demaford · pull · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026
diff --git a/.github/workflows/link-check-external.yml b/.github/workflows/link-check-external.yml
@@ -43,7 +43,7 @@ jobs:
 
       - name: Upload report artifact
         if: failure()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: external-link-report
           path: artifacts/external-link-report.*

diff --git a/.github/workflows/link-check-internal.yml b/.github/workflows/link-check-internal.yml
@@ -90,7 +90,7 @@ jobs:
 
       - name: Upload report artifact
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: link-report-${{ matrix.version }}-${{ matrix.language }}
           path: artifacts/link-report-*.md
@@ -113,7 +113,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Download all artifacts
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           path: reports
           pattern: link-report-*

diff --git a/.github/workflows/link-check-on-pr.yml b/.github/workflows/link-check-on-pr.yml
@@ -37,7 +37,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c # v45
+        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v45
         with:
           files: |
             content/**/*.md

diff --git a/content/copilot/reference/copilot-feature-matrix.md b/content/copilot/reference/copilot-feature-matrix.md
@@ -26,10 +26,20 @@ topics:
 
 The following table shows supported {% data variables.product.prodname_copilot_short %} features in the latest version of each IDE.
 
+{%- comment %}
+This loop generates the "Features by IDE" comparison table:
+- Outer loop: Iterates through each feature from VS Code's feature list (using VS Code as the canonical source)
+- Inner loop: For each feature, iterates through all IDEs to check support in their latest version
+  - Gets the latest version using ideEntry[1].versions | first
+  - Looks up the support level for that feature in that version
+  - Outputs ✓ (supported), P (preview), or ✗ (not supported)
+Example row: | Agent mode | ✓ | ✓ | P | ✗ | ... |
+{%- endcomment %}
+
 | Feature{%- for entry in tables.copilot.copilot-matrix.ides %} | {{ entry[0] }}{%- endfor %} |
 |:----{%- for entry in tables.copilot.copilot-matrix.ides %}|:----:{%- endfor %}|
 {%- for featureEntry in tables.copilot.copilot-matrix.ides["VS Code"].features %}
-| {{ featureEntry[0] }}{%- for ideEntry in tables.copilot.copilot-matrix.ides %}{%- assign latestVersion = ideEntry[1].versions | last %}{%- assign supportLevel = ideEntry[1].features[featureEntry[0]][latestVersion] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} |
+| {{ featureEntry[0] }}{%- for ideEntry in tables.copilot.copilot-matrix.ides %}{%- assign latestVersion = ideEntry[1].versions | first %}{%- assign supportLevel = ideEntry[1].features[featureEntry[0]][latestVersion] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} |
 {%- endfor %}
 
 {% endides %}

diff --git a/content/github-cli/github-cli/about-github-cli.md b/content/github-cli/github-cli/about-github-cli.md
@@ -26,7 +26,7 @@ For more information about what you can do with {% data variables.product.prodna
 
 The Git command line interface (`git`) allows you to work with a local or remote Git repository. The remote repository may be hosted on {% data variables.product.prodname_dotcom %} or it may be hosted by another service.
 
-{% data variables.product.prodname_cli %} (`gh`) is specifically for working with {% data variables.product.prodname_dotcom %}. It allows you to use the command line to interact with {% data variables.product.prodname_dotcom %} in all sorts of ways, as illustrated by the previous list. If you tend to work on the command line you may prefer using {% data variables.product.prodname_cli %} instead of using {% data variables.product.prodname_dotcom %} in a browser. {% data variables.product.prodname_cli %} also makes it easier for you to create scripts to automate {% data variables.product.prodname_dotcom %} operations.
+{% data variables.product.prodname_cli %} (`gh`) is specifically for working with {% data variables.product.prodname_dotcom %}. It allows you to use the command line to interact with {% data variables.product.prodname_dotcom %} in all sorts of ways, as illustrated by the previous list. If you tend to work on the command line, you may prefer using {% data variables.product.prodname_cli %} instead of using {% data variables.product.prodname_dotcom %} in a browser. {% data variables.product.prodname_cli %} also makes it easier for you to create scripts to automate {% data variables.product.prodname_dotcom %} operations.
 
 ## Installing {% data variables.product.prodname_cli %}
 

diff --git a/content/github-cli/github-cli/using-multiple-accounts.md b/content/github-cli/github-cli/using-multiple-accounts.md
@@ -25,7 +25,7 @@ The {% data variables.product.prodname_cli %} **can't automatically detect** you
 
 * The {% data variables.product.prodname_cli %} will default to {% data variables.product.prodname_dotcom_the_website %}.
 * You can set the `GH_HOST` environment variable to change the default target for these kinds of requests. See [gh environment](https://cli.github.com/manual/gh_help_environment) in the {% data variables.product.prodname_cli %} manual.
-* Some commands allow you allow you to specify your target environment with the `--hostname` option, such as `gh api`, or pass the full URL for a repository, such as `gh pr view`.
+* Some commands allow you to specify your target environment with the `--hostname` option, such as `gh api`, or pass the full URL for a repository, such as `gh pr view`.
 
 ## Can I use multiple accounts on the same platform?
 

diff --git a/data/release-notes/enterprise-server/3-16/13.yml b/data/release-notes/enterprise-server/3-16/13.yml
@@ -27,6 +27,8 @@ sections:
 
       Now, if an administrator sets the instance's `skip_rebase_commit_generation_from_rebase_merge_settings` configuration variable to `true`, the "Allow rebase merging" option in a repository's pull request settings becomes the source of truth for whether rebase commits are generated when mergeability is checked.
   known_issues:
+    - |
+      When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes.
     - |
       During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading.
     - |

diff --git a/data/release-notes/enterprise-server/3-17/10.yml b/data/release-notes/enterprise-server/3-17/10.yml
@@ -33,6 +33,8 @@ sections:
 
       Now, if an administrator sets the instance's `skip_rebase_commit_generation_from_rebase_merge_settings` configuration variable to `true`, the "Allow rebase merging" option in a repository's pull request settings becomes the source of truth for whether rebase commits are generated when mergeability is checked.
   known_issues:
+    - |
+      When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes.
     - |
       During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading.
     - |

diff --git a/data/release-notes/enterprise-server/3-18/4.yml b/data/release-notes/enterprise-server/3-18/4.yml
@@ -43,6 +43,8 @@ sections:
 
       Now, if an administrator sets the instance's `skip_rebase_commit_generation_from_rebase_merge_settings` configuration variable to `true`, the "Allow rebase merging" option in a repository's pull request settings becomes the source of truth for whether rebase commits are generated when mergeability is checked.
   known_issues:
+    - |
+      When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes.
     - |
       During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading.
     - |

diff --git a/data/release-notes/enterprise-server/3-19/1.yml b/data/release-notes/enterprise-server/3-19/1.yml
@@ -48,6 +48,8 @@ sections:
     - |
       You can configure multiple data disks to host MySQL and repository data. This capability is currently in public preview and is applicable only for standalone and high availability topologies. It does not apply to cluster topologies. For more information, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/multiple-data-disks/configuring-multiple-data-disks). [Updated: 2026-01-19]
   known_issues:
+    - |
+      When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes.
     - |
       Upgrading or hotpatching to 3.19.1 may fail on very old nodes that have been continuously upgraded from versions older than 2021 versions (i.e. 2.17). If this issue occurs, you will see log entries prefixed with `invalid secret` in ghe-config.log. If you are running nodes this old, it is recommended not to upgrade to 3.19.1.
       If you must hotpatch to 3.19.1, first run `ghe-config 'secrets.session-manage' | tr -d '\n' | wc -c`. If the output is less than 64, run `ghe-config --unset 'secrets.session-manage'` and `ghe-config-apply` before you start the hotpatch. You can also run these same commands after the hotpatch to recover from the failure. [Updated: 2026-01-12]

diff --git a/eslint.config.ts b/eslint.config.ts
@@ -12,6 +12,7 @@ import noOnlyTests from 'eslint-plugin-no-only-tests'
 import prettierPlugin from 'eslint-plugin-prettier'
 import prettier from 'eslint-config-prettier'
 import globals from 'globals'
+import customRules from 'eslint-plugin-custom-rules'
 
 export default [
   {
@@ -57,6 +58,7 @@ export default [
       '@typescript-eslint': tseslint,
       'primer-react': primerReact,
       'jsx-a11y': jsxA11y,
+      'custom-rules': customRules,
     },
     rules: {
       // ESLint recommended rules
@@ -98,6 +100,77 @@ export default [
       // Disabled rules to review
       'no-console': 'off', // 800+
       '@typescript-eslint/no-explicit-any': 'off',
+
+      // Custom rules (disabled by default for now)
+      'custom-rules/use-custom-logger': 'off',
+    },
+  },
+
+  // Configuration for eslint-rules directory (CommonJS JavaScript files)
+  {
+    files: ['src/eslint-rules/**/*.js'],
+    languageOptions: {
+      ecmaVersion: 2022,
+      sourceType: 'script',
+      globals: {
+        ...globals.node,
+        ...globals.commonjs,
+        ...globals.es2020,
+      },
+    },
+    plugins: {
+      github,
+      import: importPlugin,
+      'eslint-comments': eslintComments,
+      filenames,
+      'no-only-tests': noOnlyTests,
+      prettier: prettierPlugin,
+    },
+    rules: {
+      // ESLint recommended rules
+      ...js.configs.recommended.rules,
+
+      // GitHub plugin recommended rules
+      ...github.configs.recommended.rules,
+
+      // Import plugin error rules
+      ...importPlugin.configs.errors.rules,
+
+      // Allow CommonJS in eslint rules
+      'import/no-commonjs': 'off',
+
+      // Overrides
+      'import/extensions': ['error', { json: 'always' }],
+      'no-empty': ['error', { allowEmptyCatch: true }],
+      'prefer-const': ['error', { destructuring: 'all' }],
+
+      // Disabled rules
+      'i18n-text/no-en': 'off',
+      'filenames/match-regex': 'off',
+      camelcase: 'off',
+      'no-console': 'off',
+    },
+  },
+
+  // Disable custom logger rule for logger implementation itself
+  {
+    files: ['src/observability/logger/**/*.{ts,js}'],
+    rules: {
+      'custom-rules/use-custom-logger': 'off',
+    },
+  },
+
+  // Override for scripts, tests, workflows, content-linter, and React files (disable custom logger rule)
+  {
+    files: [
+      '**/scripts/**/*.{ts,js}',
+      '**/tests/**/*.{ts,js}',
+      'src/workflows/**/*.{ts,js}',
+      'src/content-linter/**/*.{ts,js}',
+      '**/*.{tsx,jsx}',
+    ],
+    rules: {
+      'custom-rules/use-custom-logger': 'off',
     },
   },