Add latest changes from gitlab-org/gitlab@master

12 files changed, 157 insertions, 42 deletions

diff --git a/doc/administration/settings/continuous_integration.md b/doc/administration/settings/continuous_integration.md
index 841b6e644eb..0e2a512302d 100644
--- a/doc/administration/settings/continuous_integration.md
+++ b/doc/administration/settings/continuous_integration.md
@@ -266,6 +266,22 @@ To enable or disable the banner:
 1. Select or clear the **Enable pipeline suggestion banner** checkbox.
 1. Select **Save changes**.
 
+## Enable or disable the external redirect page for job artifacts
+
+By default, GitLab Pages shows an external redirect page when a user tries to view
+a job artifact served by GitLab Pages. This page warns about the potential for
+malicious user-generated content, as described in
+[issue 352611](https://gitlab.com/gitlab-org/gitlab/-/issues/352611).
+
+Self-managed administrators can disable the external redirect warning page,
+so you can view job artifact pages directly:
+
+1. On the left sidebar, select **Search or go to**.
+1. Select **Admin Area**.
+1. Select **Settings > CI/CD**.
+1. Expand **Continuous Integration and Deployment**.
+1. Deselect **Enable the external redirect page for job artifacts**.
+
 ## Required pipeline configuration **(ULTIMATE SELF)**
 
 > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/352316) from GitLab Premium to GitLab Ultimate in 15.0.
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 9ef51601468..6c22ffa5f22 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -7666,7 +7666,7 @@ Input type: `ValueStreamCreateInput`
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="mutationvaluestreamcreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationvaluestreamcreatename"></a>`name` | [`String!`](#string) | Value stream description. |
+| <a id="mutationvaluestreamcreatename"></a>`name` | [`String!`](#string) | Value stream name. |
 | <a id="mutationvaluestreamcreatenamespacepath"></a>`namespacePath` | [`ID!`](#id) | Full path of the namespace(project or group) the value stream is created in. |
 
 #### Fields
@@ -7702,6 +7702,32 @@ Input type: `ValueStreamDestroyInput`
 | <a id="mutationvaluestreamdestroyerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
 | <a id="mutationvaluestreamdestroyvaluestream"></a>`valueStream` | [`ValueStream`](#valuestream) | Value stream deleted after mutation. |
 
+### `Mutation.valueStreamUpdate`
+
+Updates a value stream.
+
+WARNING:
+**Introduced** in 16.6.
+This feature is an Experiment. It can be changed or removed at any time.
+
+Input type: `ValueStreamUpdateInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationvaluestreamupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationvaluestreamupdateid"></a>`id` | [`AnalyticsCycleAnalyticsValueStreamID!`](#analyticscycleanalyticsvaluestreamid) | Global ID of the value stream to update. |
+| <a id="mutationvaluestreamupdatename"></a>`name` | [`String!`](#string) | Value stream name. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationvaluestreamupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationvaluestreamupdateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationvaluestreamupdatevaluestream"></a>`valueStream` | [`ValueStream`](#valuestream) | Updated value stream. |
+
 ### `Mutation.vulnerabilitiesDismiss`
 
 Input type: `VulnerabilitiesDismissInput`
@@ -14012,6 +14038,7 @@ Core representation of a GitLab user.
 | <a id="autocompleteduserid"></a>`id` | [`ID!`](#id) | ID of the user. |
 | <a id="autocompleteduseride"></a>`ide` | [`Ide`](#ide) | IDE settings. |
 | <a id="autocompleteduserjobtitle"></a>`jobTitle` | [`String`](#string) | Job title of the user. |
+| <a id="autocompleteduserlastactivityon"></a>`lastActivityOn` | [`Date`](#date) | Date the user last performed any actions. |
 | <a id="autocompleteduserlinkedin"></a>`linkedin` | [`String`](#string) | LinkedIn profile name of the user. |
 | <a id="autocompleteduserlocation"></a>`location` | [`String`](#string) | Location of the user. |
 | <a id="autocompletedusername"></a>`name` | [`String!`](#string) | Human-readable name of the user. Returns `****` if the user is a project bot and the requester does not have permission to view the project. |
@@ -20447,6 +20474,7 @@ A user assigned to a merge request.
 | <a id="mergerequestassigneeid"></a>`id` | [`ID!`](#id) | ID of the user. |
 | <a id="mergerequestassigneeide"></a>`ide` | [`Ide`](#ide) | IDE settings. |
 | <a id="mergerequestassigneejobtitle"></a>`jobTitle` | [`String`](#string) | Job title of the user. |
+| <a id="mergerequestassigneelastactivityon"></a>`lastActivityOn` | [`Date`](#date) | Date the user last performed any actions. |
 | <a id="mergerequestassigneelinkedin"></a>`linkedin` | [`String`](#string) | LinkedIn profile name of the user. |
 | <a id="mergerequestassigneelocation"></a>`location` | [`String`](#string) | Location of the user. |
 | <a id="mergerequestassigneemergerequestinteraction"></a>`mergeRequestInteraction` | [`UserMergeRequestInteraction`](#usermergerequestinteraction) | Details of this user's interactions with the merge request. |
@@ -20727,6 +20755,7 @@ The author of the merge request.
 | <a id="mergerequestauthorid"></a>`id` | [`ID!`](#id) | ID of the user. |
 | <a id="mergerequestauthoride"></a>`ide` | [`Ide`](#ide) | IDE settings. |
 | <a id="mergerequestauthorjobtitle"></a>`jobTitle` | [`String`](#string) | Job title of the user. |
+| <a id="mergerequestauthorlastactivityon"></a>`lastActivityOn` | [`Date`](#date) | Date the user last performed any actions. |
 | <a id="mergerequestauthorlinkedin"></a>`linkedin` | [`String`](#string) | LinkedIn profile name of the user. |
 | <a id="mergerequestauthorlocation"></a>`location` | [`String`](#string) | Location of the user. |
 | <a id="mergerequestauthormergerequestinteraction"></a>`mergeRequestInteraction` | [`UserMergeRequestInteraction`](#usermergerequestinteraction) | Details of this user's interactions with the merge request. |
@@ -21070,6 +21099,7 @@ A user participating in a merge request.
 | <a id="mergerequestparticipantid"></a>`id` | [`ID!`](#id) | ID of the user. |
 | <a id="mergerequestparticipantide"></a>`ide` | [`Ide`](#ide) | IDE settings. |
 | <a id="mergerequestparticipantjobtitle"></a>`jobTitle` | [`String`](#string) | Job title of the user. |
+| <a id="mergerequestparticipantlastactivityon"></a>`lastActivityOn` | [`Date`](#date) | Date the user last performed any actions. |
 | <a id="mergerequestparticipantlinkedin"></a>`linkedin` | [`String`](#string) | LinkedIn profile name of the user. |
 | <a id="mergerequestparticipantlocation"></a>`location` | [`String`](#string) | Location of the user. |
 | <a id="mergerequestparticipantmergerequestinteraction"></a>`mergeRequestInteraction` | [`UserMergeRequestInteraction`](#usermergerequestinteraction) | Details of this user's interactions with the merge request. |
@@ -21386,6 +21416,7 @@ A user assigned to a merge request as a reviewer.
 | <a id="mergerequestreviewerid"></a>`id` | [`ID!`](#id) | ID of the user. |
 | <a id="mergerequestrevieweride"></a>`ide` | [`Ide`](#ide) | IDE settings. |
 | <a id="mergerequestreviewerjobtitle"></a>`jobTitle` | [`String`](#string) | Job title of the user. |
+| <a id="mergerequestreviewerlastactivityon"></a>`lastActivityOn` | [`Date`](#date) | Date the user last performed any actions. |
 | <a id="mergerequestreviewerlinkedin"></a>`linkedin` | [`String`](#string) | LinkedIn profile name of the user. |
 | <a id="mergerequestreviewerlocation"></a>`location` | [`String`](#string) | Location of the user. |
 | <a id="mergerequestreviewermergerequestinteraction"></a>`mergeRequestInteraction` | [`UserMergeRequestInteraction`](#usermergerequestinteraction) | Details of this user's interactions with the merge request. |
@@ -22099,10 +22130,21 @@ A user with access to the organization.
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="organizationuserbadges"></a>`badges` **{warning-solid}** | [`[String!]`](#string) | **Introduced** in 16.4. This feature is an Experiment. It can be changed or removed at any time. Badges describing the user within the organization. |
+| <a id="organizationuserbadges"></a>`badges` **{warning-solid}** | [`[OrganizationUserBadge!]`](#organizationuserbadge) | **Introduced** in 16.4. This feature is an Experiment. It can be changed or removed at any time. Badges describing the user within the organization. |
 | <a id="organizationuserid"></a>`id` **{warning-solid}** | [`ID!`](#id) | **Introduced** in 16.4. This feature is an Experiment. It can be changed or removed at any time. ID of the organization user. |
 | <a id="organizationuseruser"></a>`user` **{warning-solid}** | [`UserCore!`](#usercore) | **Introduced** in 16.4. This feature is an Experiment. It can be changed or removed at any time. User that is associated with the organization. |
 
+### `OrganizationUserBadge`
+
+An organization user badge.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="organizationuserbadgetext"></a>`text` | [`String!`](#string) | Badge text. |
+| <a id="organizationuserbadgevariant"></a>`variant` | [`String!`](#string) | Badge variant. |
+
 ### `Package`
 
 Represents a package with pipelines in the Package Registry.
@@ -26271,6 +26313,7 @@ Core representation of a GitLab user.
 | <a id="usercoreid"></a>`id` | [`ID!`](#id) | ID of the user. |
 | <a id="usercoreide"></a>`ide` | [`Ide`](#ide) | IDE settings. |
 | <a id="usercorejobtitle"></a>`jobTitle` | [`String`](#string) | Job title of the user. |
+| <a id="usercorelastactivityon"></a>`lastActivityOn` | [`Date`](#date) | Date the user last performed any actions. |
 | <a id="usercorelinkedin"></a>`linkedin` | [`String`](#string) | LinkedIn profile name of the user. |
 | <a id="usercorelocation"></a>`location` | [`String`](#string) | Location of the user. |
 | <a id="usercorename"></a>`name` | [`String!`](#string) | Human-readable name of the user. Returns `****` if the user is a project bot and the requester does not have permission to view the project. |
@@ -30097,6 +30140,7 @@ Name of the feature that the callout is for.
 | <a id="usercalloutfeaturenameenumnamespace_storage_limit_alert_error_threshold"></a>`NAMESPACE_STORAGE_LIMIT_ALERT_ERROR_THRESHOLD` | Callout feature name for namespace_storage_limit_alert_error_threshold. |
 | <a id="usercalloutfeaturenameenumnamespace_storage_limit_alert_warning_threshold"></a>`NAMESPACE_STORAGE_LIMIT_ALERT_WARNING_THRESHOLD` | Callout feature name for namespace_storage_limit_alert_warning_threshold. |
 | <a id="usercalloutfeaturenameenumnamespace_storage_pre_enforcement_banner"></a>`NAMESPACE_STORAGE_PRE_ENFORCEMENT_BANNER` | Callout feature name for namespace_storage_pre_enforcement_banner. |
+| <a id="usercalloutfeaturenameenumnew_nav_for_everyone_callout"></a>`NEW_NAV_FOR_EVERYONE_CALLOUT` | Callout feature name for new_nav_for_everyone_callout. |
 | <a id="usercalloutfeaturenameenumnew_top_level_group_alert"></a>`NEW_TOP_LEVEL_GROUP_ALERT` | Callout feature name for new_top_level_group_alert. |
 | <a id="usercalloutfeaturenameenumnew_user_signups_cap_reached"></a>`NEW_USER_SIGNUPS_CAP_REACHED` | Callout feature name for new_user_signups_cap_reached. |
 | <a id="usercalloutfeaturenameenumpersonal_access_token_expiry"></a>`PERSONAL_ACCESS_TOKEN_EXPIRY` | Callout feature name for personal_access_token_expiry. |
@@ -31792,6 +31836,7 @@ Implementations:
 | <a id="userid"></a>`id` | [`ID!`](#id) | ID of the user. |
 | <a id="useride"></a>`ide` | [`Ide`](#ide) | IDE settings. |
 | <a id="userjobtitle"></a>`jobTitle` | [`String`](#string) | Job title of the user. |
+| <a id="userlastactivityon"></a>`lastActivityOn` | [`Date`](#date) | Date the user last performed any actions. |
 | <a id="userlinkedin"></a>`linkedin` | [`String`](#string) | LinkedIn profile name of the user. |
 | <a id="userlocation"></a>`location` | [`String`](#string) | Location of the user. |
 | <a id="username"></a>`name` | [`String!`](#string) | Human-readable name of the user. Returns `****` if the user is a project bot and the requester does not have permission to view the project. |
diff --git a/doc/api/settings.md b/doc/api/settings.md
index 670be23336c..0a74afe2abf 100644
--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -575,6 +575,7 @@ listed in the descriptions of the relevant settings.
 | `spam_check_endpoint_url`                | string           | no                                   | URL of the external Spamcheck service endpoint. Valid URI schemes are `grpc` or `tls`. Specifying `tls` forces communication to be encrypted.|
 | `spam_check_api_key`                     | string           | no                                   | API key used by GitLab for accessing the Spam Check service endpoint. |
 | `suggest_pipeline_enabled`               | boolean          | no                                   | Enable pipeline suggestion banner. |
+| `enable_artifact_external_redirect_warning_page` | boolean          | no                                   | Show the external redirect page that warns you about user-generated content in GitLab Pages. |
 | `terminal_max_session_time`              | integer          | no                                   | Maximum time for web terminal websocket connection (in seconds). Set to `0` for unlimited time. |
 | `terms`                                  | text             | required by: `enforce_terms`         | (**Required by:** `enforce_terms`) Markdown content for the ToS. |
 | `throttle_authenticated_api_enabled`                      | boolean | no                                                              | (**If enabled, requires:** `throttle_authenticated_api_period_in_seconds` and `throttle_authenticated_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
diff --git a/doc/ci/components/index.md b/doc/ci/components/index.md
index 9063b6d0378..338e4b2c205 100644
--- a/doc/ci/components/index.md
+++ b/doc/ci/components/index.md
@@ -29,6 +29,8 @@ A components repository is a GitLab project with a repository that hosts one or
 
 If a component requires different versioning from other components, the component should be migrated to its own components repository.
 
+One component repository can have a maximum of 10 components.
+
 ## Create a components repository
 
 To create a components repository, you must:
@@ -65,17 +67,17 @@ the file structure should be similar to:
 
 ```plaintext
 ├── templates/
-│   └── only_template.yml
+│   └── secret-detection.yml
 ├── README.md
 └── .gitlab-ci.yml
 ```
 
-This example component could be referenced with a path similar to `gitlab.com/my-username/my-component/only_template@<version>`,
+This example component could be referenced with a path similar to `gitlab.com/my-namespace/my-project/secret-detection@<version>`,
 if the project is:
 
 - On GitLab.com
-- Named `my-component`
-- In a personal namespace named `my-username`
+- Named `my-project`
+- In a personal namespace or group named `my-namespace`
 
 The templates directory and the suffix of the configuration file should be excluded from the referenced path.
 
@@ -85,26 +87,32 @@ If the project contains multiple components, then the file structure should be s
 ├── README.md
 ├── .gitlab-ci.yml
 └── templates/
-    └── all-scans.yml
+    ├── all-scans.yml
     └── secret-detection.yml
 ```
 
 These components would be referenced with these paths:
 
-- `gitlab.com/my-username/my-component/all-scans`
-- `gitlab.com/my-username/my-component/secret-detection`
+- `gitlab.com/my-namespace/my-project/all-scans@<version>`
+- `gitlab.com/my-namespace/my-project/secret-detection@<version>`
+
+You can also have components defined as a directory if you want to bundle together multiple related files.
+In this case GitLab expects a `template.yml` file to be present:
 
-You can omit the filename in the path if the configuration file is named `template.yml`.
-For example, the following component could be referenced with `gitlab.com/my-username/my-component/dast`:
+For example:
 
 ```plaintext
 ├── README.md
 ├── .gitlab-ci.yml
-├── templates/
-│   └── dast
-│       └── template.yml
+└── templates/
+    └── dast
+        ├── docs.md
+        ├── Dockerfile
+        └── template.yml
 ```
 
+In this example, the component could be referenced with `gitlab.com/my-namespace/my-project/dast@<version>`.
+
 #### Component configurations saved in any directory (deprecated)
 
 WARNING:
@@ -117,8 +125,8 @@ Components configurations can be saved through the following directory structure
   components, each file must be in a separate subdirectory.
 - `README.md`: A documentation file explaining the details of all the components in the repository.
 
-For example, if the project is on GitLab.com, named `my-component`, and in a personal
-namespace named `my-username`:
+For example, if the project is on GitLab.com, named `my-project`, and in a personal
+namespace named `my-namespace`:
 
 - Containing a single component and a simple pipeline to test the component, then
   the file structure might be:
@@ -132,7 +140,7 @@ namespace named `my-username`:
   The `.gitlab-ci.yml` file is not required for a CI/CD component to work, but
   [testing the component](#test-the-component) in a pipeline in the project is recommended.
 
-  This component is referenced with the path `gitlab.com/my-username/my-component@<version>`.
+  This component is referenced with the path `gitlab.com/my-namespace/my-project@<version>`.
 
 - Containing one default component and multiple sub-components, then the file structure
   might be:
@@ -149,9 +157,9 @@ namespace named `my-username`:
 
   These components are identified by these paths:
 
-  - `gitlab.com/my-username/my-component`
-  - `gitlab.com/my-username/my-component/unit`
-  - `gitlab.com/my-username/my-component/integration`
+  - `gitlab.com/my-namespace/my-project`
+  - `gitlab.com/my-namespace/my-project/unit`
+  - `gitlab.com/my-namespace/my-project/integration`
 
 It is possible to have a components repository with no default component, by having
 no `template.yml` in the root directory.
@@ -205,7 +213,7 @@ For example:
 
 ```yaml
 include:
-  - component: gitlab.example.com/my-namespace/my-component@1.0
+  - component: gitlab.example.com/my-namespace/my-project@1.0
     inputs:
       stage: build
 ```
@@ -410,7 +418,7 @@ For example:
 ```yaml
 include:
   # include the component located in the current project from the current SHA
-  - component: gitlab.com/$CI_PROJECT_PATH/my-component@$CI_COMMIT_SHA
+  - component: gitlab.com/$CI_PROJECT_PATH/my-project@$CI_COMMIT_SHA
     inputs:
       stage: build
 
diff --git a/doc/ci/yaml/inputs.md b/doc/ci/yaml/inputs.md
index 9e084cf0020..cf5040408a2 100644
--- a/doc/ci/yaml/inputs.md
+++ b/doc/ci/yaml/inputs.md
@@ -14,7 +14,8 @@ and subject to change without notice.
 
 ## Define input parameters with `spec:inputs`
 
-> `description` keyword [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415637) in GitLab 16.5.
+> - `description` keyword [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415637) in GitLab 16.5.
+> - `options` keyword [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/393401) in GitLab 16.6.
 
 Use `spec:inputs` to define input parameters for CI/CD configuration intended to be added
 to a pipeline with `include`. Use [`include:inputs`](#set-input-parameter-values-with-includeinputs)
@@ -43,6 +44,8 @@ When using `spec:inputs`:
 
 - Defined inputs are mandatory by default.
 - Inputs can be made optional by specifying a `default`. Use `default: null` to have no default value.
+- Inputs can use `options` to specify a list of allowed values for an input. The limit is 50 options per input.
+- If an input uses both `default` and `options`, the default value must be one of the listed options. If not, the pipeline fails with a validation error.
 - You can optionally use `description` to give a description to a specific input.
 - A string containing an interpolation block must not exceed 1 MB.
 - The string inside an interpolation block must not exceed 1 KB.
@@ -55,6 +58,7 @@ spec:
     website:
     user:
       default: 'test-user'
+      options: ['test-user', 'admin-user']
     flags:
       default: null
       description: 'Sample description of the `flags` input detail.'
@@ -66,7 +70,7 @@ spec:
 In this example:
 
 - `website` is mandatory and must be defined.
-- `user` is optional. If not defined, the value is `test-user`.
+- `user` is optional. If not defined, the value is `test-user`, which is one of the values specified in `options`.
 - `flags` is optional. If not defined, it has no value. The optional description should give details about the input.
 
 ## Set input parameter values with `include:inputs`
diff --git a/doc/development/i18n/proofreader.md b/doc/development/i18n/proofreader.md
index cea59bae41b..f24ebacab18 100644
--- a/doc/development/i18n/proofreader.md
+++ b/doc/development/i18n/proofreader.md
@@ -140,7 +140,6 @@ are very appreciative of the work done by translators and proofreaders!
   - Rıfat Ünalmış (Rifat Unalmis) - [GitLab](https://gitlab.com/runalmis), [Crowdin](https://crowdin.com/profile/runalmis)
   - İsmail Arılık - [GitLab](https://gitlab.com/ismailarilik), [Crowdin](https://crowdin.com/profile/ismailarilik)
 - Ukrainian
-  - Volodymyr Sobotovych - [GitLab](https://gitlab.com/wheleph), [Crowdin](https://crowdin.com/profile/wheleph)
   - Andrew Vityuk - [GitLab](https://gitlab.com/3_1_3_u), [Crowdin](https://crowdin.com/profile/andruwa13)
 - Welsh
   - Delyth Prys - [GitLab](https://gitlab.com/Delyth), [Crowdin](https://crowdin.com/profile/DelythPrys)
diff --git a/doc/subscriptions/self_managed/index.md b/doc/subscriptions/self_managed/index.md
index 05d00323e2a..3d6e2b9af5f 100644
--- a/doc/subscriptions/self_managed/index.md
+++ b/doc/subscriptions/self_managed/index.md
@@ -34,7 +34,8 @@ Prorated charges are not possible without a quarterly usage report.
 
 ## View user totals
 
-You can view users for your license and determine if you've gone over your subscription.
+View the amount of users in your instance to determine if they exceed the amount
+paid for in your subscription.
 
 1. On the left sidebar, select **Search or go to**.
 1. Select **Admin Area**.
@@ -44,17 +45,19 @@ The lists of users are displayed.
 
 ### Billable users
 
-A _billable user_ counts against the number of subscription seats. Every user is considered a
-billable user, with the following exceptions:
-
-- [Deactivated users](../../administration/moderate_users.md#deactivate-a-user) and
-  [blocked users](../../administration/moderate_users.md#block-a-user) don't count as billable users in the current subscription. When they are either deactivated or blocked they release a _billable user_ seat. However, they may
-  count toward overages in the subscribed seat count.
-- Users who are [pending approval](../../administration/moderate_users.md#users-pending-approval).
-- Users with only the [Minimal Access role](../../user/permissions.md#users-with-minimal-access) on self-managed Ultimate subscriptions or any GitLab.com subscriptions.
-- Users with only the [Guest or Minimal Access roles on an Ultimate subscription](#free-guest-users).
-- Users without project or group memberships on an Ultimate subscription.
-- GitLab-created service accounts:
+Billable users count toward the number of subscription seats purchased in your subscription.
+
+A user is not counted as a billable user if:
+
+- They are [deactivated](../../administration/moderate_users.md#deactivate-a-user) or
+  [blocked](../../administration/moderate_users.md#block-a-user).
+  If the user occupied a seat prior to being deactivated or blocked,
+  the user is included in the number of [maximum users](#maximum-users).
+- They are [pending approval](../../administration/moderate_users.md#users-pending-approval).
+- They have only the [Minimal Access role](../../user/permissions.md#users-with-minimal-access) on self-managed Ultimate subscriptions or any GitLab.com subscriptions.
+- They have the [Guest or Minimal Access roles on an Ultimate subscription](#free-guest-users).
+- They have project or group memberships on an Ultimate subscription.
+- The account is a GitLab-created service account:
   - [Ghost User](../../user/profile/account/delete_account.md#associated-records).
   - Bots such as:
     - [Support Bot](../../user/project/service_desk/configure.md#support-bot-user).
@@ -62,7 +65,7 @@ billable user, with the following exceptions:
     - [Bot users for groups](../../user/group/settings/group_access_tokens.md#bot-users-for-groups).
     - Other [internal users](../../development/internal_users.md#internal-users).
 
-**Billable users** as reported in the `/admin` section is updated once per day.
+The amount of **Billable users** is reported once a day in the Admin Area.
 
 ### Maximum users
 
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index c36203ee492..8c141559cd2 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -673,6 +673,33 @@ If you do access the internal container registry API and use the original tag de
 
 <div class="deprecation breaking-change" data-milestone="17.0">
 
+### Legacy Geo Prometheus metrics
+
+<div class="deprecation-notes">
+- Announced in GitLab <span class="milestone">16.6</span>
+- Removal in GitLab <span class="milestone">17.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/430192).
+</div>
+
+Following the migration of projects to the [Geo self-service framework](https://docs.gitlab.com/ee/development/geo/framework.html) we have deprecated a number of [Prometheus](https://docs.gitlab.com/ee/administration/monitoring/prometheus/) metrics.
+The following Geo-related Prometheus metrics are deprecated and will be removed in 17.0.
+The table below lists the deprecated metrics and their respective replacements. The replacements are available in GitLab 16.3.0 and later.
+
+| Deprecated metric                        |  Replacement metric                            |
+| ---------------------------------------- | ---------------------------------------------- |
+| `geo_repositories_synced`                | `geo_project_repositories_synced`              |
+| `geo_repositories_failed`                | `geo_project_repositories_failed`              |
+| `geo_repositories_checksummed`           | `geo_project_repositories_checksummed`         |
+| `geo_repositories_checksum_failed`       | `geo_project_repositories_checksum_failed`     |
+| `geo_repositories_verified`              | `geo_project_repositories_verified`            |
+| `geo_repositories_verification_failed`   | `geo_project_repositories_verification_failed` |
+| `geo_repositories_checksum_mismatch`     |  None available                                |
+| `geo_repositories_retrying_verification` |  None available                                |
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="17.0">
+
 ### Maintainer role providing the ability to change Package settings using GraphQL API
 
 <div class="deprecation-notes">
diff --git a/doc/user/group/index.md b/doc/user/group/index.md
index ab8cba48dc4..1a4fa9df305 100644
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -202,7 +202,7 @@ A table displays the member's:
 
 NOTE:
 The display of group members' **Source** might be inconsistent.
-For more information, see [issue 414557](https://gitlab.com/gitlab-org/gitlab/-/issues/414557).
+For more information, see [issue 23020](https://gitlab.com/gitlab-org/gitlab/-/issues/23020).
 
 ## Filter and sort members in a group
 
diff --git a/doc/user/product_analytics/index.md b/doc/user/product_analytics/index.md
index 6f5f4ed4db8..e9528a11a3e 100644
--- a/doc/user/product_analytics/index.md
+++ b/doc/user/product_analytics/index.md
@@ -101,7 +101,19 @@ Prerequisites:
 1. Expand **Configure** and enter the configuration values.
 1. Select **Save changes**.
 
-## Instrument a GitLab project
+## Onboard a GitLab project
+
+Onboarding a GitLab project means preparing it to receive events that are used for product analytics.
+
+To onboard a project:
+
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Analyze > Analytics dashboards**.
+1. Under **Product analytics**, select **Set up**.
+1. Select **Set up product analytics**.
+Your instance is being created, and the project onboarded.
+
+## Instrument your application
 
 To instrument code to collect data, use one or more of the existing SDKs:
 
diff --git a/doc/user/project/members/index.md b/doc/user/project/members/index.md
index 1fe6e3523b3..6df33a4fb06 100644
--- a/doc/user/project/members/index.md
+++ b/doc/user/project/members/index.md
@@ -190,7 +190,7 @@ To add a group to a project:
 1. Select **Invite**.
 
 The members of the group are not displayed on the **Members** tab.
-Private groups are masked from unauthenticated users.
+Private groups are masked from unauthorized users.
 The **Members** tab shows:
 
 - Members who are directly assigned to the project.
diff --git a/doc/user/project/members/share_project_with_groups.md b/doc/user/project/members/share_project_with_groups.md
index 4474cb55929..94dbb922c0b 100644
--- a/doc/user/project/members/share_project_with_groups.md
+++ b/doc/user/project/members/share_project_with_groups.md
@@ -77,7 +77,7 @@ In addition:
 - On the group's page, the project is listed on the **Shared projects** tab.
 - On the project's **Members** page, the group is listed on the **Groups** tab.
 - From [GitLab 16.6](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134623),
-  the invited group's name and membership source will be hidden unless:
+  the invited group's name and membership source will be masked unless:
   - the group is public, or
   - the current user is a member of the group, or
   - the current user is a member of the project.