Automatic merge of gitlab-org/gitlab master

app/assets/stylesheets/framework/dropdowns.scss

@@ -525,7 +525,7 @@
 
       &.is-active {
         /* stylelint-disable-next-line function-url-quotes */
-        background: url(asset_path('checkmark.png')) no-repeat 14px 8px;
+        background: url(asset_path('checkmark.png')) no-repeat 14px center;
       }
     }
   }

app/finders/packages/nuget/package_finder.rb

@@ -5,7 +5,7 @@ module Packages
     class PackageFinder
       include ::Packages::FinderHelper
 
-      MAX_PACKAGES_COUNT = 50
+      MAX_PACKAGES_COUNT = 300
 
       def initialize(current_user, project_or_group, package_name:, package_version: nil, limit: MAX_PACKAGES_COUNT)
         @current_user = current_user

changelogs/unreleased/241376-max-nuget-packages-returned.yml

+---
+title: Update max number of NuGet packages returned
+merge_request: 52265
+author:
+type: fixed

changelogs/unreleased/gl-card-advanced-search.yml

+---
+title: Move the sub-section to gl-card in advanced search settings in admin
+merge_request: 52585
+author: Yogi (@yo)
+type: changed

changelogs/unreleased/peterhegman-fix-assignee-dropdown-checkmark.yml

+---
+title: Fix misalignment of assignee dropdown checkmark
+merge_request: 53664
+author:
+type: fixed

doc/administration/instance_limits.md

@@ -612,3 +612,7 @@ Plan.default.actual_limits.update!(generic_packages_max_file_size: 100.megabytes
 ```
 
 Set the limit to `0` to allow any file size.
+
+### Package versions returned
+
+When asking for versions of a given NuGet package name, the GitLab Package Registry returns a maximum of 300 versions.

doc/development/documentation/index.md

@@ -328,68 +328,51 @@ with GitLab 11.4. Meaning, it's available only with `/help` from GitLab
 
 ### Linking to `/help`
 
-When you're building a new feature, you may need to link the documentation
-from GitLab, the application. This is normally done in files inside the
-`app/views/` directory with the help of the `help_page_path` helper method.
+When you're building a new feature, you may need to link to the documentation
+from the GitLab application. This is normally done in files inside the
+`app/views/` directory, with the help of the `help_page_path` helper method.
 
-In its simplest form, the HAML code to generate a link to the `/help` page is:
+The `help_page_path` contains the path to the document you want to link to,
+with the following conventions:
 
-```haml
-= link_to 'Help page', help_page_path('user/permissions')
-```
-
-The `help_page_path` contains the path to the document you want to link to with
-the following conventions:
-
-- it is relative to the `doc/` directory in the GitLab repository
-- the `.md` extension must be omitted
-- it must not end with a slash (`/`)
-
-Below are some special cases where should be used depending on the context.
-You can combine one or more of the following:
-
-1. **Linking to an anchor link.** Use `anchor` as part of the `help_page_path`
-   method:
+- It's relative to the `doc/` directory in the GitLab repository.
+- It omits the `.md` extension.
+- It doesn't end with a slash (`/`).
 
-   ```haml
-   = link_to 'Help page', help_page_path('user/permissions', anchor: 'anchor-link')
-   ```
+The help text follows the [Pajamas guidelines](https://design.gitlab.com/usability/helping-users/#formatting-help-content).
 
-1. **Opening links in a new tab.** This should be the default behavior:
+Use the following special cases depending on the context, ensuring all links
+are inside `_()` so they can be translated:
 
-   ```haml
-   = link_to 'Help page', help_page_path('user/permissions'), target: '_blank'
-   ```
+- Linking to a doc page. In its most basic form, the HAML code to generate a
+  link to the `/help` page is:
 
-1. **Using a question icon.** Usually used in settings where a long
-   description cannot be used, like near checkboxes. You can basically use
-   any GitLab SVG icon, but prefer the `question-o`:
-
-   ```haml
-   = link_to sprite_icon('question-o'), help_page_path('user/permissions')
-   ```
+  ```haml
+  = link_to _('Learn more.'), help_page_path('user/permissions'), target: '_blank', rel: 'noopener noreferrer'
+  ```
 
-1. **Using a button link.** Useful in places where text would be out of context
-   with the rest of the page layout:
+- Linking to an anchor link. Use `anchor` as part of the `help_page_path`
+  method:
 
-   ```haml
-   = link_to 'Help page', help_page_path('user/permissions'),  class: 'btn btn-info'
-   ```
+  ```haml
+  = link_to _('Learn more.'), help_page_path('user/permissions', anchor: 'anchor-link'), target: '_blank', rel: 'noopener noreferrer'
+  ```
 
-1. **Using links inline of some text.**
+- Using links inline of some text. First, define the link, and then use it. In
+  this example, `link_start` is the name of the variable that contains the
+  link:
 
-   ```haml
-   Description to #{link_to 'Help page', help_page_path('user/permissions')}.
-   ```
+  ```haml
+  - link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/permissions') }
+  %p= _("This is a text describing the option/feature in a sentence. %{link_start}Learn more.%{link_end}").html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
+  ```
 
-1. **Adding a period at the end of the sentence.** Useful when you don't want
-   the period to be part of the link:
+- Using a button link. Useful in places where text would be out of context with
+  the rest of the page layout:
 
-   ```haml
-   = succeed '.' do
-     Learn more in the
-     = link_to 'Help page', help_page_path('user/permissions')
-   ```
+  ```haml
+  = link_to _('Learn more.'), help_page_path('user/permissions'),  class: 'btn btn-info', target: '_blank', rel: 'noopener noreferrer'
+  ```
 
 #### Linking to `/help` in JavaScript
 

doc/user/application_security/security_dashboard/index.md

@@ -9,11 +9,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 GitLab provides a comprehensive set of features for viewing and managing vulnerabilities:
 
-- Security dashboards: An overview of the security status in your instance, [groups](#group-security-dashboard), and
+- Security dashboards: An overview of the security status in your personal [Security Center](#security-center), [groups](#group-security-dashboard), and
   [projects](#project-security-dashboard).
-- [Vulnerability reports](../vulnerability_report/index.md): Detailed lists of all vulnerabilities for the instance, group, project, or
+- [Vulnerability reports](../vulnerability_report/index.md): Detailed lists of all vulnerabilities for the Security Center, group, project, or
   pipeline. This is where you triage and manage vulnerabilities.
-- [Security Center](#instance-security-center): A dedicated area for vulnerability management at the instance level. This
+- [Security Center](#security-center): A dedicated area for personalized vulnerability management. This
   includes a security dashboard, vulnerability report, and settings.
 
 You can also drill down into a vulnerability and get extra information on the
@@ -111,28 +111,28 @@ vulnerabilities are excluded.
 
 Navigate to the group's [vulnerability report](../vulnerability_report/index.md) to view the vulnerabilities found.
 
-## Instance Security Center
+## Security Center
 
 > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3426) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.4.
 
-The Security Center is where you manage vulnerabilities for your instance. It displays the
-vulnerabilities present in the default branches of all the projects you configure. It includes the
-following:
+The Security Center is personal space where you manage vulnerabilities across all your projects. It
+displays the vulnerabilities present in the default branches of all the projects you configure. It includes
+the following:
 
 - The [group security dashboard's](#group-security-dashboard) features.
 - A [vulnerability report](../vulnerability_report/index.md).
 - A dedicated settings area to configure which projects to display.
 
-![Instance Security Dashboard with projects](img/instance_security_dashboard_v13_4.png)
+![Security Center Dashboard with projects](img/security_center_dashboard_v13_4.png)
 
-You can access the Instance Security Center from the menu
+You can access the Security Center from the menu
 bar at the top of the page. Under **More**, select **Security**.
 
-![Instance Security Center navigation link](img/instance_security_dashboard_link_v12_4.png)
+![Security Center navigation link](img/security_center_dashboard_link_v12_4.png)
 
 The dashboard and vulnerability report are empty before you add projects.
 
-![Uninitialized Instance Security Center](img/instance_security_dashboard_empty_v13_4.png)
+![Uninitialized Security Center](img/security_center_dashboard_empty_v13_4.png)
 
 ### Adding projects to the Security Center
 
@@ -142,7 +142,7 @@ To add projects to the Security Center:
 1. Search for and add one or more projects using the **Search your projects** field.
 1. Click the **Add projects** button.
 
-![Adding projects to Instance Security Center](img/instance_security_center_settings_v13_4.png)
+![Adding projects to Security Center](img/security_center_settings_v13_4.png)
 
 After you add projects, the security dashboard and vulnerability report display the vulnerabilities
 found in those projects' default branches.

ee/app/controllers/ee/projects/issues_controller.rb

@@ -62,7 +62,7 @@ module EE
           errors << render_vulnerability_link_alert(error)
         end
 
-        flash[:alert] = errors.join('<br\>').html_safe
+        flash[:alert] = errors.join('<br\>').html_safe unless errors.blank?
       end
 
       def vulnerability

ee/changelogs/unreleased/fix_blank_alert_from_vuln_issue.yml

+---
+title: Fix blank alert field when creating an issue from a vulnerability
+merge_request: 53656
+author:
+type: fixed

ee/spec/controllers/projects/issues_controller_spec.rb

@@ -127,6 +127,10 @@ RSpec.describe Projects::IssuesController do
             expect(issue.confidential).to be false
           end
 
+          it 'does not show an error message' do
+            expect(flash[:alert]).to be_nil
+          end
+
           context 'when vulnerability already has a linked issue' do
             render_views
 

ee/spec/migrations/update_cs_vulnerability_confidence_column_spec.rb

@@ -4,12 +4,14 @@ require 'spec_helper'
 require_migration!
 
 RSpec.describe UpdateCsVulnerabilityConfidenceColumn do
+  include MigrationHelpers::VulnerabilitiesFindingsHelper
+
   let(:vulnerabilities) { table(:vulnerability_occurrences) }
   let(:identifiers) { table(:vulnerability_identifiers) }
   let(:scanners) { table(:vulnerability_scanners) }
   let(:projects) { table(:projects) }
-  let(:vul1) { attributes_for(:vulnerabilities_finding, id: 1, report_type: 2, confidence: 5) } # rubocop: disable RSpec/FactoriesInMigrationSpecs
-  let(:vul2) { attributes_for(:vulnerabilities_finding, id: 2, report_type: 2, confidence: 5) } # rubocop: disable RSpec/FactoriesInMigrationSpecs
+  let(:finding1_attributes) { attributes_for_vulnerabilities_finding }
+  let(:finding2_attributes) { attributes_for_vulnerabilities_finding }
 
   before do
     stub_const("#{described_class}::BATCH_SIZE", 2)
@@ -34,33 +36,33 @@ RSpec.describe UpdateCsVulnerabilityConfidenceColumn do
 
     scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
 
-    vulnerabilities.create!(id: vul1[:id],
+    vulnerabilities.create!(id: 1,
                             severity: 2,
                             confidence: 5,
                             report_type: 2,
                             project_id: 123,
                             scanner_id: 6,
                             primary_identifier_id: 1,
-                            project_fingerprint: vul1[:project_fingerprint],
-                            location_fingerprint: vul1[:location_fingerprint],
-                            uuid: vul1[:uuid],
-                            name: vul1[:name],
-                            metadata_version: '1.3',
-                            raw_metadata: vul1[:raw_metadata])
+                            project_fingerprint: finding1_attributes[:project_fingerprint],
+                            location_fingerprint: finding1_attributes[:location_fingerprint],
+                            uuid: finding1_attributes[:uuid],
+                            name: finding1_attributes[:name],
+                            metadata_version: finding1_attributes[:metadata_version],
+                            raw_metadata: finding1_attributes[:raw_metadata])
 
-    vulnerabilities.create!(id: vul2[:id],
+    vulnerabilities.create!(id: 2,
                             severity: 2,
                             confidence: 5,
                             report_type: 2,
                             project_id: 123,
                             scanner_id: 6,
                             primary_identifier_id: 2,
-                            project_fingerprint: vul2[:project_fingerprint],
-                            location_fingerprint: vul2[:location_fingerprint],
-                            uuid: vul2[:uuid],
-                            name: vul2[:name],
-                            metadata_version: '1.3',
-                            raw_metadata: vul2[:raw_metadata])
+                            project_fingerprint: finding2_attributes[:project_fingerprint],
+                            location_fingerprint: finding2_attributes[:location_fingerprint],
+                            uuid: finding2_attributes[:uuid],
+                            name: finding2_attributes[:name],
+                            metadata_version: finding2_attributes[:metadata_version],
+                            raw_metadata: finding2_attributes[:raw_metadata])
 
     expect(vulnerabilities.where(report_type: 2, confidence: 2).count). to eq(0)
     expect(vulnerabilities.exists?(report_type: 2, confidence: 5)).to be_truthy