Add latest changes from gitlab-org/gitlab@master

12 files changed, 162 insertions, 245 deletions

diff --git a/app/models/storage/hashed.rb b/app/models/storage/hashed.rb
index 05e93f00912..5cef033e672 100644
--- a/app/models/storage/hashed.rb
+++ b/app/models/storage/hashed.rb
@@ -31,10 +31,6 @@ module Storage
       "#{base_dir}/#{disk_hash}" if disk_hash
     end
 
-    def rename_repo(old_full_path: nil, new_full_path: nil)
-      true
-    end
-
     private
 
     # Generates the hash for the repository path and name on disk
diff --git a/app/models/storage/legacy_project.rb b/app/models/storage/legacy_project.rb
index 0d12a629b8e..700314e277a 100644
--- a/app/models/storage/legacy_project.rb
+++ b/app/models/storage/legacy_project.rb
@@ -23,27 +23,5 @@ module Storage
     def disk_path
       project.full_path
     end
-
-    def rename_repo(old_full_path: nil, new_full_path: nil)
-      old_full_path ||= project.full_path_before_last_save
-      new_full_path ||= project.build_full_path
-
-      if gitlab_shell.mv_repository(repository_storage, old_full_path, new_full_path)
-        # If repository moved successfully we need to send update instructions to users.
-        # However we cannot allow rollback since we moved repository
-        # So we basically we mute exceptions in next actions
-        begin
-          gitlab_shell.mv_repository(repository_storage, "#{old_full_path}.wiki", "#{new_full_path}.wiki")
-          return true
-        rescue StandardError => e
-          Gitlab::AppLogger.error("Exception renaming #{old_full_path} -> #{new_full_path}: #{e}")
-          # Returning false does not rollback after_* transaction but gives
-          # us information about failing some of tasks
-          return false
-        end
-      end
-
-      false
-    end
   end
 end
diff --git a/app/services/projects/after_rename_service.rb b/app/services/projects/after_rename_service.rb
index bbb812fd7be..93d68eec3bc 100644
--- a/app/services/projects/after_rename_service.rb
+++ b/app/services/projects/after_rename_service.rb
@@ -62,13 +62,9 @@ module Projects
 
     def rename_or_migrate_repository!
       success =
-        if migrate_to_hashed_storage?
-          ::Projects::HashedStorage::MigrationService
-            .new(project, full_path_before)
-            .execute
-        else
-          project.storage.rename_repo(old_full_path: full_path_before, new_full_path: full_path_after)
-        end
+        ::Projects::HashedStorage::MigrationService
+          .new(project, full_path_before)
+          .execute
 
       rename_failed! unless success
     end
@@ -105,11 +101,6 @@ module Projects
       )
     end
 
-    def migrate_to_hashed_storage?
-      Gitlab::CurrentSettings.hashed_storage_enabled? &&
-        project.storage_upgradable?
-    end
-
     def send_move_instructions?
       !project.import_started?
     end
diff --git a/doc/administration/settings/jira_cloud_app.md b/doc/administration/settings/jira_cloud_app.md
index fb5780848fd..1b92e20d705 100644
--- a/doc/administration/settings/jira_cloud_app.md
+++ b/doc/administration/settings/jira_cloud_app.md
@@ -69,7 +69,7 @@ With this method:
 - The instance must be publicly available.
 - The instance must be on GitLab version 15.7 or later.
 - You must set up [OAuth authentication](#set-up-oauth-authentication).
-- If your instance is using HTTPS, your GitLab certificate must be publicly trusted or contain the full chained certificate.
+- If your instance uses HTTPS, your GitLab certificate must be publicly trusted or contain the full chain certificate.
 - Your network must allow inbound and outbound connections between GitLab and Jira. For self-managed instances that are behind a
   firewall and cannot be directly accessed from the internet:
   - Open your firewall and only allow inbound traffic from [Atlassian IP addresses](https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/#Outgoing-Connections).
diff --git a/doc/api/graphql/getting_started.md b/doc/api/graphql/getting_started.md
index 52592f943fc..874d243ee2d 100644
--- a/doc/api/graphql/getting_started.md
+++ b/doc/api/graphql/getting_started.md
@@ -16,14 +16,30 @@ the API itself.
 
 The examples documented here can be run using:
 
-- [Command line](#command-line).
 - [GraphiQL](#graphiql).
+- [Command line](#command-line).
 - [Rails console](#rails-console).
 
+### GraphiQL
+
+GraphiQL (pronounced "graphical") allows you to run real GraphQL queries against the API interactively. 
+It makes exploring the schema easier by providing a UI with syntax highlighting and autocompletion.
+
+For most people, using GraphiQL will be the easiest way to explore the GitLab GraphQL API.
+
+You can either use GraphiQL:
+
+- [On GitLab.com](https://gitlab.com/-/graphql-explorer).
+- On your self-managed GitLab instance on `https://<your-gitlab-site.com>/-/graphql-explorer`.
+
+Sign in to GitLab first to authenticate the requests with your GitLab account.
+
+To get started, refer to the [example queries and mutations](#queries-and-mutations).
+
 ### Command line
 
 You can run GraphQL queries in a `curl` request on the command line on your
-local computer. A GraphQL request can be made as a `POST` request to `/api/graphql`
+local computer. The requests `POST` to `/api/graphql`
 with the query as the payload. You can authorize your request by generating a
 [personal access token](../../user/profile/personal_access_tokens.md) to use as
 a bearer token.
@@ -48,32 +64,6 @@ curl "https://gitlab.com/api/graphql" --header "Authorization: Bearer $GRAPHQL_T
       # or "{\"query\": \"query {project(fullPath: \\\"<group>/<subgroup>/<project>\\\") {jobs {nodes {id duration}}}}\"}"
 ```
 
-### GraphiQL
-
-GraphiQL (pronounced "graphical") allows you to run queries directly against
-the server endpoint with syntax highlighting and autocomplete. It also allows
-you to explore the schema and types.
-
-The examples below:
-
-- Can be run directly against GitLab.
-- Works against GitLab.com without any further setup. Make sure you are signed
-  in and navigate to the [GraphiQL Explorer](https://gitlab.com/-/graphql-explorer).
-
-If you want to run the queries locally, or on a self-managed instance, you must
-either:
-
-- Create the `gitlab-org` group with a project called `graphql-sandbox` under
-  it. Create several issues in the project.
-- Edit the queries to replace `gitlab-org/graphql-sandbox` with your own group
-  and project.
-
-Refer to [running GraphiQL](index.md#graphiql) for more information.
-
-NOTE:
-If you are running GitLab 12.0, enable the `graphql`
-[feature flag](../features.md#set-or-create-a-feature).
-
 ### Rails console **(FREE SELF)**
 
 GraphQL queries can be run in a [Rails console session](../../administration/operations/rails_console.md#starting-a-rails-console-session). For example, to search projects:
@@ -172,7 +162,7 @@ More about queries:
 ### Authorization
 
 Authorization uses the same engine as the GitLab application (and GitLab.com).
-If you've signed in to GitLab and use GraphiQL, all queries are performed as
+If you've signed in to GitLab and use [GraphiQL](#graphiql), all queries are performed as
 you, the authenticated user. For more information, read the
 [GitLab API documentation](../rest/index.md#authentication).
 
@@ -304,14 +294,15 @@ mutation DisableCI_JOB_TOKENscope {
 }
 ```
 
-### Introspective queries
+### Introspection queries
+
+Clients can query the GraphQL endpoint for information about its schema
+by making an [introspection query](https://graphql.org/learn/introspection/).
 
-Clients can query the GraphQL endpoint for information about its own schema.
-by making an [introspective query](https://graphql.org/learn/introspection/).
-The [GraphiQL Query Explorer](https://gitlab.com/-/graphql-explorer) uses an
+The [GraphiQL Query Explorer](#graphiql) uses an
 introspection query to:
 
-- Gain knowledge about our GraphQL schema.
+- Gain knowledge about the GitLab GraphQL schema.
 - Do autocompletion.
 - Provide its interactive `Docs` tab.
 
diff --git a/doc/architecture/blueprints/organization/index.md b/doc/architecture/blueprints/organization/index.md
index 0955d53313d..41359e06c85 100644
--- a/doc/architecture/blueprints/organization/index.md
+++ b/doc/architecture/blueprints/organization/index.md
@@ -113,6 +113,8 @@ The Organization MVC will contain the following functionality:
 - Organization settings page with the added ability to remove an Organization. Deletion of the default Organization is prevented.
 - Groups. This includes the ability to create, edit, and delete Groups, as well as a Groups overview that can be accessed by the Organization Owner and Users.
 - Projects. This includes the ability to create, edit, and delete Projects, as well as a Projects overview that can be accessed by the Organization Owner and Users.
+- Personal Namespaces. Users get [a personal Namespace in each Organization](../cells/impacted_features/personal-namespaces.md) they interact with.
+- User Profile. Each [User Profile will be scoped to the Organization](../cells/impacted_features/user-profile.md).
 
 ### Organization Access
 
diff --git a/doc/development/policies.md b/doc/development/policies.md
index faf5b32985f..273758f0d42 100644
--- a/doc/development/policies.md
+++ b/doc/development/policies.md
@@ -49,7 +49,7 @@ class FooPolicy < BasePolicy
   # ...
 
   rule { is_public }.enable :read
-  rule { thing }.prevent :read
+  rule { ~thing }.prevent :read
 
   # equivalently,
   rule { is_public }.policy do
diff --git a/doc/integration/advanced_search/elasticsearch.md b/doc/integration/advanced_search/elasticsearch.md
index 1afaa6b7d52..986bdb9a667 100644
--- a/doc/integration/advanced_search/elasticsearch.md
+++ b/doc/integration/advanced_search/elasticsearch.md
@@ -869,7 +869,7 @@ Make sure to prepare for this task by having a
    bundle exec rake gitlab:elastic:index_users RAILS_ENV=production
    ```
 
-1. Enable replication and refreshing again after indexing (only if you previously increased the `refresh_interval`):
+1. Enable replication and refreshing again after indexing (only if you previously increased `refresh_interval`):
 
    ```shell
    curl --request PUT localhost:9200/gitlab-production/_settings --header 'Content-Type: application/json' \
diff --git a/doc/user/free_push_limit.md b/doc/user/free_push_limit.md
new file mode 100644
index 00000000000..3a250bf21b4
--- /dev/null
+++ b/doc/user/free_push_limit.md
@@ -0,0 +1,42 @@
+---
+stage: Growth
+group: Acquisition
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Free push limit **(FREE SAAS)**
+
+A 100 MB per-file limit applies when pushing new files to any project in the Free tier.
+
+If a new file that is 100 MB or large is pushed to a project in the Free tier, an error is displayed. For example:
+
+```shell
+Enumerating objects: 3, done.
+Counting objects: 100% (3/3), done.
+Delta compression using up to 10 threads
+Compressing objects: 100% (2/2), done.
+Writing objects: 100% (3/3), 100.03 MiB | 1.08 MiB/s, done.
+Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
+remote: GitLab: You are attempting to check in one or more files which exceed the 100MiB limit:
+
+- 257cc5642cb1a054f08cc83f2d943e56fd3ebe99 (123 MiB)
+- 5716ca5987cbf97d6bb54920bea6adde242d87e6 (396 MiB)
+
+Please refer to $URL for further information.
+To https://gitlab.com/group/my-project.git
+ ! [remote rejected] main -> main (pre-receive hook declined)
+error: failed to push some refs to 'https://gitlab.com/group/my-project.git'
+```
+
+The error lists the unique IDs for files rather than their filename. To look up the file name from the unique identify, run the following command:
+
+```shell
+tree -r | grep <id>
+```
+
+Because Git is not designed to handle large non-text-based data well, you should use [Git LFS](../topics/git/lfs/index.md) for these files.
+Git LFS is designed to work with Git to track large files.
+
+## Related topics
+
+- [GitLab SaaS Free tier frequently asked questions](https://about.gitlab.com/pricing/faq-efficient-free-tier/).
diff --git a/spec/services/projects/after_rename_service_spec.rb b/spec/services/projects/after_rename_service_spec.rb
index 411ff5662d4..fd485bf1079 100644
--- a/spec/services/projects/after_rename_service_spec.rb
+++ b/spec/services/projects/after_rename_service_spec.rb
@@ -21,183 +21,90 @@ RSpec.describe Projects::AfterRenameService, feature_category: :groups_and_proje
   end
 
   describe '#execute' do
-    context 'using legacy storage' do
-      let(:project) { create(:project, :repository, :wiki_repo, :legacy_storage) }
-      let(:project_storage) { project.send(:storage) }
-      let(:gitlab_shell) { Gitlab::Shell.new }
-
-      before do
-        # Project#gitlab_shell returns a new instance of Gitlab::Shell on every
-        # call. This makes testing a bit easier.
-        allow(project).to receive(:gitlab_shell).and_return(gitlab_shell)
-
-        stub_application_setting(hashed_storage_enabled: false)
-      end
-
-      it 'renames a repository' do
-        stub_container_registry_config(enabled: false)
-
-        expect_any_instance_of(SystemHooksService)
-          .to receive(:execute_hooks_for)
-          .with(project, :rename)
-
-        expect_any_instance_of(Gitlab::UploadsTransfer)
-          .to receive(:rename_project)
-          .with(path_before_rename, path_after_rename, project.namespace.full_path)
-
-        expect(repo_before_rename).to exist
-        expect(wiki_repo_before_rename).to exist
-
-        service_execute
-
-        expect(repo_before_rename).not_to exist
-        expect(wiki_repo_before_rename).not_to exist
-        expect(repo_after_rename).to exist
-        expect(wiki_repo_after_rename).to exist
-      end
-
-      context 'container registry with images' do
-        let(:container_repository) { create(:container_repository) }
-
-        before do
-          stub_container_registry_config(enabled: true)
-          stub_container_registry_tags(repository: :any, tags: ['tag'])
-          project.container_repositories << container_repository
-        end
-
-        it 'raises a RenameFailedError' do
-          expect { service_execute }.to raise_error(described_class::RenameFailedError)
-        end
-      end
-
-      context 'attachments' do
-        before do
-          expect(project_storage).to receive(:rename_repo) { true }
-        end
-
-        it 'moves uploads folder to new location' do
-          expect_any_instance_of(Gitlab::UploadsTransfer).to receive(:rename_project)
-
-          service_execute
-        end
-      end
-
-      it 'updates project full path in gitaly' do
-        service_execute
-
-        expect(project.repository.full_path).to eq(project.full_path)
-      end
-
-      it 'updates storage location' do
-        allow(project_storage).to receive(:rename_repo).and_return(true)
+    let(:project) { create(:project, :repository, skip_disk_validation: true) }
+    let(:gitlab_shell) { Gitlab::Shell.new }
+    let(:hash) { Digest::SHA2.hexdigest(project.id.to_s) }
+    let(:hashed_prefix) { File.join('@hashed', hash[0..1], hash[2..3]) }
+    let(:hashed_path) { File.join(hashed_prefix, hash) }
+
+    before do
+      # Project#gitlab_shell returns a new instance of Gitlab::Shell on every
+      # call. This makes testing a bit easier.
+      allow(project).to receive(:gitlab_shell).and_return(gitlab_shell)
+
+      stub_application_setting(hashed_storage_enabled: true)
+    end
 
-        service_execute
+    it 'renames a repository' do
+      stub_container_registry_config(enabled: false)
 
-        expect(project.project_repository).to have_attributes(
-          disk_path: project.disk_path,
-          shard_name: project.repository_storage
-        )
-      end
+      expect(gitlab_shell).not_to receive(:mv_repository)
 
-      context 'with hashed storage upgrade when renaming enabled' do
-        it 'calls HashedStorage::MigrationService with correct options' do
-          stub_application_setting(hashed_storage_enabled: true)
+      expect_any_instance_of(SystemHooksService)
+        .to receive(:execute_hooks_for)
+        .with(project, :rename)
 
-          expect_next_instance_of(::Projects::HashedStorage::MigrationService) do |service|
-            expect(service).to receive(:execute).and_return(true)
-          end
+      expect(project).to receive(:expire_caches_before_rename)
 
-          service_execute
-        end
-      end
+      service_execute
     end
 
-    context 'using hashed storage' do
-      let(:project) { create(:project, :repository, skip_disk_validation: true) }
-      let(:gitlab_shell) { Gitlab::Shell.new }
-      let(:hash) { Digest::SHA2.hexdigest(project.id.to_s) }
-      let(:hashed_prefix) { File.join('@hashed', hash[0..1], hash[2..3]) }
-      let(:hashed_path) { File.join(hashed_prefix, hash) }
+    context 'container registry with images' do
+      let(:container_repository) { create(:container_repository) }
 
       before do
-        # Project#gitlab_shell returns a new instance of Gitlab::Shell on every
-        # call. This makes testing a bit easier.
-        allow(project).to receive(:gitlab_shell).and_return(gitlab_shell)
-
-        stub_application_setting(hashed_storage_enabled: true)
+        stub_container_registry_config(enabled: true)
+        stub_container_registry_tags(repository: :any, tags: ['tag'])
+        project.container_repositories << container_repository
       end
 
-      it 'renames a repository' do
-        stub_container_registry_config(enabled: false)
-
-        expect(gitlab_shell).not_to receive(:mv_repository)
-
-        expect_any_instance_of(SystemHooksService)
-          .to receive(:execute_hooks_for)
-          .with(project, :rename)
-
-        expect(project).to receive(:expire_caches_before_rename)
-
-        service_execute
+      it 'raises a RenameFailedError' do
+        expect { service_execute }
+          .to raise_error(described_class::RenameFailedError)
       end
+    end
 
-      context 'container registry with images' do
-        let(:container_repository) { create(:container_repository) }
+    context 'attachments' do
+      let(:uploader) { create(:upload, :issuable_upload, :with_file, model: project) }
+      let(:file_uploader) { build(:file_uploader, project: project) }
+      let(:legacy_storage_path) { File.join(file_uploader.root, legacy_storage.disk_path) }
+      let(:hashed_storage_path) { File.join(file_uploader.root, hashed_storage.disk_path) }
 
-        before do
-          stub_container_registry_config(enabled: true)
-          stub_container_registry_tags(repository: :any, tags: ['tag'])
-          project.container_repositories << container_repository
-        end
+      it 'keeps uploads folder location unchanged' do
+        expect_any_instance_of(Gitlab::UploadsTransfer).not_to receive(:rename_project)
 
-        it 'raises a RenameFailedError' do
-          expect { service_execute }
-            .to raise_error(described_class::RenameFailedError)
-        end
+        service_execute
       end
 
-      context 'attachments' do
-        let(:uploader) { create(:upload, :issuable_upload, :with_file, model: project) }
-        let(:file_uploader) { build(:file_uploader, project: project) }
-        let(:legacy_storage_path) { File.join(file_uploader.root, legacy_storage.disk_path) }
-        let(:hashed_storage_path) { File.join(file_uploader.root, hashed_storage.disk_path) }
+      context 'when not rolled out' do
+        let(:project) { create(:project, :repository, storage_version: 1, skip_disk_validation: true) }
 
-        it 'keeps uploads folder location unchanged' do
-          expect_any_instance_of(Gitlab::UploadsTransfer).not_to receive(:rename_project)
+        it 'moves attachments folder to hashed storage' do
+          expect(File.directory?(legacy_storage_path)).to be_truthy
+          expect(File.directory?(hashed_storage_path)).to be_falsey
 
           service_execute
-        end
-
-        context 'when not rolled out' do
-          let(:project) { create(:project, :repository, storage_version: 1, skip_disk_validation: true) }
-
-          it 'moves attachments folder to hashed storage' do
-            expect(File.directory?(legacy_storage_path)).to be_truthy
-            expect(File.directory?(hashed_storage_path)).to be_falsey
+          expect(project.reload.hashed_storage?(:attachments)).to be_truthy
 
-            service_execute
-            expect(project.reload.hashed_storage?(:attachments)).to be_truthy
-
-            expect(File.directory?(legacy_storage_path)).to be_falsey
-            expect(File.directory?(hashed_storage_path)).to be_truthy
-          end
+          expect(File.directory?(legacy_storage_path)).to be_falsey
+          expect(File.directory?(hashed_storage_path)).to be_truthy
         end
       end
+    end
 
-      it 'updates project full path in gitaly' do
-        service_execute
+    it 'updates project full path in gitaly' do
+      service_execute
 
-        expect(project.repository.full_path).to eq(project.full_path)
-      end
+      expect(project.repository.full_path).to eq(project.full_path)
+    end
 
-      it 'updates storage location' do
-        service_execute
+    it 'updates storage location' do
+      service_execute
 
-        expect(project.project_repository).to have_attributes(
-          disk_path: project.disk_path,
-          shard_name: project.repository_storage
-        )
-      end
+      expect(project.project_repository).to have_attributes(
+        disk_path: project.disk_path,
+        shard_name: project.repository_storage
+      )
     end
 
     context 'EventStore' do
diff --git a/workhorse/go.mod b/workhorse/go.mod
index 5513ddcaa30..77ec86eb9f7 100644
--- a/workhorse/go.mod
+++ b/workhorse/go.mod
@@ -32,22 +32,22 @@ require (
 	golang.org/x/image v0.7.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/net v0.14.0
-	golang.org/x/oauth2 v0.9.0
+	golang.org/x/oauth2 v0.10.0
 	golang.org/x/tools v0.12.1-0.20230825192346-2191a27a6dc5
-	google.golang.org/grpc v1.56.0
+	google.golang.org/grpc v1.58.2
 	google.golang.org/protobuf v1.31.0
 	honnef.co/go/tools v0.4.6
 )
 
 require (
-	cloud.google.com/go v0.110.2 // indirect
-	cloud.google.com/go/compute v1.20.0 // indirect
+	cloud.google.com/go v0.110.4 // indirect
+	cloud.google.com/go/compute v1.21.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.0 // indirect
-	cloud.google.com/go/monitoring v1.15.0 // indirect
+	cloud.google.com/go/iam v1.1.1 // indirect
+	cloud.google.com/go/monitoring v1.15.1 // indirect
 	cloud.google.com/go/profiler v0.1.0 // indirect
 	cloud.google.com/go/storage v1.30.1 // indirect
-	cloud.google.com/go/trace v1.10.0 // indirect
+	cloud.google.com/go/trace v1.10.1 // indirect
 	contrib.go.opencensus.io/exporter/stackdriver v0.13.14 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
@@ -122,9 +122,9 @@ require (
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/api v0.128.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
 	gopkg.in/DataDog/dd-trace-go.v1 v1.32.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/workhorse/go.sum b/workhorse/go.sum
index 9d6ca6b0d95..7f197088728 100644
--- a/workhorse/go.sum
+++ b/workhorse/go.sum
@@ -41,8 +41,9 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY
 cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM=
 cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I=
 cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
-cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
 cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw=
+cloud.google.com/go v0.110.4 h1:1JYyxKMN9hd5dR2MYTPWkGUgcoxVVhg0LKNKEo0qvmk=
+cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI=
 cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4=
 cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw=
 cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E=
@@ -180,8 +181,9 @@ cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOV
 cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
 cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
 cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
-cloud.google.com/go/compute v1.20.0 h1:cUOcywWuowO9It2i1KX1lIb0HH7gLv6nENKuZGnlcSo=
 cloud.google.com/go/compute v1.20.0/go.mod h1:kn5BhC++qUWR/AM3Dn21myV7QbgqejW04cAOrtppaQI=
+cloud.google.com/go/compute v1.21.0 h1:JNBsyXVoOoNJtTQcnEY5uYpZIbeCTYIeDe0Xh1bySMk=
+cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU=
 cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
@@ -324,8 +326,9 @@ cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4c
 cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY=
 cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
 cloud.google.com/go/iam v1.0.1/go.mod h1:yR3tmSL8BcZB4bxByRv2jkSIahVmCtfKZwLYGBalRE8=
-cloud.google.com/go/iam v1.1.0 h1:67gSqaPukx7O8WLLHMa0PNs3EBGd2eE4d+psbO/CO94=
 cloud.google.com/go/iam v1.1.0/go.mod h1:nxdHjaKfCr7fNYx/HJMM8LgiMugmveWlkatear5gVyk=
+cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y=
+cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
 cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc=
 cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A=
 cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk=
@@ -386,8 +389,9 @@ cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhI
 cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4=
 cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w=
 cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw=
-cloud.google.com/go/monitoring v1.15.0 h1:b85k1A7eWZDkNtK08hDt45vNHJ2b0WpeNFAkUa86ons=
 cloud.google.com/go/monitoring v1.15.0/go.mod h1:/LPLNIY93ZtCpPKuO38kEYh+WhhiqIt8HYch2srelRM=
+cloud.google.com/go/monitoring v1.15.1 h1:65JhLMd+JiYnXr6j5Z63dUYCuOg770p8a/VC+gil/58=
+cloud.google.com/go/monitoring v1.15.1/go.mod h1:lADlSAlFdbqQuwwpaImhsJXu1QSdd3ojypXrFSMr2rM=
 cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA=
 cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o=
 cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM=
@@ -577,8 +581,9 @@ cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg
 cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y=
 cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA=
 cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk=
-cloud.google.com/go/trace v1.10.0 h1:qHz42GfGe3OfNvKMUs5Z8lD+PuUr3uqUADVgKG+SCw4=
 cloud.google.com/go/trace v1.10.0/go.mod h1:X3g0Th7+AIjj4rUVhv9JpMv7jpsRIJ9et+wYjCHYbQs=
+cloud.google.com/go/trace v1.10.1 h1:EwGdOLCNfYOOPtgqo+D2sDLZmRCEO1AagRTJCU6ztdg=
+cloud.google.com/go/trace v1.10.1/go.mod h1:gbtL94KE5AJLH3y+WVpfWILmqgc6dXcqgNXdOPAQTYk=
 cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs=
 cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg=
 cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0=
@@ -2621,8 +2626,9 @@ golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I
 golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
 golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
 golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
-golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs=
 golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw=
+golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
+golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
 golang.org/x/sync v0.0.0-20170517211232-f52d1811a629/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -3201,19 +3207,22 @@ google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOl
 google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY=
-google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
 google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
+google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 h1:Z0hjGZePRE0ZBWotvtrwxFNrNE9CUAGtplaDK5NNI/g=
+google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0=
 google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8=
 google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
 google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
-google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
 google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
+google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 h1:FmF5cCW94Ij59cfpoLiwTgodWmm60eEV0CjlsVg2fuw=
+google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
 google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 h1:bVf09lpb+OJbByTj913DRJioFFAjf/ZGxEz7MajTp2U=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.2.1-0.20170921194603-d4b75ebd4f9f/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -3262,8 +3271,9 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v
 google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
 google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
 google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
-google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE=
 google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I=
+google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=