Repo sync

content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create.md

@@ -314,10 +314,10 @@ configuration files that should work in most situations.
 
 #### `--working-dir=<dir>`
 
-\[Advanced] The directory in which the specified command should be
-executed. If this argument is not provided, the command is executed in
-the value of `--source-root` passed to codeql database create, if one exists. If no `--source-root` argument is provided, the command is executed in the
-current working directory.
+\[Advanced] The working directory for this command. If this argument is
+not provided, the working directory defaults to the value of
+`--source-root` passed to codeql database create, if one exists. If no `--source-root` argument is provided, the current working directory is
+used.
 
 #### `--no-run-unnecessary-builds`
 

content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md

@@ -56,10 +56,10 @@ construction. Those databases will be processed together.
 
 #### `--working-dir=<dir>`
 
-\[Advanced] The directory in which the specified command should be
-executed. If this argument is not provided, the command is executed in
-the value of `--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the
-current working directory.
+\[Advanced] The working directory for this command. If this argument is
+not provided, the working directory defaults to the value of
+`--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the current working directory is
+used.
 
 #### `--additional-dbs=<database>[:<database>...]`
 

content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-index-files.md

@@ -78,10 +78,10 @@ set, the environment variable value takes precedence over this option.
 
 #### `--working-dir=<dir>`
 
-\[Advanced] The directory in which the specified command should be
-executed. If this argument is not provided, the command is executed in
-the value of `--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the
-current working directory.
+\[Advanced] The working directory for this command. If this argument is
+not provided, the working directory defaults to the value of
+`--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the current working directory is
+used.
 
 ### Options to control extractor behavior
 

content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command.md

@@ -110,10 +110,10 @@ cannot be used in conjunction with `--index-traceless-dbs`.
 
 #### `--working-dir=<dir>`
 
-\[Advanced] The directory in which the specified command should be
-executed. If this argument is not provided, the command is executed in
-the value of `--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the
-current working directory.
+\[Advanced] The working directory for this command. If this argument is
+not provided, the working directory defaults to the value of
+`--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the current working directory is
+used.
 
 #### `--no-run-unnecessary-builds`
 

content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md

@@ -180,6 +180,8 @@ jobs:
 > [!NOTE]
 > If you use status checks to test pull requests, you should enable **Require status checks to pass before merging** for the target branch for {% data variables.product.prodname_dependabot %} pull requests. This branch protection rule ensures that pull requests are not merged unless **all the required status checks pass**. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule).
 
+If the target branch uses a merge queue, the built-in `GITHUB_TOKEN` cannot add pull requests to the queue. In this case, you must authenticate the workflow with a {% data variables.product.pat_generic %} or a {% data variables.product.prodname_github_app %} token that has permission to merge, and use it in place of `GITHUB_TOKEN` for the `gh pr merge` step.
+
 ## {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_actions %} policies
 
 Normally, whether a workflow can run in a repository depends on {% data variables.product.prodname_actions %} **policy checks** and whether {% data variables.product.prodname_actions %} is **enabled** at the organization or repository level. These controls can restrict workflows from running—especially when external actions are blocked or {% data variables.product.prodname_actions %} is disabled entirely.

content/copilot/concepts/agents/copilot-cli/about-cli-plugins.md

@@ -59,7 +59,7 @@ Examples of marketplaces include:
 
 For more about adding marketplaces and installing plugins from them, see [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/plugins-finding-installing).
 
-Enterprise administrators can also define plugin standards that apply across the enterprise, including specifying additional marketplaces and plugins that are automatically installed for all {% data variables.copilot.copilot_cli_short %} users. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/about-enterprise-plugin-standards).
+Enterprise administrators can define plugin standards that apply to users on the enterprise's {% data variables.product.prodname_copilot_short %} plan, including specifying additional marketplaces and plugins that are automatically installed for {% data variables.copilot.copilot_cli_short %} users. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/about-enterprise-plugin-standards).
 
 ## Plugins compared with manual configuration
 

content/copilot/concepts/agents/copilot-cli/about-enterprise-plugin-standards.md

@@ -15,7 +15,7 @@ docsTeamMetrics:
 
 > [!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change.
 
-Enterprise-managed plugin standards allow administrators to **define and enforce policies for plugin availability** in {% data variables.copilot.copilot_cli_short %} across their enterprise. By configuring a `settings.json` file in the enterprise's `.github-private` repository, administrators can specify which plugin marketplaces are available to users and which plugins are automatically installed for all enterprise users.
+Enterprise-managed plugin standards allow administrators to **define and enforce policies for plugin availability** in {% data variables.copilot.copilot_cli_short %} for users on the enterprise's {% data variables.product.prodname_copilot_short %} plan. By configuring a `settings.json` file in the enterprise's `.github-private` repository, administrators can specify which plugin marketplaces are available to users and which plugins are installed automatically.
 
 ## How plugin standards work
 
@@ -24,7 +24,7 @@ Enterprise plugin standards use a configuration file stored in your enterprise's
 For plugin standards, the file can define:
 
 * **Known marketplaces**. Plugin marketplaces that are available to users for browsing and installing plugins.
-* **Default-enabled plugins**. Specific plugins that are automatically installed for all enterprise users when they authenticate with the CLI.
+* **Default-enabled plugins**. Specific plugins that are automatically installed when users authenticate with the CLI.
 
 When a user signs in to {% data variables.copilot.copilot_cli_short %}, the client queries an API endpoint that reads the `settings.json` from the enterprise's `.github-private` repository. The policies defined in the file are then applied to the user's CLI session.
 

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards.md

@@ -14,6 +14,8 @@ category:
 
 > [!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change.
 
+You can apply settings to control users' available plugin marketplaces and default-installed plugins. These settings apply to users on your enterprise's {% data variables.product.prodname_copilot_short %} plan. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-cli/about-enterprise-plugin-standards).
+
 1. In your enterprise's `.github-private` repository, navigate to the `.github/copilot/` directory. If you don't have a `.github-private` repository yet, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents).
 1. Create or edit the `settings.json` file at `.github/copilot/settings.json`.
 1. Add your plugin policy configuration to the file. The `settings.json` file supports the following top-level properties:
@@ -39,4 +41,6 @@ category:
 
 1. Commit and push your changes to the default branch of the `.github-private` repository.
 
-Once the configuration is committed, enterprise users will see the specified marketplaces and pre-installed plugins the next time they authenticate with {% data variables.copilot.copilot_cli_short %}.
+Once the configuration is committed, users will see the specified marketplaces and pre-installed plugins the next time they authenticate with {% data variables.copilot.copilot_cli_short %}.
+
+If a user does not see these settings, ensure they receive access to {% data variables.product.prodname_copilot_short %} through your enterprise or one of its organizations. If a user receives a license from multiple billing entities, ensure they have selected your enterprise in the "Usage billed to" dropdown in their [personal {% data variables.product.prodname_copilot_short %} settings](https://github.com/settings/copilot/features).

content/copilot/reference/customization-cheat-sheet.md

@@ -55,9 +55,9 @@ This table shows which customization features are supported in each IDE and surf
 |---------|:-------:|:-------------:|:---------:|:-------:|:-----:|:-------:|:---:|
 | Custom instructions | ✓ | ✓ | P | P | P | ✓ | ✓ |
 | Prompt files | ✓ | ✓ | P | ✗ | P | ✗ | ✗ |
-| {% data variables.copilot.custom_agents_caps_short %} | ✓ | ✗ | P | P | P | ✓ | ✓ |
+| {% data variables.copilot.custom_agents_caps_short %} | ✓ | ✓ | P | P | P | ✓ | ✓ |
 | {% data variables.copilot.subagents_caps_short %} | ✓ | ✗ | P | P | P | ✗ | ✓ |
-| Agent skills | ✓ | ✗ | P | ✗ | ✗ | ✓ | ✓ |
+| Agent skills | ✓ | ✓ | P | ✗ | ✗ | ✓ | ✓ |
 | Hooks | P | ✗ | ✗ | ✗ | ✗ | ✓ | ✓ |
 | MCP servers | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
 

content/enterprise-onboarding/index.md

@@ -39,6 +39,7 @@ journeyTracks:
     title: 'Automating processes with GitHub Apps'
     description: 'Create and install apps to automate processes securely in your enterprise and organizations.'
     guides:
+      - href: '/enterprise-onboarding/github-apps/automations-in-your-enterprise'
       - href: '/enterprise-onboarding/github-apps/create-enterprise-apps'
       - href: '/enterprise-onboarding/github-apps/install-enterprise-apps'
   - id: 'support_for_your_enterprise'

data/reusables/code-scanning/codeql-query-tables/actions.md

@@ -7,7 +7,7 @@
 | [Cache Poisoning via execution of untrusted code](https://codeql.github.com/codeql-query-help/actions/actions-cache-poisoning-poisonable-step/) | 349 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Cache Poisoning via low-privileged code injection](https://codeql.github.com/codeql-query-help/actions/actions-cache-poisoning-code-injection/) | 349, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Checkout of untrusted code in a privileged context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-critical/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Checkout of untrusted code in trusted context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-high/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Checkout of untrusted code in a privileged context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-high/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Code injection](https://codeql.github.com/codeql-query-help/actions/actions-code-injection-critical/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Environment variable built from user-controlled sources](https://codeql.github.com/codeql-query-help/actions/actions-envvar-injection-critical/) | 077, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Excessive Secrets Exposure](https://codeql.github.com/codeql-query-help/actions/actions-excessive-secrets-exposure/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -20,10 +20,10 @@
 | [Use of a known vulnerable action](https://codeql.github.com/codeql-query-help/actions/actions-vulnerable-action/) | 1395 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Workflow does not contain permissions](https://codeql.github.com/codeql-query-help/actions/actions-missing-workflow-permissions/) | 275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Artifact poisoning](https://codeql.github.com/codeql-query-help/actions/actions-artifact-poisoning-medium/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Checkout of untrusted code in trusted context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-medium/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Checkout of untrusted code in a trusted context](https://codeql.github.com/codeql-query-help/actions/actions-untrusted-checkout-medium/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Code injection](https://codeql.github.com/codeql-query-help/actions/actions-code-injection-medium/) | 094, 095, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Environment variable built from user-controlled sources](https://codeql.github.com/codeql-query-help/actions/actions-envvar-injection-medium/) | 077, 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [PATH environment variable built from user-controlled sources](https://codeql.github.com/codeql-query-help/actions/actions-envpath-injection-medium/) | 077, 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Unpinned tag for a non-immutable Action in workflow](https://codeql.github.com/codeql-query-help/actions/actions-unpinned-tag/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Unpinned tag for a non-immutable Action in workflow or composite action](https://codeql.github.com/codeql-query-help/actions/actions-unpinned-tag/) | 829 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 
 {% endrowheaders %}

src/graphql/data/fpt/category-map.json

@@ -649,6 +649,8 @@
     "issuefieldchangedevent": "issues",
     "issuefielddate": "issues",
     "issuefielddatevalue": "issues",
+    "issuefieldmultiselect": "issues",
+    "issuefieldmultiselectvalue": "issues",
     "issuefieldnumber": "issues",
     "issuefieldnumbervalue": "issues",
     "issuefieldremovedevent": "issues",

src/graphql/data/fpt/changelog.json

@@ -1,4 +1,38 @@
 [
+  {
+    "schemaChanges": [
+      {
+        "title": "The GraphQL schema includes these changes:",
+        "changes": [
+          "<p>Type <code>IssueFieldMultiSelect</code> was added</p>",
+          "<p><code>IssueFieldMultiSelect</code> object implements <code>IssueFieldCommon</code> interface</p>",
+          "<p><code>IssueFieldMultiSelect</code> object implements <code>Node</code> interface</p>",
+          "<p>Field <code>createdAt</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Field <code>dataType</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Field <code>description</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Field <code>fullDatabaseId</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Field <code>id</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Field <code>name</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Field <code>options</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Field <code>visibility</code> was added to object type <code>IssueFieldMultiSelect</code></p>",
+          "<p>Type <code>IssueFieldMultiSelectValue</code> was added</p>",
+          "<p><code>IssueFieldMultiSelectValue</code> object implements <code>IssueFieldValueCommon</code> interface</p>",
+          "<p><code>IssueFieldMultiSelectValue</code> object implements <code>Node</code> interface</p>",
+          "<p>Field <code>field</code> was added to object type <code>IssueFieldMultiSelectValue</code></p>",
+          "<p>Field <code>id</code> was added to object type <code>IssueFieldMultiSelectValue</code></p>",
+          "<p>Field <code>options</code> was added to object type <code>IssueFieldMultiSelectValue</code></p>",
+          "<p>Field <code>value</code> was added to object type <code>IssueFieldMultiSelectValue</code></p>",
+          "<p>Input field <code>multiSelectOptionIds</code> of type '[ID!]<code>was added to input object type</code>IssueFieldCreateOrUpdateInput'</p>",
+          "<p>Member <code>IssueFieldMultiSelectValue</code> was added to Union type <code>IssueFieldValue</code></p>",
+          "<p>Member <code>IssueFieldMultiSelect</code> was added to Union type <code>IssueFields</code></p>",
+          "<p>Member <code>IssueFieldMultiSelectValue</code> was added to Union type 'ProjectV2IssueFieldValues'</p>"
+        ]
+      }
+    ],
+    "previewChanges": [],
+    "upcomingChanges": [],
+    "date": "2026-06-04"
+  },
   {
     "schemaChanges": [
       {