Add latest changes from gitlab-org/gitlab@master

2022-09-29 18:08:16 +00:00 · 2022-09-29 18:08:16 +00:00 · 488e1b59fe
parent 11f742d4e7
commit 488e1b59fe
56 changed files with 394 additions and 240 deletions
--- a/.rubocop_todo/lint/redundant_cop_disable_directive.yml
+++ b/.rubocop_todo/lint/redundant_cop_disable_directive.yml
@ -1,18 +1,22 @@
 ---
 # Cop supports --auto-correct.
 Lint/RedundantCopDisableDirective:
-  # This cop can only be enabled after enabling all cops which are currently
+  Details: grace period
  # disabled. Otherwise we'll see RuboCop complaining depending on
  # REVEAL_RUBOCOP_TODO environment variable.
  Enabled: false
  Exclude:
    - 'app/controllers/concerns/enforces_two_factor_authentication.rb'
    - 'app/controllers/concerns/web_hooks/hook_log_actions.rb'
    - 'app/controllers/groups/autocomplete_sources_controller.rb'
    - 'app/controllers/groups/labels_controller.rb'
    - 'app/controllers/projects/merge_requests/diffs_controller.rb'
    - 'app/finders/autocomplete/acts_as_taggable_on/tags_finder.rb'
    - 'app/finders/autocomplete/move_to_project_finder.rb'
    - 'app/finders/autocomplete/routes_finder.rb'
    - 'app/finders/autocomplete/users_finder.rb'
    - 'app/finders/ci/daily_build_group_report_results_finder.rb'
    - 'app/finders/ci/runner_jobs_finder.rb'
    - 'app/finders/groups_finder.rb'
    - 'app/finders/users_finder.rb'
    - 'app/graphql/gitlab_schema.rb'
    - 'app/graphql/resolvers/concerns/caching_array_resolver.rb'
    - 'app/graphql/resolvers/project_milestones_resolver.rb'
    - 'app/graphql/types/base_enum.rb'
@ -20,13 +24,17 @@ Lint/RedundantCopDisableDirective:
    - 'app/graphql/types/packages/helm/dependency_type.rb'
    - 'app/graphql/types/projects/service_type_enum.rb'
    - 'app/helpers/diff_helper.rb'
    - 'app/helpers/lazy_image_tag_helper.rb'
    - 'app/helpers/search_helper.rb'
    - 'app/models/clusters/cluster.rb'
    - 'app/models/concerns/cascading_namespace_setting_attribute.rb'
    - 'app/models/concerns/from_except.rb'
    - 'app/models/concerns/from_intersect.rb'
    - 'app/models/concerns/from_union.rb'
    - 'app/models/project_statistics.rb'
    - 'app/models/user.rb'
    - 'app/presenters/dev_ops_report/metric_presenter.rb'
    - 'app/presenters/packages/nuget/search_results_presenter.rb'
    - 'app/serializers/diffs_entity.rb'
    - 'app/serializers/fork_namespace_entity.rb'
    - 'app/services/ci/job_artifacts/destroy_batch_service.rb'
@ -35,25 +43,35 @@ Lint/RedundantCopDisableDirective:
    - 'app/services/database/consistency_check_service.rb'
    - 'app/services/issues/export_csv_service.rb'
    - 'app/services/labels/transfer_service.rb'
    - 'app/services/members/create_service.rb'
    - 'app/services/members/creator_service.rb'
    - 'app/services/members/projects/creator_service.rb'
    - 'app/services/members/standard_member_builder.rb'
    - 'app/services/projects/auto_devops/disable_service.rb'
    - 'app/services/projects/open_issues_count_service.rb'
    - 'app/services/spam/spam_action_service.rb'
    - 'app/services/users/migrate_to_ghost_user_service.rb'
-    - 'app/services/web_hooks/destroy_service.rb'
+    - 'app/services/web_hook_service.rb'
    - 'app/uploaders/object_storage/cdn/google_ip_cache.rb'
    - 'app/workers/authorized_project_update/user_refresh_over_user_range_worker.rb'
    - 'app/workers/build_hooks_worker.rb'
    - 'app/workers/bulk_imports/entity_worker.rb'
-    - 'app/workers/container_expiration_policy_worker.rb'
+    - 'app/workers/ci/track_failed_build_worker.rb'
    - 'app/workers/container_registry/migration/enqueuer_worker.rb'
    - 'app/workers/create_note_diff_file_worker.rb'
    - 'app/workers/import_issues_csv_worker.rb'
    - 'app/workers/incident_management/process_alert_worker_v2.rb'
    - 'app/workers/merge_worker.rb'
    - 'app/workers/remove_unaccepted_member_invites_worker.rb'
    - 'config/initializers/warden.rb'
-    - 'config/initializers/wikicloth_redos_patch.rb'
+    - 'config/initializers/wikicloth_ruby_3_patch.rb'
    - 'config/routes/api.rb'
    - 'db/migrate/20210303193544_add_concurrent_fields_to_bulk_imports_trackers.rb'
    - 'db/migrate/20210917134321_remove_temporary_index_for_project_topics_on_taggings.rb'
    - 'db/migrate/20211013014228_add_content_validation_endpoint_to_application_settings.rb'
    - 'db/migrate/20220316022505_create_namespace_details.rb'
    - 'db/migrate/20220421141342_add_allowed_plans_to_ci_runners.rb'
    - 'db/migrate/20220531024905_add_operations_access_levels_to_project_feature.rb'
    - 'db/post_migrate/20210610042700_remove_clusters_applications_fluentd_table.rb'
    - 'db/post_migrate/20210708011426_finalize_ci_builds_metadata_bigint_conversion.rb'
    - 'db/post_migrate/20210730104800_schedule_extract_project_topics_into_separate_table.rb'
@ -62,8 +80,12 @@ Lint/RedundantCopDisableDirective:
    - 'db/post_migrate/20211028100303_tmp_index_for_delete_issue_merge_request_taggings_records.rb'
    - 'db/post_migrate/20220328100456_schedule20220328_reset_duplicate_ci_runners_token_encrypted_values_on_projects.rb'
    - 'db/post_migrate/20220328100457_schedule20220328_reset_duplicate_ci_runners_token_values_on_projects.rb'
    - 'db/post_migrate/20220720090354_remove_pending_builds_covering_index_from_ci_builds.rb'
    - 'db/post_migrate/20220902204048_move_security_findings_table_to_gitlab_partitions_dynamic_schema.rb'
    - 'ee/app/controllers/ee/groups/group_members_controller.rb'
    - 'ee/app/controllers/ee/projects/settings/ci_cd_controller.rb'
    - 'ee/app/controllers/groups/todos_controller.rb'
    - 'ee/app/experiments/cart_abandonment_modal_experiment.rb'
    - 'ee/app/finders/geo/file_registry_finder.rb'
    - 'ee/app/finders/geo/project_registry_finder.rb'
    - 'ee/app/finders/geo/registry_finder.rb'
@ -72,13 +94,16 @@ Lint/RedundantCopDisableDirective:
    - 'ee/app/graphql/types/ci/minutes/namespace_monthly_usage_type.rb'
    - 'ee/app/graphql/types/incident_management/oncall_rotation_active_period_input_type.rb'
    - 'ee/app/graphql/types/scan_type.rb'
    - 'ee/app/graphql/types/vulnerability_request_type.rb'
    - 'ee/app/helpers/ee/boards_helper.rb'
    - 'ee/app/helpers/ee/namespaces_helper.rb'
    - 'ee/app/helpers/projects/on_demand_scans_helper.rb'
    - 'ee/app/models/dast/branch.rb'
    - 'ee/app/models/ee/vulnerability.rb'
    - 'ee/app/models/geo/event_log.rb'
    - 'ee/app/services/analytics/cycle_analytics/consistency_check_service.rb'
    - 'ee/app/services/analytics/cycle_analytics/data_loader_service.rb'
    - 'ee/app/services/ee/boards/issues/list_service.rb'
    - 'ee/app/services/ee/ci/queue/build_queue_service.rb'
    - 'ee/app/services/ee/search_service.rb'
    - 'ee/app/services/ee/users/migrate_to_ghost_user_service.rb'
    - 'ee/app/services/geo/repository_base_sync_service.rb'
@ -92,20 +117,30 @@ Lint/RedundantCopDisableDirective:
    - 'ee/db/geo/migrate/20210504143244_add_verification_to_merge_request_diff_registry.rb'
    - 'ee/lib/analytics/merge_request_metrics_calculator.rb'
    - 'ee/lib/api/audit_events.rb'
    - 'ee/lib/api/scim.rb'
    - 'ee/lib/ee/api/entities/analytics/code_review/merge_request.rb'
-    - 'ee/lib/ee/api/settings.rb'
+    - 'ee/lib/ee/gitlab/background_migration/backfill_epic_cache_counts.rb'
    - 'ee/lib/ee/gitlab/background_migration/migrate_shared_vulnerability_scanners.rb'
    - 'ee/lib/ee/gitlab/background_migration/purge_stale_security_scans.rb'
    - 'ee/lib/ee/gitlab/usage_data.rb'
    - 'ee/lib/elastic/latest/git_class_proxy.rb'
    - 'ee/lib/gitlab/analytics/type_of_work/tasks_by_type.rb'
    - 'ee/lib/gitlab/elastic/bool_expr.rb'
    - 'ee/lib/gitlab/spdx/license.rb'
    - 'ee/lib/gitlab/status_page/storage/object.rb'
    - 'ee/spec/features/boards/user_visits_board_spec.rb'
    - 'ee/spec/features/groups/settings/domain_verification_spec.rb'
    - 'ee/spec/helpers/ee/releases_helper_spec.rb'
    - 'ee/spec/lib/ee/gitlab/background_migration/backfill_project_statistics_container_repository_size_spec.rb'
    - 'ee/spec/lib/ee/gitlab/issuable_metadata_spec.rb'
    - 'ee/spec/lib/elastic/latest/project_instance_proxy_spec.rb'
    - 'ee/spec/lib/gitlab/usage/metrics/instrumentations/protected_environment_approval_rules_required_approvals_average_metric_spec.rb'
    - 'ee/spec/requests/api/graphql/mutations/boards/epic_boards/epic_move_list_spec.rb'
    - 'ee/spec/services/security/merge_reports_service_spec.rb'
    - 'ee/spec/support/shared_examples/models/elasticsearch_indexed_container_shared_examples.rb'
    - 'ee/spec/support/shared_examples/models/geo_verifiable_registry_shared_examples.rb'
    - 'lib/api/api.rb'
    - 'lib/api/ci/variables.rb'
    - 'lib/api/entities/environment.rb'
    - 'lib/api/entities/issuable_time_stats.rb'
    - 'lib/api/helpers.rb'
    - 'lib/bulk_imports/common/transformers/user_reference_transformer.rb'
@ -115,24 +150,32 @@ Lint/RedundantCopDisableDirective:
    - 'lib/gitlab/analytics/cycle_analytics/aggregated/base_query_builder.rb'
    - 'lib/gitlab/analytics/cycle_analytics/base_query_builder.rb'
    - 'lib/gitlab/analytics/cycle_analytics/records_fetcher.rb'
    - 'lib/gitlab/application_context.rb'
    - 'lib/gitlab/background_migration/backfill_issue_search_data.rb'
    - 'lib/gitlab/background_migration/backfill_project_statistics_container_repository_size.rb'
    - 'lib/gitlab/background_migration/batching_strategies/loose_index_scan_batching_strategy.rb'
    - 'lib/gitlab/background_migration/drop_invalid_vulnerabilities.rb'
    - 'lib/gitlab/background_migration/fix_merge_request_diff_commit_users.rb'
    - 'lib/gitlab/background_migration/migrate_personal_namespace_project_maintainer_to_owner.rb'
    - 'lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid.rb'
    - 'lib/gitlab/background_migration/remove_duplicate_vulnerabilities_findings.rb'
    - 'lib/gitlab/background_migration/remove_occurrence_pipelines_and_duplicate_vulnerabilities_findings.rb'
    - 'lib/gitlab/background_migration/update_jira_tracker_data_deployment_type_based_on_url.rb'
    - 'lib/gitlab/bitbucket_import/importer.rb'
    - 'lib/gitlab/buffered_io.rb'
    - 'lib/gitlab/cache/request_cache.rb'
    - 'lib/gitlab/ci/build/artifacts/metadata/entry.rb'
    - 'lib/gitlab/ci/pipeline/chain/command.rb'
    - 'lib/gitlab/ci/pipeline/duration.rb'
    - 'lib/gitlab/ci/reports/accessibility_reports.rb'
-    - 'lib/gitlab/ci/reports/test_reports.rb'
+    - 'lib/gitlab/ci/reports/test_report.rb'
    - 'lib/gitlab/ci/reports/test_reports_comparer.rb'
    - 'lib/gitlab/ci/reports/test_suite.rb'
    - 'lib/gitlab/ci/reports/test_suite_summary.rb'
    - 'lib/gitlab/cleanup/personal_access_tokens.rb'
    - 'lib/gitlab/composer/cache.rb'
    - 'lib/gitlab/database/consistency_checker.rb'
    - 'lib/gitlab/database/migration.rb'
    - 'lib/gitlab/database/migrations/observation.rb'
    - 'lib/gitlab/database/rename_reserved_paths_migration/v1/rename_namespaces.rb'
    - 'lib/gitlab/diff/file.rb'
    - 'lib/gitlab/diff/file_collection/merge_request_diff_batch.rb'
@ -140,52 +183,95 @@ Lint/RedundantCopDisableDirective:
    - 'lib/gitlab/diff/parser.rb'
    - 'lib/gitlab/encrypted_ldap_command.rb'
    - 'lib/gitlab/encrypted_smtp_command.rb'
    - 'lib/gitlab/git/commit.rb'
    - 'lib/gitlab/git/patches/collection.rb'
    - 'lib/gitlab/github_import/user_finder.rb'
    - 'lib/gitlab/gitlab_import/importer.rb'
    - 'lib/gitlab/graphql/pagination/keyset/connection.rb'
    - 'lib/gitlab/health_checks/metric.rb'
    - 'lib/gitlab/health_checks/probes/status.rb'
    - 'lib/gitlab/health_checks/result.rb'
    - 'lib/gitlab/legacy_github_import/user_formatter.rb'
    - 'lib/gitlab/middleware/release_env.rb'
    - 'lib/gitlab/object_hierarchy.rb'
    - 'lib/gitlab/pagination/keyset/pager.rb'
    - 'lib/gitlab/performance_bar/redis_adapter_when_peek_enabled.rb'
    - 'lib/gitlab/profiler.rb'
    - 'lib/gitlab/project_search_results.rb'
    - 'lib/gitlab/redis/hll.rb'
    - 'lib/gitlab/search/sort_options.rb'
    - 'lib/gitlab/slash_commands/issue_search.rb'
    - 'lib/gitlab/slash_commands/result.rb'
    - 'lib/gitlab/usage/metrics/instrumentations/count_imported_projects_metric.rb'
    - 'lib/gitlab/usage_data.rb'
    - 'lib/gitlab/usage_data_queries.rb'
    - 'lib/gitlab/utils/usage_data.rb'
    - 'lib/gitlab/x509/signature.rb'
    - 'lib/tasks/gitlab/cleanup.rake'
    - 'qa/tasks/ci.rake'
    - 'scripts/lib/glfm/render_static_html.rb'
    - 'scripts/security-harness'
    - 'sidekiq_cluster/cli.rb'
    - 'sidekiq_cluster/sidekiq_cluster.rb'
    - 'spec/components/previews/pajamas/banner_component_preview.rb'
    - 'spec/fixtures/packages/rubygems/package.gemspec'
    - 'spec/frontend/fixtures/merge_requests.rb'
    - 'spec/graphql/mutations/clusters/agent_tokens/create_spec.rb'
    - 'spec/graphql/mutations/clusters/agents/create_spec.rb'
    - 'spec/graphql/mutations/clusters/agents/delete_spec.rb'
    - 'spec/graphql/mutations/commits/create_spec.rb'
    - 'spec/graphql/resolvers/base_resolver_spec.rb'
    - 'spec/helpers/releases_helper_spec.rb'
    - 'spec/initializers/memory_watchdog_spec.rb'
    - 'spec/lib/gitlab/avatar_cache_spec.rb'
-    - 'spec/lib/gitlab/background_migration/batching_strategies/backfill_issue_work_item_type_batching_strategy_spec.rb'
+    - 'spec/lib/gitlab/background_migration/backfill_cluster_agents_has_vulnerabilities_spec.rb'
    - 'spec/lib/gitlab/background_migration/backfill_project_member_namespace_id_spec.rb'
    - 'spec/lib/gitlab/background_migration/backfill_vulnerability_reads_cluster_agent_spec.rb'
    - 'spec/lib/gitlab/background_migration/batching_strategies/backfill_project_statistics_with_container_registry_size_batching_strategy_spec.rb'
    - 'spec/lib/gitlab/background_migration/batching_strategies/remove_backfilled_job_artifacts_expire_at_batching_strategy_spec.rb'
    - 'spec/lib/gitlab/background_migration/disable_expiration_policies_linked_to_no_container_images_spec.rb'
    - 'spec/lib/gitlab/background_migration/reset_duplicate_ci_runners_token_encrypted_values_on_projects_spec.rb'
    - 'spec/lib/gitlab/background_migration/reset_duplicate_ci_runners_token_values_on_projects_spec.rb'
    - 'spec/lib/gitlab/ci/reports/security/scanner_spec.rb'
    - 'spec/lib/gitlab/database/migration_helpers/restrict_gitlab_schema_spec.rb'
    - 'spec/lib/gitlab/doorkeeper_secret_storing/secret/pbkdf2_sha512_spec.rb'
    - 'spec/lib/gitlab/doorkeeper_secret_storing/token/pbkdf2_sha512_spec.rb'
    - 'spec/lib/gitlab/git/tree_spec.rb'
    - 'spec/lib/gitlab/import_export/project/relation_saver_spec.rb'
    - 'spec/lib/gitlab/pagination/keyset/iterator_spec.rb'
    - 'spec/lib/gitlab/rack_attack/request_spec.rb'
    - 'spec/lib/gitlab/shard_health_cache_spec.rb'
    - 'spec/lib/gitlab/sidekiq_middleware/server_metrics_spec.rb'
    - 'spec/lib/gitlab/sidekiq_middleware/size_limiter/server_spec.rb'
    - 'spec/lib/initializer_connections_spec.rb'
    - 'spec/metrics_server/metrics_server_spec.rb'
    - 'spec/migrations/20220725150127_update_jira_tracker_data_deployment_type_based_on_url_spec.rb'
    - 'spec/migrations/reschedule_backfill_imported_issue_search_data_spec.rb'
    - 'spec/models/ci/build_trace_chunk_spec.rb'
    - 'spec/models/ci/pipeline_spec.rb'
    - 'spec/models/namespace/package_setting_spec.rb'
    - 'spec/models/namespace_spec.rb'
    - 'spec/models/project_feature_spec.rb'
    - 'spec/models/project_spec.rb'
    - 'spec/presenters/packages/nuget/search_results_presenter_spec.rb'
    - 'spec/presenters/packages/pypi/simple_index_presenter_spec.rb'
    - 'spec/presenters/packages/pypi/simple_package_versions_presenter_spec.rb'
    - 'spec/requests/api/alert_management_alerts_spec.rb'
    - 'spec/requests/api/graphql/ci/config_spec.rb'
    - 'spec/rubocop/cop/ruby_interpolation_in_translation_spec.rb'
    - 'spec/services/alert_management/metric_images/upload_service_spec.rb'
-    - 'spec/services/suggestions/apply_service_spec.rb'
+    - 'spec/services/projects/update_statistics_service_spec.rb'
    - 'spec/services/spam/spam_verdict_service_spec.rb'
    - 'spec/services/topics/merge_service_spec.rb'
    - 'spec/support/forgery_protection.rb'
    - 'spec/support/helpers/snowplow_helpers.rb'
    - 'spec/support/helpers/wait_for_requests.rb'
    - 'spec/support/shared_examples/lib/gitlab/local_and_remote_storage_migration_shared_examples.rb'
    - 'spec/support/shared_examples/models/boards/listable_shared_examples.rb'
    - 'spec/support/shared_examples/models/concerns/incident_management/escalatable_shared_examples.rb'
    - 'spec/support/shared_examples/models/packages/debian/distribution_key_shared_examples.rb'
    - 'spec/support/shared_examples/requests/api/rubygems_packages_shared_examples.rb'
    - 'spec/tasks/gitlab/db/validate_config_rake_spec.rb'
    - 'spec/uploaders/packages/composer/cache_uploader_spec.rb'
    - 'tooling/danger/product_intelligence.rb'
    - 'tooling/lib/tooling/helm3_client.rb'
--- a/app/assets/javascripts/pipelines/components/jobs/failed_jobs_app.vue
+++ b/app/assets/javascripts/pipelines/components/jobs/failed_jobs_app.vue
@ -1,7 +1,7 @@
 <script>
 import { GlLoadingIcon } from '@gitlab/ui';
 import { s__ } from '~/locale';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 import GetFailedJobsQuery from '../../graphql/queries/get_failed_jobs.query.graphql';
 import { prepareFailedJobs } from './utils';
@ -47,7 +47,7 @@ export default {
        this.preparedFailedJobs = prepareFailedJobs(this.failedJobs, this.failedJobsSummary);
      },
      error() {
-        createFlash({ message: s__('Jobs|There was a problem fetching the failed jobs.') });
+        createAlert({ message: s__('Jobs|There was a problem fetching the failed jobs.') });
      },
    },
  },
--- a/app/assets/javascripts/pipelines/components/jobs/failed_jobs_table.vue
+++ b/app/assets/javascripts/pipelines/components/jobs/failed_jobs_table.vue
@ -1,7 +1,7 @@
 <script>
 import { GlButton, GlLink, GlSafeHtmlDirective, GlTableLite } from '@gitlab/ui';
 import { __, s__ } from '~/locale';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { redirectTo } from '~/lib/utils/url_utility';
 import CiBadge from '~/vue_shared/components/ci_badge_link.vue';
 import RetryFailedJobMutation from '../../graphql/mutations/retry_failed_job.mutation.graphql';
@ -49,7 +49,7 @@ export default {
      return job.retryable && job.userPermissions.updateBuild;
    },
    showErrorMessage() {
-      createFlash({ message: s__('Job|There was a problem retrying the failed job.') });
+      createAlert({ message: s__('Job|There was a problem retrying the failed job.') });
    },
  },
 };
--- a/app/assets/javascripts/pipelines/components/jobs/jobs_app.vue
+++ b/app/assets/javascripts/pipelines/components/jobs/jobs_app.vue
@ -1,7 +1,7 @@
 <script>
 import { GlIntersectionObserver, GlLoadingIcon, GlSkeletonLoader } from '@gitlab/ui';
 import produce from 'immer';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __ } from '~/locale';
 import eventHub from '~/jobs/components/table/event_hub';
 import JobsTable from '~/jobs/components/table/jobs_table.vue';
@ -42,7 +42,7 @@ export default {
        this.jobsPageInfo = data.project?.pipeline?.jobs?.pageInfo || {};
      },
      error() {
-        createFlash({ message: __('An error occurred while fetching the pipelines jobs.') });
+        createAlert({ message: __('An error occurred while fetching the pipelines jobs.') });
      },
    },
  },
--- a/app/assets/javascripts/pipelines/components/jobs_shared/action_component.vue
+++ b/app/assets/javascripts/pipelines/components/jobs_shared/action_component.vue
@ -1,6 +1,6 @@
 <script>
 import { GlTooltipDirective, GlButton, GlLoadingIcon, GlIcon } from '@gitlab/ui';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { BV_HIDE_TOOLTIP } from '~/lib/utils/constants';
 import { dasherize } from '~/lib/utils/text_utility';
@ -81,7 +81,7 @@ export default {
          reportToSentry('action_component', err);
-          createFlash({
+          createAlert({
            message: __('An error occurred while making the request.'),
          });
        });
--- a/app/assets/javascripts/pipelines/components/pipeline_mini_graph/pipeline_stage.vue
+++ b/app/assets/javascripts/pipelines/components/pipeline_mini_graph/pipeline_stage.vue
@ -14,7 +14,7 @@
 import { GlDropdown, GlLoadingIcon, GlTooltipDirective } from '@gitlab/ui';
 import CiIcon from '~/vue_shared/components/ci_icon.vue';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { __, sprintf } from '~/locale';
 import eventHub from '../../event_hub';
@ -94,7 +94,7 @@ export default {
          this.$refs.dropdown.hide();
          this.isLoading = false;
-          createFlash({
+          createAlert({
            message: __('Something went wrong on our end.'),
          });
        });
--- a/app/assets/javascripts/pipelines/components/pipelines_list/pipelines.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_list/pipelines.vue
@ -1,7 +1,7 @@
 <script>
 import { GlDropdown, GlDropdownItem, GlEmptyState, GlIcon, GlLoadingIcon } from '@gitlab/ui';
 import { isEqual } from 'lodash';
-import createFlash from '~/flash';
+import { createAlert, VARIANT_INFO, VARIANT_WARNING } from '~/flash';
 import { getParameterByName } from '~/lib/utils/url_utility';
 import { __, s__ } from '~/locale';
 import Tracking from '~/tracking';
@ -267,14 +267,14 @@ export default {
        .postAction(endpoint)
        .then(() => {
          this.isResetCacheButtonLoading = false;
-          createFlash({
+          createAlert({
            message: s__('Pipelines|Project cache successfully reset.'),
-            type: 'notice',
+            variant: VARIANT_INFO,
          });
        })
        .catch(() => {
          this.isResetCacheButtonLoading = false;
-          createFlash({
+          createAlert({
            message: s__('Pipelines|Something went wrong while cleaning runners cache.'),
          });
        });
@ -301,9 +301,9 @@ export default {
        }
        if (!filter.type) {
-          createFlash({
+          createAlert({
            message: RAW_TEXT_WARNING,
-            type: 'warning',
+            variant: VARIANT_WARNING,
          });
        }
      });
--- a/app/assets/javascripts/pipelines/components/pipelines_list/pipelines_manual_actions.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_list/pipelines_manual_actions.vue
@ -1,6 +1,6 @@
 <script>
 import { GlDropdown, GlDropdownItem, GlIcon, GlTooltipDirective } from '@gitlab/ui';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { confirmAction } from '~/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal';
 import { s__, __, sprintf } from '~/locale';
@ -66,7 +66,7 @@ export default {
        })
        .catch(() => {
          this.isLoading = false;
-          createFlash({ message: __('An error occurred while making the request.') });
+          createAlert({ message: __('An error occurred while making the request.') });
        });
    },
    isActionDisabled(action) {
--- a/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_branch_name_token.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_branch_name_token.vue
@ -2,7 +2,7 @@
 import { GlFilteredSearchToken, GlFilteredSearchSuggestion, GlLoadingIcon } from '@gitlab/ui';
 import { debounce } from 'lodash';
 import Api from '~/api';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { FETCH_BRANCH_ERROR_MESSAGE, FILTER_PIPELINES_SEARCH_DELAY } from '../../../constants';
 export default {
@ -45,7 +45,7 @@ export default {
          this.loading = false;
        })
        .catch((err) => {
-          createFlash({
+          createAlert({
            message: FETCH_BRANCH_ERROR_MESSAGE,
          });
          this.loading = false;
--- a/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_tag_name_token.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_tag_name_token.vue
@ -2,7 +2,7 @@
 import { GlFilteredSearchToken, GlFilteredSearchSuggestion, GlLoadingIcon } from '@gitlab/ui';
 import { debounce } from 'lodash';
 import Api from '~/api';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { FETCH_TAG_ERROR_MESSAGE, FILTER_PIPELINES_SEARCH_DELAY } from '../../../constants';
 export default {
@ -38,7 +38,7 @@ export default {
          this.loading = false;
        })
        .catch((err) => {
-          createFlash({
+          createAlert({
            message: FETCH_TAG_ERROR_MESSAGE,
          });
          this.loading = false;
--- a/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_trigger_author_token.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_trigger_author_token.vue
@ -8,7 +8,7 @@ import {
 } from '@gitlab/ui';
 import { debounce } from 'lodash';
 import Api from '~/api';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import {
  ANY_TRIGGER_AUTHOR,
  FETCH_AUTHOR_ERROR_MESSAGE,
@ -61,7 +61,7 @@ export default {
          this.loading = false;
        })
        .catch((err) => {
-          createFlash({
+          createAlert({
            message: FETCH_AUTHOR_ERROR_MESSAGE,
          });
          this.loading = false;
--- a/app/assets/javascripts/pipelines/mixins/pipelines_mixin.js
+++ b/app/assets/javascripts/pipelines/mixins/pipelines_mixin.js
@ -1,5 +1,5 @@
 import Visibility from 'visibilityjs';
-import createFlash, { createAlert } from '~/flash';
+import { createAlert } from '~/flash';
 import { helpPagePath } from '~/helpers/help_page_helper';
 import { historyPushState, buildUrlWithCurrentLocation } from '~/lib/utils/common_utils';
 import httpStatusCodes from '~/lib/utils/http_status';
@ -172,7 +172,7 @@ export default {
        .postAction(endpoint)
        .then(() => this.updateTable())
        .catch(() =>
-          createFlash({
+          createAlert({
            message: __('An error occurred while making the request.'),
          }),
        );
--- a/app/assets/javascripts/pipelines/pipeline_details_bundle.js
+++ b/app/assets/javascripts/pipelines/pipeline_details_bundle.js
@ -1,4 +1,4 @@
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __, s__ } from '~/locale';
 import createDagApp from './pipeline_details_dag';
 import { createPipelinesDetailApp } from './pipeline_details_graph';
@ -24,7 +24,7 @@ export default async function initPipelineDetailsBundle() {
  try {
    createPipelineHeaderApp(SELECTORS.PIPELINE_HEADER, apolloProvider, dataset.graphqlResourceEtag);
  } catch {
-    createFlash({
+    createAlert({
      message: __('An error occurred while loading a section of this page.'),
    });
  }
@ -37,7 +37,7 @@ export default async function initPipelineDetailsBundle() {
      const appOptions = createAppOptions(SELECTORS.PIPELINE_TABS, apolloProvider);
      createPipelineTabs(appOptions);
    } catch {
-      createFlash({
+      createAlert({
        message: __('An error occurred while loading a section of this page.'),
      });
    }
@ -45,7 +45,7 @@ export default async function initPipelineDetailsBundle() {
    try {
      createPipelinesDetailApp(SELECTORS.PIPELINE_GRAPH, apolloProvider, dataset);
    } catch {
-      createFlash({
+      createAlert({
        message: __('An error occurred while loading the pipeline.'),
      });
    }
@ -53,7 +53,7 @@ export default async function initPipelineDetailsBundle() {
    try {
      createDagApp(apolloProvider);
    } catch {
-      createFlash({
+      createAlert({
        message: __('An error occurred while loading the Needs tab.'),
      });
    }
@ -61,7 +61,7 @@ export default async function initPipelineDetailsBundle() {
    try {
      createTestDetails(SELECTORS.PIPELINE_TESTS);
    } catch {
-      createFlash({
+      createAlert({
        message: __('An error occurred while loading the Test Reports tab.'),
      });
    }
@ -69,7 +69,7 @@ export default async function initPipelineDetailsBundle() {
    try {
      createPipelineJobsApp(SELECTORS.PIPELINE_JOBS);
    } catch {
-      createFlash({
+      createAlert({
        message: __('An error occurred while loading the Jobs tab.'),
      });
    }
@ -77,7 +77,7 @@ export default async function initPipelineDetailsBundle() {
    try {
      createPipelineFailedJobsApp(SELECTORS.PIPELINE_FAILED_JOBS);
    } catch {
-      createFlash({
+      createAlert({
        message: s__('Jobs|An error occurred while loading the Failed Jobs tab.'),
      });
    }
--- a/app/assets/javascripts/pipelines/stores/test_reports/actions.js
+++ b/app/assets/javascripts/pipelines/stores/test_reports/actions.js
@ -1,4 +1,4 @@
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { s__ } from '~/locale';
 import * as types from './mutation_types';
@ -12,7 +12,7 @@ export const fetchSummary = ({ state, commit, dispatch }) => {
      commit(types.SET_SUMMARY, data);
    })
    .catch(() => {
-      createFlash({
+      createAlert({
        message: s__('TestReports|There was an error fetching the summary.'),
      });
    })
--- a/app/assets/javascripts/pipelines/stores/test_reports/mutations.js
+++ b/app/assets/javascripts/pipelines/stores/test_reports/mutations.js
@ -1,4 +1,4 @@
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { s__ } from '~/locale';
 import * as types from './mutation_types';
@ -21,7 +21,7 @@ export default {
    if (errorMessage) {
      state.errorMessage = errorMessage;
    } else {
-      createFlash({
+      createAlert({
        message: s__('TestReports|There was an error fetching the test suite.'),
      });
    }
--- a/app/assets/stylesheets/framework/tables.scss
+++ b/app/assets/stylesheets/framework/tables.scss
@ -4,22 +4,6 @@
 }
 table {
  /*
  * TODO
  * This is a temporary workaround until we fix the neutral
  * color palette in https://gitlab.com/gitlab-org/gitlab/-/issues/213570
  *
  * The overwrites here affected the following areas:
  * - The subscription seats table. When removing this code, the .seats-table
  *   <th> and margin overrides should be removed there.
  *
  * Remove this code as soon as this happens
  *
  */
  &.gl-table {
    @include gl-text-gray-500;
  }
  &.table {
    .thead-white {
      th {
--- a/app/assets/stylesheets/page_bundles/milestone.scss
+++ b/app/assets/stylesheets/page_bundles/milestone.scss
@ -40,39 +40,6 @@ $status-box-line-height: 26px;
      }
    }
  }
  .card-header {
    line-height: $line-height-base;
    padding: 14px 16px;
    display: flex;
    justify-content: space-between;
    .title {
      flex: 1;
      flex-grow: 2;
    }
    .issuable-count-weight {
      white-space: nowrap;
      .counter,
      .weight {
        color: var(--gray-500, $gray-500);
        font-weight: $gl-font-weight-bold;
      }
    }
    &.text-white {
      .issuable-count-weight svg {
        fill: $white;
      }
      .issuable-count-weight .counter,
      .weight {
        color: var(--white, $white);
      }
    }
  }
 }
 .milestone-sidebar {
--- a/app/helpers/milestones_helper.rb
+++ b/app/helpers/milestones_helper.rb
@ -0,0 +1,26 @@
 # frozen_string_literal: true
 module MilestonesHelper
  def milestone_header_class(primary, issuables)
    header_color = milestone_header_color(primary: primary)
    header_border = milestone_header_border(issuables)
    "#{header_color} #{header_border} gl-display-flex"
  end
  def milestone_counter_class(primary)
    primary ? 'gl-text-white' : 'gl-text-gray-500'
  end
  private
  def milestone_header_color(primary: false)
    return '' unless primary
    'gl-bg-blue-500 gl-text-white'
  end
  def milestone_header_border(issuables)
    issuables.empty? ? 'gl-border-bottom-0 gl-rounded-base' : ''
  end
 end
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@ -1996,6 +1996,10 @@ class MergeRequest < ApplicationRecord
    # rubocop: enable CodeReuse/ServiceClass
  end
  def can_suggest_reviewers?
    false # overridden in EE
  end
  private
  attr_accessor :skip_fetch_ref
--- a/app/services/projects/import_service.rb
+++ b/app/services/projects/import_service.rb
@ -64,7 +64,11 @@ module Projects
    def add_repository_to_project
      if project.external_import? && !unknown_url?
        begin
-          Gitlab::UrlBlocker.validate!(project.import_url, ports: Project::VALID_IMPORT_PORTS)
+          Gitlab::UrlBlocker.validate!(
            project.import_url,
            schemes: Project::VALID_IMPORT_PROTOCOLS,
            ports: Project::VALID_IMPORT_PORTS
          )
        rescue Gitlab::UrlBlocker::BlockedUrlError => e
          raise e, s_("ImportProjects|Blocked import URL: %{message}") % { message: e.message }
        end
--- a/app/views/profiles/show.html.haml
+++ b/app/views/profiles/show.html.haml
@ -29,12 +29,18 @@
          = image_tag avatar_icon_for_user(@user, 96), alt: '', class: 'avatar s96'
      %h5.gl-mt-0= s_("Profiles|Upload new avatar")
      .gl-display-flex.gl-align-items-center.gl-my-3
-        %button.gl-button.btn.btn-default.js-choose-user-avatar-button{ type: 'button' }= s_("Profiles|Choose file...")
+        = render Pajamas::ButtonComponent.new(button_options: { class: 'js-choose-user-avatar-button' }) do
          = s_("Profiles|Choose file...")
        %span.gl-ml-3.js-avatar-filename= s_("Profiles|No file chosen.")
        = f.file_field :avatar, class: 'js-user-avatar-input hidden', accept: 'image/*'
      .gl-text-gray-500= s_("Profiles|The maximum file size allowed is 200KB.")
      - if @user.avatar?
-        = link_to s_("Profiles|Remove avatar"), profile_avatar_path, data: { confirm: s_("Profiles|Avatar will be removed. Are you sure?") }, method: :delete, class: 'gl-button btn btn-danger-secondary btn-sm gl-mt-5'
+        = render Pajamas::ButtonComponent.new(variant: :danger,
          category: :secondary,
          href: profile_avatar_path,
          button_options: { class: 'gl-mt-3', data: { confirm: s_("Profiles|Avatar will be removed. Are you sure?") } },
          method: :delete) do
          = s_("Profiles|Remove avatar")
    .col-lg-12
      %hr
  .row.js-search-settings-section
@ -138,7 +144,8 @@
    .col-lg-12
      %hr
      = f.submit s_("Profiles|Update profile settings"), class: 'gl-mr-3 js-password-prompt-btn', pajamas_button: true
-      = link_to _("Cancel"), user_path(current_user), class: 'gl-button btn btn-default btn-cancel'
+      = render Pajamas::ButtonComponent.new(href: user_path(current_user)) do
        = s_('TagsPage|Cancel')
 #password-prompt-modal
@ -148,19 +155,19 @@
      .modal-header
        %h4.modal-title
          = s_("Profiles|Position and size your new avatar")
-        %button.close{ type: "button", "data-dismiss": "modal", "aria-label" => _("Close") }
+        = render Pajamas::ButtonComponent.new(category: :tertiary,
-          %span{ "aria-hidden": "true" } &times;
+          icon: 'close',
          button_options: { class: 'close', "data-dismiss": "modal", "aria-label" => _("Close") })
      .modal-body
        .profile-crop-image-container
          %img.modal-profile-crop-image{ alt: s_("Profiles|Avatar cropper") }
        .gl-text-center.gl-mt-4
          .btn-group
-            %button.btn.gl-button.btn-default{ data: { method: 'zoom', option: '-0.1' } }
+            = render Pajamas::ButtonComponent.new(icon: 'search-minus',
-              %span
+              button_options: {data: { method: 'zoom', option: '-0.1' }})
-                = sprite_icon('search-minus')
+            = render Pajamas::ButtonComponent.new(icon: 'search-plus',
-            %button.btn.gl-button.btn-default{ data: { method: 'zoom', option: '0.1' } }
+              button_options: {data: { method: 'zoom', option: '0.1' }})
              %span
                = sprite_icon('search-plus')
      .modal-footer
-        %button.btn.gl-button.btn-confirm.js-upload-user-avatar{ type: 'button' }
+        = render Pajamas::ButtonComponent.new(variant: :confirm,
          button_options: { class: 'js-upload-user-avatar'}) do
          = s_("Profiles|Set new profile picture")
--- a/app/views/shared/milestones/_issuables.html.haml
+++ b/app/views/shared/milestones/_issuables.html.haml
@ -1,22 +1,20 @@
 - show_counter = local_assigns.fetch(:show_counter, false)
 - primary = local_assigns.fetch(:primary, false)
 - panel_class = primary ? 'bg-primary text-white' : ''
-.card
+= render Pajamas::CardComponent.new(card_options: { class: 'gl-mb-5' }, body_options: { class: 'gl-py-0' }, header_options: { class: milestone_header_class(primary, issuables) }) do |c|
-  .card-header{ class: panel_class }
+  - c.header do
-    .header.gl-mb-2
+    .gl-flex-grow-2
-      .title
+      = title
-        = title
+    .gl-ml-3.gl-flex-shrink-0.gl-font-weight-bold.gl-white-space-nowrap{ class: milestone_counter_class(primary) }
    .issuable-count-weight.gl-ml-3
      - if show_counter
-        %span.counter
+        %span
          = sprite_icon('issues', css_class: 'gl-vertical-align-text-bottom')
          = number_with_delimiter(issuables.length)
      = render_if_exists "shared/milestones/issuables_weight", issuables: issuables
-
+  = c.body do
-  - class_prefix = dom_class(issuables).pluralize
+    - class_prefix = dom_class(issuables).pluralize
-  %ul{ class: "content-list milestone-#{class_prefix}-list", id: "#{class_prefix}-list-#{id}" }
+    %ul{ class: "content-list milestone-#{class_prefix}-list", id: "#{class_prefix}-list-#{id}" }
-    = render partial: 'shared/milestones/issuable',
+      = render partial: 'shared/milestones/issuable',
-             collection: issuables,
+              collection: issuables,
-             as: :issuable,
+              as: :issuable,
-             locals: { show_project_name: show_project_name }
+              locals: { show_project_name: show_project_name }
--- a/config/application.rb
+++ b/config/application.rb
@ -258,6 +258,7 @@ module Gitlab
    config.assets.precompile << "page_bundles/admin/jobs_index.css"
    config.assets.precompile << "page_bundles/alert_management_details.css"
    config.assets.precompile << "page_bundles/alert_management_settings.css"
    config.assets.precompile << "page_bundles/billings.css"
    config.assets.precompile << "page_bundles/boards.css"
    config.assets.precompile << "page_bundles/build.css"
    config.assets.precompile << "page_bundles/ci_status.css"
--- a/doc/administration/auth/smartcard.md
+++ b/doc/administration/auth/smartcard.md
@ -101,7 +101,7 @@ Certificate:
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7693) in GitLab 11.8 as an experimental feature. Smartcard authentication against an LDAP server may change or be removed completely in the future.
 GitLab implements a standard way of certificate matching following
-[RFC4523](https://tools.ietf.org/html/rfc4523). It uses the
+[RFC4523](https://www.rfc-editor.org/rfc/rfc4523). It uses the
 `certificateExactMatch` certificate matching rule against the `userCertificate`
 attribute. As a prerequisite, you must use an LDAP server that:
--- a/doc/administration/reply_by_email.md
+++ b/doc/administration/reply_by_email.md
@ -54,4 +54,4 @@ If it finds a reply key, it leaves your reply as a comment on
 the entity the notification was about (issue, merge request, commit...).
 For more details about the `Message-ID`, `In-Reply-To`, and `References headers`,
-see [RFC 5322](https://tools.ietf.org/html/rfc5322#section-3.6.4).
+see [RFC 5322](https://www.rfc-editor.org/rfc/rfc5322#section-3.6.4).
--- a/doc/api/index.md
+++ b/doc/api/index.md
@ -29,7 +29,7 @@ For an introduction and basic steps, see
 ## SCIM API **(PREMIUM SAAS)**
 GitLab provides a [SCIM API](scim.md) that both implements
-[the RFC7644 protocol](https://tools.ietf.org/html/rfc7644) and provides the
+[the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644) and provides the
 `/Users` endpoint. The base URL is `/api/scim/v2/groups/:group_path/Users/`.
 ## GraphQL API
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@ -37,7 +37,7 @@ For example, the `X-Requested-With` header can't be used for preflight requests.
 GitLab supports the following authorization flows:
- **Authorization code with [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636):**
+- **Authorization code with [Proof Key for Code Exchange (PKCE)](https://www.rfc-editor.org/rfc/rfc7636):**
  Most secure. Without PKCE, you'd have to include client secrets on mobile clients,
  and is recommended for both client and server apps.
 - **Authorization code:** Secure and common flow. Recommended option for secure
@ -48,7 +48,7 @@ GitLab supports the following authorization flows:
 The draft specification for [OAuth 2.1](https://oauth.net/2.1/) specifically omits both the
 Implicit grant and Resource Owner Password Credentials flows.
-Refer to the [OAuth RFC](https://tools.ietf.org/html/rfc6749) to find out
+Refer to the [OAuth RFC](https://www.rfc-editor.org/rfc/rfc6749) to find out
 how all those flows work and pick the right one for your use case.
 Authorization code (with or without PKCE) flow requires `application` to be
@ -75,15 +75,15 @@ For production, please use HTTPS for your `redirect_uri`.
 For development, GitLab allows insecure HTTP redirect URIs.
 As OAuth 2.0 bases its security entirely on the transport layer, you should not use unprotected
-URIs. For more information, see the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749#section-3.1.2.1)
+URIs. For more information, see the [OAuth 2.0 RFC](https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2.1)
-and the [OAuth 2.0 Threat Model RFC](https://tools.ietf.org/html/rfc6819#section-4.4.2.1).
+and the [OAuth 2.0 Threat Model RFC](https://www.rfc-editor.org/rfc/rfc6819#section-4.4.2.1).
 In the following sections you can find detailed instructions on how to obtain
 authorization with each flow.
 ### Authorization code with Proof Key for Code Exchange (PKCE)
-The [PKCE RFC](https://tools.ietf.org/html/rfc7636#section-1.1) includes a
+The [PKCE RFC](https://www.rfc-editor.org/rfc/rfc7636#section-1.1) includes a
 detailed flow description, from authorization request through access token.
 The following steps describe our implementation of the flow.
@ -177,7 +177,7 @@ You can now make requests to the API with the access token.
 ### Authorization code flow
 NOTE:
-Check the [RFC spec](https://tools.ietf.org/html/rfc6749#section-4.1) for a
+Check the [RFC spec](https://www.rfc-editor.org/rfc/rfc6749#section-4.1) for a
 detailed flow description.
 The authorization code flow is essentially the same as
@ -257,7 +257,7 @@ You can now make requests to the API with the access token returned.
 ### Resource owner password credentials flow
 NOTE:
-Check the [RFC spec](https://tools.ietf.org/html/rfc6749#section-4.3) for a
+Check the [RFC spec](https://www.rfc-editor.org/rfc/rfc6749#section-4.3) for a
 detailed flow description.
 NOTE:
--- a/doc/api/scim.md
+++ b/doc/api/scim.md
@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/9388) in GitLab 11.10.
-The SCIM API implements the [RFC7644 protocol](https://tools.ietf.org/html/rfc7644). As this API is for
+The SCIM API implements the [RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644). As this API is for
 **system** use for SCIM provider integration, it is subject to change without notice.
 To use this API, [Group SSO](../user/group/saml_sso/index.md) must be enabled for the group.
@ -34,7 +34,7 @@ Parameters:
 | `count` | integer | no    | Desired maximum number of query results. |
 NOTE:
-Pagination follows the [SCIM spec](https://tools.ietf.org/html/rfc7644#section-3.4.2.4) rather than GitLab pagination as used elsewhere. If records change between requests it is possible for a page to either be missing records that have moved to a different page or repeat records from a previous request.
+Pagination follows the [SCIM spec](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.4) rather than GitLab pagination as used elsewhere. If records change between requests it is possible for a page to either be missing records that have moved to a different page or repeat records from a previous request.
 Example request:
@ -226,7 +226,7 @@ Returns an empty response with a `204` status code if successful.
 ## Available filters
-They match an expression as specified in [the RFC7644 filtering section](https://tools.ietf.org/html/rfc7644#section-3.4.2.2).
+They match an expression as specified in [the RFC7644 filtering section](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.2).
 | Filter | Description |
 | ----- | ----------- |
@ -240,7 +240,7 @@ id eq a-b-c-d
 ## Available operations
-They perform an operation as specified in [the RFC7644 update section](https://tools.ietf.org/html/rfc7644#section-3.5.2).
+They perform an operation as specified in [the RFC7644 update section](https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2).
 | Operator | Description |
 | ----- | ----------- |
--- a/doc/ci/secrets/index.md
+++ b/doc/ci/secrets/index.md
@ -56,7 +56,7 @@ To configure your Vault server:
 1. Ensure your Vault server is running on version 1.2.0 or higher.
 1. Enable the authentication method by running these commands. They provide your Vault
-   server the [JSON Web Key Set](https://tools.ietf.org/html/rfc7517) (JWKS) endpoint for your GitLab instance, so Vault
+   server the [JSON Web Key Set](https://www.rfc-editor.org/rfc/rfc7517) (JWKS) endpoint for your GitLab instance, so Vault
   can fetch the public signing key and verify the JSON Web Token (JWT) when authenticating:
   ```shell
--- a/doc/ci/variables/predefined_variables.md
+++ b/doc/ci/variables/predefined_variables.md
@ -74,7 +74,7 @@ as it can cause the pipeline to behave unexpectedly.
 | `CI_JOB_STATUS`                          | all    | 13.5   | The status of the job as each runner stage is executed. Use with [`after_script`](../yaml/index.md#after_script). Can be `success`, `failed`, or `canceled`. |
 | `CI_JOB_TOKEN`                           | 9.0    | 1.2    | A token to authenticate with [certain API endpoints](../jobs/ci_job_token.md). The token is valid as long as the job is running. |
 | `CI_JOB_URL`                             | 11.1   | 0.5    | The job details URL. |
-| `CI_JOB_STARTED_AT`                      | 13.10  | all    | The UTC datetime when a job started, in [ISO 8601](https://tools.ietf.org/html/rfc3339#appendix-A) format. |
+| `CI_JOB_STARTED_AT`                      | 13.10  | all    | The UTC datetime when a job started, in [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. |
 | `CI_KUBERNETES_ACTIVE`                   | 13.0   | all    | Only available if the pipeline has a Kubernetes cluster available for deployments. `true` when available. |
 | `CI_NODE_INDEX`                          | 11.5   | all    | The index of the job in the job set. Only available if the job uses [`parallel`](../yaml/index.md#parallel). |
 | `CI_NODE_TOTAL`                          | 11.5   | all    | The total number of instances of this job running in parallel. Set to `1` if the job does not use [`parallel`](../yaml/index.md#parallel). |
@ -86,7 +86,7 @@ as it can cause the pipeline to behave unexpectedly.
 | `CI_PIPELINE_SOURCE`                     | 10.0   | all    | How the pipeline was triggered. Can be `push`, `web`, `schedule`, `api`, `external`, `chat`, `webide`, `merge_request_event`, `external_pull_request_event`, `parent_pipeline`, [`trigger`, or `pipeline`](../triggers/index.md#configure-cicd-jobs-to-run-in-triggered-pipelines). For a description of each value, see [Common `if` clauses for `rules`](../jobs/job_control.md#common-if-clauses-for-rules), which uses this variable to control when jobs run. |
 | `CI_PIPELINE_TRIGGERED`                  | all    | all    | `true` if the job was [triggered](../triggers/index.md). |
 | `CI_PIPELINE_URL`                        | 11.1   | 0.5    | The URL for the pipeline details. |
-| `CI_PIPELINE_CREATED_AT`                 | 13.10  | all    | The UTC datetime when the pipeline was created, in [ISO 8601](https://tools.ietf.org/html/rfc3339#appendix-A) format. |
+| `CI_PIPELINE_CREATED_AT`                 | 13.10  | all    | The UTC datetime when the pipeline was created, in [ISO 8601](https://www.rfc-editor.org/rfc/rfc3339#appendix-A) format. |
 | `CI_PROJECT_CONFIG_PATH`                 | 13.8 to 13.12 | all    | [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/322807) in GitLab 14.0. Use `CI_CONFIG_PATH`. |
 | `CI_PROJECT_DIR`                         | all    | all    | The full path the repository is cloned to, and where the job runs from. If the GitLab Runner `builds_dir` parameter is set, this variable is set relative to the value of `builds_dir`. For more information, see the [Advanced GitLab Runner configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section). |
 | `CI_PROJECT_ID`                          | all    | all    | The ID of the current project. This ID is unique across all projects on the GitLab instance. |
--- a/doc/development/polling.md
+++ b/doc/development/polling.md
@ -61,5 +61,5 @@ route matching easier.
 For more information see:
 - [`Poll-Interval` header](fe_guide/performance.md#real-time-components)
- [RFC 7232](https://tools.ietf.org/html/rfc7232)
+- [RFC 7232](https://www.rfc-editor.org/rfc/rfc7232)
 - [ETag proposal](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/26926)
--- a/doc/integration/ding_talk.md
+++ b/doc/integration/ding_talk.md
@ -19,7 +19,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
 1. Fill in the application details:
-   - **Application Name**: This can be anything. Consider something like `<Organization>'s GitLab`, or `<Your Name>'s GitLab`, or something else descriptive.
+   - **Application Name**: This can be anything. Consider something like `<Organization>'s GitLab`, `<Your Name>'s GitLab`, or something else descriptive.
   - **Application Description**: Create a description.
   - **Application icon**: Upload qualified icons if needed.
@ -31,7 +31,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
   ![DingTalk your application](img/ding_talk_your_application.png)
-1. Under the **Application Credentials** section, there should be an AppKey and AppSecret (see the screenshot). Keep this page open as you continue the configuration.
+1. In the **Application Credentials** section, note the **AppKey** and **AppSecret** as you use these values later.
   ![DingTalk credentials](img/ding_talk_credentials.png)
@ -62,8 +62,8 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
       {
         name: "dingtalk",
         # label: "Provider name", # optional label for login button, defaults to "Ding Talk"
-         app_id: "YOUR_APP_ID",
+         app_id: "<your_appkey>",
-         app_secret: "YOUR_APP_SECRET"
+         app_secret: "<your_appsecret>"
       }
     ]
   ```
@ -73,16 +73,16 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
   ```yaml
   - { name: 'dingtalk',
       # label: 'Provider name', # optional label for login button, defaults to "Ding Talk"
-       app_id: 'YOUR_APP_ID',
+       app_id: '<your_appkey>',
-       app_secret: 'YOUR_APP_SECRET' }
+       app_secret: '<your_appsecret>' }
   ```
-1. Change `YOUR_APP_ID` to the AppKey from the application information page in step 6.
+1. Replace `<your_appkey>` with the AppKey from the  **Application Credentials** in step 6.
-1. Change `YOUR_APP_SECRET` to the AppSecret from the application information page in step 6.
+1. Replace `<your_appsecret>` with the AppSecret from the **Application Credentials** in step 6.
 1. Save the configuration file.
-1. For the changes to take effect:
+1. For the changes to take effect, if you installed:
-   - If you installed via Omnibus, [reconfigure GitLab](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure).
+   - Using Omnibus, [reconfigure GitLab](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure).
-   - If you installed from source, [restart GitLab](../administration/restart_gitlab.md#installations-from-source).
+   - From source, [restart GitLab](../administration/restart_gitlab.md#installations-from-source).
--- a/doc/integration/oauth2_generic.md
+++ b/doc/integration/oauth2_generic.md
@ -4,39 +4,39 @@ group: Authentication and Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
-# Generic OAuth2 provider **(FREE SELF)**
+# Generic OAuth 2.0 provider **(FREE SELF)**
 The `omniauth-oauth2-generic` gem allows single sign-on (SSO) between GitLab
-and your OAuth2 provider (or any OAuth2 provider compatible with this gem).
+and your OAuth 2.0 provider, or any OAuth 2.0 provider compatible with this gem).
 This strategy allows for the configuration of this OmniAuth SSO process:
 1. Strategy directs the client to your authorization URL (**configurable**), with
   the specified ID and key.
-1. The OAuth2 provider handles authentication of the request, user, and (optionally)
+1. The OAuth 2.0 provider handles authentication of the request, user, and (optionally)
-   authorization to access user's profile.
+   authorization to access the user's profile.
-1. The OAuth2 provider directs the client back to GitLab where Strategy handles
+1. The OAuth 2.0 provider directs the client back to GitLab where Strategy
-   the retrieval of the access token.
+   retrieves the access token.
 1. Strategy requests user information from a **configurable** "user profile"
-   URL (using the access token).
+   URL using the access token.
-1. Strategy parses user information from the response, using a **configurable**
+1. Strategy parses user information from the response using a **configurable**
   format.
 1. GitLab finds or creates the returned user and signs them in.
-## Limitations of this strategy
+This strategy:
- It can only be used for single sign-on, and doesn't provide any other access
+- Can only be used for single sign-on, and does not provide any other access
-  granted by any OAuth2 provider (like importing projects or users).
+  granted by any OAuth 2.0 provider. For example, importing projects or users.
- It supports only the Authorization Grant flow (most common for client-server
+- Only supports the Authorization Grant flow, which is most common for client-server
-  applications, like GitLab).
+  applications like GitLab.
- It can't fetch user information from more than one URL.
+- Cannot fetch user information from more than one URL.
- It hasn't been tested with user information formats, other than JSON.
+- Has not been tested with user information formats, except JSON.
-## Configure the OAuth2 provider
+## Configure the OAuth 2.0 provider
 To configure the provider:
-1. Register your application in the OAuth2 provider you want to authenticate with.
+1. Register your application in the OAuth 2.0 provider you want to authenticate with.
   The redirect URI you provide when registering the application should be:
@ -44,9 +44,9 @@ To configure the provider:
   http://your-gitlab.host.com/users/auth/oauth2_generic/callback
   ```
-   You should now be able to get a Client ID and Client Secret. Where this
+   You should now be able to get a client ID and client secret. Where these
-   appears differs for each provider. This may also be called Application ID
+   appear is different for each provider. This may also be called application ID
-   and Secret.
+   and application secret.
 1. On your GitLab server, open the appropriate configuration file.
@ -99,15 +99,14 @@ To configure the provider:
   ]
   ```
-   For more information about these settings, see [the gem's README](https://gitlab.com/satorix/omniauth-oauth2-generic#gitlab-config-example).
+   For more information about these settings, see the [gem's README](https://gitlab.com/satorix/omniauth-oauth2-generic#gitlab-config-example).
 1. Save the configuration file.
-1. [Restart](../administration/restart_gitlab.md#installations-from-source)
+1. For the changes to take effect, [restart GitLab](../administration/restart_gitlab.md#installations-from-source).
   GitLab for the changes to take effect.
-On the sign-in page there should now be a new button below the regular sign-in
+On the sign-in page there should now be a new icon below the regular sign-in
-form. Select the button to begin your provider's authentication process. This
+form. Select that icon to begin your provider's authentication process. This
-directs the browser to your OAuth2 provider's authentication page. If
+directs the browser to your OAuth 2.0 provider's authentication page. If
-everything goes well, you are returned to your GitLab instance and are
+everything goes well, you are returned to your GitLab instance and
 signed in.
--- a/doc/user/admin_area/settings/user_and_ip_rate_limits.md
+++ b/doc/user/admin_area/settings/user_and_ip_rate_limits.md
@ -109,7 +109,7 @@ attached into the response headers.
 | `RateLimit-Observed`  | `67`                            | Number of requests associated to the client in the time window.                                                                                                                                                  |
 | `RateLimit-Remaining` | `0`                             | Remaining quota in the time window. The result of `RateLimit-Limit` - `RateLimit-Observed`.                                                                                                                     |
 | `RateLimit-Reset`     | `1609844400`                    | [Unix time](https://en.wikipedia.org/wiki/Unix_time)-formatted time when the request quota is reset.                                                                                                             |
-| `RateLimit-ResetTime` | `Tue, 05 Jan 2021 11:00:00 GMT` | [RFC2616](https://tools.ietf.org/html/rfc2616#section-3.3.1)-formatted date and time when the request quota is reset.                                                                                            |
+| `RateLimit-ResetTime` | `Tue, 05 Jan 2021 11:00:00 GMT` | [RFC2616](https://www.rfc-editor.org/rfc/rfc2616#section-3.3.1)-formatted date and time when the request quota is reset.                                                                                            |
 | `Retry-After`         | `30`                            | Remaining duration **in seconds** until the quota is reset. This is a [standard HTTP header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After).                                             |
 ## Use an HTTP header to bypass rate limiting
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@ -446,7 +446,7 @@ automatically set to `$CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_APPLICATION_TAG`
 ### Using a custom SSL CA certificate authority
-You can use the `ADDITIONAL_CA_CERT_BUNDLE` CI/CD variable to configure a custom SSL CA certificate authority, which is used to verify the peer when fetching Docker images from a registry which uses HTTPS. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
+You can use the `ADDITIONAL_CA_CERT_BUNDLE` CI/CD variable to configure a custom SSL CA certificate authority, which is used to verify the peer when fetching Docker images from a registry which uses HTTPS. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
 ```yaml
 container_scanning:
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@ -650,7 +650,7 @@ or [contributing to the code](../../../development/index.md) to enable it to be
 ### Using a custom SSL CA certificate authority
-You can use the `ADDITIONAL_CA_CERT_BUNDLE` CI/CD variable to configure a custom SSL CA certificate authority. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
+You can use the `ADDITIONAL_CA_CERT_BUNDLE` CI/CD variable to configure a custom SSL CA certificate authority. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
 ```yaml
 variables:
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@ -503,7 +503,7 @@ From highest to lowest severity, the logging levels are:
 #### Custom Certificate Authority
 To trust a custom Certificate Authority, set the `ADDITIONAL_CA_CERT_BUNDLE` variable to the bundle
-of CA certs that you want to trust in the SAST environment. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
+of CA certs that you want to trust in the SAST environment. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
 ```yaml
 variables:
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@ -396,7 +396,7 @@ of CA certificates that you trust. Do this either in the `.gitlab-ci.yml` file,
 variable, or as a CI/CD variable.
 - In the `.gitlab-ci.yml` file, the `ADDITIONAL_CA_CERT_BUNDLE` value must contain the
-  [text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1).
+  [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1).
  For example:
--- a/doc/user/clusters/agent/install/index.md
+++ b/doc/user/clusters/agent/install/index.md
@ -48,7 +48,7 @@ For configuration settings, the agent uses a YAML file in the GitLab project. Yo
 To create an agent configuration file:
 1. Choose a name for your agent. The agent name follows the
-   [DNS label standard from RFC 1123](https://tools.ietf.org/html/rfc1123). The name must:
+   [DNS label standard from RFC 1123](https://www.rfc-editor.org/rfc/rfc1123). The name must:
   - Be unique in the project.
   - Contain at most 63 characters.
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@ -15,7 +15,7 @@ GitLab SAML SSO SCIM doesn't support updating users.
 When SCIM is enabled for a GitLab group, membership of that group is synchronized between GitLab and an identity provider.
-The GitLab [SCIM API](../../../api/scim.md) implements part of [the RFC7644 protocol](https://tools.ietf.org/html/rfc7644).
+The GitLab [SCIM API](../../../api/scim.md) implements part of [the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644).
 ## Configure GitLab
--- a/doc/user/project/pages/introduction.md
+++ b/doc/user/project/pages/introduction.md
@ -82,7 +82,7 @@ When using Pages under the top-level domain of a GitLab instance (`*.example.io`
 of subdomains. If your namespace or group name contains a dot (for example, `foo.bar`) the domain
 `https://foo.bar.example.io` does _not_ work.
-This limitation is because of the [HTTP Over TLS protocol](https://tools.ietf.org/html/rfc2818#section-3.1). HTTP pages
+This limitation is because of the [HTTP Over TLS protocol](https://www.rfc-editor.org/rfc/rfc2818#section-3.1). HTTP pages
 work as long as you don't redirect HTTP to HTTPS.
 ## GitLab Pages and subgroups
--- a/doc/user/project/releases/index.md
+++ b/doc/user/project/releases/index.md
@ -135,7 +135,7 @@ Methods for creating a release using a CI/CD job include:
 You can use the `ADDITIONAL_CA_CERT_BUNDLE` CI/CD variable to configure a custom SSL CA certificate authority,
 which is used to verify the peer when the `release-cli` creates a release through the API using HTTPS with custom certificates.
 The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the
-[text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1)
+[text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1)
 or the `path/to/file` containing the certificate authority.
 For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
--- a/doc/user/project/repository/x509_signed_commits/index.md
+++ b/doc/user/project/repository/x509_signed_commits/index.md
@ -48,7 +48,7 @@ GitLab checks certificate revocation lists on a daily basis with a background wo
 - Self-signed certificates without `authorityKeyIdentifier`,
  `subjectKeyIdentifier`, and `crlDistributionPoints` are not supported. We
  recommend using certificates from a PKI that are in line with
-  [RFC 5280](https://tools.ietf.org/html/rfc5280).
+  [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280).
 - If you have more than one email in the Subject Alternative Name list in
  your signing certificate,
  [only the first one is used to verify commits](https://gitlab.com/gitlab-org/gitlab/-/issues/336677).
--- a/lib/gitlab/ci/templates/Maven.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Maven.gitlab-ci.yml
@ -14,16 +14,32 @@
 # * Deploy built artifacts from master branch only.
 variables:
  # This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
  # `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
-  MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
+  MAVEN_OPTS: >-
-  # As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
+    -Dhttps.protocols=TLSv1.2
-  # when running from the command line.
+    -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository
-  # `installAtEnd` and `deployAtEnd` are only effective with recent version of the corresponding plugins.
+    -Dorg.slf4j.simpleLogger.showDateTime=true
-  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
+    -Djava.awt.headless=true
-# This template uses jdk8 for verifying and deploying images
+  # As of Maven 3.3.0 instead of this you MAY define these options in `.mvn/maven.config` so the same config is used
-image: maven:3.3.9-jdk-8
+  # when running from the command line.
  # As of Maven 3.6.1, the use of `--no-tranfer-progress` (or `-ntp`) suppresses download and upload messages. The use
  # of the `Slf4jMavenTransferListener` is no longer necessary.
  # `installAtEnd` and `deployAtEnd` are only effective with recent version of the corresponding plugins.
  MAVEN_CLI_OPTS: >-
    --batch-mode
    --errors
    --fail-at-end
    --show-version
    --no-transfer-progress
    -DinstallAtEnd=true
    -DdeployAtEnd=true
 # This template uses the latest Maven 3 release, e.g., 3.8.6, and OpenJDK 8 (LTS)
 # for verifying and deploying images
 # Maven 3.8.x REQUIRES HTTPS repositories.
 # See https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked for more.
 image: maven:3-openjdk-8
 # Cache downloaded dependencies and plugins between builds.
 # To keep cache across branches add 'key: "$CI_JOB_NAME"'
@ -33,7 +49,7 @@ cache:
 # For merge requests do not `deploy` but only run `verify`.
 # See https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html
-.verify: &verify
+.verify:
  stage: test
  script:
    - 'mvn $MAVEN_CLI_OPTS verify'
@ -43,19 +59,20 @@ cache:
 # Verify merge requests using JDK8
 verify:jdk8:
-  <<: *verify
+  extends:
    - .verify
-# To deploy packages from CI, create a ci_settings.xml file
+# To deploy packages from CI, create a `ci_settings.xml` file
 # For deploying packages to GitLab's Maven Repository: See https://docs.gitlab.com/ee/user/packages/maven_repository/index.html#create-maven-packages-with-gitlab-cicd for more details.
 # Please note: The GitLab Maven Repository is currently only available in GitLab Premium / Ultimate.
-# For `master` branch run `mvn deploy` automatically.
+# For `master` or `main` branch run `mvn deploy` automatically.
 deploy:jdk8:
  stage: deploy
  script:
-    - if [ ! -f ci_settings.xml ];
+    - if [ ! -f ci_settings.xml ]; then
-        then echo "CI settings missing\! If deploying to GitLab Maven Repository, please see https://docs.gitlab.com/ee/user/packages/maven_repository/index.html#create-maven-packages-with-gitlab-cicd for instructions.";
+        echo "CI settings missing\! If deploying to GitLab Maven Repository, please see https://docs.gitlab.com/ee/user/packages/maven_repository/index.html#create-maven-packages-with-gitlab-cicd for instructions.";
      fi
-    - 'mvn $MAVEN_CLI_OPTS deploy -s ci_settings.xml'
+    - 'mvn $MAVEN_CLI_OPTS deploy --settings ci_settings.xml'
  only:
    variables:
      - $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
--- a/qa/qa/specs/features/browser_ui/1_manage/login/log_in_with_2fa_spec.rb
+++ b/qa/qa/specs/features/browser_ui/1_manage/login/log_in_with_2fa_spec.rb
@ -3,8 +3,12 @@
 module QA
  RSpec.describe 'Manage', :requires_admin, :skip_live_env do
    describe '2FA' do
      let(:admin_api_client) { Runtime::API::Client.as_admin }
      let(:owner_api_client) { Runtime::API::Client.new(:gitlab, user: owner_user) }
      let!(:owner_user) do
        Resource::User.fabricate_via_api! do |usr|
          usr.username = "owner_user_#{SecureRandom.hex(4)}"
          usr.api_client = admin_api_client
        end
      end
@ -26,6 +30,7 @@ module QA
      let(:developer_user) do
        Resource::User.fabricate_via_api! do |resource|
          resource.username = "developer_user_#{SecureRandom.hex(4)}"
          resource.api_client = admin_api_client
        end
      end
@ -38,8 +43,7 @@ module QA
      it(
        'allows enforcing 2FA via UI and logging in with 2FA',
-        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347931',
+        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347931'
        quarantine: { type: :flaky, issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/369516' }
      ) do
        enforce_two_factor_authentication_on_group(group)
@ -70,14 +74,6 @@ module QA
        developer_user.remove_via_api!
      end
      def admin_api_client
        @admin_api_client ||= Runtime::API::Client.as_admin
      end
      def owner_api_client
        @owner_api_client ||= Runtime::API::Client.new(:gitlab, user: owner_user)
      end
      # We are intentionally using the UI to enforce 2FA to exercise the flow with UI.
      # Any future tests should use the API for this purpose.
      def enforce_two_factor_authentication_on_group(group)
@ -87,7 +83,9 @@ module QA
          Page::Group::Menu.perform(&:click_group_general_settings_item)
          Page::Group::Settings::General.perform(&:set_require_2fa_enabled)
-          expect(page).to have_text(two_fa_expected_text)
+          QA::Support::Retrier.retry_on_exception(reload_page: page) do
            expect(page).to have_text(two_fa_expected_text)
          end
          Page::Profile::TwoFactorAuth.perform(&:click_configure_it_later_button)
--- a/spec/features/projects/pipelines/pipelines_spec.rb
+++ b/spec/features/projects/pipelines/pipelines_spec.rb
@ -673,7 +673,7 @@ RSpec.describe 'Pipelines', :js do
          end
          context 'when variables are specified' do
-            it 'creates a new pipeline with variables' do
+            it 'creates a new pipeline with variables', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/375552' do
              page.within(find("[data-testid='ci-variable-row']")) do
                find("[data-testid='pipeline-form-ci-variable-key']").set('key_name')
                find("[data-testid='pipeline-form-ci-variable-value']").set('value')
@ -701,7 +701,7 @@ RSpec.describe 'Pipelines', :js do
          it { expect(page).to have_content('Missing CI config file') }
-          it 'creates a pipeline after first request failed and a valid gitlab-ci.yml file is available when trying again' do
+          it 'creates a pipeline after first request failed and a valid gitlab-ci.yml file is available when trying again', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/375552' do
            stub_ci_pipeline_to_return_yaml_file
            expect do
--- a/spec/frontend/pipelines/components/jobs/failed_jobs_app_spec.js
+++ b/spec/frontend/pipelines/components/jobs/failed_jobs_app_spec.js
@ -4,7 +4,7 @@ import Vue from 'vue';
 import VueApollo from 'vue-apollo';
 import createMockApollo from 'helpers/mock_apollo_helper';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import FailedJobsApp from '~/pipelines/components/jobs/failed_jobs_app.vue';
 import FailedJobsTable from '~/pipelines/components/jobs/failed_jobs_table.vue';
 import GetFailedJobsQuery from '~/pipelines/graphql/queries/get_failed_jobs.query.graphql';
@ -70,7 +70,7 @@ describe('Failed Jobs App', () => {
    await waitForPromises();
    expect(findJobsTable().exists()).toBe(true);
-    expect(createFlash).not.toHaveBeenCalled();
+    expect(createAlert).not.toHaveBeenCalled();
  });
  it('handles query fetch error correctly', async () => {
@ -80,7 +80,7 @@ describe('Failed Jobs App', () => {
    await waitForPromises();
-    expect(createFlash).toHaveBeenCalledWith({
+    expect(createAlert).toHaveBeenCalledWith({
      message: 'There was a problem fetching the failed jobs.',
    });
  });
--- a/spec/frontend/pipelines/components/jobs/failed_jobs_table_spec.js
+++ b/spec/frontend/pipelines/components/jobs/failed_jobs_table_spec.js
@ -4,7 +4,7 @@ import VueApollo from 'vue-apollo';
 import createMockApollo from 'helpers/mock_apollo_helper';
 import waitForPromises from 'helpers/wait_for_promises';
 import { mountExtended } from 'helpers/vue_test_utils_helper';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { redirectTo } from '~/lib/utils/url_utility';
 import FailedJobsTable from '~/pipelines/components/jobs/failed_jobs_table.vue';
 import RetryFailedJobMutation from '~/pipelines/graphql/mutations/retry_failed_job.mutation.graphql';
@ -88,7 +88,7 @@ describe('Failed Jobs Table', () => {
    await waitForPromises();
-    expect(createFlash).toHaveBeenCalledWith({
+    expect(createAlert).toHaveBeenCalledWith({
      message: 'There was a problem retrying the failed job.',
    });
  });
--- a/spec/frontend/pipelines/components/jobs/jobs_app_spec.js
+++ b/spec/frontend/pipelines/components/jobs/jobs_app_spec.js
@ -4,7 +4,7 @@ import Vue from 'vue';
 import VueApollo from 'vue-apollo';
 import createMockApollo from 'helpers/mock_apollo_helper';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import JobsApp from '~/pipelines/components/jobs/jobs_app.vue';
 import JobsTable from '~/jobs/components/table/jobs_table.vue';
 import getPipelineJobsQuery from '~/pipelines/graphql/queries/get_pipeline_jobs.query.graphql';
@ -88,7 +88,7 @@ describe('Jobs app', () => {
    expect(findJobsTable().exists()).toBe(true);
    expect(findSkeletonLoader().exists()).toBe(false);
-    expect(createFlash).not.toHaveBeenCalled();
+    expect(createAlert).not.toHaveBeenCalled();
  });
  it('handles job fetch error correctly', async () => {
@ -98,7 +98,7 @@ describe('Jobs app', () => {
    await waitForPromises();
-    expect(createFlash).toHaveBeenCalledWith({
+    expect(createAlert).toHaveBeenCalledWith({
      message: 'An error occurred while fetching the pipelines jobs.',
    });
  });
--- a/spec/frontend/pipelines/pipelines_actions_spec.js
+++ b/spec/frontend/pipelines/pipelines_actions_spec.js
@ -5,7 +5,7 @@ import { nextTick } from 'vue';
 import { mockTracking, unmockTracking } from 'helpers/tracking_helper';
 import waitForPromises from 'helpers/wait_for_promises';
 import { TEST_HOST } from 'spec/test_constants';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { confirmAction } from '~/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal';
 import PipelinesManualActions from '~/pipelines/components/pipelines_list/pipelines_manual_actions.vue';
@ -95,7 +95,7 @@ describe('Pipelines Actions dropdown', () => {
        await waitForPromises();
        expect(findDropdown().props('loading')).toBe(false);
-        expect(createFlash).toHaveBeenCalledTimes(1);
+        expect(createAlert).toHaveBeenCalledTimes(1);
      });
    });
--- a/spec/frontend/pipelines/pipelines_spec.js
+++ b/spec/frontend/pipelines/pipelines_spec.js
@ -11,7 +11,7 @@ import { mockTracking } from 'helpers/tracking_helper';
 import { extendedWrapper } from 'helpers/vue_test_utils_helper';
 import waitForPromises from 'helpers/wait_for_promises';
 import Api from '~/api';
-import createFlash from '~/flash';
+import { createAlert, VARIANT_WARNING } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import NavigationControls from '~/pipelines/components/pipelines_list/nav_controls.vue';
 import PipelinesComponent from '~/pipelines/components/pipelines_list/pipelines.vue';
@ -361,8 +361,11 @@ describe('Pipelines', () => {
        });
        it('displays a warning message if raw text search is used', () => {
-          expect(createFlash).toHaveBeenCalledTimes(1);
+          expect(createAlert).toHaveBeenCalledTimes(1);
-          expect(createFlash).toHaveBeenCalledWith({ message: RAW_TEXT_WARNING, type: 'warning' });
+          expect(createAlert).toHaveBeenCalledWith({
            message: RAW_TEXT_WARNING,
            variant: VARIANT_WARNING,
          });
        });
        it('should update browser bar', () => {
--- a/spec/frontend/pipelines/test_reports/stores/actions_spec.js
+++ b/spec/frontend/pipelines/test_reports/stores/actions_spec.js
@ -2,7 +2,7 @@ import MockAdapter from 'axios-mock-adapter';
 import testReports from 'test_fixtures/pipelines/test_report.json';
 import { TEST_HOST } from 'helpers/test_constants';
 import testAction from 'helpers/vuex_action_helper';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import * as actions from '~/pipelines/stores/test_reports/actions';
 import * as types from '~/pipelines/stores/test_reports/mutation_types';
@ -56,7 +56,7 @@ describe('Actions TestReports Store', () => {
        [],
        [{ type: 'toggleLoading' }, { type: 'toggleLoading' }],
      );
-      expect(createFlash).toHaveBeenCalled();
+      expect(createAlert).toHaveBeenCalled();
    });
  });
--- a/spec/frontend/pipelines/test_reports/stores/mutations_spec.js
+++ b/spec/frontend/pipelines/test_reports/stores/mutations_spec.js
@ -1,7 +1,7 @@
 import testReports from 'test_fixtures/pipelines/test_report.json';
 import * as types from '~/pipelines/stores/test_reports/mutation_types';
 import mutations from '~/pipelines/stores/test_reports/mutations';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 jest.mock('~/flash.js');
@ -61,7 +61,7 @@ describe('Mutations TestReports Store', () => {
    it('should show a flash message otherwise', () => {
      mutations[types.SET_SUITE_ERROR](mockState, {});
-      expect(createFlash).toHaveBeenCalled();
+      expect(createAlert).toHaveBeenCalled();
    });
  });
--- a/spec/helpers/milestones_helper_spec.rb
+++ b/spec/helpers/milestones_helper_spec.rb
@ -0,0 +1,41 @@
 # frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe MilestonesHelper do
  let_it_be(:issuable) { build(:merge_request) }
  describe '#milestone_header_class' do
    using RSpec::Parameterized::TableSyntax
    color_primary = 'gl-bg-blue-500 gl-text-white'
    border_empty = 'gl-border-bottom-0 gl-rounded-base'
    where(:primary, :issuables, :header_color, :header_border) do
      true  | [issuable] | color_primary | ''
      true  | []         | color_primary | border_empty
      false | []         | ''            | border_empty
      false | [issuable] | ''            | ''
    end
    with_them do
      subject { helper.milestone_header_class(primary, issuables) }
      it { is_expected.to eq("#{header_color} #{header_border} gl-display-flex") }
    end
  end
  describe '#milestone_counter_class' do
    context 'when primary is set to true' do
      subject { helper.milestone_counter_class(true) }
      it { is_expected.to eq('gl-text-white') }
    end
    context 'when primary is set to false' do
      subject { helper.milestone_counter_class(false) }
      it { is_expected.to eq('gl-text-gray-500') }
    end
  end
 end
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@ -5174,6 +5174,16 @@ RSpec.describe MergeRequest, factory_default: :keep do
    end
  end
  describe '#can_suggest_reviewers?' do
    let_it_be(:merge_request) { build(:merge_request, :opened, project: project) }
    subject(:can_suggest_reviewers) { merge_request.can_suggest_reviewers? }
    it 'returns false' do
      expect(can_suggest_reviewers).to be(false)
    end
  end
  describe '#suggested_reviewer_users' do
    let_it_be(:merge_request) { build(:merge_request, project: project) }
--- a/spec/services/projects/import_service_spec.rb
+++ b/spec/services/projects/import_service_spec.rb
@ -276,6 +276,15 @@ RSpec.describe Projects::ImportService do
        expect(result[:status]).to eq :error
        expect(result[:message]).to include('Only allowed ports are 80, 443')
      end
      it 'fails with file scheme' do
        project.import_url = "file:///tmp/dir.git"
        result = subject.execute
        expect(result[:status]).to eq :error
        expect(result[:message]).to include('Only allowed schemes are http, https')
      end
    end
    it_behaves_like 'measurable service' do