a member was added to an organization, you can filter the member
 {% data variables.enterprise.prodname_managed_users_caps %} can only contribute to private and internal repositories within their enterprise and private repositories owned by their user account. {% data variables.enterprise.prodname_managed_users_caps %} have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions for users and content apply to all requests, including API requests.
 
 - {% data variables.enterprise.prodname_managed_users_caps %} authenticate using only your identity provider, and have no password or two-factor authentication methods stored on {% data variables.product.prodname_dotcom %}. As a result, they do not see the sudo prompt when taking sensitive actions. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)."
--  {% data variables.enterprise.prodname_managed_users_caps %} cannot be invited to organizations or repositories outside of the enterprise, nor can the {% data variables.enterprise.prodname_managed_users %} be invited to other enterprises.
+- {% data variables.enterprise.prodname_managed_users_caps %} cannot be invited to organizations or repositories outside of the enterprise, nor can the {% data variables.enterprise.prodname_managed_users %} be invited to other enterprises.
 - {% data variables.enterprise.prodname_managed_users_caps %} and the content they create is only visible to other members of the enterprise.
 - Other {% data variables.product.prodname_dotcom %} users cannot see, mention, or invite a {% data variables.enterprise.prodname_managed_user %} to collaborate.
 - {% data variables.enterprise.prodname_managed_users_caps %} can view all public repositories on {% data variables.product.prodname_dotcom_the_website %}, but cannot interact with repositories outside of the enterprise in any of the following ways:

content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md

@@ -36,12 +36,13 @@ To migrate to a new IdP or tenant, you cannot edit your existing SAML configurat
 
 1. If you don't already have single sign-on recovery codes for your enterprise, download the codes now. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."
 1. In your current IdP, deactivate provisioning in the application for {% data variables.product.prodname_emus %}.
-    -  If you use Azure AD, navigate to the "Provisioning" tab of the application, and then click **Stop provisioning**.
+    - If you use Azure AD, navigate to the "Provisioning" tab of the application, and then click **Stop provisioning**.
     - If you use Okta, navigate to the "Provisioning" tab of the application, click the **Integration** tab, and then click **Edit**. Deselect **Enable API integration**.
     - If you use PingFederate, navigate to the channel settings in the application. From the **Activation & Summary** tab, click **Active** or **Inactive** to toggle the provisioning status, and then click **Save**. For more information about managing provisioning, see "[Reviewing channel settings](https://docs.pingidentity.com/r/en-us/pingfederate-112/help_saaschanneltasklet_saasactivationstate)" and "[Managing channels](https://docs.pingidentity.com/r/en-us/pingfederate-112/help_saasmanagementtasklet_saasmanagementstate)" in the Ping Federate documentation.
 1. Use a recovery code to sign into {% data variables.product.prodname_dotcom_the_website %} as the setup user, whose username is your enterprise's shortcode suffixed with `_admin`. For more information about the setup user, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#getting-started-with-enterprise-managed-users)."
 
 1. Deactivate SAML for the {% data variables.enterprise.prodname_emu_enterprise %}.
+
    -  From your profile, click **Your enterprises**, and then click the appropriate enterprise.
    - Click {% octicon "gear" aria-label="The Settings gear" %} **Settings**, and then click **Authentication security**.
    - Under "SAML single sign-on", deselect **Require SAML authentication**, and then click **Save**.

content/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account.md

@@ -42,6 +42,6 @@ For more information about the decision to implement SAML SSO at the organizatio
 1. Optionally, remove any existing SAML configuration for organizations owned by the enterprise account. To help you decide whether to remove the configurations, see "[About SAML single sign-on for enterprise accounts](#about-saml-single-sign-on-for-enterprise-accounts)."
 1. If you kept any organization-level SAML configurations in place, to prevent confusion, consider hiding the tile for the organization-level apps in your IdP.
 1. Advise your enterprise members about the change.
-   -  Members will no longer be able to access their organizations by clicking the SAML app for the organization in the IdP dashboard. They will need to use the new app configured for the enterprise account.
+   - Members will no longer be able to access their organizations by clicking the SAML app for the organization in the IdP dashboard. They will need to use the new app configured for the enterprise account.
    - Members will need to authorize any PATs or SSH keys that were not previously authorized for use with SAML SSO for their organization. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)."
    - Members may need to reauthorize {% data variables.product.prodname_oauth_apps %} that were previously authorized for the organization. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on#about-oauth-apps-github-apps-and-saml-sso)."

content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md

@@ -93,8 +93,8 @@ For more information about creating a chroot environment see "[Chroot](https://w
 
 ## Uploading a pre-receive hook environment via the administrative shell
 1. Upload a readable `*.tar.gz` file that contains your environment to a web host and copy the URL or transfer the file to the {% data variables.product.prodname_ghe_server %} appliance via `scp`. When using `scp`, you may need to adjust the `*.tar.gz` file permissions so that the file is world readable.
-1.  Connect to the administrative shell.
-2.  Use the `ghe-hook-env-create` command and type the name you want for the environment as the first argument and the full local path or URL of a `*.tar.gz` file that contains your environment as the second argument.
+1. Connect to the administrative shell.
+2. Use the `ghe-hook-env-create` command and type the name you want for the environment as the first argument and the full local path or URL of a `*.tar.gz` file that contains your environment as the second argument.
 
    ```shell
    admin@ghe-host:~$ ghe-hook-env-create AlpineTestEnv /home/admin/alpine-3.3.tar.gz

content/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance.md

@@ -25,9 +25,9 @@ shortTitle: Manage pre-receive hooks
 1. Select the **Environment** dropdown menu, then click the environment on which you want the hook to run.
 1. Under "Script," select the **Select hook repository** dropdown menu, then click the repository that contains your pre-receive hook script.
 1. Select the **Select file** drop-down menu, then click the filename of the pre-receive hook script.
-1.  To enforce your script, select **Use the exit-status to accept or reject pushes**. Deselecting this option allows you to test the script while the exit-status value is ignored. In this mode, the output of the script will be visible to the user in the command-line but not on the web interface.
+1. To enforce your script, select **Use the exit-status to accept or reject pushes**. Deselecting this option allows you to test the script while the exit-status value is ignored. In this mode, the output of the script will be visible to the user in the command-line but not on the web interface.
 1. If you want the pre-receive hook to run on all repositories, select **Enable this pre-receive hook on all repositories by default**.
-1.  To allow organization members with admin or owner permissions to select whether they wish to enable or disable this pre-receive hook, select **Administrators can enable and disable this hook**.
+1. To allow organization members with admin or owner permissions to select whether they wish to enable or disable this pre-receive hook, select **Administrators can enable and disable this hook**.
 
 ## Editing pre-receive hooks
 

content/admin/user-management/managing-repositories-in-your-enterprise/troubleshooting-service-hooks.md

@@ -26,7 +26,7 @@ You can find information for the last response of all service hooks deliveries o
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_user_management.service-hooks-sidebar-navigation %}
-1.  Under the service hook having problems, click the **Latest Delivery** link.
+1. Under the service hook having problems, click the **Latest Delivery** link.
 1. Click **Delivery**.
 
 ## Viewing past deliveries
@@ -35,5 +35,5 @@ Deliveries are stored for 15 days.
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_user_management.service-hooks-sidebar-navigation %}
-1.  Under the service hook having problems, click the **Latest Delivery** link.
+1. Under the service hook having problems, click the **Latest Delivery** link.
 1. To view other deliveries to that specific hook, click **More for this Hook ID**.

content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md

@@ -145,7 +145,7 @@ Before you can use the device flow to authorize and identify users, you must fir
 
 1. Your app requests device and user verification codes and gets the authorization URL where the user will enter the user verification code.
 2. The app prompts the user to enter a user verification code at {% data variables.product.device_authorization_url %}.
-3.  The app polls for the user authentication status. Once the user has authorized the device, the app will be able to make API calls with a new access token.
+3. The app polls for the user authentication status. Once the user has authorized the device, the app will be able to make API calls with a new access token.
 
 ### Step 1: App requests the device and user verification codes from GitHub
 

content/code-security/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md

@@ -24,7 +24,7 @@ Here are some high-level examples of what your goals for rolling out GHAS might
 
 - **Reducing the number of vulnerabilities**: This may be in general, or because your company was recently impacted by a significant vulnerability that you believe could have been prevented by a tool like GHAS.
 - **Identifying high-risk repositories**: Some companies simply want to target repositories that contain the most risk, enabling them to reduce risk by remediating vulnerabilities.
--  **Increasing remediation rates**: To prevent the accumulation of security debt, you may wish to drive developer adoption of findings and ensure these vulnerabilities are remediated in a timely manner.
+- **Increasing remediation rates**: To prevent the accumulation of security debt, you may wish to drive developer adoption of findings and ensure these vulnerabilities are remediated in a timely manner.
 - **Meeting compliance requirements**: For example, many healthcare companies use GHAS to prevent the exposure of PHI (Personal Health Information).
 - **Preventing secrets leakage**: Many companies want to prevent critical information from being leaked, such as software keys or financial data.
 

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning.md

@@ -237,7 +237,7 @@ If your workflow does not contain a matrix called `language`, then {% data varia
 
 For GitHub-hosted runners that use Linux only, the {% data variables.code-scanning.codeql_workflow %} will try to auto-install Python dependencies to give more results for the CodeQL analysis. You can control this behavior by specifying the `setup-python-dependencies` parameter for the action called by the "Initialize CodeQL" step. By default, this parameter is set to `true`:
 
--  If the repository contains code written in Python, the "Initialize CodeQL" step installs the necessary dependencies on the GitHub-hosted runner. If the auto-install succeeds, the action also sets the environment variable `CODEQL_PYTHON` to the Python executable file that includes the dependencies.
+- If the repository contains code written in Python, the "Initialize CodeQL" step installs the necessary dependencies on the GitHub-hosted runner. If the auto-install succeeds, the action also sets the environment variable `CODEQL_PYTHON` to the Python executable file that includes the dependencies.
 
 - If the repository doesn't have any Python dependencies, or the dependencies are specified in an unexpected way, you'll get a warning and the action will continue with the remaining jobs. The action can run successfully even when there are problems interpreting dependencies, but the results may be incomplete.
 

content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md

@@ -54,9 +54,9 @@ being interpreted as source-code alerts, use
 Queries to execute. Each argument is in the form `scope/name@range:path`
 where:
 
--   `scope/name` is the qualified name of a CodeQL pack.
--   `range` is a semver range.
--   `path` is a file system path.
+- `scope/name` is the qualified name of a CodeQL pack.
+- `range` is a semver range.
+- `path` is a file system path.
 
 If a `scope/name` is specified, the `range` and `path` are optional. A
 missing `range` implies the latest version of the specified pack. A

content/code-security/codeql-cli/codeql-cli-manual/database-index-files.md

@@ -40,11 +40,11 @@ the set of included files.
 The `--include`, `--exclude`, and `--prune` options all take glob
 patterns, which can use the following wildcard characters:
 
--   A single "?" matches any character other than a forward/backward
+- A single "?" matches any character other than a forward/backward
     slash;
--   A single "\*" matches any number of characters other than a
+- A single "\*" matches any number of characters other than a
     forward/backward slash;
--   The pattern "\*\*" matches zero or more complete directory
+- The pattern "\*\*" matches zero or more complete directory
     components.
 
 ## Primary options

content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md

@@ -54,9 +54,9 @@ Alternatively, if you have only a single query to run, you might prefer
 Queries to execute. Each argument is in the form `scope/name@range:path`
 where:
 
--   `scope/name` is the qualified name of a CodeQL pack.
--   `range` is a semver range.
--   `path` is a file system path.
+- `scope/name` is the qualified name of a CodeQL pack.
+- `range` is a semver range.
+- `path` is a file system path.
 
 If a `scope/name` is specified, the `range` and `path` are optional. A
 missing `range` implies the latest version of the specified pack. A

content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md

@@ -46,9 +46,9 @@ This command should not normally be invoked directly. Instead use either
 \[Mandatory] Queries to execute. Each argument is in the form
 `scope/name@range:path` where:
 
--   `scope/name` is the qualified name of a CodeQL pack.
--   `range` is a semver range.
--   `path` is a file system path.
+- `scope/name` is the qualified name of a CodeQL pack.
+- `range` is a semver range.
+- `path` is a file system path.
 
 If a `scope/name` is specified, the `range` and `path` are optional. A
 missing `range` implies the latest version of the specified pack. A