Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/pages/projects/issues/form.js

@@ -4,8 +4,8 @@ import $ from 'jquery';
 import IssuableForm from 'ee_else_ce/issuable_form';
 import ShortcutsNavigation from '~/behaviors/shortcuts/shortcuts_navigation';
 import GLForm from '~/gl_form';
-import initSuggestions from '~/issuable_suggestions';
-import initIssuableTypeSelector from '~/issuable_type_selector';
+import initSuggestions from '~/issues/suggestions';
+import initIssuableTypeSelector from '~/issues/type_selector';
 import LabelsSelect from '~/labels_select';
 import MilestoneSelect from '~/milestones/milestone_select';
 import IssuableTemplateSelectors from '~/templates/issuable_template_selectors';

app/assets/javascripts/vue_shared/components/header_ci_component.vue

@@ -5,6 +5,7 @@ import {
   GlSafeHtmlDirective,
   GlAvatarLink,
   GlAvatarLabeled,
+  GlTooltip,
 } from '@gitlab/ui';
 import { isGid, getIdFromGraphQLId } from '~/graphql_shared/utils';
 import { glEmojiTag } from '../../emoji';
@@ -26,6 +27,7 @@ export default {
     GlButton,
     GlAvatarLink,
     GlAvatarLabeled,
+    GlTooltip,
   },
   directives: {
     GlTooltip: GlTooltipDirective,

app/helpers/tab_helper.rb

@@ -163,7 +163,7 @@ def active_nav_link?(options)
     action = options.delete(:action)
 
     route_matches_paths?(options.delete(:path)) ||
-      route_matches_pages?(options.delete(:page)) ||
+      route_matches_page_without_exclusion?(options.delete(:page), options.delete(:exclude_page)) ||
       route_matches_controllers_and_or_actions?(controller, action)
   end
 
@@ -188,6 +188,13 @@ def route_matches_paths?(paths)
     end
   end
 
+  def route_matches_page_without_exclusion?(pages, exclude_page)
+    return false unless route_matches_pages?(pages)
+    return true unless exclude_page.present?
+
+    !route_matches_pages?(exclude_page)
+  end
+
   def route_matches_pages?(pages)
     Array(pages).compact.any? do |single_page|
       # We need to distinguish between Hash argument and other types of

app/models/user_callout.rb

@@ -37,7 +37,8 @@ class UserCallout < ApplicationRecord
     security_configuration_devops_alert: 36,   # EE-only
     profile_personal_access_token_expiry: 37,  # EE-only
     terraform_notification_dismissed: 38,
-    security_newsletter_callout: 39
+    security_newsletter_callout: 39,
+    verification_reminder: 40                  # EE-only
   }
 
   validates :feature_name,

app/views/layouts/_page.html.haml

@@ -3,6 +3,7 @@
     = render "layouts/nav/sidebar/#{nav}"
   .content-wrapper.content-wrapper-margin{ class: "#{@content_wrapper_class}" }
     .mobile-overlay
+    = render_if_exists 'layouts/header/verification_reminder'
     = yield :group_invite_members_banner
     .alert-wrapper.gl-force-block-formatting-context
       = render 'shared/outdated_browser'

app/views/shared/doorkeeper/applications/_form.html.haml

@@ -16,13 +16,14 @@
     = f.check_box :confidential, class: 'form-check-input'
     = f.label :confidential, class: 'label-bold form-check-label'
     %span.form-text.text-muted
-      = _('The application will be used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential.')
+      = _('Enable only for confidential applications exclusively used by a trusted backend server that can securely store the client secret. Do not enable for native-mobile, single-page, or other JavaScript applications because they cannot keep the client secret confidential.')
 
   .form-group.form-check
     = f.check_box :expire_access_tokens, class: 'form-check-input'
     = f.label :expire_access_tokens, class: 'label-bold form-check-label'
     %span.form-text.text-muted
-      = _('Access tokens expire after 2 hours. A refresh token may be used at any time to generate a new access token. Non-expiring access tokens are deprecated. Clear this setting to enable backward compatibility.')
+      = _('Enable access tokens to expire after 2 hours. If disabled, tokens do not expire.')
+      = link_to _('Learn more.'), help_page_path('integration/oauth_provider.md', anchor: 'expiring-access-tokens'), target: '_blank', rel: 'noopener noreferrer'
 
   .form-group
     = f.label :scopes, class: 'label-bold'

app/views/shared/doorkeeper/applications/_index.html.haml

@@ -9,7 +9,7 @@
         - if oauth_authorized_applications_enabled
           = _("Manage applications that can use GitLab as an OAuth provider, and applications that you've authorized to use your account.")
         - else
-          = _("Manage applications that can use GitLab as an OAuth provider.")
+          = _("Manage applications that use GitLab as an OAuth provider.")
       - else
         = _("Manage applications that you've authorized to use your account.")
   .col-lg-8

data/deprecations/14-5-deprecation-vsa-announce-deprecation-of-vsa-filtering-calculation.yml

@@ -3,7 +3,7 @@
   announcement_date: "2021-11-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
   removal_milestone: "15.0" # The milestone when this feature is planned to be removed
   body: | # Do not modify this line, instead modify the lines below.
-    We are changing how the date filter works in Value Stream Analytics. Instead of filtering by the time that the issue or merge request was created, the date filter will filter by the end event time of the given stage. This will result in completely different figures after this change has rolled out. 
+    We are changing how the date filter works in Value Stream Analytics. Instead of filtering by the time that the issue or merge request was created, the date filter will filter by the end event time of the given stage. This will result in completely different figures after this change has rolled out.
     
     If you monitor Value Stream Analytics metrics and rely on the date filter, to avoid losing data, you must save the data prior to this change.
   stage: manage # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth

doc/api/graphql/reference/index.md

@@ -17119,6 +17119,7 @@ Name of the feature that the callout is for.
 | <a id="usercalloutfeaturenameenumtwo_factor_auth_recovery_settings_check"></a>`TWO_FACTOR_AUTH_RECOVERY_SETTINGS_CHECK` | Callout feature name for two_factor_auth_recovery_settings_check. |
 | <a id="usercalloutfeaturenameenumultimate_trial"></a>`ULTIMATE_TRIAL` | Callout feature name for ultimate_trial. |
 | <a id="usercalloutfeaturenameenumunfinished_tag_cleanup_callout"></a>`UNFINISHED_TAG_CLEANUP_CALLOUT` | Callout feature name for unfinished_tag_cleanup_callout. |
+| <a id="usercalloutfeaturenameenumverification_reminder"></a>`VERIFICATION_REMINDER` | Callout feature name for verification_reminder. |
 | <a id="usercalloutfeaturenameenumweb_ide_alert_dismissed"></a>`WEB_IDE_ALERT_DISMISSED` | Callout feature name for web_ide_alert_dismissed. |
 | <a id="usercalloutfeaturenameenumweb_ide_ci_environments_guidance"></a>`WEB_IDE_CI_ENVIRONMENTS_GUIDANCE` | Callout feature name for web_ide_ci_environments_guidance. |
 

doc/user/application_security/policies/index.md

@@ -243,9 +243,9 @@ Only project Owners have the [permissions](../../permissions.md#project-members-
 to select Security Policy Project.
 
 Once your policy is complete, save it by selecting **Create merge request**
-at the bottom of the editor. You will be redirected to the merge request on the project's
+at the bottom of the editor. You are redirected to the merge request on the project's
 configured security policy project. If one does not link to your project, a security
-policy project will be automatically created. Existing policies can also be
+policy project is automatically created. Existing policies can also be
 removed from the editor interface by selecting **Delete policy**
 at the bottom of the editor.
 
@@ -293,18 +293,18 @@ This rule enforces the defined actions and schedules a scan on the provided date
 | `type`     | `string` | `schedule` | The rule's type. |
 | `branches` | `array` of `string` | `*` or the branch's name | The branch the given policy applies to (supports wildcard). |
 | `cadence`  | `string` | CRON expression (for example, `0 0 * * *`) | A whitespace-separated string containing five fields that represents the scheduled time. |
-| `clusters` | `object` | | The cluster where the given policy will enforce running selected scans (only for `container_scanning`/`cluster_image_scanning` scans). The key of the object is the name of the Kubernetes cluster configured for your project in GitLab. In the optionally provided value of the object, you can precisely select Kubernetes resources that will be scanned. |
+| `clusters` | `object` | | The cluster where the given policy enforces running selected scans (only for `container_scanning`/`cluster_image_scanning` scans). The key of the object is the name of the Kubernetes cluster configured for your project in GitLab. In the optionally provided value of the object, you can precisely select Kubernetes resources that are scanned. |
 
 #### `cluster` schema
 
 Use this schema to define `clusters` objects in the [`schedule` rule type](#schedule-rule-type).
 
 | Field        | Type                | Possible values          | Description |
 |--------------|---------------------|--------------------------|-------------|
-| `containers` | `array` of `string` | | The container name that will be scanned (only the first value is currently supported). |
-| `resources`  | `array` of `string` | | The resource name that will be scanned (only the first value is currently supported). |
-| `namespaces` | `array` of `string` | | The namespace that will be scanned (only the first value is currently supported). |
-| `kinds`      | `array` of `string` | `deployment`/`daemonset` | The resource kind that should be scanned (only the first value is currently supported). |
+| `containers` | `array` of `string` | | The container name to be scanned (only the first value is currently supported). |
+| `resources`  | `array` of `string` | | The resource name to be scanned (only the first value is currently supported). |
+| `namespaces` | `array` of `string` | | The namespace to be scanned (only the first value is currently supported). |
+| `kinds`      | `array` of `string` | `deployment`/`daemonset` | The resource kind to be scanned (only the first value is currently supported). |
 
 ### `scan` action type
 
@@ -333,8 +333,8 @@ Note the following:
 - A secret detection scan runs in `normal` mode when executed as part of a pipeline, and in
   [`historic`](../secret_detection/index.md#full-history-secret-detection)
   mode when executed as part of a scheduled scan.
-- A container scanning and cluster image scanning scans configured for the `pipeline` rule type will ignore the cluster defined in the `clusters` object.
-  They will use predefined CI/CD variables defined for your project. Cluster selection with the `clusters` object is supported for the `schedule` rule type.
+- A container scanning and cluster image scanning scans configured for the `pipeline` rule type ignores the cluster defined in the `clusters` object.
+  They use predefined CI/CD variables defined for your project. Cluster selection with the `clusters` object is supported for the `schedule` rule type.
   Cluster with name provided in `clusters` object must be created and configured for the project. To be able to successfully perform the `container_scanning`/`cluster_image_scanning` scans for the cluster you must follow instructions for the [Cluster Image Scanning feature](../cluster_image_scanning/index.md#prerequisites).
 - The SAST scan uses the default template and runs in a [child pipeline](../../../ci/pipelines/parent_child_pipelines.md).
 

lib/tasks/gitlab/db.rake

@@ -49,7 +49,7 @@ namespace :gitlab do
 
       # Drop all extra schema objects GitLab owns
       Gitlab::Database::EXTRA_SCHEMAS.each do |schema|
-        connection.execute("DROP SCHEMA IF EXISTS #{connection.quote_table_name(schema)}")
+        connection.execute("DROP SCHEMA IF EXISTS #{connection.quote_table_name(schema)} CASCADE")
       end
     end