diff --git a/.github/workflows/update-cli.yml b/.github/workflows/update-cli.yml
index 154e97702b6..319827a04b2 100644
--- a/.github/workflows/update-cli.yml
+++ b/.github/workflows/update-cli.yml
@@ -47,7 +47,7 @@ jobs:
         id: status
         run: |
           if [ -n "$(git status --porcelain)" ]; then
-            echo "::set-output name=has_changes::1"
+            echo "has_changes=1" >> $GITHUB_OUTPUT
           fi
       - name: Check in source updates
         if: steps.status.outputs.has_changes == '1'
diff --git a/content/policies/privacy.mdx b/content/policies/privacy.mdx
index 0d2f6132915..745139f1eff 100644
--- a/content/policies/privacy.mdx
+++ b/content/policies/privacy.mdx
@@ -43,7 +43,7 @@ npm may inadvertently collect data about you if it is included in software packa
 
 When you use the `npm` command, the `npx` command, or other software to work with the npm public registry, an Enterprise registry that npm hosts, or private packages, npm logs data that might be identified to you:
 
-- a random, unique identifier, called `npm-session`, for each time you run commands like `npm install`
+- a random, unique transaction identifier, called `npm-session`, for each time you run commands like `npm install`
 
 - the names and versions of your project's dependencies, their dependencies, and so on, that come from the npm public registry, [but not of other dependencies, like Git dependencies](https://docs.npmjs.com/cli/audit)
 
@@ -53,6 +53,8 @@ When you use the `npm` command, the `npx` command, or other software to work wit
 
 - the scope of the package for which you ran `npm install`, as an `npm-scope` header
 
+- an `npm-command` header, showing which npm command was run
+
 - a `referrer` header that shows the command you ran, with any file or directory paths redacted
 
 - data about the software you're using to access the registry, such as the `User-Agent` string