From 7241f8bbdffb87e958db93dc97ee62f57d3df0ff Mon Sep 17 00:00:00 2001
From: Hector Alfaro <hectorsector@github.com>
Date: Thu, 30 Jul 2020 13:05:43 -0400
Subject: [PATCH 1/6] fix working in an LO

---
 course-details.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/course-details.md b/course-details.md
index 95ea3e7..dbf8075 100644
--- a/course-details.md
+++ b/course-details.md
@@ -15,8 +15,8 @@ This course will answer common questions like:
 
 In this course, you’ll learn how to:
 - Enable vulnerable dependency detection for private repositories
-- Detect and fix outdated dependencies with security vulnerabilities
-- Automate the detection of vulnerable dependencies with Dependabot
+- Detect and fix outdated dependencies
+- Automate the detection and fix of vulnerable dependencies with Dependabot
 - Add a security policy with the a `SECURITY.md` file
 - Remove a commit exposing sensitive data in a pull request
 - Keep sensitive files out of your repository by leveraging the use of a `.gitignore` file

From 880e1c29127e6a2051fc3f33bf20dc1d3368393d Mon Sep 17 00:00:00 2001
From: Hector Alfaro <hectorsector@github.com>
Date: Thu, 30 Jul 2020 15:41:06 -0400
Subject: [PATCH 2/6] update Pages language

---
 responses/00_introduction-issue.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/responses/00_introduction-issue.md b/responses/00_introduction-issue.md
index b4ce4ad..6306880 100644
--- a/responses/00_introduction-issue.md
+++ b/responses/00_introduction-issue.md
@@ -38,7 +38,7 @@ This project is centered around a memory game that will be deployed with GitHub
 
 
 1. Click the [**Settings**]({{ repoUrl }}/settings) tab in your repository.
-1. Scroll down to **GitHub Pages**. Select `master` as a **Source**, and click **Save**.
+1. Scroll down to **GitHub Pages** and set your [default branch as the source](https://docs.github.com/en/github/working-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site), usually `main` or `master`.
 
 {% endif %}
 

From 5fc7e6c601831507ec60ff76fb4527263ee90b22 Mon Sep 17 00:00:00 2001
From: Hector Alfaro <hectorsector@github.com>
Date: Thu, 30 Jul 2020 15:46:51 -0400
Subject: [PATCH 3/6] fix help doc links

---
 responses/01_find-vulnerabilities.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/responses/01_find-vulnerabilities.md b/responses/01_find-vulnerabilities.md
index b02571a..ee25ecd 100644
--- a/responses/01_find-vulnerabilities.md
+++ b/responses/01_find-vulnerabilities.md
@@ -10,7 +10,7 @@ This repository has some existing dependencies which will need updating to stay
 
 This repository is a Node.js project utilizing NPM. Because of that, [`package.json`]({{ repoUrl }}/blob/master/package.json) defines this repository's dependencies.  For our time together, we'll be focusing on these JavaScript dependencies. Keep in mind that different programming languages may have different dependency manifests. You might work with a `Gemfile`, `Gemfile.lock`, `*.gemspec`, `requirements.txt`, `pipfile.lock`, or other files.
 
-How can we know these dependencies are secure? GitHub monitors a number of reputable [data sources](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies#data-sources-for-security-alerts) to track vulnerabilities across projects.
+How can we know these dependencies are secure? GitHub monitors a number of reputable [data sources](https://docs.github.com/en/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies) to track vulnerabilities across projects.
 
   <hr>
 </details>
@@ -21,7 +21,7 @@ You may notice some alerts from GitHub about this repository. You may get an ema
 
 ![dependency vulnerability alert](https://user-images.githubusercontent.com/9906718/46882979-c275b680-ce50-11e8-9f47-2081daf20b98.png)
 
-GitHub tracks vulnerabilities for a number of [supported languages](https://help.github.com/en/github/visualizing-repository-data-with-graphs/listing-the-packages-that-a-repository-depends-on#supported-languages) and their associated package managers, including RubyGems, NPM, Python PIP, Maven, and Nuget.
+GitHub tracks vulnerabilities for a number of supported languages and their associated [package ecosystems](https://docs.github.com/en/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems), including RubyGems, NPM, Python PIP, Maven, and .NET.
 
 GitHub receives a notification of a newly-announced vulnerability. Next, we check for repositories that use the affected version of that dependency. We send security alerts to a set of people within those affected repositories. The owners are contacted by default and it's possible to configure specific teams or individuals to get these important notifications.
 

From 5624540702ddf4b81c140fb599d5ffb27bf85fb7 Mon Sep 17 00:00:00 2001
From: Hector Alfaro <hectorsector@github.com>
Date: Thu, 30 Jul 2020 16:00:16 -0400
Subject: [PATCH 4/6] rebrand security alerts

---
 responses/01_find-vulnerabilities.md |  8 ++++----
 responses/04_add-dependabot.md       | 12 ++++++------
 responses/05_successful-close.md     |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/responses/01_find-vulnerabilities.md b/responses/01_find-vulnerabilities.md
index ee25ecd..94d8459 100644
--- a/responses/01_find-vulnerabilities.md
+++ b/responses/01_find-vulnerabilities.md
@@ -29,13 +29,13 @@ GitHub receives a notification of a newly-announced vulnerability. Next, we chec
 
 ## Step 2: Find this repository's vulnerable dependencies
 
-Use GitHub's security alerts to identify a vulnerable NPM dependency.
+Use Dependabot alerts to identify a vulnerable NPM dependency.
 
 ### :keyboard: Activity: Identify the suggested version update
 
-1. Click the **Insights** tab in your repository.
-2. On the left hand navigation bar, click **Dependency graph**.
-3. Scroll down until you see a yellow bar highlighting the dependency named `debug`, and click on the right hand side of the yellow `debug` section.
+1. Click the **Security** tab in your repository.
+2. On the left hand navigation bar, click **Dependabot alerts**.
+3. Click on the `debug` alert.
 4. Take note of the suggested version.
 5. Comment in this issue with the suggested update version.
 
diff --git a/responses/04_add-dependabot.md b/responses/04_add-dependabot.md
index b6bddc9..9637b63 100644
--- a/responses/04_add-dependabot.md
+++ b/responses/04_add-dependabot.md
@@ -4,27 +4,27 @@ Manually going through your dependencies for alerts and outdated versions is ted
 
 **Meet Dependabot**
 
-![download](https://user-images.githubusercontent.com/6351798/67623352-53f86200-f7e1-11e9-957d-47bb009f030f.png)
+![Dependabot icon](https://user-images.githubusercontent.com/6351798/67623352-53f86200-f7e1-11e9-957d-47bb009f030f.png)
 
-Dependabot creates pull requests to keep your dependencies secure and up-to-date!
+Dependabot alerts you and creates pull requests to keep your dependencies secure and up-to-date!
 
 ### How does Dependabot work?
 
-Dependabot is the actor for GitHub's [automated security updates](https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-updates). 
+Dependabot is the actor for GitHub's [automated security updates](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates). 
 
 1. GitHub uses the dependency graph and security alerts to scan your repository and notify you of potential dependency updates
 1. If any dependencies are out-of-date, Dependabot opens a pull request to update each one
 1. If tests pass, and the updated version looks good, you simply merge the pull request
 
-### Configuring automated security updates
+### Configuring Dependabot security updates
 
 You can enable automated security updates for any repository that uses security alerts and the dependency graph. You can disable automated security updates for an individual repository or for all repositories owned by your user account or organization. GitHub will automatically enable automated security updates in every repository that uses security alerts and the dependency graph.
 
-![Screen Shot 2019-10-28 at 1 23 52 PM](https://user-images.githubusercontent.com/6351798/67711794-5c3ed180-f988-11e9-97ba-41451996a2fb.png)
+![screenshot of a Dependabot alert, showing debug dependency](https://user-images.githubusercontent.com/6351798/67711794-5c3ed180-f988-11e9-97ba-41451996a2fb.png)
 
 Here, we have a security alert on the **debug** dependency. Clicking on **debug** will show you the pull request created by Dependabot to update the dependency. We just updated to `2.6.9` but Dependabot noticed we are still outdated.
 
-If you navigate to your [pull requests]({{ repoUrl }}/pulls), you'll notice Dependabot has done its job and is trying to bump, or update, the version of `debug`. Feel free to **approve and merge the pull request**.
+If you navigate to your [closed pull requests]({{ repoUrl }}/pulls?q=is%3Apr+is%3Aclosed), you'll notice Dependabot has done its job and is trying to bump, or update, the version of `debug`.
 
 ## Close this issue when done
 
diff --git a/responses/05_successful-close.md b/responses/05_successful-close.md
index 16eb1b6..1234f09 100644
--- a/responses/05_successful-close.md
+++ b/responses/05_successful-close.md
@@ -1,4 +1,4 @@
-Nice job adding Dependabot.
+Nice job getting to know Dependabot.
 
 
 <hr>

From 8f1fac979659eb12571723cf0c5b5eece366561c Mon Sep 17 00:00:00 2001
From: Hector Alfaro <hectorsector@github.com>
Date: Thu, 30 Jul 2020 16:12:59 -0400
Subject: [PATCH 5/6] fix instructions for security policy location

---
 responses/05_add-security-policy.md | 4 +++-
 responses/06_good-merge.md          | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/responses/05_add-security-policy.md b/responses/05_add-security-policy.md
index 6bec689..03d9fe3 100644
--- a/responses/05_add-security-policy.md
+++ b/responses/05_add-security-policy.md
@@ -17,10 +17,12 @@ Just like a `README.md` file, it really depends on your repository and the requi
 ## Step 6: Add a SECURITY.md file
 
 1. Navigate to the [Security]({{ repoUrl }}/network/alerts) tab
-1. Click on Policy located in the left sidebar
+1. Click on Security Policy located in the left sidebar
 1. Click the **Start Setup** button
 1. Commit the template security policy to the new branch as selected `{{ user.username }}-patch-1`
 1. Commit the new file and create the pull request
 
+Alternatively, you could also create a new file in the root directory called `SECURITY.md`, write up a quick security policy, and open a pull request. 
+
 <hr>
 <h3 align="center">I'll respond in your pull request with next steps.</h3>
diff --git a/responses/06_good-merge.md b/responses/06_good-merge.md
index 6ee6a84..a6a11b6 100644
--- a/responses/06_good-merge.md
+++ b/responses/06_good-merge.md
@@ -1,4 +1,6 @@
 Nice, @{{ user.username }}! Go ahead and delete the branch.
 
+You can view your newly published [security policy]({{ repoUrl }}/security/policy) in the Security tab.
+
 <hr>
 <h3 align="center">Find your <a href="{{ url }}">next pull request here.</a></h3>

From 968d875643c28996a4203e0d246c6eef2d98e39b Mon Sep 17 00:00:00 2001
From: Hector Alfaro <hectorsector@github.com>
Date: Thu, 30 Jul 2020 16:19:35 -0400
Subject: [PATCH 6/6] update config

---
 config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.yml b/config.yml
index 4524933..800a37d 100644
--- a/config.yml
+++ b/config.yml
@@ -24,7 +24,7 @@ before:
 
 steps:
 
-  # Step 1
+  # Step 1:
   # Learner enables GH pages for game
   # Bot creates issue to report a vulnerability