Add latest changes from gitlab-org/gitlab@master

db/migrate/20220401044858_add_user_id_and_state_index_to_merge_request_assignees.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class AddUserIdAndStateIndexToMergeRequestAssignees < Gitlab::Database::Migration[1.0]
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_on_merge_request_assignees_user_id_and_state'
+
+  def up
+    add_concurrent_index :merge_request_assignees, [:user_id, :state], where: 'state = 2', name: INDEX_NAME
+  end
+
+  def down
+    remove_concurrent_index_by_name :merge_request_assignees, INDEX_NAME
+  end
+end

db/migrate/20220401045116_add_user_id_and_state_index_to_merge_request_reviewers.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class AddUserIdAndStateIndexToMergeRequestReviewers < Gitlab::Database::Migration[1.0]
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_on_merge_request_reviewers_user_id_and_state'
+
+  def up
+    add_concurrent_index :merge_request_reviewers, [:user_id, :state], where: 'state = 2', name: INDEX_NAME
+  end
+
+  def down
+    remove_concurrent_index_by_name :merge_request_reviewers, INDEX_NAME
+  end
+end

db/post_migrate/20220401045621_remove_state_index_on_merge_request_assignees.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class RemoveStateIndexOnMergeRequestAssignees < Gitlab::Database::Migration[1.0]
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_on_merge_request_assignees_state'
+
+  def up
+    remove_concurrent_index_by_name :merge_request_assignees, INDEX_NAME
+  end
+
+  def down
+    add_concurrent_index :merge_request_assignees, :state, where: 'state = 2', name: INDEX_NAME
+  end
+end

db/post_migrate/20220401045642_remove_state_index_on_merge_request_reviewers.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class RemoveStateIndexOnMergeRequestReviewers < Gitlab::Database::Migration[1.0]
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_on_merge_request_reviewers_state'
+
+  def up
+    remove_concurrent_index_by_name :merge_request_reviewers, INDEX_NAME
+  end
+
+  def down
+    add_concurrent_index :merge_request_reviewers, :state, where: 'state = 2', name: INDEX_NAME
+  end
+end

db/schema_migrations/20220401044858

@@ -0,0 +1 @@
+7d9341440faaf8782bc47a24091148c40d635cc1c980a57999b47aff3d42806d

db/schema_migrations/20220401045116

@@ -0,0 +1 @@
+1f91d4855c6be0d7baf19f3d63d2efb4ccd8da85a7dcc4ad57fd03891f12fe46

db/schema_migrations/20220401045621

@@ -0,0 +1 @@
+9a2274c54a0c0393bf0a2ae7985b957364c63952273383c3aa6ff6c5b4655a42

db/schema_migrations/20220401045642

@@ -0,0 +1 @@
+5eabeb19a1b79c21333eb519cf7419c5424cf1270c97637d07bb2a09946ceaf0

db/structure.sql

@@ -28376,14 +28376,14 @@ CREATE INDEX index_on_issues_closed_incidents_by_project_id_and_closed_at ON iss
 
 CREATE INDEX index_on_label_links_all_columns ON label_links USING btree (target_id, label_id, target_type);
 
-CREATE INDEX index_on_merge_request_assignees_state ON merge_request_assignees USING btree (state) WHERE (state = 2);
-
 CREATE INDEX index_on_merge_request_assignees_updated_state_by_user_id ON merge_request_assignees USING btree (updated_state_by_user_id);
 
-CREATE INDEX index_on_merge_request_reviewers_state ON merge_request_reviewers USING btree (state) WHERE (state = 2);
+CREATE INDEX index_on_merge_request_assignees_user_id_and_state ON merge_request_assignees USING btree (user_id, state) WHERE (state = 2);
 
 CREATE INDEX index_on_merge_request_reviewers_updated_state_by_user_id ON merge_request_reviewers USING btree (updated_state_by_user_id);
 
+CREATE INDEX index_on_merge_request_reviewers_user_id_and_state ON merge_request_reviewers USING btree (user_id, state) WHERE (state = 2);
+
 CREATE INDEX index_on_merge_requests_for_latest_diffs ON merge_requests USING btree (target_project_id) INCLUDE (id, latest_merge_request_diff_id);
 
 COMMENT ON INDEX index_on_merge_requests_for_latest_diffs IS 'Index used to efficiently obtain the oldest merge request for a commit SHA';

doc/api/settings.md

@@ -437,6 +437,9 @@ listed in the descriptions of the relevant settings.
 | `throttle_authenticated_api_enabled`     | boolean          | no                                   | (**If enabled, requires:** `throttle_authenticated_api_period_in_seconds` and `throttle_authenticated_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
 | `throttle_authenticated_api_period_in_seconds` | integer    | required by:<br>`throttle_authenticated_api_enabled` | Rate limit period (in seconds). |
 | `throttle_authenticated_api_requests_per_period` | integer  | required by:<br>`throttle_authenticated_api_enabled` | Maximum requests per period per user. |
+| `throttle_authenticated_packages_api_enabled` | boolean     | no | (**If enabled, requires:** `throttle_authenticated_packages_api_period_in_seconds` and `throttle_authenticated_packages_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
+| `throttle_authenticated_packages_api_period_in_seconds` | integer    | required by:<br>`throttle_authenticated_packages_api_enabled` | Rate limit period (in seconds). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
+| `throttle_authenticated_packages_api_requests_per_period` | integer    | required by:<br>`throttle_authenticated_packages_api_enabled` | Maximum requests per period per user. View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
 | `throttle_authenticated_web_enabled`     | boolean          | no                                   | (**If enabled, requires:** `throttle_authenticated_web_period_in_seconds` and `throttle_authenticated_web_requests_per_period`) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
 | `throttle_authenticated_web_period_in_seconds` | integer    | required by:<br>`throttle_authenticated_web_enabled` | Rate limit period (in seconds). |
 | `throttle_authenticated_web_requests_per_period` | integer  | required by:<br>`throttle_authenticated_web_enabled` | Maximum requests per period per user. |
@@ -446,6 +449,9 @@ listed in the descriptions of the relevant settings.
 | `throttle_unauthenticated_api_enabled`       | boolean          | no                                   | (**If enabled, requires:** `throttle_unauthenticated_api_period_in_seconds` and `throttle_unauthenticated_api_requests_per_period`) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
 | `throttle_unauthenticated_api_period_in_seconds` | integer      | required by:<br>`throttle_unauthenticated_api_enabled` | Rate limit period in seconds. |
 | `throttle_unauthenticated_api_requests_per_period` | integer    | required by:<br>`throttle_unauthenticated_api_enabled` | Max requests per period per IP. |
+| `throttle_unauthenticated_packages_api_enabled` | boolean     | no | (**If enabled, requires:** `throttle_unauthenticated_packages_api_period_in_seconds` and `throttle_unauthenticated_packages_api_requests_per_period`) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
+| `throttle_unauthenticated_packages_api_period_in_seconds` | integer    | required by:<br>`throttle_unauthenticated_packages_api_enabled` | Rate limit period (in seconds). View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
+| `throttle_unauthenticated_packages_api_requests_per_period` | integer    | required by:<br>`throttle_unauthenticated_packages_api_enabled` | Maximum requests per period per user. View [Package Registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md) for more details. |
 | `throttle_unauthenticated_web_enabled`       | boolean          | no                                   | (**If enabled, requires:** `throttle_unauthenticated_web_period_in_seconds` and `throttle_unauthenticated_web_requests_per_period`) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). |
 | `throttle_unauthenticated_web_period_in_seconds` | integer      | required by:<br>`throttle_unauthenticated_web_enabled` | Rate limit period in seconds. |
 | `throttle_unauthenticated_web_requests_per_period` | integer    | required by:<br>`throttle_unauthenticated_web_enabled` | Max requests per period per IP. |

doc/security/user_file_uploads.md

@@ -7,8 +7,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # User File Uploads **(FREE)**
 
-> - In GitLab 14.8 and later, [authorization checks are enforced](https://gitlab.com/gitlab-org/gitlab/-/issues/26781) on media uploads. This change is being [rolled out incrementally](https://gitlab.com/gitlab-org/gitlab/-/issues/352291) on GitLab.com in 14.9.
-
 Images that are attached to issues, merge requests, or comments
 do not require authentication to be viewed if they are accessed directly by URL.
 This direct URL contains a random 32-character ID that prevents unauthorized

doc/topics/git/lfs/index.md

@@ -10,7 +10,7 @@ disqus_identifier: 'https://docs.gitlab.com/ee/workflow/lfs/lfs/index.html'
 
 Managing large files such as audio, video and graphics files has always been one
 of the shortcomings of Git. The general recommendation is to not have Git repositories
-larger than 1GB to preserve performance.
+larger than 1 GB to preserve performance.
 
 ![Git LFS tracking status](img/lfs-icon.png)
 
@@ -19,7 +19,7 @@ blob or an LFS pointer.
 
 ## How it works
 
-Git LFS client talks with the GitLab server over HTTPS. It uses HTTP Basic Authentication
+Git LFS client communicates with the GitLab server over HTTPS. It uses HTTP Basic Authentication
 to authorize client requests. After the request is authorized, Git LFS client receives
 instructions from where to fetch or where to push the large file.
 
@@ -29,29 +29,23 @@ Documentation for GitLab instance administrators is under [LFS administration do
 
 ## Requirements
 
-- Git LFS is supported in GitLab starting with version 8.2
-- Git LFS must be enabled under project settings
-- [Git LFS client](https://git-lfs.github.com) version 1.0.1 and up must be installed
+- Git LFS must be [enabled in project settings](../../../user/project/settings/index.md#sharing-and-permissions).
+- [Git LFS client](https://git-lfs.github.com) version 1.0.1 or higher must be installed.
 
 ## Known limitations
 
 - Git LFS v1 original API is not supported, because it was deprecated early in LFS
   development.
 - When SSH is set as a remote, Git LFS objects still go through HTTPS.
-- Any Git LFS request asks for HTTPS credentials to be provided so a good Git
-  credentials store is recommended.
+- Any Git LFS request asks for HTTPS credentials, so we recommend a good Git
+  credentials store.
 - Git LFS always assumes HTTPS so if you have GitLab server on HTTP you must
   [add the URL to Git configuration manually](#troubleshooting).
 - [Group wikis](../../../user/project/wiki/group.md) do not support Git LFS.
 
-NOTE:
-With 8.12 GitLab added LFS support to SSH. The Git LFS communication
-still goes over HTTP, but now the SSH client passes the correct credentials
-to the Git LFS client. No action is required by the user.
-
 ## Using Git LFS
 
-Lets take a look at the workflow when you need to check large files into your Git
+Let's take a look at the workflow when you need to check large files into your Git
 repository with Git LFS. For example, if you want to upload a very large file and
 check it into your Git repository:
 

lib/api/validations/validators/limit.rb

@@ -7,7 +7,7 @@ module API
         def validate_param!(attr_name, params)
           value = params[attr_name]
 
-          return if value.size <= @option
+          return if value.nil? || value.size <= @option
 
           raise Grape::Exceptions::Validation.new(
             params: [@scope.full_name(attr_name)],

locale/gitlab.pot

@@ -41852,7 +41852,7 @@ msgstr ""
 msgid "Vulnerability|Image"
 msgstr ""
 
-msgid "Vulnerability|Information related how the vulnerability was discovered and its impact to the system."
+msgid "Vulnerability|Information related to how the vulnerability was discovered and its impact on the system."
 msgstr ""
 
 msgid "Vulnerability|Learn more about this vulnerability and the best way to resolve it."

qa/qa/specs/features/browser_ui/3_create/snippet/create_personal_snippet_with_multiple_files_spec.rb

@@ -2,7 +2,7 @@
 
 module QA
   RSpec.describe 'Create' do
-    describe 'Multiple file snippet' do
+    describe 'Multiple file snippet', :reliable do
       let(:snippet) do
         Resource::Snippet.fabricate_via_browser_ui! do |snippet|
           snippet.title = 'Personal snippet with multiple files'

qa/qa/specs/features/browser_ui/3_create/snippet/delete_file_from_snippet_spec.rb

@@ -2,7 +2,7 @@
 
 module QA
   RSpec.describe 'Create' do
-    describe 'Multiple file snippet' do
+    describe 'Multiple file snippet', :reliable do
       let(:personal_snippet) do
         Resource::Snippet.fabricate_via_api! do |snippet|
           snippet.title = 'Personal snippet to delete file from'

qa/qa/specs/features/browser_ui/3_create/snippet/share_snippet_spec.rb

@@ -2,7 +2,7 @@
 
 module QA
   RSpec.describe 'Create' do
-    describe 'Sharing snippets' do
+    describe 'Sharing snippets', :reliable do
       let(:snippet) do
         Resource::Snippet.fabricate! do |snippet|
           snippet.title = 'Shared snippet'

spec/lib/api/validations/validators/limit_spec.rb

@@ -22,4 +22,10 @@ RSpec.describe API::Validations::Validators::Limit do
       expect_validation_error('test' => "#{'a' * 256}")
     end
   end
+
+  context 'value is nil' do
+    it 'does not raise a validation error' do
+      expect_no_validation_error('test' => nil)
+    end
+  end
 end