From 4067f40b62f9daa0a8d61ca57b68b8911ef22373 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 4 Apr 2022 21:08:45 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 .../stylesheets/page_bundles/milestone.scss   | 14 --------------
 .../application_settings/repository.html.haml |  2 +-
 doc/user/application_security/index.md        | 12 +++++++++++-
 .../policies/scan-result-policies.md          |  2 +-
 doc/user/project/code_intelligence.md         |  4 ++--
 .../primary_key_batching_strategy.rb          | 15 +++++++++++++++
 .../primary_key_batching_strategy_spec.rb     | 19 +++++++++++++++++++
 7 files changed, 49 insertions(+), 19 deletions(-)

diff --git a/app/assets/stylesheets/page_bundles/milestone.scss b/app/assets/stylesheets/page_bundles/milestone.scss
index 989219552a6..aa582db10d2 100644
--- a/app/assets/stylesheets/page_bundles/milestone.scss
+++ b/app/assets/stylesheets/page_bundles/milestone.scss
@@ -7,21 +7,7 @@ $status-box-line-height: 26px;
 }
 
 .milestones {
-  padding: $gl-padding-8;
-  margin-top: $gl-padding-8;
-  border-radius: $border-radius-default;
-  background-color: var(--gray-100, $gray-100);
-
   .milestone {
-    border: 0;
-    padding: $gl-padding-top $gl-padding;
-    border-radius: $border-radius-default;
-    background-color: var(--white, $white);
-
-    &:not(:last-child) {
-      margin-bottom: $gl-padding-4;
-    }
-
     h4 {
       font-weight: $gl-font-weight-bold;
     }
diff --git a/app/views/admin/application_settings/repository.html.haml b/app/views/admin/application_settings/repository.html.haml
index c3a39ddf86d..ce7972827d3 100644
--- a/app/views/admin/application_settings/repository.html.haml
+++ b/app/views/admin/application_settings/repository.html.haml
@@ -21,7 +21,7 @@
       = expanded_by_default? ? 'Collapse' : 'Expand'
     %p
       = _('Configure repository mirroring.')
-      = link_to s_('Learn more.'), help_page_path('user/project/repository/repository_mirroring.md'), target: '_blank', rel: 'noopener noreferrer'
+      = link_to s_('Learn more.'), help_page_path('user/project/repository/mirror/index.md'), target: '_blank', rel: 'noopener noreferrer'
   .settings-content
     = render partial: 'repository_mirrors_form'
 
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index ff548f1d29f..6108446a31e 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -474,6 +474,7 @@ GitLab provides two methods of accomplishing this, each with advantages and disa
 - [Compliance framework pipelines](../project/settings/#compliance-pipeline-configuration)
   are recommended when:
 
+  - Scan execution enforcement is required for SAST or Secret Detection scans that use custom rulesets.
   - Scan execution enforcement is required for SAST IaC, Dependency Scanning,
     License Compliance, API Fuzzing, or Coverage-guided Fuzzing.
   - Scan execution enforcement is required for scanners external to GitLab.
@@ -482,9 +483,18 @@ GitLab provides two methods of accomplishing this, each with advantages and disa
 - [Scan execution policies](policies/scan-execution-policies.md)
   are recommended when:
 
-  - Scan execution enforcement is required for DAST, SAST, Secret Detection, or Container Scanning.
+  - Scan execution enforcement is required for DAST.
+  - Scan execution enforcement is required for Container Scanning with project-specific variable
+    customizations. To accomplish this, users must create a separate security policy per project.
   - Scans are required to run on a regular, scheduled cadence.
 
+- Either solution can be used equally well when:
+
+  - Scan execution enforcement is required for SAST or Secret Detection when custom rulesets are not
+    used.
+  - Scan execution enforcement is required for Container Scanning with no project-specific variable
+    customizations.
+
 Additional details about the differences between the two solutions are outlined below:
 
 | | Compliance Framework Pipelines | Scan Execution Policies |
diff --git a/doc/user/application_security/policies/scan-result-policies.md b/doc/user/application_security/policies/scan-result-policies.md
index 8215316bcab..06344a3b785 100644
--- a/doc/user/application_security/policies/scan-result-policies.md
+++ b/doc/user/application_security/policies/scan-result-policies.md
@@ -65,7 +65,7 @@ This rule enforces the defined actions based on the information provided.
 | `scanners`  | `array` of `string` | `sast`, `secret_detection`, `dependency_scanning`, `container_scanning`, `dast`, `coverage_fuzzing`, `api_fuzzing` | The security scanners for this rule to consider. |
 | `vulnerabilities_allowed`  | `integer` | Greater than or equal to zero | Number of vulnerabilities allowed before this rule is considered. |
 | `severity_levels`  | `array` of `string` | `info`, `unknown`, `low`, `medium`, `high`, `critical`| The severity levels for this rule to consider. |
-| `vulnerability_states`  | `array` of `string` | `newly_detected`, `detected`, `confirmed`, `resolved`, `dismissed` | The vulnerability states for this rule to consider when the target branch is set to the default branch. |
+| `vulnerability_states`  | `array` of `string` | `newly_detected`, `detected`, `confirmed`, `resolved`, `dismissed` | The vulnerability states for this rule to consider when the target branch is set to the default branch. The `newly_detected` state considers all newly detected vulnerabilities regardless of their status or dismissal. The other states consider findings that match the selected state and already exist in the default branch. |
 
 ## `require_approval` action type
 
diff --git a/doc/user/project/code_intelligence.md b/doc/user/project/code_intelligence.md
index f1071af7c1f..7f35caf2a68 100644
--- a/doc/user/project/code_intelligence.md
+++ b/doc/user/project/code_intelligence.md
@@ -48,8 +48,8 @@ After the job succeeds, code intelligence data can be viewed while browsing the
 
 ## Find references
 
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217392) in GitLab 13.2.
-> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/235735) in GitLab 13.4.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217392) in GitLab 13.2 [with a flag](../../administration/feature_flags.md) named `code_navigation_references`. Disabled by default.
+> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/225621) in GitLab 13.3. Feature flag `code_navigation_references` removed.
 
 To find where a particular object is being used, you can see links to specific lines of code
 under the **References** tab:
diff --git a/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy.rb b/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy.rb
index 5569bac0e19..405544da223 100644
--- a/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy.rb
+++ b/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy.rb
@@ -23,6 +23,7 @@ module Gitlab
 
           quoted_column_name = model_class.connection.quote_column_name(column_name)
           relation = model_class.where("#{quoted_column_name} >= ?", batch_min_value)
+          relation = apply_additional_filters(relation)
           next_batch_bounds = nil
 
           relation.each_batch(of: batch_size, column: column_name) do |batch| # rubocop:disable Lint/UnreachableLoop
@@ -33,6 +34,20 @@ module Gitlab
 
           next_batch_bounds
         end
+
+        # Strategies based on PrimaryKeyBatchingStrategy can use
+        # this method to easily apply additional filters.
+        #
+        # Example:
+        #
+        #   class TypeIsNotNull < PrimaryKeyBatchingStrategy
+        #     def apply_additional_filters(relation)
+        #       relation.where.not(type: nil)
+        #     end
+        #   end
+        def apply_additional_filters(relation)
+          relation
+        end
       end
     end
   end
diff --git a/spec/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy_spec.rb b/spec/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy_spec.rb
index 4e0ebd4b692..9fab1922cb7 100644
--- a/spec/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy_spec.rb
+++ b/spec/lib/gitlab/background_migration/batching_strategies/primary_key_batching_strategy_spec.rb
@@ -44,4 +44,23 @@ RSpec.describe Gitlab::BackgroundMigration::BatchingStrategies::PrimaryKeyBatchi
       expect(batch_bounds).to be_nil
     end
   end
+
+  context 'additional filters' do
+    let(:strategy_with_filters) do
+      Class.new(described_class) do
+        def apply_additional_filters(relation)
+          relation.where.not(type: 'Project')
+        end
+      end
+    end
+
+    let(:batching_strategy) { strategy_with_filters.new(connection: ActiveRecord::Base.connection) }
+    let!(:namespace5) { namespaces.create!(name: 'batchtest5', path: 'batch-test5', type: 'Project') }
+
+    it 'applies additional filters' do
+      batch_bounds = batching_strategy.next_batch(:namespaces, :id, batch_min_value: namespace4.id, batch_size: 3, job_arguments: nil)
+
+      expect(batch_bounds).to eq([namespace4.id, namespace4.id])
+    end
+  end
 end