Add latest changes from gitlab-org/gitlab@master

33 files changed, 156 insertions, 182 deletions

diff --git a/.rubocop_manual_todo.yml b/.rubocop_manual_todo.yml
index fe1c607821b..15ce98b6770 100644
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -10,20 +10,6 @@
 # - guidelines for use found in
 #   https://docs.gitlab.com/ee/development/contributing/style_guides.html#resolving-rubocop-exceptions.
 
-# WIP See https://gitlab.com/gitlab-org/gitlab/-/issues/337596
-Graphql/Descriptions:
-  Exclude:
-    - 'ee/app/graphql/types/iteration_state_enum.rb'
-    - 'ee/app/graphql/types/requirements_management/requirement_state_enum.rb'
-    - 'ee/app/graphql/types/requirements_management/test_report_state_enum.rb'
-    - 'ee/app/graphql/types/security_scanner_type_enum.rb'
-    - 'ee/app/graphql/types/vulnerability/issue_link_type_enum.rb'
-    - 'ee/app/graphql/types/vulnerability_grade_enum.rb'
-    - 'ee/app/graphql/types/vulnerability_report_type_enum.rb'
-    - 'ee/app/graphql/types/vulnerability_severity_enum.rb'
-    - 'ee/app/graphql/types/vulnerability_state_enum.rb'
-    - 'ee/app/graphql/types/vulnerability_confidence_enum.rb'
-
 # WIP: See https://gitlab.com/gitlab-org/gitlab/-/issues/220040
 Rails/SaveBang:
   Exclude:
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 74e958a0b93..2ec6b8c1965 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-125aa5ddeb59977b974a13cc460663209c6bd2f4
+ccd8ea3e1436d6464ac5f67e6bebd1ae317f4d50
diff --git a/app/assets/javascripts/boards/boards_util.js b/app/assets/javascripts/boards/boards_util.js
index cdf25b2d428..d113a1d39d8 100644
--- a/app/assets/javascripts/boards/boards_util.js
+++ b/app/assets/javascripts/boards/boards_util.js
@@ -1,5 +1,4 @@
 import { sortBy, cloneDeep } from 'lodash';
-import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 import { ListType, MilestoneIDs } from './constants';
 
 export function getMilestone() {
@@ -49,12 +48,10 @@ export function formatListIssues(listIssues) {
     return {
       ...map,
       [list.id]: sortedIssues.map((i) => {
-        const id = getIdFromGraphQLId(i.id);
+        const { id } = i;
 
         const listIssue = {
           ...i,
-          id,
-          fullId: i.id,
           labels: i.labels?.nodes || [],
           assignees: i.assignees?.nodes || [],
         };
diff --git a/app/assets/javascripts/boards/components/board_content_sidebar.vue b/app/assets/javascripts/boards/components/board_content_sidebar.vue
index 7a936e75676..e0105d63d99 100644
--- a/app/assets/javascripts/boards/components/board_content_sidebar.vue
+++ b/app/assets/javascripts/boards/components/board_content_sidebar.vue
@@ -96,7 +96,7 @@ export default {
       <template #header>
         <sidebar-todo-widget
           class="gl-mt-3"
-          :issuable-id="activeBoardItem.fullId"
+          :issuable-id="activeBoardItem.id"
           :issuable-iid="activeBoardItem.iid"
           :full-path="fullPath"
           :issuable-type="issuableType"
diff --git a/app/assets/javascripts/boards/components/board_list.vue b/app/assets/javascripts/boards/components/board_list.vue
index 849492effab..47dffc985aa 100644
--- a/app/assets/javascripts/boards/components/board_list.vue
+++ b/app/assets/javascripts/boards/components/board_list.vue
@@ -208,7 +208,7 @@ export default {
         newIndex = children.length;
       }
 
-      const getItemId = (el) => Number(el.dataset.itemId);
+      const getItemId = (el) => el.dataset.itemId;
 
       // If item is being moved within the same list
       if (from === to) {
@@ -234,7 +234,7 @@ export default {
       }
 
       this.moveItem({
-        itemId: Number(itemId),
+        itemId,
         itemIid,
         itemPath,
         fromListId: from.dataset.listId,
diff --git a/app/assets/javascripts/boards/stores/actions.js b/app/assets/javascripts/boards/stores/actions.js
index 402205334c8..dc06b62cebb 100644
--- a/app/assets/javascripts/boards/stores/actions.js
+++ b/app/assets/javascripts/boards/stores/actions.js
@@ -574,8 +574,8 @@ export default {
           boardId: fullBoardId,
           fromListId: getIdFromGraphQLId(fromListId),
           toListId: getIdFromGraphQLId(toListId),
-          moveBeforeId,
-          moveAfterId,
+          moveBeforeId: moveBeforeId ? getIdFromGraphQLId(moveBeforeId) : undefined,
+          moveAfterId: moveAfterId ? getIdFromGraphQLId(moveAfterId) : undefined,
           // 'mutationVariables' allows EE code to pass in extra parameters.
           ...mutationVariables,
         },
@@ -642,7 +642,7 @@ export default {
         }
 
         const rawIssue = data.createIssue?.issue;
-        const formattedIssue = formatIssue({ ...rawIssue, id: getIdFromGraphQLId(rawIssue.id) });
+        const formattedIssue = formatIssue(rawIssue);
         dispatch('removeListItem', { listId: list.id, itemId: placeholderId });
         dispatch('addListItem', { list, item: formattedIssue, position: 0 });
       })
@@ -678,7 +678,7 @@ export default {
     }
 
     commit(types.UPDATE_BOARD_ITEM_BY_ID, {
-      itemId: getIdFromGraphQLId(data.updateIssue?.issue?.id) || activeBoardItem.id,
+      itemId: data.updateIssue?.issue?.id || activeBoardItem.id,
       prop: 'labels',
       value: data.updateIssue.issue.labels.nodes,
     });
diff --git a/app/assets/javascripts/boards/stores/getters.js b/app/assets/javascripts/boards/stores/getters.js
index 7fa8cac9c98..cb31eb4b008 100644
--- a/app/assets/javascripts/boards/stores/getters.js
+++ b/app/assets/javascripts/boards/stores/getters.js
@@ -16,7 +16,7 @@ export default {
   },
 
   activeBoardItem: (state) => {
-    return state.boardItems[state.activeId] || { iid: '', id: '', fullId: '' };
+    return state.boardItems[state.activeId] || { iid: '', id: '' };
   },
 
   groupPathForActiveIssue: (_, getters) => {
diff --git a/app/assets/javascripts/boards/stores/mutations.js b/app/assets/javascripts/boards/stores/mutations.js
index 86df3139e0a..ef5b84b4575 100644
--- a/app/assets/javascripts/boards/stores/mutations.js
+++ b/app/assets/javascripts/boards/stores/mutations.js
@@ -1,6 +1,5 @@
 import { cloneDeep, pull, union } from 'lodash';
 import Vue from 'vue';
-import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 import { s__, __ } from '~/locale';
 import { formatIssue } from '../boards_util';
 import { issuableTypes } from '../constants';
@@ -201,8 +200,7 @@ export default {
   },
 
   [mutationTypes.MUTATE_ISSUE_SUCCESS]: (state, { issue }) => {
-    const issueId = getIdFromGraphQLId(issue.id);
-    Vue.set(state.boardItems, issueId, formatIssue({ ...issue, id: issueId }));
+    Vue.set(state.boardItems, issue.id, formatIssue(issue));
   },
 
   [mutationTypes.ADD_BOARD_ITEM_TO_LIST]: (
diff --git a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue
index 1dd05d3886e..1b28ba2afd1 100644
--- a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue
@@ -3,7 +3,6 @@ import { GlDropdownItem } from '@gitlab/ui';
 import { cloneDeep } from 'lodash';
 import Vue from 'vue';
 import createFlash from '~/flash';
-import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 import { IssuableType } from '~/issue_show/constants';
 import { __, n__ } from '~/locale';
 import SidebarAssigneesRealtime from '~/sidebar/components/assignees/assignees_realtime.vue';
@@ -173,7 +172,7 @@ export default {
         })
         .then(({ data }) => {
           this.$emit('assignees-updated', {
-            id: getIdFromGraphQLId(data.issuableSetAssignees.issuable.id),
+            id: data.issuableSetAssignees.issuable.id,
             assignees: data.issuableSetAssignees.issuable.assignees.nodes,
           });
           return data;
diff --git a/config/feature_flags/development/method_instrumentation_disable_initialization.yml b/config/feature_flags/development/method_instrumentation_disable_initialization.yml
deleted file mode 100644
index d73d6fdaac7..00000000000
--- a/config/feature_flags/development/method_instrumentation_disable_initialization.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: method_instrumentation_disable_initialization
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69091
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/339665
-milestone: '14.3'
-type: development
-group: group::memory
-default_enabled: false
diff --git a/config/feature_flags/development/vulnerability_flags.yml b/config/feature_flags/development/vulnerability_flags.yml
index 8e78dc0f611..6ea7dd2e3f1 100644
--- a/config/feature_flags/development/vulnerability_flags.yml
+++ b/config/feature_flags/development/vulnerability_flags.yml
@@ -2,7 +2,7 @@
 name: vulnerability_flags
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66775
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340203
-milestone: '14.2'
+milestone: '14.3'
 type: development
 group: group::static analysis
-default_enabled: false
+default_enabled: true
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 204d4d88f0a..02fc4912f94 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -13,6 +13,8 @@ end
 
 cookie_key = if Rails.env.development?
                "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
+             elsif ::Gitlab.ee? && ::Gitlab::Geo.connected? && ::Gitlab::Geo.secondary?
+               "_gitlab_session_geo_#{Digest::SHA256.hexdigest(GeoNode.current_node_name)}"
              else
                "_gitlab_session"
              end
diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb
index b23d20aa4cd..25e4ec0d483 100644
--- a/config/initializers/zz_metrics.rb
+++ b/config/initializers/zz_metrics.rb
@@ -162,49 +162,6 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d
     config.middleware.use(Gitlab::Metrics::ElasticsearchRackMiddleware)
   end
 
-  # We are removing the Instrumentation module entirely in steps.
-  # More in https://gitlab.com/gitlab-org/gitlab/-/issues/217978.
-  unless ::Feature.enabled?(:method_instrumentation_disable_initialization)
-    # This instruments all methods residing in app/models that (appear to) use any
-    # of the ActiveRecord methods. This has to take place _after_ initializing as
-    # for some unknown reason calling eager_load! earlier breaks Devise.
-    Gitlab::Application.config.after_initialize do
-      # We should move all the logic of this file to somewhere else
-      # and require it after `Rails.application.initialize!` in `environment.rb` file.
-      models_path = Rails.root.join('app', 'models').to_s
-
-      Dir.glob("**/*.rb", base: models_path).sort.each do |file|
-        require_dependency file
-      end
-
-      regex = Regexp.union(
-        ActiveRecord::Querying.public_instance_methods(false).map(&:to_s)
-      )
-
-      Gitlab::Metrics::Instrumentation
-        .instrument_class_hierarchy(ActiveRecord::Base) do |klass, method|
-          # Instrumenting the ApplicationSetting class can lead to an infinite
-          # loop. Since the data is cached any way we don't really need to
-          # instrument it.
-          if klass == ApplicationSetting
-            false
-          else
-            loc = method.source_location
-
-            loc && loc[0].start_with?(models_path) && method.source =~ regex
-          end
-        end
-
-      # Ability is in app/models, is not an ActiveRecord model, but should still
-      # be instrumented.
-      Gitlab::Metrics::Instrumentation.instrument_methods(Ability)
-    end
-
-    Gitlab::Metrics::Instrumentation.configure do |config|
-      instrument_classes(config)
-    end
-  end
-
   GC::Profiler.enable
 
   module TrackNewRedisConnections
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index dec18495f1c..797e1bfdf79 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -449,6 +449,8 @@ To monitor [strong consistency](#strong-consistency), you can use the following
 - `gitaly_hook_transaction_voting_delay_seconds`, the client-side delay introduced by waiting for
   the transaction to be committed.
 
+You can also monitor the [Praefect logs](../logs.md#praefect-logs).
+
 ## Do not bypass Gitaly
 
 GitLab doesn't advise directly accessing Gitaly repositories stored on disk with a Git client,
diff --git a/doc/administration/logs.md b/doc/administration/logs.md
index 058437c168a..990287e3907 100644
--- a/doc/administration/logs.md
+++ b/doc/administration/logs.md
@@ -50,6 +50,7 @@ except those captured by `runit`.
 | [Mailroom](#mail_room_jsonlog-default)          | **{check-circle}** Yes | **{check-circle}** Yes  |
 | [NGINX](#nginx-logs)                            | **{check-circle}** Yes | **{check-circle}** Yes  |
 | [PostgreSQL Logs](#postgresql-logs)             | **{dotted-circle}** No | **{check-circle}** Yes  |
+| [Praefect Logs](#praefect-logs)                 | **{dotted-circle}** Yes| **{check-circle}** Yes  |
 | [Prometheus Logs](#prometheus-logs)             | **{dotted-circle}** No | **{check-circle}** Yes  |
 | [Puma](#puma-logs)                              | **{check-circle}** Yes | **{check-circle}** Yes  |
 | [Redis Logs](#redis-logs)                       | **{dotted-circle}** No | **{check-circle}** Yes  |
@@ -1062,6 +1063,12 @@ For Omnibus GitLab installations, GitLab Exporter logs are in `/var/log/gitlab/g
 For Omnibus GitLab installations, GitLab Kubernetes Agent Server logs are
 in `/var/log/gitlab/gitlab-kas/`.
 
+## Praefect Logs
+
+For Omnibus GitLab installations, Praefect logs are in `/var/log/gitlab/praefect/`.
+
+GitLab also tracks [Prometheus metrics for Praefect](gitaly/#monitor-gitaly-cluster).
+
 ## Performance bar stats
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48149) in GitLab 13.7.
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index dedb2ec4c0e..6a24eae6c35 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -15700,12 +15700,12 @@ State of a GitLab iteration.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="iterationstateall"></a>`all` |  |
-| <a id="iterationstateclosed"></a>`closed` |  |
-| <a id="iterationstatecurrent"></a>`current` |  |
-| <a id="iterationstateopened"></a>`opened` |  |
+| <a id="iterationstateall"></a>`all` | Any iteration. |
+| <a id="iterationstateclosed"></a>`closed` | Closed iteration. |
+| <a id="iterationstatecurrent"></a>`current` | Current iteration. |
+| <a id="iterationstateopened"></a>`opened` | Open iteration. |
 | <a id="iterationstatestarted"></a>`started` **{warning-solid}** | **Deprecated** in 14.1. Use current instead. |
-| <a id="iterationstateupcoming"></a>`upcoming` |  |
+| <a id="iterationstateupcoming"></a>`upcoming` | Upcoming iteration. |
 
 ### `IterationWildcardId`
 
@@ -16101,8 +16101,8 @@ State of a requirement.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="requirementstatearchived"></a>`ARCHIVED` |  |
-| <a id="requirementstateopened"></a>`OPENED` |  |
+| <a id="requirementstatearchived"></a>`ARCHIVED` | Archived requirement. |
+| <a id="requirementstateopened"></a>`OPENED` | Open requirement. |
 
 ### `RequirementStatusFilter`
 
@@ -16110,9 +16110,9 @@ Status of a requirement based on last test report.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="requirementstatusfilterfailed"></a>`FAILED` |  |
+| <a id="requirementstatusfilterfailed"></a>`FAILED` | Failed test report. |
 | <a id="requirementstatusfiltermissing"></a>`MISSING` | Requirements without any test report. |
-| <a id="requirementstatusfilterpassed"></a>`PASSED` |  |
+| <a id="requirementstatusfilterpassed"></a>`PASSED` | Passed test report. |
 
 ### `RunnerMembershipFilter`
 
@@ -16152,14 +16152,14 @@ The type of the security scanner.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` |  |
-| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` |  |
-| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` |  |
-| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` |  |
-| <a id="securityscannertypedast"></a>`DAST` |  |
-| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` |  |
-| <a id="securityscannertypesast"></a>`SAST` |  |
-| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` |  |
+| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing scanner. |
+| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning scanner. |
+| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning scanner. |
+| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing scanner. |
+| <a id="securityscannertypedast"></a>`DAST` | DAST scanner. |
+| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning scanner. |
+| <a id="securityscannertypesast"></a>`SAST` | SAST scanner. |
+| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection scanner. |
 
 ### `SentryErrorStatus`
 
@@ -16261,8 +16261,8 @@ State of a test report.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="testreportstatefailed"></a>`FAILED` |  |
-| <a id="testreportstatepassed"></a>`PASSED` |  |
+| <a id="testreportstatefailed"></a>`FAILED` | Failed test report. |
+| <a id="testreportstatepassed"></a>`PASSED` | Passed test report. |
 
 ### `TodoActionEnum`
 
@@ -16375,13 +16375,13 @@ Confidence that a given vulnerability is present in the codebase.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` |  |
-| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` |  |
-| <a id="vulnerabilityconfidencehigh"></a>`HIGH` |  |
-| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` |  |
-| <a id="vulnerabilityconfidencelow"></a>`LOW` |  |
-| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` |  |
-| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` |  |
+| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` | Confirmed confidence. |
+| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` | Experimental confidence. |
+| <a id="vulnerabilityconfidencehigh"></a>`HIGH` | High confidence. |
+| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` | Ignore confidence. |
+| <a id="vulnerabilityconfidencelow"></a>`LOW` | Low confidence. |
+| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` | Medium confidence. |
+| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` | Unknown confidence. |
 
 ### `VulnerabilityDismissalReason`
 
@@ -16417,11 +16417,11 @@ The grade of the vulnerable project.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilitygradea"></a>`A` |  |
-| <a id="vulnerabilitygradeb"></a>`B` |  |
-| <a id="vulnerabilitygradec"></a>`C` |  |
-| <a id="vulnerabilitygraded"></a>`D` |  |
-| <a id="vulnerabilitygradef"></a>`F` |  |
+| <a id="vulnerabilitygradea"></a>`A` | A grade. |
+| <a id="vulnerabilitygradeb"></a>`B` | B grade. |
+| <a id="vulnerabilitygradec"></a>`C` | C grade. |
+| <a id="vulnerabilitygraded"></a>`D` | D grade. |
+| <a id="vulnerabilitygradef"></a>`F` | F grade. |
 
 ### `VulnerabilityIssueLinkType`
 
@@ -16429,8 +16429,8 @@ The type of the issue link related to a vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` |  |
-| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` |  |
+| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` | Issue is created for the vulnerability. |
+| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` | Has a related issue. |
 
 ### `VulnerabilityReportType`
 
@@ -16438,15 +16438,15 @@ The type of the security scan that found the vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` |  |
-| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` |  |
-| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` |  |
-| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` |  |
-| <a id="vulnerabilityreporttypedast"></a>`DAST` |  |
-| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` |  |
-| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` |  |
-| <a id="vulnerabilityreporttypesast"></a>`SAST` |  |
-| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` |  |
+| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing report. |
+| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning report. |
+| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning report. |
+| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing report. |
+| <a id="vulnerabilityreporttypedast"></a>`DAST` | DAST report. |
+| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning report. |
+| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` | Generic report. |
+| <a id="vulnerabilityreporttypesast"></a>`SAST` | SAST report. |
+| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection report. |
 
 ### `VulnerabilitySeverity`
 
@@ -16454,12 +16454,12 @@ The severity of the vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` |  |
-| <a id="vulnerabilityseverityhigh"></a>`HIGH` |  |
-| <a id="vulnerabilityseverityinfo"></a>`INFO` |  |
-| <a id="vulnerabilityseveritylow"></a>`LOW` |  |
-| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` |  |
-| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` |  |
+| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` | Critical severity. |
+| <a id="vulnerabilityseverityhigh"></a>`HIGH` | High severity. |
+| <a id="vulnerabilityseverityinfo"></a>`INFO` | Info severity. |
+| <a id="vulnerabilityseveritylow"></a>`LOW` | Low severity. |
+| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` | Medium severity. |
+| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` | Unknown severity. |
 
 ### `VulnerabilitySort`
 
@@ -16484,10 +16484,10 @@ The state of the vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` |  |
-| <a id="vulnerabilitystatedetected"></a>`DETECTED` |  |
-| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` |  |
-| <a id="vulnerabilitystateresolved"></a>`RESOLVED` |  |
+| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` | Confirmed vulnerability. |
+| <a id="vulnerabilitystatedetected"></a>`DETECTED` | Detected vulnerability. |
+| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` | Dismissed vulnerability. |
+| <a id="vulnerabilitystateresolved"></a>`RESOLVED` | Resolved vulnerability. |
 
 ### `WeightWildcardId`
 
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 37a19ec77a4..15cd6e4a75f 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -1094,7 +1094,7 @@ To edit an existing site profile:
 1. Edit the fields then select **Save profile**.
 
 If a site profile is linked to a security policy, a user cannot edit the profile from this page. See
-[Scan Policies](../policies/index.md)
+[Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 #### Delete a site profile
@@ -1108,7 +1108,7 @@ To delete an existing site profile:
 1. Select **Delete** to confirm the deletion.
 
 If a site profile is linked to a security policy, a user cannot delete the profile from this page.
-See [Scan Policies](../policies/index.md)
+See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 #### Validate a site profile
@@ -1238,7 +1238,7 @@ To edit a scanner profile:
 1. Select **Save profile**.
 
 If a scanner profile is linked to a security policy, a user cannot edit the profile from this page.
-See [Scan Policies](../policies/index.md)
+See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 #### Delete a scanner profile
@@ -1252,7 +1252,7 @@ To delete a scanner profile:
 1. Select **Delete**.
 
 If a scanner profile is linked to a security policy, a user cannot delete the profile from this
-page. See [Scan Policies](../policies/index.md)
+page. See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 ### Auditing
diff --git a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png
index 3efa344eb59..b21d0330b2f 100644
--- a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png
+++ b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index 6865378f333..b7b31e89f3b 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -57,6 +57,7 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI
 #### NameID Format
 
 We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format.
+Most NameID formats can be used, except `Transient` due to the temporary nature of this format.
 
 ### Assertions
 
@@ -489,12 +490,13 @@ If you do not wish to use that GitLab user with the SAML login, you can [unlink
 
 ### Message: "SAML authentication failed: User has already been taken"
 
-The user that you're signed in with already has SAML linked to a different identity.
+The user that you're signed in with already has SAML linked to a different identity, or the NameID value has changed.
 Here are possible causes and solutions:
 
 | Cause                                                                                          | Solution                                                                                                                                                                   |
 | ---------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | You've tried to link multiple SAML identities to the same user, for a given identity provider. | Change the identity that you sign in with. To do so, [unlink the previous SAML identity](#unlinking-accounts) from this GitLab account before attempting to sign in again. |
+| The NameID changes everytime the user requests SSO identification | Check the NameID is not set with `Transient` format, or the NameID is not changing on subsequent requests.|
 
 ### Message: "SAML authentication failed: Email has already been taken"
 
diff --git a/lib/gitlab/database/partitioning/partition_manager.rb b/lib/gitlab/database/partitioning/partition_manager.rb
index 7e433ecdd39..2ba5b35d6b9 100644
--- a/lib/gitlab/database/partitioning/partition_manager.rb
+++ b/lib/gitlab/database/partitioning/partition_manager.rb
@@ -74,8 +74,9 @@ module Gitlab
         end
 
         def create(partitions)
-          connection.transaction do
-            with_lock_retries do
+          # with_lock_retries starts a requires_new transaction most of the time, but not on the last iteration
+          with_lock_retries do
+            connection.transaction(requires_new: false) do # so we open a transaction here if not already in progress
               partitions.each do |partition|
                 connection.execute partition.to_sql
 
@@ -88,8 +89,9 @@ module Gitlab
         end
 
         def detach(partitions)
-          connection.transaction do
-            with_lock_retries do
+          # with_lock_retries starts a requires_new transaction most of the time, but not on the last iteration
+          with_lock_retries do
+            connection.transaction(requires_new: false) do # so we open a transaction here if not already in progress
               partitions.each { |p| detach_one_partition(p) }
             end
           end
diff --git a/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb b/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb
index a2e7f4befab..59ca06b5aca 100644
--- a/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb
+++ b/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb
@@ -7,7 +7,7 @@ module Gitlab
         extend ActiveSupport::Concern
 
         def dump_schema_information # :nodoc:
-          Gitlab::Database::SchemaMigrations.touch_all(self)
+          Gitlab::Database::SchemaMigrations.touch_all(self) if Gitlab.dev_or_test_env?
 
           nil
         end
diff --git a/qa/qa/flow/login.rb b/qa/qa/flow/login.rb
index d23d8eaf097..05a509588f1 100644
--- a/qa/qa/flow/login.rb
+++ b/qa/qa/flow/login.rb
@@ -5,10 +5,10 @@ module QA
     module Login
       module_function
 
-      def while_signed_in(as: nil, address: :gitlab)
+      def while_signed_in(as: nil, address: :gitlab, admin: false)
         Page::Main::Menu.perform(&:sign_out_if_signed_in)
 
-        sign_in(as: as, address: address)
+        sign_in(as: as, address: address, admin: admin)
 
         result = yield
 
@@ -17,19 +17,25 @@ module QA
       end
 
       def while_signed_in_as_admin(address: :gitlab)
-        while_signed_in(as: Runtime::User.admin, address: address) do
+        while_signed_in(address: address, admin: true) do
           yield
         end
       end
 
-      def sign_in(as: nil, address: :gitlab, skip_page_validation: false)
+      def sign_in(as: nil, address: :gitlab, skip_page_validation: false, admin: false)
         Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform(&:signed_in?)
         Runtime::Browser.visit(address, Page::Main::Login)
-        Page::Main::Login.perform { |login| login.sign_in_using_credentials(user: as, skip_page_validation: skip_page_validation) }
+        Page::Main::Login.perform do |login|
+          if admin
+            login.sign_in_using_admin_credentials
+          else
+            login.sign_in_using_credentials(user: as, skip_page_validation: skip_page_validation)
+          end
+        end
       end
 
       def sign_in_as_admin(address: :gitlab)
-        sign_in(as: Runtime::User.admin, address: address)
+        sign_in(as: Runtime::User.admin, address: address, admin: true)
       end
 
       def sign_in_unless_signed_in(as: nil, address: :gitlab)
diff --git a/qa/qa/page/main/login.rb b/qa/qa/page/main/login.rb
index 2c7ce69e4e5..c3170478733 100644
--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -53,7 +53,7 @@ module QA
             set_initial_password_if_present
 
             if Runtime::User.ldap_user? && user && user.username != Runtime::User.ldap_username
-              raise 'If an LDAP user is provided, it must be used for sign-in', QA::Resource::User::InvalidUserError
+              raise QA::Resource::User::InvalidUserError, 'If an LDAP user is provided, it must be used for sign-in'
             end
 
             if Runtime::User.ldap_user?
diff --git a/qa/qa/resource/user.rb b/qa/qa/resource/user.rb
index 01de1a73422..811ce5e0505 100644
--- a/qa/qa/resource/user.rb
+++ b/qa/qa/resource/user.rb
@@ -187,7 +187,8 @@ module QA
       end
 
       def fetching_own_data?
-        api_user&.username == username || Runtime::User.username == username
+        runtime_username = Runtime::User.ldap_user? ? Runtime::User.ldap_username : Runtime::User.username
+        api_user&.username == username || runtime_username == username
       end
     end
   end
diff --git a/qa/qa/runtime/api/client.rb b/qa/qa/runtime/api/client.rb
index 4126ff9ff5a..8a5e22fbc37 100644
--- a/qa/qa/runtime/api/client.rb
+++ b/qa/qa/runtime/api/client.rb
@@ -36,16 +36,28 @@ module QA
             if Runtime::Env.admin_personal_access_token
               Runtime::API::Client.new(:gitlab, personal_access_token: Runtime::Env.admin_personal_access_token)
             else
-              user = Resource::User.fabricate_via_api! do |user|
-                user.username = Runtime::User.admin_username
-                user.password = Runtime::User.admin_password
+              # To return an API client that has admin access, we need a user with admin access to confirm that
+              # the API client user has admin access.
+              client = nil
+              Flow::Login.while_signed_in_as_admin do
+                admin_token = Resource::PersonalAccessToken.fabricate! do |pat|
+                  pat.user = Runtime::User.admin
+                end.token
+
+                client = Runtime::API::Client.new(:gitlab, personal_access_token: admin_token)
+
+                user = QA::Resource::User.init do |user|
+                  user.username = QA::Runtime::User.admin_username
+                  user.password = QA::Runtime::User.admin_password
+                  user.api_client = client
+                end.reload!
+
+                unless user.admin? # rubocop: disable Cop/UserAdmin
+                  raise AuthorizationError, "User '#{user.username}' is not an administrator."
+                end
               end
 
-              unless user.admin?
-                raise AuthorizationError, "User '#{user.username}' is not an administrator."
-              end
-
-              Runtime::API::Client.new(:gitlab, user: user)
+              client
             end
           end
         end
diff --git a/qa/qa/runtime/user.rb b/qa/qa/runtime/user.rb
index a836206034d..0af42470a7c 100644
--- a/qa/qa/runtime/user.rb
+++ b/qa/qa/runtime/user.rb
@@ -34,7 +34,7 @@ module QA
       end
 
       def ldap_user?
-        Runtime::Env.ldap_username && Runtime::Env.ldap_password
+        Runtime::Env.ldap_username.present? && Runtime::Env.ldap_password.present?
       end
 
       def ldap_username
diff --git a/spec/frontend/boards/mock_data.js b/spec/frontend/boards/mock_data.js
index 1bc61c6a112..6a4f344bbfb 100644
--- a/spec/frontend/boards/mock_data.js
+++ b/spec/frontend/boards/mock_data.js
@@ -192,8 +192,7 @@ export const mockIssue = {
 
 export const mockActiveIssue = {
   ...mockIssue,
-  fullId: 'gid://gitlab/Issue/436',
-  id: 436,
+  id: 'gid://gitlab/Issue/436',
   iid: '27',
   subscribed: false,
   emailsDisabled: false,
diff --git a/spec/frontend/boards/stores/actions_spec.js b/spec/frontend/boards/stores/actions_spec.js
index 680b5ca670b..62e0fa7a68a 100644
--- a/spec/frontend/boards/stores/actions_spec.js
+++ b/spec/frontend/boards/stores/actions_spec.js
@@ -26,7 +26,6 @@ import issueCreateMutation from '~/boards/graphql/issue_create.mutation.graphql'
 import actions, { gqlClient } from '~/boards/stores/actions';
 import * as types from '~/boards/stores/mutation_types';
 import mutations from '~/boards/stores/mutations';
-import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 
 import {
   mockLists,
@@ -1213,8 +1212,8 @@ describe('updateMovedIssueCard', () => {
 
 describe('updateIssueOrder', () => {
   const issues = {
-    436: mockIssue,
-    437: mockIssue2,
+    [mockIssue.id]: mockIssue,
+    [mockIssue2.id]: mockIssue2,
   };
 
   const state = {
@@ -1223,7 +1222,7 @@ describe('updateIssueOrder', () => {
   };
 
   const moveData = {
-    itemId: 436,
+    itemId: mockIssue.id,
     fromListId: 'gid://gitlab/List/1',
     toListId: 'gid://gitlab/List/2',
   };
@@ -1482,7 +1481,7 @@ describe('addListNewIssue', () => {
             type: 'addListItem',
             payload: {
               list: fakeList,
-              item: formatIssue({ ...mockIssue, id: getIdFromGraphQLId(mockIssue.id) }),
+              item: formatIssue(mockIssue),
               position: 0,
             },
           },
diff --git a/spec/frontend/boards/stores/getters_spec.js b/spec/frontend/boards/stores/getters_spec.js
index c0774dd3ae1..b30968c45d7 100644
--- a/spec/frontend/boards/stores/getters_spec.js
+++ b/spec/frontend/boards/stores/getters_spec.js
@@ -77,12 +77,12 @@ describe('Boards - Getters', () => {
   });
 
   describe('getBoardItemById', () => {
-    const state = { boardItems: { 1: 'issue' } };
+    const state = { boardItems: { 'gid://gitlab/Issue/1': 'issue' } };
 
     it.each`
-      id     | expected
-      ${'1'} | ${'issue'}
-      ${''}  | ${{}}
+      id                        | expected
+      ${'gid://gitlab/Issue/1'} | ${'issue'}
+      ${''}                     | ${{}}
     `('returns $expected when $id is passed to state', ({ id, expected }) => {
       expect(getters.getBoardItemById(state)(id)).toEqual(expected);
     });
@@ -90,11 +90,11 @@ describe('Boards - Getters', () => {
 
   describe('activeBoardItem', () => {
     it.each`
-      id     | expected
-      ${'1'} | ${'issue'}
-      ${''}  | ${{ id: '', iid: '', fullId: '' }}
+      id                        | expected
+      ${'gid://gitlab/Issue/1'} | ${'issue'}
+      ${''}                     | ${{ id: '', iid: '' }}
     `('returns $expected when $id is passed to state', ({ id, expected }) => {
-      const state = { boardItems: { 1: 'issue' }, activeId: id };
+      const state = { boardItems: { 'gid://gitlab/Issue/1': 'issue' }, activeId: id };
 
       expect(getters.activeBoardItem(state)).toEqual(expected);
     });
diff --git a/spec/frontend/boards/stores/mutations_spec.js b/spec/frontend/boards/stores/mutations_spec.js
index 96306b966fa..0e830258327 100644
--- a/spec/frontend/boards/stores/mutations_spec.js
+++ b/spec/frontend/boards/stores/mutations_spec.js
@@ -407,7 +407,7 @@ describe('Board Store Mutations', () => {
   describe('MUTATE_ISSUE_SUCCESS', () => {
     it('updates issue in issues state', () => {
       const issues = {
-        436: { id: rawIssue.id },
+        [rawIssue.id]: { id: rawIssue.id },
       };
 
       state = {
@@ -419,7 +419,7 @@ describe('Board Store Mutations', () => {
         issue: rawIssue,
       });
 
-      expect(state.boardItems).toEqual({ 436: { ...mockIssue, id: 436 } });
+      expect(state.boardItems).toEqual({ [mockIssue.id]: mockIssue });
     });
   });
 
diff --git a/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js b/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js
index 8504684d23a..39f63b2a9f4 100644
--- a/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js
+++ b/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js
@@ -206,7 +206,7 @@ describe('Sidebar assignees widget', () => {
                 status: null,
               },
             ],
-            id: 1,
+            id: 'gid://gitlab/Issue/1',
           },
         ],
       ]);
diff --git a/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb b/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb
index 3d60457c3a9..24ca0357b6e 100644
--- a/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb
+++ b/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb
@@ -18,6 +18,11 @@ RSpec.describe Gitlab::Database::Partitioning::PartitionManager do
     it 'remembers registered models' do
       expect { described_class.register(model) }.to change { described_class.models }.to include(model)
     end
+
+    after do
+      # Do not leak the double to other specs
+      described_class.models.delete(model)
+    end
   end
 
   context 'creating partitions (mocked)' do
diff --git a/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb b/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb
index 40e36bc02e9..8b06f068503 100644
--- a/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb
+++ b/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb
@@ -26,4 +26,12 @@ RSpec.describe Gitlab::Database::PostgresqlAdapter::DumpSchemaVersionsMixin do
 
     instance.dump_schema_information
   end
+
+  it 'does not call touch_all in production' do
+    allow(Rails).to receive(:env).and_return(ActiveSupport::StringInquirer.new('production'))
+
+    expect(Gitlab::Database::SchemaMigrations).not_to receive(:touch_all)
+
+    instance.dump_schema_information
+  end
 end