Add latest changes from gitlab-org/gitlab@master

20 files changed, 138 insertions, 48 deletions

diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md
index cc396a6345c..c5a97e469a9 100644
--- a/doc/administration/audit_event_streaming/audit_event_types.md
+++ b/doc/administration/audit_event_streaming/audit_event_types.md
@@ -1,7 +1,7 @@
 ---
 stage: Govern
 group: Compliance
-info: "See the Technical Writers assigned to Development Guidelines: https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments-to-development-guidelines"
+info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments"
 ---
 
 <!---
@@ -56,6 +56,7 @@ Audit event types belong to the following product categories.
 | [`google_cloud_logging_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/122025) | Triggered when Google Cloud Logging configuration is deleted| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) |
 | [`google_cloud_logging_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/122025) | Triggered when Google Cloud Logging configuration is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) |
 | [`instance_amazon_s3_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137651) | Triggered when instance Amazon S3 configuration for audit events streaming is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) |
+| [`instance_amazon_s3_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138310) | Triggered when instance-level Amazon S3 configuration for audit events streaming is updated| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.7](https://gitlab.com/gitlab-org/gitlab/-/issues/423235) |
 | [`instance_google_cloud_logging_configuration_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130663) | Triggered when Instance level Google Cloud Logging configuration is created| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/423038) |
 | [`instance_google_cloud_logging_configuration_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131752) | Triggered when instance level Google Cloud Logging configuration is deleted.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423040) |
 | [`instance_google_cloud_logging_configuration_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131790) | Triggered when instance level Google Cloud Logging configuration is updated.| **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.5](https://gitlab.com/gitlab-org/gitlab/-/issues/423039) |
diff --git a/doc/administration/dedicated/index.md b/doc/administration/dedicated/index.md
index 2baf4a6e9cb..0369bf87369 100644
--- a/doc/administration/dedicated/index.md
+++ b/doc/administration/dedicated/index.md
@@ -319,7 +319,9 @@ GitLab Dedicated limits the number of reverse PrivateLink connections to 10.
 
 ### IP allowlist
 
-GitLab Dedicated allows you to control which IP addresses can access your instance through an IP allowlist.
+GitLab Dedicated allows you to control which IP addresses can access your instance through an IP allowlist. Once the IP allowlist has been enabled, when an IP not on the allowlist tries to access your instance an `HTTP 403 Forbidden` response is returned.
+
+IP addresses that have been added to your IP allowlist can be viewed on the Configuration page in Switchboard. You can add or remove IP addresses from your allowlist with Switchboard or a support request.
 
 #### Add an IP to the allowlist with Switchboard
 
@@ -330,11 +332,11 @@ GitLab Dedicated allows you to control which IP addresses can access your instan
 1. Select **Add Item**.
 1. Enter the IP address and description. To add another IP address, repeat steps 5 and 6.
 1. Select **Save**.
-1. Scroll up to the top of the page and select whether to apply the changes immediately or during the next maintenance window.
+1. Scroll up to the top of the page and select whether to apply the changes immediately or during the next maintenance window. After the changes are applied, the IP addresses are added to the IP allowlist for your instance.
 
 #### Add an IP to the allowlist with a Support Request
 
-Specify a comma separated list of IP addresses that can access your GitLab Dedicated instance in your [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650). After the configuration has been applied, when an IP not on the allowlist tries to access your instance, the connection is refused.
+Specify a comma separated list of IP addresses that can access your GitLab Dedicated instance in your [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650). The IP addresses are then added to the IP allowlist for your instance.
 
 ### SAML
 
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index ad0cf2e9b24..a8dc50834d4 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1,7 +1,7 @@
 ---
 stage: Manage
 group: Import and Integrate
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
 <!---
@@ -1508,6 +1508,30 @@ Input type: `AuditEventsInstanceAmazonS3ConfigurationCreateInput`
 | <a id="mutationauditeventsinstanceamazons3configurationcreateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
 | <a id="mutationauditeventsinstanceamazons3configurationcreateinstanceamazons3configuration"></a>`instanceAmazonS3Configuration` | [`InstanceAmazonS3ConfigurationType`](#instanceamazons3configurationtype) | Created instance Amazon S3 configuration. |
 
+### `Mutation.auditEventsInstanceAmazonS3ConfigurationUpdate`
+
+Input type: `AuditEventsInstanceAmazonS3ConfigurationUpdateInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationauditeventsinstanceamazons3configurationupdateaccesskeyxid"></a>`accessKeyXid` | [`String`](#string) | Access key ID of the Amazon S3 account. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdateawsregion"></a>`awsRegion` | [`String`](#string) | AWS region where the bucket is created. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdatebucketname"></a>`bucketName` | [`String`](#string) | Name of the bucket where the audit events would be logged. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdateid"></a>`id` | [`AuditEventsInstanceAmazonS3ConfigurationID!`](#auditeventsinstanceamazons3configurationid) | ID of the instance-level Amazon S3 configuration to update. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdatename"></a>`name` | [`String`](#string) | Destination name. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdatesecretaccesskey"></a>`secretAccessKey` | [`String`](#string) | Secret access key of the Amazon S3 account. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationauditeventsinstanceamazons3configurationupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationauditeventsinstanceamazons3configurationupdateinstanceamazons3configuration"></a>`instanceAmazonS3Configuration` | [`InstanceAmazonS3ConfigurationType`](#instanceamazons3configurationtype) | Updated instance-level Amazon S3 configuration. |
+
 ### `Mutation.auditEventsStreamingDestinationEventsAdd`
 
 Input type: `AuditEventsStreamingDestinationEventsAddInput`
@@ -31779,6 +31803,12 @@ A `AuditEventsGoogleCloudLoggingConfigurationID` is a global ID. It is encoded a
 
 An example `AuditEventsGoogleCloudLoggingConfigurationID` is: `"gid://gitlab/AuditEvents::GoogleCloudLoggingConfiguration/1"`.
 
+### `AuditEventsInstanceAmazonS3ConfigurationID`
+
+A `AuditEventsInstanceAmazonS3ConfigurationID` is a global ID. It is encoded as a string.
+
+An example `AuditEventsInstanceAmazonS3ConfigurationID` is: `"gid://gitlab/AuditEvents::Instance::AmazonS3Configuration/1"`.
+
 ### `AuditEventsInstanceExternalAuditEventDestinationID`
 
 A `AuditEventsInstanceExternalAuditEventDestinationID` is a global ID. It is encoded as a string.
diff --git a/doc/architecture/blueprints/new_diffs/index.md b/doc/architecture/blueprints/new_diffs/index.md
index cfada28284c..dadbd9a3a61 100644
--- a/doc/architecture/blueprints/new_diffs/index.md
+++ b/doc/architecture/blueprints/new_diffs/index.md
@@ -109,7 +109,7 @@ To measure our success, we need to set meaningful metrics. These metrics should
 1. Meets or exceeds [ATAG 2.0 AA](https://www.w3.org/TR/ATAG20/).
 1. The new Diffs app loads less than or equal to 300 KiB of JavaScript (compressed / "across-the-wire")<sup>1</sup>.
 1. The new Diffs app loads less than or equal to 150 KiB of markup, images, styles, fonts, etc. (compressed / "across-the-wire")<sup>1</sup>.
-1. The new Diffs app can load and execute in total isolation from the rest of the GitLab product:
+1. The new Diffs app can execute in total isolation from the rest of the GitLab product:
     1. "Execute" means the app can load, display data, and allows user interaction ("read-only").
     1. If a part of the application is only used in merge requests or diffs, it is considered part of the Diffs application.
     1. If a part of the application must be brought in from the rest of the product, it is not considered part of the Diffs load (as defined in metrics 3 and 4).
diff --git a/doc/ci/variables/predefined_variables.md b/doc/ci/variables/predefined_variables.md
index f3b1794318c..34a454c2681 100644
--- a/doc/ci/variables/predefined_variables.md
+++ b/doc/ci/variables/predefined_variables.md
@@ -4,11 +4,11 @@ group: Pipeline Security
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Predefined variables reference **(FREE ALL)**
+# Predefined CI/CD variables reference **(FREE ALL)**
 
 Predefined [CI/CD variables](index.md) are available in every GitLab CI/CD pipeline.
 
-Predefined CI/CD variables become available at two different phases of pipeline execution.
+Predefined variables become available at two different phases of pipeline execution.
 Some variables are available when GitLab creates the pipeline, and can be used to configure
 the pipeline or in job scripts. The other variables become available when a runner runs the job,
 and can only be used in job scripts.
diff --git a/doc/development/import_export.md b/doc/development/import_export.md
index 40878837b75..55db6a3ca3b 100644
--- a/doc/development/import_export.md
+++ b/doc/development/import_export.md
@@ -10,6 +10,8 @@ General development guidelines and tips for the [Import/Export feature](../user/
 
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> This document is originally based on the [Import/Export 201 presentation available on YouTube](https://www.youtube.com/watch?v=V3i1OfExotE).
 
+<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For more context you can watch this [Deep dive on Import / Export Development on YouTube](https://www.youtube.com/watch?v=IYD39JMGK78).
+
 ## Security
 
 The Import/Export feature is constantly updated (adding new things to export). However,
diff --git a/doc/development/internal_api/index.md b/doc/development/internal_api/index.md
index 3988727b864..11d22609d46 100644
--- a/doc/development/internal_api/index.md
+++ b/doc/development/internal_api/index.md
@@ -1411,7 +1411,7 @@ Parameters:
 | `group_path` | string | yes    | Full path to the group. |
 | `Operations`   | JSON string  | yes     | An [operations](#available-operations) expression. |
 
-Example request:
+Example request to update the user's `id`:
 
 ```shell
 curl --verbose --request PATCH "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
@@ -1421,6 +1421,16 @@ curl --verbose --request PATCH "https://gitlab.example.com/api/scim/v2/groups/te
 
 Returns an empty response with a `204` status code if successful.
 
+Example request to set the user's `active` state:
+
+```shell
+curl --verbose --request PATCH "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
+     --data '{ "Operations": [{"op":"replace","path":"active","value":"true"}] }' \
+     --header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
+```
+
+Returns an empty response with a `204` status code if successful.
+
 ### Remove a single SCIM provisioned user
 
 Removes the user's SSO identity and group membership.
diff --git a/doc/index.md b/doc/index.md
index 2c90d2f0970..362bbab3607 100644
--- a/doc/index.md
+++ b/doc/index.md
@@ -1,7 +1,7 @@
 ---
 stage: none
 group: unassigned
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 description: 'Learn how to use and administer GitLab, the most scalable Git-based fully integrated platform for software development.'
 ---
 
diff --git a/doc/integration/advanced_search/elasticsearch.md b/doc/integration/advanced_search/elasticsearch.md
index 0a1a3140aa9..d66517a8a83 100644
--- a/doc/integration/advanced_search/elasticsearch.md
+++ b/doc/integration/advanced_search/elasticsearch.md
@@ -657,7 +657,7 @@ The following are some available Rake tasks:
 | [`sudo gitlab-rake gitlab:elastic:index_group_entities`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake)                | Invokes `gitlab:elastic:index_epics` and `gitlab:elastic:index_group_wikis`.
 | [`sudo gitlab-rake gitlab:elastic:index_epics`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake)                         | Indexes all epics from the groups where Elasticsearch is enabled.
 | [`sudo gitlab-rake gitlab:elastic:index_group_wikis`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake)                   | Indexes all wikis from the groups where Elasticsearch is enabled.
-| [`sudo gitlab-rake gitlab:elastic:index_projects_status`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake)            | Determines the overall status of the indexing. It is done by counting the total number of indexed projects, dividing by a count of the total number of projects, then multiplying by 100. |
+| [`sudo gitlab-rake gitlab:elastic:index_projects_status`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake)            | Determines the overall indexing status of all project repository data (code, commits, and wikis). The status is calculated by dividing the number of indexed projects by the total number of projects and multiplying by 100. This task does not include non-repository data such as issues, merge requests, or milestones. |
 | [`sudo gitlab-rake gitlab:elastic:clear_index_status`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake)               | Deletes all instances of IndexStatus for all projects. This command results in a complete wipe of the index, and it should be used with caution.                                                                                              |
 | [`sudo gitlab-rake gitlab:elastic:create_empty_index`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Generates empty indices (the default index and a separate issues index) and assigns an alias for each on the Elasticsearch side only if it doesn't already exist.                                                                                                      |
 | [`sudo gitlab-rake gitlab:elastic:delete_index`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake)       | Removes the GitLab indices and aliases (if they exist) on the Elasticsearch instance.                                                                                                                                   |
diff --git a/doc/topics/cron/index.md b/doc/topics/cron/index.md
index ca1bc7f40f2..ac14cd6ce00 100644
--- a/doc/topics/cron/index.md
+++ b/doc/topics/cron/index.md
@@ -38,7 +38,7 @@ are valid:
 - Run once a day at midnight: `0 0 * * *`
 - Run once a week at midnight on Sunday morning: `0 0 * * 0`
 - Run once a month at midnight of the first day of the month: `0 0 1 * *`
-- Run once a month on the 22nd: `0 0 22 * *`)
+- Run once a month on the 22nd: `0 0 22 * *`
 - Run once a month on the 2nd Monday: `0 0 * * 1#2`
 - Run once a year at midnight of 1 January: `0 0 1 1 *`
 - Run every other Sunday at 0900 hours: `0 9 * * sun%2`
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 99e01289c14..aa6c89da5b9 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -1,7 +1,7 @@
 ---
 stage: none
 group: none
-info: "See the Technical Writers assigned to Development Guidelines: https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments-to-development-guidelines"
+info: "See the Technical Writers assigned to Development Guidelines: https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments-to-development-guidelines"
 toc: false
 ---
 
diff --git a/doc/update/versions/gitlab_16_changes.md b/doc/update/versions/gitlab_16_changes.md
index 14d028818f3..d06c17ac6dc 100644
--- a/doc/update/versions/gitlab_16_changes.md
+++ b/doc/update/versions/gitlab_16_changes.md
@@ -31,6 +31,10 @@ For more information about upgrading GitLab Helm Chart, see [the release notes f
   - [Praefect configuration structure change](#praefect-configuration-structure-change).
   - [Gitaly configuration structure change](#gitaly-configuration-structure-change).
 
+## 16.6.0
+
+- Old [CI Environment destroy jobs may be spawned](https://gitlab.com/gitlab-org/gitlab/-/issues/433264#) after upgrading to GitLab 16.6.
+
 ## 16.5.0
 
 - Git 2.42.0 and later is required by Gitaly. For self-compiled installations, you should use the [Git version provided by Gitaly](../../install/installation.md#git).
diff --git a/doc/user/enterprise_user/index.md b/doc/user/enterprise_user/index.md
index 72b5ddb49ac..d41df0f1b15 100644
--- a/doc/user/enterprise_user/index.md
+++ b/doc/user/enterprise_user/index.md
@@ -192,14 +192,14 @@ To disable 2FA:
 1. Find a user with the **Enterprise** and **2FA** badges.
 1. Select **More actions** (**{ellipsis_v}**) and select **Disable two-factor authentication**.
 
-### Prevent users from creating groups and projects outside the corporate group
+### Prevent enterprise users from creating groups and projects outside the corporate group
 
 A SAML identity administrator can configure the SAML response to set:
 
-- Whether users can create groups.
-- The maximum number of personal projects users can create.
+- Whether enterprise users can create groups.
+- The maximum number of personal projects enterprise users can create.
 
-For more information, see the [supported user attributes for SAML responses](../group/saml_sso/index.md#supported-user-attributes).
+For more information, see how to [configure enterprise user settings from the SAML response](../group/saml_sso/index.md#configure-enterprise-user-settings-from-saml-response).
 
 ### Bypass email confirmation for provisioned users
 
diff --git a/doc/user/group/index.md b/doc/user/group/index.md
index 82a254c090a..2720bae8332 100644
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -32,7 +32,7 @@ A single top-level group provides insights in your entire organization via a com
 
 ## Group visibility
 
-Like projects, a group can be configured to limit the visibility of it to:
+Like projects, a group can be configured to be visible to:
 
 - Anonymous users.
 - All authenticated users.
@@ -42,7 +42,7 @@ The restriction for [visibility levels](../../administration/settings/visibility
 on the application setting level also applies to groups. If set to internal, the explore page is
 empty for anonymous users. The group page has a visibility level icon.
 
-Administrator users cannot create a subgroup or project with a higher visibility level than that of
+Users cannot create a subgroup or project with a higher visibility level than that of
 the immediate parent group.
 
 ## View groups
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index c6131415c59..89205b0f158 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -351,25 +351,22 @@ breaks the configuration and could lock users out of the GitLab group.
 For more information on the recommended value and format for specific identity
 providers, see [set up your identity provider](#set-up-your-identity-provider).
 
-### Configure user settings from SAML response
+### Configure enterprise user settings from SAML response
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/263661) in GitLab 13.7.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/263661) in GitLab 13.7.
+> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/412898) to configure only enterprise user settings in GitLab 16.7.
 
 GitLab allows setting certain user attributes based on values from the SAML response.
 An existing user's attributes are updated from the SAML response values if that
-user was originally provisioned by the group. Users are provisioned by the group
-when the account was created either:
-
-- Through [SCIM](scim_setup.md).
-- By first sign-in with SAML SSO for GitLab.com groups.
+user is an [enterprise user](../../enterprise_user/index.md) of the group.
 
 #### Supported user attributes
 
-- **can_create_group** - `true` or `false` to indicate whether the user can create
+- **can_create_group** - `true` or `false` to indicate whether an enterprise user can create
   new top-level groups. Default is `true`.
-- **projects_limit** - The total number of personal projects a user can create.
+- **projects_limit** - The total number of personal projects an enterprise user can create.
   A value of `0` means the user cannot create new projects in their personal
-  namespace. Default is `10000`.
+  namespace. Default is `100000`.
 
 #### Example SAML response
 
diff --git a/doc/user/project/merge_requests/approvals/rules.md b/doc/user/project/merge_requests/approvals/rules.md
index 6e8fe055880..214455c8376 100644
--- a/doc/user/project/merge_requests/approvals/rules.md
+++ b/doc/user/project/merge_requests/approvals/rules.md
@@ -114,16 +114,23 @@ more of these:
 
 - The project.
 - The project's immediate parent [group](#group-approvers).
-- A group that has access to the project via a [share](../../members/share_project_with_groups.md).
+- A group that has been [shared](../../members/share_project_with_groups.md) with the project.
 - A [group added as approvers](#group-approvers).
 
-The following users can approve merge requests if they have Developer or
-higher [permissions](../../../permissions.md):
+The following users can approve merge requests if they have at least the Developer role:
 
 - Users added as approvers at the project or merge request level.
 - Users who are [Code owners](#code-owners-as-eligible-approvers) of the files
   changed in the merge request.
 
+Users with the Reporter role can approve only if both of the following are true:
+
+- The users are part of a group that has been [shared](../../members/share_project_with_groups.md) with the project.
+  The group must have at least the Reporter role.
+- The group has been added as merge request approvers.
+
+For detailed instructions, see [Merge request approval segregation of duties](#merge-request-approval-segregation-of-duties).
+
 To show who has participated in the merge request review, the Approvals widget in
 a merge request displays a **Commented by** column. This column lists eligible approvers
 who commented on the merge request. It helps authors and reviewers identify who to
@@ -183,21 +190,24 @@ for protected branches.
 
 ## Merge request approval segregation of duties
 
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40491) in GitLab 13.4.
-> - Moved to GitLab Premium in 13.9.
-
 You may have to grant users with the Reporter role
 permission to approve merge requests before they can merge to a protected branch.
 Some users (like managers) may not need permission to push or merge code, but still need
-oversight on proposed work. To enable approval permissions for these users without
-granting them push access:
+oversight on proposed work.
+
+Prerequisites:
+
+- You must select a specific branch, as this method does **not** work with `All Branches` or `All protected branches` settings.
+- The shared group must be added to an approval rule and not individual users, even when the added user is part of the group.
+
+To enable approval permissions for these users without granting them push access:
 
 1. [Create a protected branch](../../protected_branches.md)
 1. [Create a new group](../../../group/index.md#create-a-group).
 1. [Add the user to the group](../../../group/index.md#add-users-to-a-group),
    and select the Reporter role for the user.
 1. [Share the project with your group](../../members/share_project_with_groups.md#share-a-project-with-a-group),
-   based on the Reporter role.
+   with at least the Reporter role.
 1. Go to your project and select **Settings > Merge requests**.
 1. In the **Merge request approvals** section, scroll to **Approval rules**, and either:
    - For a new rule, select **Add approval rule** and target the protected branch.
diff --git a/doc/user/project/repository/forking_workflow.md b/doc/user/project/repository/forking_workflow.md
index d18322f3477..f70bbbb99ee 100644
--- a/doc/user/project/repository/forking_workflow.md
+++ b/doc/user/project/repository/forking_workflow.md
@@ -82,7 +82,7 @@ To update your fork from the GitLab UI:
    information box to determine if your fork is ahead, behind, or both. In this example,
    the fork is behind the upstream repository:
 
-   ![Information box for a fork 23552 commits behind the upstream repository](img/update-fork_v15_11.png)
+   ![Information box for a fork some commits behind the upstream repository](img/update-fork_v16_6.png)
 
 1. If your fork is **ahead** of the upstream repository, select
    **Create merge request** to propose adding your fork's changes to the upstream repository.
diff --git a/doc/user/project/repository/img/update-fork_v15_11.png b/doc/user/project/repository/img/update-fork_v15_11.png
deleted file mode 100644
index 244868d80ae..00000000000
--- a/doc/user/project/repository/img/update-fork_v15_11.png
+++ /dev/null
diff --git a/doc/user/project/repository/img/update-fork_v16_6.png b/doc/user/project/repository/img/update-fork_v16_6.png
new file mode 100644
index 00000000000..59901db6a49
--- /dev/null
+++ b/doc/user/project/repository/img/update-fork_v16_6.png
diff --git a/doc/user/tasks.md b/doc/user/tasks.md
index 41f2204491e..91620d3a557 100644
--- a/doc/user/tasks.md
+++ b/doc/user/tasks.md
@@ -53,6 +53,8 @@ Prerequisites:
 
 To create a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select **Add**.
 1. Select **New task**.
 1. Enter the task title.
@@ -66,9 +68,9 @@ Prerequisites:
 
 - You must have at least the Reporter role for the project.
 
-In an issue description with task list items:
-
-1. Hover over a task list item and select the options menu (**{ellipsis_v}**).
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
+1. In the issue description, hover over a task list item and select the options menu (**{ellipsis_v}**).
 1. Select **Convert to task**.
 
 The task list item is removed from the issue description and a task is created in the tasks widget from its contents.
@@ -84,6 +86,8 @@ Prerequisites:
 
 To add a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select **Add**.
 1. Select **Existing task**.
 1. Search tasks by title.
@@ -98,6 +102,8 @@ Prerequisites:
 
 To edit a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the task you want to edit.
    The task window opens.
 1. Optional. To edit the title, select it and make your changes.
@@ -124,7 +130,9 @@ Prerequisites:
 
 To edit the description of a task:
 
-1. In the **Tasks** section, select the title of the task you want to edit.
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
+1. In the issue description, in the **Tasks** section, select the title of the task you want to edit.
    The task window opens.
 1. Next to **Description**, select the edit icon (**{pencil}**). The description text box appears.
 1. Above the text box, select **Rich text**.
@@ -151,7 +159,10 @@ It's not possible to connect them again.
 
 To remove a task from an issue:
 
-1. In the issue description, in the **Tasks** section, next to the task you want to remove, select the options menu (**{ellipsis_v}**).
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
+1. In the issue description, in the **Tasks** section, select the options menu (**{ellipsis_v}**)
+   next to the task you want to remove.
 1. Select **Remove task**.
 
 ## Delete a task
@@ -164,6 +175,8 @@ Prerequisites:
 
 To delete a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the task you want to edit.
 1. In the task window, in the options menu (**{ellipsis_v}**), select **Delete task**.
 1. Select **OK**.
@@ -195,6 +208,8 @@ Prerequisites:
 
 To change the assignee on a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the title of the task you want to edit.
    The task window opens.
 1. Next to **Assignees**, select **Add assignees**.
@@ -211,6 +226,8 @@ Prerequisites:
 
 To add [labels](project/labels.md) to a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the title of the task you want to edit. The task window opens.
 1. Next to **Labels**, select **Add labels**.
 1. From the dropdown list, select the labels to add.
@@ -231,6 +248,8 @@ You can set start and due dates on a task to show when work should begin and end
 
 To set a due date:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the title of the task you want to edit.
    The task window opens.
 1. If the task already has a due date next to **Due date**, select it. Otherwise, select **Add due date**.
@@ -263,6 +282,8 @@ Prerequisites:
 
 To add a task to a milestone:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the title of the task you want to edit.
    The task window opens.
 1. Next to **Milestone**, select **Add to milestone**.
@@ -283,6 +304,8 @@ This value is visible only when you view a task.
 
 To set issue weight of a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the title of the task you want to edit.
    The task window opens.
 1. Next to **Weight**, select **Edit**.
@@ -308,6 +331,8 @@ Prerequisites:
 
 To add a task to an iteration:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the title of the task you want to edit.
    The task window opens.
 1. Next to **Iteration**, select **Add to iteration**.
@@ -339,7 +364,8 @@ To refer to a task elsewhere in GitLab, you can use its full URL or a short refe
 To copy the task reference to your clipboard:
 
 1. On the left sidebar, select **Search or go to** and find your project.
-1. Select **Plan > Issues**, then select your task to view it.
+1. Select **Plan > Issues**, then select your issue to view it.
+1. In the issue description, in the **Tasks** section, select your task.
 1. In the top right corner, select the vertical ellipsis (**{ellipsis_v}**), then select **Copy Reference**.
 
 You can now paste the reference into another description or comment.
@@ -373,6 +399,8 @@ Prerequisites:
 
 To set an issue as a parent of a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
 1. In the issue description, in the **Tasks** section, select the title of the task you want to edit.
    The task window opens.
 1. Next to **Parent**, from the dropdown list, select the parent to add.
@@ -487,8 +515,11 @@ Prerequisites:
 
 To link an item to a task:
 
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
+1. In the issue description, in the **Tasks** section, select your task.
 1. In the **Linked items** section of a task,
-   select the **Add** button.
+   select **Add**.
 1. Select the relationship between the two items. Either:
    - **relates to**
    - **blocks**
@@ -507,7 +538,10 @@ Prerequisites:
 
 - You must have at least the Guest role for the project.
 
-In the **Linked items** section of a task,
-next to each item, select the vertical ellipsis (**{ellipsis_v}**) and then select **Remove**.
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Issues**, then select your issue to view it.
+1. In the issue description, in the **Tasks** section, select your task.
+1. In the **Linked items** section of a task, next to each item, select the vertical
+   ellipsis (**{ellipsis_v}**) and then select **Remove**.
 
 Due to the bi-directional relationship, the relationship no longer appears in either item.