Add latest changes from gitlab-org/gitlab@master

11 files changed, 73 insertions, 118 deletions

diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 11f66fcc87a..ad03724f89d 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-0947ab5a4574d24dd4af6d2de9d47b86835da4e7
+7ea51fec80a59e85b8ce423ed09a65eb54b568a8
diff --git a/app/models/deployment.rb b/app/models/deployment.rb
index 38bf84da073..0bdce18bab5 100644
--- a/app/models/deployment.rb
+++ b/app/models/deployment.rb
@@ -79,11 +79,6 @@ class Deployment < ApplicationRecord
       transition skipped: :created
     end
 
-    # Deprecated. To be removed when we remove `track_manual_deployments` feature flag.
-    event :unblock do
-      transition blocked: :created
-    end
-
     event :succeed do
       transition any - [:success] => :success
     end
@@ -405,10 +400,7 @@ class Deployment < ApplicationRecord
 
   def sync_status_with(job)
     job_status = job.status
-
-    if ::Feature.enabled?(:track_manual_deployments, job.project)
-      job_status = 'blocked' if job_status == 'manual' # rubocop:disable Style/SoleNestedConditional
-    end
+    job_status = 'blocked' if job_status == 'manual'
 
     return false unless ::Deployment.statuses.include?(job_status)
     return false if job_status == self.status
diff --git a/config/feature_flags/development/track_manual_deployments.yml b/config/feature_flags/development/track_manual_deployments.yml
deleted file mode 100644
index 2c769f117fa..00000000000
--- a/config/feature_flags/development/track_manual_deployments.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: track_manual_deployments
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125659
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/419039
-milestone: '16.3'
-type: development
-group: group::environments
-default_enabled: false
diff --git a/doc/administration/settings/img/protected_paths.png b/doc/administration/settings/img/protected_paths.png
deleted file mode 100644
index 2233a71a139..00000000000
--- a/doc/administration/settings/img/protected_paths.png
+++ /dev/null
diff --git a/doc/administration/settings/protected_paths.md b/doc/administration/settings/protected_paths.md
index ba257983619..c914b61f0cf 100644
--- a/doc/administration/settings/protected_paths.md
+++ b/doc/administration/settings/protected_paths.md
@@ -32,12 +32,11 @@ See also:
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31246) in GitLab 12.4.
 
 Throttling of protected paths is enabled by default and can be disabled or
-customized on **Admin > Network > Protected Paths**, along with these options:
+customized.
 
-- Maximum number of requests per period per user.
-- Rate limit period in seconds.
-- Paths to be protected.
+1. On the left sidebar, expand the top-most chevron (**{chevron-down}**).
+1. Select **Admin Area**.
+1. Select **Settings > Network**.
+1. Expand **Protected paths**.
 
-![protected-paths](img/protected_paths.png)
-
-Requests over the rate limit are logged into `auth.log`.
+Requests that exceed the rate limit are logged in `auth.log`.
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 0912f984b96..ba8e1a33ece 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -14086,6 +14086,8 @@ Represents finding.
 | ---- | ---- | ----------- |
 | <a id="comparedsecurityreportfindingdescription"></a>`description` | [`String`](#string) | Description of the vulnerability finding. |
 | <a id="comparedsecurityreportfindingfoundbypipelineiid"></a>`foundByPipelineIid` | [`String`](#string) | IID of the pipeline. |
+| <a id="comparedsecurityreportfindingidentifiers"></a>`identifiers` **{warning-solid}** | [`[VulnerabilityIdentifier!]`](#vulnerabilityidentifier) | **Introduced** in 16.3. This feature is an Experiment. It can be changed or removed at any time. Identifiers of the vulnerability finding. Returns `null` if `sast_reports_in_inline_diff` feature flag is disabled. |
+| <a id="comparedsecurityreportfindinglocation"></a>`location` **{warning-solid}** | [`VulnerabilityLocation`](#vulnerabilitylocation) | **Introduced** in 16.3. This feature is an Experiment. It can be changed or removed at any time. Location of the vulnerability finding. Returns `null` if `sast_reports_in_inline_diff` feature flag is disabled. |
 | <a id="comparedsecurityreportfindingseverity"></a>`severity` | [`VulnerabilitySeverity`](#vulnerabilityseverity) | Severity of the vulnerability finding. |
 | <a id="comparedsecurityreportfindingstate"></a>`state` | [`VulnerabilityState`](#vulnerabilitystate) | Finding status. |
 | <a id="comparedsecurityreportfindingtitle"></a>`title` | [`String`](#string) | Title of the vulnerability finding. |
diff --git a/doc/update/versions/gitlab_16_changes.md b/doc/update/versions/gitlab_16_changes.md
index 9ecf6829938..fcb09decceb 100644
--- a/doc/update/versions/gitlab_16_changes.md
+++ b/doc/update/versions/gitlab_16_changes.md
@@ -11,7 +11,7 @@ Ensure you review these instructions and any specific instructions for your inst
 
 For more information about upgrading GitLab Helm Chart, see [the release notes for 7.0](https://docs.gitlab.com/charts/releases/7_0.html).
 
-## GitLab 16.2.0
+## 16.2.0
 
 - Legacy LDAP configuration settings may cause
   [`NoMethodError: undefined method 'devise' for User:Class` errors](https://gitlab.com/gitlab-org/gitlab/-/issues/419485).
@@ -41,7 +41,7 @@ Specific information applies to Linux package installations:
   If your instance has Redis HA with Sentinel, follow the upgrade steps mentioned in
   [Zero Downtime documentation](../zero_downtime.md#redis-ha-using-sentinel).
 
-## GitLab 16.1.0
+## 16.1.0
 
 - A `MigrateHumanUserType` background migration will be finalized with
     the `FinalizeUserTypeMigration` migration.
@@ -85,7 +85,7 @@ Specific information applies to installations using Geo:
   - Impacted versions: GitLab versions 16.1.x.
   - Versions containing fix: GitLab 16.2.0 and later.
 
-## GitLab 16.0.0
+## 16.0.0
 
 - Sidekiq crashes if there are non-ASCII characters in the `/etc/gitlab/gitlab.rb` file. You can fix this
   by following the workaround in [issue 412767](https://gitlab.com/gitlab-org/gitlab/-/issues/412767#note_1404507549).
diff --git a/lib/gitlab/quick_actions/work_item_actions.rb b/lib/gitlab/quick_actions/work_item_actions.rb
index a5c3c6a56be..0a96d502862 100644
--- a/lib/gitlab/quick_actions/work_item_actions.rb
+++ b/lib/gitlab/quick_actions/work_item_actions.rb
@@ -54,18 +54,9 @@ module Gitlab
 
       def validate_promote_to(type)
         return error_msg(:not_found, action: 'promote') unless type && supports_promote_to?(type.name)
+        return if current_user.can?(:"create_#{type.base_type}", quick_action_target)
 
-        unless current_user.can?(:"create_#{type.base_type}", quick_action_target)
-          return error_msg(:forbidden, action: 'promote')
-        end
-
-        validate_hierarchy
-      end
-
-      def validate_hierarchy
-        return unless current_type.task? && quick_action_target.parent_link
-
-        error_msg(:hierarchy, action: 'promote')
+        error_msg(:forbidden, action: 'promote')
       end
 
       def current_type
@@ -88,8 +79,7 @@ module Gitlab
         message = {
           not_found: 'Provided type is not supported',
           same_type: 'Types are the same',
-          forbidden: 'You have insufficient permissions',
-          hierarchy: 'A task cannot be promoted when a parent issue is present'
+          forbidden: 'You have insufficient permissions'
         }.freeze
 
         format(_("Failed to %{action} this work item: %{reason}."), { action: action, reason: message[reason] })
diff --git a/spec/models/deployment_spec.rb b/spec/models/deployment_spec.rb
index 60c5035c03e..639b149e2ae 100644
--- a/spec/models/deployment_spec.rb
+++ b/spec/models/deployment_spec.rb
@@ -1308,14 +1308,6 @@ RSpec.describe Deployment, feature_category: :continuous_delivery do
           it_behaves_like 'synchronizing deployment' do
             let(:expected_deployment_status) { 'blocked' }
           end
-
-          context 'when track_manual_deployments feature flag is disabled' do
-            before do
-              stub_feature_flags(track_manual_deployments: false)
-            end
-
-            it_behaves_like 'ignoring job'
-          end
         end
 
         context 'with running job' do
@@ -1354,14 +1346,6 @@ RSpec.describe Deployment, feature_category: :continuous_delivery do
           it_behaves_like 'gracefully handling error' do
             let(:error_message) { %{Status cannot transition via \"block\"} }
           end
-
-          context 'when track_manual_deployments feature flag is disabled' do
-            before do
-              stub_feature_flags(track_manual_deployments: false)
-            end
-
-            it_behaves_like 'ignoring job'
-          end
         end
 
         context 'with running job' do
@@ -1400,14 +1384,6 @@ RSpec.describe Deployment, feature_category: :continuous_delivery do
           it_behaves_like 'gracefully handling error' do
             let(:error_message) { %{Status cannot transition via \"block\"} }
           end
-
-          context 'when track_manual_deployments feature flag is disabled' do
-            before do
-              stub_feature_flags(track_manual_deployments: false)
-            end
-
-            it_behaves_like 'ignoring job'
-          end
         end
 
         context 'with running job' do
diff --git a/spec/support/shared_examples/graphql/notes_quick_actions_for_work_items_shared_examples.rb b/spec/support/shared_examples/graphql/notes_quick_actions_for_work_items_shared_examples.rb
index c666b72d492..0577ac329e6 100644
--- a/spec/support/shared_examples/graphql/notes_quick_actions_for_work_items_shared_examples.rb
+++ b/spec/support/shared_examples/graphql/notes_quick_actions_for_work_items_shared_examples.rb
@@ -163,63 +163,77 @@ RSpec.shared_examples 'work item supports type change via quick actions' do
     noteable.update!(work_item_type: task_type)
   end
 
-  it 'updates type' do
-    expect do
-      post_graphql_mutation(mutation, current_user: current_user)
-      noteable.reload
-    end.to change { noteable.work_item_type.base_type }.from('task').to('issue')
-
-    expect(response).to have_gitlab_http_status(:success)
-  end
-
-  context 'when update service returns errors' do
-    let_it_be(:issue) { create(:work_item, :issue, project: project) }
-
-    before do
-      create(:parent_link, work_item: noteable, work_item_parent: issue)
-    end
-
-    it 'mutation response include the errors' do
+  shared_examples 'a quick command that changes type' do
+    it 'updates type' do
       expect do
         post_graphql_mutation(mutation, current_user: current_user)
         noteable.reload
-      end.not_to change { noteable.work_item_type.base_type }
+      end.to change { noteable.work_item_type.base_type }.from('task').to('issue')
 
       expect(response).to have_gitlab_http_status(:success)
-      expect(mutation_response['errors'])
-        .to include('Validation Work item type cannot be changed to issue when linked to a parent issue.')
     end
-  end
 
-  context 'when quick command for unsupported widget is present' do
-    let(:body) { "\n/type Issue\n/assign @#{assignee.username}" }
+    context 'when update service returns errors' do
+      let_it_be(:issue) { create(:work_item, :issue, project: project) }
 
-    before do
-      WorkItems::Type.default_by_type(:issue).widget_definitions
-        .find_by_widget_type(:assignees).update!(disabled: true)
+      before do
+        create(:parent_link, work_item: noteable, work_item_parent: issue)
+      end
+
+      it 'mutation response include the errors' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+          noteable.reload
+        end.not_to change { noteable.work_item_type.base_type }
+
+        expect(response).to have_gitlab_http_status(:success)
+        expect(mutation_response['errors'])
+          .to include('Validation Work item type cannot be changed to issue when linked to a parent issue.')
+      end
     end
 
-    it 'updates only type' do
-      expect do
-        post_graphql_mutation(mutation, current_user: current_user)
-        noteable.reload
-      end.to change { noteable.work_item_type.base_type }.from('task').to('issue')
-          .and change { noteable.assignees }.to([])
+    context 'when quick command for unsupported widget is present' do
+      let(:body) { "\n/type Issue\n/assign @#{assignee.username}" }
+
+      before do
+        WorkItems::Type.default_by_type(:issue).widget_definitions
+                       .find_by_widget_type(:assignees).update!(disabled: true)
+      end
+
+      it 'updates only type' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+          noteable.reload
+        end.to change { noteable.work_item_type.base_type }.from('task').to('issue')
+                                                           .and change { noteable.assignees }.to([])
+
+        expect(response).to have_gitlab_http_status(:success)
+        expect(mutation_response['errors'])
+          .to include("Commands only Type changed successfully. Assigned @#{assignee.username}.")
+      end
+    end
 
-      expect(response).to have_gitlab_http_status(:success)
-      expect(mutation_response['errors'])
-        .to include("Commands only Type changed successfully. Assigned @#{assignee.username}.")
+    context 'when the type name is upper case' do
+      let(:body) { "Updating type.\n/type Issue" }
+
+      it 'changes type to issue' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+          noteable.reload
+        end.to change { noteable.work_item_type.base_type }.from('task').to('issue')
+      end
     end
   end
 
-  context 'when the type name is upper case' do
-    let(:body) { "Updating type.\n/type Issue" }
+  context 'with /type quick command' do
+    let(:body) { "Updating type.\n/type issue" }
 
-    it 'changes type to issue' do
-      expect do
-        post_graphql_mutation(mutation, current_user: current_user)
-        noteable.reload
-      end.to change { noteable.work_item_type.base_type }.from('task').to('issue')
-    end
+    it_behaves_like 'a quick command that changes type'
+  end
+
+  context 'with /promote_to quick command' do
+    let(:body) { "Updating type.\n/promote_to issue" }
+
+    it_behaves_like 'a quick command that changes type'
   end
 end
diff --git a/spec/support/shared_examples/quick_actions/work_item/type_change_quick_actions_shared_examples.rb b/spec/support/shared_examples/quick_actions/work_item/type_change_quick_actions_shared_examples.rb
index 0fc914d71d5..67e0b2c4b65 100644
--- a/spec/support/shared_examples/quick_actions/work_item/type_change_quick_actions_shared_examples.rb
+++ b/spec/support/shared_examples/quick_actions/work_item/type_change_quick_actions_shared_examples.rb
@@ -78,16 +78,6 @@ RSpec.shared_examples 'quick actions that change work item type' do
       end
 
       it_behaves_like 'action with validation errors'
-
-      context 'when task has a parent' do
-        let_it_be(:parent) { create(:work_item, :issue, project: project) }
-
-        before do
-          create(:parent_link, work_item: task, work_item_parent: parent)
-        end
-
-        it_behaves_like 'quick command error', 'A task cannot be promoted when a parent issue is present', 'promote'
-      end
     end
   end
 end