Add latest changes from gitlab-org/gitlab@master

16 files changed, 68 insertions, 20 deletions

diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js
index 2d07965ceac..b68c7472bd5 100644
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@@ -47,8 +47,8 @@ logHelloDeferred();
 
 applyGitLabUIConfig({
   translations: {
-    'SearchBoxByType.input.placeholder': __('Search'),
-    'SearchBoxByType.clearButtonTitle': __('Clear'),
+    'GlSearchBoxByType.input.placeholder': __('Search'),
+    'GlSearchBoxByType.clearButtonTitle': __('Clear'),
     'ClearIconButton.title': __('Clear'),
   },
 });
diff --git a/app/helpers/registrations_helper.rb b/app/helpers/registrations_helper.rb
index 4acba9b68d7..6432e4fc682 100644
--- a/app/helpers/registrations_helper.rb
+++ b/app/helpers/registrations_helper.rb
@@ -7,7 +7,7 @@ module RegistrationsHelper
       min_length_message: s_('SignUp|Username is too short (minimum is %{min_length} characters).') % { min_length: User::MIN_USERNAME_LENGTH },
       max_length: User::MAX_USERNAME_LENGTH,
       max_length_message: s_('SignUp|Username is too long (maximum is %{max_length} characters).') % { max_length: User::MAX_USERNAME_LENGTH },
-      qa_selector: 'new_user_username_field'
+      testid: 'new_user_username_field'
     }
   end
 
diff --git a/db/migrate/20230814203548_add_merged_commit_sha_to_merge_requests.rb b/db/migrate/20230814203548_add_merged_commit_sha_to_merge_requests.rb
new file mode 100644
index 00000000000..4c5d2c5c994
--- /dev/null
+++ b/db/migrate/20230814203548_add_merged_commit_sha_to_merge_requests.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddMergedCommitShaToMergeRequests < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  def up
+    with_lock_retries do
+      add_column :merge_requests, :merged_commit_sha, :bytea unless column_exists?(:merge_requests, :merged_commit_sha)
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :merge_requests, :merged_commit_sha if column_exists?(:merge_requests, :merged_commit_sha)
+    end
+  end
+end
diff --git a/db/post_migrate/20230822154640_add_async_index_on_merge_requests_target_project_id_and_merged_commit_sha.rb b/db/post_migrate/20230822154640_add_async_index_on_merge_requests_target_project_id_and_merged_commit_sha.rb
new file mode 100644
index 00000000000..148a9f4c073
--- /dev/null
+++ b/db/post_migrate/20230822154640_add_async_index_on_merge_requests_target_project_id_and_merged_commit_sha.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddAsyncIndexOnMergeRequestsTargetProjectIdAndMergedCommitSha < Gitlab::Database::Migration[2.1]
+  INDEX_NAME = 'index_merge_requests_on_target_project_id_and_merged_commit_sha'
+  INDEX_COLUMNS = %i[target_project_id merged_commit_sha]
+
+  disable_ddl_transaction!
+
+  # TODO: Index to be created synchronously in https://gitlab.com/gitlab-org/gitlab/-/issues/418822
+  def up
+    prepare_async_index :merge_requests, INDEX_COLUMNS, name: INDEX_NAME
+  end
+
+  def down
+    unprepare_async_index :merge_requests, INDEX_COLUMNS, name: INDEX_NAME
+  end
+end
diff --git a/db/schema_migrations/20230814203548 b/db/schema_migrations/20230814203548
new file mode 100644
index 00000000000..d89fd043347
--- /dev/null
+++ b/db/schema_migrations/20230814203548
@@ -0,0 +1 @@
+0822d768380c459e390828924e6723a4a878cd217b1159f2d8ab12f78718fef7
\ No newline at end of file
diff --git a/db/schema_migrations/20230822154640 b/db/schema_migrations/20230822154640
new file mode 100644
index 00000000000..c816a8c5633
--- /dev/null
+++ b/db/schema_migrations/20230822154640
@@ -0,0 +1 @@
+9d9a99ad2fb472d71f625cb7cc668d096b88b12064a9a14ac556f490127b1806
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index cff7dafbdfa..7e49897b9cb 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -18594,6 +18594,7 @@ CREATE TABLE merge_requests (
     merge_ref_sha bytea,
     draft boolean DEFAULT false NOT NULL,
     prepared_at timestamp with time zone,
+    merged_commit_sha bytea,
     CONSTRAINT check_970d272570 CHECK ((lock_version IS NOT NULL))
 );
 
diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md
index 69e1b5c085c..0297f295e6f 100644
--- a/doc/administration/gitaly/praefect.md
+++ b/doc/administration/gitaly/praefect.md
@@ -1498,9 +1498,12 @@ For a replication factor:
 > [Introduced](https://gitlab.com/gitlab-org/gitaly/-/issues/4080) in GitLab 15.0.
 
 Praefect stores metadata about the repositories in a database. If the repositories are modified on disk
-without going through Praefect, the metadata can become inaccurate. Because the metadata is used for replication
-and routing decisions, any inaccuracies may cause problems. Praefect contains a background worker that
-periodically verifies the metadata against the actual state on the disks. The worker:
+without going through Praefect, the metadata can become inaccurate. For example if a Gitaly node is
+rebuilt, rather than being replaced with a new node, repository verification ensures this is detected.
+
+The metadata is used for replication and routing decisions, so any inaccuracies may cause problems.
+Praefect contains a background worker that periodically verifies the metadata against the actual state on the disks.
+The worker:
 
 1. Picks up a batch of replicas to verify on healthy storages. The replicas are either unverified or have exceeded
    the configured verification interval. Replicas that have never been verified are prioritized, followed by
@@ -1512,8 +1515,8 @@ periodically verifies the metadata against the actual state on the disks. The wo
 
 The worker acquires an exclusive verification lease on each of the replicas it is about to verify. This avoids multiple
 workers from verifying the same replica concurrently. The worker releases the leases when it has completed its check.
-Praefect contains a background goroutine that releases stale leases every 10 seconds when workers are terminated for
-some reason without releasing the lease.
+If workers are terminated for some reason without releasing the lease, Praefect contains a background goroutine
+that releases stale leases every 10 seconds.
 
 The worker logs each of the metadata removals prior to executing them. The `perform_deletions` key
 indicates whether the invalid metadata records are actually deleted or not. For example:
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index 0c7a04af34f..bd4cc0a281e 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -103,7 +103,7 @@ The following vulnerability scanners and their databases are regularly updated:
 |:----------------------------------------------------------------|:---------------------------------|
 | [Container Scanning](container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. GitLab monitors this job through an internal alert that tells the engineering team when the database becomes more than 48 hours old. For more information, see the [Vulnerabilities database update](container_scanning/index.md#vulnerabilities-database). |
 | [Dependency Scanning](dependency_scanning/index.md)          | Relies on the [GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db). It is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
-| [Dynamic Application Security Testing (DAST)](dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
+| [Dynamic Application Security Testing (DAST)](dast/index.md) | [DAST proxy-based](dast/proxy-based.md) and [browser-based](dast/browser_based.md) engines are updated on a periodic basis. [DAST proxy-based](dast/proxy-based.md) analyzer downloads the scanning rules at scan runtime. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L27). [DAST browser-based](dast/browser_based.md) rules run [different vulnerability checks](dast/checks/index.md). |
 | [Secret Detection](secret_detection/index.md#detected-secrets) | GitLab maintains the [detection rules](secret_detection/index.md#detected-secrets) and [accepts community contributions](secret_detection/index.md#adding-new-patterns). The scanning engine is updated at least once per month if a relevant update is available. |
 | [Static Application Security Testing (SAST)](sast/index.md)  | The source of scan rules depends on which [analyzer](sast/analyzers.md) is used for each [supported programming language](sast/index.md#supported-languages-and-frameworks). GitLab maintains a ruleset for the Semgrep-based analyzer and updates it regularly based on internal research and user feedback. For other analyzers, the ruleset is sourced from the upstream open-source scanner. Each analyzer is updated at least once per month if a relevant update is available. |
 
diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md
index 5dae0ca1b93..86422faa724 100644
--- a/doc/user/application_security/policies/scan-execution-policies.md
+++ b/doc/user/application_security/policies/scan-execution-policies.md
@@ -97,7 +97,7 @@ the following sections and tables provide an alternative.
 ## `pipeline` rule type
 
 > - The `branch_type` field was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404774) in GitLab 16.1 [with a flag](../../../administration/feature_flags.md) named `security_policies_branch_type`. Disabled by default.
-> - The `branch_type` field was [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/413062) in GitLab 16.2.
+> - Generally available in GitLab 16.2. Feature flag `security_policies_branch_type` removed.
 
 This rule enforces the defined actions whenever the pipeline runs for a selected branch.
 
@@ -112,7 +112,7 @@ This rule enforces the defined actions whenever the pipeline runs for a selected
 ## `schedule` rule type
 
 > - The `branch_type` field was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404774) in GitLab 16.1 [with a flag](../../../administration/feature_flags.md) named `security_policies_branch_type`. Disabled by default.
-> - The `branch_type` field was [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/413062) in GitLab 16.2.
+> - Generally available in GitLab 16.2. Feature flag `security_policies_branch_type` removed.
 
 This rule schedules a scan pipeline, enforcing the defined actions on the schedule defined in the `cadence` field. A scheduled pipeline does not run other jobs defined in the project's `.gitlab-ci.yml` file. When a project is linked to a security policy project, a security policy bot is created in the project and will become the author of any scheduled pipelines.
 
diff --git a/package.json b/package.json
index dd6e0fbfb24..45244dc324a 100644
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
     "@gitlab/favicon-overlay": "2.0.0",
     "@gitlab/fonts": "^1.3.0",
     "@gitlab/svgs": "3.61.0",
-    "@gitlab/ui": "66.3.1",
+    "@gitlab/ui": "66.4.0",
     "@gitlab/visual-review-tools": "1.7.3",
     "@gitlab/web-ide": "0.0.1-dev-20230821141730",
     "@mattiasbuelens/web-streams-adapter": "^0.1.0",
diff --git a/qa/lib/gitlab/page/main/sign_up.rb b/qa/lib/gitlab/page/main/sign_up.rb
index 85d7f482461..ff9a3e370f7 100644
--- a/qa/lib/gitlab/page/main/sign_up.rb
+++ b/qa/lib/gitlab/page/main/sign_up.rb
@@ -10,7 +10,7 @@ module Gitlab
         text_field :first_name, 'data-qa-selector': 'new_user_first_name_field'
         text_field :last_name, 'data-qa-selector': 'new_user_last_name_field'
 
-        text_field :username, 'data-qa-selector': 'new_user_username_field'
+        text_field :username, 'data-testid': 'new_user_username_field'
 
         text_field :email, 'data-qa-selector': 'new_user_email_field'
         text_field :password, 'data-qa-selector': 'new_user_password_field'
diff --git a/qa/qa/specs/features/api/1_manage/group_access_token_spec.rb b/qa/qa/specs/features/api/1_manage/group_access_token_spec.rb
index a1871858a0f..d730e1a80d4 100644
--- a/qa/qa/specs/features/api/1_manage/group_access_token_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/group_access_token_spec.rb
@@ -30,7 +30,11 @@ module QA
 
       it(
         'can be used to commit via the API',
-        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/367067'
+        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/367067',
+        quarantine: {
+          type: :flaky,
+          issue: "https://gitlab.com/gitlab-org/gitlab/-/issues/396615"
+        }
       ) do
         expect do
           Resource::Repository::Commit.fabricate_via_api! do |commit|
diff --git a/spec/features/invites_spec.rb b/spec/features/invites_spec.rb
index 939de930df8..b3bd358170d 100644
--- a/spec/features/invites_spec.rb
+++ b/spec/features/invites_spec.rb
@@ -31,11 +31,15 @@ RSpec.describe 'Group or Project invitations', :aggregate_failures, feature_cate
 
     wait_for_all_requests
 
-    expect(page).to have_selector('.gl-field-success-outline')
+    expect_username_to_be_validated
 
     click_button submit_button_text
   end
 
+  def expect_username_to_be_validated
+    expect(page).to have_selector('[data-testid="new_user_username_field"].gl-field-success-outline')
+  end
+
   def fill_in_welcome_form
     select 'Software Developer', from: 'user_role'
     click_button 'Get started!'
diff --git a/spec/helpers/registrations_helper_spec.rb b/spec/helpers/registrations_helper_spec.rb
index 85cedd4aace..74d46245cc2 100644
--- a/spec/helpers/registrations_helper_spec.rb
+++ b/spec/helpers/registrations_helper_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe RegistrationsHelper, feature_category: :user_management do
   describe '#signup_username_data_attributes' do
     it 'has expected attributes' do
-      expect(helper.signup_username_data_attributes.keys).to include(:min_length, :min_length_message, :max_length, :max_length_message, :qa_selector)
+      expect(helper.signup_username_data_attributes.keys).to include(:min_length, :min_length_message, :max_length, :max_length_message, :testid)
     end
   end
 
diff --git a/yarn.lock b/yarn.lock
index 34d5275d1f6..48001a5da3c 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1273,10 +1273,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.61.0.tgz#2434d429db1d22e128a1401a9735afab82275e0c"
   integrity sha512-GhryK81FA5NPisJjuwiCpZVALUBi6meg9njeIRLtKUuRDdp/DuaRC3WJFRtSXxVN+RG5HtUZrmv9dUQzKSZ2ZA==
 
-"@gitlab/ui@66.3.1":
-  version "66.3.1"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.3.1.tgz#c4f18ba9964a39ef9e841ddbe0322fc7560e3a20"
-  integrity sha512-vwj5R2BcUxp3cpfmt2bFOLaoVYX77KupauXKTFXGo8yVQngmz3QeXfKYB9dBhS9ZFReye9mqpY41gvkazLSSJg==
+"@gitlab/ui@66.4.0":
+  version "66.4.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.4.0.tgz#d7361aa1eec66f9691ba92fd69a2d73740c1edf1"
+  integrity sha512-UNXZC7mLVqFyMyBNUqbCQ4WQgtpJv9RguEO8Cqsod/2CcyznA9Z/s/aoI2mKt5Bz4PZYHkX5fH35rD+0+1Yfhw==
   dependencies:
     "@floating-ui/dom" "1.2.9"
     bootstrap-vue "2.23.1"