github
diff --git a/‎.github/agents/readability-editor.md‎
Lines changed: 1 addition & 0 deletions b/‎.github/agents/readability-editor.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/index-general-search.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/index-general-search.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎content/actions/how-tos/manage-runners/larger-runners/control-access.md‎
Lines changed: 1 addition & 1 deletion b/‎content/actions/how-tos/manage-runners/larger-runners/control-access.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/actions/how-tos/manage-runners/larger-runners/use-larger-runners.md‎
Lines changed: 3 additions & 3 deletions b/‎content/actions/how-tos/manage-runners/larger-runners/use-larger-runners.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎content/actions/reference/runners/github-hosted-runners.md‎
Lines changed: 3 additions & 0 deletions b/‎content/actions/reference/runners/github-hosted-runners.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎content/actions/reference/workflows-and-actions/workflow-syntax.md‎
Lines changed: 1 addition & 1 deletion b/‎content/actions/reference/workflows-and-actions/workflow-syntax.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md‎
Lines changed: 6 additions & 0 deletions b/‎content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎content/code-security/concepts/security-at-scale/security-configurations.md‎
Lines changed: 10 additions & 0 deletions b/‎content/code-security/concepts/security-at-scale/security-configurations.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎content/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities.md‎
Lines changed: 9 additions & 4 deletions b/‎content/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities.md‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md‎
Lines changed: 12 additions & 5 deletions b/‎content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md‎
Lines changed: 12 additions & 5 deletions
@@ -36,6 +36,7 @@ You are an expert editor for the GitHub Docs content team. Your job is to maximi
 - When two possible phrasings are equally clear, choose the one with fewer words. Brevity directly improves readability.
 - Use full terms and not their shortened versions.
 - Use active voice and personal pronouns ("you," "your"); favor present tense.
+- When “you can” introduces an instruction and does not convey optionality or permission, replace it with an active verb. For example, “You can enable” becomes “Enable”. Keep “you can” or add “optionally”/“if you want” when you need to express choice or permission.
 - Retain essential technical details, such as defaults, warnings, and admin options.
 - Do not alter the intent of verbs and actions (ex. "navigate" does not necessarily mean "select").
 - Start at least half of steps or instructions with a direct verb, unless another structure improves clarity.
 
@@ -232,7 +232,7 @@ jobs:
 
       - name: Upload failures artifact
         if: ${{ steps.check-failures.outputs.has_failures == 'true' }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: search-failures-${{ matrix.language }}
           path: /tmp/records/failures-summary.json
@@ -254,7 +254,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Download all failure artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           pattern: search-failures-*
           path: /tmp/failures
 
@@ -27,7 +27,7 @@ Runner groups are used to control which repositories can run jobs on your {% dat
 * **Runners at the enterprise level:** {% data reusables.actions.about-enterprise-level-runner-groups %}
 * **Runners at the organization level:** {% data reusables.actions.about-organization-level-runner-groups %}
 
-For example, the following diagram has a runner group named `grp-ubuntu-20.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access to the `octo-org` organization. You must then configure the group at the organization level to allow access to `octo-repo`.
+For example, the following diagram has a runner group named `grp-ubuntu-24.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access to the `octo-org` organization. You must then configure the group at the organization level to allow access to `octo-repo`.
 
 ![Diagram showing a runner group defined at the enterprise level with an organization configuration that allows access for two repositories.](/assets/images/help/actions/hosted-runner-mgmt.png)
 
 
@@ -85,15 +85,15 @@ Use the labels in the table below to run your workflows on the corresponding mac
 
 {% data reusables.actions.runner-labels-implicit %}
 
-In this example, the `runs-on` key sends the job to any available runner that has been assigned the `ubuntu-20.04-16core` label:
+In this example, the `runs-on` key sends the job to any available runner that has been assigned the `ubuntu-24.04-16core` label:
 
 ```yaml
 name: learn-github-actions
 on: [push]
 jobs:
   check-bats-version:
     runs-on:
-      labels: ubuntu-20.04-16core
+      labels: ubuntu-24.04-16core
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - uses: {% data reusables.actions.action-setup-node %}
@@ -148,7 +148,7 @@ name: learn-github-actions-testing
 on: [push]
 jobs:
   build:
-    runs-on: macos-13-xlarge
+    runs-on: macos-26-xlarge
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - name: Build
 
@@ -50,6 +50,9 @@ Single-CPU {% data variables.product.github %}-hosted runners are available in b
 
 `ubuntu-slim` runners execute Actions workflows in Ubuntu Linux, inside a container rather than a full VM instance. When the job begins, {% data variables.product.github %} automatically provisions a new container for that job. All steps in the job execute in the container, allowing the steps in that job to share information using the runner's file system. When the job has finished, the container is automatically decommissioned. Each container provides hypervisor level 2 isolation.
 
+> [!NOTE]
+> The container for `ubuntu-slim` runners runs in unprivileged mode. This means that some operations requiring elevated privileges—such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features—are not supported.
+
 A minimal set of tools is installed on the `ubuntu-slim` runner image, appropriate for lightweight tasks. For details on what software is installed on the `ubuntu-slim` image, see the [README file](https://github.com/actions/runner-images/blob/main/images/ubuntu-slim/ubuntu-slim-Readme.md) in the `actions/runner-images` repository.
 
 #### Usage limits
 
@@ -953,7 +953,7 @@ jobs:
   example_matrix:
     strategy:
       matrix:
-        os: [ubuntu-22.04, ubuntu-20.04]
+        os: [ubuntu-22.04, ubuntu-24.04]
         version: [10, 12, 14]
     runs-on: {% raw %}${{ matrix.os }}{% endraw %}
     steps:
 
@@ -14,6 +14,12 @@ redirect_from:
 
 You can remove an organization that is owned by your enterprise account, so the organization stands alone.
 
+## Limitations
+
+If you use {% data variables.product.prodname_emus %} or {% data variables.enterprise.data_residency %}, removing organizations from your enterprise is not possible.
+
+If you use {% data variables.product.prodname_emus %}, you can instead migrate organizations with the {% data variables.product.prodname_importer_proper_name %}. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products).
+
 ## What happens when an organization is removed?
 
 When you remove an organization from your enterprise:
 
@@ -87,6 +87,16 @@ Some situations can break the enforcement of {% data variables.product.prodname_
 * Self-hosted runners with the label `code-scanning` are not available.{% endif %}
 * The languages excluded from {% data variables.product.prodname_code_scanning %} default setup are changed at the repository level.
 
+{% ifversion security-configuration-enterprise-level %}
+
+## Preservation of default settings for new repositories
+
+If you had default security settings in place for newly created repositories, {% data variables.product.github %} will preserve these settings by automatically creating a "New repository default settings" {% data variables.product.prodname_security_configuration %} for your enterprise. The configuration matches your previous enterprise-level default settings for new repositories as of December 2024.
+
+The configuration will be automatically applied to any newly created repositories in your enterprise that do not belong to an organization with its own default settings.
+
+{% endif %}
+
 ## Next steps
 
 {% ifversion security-configurations-cloud %}
 
@@ -84,11 +84,16 @@ Private vulnerability reporting provides a secure, structured way for security r
 
 Without clear guidance on how to contact maintainers, security researchers may feel forced to disclose vulnerabilities publicly, such as by posting on social media, opening public issues, or contacting maintainers through informal channels, which can expose users to unnecessary risk. Private vulnerability reporting helps avoid these situations by offering a dedicated, private reporting workflow.
 
-For security researchers, private vulnerability reporting offers:
+For security researchers, the benefits of using private vulnerability reporting are:
 
-* Less frustration, and less time spent trying to figure out how to contact the maintainer.
-* A smoother process for disclosing and discussing vulnerability details.
-* The opportunity to discuss vulnerability details privately with the repository maintainer.
+* A clear, structured way to contact maintainers
+* A smoother process for disclosing and discussing vulnerability details
+* The ability to discuss vulnerability details privately with the repository maintainer
+* Reduced risk of vulnerability details being in the public eye before a fix is available
+
+For maintainers, the benefits of using private vulnerability reporting are:
+
+{% data reusables.security-advisory.private-vulnerability-reporting-benefits %}
 
 For more information for security researchers and repository maintainers, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) and [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities), respectively.
 
 
@@ -23,7 +23,7 @@ redirect_from:
 
 Security advisories are published as JSON files in the Open Source Vulnerability (OSV) format. For more information about the OSV format, see [Open Source Vulnerability format](https://ossf.github.io/osv-schema/).
 
-## About types of security advisories
+## Types of security advisories
 
 Each advisory in the {% data variables.product.prodname_advisory_database %} is for a vulnerability in open source projects or for malicious open source software.
 
@@ -68,11 +68,11 @@ If you enable {% data variables.product.prodname_dependabot_alerts %} for your r
 
 Our malware advisories are mostly about substitution attacks. During this type of attack, an attacker publishes a package to the public registry with the same name as a dependency that users rely on from a third party or private registry, with the hope that the malicious version is consumed. {% data variables.product.prodname_dependabot %} doesn’t look at project configurations to determine if the packages are coming from a private registry, so we aren't sure if you're using the malicious version or a non-malicious version. Users who have their dependencies appropriately scoped should not be affected by malware.
 
-## About information in security advisories
+## Information in security advisories
 
 In this section, you can find more detailed information about specific data attributes of the {% data variables.product.prodname_advisory_database %}.
 
-### About GHSA IDs
+### GHSA IDs
 
 Each security advisory, regardless of its type, has a unique identifier referred to as a GHSA ID. A `GHSA-ID` qualifier is assigned when a new advisory is created on {% data variables.product.prodname_dotcom %} or added to the {% data variables.product.prodname_advisory_database %} from any of the supported sources.
 
@@ -89,7 +89,7 @@ You can validate a GHSA ID using a regular expression.
 /GHSA(-[23456789cfghjmpqrvwx]{4}){3}/
 ```
 
-### About CVSS levels
+### CVSS levels
 
 {% ifversion cvss-4 %} The {% data variables.product.prodname_advisory_database %} supports both CVSS version 3.1 and CVSS version 4.0.{% endif %}
 
@@ -105,7 +105,7 @@ The {% data variables.product.prodname_advisory_database %} uses the CVSS levels
 
 {% data reusables.repositories.github-security-lab %}
 
-### About EPSS scores
+### EPSS scores
 
 The Exploit Prediction Scoring System, or EPSS, is a system devised by the global Forum of Incident Response and Security Teams (FIRST) for quantifying the likelihood of vulnerability exploit. The model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. For more information about FIRST, see https://www.first.org/.
 
@@ -124,6 +124,13 @@ FIRST also provides additional information around the distribution of their EPSS
 
 At {% data variables.product.company_short %}, we do not author this data, but rather source it from FIRST, which means that this data is not editable in community contributions. For more information about community contributions, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database).
 
+## Community contributions
+
+A **community contribution** is a pull request submitted to the [`github/advisory-database`](https://github.com/github/advisory-database) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additional affected ecosystems, the severity level, or the description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted.
+
+{% ifversion security-advisories-credit-types %}
+If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories).{% endif %}
+
 ## Further reading
 
 * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)