Merge pull request #35385 from github/repo-sync

Repo sync

data/features/dependabot-updates-composerv1-closing-down.yml

@@ -0,0 +1,5 @@
+# Reference: Issue #15951 - Deprecation notice - Dependabot updates ceases supporting Composer v1 [Deprecation]
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>= 3.15'

data/reusables/dependabot/supported-package-managers.md

@@ -2,7 +2,7 @@ Package manager | YAML value      | Supported versions | Version updates | Secur
 ---------------|------------------|------------------|:---:|:---:|:---:|:---:|:---:|
 Bundler | `bundler` | {% ifversion ghes < 3.15 %}v1, {% endif %}v2 | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
 [Cargo](#cargo)          | `cargo`          | v1               | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} |
-Composer       | `composer`       | v1, v2           | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+Composer       | `composer`       | {% ifversion dependabot-updates-composerv1-closing-down %}v2{% else %}v1, v2{% endif %}         | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 | {% ifversion dependabot-version-updates-devcontainer-support %} |
 [Dev containers](#dev-containers) | `devcontainers`         | Not applicable               | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
 | {% endif %} |

src/audit-logs/data/fpt/organization.json

@@ -2959,6 +2959,11 @@
     "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "repository_vulnerability_alert.withdraw",
+    "description": "A Dependabot alert was withdrawn.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repository_vulnerability_alerts.authorized_users_teams",
     "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.",

src/audit-logs/data/ghec/enterprise.json

@@ -3734,6 +3734,11 @@
     "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "repository_vulnerability_alert.withdraw",
+    "description": "A Dependabot alert was withdrawn.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repository_vulnerability_alerts.authorized_users_teams",
     "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.",

src/audit-logs/data/ghec/organization.json

@@ -2959,6 +2959,11 @@
     "description": "Changes were pushed to update and resolve a Dependabot alert in a project dependency.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "repository_vulnerability_alert.withdraw",
+    "description": "A Dependabot alert was withdrawn.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repository_vulnerability_alerts.authorized_users_teams",
     "description": "The list of people or teams authorized to receive Dependabot alerts for the repository was updated.",

src/audit-logs/lib/config.json

@@ -3,5 +3,5 @@
     "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
     "apiRequestEvent": "This event is only available via audit log streaming."
   },
-  "sha": "249a94280792ff9977d58a0541a322e5c4dd5763"
+  "sha": "014cf4c9c23bf1f27dd034a2a76b92388951c01c"
 }

src/workflows/purge-old-workflow-runs.js

@@ -18,7 +18,7 @@
  * For every run found, it deletes its logs and its run.
  *
  * The total number of deletions is limited by the `MAX_DELETIONS`
- * environment variable. The default is 2000.
+ * environment variable. The default is 500.
  *  */
 
 import fs from 'fs'
@@ -29,7 +29,7 @@ import { getOctokit } from '@actions/github'
 main()
 async function main() {
   const DRY_RUN = Boolean(JSON.parse(process.env.DRY_RUN || 'false'))
-  const MAX_DELETIONS = parseInt(JSON.parse(process.env.MAX_DELETIONS || '2000'))
+  const MAX_DELETIONS = parseInt(JSON.parse(process.env.MAX_DELETIONS || '500'))
   const MIN_AGE_DAYS = parseInt(process.env.MIN_AGE_DAYS || '90', 10)
 
   const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/')
@@ -134,7 +134,7 @@ async function deleteWorkflowRuns(
   owner,
   repo,
   workflow,
-  { dryRun = false, minAgeDays = 90, maxDeletions = 2000 },
+  { dryRun = false, minAgeDays = 90, maxDeletions = 500 },
 ) {
   // https://docs.github.com/en/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#query-for-dates
   const minCreated = new Date(Date.now() - minAgeDays * 24 * 60 * 60 * 1000)