Add latest changes from gitlab-org/gitlab@master

17 files changed, 41 insertions, 157 deletions

diff --git a/.rubocop.yml b/.rubocop.yml
index adc796f1332..10cd003cabb 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -207,8 +207,6 @@ Naming/FileName:
     - 'qa/qa/specs/**/*'
     - 'qa/tasks/**/*.rake'
     - '**/*.ru'
-    - 'app/graphql/types/issue_connection.rb'
-    - 'app/graphql/types/group_connection.rb'
 
   IgnoreExecutableScripts: true
   AllowedAcronyms:
diff --git a/.rubocop_todo/rspec/empty_line_after_hook.yml b/.rubocop_todo/rspec/empty_line_after_hook.yml
index 299d32f2af2..84cd02f2e59 100644
--- a/.rubocop_todo/rspec/empty_line_after_hook.yml
+++ b/.rubocop_todo/rspec/empty_line_after_hook.yml
@@ -9,7 +9,6 @@ RSpec/EmptyLineAfterHook:
     - 'ee/spec/lib/ee/gitlab/auth/ldap/sync/group_spec.rb'
     - 'ee/spec/lib/gitlab/audit/auditor_spec.rb'
     - 'ee/spec/lib/gitlab/proxy_spec.rb'
-    - 'ee/spec/lib/gitlab/vulnerabilities/container_scanning_vulnerability_spec.rb'
     - 'ee/spec/models/ee/key_spec.rb'
     - 'ee/spec/models/ee/project_spec.rb'
     - 'ee/spec/requests/api/users_spec.rb'
diff --git a/.rubocop_todo/rspec/named_subject.yml b/.rubocop_todo/rspec/named_subject.yml
index 80bb6ee9288..f7d70e23a41 100644
--- a/.rubocop_todo/rspec/named_subject.yml
+++ b/.rubocop_todo/rspec/named_subject.yml
@@ -519,7 +519,6 @@ RSpec/NamedSubject:
     - 'ee/spec/lib/gitlab/subscription_portal/clients/graphql_spec.rb'
     - 'ee/spec/lib/gitlab/tree_summary_spec.rb'
     - 'ee/spec/lib/gitlab/usage_data_metrics_spec.rb'
-    - 'ee/spec/lib/gitlab/vulnerabilities/parser_spec.rb'
     - 'ee/spec/lib/gitlab/vulnerability_scanning/track_cvs_service_spec.rb'
     - 'ee/spec/lib/gitlab_subscriptions/upcoming_reconciliation_entity_spec.rb'
     - 'ee/spec/lib/omni_auth/strategies/kerberos_spec.rb'
diff --git a/.rubocop_todo/style/format_string.yml b/.rubocop_todo/style/format_string.yml
index 3e89b2ca7ea..b4f4dbf4717 100644
--- a/.rubocop_todo/style/format_string.yml
+++ b/.rubocop_todo/style/format_string.yml
@@ -226,7 +226,6 @@ Style/FormatString:
     - 'ee/lib/gitlab/geo.rb'
     - 'ee/lib/gitlab/licenses/submit_license_usage_data_banner.rb'
     - 'ee/lib/gitlab/manual_quarterly_co_term_banner.rb'
-    - 'ee/lib/gitlab/vulnerabilities/container_scanning_vulnerability.rb'
     - 'ee/spec/controllers/admin/licenses_controller_spec.rb'
     - 'ee/spec/controllers/groups/security/policies_controller_spec.rb'
     - 'ee/spec/features/admin/admin_settings_spec.rb'
diff --git a/app/assets/javascripts/vue_merge_request_widget/components/checks/message.vue b/app/assets/javascripts/vue_merge_request_widget/components/checks/message.vue
index 058b9e1fe99..e91c76e7ff0 100644
--- a/app/assets/javascripts/vue_merge_request_widget/components/checks/message.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/checks/message.vue
@@ -20,6 +20,7 @@ const FAILURE_REASONS = {
   policies_denied: __('Denied licenses must be removed or approved.'),
   merge_request_blocked: __('Merge request is blocked by another merge request.'),
   status_checks_must_pass: __('Status checks must pass.'),
+  jira_association_missing: __('Either the title or description must reference a Jira issue.'),
 };
 
 export default {
diff --git a/app/graphql/resolvers/ci/runner_groups_resolver.rb b/app/graphql/resolvers/ci/runner_groups_resolver.rb
index c1d9bcbb9bb..2928631c705 100644
--- a/app/graphql/resolvers/ci/runner_groups_resolver.rb
+++ b/app/graphql/resolvers/ci/runner_groups_resolver.rb
@@ -6,7 +6,7 @@ module Resolvers
       include Gitlab::Graphql::Authorize::AuthorizeResource
       include ResolvesGroups
 
-      type 'Types::GroupConnection', null: true
+      type Types::GroupType.connection_type, null: true
 
       authorize :read_runner
       authorizes_object!
diff --git a/app/graphql/resolvers/groups_resolver.rb b/app/graphql/resolvers/groups_resolver.rb
index 902b5279364..f31f7368eeb 100644
--- a/app/graphql/resolvers/groups_resolver.rb
+++ b/app/graphql/resolvers/groups_resolver.rb
@@ -4,7 +4,7 @@ module Resolvers
   class GroupsResolver < BaseResolver
     include ResolvesGroups
 
-    type "Types::GroupConnection", null: true
+    type Types::GroupType.connection_type, null: true
 
     argument :search, GraphQL::Types::String,
              required: false,
diff --git a/app/graphql/resolvers/issues/base_parent_resolver.rb b/app/graphql/resolvers/issues/base_parent_resolver.rb
index 78ef4132baf..6b3426c5538 100644
--- a/app/graphql/resolvers/issues/base_parent_resolver.rb
+++ b/app/graphql/resolvers/issues/base_parent_resolver.rb
@@ -15,8 +15,7 @@ module Resolvers
           raise Gitlab::Graphql::Errors::ArgumentError, Types::IssuableStateEnum::INVALID_LOCKED_MESSAGE
         }
 
-      # see app/graphql/types/issue_connection.rb
-      type 'Types::IssueConnection', null: true
+      type Types::IssueType.connection_type, null: true
 
       def resolve_with_lookahead(**args)
         return Issue.none if resource_parent.nil?
diff --git a/app/graphql/resolvers/issues_resolver.rb b/app/graphql/resolvers/issues_resolver.rb
index bc0e7334303..1b43903a508 100644
--- a/app/graphql/resolvers/issues_resolver.rb
+++ b/app/graphql/resolvers/issues_resolver.rb
@@ -21,8 +21,7 @@ module Resolvers
         raise Gitlab::Graphql::Errors::ArgumentError, Types::IssuableStateEnum::INVALID_LOCKED_MESSAGE
       }
 
-    # see app/graphql/types/issue_connection.rb
-    type 'Types::IssueConnection', null: true
+    type Types::IssueType.connection_type, null: true
 
     before_connection_authorization do |nodes, current_user|
       projects = nodes.map(&:project)
diff --git a/app/graphql/types/group_connection.rb b/app/graphql/types/group_connection.rb
deleted file mode 100644
index e4332e24302..00000000000
--- a/app/graphql/types/group_connection.rb
+++ /dev/null
@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-# Normally this wouldn't be needed and we could use
-#
-#   type Types::GroupType.connection_type, null: true
-#
-# in a resolver. However we can end up with cyclic definitions.
-# Running the spec locally can result in errors like
-#
-#   NameError: uninitialized constant Types::GroupType
-#
-# or other errors.  To fix this, we created this file and use
-#
-#   type "Types::GroupConnection", null: true
-#
-# which gives a delayed resolution, and the proper connection type.
-#
-# See gitlab/app/graphql/types/ci/runner_type.rb
-# Reference: https://github.com/rmosolgo/graphql-ruby/issues/3974#issuecomment-1084444214
-# and https://docs.gitlab.com/ee/development/api_graphql_styleguide.html#testing-tips-and-tricks
-#
-Types::GroupConnection = Types::GroupType.connection_type
diff --git a/app/graphql/types/issue_connection.rb b/app/graphql/types/issue_connection.rb
deleted file mode 100644
index 2f07888b43e..00000000000
--- a/app/graphql/types/issue_connection.rb
+++ /dev/null
@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-# Normally this wouldn't be needed and we could use
-#
-#   type Types::IssueType.connection_type, null: true
-#
-# in a resolver. However we can end up with cyclic definitions.
-# Running the spec locally can result in errors like
-#
-#   NameError: uninitialized constant Resolvers::GroupIssuesResolver
-#
-# or other errors.  To fix this, we created this file and use
-#
-#   type "Types::IssueConnection", null: true
-#
-# which gives a delayed resolution, and the proper connection type.
-#
-# See app/graphql/resolvers/base_issues_resolver.rb
-# Reference: https://github.com/rmosolgo/graphql-ruby/issues/3974#issuecomment-1084444214
-# and https://docs.gitlab.com/ee/development/api_graphql_styleguide.html#testing-tips-and-tricks
-#
-Types::IssueConnection = Types::IssueType.connection_type
diff --git a/app/graphql/types/merge_requests/detailed_merge_status_enum.rb b/app/graphql/types/merge_requests/detailed_merge_status_enum.rb
index e7246068a05..d2d0cfd23a4 100644
--- a/app/graphql/types/merge_requests/detailed_merge_status_enum.rb
+++ b/app/graphql/types/merge_requests/detailed_merge_status_enum.rb
@@ -48,6 +48,9 @@ module Types
       value 'PREPARING',
             value: :preparing,
             description: 'Merge request diff is being created.'
+      value 'JIRA_ASSOCIATION',
+            value: :jira_association_missing,
+            description: 'Either the title or description must reference a Jira issue.'
     end
   end
 end
diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml
index 5ddd4f8664a..20e8a49683e 100644
--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -723,6 +723,8 @@
   - 1
 - - vulnerabilities_mark_dropped_as_resolved
   - 1
+- - vulnerabilities_remove_all_vulnerabilities
+  - 1
 - - vulnerabilities_statistics_adjustment
   - 1
 - - vulnerabilities_update_namespace_ids_of_vulnerability_reads
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index e181b3e68b3..a5f3be5ea19 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -7945,6 +7945,29 @@ Input type: `VulnerabilitiesDismissInput`
 | <a id="mutationvulnerabilitiesdismisserrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
 | <a id="mutationvulnerabilitiesdismissvulnerabilities"></a>`vulnerabilities` | [`[Vulnerability!]!`](#vulnerability) | Vulnerabilities after state change. |
 
+### `Mutation.vulnerabilitiesRemoveAllFromProject`
+
+WARNING:
+**Introduced** in 16.7.
+This feature is an Experiment. It can be changed or removed at any time.
+
+Input type: `VulnerabilitiesRemoveAllFromProjectInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationvulnerabilitiesremoveallfromprojectclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationvulnerabilitiesremoveallfromprojectprojectids"></a>`projectIds` | [`[ProjectID!]!`](#projectid) | IDs of project for which all Vulnerabilities should be removed. The deletion will happen in the background so the changes will not be visible immediately. Does not work if `enable_remove_all_vulnerabilties_from_project_mutation` feature flag is disabled. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationvulnerabilitiesremoveallfromprojectclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationvulnerabilitiesremoveallfromprojecterrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationvulnerabilitiesremoveallfromprojectprojects"></a>`projects` | [`[Project!]!`](#project) | Projects for which the deletion was scheduled. |
+
 ### `Mutation.vulnerabilityConfirm`
 
 Input type: `VulnerabilityConfirmInput`
@@ -29526,6 +29549,7 @@ Detailed representation of whether a GitLab merge request can be merged.
 | <a id="detailedmergestatusdiscussions_not_resolved"></a>`DISCUSSIONS_NOT_RESOLVED` | Discussions must be resolved before merging. |
 | <a id="detailedmergestatusdraft_status"></a>`DRAFT_STATUS` | Merge request must not be draft before merging. |
 | <a id="detailedmergestatusexternal_status_checks"></a>`EXTERNAL_STATUS_CHECKS` | Status checks must pass. |
+| <a id="detailedmergestatusjira_association"></a>`JIRA_ASSOCIATION` | Either the title or description must reference a Jira issue. |
 | <a id="detailedmergestatusmergeable"></a>`MERGEABLE` | Branch can be merged. |
 | <a id="detailedmergestatusnot_approved"></a>`NOT_APPROVED` | Merge request must be approved before merging. |
 | <a id="detailedmergestatusnot_open"></a>`NOT_OPEN` | Merge request must be open before merging. |
@@ -30184,6 +30208,7 @@ Representation of mergeability check identifier.
 | <a id="mergeabilitycheckidentifierconflict"></a>`CONFLICT` | Mergeability check identifier is conflict. |
 | <a id="mergeabilitycheckidentifierdiscussions_not_resolved"></a>`DISCUSSIONS_NOT_RESOLVED` | Mergeability check identifier is discussions_not_resolved. |
 | <a id="mergeabilitycheckidentifierdraft_status"></a>`DRAFT_STATUS` | Mergeability check identifier is draft_status. |
+| <a id="mergeabilitycheckidentifierjira_association_missing"></a>`JIRA_ASSOCIATION_MISSING` | Mergeability check identifier is jira_association_missing. |
 | <a id="mergeabilitycheckidentifiermerge_request_blocked"></a>`MERGE_REQUEST_BLOCKED` | Mergeability check identifier is merge_request_blocked. |
 | <a id="mergeabilitycheckidentifierneed_rebase"></a>`NEED_REBASE` | Mergeability check identifier is need_rebase. |
 | <a id="mergeabilitycheckidentifiernot_approved"></a>`NOT_APPROVED` | Mergeability check identifier is not_approved. |
diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md
index 3664c33d144..e3162edca72 100644
--- a/doc/development/api_graphql_styleguide.md
+++ b/doc/development/api_graphql_styleguide.md
@@ -2269,101 +2269,6 @@ end
   `spec/requests/api/graphql/ci/pipeline_spec.rb` regardless of the query being
   used to fetch the pipeline data.
 
-- There can be possible cyclic dependencies in our GraphQL types.
-  See [Adding field with resolver on a Type causes "Can't determine the return type " error on a different Type](https://github.com/rmosolgo/graphql-ruby/issues/3974#issuecomment-1084444214)
-  and [Fix unresolved name due to cyclic definition](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84202/diffs#diff-content-32d14251082fd45412e1fdbf5820e62d157e70d2).
-
-  In particular, this can happen with `connection_type`. Typically we might use the following in a resolver:
-
-  ```ruby
-  type Types::IssueType.connection_type, null: true
-  ```
-
-  However this might cause a cyclic definition, which can result in errors like:
-
-  ```ruby
-  NameError: uninitialized constant Resolvers::GroupIssuesResolver
-
-  or
-
-  GraphQL::Pagination::Connections::ImplementationMissingError
-  ```
-
-  though you might see something different.
-
-  To fix this, we must create a new file that encapsulates the connection type,
-  and then reference it using double quotes. This gives a delayed resolution,
-  and the proper connection type. For example:
-
-  [app/graphql/resolvers/base_issues_resolver.rb](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/graphql/resolvers/base_issues_resolver.rb)
-  originally contained the line
-
-  ```ruby
-  type Types::IssueType.connection_type, null: true
-  ```
-
-  Running the specs locally for this file caused the
-  `NameError: uninitialized constant Resolvers::GroupIssuesResolver` error.
-
-  The fix was to create a new file, [app/graphql/types/issue_connection.rb](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/graphql/types/issue_connection.rb) with the
-  line:
-
-  ```ruby
-  Types::IssueConnection = Types::IssueType.connection_type
-  ```
-
-  and in [app/graphql/resolvers/base_issues_resolver.rb](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/graphql/resolvers/base_issues_resolver.rb)
-  we use the line
-
-  ```ruby
-  type "Types::IssueConnection", null: true
-  ```
-
-  Only use this style if you are having spec failures. We should not typically
-  use this pattern. This issue should disappear after we've upgraded to `2.x`.
-
-- There can be instances where a spec fails because the class is not loaded correctly.
-  It relates to the
-  [circular dependencies problem](https://github.com/rmosolgo/graphql-ruby/issues/1929) and
-  [Adding field with resolver on a Type causes "Can't determine the return type " error on a different Type](https://github.com/rmosolgo/graphql-ruby/issues/3974).
-
-  Unfortunately, the errors generated don't really indicate what the problem is. For example,
-  remove the quotes from the `Rspec.describe` in
-  [ee/spec/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver_spec.rb](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/spec/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver_spec.rb).
-  Then run `rspec ee/spec/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver_spec.rb`.
-
-  This generates errors with the expectations. For example:
-
-  ```ruby
-  1) Resolvers::ComplianceManagement::MergeRequests::ComplianceViolationResolver#resolve user is authorized filtering the results when given an array of project IDs finds the filtered compliance violations
-  Failure/Error: expect(subject).to contain_exactly(compliance_violation)
-
-     expected collection contained:  [#<MergeRequests::ComplianceViolation id: 4, violating_user_id: 26, merge_request_id: 4, reason: "approved_by_committer", severity_level: "low">]
-     actual collection contained:    [#<MergeRequests::ComplianceViolation id: 4, violating_user_id: 26, merge_request_id: 4, reason: "app...er_id: 27, merge_request_id: 5, reason: "approved_by_merge_request_author", severity_level: "high">]
-     the extra elements were:        [#<MergeRequests::ComplianceViolation id: 5, violating_user_id: 27, merge_request_id: 5, reason: "approved_by_merge_request_author", severity_level: "high">]
-  # ./ee/spec/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver_spec.rb:55:in `block (6 levels) in <top (required)>'
-  ```
-
-  However, this is not a case of the wrong result being generated, it's because of the loading order
-  of the `ComplianceViolationResolver` class.
-
-  The only way we've found to fix this is by quoting the class name in the spec. For example, changing
-
-  ```ruby
-  RSpec.describe Resolvers::ComplianceManagement::MergeRequests::ComplianceViolationResolver do
-  ```
-
-  into:
-
-  ```ruby
-  RSpec.describe 'Resolvers::ComplianceManagement::MergeRequests::ComplianceViolationResolver' do
-  ```
-
-  See [this merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87295#note_946174036) for some discussion.
-
-  Only use this style if you are having spec failures. We should not typically use this pattern.
-  This issue may disappear after we've upgraded to `2.x`.
-
 - When testing resolvers using `GraphqlHelpers#resolve`, arguments for the resolver can be handled two ways.
 
   1. 95% of the resolver specs use arguments that are Ruby objects, as opposed to when using the GraphQL API
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 18047c58f69..9d3c2b135ea 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -7611,9 +7611,6 @@ msgstr ""
 msgid "Before inserting code, be sure to read the comment that separated each code group."
 msgstr ""
 
-msgid "Before this can be merged, a Jira issue must be linked in the title or description"
-msgstr ""
-
 msgid "Begin with the selected commit"
 msgstr ""
 
@@ -18160,6 +18157,9 @@ msgstr ""
 msgid "Edits"
 msgstr ""
 
+msgid "Either the title or description must reference a Jira issue."
+msgstr ""
+
 msgid "Elapsed time"
 msgstr ""
 
@@ -50371,6 +50371,9 @@ msgstr ""
 msgid "To manage seats for all members associated with this group and its subgroups and projects, visit the %{link_start}usage quotas page%{link_end}."
 msgstr ""
 
+msgid "To merge, either the title or description must reference a Jira issue."
+msgstr ""
+
 msgid "To move or copy an entire GitLab project from another GitLab installation to this one, navigate to the original project's settings page, generate an export file, and upload it here."
 msgstr ""
 
diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml
index 3dab9242c22..b8975c7191e 100644
--- a/spec/support/rspec_order_todo.yml
+++ b/spec/support/rspec_order_todo.yml
@@ -1452,10 +1452,6 @@
 - './ee/spec/lib/gitlab/usage/metrics/instrumentations/user_cap_setting_enabled_metric_spec.rb'
 - './ee/spec/lib/gitlab/user_access_spec.rb'
 - './ee/spec/lib/gitlab/visibility_level_spec.rb'
-- './ee/spec/lib/gitlab/vulnerabilities/base_vulnerability_spec.rb'
-- './ee/spec/lib/gitlab/vulnerabilities/container_scanning_vulnerability_spec.rb'
-- './ee/spec/lib/gitlab/vulnerabilities/parser_spec.rb'
-- './ee/spec/lib/gitlab/vulnerabilities/standard_vulnerability_spec.rb'
 - './ee/spec/lib/gitlab/web_ide/config/entry/schema/match_spec.rb'
 - './ee/spec/lib/gitlab/web_ide/config/entry/schema_spec.rb'
 - './ee/spec/lib/gitlab/web_ide/config/entry/schemas_spec.rb'