Add latest changes from gitlab-org/gitlab@master

2 files changed, 6 insertions, 3 deletions

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 0b1d7d24d21..71a93701dc4 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -94,8 +94,7 @@ class Projects::NotesController < Projects::ApplicationController
 
   def create_rate_limit
     key = :notes_create
-
-    return unless rate_limiter.throttled?(key, scope: [current_user])
+    return unless rate_limiter.throttled?(key, scope: [current_user], users_allowlist: rate_limit_users_allowlist)
 
     rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
     render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
@@ -104,4 +103,8 @@ class Projects::NotesController < Projects::ApplicationController
   def rate_limiter
     ::Gitlab::ApplicationRateLimiter
   end
+
+  def rate_limit_users_allowlist
+    Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist
+  end
 end
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index 463b989c493..a7c7839dc9f 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -9,7 +9,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
   before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access]
 
   before_action do
-    push_frontend_feature_flag(:vue_project_members_list, @project)
+    push_frontend_feature_flag(:vue_project_members_list, @project, default_enabled: :yaml)
   end
 
   feature_category :authentication_and_authorization