Add latest changes from gitlab-org/gitlab@master

19 files changed, 63 insertions, 16 deletions

diff --git a/doc/administration/troubleshooting/img/GoogleWorkspace-basic-SAML_v14_10.png b/doc/administration/troubleshooting/img/GoogleWorkspace-basic-SAML_v14_10.png
index bc11e18fb6f..e002503ddc0 100644
--- a/doc/administration/troubleshooting/img/GoogleWorkspace-basic-SAML_v14_10.png
+++ b/doc/administration/troubleshooting/img/GoogleWorkspace-basic-SAML_v14_10.png
diff --git a/doc/administration/troubleshooting/img/GoogleWorkspace-claims_v14_10.png b/doc/administration/troubleshooting/img/GoogleWorkspace-claims_v14_10.png
index 78bb1725e9c..2b827e122a8 100644
--- a/doc/administration/troubleshooting/img/GoogleWorkspace-claims_v14_10.png
+++ b/doc/administration/troubleshooting/img/GoogleWorkspace-claims_v14_10.png
diff --git a/doc/administration/troubleshooting/img/GoogleWorkspace-linkscert_v14_10.png b/doc/administration/troubleshooting/img/GoogleWorkspace-linkscert_v14_10.png
index e665e23058c..8d6c5010670 100644
--- a/doc/administration/troubleshooting/img/GoogleWorkspace-linkscert_v14_10.png
+++ b/doc/administration/troubleshooting/img/GoogleWorkspace-linkscert_v14_10.png
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 164d678406d..4bfe4cac616 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -9410,7 +9410,7 @@ Represents the total number of issues and their weights for a particular day.
 | <a id="cirunnercreatedat"></a>`createdAt` | [`Time`](#time) | Timestamp of creation of this runner. |
 | <a id="cirunnerdescription"></a>`description` | [`String`](#string) | Description of the runner. |
 | <a id="cirunnereditadminurl"></a>`editAdminUrl` | [`String`](#string) | Admin form URL of the runner. Only available for administrators. |
-| <a id="cirunnerexecutorname"></a>`executorName` | [`String`](#string) | Executor last advertised by the runner. Available only when feature flag `graphql_ci_runner_executor` is enabled. This flag is disabled by default, because the feature is experimental and is subject to change without notice. |
+| <a id="cirunnerexecutorname"></a>`executorName` | [`String`](#string) | Executor last advertised by the runner. |
 | <a id="cirunnergroups"></a>`groups` | [`GroupConnection`](#groupconnection) | Groups the runner is associated with. For group runners only. (see [Connections](#connections)) |
 | <a id="cirunnerid"></a>`id` | [`CiRunnerID!`](#cirunnerid) | ID of the runner. |
 | <a id="cirunneripaddress"></a>`ipAddress` | [`String`](#string) | IP address of the runner. |
diff --git a/doc/ci/pipelines/merge_trains.md b/doc/ci/pipelines/merge_trains.md
index 12ea3a70536..70045971ed6 100644
--- a/doc/ci/pipelines/merge_trains.md
+++ b/doc/ci/pipelines/merge_trains.md
@@ -73,6 +73,9 @@ To enable merge trains:
 - Your repository must be a GitLab repository, not an
   [external repository](../ci_cd_for_external_repos/index.md).
 
+Merge trains do not work with [Semi-linear history merge requests](../../user/project/merge_requests/reviews/index.md)
+or [fast-forward merge requests](../../user/project/merge_requests/fast_forward_merge.md).
+
 ## Enable merge trains
 
 To enable merge trains for your project:
@@ -84,7 +87,6 @@ To enable merge trains for your project:
 1. On the left sidebar, select **Settings > General**.
 1. Expand **Merge requests**.
 1. In the **Merge method** section, verify that **Merge commit** is selected.
-   You cannot use **Merge commit with semi-linear history** or **Fast-forward merge** with merge trains.
 1. In the **Merge options** section, select **Enable merged results pipelines** (if not already selected) and **Enable merge trains**.
 1. Select **Save changes**.
 
diff --git a/doc/development/feature_flags/controls.md b/doc/development/feature_flags/controls.md
index f8f03773c12..68c14c1b0c9 100644
--- a/doc/development/feature_flags/controls.md
+++ b/doc/development/feature_flags/controls.md
@@ -262,7 +262,7 @@ To disable a feature flag that has been globally enabled you can run:
 To disable a feature flag that has been enabled for a specific project you can run:
 
 ```shell
-/chatops run feature set --group=gitlab-org some_feature false
+/chatops run feature set --project=gitlab-org/gitlab some_feature false
 ```
 
 You cannot selectively disable feature flags for a specific project/group/user without applying a [specific method of implementing](index.md#selectively-disable-by-actor) the feature flags.
diff --git a/doc/development/new_fe_guide/development/performance.md b/doc/development/new_fe_guide/development/performance.md
index f34c407da84..ee853942cb9 100644
--- a/doc/development/new_fe_guide/development/performance.md
+++ b/doc/development/new_fe_guide/development/performance.md
@@ -8,15 +8,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 ## Monitoring
 
-We have a performance dashboard available in one of our [Grafana instances](https://dashboards.gitlab.net/d/1EBTz3Dmz/sitespeed-page-summary?orgId=1). This dashboard automatically aggregates metric data from [sitespeed.io](https://www.sitespeed.io/) every 6 hours. These changes are displayed after a set number of pages are aggregated.
+We have a performance dashboard available in one of our [Grafana instances](https://dashboards.gitlab.net/d/000000043/sitespeed-page-summary?orgId=1). This dashboard automatically aggregates metric data from [sitespeed.io](https://www.sitespeed.io/) every 4 hours. These changes are displayed after a set number of pages are aggregated.
 
-These pages can be found inside a text file in the [`gitlab-build-images` repository](https://gitlab.com/gitlab-org/gitlab-build-images) called [`gitlab.txt`](https://gitlab.com/gitlab-org/gitlab-build-images/blob/master/scripts/gitlab.txt)
-Any frontend engineer can contribute to this dashboard. They can contribute by adding or removing URLs of pages from this text file. Please have a [frontend monitoring expert](https://about.gitlab.com/company/team/) review your changes before assigning to a maintainer of the `gitlab-build-images` project. The changes are pushed live on the next scheduled run after the changes are merged into `main`.
+These pages can be found inside text files in the [`sitespeed-measurement-setup` repository](https://gitlab.com/gitlab-org/frontend/sitespeed-measurement-setup) called [`gitlab`](https://gitlab.com/gitlab-org/frontend/sitespeed-measurement-setup/-/tree/master/gitlab)
+Any frontend engineer can contribute to this dashboard. They can contribute by adding or removing URLs of pages to the text files. The changes are pushed live on the next scheduled run after the changes are merged into `main`.
 
-There are 3 recommended high impact metrics to review on each page:
+There are 3 recommended high impact metrics (core web vitals) to review on each page:
 
-- [First visual change](https://web.dev/first-meaningful-paint/)
-- [Speed Index](https://github.com/WPO-Foundation/webpagetest-docs/blob/master/user/Metrics/SpeedIndex.md)
-- [Visual Complete 95%](https://github.com/WPO-Foundation/webpagetest-docs/blob/master/user/Metrics/SpeedIndex.md)
+- [Largest Contentful Paint](https://web.dev/lcp/)
+- [First Input Delay](https://web.dev/fid/)
+- [Cumulative Layout Shift](https://web.dev/cls/)
 
 For these metrics, lower numbers are better as it means that the website is more performant.
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md
index 2b70ee395a2..17f0a65ddc1 100644
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -461,7 +461,9 @@ References:
 
 ### Description
 
-Path Traversal vulnerabilities grant attackers access to arbitrary directories and files on the server that is executing an application, including data, code or credentials.
+Path Traversal vulnerabilities grant attackers access to arbitrary directories and files on the server that is executing an application. This data can include data, code or credentials.
+
+Traversal can occur when a path includes directories. A typical malicious example includes one or more `../`, which tells the file system to look in the parent directory. Supplying many of them in a path, for example `../../../../../../../etc/passwd`, usually resolves to `/etc/passwd`. If the file system is instructed to look back to the root directory and can't go back any further, then extra `../` are ignored. The file system then looks from the root, resulting in `/etc/passwd` - a file you definitely do not want exposed to a malicious attacker!
 
 ### Impact
 
@@ -510,6 +512,44 @@ requires :file_path, type: String, file_path: true
 Absolute paths are not allowed by default. If allowing an absolute path is required, you
 need to provide an array of paths to the parameter `allowlist`.
 
+### Misleading behavior
+
+Some methods used to construct file paths can have non-intuitive behavior. To properly validate user input, be aware
+of these behaviors.
+
+#### Ruby
+
+The Ruby method [`Pathname.join`](https://ruby-doc.org/stdlib-2.7.4/libdoc/pathname/rdoc/Pathname.html#method-i-join)
+joins path names. Using methods in a specific way can result in a path name typically prohibited in
+normal use. In the examples below, we see attempts to access `/etc/passwd`, which is a sensitive file:
+
+```ruby
+require 'pathname'
+
+p = Pathname.new('tmp')
+print(p.join('log', 'etc/passwd', 'foo'))
+# => tmp/log/etc/passwd/foo
+```
+
+Assuming the second parameter is user-supplied and not validated, submitting a new absolute path
+results in a different path:
+
+```ruby
+print(p.join('log', '/etc/passwd', ''))
+# renders the path to "/etc/passwd", which is not what we expect!
+```
+
+#### Golang
+
+Golang has similar behavior with [`path.Clean`](https://pkg.go.dev/path#example-Clean). Remember that with many file systems, using `../../../../` traverses up to the root directory. Any remaining `../` are ignored. This example may give an attacker access to `/etc/passwd`:
+
+```golang
+path.Clean("/../../etc/passwd")
+// renders the path to "etc/passwd"; the file path is relative to whatever the current directory is
+path.Clean("../../etc/passwd")
+// renders the path to "../../etc/passwd"; the file path will look back up to two parent directories!
+```
+
 ## OS command injection guidelines
 
 Command injection is an issue in which an attacker is able to execute arbitrary commands on the host
diff --git a/doc/development/testing_guide/img/k9s.png b/doc/development/testing_guide/img/k9s.png
deleted file mode 100644
index 34585b2a43a..00000000000
--- a/doc/development/testing_guide/img/k9s.png
+++ /dev/null
diff --git a/doc/install/aws/gitlab_hybrid_on_aws.md b/doc/install/aws/gitlab_hybrid_on_aws.md
index 2c40efd5909..8ecc4784aed 100644
--- a/doc/install/aws/gitlab_hybrid_on_aws.md
+++ b/doc/install/aws/gitlab_hybrid_on_aws.md
@@ -35,8 +35,8 @@ Amazon provides a managed Kubernetes service offering known as [Amazon Elastic K
 The [AWS Quick Start for GitLab Cloud Native Hybrid on EKS](https://aws-quickstart.github.io/quickstart-eks-gitlab/) is developed by AWS, GitLab, and the community that contributes to AWS Quick Starts, whether directly to the GitLab Quick Start or to the underlying Quick Start dependencies GitLab inherits (for example, EKS Quick Start).
 
 NOTE:
-This automation is in **Developer Preview**. GitLab is working with AWS on resolving [the outstanding issues](https://github.com/aws-quickstart/quickstart-eks-gitlab/issues?q=is%3Aissue+is%3Aopen+%5BHL%5D) before it is fully released. You can subscribe to this issue to be notified of progress and release announcements: [AWS Quick Start for GitLab Cloud Native Hybrid on EKS Status: DEVELOPER PREVIEW](https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues/11).<br><br>
-The developer preview deploys Aurora PostgreSQL, but the release version will deploy Amazon RDS PostgreSQL due to [known issues](https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues?label_name%5B%5D=AWS+Known+Issue) with Aurora. All performance testing results will also be redone after this change has been made.
+This automation is in **Beta**. GitLab is working with AWS on resolving [the outstanding issues](https://github.com/aws-quickstart/quickstart-eks-gitlab/issues?q=is%3Aissue+is%3Aopen+%5BHL%5D) before it is fully released. You can subscribe to this issue to be notified of progress and release announcements: [AWS Quick Start for GitLab Cloud Native Hybrid on EKS Status: Beta](https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues/11).<br><br>
+The Beta version deploys Aurora PostgreSQL, but the release version will deploy Amazon RDS PostgreSQL due to [known issues](https://gitlab.com/gitlab-com/alliances/aws/public-tracker/-/issues?label_name%5B%5D=AWS+Known+Issue) with Aurora. All performance testing results will also be redone after this change has been made.
 
 The [GitLab Environment Toolkit (GET)](https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/tree/main) is an effort made by GitLab to create a multi-cloud, multi-GitLab (Omnibus + Cloud Native Hybrid) toolkit to provision GitLab. GET is developed by GitLab developers and is open to community contributions.
 It is helpful to review the [GitLab Environment Toolkit (GET) Issues](https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/issues) to understand if any of them may affect your provisioning plans.
diff --git a/doc/integration/img/limit_namespaces_projects_options.png b/doc/integration/img/limit_namespaces_projects_options.png
index 0f89270dfc5..a3cf9933b7e 100644
--- a/doc/integration/img/limit_namespaces_projects_options.png
+++ b/doc/integration/img/limit_namespaces_projects_options.png
diff --git a/doc/subscriptions/img/support_diagram_c.png b/doc/subscriptions/img/support_diagram_c.png
index a2fed80e912..e98baed8605 100644
--- a/doc/subscriptions/img/support_diagram_c.png
+++ b/doc/subscriptions/img/support_diagram_c.png
diff --git a/doc/tutorials/img/branches_dropdown_v14_10.png b/doc/tutorials/img/branches_dropdown_v14_10.png
index 73d94f9823a..926baff0ff8 100644
--- a/doc/tutorials/img/branches_dropdown_v14_10.png
+++ b/doc/tutorials/img/branches_dropdown_v14_10.png
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index ee57803dfc7..c845e4982ac 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -1156,6 +1156,7 @@ A site profile contains the following:
   - **Password**: The password used to authenticate to the website.
   - **Username form field**: The name of username field at the sign-in HTML form.
   - **Password form field**: The name of password field at the sign-in HTML form.
+  - **Submit form field**: The `id` or `name` of the element that when clicked submits the sign-in HTML form.
 
 When an API site type is selected, a [host override](#host-override) is used to ensure the API being scanned is on the same host as the target. This is done to reduce the risk of running an active scan against the wrong API.
 
diff --git a/doc/user/group/value_stream_analytics/img/vsa_aggregated_data_toggle_v14_9.png b/doc/user/group/value_stream_analytics/img/vsa_aggregated_data_toggle_v14_9.png
index 5ad8026b8fd..9a25a365229 100644
--- a/doc/user/group/value_stream_analytics/img/vsa_aggregated_data_toggle_v14_9.png
+++ b/doc/user/group/value_stream_analytics/img/vsa_aggregated_data_toggle_v14_9.png
diff --git a/doc/user/project/import/img/gitlab_import_history_page_v14_10.png b/doc/user/project/import/img/gitlab_import_history_page_v14_10.png
index c93b5ed2b27..812696a8faa 100644
--- a/doc/user/project/import/img/gitlab_import_history_page_v14_10.png
+++ b/doc/user/project/import/img/gitlab_import_history_page_v14_10.png
diff --git a/doc/user/project/issues/img/design_management_v14_10.png b/doc/user/project/issues/img/design_management_v14_10.png
index a10be15eafd..133c0a52d6b 100644
--- a/doc/user/project/issues/img/design_management_v14_10.png
+++ b/doc/user/project/issues/img/design_management_v14_10.png
diff --git a/doc/user/project/merge_requests/approvals/img/security_approvals_v15_0.png b/doc/user/project/merge_requests/approvals/img/security_approvals_v15_0.png
index afc9b27a226..b28d216f180 100644
--- a/doc/user/project/merge_requests/approvals/img/security_approvals_v15_0.png
+++ b/doc/user/project/merge_requests/approvals/img/security_approvals_v15_0.png
diff --git a/doc/user/project/repository/jupyter_notebooks/index.md b/doc/user/project/repository/jupyter_notebooks/index.md
index 39b57f89ceb..d013d2802bf 100644
--- a/doc/user/project/repository/jupyter_notebooks/index.md
+++ b/doc/user/project/repository/jupyter_notebooks/index.md
@@ -23,21 +23,25 @@ it's rendered into HTML when you view it:
 Interactive features, including JavaScript plots, don't work when viewed in
 GitLab.
 
-## Cleaner diffs
+## Cleaner diffs and raw diffs
 
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/6589) in GitLab 14.5 as an [Alpha](../../../../policy/alpha-beta-support.md#alpha-features) release [with a flag](../../../../administration/feature_flags.md) named `jupyter_clean_diffs`. Enabled by default.
 > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/75500) in GitLab 14.9. Feature flag `jupyter_clean_diffs` removed.
 > - [Reintroduced toggle](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85079) in GitLab 15.0 [with a flag](../../../../administration/feature_flags.md) named `ipynb_semantic_diff`. Enabled by default.
+> - Selecting between raw and cleaner diffs [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85203) in GitLab 15.0 [with a flag](../../../../administration/feature_flags.md) named `rendered_diffs_viewer`. Enabled by default.
 
 FLAG:
-On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../../../../administration/feature_flags.md) named `ipynb_semantic_diff`.
+On self-managed GitLab, by default semantic diffs are available. To hide the feature, ask an administrator to [disable the feature flag](../../../../administration/feature_flags.md) named `ipynb_semantic_diff`.
 On GitLab.com, this feature is available.
-This feature is ready for production use.
+
+FLAG:
+On self-managed GitLab, by default the ability to switch between raw and rendered diffs is available. To hide the feature, ask an administrator to [disable the feature flag](../../../../administration/feature_flags.md)named `rendered_diffs_viewer`. On GitLab.com, this feature is available.
 
 When commits include changes to Jupyter Notebook files, GitLab:
 
 - Transforms the machine-readable `.ipynb` file into a human-readable Markdown file.
 - Displays a cleaner version of the diff that includes syntax highlighting.
+- Enables switching between raw and rendered diffs on the Commit and Compare pages. (Not available on merge request pages.)
 
 Code suggestions are not available on diffs and merge requests for `.ipynb` files.