GitLab

Adds new model that groups DastSiteProfile and
DastScannerProfile.

When trying to introduce UUIDv5 in vulnerability_occurrences table we
discovered rows that would introduce duplicate values in the UUID
column. This would violate the UNIQUE constraint we have on that column.
We need to remove those rows before recalculating UUIDs for older
findings.

We cache whether a project has an External Issue Tracker integration
enabled in the `has_external_issue_tracker` column on `projects`. It
will be `TRUE` if the project has any integration (a record in
`services`) with a category of "issue_tracker" enabled.

This was previously maintained with application code.

This cache is easy to fall out of consistency when we fail to maintain
it during bulk operations (including PostgreSQL cascading deletes
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48163/) as
mentioned in:

- https://gitlab.com/gitlab-org/gitlab/-/issues/273574#note_457006686
- https://gitlab.com/gitlab-org/gitlab/-/issues/289798

As Ecosystem is increasingly changing integration data using bulk
operations this has been changed to be maintained through a PostgreSQL
trigger.

https://gitlab.com/gitlab-org/gitlab/-/issues/290715
https://gitlab.com/gitlab-org/gitlab/-/issues/289798

This class fetches all commits in a range in batches, selecting only
commits with a certain trailer set. This class will be used to fetch the
commits that should be used to generate a changelog.

This builds on the changes introduced in
https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2842 and
https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2999. To take
advantage of these changes, we also bump the Gitaly Gem version and add
fallback code for getting trailers using Rugged; as Rugged is still in
use. In addition, we change the merge_request_diff_commits table and the
MergeRequestDiffCommit model to support storing the trailers as JSON.

See https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/1365 for
more information.

Add the following columns to vulerability_occurrences table:
- descriuption
- message
- solution
- cve
- location

- Introduce restrict_user_defined_variables project setting
  and allow it to be set via API.
- Define policy for user defined variables.
- Inject user-defined variables consistently throughout
  the codebase.
- Allow user-defined variables to be set only by maintainers
  if the project setting is enabled.
- Allow passing variables from parent to child pipeline

- add changelog

This change drops the tmp_index_for_email_unconfirmation_migration index
again in order to make the structure.sql file consistent. A previous
commit already dropped the index, however for some reason the
structure.sql file was still containing the index.

See 2.4.5 of https://gitlab.com/gitlab-org/gitlab/-/issues/5835#note_414103286

This adds the keep latest artifact option at
the project level, allowing users to opt-put
of keeping artifacts

Refactor composer json classes and adds
SHA cache metadata field for future
storage of cached values.

  - Change `max_import_size` from 50 to 0 so it is unlimited,
    instead of being too big of a restriction by default

We cache whether a project has an External Wiki integration enabled in
the `has_external_wiki` column on `projects`. It will be `TRUE` if the
project has the "External Wiki" integration (service) enabled.

This was previously maintained with application code.

This cache is easy to fall out of consistency when we fail to maintain
it during bulk operations (including PostgreSQL cascading deletes
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48163/) as
mentioned in:

- https://gitlab.com/gitlab-org/gitlab/-/issues/273574#note_457006686
- https://gitlab.com/gitlab-org/gitlab/-/issues/289798

As Ecosystem is increasingly changing integration data using bulk
operations this has been changed to be maintained through a PostgreSQL
trigger.

https://gitlab.com/gitlab-org/gitlab/-/issues/290715
https://gitlab.com/gitlab-org/gitlab/-/issues/289798

And remove feature flag

If the throttling feature flag is enabled, the list of
tags to delete will be limited. If the actual list is bigger than
the limit, the original list is truncated.

Schedule artifact expiry backfill migration for execution.

See #5835

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/21686

* Add database indices for `squash_commit_sha` field
* Add new scope `by_related_commit_sha` to MergeRequest model
* Update MergeRequestFinder logic to use `by_related_commit_sha` scope
for filtering

Create an Elasticsearch background migration to move issues into their
own separate index

With individual columns for actions

Reverse test case as the default for allow_collaboration is now truthy

* exposes epics on an epic board list
* adds an index for epic board position table
* abstracts logic in issues list service so it can be reused by issue
  and epic lists

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/295477

Create table group_package_settings with
boolean setting to allow or disallow Maven
package duplicates and a text setting to
store a regex of exceptions to the disallowed
duplicates.

Add graphql foundation to update and fetch
the new settings.

Compliance management frameworks are assigned to namespaces
not groups. This column was ignored in 13.6 and has
been eligible for deletion since 2020-12-06.

https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50478

- Add uniqueness index to DB

When a request exceeds a rate limit configured in the admin panel, we
default to returning a 429 response with a plain-text body of 'Retry
later'. This change allows the response body to be customised - although
it must still be plain text - which allows, for example, GitLab.com to
provide a link to GitLab.com-specific rate limiting documentation.

Migrate all trusted apps to confidential to avoid
potential access token leak abusing implicit flow

Used to specify end of datetime range for
specific devops adoption snapshot

It was causing pages deployments 2.4 GB to fail

This MR adds supported migration, model and GET API to manage group
merge request approval settings.

The new GET API is limited to user with owner or admin role.

GET /groups/:id/merge_request_approval_setting