39 files changed, 2390 insertions, 141 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 283dbf2aec4..dd4d29fd535 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,502 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 14.3.0 (2021-09-21)
+
+### Added (111 changes)
+
+- [Add organizations update mutation to GraphQL](gitlab-org/gitlab@9375734734a090d186da58cb5d1ece7d886318f8) by @leetickett ([merge request](gitlab-org/gitlab!69559))
+- [Auto-scope board to iteration cadence](gitlab-org/gitlab@3015a0232caa9641266130bd905942ece2758d16) ([merge request](gitlab-org/gitlab!69030))
+- [Decouple project runners queuing query from projects table](gitlab-org/gitlab@04a2a99342e8db67058ee6534e4166ca0a8a4914) ([merge request](gitlab-org/gitlab!70415))
+- [Add owner validation for project namespaces](gitlab-org/gitlab@a30da0a109d54f5254498d70977e3e2be69f9901) ([merge request](gitlab-org/gitlab!69201))
+- [Add ProjectNamespace model and DB relationships](gitlab-org/gitlab@6914cf3c13c2ca6f325ae273944f4c2172691451) ([merge request](gitlab-org/gitlab!69201))
+- [Upgrade Pages to 1.44.0](gitlab-org/gitlab@2e2263965716a3dd7c3f427f9876d50183a9a3ef) ([merge request](gitlab-org/gitlab!70484))
+- [Add docs on how to use AWS server side encryption for backups](gitlab-org/gitlab@00eeff9dd13ad4a515655630cc9f006ca2ec8c75) ([merge request](gitlab-org/gitlab!70327))
+- [Persist projects configured to use an Agent](gitlab-org/gitlab@3a80bebfcb49b4315c91d3ac3863f06d692fc000) ([merge request](gitlab-org/gitlab!67295))
+- [Enable Pages replication with Geo by default](gitlab-org/gitlab@5f9c6a945c6f46294ede78b5b1ae82b2d8239c92) ([merge request](gitlab-org/gitlab!70434)) **GitLab Enterprise Edition**
+- [Address the PK Overflow risk for the ci_build_needs - Step 3](gitlab-org/gitlab@c789075c2907e6689d61e9f3c0ff6943018a4c9c) ([merge request](gitlab-org/gitlab!69473))
+- [Extend `marginalia` to provide `db_config_name`](gitlab-org/gitlab@24e07a2a61cc981f401fd886e39940305cc3699c) ([merge request](gitlab-org/gitlab!67328))
+- [Enable Roadmap daterange presets](gitlab-org/gitlab@3dccdb1fc8a795ea8e6fd23710362f0ef8b6a146) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55639)) **GitLab Enterprise Edition**
+- [Test project namespace is destroyed with project_namespace.rb](gitlab-org/gitlab@93ff65e15fa779f6ecebef03a98443972efd6222) ([merge request](gitlab-org/gitlab!69200))
+- [Add DastSiteValidations status filter (disabled)](gitlab-org/gitlab@dd35063df15f3e542487de378b988043b0c3f249) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70126)) **GitLab Enterprise Edition**
+- [Allow using inherited description templates on service desk](gitlab-org/gitlab@1b8efb7913d6dbe562c01bfb0a1189cb7b939aef) ([merge request](gitlab-org/gitlab!67786)) **GitLab Enterprise Edition**
+- [Gitaly repository tree keyset pagination](gitlab-org/gitlab@fd8c25e35a4e5126053ec534f0f3ac62167f3c2f) ([merge request](gitlab-org/gitlab!67509))
+- [Sort scoped labels first in issuable sidebar](gitlab-org/gitlab@622853e25838fc0a2e287bbf5ce3b6cfa79aa19a) by @leetickett ([merge request](gitlab-org/gitlab!67794))
+- [Enable surfacing false positives for vulnerabilities](gitlab-org/gitlab@9314dffe0d085d2db733d0ebf7f419683cd5e9b4) ([merge request](gitlab-org/gitlab!69700))
+- [Remove related todos when a design is archived](gitlab-org/gitlab@e3672ba77d7ff44d5782c3d2e359753184512e2d) ([merge request](gitlab-org/gitlab!69730))
+- [Updated vendored cluster management project tpl](gitlab-org/gitlab@e57a501ebef36140d1bfd860221ce6df3ed16635) ([merge request](gitlab-org/gitlab!69405))
+- [Configure the sidekiq job limits through settings](gitlab-org/gitlab@186465daacfe9c4b4205e2e1b1d168ff076d46af) ([merge request](gitlab-org/gitlab!68982))
+- [GraphQL for dependency proxy ttl policies](gitlab-org/gitlab@fc7454cc3dc87f9313b23bdfb62c0b75e138119c) ([merge request](gitlab-org/gitlab!68900))
+- [Track CI minutes usage on a monthly basis](gitlab-org/gitlab@c798d81ab3ca22d84e4e6463532ffdd4168ab99e) ([merge request](gitlab-org/gitlab!70183)) **GitLab Enterprise Edition**
+- [Added connectivity status to Kubernetes Agents](gitlab-org/gitlab@236e20be245070d640d7821ccebb22ddb4d5ef39) ([merge request](gitlab-org/gitlab!69345)) **GitLab Enterprise Edition**
+- [Display icon for hidden issues on group/project issue boards](gitlab-org/gitlab@e4d2dc410b8a69432a243b01f6c75f24593b3dc3) ([merge request](gitlab-org/gitlab!69558))
+- [Add milestoneWildcardId to board issues graphQL endpoint](gitlab-org/gitlab@75fd1f06a24b2b1b9a25c9adcfc828d4f462c17b) ([merge request](gitlab-org/gitlab!70105))
+- [Support multiple dbs in MigrationHelpers](gitlab-org/gitlab@cd71cf542b5f7f66a2d2bd1c71c0043a5ae7e080) ([merge request](gitlab-org/gitlab!67753))
+- [Add unauthenticated API throttle settings to admin area](gitlab-org/gitlab@2b4723b543c4699ced0c41d9254759ca1f76807a) ([merge request](gitlab-org/gitlab!69486))
+- [Apply throttling settings for unauthenticated API requests](gitlab-org/gitlab@356b77296604b00623048052d2e7122ddbd1f44a) ([merge request](gitlab-org/gitlab!69388))
+- [Add `throttle_unauthenticated_api_*` columns to application settings](gitlab-org/gitlab@004732b07e95d0712423ea67762f3ebb1134e88a) ([merge request](gitlab-org/gitlab!69384))
+- [Track resolving a thread through a new issue action](gitlab-org/gitlab@b02e032ac476de9f77d0449390e037bb43c7a08a) ([merge request](gitlab-org/gitlab!69879))
+- [Reject pending approval users via API](gitlab-org/gitlab@27e2be86ff3aaa89bf49e339f88fe81288785c08) ([merge request](gitlab-org/gitlab!69420))
+- [Add connected agents to cluster agents GraphQL response](gitlab-org/gitlab@05430d7a153990ee7c736c70d74ab99f06af847f) ([merge request](gitlab-org/gitlab!69820)) **GitLab Enterprise Edition**
+- [Introduce max saml message size setting](gitlab-org/gitlab@93d46378eccb37ae33875a6f7615a69ff106b98f) ([merge request](gitlab-org/gitlab!69647)) **GitLab Enterprise Edition**
+- [Add group contacts query to GraphQL](gitlab-org/gitlab@d7dd36719ac1b99ca6aa97d731f14cf81a9d5288) by @leetickett ([merge request](gitlab-org/gitlab!69510))
+- [Merge branch '322839-dp-graphql-image-prefix' into 'master'](gitlab-org/gitlab@1803322077256145581df58aa38ec513dfd41d7e) ([merge request](gitlab-org/gitlab!69114))
+- [Enable ci_build_tags_limit by default](gitlab-org/gitlab@bfcb5bc84f40a169485360d01e19590a8653ceb5) ([merge request](gitlab-org/gitlab!69506))
+- [Reimplement tree pagination for Rugged](gitlab-org/gitlab@cd3dc3ad6b25ae0d09925ea14f15b5a32f69b2bd) ([merge request](gitlab-org/gitlab!69480))
+- [Address the PK Overflow risk for the ci_build_trace_chunks - Step 3](gitlab-org/gitlab@3752ea6ceff6c1e1e4e3815e95c6fc47db5aaa61) ([merge request](gitlab-org/gitlab!69632))
+- [Address the PK Overflow risk for the ci_builds_runner_session - Step 3](gitlab-org/gitlab@8001124342e180f40bc0d15c2a0b9ba5583d2bc2) ([merge request](gitlab-org/gitlab!68542))
+- [Apply throttling settings to Files API](gitlab-org/gitlab@2773f95d533d14a7903d2c8217abdd26ceaba5f3) ([merge request](gitlab-org/gitlab!68561))
+- [Add more details to Protected Branches Audit Events](gitlab-org/gitlab@42a399f7ef30a0cc4d1e69ced5a29c7dcf3dc17d) by @adrien.gooris ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68869)) **GitLab Enterprise Edition**
+- [Allow sorting issues by their title](gitlab-org/gitlab@f667b284592af7054843447833900faddd6c6d34) by @espadav8 ([merge request](gitlab-org/gitlab!67234))
+- [Added filter bar to project VSA](gitlab-org/gitlab@89c078668b1e26e4dd611938ebc64e8927186d53) ([merge request](gitlab-org/gitlab!67340))
+- [Track CI minutes notifications for new monthly tracking](gitlab-org/gitlab@936681b6ebf237e2c447f3cf6ea219e6bac9ed60) ([merge request](gitlab-org/gitlab!69059))
+- [Support refname in external repo CI configuration](gitlab-org/gitlab@8909656ce7d3c2263e7bc72d0462af1bcfa9110d) by @jspricke ([merge request](gitlab-org/gitlab!68603))
+- [Keyset pagination for Groups API](gitlab-org/gitlab@4c9e7cc5721d8e7adc00c847e2f6e08df2284f45) ([merge request](gitlab-org/gitlab!68346))
+- [repository: Always use `ListBlobs()` to enumerate new blobs](gitlab-org/gitlab@fb65481d34cde47ef98a5a1d62ba5a5befa11b93) ([merge request](gitlab-org/gitlab!69449))
+- [Add `latest` column into `security_scans` table](gitlab-org/gitlab@794d1c2f328e137f406d1019815caf40bc77d6da) ([merge request](gitlab-org/gitlab!69494))
+- [Add not filters for MR Analytics](gitlab-org/gitlab@55f86ef9655046de591734a144436fa769fc0602) ([merge request](gitlab-org/gitlab!69359)) **GitLab Enterprise Edition**
+- [Validate user website_url](gitlab-org/gitlab@f651f986e457e4c4a0e96138c0d4b9e96ac91801) ([merge request](gitlab-org/gitlab!69624))
+- [Adding terraform fmt to the Terraform template](gitlab-org/gitlab@fb2c1d72491c7f989f6d7a2e3b4d570017821edc) by @willianpaixao ([merge request](gitlab-org/gitlab!69470))
+- [Address the PK Overflow risk for the ci_sources_pipelines - Step 3](gitlab-org/gitlab@07f34bb1a5319fb9ba513b1d562e7edd7b178f46) ([merge request](gitlab-org/gitlab!69281))
+- [Added /unapprove quick-action](gitlab-org/gitlab@f376e95272507f7aeae099aa8fff1df460c0b588) by @lzampier ([merge request](gitlab-org/gitlab!69225)) **GitLab Enterprise Edition**
+- [Split diff commit migrations into smaller chunks](gitlab-org/gitlab@bcf1f22361561dac505304fb617d7e444622c8b5) ([merge request](gitlab-org/gitlab!69392))
+- [Add `hidden` field to GraphQL `Issue` type](gitlab-org/gitlab@2c7c87c03477aa01b323ee6162c8b7e182215939) ([merge request](gitlab-org/gitlab!69323))
+- [Add ProjectNamespace model and DB relationships](gitlab-org/gitlab@75efa8f4348770d0978c399b0439f57b5d6ecc4a) ([merge request](gitlab-org/gitlab!68825))
+- [Add dependency proxy image prefix to group type](gitlab-org/gitlab@7005dd077fb148fcbbbb9f18b3694719179bf070) ([merge request](gitlab-org/gitlab!69114))
+- [Backfill projects with CI coverage usage](gitlab-org/gitlab@1b1bf867fe2dbb4d933243f53135a264488e1ac4) ([merge request](gitlab-org/gitlab!69115))
+- [Add Mailgun endpoint for receiving permanent failures](gitlab-org/gitlab@9c8a128ea056ee9170c7a32ad28a65900ec873aa) ([merge request](gitlab-org/gitlab!68307))
+- [Clean up group_level_protected_environments feature flag](gitlab-org/gitlab@38ed6acf94b2609365c52522070c0c5218d67bc4) ([merge request](gitlab-org/gitlab!69272))
+- [Add paginated tree graphQL query](gitlab-org/gitlab@edf6a2599a55d62a14ca5489b7db2c7f8b0051e7) ([merge request](gitlab-org/gitlab!69274))
+- [Auto-DevOps: respect deploy freezes](gitlab-org/gitlab@ebb55727b36a3d21752838d0effd74a4ae435062) ([merge request](gitlab-org/gitlab!69205))
+- [Add new VSA partitioned tables](gitlab-org/gitlab@0a29fd921e219835fb8529f42fad9a735a92f3b5) ([merge request](gitlab-org/gitlab!68950))
+- [Readding state column for members table](gitlab-org/gitlab@3c8ef22d59796a48a4fb447b4d2c2b7bb128bbb9) ([merge request](gitlab-org/gitlab!69220))
+- [Address the PK Overflow risk for the ci_job_artifacts - Step 3](gitlab-org/gitlab@773a7ec9993ba960fe4da208f5d76037dc911459) ([merge request](gitlab-org/gitlab!68770))
+- [Add organizations to GraphQL](gitlab-org/gitlab@b0e0e336ddc722ff093763e307ba6e619aaac4d3) by @leetickett ([merge request](gitlab-org/gitlab!69318))
+- [Mark the PostReceive worker as idempotent](gitlab-org/gitlab@cb87e136cbb7edae9a25e6eae903287ec8f99d5a) ([merge request](gitlab-org/gitlab!69305))
+- [Added connectivity status to Kubernetes Agents](gitlab-org/gitlab@9a15f565fcd54585209eb70348acad48c11cd38d) ([merge request](gitlab-org/gitlab!69345)) **GitLab Enterprise Edition**
+- [Use Gitaly API to sort tags](gitlab-org/gitlab@f94c86655c131ebd58e00137ddedc6b592321eda) ([merge request](gitlab-org/gitlab!69101))
+- [Promote continuous onboarding A variant](gitlab-org/gitlab@6726be7f1bce5510e107dd8eff4964ff5484607b) ([merge request](gitlab-org/gitlab!68965))
+- [Allow support for description lists in content editor](gitlab-org/gitlab@32b0de5f5306cb597b8b22ef0c3a527bef792e9c) ([merge request](gitlab-org/gitlab!69149))
+- [Support AWS SSE-KMS in backups](gitlab-org/gitlab@3963b2511f01c84ab60b272ea10d4c47dba2ac02) ([merge request](gitlab-org/gitlab!64765))
+- [Add new methods to support the PK migration - STEP 3](gitlab-org/gitlab@bccdbd7d6fab25bf03168c36f7901138e7624b53) ([merge request](gitlab-org/gitlab!68849))
+- [Add ability to Delete Freeze Periods](gitlab-org/gitlab@a28b5a4a1f4efa190cdec5e5d7cf94eed247cf18) by @jayaddison ([merge request](gitlab-org/gitlab!66331))
+- [Add DevOps Adoption Overview table](gitlab-org/gitlab@f3f97c345e9415ff777df671b689778f23753efb) ([merge request](gitlab-org/gitlab!68447)) **GitLab Enterprise Edition**
+- [Render video in content editor](gitlab-org/gitlab@7fedc5e0e49733087a9db7943e4f6fdf5d0e40ec) by @leetickett ([merge request](gitlab-org/gitlab!69169))
+- [Upgrade GitLab Pages to 1.43.0](gitlab-org/gitlab@1d8174ef6967f8b938e5e5d29baef591acb39559) ([merge request](gitlab-org/gitlab!69213))
+- [Requirement migration: Sync title and description changes](gitlab-org/gitlab@0e35aed745501b6927737bf6f91813a972fb4011) ([merge request](gitlab-org/gitlab!64929)) **GitLab Enterprise Edition**
+- [Render audio in content editor](gitlab-org/gitlab@933fe8e190a740cac6832f4fce589f9a78edc879) by @leetickett ([merge request](gitlab-org/gitlab!68598))
+- [Adds k8s 1.20 to EKS list](gitlab-org/gitlab@051061a011b4fae351bdbe7924a524e374c34a58) ([merge request](gitlab-org/gitlab!69094))
+- [API: Add endpoint to reset runner registration token](gitlab-org/gitlab@0fff8430cce18307af5af6758fb17079b2ade55c) by @KyleFromKitware ([merge request](gitlab-org/gitlab!68590))
+- [Add personalization questions to group creation](gitlab-org/gitlab@9a0cfbd18ff9d82109495395197ed568300b2fd5) ([merge request](gitlab-org/gitlab!67249))
+- [Fix unban specs](gitlab-org/gitlab@253ee313ecca7ca6ddc454c879d2400ddfe4fc88) ([merge request](gitlab-org/gitlab!68332))
+- [Log backtrace when SAVEPOINT is discovered](gitlab-org/gitlab@19e38656b64d062f3ce51840718ab25da0038ff7) ([merge request](gitlab-org/gitlab!69023))
+- [Improve serialization of content editor extensions](gitlab-org/gitlab@7105591794230453ac15434e9d11115c69d01305) ([merge request](gitlab-org/gitlab!68877))
+- [Removes load_balancing_for_expire_job_cache_worker FF](gitlab-org/gitlab@2d89ab5f53635b31fa151a23dcf234c67897bff6) ([merge request](gitlab-org/gitlab!69004))
+- [Enable the FF ci_include_rules by default](gitlab-org/gitlab@396a922cd0dcdd1ea54d951da3f19cf76e3d03c3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67409))
+- [Allow arbitrary html tags in content editor](gitlab-org/gitlab@ce0f7f66c9c7781b849fc707f5b9853f91d5d843) ([merge request](gitlab-org/gitlab!68224))
+- [Expose web_url to Compare API endpoint](gitlab-org/gitlab@aea0869776dd9ca4770721d164fc79ebed2e7e9e) ([merge request](gitlab-org/gitlab!68676))
+- [Add configure integrations button to project view](gitlab-org/gitlab@c14589e70baacf5d406fb2e604c2bd5c0525225d) ([merge request](gitlab-org/gitlab!67536))
+- [Steal pending merge request diff commit user jobs](gitlab-org/gitlab@b98a2d0c6164e81cae5b6f739f0fc7bf9aa930f2) ([merge request](gitlab-org/gitlab!68769))
+- [Database work to support inherited templates on service desk](gitlab-org/gitlab@200fe009bd68086edc0127346f28224159f471cb) ([merge request](gitlab-org/gitlab!67546))
+- [Add param to allow scoped caching of Repo#merge_to_ref](gitlab-org/gitlab@84a4415eb01bbbb175235ffdf4ad9a499c28ce89) ([merge request](gitlab-org/gitlab!68790))
+- [Allow to create epic from ancestor board](gitlab-org/gitlab@a077194fdd8b9b66a90284cfa27a6d9728dc86f4) ([merge request](gitlab-org/gitlab!68039)) **GitLab Enterprise Edition**
+- [BG migration for populating stage event hash](gitlab-org/gitlab@c91abc0d5b37e6a414fd69398a0db36482b00922) ([merge request](gitlab-org/gitlab!67939))
+- [Add VulnerabilityCreate GraphQL mutation](gitlab-org/gitlab@51205f5519b3f0ce5319678a61292dbeee946cd4) ([merge request](gitlab-org/gitlab!68158)) **GitLab Enterprise Edition**
+- [Add direct group dependency proxy env variable](gitlab-org/gitlab@62e16f4d71849b5b4038e945471d73f324ba483f) ([merge request](gitlab-org/gitlab!68661))
+- [Persist groups configured to use an Agent](gitlab-org/gitlab@09c33dc7073cd8e382b664166a22b2cbf4b1f968) ([merge request](gitlab-org/gitlab!68023))
+- [Test case return 404 instead of 500 error](gitlab-org/gitlab@cfc199ab2bb888e6814424aa1ac334339be32004) ([merge request](gitlab-org/gitlab!68548)) **GitLab Enterprise Edition**
+- [Add approvalRules to MergeRequest GraphQL API](gitlab-org/gitlab@8339099bc6d88d745cf24d6eb43dd33e051992c1) ([merge request](gitlab-org/gitlab!68502)) **GitLab Enterprise Edition**
+- [Add Files API throttling to application settings](gitlab-org/gitlab@e989361e3f24e19af6e3a61794ac915f3492e8aa) ([merge request](gitlab-org/gitlab!68559))
+- [Add support for fetching merge requests via RSS / Atom](gitlab-org/gitlab@5afc10add8dea007a32b5e2c986b0d37f2e5040b) by @kingjan1999 ([merge request](gitlab-org/gitlab!66336))
+- [Enable new vulnerability report project filter by default](gitlab-org/gitlab@4dd50c39dda68f2ea5de29d721002503ca6b7535) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68456))
+- [Allow title attribute in elements in content editor](gitlab-org/gitlab@29e0ecb1f9df1b420b7ee9a125b14dc990c9abcc) ([merge request](gitlab-org/gitlab!68086))
+- [Allow editing the structure of tables](gitlab-org/gitlab@06cd45afb825847037b9cd3f36db98a9073504e4) ([merge request](gitlab-org/gitlab!68473))
+- [Adds a button to retry a failed migration](gitlab-org/gitlab@0037970cf71f97ec6630ebfe8541399d0931840a) ([merge request](gitlab-org/gitlab!67504))
+- [Add system note for issue type changes](gitlab-org/gitlab@b8881bd71b52a484ba2c42e8e7db27a1305adeee) ([merge request](gitlab-org/gitlab!68239))
+- [Add contacts table and model](gitlab-org/gitlab@13f5241af4c923b39021217700ffd741df049c39) by @leetickett ([merge request](gitlab-org/gitlab!67985))
+- [Add oncall_users to oncall schedule Graphql type](gitlab-org/gitlab@077b9a1d6a2ff9938e47f049badb3a2ef667ecf5) ([merge request](gitlab-org/gitlab!68237)) **GitLab Enterprise Edition**
+- [Add gauge metric on ci queue size](gitlab-org/gitlab@d86702b9dcc2a84c5b9c771dfc9f8412d3cf3d64) ([merge request](gitlab-org/gitlab!67420))
+
+### Fixed (120 changes)
+
+- [Fix AddUpvotesToMergeRequests migration](gitlab-org/gitlab@7b1870038d4cb494156908acf58fe4159f69357c) ([merge request](gitlab-org/gitlab!70594)) **GitLab Enterprise Edition**
+- [Add yAxis formatter](gitlab-org/gitlab@a3f4b8e6645e43f1f7ae1cbf0920f4274605ae6d) ([merge request](gitlab-org/gitlab!70373))
+- [Fix composer package version regex](gitlab-org/gitlab@5bc407b1fada44f5b30f39930906edc6d784193c) by @leopold.jacquot ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70251))
+- [Use configurable page size for jobs in stages](gitlab-org/gitlab@c3eb03198bc08b2428a5fa92168d5fea8a6d9f2b) ([merge request](gitlab-org/gitlab!69853))
+- [Fix for approval check popover bug](gitlab-org/gitlab@03d3f3b7c651ccacb6b1246c3124209d2da6e66b) ([merge request](gitlab-org/gitlab!65579)) **GitLab Enterprise Edition**
+- [Shorten session TTL of anonymous blob access](gitlab-org/gitlab@7196ca925f9b8ce5f569a72736649998cecb0f8c) ([merge request](gitlab-org/gitlab!70444))
+- [Makes kubectl annotate work in Helm 2to3 migration Jobs](gitlab-org/gitlab@645cf7a48bd0b7e717fa4fb30323911d59b62baf) by @erik.forsberg ([merge request](gitlab-org/gitlab!70389))
+- [Use the correct project path in generated `KUBECONFIG` file](gitlab-org/gitlab@57d828bf8f7aa3071900aa0501536ccc7a492a39) ([merge request](gitlab-org/gitlab!70452)) **GitLab Enterprise Edition**
+- [Removes cleanup job from Terraform.latest](gitlab-org/gitlab@239253ecce15f7ca968c4eee70c679174094d264) ([merge request](gitlab-org/gitlab!70383))
+- [Geo Nodes - Fix flex alignment](gitlab-org/gitlab@bdaf430386a34352ed9c75d4b0d64bf551ff20b4) ([merge request](gitlab-org/gitlab!70319)) **GitLab Enterprise Edition**
+- [Do not cache user email from github if email is nil/private](gitlab-org/gitlab@c89d61bee17af1da2bcd10de9531e72db3287c72) ([merge request](gitlab-org/gitlab!70293))
+- [Change non-breaking space to space in email](gitlab-org/gitlab@5d7259c8438038fa42d4cc131087c48465975611) by @scootergrisen ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70202))
+- [Add metric to service ping if has defintion](gitlab-org/gitlab@c75e2c57c2785eb046e991430ecdb0838e7794e5) ([merge request](gitlab-org/gitlab!70061))
+- [Open reply box on resolved design discussions](gitlab-org/gitlab@c931fa4fcda640d757749bd8dbd3b0275acc04df) ([merge request](gitlab-org/gitlab!70359))
+- [Add GraphQL type for agent metadata](gitlab-org/gitlab@e06c6cf6a9f3c3abc1023cc1b97cce4257810120) ([merge request](gitlab-org/gitlab!70343)) **GitLab Enterprise Edition**
+- [Include author in commit message from core team community members](gitlab-org/gitlab@092b24472af34fdbdc36f6a799700b77043bc665) by @leetickett ([merge request](gitlab-org/gitlab!69076))
+- [Refactor the helm presenter](gitlab-org/gitlab@78b3bba1b1f53774f8c6d5bc619aef14308920bc) ([merge request](gitlab-org/gitlab!69223))
+- [Prevent vuln table header from cutting off dropdown](gitlab-org/gitlab@8d7b32f5ed8fdfe9f17327218359edf8b97ffc54) ([merge request](gitlab-org/gitlab!69954)) **GitLab Enterprise Edition**
+- [Only render "No artifacts found" when not loading](gitlab-org/gitlab@c6118524ecfa768e3d630333b41d470949dd6982) ([merge request](gitlab-org/gitlab!68843))
+- [Upgrade fog-aws to v3.12.0](gitlab-org/gitlab@9b8ffd2b223c70c3c7f20336ea36b20fec05739b) ([merge request](gitlab-org/gitlab!68969))
+- [Fix Geo Pages replication for selective sync](gitlab-org/gitlab@fd5fabbc4b05c29070446229d9bb7bc229cd957a) ([merge request](gitlab-org/gitlab!70190)) **GitLab Enterprise Edition**
+- [Dynamically read pool sizes for LB configurations](gitlab-org/gitlab@4082c09a3ad3bae0cc14fdb16cfd233ca2e445cf) ([merge request](gitlab-org/gitlab!70060))
+- [tags: Always enable fix for verification of long tag messages](gitlab-org/gitlab@cc9556429a2b3b84c847db0230733f7e84edb2be) ([merge request](gitlab-org/gitlab!70051))
+- [Fix editing network policies without policy management project](gitlab-org/gitlab@c7ebc9e085b02866209b875a093898714927109a) ([merge request](gitlab-org/gitlab!70171)) **GitLab Enterprise Edition**
+- [Fix not being able to delete unparseable policies](gitlab-org/gitlab@95a0902078fee35139af77d7c9d74a89510260d4) ([merge request](gitlab-org/gitlab!70114)) **GitLab Enterprise Edition**
+- [Check if root ancestor has an active trial](gitlab-org/gitlab@53262f665b20643c56837c7be584995606529a07) ([merge request](gitlab-org/gitlab!70109))
+- [Fix text ellipsis on linked issues/MRs](gitlab-org/gitlab@6aa0ef81bde3b50b4e3bf3432034ce1c7a1a8af4) ([merge request](gitlab-org/gitlab!70049))
+- [Fix overlap of error message and sidebar on boards](gitlab-org/gitlab@da57dc643fe2a8bf7961a3887125c6af0b3b083d) ([merge request](gitlab-org/gitlab!70030))
+- [Use global ids when updating board scope](gitlab-org/gitlab@d108201135744f9d5cda69a99b6e47710bca07a6) ([merge request](gitlab-org/gitlab!69715)) **GitLab Enterprise Edition**
+- [Fix displaying label text in labels dropdown in dark mode](gitlab-org/gitlab@c6009408c64edc50b889603c24bc408b0f73289d) ([merge request](gitlab-org/gitlab!70037))
+- [Don't release primary connections in the DB LB](gitlab-org/gitlab@95d3ff341cafd8fd5098fefbc7847c93603c9adc) ([merge request](gitlab-org/gitlab!69988))
+- [Add epic board scope to newly created epic](gitlab-org/gitlab@9a6a760c7c042a1d0a091ca8cf9213a954154234) ([merge request](gitlab-org/gitlab!70028)) **GitLab Enterprise Edition**
+- [Invalidate ES namespace cache when transferring groups](gitlab-org/gitlab@64b6bc923b511842a6104a30b1556e26e80e82b3) ([merge request](gitlab-org/gitlab!70005)) **GitLab Enterprise Edition**
+- [Use SafeRequestStore in the DB LB](gitlab-org/gitlab@2584f6ea38e2c08c5a71af70a9871cf6e480274a) ([merge request](gitlab-org/gitlab!70003))
+- [Fix display of relative/absolute time in PAT and deploy token tables](gitlab-org/gitlab@c504b0bb363e828a4a79884fbdc622e7962e4fe7) ([merge request](gitlab-org/gitlab!66262))
+- [Symbolize load balancer configuration keys](gitlab-org/gitlab@0952ac82795ce9c3ca7825e6dc71313be7e5a494) ([merge request](gitlab-org/gitlab!69995))
+- [Fix GitHub Importer outdated diff notes not showing](gitlab-org/gitlab@bc2f24820aed2370994e94abcd731cc88768025b) ([merge request](gitlab-org/gitlab!69977))
+- [Fix Elastic::MigrationWorker current_migration](gitlab-org/gitlab@f682052a0d2a76814d0b90c7e66e4a483dfc487e) ([merge request](gitlab-org/gitlab!69958)) **GitLab Enterprise Edition**
+- [Fix comments cutting off the left side of wide characters](gitlab-org/gitlab@f7f0b0dc927c080fa9c00b5d054ff996482f0a73) ([merge request](gitlab-org/gitlab!69952))
+- [Make group and project fields fullPath argument case-insensitive](gitlab-org/gitlab@37d2f7218518448c9ac4cea384cf1235f41f4e3e) ([merge request](gitlab-org/gitlab!69924))
+- [Prevent opening sidebar when clicking on board card title](gitlab-org/gitlab@3f93050618e09642988331c174b9c672ccd0cb65) ([merge request](gitlab-org/gitlab!69720))
+- [Do not cache .terraform.lock.hcl](gitlab-org/gitlab@5b41e03bb0610b28c32665b8670cca5fb839cade) ([merge request](gitlab-org/gitlab!68269))
+- [Prevent creation of too long file name](gitlab-org/gitlab@7136f5941f261917f51864612ac7b567d7bf94ed) ([merge request](gitlab-org/gitlab!69500))
+- [Ensure Milestones Are Displayed With Few Results](gitlab-org/gitlab@146c481dd419a5dd007f140e5747a6541ef63726) ([merge request](gitlab-org/gitlab!69507))
+- [Replace vsa stage slug with id](gitlab-org/gitlab@97d5c52a76708f05c0f1481384425345d820663f) ([merge request](gitlab-org/gitlab!69640)) **GitLab Enterprise Edition**
+- [Load config variables from external project](gitlab-org/gitlab@6b5b4096127a4ee32033aa4b398f2f5f9fc73c81) ([merge request](gitlab-org/gitlab!69646))
+- [Fix creating issue in milestone list](gitlab-org/gitlab@e7b3a1184cfe110ad6c70eb13df989b6ef8385f4) ([merge request](gitlab-org/gitlab!69529)) **GitLab Enterprise Edition**
+- [Fix header order in CI/CD pipeline's job tab](gitlab-org/gitlab@f2988ee52d59ffe4ba9bf57e758843360446ddac) by @JonstonChan ([merge request](gitlab-org/gitlab!69704))
+- [Make RepositoryUpdateMirrorWorker idempotent](gitlab-org/gitlab@0c05d8b8159b4944f356a8c544b9a5659e16a7b0) ([merge request](gitlab-org/gitlab!69725))
+- [Fix selected for User#commit_email input](gitlab-org/gitlab@bdca30a81d444a812d0521087d93f83c11573dfe) ([merge request](gitlab-org/gitlab!69234))
+- [Allow additional minute transfer for Users](gitlab-org/gitlab@d480822075a6f5abb5f68d998fb1a0525b47551b) ([merge request](gitlab-org/gitlab!69556)) **GitLab Enterprise Edition**
+- [Fix labels applied to a wrong issue](gitlab-org/gitlab@9534cf6211f0e2323c16559fa9f5c303f648bb47) ([merge request](gitlab-org/gitlab!69609))
+- [Max width for sidebar dropdown widgets](gitlab-org/gitlab@eb9fab5271ab43ad6abfd2c73e80ee02efb2952d) ([merge request](gitlab-org/gitlab!68431))
+- [Fix yaml viewer padding not changing color](gitlab-org/gitlab@925866290aebe058d56f6c76372f46a7c1984db9) ([merge request](gitlab-org/gitlab!69563)) **GitLab Enterprise Edition**
+- [Remove paste event listener on destroy](gitlab-org/gitlab@966a4c283c5a1c7dc8346900b1dd1d53d99c7a72) ([merge request](gitlab-org/gitlab!69453))
+- [Fix formatting bubble menu in Content Editor](gitlab-org/gitlab@a9c73f1841e174b2074891332004f0bb4f06556e) ([merge request](gitlab-org/gitlab!69324))
+- [Fix group membership CSV export for invited users](gitlab-org/gitlab@732b8b8c9df18be50a63255d6be6755d9e5aaa1a) ([merge request](gitlab-org/gitlab!69065))
+- [Remove table-layout: fixed style from the tree table of files](gitlab-org/gitlab@80a1c6de952caa6a7b86146358f06c3bb0ca106c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69445))
+- [Remove the existing duplicates of DastSiteTokens](gitlab-org/gitlab@2f345de94bdc7fe3cb3d6365dcfc641bc401a064) ([merge request](!68578))
+- [Update Audit Logging for Feature Flags](gitlab-org/gitlab@cc12468fc905ba407d21a6ffc71214d10700ae92) ([merge request](gitlab-org/gitlab!68408))
+- [Error on newlines in sidekiq-cluster arguments](gitlab-org/gitlab@91e7b17cd14b89170d1668f82bf8b7be64daac4e) ([merge request](gitlab-org/gitlab!69237))
+- [Reduce DA pagerefresh rate](gitlab-org/gitlab@bb4867bd04d847afcd78176cb9623fab8103d1aa) ([merge request](gitlab-org/gitlab!69056)) **GitLab Enterprise Edition**
+- [Fix security report schema validation](gitlab-org/gitlab@2b0a3380764ca20ab491507db020462fea23ca72) ([merge request](gitlab-org/gitlab!69292)) **GitLab Enterprise Edition**
+- [Fix disappearing badge in commit image thread edit](gitlab-org/gitlab@7dac314f249d49671ea92c8853d43da4e6a31319) ([merge request](gitlab-org/gitlab!69137))
+- [Fix - Some users cannot move issues in epic swimlanes](gitlab-org/gitlab@d5536cfab1482edb2c15c8d5bb6f7a8ed6416a50) ([merge request](gitlab-org/gitlab!68922)) **GitLab Enterprise Edition**
+- [Logged out users can view public group epic boards](gitlab-org/gitlab@a067f7517613aa47e0bfcaafb5db06fcb1c83b30) ([merge request](gitlab-org/gitlab!69218)) **GitLab Enterprise Edition**
+- [Reschedule 'ExtractProjectTopicsIntoSeparateTable' post migration](gitlab-org/gitlab@7f45515dd4f820f6902088d0ef807f6177db2661) by @wwwjon ([merge request](gitlab-org/gitlab!69199))
+- [Update relative positions on querying board issues](gitlab-org/gitlab@9729e06b523270f3cd1f1ba66e5d737569923e1a) ([merge request](gitlab-org/gitlab!68715))
+- [Patch `grape-entity` to prevent having NameError loop](gitlab-org/gitlab@28fc953b70044d792a06562c7f3b22249287e5eb) ([merge request](gitlab-org/gitlab!69040))
+- [Catch Helm invalid versions](gitlab-org/gitlab@443a3d8b9ed320364ee7790fecfefea6a5973521) by @sathieu ([merge request](gitlab-org/gitlab!68976))
+- [Fix broken image for runner templates](gitlab-org/gitlab@54b92d1d447ab60000fda7d75da4fdc4d68bfdf6) ([merge request](gitlab-org/gitlab!69080))
+- [Disallow editing the environment name](gitlab-org/gitlab@e2468c614ed0f72c2e10d1948ea09fc5a23d1740) ([merge request](gitlab-org/gitlab!68550))
+- [Fix visibility reference check](gitlab-org/gitlab@7fb9af870057569036d81556bc94a4e3e494d9a9) ([merge request](gitlab-org/gitlab!68174))
+- [Add missing graphQL ids](gitlab-org/gitlab@2ca888d789103d9219fb6320f670e0d9454f40fb) ([merge request](gitlab-org/gitlab!68948))
+- [Don't override setup_for_company in subscription flow](gitlab-org/gitlab@578273be68978108e50ebf6f5385d02beb588ca3) ([merge request](gitlab-org/gitlab!68868))
+- [Skip highlighting cache for diffs with unsupported characters](gitlab-org/gitlab@d5a1dd7429dae38a747b9a042b3fa7eea942ef1e) ([merge request](gitlab-org/gitlab!69069))
+- [Use the last Helm chart when downloading](gitlab-org/gitlab@9dfd15f6876710df96539410f4982311ee811deb) by @sathieu ([merge request](gitlab-org/gitlab!68968))
+- [Fix OrphanedInviteTokensCleanup migration](gitlab-org/gitlab@affc79c69873e73ec5b3cf7fcf74857ab4f663ce) ([merge request](gitlab-org/gitlab!68784))
+- [Fix downstream counter badge link](gitlab-org/gitlab@9b029853aa86194727cc980113cc46a260e814b1) ([merge request](gitlab-org/gitlab!68962)) **GitLab Enterprise Edition**
+- [Only set User#commit_email with user input](gitlab-org/gitlab@e467a3b438ebd5ec99853a5d48b1aae1b0668aaa) ([merge request](gitlab-org/gitlab!68591))
+- [Fix Connection#exists? when using the DB LB](gitlab-org/gitlab@abbc8b8f10a70a1ecd92aa7c17161247b599bf8c) ([merge request](gitlab-org/gitlab!68855))
+- [Fix contributors detection in changelog generation](gitlab-org/gitlab@35d6b799c0179e4f829f8221dd5598264f0a15b4) ([merge request](gitlab-org/gitlab!68938))
+- [Downgrade grpc from 1.38.0 to 1.30.2](gitlab-org/gitlab@f427fdfaae7fe1495f1e68ec5cf0ac1fe1240c27) ([merge request](gitlab-org/gitlab!68865))
+- [Let non-members set confidential flag on issue](gitlab-org/gitlab@518fe9a1124bc3606d06d6c23198c9426bd93b17) ([merge request](gitlab-org/gitlab!68459))
+- [Fix displaying weight of 0 for issues in epic tree](gitlab-org/gitlab@7a7f95f0876916af15c04a229217b7c6ece91067) ([merge request](gitlab-org/gitlab!68914)) **GitLab Enterprise Edition**
+- [Fix epic swimlanes list drag drop reordering](gitlab-org/gitlab@2dd83ce4acfd7c4c44544274f8372a727c18dd82) ([merge request](gitlab-org/gitlab!68908)) **GitLab Enterprise Edition**
+- [Show create-jira on pipeline and MR when enabled](gitlab-org/gitlab@e32b110729de421293bd93498e9bc2ec6db66503) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68821)) **GitLab Enterprise Edition**
+- [Fix new project page in dark mode](gitlab-org/gitlab@3356ff712058380d00ea2b50138c4f7c5b00abea) ([merge request](gitlab-org/gitlab!68102))
+- [Move service_desk_setting to CE in project import export](gitlab-org/gitlab@11b05504e967a93284dd2c3a3241f0376ddbd077) by @leetickett ([merge request](gitlab-org/gitlab!68896))
+- [Add default option to notification_email input](gitlab-org/gitlab@6b07127a00ab998eed3057fc1bfff9a0659c6d3f) ([merge request](gitlab-org/gitlab!68687))
+- [Fix overflowing text in OmniAuth login buttons](gitlab-org/gitlab@8524712d083cd83f1f7f381942ef019cc40b1e3a) ([merge request](gitlab-org/gitlab!68884))
+- [Use `binary` property on the file object](gitlab-org/gitlab@5691316795bfd3afcf40edaa4185db67e67db625) ([merge request](gitlab-org/gitlab!68705))
+- [Handle errors without causes](gitlab-org/gitlab@36dd486c4c6f9f0ea997be24bee4d3cd3343b301) ([merge request](gitlab-org/gitlab!68858))
+- [Fix bug validating EE project features](gitlab-org/gitlab@ee3790388b748f45a3cbadc987593dac23a54a2d) ([merge request](gitlab-org/gitlab!68523))
+- [Fix Live Markdown Preview in personal and subgroup projects](gitlab-org/gitlab@1a2a9fe95ea2b484ad8c1ce8d8f4b9714696e104) ([merge request](gitlab-org/gitlab!68803))
+- [Send rotation email inline when deleting user](gitlab-org/gitlab@2616e2dab6a224422de4f4f533f2d6eb091b8cd5) ([merge request](gitlab-org/gitlab!68811)) **GitLab Enterprise Edition**
+- [Use type to detect password fields in integrations instead of name](gitlab-org/gitlab@95917eb2d0bbfd6566e67ebff85e28619b52e2f0) ([merge request](gitlab-org/gitlab!68786))
+- [Use dynamic mapping in trigger to sync `integrations.type_new`](gitlab-org/gitlab@21db2a36c42dadec7c3bea82ed85daa66eaf6aa0) ([merge request](gitlab-org/gitlab!68558))
+- [Fix Epic bulk updates leaking to other epics](gitlab-org/gitlab@dc53ff7b8fcb4d80e852ecc0e582da30741ebb4c) ([merge request](gitlab-org/gitlab!68730)) **GitLab Enterprise Edition**
+- [Drop un-used db/ci_migrate symlink](gitlab-org/gitlab@503e25c35c75eac4cddc634d9bc1ae89ee90851b) ([merge request](gitlab-org/gitlab!68710))
+- [Fix getAction is undefined bug in Web IDE markdown files](gitlab-org/gitlab@66a8019f4fb785dd014c67f9ce0c09522ea52fab) ([merge request](gitlab-org/gitlab!68583))
+- [Remove substransaction from wiki event creation](gitlab-org/gitlab@18e78d233a9e06300631d0ac1349f2f819284ac2) ([merge request](gitlab-org/gitlab!68627))
+- [Fix namespace checks for live quota consumption](gitlab-org/gitlab@4f2e7ab31e8d9c2c93c61b5830d1cda67d759891) ([merge request](gitlab-org/gitlab!68646)) **GitLab Enterprise Edition**
+- [Fix project importers pagination issues](gitlab-org/gitlab@0f385b5c55186554a898818c3f953f8fedd2a949) ([merge request](gitlab-org/gitlab!68270))
+- [Use `binary` property on the file object](gitlab-org/gitlab@bf5486b585b304908721389e3ef8ab3fdd60874a) ([merge request](gitlab-org/gitlab!68643))
+- [Fix links to Jira docs](gitlab-org/gitlab@ed8055c80c68589cf7abb1eefae39c99de6dc801) ([merge request](gitlab-org/gitlab!68644))
+- [Enable the FF ci_new_artifact_file_reader by default](gitlab-org/gitlab@2be876558bfdf6c3fc7ce78f647db95c5cfae6ee) ([merge request](gitlab-org/gitlab!68293))
+- [Remove redundant callbacks, rely instead on validations](gitlab-org/gitlab@a1077343d8d5dcb9ab0d14640926d2a8de25aa5c) ([merge request](gitlab-org/gitlab!68048))
+- [Fix tooltip on issue sidebar](gitlab-org/gitlab@6b454c44d2ff5251ff45129abef59cbe09a07e9e) ([merge request](gitlab-org/gitlab!68614))
+- [Reduce the spacing of list items for Content Editor](gitlab-org/gitlab@7730ff6518416013e68aa752c5c6109a8b151555) ([merge request](gitlab-org/gitlab!68612))
+- [Respect namespaces with unlimited minutes](gitlab-org/gitlab@7eb5fc0b160f644fdb918e91d87a8c1eac385ddc) ([merge request](gitlab-org/gitlab!68599))
+- [Fix some edge cases with Content Editor serializing](gitlab-org/gitlab@9034aab3ca536caafdd8a3506c1002e9786d484e) ([merge request](gitlab-org/gitlab!66187))
+- [Geo: Replicate wiki and design repository HEAD ref](gitlab-org/gitlab@7aaa1413c3a772e89423818fce2b2de46b459066) ([merge request](gitlab-org/gitlab!68324)) **GitLab Enterprise Edition**
+- [Fix designCollection object after design is uploaded](gitlab-org/gitlab@1c367ecf10fadbc75560428c8b2b0fac07d099a0) ([merge request](gitlab-org/gitlab!68521))
+- [Wrap pipeline artifact dropdown item names](gitlab-org/gitlab@ed2bbe1f86b4b494dc732652a480e0494e12a57c) ([merge request](gitlab-org/gitlab!68545))
+- [Fix SSO SAML redirection not including query string](gitlab-org/gitlab@4ede4460ddd14e93d05d2ed7c9c01921c39d3086) ([merge request](gitlab-org/gitlab!68498))
+- [Add fix for 'old' file type](gitlab-org/gitlab@7b43391dfd9804b747ed4bf1be6baf82c4b51ec1) ([merge request](gitlab-org/gitlab!67735))
+- [Fix invite url on invited emails](gitlab-org/gitlab@0399c50ccc99de7bfe1de18ac29e3a11f93cebb2) ([merge request](gitlab-org/gitlab!68388))
+- [Track build minutes for disabled shared runners](gitlab-org/gitlab@271267ed46008248953cd70a8a40b9c26a6ad9b3) ([merge request](gitlab-org/gitlab!67024)) **GitLab Enterprise Edition**
+- [Validate the uniqueness of pipeline variables](gitlab-org/gitlab@a143ad44cd7bd4113f22709818288eadeecb1b2f) ([merge request](gitlab-org/gitlab!66556))
+
+### Changed (109 changes)
+
+- [Reset notification level when CI minutes limit change](gitlab-org/gitlab@771646f49387e44ff91ab4eca88cfc7bdb231441) ([merge request](gitlab-org/gitlab!69063)) **GitLab Enterprise Edition**
+- [Associate successful DAST validations with sites](gitlab-org/gitlab@626803901ffda5266104fbb7a786fb0807fdf45e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70140)) **GitLab Enterprise Edition**
+- [Use new code quality version 0.85.24-gitlab.1](gitlab-org/gitlab@9782fd2c5452b720e92131e3ef16f99fd2bc09d2) ([merge request](gitlab-org/gitlab!70325))
+- [Add notice when runner projects are updated](gitlab-org/gitlab@1fd3099ac0ae9e6489d634d2dc6b850f011d1a7f) ([merge request](gitlab-org/gitlab!70151))
+- [Change DAST url download text to button](gitlab-org/gitlab@a5494666f381dfee8c2d95ebd3d7b965a7f0c555) ([merge request](gitlab-org/gitlab!70280)) **GitLab Enterprise Edition**
+- [Update expired message for namespace](gitlab-org/gitlab@831c4e21b04353a206e3d4e6c14fbecfdca315c2) ([merge request](gitlab-org/gitlab!69454)) **GitLab Enterprise Edition**
+- [Measure image scaler duration for cached images](gitlab-org/gitlab@e6333fb2162eaf7172c469ff320e9f4c25c3df7b) ([merge request](gitlab-org/gitlab!70483))
+- [Use allowlist of allowed attributes for imported models](gitlab-org/gitlab@f43fafe59d777601b725cfdd326ae47a5ee20e8b) ([merge request](gitlab-org/gitlab!70168))
+- [Migrate admin projects tabs styles](gitlab-org/gitlab@b7fcc0bd36872f04b7c2dda2cfe671468bc0aff5) ([merge request](gitlab-org/gitlab!69298))
+- [Rebalance issues relative position without transaction](gitlab-org/gitlab@8834fda84d2a88c10718a5e59bfa62a06d6a2c50) ([merge request](gitlab-org/gitlab!68746))
+- [Show project suffix input as disabled](gitlab-org/gitlab@9cd9ca44998f09d4002ffa7a979daf21d15159a6) ([merge request](gitlab-org/gitlab!69857))
+- [Update board list settings drawer style](gitlab-org/gitlab@1937928383c9fe23d6e77f6735efdcbaea281d91) ([merge request](gitlab-org/gitlab!69946))
+- [Set different session cookie for Geo secondaries](gitlab-org/gitlab@4653ff48801884650f743cc632df01e5a7788784) ([merge request](gitlab-org/gitlab!69759)) **GitLab Enterprise Edition**
+- [Geo: Alternate redownload and normal design sync attempts](gitlab-org/gitlab@f9bd2d7a4a4cd9aedac5931c395c9e728e549c01) ([merge request](gitlab-org/gitlab!70329)) **GitLab Enterprise Edition**
+- [Geo: Alternate redownload and normal SSF sync attempts](gitlab-org/gitlab@bc6c2a5c8edfc3eb115031097da46a415e2a1737) ([merge request](gitlab-org/gitlab!70329)) **GitLab Enterprise Edition**
+- [Geo: Alternate redownload and normal project syncs](gitlab-org/gitlab@37faf15512ff4bfa7c3a28c888f1a8565659c88e) ([merge request](gitlab-org/gitlab!70329)) **GitLab Enterprise Edition**
+- [Geo: Reduce frequency of redownload attempts](gitlab-org/gitlab@f63ab921fc36bfa5951f2cf39af0306d071265a4) ([merge request](gitlab-org/gitlab!70329)) **GitLab Enterprise Edition**
+- [Update Devise sign_in path for Geo secondaries](gitlab-org/gitlab@ee925603caccc5dabda7e93f88db7b52f05a80b4) ([merge request](gitlab-org/gitlab!69748)) **GitLab Enterprise Edition**
+- [Fix policy editor performance](gitlab-org/gitlab@d44df987b63ac1fc1f8909211f3ad1455ed304d0) ([merge request](gitlab-org/gitlab!70024)) **GitLab Enterprise Edition**
+- [Fix DORA deployment frequency in VSA](gitlab-org/gitlab@5dbc5751a258552ff4438cf21dc55c1385b77fd4) ([merge request](gitlab-org/gitlab!69654))
+- [Clean up settings_block.vue](gitlab-org/gitlab@31e30d257cee503b9c52a1e7828261dd34ff253d) ([merge request](gitlab-org/gitlab!68921))
+- [Don't allow anonymous users to search with text](gitlab-org/gitlab@5b7fd6638db0f3d655c36cfceed4b2978c0e7985) ([merge request](gitlab-org/gitlab!70223))
+- [Add migrations to swap ci_builds.id column](gitlab-org/gitlab@8931ded2078012a9d07b250d95c536eb1eead031) ([merge request](gitlab-org/gitlab!70245))
+- [Fix policy preview for non-parseable policies](gitlab-org/gitlab@c41ba9bdfc89279c27d421f17f4939f999caa8ac) ([merge request](gitlab-org/gitlab!70104)) **GitLab Enterprise Edition**
+- [Add CI/CD variables for Auto Build and Auto Deploy image versions](gitlab-org/gitlab@89d5502fc9da51bf037e5dbe4a9cfc82fa2853cc) ([merge request](gitlab-org/gitlab!70088))
+- [Update parser gem to 3.0.2.0](gitlab-org/gitlab@5cb1d06f3799a58b5d8947f0815fd04d5687ad83) ([merge request](gitlab-org/gitlab!70207))
+- [Disable Sendfile interface for serving Sidekiq Web assets](gitlab-org/gitlab@ba8bd315473b9e784821fc2a9a4198dceabea18c) ([merge request](gitlab-org/gitlab!70113))
+- [Enable updated delete branch modal styles](gitlab-org/gitlab@6c4d4508720dab4a98466d0cfccf075646519d36) ([merge request](gitlab-org/gitlab!70185))
+- [Add worker_class argument to Sidekiq queues APIs](gitlab-org/gitlab@63979ec0d90d0725d0124ae4658e2021730691c6) ([merge request](gitlab-org/gitlab!70179))
+- [Change Ci::Minutes:AdditionalPack text limit](gitlab-org/gitlab@ce5fcda2623aa08271366c81e84e420427b43bec) ([merge request](gitlab-org/gitlab!70064)) **GitLab Enterprise Edition**
+- [Remove package_details_apollo feature flag](gitlab-org/gitlab@6e659c7adb427a57cc4e83b90a8b60aa93d534ff) ([merge request](gitlab-org/gitlab!69649))
+- [Add migrations to swap ci_builds.id column](gitlab-org/gitlab@fc124d114ddfca1e833d012172a0ac8fee8bd5b9) ([merge request](gitlab-org/gitlab!65201))
+- [Add abuse actions to account lock email text](gitlab-org/gitlab@a0b43cca4497faecddcdc14ead25964c212d2c28) ([merge request](gitlab-org/gitlab!69590))
+- [Security MR-widget: Clarify dismissed state](gitlab-org/gitlab@acc26917851abfa9376b253b85e8607007085a60) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69943)) **GitLab Enterprise Edition**
+- [Default on policies feature flag](gitlab-org/gitlab@8c64bd7e4cba8bcdf9c23d44c1e7d3b9bfa30d0b) ([merge request](gitlab-org/gitlab!69804)) **GitLab Enterprise Edition**
+- [Update UI text for artifacts expiration setting](gitlab-org/gitlab@71fc0ed8178c5debb12e33322ca55e52eeb975aa) ([merge request](gitlab-org/gitlab!69957))
+- [Use GlAlert instead of a custom alert class](gitlab-org/gitlab@ccb0bd218c2f12a1602eb678873df122e4ee2946) ([merge request](gitlab-org/gitlab!69854)) **GitLab Enterprise Edition**
+- [Generate iids with implicit locking by default](gitlab-org/gitlab@c2900fb1469886997e92d98d035567c0061acc1d) ([merge request](gitlab-org/gitlab!69769))
+- [Update profile conflict message](gitlab-org/gitlab@f7726c3edb59b99c23c46d65066565b9a0152034) ([merge request](gitlab-org/gitlab!69900)) **GitLab Enterprise Edition**
+- [Add a link to site profiles management](gitlab-org/gitlab@8dc84610c38181117e94591440556bd59d30c514) ([merge request](gitlab-org/gitlab!69900)) **GitLab Enterprise Edition**
+- [Use similarity sort in search project dropdown](gitlab-org/gitlab@2113d9619cfed22aa0fff988bf3c08a1c7f46623) ([merge request](gitlab-org/gitlab!69899))
+- [Diff stats dropdown styling update due to migration to GlDropdown](gitlab-org/gitlab@228b70ae4b246daad75945074d33db5ca58b63a2) ([merge request](gitlab-org/gitlab!68385))
+- [Update CODEOWNERS - Marcia - Configure](gitlab-org/gitlab@ddc646f98cc28289d14d3f999221367a5a32e4d6) ([merge request](gitlab-org/gitlab!69545))
+- [Review group general settings](gitlab-org/gitlab@7a61f6acdbd81f3839e860957f56ad4165599261) ([merge request](gitlab-org/gitlab!69858))
+- [Update UI text and link for variable warning](gitlab-org/gitlab@047c2196625c9df98e15dba31223dc7766545e2b) ([merge request](gitlab-org/gitlab!69830))
+- [Retry archive if left in incomplete state](gitlab-org/gitlab@8deb1c7094c0bb3bae966e7c451265de68debf95) ([merge request](gitlab-org/gitlab!68906))
+- [Remove File-By-File preference cookie](gitlab-org/gitlab@35d850db0fcfaa1e8d00b575f0bd45af79ff3590) ([merge request](gitlab-org/gitlab!69788))
+- [Add migration to swap ci_builds.stage_id column](gitlab-org/gitlab@4f2f2fc2e0f0e9b8d7c933227a7341b9c0b43de5) ([merge request](gitlab-org/gitlab!66688))
+- [Update Graphql dastProfileUpdate mutation to include Schedule](gitlab-org/gitlab@34d76ecb851039bbb674fe3430fab6cbe23889e5) ([merge request](gitlab-org/gitlab!66445))
+- [Support restoring repository backups in parallel](gitlab-org/gitlab@b00d37ee54f7366535cf9b03dee6834e0310d0c1) ([merge request](gitlab-org/gitlab!69330))
+- [Roll back support for caching encoding detection](gitlab-org/gitlab@e20c483a8d62f10abed64167c7a75aa0f10c5cd3) ([merge request](gitlab-org/gitlab!69581))
+- [Allow to open table editing dropdown from headers](gitlab-org/gitlab@3e4a349ad4aa6ec1fe63a8aaebcd375acefe85c8) ([merge request](gitlab-org/gitlab!69499))
+- [Rename `throttle_unauthenticated_*` attributes in application settings](gitlab-org/gitlab@3edf9e107b1c70ed08ecfab0170e77f231930646) ([merge request](gitlab-org/gitlab!69543))
+- [Prepare the DB LB for always being enabled](gitlab-org/gitlab@e5c5dff040458cd24f66d35824c4fef170325641) ([merge request](gitlab-org/gitlab!68857))
+- [Move group's "allow request access" to new section](gitlab-org/gitlab@f205ed4189bc93f7b689e25d0a1c3861a3828b2a) ([merge request](gitlab-org/gitlab!69217))
+- [Fix integer columns on new VSA table](gitlab-org/gitlab@d80caad0c2f27fd2c082c5a1085fc0efd156869f) ([merge request](gitlab-org/gitlab!69531))
+- [Update GitLab User Doc for EKS supported version](gitlab-org/gitlab@98feb6b48331dfe582e4f4cd47fcfd63ef632b24) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69387))
+- [Resize Jupyter images to fit within the parent box](gitlab-org/gitlab@12032ed70e0aa7c15b12f33403b3716b6a86a100) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68654))
+- [Renders images on the repository of .ipynb files](gitlab-org/gitlab@b40466ca2c99d2ad37cdf9b9dbccf4078df94d60) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69075))
+- [Update help text for API Fuzzing Configuration](gitlab-org/gitlab@175b4099da3a7416c51f8f1e93f889f39c91d47b) ([merge request](gitlab-org/gitlab!69429)) **GitLab Enterprise Edition**
+- [Eanble sort_by_project_users_by_project_authorizations_user_id FF](gitlab-org/gitlab@d453b9edd7a811daddfe856cead0de694cb79ecd) ([merge request](gitlab-org/gitlab!69431))
+- [Move CI job token details to new page in CI docs](gitlab-org/gitlab@c03bd900e34da4e938783d8c5a437d5095c05316) ([merge request](gitlab-org/gitlab!69422))
+- [Improve UI text for maintenance mode](gitlab-org/gitlab@2909006ef1483a48fd50efb2d8948c48483be3cc) ([merge request](gitlab-org/gitlab!69264))
+- [Update security policy editor rule button styling](gitlab-org/gitlab@3a0f198a595fecd44f7d8611884b28862b1732bc) ([merge request](gitlab-org/gitlab!69412)) **GitLab Enterprise Edition**
+- [Show up to 200 jobs per CI stage](gitlab-org/gitlab@866adb8a09414fd5cc8461605352257c947ffd97) ([merge request](gitlab-org/gitlab!69314))
+- [Update `project/clusters/` CODEOWNERS](gitlab-org/gitlab@fb44b0b001b3109bbbf7aaa097ffe8e955a531d7) ([merge request](gitlab-org/gitlab!69351))
+- [Zoom into design image upto 100% of actual size](gitlab-org/gitlab@d79dd4151f0af62da3f2f50c0f2709090c2b29ed) ([merge request](gitlab-org/gitlab!68755))
+- [Adds DB fixtures to create base work item types](gitlab-org/gitlab@e005e57ca06b4ca1a0755ed3ab7cd5cd2be8182c) ([merge request](gitlab-org/gitlab!69021))
+- [Add configurable maximum YAML file size and depth](gitlab-org/gitlab@b12164a3e8f67559d7a3066a3892e7ad5374b01b) by @discinaround ([merge request](gitlab-org/gitlab!68593))
+- [Add customized README file when creating new Security Policy Project](gitlab-org/gitlab@d3fec98d4703a145bda6f8edfc38a2caec890ae1) ([merge request](gitlab-org/gitlab!68901)) **GitLab Enterprise Edition**
+- [Remove ci_job_trace_force_encode feature flag](gitlab-org/gitlab@a8aec1f652f67ccd60474e0bd05679d8b8bfa1fc) ([merge request](gitlab-org/gitlab!69229))
+- [Add pipeline_artifacts_size to projectSatisticsType](gitlab-org/gitlab@3c85d5193f53ecad28e1ccbba7e10060d6420ab8) ([merge request](gitlab-org/gitlab!69224))
+- [Enable bulk_import feature flag by default](gitlab-org/gitlab@ed1849e125b6c087b502792484fd5bdaf98f0280) ([merge request](gitlab-org/gitlab!69110))
+- [Update Geo node to Geo site](gitlab-org/gitlab@117a4dea442effc7618baa47cc700b2abc3caf58) ([merge request](gitlab-org/gitlab!68991))
+- [Update to Ruby 2.7.4](gitlab-org/gitlab@c4eb10aeed0bb20360955fb61323a2d6c3285e65) ([merge request](gitlab-org/gitlab!68363))
+- [Group Settings CI/CD h4 expand](gitlab-org/gitlab@150c7bf32ada427dbf4d4ecd54a3262d2df40dfd) by @quatauta ([merge request](gitlab-org/gitlab!68706))
+- [Catch all errors when processing Debian changes](gitlab-org/gitlab@55f4fe6625139b7c178bca16d8e11254637f5e9f) by @sathieu ([merge request](gitlab-org/gitlab!69141))
+- [Externalize messages on EKS settings page](gitlab-org/gitlab@776cb1a38de7dc217386bdf9f55a208005151cfd) by @JonstonChan ([merge request](gitlab-org/gitlab!69125))
+- [Externalize page-title messages](gitlab-org/gitlab@818702617d12e3818b57fee65959c51599097be9) by @JonstonChan ([merge request](gitlab-org/gitlab!69124))
+- [Externalize add_to_breadcrumbs messages](gitlab-org/gitlab@786c3f7f5556ba9e907b8ed4e576e76af935aec1) by @JonstonChan ([merge request](gitlab-org/gitlab!69123))
+- [Add warning to when converting runner to specific](gitlab-org/gitlab@d25f47a0ab69986a3e7dc71e05a365fe7f1716f2) ([merge request](gitlab-org/gitlab!68966))
+- [Update incident management limits UI text](gitlab-org/gitlab@b4dd5f7d8824969a23096b8200cf6093242f409c) ([merge request](gitlab-org/gitlab!68828)) **GitLab Enterprise Edition**
+- [Scope i18n strings that are incorrectly unscoped](gitlab-org/gitlab@77c6493f466df4b425dbc063572967f96426f647) by @JonstonChan ([merge request](gitlab-org/gitlab!69005))
+- [Unscope i18n strings that are incorrectly scoped](gitlab-org/gitlab@c13eabbad21513c9e1487156369a5f9ee12e36cd) by @JonstonChan ([merge request](gitlab-org/gitlab!69002))
+- [Externalize breadcrumb_title message](gitlab-org/gitlab@d3ceacb085cb668be7eb4e10e1cc009e29fa7c38) by @JonstonChan ([merge request](gitlab-org/gitlab!68999))
+- [Externalize submit "Save changes" message](gitlab-org/gitlab@a4f4528534ccbe213829e99d4b295c0e10df305e) by @JonstonChan ([merge request](gitlab-org/gitlab!68910))
+- [Use Gitlab::Ci::Lint in /ci/lint API endpoint](gitlab-org/gitlab@919e5bddb505abf403147206b91a37a545f2e377) ([merge request](gitlab-org/gitlab!68860))
+- [Require a LoadBalancer for service discovery](gitlab-org/gitlab@ea7a01bfceec1f81af394338e5c6ab5e1dafff69) ([merge request](gitlab-org/gitlab!68856))
+- [Only show tooltip on truncate](gitlab-org/gitlab@5013d50cb41e1c341974fadf5d4aa476da42e4c8) ([merge request](gitlab-org/gitlab!68889))
+- [Remove scanner_type argument from GraphQL mutation](gitlab-org/gitlab@1ef6230f463f6a8c8354f1623106ca00b4339379) ([merge request](gitlab-org/gitlab!68951)) **GitLab Enterprise Edition**
+- [Remove runner "locked" toggle where not used](gitlab-org/gitlab@64291433a841b9a29766f002cfccadb531110cee) ([merge request](gitlab-org/gitlab!68833))
+- [Fetch discussions using GraphQL](gitlab-org/gitlab@02de2063d26a427dfbaaced1541421f310913c9c) ([merge request](gitlab-org/gitlab!68180))
+- [Prepopulate new issue with link to the parent](gitlab-org/gitlab@d95d1e5dd6b5f2ebeea79b97eda1367c75ce17d2) by @smokris ([merge request](gitlab-org/gitlab!68226))
+- [Group Settings Default initial branch h4 expand](gitlab-org/gitlab@4a991eb788ab7dd1c55a2139471f984fe15e6934) by @quatauta ([merge request](gitlab-org/gitlab!68667))
+- [Always use `SetFullPath` RPC](gitlab-org/gitlab@955a97c4a049040b7633b9c18e9cafe79dfcd83c) ([merge request](gitlab-org/gitlab!68745))
+- [Making cross-reference links distinctly visible](gitlab-org/gitlab@465859fa49149aed4f4f2238f8c833687400ca4c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68063))
+- [Pipeline Security: Rename "scanner" to "tool"](gitlab-org/gitlab@78fbfe4294f70cec6fba639c0d2f8efe26cc6863) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68713)) **GitLab Enterprise Edition**
+- [Set blocked Omniauth accounts to blocked_pending_approval](gitlab-org/gitlab@e55a945907c967e27994fe1c4cbf6db6835e5aaa) by @vfazio ([merge request](gitlab-org/gitlab!63650))
+- [Stringify policy yaml response in scanExecutionPolicies graphql query](gitlab-org/gitlab@a5847351af8aeb83b970e9dc6019bc796fba6395) ([merge request](gitlab-org/gitlab!68656)) **GitLab Enterprise Edition**
+- [Improve error message for TransferService](gitlab-org/gitlab@21b9cf4975690f9952d0c82e6cac9799f9646e0d) ([merge request](gitlab-org/gitlab!68536))
+- [Geo SSF: fix texting in admin area](gitlab-org/gitlab@7841a215413474fa221ba42cc61e4dae6382f39d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68588)) **GitLab Enterprise Edition**
+- [Split for_project_paths into two queries](gitlab-org/gitlab@595d0b322722a43e7abfe58d0b783e81ae5b7a62) ([merge request](gitlab-org/gitlab!68457))
+- [Migrate epic sidebar participants to widget](gitlab-org/gitlab@34ff5a78d0a22972cedfed0b8d164ad4e34192f6) ([merge request](gitlab-org/gitlab!68438)) **GitLab Enterprise Edition**
+- [Remove the usage_data_design_action feature flag](gitlab-org/gitlab@9ea9f55d389d140a9e9e5e36d1f6981d9f5cc583) ([merge request](gitlab-org/gitlab!68534))
+- [Vulnerabilities CSV: Rename "scanner" to "tool"](gitlab-org/gitlab@083307fed998b18ddd5cd719be9ffed1e7bc0bf1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68238)) **GitLab Enterprise Edition**
+- [Remove feature flags for DAST disable_joins](gitlab-org/gitlab@2fd44466282ef61adb34441282246d76026efd88) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68440)) **GitLab Enterprise Edition**
+- [Migrate epic sidebar ancestors to widget](gitlab-org/gitlab@47302502f9d154d414bdff88b9fce62efb9110d2) ([merge request](gitlab-org/gitlab!68428)) **GitLab Enterprise Edition**
+- [Disable Vulnerability Finding Link creation](gitlab-org/gitlab@144d35ebddd4e8a8fe3e9e69c7d17e7301602877) ([merge request](gitlab-org/gitlab!68381)) **GitLab Enterprise Edition**
+- [Remove feature flag milestone_reference_pattern](gitlab-org/gitlab@154ae7d5d8bc1b1558665a527d54355ee45a1067) ([merge request](gitlab-org/gitlab!68358))
+
+### Deprecated (1 change)
+
+- [Consider repository_push_audit_events deprecated](gitlab-org/gitlab@15b9442ad50b8ff11528fa3643fcb0e904ba615f) ([merge request](gitlab-org/gitlab!69024))
+
+### Removed (16 changes)
+
+- [Remove ci_templates_total_unique metrics](gitlab-org/gitlab@5ccf6e7f208fdae7840a74f29002ffd59fe5657f) ([merge request](gitlab-org/gitlab!69615))
+- [Disable method instrumentation initialization](gitlab-org/gitlab@1458985e7d83a3029de9aec7850006daabad3314) ([merge request](gitlab-org/gitlab!69662))
+- [Remove feature flag for env_vars_resource_group](gitlab-org/gitlab@61d86ca772e950bca449d57cbe3f01824ec5c5bb) ([merge request](gitlab-org/gitlab!70014))
+- [Add migration to remove projects.container_registry_enabled](gitlab-org/gitlab@684002d9d2ce44f49174354228d632743685d3ae) ([merge request](gitlab-org/gitlab!69998))
+- [Update docs regarding pages legacy storage in 14.3](gitlab-org/gitlab@da1549a01d5f98ab402f08fea96fbe668af5f54c) ([merge request](gitlab-org/gitlab!69383))
+- [Remove experience level functionality](gitlab-org/gitlab@699ea2b42b48350108a340ca40a88c36fd0a0c4c) ([merge request](gitlab-org/gitlab!69491))
+- [Remove Markdown support for bio field](gitlab-org/gitlab@e5d7fa818beee7a61d075f5dd4e30254417e79d5) ([merge request](gitlab-org/gitlab!68628))
+- [Remove FF load balancing for deployments hooks worker](gitlab-org/gitlab@4f99eb1b5dd698ca0a0e17a7c2ae27ac23379e98) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69557))
+- [Remove GitLab Pages legacy storage lease](gitlab-org/gitlab@2afa44348e983b1468bd9e1f48da80e03795df10) ([merge request](gitlab-org/gitlab!69377))
+- [Stop deploying GitLab Pages to legacy storage](gitlab-org/gitlab@0882ce0e831ffcbea8b9566fadcd3d8928dda8f3) ([merge request](gitlab-org/gitlab!69287))
+- [Remove Clair deprecation warning](gitlab-org/gitlab@fc69cd195ce1595e464cb35bcc37c71e6cfac455) ([merge request](gitlab-org/gitlab!69428)) **GitLab Enterprise Edition**
+- [Remove feature flag gitaly_backup](gitlab-org/gitlab@25e7fb5a55e9d72ed7f486e3a714a9ec16001974) ([merge request](gitlab-org/gitlab!68510))
+- [Remove name parameter from pipeline finder](gitlab-org/gitlab@ba78bb2a74ad358ce917c15c6077ebd5098c706f) ([merge request](gitlab-org/gitlab!68997))
+- [Remove seat_link_enabled from ApplicationSettings db table](gitlab-org/gitlab@ea3197d558804706eb8812f313aa645d3fca48a5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66534))
+- [Remove cloud_license_enabled database column](gitlab-org/gitlab@748c20e9bea811ec97cd4c5be2318afa45f9dd53) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65541))
+- [merge_request: Drop checks whether a squash is in progress](gitlab-org/gitlab@b5b78c33c9f003f61201fb68462c56219b71e6d3) ([merge request](gitlab-org/gitlab!68647))
+
+### Security (14 changes)
+
+- [OAuth Access Tokens generated by new applications have expiry](gitlab-org/gitlab@74b9b5993c67b35e082ff5005645bdcfec206318) ([merge request](gitlab-org/gitlab!69514))
+- [Sanitize emojis when reading from LocalStorage](gitlab-org/gitlab@2e07ba0574f2258e54b6ca0e21f56bd11ee78f7d) ([merge request](gitlab-org/gitlab!68988))
+- [Always include default config for DOMPurify](gitlab-org/gitlab@de0647b6a03f363ab7fa6f067f11501af8d8af74) ([merge request](gitlab-org/gitlab!69269))
+- [Deny access for repository coverage info for guests](gitlab-org/gitlab@f04ef9b180359e75fbc6e61fea49ca400760c7a1) ([merge request](gitlab-org/gitlab!68947)) **GitLab Enterprise Edition**
+- [Prevent non-admins from configuring Jira connect app](gitlab-org/gitlab@36b00195a4a5df27ecf44d5e96c8c9ecc959c8c8)
+- [Update apollo_upload_server dependency](gitlab-org/gitlab@a360142bb99b37e48051c2455246f0fd4e6cd542)
+- [Ensure shared group members lose project access after group deletion](gitlab-org/gitlab@8f1962ad6865c2dfc0452f1089d12889b5f3f087)
+- [Update Import/Export to use public email when mapping users](gitlab-org/gitlab@c9375914fbc78f94bcb97762842b4208bc4659a1) **GitLab Enterprise Edition**
+- [Update mermaid to 8.11.5](gitlab-org/gitlab@ba3db73a2c8d34e4664a78983feb2befdc10afff) by @bufferoverflow ([merge request](gitlab-org/gitlab!68282))
+- [Escape issue reference and title for Jira issues](gitlab-org/gitlab@8c4450ee6328e77abf2d090dcb74b5fb675e13f6) **GitLab Enterprise Edition**
+- [Fix stored XSS vulnerability in Datadog settings form](gitlab-org/gitlab@e96534e084a74b237323f7a55b8d62c6be8445e9)
+- [Inherit user external status while creating project bots](gitlab-org/gitlab@04e5ab35b8678fb3d615dba44dfd97f9c89b022e)
+- [Require sign in for .keys endpoint on non-public instances](gitlab-org/gitlab@8951195f9787d8df0d1faaad8ce7a6a975e29853)
+- [Only create jira connect NS subscriptions for admins](gitlab-org/gitlab@6b88a3155df206d0c76725236334e590558ccc65)
+
+### Performance (43 changes)
+
+- [Add index for selecting resource_group from ci_builds](gitlab-org/gitlab@aa8ee780d6e720fe4027cf17e18c5d69bcf3af30) ([merge request](gitlab-org/gitlab!70279))
+- [Perform FindTag RPC request for a single tag](gitlab-org/gitlab@3180cf1cec79995159efe9d8cb9978d9a497a39a) ([merge request](gitlab-org/gitlab!70181))
+- [Remove redundant permission checks for GraphQL job type](gitlab-org/gitlab@c101a53e438674ac05b1ff39a819580ce42951fa) ([merge request](gitlab-org/gitlab!69982))
+- [Avoid a duplicated SQL condition in the NPM metadata endpoint](gitlab-org/gitlab@daef07bdb72571879bd187857214cfa97ef78c6e) ([merge request](gitlab-org/gitlab!70173))
+- [Remove preload_repo_cache feature flag](gitlab-org/gitlab@c39f6dd8e8bcc8ac01d5024b9e12598b12a45ebd) ([merge request](gitlab-org/gitlab!70132))
+- [Limit updates to Web Hook backoff interval](gitlab-org/gitlab@95ab29229db83c5918d173922944060ef8f88bc5) ([merge request](gitlab-org/gitlab!69955))
+- [Fix N+1 in projects API](gitlab-org/gitlab@f97aff42d29e50c86b659a6ea285a371ac5ba700) ([merge request](gitlab-org/gitlab!69949))
+- [Remove cache_merge_to_ref_calls feature flag](gitlab-org/gitlab@ab017f16e4b2168bc74de8ccd226e5e56e9952f3) ([merge request](gitlab-org/gitlab!69904))
+- [Limit max pagination count for relations to 1000](gitlab-org/gitlab@d0df47b80af56dbfb84f779804dd33b2b4bd719c) ([merge request](gitlab-org/gitlab!69620))
+- [Batch loading of open issues count from Redis](gitlab-org/gitlab@21b3bc3ea6621a3a6623c933878e3d3735913e1e) ([merge request](gitlab-org/gitlab!69479))
+- [Decrease WebHooks::LogExecutionWorker retries](gitlab-org/gitlab@dfeb0e69e202d2ec65ad6b44ba6161f96a9b5703) ([merge request](gitlab-org/gitlab!69834))
+- [Use specialized worker to refresh authorizations on group-share removal](gitlab-org/gitlab@0a82b83854300fb272f2e1da1956883b093f9af6) ([merge request](gitlab-org/gitlab!69739))
+- [Run UserRefreshFromReplicaWorker jobs on the replica db by default](gitlab-org/gitlab@220738943ec90b5a2081d57bd313eded889baab7) ([merge request](gitlab-org/gitlab!69728))
+- [push_rules: Implement bulk-checking of file sizes](gitlab-org/gitlab@8a5681f2feafa52e8f36c93ecf84cbf56ba651d7) ([merge request](gitlab-org/gitlab!69449))
+- [Reduce DB queries when loading root_ancestor](gitlab-org/gitlab@d2680a353f6d250c2d5aa28ae0d4862c2ec2cdbd) ([merge request](gitlab-org/gitlab!69533))
+- [Release cached merge_request show.json](gitlab-org/gitlab@e67a069a78cddfbb90156ebb9422a6c323c15260) ([merge request](gitlab-org/gitlab!69618))
+- [Release diffs_batch cached rendering](gitlab-org/gitlab@c7d293f0a386724a309153923e4a70320b6d1af1) ([merge request](gitlab-org/gitlab!69617))
+- [Fix n+1 for award_emoji field when fetching epics](gitlab-org/gitlab@1d4bf92ae235908e541e88a6396433b3d9803ce6) ([merge request](gitlab-org/gitlab!69528)) **GitLab Enterprise Edition**
+- [Remove pipeline variable unique validation](gitlab-org/gitlab@162c9c1b8602ee705d8e2b1c6773f64e4cd1940b) ([merge request](gitlab-org/gitlab!69595))
+- [Splits up auto_cancelable_pipelines query, adds limit](gitlab-org/gitlab@ad64acb2e0f41b48db03e0ac3d99867e27340df0) ([merge request](gitlab-org/gitlab!68585))
+- [Use linear version GroupsWithTemplatesFinder#extended_group_search](gitlab-org/gitlab@b4ea0323f91a9b19cbee7e328797de260ae060d2) ([merge request](gitlab-org/gitlab!68936)) **GitLab Enterprise Edition**
+- [Use linear version ApplicationSettings#elasticsearch_limited_namespaces](gitlab-org/gitlab@8078e245cb3bce435abb40e3b07766f70243c2da) ([merge request](gitlab-org/gitlab!68931)) **GitLab Enterprise Edition**
+- [Use linear version User#groups_with_developer_maintainer_project_access](gitlab-org/gitlab@d568481f854ad29f133ef300f34b84c7b5a4c976) ([merge request](gitlab-org/gitlab!68851))
+- [Move vulnerability statistics update out of transaction](gitlab-org/gitlab@8de7a2fb5f4b3f518f8325437ed23d0afc08c5d0) ([merge request](gitlab-org/gitlab!69045)) **GitLab Enterprise Edition**
+- [Use linear version of User#manageable_groups](gitlab-org/gitlab@f9818cfe32299fc04c3bc8e5837ba66dacbbe5ce) ([merge request](gitlab-org/gitlab!68845))
+- [Decrease epics, child epics and child issues max page size](gitlab-org/gitlab@8978337ee0cab9dcb75c03e87192ecf5b7e97da4) ([merge request](gitlab-org/gitlab!68403)) **GitLab Enterprise Edition**
+- [Caching the protected branch check](gitlab-org/gitlab@f5f2644d39604e094cecf52f951eca1248a9c0f8) ([merge request](gitlab-org/gitlab!64738))
+- [Enable caching of MergeToRefService responses](gitlab-org/gitlab@356f15652385cb7630ab4a4d3e7b6b6daf31a897) ([merge request](gitlab-org/gitlab!69019))
+- [Remove the npm_presenter_queries_tuning FF](gitlab-org/gitlab@0c29fc19c2093d0f4ed50959ac84d22d53eb989d) ([merge request](gitlab-org/gitlab!69058))
+- [Use linear version of User#membership_groups](gitlab-org/gitlab@fc9371979d192ef6b761184f049c1bcd75d33fee) ([merge request](gitlab-org/gitlab!68842))
+- [Use linear version of groups_including_descendants_by](gitlab-org/gitlab@5434af3edbbb1e6d784ee96e6b499f932e5eb62b) ([merge request](gitlab-org/gitlab!68835))
+- [Optimize StuckCiJobsWorker running builds query](gitlab-org/gitlab@e5ef10c611aa71299a46ba8ac60db1e0eee6eb3b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68891))
+- [Use reference cache for iterations](gitlab-org/gitlab@81109da95d4628fad060bc8e414506fe9337d6d7) ([merge request](gitlab-org/gitlab!67431)) **GitLab Enterprise Edition**
+- [Cache content_sha256 field for Files API](gitlab-org/gitlab@91bf332a1736f48bc7df3a7cee8cb502dad31061) ([merge request](gitlab-org/gitlab!67280))
+- [Eliminate N+1 queries for pipeline GraphQL endpoint](gitlab-org/gitlab@cec7261f50f09539df3bd0bdccdb17d6e2f6f00f) ([merge request](gitlab-org/gitlab!68729))
+- [Upgrade grape-path-helpers to 1.7.0](gitlab-org/gitlab@0a82a7e91ae649d09ad865146c21fb02279eacc8) ([merge request](gitlab-org/gitlab!68916))
+- [Remove `safe_find_or_create_by!` usage](gitlab-org/gitlab@84e7ea128206b9fd12a9ea409836615bf08d6533) ([merge request](gitlab-org/gitlab!68859))
+- [Remove feature flag used to enable subtransactions counter](gitlab-org/gitlab@296f7f653a30e5b2b5d8f00fb8e8417012cb4355) ([merge request](gitlab-org/gitlab!68764))
+- [Remove safe_find_or_create_by! calls](gitlab-org/gitlab@94e08bc132f410dcafc35b6110689f736617eed1) ([merge request](gitlab-org/gitlab!68649))
+- [checks: Always enable batched computation of commits](gitlab-org/gitlab@295f2e3845b8f9c4c9310c91fb5ed788a1eaab9d) ([merge request](gitlab-org/gitlab!68747))
+- [Never fetch more than 101 commits when processing a git push](gitlab-org/gitlab@81be7217f8670f5faa930bbd867951408040e123) ([merge request](gitlab-org/gitlab!67491))
+- [Reduce Gitaly calls for keeping around refs of published notes](gitlab-org/gitlab@a47de44666327cb713093eb0c3a105d0e19830ad) ([merge request](gitlab-org/gitlab!68337))
+- [Use the ListCommits RPC, not CommitsBetween, when processing git push](gitlab-org/gitlab@2a3182749c565f6b357c0432fc37d9c50a9c6420) ([merge request](gitlab-org/gitlab!68470))
+
+### Other (56 changes)
+
+- [Remove optimized_issuable_label_filter flag](gitlab-org/gitlab@7f1c9cc71a827584227b697a4367d7b63d1e42d7) ([merge request](gitlab-org/gitlab!70289))
+- [Snowplow event dictionary first run for Vue files](gitlab-org/gitlab@b48ec7b325ef782c86850e2bb090d27802108174) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70450)) **GitLab Enterprise Edition**
+- [Add Snowplow event dictionary for Vue files](gitlab-org/gitlab@74ee2d053e35ff4d71ac787ad948724282d44e8d) ([merge request](gitlab-org/gitlab!67981)) **GitLab Enterprise Edition**
+- [Remove track_all_ci_template_inclusions FF](gitlab-org/gitlab@75b9287a604bb82321b784739d7fb77f29f1a5f3) ([merge request](gitlab-org/gitlab!70380))
+- [Plain replace of track-event to track-action](gitlab-org/gitlab@9078236d088632b2b72df65666d35680fc01b6df) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/56904)) **GitLab Enterprise Edition**
+- [Remove FF ci_daily_limit_for_pipeline_schedules](gitlab-org/gitlab@a2f1f86bcdcd1fe9faeac262d2135445686d1c44) ([merge request](gitlab-org/gitlab!70163))
+- [Remove FF ci_modified_paths_of_external_prs](gitlab-org/gitlab@0a43715f40d73ea9a38934fa54dfbca65d7e61a1) ([merge request](gitlab-org/gitlab!70161))
+- [Update the helm documentation](gitlab-org/gitlab@dc8b51f21af9325ea5144b1e68351587edfe3749) ([merge request](gitlab-org/gitlab!70178))
+- [Finalize conversion to bigint for ci_builds_metadata](gitlab-org/gitlab@21415536061b9ac91e7b1e3b698b1b09534d6152) ([merge request](gitlab-org/gitlab!65692))
+- [Add status columns to dependency proxy tables](gitlab-org/gitlab@209658cd6e8f6d83727c94bd42079ffa8f3575f8) ([merge request](gitlab-org/gitlab!69901))
+- [Remove load performance widget usage data flag](gitlab-org/gitlab@487442b036ab31232a559e3e9b178df28baf1962) ([merge request](gitlab-org/gitlab!68847)) **GitLab Enterprise Edition**
+- [Finalize conversion to bigint for taggings](gitlab-org/gitlab@b6856991f3aa150e36318922534a56590f704397) ([merge request](gitlab-org/gitlab!66625))
+- [Clean up feature flag for pipeline editor branch switcher](gitlab-org/gitlab@a8f2168ed1fe6fa61650145b29c7e869b3fb376d) ([merge request](gitlab-org/gitlab!66717))
+- [Track all CI template inclusions](gitlab-org/gitlab@258d2f2ea227a0aec2c933768b8cff7fec40a928) ([merge request](gitlab-org/gitlab!69204))
+- [Revert "Merge branch...](gitlab-org/gitlab@2ee987bc775dcaa4432dfacd20a17cc82921ffc0) ([merge request](gitlab-org/gitlab!69812))
+- [Remove the default enabled feature flag](gitlab-org/gitlab@1630d748a49a401d1d0ba78c129fabc0924c3c6e) ([merge request](gitlab-org/gitlab!69755))
+- [Fix: update error budget documentation](gitlab-org/gitlab@2d5f19a14d1e34277e2c57617a2fd84aca0cbc66) ([merge request](gitlab-org/gitlab!69732))
+- [Cleanup bigint conversion for geo_job_artifact_deleted_events](gitlab-org/gitlab@2ca0e62a01f887a3d9c260c11030f80045e10802) ([merge request](gitlab-org/gitlab!69722))
+- [Cleanup bigint conversion for deployments](gitlab-org/gitlab@dc6dac21cb8f76c7d21357487ac1bb1d6ac9edd4) ([merge request](gitlab-org/gitlab!69719))
+- [Cleanup bigint conversion for ci_stages](gitlab-org/gitlab@45b010cbf8891db59aef73f58d5f8e617d9a9b0b) ([merge request](gitlab-org/gitlab!69714))
+- [Remove use_insert_all_in_internal_id feature flag](gitlab-org/gitlab@26a8a7ff654b0a015c70d14e44b14321c99d0b1a) ([merge request](gitlab-org/gitlab!69598))
+- [Remove metrics report usage data feature flag](gitlab-org/gitlab@72a1657d0bf624a4568e10eddb554aa6d3720c22) ([merge request](gitlab-org/gitlab!68657)) **GitLab Enterprise Edition**
+- [Remove the FF ci_fix_commit_status_retried](gitlab-org/gitlab@fed8e557c0d1e62134aa9187219fdaa2166d111d) ([merge request](gitlab-org/gitlab!69555))
+- [Remove bigint conversion triggers for events](gitlab-org/gitlab@bfd5ac61e24c2f8533b23a82878906d85cc49f6a) ([merge request](gitlab-org/gitlab!69337))
+- [Move usage_graph component to vue_shared folder](gitlab-org/gitlab@9003a12c1bc4aa82fece65b28149a22d47455144) ([merge request](gitlab-org/gitlab!69374))
+- [Prepare ci_builds swap indexes for async creation](gitlab-org/gitlab@bdab6b9c92a2d19687b7b3ca5dc74eca695b8cf0) ([merge request](gitlab-org/gitlab!69404))
+- [Bump fast_gettext to the latest](gitlab-org/gitlab@329c5a3b810437e6b9d046cd3a94e09769da2814) ([merge request](gitlab-org/gitlab!69236))
+- [Introduce versioned GitLab migration class](gitlab-org/gitlab@137f716c6b118e65651c8df26edcc606bc71c413) ([merge request](gitlab-org/gitlab!68986))
+- [Remove bigint conversion triggers for push_event_payloads](gitlab-org/gitlab@7d5a2605a949f0b3eaa9eec5232e5d15e097b197) ([merge request](gitlab-org/gitlab!69339))
+- [Fix contextual help link and other minor improvements](gitlab-org/gitlab@012d10086d32d4c8e73c6c8c372f0682a41d73f5) ([merge request](gitlab-org/gitlab!68838)) **GitLab Enterprise Edition**
+- [Clean up :graphql_board_list feature flag](gitlab-org/gitlab@cfccf9032a8fd0cab2962fe2fdde20f327932867) ([merge request](gitlab-org/gitlab!67815))
+- [Revert "Merge branch 'stuck-ci-jobs-worker-optimize-running' into 'master'"](gitlab-org/gitlab@af23fa473a470d81f5a07b1a00072b38ce7c35d9) ([merge request](gitlab-org/gitlab!69163))
+- [Cleanup used membership invites](gitlab-org/gitlab@8c4879e7e5be46969823aa64ab676e57e809d5a2) ([merge request](gitlab-org/gitlab!69064))
+- [Remove temp index on approval_project_rules](gitlab-org/gitlab@c2efc57d6ed6e3221fb5652a9ddd12283ee731aa) ([merge request](gitlab-org/gitlab!68579))
+- [Add models for dependency proxy ttl policies](gitlab-org/gitlab@d40a4e5a0b14270cc18443fcc8a6c971ec339bbb) ([merge request](gitlab-org/gitlab!68809))
+- [Bump prometheus-client-mmap to 14.0](gitlab-org/gitlab@877b827e1039644167a344dacc5d05cb9c9eee1e) ([merge request](gitlab-org/gitlab!68987))
+- [Update GitLab Shell to v13.21.0](gitlab-org/gitlab@142c6e006e536fbd603ffe41061b45f049bfb292) ([merge request](gitlab-org/gitlab!68985))
+- [Remove enabled runner_graphql_query feature flag](gitlab-org/gitlab@fefdb1c3c74c0d78339eb5a2dc83fb91fafa6c0f) ([merge request](gitlab-org/gitlab!68944))
+- [Remove upsert_issue_metrics feature flag](gitlab-org/gitlab@2e627c8b2705ea1431a58916a18cf39122bb63eb) ([merge request](gitlab-org/gitlab!68829))
+- [Remove optimize_safe_find_or_create_by FF](gitlab-org/gitlab@54715b730f58f88a8426a35384083f64653194d3) ([merge request](gitlab-org/gitlab!68827))
+- [Remove column from project_settings](gitlab-org/gitlab@0c9181486033adf7e32a76b6996a5df3cdd0c386) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68854))
+- [Remove the "local file reviews" feature flag](gitlab-org/gitlab@d58a1049c74210cdb43c2bef401fa0857db4bf7f) ([merge request](gitlab-org/gitlab!68813))
+- [Prepare async indexes for ci table int8 swaps](gitlab-org/gitlab@25c10c86b0a70f55ba67f3a0b52afcb3d1cc4bf9) ([merge request](gitlab-org/gitlab!68888))
+- [Remove store_mentions_without_subtransactions FF](gitlab-org/gitlab@185df145797a9e72e81ec97c2da0587d151b403b) ([merge request](gitlab-org/gitlab!68826))
+- [Remove unused other_storage_counter](gitlab-org/gitlab@1c8be2482ae8a13dbc5e00980ad17f6ada3a9ed9) ([merge request](gitlab-org/gitlab!68736))
+- [Remove enabled runner_detailed_view_vue_ui flag](gitlab-org/gitlab@e7644ad7544aa06d7f47a7e88df6fc3c657fb9d2) ([merge request](gitlab-org/gitlab!68839))
+- [Remove web performance widget usage data flag](gitlab-org/gitlab@0d55ceb00913a4ef2e3f628268c03462c46c74b1) ([merge request](gitlab-org/gitlab!68837)) **GitLab Enterprise Edition**
+- [Finalize conversion to bigint for events](gitlab-org/gitlab@a69fa0532997f389601c273b69dcb5b09d8219dd) ([merge request](gitlab-org/gitlab!64779))
+- [Remove column from project_settings](gitlab-org/gitlab@c8c78bad3263b15b0ab61223000fb39c45e9dc64) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68798))
+- [Fix instrumentation meta method definition](gitlab-org/gitlab@62d9bae05f72eb1fca4a5cfe06ceaa3c3de787fa) ([merge request](gitlab-org/gitlab!68568))
+- [Remove board_new_list feature flag](gitlab-org/gitlab@ec1eb8d0e115e8cd7fbdcd683d3cadd0536f4b88) ([merge request](gitlab-org/gitlab!59826))
+- [Prepare indexes on events for bigint column conversions](gitlab-org/gitlab@e05745930510e30c3b69a22f66450bde5fc48e65) ([merge request](gitlab-org/gitlab!68426))
+- [Remove `track_unique_visits` feature flag](gitlab-org/gitlab@9ba606897436e4356568bbf62d78e7b8f596b996) by @edith007 ([merge request](gitlab-org/gitlab!68569))
+- [Remove deprecated deployment workers](gitlab-org/gitlab@237d7a54fdac62847f8078228fc2ed6692f33f7e) by @edith007 ([merge request](gitlab-org/gitlab!67683))
+- [Remove the FF ci_reset_bridge_with_subsequent_jobs](gitlab-org/gitlab@a4a75095b9b0250d0b1bdadea90c8a4cd24449b2) ([merge request](gitlab-org/gitlab!68295))
+- [Removes ci_same_stage_job_needs ff](gitlab-org/gitlab@5e509cf7aa90041a541b19dda563120a359f0bf9) ([merge request](gitlab-org/gitlab!68041))
+
 ## 14.2.4 (2021-09-17)
 
 ### Fixed (2 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index bf2b03d0ec7..2eb94dce227 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-e6374eaf67addb939516b5ad5d242418a6f2b688
+858ab5adcc2996f16e958160f3f31fe519300bc8
diff --git a/app/assets/javascripts/content_editor/extensions/table_of_contents.js b/app/assets/javascripts/content_editor/extensions/table_of_contents.js
new file mode 100644
index 00000000000..9c0316ddc08
--- /dev/null
+++ b/app/assets/javascripts/content_editor/extensions/table_of_contents.js
@@ -0,0 +1,37 @@
+import { Node, nodeInputRule } from '@tiptap/core';
+import { s__ } from '~/locale';
+import { PARSE_HTML_PRIORITY_HIGHEST } from '../constants';
+
+export const inputRuleRegExps = [/^\[\[_TOC_\]\]$/, /^\[TOC\]$/];
+
+export default Node.create({
+  name: 'tableOfContents',
+
+  inline: false,
+
+  group: 'block',
+
+  parseHTML() {
+    return [
+      {
+        tag: 'ul.section-nav',
+        priority: PARSE_HTML_PRIORITY_HIGHEST,
+      },
+    ];
+  },
+
+  renderHTML() {
+    return [
+      'div',
+      {
+        class:
+          'table-of-contents gl-border-1 gl-border-solid gl-text-center gl-border-gray-100 gl-mb-5',
+      },
+      s__('ContentEditor|Table of Contents'),
+    ];
+  },
+
+  addInputRules() {
+    return inputRuleRegExps.map((regex) => nodeInputRule(regex, this.type));
+  },
+});
diff --git a/app/assets/javascripts/content_editor/services/create_content_editor.js b/app/assets/javascripts/content_editor/services/create_content_editor.js
index 9b2d4c9a062..855f561a739 100644
--- a/app/assets/javascripts/content_editor/services/create_content_editor.js
+++ b/app/assets/javascripts/content_editor/services/create_content_editor.js
@@ -37,6 +37,7 @@ import Superscript from '../extensions/superscript';
 import Table from '../extensions/table';
 import TableCell from '../extensions/table_cell';
 import TableHeader from '../extensions/table_header';
+import TableOfContents from '../extensions/table_of_contents';
 import TableRow from '../extensions/table_row';
 import TaskItem from '../extensions/task_item';
 import TaskList from '../extensions/task_list';
@@ -104,6 +105,7 @@ export const createContentEditor = ({
     Superscript,
     TableCell,
     TableHeader,
+    TableOfContents,
     TableRow,
     Table,
     TaskItem,
diff --git a/app/assets/javascripts/content_editor/services/markdown_serializer.js b/app/assets/javascripts/content_editor/services/markdown_serializer.js
index bc6d98511f9..0c2f8d281c3 100644
--- a/app/assets/javascripts/content_editor/services/markdown_serializer.js
+++ b/app/assets/javascripts/content_editor/services/markdown_serializer.js
@@ -33,6 +33,7 @@ import Superscript from '../extensions/superscript';
 import Table from '../extensions/table';
 import TableCell from '../extensions/table_cell';
 import TableHeader from '../extensions/table_header';
+import TableOfContents from '../extensions/table_of_contents';
 import TableRow from '../extensions/table_row';
 import TaskItem from '../extensions/task_item';
 import TaskList from '../extensions/task_list';
@@ -147,6 +148,10 @@ const defaultSerializerConfig = {
     [Reference.name]: (state, node) => {
       state.write(node.attrs.originalText || node.attrs.text);
     },
+    [TableOfContents.name]: (state, node) => {
+      state.write('[[_TOC_]]');
+      state.closeBlock(node);
+    },
     [Table.name]: renderTable,
     [TableCell.name]: renderTableCell,
     [TableHeader.name]: renderTableCell,
diff --git a/app/assets/javascripts/editor/extensions/source_editor_ci_schema_ext.js b/app/assets/javascripts/editor/extensions/source_editor_ci_schema_ext.js
index 410aaed86a7..7069568275d 100644
--- a/app/assets/javascripts/editor/extensions/source_editor_ci_schema_ext.js
+++ b/app/assets/javascripts/editor/extensions/source_editor_ci_schema_ext.js
@@ -1,6 +1,5 @@
-import Api from '~/api';
+import ciSchemaPath from '~/editor/schema/ci.json';
 import { registerSchema } from '~/ide/utils';
-import { EXTENSION_CI_SCHEMA_FILE_NAME_MATCH } from '../constants';
 import { SourceEditorExtension } from './source_editor_extension_base';
 
 export class CiSchemaExtension extends SourceEditorExtension {
@@ -16,12 +15,7 @@ export class CiSchemaExtension extends SourceEditorExtension {
    * @param {String} opts.projectPath
    * @param {String?} opts.ref - Current ref. Defaults to main
    */
-  registerCiSchema({ projectNamespace, projectPath, ref } = {}) {
-    const ciSchemaPath = Api.buildUrl(Api.projectFileSchemaPath)
-      .replace(':namespace_path', projectNamespace)
-      .replace(':project_path', projectPath)
-      .replace(':ref', ref)
-      .replace(':filename', EXTENSION_CI_SCHEMA_FILE_NAME_MATCH);
+  registerCiSchema() {
     // In order for workers loaded from `data://` as the
     // ones loaded by monaco editor, we use absolute URLs
     // to fetch schema files, hence the `gon.gitlab_url`
diff --git a/app/assets/javascripts/editor/schema/NOTICE b/app/assets/javascripts/editor/schema/NOTICE
new file mode 100644
index 00000000000..60a7a81f082
--- /dev/null
+++ b/app/assets/javascripts/editor/schema/NOTICE
@@ -0,0 +1,6 @@
+Copyright (c) 2015-present Mads Kristensen
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
diff --git a/app/assets/javascripts/editor/schema/ci.json b/app/assets/javascripts/editor/schema/ci.json
new file mode 100644
index 00000000000..04a36953d66
--- /dev/null
+++ b/app/assets/javascripts/editor/schema/ci.json
@@ -0,0 +1,1415 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://gitlab.com/.gitlab-ci.yml",
+  "title": "Gitlab CI configuration",
+  "description": "Gitlab has a built-in solution for doing CI called Gitlab CI. It is configured by supplying a file called `.gitlab-ci.yml`, which will list all the jobs that are going to run for the project. A full list of all options can be found at https://docs.gitlab.com/ee/ci/yaml/. You can read more about Gitlab CI at https://docs.gitlab.com/ee/ci/README.html.",
+  "type": "object",
+  "properties": {
+    "$schema": {
+      "type": "string",
+      "format": "uri"
+    },
+    "image": { "$ref": "#/definitions/image" },
+    "services": { "$ref": "#/definitions/services" },
+    "before_script": { "$ref": "#/definitions/before_script" },
+    "after_script": { "$ref": "#/definitions/after_script" },
+    "variables": { "$ref": "#/definitions/globalVariables" },
+    "cache": { "$ref": "#/definitions/cache" },
+    "default": {
+      "type": "object",
+      "properties": {
+        "after_script": { "$ref": "#/definitions/after_script" },
+        "artifacts": { "$ref": "#/definitions/artifacts" },
+        "before_script": { "$ref": "#/definitions/before_script" },
+        "cache": { "$ref": "#/definitions/cache" },
+        "image": { "$ref": "#/definitions/image" },
+        "interruptible": { "$ref": "#/definitions/interruptible" },
+        "retry": { "$ref": "#/definitions/retry" },
+        "services": { "$ref": "#/definitions/services" },
+        "tags": { "$ref": "#/definitions/tags" },
+        "timeout": { "$ref": "#/definitions/timeout" }
+      },
+      "additionalProperties": false
+    },
+    "stages": {
+      "type": "array",
+      "description": "Groups jobs into stages. All jobs in one stage must complete before next stage is executed. Defaults to ['build', 'test', 'deploy'].",
+      "default": ["build", "test", "deploy"],
+      "items": {
+        "type": "string"
+      },
+      "uniqueItems": true,
+      "minItems": 1
+    },
+    "include": {
+      "description": "Can be `IncludeItem` or `IncludeItem[]`. Each `IncludeItem` will be a string, or an object with properties for the method if including external YAML file. The external content will be fetched, included and evaluated along the `.gitlab-ci.yml`.",
+      "oneOf": [
+        { "$ref": "#/definitions/include_item" },
+        {
+          "type": "array",
+          "items": { "$ref": "#/definitions/include_item" }
+        }
+      ]
+    },
+    "pages": {
+      "$ref": "#/definitions/job",
+      "description": "A special job used to upload static sites to Gitlab pages. Requires a `public/` directory with `artifacts.path` pointing to it."
+    },
+    "workflow": {
+      "type": "object",
+      "properties": {
+        "rules": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "if": {
+                "type": "string"
+              },
+              "variables": { "$ref": "#/definitions/variables" },
+              "when": {
+                "type": "string",
+                "enum": ["always", "never"]
+              }
+            },
+            "additionalProperties": false
+          }
+        }
+      }
+    }
+  },
+  "patternProperties": {
+    "^[.]": {
+      "description": "Hidden keys.",
+      "anyOf": [
+        { "$ref": "#/definitions/job_template" },
+        { "description": "Arbitrary YAML anchor." }
+      ]
+    }
+  },
+  "additionalProperties": {
+    "$ref": "#/definitions/job"
+  },
+  "definitions": {
+    "artifacts": {
+      "type": "object",
+      "description": "Used to specify a list of files and directories that should be attached to the job if it succeeds. Artifacts are sent to Gitlab where they can be downloaded.",
+      "additionalProperties": false,
+      "properties": {
+        "paths": {
+          "type": "array",
+          "description": "A list of paths to files/folders that should be included in the artifact.",
+          "items": {
+            "type": "string"
+          },
+          "minItems": 1
+        },
+        "exclude": {
+          "type": "array",
+          "description": "A list of paths to files/folders that should be excluded in the artifact.",
+          "items": {
+            "type": "string"
+          },
+          "minItems": 1
+        },
+        "expose_as": {
+          "type": "string",
+          "description": "Can be used to expose job artifacts in the merge request UI. GitLab will add a link <expose_as> to the relevant merge request that points to the artifact."
+        },
+        "name": {
+          "type": "string",
+          "description": "Name for the archive created on job success. Can use variables in the name, e.g. '$CI_JOB_NAME'"
+        },
+        "untracked": {
+          "type": "boolean",
+          "description": "Whether to add all untracked files (along with 'artifacts.paths') to the artifact.",
+          "default": false
+        },
+        "when": {
+          "description": "Configure when artifacts are uploaded depended on job status.",
+          "default": "on_success",
+          "oneOf": [
+            {
+              "enum": ["on_success"],
+              "description": "Upload artifacts only when the job succeeds (this is the default)."
+            },
+            {
+              "enum": ["on_failure"],
+              "description": "Upload artifacts only when the job fails."
+            },
+            {
+              "enum": ["always"],
+              "description": "Upload artifacts regardless of job status."
+            }
+          ]
+        },
+        "expire_in": {
+          "type": "string",
+          "description": "How long artifacts should be kept. They are saved 30 days by default. Artifacts that have expired are removed periodically via cron job. Supports a wide variety of formats, e.g. '1 week', '3 mins 4 sec', '2 hrs 20 min', '2h20min', '6 mos 1 day', '47 yrs 6 mos and 4d', '3 weeks and 2 days'.",
+          "default": "30 days"
+        },
+        "reports": {
+          "type": "object",
+          "description": "Reports will be uploaded as artifacts, and often displayed in the Gitlab UI, such as in Merge Requests.",
+          "additionalProperties": false,
+          "properties": {
+            "junit": {
+              "description": "Path for file(s) that should be parsed as JUnit XML result",
+              "oneOf": [
+                {
+                  "type": "string",
+                  "description": "Path to a single XML file"
+                },
+                {
+                  "type": "array",
+                  "description": "A list of paths to XML files that will automatically be concatenated into a single file",
+                  "items": {
+                    "type": "string"
+                  },
+                  "minItems": 1
+                }
+              ]
+            },
+            "cobertura": {
+              "description": "Path for file(s) that should be parsed as Cobertura XML coverage report",
+              "oneOf": [
+                {
+                  "type": "string",
+                  "description": "Path to a single XML file"
+                },
+                {
+                  "type": "array",
+                  "description": "A list of paths to XML files that will automatically be merged into one report",
+                  "items": {
+                    "type": "string"
+                  },
+                  "minItems": 1
+                }
+              ]
+            },
+            "codequality": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with code quality report(s) (such as Code Climate)."
+            },
+            "dotenv": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files containing runtime-created variables for this job."
+            },
+            "lsif": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files containing code intelligence (Language Server Index Format)."
+            },
+            "sast": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with SAST vulnerabilities report(s)."
+            },
+            "dependency_scanning": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with Dependency scanning vulnerabilities report(s)."
+            },
+            "container_scanning": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with Container scanning vulnerabilities report(s)."
+            },
+            "dast": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with DAST vulnerabilities report(s)."
+            },
+            "license_management": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Deprecated in 12.8: Path to file or list of files with license report(s)."
+            },
+            "license_scanning": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with license report(s)."
+            },
+            "performance": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with performance metrics report(s)."
+            },
+            "requirements": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with requirements report(s)."
+            },
+            "secret_detection": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with secret detection report(s)."
+            },
+            "metrics": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with custom metrics report(s)."
+            },
+            "terraform": {
+              "$ref": "#/definitions/string_file_list",
+              "description": "Path to file or list of files with terraform plan(s)."
+            }
+          }
+        }
+      }
+    },
+    "string_file_list": {
+      "oneOf": [
+        {
+          "type": "string"
+        },
+        {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      ]
+    },
+    "include_item": {
+      "oneOf": [
+        {
+          "description": "Will infer the method based on the value. E.g. `https://...` strings will be of type `include:remote`, and `/templates/...` will be of type `include:local`.",
+          "type": "string",
+          "format": "uri-reference",
+          "pattern": "^(https?://|/).+\\.ya?ml$"
+        },
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "local": {
+              "description": "Relative path from local repository root (`/`) to the `yaml`/`yml` file template. The file must be on the same branch, and does not work across git submodules.",
+              "type": "string",
+              "format": "uri-reference",
+              "pattern": "\\.ya?ml$"
+            }
+          },
+          "required": ["local"]
+        },
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "project": {
+              "description": "Path to the project, e.g. `group/project`, or `group/sub-group/project`.",
+              "type": "string",
+              "pattern": "\\S/\\S"
+            },
+            "ref": {
+              "description": "Branch/Tag/Commit-hash for the target project.",
+              "type": "string"
+            },
+            "file": {
+              "oneOf": [
+                {
+                  "description": "Relative path from project root (`/`) to the `yaml`/`yml` file template.",
+                  "type": "string",
+                  "pattern": "\\.ya?ml$"
+                },
+                {
+                  "description": "List of files by relative path from project root (`/`) to the `yaml`/`yml` file template.",
+                  "type": "array",
+                  "items": {
+                    "type": "string",
+                    "pattern": "\\.ya?ml$"
+                  }
+                }
+              ]
+            }
+          },
+          "required": ["project", "file"]
+        },
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "template": {
+              "description": "Use a `.gitlab-ci.yml` template as a base, e.g. `Nodejs.gitlab-ci.yml`.",
+              "type": "string",
+              "format": "uri-reference",
+              "pattern": "\\.ya?ml$"
+            }
+          },
+          "required": ["template"]
+        },
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "remote": {
+              "description": "URL to a `yaml`/`yml` template file using HTTP/HTTPS.",
+              "type": "string",
+              "format": "uri-reference",
+              "pattern": "^https?://.+\\.ya?ml$"
+            }
+          },
+          "required": ["remote"]
+        }
+      ]
+    },
+    "image": {
+      "oneOf": [
+        {
+          "type": "string",
+          "minLength": 1,
+          "description": "Full name of the image that should be used. It should contain the Registry part if needed."
+        },
+        {
+          "type": "object",
+          "description": "Specifies the docker image to use for the job or globally for all jobs. Job configuration takes precedence over global setting. Requires a certain kind of Gitlab runner executor.",
+          "additionalProperties": false,
+          "properties": {
+            "name": {
+              "type": "string",
+              "minLength": 1,
+              "description": "Full name of the image that should be used. It should contain the Registry part if needed."
+            },
+            "entrypoint": {
+              "type": "array",
+              "description": "Command or script that should be executed as the container's entrypoint. It will be translated to Docker's --entrypoint option while creating the container. The syntax is similar to Dockerfile's ENTRYPOINT directive, where each shell token is a separate string in the array.",
+              "minItems": 1
+            }
+          },
+          "required": ["name"]
+        }
+      ],
+      "description": "Specifies the docker image to use for the job or globally for all jobs. Job configuration takes precedence over global setting. Requires a certain kind of Gitlab runner executor."
+    },
+    "services": {
+      "type": "array",
+      "description": "Similar to `image` property, but will link the specified services to the `image` container.",
+      "items": {
+        "oneOf": [
+          {
+            "type": "string",
+            "minLength": 1,
+            "description": "Full name of the image that should be used. It should contain the Registry part if needed."
+          },
+          {
+            "type": "object",
+            "description": "",
+            "additionalProperties": false,
+            "properties": {
+              "name": {
+                "type": "string",
+                "description": "Full name of the image that should be used. It should contain the Registry part if needed.",
+                "minLength": 1
+              },
+              "entrypoint": {
+                "type": "array",
+                "description": "Command or script that should be executed as the container's entrypoint. It will be translated to Docker's --entrypoint option while creating the container. The syntax is similar to Dockerfile's ENTRYPOINT directive, where each shell token is a separate string in the array.",
+                "minItems": 1,
+                "items": {
+                  "type": "string"
+                }
+              },
+              "command": {
+                "type": "array",
+                "description": "Command or script that should be used as the container's command. It will be translated to arguments passed to Docker after the image's name. The syntax is similar to Dockerfile's CMD directive, where each shell token is a separate string in the array.",
+                "minItems": 1,
+                "items": {
+                  "type": "string"
+                }
+              },
+              "alias": {
+                "type": "string",
+                "description": "Additional alias that can be used to access the service from the job's container. Read Accessing the services for more information.",
+                "minLength": 1
+              }
+            },
+            "required": ["name"]
+          }
+        ]
+      }
+    },
+    "secrets": {
+      "type": "object",
+      "description": "Defines secrets to be injected as environment variables",
+      "additionalProperties": {
+        "type": "object",
+        "additionalProperties": {
+          "type": "object",
+          "description": "Environment variable name",
+          "properties": {
+            "vault": {
+              "oneOf": [
+                {
+                  "type": "string",
+                  "description": "The secret to be fetched from Vault (e.g. 'production/db/password@ops' translates to secret 'ops/data/production/db', field `password`)"
+                },
+                {
+                  "type": "object",
+                  "properties": {
+                    "engine": {
+                      "type": "object",
+                      "properties": {
+                        "name": { "type": "string" },
+                        "path": { "type": "string" }
+                      },
+                      "required": ["name", "path"]
+                    },
+                    "path": { "type": "string" },
+                    "field": { "type": "string" }
+                  },
+                  "required": ["engine", "path", "field"]
+                }
+              ]
+            }
+          },
+          "required": ["vault"]
+        }
+      }
+    },
+    "before_script": {
+      "type": "array",
+      "description": "Defines scripts that should run *before* the job. Can be set globally or per job.",
+      "items": {
+        "anyOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      }
+    },
+    "after_script": {
+      "type": "array",
+      "description": "Defines scripts that should run *after* the job. Can be set globally or per job.",
+      "items": {
+        "anyOf": [
+          {
+            "type": "string"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        ]
+      }
+    },
+    "rules": {
+      "type": "array",
+      "description": "rules allows for an array of individual rule objects to be evaluated in order, until one matches and dynamically provides attributes to the job.",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "if": {
+            "type": "string",
+            "description": "Expression to evaluate whether additional attributes should be provided to the job"
+          },
+          "changes": {
+            "type": "array",
+            "description": "Additional attributes will be provided to job if any of the provided paths matches a modified file",
+            "items": {
+              "type": "string"
+            }
+          },
+          "exists": {
+            "type": "array",
+            "description": "Additional attributes will be provided to job if any of the provided paths matches an existing file in the repository",
+            "items": {
+              "type": "string"
+            }
+          },
+          "variables": { "$ref": "#/definitions/variables" },
+          "when": { "$ref": "#/definitions/when" },
+          "start_in": { "$ref": "#/definitions/start_in" },
+          "allow_failure": { "$ref": "#/definitions/allow_failure" }
+        }
+      }
+    },
+    "globalVariables": {
+      "description": "Defines environment variables globally. Job level property overrides global variables. If a job sets `variables: {}`, all global variables are turned off. You can use the value and description keywords to define variables that are prefilled when running a pipeline manually.",
+      "type": "object",
+      "additionalProperties": {
+        "anyOf": [
+          {"type": ["string", "integer"]},
+          {
+            "type": "object",
+            "properties": {
+              "value": { "type": "string" },
+              "description": {
+                "type": "string",
+                "description": "Explains what the variable is used for, what the acceptable values are."
+              }
+            }
+          }
+        ]
+      }
+    },
+    "variables": {
+      "type": "object",
+      "description": "Defines environment variables for specific jobs. Job level property overrides global variables. If a job sets `variables: {}`, all global variables are turned off.",
+      "additionalProperties": {
+        "type": ["string", "integer"]
+      }
+    },
+    "timeout": {
+      "type": "string",
+      "description": "Allows you to configure a timeout for a specific job (e.g. `1 minute`, `1h 30m 12s`). Read more: https://docs.gitlab.com/ee/ci/yaml/README.html#timeout",
+      "minLength": 1
+    },
+    "start_in": {
+      "type": "string",
+      "description": "Used in conjunction with 'when: delayed' to set how long to delay before starting a job.",
+      "minLength": 1
+    },
+    "allow_failure": {
+      "description": "Allow job to fail. A failed job does not cause the pipeline to fail.",
+      "oneOf": [
+        {
+          "description": "Setting this option to true will allow the job to fail while still letting the pipeline pass.",
+          "type": "boolean",
+          "default": false
+        },
+        {
+          "description": "Exit code that are not considered failure. The job fails for any other exit code.",
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["exit_codes"],
+          "properties": {
+            "exit_codes": {
+              "type": "integer"
+            }
+          }
+        },
+        {
+          "description": "You can list which exit codes are not considered failures. The job fails for any other exit code.",
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["exit_codes"],
+          "properties": {
+            "exit_codes": {
+              "type": "array",
+              "minItems": 1,
+              "uniqueItems": true,
+              "items": {
+                "type": "integer"
+              }
+            }
+          }
+        }
+      ]
+    },
+    "when": {
+      "description": "Describes the conditions for when to run the job. Defaults to 'on_success'.",
+      "default": "on_success",
+      "oneOf": [
+        {
+          "enum": ["on_success"],
+          "description": "Execute job only when all jobs from prior stages succeed."
+        },
+        {
+          "enum": ["on_failure"],
+          "description": "Execute job when at least one job from prior stages fails."
+        },
+        {
+          "enum": ["always"],
+          "description": "Execute job regardless of the status from prior stages."
+        },
+        {
+          "enum": ["manual"],
+          "description": "Execute the job manually from Gitlab UI or API. Read more: https://docs.gitlab.com/ee/ci/yaml/#when-manual"
+        },
+        {
+          "enum": ["delayed"],
+          "description": "Execute a job after the time limit in 'start_in' expires. Read more: https://docs.gitlab.com/ee/ci/yaml/#when-delayed"
+        },
+        {
+          "enum": ["never"],
+          "description": "Never execute the job."
+        }
+      ]
+    },
+    "cache": {
+      "oneOf": [
+        {
+          "$ref": "#/definitions/cache_entry"
+        },
+        {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/cache_entry"
+          }
+        }
+      ]
+    },
+    "cache_entry": {
+      "type": "object",
+      "description": "Specify files or directories to cache between jobs. Can be set globally or per job.",
+      "additionalProperties": false,
+      "properties": {
+        "paths": {
+          "type": "array",
+          "description": "List of files or paths to cache.",
+          "items": {
+            "type": "string"
+          }
+        },
+        "key": {
+          "oneOf": [
+            {
+              "type": "string",
+              "description": "Unique cache ID, to allow e.g. specific branch or job cache. Environment variables can be used to set up unique keys (e.g. \"$CI_COMMIT_REF_SLUG\" for per branch cache)."
+            },
+            {
+              "type": "object",
+              "description": "When you include cache:key:files, you must also list the project files that will be used to generate the key, up to a maximum of two files. The cache key will be a SHA checksum computed from the most recent commits (up to two, if two files are listed) that changed the given files.",
+              "properties": {
+                "files": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  },
+                  "minItems": 1,
+                  "maxItems": 2
+                }
+              }
+            }
+          ]
+        },
+        "untracked": {
+          "type": "boolean",
+          "description": "Set to `true` to cache untracked files.",
+          "default": false
+        },
+        "policy": {
+          "type": "string",
+          "description": "Determines the strategy for downloading and updating the cache.",
+          "default": "pull-push",
+          "oneOf": [
+            {
+              "enum": ["pull"],
+              "description": "Pull will download cache but skip uploading after job completes."
+            },
+            {
+              "enum": ["push"],
+              "description": "Push will skip downloading cache and always recreate cache after job completes."
+            },
+            {
+              "enum": ["pull-push"],
+              "description": "Pull-push will both download cache at job start and upload cache on job success."
+            }
+          ]
+        }
+      }
+    },
+    "filter_refs": {
+      "type": "array",
+      "description": "Filter job by different keywords that determine origin or state, or by supplying string/regex to check against branch/tag names.",
+      "items": {
+        "anyOf": [
+          {
+            "oneOf": [
+              {
+                "enum": ["branches"],
+                "description": "When a branch is pushed."
+              },
+              {
+                "enum": ["tags"],
+                "description": "When a tag is pushed."
+              },
+              {
+                "enum": ["api"],
+                "description": "When a pipeline has been triggered by a second pipelines API (not triggers API)."
+              },
+              {
+                "enum": ["external"],
+                "description": "When using CI services other than Gitlab"
+              },
+              {
+                "enum": ["pipelines"],
+                "description": "For multi-project triggers, created using the API with 'CI_JOB_TOKEN'."
+              },
+              {
+                "enum": ["pushes"],
+                "description": "Pipeline is triggered by a `git push` by the user"
+              },
+              {
+                "enum": ["schedules"],
+                "description": "For scheduled pipelines."
+              },
+              {
+                "enum": ["triggers"],
+                "description": "For pipelines created using a trigger token."
+              },
+              {
+                "enum": ["web"],
+                "description": "For pipelines created using *Run pipeline* button in Gitlab UI (under your project's *Pipelines*)."
+              }
+            ]
+          },
+          {
+            "type": "string",
+            "description": "String or regular expression to match against tag or branch names."
+          }
+        ]
+      }
+    },
+    "filter": {
+      "oneOf": [
+        {
+          "$ref": "#/definitions/filter_refs"
+        },
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "refs": {
+              "$ref": "#/definitions/filter_refs"
+            },
+            "kubernetes": {
+              "enum": ["active"],
+              "description": "Filter job based on if Kubernetes integration is active."
+            },
+            "variables": {
+              "type": "array",
+              "description": "Filter job by checking comparing values of environment variables. Read more about variable expressions: https://docs.gitlab.com/ee/ci/variables/README.html#variables-expressions",
+              "items": {
+                "type": "string"
+              }
+            },
+            "changes": {
+              "type": "array",
+              "description": "Filter job creation based on files that were modified in a git push.",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      ]
+    },
+    "retry": {
+      "description": "Retry a job if it fails. Can be a simple integer or object definition.",
+      "oneOf": [
+        { "$ref": "#/definitions/retry_max" },
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "max": { "$ref": "#/definitions/retry_max" },
+            "when": {
+              "description": "Either a single or array of error types to trigger job retry.",
+              "oneOf": [
+                { "$ref": "#/definitions/retry_errors" },
+                {
+                  "type": "array",
+                  "items": {
+                    "$ref": "#/definitions/retry_errors"
+                  }
+                }
+              ]
+            }
+          }
+        }
+      ]
+    },
+    "retry_max": {
+      "type": "integer",
+      "description": "The number of times the job will be retried if it fails. Defaults to 0 and can max be retried 2 times (3 times total).",
+      "default": 0,
+      "minimum": 0,
+      "maximum": 2
+    },
+    "retry_errors": {
+      "oneOf": [
+        {
+          "const": "always",
+          "description": "Retry on any failure (default)."
+        },
+        {
+          "const": "unknown_failure",
+          "description": "Retry when the failure reason is unknown."
+        },
+        {
+          "const": "script_failure",
+          "description": "Retry when the script failed."
+        },
+        {
+          "const": "api_failure",
+          "description": "Retry on API failure."
+        },
+        {
+          "const": "stuck_or_timeout_failure",
+          "description": "Retry when the job got stuck or timed out."
+        },
+        {
+          "const": "runner_system_failure",
+          "description": "Retry if there is a runner system failure (for example, job setup failed)."
+        },
+        {
+          "const": "missing_dependency_failure",
+          "description": "Retry if a dependency is missing."
+        },
+        {
+          "const": "runner_unsupported",
+          "description": "Retry if the runner is unsupported."
+        },
+        {
+          "const": "stale_schedule",
+          "description": "Retry if a delayed job could not be executed."
+        },
+        {
+          "const": "job_execution_timeout",
+          "description": "Retry if the script exceeded the maximum execution time set for the job."
+        },
+        {
+          "const": "archived_failure",
+          "description": "Retry if the job is archived and can’t be run."
+        },
+        {
+          "const": "unmet_prerequisites",
+          "description": "Retry if the job failed to complete prerequisite tasks."
+        },
+        {
+          "const": "scheduler_failure",
+          "description": "Retry if the scheduler failed to assign the job to a runner."
+        },
+        {
+          "const": "data_integrity_failure",
+          "description": "Retry if there is a structural integrity problem detected."
+        }
+      ]
+    },
+    "interruptible": {
+      "type": "boolean",
+      "description": "Interruptible is used to indicate that a job should be canceled if made redundant by a newer pipeline run.",
+      "default": false
+    },
+    "job": {
+      "allOf": [
+        { "$ref": "#/definitions/job_template" },
+        {
+          "anyOf": [
+            { "required": ["script"] },
+            { "required": ["extends"] },
+            { "required": ["trigger"] }
+          ]
+        }
+      ]
+    },
+    "job_template": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "image": { "$ref": "#/definitions/image" },
+        "services": { "$ref": "#/definitions/services" },
+        "before_script": { "$ref": "#/definitions/before_script" },
+        "after_script": { "$ref": "#/definitions/after_script" },
+        "rules": { "$ref": "#/definitions/rules" },
+        "variables": { "$ref": "#/definitions/variables" },
+        "cache": { "$ref": "#/definitions/cache" },
+        "secrets": { "$ref": "#/definitions/secrets" },
+        "script": {
+          "description": "Shell scripts executed by the Runner. The only required property of jobs. Be careful with special characters (e.g. `:`, `{`, `}`, `&`) and use single or double quotes to avoid issues.",
+          "oneOf": [
+            {
+              "type": "string",
+              "minLength": 1
+            },
+            {
+              "type": "array",
+              "items": {
+                "anyOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "array",
+                    "items": {
+                      "type": "string"
+                    }
+                  }
+                ]
+              },
+              "minItems": 1
+            }
+          ]
+        },
+        "stage": {
+          "type": "string",
+          "description": "Define what stage the job will run in.",
+          "default": "test"
+        },
+        "only": {
+          "$ref": "#/definitions/filter",
+          "description": "Job will run *only* when these filtering options match."
+        },
+        "extends": {
+          "description": "The name of one or more jobs to inherit configuration from.",
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "minItems": 1
+            }
+          ]
+        },
+        "needs": {
+          "description": "The list of jobs in previous stages whose sole completion is needed to start the current job.",
+          "type": "array",
+          "items": {
+            "oneOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "object",
+                "additionalProperties": false,
+                "properties": {
+                  "job": {
+                    "type": "string"
+                  },
+                  "artifacts": {
+                    "type": "boolean"
+                  },
+                  "optional": {
+                    "type": "boolean"
+                  }
+                },
+                "required": ["job"]
+              },
+              {
+                "type": "object",
+                "additionalProperties": false,
+                "properties": {
+                  "pipeline": {
+                    "type": "string"
+                  },
+                  "job": {
+                    "type": "string"
+                  },
+                  "artifacts": {
+                    "type": "boolean"
+                  }
+                },
+                "required": ["job", "pipeline"]
+              },
+              {
+                "type": "object",
+                "additionalProperties": false,
+                "properties": {
+                  "job": {
+                    "type": "string"
+                  },
+                  "project": {
+                    "type": "string"
+                  },
+                  "ref": {
+                    "type": "string"
+                  },
+                  "artifacts": {
+                    "type": "boolean"
+                  }
+                },
+                "required": ["job", "project", "ref"]
+              }
+            ]
+          }
+        },
+        "except": {
+          "$ref": "#/definitions/filter",
+          "description": "Job will run *except* for when these filtering options match."
+        },
+        "tags": {
+          "$ref": "#/definitions/tags"
+        },
+        "allow_failure": {
+          "$ref": "#/definitions/allow_failure"
+        },
+        "timeout": {
+          "$ref": "#/definitions/timeout"
+        },
+        "when": {
+          "$ref": "#/definitions/when"
+        },
+        "start_in": {
+          "$ref": "#/definitions/start_in"
+        },
+        "dependencies": {
+          "type": "array",
+          "description": "Specify a list of job names from earlier stages from which artifacts should be loaded. By default, all previous artifacts are passed. Use an empty array to skip downloading artifacts.",
+          "items": {
+            "type": "string"
+          }
+        },
+        "artifacts": {
+          "$ref": "#/definitions/artifacts"
+        },
+        "environment": {
+          "description": "Used to associate environment metadata with a deploy. Environment can have a name and URL attached to it, and will be displayed under /environments under the project.",
+          "oneOf": [
+            { "type": "string" },
+            {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "name": {
+                  "type": "string",
+                  "description": "The name of the environment, e.g. 'qa', 'staging', 'production'.",
+                  "minLength": 1
+                },
+                "url": {
+                  "type": "string",
+                  "description": "When set, this will expose buttons in various places for the current environment in Gitlab, that will take you to the defined URL.",
+                  "format": "uri",
+                  "pattern": "^(https?://.+|\\$[A-Za-z]+)"
+                },
+                "on_stop": {
+                  "type": "string",
+                  "description": "The name of a job to execute when the environment is about to be stopped."
+                },
+                "action": {
+                  "enum": ["start", "prepare", "stop"],
+                  "description": "Specifies what this job will do. 'start' (default) indicates the job will start the deployment. 'prepare' indicates this will not affect the deployment. 'stop' indicates this will stop the deployment.",
+                  "default": "start"
+                },
+                "auto_stop_in": {
+                  "type": "string",
+                  "description": "The amount of time it should take before Gitlab will automatically stop the environment. Supports a wide variety of formats, e.g. '1 week', '3 mins 4 sec', '2 hrs 20 min', '2h20min', '6 mos 1 day', '47 yrs 6 mos and 4d', '3 weeks and 2 days'."
+                },
+                "kubernetes": {
+                  "type": "object",
+                  "description": "Used to configure the kubernetes deployment for this environment. This is currently not supported for kubernetes clusters that are managed by Gitlab.",
+                  "properties": {
+                    "namespace": {
+                      "type": "string",
+                      "description": "The kubernetes namespace where this environment should be deployed to.",
+                      "minLength": 1
+                    }
+                  }
+                },
+                "deployment_tier": {
+                  "type": "string",
+                  "description": "Explicitly specifies the tier of the deployment environment if non-standard environment name is used.",
+                  "enum": [
+                    "production",
+                    "staging",
+                    "testing",
+                    "development",
+                    "other"
+                  ]
+                }
+              },
+              "required": ["name"]
+            }
+          ]
+        },
+        "release": {
+          "type": "object",
+          "description": "Indicates that the job creates a Release.",
+          "additionalProperties": false,
+          "properties": {
+            "tag_name": {
+              "type": "string",
+              "description": "The tag_name must be specified. It can refer to an existing Git tag or can be specified by the user.",
+              "minLength": 1
+            },
+            "description": {
+              "type": "string",
+              "description": "Specifies the longer description of the Release.",
+              "minLength": 1
+            },
+            "name": {
+              "type": "string",
+              "description": "The Release name. If omitted, it is populated with the value of release: tag_name."
+            },
+            "ref": {
+              "type": "string",
+              "description": "If the release: tag_name doesn’t exist yet, the release is created from ref. ref can be a commit SHA, another tag name, or a branch name."
+            },
+            "milestones": {
+              "type": "array",
+              "description": "The title of each milestone the release is associated with.",
+              "items": {
+                "type": "string"
+              }
+            },
+            "released_at": {
+              "type": "string",
+              "description": "The date and time when the release is ready. Defaults to the current date and time if not defined. Should be enclosed in quotes and expressed in ISO 8601 format.",
+              "format": "date-time",
+              "pattern": "^(?:[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\\d|2[0-3]):[0-5]\\d:[0-5]\\d(?:Z|[+-][01]\\d:[0-5]\\d)$"
+            },
+            "assets": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "links": {
+                  "type": "array",
+                  "description": "Include asset links in the release.",
+                  "items": {
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                      "name": {
+                        "type": "string",
+                        "description": "The name of the link.",
+                        "minLength": 1
+                      },
+                      "url": {
+                        "type": "string",
+                        "description": "The URL to download a file.",
+                        "minLength": 1
+                      },
+                      "filepath": {
+                        "type": "string",
+                        "description": "The redirect link to the url."
+                      },
+                      "link_type": {
+                        "type": "string",
+                        "description": "The content kind of what users can download via url.",
+                        "enum": [
+                          "runbook",
+                          "package",
+                          "image",
+                          "other"
+                        ]
+                      }
+                    },
+                    "required": ["name", "url"]
+                  },
+                  "minItems": 1
+                }
+              },
+              "required": ["links"]
+            }
+          },
+          "required": ["tag_name", "description"]
+        },
+        "coverage": {
+          "type": "string",
+          "description": "Must be a regular expression, optionally but recommended to be quoted, and must be surrounded with '/'. Example: '/Code coverage: \\d+\\.\\d+/'",
+          "format": "regex",
+          "pattern": "^/.+/$"
+        },
+        "retry": {
+          "$ref": "#/definitions/retry"
+        },
+        "parallel": {
+          "description": "Parallel will split up a single job into several, and provide `CI_NODE_INDEX` and `CI_NODE_TOTAL` environment variables for the running jobs.",
+          "oneOf": [
+            {
+              "type": "integer",
+              "description": "Creates N instances of the same job that run in parallel.",
+              "default": 0,
+              "minimum": 2,
+              "maximum": 50
+            },
+            {
+              "type": "object",
+              "properties": {
+                "matrix": {
+                  "type": "array",
+                  "description": "Defines different variables for jobs that are running in parallel.",
+                  "items": {
+                    "type": "object",
+                    "description": "Defines environment variables for specific job.",
+                    "additionalProperties": {
+                      "type": ["string", "number", "array"]
+                    }
+                  },
+                  "maxItems": 50
+                }
+              },
+              "additionalProperties": false,
+              "required": ["matrix"]
+            }
+          ]
+        },
+        "interruptible": {
+          "$ref": "#/definitions/interruptible"
+        },
+        "resource_group": {
+          "type": "string",
+          "description": "Limit job concurrency. Can be used to ensure that the Runner will not run certain jobs simultaneously."
+        },
+        "trigger": {
+          "description": "Trigger allows you to define downstream pipeline trigger. When a job created from trigger definition is started by GitLab, a downstream pipeline gets created. Read more: https://docs.gitlab.com/ee/ci/yaml/README.html#trigger",
+          "oneOf": [
+            {
+              "type": "object",
+              "description": "Trigger a multi-project pipeline. Read more: https://docs.gitlab.com/ee/ci/yaml/README.html#simple-trigger-syntax-for-multi-project-pipelines",
+              "additionalProperties": false,
+              "properties": {
+                "project": {
+                  "description": "Path to the project, e.g. `group/project`, or `group/sub-group/project`.",
+                  "type": "string",
+                  "pattern": "\\S/\\S"
+                },
+                "branch": {
+                  "description": "The branch name that a downstream pipeline will use",
+                  "type": "string"
+                },
+                "strategy": {
+                  "description": "You can mirror the pipeline status from the triggered pipeline to the source bridge job by using strategy: depend",
+                  "type": "string",
+                  "enum": ["depend"]
+                }
+              },
+              "required": ["project"],
+              "dependencies": {
+                "branch": ["project"]
+              }
+            },
+            {
+              "type": "object",
+              "description": "Trigger a child pipeline. Read more: https://docs.gitlab.com/ee/ci/yaml/README.html#trigger-syntax-for-child-pipeline",
+              "additionalProperties": false,
+              "properties": {
+                "include": {
+                  "oneOf": [
+                    {
+                      "description": "Relative path from local repository root (`/`) to the local YAML file to define the pipeline configuration.",
+                      "type": "string",
+                      "format": "uri-reference",
+                      "pattern": "\\.ya?ml$"
+                    },
+                    {
+                      "type": "array",
+                      "description": "References a local file or an artifact from another job to define the pipeline configuration.",
+                      "maxItems": 3,
+                      "items": {
+                        "oneOf": [
+                          {
+                            "type": "object",
+                            "additionalProperties": false,
+                            "properties": {
+                              "local": {
+                                "description": "Relative path from local repository root (`/`) to the local YAML file to define the pipeline configuration.",
+                                "type": "string",
+                                "format": "uri-reference",
+                                "pattern": "\\.ya?ml$"
+                              }
+                            }
+                          },
+                          {
+                            "type": "object",
+                            "additionalProperties": false,
+                            "properties": {
+                              "template": {
+                                "description": "Name of the template YAML file to use in the pipeline configuration.",
+                                "type": "string",
+                                "format": "uri-reference",
+                                "pattern": "\\.ya?ml$"
+                              }
+                            }
+                          },
+                          {
+                            "type": "object",
+                            "additionalProperties": false,
+                            "properties": {
+                              "artifact": {
+                                "description": "Relative path to the generated YAML file which is extracted from the artifacts and used as the configuration for triggering the child pipeline.",
+                                "type": "string",
+                                "format": "uri-reference",
+                                "pattern": "\\.ya?ml$"
+                              },
+                              "job": {
+                                "description": "Job name which generates the artifact",
+                                "type": "string"
+                              }
+                            },
+                            "required": ["artifact", "job"]
+                          }
+                        ]
+                      }
+                    }
+                  ]
+                },
+                "strategy": {
+                  "description": "You can mirror the pipeline status from the triggered pipeline to the source bridge job by using strategy: depend",
+                  "type": "string",
+                  "enum": ["depend"]
+                }
+              }
+            },
+            {
+              "description": "Path to the project, e.g. `group/project`, or `group/sub-group/project`.",
+              "type": "string",
+              "pattern": "\\S/\\S"
+            }
+          ]
+        },
+        "inherit": {
+          "type": "object",
+          "description": "Controls inheritance of globally-defined defaults and variables. Boolean values control inheritance of all default: or variables: keywords. To inherit only a subset of default: or variables: keywords, specify what you wish to inherit. Anything not listed is not inherited.",
+          "properties": {
+            "default": {
+              "description": "Whether to inherit all globally-defined defaults or not. Or subset of inherited defaults",
+              "oneOf": [
+                {
+                  "type": "boolean"
+                },
+                {
+                  "type": "array",
+                  "items": {
+                    "type": "string",
+                    "enum": [
+                      "after_script",
+                      "artifacts",
+                      "before_script",
+                      "cache",
+                      "image",
+                      "interruptible",
+                      "retry",
+                      "services",
+                      "tags",
+                      "timeout"
+                    ]
+                  }
+                }
+              ]
+            },
+            "variables": {
+              "description": "Whether to inherit all globally-defined variables or not. Or subset of inherited variables",
+              "oneOf": [
+                { "type": "boolean" },
+                {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                }
+              ]
+            }
+          },
+          "additionalProperties": false
+        }
+      },
+      "oneOf": [
+        {
+          "properties": {
+            "when": { "enum": ["delayed"] }
+          },
+          "required": ["when", "start_in"]
+        },
+        {
+          "properties": {
+            "when": {
+              "not": {
+                "enum": ["delayed"]
+              }
+            }
+          }
+        }
+      ]
+    },
+    "tags": {
+      "type": "array",
+      "description": "Used to select runners from the list of available runners. A runner must have all tags listed here to run the job.",
+      "items": {
+        "type": "string"
+      }
+    }
+  }
+}
diff --git a/app/assets/javascripts/pipeline_editor/components/editor/text_editor.vue b/app/assets/javascripts/pipeline_editor/components/editor/text_editor.vue
index f2a0f474bc4..7b8e97b573e 100644
--- a/app/assets/javascripts/pipeline_editor/components/editor/text_editor.vue
+++ b/app/assets/javascripts/pipeline_editor/components/editor/text_editor.vue
@@ -9,15 +9,8 @@ export default {
     SourceEditor,
   },
   mixins: [glFeatureFlagMixin()],
-  inject: ['ciConfigPath', 'projectPath', 'projectNamespace', 'defaultBranch'],
+  inject: ['ciConfigPath'],
   inheritAttrs: false,
-  props: {
-    commitSha: {
-      type: String,
-      required: false,
-      default: '',
-    },
-  },
   methods: {
     onCiConfigUpdate(content) {
       this.$emit('updateCiConfig', content);
@@ -27,11 +20,7 @@ export default {
         const editorInstance = this.$refs.editor.getEditor();
 
         editorInstance.use(new CiSchemaExtension({ instance: editorInstance }));
-        editorInstance.registerCiSchema({
-          projectPath: this.projectPath,
-          projectNamespace: this.projectNamespace,
-          ref: this.commitSha || this.defaultBranch,
-        });
+        editorInstance.registerCiSchema();
       }
     },
   },
diff --git a/app/models/concerns/has_repository.rb b/app/models/concerns/has_repository.rb
index 9218ba47d20..d614d6c4584 100644
--- a/app/models/concerns/has_repository.rb
+++ b/app/models/concerns/has_repository.rb
@@ -72,12 +72,10 @@ module HasRepository
   end
 
   def default_branch
-    @default_branch ||= repository.root_ref || default_branch_from_preferences
+    @default_branch ||= repository.empty? ? default_branch_from_preferences : repository.root_ref
   end
 
   def default_branch_from_preferences
-    return unless empty_repo?
-
     (default_branch_from_group_preferences || Gitlab::CurrentSettings.default_branch_name).presence
   end
 
diff --git a/app/views/admin/application_settings/_terminal.html.haml b/app/views/admin/application_settings/_terminal.html.haml
index d6e31a24cf6..c53f63e124b 100644
--- a/app/views/admin/application_settings/_terminal.html.haml
+++ b/app/views/admin/application_settings/_terminal.html.haml
@@ -6,5 +6,5 @@
       = f.label :terminal_max_session_time, _('Max session time'), class: 'label-bold'
       = f.number_field :terminal_max_session_time, class: 'form-control gl-form-input'
       .form-text.text-muted
-        = _('Maximum time for web terminal websocket connection (in seconds). 0 for unlimited.')
+        = _('Maximum time, in seconds, for a web terminal websocket connection. 0 for unlimited.')
   = f.submit _('Save changes'), class: "gl-button btn btn-confirm"
diff --git a/app/views/admin/application_settings/general.html.haml b/app/views/admin/application_settings/general.html.haml
index 9102769cc6e..a72c96bb577 100644
--- a/app/views/admin/application_settings/general.html.haml
+++ b/app/views/admin/application_settings/general.html.haml
@@ -79,7 +79,8 @@
     %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
-      = _('Set max session time for web terminal.')
+      = _('Set the maximum session time for a web terminal.')
+      = link_to _('How do I use a web terminal?'), help_page_path('ci/environments/index.md', anchor: 'web-terminals'), target: '_blank', rel: 'noopener noreferrer'
   .settings-content
     = render 'terminal'
 
diff --git a/app/views/clusters/clusters/aws/_new.html.haml b/app/views/clusters/clusters/aws/_new.html.haml
index 93db7db06b3..f6d50410e9a 100644
--- a/app/views/clusters/clusters/aws/_new.html.haml
+++ b/app/views/clusters/clusters/aws/_new.html.haml
@@ -12,6 +12,6 @@
     'role-arn' => @aws_role.role_arn,
     'instance-types' => @instance_types,
     'kubernetes-integration-help-path' => help_page_path('user/project/clusters/index'),
-    'account-and-external-ids-help-path' => help_page_path('user/project/clusters/add_eks_clusters.md', anchor: 'create-a-new-certificate-based-eks-cluster'),
-    'create-role-arn-help-path' => help_page_path('user/project/clusters/add_eks_clusters.md', anchor: 'create-a-new-certificate-based-eks-cluster'),
+    'account-and-external-ids-help-path' => help_page_path('user/project/clusters/add_eks_clusters.md', anchor: 'how-to-create-a-new-cluster-on-eks-through-cluster-certificates-deprecated'),
+    'create-role-arn-help-path' => help_page_path('user/project/clusters/add_eks_clusters.md', anchor: 'how-to-create-a-new-cluster-on-eks-through-cluster-certificates-deprecated'),
     'external-link-icon' => sprite_icon('external-link') } }
diff --git a/config/webpack.config.js b/config/webpack.config.js
index adb11548a88..e1a48ee2b41 100644
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -342,6 +342,14 @@ module.exports = {
           esModule: false,
         },
       },
+      {
+        test: /editor\/schema\/.+\.json$/,
+        type: 'javascript/auto',
+        loader: 'file-loader',
+        options: {
+          name: '[name].[contenthash:8].[ext]',
+        },
+      },
     ],
   },
 
diff --git a/data/deprecations/distribution_deprecations_14-3.yml b/data/deprecations/distribution_deprecations_14-3.yml
deleted file mode 100644
index fb691b5aa84..00000000000
--- a/data/deprecations/distribution_deprecations_14-3.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: "Rename Task Runner pod to Toolbox" # The name of the feature to be deprecated
-  announcement_milestone: "14.2" # The milestone when this feature was first announced as deprecated.
-  announcement_date: "2021-08-22"
-  removal_milestone: "14.4" # the milestone when this feature is planned to be removed
-  body: | # Do not modify this line, instead modify the lines below.
-    The Task Runner pod is used to execute periodic housekeeping tasks within the GitLab application and is often confused with the GitLab Runner. Thus, [Task Runner will be renamed to Toolbox](https://gitlab.com/groups/gitlab-org/charts/-/epics/25).
-
-    This will result in the rename of the sub-chart: `gitlab/task-runner` to `gitlab/toolbox`. Resulting pods will be named along the lines of `{{ .Release.Name }}-toolbox`, which will often be `gitlab-toolbox`. They will be locatable with the label `app=toolbox`.
diff --git a/db/post_migrate/20210918201050_remove_old_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb b/db/post_migrate/20210918201050_remove_old_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb
new file mode 100644
index 00000000000..224d97243c5
--- /dev/null
+++ b/db/post_migrate/20210918201050_remove_old_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class RemoveOldPendingJobsForRecalculateVulnerabilitiesOccurrencesUuid < Gitlab::Database::Migration[1.0]
+  MIGRATION_NAME = 'RecalculateVulnerabilitiesOccurrencesUuid'
+  NEW_MIGRATION_START_DATE = DateTime.new(2021, 8, 18, 0, 0, 0)
+
+  def up
+    Gitlab::Database::BackgroundMigrationJob
+      .for_migration_class(MIGRATION_NAME)
+      .where('created_at < ?', NEW_MIGRATION_START_DATE)
+      .where(status: :pending)
+      .delete_all
+  end
+
+  def down
+    # no-op
+  end
+end
diff --git a/db/post_migrate/20210918202855_reschedule_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb b/db/post_migrate/20210918202855_reschedule_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb
new file mode 100644
index 00000000000..88351b3007a
--- /dev/null
+++ b/db/post_migrate/20210918202855_reschedule_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class ReschedulePendingJobsForRecalculateVulnerabilitiesOccurrencesUuid < Gitlab::Database::Migration[1.0]
+  MIGRATION = "RecalculateVulnerabilitiesOccurrencesUuid"
+  DELAY_INTERVAL = 2.minutes
+
+  disable_ddl_transaction!
+
+  def up
+    delete_queued_jobs(MIGRATION)
+
+    requeue_background_migration_jobs_by_range_at_intervals(MIGRATION, DELAY_INTERVAL)
+  end
+
+  def down
+    # no-op
+  end
+end
diff --git a/db/schema_migrations/20210918201050 b/db/schema_migrations/20210918201050
new file mode 100644
index 00000000000..9c8f28bd813
--- /dev/null
+++ b/db/schema_migrations/20210918201050
@@ -0,0 +1 @@
+596fd274ca1d0b2ce8698e048fea6080c9b777c48febb35a4917a6027826908e
\ No newline at end of file
diff --git a/db/schema_migrations/20210918202855 b/db/schema_migrations/20210918202855
new file mode 100644
index 00000000000..f9d48eb269f
--- /dev/null
+++ b/db/schema_migrations/20210918202855
@@ -0,0 +1 @@
+a735ae13c13f5492a5c16d3e60884b60c44d1d57f6aaacaea13f3b1bf00a8d78
\ No newline at end of file
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index ce8cdfcbd87..79bf163d840 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -10,6 +10,14 @@ type: reference
 [Gitaly](https://gitlab.com/gitlab-org/gitaly) provides high-level RPC access to Git repositories.
 It is used by GitLab to read and write Git data.
 
+Gitaly is present in every GitLab installation and coordinates Git repository
+storage and retrieval. Gitaly can be:
+
+- A simple background service operating on a single instance Omnibus GitLab (all of
+  GitLab on one machine).
+- Separated onto its own instance and configured in a full cluster configuration,
+  depending on scaling and availability requirements.
+
 Gitaly implements a client-server architecture:
 
 - A Gitaly server is any node that runs Gitaly itself.
@@ -39,6 +47,30 @@ WARNING:
 Engineering support for NFS for Git repositories is deprecated. Read the
 [deprecation notice](#nfs-deprecation-notice).
 
+## Recommendations
+
+The following table provides recommendations based on your requirements. Users means concurrent
+users actively performing simultaneous Git operations.
+
+| User scaling                                                           | Reference architecture to use                                   | GitLab instance configuration                | Gitaly configuration            | Git repository storage             | Instances dedicated to Gitaly services |
+|:-----------------------------------------------------------------------|:----------------------------------------------------------------|:---------------------------------------------|:--------------------------------|:-----------------------------------|:---------------------------------------|
+| Up to 1000 users                                                       | [1K](../reference_architectures/1k_users.md)                    | Single instance for all of GitLab            | Already integrated as a service | Local disk                         | 0                                      |
+| Up to 2999 users                                                       | [2K](../reference_architectures/2k_users.md)                    | Horizontally-scaled GitLab instance (non-HA) | Single Gitaly server            | Local disk of Gitaly instance      | 1                                      |
+| 3000 users and over                                                    | [3K](../reference_architectures/3k_users.md)                    | Horizontally-scaled GitLab instance with HA  | Gitaly Cluster                  | Local disk of each Gitaly instance | 8                                      |
+| RTO/RPO requirements for AZ failure tolerance regardless of user scale | [3K (with downscaling)](../reference_architectures/3k_users.md) | Custom (1)                                   | Gitaly Cluster                  | Local disk of each Gitaly instance | 8                                      |
+
+1. If you need AZ failure tolerance for user scaling lower than 3K, please contact Customer Success
+   to discuss your RTO and RPO needs and what options exist to meet those objectives.
+
+GitLab [reference architectures](../reference_architectures/index.md) provide guidance for what
+Gitaly configuration is recommended at each scale. The Gitaly configuration is noted by the
+architecture diagrams and the table of required resources.
+
+WARNING:
+Some [known database inconsistency issues](#known-issues) exist in Gitaly Cluster. We recommend you
+remain on your current service for now. We can adjust the date for
+[NFS support removal](#nfs-deprecation-notice) if this applies to you.
+
 ## Gitaly
 
 The following shows GitLab set up to use direct access to Gitaly:
@@ -156,53 +188,25 @@ WARNING:
 If complete cluster failure occurs, disaster recovery plans should be executed. These can affect the
 RPO and RTO discussed above.
 
-### Architecture and configuration recommendations
-
-The following table provides recommendations based on your
-requirements. Users means concurrent users actively performing
-simultaneous Git Operations.
-
-Gitaly services are present in every GitLab installation and always coordinates Git repository storage and
-retrieval. Gitaly can be as simple as a single background service when operating on a single instance Omnibus
-GitLab (All of GitLab on one machine). Gitaly can be separated into it's own instance and it can be configured in
-a full cluster configuration depending on scaling and availability requirements.
-
-The GitLab Reference Architectures provide guidance for what Gitaly configuration is advisable at each of the scales.
-The Gitaly configuration is noted by the architecture diagrams and the table of required resources.
-
-| User Scaling                                                 | Reference Architecture To Use                                | GitLab Instance Configuration                | Gitaly Configuration            | Git Repository Storage             | Instances Dedicated to Gitaly Services |
-| ------------------------------------------------------------ | ------------------------------------------------------------ | -------------------------------------------- | ------------------------------- | ---------------------------------- | -------------------------------------- |
-| Up to 1000 Users                                             | [1K](../reference_architectures/1k_users.md)                 | Single Instance for all of GitLab            | Already Integrated as a Service | Local Disk                         | 0                                      |
-| Up to 2999 Users                                             | [2K](../reference_architectures/2k_users.md)                 | Horizontally Scaled GitLab Instance (Non-HA) | Single Gitaly Server            | Local Disk of Gitaly Instance      | 1                                      |
-| 3000 Users and Over                                          | [3K](../reference_architectures/3k_users.md)                 | Horizontally Scaled GitLab Instance with HA  | Gitaly Cluster                  | Local Disk of Each Gitaly Instance | 8                                      |
-| RTO/RPO Requirements for AZ Failure Tolerance Regardless of User Scale | [3K (with downscaling)](../reference_architectures/3k_users.md) | Custom (1)                      | Gitaly Cluster                  | Local Disk of Each Gitaly Instance | 8                                      |
-
-1. If you feel that you need AZ Failure Tolerance for user scaling lower than 3K, please contact Customer Success
-   to discuss your RTO and RPO needs and what options exist to meet those objectives.
-
-WARNING:
-At present, some [known database inconsistency issues](#known-issues-impacting-gitaly-cluster)
-exist in Gitaly Cluster. It is our recommendation that for now, you remain on your current service.
-We will adjust the date for NFS support removal if this applies to you.
-
-### Known issues impacting Gitaly Cluster
+### Known issues
 
 The following table outlines current known issues impacting the use of Gitaly Cluster. For
-the most up to date status of these issues, please refer to the referenced issues / epics.
+the current status of these issues, please refer to the referenced issues and epics.
 
-| Issue                                                   | Summary                          |
-| Gitaly Cluster + Geo can cause database inconsistencies | There are some conditions during Geo replication that can cause database inconsistencies with Gitaly Cluster. These have been identified and are being resolved by updating Gitaly Cluster to [identify repositories with a unique and persistent identifier](https://gitlab.com/gitlab-org/gitaly/-/issues/3485). |
-| Database inconsistencies due to repository access outside of Gitaly Cluster's control | Operations that write to the repository storage which do not go through normal Gitaly Cluster methods can cause database inconsistencies. These can include (but are not limited to) snapshot restoration for cluster node disks, node upgrades which modify files under Git control, or any other disk operation that may touch repository storage external to GitLab. The Gitaly team is actively working to provide manual commands to [reconcile the Praefect database with the repository storage](https://gitlab.com/groups/gitlab-org/-/epics/6723). |
+| Issue                                                                                 | Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+|:--------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Gitaly Cluster + Geo can cause database inconsistencies                               | There are some conditions during Geo replication that can cause database inconsistencies with Gitaly Cluster. These have been identified and are being resolved by updating Gitaly Cluster to [identify repositories with a unique and persistent identifier](https://gitlab.com/gitlab-org/gitaly/-/issues/3485).                                                                                                                                                                                                                                          |
+| Database inconsistencies due to repository access outside of Gitaly Cluster's control | Operations that write to the repository storage that do not go through normal Gitaly Cluster methods can cause database inconsistencies. These can include (but are not limited to) snapshot restoration for cluster node disks, node upgrades which modify files under Git control, or any other disk operation that may touch repository storage external to GitLab. The Gitaly team is actively working to provide manual commands to [reconcile the Praefect database with the repository storage](https://gitlab.com/groups/gitlab-org/-/epics/6723).  |
 
 ### Snapshot backup and recovery limitations
 
-Gitaly Cluster does not support snapshot backups because these can cause issues where the
-Praefect database becomes out of sync with the disk storage. Because of how Praefect rebuilds
-the replication metadata of Gitaly disk information during a restore, we recommend using the
+Gitaly Cluster does not support snapshot backups because these can cause issues where the Praefect
+database becomes out of sync with the disk storage. Because of how Praefect rebuilds the replication
+metadata of Gitaly disk information during a restore, we recommend using the
 [official backup and restore Rake tasks](../../raketasks/backup_restore.md).
 
-To track progress on work on a solution for manually re-synchronizing the Praefect database
-with disk storage, see [this epic](https://gitlab.com/groups/gitlab-org/-/epics/6575).
+To track progress on work on a solution for manually re-synchronizing the Praefect database with
+disk storage, see [this epic](https://gitlab.com/groups/gitlab-org/-/epics/6575).
 
 ### Virtual storage
 
@@ -357,8 +361,8 @@ For more information on configuring Gitaly Cluster, see [Configure Gitaly Cluste
 
 ## Migrate to Gitaly Cluster
 
-We recommend you migrate to Gitaly Cluster if your
-[requirements recommend](#architecture-and-configuration-recommendations) Gitaly Cluster.
+We recommend you migrate to Gitaly Cluster if your [requirements recommend](#recommendations) Gitaly
+Cluster.
 
 Whether migrating to Gitaly Cluster because of [NFS support deprecation](index.md#nfs-deprecation-notice)
 or to move from single Gitaly nodes, the basic process involves:
@@ -371,9 +375,9 @@ or to move from single Gitaly nodes, the basic process involves:
    automatic migration but the moves can be scheduled with the GitLab API.
 
 WARNING:
-At present, some [known database inconsistency issues](#known-issues-impacting-gitaly-cluster)
-exist in Gitaly Cluster. It is our recommendation that for now, you remain on your current service.
-We will adjust the date for NFS support removal if this applies to you.
+Some [known database inconsistency issues](#known-issues) exist in Gitaly Cluster. We recommend you
+remain on your current service for now. We can adjust the date for
+[NFS support removal](#nfs-deprecation-notice) if this applies to you.
 
 ## Monitor Gitaly and Gitaly Cluster
 
diff --git a/doc/api/runners.md b/doc/api/runners.md
index bfdf2d49100..75e6a4d05cd 100644
--- a/doc/api/runners.md
+++ b/doc/api/runners.md
@@ -15,7 +15,7 @@ There are two tokens to take into account when connecting a runner with GitLab.
 | Token | Description |
 | ----- | ----------- |
 | Registration token   | Token used to [register the runner](https://docs.gitlab.com/runner/register/). It can be [obtained through GitLab](../ci/runners/index.md). |
-| Authentication token | Token used to authenticate the runner with the GitLab instance. It is obtained either automatically when [registering a runner](https://docs.gitlab.com/runner/register/), or manually when [registering the runner via the Runner API](#register-a-new-runner). |
+| Authentication token | Token used to authenticate the runner with the GitLab instance. It is obtained automatically when you [register a runner](https://docs.gitlab.com/runner/register/) or by the Runner API when you manually [register a runner](#register-a-new-runner) or [reset the authentication token](#reset-runners-authentication-token). |
 
 Here's an example of how the two tokens are used in runner registration:
 
@@ -720,3 +720,28 @@ POST /groups/:id/runners/reset_registration_token
 curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
      "https://gitlab.example.com/api/v4/groups/9/runners/reset_registration_token"
 ```
+
+## Reset runner's authentication token
+
+Resets the runner's authentication token.
+
+```plaintext
+POST /runners/:id/reset_authentication_token
+```
+
+| Attribute | Type    | Required | Description         |
+|-----------|---------|----------|---------------------|
+| `id`      | integer | yes      | The ID of a runner  |
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
+     "https://gitlab.example.com/api/v4/runners/1/reset_authentication_token"
+```
+
+Example response:
+
+```json
+{
+    "token": "6337ff461c94fd3fa32ba3b1ff4125"
+}
+```
diff --git a/doc/development/documentation/index.md b/doc/development/documentation/index.md
index a597ea512c6..bb27469c7bf 100644
--- a/doc/development/documentation/index.md
+++ b/doc/development/documentation/index.md
@@ -108,23 +108,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 If you need help determining the correct stage, read [Ask for help](workflow.md#ask-for-help).
 
-### Document type metadata
-
-Originally discussed in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/1280),
-each page should have a metadata tag called `type`. It can be one or more of the
-following:
-
-- `index`: It consists mostly of a list of links to other pages.
-  [Example page](../../index.md).
-- `concepts`: The background or context of a subject.
-  [Example page](../../topics/autodevops/index.md).
-- `howto`: Specific use case instructions.
-  [Example page](../../ssh/index.md).
-- `tutorial`: Learn a process/concept by doing.
-  [Example page](../../gitlab-basics/start-using-git.md).
-- `reference`: A collection of information used as a reference to use a feature
-  or a functionality. [Example page](../../ci/yaml/index.md).
-
 ### Redirection metadata
 
 The following metadata should be added when a page is moved to another location:
@@ -154,6 +137,11 @@ Each page can have additional, optional metadata (set in the
 [default.html](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/fc3577921343173d589dfa43d837b4307e4e620f/layouts/default.html#L30-52)
 Nanoc layout), which is displayed at the top of the page if defined.
 
+### Deprecated metadata
+
+The `type` metadata parameter is deprecated but still exists in documentation
+pages. You can safely remove the `type` metadata parameter and its values.
+
 ## Move or rename a page
 
 See [redirects](redirects.md).
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 6d110c46b1b..4ea5d1bea44 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -44,14 +44,6 @@ This deprecation mainly impacts users compiling GitLab from source because Omnib
 
 Announced: 2021-09-22
 
-### GitLab Serverless
-
-[GitLab Serverless](../user/project/clusters/serverless/index.md) is a feature set to support Knative-based serverless development with automatic deployments and monitoring.
-
-We decided to remove the GitLab Serverless features as they never really resonated with our users. Besides, given the continuous development of Kubernetes and Knative, our current implementations do not even work with recent versions.
-
-Announced: 2021-09-22
-
 ### Audit events for repository push events
 
 Audit events for [repository events](../administration/audit_events.md#repository-push) are now deprecated and will be removed in GitLab 15.0.
@@ -72,6 +64,14 @@ Note that we are not deprecating the Kerberos SPNEGO integration, only the old p
 
 Announced: 2021-09-22
 
+### GitLab Serverless
+
+[GitLab Serverless](../user/project/clusters/serverless/index.md) is a feature set to support Knative-based serverless development with automatic deployments and monitoring.
+
+We decided to remove the GitLab Serverless features as they never really resonated with our users. Besides, given the continuous development of Kubernetes and Knative, our current implementations do not even work with recent versions.
+
+Announced: 2021-09-22
+
 ## 14.6
 
 ### Release CLI be distributed as a generic package
diff --git a/doc/user/project/clusters/add_eks_clusters.md b/doc/user/project/clusters/add_eks_clusters.md
index f7dd24fcfad..0db0f14b633 100644
--- a/doc/user/project/clusters/add_eks_clusters.md
+++ b/doc/user/project/clusters/add_eks_clusters.md
@@ -4,23 +4,37 @@ group: Configure
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
-# EKS clusters (DEPRECATED) **(FREE)**
+# Connect EKS clusters through cluster certificates **(FREE)**
 
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22392) in GitLab 12.5.
-> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/327908) in GitLab 14.0.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22392) in GitLab 12.5.
 
 WARNING:
-Use [Infrastructure as Code](../../infrastructure/index.md) to create new clusters. The method described in this document is deprecated as of GitLab 14.0.
+Use [Infrastrucure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac)
+to create new clusters.
 
 Through GitLab, you can create new clusters and add existing clusters hosted on Amazon Elastic
 Kubernetes Service (EKS).
 
-## Add an existing EKS cluster
+## Connect an existing EKS cluster
 
-If you already have an EKS cluster and want to integrate it with GitLab,
-see how to [add an existing cluster](add_existing_cluster.md).
+If you already have an EKS cluster and want to connect it to GitLab,
+use the [GitLab Kubernetes Agent](../../clusters/agent/index.md).
 
-## Create a new certificate-based EKS cluster
+Alternatively, you can [connect them with cluster certificates](add_existing_cluster.md),
+although this method is not recommended for [security implications](../../infrastructure/clusters/connect/index.md#security-implications-for-clusters-connected-with-certificates).
+
+## Create a new EKS cluster
+
+To create a new cluster from GitLab, use [Infrastructure as Code](../../infrastructure/iac/index.md#create-a-new-cluster-through-iac).
+
+Alternatively, you can [create new EKS clusters using cluster certificates](#how-to-create-a-new-cluster-on-eks-through-cluster-certificates-deprecated).
+Although still available on the GitLab UI, this method was deprecated
+in GitLab 14.0 and is scheduled for removal in GitLab 15.0.
+It also has [security implications](../../infrastructure/clusters/connect/index.md#security-implications-for-clusters-connected-with-certificates).
+
+### How to create a new cluster on EKS through cluster certificates (DEPRECATED)
+
+> [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/327908) in GitLab 14.0.
 
 Prerequisites:
 
@@ -41,9 +55,10 @@ Further steps:
 1. [Create a default Storage Class](#create-a-default-storage-class).
 1. [Deploy the app to EKS](#deploy-the-app-to-eks).
 
-### Create a new EKS cluster in GitLab
+#### Create a new EKS cluster in GitLab
 
-To create a new EKS cluster:
+To create new a EKS cluster for your project, group, or instance, through
+cluster certificates:
 
 1. Go to your:
    - Project's **Infrastructure > Kubernetes clusters** page, for a project-level cluster.
diff --git a/lib/api/ci/runners.rb b/lib/api/ci/runners.rb
index 93a40925c21..5a9fbf90ee6 100644
--- a/lib/api/ci/runners.rb
+++ b/lib/api/ci/runners.rb
@@ -130,6 +130,20 @@ module API
 
           present paginate(jobs), with: Entities::Ci::JobBasicWithProject
         end
+
+        desc 'Reset runner authentication token' do
+          success Entities::Ci::ResetTokenResult
+        end
+        params do
+          requires :id, type: Integer, desc: 'The ID of the runner'
+        end
+        post ':id/reset_authentication_token' do
+          runner = get_runner(params[:id])
+          authenticate_update_runner!(runner)
+
+          runner.reset_token!
+          present runner.token, with: Entities::Ci::ResetTokenResult
+        end
       end
 
       params do
@@ -226,13 +240,13 @@ module API
         before { authenticate_non_get! }
 
         desc 'Resets runner registration token' do
-          success Entities::Ci::ResetRegistrationTokenResult
+          success Entities::Ci::ResetTokenResult
         end
         post 'reset_registration_token' do
           authorize! :update_runners_registration_token
 
           ApplicationSetting.current.reset_runners_registration_token!
-          present ApplicationSetting.current_without_cache.runners_registration_token, with: Entities::Ci::ResetRegistrationTokenResult
+          present ApplicationSetting.current_without_cache.runners_registration_token, with: Entities::Ci::ResetTokenResult
         end
       end
 
@@ -243,14 +257,14 @@ module API
         before { authenticate_non_get! }
 
         desc 'Resets runner registration token' do
-          success Entities::Ci::ResetRegistrationTokenResult
+          success Entities::Ci::ResetTokenResult
         end
         post ':id/runners/reset_registration_token' do
           project = find_project! user_project.id
           authorize! :update_runners_registration_token, project
 
           project.reset_runners_token!
-          present project.runners_token, with: Entities::Ci::ResetRegistrationTokenResult
+          present project.runners_token, with: Entities::Ci::ResetTokenResult
         end
       end
 
@@ -261,14 +275,14 @@ module API
         before { authenticate_non_get! }
 
         desc 'Resets runner registration token' do
-          success Entities::Ci::ResetRegistrationTokenResult
+          success Entities::Ci::ResetTokenResult
         end
         post ':id/runners/reset_registration_token' do
           group = find_group! user_group.id
           authorize! :update_runners_registration_token, group
 
           group.reset_runners_token!
-          present group.runners_token, with: Entities::Ci::ResetRegistrationTokenResult
+          present group.runners_token, with: Entities::Ci::ResetTokenResult
         end
       end
 
diff --git a/lib/api/entities/ci/reset_registration_token_result.rb b/lib/api/entities/ci/reset_token_result.rb
index 23426432f68..4dbf831582b 100644
--- a/lib/api/entities/ci/reset_registration_token_result.rb
+++ b/lib/api/entities/ci/reset_token_result.rb
@@ -3,7 +3,7 @@
 module API
   module Entities
     module Ci
-      class ResetRegistrationTokenResult < Grape::Entity
+      class ResetTokenResult < Grape::Entity
         expose(:token) {|object| object}
       end
     end
diff --git a/lib/gitlab/cache/ci/project_pipeline_status.rb b/lib/gitlab/cache/ci/project_pipeline_status.rb
index 137f76bc96d..99ce1119c17 100644
--- a/lib/gitlab/cache/ci/project_pipeline_status.rb
+++ b/lib/gitlab/cache/ci/project_pipeline_status.rb
@@ -69,7 +69,7 @@ module Gitlab
 
           self.sha = commit.sha
           self.status = commit.status
-          self.ref = project.default_branch
+          self.ref = project.repository.root_ref
         end
 
         # We only cache the status for the HEAD commit of a project
@@ -79,7 +79,7 @@ module Gitlab
           return unless sha
           return unless ref
 
-          if commit.sha == sha && project.default_branch == ref
+          if commit.sha == sha && project.repository.root_ref == ref
             store_in_cache
           end
         end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index d2504fadf94..6bceb97029c 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -9057,6 +9057,9 @@ msgstr ""
 msgid "Content parsed with %{link}."
 msgstr ""
 
+msgid "ContentEditor|Table of Contents"
+msgstr ""
+
 msgid "ContentEditor|You have to provide a renderMarkdown function or a custom serializer"
 msgstr ""
 
@@ -16817,6 +16820,9 @@ msgstr ""
 msgid "How do I set up this service?"
 msgstr ""
 
+msgid "How do I use a web terminal?"
+msgstr ""
+
 msgid "How it works"
 msgstr ""
 
@@ -20969,10 +20975,10 @@ msgstr ""
 msgid "Maximum time between updates that a mirror can have when scheduled to synchronize."
 msgstr ""
 
-msgid "Maximum time for web terminal websocket connection (in seconds). 0 for unlimited."
+msgid "Maximum time that users are allowed to skip the setup of two-factor authentication (in hours). Set to 0 (zero) to enforce at next sign in."
 msgstr ""
 
-msgid "Maximum time that users are allowed to skip the setup of two-factor authentication (in hours). Set to 0 (zero) to enforce at next sign in."
+msgid "Maximum time, in seconds, for a web terminal websocket connection. 0 for unlimited."
 msgstr ""
 
 msgid "Maximum unauthenticated API requests per rate limit period per IP"
@@ -30808,9 +30814,6 @@ msgstr ""
 msgid "Set limits for web and API requests."
 msgstr ""
 
-msgid "Set max session time for web terminal."
-msgstr ""
-
 msgid "Set milestone"
 msgstr ""
 
@@ -30859,6 +30862,9 @@ msgstr ""
 msgid "Set the iteration to %{iteration_reference}."
 msgstr ""
 
+msgid "Set the maximum session time for a web terminal."
+msgstr ""
+
 msgid "Set the milestone to %{milestone_reference}."
 msgstr ""
 
diff --git a/qa/qa/page/group/bulk_import.rb b/qa/qa/page/group/bulk_import.rb
index b9497aeb6e5..a62823f3469 100644
--- a/qa/qa/page/group/bulk_import.rb
+++ b/qa/qa/page/group/bulk_import.rb
@@ -33,7 +33,12 @@ module QA
           within_element(:import_item, source_group: source_group_name) do
             click_element(:target_namespace_selector_dropdown)
             click_element(:target_group_dropdown_item, group_name: target_group_name)
-            click_element(:import_group_button)
+
+            retry_until do
+              click_element(:import_group_button)
+              # Make sure import started before waiting for completion
+              has_no_element?(:import_status_indicator, text: "Not started", wait: 1)
+            end
           end
         end
 
diff --git a/spec/frontend/content_editor/extensions/table_of_contents_spec.js b/spec/frontend/content_editor/extensions/table_of_contents_spec.js
new file mode 100644
index 00000000000..a73fb05e9fd
--- /dev/null
+++ b/spec/frontend/content_editor/extensions/table_of_contents_spec.js
@@ -0,0 +1,34 @@
+import TableOfContents from '~/content_editor/extensions/table_of_contents';
+import { createTestEditor } from '../test_utils';
+
+describe('content_editor/extensions/emoji', () => {
+  let tiptapEditor;
+
+  beforeEach(() => {
+    tiptapEditor = createTestEditor({ extensions: [TableOfContents] });
+  });
+
+  it.each`
+    input          | insertedNodeName
+    ${'[[_TOC_]]'} | ${TableOfContents.name}
+    ${'[TOC]'}     | ${TableOfContents.name}
+    ${'[toc]'}     | ${'paragraph'}
+    ${'TOC'}       | ${'paragraph'}
+    ${'[_TOC_]'}   | ${'paragraph'}
+    ${'[[TOC]]'}   | ${'paragraph'}
+  `('with input=$input, then should insert a $insertedNodeName', ({ input, insertedNodeName }) => {
+    const { view } = tiptapEditor;
+    const { selection } = view.state;
+
+    // Triggers the event handler that input rules listen to
+    view.someProp('handleTextInput', (f) => f(view, selection.from, selection.to, input));
+
+    expect(tiptapEditor.state.doc.content.content).toEqual([
+      expect.objectContaining({
+        type: expect.objectContaining({
+          name: insertedNodeName,
+        }),
+      }),
+    ]);
+  });
+});
diff --git a/spec/frontend/editor/source_editor_ci_schema_ext_spec.js b/spec/frontend/editor/source_editor_ci_schema_ext_spec.js
index 07ac080fe08..8a0d1ecf1af 100644
--- a/spec/frontend/editor/source_editor_ci_schema_ext_spec.js
+++ b/spec/frontend/editor/source_editor_ci_schema_ext_spec.js
@@ -1,7 +1,7 @@
 import { languages } from 'monaco-editor';
 import { TEST_HOST } from 'helpers/test_constants';
-import { EXTENSION_CI_SCHEMA_FILE_NAME_MATCH } from '~/editor/constants';
 import { CiSchemaExtension } from '~/editor/extensions/source_editor_ci_schema_ext';
+import ciSchemaPath from '~/editor/schema/ci.json';
 import SourceEditor from '~/editor/source_editor';
 
 const mockRef = 'AABBCCDD';
@@ -84,7 +84,7 @@ describe('~/editor/editor_ci_config_ext', () => {
         });
 
         expect(getConfiguredYmlSchema()).toEqual({
-          uri: `${TEST_HOST}/${mockProjectNamespace}/${mockProjectPath}/-/schema/${mockRef}/${EXTENSION_CI_SCHEMA_FILE_NAME_MATCH}`,
+          uri: `${TEST_HOST}${ciSchemaPath}`,
           fileMatch: [defaultBlobPath],
         });
       });
@@ -99,7 +99,7 @@ describe('~/editor/editor_ci_config_ext', () => {
         });
 
         expect(getConfiguredYmlSchema()).toEqual({
-          uri: `${TEST_HOST}/${mockProjectNamespace}/${mockProjectPath}/-/schema/${mockRef}/${EXTENSION_CI_SCHEMA_FILE_NAME_MATCH}`,
+          uri: `${TEST_HOST}${ciSchemaPath}`,
           fileMatch: ['another-ci-filename.yml'],
         });
       });
diff --git a/spec/frontend/fixtures/api_markdown.yml b/spec/frontend/fixtures/api_markdown.yml
index 1edb8cb3f41..bc3a0b624dc 100644
--- a/spec/frontend/fixtures/api_markdown.yml
+++ b/spec/frontend/fixtures/api_markdown.yml
@@ -204,3 +204,18 @@
     * [x] ![Sample Audio](https://gitlab.com/1.mp3)
     * [x] ![Sample Audio](https://gitlab.com/2.mp3)
     * [x] ![Sample Video](https://gitlab.com/3.mp4)
+- name: table_of_contents
+  markdown: |-
+    [[_TOC_]]
+
+    # Lorem
+
+    Well, that's just like... your opinion.. man.
+
+    ## Ipsum
+
+    ### Dolar
+
+    # Sit amit
+
+    ### I don't know
diff --git a/spec/frontend/pipeline_editor/components/editor/text_editor_spec.js b/spec/frontend/pipeline_editor/components/editor/text_editor_spec.js
index 85222f2ecbb..a43da4b0f19 100644
--- a/spec/frontend/pipeline_editor/components/editor/text_editor_spec.js
+++ b/spec/frontend/pipeline_editor/components/editor/text_editor_spec.js
@@ -112,11 +112,6 @@ describe('Pipeline Editor | Text editor component', () => {
       it('configures editor with syntax highlight', () => {
         expect(mockUse).toHaveBeenCalledTimes(1);
         expect(mockRegisterCiSchema).toHaveBeenCalledTimes(1);
-        expect(mockRegisterCiSchema).toHaveBeenCalledWith({
-          projectNamespace: mockProjectNamespace,
-          projectPath: mockProjectPath,
-          ref: mockCommitSha,
-        });
       });
     });
 
diff --git a/spec/lib/gitlab/import_export/snippet_repo_restorer_spec.rb b/spec/lib/gitlab/import_export/snippet_repo_restorer_spec.rb
index c1661cf02b6..7d719b6028f 100644
--- a/spec/lib/gitlab/import_export/snippet_repo_restorer_spec.rb
+++ b/spec/lib/gitlab/import_export/snippet_repo_restorer_spec.rb
@@ -29,6 +29,9 @@ RSpec.describe Gitlab::ImportExport::SnippetRepoRestorer do
           expect(restorer.restore).to be_truthy
         end.to change { SnippetRepository.count }.by(1)
 
+        snippet.repository.expire_method_caches(%i(exists?))
+        expect(snippet.repository_exists?).to be_truthy
+
         blob = snippet.repository.blob_at(snippet.default_branch, snippet.file_name)
         expect(blob).not_to be_nil
         expect(blob.data).to eq(snippet.content)
diff --git a/spec/migrations/20210918201050_remove_old_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid_spec.rb b/spec/migrations/20210918201050_remove_old_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid_spec.rb
new file mode 100644
index 00000000000..9addaaf2551
--- /dev/null
+++ b/spec/migrations/20210918201050_remove_old_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid_spec.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20210918201050_remove_old_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb')
+
+def create_background_migration_jobs(ids, status, created_at)
+  proper_status = case status
+                  when :pending
+                    Gitlab::Database::BackgroundMigrationJob.statuses['pending']
+                  when :succeeded
+                    Gitlab::Database::BackgroundMigrationJob.statuses['succeeded']
+                  else
+                    raise ArgumentError
+                  end
+
+  background_migration_jobs.create!(
+    class_name: 'RecalculateVulnerabilitiesOccurrencesUuid',
+    arguments: Array(ids),
+    status: proper_status,
+    created_at: created_at
+  )
+end
+
+RSpec.describe RemoveOldPendingJobsForRecalculateVulnerabilitiesOccurrencesUuid, :migration do
+  let_it_be(:background_migration_jobs) { table(:background_migration_jobs) }
+  let_it_be(:before_target_date) { -Float::INFINITY..(DateTime.new(2021, 8, 17, 23, 59, 59)) }
+  let_it_be(:after_target_date) { (DateTime.new(2021, 8, 18, 0, 0, 0))..Float::INFINITY }
+
+  context 'when old RecalculateVulnerabilitiesOccurrencesUuid jobs are pending' do
+    before do
+      create_background_migration_jobs([1, 2, 3], :succeeded, DateTime.new(2021, 5, 5, 0, 2))
+      create_background_migration_jobs([4, 5, 6], :pending, DateTime.new(2021, 5, 5, 0, 4))
+
+      create_background_migration_jobs([1, 2, 3], :succeeded, DateTime.new(2021, 8, 18, 0, 0))
+      create_background_migration_jobs([4, 5, 6], :pending, DateTime.new(2021, 8, 18, 0, 2))
+      create_background_migration_jobs([7, 8, 9], :pending, DateTime.new(2021, 8, 18, 0, 4))
+    end
+
+    it 'removes old, pending jobs' do
+      migrate!
+
+      expect(background_migration_jobs.where(created_at: before_target_date).count).to eq(1)
+      expect(background_migration_jobs.where(created_at: after_target_date).count).to eq(3)
+    end
+  end
+end
diff --git a/spec/migrations/20210918202855_reschedule_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid_spec.rb b/spec/migrations/20210918202855_reschedule_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid_spec.rb
new file mode 100644
index 00000000000..5a2531bb63f
--- /dev/null
+++ b/spec/migrations/20210918202855_reschedule_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid_spec.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20210918202855_reschedule_pending_jobs_for_recalculate_vulnerabilities_occurrences_uuid.rb')
+
+RSpec.describe ReschedulePendingJobsForRecalculateVulnerabilitiesOccurrencesUuid, :migration do
+  let_it_be(:background_migration_jobs) { table(:background_migration_jobs) }
+
+  context 'when RecalculateVulnerabilitiesOccurrencesUuid jobs are pending' do
+    before do
+      background_migration_jobs.create!(
+        class_name: 'RecalculateVulnerabilitiesOccurrencesUuid',
+        arguments: [1, 2, 3],
+        status: Gitlab::Database::BackgroundMigrationJob.statuses['pending']
+      )
+      background_migration_jobs.create!(
+        class_name: 'RecalculateVulnerabilitiesOccurrencesUuid',
+        arguments: [4, 5, 6],
+        status: Gitlab::Database::BackgroundMigrationJob.statuses['succeeded']
+      )
+    end
+
+    it 'queues pending jobs' do
+      migrate!
+
+      expect(BackgroundMigrationWorker.jobs.length).to eq(1)
+      expect(BackgroundMigrationWorker.jobs[0]['args']).to eq(['RecalculateVulnerabilitiesOccurrencesUuid', [1, 2, 3]])
+      expect(BackgroundMigrationWorker.jobs[0]['at']).to be_nil
+    end
+  end
+end
diff --git a/spec/models/snippet_repository_spec.rb b/spec/models/snippet_repository_spec.rb
index 40a28b9e0cc..e8a933d2277 100644
--- a/spec/models/snippet_repository_spec.rb
+++ b/spec/models/snippet_repository_spec.rb
@@ -115,6 +115,7 @@ RSpec.describe SnippetRepository do
         allow(snippet).to receive(:repository).and_return(repo)
         allow(repo).to receive(:ls_files).and_return([])
         allow(repo).to receive(:root_ref).and_return('master')
+        allow(repo).to receive(:empty?).and_return(false)
       end
 
       it 'infers the commit action based on the parameters if not present' do
diff --git a/spec/requests/api/ci/runners_spec.rb b/spec/requests/api/ci/runners_spec.rb
index 902938d7d02..7bc341821dd 100644
--- a/spec/requests/api/ci/runners_spec.rb
+++ b/spec/requests/api/ci/runners_spec.rb
@@ -600,6 +600,94 @@ RSpec.describe API::Ci::Runners do
     end
   end
 
+  describe 'POST /runners/:id/reset_authentication_token' do
+    context 'admin user' do
+      it 'resets shared runner authentication token' do
+        expect do
+          post api("/runners/#{shared_runner.id}/reset_authentication_token", admin)
+
+          expect(response).to have_gitlab_http_status(:success)
+          expect(json_response).to eq({ 'token' => shared_runner.reload.token })
+        end.to change { shared_runner.reload.token }
+      end
+
+      it 'returns 404 if runner does not exist' do
+        post api('/runners/0/reset_authentication_token', admin)
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'authorized user' do
+      it 'does not reset project runner authentication token without access to it' do
+        expect do
+          post api("/runners/#{project_runner.id}/reset_authentication_token", user2)
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end.not_to change { project_runner.reload.token }
+      end
+
+      it 'resets project runner authentication token for owned project' do
+        expect do
+          post api("/runners/#{project_runner.id}/reset_authentication_token", user)
+
+          expect(response).to have_gitlab_http_status(:success)
+          expect(json_response).to eq({ 'token' => project_runner.reload.token })
+        end.to change { project_runner.reload.token }
+      end
+
+      it 'does not reset group runner authentication token with guest access' do
+        expect do
+          post api("/runners/#{group_runner_a.id}/reset_authentication_token", group_guest)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end.not_to change { group_runner_a.reload.token }
+      end
+
+      it 'does not reset group runner authentication token with reporter access' do
+        expect do
+          post api("/runners/#{group_runner_a.id}/reset_authentication_token", group_reporter)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end.not_to change { group_runner_a.reload.token }
+      end
+
+      it 'does not reset group runner authentication token with developer access' do
+        expect do
+          post api("/runners/#{group_runner_a.id}/reset_authentication_token", group_developer)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end.not_to change { group_runner_a.reload.token }
+      end
+
+      it 'does not reset group runner authentication token with maintainer access' do
+        expect do
+          post api("/runners/#{group_runner_a.id}/reset_authentication_token", group_maintainer)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end.not_to change { group_runner_a.reload.token }
+      end
+
+      it 'resets group runner authentication token with owner access' do
+        expect do
+          post api("/runners/#{group_runner_a.id}/reset_authentication_token", user)
+
+          expect(response).to have_gitlab_http_status(:success)
+          expect(json_response).to eq({ 'token' => group_runner_a.reload.token })
+        end.to change { group_runner_a.reload.token }
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'does not reset authentication token' do
+        expect do
+          post api("/runners/#{shared_runner.id}/reset_authentication_token")
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end.not_to change { shared_runner.reload.token }
+      end
+    end
+  end
+
   describe 'GET /runners/:id/jobs' do
     let_it_be(:job_1) { create(:ci_build) }
     let_it_be(:job_2) { create(:ci_build, :running, runner: shared_runner, project: project) }
diff --git a/spec/workers/post_receive_spec.rb b/spec/workers/post_receive_spec.rb
index ddd295215a1..039f86f1911 100644
--- a/spec/workers/post_receive_spec.rb
+++ b/spec/workers/post_receive_spec.rb
@@ -428,7 +428,7 @@ RSpec.describe PostReceive do
           end
 
           it 'expires the status cache' do
-            expect(snippet.repository).to receive(:empty?).and_return(true)
+            expect(snippet.repository).to receive(:empty?).at_least(:once).and_return(true)
             expect(snippet.repository).to receive(:expire_status_cache)
 
             perform