Add latest changes from gitlab-org/gitlab@master

16 files changed, 26 insertions, 35 deletions

diff --git a/doc/api/repository_files.md b/doc/api/repository_files.md
index 1db614fce36..f3546610ea2 100644
--- a/doc/api/repository_files.md
+++ b/doc/api/repository_files.md
@@ -213,6 +213,7 @@ GET /projects/:id/repository/files/:file_path/raw
 |-------------|----------------|----------|------------|
 | `id`        | integer or string | yes   | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
 | `file_path` | string         | yes      | URL-encoded full path to new file, such as `lib%2Fclass%2Erb`. |
+| `lfs`       | boolean         | yes      | Determines if the response should be Git LFS file contents, rather than the pointer. If the file is not tracked by Git LFS, ignored. Defaults to `false`. |
 | `ref`       | string         | yes      | The name of branch, tag or commit. Default is the `HEAD` of the project. |
 
 ```shell
diff --git a/doc/api/vulnerabilities.md b/doc/api/vulnerabilities.md
index b82e2b6cbdd..6ee2bbf9811 100644
--- a/doc/api/vulnerabilities.md
+++ b/doc/api/vulnerabilities.md
@@ -23,9 +23,9 @@ instead. See the [GraphQL examples](#replace-vulnerability-rest-api-with-graphql
 
 Every API call to vulnerabilities must be [authenticated](index.md#authentication).
 
-Vulnerability permissions inherit permissions from their project. If a project is
-private, and a user isn't a member of the project to which the vulnerability
-belongs, requests to that project returns a `404 Not Found` status code.
+If an authenticated user does not have permission to
+[view vulnerabilities](../user/permissions.md#project-members-permissions),
+this request returns a `403 Forbidden` status code.
 
 ## Single vulnerability
 
diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md
index 8c166c2ba2a..94f373c1c0a 100644
--- a/doc/api/vulnerability_exports.md
+++ b/doc/api/vulnerability_exports.md
@@ -19,14 +19,11 @@ Every API call to vulnerability exports must be [authenticated](index.md#authent
 
 Creates a new vulnerability export for a project.
 
-Vulnerability export permissions inherit permissions from their project. If a project is
-private and a user isn't a member of the project to which the vulnerability
-belongs, requests to that project return a `404 Not Found` status code.
-Vulnerability exports can be only accessed by the export's author.
-
 If an authenticated user doesn't have permission to
 [create a new vulnerability](../user/permissions.md#project-members-permissions),
-this request results in a `403` status code.
+this request returns a `403 Forbidden` status code.
+
+Vulnerability exports can be only accessed by the export's author.
 
 ```plaintext
 POST /security/projects/:id/vulnerability_exports
@@ -65,14 +62,11 @@ Example response:
 
 Creates a new vulnerability export for a group.
 
-Vulnerability export permissions inherit permissions from their group. If a group is
-private and a user isn't a member of the group to which the vulnerability
-belongs, requests to that group return a `404 Not Found` status code.
-Vulnerability exports can be only accessed by the export's author.
-
 If an authenticated user doesn't have permission to
 [create a new vulnerability](../user/permissions.md#group-members-permissions),
-this request results in a `403` status code.
+this request returns a `403 Forbidden` status code.
+
+Vulnerability exports can be only accessed by the export's author.
 
 ```plaintext
 POST /security/groups/:id/vulnerability_exports
diff --git a/doc/api/vulnerability_findings.md b/doc/api/vulnerability_findings.md
index a236960bc68..89acbdee98a 100644
--- a/doc/api/vulnerability_findings.md
+++ b/doc/api/vulnerability_findings.md
@@ -16,13 +16,9 @@ To fix any broken integrations with the former Vulnerabilities API, change the `
 
 Every API call to vulnerability findings must be [authenticated](index.md#authentication).
 
-Vulnerability findings are project-bound entities. If a user is not
-a member of a project and the project is private, a request on
-that project results in a `404` status code.
-
-If a user is able to access the project but does not have permission to
+If a user does not have permission to
 [use the Project Security Dashboard](../user/permissions.md#project-members-permissions),
-any request for vulnerability findings of this project results in a `403` status code.
+any request for vulnerability findings of this project returns a `403 Forbidden` status code.
 
 WARNING:
 This API is in the process of being deprecated and considered unstable.
diff --git a/doc/ci/examples/php.md b/doc/ci/examples/php.md
index 2d0c6382dd8..a83bcf69491 100644
--- a/doc/ci/examples/php.md
+++ b/doc/ci/examples/php.md
@@ -246,7 +246,7 @@ the [SSH keys](../ssh_keys/index.md) to be able to clone it.
 ## Use databases or other services
 
 Most of the time, you need a running database for your tests to be able to
-run. If you're using the Docker executor, you can leverage Docker's ability to
+run. If you're using the Docker executor, you can leverage Docker to
 link to other containers. With GitLab Runner, this can be achieved by defining
 a `service`.
 
diff --git a/doc/ci/jobs/ci_job_token.md b/doc/ci/jobs/ci_job_token.md
index 1e7b389c84a..d95451a67dc 100644
--- a/doc/ci/jobs/ci_job_token.md
+++ b/doc/ci/jobs/ci_job_token.md
@@ -54,7 +54,7 @@ To make sure that this token doesn't leak, GitLab:
 To make sure that this token doesn't leak, you should also configure
 your [runners](../runners/index.md) to be secure. Avoid:
 
-- Using Docker's `privileged` mode if the machines are re-used.
+- Using Docker `privileged` mode if the machines are re-used.
 - Using the [`shell` executor](https://docs.gitlab.com/runner/executors/shell.html) when jobs
   run on the same machine.
 
diff --git a/doc/ci/pipelines/pipeline_efficiency.md b/doc/ci/pipelines/pipeline_efficiency.md
index 276a03cb480..0952fdf1f8f 100644
--- a/doc/ci/pipelines/pipeline_efficiency.md
+++ b/doc/ci/pipelines/pipeline_efficiency.md
@@ -219,7 +219,7 @@ that download and run faster.
 
 Try to use custom Docker images with the software pre-installed. It's usually much
 faster to download a larger pre-configured image than to use a common image and install
-software on it each time. Docker's [Best practices for writing Dockerfiles](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/)
+software on it each time. The Docker [Best practices for writing Dockerfiles article](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/)
 has more information about building efficient Docker images.
 
 Methods to reduce Docker image size:
diff --git a/doc/ci/services/index.md b/doc/ci/services/index.md
index be4cdbd10f9..beebaa6d03f 100644
--- a/doc/ci/services/index.md
+++ b/doc/ci/services/index.md
@@ -260,7 +260,7 @@ test:
 | Setting    | Required | GitLab version | Description |
 |------------|----------|----------------| ----------- |
 | `name`       | yes, when used with any other option  | 9.4 | Full name of the image to use. If the full image name includes a registry hostname, use the `alias` option to define a shorter service access name. For more information, see [Accessing the services](#accessing-the-services). |
-| `entrypoint` | no     | 9.4 |Command or script to execute as the container's entrypoint. It's translated to Docker's `--entrypoint` option while creating the container. The syntax is similar to [`Dockerfile`'s `ENTRYPOINT`](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, where each shell token is a separate string in the array. |
+| `entrypoint` | no     | 9.4 |Command or script to execute as the container's entrypoint. It's translated to the Docker `--entrypoint` option while creating the container. The syntax is similar to [`Dockerfile`'s `ENTRYPOINT`](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, where each shell token is a separate string in the array. |
 | `command`    | no       | 9.4 |Command or script that should be used as the container's command. It's translated to arguments passed to Docker after the image's name. The syntax is similar to [`Dockerfile`'s `CMD`](https://docs.docker.com/engine/reference/builder/#cmd) directive, where each shell token is a separate string in the array. |
 | `alias` (1)     | no       | 9.4 | Additional alias that can be used to access the service from the job's container. Read [Accessing the services](#accessing-the-services) for more information. |
 | `variables` (2)     | no       | 14.5 | Additional environment variables that are passed exclusively to the service. The syntax is the same as [Job Variables](../variables/index.md). |
diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md
index 925f948e118..04e5d809e44 100644
--- a/doc/development/api_graphql_styleguide.md
+++ b/doc/development/api_graphql_styleguide.md
@@ -2223,7 +2223,7 @@ end
   [Adding field with resolver on a Type causes "Can't determine the return type " error on a different Type](https://github.com/rmosolgo/graphql-ruby/issues/3974).
 
   Unfortunately, the errors generated don't really indicate what the problem is. For example,
-  remove the quotes from the `Rspec.descrbe` in
+  remove the quotes from the `Rspec.describe` in
   [ee/spec/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver_spec.rb](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/spec/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver_spec.rb).
   Then run `rspec ee/spec/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver_spec.rb`.
 
diff --git a/doc/install/docker.md b/doc/install/docker.md
index 51ff1f02ba5..2464f43dc23 100644
--- a/doc/install/docker.md
+++ b/doc/install/docker.md
@@ -407,8 +407,8 @@ port `2289`:
    ```
 
    NOTE:
-   The format for publishing ports is `hostPort:containerPort`. Read more in
-   Docker's documentation about
+   The format for publishing ports is `hostPort:containerPort`. Read more in the
+   Docker documentation about
    [exposing incoming ports](https://docs.docker.com/engine/reference/run/#/expose-incoming-ports).
 
 1. Enter the running container:
@@ -720,7 +720,7 @@ purpose.
 
 ### Docker containers exhausts space due to the `json-file`
 
-Docker's [default logging driver is `json-file`](https://docs.docker.com/config/containers/logging/configure/#configure-the-default-logging-driver), which performs no log rotation by default. As a result of this lack of rotation, log files stored by the `json-file` driver can consume a significant amount of disk space for containers that generate a lot of output. This can lead to disk space exhaustion. To address this, use [`journald`](https://docs.docker.com/config/containers/logging/journald/) as the logging driver when available, or [another supported driver](https://docs.docker.com/config/containers/logging/configure/#supported-logging-drivers) with native rotation support.
+Docker uses the [`json-file` default logging driver](https://docs.docker.com/config/containers/logging/configure/#configure-the-default-logging-driver), which performs no log rotation by default. As a result of this lack of rotation, log files stored by the `json-file` driver can consume a significant amount of disk space for containers that generate a lot of output. This can lead to disk space exhaustion. To address this, use [`journald`](https://docs.docker.com/config/containers/logging/journald/) as the logging driver when available, or [another supported driver](https://docs.docker.com/config/containers/logging/configure/#supported-logging-drivers) with native rotation support.
 
 ### Buffer overflow error when starting Docker
 
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index f7c8b01e694..e198f967eea 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -567,7 +567,7 @@ and you may be able to make occasional updates on your own.
 
 For more information, see [the specific steps on how to update an image with a pipeline](#automating-container-scanning-vulnerability-database-updates-with-a-pipeline).
 
-For details on saving and transporting Docker images as a file, see Docker's documentation on
+For details on saving and transporting Docker images as a file, see the Docker documentation on
 [`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
 [`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
 
diff --git a/doc/user/application_security/dast/run_dast_offline.md b/doc/user/application_security/dast/run_dast_offline.md
index 05c6b74fbcd..7cb4eff8e68 100644
--- a/doc/user/application_security/dast/run_dast_offline.md
+++ b/doc/user/application_security/dast/run_dast_offline.md
@@ -39,7 +39,7 @@ process by which external resources can be imported or temporarily accessed.
 These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
 with new definitions, and you may be able to make occasional updates on your own.
 
-For details on saving and transporting Docker images as a file, see Docker's documentation on
+For details on saving and transporting Docker images as a file, see the Docker documentation on
 [`docker save`](https://docs.docker.com/engine/reference/commandline/save/),
 [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
 [`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index 621b4847c60..b4e6e058e6d 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -996,7 +996,7 @@ process by which external resources can be imported or temporarily accessed.
 These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
 with new definitions, and you may be able to make occasional updates on your own.
 
-For details on saving and transporting Docker images as a file, see Docker's documentation on
+For details on saving and transporting Docker images as a file, see the Docker documentation on
 [`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
 [`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
 
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index b1bc9794ced..aacb783beb7 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -694,7 +694,7 @@ The process for importing Docker images into a local offline Docker registry dep
 process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
 with new definitions, and you may be able to make occasional updates on your own.
 
-For details on saving and transporting Docker images as a file, see Docker's documentation on
+For details on saving and transporting Docker images as a file, see the Docker documentation on
 [`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
 [`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
 
diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md
index ca079e9e1af..34434ef046a 100644
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@@ -660,7 +660,7 @@ The process for importing Docker images into a local offline Docker registry dep
 process by which external resources can be imported or temporarily accessed. Note that these scanners are [updated periodically](../../application_security/index.md#vulnerability-scanner-maintenance)
 with new definitions, so consider if you are able to make periodic updates yourself.
 
-For details on saving and transporting Docker images as a file, see Docker's documentation on
+For details on saving and transporting Docker images as a file, see the Docker documentation on
 [`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
 [`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
 
diff --git a/doc/user/packages/container_registry/reduce_container_registry_data_transfer.md b/doc/user/packages/container_registry/reduce_container_registry_data_transfer.md
index 74cbcba2ffc..0ce9635e05a 100644
--- a/doc/user/packages/container_registry/reduce_container_registry_data_transfer.md
+++ b/doc/user/packages/container_registry/reduce_container_registry_data_transfer.md
@@ -44,7 +44,7 @@ Consider using a smaller base image, such as [Alpine Linux](https://alpinelinux.
 An Alpine image is around 5MB, which is several times smaller than popular base images such as
 [Debian](https://hub.docker.com/_/debian).
 If your application is distributed as a self-contained static binary, such as for Go applications,
-you can also consider using Docker's [scratch](https://hub.docker.com/_/scratch/)
+you can also consider using the Docker [scratch](https://hub.docker.com/_/scratch/)
 base image.
 
 If you need to use a specific base image OS, look for `-slim` or `-minimal` variants, as this helps