Add latest changes from gitlab-org/gitlab@15-4-stable-eev15.4.0-rc42

19 files changed, 229 insertions, 59 deletions

diff --git a/data/deprecations/14-10-manual-iteration-management.yml b/data/deprecations/14-10-manual-iteration-management.yml
deleted file mode 100644
index f677f4fe668..00000000000
--- a/data/deprecations/14-10-manual-iteration-management.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-- name: "Manual iteration management"  # The name of the feature to be deprecated
-  announcement_milestone: "14.10"  # The milestone when this feature was first announced as deprecated.
-  announcement_date: "2022-04-22"  # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
-  removal_milestone: "16.0"  # The milestone when this feature is planned to be removed
-  removal_date: "2023-04-22"  # The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
-  breaking_change: true  # If this deprecation is a breaking change, set this value to true
-  reporter: mcelicalderonG  # GitLab username of the person reporting the deprecation
-  body: |  # Do not modify this line, instead modify the lines below.
-    Manual iteration management is deprecated and only automatic iteration cadences will be supported in the future.
-
-    Creating and deleting iterations will be fully removed in 16.0. Updating all iteration fields except for
-    `description` will also be removed.
-
-    On the GraphQL API the following mutations will be removed:
-
-      1. `iterationCreate`
-      1. `iterationDelete`
-
-    The update `updateIteration` mutation will only allow updating the iteration's `description`. The following
-    arguments will be removed:
-
-      1. `title`
-      1. `dueDate`
-      1. `startDate`
-
-    For more information about iteration cadences, you can refer to
-    [the documentation of the feature](https://docs.gitlab.com/ee/user/group/iterations/#iteration-cadences).
-# The following items are not published on the docs page, but may be used in the future.
-  stage: Plan
-  tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356069
-  documentation_url:  # (optional) This is a link to the current documentation page
-  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
-  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/14-5-certificate-based-integration-with-kubernetes-saas.yml b/data/deprecations/14-5-certificate-based-integration-with-kubernetes-saas.yml
index 774b41a4170..559189d759b 100644
--- a/data/deprecations/14-5-certificate-based-integration-with-kubernetes-saas.yml
+++ b/data/deprecations/14-5-certificate-based-integration-with-kubernetes-saas.yml
@@ -1,11 +1,11 @@
 - name: "SaaS certificate-based integration with Kubernetes"
   announcement_milestone: "14.5"
   announcement_date: "2021-11-15"
-  removal_milestone: "15.6"
-  removal_date: "2022-11-22"  # the date of the milestone release when this feature is planned to be removed
+  removal_milestone: "15.9"
+  removal_date: "2023-02-22"  # the date of the milestone release when this feature is planned to be removed
   breaking_change: true
   body: |
-    The certificate-based integration with Kubernetes will be [deprecated and removed](https://about.gitlab.com/blog/2021/11/15/deprecating-the-cert-based-kubernetes-integration/). As a GitLab SaaS customer, on new namespaces, you will no longer be able to integrate GitLab and your cluster using the certificate-based approach as of GitLab 15.0. The integration for current users will be enabled per namespace. The integrations are expected to be switched off completely on GitLab SaaS around 2022 November 22.
+    The certificate-based integration with Kubernetes will be [deprecated and removed](https://about.gitlab.com/blog/2021/11/15/deprecating-the-cert-based-kubernetes-integration/). As a GitLab SaaS customer, on new namespaces, you will no longer be able to integrate GitLab and your cluster using the certificate-based approach as of GitLab 15.0. The integration for current users will be enabled per namespace.
 
     For a more robust, secure, forthcoming, and reliable integration with Kubernetes, we recommend you use the
     [agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/) to connect Kubernetes clusters with GitLab. [How do I migrate?](https://docs.gitlab.com/ee/user/infrastructure/clusters/migrate_to_gitlab_agent.html)
diff --git a/data/deprecations/14-5-certificate-based-integration-with-kubernetes.yml b/data/deprecations/14-5-certificate-based-integration-with-kubernetes.yml
index 43a071ff746..f76bd9f5424 100644
--- a/data/deprecations/14-5-certificate-based-integration-with-kubernetes.yml
+++ b/data/deprecations/14-5-certificate-based-integration-with-kubernetes.yml
@@ -1,15 +1,15 @@
 - name: "Self-managed certificate-based integration with Kubernetes"
   announcement_milestone: "14.5"
   announcement_date: "2021-11-15"
-  removal_milestone: "16.0"
-  removal_date: "2023-05-22"  # the date of the milestone release when this feature is planned to be removed
+  removal_milestone: "17.0"
+  removal_date: "2024-05-22"  # the date of the milestone release when this feature is planned to be removed
   breaking_change: true
   body: |
     The certificate-based integration with Kubernetes [will be deprecated and removed](https://about.gitlab.com/blog/2021/11/15/deprecating-the-cert-based-kubernetes-integration/).
 
     As a self-managed customer, we are introducing the [feature flag](../administration/feature_flags.md#enable-or-disable-the-feature) `certificate_based_clusters` in GitLab 15.0 so you can keep your certificate-based integration enabled. However, the feature flag will be disabled by default, so this change is a **breaking change**.
 
-    In GitLab 16.0 we will remove both the feature and its related code. Until the final removal in 16.0, features built on this integration will continue to work, if you enable the feature flag. Until the feature is removed, GitLab will continue to fix security and critical issues as they arise.
+    In GitLab 17.0 we will remove both the feature and its related code. Until the final removal in 17.0, features built on this integration will continue to work, if you enable the feature flag. Until the feature is removed, GitLab will continue to fix security and critical issues as they arise.
 
     For a more robust, secure, forthcoming, and reliable integration with Kubernetes, we recommend you use the
     [agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/) to connect Kubernetes clusters with GitLab. [How do I migrate?](https://docs.gitlab.com/ee/user/infrastructure/clusters/migrate_to_gitlab_agent.html)
diff --git a/data/deprecations/15-3-vulnerabilityFindingDismiss-mutation.yml b/data/deprecations/15-3-vulnerabilityFindingDismiss-mutation.yml
new file mode 100644
index 00000000000..25e8a6a2488
--- /dev/null
+++ b/data/deprecations/15-3-vulnerabilityFindingDismiss-mutation.yml
@@ -0,0 +1,23 @@
+#
+# REQUIRED FIELDS
+#
+- name: "Use of `id` field in vulnerabilityFindingDismiss mutation"  # (required) The name of the feature to be deprecated
+  announcement_milestone: "15.3"  # (required) The milestone when this feature was first announced as deprecated.
+  announcement_date: "2022-08-22"  # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  removal_milestone: "16.0"  # (required) The milestone when this feature is planned to be removed
+  removal_date: 2023-05-22  # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  breaking_change: true  # (required) If this deprecation is a breaking change, set this value to true
+  reporter: matt_wilson  # (required) GitLab username of the person reporting the deprecation
+  stage: Secure  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/367166  # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    You can use the vulnerabilityFindingDismiss GraphQL mutation to set the status of a vulnerability finding to `Dismissed`. Previously, this mutation used the `id` field to identify findings uniquely. However, this did not work for dismissing findings from the pipeline security tab. Therefore, using the `id` field as an identifier has been dropped in favor of the `uuid` field. Using the 'uuid' field as an identifier allows you to dismiss the finding from the pipeline security tab.
+#
+# OPTIONAL FIELDS
+#
+  end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  end_of_support_date:  # (optional) The date of the milestone release when support for this feature will end.
+  tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#mutationvulnerabilityfindingdismiss
+  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
+  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/15-4-confidence-field-in-graphql.yml b/data/deprecations/15-4-confidence-field-in-graphql.yml
new file mode 100644
index 00000000000..da3287eeff9
--- /dev/null
+++ b/data/deprecations/15-4-confidence-field-in-graphql.yml
@@ -0,0 +1,14 @@
+- name: "Vulnerability confidence field"
+  announcement_milestone: "15.4"
+  announcement_date: "2022-09-22"
+  removal_milestone: "16.0"
+  removal_date: "2023-05-22"
+  breaking_change: true
+  reporter: matt_wilson
+  stage: govern
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/372332
+  body: |
+   In GitLab 15.3, [security report schemas below version 15 were deprecated](https://docs.gitlab.com/ee/update/deprecations.html#security-report-schemas-version-14xx).
+   The `confidence` attribute on vulnerability findings exists only in schema versions before `15-0-0`, and therefore is effectively deprecated since GitLab 15.4 supports schema version `15-0-0`. To maintain consistency
+   between the reports and our public APIs, the `confidence` attribute on any vulnerability-related components of our GraphQL API is now deprecated and will be
+   removed in 16.0.
diff --git a/data/deprecations/15-4-create-deprecation-draft-quick-action-toggle.yml b/data/deprecations/15-4-create-deprecation-draft-quick-action-toggle.yml
new file mode 100644
index 00000000000..2265354c4c7
--- /dev/null
+++ b/data/deprecations/15-4-create-deprecation-draft-quick-action-toggle.yml
@@ -0,0 +1,12 @@
+- name: "Toggle behavior of `/draft` quick action in merge requests"  # (required) The name of the feature to be deprecated
+  announcement_milestone: "15.4"  # (required) The milestone when this feature was first announced as deprecated.
+  announcement_date: "2022-09-22"  # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  removal_milestone: "16.0"  # (required) The milestone when this feature is planned to be removed
+  removal_date: "2022-05-22"# (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  breaking_change: true  # (required) If this deprecation is a breaking change, set this value to true
+  reporter: phikai  # (required) GitLab username of the person reporting the deprecation
+  stage: create  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/365365 # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    In order to make the behavior of toggling the draft status of a merge request more clear via a quick action, we're deprecating and removing the toggle behavior of the `/draft` quick action. Beginning with the 16.0 release of GitLab, `/draft` will only set a merge request to Draft and a new `/ready` quick action will be used to remove the draft status.
+  documentation_url: # (optional) This is a link to the current documentation page
diff --git a/data/deprecations/15-4-cs-docker-variables.yml b/data/deprecations/15-4-cs-docker-variables.yml
new file mode 100644
index 00000000000..37f2552ac00
--- /dev/null
+++ b/data/deprecations/15-4-cs-docker-variables.yml
@@ -0,0 +1,11 @@
+- name: "Container Scanning variables that reference Docker"
+  announcement_milestone: "15.4"
+  announcement_date: "2022-09-22"
+  removal_milestone: "16.0"
+  removal_date: "2023-05-22"
+  breaking_change: true
+  reporter: sam.white
+  stage: secure
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/371840
+  body: |
+    All Container Scanning variables that are prefixed by `DOCKER_` in variable name are deprecated. This includes the `DOCKER_IMAGE`, `DOCKER_PASSWORD`, `DOCKER_USER`, and `DOCKERFILE_PATH` variables. Support for these variables will be removed in the GitLab 16.0 release. Use the [new variable names](https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-cicd-variables) `CS_IMAGE`, `CS_REGISTRY_PASSWORD`, `CS_REGISTRY_USER`, and `CS_DOCKERFILE_PATH` in place of the deprecated names.
diff --git a/data/deprecations/15-4-deprecate-bundled-grafana.yml b/data/deprecations/15-4-deprecate-bundled-grafana.yml
new file mode 100644
index 00000000000..b6659e01c42
--- /dev/null
+++ b/data/deprecations/15-4-deprecate-bundled-grafana.yml
@@ -0,0 +1,17 @@
+- name: "Bundled Grafana deprecated"
+  announcement_milestone: "15.3"
+  announcement_date: "2022-08-22"
+  removal_milestone: "15.4"
+  removal_date: "2022-09-22"
+  breaking_change: false
+  reporter: dorrino
+  body: |  # Do not modify this line, instead modify the lines below.
+    In GitLab 15.4, we will be swapping the bundled Grafana to a fork of Grafana maintained by GitLab.
+
+    There was an [identified CVE for Grafana](https://nvd.nist.gov/vuln/detail/CVE-2022-31107), and to mitigate this security vulnerability, we must swap to our own fork because the older version of Grafana we were bundling is no longer receiving long-term support.
+
+    This is not expected to cause any incompatibilities with the previous version of Grafana. Neither when using our bundled version, nor when using an external instance of Grafana.
+  stage: Enablement
+  tiers: [Free, Premium, Ultimate]
+  issue_url: https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6972
+  documentation_url: https://docs.gitlab.com/ee/administration/monitoring/performance/grafana_configuration.html
diff --git a/data/deprecations/15-4-non-expiring-access-tokens.yml b/data/deprecations/15-4-non-expiring-access-tokens.yml
new file mode 100644
index 00000000000..c4becf9ed34
--- /dev/null
+++ b/data/deprecations/15-4-non-expiring-access-tokens.yml
@@ -0,0 +1,25 @@
+- name: "Non-expiring access tokens"
+  announcement_milestone: "15.4"
+  announcement_date: "2022-09-22"
+  removal_milestone: "16.0"
+  removal_date: "2023-05-22"
+  breaking_change: true
+  reporter: hsutor
+  body: |  # Do not modify this line, instead modify the lines below.
+    Access tokens that have no expiration date are valid indefinitely, which presents a security risk if the access token
+    is divulged. Because access tokens that have an exipiration date are better, from GitLab 15.3 we
+    [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
+
+    In GitLab 16.0, any [personal](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html),
+    [project](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html), or
+    [group](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html) access token that does not have an
+    expiration date will automatically have an expiration date set at one year.
+
+    We recommend giving your access tokens an expiration date in line with your company's security policies before the
+    default is applied:
+
+    - On GitLab.com during the 16.0 milestone.
+    - On GitLab self-managed instances when they are upgraded to 16.0.
+  stage: Manage
+  tiers: [Free, Premium, Ultimate]
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369122
diff --git a/data/deprecations/15-4-starboard-directive.yml b/data/deprecations/15-4-starboard-directive.yml
new file mode 100644
index 00000000000..07b7cdf7fd6
--- /dev/null
+++ b/data/deprecations/15-4-starboard-directive.yml
@@ -0,0 +1,11 @@
+- name: "Starboard directive in the config for the GitLab Agent for Kubernetes"
+  announcement_milestone: "15.4"
+  announcement_date: "2022-09-22"
+  removal_milestone: "16.0"
+  removal_date: "2023-05-22"
+  breaking_change: true
+  reporter: sam.white
+  stage: secure
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/368828
+  body: |
+    GitLab's operational container scanning capabilities no longer require starboard to be installed. Consequently, use of the `starboard:` directive in the configuration file for the GitLab Agent for Kubernetes is now deprecated and is scheduled for removal in GitLab 16.0. Update your configuration file to use the `container_scanning:` directive.
diff --git a/data/deprecations/16-0-security_report_schemas_v14-x-x.yml b/data/deprecations/16-0-security_report_schemas_v14-x-x.yml
index 3487deaf5a7..46f6012a7db 100644
--- a/data/deprecations/16-0-security_report_schemas_v14-x-x.yml
+++ b/data/deprecations/16-0-security_report_schemas_v14-x-x.yml
@@ -2,8 +2,8 @@
 # REQUIRED FIELDS
 #
 - name: "Security report schemas version 14.x.x"  # (required) the name of the feature being removed. Avoid the words `deprecation`, `deprecate`, `removal`, and `remove` in this field because these are implied.
-  announcement_milestone: "15.8"  # (required) The milestone when this feature was deprecated.
-  announcement_date: "2023-01-22"  # (required) The date of the milestone release when this feature was deprecated. This should almost always be the 22nd of a month (YYYY-MM-DD), unless you did an out of band blog post.
+  announcement_milestone: "15.3"  # (required) The milestone when this feature was deprecated.
+  announcement_date: "2022-08-22"  # (required) The date of the milestone release when this feature was deprecated. This should almost always be the 22nd of a month (YYYY-MM-DD), unless you did an out of band blog post.
   removal_milestone: "16.0"  # (required) The milestone when this feature is being removed.
   removal_date: "2023-05-22"  # (required) This should almost always be the 22nd of a month (YYYY-MM-DD), the date of the milestone release when this feature will be removed.
   breaking_change: true  # (required) Change to true if this removal is a breaking change.
@@ -11,17 +11,19 @@
   stage: Secure  # (required) String value of the stage that the feature was created in. e.g., Growth
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/366477  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
-    All [security report schema](https://gitlab.com/gitlab-org/security-products/security-report-schemas) versions before 15.0.0 are considered deprecated in GitLab %15.8. Specifically, all [schemas](https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/lib/ee/gitlab/ci/parsers/security/validators/schemas) that match 14.*.* will be deprecated.
+    Version 14.x.x [security report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas) are deprecated.
 
-    Please note that any [security report scanner integration](https://docs.gitlab.com/ee/development/integrations/secure.html) with GitLab using a deprecated schema version will result in a deprecation warning as a result of [report validation](https://docs.gitlab.com/ee/development/integrations/secure.html#report-validation).
+    In GitLab 15.8 and later, [security report scanner integrations](https://docs.gitlab.com/ee/development/integrations/secure.html) that use schema version 14.x.x will display a deprecation warning in the pipeline's **Security** tab.
 
-    See [Security report validation](https://docs.gitlab.com/ee/user/application_security/#security-report-validation) for more information.
+    In GitLab 16.0 and later, the feature will be removed. Security reports that use schema version 14.x.x will cause an error in the pipeline's **Security** tab.
+
+    For more information, refer to [security report validation](https://docs.gitlab.com/ee/user/application_security/#security-report-validation).
 #
 # OPTIONAL FIELDS
 #
-  end_of_support_milestone: "15.8" # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
-  end_of_support_date: "2023-01-22" # (optional) The date of the milestone release when support for this feature will end.
-  tiers: [Ultimate] # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  end_of_support_date:  # (optional) The date of the milestone release when support for this feature will end.
+  tiers: [Ultimate]  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
   documentation_url:  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/templates/_deprecation_template.md.erb b/data/deprecations/templates/_deprecation_template.md.erb
index 93713a5e407..0725ce2891e 100644
--- a/data/deprecations/templates/_deprecation_template.md.erb
+++ b/data/deprecations/templates/_deprecation_template.md.erb
@@ -53,7 +53,7 @@ sole discretion of GitLab Inc.
 ### <%= deprecation["name"]%>
 
 <% if deprecation["end_of_support_milestone"] -%>
-End of Support: GitLab <span class="removal-milestone"><%= deprecation["end_of_support_milestone"]%></span> (<%= deprecation["end_of_support_date"]%>)
+End of Support: GitLab <span class="removal-milestone"><%= deprecation["end_of_support_milestone"]%></span> (<%= deprecation["end_of_support_date"]%>)<br />
 <% end -%>
 Planned removal: GitLab <span class="removal-milestone"><%= deprecation["removal_milestone"]%></span> (<%= deprecation["removal_date"]%>)
 <% if deprecation["breaking_change"] -%>
diff --git a/data/deprecations/templates/example.yml b/data/deprecations/templates/example.yml
index c69ebe2c768..e5e04e5d216 100644
--- a/data/deprecations/templates/example.yml
+++ b/data/deprecations/templates/example.yml
@@ -1,12 +1,11 @@
 # This is a template for a feature deprecation.
 #
-# Please refer to the deprecation guidelines to confirm your understanding of GitLab's definitions.
+# Please refer to the deprecation guidelines to confirm your understanding of the
+# definitions for "Deprecation", "End of Support", and "Removal":
 # https://docs.gitlab.com/ee/development/deprecation_guidelines/#terminology
 #
 # Deprecations must be announced at least three releases prior to removal.
-#
-# If an End of Support period applies, the announcement should be shared with GitLab Support
-# in the `#spt_managers` on Slack and mention `@gitlab-com/support` in this MR.
+# See the OPTIONAL END OF SUPPORT FIELDS section below if an End of Support period also applies.
 #
 # Breaking changes must happen in a major release.
 #
@@ -35,10 +34,16 @@
 
     END OF BODY COMMENT -->
 #
-# OPTIONAL FIELDS
+# OPTIONAL END OF SUPPORT FIELDS
+#
+# If an End of Support period applies, the announcement should be shared with GitLab Support
+# in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
 #
   end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
   end_of_support_date:  # (optional) The date of the milestone release when support for this feature will end.
+#
+# OTHER OPTIONAL FIELDS
+#
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
   documentation_url:  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
diff --git a/data/removals/15_0/15-0-remove-background-upload-object-storage.yml b/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
index 16aab3d14c2..dac96032359 100644
--- a/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
+++ b/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
@@ -43,9 +43,8 @@
         gitlab_rails['env'] = { 'GITLAB_LEGACY_BACKGROUND_UPLOADS' => 'artifacts,external_diffs,lfs,uploads,packages,dependency_proxy,terraform_state,pages' }
         ```
 
-    Prefixes will be supported officially in [GitLab 15.2](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91307).
-    This workaround will be dropped, so we encourage migrating to consolidated object storage.
-
+    Support for prefixes was restored in GitLab 15.2 via [this MR](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91307).
+    Support for setting `GITLAB_LEGACY_BACKGROUND_UPLOADS` will be removed in GitLab 15.4.
 
   stage: Enablement
   tiers: [Core, Premium, Ultimate]
diff --git a/data/removals/15_3/15-3-vulnerability-report-state-sort.yml b/data/removals/15_3/15-3-vulnerability-report-state-sort.yml
new file mode 100644
index 00000000000..3ba5b451718
--- /dev/null
+++ b/data/removals/15_3/15-3-vulnerability-report-state-sort.yml
@@ -0,0 +1,25 @@
+#
+# REQUIRED FIELDS
+#
+- name: "Vulnerability Report sort by State"  # (required) the name of the feature being removed. Avoid the words `deprecation`, `deprecate`, `removal`, and `remove` in this field because these are implied.
+  announcement_milestone: "15.0"  # (required) The milestone when this feature was deprecated.
+  announcement_date: "2022-05-22"  # (required) The date of the milestone release when this feature was deprecated. This should almost always be the 22nd of a month (YYYY-MM-DD), unless you did an out of band blog post.
+  removal_milestone: "15.3"  # (required) The milestone when this feature is being removed.
+  removal_date: "2022-08-22"  # (required) This should almost always be the 22nd of a month (YYYY-MM-DD), the date of the milestone release when this feature will be removed.
+  breaking_change: false  # (required) Change to true if this removal is a breaking change.
+  reporter: matt_wilson  # (required) GitLab username of the person reporting the removal
+  stage: Secure  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/360516  # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    The ability to sort the Vulnerability Report by the `State` column was disabled and put behind a feature flag in GitLab 14.10 due to a refactor
+    of the underlying data model. The feature flag has remained off by default as further refactoring will be required to ensure sorting
+    by this value remains performant. Due to very low usage of the `State` column for sorting, the feature flag is instead removed in 15.3 to simplify the codebase and prevent any unwanted performance degradation.
+#
+# OPTIONAL FIELDS
+#
+  end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  end_of_support_date:  # (optional) The date of the milestone release when support for this feature will end.
+  tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url:  # (optional) This is a link to the current documentation page
+  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
+  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/removals/15_3/15-3-vulnerability-report-tool-sort.yml b/data/removals/15_3/15-3-vulnerability-report-tool-sort.yml
new file mode 100644
index 00000000000..9aba5ca5ee7
--- /dev/null
+++ b/data/removals/15_3/15-3-vulnerability-report-tool-sort.yml
@@ -0,0 +1,26 @@
+#
+# REQUIRED FIELDS
+#
+- name: "Vulnerability Report sort by Tool"  # (required) the name of the feature being removed. Avoid the words `deprecation`, `deprecate`, `removal`, and `remove` in this field because these are implied.
+  announcement_milestone: "15.1"  # (required) The milestone when this feature was deprecated.
+  announcement_date: "2022-06-22"  # (required) The date of the milestone release when this feature was deprecated. This should almost always be the 22nd of a month (YYYY-MM-DD), unless you did an out of band blog post.
+  removal_milestone: "15.3"  # (required) The milestone when this feature is being removed.
+  removal_date: "2022-08-22"  # (required) This should almost always be the 22nd of a month (YYYY-MM-DD), the date of the milestone release when this feature will be removed.
+  breaking_change: false  # (required) Change to true if this removal is a breaking change.
+  reporter: matt_wilson  # (required) GitLab username of the person reporting the removal
+  stage: Secure  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/363138  # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    The ability to sort the Vulnerability Report by the `Tool` column (scan type) was disabled and put behind a feature flag in GitLab 14.10 due to a refactor
+    of the underlying data model. The feature flag has remained off by default as further refactoring will be required to ensure sorting
+    by this value remains performant. Due to very low usage of the `Tool` column for sorting, the feature flag is instead removed in
+    GitLab 15.3 to simplify the codebase and prevent any unwanted performance degradation.
+#
+# OPTIONAL FIELDS
+#
+  end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  end_of_support_date:  # (optional) The date of the milestone release when support for this feature will end.
+  tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url:  # (optional) This is a link to the current documentation page
+  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
+  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/removals/15_3/removal_debian9.yml b/data/removals/15_3/removal_debian9.yml
new file mode 100644
index 00000000000..5438922173f
--- /dev/null
+++ b/data/removals/15_3/removal_debian9.yml
@@ -0,0 +1,6 @@
+- name: "Support for Debian 9"
+  removal_date: Aug 22, 2022  # day the removal was released
+  removal_milestone: "15.3"
+  reporter: dorrino  # GitLab username of the person reporting the removal
+  body: |
+    Long term service and support (LTSS) for [Debian 9 Stretch ended in July 2022](https://wiki.debian.org/LTS). Therefore, we will no longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
diff --git a/data/removals/15_4/15-4-sast-analyzer-consolidation.yml b/data/removals/15_4/15-4-sast-analyzer-consolidation.yml
new file mode 100644
index 00000000000..825fb2b4bfc
--- /dev/null
+++ b/data/removals/15_4/15-4-sast-analyzer-consolidation.yml
@@ -0,0 +1,30 @@
+- name: "SAST analyzer consolidation and CI/CD template changes"
+  announcement_milestone: "14.8"
+  announcement_date: "2022-02-22"
+  removal_milestone: "15.4"
+  removal_date: "2022-09-22"
+  breaking_change: true
+  reporter: connorgilbert
+  stage: Secure
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352554
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    We have replaced the GitLab SAST [analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) for certain languages in GitLab 15.4 as part of our long-term strategy to deliver a more consistent user experience, faster scan times, and reduced CI minute usage.
+
+    Starting from GitLab 15.4, the [GitLab-managed SAST CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) uses [Semgrep-based scanning](https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#transition-to-semgrep-based-scanning) instead of the following analyzers:
+
+    - [ESLint](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) for JavaScript, TypeScript, React
+    - [Gosec](https://gitlab.com/gitlab-org/security-products/analyzers/gosec) for Go
+    - [Bandit](https://gitlab.com/gitlab-org/security-products/analyzers/bandit) for Python
+    - [SpotBugs](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) for Java
+
+    We will no longer make any updates to the ESLint-, Gosec-, and Bandit-based analyzers.
+    The SpotBugs-based analyzer will continue to be used for Groovy, Kotlin, and Scala scanning.
+
+    We won't delete container images previously published for these analyzers, so older versions of the CI/CD template will continue to work.
+
+    If you changed the default GitLab SAST configuration, you may need to update your configuration as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352554#actions-required).
+# The following items are not published on the docs page, but may be used in the future.
+  tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url: https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#transition-to-semgrep-based-scanning  # (optional) This is a link to the current documentation page
+  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
+  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/removals/templates/example.yml b/data/removals/templates/example.yml
index 3674583cd7d..8d7d694be26 100644
--- a/data/removals/templates/example.yml
+++ b/data/removals/templates/example.yml
@@ -32,8 +32,6 @@
 #
 # OPTIONAL FIELDS
 #
-  end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
-  end_of_support_date:  # (optional) The date of the milestone release when support for this feature will end.
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
   documentation_url:  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature