Add latest changes from gitlab-org/gitlab@master

13 files changed, 58 insertions, 21 deletions

diff --git a/doc/administration/auth/jwt.md b/doc/administration/auth/jwt.md
index 9994b374038..bdcd6fc89cc 100644
--- a/doc/administration/auth/jwt.md
+++ b/doc/administration/auth/jwt.md
@@ -70,6 +70,9 @@ JWT provides you with a secret key for you to use.
    For more information on each configuration option refer to
    the [OmniAuth JWT usage documentation](https://github.com/mbleigh/omniauth-jwt#usage).
 
+   WARNING:
+   Incorrectly configuring these settings can result in an insecure instance.
+
 1. Change `YOUR_APP_SECRET` to the client secret and set `auth_url` to your redirect URL.
 1. Save the configuration file.
 1. For the changes to take effect:
diff --git a/doc/administration/geo/index.md b/doc/administration/geo/index.md
index 31de7f5c62f..be12ec97441 100644
--- a/doc/administration/geo/index.md
+++ b/doc/administration/geo/index.md
@@ -199,7 +199,8 @@ This list of limitations only reflects the latest version of GitLab. If you are
 - [Pages access control](../../user/project/pages/pages_access_control.md) doesn't work on secondaries. See [GitLab issue #9336](https://gitlab.com/gitlab-org/gitlab/-/issues/9336) for details.
 - [GitLab chart with Geo](https://docs.gitlab.com/charts/advanced/geo/) does not support [Unified URLs](secondary_proxy/index.md#set-up-a-unified-url-for-geo-sites). See [GitLab issue #3522](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3522) for more details.
 - [Disaster recovery](disaster_recovery/index.md) for multi-secondary sites causes downtime due to the complete re-synchronization and re-configuration of all non-promoted secondaries.
-- For Git over SSH, secondary sites must use the same port as the primary. [GitLab issue #339262](https://gitlab.com/gitlab-org/gitlab/-/issues/339262) proposes to remove this limitation.
+- For Git over SSH, to make the project clone URL display correctly regardless of which site you are browsing, secondary sites must use the same port as the primary. [GitLab issue #339262](https://gitlab.com/gitlab-org/gitlab/-/issues/339262) proposes to remove this limitation.
+- Git push over SSH against a secondary site does not work for pushes over 1.86 GB. [GitLab issue #413109](https://gitlab.com/gitlab-org/gitlab/-/issues/413109) tracks this bug.
 
 ### Limitations on replication/verification
 
@@ -275,7 +276,7 @@ For information on configuring Geo for multiple nodes, see [Geo for multiple ser
 
 ### Configuring Geo with Object Storage
 
-For information on configuring Geo with object storage, see [Geo with Object storage](replication/object_storage.md).
+For information on configuring Geo with Object storage, see [Geo with Object storage](replication/object_storage.md).
 
 ### Disaster Recovery
 
diff --git a/doc/administration/geo/replication/object_storage.md b/doc/administration/geo/replication/object_storage.md
index 8128eaf5310..b39acf2466d 100644
--- a/doc/administration/geo/replication/object_storage.md
+++ b/doc/administration/geo/replication/object_storage.md
@@ -9,7 +9,7 @@ type: howto
 
 Geo can be used in combination with Object Storage (AWS S3, or other compatible object storage).
 
-Currently, **secondary** sites can use either:
+**Secondary** sites can use one of the following:
 
 - The same storage bucket as the **primary** site.
 - A replicated storage bucket.
diff --git a/doc/administration/geo/setup/index.md b/doc/administration/geo/setup/index.md
index 20661aead5f..3f3a5c29e78 100644
--- a/doc/administration/geo/setup/index.md
+++ b/doc/administration/geo/setup/index.md
@@ -18,8 +18,8 @@ type: howto
 
 - Ensure the **primary** site has a [GitLab Premium or Ultimate](https://about.gitlab.com/pricing/) subscription to unlock Geo. You only need one license for all the sites.
 - Confirm the [requirements for running Geo](../index.md#requirements-for-running-geo) are met by all sites. For example, sites must use the same GitLab version, and sites must be able to communicate with each other over certain ports.
-- Confirm the **primary** and **secondary** site storage configurations match. If the primary Geo site uses object storage, the secondary Geo site must use it too. See [Geo with Object storage] (../replication/object_storage.md) for more details.
-- Ensure clocks are synchronized between the **primary** site and the **secondary** site. Synchronized clocks are required for Geo to function correctly. For example, if the clock drift between the **primary** and **secondary** sites exceeds 1 minute, replication will fail.
+- Confirm the **primary** and **secondary** site storage configurations match. If the primary Geo site uses object storage, the secondary Geo site must use it too. For more information, see [Geo with Object storage](../replication/object_storage.md).
+- Ensure clocks are synchronized between the **primary** site and the **secondary** site. Synchronized clocks are required for Geo to function correctly. For example, if the clock drift between the **primary** and **secondary** sites exceeds 1 minute, replication fails.
 
 ## Using Omnibus GitLab
 
diff --git a/doc/api/groups.md b/doc/api/groups.md
index 9b683ca8e1c..91c6611f62d 100644
--- a/doc/api/groups.md
+++ b/doc/api/groups.md
@@ -1269,6 +1269,32 @@ Example response:
 ]
 ```
 
+## Service Accounts **(PREMIUM)**
+
+### Create Service Account User
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/407775) in GitLab 16.1.
+
+Creates a service account user with an auto-generated email address and username.
+
+```plaintext
+POST /groups/:id/service_accounts
+```
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/345/service_accounts"
+```
+
+Example response:
+
+```json
+{
+  "id": 57,
+  "username": "service_account_group_345_6018816a18e515214e0c34c2b33523fc",
+  "name": "Service account user"
+}
+```
+
 ## Hooks **(PREMIUM)**
 
 Also called Group Hooks and Webhooks.
diff --git a/doc/api/users.md b/doc/api/users.md
index 809d1474803..a69bae1c2cf 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -992,6 +992,20 @@ Example response:
 }
 ```
 
+## Create Service Account User **(PREMIUM)**
+
+> Ability to create a service account user was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/406782) in GitLab 16.1
+
+Creates a service account user with an auto-generated email address and username.
+
+```plaintext
+POST /service_accounts
+```
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/service_accounts"
+```
+
 ## List user projects
 
 See the [list of user projects](projects.md#list-user-projects).
diff --git a/doc/architecture/blueprints/ci_pipeline_components/img/catalogs.png b/doc/architecture/blueprints/ci_pipeline_components/img/catalogs.png
index 9353c5266e5..8c83aede186 100644
--- a/doc/architecture/blueprints/ci_pipeline_components/img/catalogs.png
+++ b/doc/architecture/blueprints/ci_pipeline_components/img/catalogs.png
diff --git a/doc/development/documentation/styleguide/word_list.md b/doc/development/documentation/styleguide/word_list.md
index 8a08fcd0cc8..83efbc5ab15 100644
--- a/doc/development/documentation/styleguide/word_list.md
+++ b/doc/development/documentation/styleguide/word_list.md
@@ -128,6 +128,10 @@ The token generated when you create an agent for Kubernetes. Use **agent access
 - secret token
 - authentication token
 
+## AI, artificial intelligence
+
+Use **AI**. Do not spell out **artificial intelligence**.
+
 ## air gap, air-gapped
 
 Use **offline environment** to describe installations that have physical barriers or security policies that prevent or limit internet access. Do not use **air gap**, **air gapped**, or **air-gapped**. For example:
diff --git a/doc/user/admin_area/settings/instance_template_repository.md b/doc/user/admin_area/settings/instance_template_repository.md
index 026782ae83b..dc80fd88820 100644
--- a/doc/user/admin_area/settings/instance_template_repository.md
+++ b/doc/user/admin_area/settings/instance_template_repository.md
@@ -43,7 +43,6 @@ are supported:
 | `.gitignore`            | `gitignore`          | `.gitignore`  |
 | `.gitlab-ci.yml`        | `gitlab-ci`          | `.yml`        |
 | `LICENSE`               | `LICENSE`            | `.txt`        |
-| `metrics-dashboard.yml` | `metrics-dashboards` | `.yml`        |
 
 Each template must go in its respective subdirectory, have the correct
 extension and not be empty. So, the hierarchy should look like this:
@@ -62,9 +61,6 @@ extension and not be empty. So, the hierarchy should look like this:
 |-- LICENSE
     |-- custom_license.txt
     |-- another_license.txt
-|-- metrics-dashboards
-    |-- custom_metrics-dashboard.yml
-    |-- another_metrics-dashboard.yml
 ```
 
 Your custom templates are displayed on the dropdown list when a new file is added through the GitLab UI:
diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md
index b613b0cc33e..46f6dd63d3f 100644
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -2606,14 +2606,6 @@ deploy-test-target:
       - environment_url.txt
 ```
 
-<!--
-### Target Container
-
-The API Fuzzing template supports launching a docker container containing an API target using docker-in-docker.
-
-TODO
--->
-
 ### Use OpenAPI with an invalid schema
 
 There are cases where the document is autogenerated with an invalid schema or cannot be edited manually in a timely manner. In those scenarios, the API Fuzzing is able to perform a relaxed validation by setting the variable `FUZZAPI_OPENAPI_RELAXED_VALIDATION`. We recommend providing a fully compliant OpenAPI document to prevent unexpected behaviors.
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index 1f07e9a5eb7..be89fbc6800 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -107,7 +107,8 @@ Secret Detection can detect if a secret was added in one commit and removed in a
 
   In a merge request, Secret Detection scans every commit made on the source branch. To use this
   feature, you must use the [`latest` Secret Detection template](#templates), as it supports
-  [merge request pipelines](../../../ci/pipelines/merge_request_pipelines.md).
+  [merge request pipelines](../../../ci/pipelines/merge_request_pipelines.md). Secret Detection's
+  results are only available after the pipeline is completed.
 
 ## Templates
 
@@ -116,7 +117,7 @@ provided with GitLab upgrades, allowing you to benefit from any improvements and
 
 Available templates:
 
-- [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml): Stable version of the Secret Detection CI/CD template.
+- [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml): Stable, default version of the Secret Detection CI/CD template.
 - [`Secret-Detection.latest.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml): Latest version of the Secret Detection template.
 
 WARNING:
diff --git a/doc/user/img/explain_this_vulnerability.png b/doc/user/img/explain_this_vulnerability.png
index 0880ad5f875..bb938241911 100644
--- a/doc/user/img/explain_this_vulnerability.png
+++ b/doc/user/img/explain_this_vulnerability.png
diff --git a/doc/user/packages/generic_packages/index.md b/doc/user/packages/generic_packages/index.md
index e6ee4caa5d4..d24808674dc 100644
--- a/doc/user/packages/generic_packages/index.md
+++ b/doc/user/packages/generic_packages/index.md
@@ -225,12 +225,12 @@ If you are receiving `HTTP 500: Internal Server Error` responses when publishing
 # Consolidated Object Storage settings
 gitlab_rails['object_store']['connection'] = {
   # Other connection settings
-  `aws_signature_version` => '4'
+  'aws_signature_version' => '4'
 }
 # OR 
 # Storage-specific form settings
 gitlab_rails['packages_object_store_connection'] = {
   # Other connection settings
-  `aws_signature_version` => '4'
+  'aws_signature_version' => '4'
 }
 ```