Add latest changes from gitlab-org/gitlab@master

8 files changed, 103 insertions, 19 deletions

diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index fc903144a87..681e1937c26 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -3501,6 +3501,7 @@ docker build:
 - If the pipeline is a merge request pipeline, check `Dockerfile` for changes.
 - If `Dockerfile` has changed, add the job to the pipeline as a manual job, and the pipeline
   continues running even if the job is not triggered (`allow_failure: true`).
+- A maximum of 50 patterns or file paths can be defined per `rules:changes` section.
 - If `Dockerfile` has not changed, do not add job to any pipeline (same as `when: never`).
 - [`rules:changes:paths`](#ruleschangespaths) is the same as `rules:changes` without
   any subkeys.
@@ -3613,11 +3614,12 @@ job:
 
 - Glob patterns are interpreted with Ruby [`File.fnmatch`](https://docs.ruby-lang.org/en/2.7.0/File.html#method-c-fnmatch)
   with the flags `File::FNM_PATHNAME | File::FNM_DOTMATCH | File::FNM_EXTGLOB`.
-- For performance reasons, GitLab matches a maximum of 10,000 `exists` patterns or
-  file paths. After the 10,000th check, rules with patterned globs always match.
-  In other words, `exists` always reports `true` if more than 10,000 checks
-  run. Repositories with less than 10,000 files might still be impacted if the `exists`
-  rules are checked more than 10,000 times.
+- For performance reasons, GitLab performs a maximum of 10,000 checks against
+  `exists` patterns or file paths. After the 10,000th check, rules with patterned
+  globs always match. In other words, the `exists` rule always assumes a match in
+  projects with more than 10,000 files, or if there are fewer than 10,000 files but
+  the `exists` rules are checked more than 10,000 times.
+- A maximum of 50 patterns or file paths can be defined per `rules:exists` section.
 - `exists` resolves to `true` if any of the listed files are found (an `OR` operation).
 
 #### `rules:allow_failure`
diff --git a/doc/development/feature_development.md b/doc/development/feature_development.md
index 5547390949d..5828855a725 100644
--- a/doc/development/feature_development.md
+++ b/doc/development/feature_development.md
@@ -80,6 +80,7 @@ Consult these topics for information on contributing to specific GitLab features
 - [Sidekiq guidelines](sidekiq/index.md) for working with Sidekiq workers
 - [Working with Gitaly](gitaly.md)
 - [Advanced search integration docs](advanced_search.md)
+- [Working with merge request diffs](merge_request_concepts/diffs/index.md)
 - [Approval Rules](merge_request_concepts/approval_rules.md)
 - [Repository mirroring](repository_mirroring.md)
 - [Uploads development guide](uploads/index.md)
diff --git a/doc/update/background_migrations.md b/doc/update/background_migrations.md
index 47b786f2894..be6ad43fa8a 100644
--- a/doc/update/background_migrations.md
+++ b/doc/update/background_migrations.md
@@ -203,6 +203,47 @@ To disable it:
 Feature.disable(:optimize_batched_migrations)
 ```
 
+### Parallel execution
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104027)
+>   in GitLab 15.7, [behind a feature flag](../user/feature_flags.md),
+>   [enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/372316).
+> - Enabled on GitLab.com.
+> - Recommended for production use.
+> - For GitLab self-managed instances, GitLab administrators can opt to
+>   [disable it](#enable-or-disable-parallel-execution-for-batched-background-migrations).
+
+There can be [risks when disabling released features](../administration/feature_flags.md#risks-when-disabling-released-features).
+Refer to this feature's version history for more details.
+
+To speed up the execution of batched background migrations, two migrations are executed at the same time.
+
+[GitLab administrators with access to the GitLab Rails console](../administration/feature_flags.md) can change
+the number of batched background migrations executed in parallel:
+
+```ruby
+ApplicationSetting.update_all(database_max_running_batched_background_migrations: 4)
+```
+
+#### Enable or disable parallel execution for batched background migrations
+
+Parallel execution for batched background migrations is under development but ready for production use.
+It is deployed behind a feature flag that is **enabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../administration/feature_flags.md)
+can opt to disable it.
+
+To enable it:
+
+```ruby
+Feature.enable(:batched_migrations_parallel_execution)
+```
+
+To disable it:
+
+```ruby
+Feature.disable(:batched_migrations_parallel_execution)
+```
+
 ## Troubleshooting
 
 ### Enable or disable background migrations
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index d8f12898b08..4eb34a5a4af 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -87,6 +87,19 @@ Due to limited customer usage, Browser Performance Testing is deprecated and wil
 
 </div>
 
+<div class="deprecation " data-milestone="17.0">
+
+### Deprecate legacy shell escaping and quoting runner shell executor
+
+<div class="deprecation-notes">
+- Announced in: GitLab <span class="milestone">15.11</span>
+- End of Support: GitLab <span class="milestone">17.9</span>
+</div>
+
+The runner's legacy escape sequence mechanism to handle variable expansion implements a sub-optimal implementation of Ansi-C quoting. This method means that the runner would expand arguments included in double quotes. As of 15.11, we are deprecating the legacy escaping and quoting methods in the runner shell executor.
+
+</div>
+
 <div class="deprecation breaking-change" data-milestone="17.0">
 
 ### DingTalk OmniAuth provider
@@ -442,6 +455,28 @@ During the transition to the GitLab Observability UI, we will migrate the [GitLa
 </div>
 </div>
 
+<div class="milestone-wrapper" data-milestone="16.1">
+
+## GitLab 16.1
+
+<div class="deprecation " data-milestone="16.1">
+
+### GitLab Runner images based on Alpine 3.12, 3.13, 3.14
+
+<div class="deprecation-notes">
+- Announced in: GitLab <span class="milestone">15.11</span>
+- End of Support: GitLab <span class="milestone">16.1</span>
+</div>
+
+We will stop publishing runner images based on the following, end-of-life Alpine versions:
+
+- Alpine 3.12
+- Alpine 3.13
+- Alpine 3.14 (end-of-life on 2023-05-23)
+
+</div>
+</div>
+
 <div class="milestone-wrapper" data-milestone="16.0">
 
 ## GitLab 16.0
diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md
index 98691625293..0cfeafe1fed 100644
--- a/doc/user/application_security/vulnerabilities/index.md
+++ b/doc/user/application_security/vulnerabilities/index.md
@@ -38,6 +38,19 @@ A vulnerability's status can be:
 - **Resolved**: The vulnerability has been fixed or is no longer present. Resolved vulnerabilities
   that are reintroduced and detected by subsequent scans have a _new_ vulnerability record created.
 
+## Vulnerability dismissal reasons
+
+> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4942) in GitLab 15.11 with a feature flag named `dismissal_reason`.
+> - Enabled on GitLab.com in GitLab 15.11. For self-managed customers, [contact Support](https://about.gitlab.com/support/) if you would like to use this feature in GitLab 15.11.
+
+When dismissing a vulnerability, one of the following reasons must be chosen to clarify why it is being dismissed:
+
+- **Acceptable risk**: The vulnerability is known, and has not been remediated or mitigated, but is considered to be an acceptable business risk.
+- **False positive**: An error in reporting in which a test result incorrectly indicates the presence of a vulnerability in a system when the vulnerability is not present.
+- **Mitigating control**: A management, operational, or technical control (that is, safeguard or countermeasure) employed by an organization that provides equivalent or comparable protection for an information system.
+- **Used in tests**: The finding is not a vulnerability because it is part of a test or is test data.
+- **Not applicable**: The vulnerability is known, and has not been remediated or mitigated, but is considered to be in a part of the application that will not be updated.
+
 ## Change status of a vulnerability
 
 To change a vulnerability's status from its Vulnerability Page:
@@ -46,6 +59,9 @@ To change a vulnerability's status from its Vulnerability Page:
 1. On the left sidebar, select **Security and Compliance > Vulnerability report**.
 1. Select the vulnerability's description.
 1. From the **Status** dropdown list select a status, then select **Change status**.
+
+   In GitLab 15.11 and later, you must select a [dismissal reason](#vulnerability-dismissal-reasons) when you change a vulnerability's status to **Dismissed**.
+
 1. Optionally, at the bottom of the page, add a comment to the log entry.
 
 Details of the status change, including who made the change and when, are recorded in the
diff --git a/doc/user/infrastructure/iac/terraform_state.md b/doc/user/infrastructure/iac/terraform_state.md
index 87404699ad7..7b95a7267af 100644
--- a/doc/user/infrastructure/iac/terraform_state.md
+++ b/doc/user/infrastructure/iac/terraform_state.md
@@ -7,10 +7,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # GitLab-managed Terraform state **(FREE)**
 
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2673) in GitLab 13.0.
-> - Support for state names that contain periods introduced in GitLab 15.7 [with a flag](../../../administration/feature_flags.md) named `allow_dots_on_tf_state_names`. Disabled by default. [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106861) in GitLab 15.7.
-
-FLAG:
-On self-managed GitLab, by default support for state names that contain periods is not available. To make it available, ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `allow_dots_on_tf_state_names`. On GitLab.com, support for state names that contain periods is available. Requests for state files might generate HTTP 404 errors after enabling this feature. For more information, see [Troubleshooting the Terraform integration with GitLab](troubleshooting.md#state-not-found-if-the-state-name-contains-a-period).
+> - Support for state names that contain periods introduced in GitLab 15.7 [with a flag](../../../administration/feature_flags.md) named `allow_dots_on_tf_state_names`. Disabled by default.
+> - Support for state names that contain periods [generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/385597) in GitLab 16.0. Feature flag `allow_dots_on_tf_state_names` removed.
 
 Terraform uses state files to store details about your infrastructure configuration.
 With Terraform remote [backends](https://www.terraform.io/language/settings/backends/configuration),
diff --git a/doc/user/infrastructure/iac/troubleshooting.md b/doc/user/infrastructure/iac/troubleshooting.md
index 624bb5ff276..d770c0111d0 100644
--- a/doc/user/infrastructure/iac/troubleshooting.md
+++ b/doc/user/infrastructure/iac/troubleshooting.md
@@ -160,12 +160,3 @@ If your `TF_HTTP_ADDRESS`, `TF_HTTP_LOCK_ADDRESS` and `TF_HTTP_UNLOCK_ADDRESS` a
 to update the state names there.
 
 Alternatively, you can [migrate your terraform state](terraform_state.md#migrate-to-a-gitlab-managed-terraform-state).
-
-#### Self-managed GitLab instances
-
-By default, support for state names with periods is not enabled on self-managed GitLab.
-You can enable it from the Rails console:
-
-```ruby
-Feature.enable(:allow_dots_on_tf_state_names)
-```
diff --git a/doc/user/packages/package_registry/supported_functionality.md b/doc/user/packages/package_registry/supported_functionality.md
index 0c7813beae0..0f359c70525 100644
--- a/doc/user/packages/package_registry/supported_functionality.md
+++ b/doc/user/packages/package_registry/supported_functionality.md
@@ -35,7 +35,7 @@ Packages can be pulled from your project, group, or instance.
 | Package type                                        | Project | Group | Instance |
 |-----------------------------------------------------|---------|-------|----------|
 | [Maven](../maven_repository/index.md)               | Y       | Y     | Y        |
-| [npm](../npm_registry/index.md)                     | Y       | Y     | Y        |
+| [npm](../npm_registry/index.md)                     | Y       | N     | Y        |
 | [NuGet](../nuget_repository/index.md)               | Y       | Y     | N        |
 | [PyPI](../pypi_repository/index.md)                 | Y       | Y     | N        |
 | [Generic packages](../generic_packages/index.md)    | Y       | N     | N        |