Add latest changes from gitlab-org/gitlab@master

2022-04-14 12:09:31 +00:00 · 2022-04-14 12:09:31 +00:00 · 9769ccf613
parent 66f492cea7
commit 9769ccf613
55 changed files with 1231 additions and 468 deletions
--- a/.rubocop_todo/layout/line_length.yml
+++ b/.rubocop_todo/layout/line_length.yml
@ -650,7 +650,6 @@ Layout/LineLength:
    - 'app/services/loose_foreign_keys/batch_cleaner_service.rb'
    - 'app/services/loose_foreign_keys/cleaner_service.rb'
    - 'app/services/members/approve_access_request_service.rb'
-    - 'app/services/members/create_service.rb'
    - 'app/services/members/destroy_service.rb'
    - 'app/services/members/invitation_reminder_email_service.rb'
    - 'app/services/members/mailgun/process_webhook_service.rb'
--- a/app/assets/javascripts/alerts_settings/graphql/mutations/create_http_integration.mutation.graphql
+++ b/app/assets/javascripts/alerts_settings/graphql/mutations/create_http_integration.mutation.graphql
@ -3,8 +3,6 @@
 mutation createHttpIntegration($projectPath: ID!, $name: String!, $active: Boolean!) {
  httpIntegrationCreate(input: { projectPath: $projectPath, name: $name, active: $active }) {
    errors
-    # We have ID in a deeply nested fragment
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    integration {
      ...HttpIntegrationItem
    }
--- a/app/assets/javascripts/alerts_settings/graphql/mutations/destroy_http_integration.mutation.graphql
+++ b/app/assets/javascripts/alerts_settings/graphql/mutations/destroy_http_integration.mutation.graphql
@ -3,8 +3,6 @@
 mutation destroyHttpIntegration($id: ID!) {
  httpIntegrationDestroy(input: { id: $id }) {
    errors
-    # We have ID in a deeply nested fragment
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    integration {
      ...HttpIntegrationItem
    }
--- a/app/assets/javascripts/alerts_settings/graphql/mutations/reset_http_token.mutation.graphql
+++ b/app/assets/javascripts/alerts_settings/graphql/mutations/reset_http_token.mutation.graphql
@ -3,8 +3,6 @@
 mutation resetHttpIntegrationToken($id: ID!) {
  httpIntegrationResetToken(input: { id: $id }) {
    errors
-    # We have ID in a deeply nested fragment
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    integration {
      ...HttpIntegrationItem
    }
--- a/app/assets/javascripts/alerts_settings/graphql/mutations/update_http_integration.mutation.graphql
+++ b/app/assets/javascripts/alerts_settings/graphql/mutations/update_http_integration.mutation.graphql
@ -3,8 +3,6 @@
 mutation updateHttpIntegration($id: ID!, $name: String!, $active: Boolean!) {
  httpIntegrationUpdate(input: { id: $id, name: $name, active: $active }) {
    errors
-    # We have ID in a deeply nested fragment
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    integration {
      ...HttpIntegrationItem
    }
--- a/app/assets/javascripts/boards/graphql/board_list_create.mutation.graphql
+++ b/app/assets/javascripts/boards/graphql/board_list_create.mutation.graphql
@ -2,8 +2,6 @@

 mutation createBoardList($boardId: BoardID!, $backlog: Boolean, $labelId: LabelID) {
  boardListCreate(input: { boardId: $boardId, backlog: $backlog, labelId: $labelId }) {
-    # We have ID in a deeply nested fragment
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    list {
      ...BoardListFragment
    }
--- a/app/assets/javascripts/boards/graphql/board_list_update.mutation.graphql
+++ b/app/assets/javascripts/boards/graphql/board_list_update.mutation.graphql
@ -2,8 +2,6 @@

 mutation UpdateBoardList($listId: ID!, $position: Int, $collapsed: Boolean) {
  updateBoardList(input: { listId: $listId, position: $position, collapsed: $collapsed }) {
-    # We have ID in a deeply nested fragment
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    list {
      ...BoardListFragment
    }
--- a/app/assets/javascripts/boards/graphql/board_lists.query.graphql
+++ b/app/assets/javascripts/boards/graphql/board_lists.query.graphql
@ -13,8 +13,6 @@ query BoardLists(
      id
      hideBacklogList
      lists(issueFilters: $filters) {
-        # We have ID in a deeply nested fragment
-        # eslint-disable-next-line @graphql-eslint/require-id-when-available
        nodes {
          ...BoardListFragment
        }
@ -27,8 +25,6 @@ query BoardLists(
      id
      hideBacklogList
      lists(issueFilters: $filters) {
-        # We have ID in a deeply nested fragment
-        # eslint-disable-next-line @graphql-eslint/require-id-when-available
        nodes {
          ...BoardListFragment
        }
--- a/app/assets/javascripts/design_management/graphql/mutations/upload_design.mutation.graphql
+++ b/app/assets/javascripts/design_management/graphql/mutations/upload_design.mutation.graphql
@ -3,7 +3,6 @@

 mutation uploadDesign($files: [Upload!]!, $projectPath: ID!, $iid: ID!) {
  designManagementUpload(input: { projectPath: $projectPath, iid: $iid, files: $files }) {
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    designs {
      ...DesignItem
      versions {
--- a/app/assets/javascripts/design_management/graphql/queries/get_design.query.graphql
+++ b/app/assets/javascripts/design_management/graphql/queries/get_design.query.graphql
@ -13,7 +13,6 @@ query getDesign(
      id
      designCollection {
        designs(atVersion: $atVersion, filenames: $filenames) {
-          # eslint-disable-next-line @graphql-eslint/require-id-when-available
          nodes {
            ...DesignItem
            issue {
--- a/app/assets/javascripts/diffs/components/app.vue
+++ b/app/assets/javascripts/diffs/components/app.vue
@ -570,12 +570,8 @@ export default {
        this.scrollVirtualScrollerToIndex(index);
      }
    },
-    async scrollVirtualScrollerToIndex(index) {
+    scrollVirtualScrollerToIndex(index) {
      this.virtualScrollCurrentIndex = index;
-
-      await this.$nextTick();
-
-      this.virtualScrollCurrentIndex = -1;
    },
    scrollVirtualScrollerToDiffNote() {
      const id = window?.location?.hash;
@ -701,7 +697,7 @@ export default {
                    </dynamic-scroller-item>
                  </template>
                </pre-renderer>
-                <virtual-scroller-scroll-sync :index="virtualScrollCurrentIndex" />
+                <virtual-scroller-scroll-sync v-model="virtualScrollCurrentIndex" />
              </template>
            </dynamic-scroller>
            <template v-else>
--- a/app/assets/javascripts/diffs/components/virtual_scroller_scroll_sync.js
+++ b/app/assets/javascripts/diffs/components/virtual_scroller_scroll_sync.js
@ -2,6 +2,9 @@ import { handleLocationHash } from '~/lib/utils/common_utils';

 export default {
  inject: ['vscrollParent'],
+  model: {
+    prop: 'index',
+  },
  props: {
    index: {
      type: Number,
@ -39,6 +42,7 @@ export default {
  methods: {
    scrollToIndex(index) {
      this.vscrollParent.scrollToItem(index);
+      this.$emit('update', -1);

      setTimeout(() => {
        handleLocationHash();
--- a/app/assets/javascripts/graphql_shared/fragments/user_availability.fragment.graphql
+++ b/app/assets/javascripts/graphql_shared/fragments/user_availability.fragment.graphql
@ -1,4 +1,3 @@
-# eslint-disable-next-line @graphql-eslint/require-id-when-available
 fragment UserAvailability on User {
  status {
    availability
--- a/app/assets/javascripts/incidents/graphql/fragments/incident_fields.fragment.graphql
+++ b/app/assets/javascripts/incidents/graphql/fragments/incident_fields.fragment.graphql
@ -1,4 +1,3 @@
-# eslint-disable-next-line @graphql-eslint/require-id-when-available
 fragment IncidentFields on Issue {
  severity
  escalationStatus
--- a/app/assets/javascripts/runner/graphql/details/runner.query.graphql
+++ b/app/assets/javascripts/runner/graphql/details/runner.query.graphql
@ -1,8 +1,6 @@
 #import "ee_else_ce/runner/graphql/details/runner_details.fragment.graphql"

 query getRunner($id: CiRunnerID!) {
-  # We have an id in deeply nested fragment
-  # eslint-disable-next-line @graphql-eslint/require-id-when-available
  runner(id: $id) {
    ...RunnerDetails
  }
--- a/app/assets/javascripts/runner/graphql/details/runner_update.mutation.graphql
+++ b/app/assets/javascripts/runner/graphql/details/runner_update.mutation.graphql
@ -5,8 +5,6 @@

 mutation runnerUpdate($input: RunnerUpdateInput!) {
  runnerUpdate(input: $input) {
-    # We have an id in deep nested fragment
-    # eslint-disable-next-line @graphql-eslint/require-id-when-available
    runner {
      ...RunnerDetails
    }
--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@ -52,7 +52,7 @@
      white-space: nowrap;

      img {
-        height: 28px;
+        height: 24px;

        + .logo-text {
          margin-left: 8px;
--- a/app/assets/stylesheets/startup/startup-dark.scss
+++ b/app/assets/stylesheets/startup/startup-dark.scss
@ -808,7 +808,7 @@ input {
  white-space: nowrap;
 }
 .navbar-gitlab .header-content .title img {
-  height: 28px;
+  height: 24px;
 }
 .navbar-gitlab .header-content .title img + .logo-text {
  margin-left: 8px;
--- a/app/assets/stylesheets/startup/startup-general.scss
+++ b/app/assets/stylesheets/startup/startup-general.scss
@ -794,7 +794,7 @@ input {
  white-space: nowrap;
 }
 .navbar-gitlab .header-content .title img {
-  height: 28px;
+  height: 24px;
 }
 .navbar-gitlab .header-content .title img + .logo-text {
  margin-left: 8px;
--- a/app/components/diffs/overflow_warning_component.html.haml
+++ b/app/components/diffs/overflow_warning_component.html.haml
@ -0,0 +1,9 @@
+= render Pajamas::AlertComponent.new(title: _('Too many changes to show.'),
+  variant: :warning,
+  alert_class: 'gl-mb-5') do
+  .gl-alert-body
+    = message
+
+  .gl-alert-actions
+    = diff_link
+    = patch_link
--- a/app/components/diffs/overflow_warning_component.rb
+++ b/app/components/diffs/overflow_warning_component.rb
@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Diffs
+  class OverflowWarningComponent < BaseComponent
+    # Skipping coverage because of https://gitlab.com/gitlab-org/gitlab/-/issues/357381
+    #
+    # This is fully tested by the output in the view part of this component,
+    # but undercoverage doesn't understand the relationship between the two parts.
+    #
+    # :nocov:
+    def initialize(diffs:, diff_files:, project:, commit: nil, merge_request: nil)
+      @diffs = diffs
+      @diff_files = diff_files
+      @project = project
+      @commit = commit
+      @merge_request = merge_request
+    end
+
+    def message
+      html_escape(message_text) % {
+        display_size: @diff_files.size,
+        real_size: @diffs.real_size,
+        strong_open: '<strong>'.html_safe,
+        strong_close: '</strong>'.html_safe
+      }
+    end
+
+    def diff_link
+      text = _("Plain diff")
+
+      if commit?
+        link_to text, project_commit_path(@project, @commit, format: :diff), class: button_classes
+      elsif merge_request?
+        link_to text, merge_request_path(@merge_request, format: :diff), class: button_classes
+      end
+    end
+
+    def patch_link
+      text = _("Email patch")
+
+      if commit?
+        link_to text, project_commit_path(@project, @commit, format: :patch), class: button_classes
+      elsif merge_request?
+        link_to text, merge_request_path(@merge_request, format: :patch), class: button_classes
+      end
+    end
+
+    private
+
+    def commit?
+      current_controller?(:commit) &&
+        @commit.present?
+    end
+
+    def merge_request?
+      current_controller?("projects/merge_requests/diffs") &&
+        @merge_request.present? &&
+        @merge_request.persisted?
+    end
+
+    def message_text
+      _(
+        "To preserve performance only %{strong_open}%{display_size} " \
+        "of %{real_size}%{strong_close} files are displayed."
+      )
+    end
+
+    def button_classes
+      "btn gl-alert-action btn-default gl-button btn-default-secondary"
+    end
+    # :nocov:
+  end
+end
--- a/app/services/ci/create_pipeline_service.rb
+++ b/app/services/ci/create_pipeline_service.rb
@ -14,6 +14,7 @@ module Ci
                Gitlab::Ci::Pipeline::Chain::Build::Associations,
                Gitlab::Ci::Pipeline::Chain::Validate::Abilities,
                Gitlab::Ci::Pipeline::Chain::Validate::Repository,
+                Gitlab::Ci::Pipeline::Chain::Limit::RateLimit,
                Gitlab::Ci::Pipeline::Chain::Validate::SecurityOrchestrationPolicy,
                Gitlab::Ci::Pipeline::Chain::Skip,
                Gitlab::Ci::Pipeline::Chain::Config::Content,
--- a/app/services/members/create_service.rb
+++ b/app/services/members/create_service.rb
@ -16,6 +16,7 @@ module Members
      @errors = []
      @invites = invites_from_params
      @source = params[:source]
+      @tasks_to_be_done_members = []
    end

    def execute
@ -25,6 +26,7 @@ module Members
      validate_invitable!

      add_members
+      create_tasks_to_be_done
      enqueue_onboarding_progress_action

      publish_event!
@ -40,7 +42,8 @@ module Members

    private

-    attr_reader :source, :errors, :invites, :member_created_namespace_id, :members
+    attr_reader :source, :errors, :invites, :member_created_namespace_id, :members,
+                :tasks_to_be_done_members, :member_created_member_task_id

    def invites_from_params
      return params[:user_ids] if params[:user_ids].is_a?(Array)
@ -76,13 +79,15 @@ module Members
      )

      members.each { |member| process_result(member) }
-
-      create_tasks_to_be_done
    end

    def process_result(member)
-      if member.invalid?
-        add_error_for_member(member)
+      existing_errors = member.errors.full_messages
+
+      # calling invalid? clears any errors that were added outside of the
+      # rails validation process
+      if member.invalid? || existing_errors.present?
+        add_error_for_member(member, existing_errors)
      else
        after_execute(member: member)
        @member_created_namespace_id ||= member.namespace_id
@ -90,20 +95,29 @@ module Members
    end

    # overridden
-    def add_error_for_member(member)
+    def add_error_for_member(member, existing_errors)
      prefix = "#{member.user.username}: " if member.user.present?

-      errors << "#{prefix}#{member.errors.full_messages.to_sentence}"
+      errors << "#{prefix}#{all_member_errors(member, existing_errors).to_sentence}"
+    end
+
+    def all_member_errors(member, existing_errors)
+      existing_errors.concat(member.errors.full_messages).uniq
    end

    def after_execute(member:)
      super

+      build_tasks_to_be_done_members(member)
      track_invite_source(member)
    end

    def track_invite_source(member)
-      Gitlab::Tracking.event(self.class.name, 'create_member', label: invite_source, property: tracking_property(member), user: current_user)
+      Gitlab::Tracking.event(self.class.name,
+                             'create_member',
+                             label: invite_source,
+                             property: tracking_property(member),
+                             user: current_user)
    end

    def invite_source
@ -117,17 +131,28 @@ module Members
      member.invite? ? 'net_new_user' : 'existing_user'
    end

-    def create_tasks_to_be_done
-      return if params[:tasks_to_be_done].blank? || params[:tasks_project_id].blank?
-
-      # Only create task issues for existing users. Tasks for new users are created when they signup.
-      valid_members = members.select { |member| member.valid? && member.member_task.valid? && member.user.present? }
-      return unless valid_members.present?
+    def build_tasks_to_be_done_members(member)
+      return unless tasks_to_be_done?(member)

+      @tasks_to_be_done_members << member
      # We can take the first `member_task` here, since all tasks will have the same attributes needed
      # for the `TasksToBeDone::CreateWorker`, ie. `project` and `tasks_to_be_done`.
-      member_task = valid_members[0].member_task
-      TasksToBeDone::CreateWorker.perform_async(member_task.id, current_user.id, valid_members.map(&:user_id))
+      @member_created_member_task_id ||= member.member_task.id
+    end
+
+    def tasks_to_be_done?(member)
+      return false if params[:tasks_to_be_done].blank? || params[:tasks_project_id].blank?
+
+      # Only create task issues for existing users. Tasks for new users are created when they signup.
+      member.member_task&.valid? && member.user.present?
+    end
+
+    def create_tasks_to_be_done
+      return unless member_created_member_task_id # signal if there is any work to be done here
+
+      TasksToBeDone::CreateWorker.perform_async(member_created_member_task_id,
+                                                current_user.id,
+                                                tasks_to_be_done_members.map(&:user_id))
    end

    def user_limit
--- a/app/services/members/creator_service.rb
+++ b/app/services/members/creator_service.rb
@ -4,15 +4,13 @@ module Members
  # This class serves as more of an app-wide way we add/create members
  # All roads to add members should take this path.
  class CreatorService
-    include Gitlab::Experiment::Dsl
-
    class << self
      def parsed_access_level(access_level)
        access_levels.fetch(access_level) { access_level.to_i }
      end

      def access_levels
-        raise NotImplementedError
+        Gitlab::Access.sym_options_with_owner
      end
    end

@ -25,7 +23,7 @@ module Members

    def execute
      find_or_build_member
-      update_member
+      commit_member
      create_member_task

      member
@ -33,23 +31,39 @@ module Members

    private

+    delegate :new_record?, to: :member
    attr_reader :source, :user, :access_level, :member, :args

-    def update_member
-      return unless can_update_member?
-
+    def assign_member_attributes
      member.attributes = member_attributes
+    end

-      if member.request?
-        approve_request
+    def commit_member
+      if can_commit_member?
+        assign_member_attributes
+        commit_changes
      else
-        member.save
+        add_commit_error
      end
    end

-    def can_update_member?
+    def can_commit_member?
      # There is no current user for bulk actions, in which case anything is allowed
-      !current_user # inheriting classes will add more logic
+      return true if skip_authorization?
+
+      if new_record?
+        can_create_new_member?
+      else
+        can_update_existing_member?
+      end
+    end
+
+    def can_create_new_member?
+      raise NotImplementedError
+    end
+
+    def can_update_existing_member?
+      raise NotImplementedError
    end

    # Populates the attributes of a member.
@ -64,6 +78,14 @@ module Members
      }
    end

+    def commit_changes
+      if member.request?
+        approve_request
+      else
+        member.save
+      end
+    end
+
    def create_member_task
      return unless member.persisted?
      return if member_task_attributes.value?(nil)
@ -93,6 +115,20 @@ module Members
      args[:current_user]
    end

+    def skip_authorization?
+      !current_user
+    end
+
+    def add_commit_error
+      msg = if new_record?
+              _('not authorized to create member')
+            else
+              _('not authorized to update member')
+            end
+
+      member.errors.add(:base, msg)
+    end
+
    def find_or_build_member
      @user = parse_user_param

--- a/app/services/members/groups/creator_service.rb
+++ b/app/services/members/groups/creator_service.rb
@ -3,14 +3,14 @@
 module Members
  module Groups
    class CreatorService < Members::CreatorService
-      def self.access_levels
-        Gitlab::Access.sym_options_with_owner
-      end
-
      private

-      def can_update_member?
-        super || current_user.can?(:update_group_member, member)
+      def can_create_new_member?
+        current_user.can?(:admin_group_member, member.group)
+      end
+
+      def can_update_existing_member?
+        current_user.can?(:update_group_member, member)
      end
    end
  end
--- a/app/services/members/invite_service.rb
+++ b/app/services/members/invite_service.rb
@ -51,8 +51,8 @@ module Members
    end

    override :add_error_for_member
-    def add_error_for_member(member)
-      errors[invited_object(member)] = member.errors.full_messages.to_sentence
+    def add_error_for_member(member, existing_errors)
+      errors[invited_object(member)] = all_member_errors(member, existing_errors).to_sentence
    end

    def invited_object(member)
--- a/app/services/members/projects/creator_service.rb
+++ b/app/services/members/projects/creator_service.rb
@ -3,19 +3,28 @@
 module Members
  module Projects
    class CreatorService < Members::CreatorService
-      def self.access_levels
-        Gitlab::Access.sym_options_with_owner
-      end
-
      private

-      def can_update_member?
-        super || current_user.can?(:update_project_member, member) || adding_the_creator_as_owner_in_a_personal_project?
+      def can_create_new_member?
+        # order is important here!
+        # The `admin_project_member` check has side-effects that causes projects not be created if this area is hit
+        # during project creation.
+        # Call that triggers is current_user.can?(:admin_project_member, member.project)
+        # I tracked back to base_policy.rb admin check and specifically in
+        # Gitlab::Auth::CurrentUserMode.new(@user).admin_mode? call.
+        # This calls user.admin? and that specific call causes issues with project creation in
+        # spec/requests/api/projects_spec.rb specs and others, mostly around project creation.
+        # https://gitlab.com/gitlab-org/gitlab/-/issues/358931 for investigation
+        adding_the_creator_as_owner_in_a_personal_project? || current_user.can?(:admin_project_member, member.project)
+      end
+
+      def can_update_existing_member?
+        current_user.can?(:update_project_member, member)
      end

      def adding_the_creator_as_owner_in_a_personal_project?
        # this condition is reached during testing setup a lot due to use of `.add_user`
-        member.project.personal_namespace_holder?(member.user) && member.new_record?
+        member.project.personal_namespace_holder?(member.user)
      end
    end
  end
--- a/app/views/admin/application_settings/_outbound.html.haml
+++ b/app/views/admin/application_settings/_outbound.html.haml
@ -1,16 +1,13 @@
-= form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-outbound-settings'), html: { class: 'fieldset-form' } do |f|
+= gitlab_ui_form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-outbound-settings'), html: { class: 'fieldset-form' } do |f|
  = form_errors(@application_setting)

  %fieldset
    .form-group
-      .form-check
-        = f.check_box :allow_local_requests_from_web_hooks_and_services, class: 'form-check-input', data: { qa_selector: 'allow_requests_from_services_checkbox' }
-        = f.label :allow_local_requests_from_web_hooks_and_services, class: 'form-check-label' do
-          = s_('OutboundRequests|Allow requests to the local network from web hooks and services')
-      .form-check
-        = f.check_box :allow_local_requests_from_system_hooks, class: 'form-check-input'
-        = f.label :allow_local_requests_from_system_hooks, class: 'form-check-label' do
-          = s_('OutboundRequests|Allow requests to the local network from system hooks')
+      = f.gitlab_ui_checkbox_component :allow_local_requests_from_web_hooks_and_services,
+          s_('OutboundRequests|Allow requests to the local network from web hooks and services'),
+          checkbox_options: { data: { qa_selector: 'allow_requests_from_services_checkbox' } }
+      = f.gitlab_ui_checkbox_component :allow_local_requests_from_system_hooks,
+          s_('OutboundRequests|Allow requests to the local network from system hooks')

    .form-group
      = f.label :outbound_local_requests_allowlist_raw, class: 'label-bold' do
@ -21,11 +18,8 @@
        = link_to _('Learn more.'), help_page_path('security/webhooks.md', anchor: 'allowlist-for-local-requests'), target: '_blank', rel: 'noopener noreferrer'

    .form-group
-      .form-check
-        = f.check_box :dns_rebinding_protection_enabled, class: 'form-check-input'
-        = f.label :dns_rebinding_protection_enabled, class: 'form-check-label' do
-          = s_('OutboundRequests|Enforce DNS rebinding attack protection')
-        %span.form-text.text-muted
-          = s_('OutboundRequests|Resolve IP addresses once and uses them to submit requests.')
+      = f.gitlab_ui_checkbox_component :dns_rebinding_protection_enabled,
+          s_('OutboundRequests|Enforce DNS rebinding attack protection'),
+          help_text: _('OutboundRequests|Resolve IP addresses once and uses them to submit requests.')

  = f.submit _('Save changes'), class: "gl-button btn btn-confirm", data: { qa_selector: 'save_changes_button' }
--- a/app/views/admin/application_settings/appearances/_form.html.haml
+++ b/app/views/admin/application_settings/appearances/_form.html.haml
@ -21,7 +21,7 @@
          = f.hidden_field :header_logo_cache
          = f.file_field :header_logo, class: "", accept: 'image/*'
          .form-text.text-muted
-            = _('Maximum file size is 1MB. Pages are optimized for a 28px tall header logo')
+            = _('Maximum file size is 1MB. Pages are optimized for a 24px tall header logo')
  %hr
  .row
    .col-lg-4.profile-settings-sidebar
--- a/app/views/projects/diffs/_diffs.html.haml
+++ b/app/views/projects/diffs/_diffs.html.haml
@ -28,7 +28,7 @@
    = render Diffs::StatsComponent.new(diff_files: diff_files)

 - if render_overflow_warning?(diffs)
-  = render 'projects/diffs/warning', diff_files: diffs
+  = render Diffs::OverflowWarningComponent.new(diffs: diffs, diff_files: diff_files, project: @project, commit: @commit, merge_request: @merge_request)

 .files{ data: { can_create_note: can_create_note } }
  - if load_diff_files_async
--- a/app/views/projects/diffs/_warning.html.haml
+++ b/app/views/projects/diffs/_warning.html.haml
@ -1,12 +0,0 @@
-= render Pajamas::AlertComponent.new(title: _('Too many changes to show.'),
-  variant: :warning,
-  alert_class: 'gl-mb-5') do
-  .gl-alert-body
-    = html_escape(_("To preserve performance only %{strong_open}%{display_size} of %{real_size}%{strong_close} files are displayed.")) % { display_size: diff_files.size, real_size: diff_files.real_size, strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
-  .gl-alert-actions
-    - if current_controller?(:commit)
-      = link_to _("Plain diff"), project_commit_path(@project, @commit, format: :diff), class: "btn gl-alert-action btn-default gl-button btn-default-secondary"
-      = link_to _("Email patch"), project_commit_path(@project, @commit, format: :patch), class: "btn gl-alert-action btn-default gl-button btn-default-secondary"
-    - elsif current_controller?('projects/merge_requests/diffs') && @merge_request&.persisted?
-      = link_to _("Plain diff"), merge_request_path(@merge_request, format: :diff), class: "btn gl-alert-action btn-default gl-button btn-default-secondary"
-      = link_to _("Email patch"), merge_request_path(@merge_request, format: :patch), class: "btn gl-alert-action btn-default gl-button btn-default-secondary"
--- a/config/feature_flags/development/ci_throttle_pipelines_creation.yml
+++ b/config/feature_flags/development/ci_throttle_pipelines_creation.yml
@ -0,0 +1,8 @@
+---
+name: ci_throttle_pipelines_creation
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83969
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/357520
+milestone: '14.10'
+type: development
+group: group::pipeline execution
+default_enabled: false
--- a/config/feature_flags/development/ci_throttle_pipelines_creation_dry_run.yml
+++ b/config/feature_flags/development/ci_throttle_pipelines_creation_dry_run.yml
@ -0,0 +1,8 @@
+---
+name: ci_throttle_pipelines_creation_dry_run
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83969
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/357524
+milestone: '14.10'
+type: development
+group: group::pipeline execution
+default_enabled: true
--- a/doc/development/fe_guide/vue.md
+++ b/doc/development/fe_guide/vue.md
@ -123,6 +123,10 @@ Using dependency injection to provide values from HAML is ideal when:
  prop-drilling becomes an inconvenience. Prop-drilling when the same prop is passed
  through all components in the hierarchy until the component that is genuinely using it.

+Dependency injection can potentially break a child component (either an immediate child or multiple levels deep) if the value declared in the `inject` configuration doesn't have defaults defined and the parent component has not provided the value using the `provide` configuration.
+
+- A [default value](https://vuejs.org/guide/components/provide-inject.html#injection-default-values) might be useful in contexts where it makes sense.
+
 ##### props

 If the value from HAML doesn't fit the criteria of dependency injection, use `props`.
--- a/doc/user/group/value_stream_analytics/img/vsa_aggregated_data_toggle_v14_9.png
+++ b/doc/user/group/value_stream_analytics/img/vsa_aggregated_data_toggle_v14_9.png
--- a/doc/user/group/value_stream_analytics/index.md
+++ b/doc/user/group/value_stream_analytics/index.md
@ -16,6 +16,7 @@ Use value stream analytics to identify:
 - The amount of time it takes to go from an idea to production.
 - The velocity of a given project.
 - Bottlenecks in the development process.
+- Detecting long-running issues or merge requests.
 - Factors that cause your software development lifecycle to slow down.

 Value stream analytics is also available for [projects](../../analytics/value_stream_analytics.md).
@ -26,7 +27,10 @@ Value stream analytics is also available for [projects](../../analytics/value_st
 > - Filtering [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13216) in GitLab 13.3
 > - Horizontal stage path [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12196) in 13.0 and [feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/323982) in 13.12

-You must have at least the Reporter role to view value stream analytics for groups.
+Prerequisite:
+
+- You must have at least the Reporter role to view value stream analytics for groups.
+- You must create a [custom value stream](#custom-value-streams). Value stream analytics only shows custom value streams created for your group.

 To view value stream analytics for your group:

@ -37,6 +41,9 @@ To view value stream analytics for your group:
   1. Select the **Filter results** text box.
   1. Select a parameter.
   1. Select a value or enter text to refine the results.
+   1. Select whether to view metrics for items with a start or stop event:
+      - To view items with a stop event in the date range, turn on the **Filter by stop date** toggle. Enabled by default.
+      - To view items with a start event in the date range, turn off the **Filter by stop date** toggle.
   1. To adjust the date range:
      - In the **From** field, select a start date.
      - In the **To** field, select an end date. The charts and list show workflow items created
@ -71,6 +78,9 @@ To view the median time spent in each stage by a group:
   1. Select the **Filter results** text box.
   1. Select a parameter.
   1. Select a value or enter text to refine the results.
+   1. Select whether to view metrics for items with a start or stop event:
+      - To view items with a stop event in the date range, turn on the **Filter by stop date** toggle. Enabled by default.
+      - To view items with a start event in the date range, turn off the **Filter by stop date** toggle.
   1. To adjust the date range:
      - In the **From** field, select a start date.
      - In the **To** field, select an end date.
@ -91,6 +101,9 @@ To view the lead time and cycle time for issues:
   1. Select the **Filter results** text box.
   1. Select a parameter.
   1. Select a value or enter text to refine the results.
+   1. Select whether to view metrics for items with a start or stop event:
+      - To view items with a stop event in the date range, turn on the **Filter by stop date** toggle. Enabled by default.
+      - To view items with a start event in the date range, turn off the **Filter by stop date** toggle.
   1. To adjust the date range:
      - In the **From** field, select a start date.
      - In the **To** field, select an end date.
@ -111,6 +124,9 @@ To view the lead time for changes for merge requests in your group:
   1. Select the **Filter results** text box.
   1. Select a parameter.
   1. Select a value or enter text to refine the results.
+   1. Select whether to view metrics for items with a start or stop event:
+      - To view items with a stop event in the date range, turn on the **Filter by stop date** toggle. Enabled by default.
+      - To view items with a start event in the date range, turn off the **Filter by stop date** toggle.
   1. To adjust the date range:
      - In the **From** field, select a start date.
      - In the **To** field, select an end date.
@ -137,6 +153,9 @@ To view deployment metrics for your group:
   1. Select the **Filter results** text box.
   1. Select a parameter.
   1. Select a value or enter text to refine the results.
+   1. Select whether to view metrics for items with a start or stop event:
+      - To view items with a stop event in the date range, turn on the **Filter by stop date** toggle. Enabled by default.
+      - To view items with a start event in the date range, turn off the **Filter by stop date** toggle.
   1. To adjust the date range:
      - In the **From** field, select a start date.
      - In the **To** field, select an end date.
@ -150,25 +169,24 @@ NOTE:
 In GitLab 13.9 and later, metrics are calculated based on when the deployment was finished.
 In GitLab 13.8 and earlier, metrics are calculated based on when the deployment was created.

-## Upcoming date filter change
+### How value stream analytics aggregates data

-In the [epics](https://gitlab.com/groups/gitlab-org/-/epics/6046), we plan to alter
-the date filter behavior to filter the end event time of the currently selected stage.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335391) in GitLab 14.5 [with a flag](../../../administration/feature_flags.md) named `use_vsa_aggregated_tables`. Disabled by default.
+> - Filter by stop date toggle [added](https://gitlab.com/gitlab-org/gitlab/-/issues/352428) in GitLab 14.9
+> - Data refresh badge [added](https://gitlab.com/gitlab-org/gitlab/-/issues/341739) in GitLab 14.9

-The change makes it possible to get a much better picture about the completed items within the
-stage and helps uncover long-running items.
+Plans for value stream analytics to filter items by stop event instead of start event are tracked in this [epic](https://gitlab.com/groups/gitlab-org/-/epics/6046). With the completion of this work, value stream analytics will only display items with a stop event in the date range. 

-For example, an issue was created a year ago and the current stage was finished in the current month.
-If you were to look at the metrics for the last three months, this issue would not be included in the calculation of
-the stage metrics. With the new date filter, this item would be included.
+To preview this functionality, you can use the **Filter by stop date** toggle to enable or disable this filter until the [default filtering mode is introduced](../../../update/deprecations.md#value-stream-analytics-filtering-calculation-change) and the toggle is removed.

-DISCLAIMER:
-This section contains information related to upcoming products, features, and functionality.
-It is important to note that the information presented is for informational purposes only.
-Please do not rely on this information for purchasing or planning purposes.
-As with all projects, the items mentioned on this page are subject to change or delay.
-The development, release, and timing of any products, features, or functionality remain at the
-sole discretion of GitLab Inc.
+If you turn on the **Filter by stop date** toggle, the results show items with a stop event within the date range. When this function is enabled, it may take up to 10 minutes for results to show due to data aggregation. There are occasions when it may take longer than 10 minutes for results to display:
+
+- If this is the first time you are viewing value stream analytics and have not yet [created a value stream](#create-a-value-stream).
+- If the group hierarchy has been re-arranged.
+- If there have been bulk updates on issues and merge requests.
+
+To view when the data was most recently updated, in the right corner next to **Edit**, hover over the **Last updated** badge. This badge is only available if you have turned on the **Filter by start date** toggle.
+![Aggregated data toggle](img/vsa_aggregated_data_toggle_v14_9.png "Aggregated data toggle")

 ## How value stream analytics measures stages

@ -177,7 +195,10 @@ Value stream analytics measures each stage from its start event to its end event
 For example, a stage might start when a user adds a label to an issue, and ends when they add another label.
 Items aren't included in the stage time calculation if they have not reached the end event.

-Each stage of value stream analytics is further described in the table below.
+Value stream analytics allows you to customize your stages based on pre-defined events. To make the
+configuration easier, GitLab provides a pre-defined list of stages that can be used as a template
+
+Each pre-defined stages of value stream analytics is further described in the table below.

 | Stage   | Measurement method   |
 | ------- | -------------------- |
@ -188,7 +209,7 @@ Each stage of value stream analytics is further described in the table below.
 | Review    | The median time taken to review a merge request that has a closing issue pattern, between its creation and until it's merged. |
 | Staging   | The median time between merging a merge request that has a closing issue pattern until the very first deployment to a [production environment](#how-value-stream-analytics-identifies-the-production-environment). If there isn't a production environment, this is not tracked. |

-## Example workflow
+### Example workflow

 This example shows a workflow through all seven stages in one day.

@ -263,7 +284,7 @@ To create a value stream:

 1. On the top bar, select **Menu > Groups** and find your group.
 1. On the left sidebar, select **Analytics > Value Stream**.
-1. In the top right, select the dropdown list and then **Create new Value Stream**.
+1. If this is the first time you are creating a value stream, select **Create custom value stream**. Otherwise, in the top right, select the dropdown list and then **Create new Value Stream**.
 1. Enter a name for the new Value Stream.
   - You can [customize the stages](#create-a-value-stream-with-stages).
 1. Select **Create Value Stream**.
@ -283,7 +304,7 @@ To create a value stream with stages:

 1. On the top bar, select **Menu > Groups** and find your group.
 1. On the left sidebar, select **Analytics > Value Stream**.
-1. In the top right, select the dropdown list and then **Create new Value Stream**.
+1. If this is the first time you are creating a value stream, select **Create custom value stream**. Otherwise, in the top right, select the dropdown list and then **Create new Value Stream**.
 1. Select either **Create from default template** or **Create from no template**.
   - You can hide or re-order default stages in the value stream.

--- a/doc/user/infrastructure/clusters/connect/new_gke_cluster.md
+++ b/doc/user/infrastructure/clusters/connect/new_gke_cluster.md
@ -6,6 +6,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Create a Google GKE cluster

+INFO:
+Every new Google Cloud Platform (GCP) account receives [$300 in credit](https://console.cloud.google.com/freetrial),
+and in partnership with Google, GitLab is able to offer an additional $200 for new
+GCP accounts to get started with the GitLab integration with Google Kubernetes Engine.
+[Follow this link](https://cloud.google.com/partners/partnercredit/?pcn_code=0014M00001h35gDQAQ#contact-form)
+and apply for credit.
+
 Learn how to create a new cluster on Google Kubernetes Engine (GKE) through
 [Infrastructure as Code (IaC)](../../index.md). This process uses the Google
 and Kubernetes Terraform providers create GKE clusters. You connect the clusters to GitLab
--- a/doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md
+++ b/doc/user/infrastructure/clusters/migrate_to_gitlab_agent.md
@ -70,7 +70,11 @@ Follow the process for the [CI/CD workflow](../../clusters/agent/ci_cd_tunnel.md

 ## Migrate from GitLab Managed applications

-Follow the process to [migrate from GitLab Managed Apps to the cluster management project](../../clusters/migrating_from_gma_to_project_template.md).
+[GitLab Managed Apps (GMA)](../../clusters/applications.md#gitlab-managed-apps-deprecated) were deprecated in GitLab 14.0, and
+the agent for Kubernetes does not support them. To migrate from GMA to the agent, go through the following steps:
+
+1. [Migrate from GitLab Managed Apps to a cluster management project](../../clusters/migrating_from_gma_to_project_template.md).
+1. [Migrate the cluster management project to use the agent](../../clusters/management_project_template.md).

 ## Migrate a cluster management project

--- a/doc/user/search/advanced_search.md
+++ b/doc/user/search/advanced_search.md
@ -46,72 +46,9 @@ The Advanced Search can be useful in various scenarios:
  may be connected to each other, so your developers need to instantly search
  throughout the GitLab instance and find the code they search for.

-## Use the Advanced Search syntax
+## Advanced Search syntax

-Elasticsearch has data for the default branch only. That means that if you go
-to the repository tree and switch the branch from the default to something else,
-then the **Code** tab in the search result page is served by the basic
-search even if Elasticsearch is enabled.
-
-The Advanced Search syntax supports fuzzy or exact search queries with prefixes,
-boolean operators, and much more. Use the search as before and GitLab shows
-you matching code from each project you have access to.
-
-![Advanced Search](img/advanced_search_v13.10.png)
-
-Full details can be found in the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/5.3/query-dsl-simple-query-string-query.html#_simple_query_string_syntax), but
-here's a quick guide:
-
- Searches look for all the words in a query, in any order - for example: searching
-  issues for [`display bug`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=display+bug&group_id=9970&project_id=278964) and [`bug display`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+Display&group_id=9970&project_id=278964) return the same results.
- To find the exact phrase (stemming still applies), use double quotes: [`"display bug"`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=%22display+bug%22&group_id=9970&project_id=278964)
- To find bugs not mentioning display, use `-`: [`bug -display`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+-display&group_id=9970&project_id=278964)
- To find a bug in display or banner, use `|`: [`bug display | banner`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+display+%7C+banner&group_id=9970&project_id=278964)
- To group terms together, use parentheses: [`bug | (display +banner)`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+%7C+%28display+%2Bbanner%29&group_id=9970&project_id=278964)
- To match a partial word, use `*`. In this example, I want to find bugs with any 500 errors. : [`bug error 50*`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+error+50*&group_id=9970&project_id=278964)
- To use one of symbols above literally, escape the symbol with a preceding `\`: [`argument \-last`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=argument+%5C-last&group_id=9970&project_id=278964)
-
-## Syntax search filters
-
-Advanced Search also supports the use of filters. The available filters are:
-
- `filename`: Filters by filename. You can use the glob (`*`) operator for fuzzy matching.
- `path`: Filters by path. You can use the glob (`*`) operator for fuzzy matching.
- `extension`: Filters by extension in the filename. Please write the extension without a leading dot. Exact match only.
- `blob`: Filters by Git `object ID`. Exact match only.
-
-To use them, add them to your keyword in the format `<filter_name>:<value>` without
-any spaces between the colon (`:`) and the value. When no keyword is provided, an asterisk (`*`) is used as the keyword.
-
-Examples:
-
- Finding a file with any content named `search_results.rb`: [`* filename:search_results.rb`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=*+filename%3Asearch_results.rb&group_id=9970&project_id=278964)
- The leading asterisk (`*`) can be ignored in the case above: [`filename:search_results.rb`](https://gitlab.com/search?group_id=9970&project_id=278964&scope=blobs&search=filename%3Asearch_results.rb)
- Finding a file named `found_blob_spec.rb` with the text `CHANGELOG` inside of it: [`CHANGELOG filename:found_blob_spec.rb`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=CHANGELOG+filename%3Afound_blob_spec.rb&group_id=9970&project_id=278964)
- Finding the text `EpicLinks` inside files with the `.rb` extension: [`EpicLinks extension:rb`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=EpicLinks+extension%3Arb&group_id=9970&project_id=278964)
- Finding any file with the `.yaml` extension: [`extension:yaml`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=extension%3Ayaml&group_id=9970&project_id=278964)
- Finding the text `Sidekiq` in a file, when that file is in a path that includes `elastic`: [`Sidekiq path:elastic`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=Sidekiq+path%3Aelastic&group_id=9970&project_id=278964)
- Finding any file in a path that includes `elasticsearch`: [`path:elasticsearch`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=path%3Aelasticsearch&group_id=9970&project_id=278964)
- Finding the files represented by the Git object ID `998707b421c89bd9a3063333f9f728ef3e43d101`: [`* blob:998707b421c89bd9a3063333f9f728ef3e43d101`](https://gitlab.com/search?snippets=false&scope=blobs&repository_ref=&search=*+blob%3A998707b421c89bd9a3063333f9f728ef3e43d101&group_id=9970)
- Syntax filters can be combined for complex filtering. Finding any file starting with `search` containing `eventHub` and with the `.js` extension: [`eventHub filename:search* extension:js`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=eventHub+filename%3Asearch*+extension%3Ajs&group_id=9970&project_id=278964)
-
-### Excluding filters
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/31684) in GitLab 13.3.
-
-Filters can be inverted to **filter out** results from the result set, by prefixing the filter name with a `-` (hyphen) character, such as:
-
- `-filename`
- `-path`
- `-extension`
- `-blob`
-
-Examples:
-
- Finding `rails` in all files but `Gemfile.lock`: [`rails -filename:Gemfile.lock`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=rails+-filename%3AGemfile.lock&group_id=9970&project_id=278964)
- Finding `success` in all files excluding `.po|pot` files: [`success -filename:*.po*`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=success+-filename%3A*.po*&group_id=9970&project_id=278964)
- Finding `import` excluding minified JavaScript (`.min.js`) files: [`import -extension:min.js`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=import+-extension%3Amin.js&group_id=9970&project_id=278964)
- Finding `docs` for all files outside the `docs/` folder: [`docs -path:docs/`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=docs+-path%3Adocs%2F&group_id=9970&project_id=278964)
+See the documentation on [Advanced Search syntax](global_search/advanced_search_syntax.md).

 ## Search by issue or merge request ID

--- a/doc/user/search/global_search/advanced_search_syntax.md
+++ b/doc/user/search/global_search/advanced_search_syntax.md
@ -0,0 +1,49 @@
+---
+stage: Enablement
+group: Global Search
+info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
+type: reference
+---
+
+# Advanced Search syntax **(PREMIUM)**
+
+With [Advanced Search](../advanced_search.md), you can perform a thorough
+search through your entire GitLab instance.
+
+The Advanced Search syntax supports fuzzy or exact search queries with prefixes,
+boolean operators, and much more. Advanced Search uses
+[Elasticsearch's syntax](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html#simple-query-string-syntax).
+
+WARNING:
+Advanced Search searches projects' default branches only.
+
+See query examples on the tables below and their respective expected output.
+The examples link to a search on GitLab.com to help you visualize the output.
+
+## General search
+
+| Query example | Expected output |
+|---|---|
+[`“display bug”`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=%22display+bug%22&group_id=9970&project_id=278964) | Returns the **exact phrase** _display bug_ (stemming still applies). |
+[`bug -display`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+-display&group_id=9970&project_id=278964) | Results include _bug_, and **exclude** _display_. |
+[`bug \| display`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+display+%7C+banner&group_id=9970&project_id=278964) | Results include _bug_ **or** _display_. |
+[`bug \| (display +banner)`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+%7C+%28display+%2Bbanner%29&group_id=9970&project_id=278964) | Results include _bug_ **or** _display_ **and** _banner_. |
+| [`bug error 50*`](https://gitlab.com/search?snippets=&scope=issues&repository_ref=&search=bug+error+50*&group_id=9970&project_id=278964) | `*` finds **partial matches**. Results include _bug_, _error_, and the partial _50_ (looking for any 500 errors, for example). |
+| [`bug \-display`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=argument+%5C-last&group_id=9970&project_id=278964) | `\` **scapes symbols**. Results include _bug_ **and** _-display_. |
+
+## Code Search
+
+| Query example | Expected output | Notes |
+|---|---|---|
+| [`filename:*spec.rb`](https://gitlab.com/search?snippets=&scope=blobs&repository_ref=&search=filename%3A*spec.rb&group_id=9970&project_id=278964) | Returns the specified filename. | Use `*` for fuzzy matching. |
+| [`path:spec/controllers/`](https://gitlab.com/search?group_id=9970&project_id=278964&repository_ref=&scope=blobs&search=path%3Aspec%2Fcontrollers%2F&snippets=) | Returns the specified path location of the repository. | Use `*` for fuzzy matching. |
+| [`extension:js`](https://gitlab.com/search?group_id=9970&project_id=278964&repository_ref=&scope=blobs&search=extension%3Ajs&snippets=) | Returns the specified file extension. | **Do not** include a leading dot. This only works with exact matches for the extension. |
+| [`blob:998707b421c89b*`](https://gitlab.com/search?snippets=false&scope=blobs&repository_ref=&search=blob%3A998707b421c89b*&group_id=9970) | Returns the specified Git object ID. | This only works with exact matches. |
+
+## Excluding filters
+
+Filters can also be inverted to filter out results from the result set by prefixing the filter name with a `-` (hyphen) character.
+
+| Query example | Expected output |
+|---|---|
+| [`rails -filename:gemfile.lock`](https://gitlab.com/search?group_id=9970&project_id=278964&repository_ref=&scope=blobs&search=rails+-filename%3Agemfile.lock&snippets=) | Results include _`rails`_ in all files except the _`gemfile.lock`_ file. |
--- a/doc/user/search/img/advanced_search_v13.10.png
+++ b/doc/user/search/img/advanced_search_v13.10.png
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@ -7,10 +7,10 @@ module API

    before { authenticate_non_get! }

-    feature_category :subgroups
-
    helpers Helpers::GroupsHelpers

+    feature_category :subgroups, ['/groups/:id/custom_attributes', '/groups/:id/custom_attributes/:key']
+
    helpers do
      params :statistics_params do
        optional :statistics, type: Boolean, default: false, desc: 'Include project statistics'
@ -181,7 +181,7 @@ module API
        use :group_list_params
        use :with_custom_attributes
      end
-      get do
+      get feature_category: :subgroups do
        groups = find_groups(declared_params(include_missing: false), params[:id])
        present_groups_with_pagination_strategies params, groups
      end
@ -196,7 +196,7 @@ module API

        use :optional_params
      end
-      post do
+      post feature_category: :subgroups do
        parent_group = find_group!(params[:parent_id]) if params[:parent_id].present?
        if parent_group
          authorize! :create_subgroup, parent_group
@ -229,7 +229,7 @@ module API
        use :optional_update_params
        use :optional_update_params_ee
      end
-      put ':id' do
+      put ':id', feature_category: :subgroups do
        group = find_group!(params[:id])
        group.preload_shared_group_links

@ -249,7 +249,7 @@ module API
        use :with_custom_attributes
        optional :with_projects, type: Boolean, default: true, desc: 'Omit project details'
      end
-      get ":id" do
+      get ":id", feature_category: :subgroups do
        group = find_group!(params[:id])
        group.preload_shared_group_links

@ -265,7 +265,7 @@ module API
      end

      desc 'Remove a group.'
-      delete ":id" do
+      delete ":id", feature_category: :subgroups do
        group = find_group!(params[:id])
        authorize! :admin_group, group
        check_subscription! group
@ -300,7 +300,7 @@ module API
        use :with_custom_attributes
        use :optional_projects_params
      end
-      get ":id/projects" do
+      get ":id/projects", feature_category: :subgroups do
        finder_options = {
          only_owned: !params[:with_shared],
          include_subgroups: params[:include_subgroups],
@ -334,7 +334,7 @@ module API
        use :pagination
        use :with_custom_attributes
      end
-      get ":id/projects/shared" do
+      get ":id/projects/shared", feature_category: :subgroups do
        projects = find_group_projects(params, { only_shared: true })

        present_projects(params, projects)
@ -347,7 +347,7 @@ module API
        use :group_list_params
        use :with_custom_attributes
      end
-      get ":id/subgroups" do
+      get ":id/subgroups", feature_category: :subgroups do
        groups = find_groups(declared_params(include_missing: false), params[:id])
        present_groups params, groups
      end
@ -359,7 +359,7 @@ module API
        use :group_list_params
        use :with_custom_attributes
      end
-      get ":id/descendant_groups" do
+      get ":id/descendant_groups", feature_category: :subgroups do
        finder_params = declared_params(include_missing: false).merge(include_parent_descendants: true)
        groups = find_groups(finder_params, params[:id])
        present_groups params, groups
@ -371,7 +371,7 @@ module API
      params do
        requires :project_id, type: String, desc: 'The ID or path of the project'
      end
-      post ":id/projects/:project_id", requirements: { project_id: /.+/ } do
+      post ":id/projects/:project_id", requirements: { project_id: /.+/ }, feature_category: :projects do
        authenticated_as_admin!
        group = find_group!(params[:id])
        group.preload_shared_group_links
@ -391,7 +391,7 @@ module API
          desc: 'The ID of the target group to which the group needs to be transferred to.'\
                'If not provided, the source group will be promoted to a root group.'
      end
-      post ':id/transfer' do
+      post ':id/transfer', feature_category: :subgroups do
        group = find_group!(params[:id])
        authorize! :admin_group, group

@ -415,7 +415,7 @@ module API
        requires :group_access, type: Integer, values: Gitlab::Access.all_values, desc: 'The group access level'
        optional :expires_at, type: Date, desc: 'Share expiration date'
      end
-      post ":id/share" do
+      post ":id/share", feature_category: :subgroups do
        shared_group = find_group!(params[:id])
        shared_with_group = find_group!(params[:group_id])

@ -438,7 +438,7 @@ module API
        requires :group_id, type: Integer, desc: 'The ID of the shared group'
      end
      # rubocop: disable CodeReuse/ActiveRecord
-      delete ":id/share/:group_id" do
+      delete ":id/share/:group_id", feature_category: :subgroups do
        shared_group = find_group!(params[:id])

        link = shared_group.shared_with_group_links.find_by(shared_with_group_id: params[:group_id])
--- a/lib/gitlab/application_rate_limiter.rb
+++ b/lib/gitlab/application_rate_limiter.rb
@ -41,7 +41,8 @@ module Gitlab
          auto_rollback_deployment:           { threshold: 1, interval: 3.minutes },
          search_rate_limit:                  { threshold: -> { application_settings.search_rate_limit }, interval: 1.minute },
          search_rate_limit_unauthenticated:  { threshold: -> { application_settings.search_rate_limit_unauthenticated }, interval: 1.minute },
-          gitlab_shell_operation:       { threshold: 600, interval: 1.minute }
+          gitlab_shell_operation:       { threshold: 600, interval: 1.minute },
+          pipelines_create:             { threshold: 4, interval: 1.minute }
        }.freeze
      end

--- a/lib/gitlab/ci/pipeline/chain/limit/rate_limit.rb
+++ b/lib/gitlab/ci/pipeline/chain/limit/rate_limit.rb
@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    module Pipeline
+      module Chain
+        module Limit
+          class RateLimit < Chain::Base
+            include Chain::Helpers
+
+            def perform!
+              return unless throttle_enabled?
+
+              # We exclude child-pipelines from the rate limit because they represent
+              # sub-pipelines that would otherwise hit the rate limit due to having the
+              # same scope (project, user, sha).
+              #
+              return if pipeline.parent_pipeline?
+
+              if rate_limit_throttled?
+                create_log_entry
+                error(throttle_message) unless dry_run?
+              end
+            end
+
+            def break?
+              @pipeline.errors.any?
+            end
+
+            private
+
+            def rate_limit_throttled?
+              ::Gitlab::ApplicationRateLimiter.throttled?(
+                :pipelines_create, scope: [project, current_user, command.sha]
+              )
+            end
+
+            def create_log_entry
+              Gitlab::AppJsonLogger.info(
+                class: self.class.name,
+                namespace_id: project.namespace_id,
+                project_id: project.id,
+                commit_sha: command.sha,
+                current_user_id: current_user.id,
+                subscription_plan: project.actual_plan_name,
+                message: 'Activated pipeline creation rate limit'
+              )
+            end
+
+            def throttle_message
+              'Too many pipelines created in the last minute. Try again later.'
+            end
+
+            def throttle_enabled?
+              ::Feature.enabled?(
+                :ci_throttle_pipelines_creation,
+                project,
+                default_enabled: :yaml)
+            end
+
+            def dry_run?
+              ::Feature.enabled?(
+                :ci_throttle_pipelines_creation_dry_run,
+                project,
+                default_enabled: :yaml)
+            end
+          end
+        end
+      end
+    end
+  end
+end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -23267,7 +23267,7 @@ msgstr ""
 msgid "Maximum file size is 1 MB. Image size must be 32 x 32 pixels. Allowed image formats are %{favicon_extension_whitelist}."
 msgstr ""

-msgid "Maximum file size is 1MB. Pages are optimized for a 28px tall header logo"
+msgid "Maximum file size is 1MB. Pages are optimized for a 24px tall header logo"
 msgstr ""

 msgid "Maximum file size is 1MB. Pages are optimized for a 640x360 px logo."
@ -45326,6 +45326,12 @@ msgstr ""
 msgid "none"
 msgstr ""

+msgid "not authorized to create member"
+msgstr ""
+
+msgid "not authorized to update member"
+msgstr ""
+
 msgid "not found"
 msgstr ""

--- a/package.json
+++ b/package.json
@ -205,7 +205,7 @@
    "@babel/plugin-transform-modules-commonjs": "^7.10.1",
    "@gitlab/eslint-plugin": "12.0.1",
    "@gitlab/stylelint-config": "4.0.0",
-    "@graphql-eslint/eslint-plugin": "3.0.0",
+    "@graphql-eslint/eslint-plugin": "3.10.2",
    "@testing-library/dom": "^7.16.2",
    "@types/jest": "^26.0.24",
    "@vue/test-utils": "1.3.0",
--- a/spec/components/diffs/overflow_warning_component_spec.rb
+++ b/spec/components/diffs/overflow_warning_component_spec.rb
@ -0,0 +1,184 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+RSpec.describe Diffs::OverflowWarningComponent, type: :component do
+  include RepoHelpers
+
+  subject(:component) do
+    described_class.new(
+      diffs: diffs,
+      diff_files: diff_files,
+      project: project,
+      commit: commit,
+      merge_request: merge_request
+    )
+  end
+
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:repository) { project.repository }
+  let_it_be(:commit) { project.commit(sample_commit.id) }
+  let_it_be(:diffs) { commit.raw_diffs }
+  let_it_be(:diff) { diffs.first }
+  let_it_be(:diff_refs) { commit.diff_refs }
+  let_it_be(:diff_file) { Gitlab::Diff::File.new(diff, diff_refs: diff_refs, repository: repository) }
+  let_it_be(:diff_files) { [diff_file] }
+  let_it_be(:merge_request) { create(:merge_request, source_project: project) }
+
+  let(:expected_button_classes) do
+    "btn gl-alert-action btn-default gl-button btn-default-secondary"
+  end
+
+  describe "rendered component" do
+    subject { rendered_component }
+
+    context "on a commit page" do
+      before do
+        with_controller_class Projects::CommitController do
+          render_inline component
+        end
+      end
+
+      it { is_expected.to include(component.message) }
+
+      it "links to the diff" do
+        expect(component.diff_link).to eq(
+          ActionController::Base.helpers.link_to(
+            _("Plain diff"),
+            project_commit_path(project, commit, format: :diff),
+            class: expected_button_classes
+          )
+        )
+
+        is_expected.to include(component.diff_link)
+      end
+
+      it "links to the patch" do
+        expect(component.patch_link).to eq(
+          ActionController::Base.helpers.link_to(
+            _("Email patch"),
+            project_commit_path(project, commit, format: :patch),
+            class: expected_button_classes
+          )
+        )
+
+        is_expected.to include(component.patch_link)
+      end
+    end
+
+    context "on a merge request page and the merge request is persisted" do
+      before do
+        with_controller_class Projects::MergeRequests::DiffsController do
+          render_inline component
+        end
+      end
+
+      it { is_expected.to include(component.message) }
+
+      it "links to the diff" do
+        expect(component.diff_link).to eq(
+          ActionController::Base.helpers.link_to(
+            _("Plain diff"),
+            merge_request_path(merge_request, format: :diff),
+            class: expected_button_classes
+          )
+        )
+
+        is_expected.to include(component.diff_link)
+      end
+
+      it "links to the patch" do
+        expect(component.patch_link).to eq(
+          ActionController::Base.helpers.link_to(
+            _("Email patch"),
+            merge_request_path(merge_request, format: :patch),
+            class: expected_button_classes
+          )
+        )
+
+        is_expected.to include(component.patch_link)
+      end
+    end
+
+    context "both conditions fail" do
+      before do
+        allow(component).to receive(:commit?).and_return(false)
+        allow(component).to receive(:merge_request?).and_return(false)
+        render_inline component
+      end
+
+      it { is_expected.to include(component.message) }
+      it { is_expected.not_to include(expected_button_classes) }
+      it { is_expected.not_to include("Plain diff") }
+      it { is_expected.not_to include("Email patch") }
+    end
+  end
+
+  describe "#message" do
+    subject { component.message }
+
+    it { is_expected.to be_a(String) }
+
+    it "is HTML-safe" do
+      expect(subject.html_safe?).to be_truthy
+    end
+  end
+
+  describe "#diff_link" do
+    subject { component.diff_link }
+
+    before do
+      allow(component).to receive(:link_to).and_return("foo")
+      render_inline component
+    end
+
+    it "is a string when on a commit page" do
+      allow(component).to receive(:commit?).and_return(true)
+
+      is_expected.to eq("foo")
+    end
+
+    it "is a string when on a merge request page" do
+      allow(component).to receive(:commit?).and_return(false)
+      allow(component).to receive(:merge_request?).and_return(true)
+
+      is_expected.to eq("foo")
+    end
+
+    it "is nil in other situations" do
+      allow(component).to receive(:commit?).and_return(false)
+      allow(component).to receive(:merge_request?).and_return(false)
+
+      is_expected.to be_nil
+    end
+  end
+
+  describe "#patch_link" do
+    subject { component.patch_link }
+
+    before do
+      allow(component).to receive(:link_to).and_return("foo")
+      render_inline component
+    end
+
+    it "is a string when on a commit page" do
+      allow(component).to receive(:commit?).and_return(true)
+
+      is_expected.to eq("foo")
+    end
+
+    it "is a string when on a merge request page" do
+      allow(component).to receive(:commit?).and_return(false)
+      allow(component).to receive(:merge_request?).and_return(true)
+
+      is_expected.to eq("foo")
+    end
+
+    it "is nil in other situations" do
+      allow(component).to receive(:commit?).and_return(false)
+      allow(component).to receive(:merge_request?).and_return(false)
+
+      is_expected.to be_nil
+    end
+  end
+end
--- a/spec/lib/gitlab/ci/pipeline/chain/limit/rate_limit_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/chain/limit/rate_limit_spec.rb
@ -0,0 +1,179 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Gitlab::Ci::Pipeline::Chain::Limit::RateLimit, :freeze_time, :clean_gitlab_redis_rate_limiting do
+  let_it_be(:user) { create(:user) }
+  let_it_be(:namespace) { create(:namespace) }
+  let_it_be(:project, reload: true) { create(:project, namespace: namespace) }
+
+  let(:save_incompleted) { false }
+  let(:throttle_message) do
+    'Too many pipelines created in the last minute. Try again later.'
+  end
+
+  let(:command) do
+    Gitlab::Ci::Pipeline::Chain::Command.new(
+      project: project,
+      current_user: user,
+      save_incompleted: save_incompleted
+    )
+  end
+
+  let(:pipeline) { build(:ci_pipeline, project: project, source: source) }
+  let(:source) { 'push' }
+  let(:step) { described_class.new(pipeline, command) }
+
+  def perform(count: 2)
+    count.times { step.perform! }
+  end
+
+  context 'when the limit is exceeded' do
+    before do
+      allow(Gitlab::ApplicationRateLimiter).to receive(:rate_limits)
+        .and_return(pipelines_create: { threshold: 1, interval: 1.minute })
+
+      stub_feature_flags(ci_throttle_pipelines_creation_dry_run: false)
+    end
+
+    it 'does not persist the pipeline' do
+      perform
+
+      expect(pipeline).not_to be_persisted
+      expect(pipeline.errors.added?(:base, throttle_message)).to be_truthy
+    end
+
+    it 'breaks the chain' do
+      perform
+
+      expect(step.break?).to be_truthy
+    end
+
+    it 'creates a log entry' do
+      expect(Gitlab::AppJsonLogger).to receive(:info).with(
+        a_hash_including(
+          class: described_class.name,
+          project_id: project.id,
+          subscription_plan: project.actual_plan_name,
+          commit_sha: command.sha
+        )
+      )
+
+      perform
+    end
+
+    context 'with child pipelines' do
+      let(:source) { 'parent_pipeline' }
+
+      it 'does not break the chain' do
+        perform
+
+        expect(step.break?).to be_falsey
+      end
+
+      it 'does not invalidate the pipeline' do
+        perform
+
+        expect(pipeline.errors).to be_empty
+      end
+
+      it 'does not log anything' do
+        expect(Gitlab::AppJsonLogger).not_to receive(:info)
+
+        perform
+      end
+    end
+
+    context 'when saving incompleted pipelines' do
+      let(:save_incompleted) { true }
+
+      it 'does not persist the pipeline' do
+        perform
+
+        expect(pipeline).not_to be_persisted
+        expect(pipeline.errors.added?(:base, throttle_message)).to be_truthy
+      end
+
+      it 'breaks the chain' do
+        perform
+
+        expect(step.break?).to be_truthy
+      end
+    end
+
+    context 'when ci_throttle_pipelines_creation is disabled' do
+      before do
+        stub_feature_flags(ci_throttle_pipelines_creation: false)
+      end
+
+      it 'does not break the chain' do
+        perform
+
+        expect(step.break?).to be_falsey
+      end
+
+      it 'does not invalidate the pipeline' do
+        perform
+
+        expect(pipeline.errors).to be_empty
+      end
+
+      it 'does not log anything' do
+        expect(Gitlab::AppJsonLogger).not_to receive(:info)
+
+        perform
+      end
+    end
+
+    context 'when ci_throttle_pipelines_creation_dry_run is enabled' do
+      before do
+        stub_feature_flags(ci_throttle_pipelines_creation_dry_run: true)
+      end
+
+      it 'does not break the chain' do
+        perform
+
+        expect(step.break?).to be_falsey
+      end
+
+      it 'does not invalidate the pipeline' do
+        perform
+
+        expect(pipeline.errors).to be_empty
+      end
+
+      it 'creates a log entry' do
+        expect(Gitlab::AppJsonLogger).to receive(:info).with(
+          a_hash_including(
+            class: described_class.name,
+            project_id: project.id,
+            subscription_plan: project.actual_plan_name,
+            commit_sha: command.sha
+          )
+        )
+
+        perform
+      end
+    end
+  end
+
+  context 'when the limit is not exceeded' do
+    it 'does not break the chain' do
+      perform
+
+      expect(step.break?).to be_falsey
+    end
+
+    it 'does not invalidate the pipeline' do
+      perform
+
+      expect(pipeline.errors).to be_empty
+    end
+
+    it 'does not log anything' do
+      expect(Gitlab::AppJsonLogger).not_to receive(:info)
+
+      perform
+    end
+  end
+end
--- a/spec/services/ci/create_pipeline_service/rate_limit_spec.rb
+++ b/spec/services/ci/create_pipeline_service/rate_limit_spec.rb
@ -0,0 +1,91 @@
+# frozen_string_literal: true
+require 'spec_helper'
+
+RSpec.describe Ci::CreatePipelineService, :freeze_time, :clean_gitlab_redis_rate_limiting do
+  describe 'rate limiting' do
+    let_it_be(:project) { create(:project, :repository) }
+    let_it_be(:user)    { project.first_owner }
+
+    let(:ref) { 'refs/heads/master' }
+
+    before do
+      stub_ci_pipeline_yaml_file(gitlab_ci_yaml)
+      stub_feature_flags(ci_throttle_pipelines_creation_dry_run: false)
+
+      allow(Gitlab::ApplicationRateLimiter).to receive(:rate_limits)
+        .and_return(pipelines_create: { threshold: 1, interval: 1.minute })
+    end
+
+    context 'when user is under the limit' do
+      let(:pipeline) { create_pipelines(count: 1) }
+
+      it 'allows pipeline creation' do
+        expect(pipeline).to be_created_successfully
+        expect(pipeline.statuses).not_to be_empty
+      end
+    end
+
+    context 'when user is over the limit' do
+      let(:pipeline) { create_pipelines }
+
+      it 'blocks pipeline creation' do
+        throttle_message = 'Too many pipelines created in the last minute. Try again later.'
+
+        expect(pipeline).not_to be_persisted
+        expect(pipeline.statuses).to be_empty
+        expect(pipeline.errors.added?(:base, throttle_message)).to be_truthy
+      end
+    end
+
+    context 'with different users' do
+      let(:other_user) { create(:user) }
+
+      before do
+        project.add_maintainer(other_user)
+      end
+
+      it 'allows other members to create pipelines' do
+        blocked_pipeline = create_pipelines(user: user)
+        allowed_pipeline = create_pipelines(count: 1, user: other_user)
+
+        expect(blocked_pipeline).not_to be_persisted
+        expect(allowed_pipeline).to be_created_successfully
+      end
+    end
+
+    context 'with different commits' do
+      it 'allows user to create pipeline' do
+        blocked_pipeline = create_pipelines(ref: ref)
+        allowed_pipeline = create_pipelines(count: 1, ref: 'refs/heads/feature')
+
+        expect(blocked_pipeline).not_to be_persisted
+        expect(allowed_pipeline).to be_created_successfully
+      end
+    end
+
+    context 'with different projects' do
+      let_it_be(:other_project) { create(:project, :repository) }
+
+      before do
+        other_project.add_maintainer(user)
+      end
+
+      it 'allows user to create pipeline' do
+        blocked_pipeline = create_pipelines(project: project)
+        allowed_pipeline = create_pipelines(count: 1, project: other_project)
+
+        expect(blocked_pipeline).not_to be_persisted
+        expect(allowed_pipeline).to be_created_successfully
+      end
+    end
+  end
+
+  def create_pipelines(attrs = {})
+    attrs.reverse_merge!(user: user, ref: ref, project: project, count: 2)
+
+    service = described_class.new(attrs[:project], attrs[:user], { ref: attrs[:ref] })
+
+    attrs[:count].pred.times { service.execute(:push) }
+    service.execute(:push).payload
+  end
+end
--- a/spec/services/ci/create_pipeline_service_spec.rb
+++ b/spec/services/ci/create_pipeline_service_spec.rb
@ -12,6 +12,10 @@ RSpec.describe Ci::CreatePipelineService do

  before do
    stub_ci_pipeline_to_return_yaml_file
+
+    # Disable rate limiting for pipeline creation
+    allow(Gitlab::ApplicationRateLimiter).to receive(:rate_limits)
+      .and_return(pipelines_create: { threshold: 0, interval: 1.minute })
  end

  describe '#execute' do
--- a/spec/services/members/create_service_spec.rb
+++ b/spec/services/members/create_service_spec.rb
@ -143,6 +143,32 @@ RSpec.describe Members::CreateService, :aggregate_failures, :clean_gitlab_redis_
    end
  end

+  context 'when adding a project_bot' do
+    let_it_be(:project_bot) { create(:user, :project_bot) }
+
+    let(:user_ids) { project_bot.id }
+
+    context 'when project_bot is already a member' do
+      before do
+        source.add_developer(project_bot)
+      end
+
+      it 'does not update the member' do
+        expect(execute_service[:status]).to eq(:error)
+        expect(execute_service[:message]).to eq("#{project_bot.username}: not authorized to update member")
+        expect(OnboardingProgress.completed?(source.namespace, :user_added)).to be(false)
+      end
+    end
+
+    context 'when project_bot is not already a member' do
+      it 'adds the member' do
+        expect(execute_service[:status]).to eq(:success)
+        expect(source.users).to include project_bot
+        expect(OnboardingProgress.completed?(source.namespace, :user_added)).to be(true)
+      end
+    end
+  end
+
  context 'when tracking the invite source', :snowplow do
    context 'when invite_source is not passed' do
      let(:additional_params) { {} }
--- a/spec/services/members/creator_service_spec.rb
+++ b/spec/services/members/creator_service_spec.rb
@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Members::CreatorService do
+  let_it_be(:source, reload: true) { create(:group, :public) }
+  let_it_be(:member_type) { GroupMember }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:current_user) { create(:user) }
+
+  describe '#execute' do
+    it 'raises error for new member on authorization check implementation' do
+      expect do
+        described_class.new(source, user, :maintainer, current_user: current_user).execute
+      end.to raise_error(NotImplementedError)
+    end
+
+    it 'raises error for an existing member on authorization check implementation' do
+      source.add_developer(user)
+
+      expect do
+        described_class.new(source, user, :maintainer, current_user: current_user).execute
+      end.to raise_error(NotImplementedError)
+    end
+  end
+end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -191,6 +191,7 @@ RSpec.configure do |config|
  config.include MigrationsHelpers, :migration
  config.include RedisHelpers
  config.include Rails.application.routes.url_helpers, type: :routing
+  config.include Rails.application.routes.url_helpers, type: :component
  config.include PolicyHelpers, type: :policy
  config.include ExpectRequestWithStatus, type: :request
  config.include IdempotentWorkerHelper, type: :worker
--- a/spec/support/shared_examples/models/member_shared_examples.rb
+++ b/spec/support/shared_examples/models/member_shared_examples.rb
@ -88,19 +88,55 @@ RSpec.shared_examples_for "member creation" do
      expect(member).to be_persisted
    end

-    context 'when admin mode is enabled', :enable_admin_mode do
+    context 'when adding a project_bot' do
+      let_it_be(:project_bot) { create(:user, :project_bot) }
+
+      before_all do
+        source.add_owner(user)
+      end
+
+      context 'when project_bot is already a member' do
+        before do
+          source.add_developer(project_bot)
+        end
+
+        it 'does not update the member' do
+          member = described_class.new(source, project_bot, :maintainer, current_user: user).execute
+
+          expect(source.users.reload).to include(project_bot)
+          expect(member).to be_persisted
+          expect(member.access_level).to eq(Gitlab::Access::DEVELOPER)
+          expect(member.errors.full_messages).to include(/not authorized to update member/)
+        end
+      end
+
+      context 'when project_bot is not already a member' do
+        it 'adds the member' do
+          member = described_class.new(source, project_bot, :maintainer, current_user: user).execute
+
+          expect(source.users.reload).to include(project_bot)
+          expect(member).to be_persisted
+        end
+      end
+    end
+
+    context 'when admin mode is enabled', :enable_admin_mode, :aggregate_failures do
      it 'sets members.created_by to the given admin current_user' do
        member = described_class.new(source, user, :maintainer, current_user: admin).execute

+        expect(member).to be_persisted
+        expect(source.users.reload).to include(user)
        expect(member.created_by).to eq(admin)
      end
    end

    context 'when admin mode is disabled' do
-      it 'rejects setting members.created_by to the given admin current_user' do
+      it 'rejects setting members.created_by to the given admin current_user', :aggregate_failures do
        member = described_class.new(source, user, :maintainer, current_user: admin).execute

-        expect(member.created_by).to be_nil
+        expect(member).not_to be_persisted
+        expect(source.users.reload).not_to include(user)
+        expect(member.errors.full_messages).to include(/not authorized to create member/)
      end
    end

@ -142,7 +178,7 @@ RSpec.shared_examples_for "member creation" do
      end

      context 'when called with an unknown user id' do
-        it 'adds the user as a member' do
+        it 'does not add the user as a member' do
          expect(source.users).not_to include(user)

          described_class.new(source, non_existing_record_id, :maintainer).execute
--- a/yarn.lock
+++ b/yarn.lock
@ -34,14 +34,7 @@
  dependencies:
    "@babel/highlight" "^7.10.4"

-"@babel/code-frame@7.16.0":
-  version "7.16.0"
-  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.16.0.tgz#0dfc80309beec8411e65e706461c408b0bb9b431"
-  integrity sha512-IF4EOMEV+bfYwOmNxGzSnjR2EmQod7f1UXOpZM3l4i4o4QNwzjtJAu/HxdjHq0aYBvdqMuQEY1eg0nqW9ZPORA==
-  dependencies:
-    "@babel/highlight" "^7.16.0"
-
-"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.14.5", "@babel/code-frame@^7.16.7":
+"@babel/code-frame@7.16.7", "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.16.7":
  version "7.16.7"
  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.16.7.tgz#44416b6bd7624b998f5b1af5d470856c40138789"
  integrity sha512-iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg==
@ -90,10 +83,10 @@
  dependencies:
    eslint-rule-composer "^0.3.0"

-"@babel/generator@^7.15.4", "@babel/generator@^7.17.3", "@babel/generator@^7.17.7":
-  version "7.17.7"
-  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.17.7.tgz#8da2599beb4a86194a3b24df6c085931d9ee45ad"
-  integrity sha512-oLcVCTeIFadUoArDTwpluncplrYBmTCCZZgXCbgNGvOBBiSDDK3eWO4b/+eOTli5tKv1lg+a5/NAXg+nTcei1w==
+"@babel/generator@^7.17.7", "@babel/generator@^7.17.9":
+  version "7.17.9"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.17.9.tgz#f4af9fd38fa8de143c29fce3f71852406fc1e2fc"
+  integrity sha512-rAdDousTwxbIxbz5I7GEQ3lUip+xVCXooZNbsydCWs3xA7ZsYOv+CFRdzGxRX78BmQHu9B1Eso59AOZQOJDEdQ==
  dependencies:
    "@babel/types" "^7.17.0"
    jsesc "^2.5.1"
@ -169,23 +162,22 @@
    "@babel/traverse" "^7.10.1"
    "@babel/types" "^7.10.1"

-"@babel/helper-function-name@^7.10.1", "@babel/helper-function-name@^7.15.4", "@babel/helper-function-name@^7.16.7":
-  version "7.16.7"
-  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.16.7.tgz#f1ec51551fb1c8956bc8dd95f38523b6cf375f8f"
-  integrity sha512-QfDfEnIUyyBSR3HtrtGECuZ6DAyCkYFp7GHl75vFtTnn6pjKeK0T1DB5lLkFvBea8MdaiUABx3osbgLyInoejA==
+"@babel/helper-function-name@^7.10.1", "@babel/helper-function-name@^7.15.4", "@babel/helper-function-name@^7.17.9":
+  version "7.17.9"
+  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.17.9.tgz#136fcd54bc1da82fcb47565cf16fd8e444b1ff12"
+  integrity sha512-7cRisGlVtiVqZ0MW0/yFB4atgpGLWEHUVYnb448hZK4x+vih0YO5UoS11XIYtZYqHd0dIPMdUSv8q5K4LdMnIg==
  dependencies:
-    "@babel/helper-get-function-arity" "^7.16.7"
    "@babel/template" "^7.16.7"
-    "@babel/types" "^7.16.7"
+    "@babel/types" "^7.17.0"

-"@babel/helper-get-function-arity@^7.10.1", "@babel/helper-get-function-arity@^7.16.7":
+"@babel/helper-get-function-arity@^7.10.1":
  version "7.16.7"
  resolved "https://registry.yarnpkg.com/@babel/helper-get-function-arity/-/helper-get-function-arity-7.16.7.tgz#ea08ac753117a669f1508ba06ebcc49156387419"
  integrity sha512-flc+RLSOBXzNzVhcLu6ujeHUrD6tANAOU5ojrRx/as+tbzf8+stUCj7+IfRRoAbEZqj/ahXEMsjhOhgeZsrnTw==
  dependencies:
    "@babel/types" "^7.16.7"

-"@babel/helper-hoist-variables@^7.10.1", "@babel/helper-hoist-variables@^7.15.4", "@babel/helper-hoist-variables@^7.16.7":
+"@babel/helper-hoist-variables@^7.10.1", "@babel/helper-hoist-variables@^7.16.7":
  version "7.16.7"
  resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.16.7.tgz#86bcb19a77a509c7b77d0e22323ef588fa58c246"
  integrity sha512-m04d/0Op34H5v7pbZw6pSKP7weA6lsMvfiIAMeIvkY/R4xQtBSMFEigu9QTZ2qB/9l22vsxtM8a+Q8CzD255fg==
@ -281,7 +273,7 @@
  dependencies:
    "@babel/types" "^7.16.7"

-"@babel/helper-validator-identifier@^7.14.9", "@babel/helper-validator-identifier@^7.15.7", "@babel/helper-validator-identifier@^7.16.7":
+"@babel/helper-validator-identifier@^7.15.7", "@babel/helper-validator-identifier@^7.16.7":
  version "7.16.7"
  resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.16.7.tgz#e8c602438c4a8195751243da9031d1607d247cad"
  integrity sha512-hsEnFemeiW4D08A5gUAZxLBTXpZ39P+a+DGDsHw1yxqyQ/jzFEnxf5uTEGp+3bzAbNOxU1paTgYS4ECU/IgfDw==
@ -310,7 +302,7 @@
    "@babel/traverse" "^7.17.3"
    "@babel/types" "^7.17.0"

-"@babel/highlight@^7.10.4", "@babel/highlight@^7.16.0", "@babel/highlight@^7.16.7":
+"@babel/highlight@^7.10.4", "@babel/highlight@^7.16.7":
  version "7.16.10"
  resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.16.10.tgz#744f2eb81579d6eea753c227b0f570ad785aba88"
  integrity sha512-5FnTQLSLswEj6IkgVw5KusNUUFY9ZGqe/TRFnP/BKYHYgfh7tc+C7mwiy95/yNP7Dh9x580Vv8r7u7ZfTBFxdw==
@ -319,15 +311,10 @@
    chalk "^2.0.0"
    js-tokens "^4.0.0"

-"@babel/parser@7.15.8":
-  version "7.15.8"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.15.8.tgz#7bacdcbe71bdc3ff936d510c15dcea7cf0b99016"
-  integrity sha512-BRYa3wcQnjS/nqI8Ac94pYYpJfojHVvVXJ97+IDCImX4Jc8W8Xv1+47enbruk+q1etOpsQNwnfFcNGw+gtPGxA==
-
-"@babel/parser@^7.1.0", "@babel/parser@^7.15.4", "@babel/parser@^7.16.7", "@babel/parser@^7.17.3", "@babel/parser@^7.17.8":
-  version "7.17.8"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.17.8.tgz#2817fb9d885dd8132ea0f8eb615a6388cca1c240"
-  integrity sha512-BoHhDJrJXqcg+ZL16Xv39H9n+AqJ4pcDrQBGZN+wHxIysrLZ3/ECwCBUch/1zUNhnsXULcONU3Ei5Hmkfk6kiQ==
+"@babel/parser@^7.1.0", "@babel/parser@^7.16.7", "@babel/parser@^7.16.8", "@babel/parser@^7.17.8", "@babel/parser@^7.17.9":
+  version "7.17.9"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.17.9.tgz#9c94189a6062f0291418ca021077983058e171ef"
+  integrity sha512-vqUSBLP8dQHFPdPi9bc5GK9vRkYHJ49fsZdtoJ8EQ8ibpwk5rPKfvNIwChB0KVXcIjcepEBBd2VHC5r9Gy8ueg==

 "@babel/plugin-proposal-async-generator-functions@^7.10.1":
  version "7.10.1"
@ -872,46 +859,23 @@
    "@babel/parser" "^7.16.7"
    "@babel/types" "^7.16.7"

-"@babel/traverse@7.15.4":
-  version "7.15.4"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.15.4.tgz#ff8510367a144bfbff552d9e18e28f3e2889c22d"
-  integrity sha512-W6lQD8l4rUbQR/vYgSuCAE75ADyyQvOpFVsvPPdkhf6lATXAsQIG9YdtOcu8BB1dZ0LKu+Zo3c1wEcbKeuhdlA==
-  dependencies:
-    "@babel/code-frame" "^7.14.5"
-    "@babel/generator" "^7.15.4"
-    "@babel/helper-function-name" "^7.15.4"
-    "@babel/helper-hoist-variables" "^7.15.4"
-    "@babel/helper-split-export-declaration" "^7.15.4"
-    "@babel/parser" "^7.15.4"
-    "@babel/types" "^7.15.4"
-    debug "^4.1.0"
-    globals "^11.1.0"
-
-"@babel/traverse@^7.1.0", "@babel/traverse@^7.10.1", "@babel/traverse@^7.15.4", "@babel/traverse@^7.17.3":
-  version "7.17.3"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.17.3.tgz#0ae0f15b27d9a92ba1f2263358ea7c4e7db47b57"
-  integrity sha512-5irClVky7TxRWIRtxlh2WPUUOLhcPN06AGgaQSB8AEwuyEBgJVuJ5imdHm5zxk8w0QS5T+tDfnDxAlhWjpb7cw==
+"@babel/traverse@^7.1.0", "@babel/traverse@^7.10.1", "@babel/traverse@^7.15.4", "@babel/traverse@^7.16.8", "@babel/traverse@^7.17.3":
+  version "7.17.9"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.17.9.tgz#1f9b207435d9ae4a8ed6998b2b82300d83c37a0d"
+  integrity sha512-PQO8sDIJ8SIwipTPiR71kJQCKQYB5NGImbOviK8K+kg5xkNSYXLBupuX9QhatFowrsvo9Hj8WgArg3W7ijNAQw==
  dependencies:
    "@babel/code-frame" "^7.16.7"
-    "@babel/generator" "^7.17.3"
+    "@babel/generator" "^7.17.9"
    "@babel/helper-environment-visitor" "^7.16.7"
-    "@babel/helper-function-name" "^7.16.7"
+    "@babel/helper-function-name" "^7.17.9"
    "@babel/helper-hoist-variables" "^7.16.7"
    "@babel/helper-split-export-declaration" "^7.16.7"
-    "@babel/parser" "^7.17.3"
+    "@babel/parser" "^7.17.9"
    "@babel/types" "^7.17.0"
    debug "^4.1.0"
    globals "^11.1.0"

-"@babel/types@7.15.6":
-  version "7.15.6"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.15.6.tgz#99abdc48218b2881c058dd0a7ab05b99c9be758f"
-  integrity sha512-BPU+7QhqNjmWyDO0/vitH/CuhpV8ZmK1wpKva8nuyNF5MJfuRNWMc+hc14+u9xT93kvykMdncrJT19h74uB1Ig==
-  dependencies:
-    "@babel/helper-validator-identifier" "^7.14.9"
-    to-fast-properties "^2.0.0"
-
-"@babel/types@^7.0.0", "@babel/types@^7.0.0-beta.49", "@babel/types@^7.10.1", "@babel/types@^7.10.2", "@babel/types@^7.15.4", "@babel/types@^7.16.7", "@babel/types@^7.17.0", "@babel/types@^7.3.0", "@babel/types@^7.3.3", "@babel/types@^7.4.4":
+"@babel/types@^7.0.0", "@babel/types@^7.0.0-beta.49", "@babel/types@^7.10.1", "@babel/types@^7.10.2", "@babel/types@^7.15.4", "@babel/types@^7.16.7", "@babel/types@^7.16.8", "@babel/types@^7.17.0", "@babel/types@^7.3.0", "@babel/types@^7.3.3", "@babel/types@^7.4.4":
  version "7.17.0"
  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.17.0.tgz#a826e368bccb6b3d84acd76acad5c0d87342390b"
  integrity sha512-TmKSNO4D5rzhL5bjWFcVHHLETzfQ/AmbKpKPOSjlP0WoHZ6L911fgoOKY4Alp/emzG4cHJdyN49zpgkbXFEHHw==
@ -1033,162 +997,164 @@
  resolved "https://registry.yarnpkg.com/@gitlab/visual-review-tools/-/visual-review-tools-1.6.1.tgz#0d8f3ff9f51b05f7c80b9a107727703d48997e4e"
  integrity sha512-vY8K1igwZFoEOmU0h4E7XTLlilsQ4ylPr27O01UsSe6ZTKi6oEMREsRAEpNIUgRlxUARCsf+Opp4pgSFzFkFcw==

-"@graphql-eslint/eslint-plugin@3.0.0":
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/@graphql-eslint/eslint-plugin/-/eslint-plugin-3.0.0.tgz#d0f7d6e4f6f772312500abbf6c94c59d5cb52c12"
-  integrity sha512-EfkMABrCbWhhArEGg4w2r/z8sEPp1fL0Ar3xFWBX9c11t5+T5XqGAGVxUi5vuEx9PrSqhYisPrxTibqNoxuEzQ==
+"@graphql-eslint/eslint-plugin@3.10.2":
+  version "3.10.2"
+  resolved "https://registry.yarnpkg.com/@graphql-eslint/eslint-plugin/-/eslint-plugin-3.10.2.tgz#b8b271aef219623e6a0517cfababe6063072077f"
+  integrity sha512-UJwpeMC4q3/Ofeh3aOp9aJOtomJjQEz7zk8lqXeexqkDBXI0d9dedYlWWL5MqcFhKxtBxsU5xq0w4th0c+0aAQ==
  dependencies:
-    "@babel/code-frame" "7.16.0"
-    "@graphql-tools/code-file-loader" "7.2.2"
-    "@graphql-tools/graphql-tag-pluck" "7.1.3"
-    "@graphql-tools/import" "6.6.1"
-    "@graphql-tools/utils" "8.5.3"
-    graphql-config "4.1.0"
+    "@babel/code-frame" "7.16.7"
+    "@graphql-tools/code-file-loader" "^7.2.8"
+    "@graphql-tools/graphql-tag-pluck" "^7.2.0"
+    "@graphql-tools/utils" "^8.6.5"
+    chalk "4.1.2"
+    debug "4.3.4"
+    fast-glob "3.2.11"
+    graphql-config "^4.3.0"
    graphql-depth-limit "1.1.0"
    lodash.lowercase "4.3.0"

-"@graphql-tools/batch-execute@^8.3.1":
-  version "8.3.1"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/batch-execute/-/batch-execute-8.3.1.tgz#0b74c54db5ac1c5b9a273baefc034c2343ebbb74"
-  integrity sha512-63kHY8ZdoO5FoeDXYHnAak1R3ysMViMPwWC2XUblFckuVLMUPmB2ONje8rjr2CvzWBHAW8c1Zsex+U3xhKtGIA==
+"@graphql-tools/batch-execute@8.4.1":
+  version "8.4.1"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/batch-execute/-/batch-execute-8.4.1.tgz#bc5e96ad22c545676da523bae3c3dc94e57bdf3e"
+  integrity sha512-63+lNWrwXmofjZVa7ML+n9CBviClF3K+RP3Xx3hxGQ8BrhvB1pWS1yzaUZqrkiiKdTu1v3mJGVfmooHwzlyPwQ==
  dependencies:
-    "@graphql-tools/utils" "^8.5.1"
+    "@graphql-tools/utils" "8.6.5"
    dataloader "2.0.0"
    tslib "~2.3.0"
    value-or-promise "1.0.11"

-"@graphql-tools/code-file-loader@7.2.2":
+"@graphql-tools/code-file-loader@^7.2.8":
+  version "7.2.10"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/code-file-loader/-/code-file-loader-7.2.10.tgz#cdae206399061b198652964213b32309e5980af1"
+  integrity sha512-41QkLztHhoDXBp2EtbKwQNQHv4HEDzpEmbOD0y3OVOXf8TBVUnFUMlnGn77a6f4zVi3rHWxHgJJ79iyJ0MYQ5w==
+  dependencies:
+    "@graphql-tools/graphql-tag-pluck" "7.2.2"
+    "@graphql-tools/utils" "8.6.5"
+    globby "^11.0.3"
+    tslib "~2.3.0"
+    unixify "^1.0.0"
+
+"@graphql-tools/delegate@8.7.1":
+  version "8.7.1"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/delegate/-/delegate-8.7.1.tgz#f30b9d035a76dc7a8e9292f31bb073fb4d6d9d83"
+  integrity sha512-e98/NRaOH5wQy624bRd5i5qUKz5tCs8u4xBmxW89d7t6V6CveXj7pvAgmnR9DbwOkO6IA3P799p/aa/YG/pWTA==
+  dependencies:
+    "@graphql-tools/batch-execute" "8.4.1"
+    "@graphql-tools/schema" "8.3.6"
+    "@graphql-tools/utils" "8.6.5"
+    dataloader "2.0.0"
+    graphql-executor "0.0.22"
+    tslib "~2.3.0"
+    value-or-promise "1.0.11"
+
+"@graphql-tools/graphql-file-loader@^7.3.7":
+  version "7.3.7"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/graphql-file-loader/-/graphql-file-loader-7.3.7.tgz#f5cb05b0e3cd462d74eae47c5b9c08ed6b989837"
+  integrity sha512-fwXLycYvabPhusGtYuFrOPbjeIvLWr6viGkQc9KmiBm2Z2kZrlNRNUlYkXXRzMoiqRkzqFJYhOgWDE7LsOnbjw==
+  dependencies:
+    "@graphql-tools/import" "6.6.9"
+    "@graphql-tools/utils" "8.6.5"
+    globby "^11.0.3"
+    tslib "~2.3.0"
+    unixify "^1.0.0"
+
+"@graphql-tools/graphql-tag-pluck@7.2.2", "@graphql-tools/graphql-tag-pluck@^7.2.0":
  version "7.2.2"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/code-file-loader/-/code-file-loader-7.2.2.tgz#79f8ce5723ee87ecb4d490d1497ac7e616340358"
-  integrity sha512-AADyxqipGWLBl4N59CGPgv3i35UF1fQpJvbC5a6TXmcppnghD2olDLewOh1pIQrwxGAAh1S75XVIi28PTKYZhg==
+  resolved "https://registry.yarnpkg.com/@graphql-tools/graphql-tag-pluck/-/graphql-tag-pluck-7.2.2.tgz#449bb0516a2aceb9c0251c321c8cde46c7b42b7d"
+  integrity sha512-5gYk6Cj35eU6N9+2WtV4tsCcJACVPK2F3+xci2WgoPrDZXYQshx6tyuIQIFszyhxWNa1KViwCZyxVy6U1UnqzA==
  dependencies:
-    "@graphql-tools/graphql-tag-pluck" "^7.1.3"
-    "@graphql-tools/utils" "^8.5.1"
-    globby "^11.0.3"
-    tslib "~2.3.0"
-    unixify "^1.0.0"
-
-"@graphql-tools/delegate@^8.4.1", "@graphql-tools/delegate@^8.4.2":
-  version "8.4.2"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/delegate/-/delegate-8.4.2.tgz#a61d45719855720304e3656800342cfa17d82558"
-  integrity sha512-CjggOhiL4WtyG2I3kux+1/p8lQxSFHBj0gwa0NxnQ6Vsnpw7Ig5VP1ovPnitFuBv2k4QdC37Nj2xv2n7DRn8fw==
-  dependencies:
-    "@graphql-tools/batch-execute" "^8.3.1"
-    "@graphql-tools/schema" "^8.3.1"
-    "@graphql-tools/utils" "^8.5.3"
-    dataloader "2.0.0"
-    tslib "~2.3.0"
-    value-or-promise "1.0.11"
-
-"@graphql-tools/graphql-file-loader@^7.3.2":
-  version "7.3.3"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/graphql-file-loader/-/graphql-file-loader-7.3.3.tgz#7cee2f84f08dc13fa756820b510248b857583d36"
-  integrity sha512-6kUJZiNpYKVhum9E5wfl5PyLLupEDYdH7c8l6oMrk6c7EPEVs6iSUyB7yQoWrtJccJLULBW2CRQ5IHp5JYK0mA==
-  dependencies:
-    "@graphql-tools/import" "^6.5.7"
-    "@graphql-tools/utils" "^8.5.1"
-    globby "^11.0.3"
-    tslib "~2.3.0"
-    unixify "^1.0.0"
-
-"@graphql-tools/graphql-tag-pluck@7.1.3", "@graphql-tools/graphql-tag-pluck@^7.1.3":
-  version "7.1.3"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/graphql-tag-pluck/-/graphql-tag-pluck-7.1.3.tgz#2c638aac84f279f95bf3da50b71f2b4b82641539"
-  integrity sha512-zxVYLiAnNxFg6bnDZdNpLJNfjf6GHYLQsVHDcbYyQcWJzIaeWPylX/Q1gyvw8MFO4ICYExNPqgBA/is2kZBlHw==
-  dependencies:
-    "@babel/parser" "7.15.8"
-    "@babel/traverse" "7.15.4"
-    "@babel/types" "7.15.6"
-    "@graphql-tools/utils" "^8.5.1"
+    "@babel/parser" "^7.16.8"
+    "@babel/traverse" "^7.16.8"
+    "@babel/types" "^7.16.8"
+    "@graphql-tools/utils" "8.6.5"
    tslib "~2.3.0"

-"@graphql-tools/import@6.6.1", "@graphql-tools/import@^6.5.7":
-  version "6.6.1"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/import/-/import-6.6.1.tgz#2a7e1ceda10103ffeb8652a48ddc47150b035485"
-  integrity sha512-i9WA6k+erJMci822o9w9DoX+uncVBK60LGGYW8mdbhX0l7wEubUpA000thJ1aarCusYh0u+ZT9qX0HyVPXu25Q==
+"@graphql-tools/import@6.6.9":
+  version "6.6.9"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/import/-/import-6.6.9.tgz#53e1517074c756b5191d23d4f1528246913d44ba"
+  integrity sha512-sKaLqvPmNLQlY4te+nnBhRrf5WBISoiyVkbriCLz0kHw805iHdJaU2KxUoHsRTR7WlYq0g9gzB0oVaRh99Q5aA==
  dependencies:
-    "@graphql-tools/utils" "8.5.3"
+    "@graphql-tools/utils" "8.6.5"
    resolve-from "5.0.0"
    tslib "~2.3.0"

-"@graphql-tools/json-file-loader@^7.3.2":
-  version "7.3.3"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/json-file-loader/-/json-file-loader-7.3.3.tgz#45cfde77b9dc4ab6c21575305ae537d2814d237f"
-  integrity sha512-CN2Qk9rt+Gepa3rb3X/mpxYA5MIYLwZBPj2Njw6lbZ6AaxG+O1ArDCL5ACoiWiBimn1FCOM778uhRM9znd0b3Q==
+"@graphql-tools/json-file-loader@^7.3.7":
+  version "7.3.7"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/json-file-loader/-/json-file-loader-7.3.7.tgz#3ddae0b15d3c57d1980fa5203541c2e6cd6a5ff4"
+  integrity sha512-dm0LcfiWYin7cUR4RWC33C9bNppujvSU7hwTH+sHmSguNnat9Kn8dBntVSgrY3qCbKuGfz/PshQHIODXrRwAKg==
  dependencies:
-    "@graphql-tools/utils" "^8.5.1"
+    "@graphql-tools/utils" "8.6.5"
    globby "^11.0.3"
    tslib "~2.3.0"
    unixify "^1.0.0"

-"@graphql-tools/load@^7.4.1":
-  version "7.4.1"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/load/-/load-7.4.1.tgz#aa572fcef11d6028097b6ef39c13fa9d62e5a441"
-  integrity sha512-UvBodW5hRHpgBUBVz5K5VIhJDOTFIbRRAGD6sQ2l9J5FDKBEs3u/6JjZDzbdL96br94D5cEd2Tk6auaHpTn7mQ==
+"@graphql-tools/load@^7.5.5":
+  version "7.5.6"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/load/-/load-7.5.6.tgz#d0ee8149ba4cbc799dbeae30e4843144773f8296"
+  integrity sha512-IocEP4METGdbDzV44VaeiXO387NOYSW4cTuBP8qybHZX0XlIp8bEv7c8GKS3m8DeRop/9SnOL7HyiAfNMA4Chg==
  dependencies:
-    "@graphql-tools/schema" "8.3.1"
-    "@graphql-tools/utils" "^8.5.1"
+    "@graphql-tools/schema" "8.3.6"
+    "@graphql-tools/utils" "8.6.5"
    p-limit "3.1.0"
    tslib "~2.3.0"

-"@graphql-tools/merge@^8.2.1":
-  version "8.2.1"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/merge/-/merge-8.2.1.tgz#bf83aa06a0cfc6a839e52a58057a84498d0d51ff"
-  integrity sha512-Q240kcUszhXiAYudjuJgNuLgy9CryDP3wp83NOZQezfA6h3ByYKU7xI6DiKrdjyVaGpYN3ppUmdj0uf5GaXzMA==
+"@graphql-tools/merge@8.2.6", "@graphql-tools/merge@^8.2.6":
+  version "8.2.6"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/merge/-/merge-8.2.6.tgz#7fb615fa9c143c3151ff025e501d52bd48186d19"
+  integrity sha512-dkwTm4czMISi/Io47IVvq2Fl9q4TIGKpJ0VZjuXYdEFkECyH6A5uwxZfPVandZG+gQs8ocFFoa6RisiUJLZrJw==
  dependencies:
-    "@graphql-tools/utils" "^8.5.1"
+    "@graphql-tools/utils" "8.6.5"
    tslib "~2.3.0"

-"@graphql-tools/schema@8.3.1", "@graphql-tools/schema@^8.3.1":
-  version "8.3.1"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/schema/-/schema-8.3.1.tgz#1ee9da494d2da457643b3c93502b94c3c4b68c74"
-  integrity sha512-3R0AJFe715p4GwF067G5i0KCr/XIdvSfDLvTLEiTDQ8V/hwbOHEKHKWlEBHGRQwkG5lwFQlW1aOn7VnlPERnWQ==
+"@graphql-tools/schema@8.3.6":
+  version "8.3.6"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/schema/-/schema-8.3.6.tgz#80cfe3eba53eb6390a60a30078d7efbdaa5cc0b7"
+  integrity sha512-7tWYRQ8hB/rv2zAtv2LtnQl4UybyJPtRz/VLKRmgi7+F5t8iYBahmmsxMDAYMWMmWMqEDiKk54TvAes+J069rQ==
  dependencies:
-    "@graphql-tools/merge" "^8.2.1"
-    "@graphql-tools/utils" "^8.5.1"
+    "@graphql-tools/merge" "8.2.6"
+    "@graphql-tools/utils" "8.6.5"
    tslib "~2.3.0"
    value-or-promise "1.0.11"

-"@graphql-tools/url-loader@^7.4.2":
-  version "7.5.2"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/url-loader/-/url-loader-7.5.2.tgz#fb3737fd1269ab61b195b63052179b6049d90ce1"
-  integrity sha512-EilHqbhUY/qg55SSEdklDhPXgSz9+9a63SX3mcD8J2qwZHJD/wOLcyKs8m6BXfuGwUiuB0j3fmDSEVmva2onBg==
+"@graphql-tools/url-loader@^7.9.7":
+  version "7.9.8"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/url-loader/-/url-loader-7.9.8.tgz#8e50ca05fb670bf91b98abdcb5d8d9cb116003f3"
+  integrity sha512-nRMXwwoIDLt7ohBWvKKjEEH61YS1nnWs6BVgGStePfmRGrhxECpLWmfAmKLNXPqDJN7Nu6ykFJYjt65j5l6qsw==
  dependencies:
-    "@graphql-tools/delegate" "^8.4.1"
-    "@graphql-tools/utils" "^8.5.1"
-    "@graphql-tools/wrap" "^8.3.1"
-    "@n1ru4l/graphql-live-query" "0.9.0"
-    "@types/websocket" "1.0.4"
+    "@graphql-tools/delegate" "8.7.1"
+    "@graphql-tools/utils" "8.6.5"
+    "@graphql-tools/wrap" "8.4.10"
+    "@n1ru4l/graphql-live-query" "^0.9.0"
+    "@types/websocket" "^1.0.4"
    "@types/ws" "^8.0.0"
-    cross-undici-fetch "^0.0.20"
+    cross-undici-fetch "^0.1.19"
    dset "^3.1.0"
-    extract-files "11.0.0"
+    extract-files "^11.0.0"
    graphql-sse "^1.0.1"
    graphql-ws "^5.4.1"
-    isomorphic-ws "4.0.1"
-    meros "1.1.4"
+    isomorphic-ws "^4.0.1"
+    meros "^1.1.4"
    subscriptions-transport-ws "^0.11.0"
-    sync-fetch "0.3.1"
-    tslib "~2.3.0"
-    valid-url "1.0.9"
-    value-or-promise "1.0.11"
-    ws "8.2.3"
+    sync-fetch "^0.3.1"
+    tslib "^2.3.0"
+    value-or-promise "^1.0.11"
+    ws "^8.3.0"

-"@graphql-tools/utils@8.5.3", "@graphql-tools/utils@^8.5.1", "@graphql-tools/utils@^8.5.3":
-  version "8.5.3"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/utils/-/utils-8.5.3.tgz#404062e62cae9453501197039687749c4885356e"
-  integrity sha512-HDNGWFVa8QQkoQB0H1lftvaO1X5xUaUDk1zr1qDe0xN1NL0E/CrQdJ5UKLqOvH4hkqVUPxQsyOoAZFkaH6rLHg==
+"@graphql-tools/utils@8.6.5", "@graphql-tools/utils@^8.6.5":
+  version "8.6.5"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/utils/-/utils-8.6.5.tgz#ac04571b03f854c7a938b2ab700516a6c6d32335"
+  integrity sha512-mjOtaWiS2WIqRz/cq5gaeM3sVrllcu2xbtHROw1su1v3xWa3D3dKgn8Lrl7+tvWs5WUVySsBss/VZ3WdoPkCrA==
  dependencies:
    tslib "~2.3.0"

-"@graphql-tools/wrap@^8.3.1":
-  version "8.3.2"
-  resolved "https://registry.yarnpkg.com/@graphql-tools/wrap/-/wrap-8.3.2.tgz#d3bcecb7529d071e4ecc4dfc75b9566e3da79d4f"
-  integrity sha512-7DcOBFB+Dd84x9dxSm7qS4iJONMyfLnCJb8A19vGPffpu4SMJ3sFcgwibKFu5l6mMUiigKgXna2RRgWI+02bKQ==
+"@graphql-tools/wrap@8.4.10":
+  version "8.4.10"
+  resolved "https://registry.yarnpkg.com/@graphql-tools/wrap/-/wrap-8.4.10.tgz#010be7d4bafa5d79cd1917c65d09f2682bcb9d54"
+  integrity sha512-1/pcKRDTGIUspUl6uhlfQ0u1l4j15TVGkOkijI+gX25Q9sfAJclT0bovKBksP39G6v4hZnolpOU2txJ47MxxEg==
  dependencies:
-    "@graphql-tools/delegate" "^8.4.2"
-    "@graphql-tools/schema" "^8.3.1"
-    "@graphql-tools/utils" "^8.5.3"
+    "@graphql-tools/delegate" "8.7.1"
+    "@graphql-tools/schema" "8.3.6"
+    "@graphql-tools/utils" "8.6.5"
    tslib "~2.3.0"
    value-or-promise "1.0.11"

@ -1431,7 +1397,7 @@
  resolved "https://registry.yarnpkg.com/@miragejs/pretender-node-polyfill/-/pretender-node-polyfill-0.1.2.tgz#d26b6b7483fb70cd62189d05c95d2f67153e43f2"
  integrity sha512-M/BexG/p05C5lFfMunxo/QcgIJnMT2vDVCd00wNqK2ImZONIlEETZwWJu1QtLxtmYlSHlCFl3JNzp0tLe7OJ5g==

-"@n1ru4l/graphql-live-query@0.9.0":
+"@n1ru4l/graphql-live-query@^0.9.0":
  version "0.9.0"
  resolved "https://registry.yarnpkg.com/@n1ru4l/graphql-live-query/-/graphql-live-query-0.9.0.tgz#defaebdd31f625bee49e6745934f36312532b2bc"
  integrity sha512-BTpWy1e+FxN82RnLz4x1+JcEewVdfmUhV1C6/XYD5AjS7PQp9QFF7K8bCD6gzPTr2l+prvqOyVueQhFJxB1vfg==
@ -2210,10 +2176,10 @@
  resolved "https://registry.yarnpkg.com/@types/unist/-/unist-2.0.6.tgz#250a7b16c3b91f672a24552ec64678eeb1d3a08d"
  integrity sha512-PBjIUxZHOuj0R15/xuwJYjFi+KZdNFrehocChv4g5hu6aFroHue8m0lBP0POdK2nKzbw0cgV1mws8+V/JAcEkQ==

-"@types/websocket@1.0.4":
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/@types/websocket/-/websocket-1.0.4.tgz#1dc497280d8049a5450854dd698ee7e6ea9e60b8"
-  integrity sha512-qn1LkcFEKK8RPp459jkjzsfpbsx36BBt3oC3pITYtkoBw/aVX+EZFa5j3ThCRTNpLFvIMr5dSTD4RaMdilIOpA==
+"@types/websocket@^1.0.4":
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/@types/websocket/-/websocket-1.0.5.tgz#3fb80ed8e07f88e51961211cd3682a3a4a81569c"
+  integrity sha512-NbsqiNX9CnEfC1Z0Vf4mE1SgAJ07JnRYcNex7AJ9zAVzmiGHmjKFEk7O4TJIsgv2B1sLEb6owKFZrACwdYngsQ==
  dependencies:
    "@types/node" "*"

@ -3416,6 +3382,14 @@ catharsis@~0.8.9:
  dependencies:
    underscore-contrib "~0.3.0"

+chalk@4.1.2, chalk@^4.0.0, chalk@^4.1.0:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01"
+  integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==
+  dependencies:
+    ansi-styles "^4.1.0"
+    supports-color "^7.1.0"
+
 chalk@^2.0.0, chalk@^2.1.0, chalk@^2.4.1, chalk@^2.4.2:
  version "2.4.2"
  resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424"
@ -3433,14 +3407,6 @@ chalk@^3.0.0:
    ansi-styles "^4.1.0"
    supports-color "^7.1.0"

-chalk@^4.0.0, chalk@^4.1.0:
-  version "4.1.2"
-  resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01"
-  integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==
-  dependencies:
-    ansi-styles "^4.1.0"
-    supports-color "^7.1.0"
-
 char-regex@^1.0.2:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/char-regex/-/char-regex-1.0.2.tgz#d744358226217f981ed58f479b1d6bcc29545dcf"
@ -3679,7 +3645,7 @@ colorette@^2.0.10, colorette@^2.0.14:
  resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.16.tgz#713b9af84fdb000139f04546bd4a93f62a5085da"
  integrity sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g==

-combined-stream@^1.0.6, combined-stream@^1.0.8, combined-stream@~1.0.6:
+combined-stream@^1.0.6, combined-stream@~1.0.6:
  version "1.0.8"
  resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
  integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
@ -4023,15 +3989,17 @@ cross-spawn@^7.0.0, cross-spawn@^7.0.2, cross-spawn@^7.0.3:
    shebang-command "^2.0.0"
    which "^2.0.1"

-cross-undici-fetch@^0.0.20:
-  version "0.0.20"
-  resolved "https://registry.yarnpkg.com/cross-undici-fetch/-/cross-undici-fetch-0.0.20.tgz#6b7c5ac82a3601edd439f37275ac0319d77a120a"
-  integrity sha512-5d3WBC4VRHpFndECK9bx4TngXrw0OUXdhX561Ty1ZoqMASz9uf55BblhTC1CO6GhMWnvk9SOqYEXQliq6D2P4A==
+cross-undici-fetch@^0.1.19:
+  version "0.1.28"
+  resolved "https://registry.yarnpkg.com/cross-undici-fetch/-/cross-undici-fetch-0.1.28.tgz#40b7071b9ab2d1d6aff889836205e1972092e8d1"
+  integrity sha512-/nLMyVE5IC9PQdBtmgjpGZfK0wo8UupomAPx+7HlbEgVDkZOa9xCiZP9goo5aLYofP0gHXgovjXdXrE2obANag==
  dependencies:
    abort-controller "^3.0.0"
-    form-data "^4.0.0"
-    node-fetch "^2.6.5"
-    undici "^4.9.3"
+    form-data-encoder "^1.7.1"
+    formdata-node "^4.3.1"
+    node-fetch "^2.6.7"
+    undici "^5.0.0"
+    web-streams-polyfill "^3.2.0"

 crypt@~0.0.1:
  version "0.0.2"
@ -4732,6 +4700,13 @@ debug@3.1.0:
  dependencies:
    ms "2.0.0"

+debug@4.3.4, debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.3:
+  version "4.3.4"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865"
+  integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==
+  dependencies:
+    ms "2.1.2"
+
 debug@^3.1.0, debug@^3.1.1, debug@^3.2.6, debug@^3.2.7:
  version "3.2.7"
  resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.7.tgz#72580b7e9145fb39b6676f9c5e5fb100b934179a"
@ -4739,13 +4714,6 @@ debug@^3.1.0, debug@^3.1.1, debug@^3.2.6, debug@^3.2.7:
  dependencies:
    ms "^2.1.1"

-debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.3:
-  version "4.3.4"
-  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865"
-  integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==
-  dependencies:
-    ms "2.1.2"
-
 decamelize-keys@^1.1.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/decamelize-keys/-/decamelize-keys-1.1.0.tgz#d171a87933252807eb3cb61dc1c1445d078df2d9"
@ -5790,16 +5758,16 @@ extglob@^2.0.4:
    snapdragon "^0.8.1"
    to-regex "^3.0.1"

-extract-files@11.0.0:
-  version "11.0.0"
-  resolved "https://registry.yarnpkg.com/extract-files/-/extract-files-11.0.0.tgz#b72d428712f787eef1f5193aff8ab5351ca8469a"
-  integrity sha512-FuoE1qtbJ4bBVvv94CC7s0oTnKUGvQs+Rjf1L2SJFfS+HTVVjhPFtehPdQ0JiGPqVNfSSZvL5yzHHQq2Z4WNhQ==
-
 extract-files@^10.0.0:
  version "10.0.0"
  resolved "https://registry.yarnpkg.com/extract-files/-/extract-files-10.0.0.tgz#228b1da1d910971cf8d7f1ed259653c6001ba5ad"
  integrity sha512-4KXYOSf8SlMlQCj94Ygy89xIZU2GTs0HU2Nz9mG2/F5TKsHyq/3sDWGjHgHmfw9RhXF3hO+pBKyC6JfIHD52bw==

+extract-files@^11.0.0:
+  version "11.0.0"
+  resolved "https://registry.yarnpkg.com/extract-files/-/extract-files-11.0.0.tgz#b72d428712f787eef1f5193aff8ab5351ca8469a"
+  integrity sha512-FuoE1qtbJ4bBVvv94CC7s0oTnKUGvQs+Rjf1L2SJFfS+HTVVjhPFtehPdQ0JiGPqVNfSSZvL5yzHHQq2Z4WNhQ==
+
 extract-from-css@^0.4.4:
  version "0.4.4"
  resolved "https://registry.yarnpkg.com/extract-from-css/-/extract-from-css-0.4.4.tgz#1ea7df2e7c7c6eb9922fa08e8adaea486f6f8f92"
@ -5822,7 +5790,7 @@ fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3:
  resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525"
  integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==

-fast-glob@^3.2.11, fast-glob@^3.2.4, fast-glob@^3.2.9:
+fast-glob@3.2.11, fast-glob@^3.2.11, fast-glob@^3.2.4, fast-glob@^3.2.9:
  version "3.2.11"
  resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.2.11.tgz#a1172ad95ceb8a16e20caa5c5e56480e5129c1d9"
  integrity sha512-xrO3+1bxSo3ZVHAnqzyuewYT6aMFHRAd4Kcs92MAonjwQZLsK9d0SF1IyQ3k5PoirxTW0Oe/RqFgMQ6TcNE5Ew==
@ -6019,14 +5987,10 @@ forever-agent@~0.6.1:
  resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
  integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=

-form-data@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452"
-  integrity sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==
-  dependencies:
-    asynckit "^0.4.0"
-    combined-stream "^1.0.8"
-    mime-types "^2.1.12"
+form-data-encoder@^1.7.1:
+  version "1.7.2"
+  resolved "https://registry.yarnpkg.com/form-data-encoder/-/form-data-encoder-1.7.2.tgz#1f1ae3dccf58ed4690b86d87e4f57c654fbab040"
+  integrity sha512-qfqtYan3rxrnCk1VYaA4H+Ms9xdpPqvLZa6xmMgFvhO32x7/3J/ExcTd6qpxM0vH2GdMI+poehyBZvqfMTto8A==

 form-data@~2.3.2:
  version "2.3.3"
@ -6042,6 +6006,14 @@ format@^0.2.0:
  resolved "https://registry.yarnpkg.com/format/-/format-0.2.2.tgz#d6170107e9efdc4ed30c9dc39016df942b5cb58b"
  integrity sha1-1hcBB+nv3E7TDJ3DkBbflCtctYs=

+formdata-node@^4.3.1:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/formdata-node/-/formdata-node-4.3.2.tgz#0262e94931e36db7239c2b08bdb6aaf18ec47d21"
+  integrity sha512-k7lYJyzDOSL6h917favP8j1L0/wNyylzU+x+1w4p5haGVHNlP58dbpdJhiCUsDbWsa9HwEtLp89obQgXl2e0qg==
+  dependencies:
+    node-domexception "1.0.0"
+    web-streams-polyfill "4.0.0-beta.1"
+
 forwarded@0.2.0:
  version "0.2.0"
  resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811"
@ -6319,21 +6291,21 @@ graphlib@^2.1.8:
  dependencies:
    lodash "^4.17.15"

-graphql-config@4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/graphql-config/-/graphql-config-4.1.0.tgz#a3b28d3fb537952ebeb69c75e4430605a10695e3"
-  integrity sha512-Myqay6pmdcmX3KqoH+bMbeKZ1cTODpHS2CxF1ZzNnfTE+YUpGTcp01bOw6LpzamRb0T/WTYtGFbZeXGo9Hab2Q==
+graphql-config@^4.3.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/graphql-config/-/graphql-config-4.3.0.tgz#b9bb7bf9c892a90e66ea937e8d7ed170eb1fd5e2"
+  integrity sha512-Uiu3X7+s5c056WyrvdZVz2vG1fhAipMlYmtiCU/4Z2mX79OXDr1SqIon2MprC/pExIWJfAQZCcjYDY76fPBUQg==
  dependencies:
    "@endemolshinegroup/cosmiconfig-typescript-loader" "3.0.2"
-    "@graphql-tools/graphql-file-loader" "^7.3.2"
-    "@graphql-tools/json-file-loader" "^7.3.2"
-    "@graphql-tools/load" "^7.4.1"
-    "@graphql-tools/merge" "^8.2.1"
-    "@graphql-tools/url-loader" "^7.4.2"
-    "@graphql-tools/utils" "^8.5.1"
+    "@graphql-tools/graphql-file-loader" "^7.3.7"
+    "@graphql-tools/json-file-loader" "^7.3.7"
+    "@graphql-tools/load" "^7.5.5"
+    "@graphql-tools/merge" "^8.2.6"
+    "@graphql-tools/url-loader" "^7.9.7"
+    "@graphql-tools/utils" "^8.6.5"
    cosmiconfig "7.0.1"
    cosmiconfig-toml-loader "1.0.0"
-    minimatch "3.0.4"
+    minimatch "4.2.1"
    string-env-interpolation "1.0.1"

 graphql-depth-limit@1.1.0:
@ -6343,6 +6315,11 @@ graphql-depth-limit@1.1.0:
  dependencies:
    arrify "^1.0.1"

+graphql-executor@0.0.22:
+  version "0.0.22"
+  resolved "https://registry.yarnpkg.com/graphql-executor/-/graphql-executor-0.0.22.tgz#14bc466bb27ab38346998e0b375cba55685eed94"
+  integrity sha512-WbKSnSHFn6REKKH4T6UAwDM3mLUnYMQlQLNG0Fw+Lkb3ilCnL3m5lkJ7411LAI9sF7BvPbthovVZhsEUh9Xfag==
+
 graphql-sse@^1.0.1:
  version "1.0.4"
  resolved "https://registry.yarnpkg.com/graphql-sse/-/graphql-sse-1.0.4.tgz#051598b0e06c225327aac659f19fcc18bcaa0191"
@ -7244,7 +7221,7 @@ isobject@^3.0.0, isobject@^3.0.1:
  resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
  integrity sha1-TkMekrEalzFjaqH5yNHMvP2reN8=

-isomorphic-ws@4.0.1:
+isomorphic-ws@^4.0.1:
  version "4.0.1"
  resolved "https://registry.yarnpkg.com/isomorphic-ws/-/isomorphic-ws-4.0.1.tgz#55fd4cd6c5e6491e76dc125938dd863f5cd4f2dc"
  integrity sha512-BhBvN2MBpWTaSHdWRb/bwdZJ1WaehQ2L1KngkCkfLUGF0mAWAT1sQUQacEmQ0jXkFw/czDXPNQSL5u2/Krsz1w==
@ -8588,10 +8565,10 @@ mermaid@^8.13.10:
    moment-mini "^2.24.0"
    stylis "^4.0.10"

-meros@1.1.4:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/meros/-/meros-1.1.4.tgz#c17994d3133db8b23807f62bec7f0cb276cfd948"
-  integrity sha512-E9ZXfK9iQfG9s73ars9qvvvbSIkJZF5yOo9j4tcwM5tN8mUKfj/EKN5PzOr3ZH0y5wL7dLAHw3RVEfpQV9Q7VQ==
+meros@^1.1.4:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/meros/-/meros-1.2.0.tgz#096cdede2eb0b1610b219b1031b935260de1ad08"
+  integrity sha512-3QRZIS707pZQnijHdhbttXRWwrHhZJ/gzolneoxKVz9N/xmsvY/7Ls8lpnI9gxbgxjcHsAVEW3mgwiZCo6kkJQ==

 methods@~1.1.2:
  version "1.1.2"
@ -8882,7 +8859,14 @@ minimalistic-crypto-utils@^1.0.1:
  resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
  integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=

-minimatch@3.0.4, minimatch@^3.0.4, minimatch@~3.0.4:
+minimatch@4.2.1:
+  version "4.2.1"
+  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-4.2.1.tgz#40d9d511a46bdc4e563c22c3080cde9c0d8299b4"
+  integrity sha512-9Uq1ChtSZO+Mxa/CL1eGizn2vRn3MlLgzhT0Iz8zaY8NdvxvB0d5QdPFmCKf7JKA9Lerx5vRrnwO03jsSfGG9g==
+  dependencies:
+    brace-expansion "^1.1.7"
+
+minimatch@^3.0.4, minimatch@~3.0.4:
  version "3.0.4"
  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083"
  integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==
@ -9123,15 +9107,20 @@ nice-try@^1.0.4:
  resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
  integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==

+node-domexception@1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/node-domexception/-/node-domexception-1.0.0.tgz#6888db46a1f71c0b76b3f7555016b63fe64766e5"
+  integrity sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==
+
 node-ensure@^0.0.0:
  version "0.0.0"
  resolved "https://registry.yarnpkg.com/node-ensure/-/node-ensure-0.0.0.tgz#ecae764150de99861ec5c810fd5d096b183932a7"
  integrity sha1-7K52QVDemYYexcgQ/V0Jaxg5Mqc=

-node-fetch@^2.6.1, node-fetch@^2.6.5:
-  version "2.6.6"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.6.tgz#1751a7c01834e8e1697758732e9efb6eeadfaf89"
-  integrity sha512-Z8/6vRlTUChSdIgMa51jxQ4lrw/Jy5SOW10ObaA47/RElsAN2c5Pn8bTgFGWn/ibwzXTE8qwr1Yzx28vsecXEA==
+node-fetch@^2.6.1, node-fetch@^2.6.7:
+  version "2.6.7"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
+  integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
  dependencies:
    whatwg-url "^5.0.0"

@ -11652,7 +11641,7 @@ symbol-tree@^3.2.4:
  resolved "https://registry.yarnpkg.com/symbol-tree/-/symbol-tree-3.2.4.tgz#430637d248ba77e078883951fb9aa0eed7c63fa2"
  integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==

-sync-fetch@0.3.1:
+sync-fetch@^0.3.1:
  version "0.3.1"
  resolved "https://registry.yarnpkg.com/sync-fetch/-/sync-fetch-0.3.1.tgz#62aa82c4b4d43afd6906bfd7b5f92056458509f0"
  integrity sha512-xj5qiCDap/03kpci5a+qc5wSJjc8ZSixgG2EUmH1B8Ea2sfWclQA7eH40hiHPCtkCn6MCk4Wb+dqcXdCy2PP3g==
@ -12100,10 +12089,10 @@ underscore@~1.8.3:
  resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.8.3.tgz#4f3fb53b106e6097fcf9cb4109f2a5e9bdfa5022"
  integrity sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI=

-undici@^4.9.3:
-  version "4.10.2"
-  resolved "https://registry.yarnpkg.com/undici/-/undici-4.10.2.tgz#27e360f2d4202ef98dfc1c8e13dcd329660a6d7c"
-  integrity sha512-QoQH4PpV3dqJwr4h1HazggbB4f5CBknvYANjI9hxXCml+AAzLoh4HBkce0Jc0wW/pmVbrus8Gfeo8QounE+/9g==
+undici@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/undici/-/undici-5.0.0.tgz#3c1e08c7f0df90c485d5d8dbb0517e11e34f2090"
+  integrity sha512-VhUpiZ3No1DOPPQVQnsDZyfcbTTcHdcgWej1PdFnSvOeJmOVDgiOHkunJmBLfmjt4CqgPQddPVjSWW0dsTs5Yg==

 unicode-canonical-property-names-ecmascript@^1.0.4:
  version "1.0.4"
@ -12398,11 +12387,6 @@ v8-to-istanbul@^5.0.1:
    convert-source-map "^1.6.0"
    source-map "^0.7.3"

-valid-url@1.0.9:
-  version "1.0.9"
-  resolved "https://registry.yarnpkg.com/valid-url/-/valid-url-1.0.9.tgz#1c14479b40f1397a75782f115e4086447433a200"
-  integrity sha1-HBRHm0DxOXp1eC8RXkCGRHQzogA=
-
 validate-npm-package-license@^3.0.1:
  version "3.0.4"
  resolved "https://registry.yarnpkg.com/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz#fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a"
@ -12411,7 +12395,7 @@ validate-npm-package-license@^3.0.1:
    spdx-correct "^3.0.0"
    spdx-expression-parse "^3.0.0"

-value-or-promise@1.0.11:
+value-or-promise@1.0.11, value-or-promise@^1.0.11:
  version "1.0.11"
  resolved "https://registry.yarnpkg.com/value-or-promise/-/value-or-promise-1.0.11.tgz#3e90299af31dd014fe843fe309cefa7c1d94b140"
  integrity sha512-41BrgH+dIbCFXClcSapVs5M6GkENd3gQOJpEfPDNa71LsUGMXDL0jMWpI/Rh7WhX+Aalfz2TTS3Zt5pUsbnhLg==
@ -12712,6 +12696,16 @@ web-namespaces@^2.0.0:
  resolved "https://registry.yarnpkg.com/web-namespaces/-/web-namespaces-2.0.1.tgz#1010ff7c650eccb2592cebeeaf9a1b253fd40692"
  integrity sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ==

+web-streams-polyfill@4.0.0-beta.1:
+  version "4.0.0-beta.1"
+  resolved "https://registry.yarnpkg.com/web-streams-polyfill/-/web-streams-polyfill-4.0.0-beta.1.tgz#3b19b9817374b7cee06d374ba7eeb3aeb80e8c95"
+  integrity sha512-3ux37gEX670UUphBF9AMCq8XM6iQ8Ac6A+DSRRjDoRBm1ufCkaCDdNVbaqq60PsEkdNlLKrGtv/YBP4EJXqNtQ==
+
+web-streams-polyfill@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/web-streams-polyfill/-/web-streams-polyfill-3.2.0.tgz#a6b74026b38e4885869fb5c589e90b95ccfc7965"
+  integrity sha512-EqPmREeOzttaLRm5HS7io98goBgZ7IVz79aDvqjD0kYXLtFZTc0T/U6wHTPKyIjb+MdN7DFIIX6hgdBEpWmfPA==
+
 web-vitals@^0.2.4:
  version "0.2.4"
  resolved "https://registry.yarnpkg.com/web-vitals/-/web-vitals-0.2.4.tgz#ec3df43c834a207fd7cdefd732b2987896e08511"
@ -12989,17 +12983,12 @@ write-file-atomic@^4.0.0:
    signal-exit "^3.0.2"
    typedarray-to-buffer "^4.0.0"

-ws@8.2.3:
-  version "8.2.3"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.2.3.tgz#63a56456db1b04367d0b721a0b80cae6d8becbba"
-  integrity sha512-wBuoj1BDpC6ZQ1B7DWQBYVLphPWkm8i9Y0/3YdHjHKHiohOJ1ws+3OccDWtH+PoC9DZD5WOTrJvNbWvjS6JWaA==
-
 "ws@^5.2.0 || ^6.0.0 || ^7.0.0", ws@^7.2.3, ws@^7.3.1:
  version "7.5.5"
  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.5.tgz#8b4bc4af518cfabd0473ae4f99144287b33eb881"
  integrity sha512-BAkMFcAzl8as1G/hArkxOxq3G7pjUqQ3gzYbLL0/5zNkph70e+lCoxBGnm6AW1+/aiNeV4fnKqZ8m4GZewmH2w==

-ws@^8.4.2:
+ws@^8.3.0, ws@^8.4.2:
  version "8.5.0"
  resolved "https://registry.yarnpkg.com/ws/-/ws-8.5.0.tgz#bfb4be96600757fe5382de12c670dab984a1ed4f"
  integrity sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==