Add latest changes from gitlab-org/gitlab@master

2022-02-17 03:16:49 +00:00 · 2022-02-17 03:16:49 +00:00 · f4e1a3641e
commit f4e1a3641e
parent eaec088dc5
66 changed files with 832 additions and 370 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1144,9 +1144,8 @@ GEM
    sass-listen (4.0.0)
      rb-fsevent (~> 0.9, >= 0.9.4)
      rb-inotify (~> 0.9, >= 0.9.7)
-    sassc (2.0.1)
+    sassc (2.4.0)
      ffi (~> 1.9)
      rake
    sassc-rails (2.1.0)
      railties (>= 4.0.0)
      sassc (>= 2.0)
--- a/app/assets/stylesheets/startup/startup-signin.scss
+++ b/app/assets/stylesheets/startup/startup-signin.scss
@ -138,10 +138,10 @@ hr {
  margin-right: -15px;
  margin-left: -15px;
 }
-.col,
+.col-sm-12,
 .col-sm-5,
 .col-sm-7,
-.col-sm-12 {
+.col-sm-5,
 .col {
  position: relative;
  width: 100%;
  padding-right: 15px;
@ -160,12 +160,12 @@ hr {
 }
@media (min-width: 576px) {
  .col-sm-5 {
-    flex: 0 0 41.66667%;
+    flex: 0 0 41.6666666667%;
-    max-width: 41.66667%;
+    max-width: 41.6666666667%;
  }
  .col-sm-7 {
-    flex: 0 0 58.33333%;
+    flex: 0 0 58.3333333333%;
-    max-width: 58.33333%;
+    max-width: 58.3333333333%;
  }
  .col-sm-12 {
    flex: 0 0 100%;
--- a/app/controllers/admin/broadcast_messages_controller.rb
+++ b/app/controllers/admin/broadcast_messages_controller.rb
@ -65,6 +65,6 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
      target_path
      broadcast_type
      dismissable
-    ))
+    ), target_access_levels: []).reverse_merge!(target_access_levels: [])
  end
 end
--- a/app/helpers/broadcast_messages_helper.rb
+++ b/app/helpers/broadcast_messages_helper.rb
@ -1,14 +1,22 @@
 # frozen_string_literal: true
 module BroadcastMessagesHelper
  include Gitlab::Utils::StrongMemoize
  def current_broadcast_banner_messages
-    BroadcastMessage.current_banner_messages(request.path).select do |message|
+    BroadcastMessage.current_banner_messages(
      current_path: request.path,
      user_access_level: current_user_access_level_for_project_or_group
    ).select do |message|
      cookies["hide_broadcast_message_#{message.id}"].blank?
    end
  end
  def current_broadcast_notification_message
-    not_hidden_messages = BroadcastMessage.current_notification_messages(request.path).select do |message|
+    not_hidden_messages = BroadcastMessage.current_notification_messages(
      current_path: request.path,
      user_access_level: current_user_access_level_for_project_or_group
    ).select do |message|
      cookies["hide_broadcast_message_#{message.id}"].blank?
    end
    not_hidden_messages.last
@ -61,4 +69,31 @@ module BroadcastMessagesHelper
  def broadcast_type_options
    BroadcastMessage.broadcast_types.keys.map { |w| [w.humanize, w] }
  end
  def target_access_level_options
    BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS.map do |access_level|
      [Gitlab::Access.human_access(access_level), access_level]
    end
  end
  def target_access_levels_display(access_levels)
    access_levels.map do |access_level|
      Gitlab::Access.human_access(access_level)
    end.join(', ')
  end
  private
  def current_user_access_level_for_project_or_group
    return if Feature.disabled?(:role_targeted_broadcast_messages, default_enabled: :yaml)
    return unless current_user.present?
    strong_memoize(:current_user_access_level_for_project_or_group) do
      if controller.is_a? Projects::ApplicationController
        @project&.team&.max_member_access(current_user.id)
      elsif controller.is_a? Groups::ApplicationController
        @group&.max_member_access_for_user(current_user)
      end
    end
  end
 end
--- a/app/models/broadcast_message.rb
+++ b/app/models/broadcast_message.rb
@ -4,12 +4,21 @@ class BroadcastMessage < ApplicationRecord
  include CacheMarkdownField
  include Sortable
  ALLOWED_TARGET_ACCESS_LEVELS = [
    Gitlab::Access::GUEST,
    Gitlab::Access::REPORTER,
    Gitlab::Access::DEVELOPER,
    Gitlab::Access::MAINTAINER,
    Gitlab::Access::OWNER
  ].freeze
  cache_markdown_field :message, pipeline: :broadcast_message, whitelisted: true
  validates :message,   presence: true
  validates :starts_at, presence: true
  validates :ends_at,   presence: true
  validates :broadcast_type, presence: true
  validates :target_access_levels, inclusion: { in: ALLOWED_TARGET_ACCESS_LEVELS }
  validates :color, allow_blank: true, color: true
  validates :font,  allow_blank: true, color: true
@ -29,20 +38,20 @@ class BroadcastMessage < ApplicationRecord
  }
  class << self
-    def current_banner_messages(current_path = nil)
+    def current_banner_messages(current_path: nil, user_access_level: nil)
-      fetch_messages BANNER_CACHE_KEY, current_path do
+      fetch_messages BANNER_CACHE_KEY, current_path, user_access_level do
        current_and_future_messages.banner
      end
    end
-    def current_notification_messages(current_path = nil)
+    def current_notification_messages(current_path: nil, user_access_level: nil)
-      fetch_messages NOTIFICATION_CACHE_KEY, current_path do
+      fetch_messages NOTIFICATION_CACHE_KEY, current_path, user_access_level do
        current_and_future_messages.notification
      end
    end
-    def current(current_path = nil)
+    def current(current_path: nil, user_access_level: nil)
-      fetch_messages CACHE_KEY, current_path do
+      fetch_messages CACHE_KEY, current_path, user_access_level do
        current_and_future_messages
      end
    end
@ -63,7 +72,7 @@ class BroadcastMessage < ApplicationRecord
    private
-    def fetch_messages(cache_key, current_path)
+    def fetch_messages(cache_key, current_path, user_access_level)
      messages = cache.fetch(cache_key, as: BroadcastMessage, expires_in: cache_expires_in) do
        yield
      end
@ -74,7 +83,13 @@ class BroadcastMessage < ApplicationRecord
      # displaying we'll refresh the cache so we don't need to keep filtering.
      cache.expire(cache_key) if now_or_future != messages
-      now_or_future.select(&:now?).select { |message| message.matches_current_path(current_path) }
+      messages = now_or_future.select(&:now?)
      messages = messages.select do |message|
        message.matches_current_user_access_level?(user_access_level)
      end
      messages.select do |message|
        message.matches_current_path(current_path)
      end
    end
  end
@ -102,6 +117,12 @@ class BroadcastMessage < ApplicationRecord
    now? || future?
  end
  def matches_current_user_access_level?(user_access_level)
    return true if target_access_levels.empty?
    target_access_levels.include? user_access_level
  end
  def matches_current_path(current_path)
    return false if current_path.blank? && target_path.present?
    return true if current_path.blank? || target_path.blank?
--- a/app/services/post_receive_service.rb
+++ b/app/services/post_receive_service.rb
@ -86,7 +86,7 @@ class PostReceiveService
    banner = nil
    if project
-      scoped_messages = BroadcastMessage.current_banner_messages(project.full_path).select do |message|
+      scoped_messages = BroadcastMessage.current_banner_messages(current_path: project.full_path).select do |message|
        message.target_path.present? && message.matches_current_path(project.full_path)
      end
--- a/app/views/admin/broadcast_messages/_form.html.haml
+++ b/app/views/admin/broadcast_messages/_form.html.haml
@ -55,6 +55,14 @@
      = f.check_box :dismissable
      = f.label :dismissable do
        = _('Allow users to dismiss the broadcast message')
  - if Feature.enabled?(:role_targeted_broadcast_messages, default_enabled: :yaml)
    .form-group.row
      .col-sm-2.col-form-label
        = f.label :target_access_levels, _('Target roles')
      .col-sm-10
        = f.select :target_access_levels, target_access_level_options, { include_hidden: false }, multiple: true, class: 'form-control'
        .form-text.text-muted
          = _('The broadcast message displays only to users in projects and groups who have these roles.')
  .form-group.row.js-toggle-colors-container.toggle-colors.hide
    .col-sm-2.col-form-label
      = f.label :font, _("Font Color")
--- a/app/views/admin/broadcast_messages/index.html.haml
+++ b/app/views/admin/broadcast_messages/index.html.haml
@ -1,10 +1,11 @@
 - breadcrumb_title _("Messages")
 - page_title _("Broadcast Messages")
 - targeted_broadcast_messages_enabled = Feature.enabled?(:role_targeted_broadcast_messages, default_enabled: :yaml)
 %h3.page-title
  = _('Broadcast Messages')
 %p.light
-  = _('Broadcast messages are displayed for every user and can be used to notify users about scheduled maintenance, recent upgrades and more.')
+  = _('Use banners and notifications to notify your users about scheduled maintenance, recent upgrades, and more.')
 = render 'form'
@ -19,6 +20,8 @@
          %th= _('Preview')
          %th= _('Starts')
          %th= _('Ends')
          - if targeted_broadcast_messages_enabled
            %th= _('Target roles')
          %th= _('Target Path')
          %th= _('Type')
          %th &nbsp;
@ -33,6 +36,9 @@
              = message.starts_at
            %td
              = message.ends_at
            - if targeted_broadcast_messages_enabled
              %td
                = target_access_levels_display(message.target_access_levels)
            %td
              = message.target_path
            %td
--- a/config/feature_flags/development/role_targeted_broadcast_messages.yml
+++ b/config/feature_flags/development/role_targeted_broadcast_messages.yml
@ -0,0 +1,8 @@
 ---
 name: role_targeted_broadcast_messages
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77498
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/351736
 milestone: '14.8'
 type: development
 group: group::activation
 default_enabled: false
--- a/data/deprecations/14-8-ci-build-variables.yml
+++ b/data/deprecations/14-8-ci-build-variables.yml
@ -0,0 +1,16 @@
 - name: "`CI_BUILD_*` predefined variables"
  announcement_milestone: "14.8"
  announcement_date: "2021-02-22"
  removal_milestone: "15.0"
  removal_date: "2022-05-22"
  breaking_change: true
  reporter: dhershkovitch
  body: |
    The predefined CI/CD variables that start with `CI_BUILD_*` were deprecated in GitLab 9.0, and will be removed in GitLab 15.0. If you still use these variables, be sure to change to the current [`CI_JOB_*` predefined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) which are identical (except for the updated name).
 # The following items are not published on the docs page, but may be used in the future.
  stage: Verify
  tiers: [Free, Premium, Ultimate]
  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352957
  documentation_url: https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
--- a/data/deprecations/14-8-sast-secret-analyzer-image.yml
+++ b/data/deprecations/14-8-sast-secret-analyzer-image.yml
@ -0,0 +1,27 @@
 - name: "Secure and Protect analyzer images published in new location"
  announcement_milestone: "14.8"
  announcement_date: "2022-02-22"
  removal_milestone: "15.0"
  removal_date: "2022-05-22"
  breaking_change: true
  reporter: connorgilbert
  body: |  # Do not modify this line, instead modify the lines below.
    GitLab uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to [scan for security vulnerabilities](https://docs.gitlab.com/ee/user/application_security/).
    Each analyzer is distributed as a container image.
    Starting in GitLab 14.8, new versions of GitLab Secure and Protect analyzers are published to a new registry location under `registry.gitlab.com/security-products`.
    We will update the default value of [GitLab-managed CI/CD templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security) to reflect this change:
    - For all analyzers except Container Scanning, we will update the variable `SECURE_ANALYZERS_PREFIX` to the new image registry location.
    - For Container Scanning, the default image address is already updated. There is no `SECURE_ANALYZERS_PREFIX` variable for Container Scanning.
    In a future release, we will stop publishing images to `registry.gitlab.com/gitlab-org/security-products/analyzers`.
    Once this happens, you must take action if you manually pull images and push them into a separate registry. This is commonly the case for [offline deployments](https://docs.gitlab.com/ee/user/application_security/offline_deployments/index.html).
    Otherwise, you won't receive further updates.
    See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564) for more details.
 # The following items are not published on the docs page, but may be used in the future.
  stage: Secure
  tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352564
--- a/data/deprecations/JTW_v2_update.yml
+++ b/data/deprecations/JTW_v2_update.yml
@ -0,0 +1,28 @@
 # This is a template for a feature deprecation
 # A deprecation typically occurs when a feature or capability is planned to be removed in a future release.
 # Deprecations should be announced at least two releases prior to removal.  Any breaking changes should only be done in major releases.
 #
 # Below is an example of what a single entry should look like, it's required attributes,
 # and what types we expect those attribute values to be.
 #
 # For more information please refer to the handbook documentation here:
 # https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations
 #
 # Please delete this line and above before submitting your merge request.
 - name: "Changes to the `CI_JOB_JWT`"  # The name of the feature to be deprecated
  announcement_milestone: "14.8"  # The milestone when this feature was first announced as deprecated.
  announcement_date: "2022-02-22"  # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
  removal_milestone: "15.0"  # The milestone when this feature is planned to be removed
  removal_date:  # The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
  breaking_change: true  # If this deprecation is a breaking change, set this value to true
  reporter: dhershkovitch  # GitLab username of the person reporting the deprecation
  body: |  # Do not modify this line, instead modify the lines below.
    The `CI_JOB_JWT` will be updated to support a wider variety of cloud providers. It will be changed to match [`CI_JOB_JWT_V2`](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html), but this change may not be backwards compatible for all users, including Hashicorp Vault users. To maintain the current behavior, users can switch to using `CI_JOB_JWT_V1`, or update their configuration in GitLab 15.0 to use the improved `CI_JOB_JWT`.
 # The following items are not published on the docs page, but may be used in the future.
  stage:  # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
  tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
  issue_url:  # (optional) This is a link to the deprecation issue in GitLab
  documentation_url:  # (optional) This is a link to the current documentation page
  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
--- a/data/removals/14_0/14_0-ds-deprecations.yml
+++ b/data/removals/14_0/14_0-ds-deprecations.yml
@ -1,4 +1,4 @@
- name: "Deprecations for Dependency Scanning"
+- name: "Dependency Scanning"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: nicoleschwartz
--- a/data/removals/14_0/14_0-lc-deprecations.yml
+++ b/data/removals/14_0/14_0-lc-deprecations.yml
@ -1,4 +1,4 @@
- name: "Removals for License Compliance"
+- name: "License Compliance"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: nicoleschwartz
--- a/data/removals/14_0/create-code-review-w-parameter-removal.yml
+++ b/data/removals/14_0/create-code-review-w-parameter-removal.yml
@ -1,4 +1,4 @@
- name: "Remove `?w=1` URL parameter to ignore whitespace changes"
+- name: "`?w=1` URL parameter to ignore whitespace changes"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: phikai
--- a/data/removals/14_0/deprecation_bump_terraform_template_version.yml
+++ b/data/removals/14_0/deprecation_bump_terraform_template_version.yml
@ -1,4 +1,4 @@
- name: "New Terraform template version"
+- name: "Terraform template version"
  removal_date: "2021-06-22"
  removal_milestone: "14.0" # example
  issue_url: ""
--- a/data/removals/14_0/deprecation_update_cicd_templates_to_stop_using_hardcode_master.yml
+++ b/data/removals/14_0/deprecation_update_cicd_templates_to_stop_using_hardcode_master.yml
@ -1,4 +1,4 @@
- name: "Update CI/CD templates to stop using hardcoded `master`"
+- name: "Hardcoded `master` in CI/CD templates"
  reporter: dhershkovitch
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
--- a/data/removals/14_0/deuley_servicetemplates_removal.yml
+++ b/data/removals/14_0/deuley_servicetemplates_removal.yml
@ -1,4 +1,4 @@
- name: "Service Templates removed"
+- name: "Service Templates"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deuley
--- a/data/removals/14_0/release_announce_deprecation_of_release_notes_api.yml
+++ b/data/removals/14_0/release_announce_deprecation_of_release_notes_api.yml
@ -1,4 +1,4 @@
- name: "Removal of release description in the Tags API"
+- name: "Release description in the Tags API"
  reporter: kbychu
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
--- a/data/removals/14_0/release_deprecation_auto-deploy-image.yml
+++ b/data/removals/14_0/release_deprecation_auto-deploy-image.yml
@ -1,10 +1,10 @@
- name: "Update Auto Deploy template version"
+- name: "Auto Deploy CI template v1"
  reporter: kbychu
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/300862'
  breaking_change: true
  body: |
-    In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 will is deprecated going forward.
+    In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 is deprecated going forward.
    Since the v1 and v2 versions are not backward-compatible, your project might encounter an unexpected failure if you already have a deployed application. Follow the [upgrade guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#upgrade-guide) to upgrade your environments. You can also start using the latest template today by following the [early adoption guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#early-adopters).
--- a/data/removals/14_0/release_domainsource_configuration_for_gitlab_pages_deprecation.yml
+++ b/data/removals/14_0/release_domainsource_configuration_for_gitlab_pages_deprecation.yml
@ -1,4 +1,4 @@
- name: "Remove disk source configuration for GitLab Pages"
+- name: "Disk source configuration for GitLab Pages"
  reporter: kbychu
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
--- a/data/removals/14_0/release_legacy_feature_flags_deprecation.yml
+++ b/data/removals/14_0/release_legacy_feature_flags_deprecation.yml
@ -1,4 +1,4 @@
- name: "Legacy feature flags removed"
+- name: "Legacy feature flags"
  reporter: kbychu
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
--- a/data/removals/14_0/release_remove_redundant_keyvalue_pair_from_the_payload_of_dora.yml
+++ b/data/removals/14_0/release_remove_redundant_keyvalue_pair_from_the_payload_of_dora.yml
@ -1,4 +1,4 @@
- name: "Remove redundant timestamp field from DORA metrics API payload"
+- name: "Redundant timestamp field from DORA metrics API payload"
  reporter: kbychu
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
--- a/data/removals/14_0/removal-geo-fdw-settings.yml
+++ b/data/removals/14_0/removal-geo-fdw-settings.yml
@ -1,4 +1,4 @@
- name: "Geo Foreign Data Wrapper settings removed"
+- name: "Geo Foreign Data Wrapper settings"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: fzimmer
--- a/data/removals/14_0/removal-graphql-fields.yml
+++ b/data/removals/14_0/removal-graphql-fields.yml
@ -1,4 +1,4 @@
- name: "Deprecated GraphQL fields have been removed"
+- name: "Deprecated GraphQL fields"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: gweaver
--- a/data/removals/14_0/removal-legacy-storage.yml
+++ b/data/removals/14_0/removal-legacy-storage.yml
@ -1,4 +1,4 @@
- name: "Legacy storage removed"
+- name: "Legacy storage"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: fzimmer
--- a/data/removals/14_0/removal-sidekiq_experimental_queue_selector.yml
+++ b/data/removals/14_0/removal-sidekiq_experimental_queue_selector.yml
@ -1,4 +1,4 @@
- name: Sidekiq queue selector options no longer accept the 'experimental' prefix
+- name: Experimental prefix in Sidekiq queue selector options
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: smcgivern
--- a/data/removals/14_0/removal-unicorn.yml
+++ b/data/removals/14_0/removal-unicorn.yml
@ -1,4 +1,4 @@
- name: "Unicorn removed in favor of Puma for GitLab self-managed"
+- name: "Unicorn in GitLab self-managed"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: fzimmer
--- a/data/removals/14_0/removal_ci_project_config_path.yml
+++ b/data/removals/14_0/removal_ci_project_config_path.yml
@ -1,4 +1,4 @@
- name: "`CI_PROJECT_CONFIG_PATH` variable has been removed"
+- name: "`CI_PROJECT_CONFIG_PATH` variable"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: stkerr
--- a/data/removals/14_0/removal_repost_static_analysis_notices.yml
+++ b/data/removals/14_0/removal_repost_static_analysis_notices.yml
@ -8,7 +8,7 @@
    Until GitLab 13.9, if you wanted to avoid running one particular GitLab SAST analyzer, you needed to remove it from the [long string of analyzers in the `SAST.gitlab-ci.yml` file](https://gitlab.com/gitlab-org/gitlab/-/blob/390afc431e7ce1ac253b35beb39f19e49c746bff/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L12) and use that to set the [`SAST_DEFAULT_ANALYZERS`](https://docs.gitlab.com/ee/user/application_security/sast/#docker-images) variable in your project's CI file. If you did this, it would exclude you from future new analyzers because this string hard codes the list of analyzers to execute. We avoid this problem by inverting this variable's logic to exclude, rather than choose default analyzers.
    Beginning with 13.9, [we migrated](https://gitlab.com/gitlab-org/gitlab/-/blob/14fed7a33bfdbd4663d8928e46002a5ef3e3282c/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L13) to `SAST_EXCLUDED_ANALYZERS` in our `SAST.gitlab-ci.yml` file. We encourage anyone who uses a [customized SAST configuration](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) in their project CI file to migrate to this new variable. If you have not overridden `SAST_DEFAULT_ANALYZERS`, no action is needed. The CI/CD variable `SAST_DEFAULT_ANALYZERS` has been removed in GitLab 14.0, which released on June 22, 2021.
- name: "Remove `secret_detection_default_branch` job"
+- name: "`secret_detection_default_branch` job"
  reporter: tmccaslin
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
@ -18,8 +18,7 @@
    To ensure Secret Detection was scanning both default branches and feature branches, we introduced two separate secret detection CI jobs (`secret_detection_default_branch` and `secret_detection`) in our managed [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) template. These two CI jobs created confusion and complexity in the CI rules logic. This deprecation moves the `rule` logic into the `script` section, which then determines how the `secret_detection` job is run (historic, on a branch, commits, etc).
    If you override or maintain custom versions of `SAST.gitlab-ci.yml` or `Secret-Detection.gitlab-ci.yml`, you must update your CI templates. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/secret_detection/#custom-settings-example) to future-proof your CI templates. GitLab 14.0 no longer supports the old `secret_detection_default_branch` job.
- name: "Remove SAST analyzer `SAST_GOSEC_CONFIG` variable in favor of
+- name: "SAST analyzer `SAST_GOSEC_CONFIG` variable"
    custom rulesets"
  reporter: tmccaslin
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
@ -29,7 +28,7 @@
    With the release of [SAST Custom Rulesets](https://docs.gitlab.com/ee/user/application_security/sast/#customize-rulesets) in GitLab 13.5 we allow greater flexibility in configuration options for our Go analyzer (GoSec). As a result we no longer plan to support our less flexible [`SAST_GOSEC_CONFIG`](https://docs.gitlab.com/ee/user/application_security/sast/#analyzer-settings) analyzer setting. This variable was deprecated in GitLab 13.10.
    GitLab 14.0 removes the old `SAST_GOSEC_CONFIG variable`. If you use or override `SAST_GOSEC_CONFIG` in your CI file, update your SAST CI configuration or pin to an older version of the GoSec analyzer. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates.
- name: "Removed Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template"
+- name: "Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template"
  reporter: tmccaslin
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
--- a/data/removals/14_0/removal_runner_25555.yml
+++ b/data/removals/14_0/removal_runner_25555.yml
@ -1,4 +1,4 @@
- name: "Remove off peak time mode configuration for Docker Machine autoscaling"
+- name: "Off peak time mode configuration for Docker Machine autoscaling"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removal_runner_26036.yml
+++ b/data/removals/14_0/removal_runner_26036.yml
@ -1,4 +1,4 @@
- name: "Remove Ubuntu 19.10 (Eoan Ermine) package"
+- name: "Ubuntu 19.10 (Eoan Ermine) package"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removal_runner_6413.yml
+++ b/data/removals/14_0/removal_runner_6413.yml
@ -1,4 +1,4 @@
- name: "Remove `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag"
+- name: "`FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removals_runner_26651.yml
+++ b/data/removals/14_0/removals_runner_26651.yml
@ -1,4 +1,4 @@
- name: "Remove `/usr/lib/gitlab-runner` symlink from package"
+- name: "`/usr/lib/gitlab-runner` symlink from package"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removals_runner_26679.yml
+++ b/data/removals/14_0/removals_runner_26679.yml
@ -1,4 +1,4 @@
- name: "Remove `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag"
+- name: "`FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removals_runner_26900.yml
+++ b/data/removals/14_0/removals_runner_26900.yml
@ -1,4 +1,4 @@
- name: "Remove success and failure for finished build metric conversion"
+- name: "Success and failure for finished build metric conversion"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removals_runner_27175.yml
+++ b/data/removals/14_0/removals_runner_27175.yml
@ -1,4 +1,4 @@
- name: "Remove `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag"
+- name: "`FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removals_runner_27551.yml
+++ b/data/removals/14_0/removals_runner_27551.yml
@ -1,4 +1,4 @@
- name: "Remove support for Windows Server 1903 image"
+- name: "Windows Server 1903 image support"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/removals_runner_27899.yml
+++ b/data/removals/14_0/removals_runner_27899.yml
@ -1,4 +1,4 @@
- name: "Remove support for Windows Server 1909 image"
+- name: "Windows Server 1909 image support"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: deastman
--- a/data/removals/14_0/remove-sql-elector.yml
+++ b/data/removals/14_0/remove-sql-elector.yml
@ -1,4 +1,4 @@
- name: "Gitaly Cluster SQL primary elector has been removed"
+- name: "Gitaly Cluster SQL primary elector"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: mjwood
--- a/data/removals/14_0/remove_dast_legacy_domain_validation.yml
+++ b/data/removals/14_0/remove_dast_legacy_domain_validation.yml
@ -1,4 +1,4 @@
- name: "Remove legacy DAST domain validation"
+- name: "Legacy DAST domain validation"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: derekferguson
--- a/data/removals/14_0/remove_dast_legacy_report_fields.yml
+++ b/data/removals/14_0/remove_dast_legacy_report_fields.yml
@ -1,4 +1,4 @@
- name: "Removal of legacy fields from DAST report"
+- name: "Legacy fields from DAST report"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: derekferguson
--- a/data/removals/14_0/remove_dast_template_stages.yml
+++ b/data/removals/14_0/remove_dast_template_stages.yml
@ -1,4 +1,4 @@
- name: "Remove DAST default template stages"
+- name: "DAST default template stages"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: derekferguson
--- a/data/removals/14_0/remove_optimize_api.yml
+++ b/data/removals/14_0/remove_optimize_api.yml
@ -1,4 +1,4 @@
- name: "Segments removed from DevOps Adoption API"
+- name: "DevOps Adoption API Segments"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: ljlane
--- a/data/removals/14_0/verify-ci-removal-parametertrace.yml
+++ b/data/removals/14_0/verify-ci-removal-parametertrace.yml
@ -1,4 +1,4 @@
- name: "Removal of deprecated `trace` parameter from `jobs` API endpoint"
+- name: "`trace` parameter in `jobs` API"
  removal_date: "2021-06-22"
  removal_milestone: "14.0"
  reporter: jreporter
--- a/data/removals/templates/example.yml
+++ b/data/removals/templates/example.yml
@ -9,7 +9,7 @@
 #
 # Please delete this line and above before submitting your merge request.
- name: "Announcement headline"  # The headline announcing the removal. i.e. "`CI_PROJECT_CONFIG_PATH` removed in Gitlab 14.0"
+- name: "Feature name"  # the name of the feature being removed. Avoid the words `deprecation`, `deprecate`, `removal`, and `remove` in this field because these are implied.
  announcement_milestone: "XX.YY"  # The milestone when this feature was deprecated.
  announcement_date: "YYYY-MM-DD"  # The date of the milestone release when this feature was deprecated. This should almost always be the 22nd of a month (YYYY-MM-DD), unless you did an out of band blog post.
  removal_milestone: "XX.YY"  # The milestone when this feature is being removed.
--- a/db/migrate/20220128081329_add_target_access_levels_to_broadcast_messages.rb
+++ b/db/migrate/20220128081329_add_target_access_levels_to_broadcast_messages.rb
@ -0,0 +1,7 @@
 # frozen_string_literal: true
 class AddTargetAccessLevelsToBroadcastMessages < Gitlab::Database::Migration[1.0]
  def change
    add_column :broadcast_messages, :target_access_levels, :integer, array: true, null: false, default: []
  end
 end
--- a/db/post_migrate/20220213104531_create_indexes_on_integration_type_new.rb
+++ b/db/post_migrate/20220213104531_create_indexes_on_integration_type_new.rb
@ -0,0 +1,60 @@
 # frozen_string_literal: true
 # Reproduce the indices on integrations.type on integrations.type_new
 class CreateIndexesOnIntegrationTypeNew < Gitlab::Database::Migration[1.0]
  disable_ddl_transaction!
  TABLE_NAME = :integrations
  COLUMN = :type_new
  def indices
    [
      {
        name: "index_integrations_on_project_and_#{COLUMN}_where_inherit_null",
        columns: [:project_id, COLUMN],
        where: 'inherit_from_id IS NULL'
      },
      {
        name: "index_integrations_on_project_id_and_#{COLUMN}_unique",
        columns: [:project_id, COLUMN],
        unique: true
      },
      {
        name: "index_integrations_on_#{COLUMN}",
        columns: [COLUMN]
      },
      {
        name: "index_integrations_on_#{COLUMN}_and_instance_partial",
        columns: [COLUMN, :instance],
        where: 'instance = true'
      },
      {
        name: "index_integrations_on_#{COLUMN}_and_template_partial",
        columns: [COLUMN, :template],
        where: 'template = true'
      },
      {
        # column names are limited to 63 characters, so this one is re-worded for clarity
        name: "index_integrations_on_#{COLUMN}_id_when_active_and_has_project",
        columns: [COLUMN, :id],
        where: '((active = true) AND (project_id IS NOT NULL))'
      },
      {
        name: "index_integrations_on_unique_group_id_and_#{COLUMN}",
        columns: [:group_id, COLUMN]
      }
    ]
  end
  def up
    indices.each do |index|
      add_concurrent_index TABLE_NAME, index[:columns], index.except(:columns)
    end
  end
  def down
    indices.each do |index|
      remove_concurrent_index_by_name TABLE_NAME, index[:name]
    end
  end
 end
--- a/db/schema_migrations/20220128081329
+++ b/db/schema_migrations/20220128081329
@ -0,0 +1 @@
 6e273d5b92595ae6054b0665b4ff446fb2bed24ff1aab122537833dc8f4d9ab8
--- a/db/schema_migrations/20220213104531
+++ b/db/schema_migrations/20220213104531
@ -0,0 +1 @@
 9ce8aa469b9469d25fbba52147e24c95f6242c2ab1e114df8baaf5a45268d2fd
--- a/db/structure.sql
+++ b/db/structure.sql
@ -11364,7 +11364,8 @@ CREATE TABLE broadcast_messages (
    cached_markdown_version integer,
    target_path character varying(255),
    broadcast_type smallint DEFAULT 1 NOT NULL,
-    dismissable boolean
+    dismissable boolean,
    target_access_levels integer[] DEFAULT '{}'::integer[] NOT NULL
 );
 CREATE SEQUENCE broadcast_messages_id_seq
@ -26665,8 +26666,12 @@ CREATE INDEX index_insights_on_project_id ON insights USING btree (project_id);
 CREATE INDEX index_integrations_on_inherit_from_id ON integrations USING btree (inherit_from_id);
 CREATE INDEX index_integrations_on_project_and_type_new_where_inherit_null ON integrations USING btree (project_id, type_new) WHERE (inherit_from_id IS NULL);
 CREATE INDEX index_integrations_on_project_and_type_where_inherit_null ON integrations USING btree (project_id, type) WHERE (inherit_from_id IS NULL);
 CREATE UNIQUE INDEX index_integrations_on_project_id_and_type_new_unique ON integrations USING btree (project_id, type_new);
 CREATE UNIQUE INDEX index_integrations_on_project_id_and_type_unique ON integrations USING btree (project_id, type);
 CREATE INDEX index_integrations_on_template ON integrations USING btree (template);
@ -26679,8 +26684,18 @@ CREATE UNIQUE INDEX index_integrations_on_type_and_template_partial ON integrati
 CREATE INDEX index_integrations_on_type_id_when_active_and_project_id_not_nu ON integrations USING btree (type, id) WHERE ((active = true) AND (project_id IS NOT NULL));
 CREATE INDEX index_integrations_on_type_new ON integrations USING btree (type_new);
 CREATE INDEX index_integrations_on_type_new_and_instance_partial ON integrations USING btree (type_new, instance) WHERE (instance = true);
 CREATE INDEX index_integrations_on_type_new_and_template_partial ON integrations USING btree (type_new, template) WHERE (template = true);
 CREATE INDEX index_integrations_on_type_new_id_when_active_and_has_project ON integrations USING btree (type_new, id) WHERE ((active = true) AND (project_id IS NOT NULL));
 CREATE UNIQUE INDEX index_integrations_on_unique_group_id_and_type ON integrations USING btree (group_id, type);
 CREATE INDEX index_integrations_on_unique_group_id_and_type_new ON integrations USING btree (group_id, type_new);
 CREATE INDEX index_internal_ids_on_namespace_id ON internal_ids USING btree (namespace_id);
 CREATE INDEX index_internal_ids_on_project_id ON internal_ids USING btree (project_id);
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@ -727,6 +727,18 @@ The `merged_by` field in the [merge request API](https://docs.gitlab.com/ee/api/
 ## 14.8
 ### Changes to the `CI_JOB_JWT`
 WARNING:
 This feature will be changed or removed in 15.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 The `CI_JOB_JWT` will be updated to support a wider variety of cloud providers. It will be changed to match [`CI_JOB_JWT_V2`](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html), but this change may not be backwards compatible for all users, including Hashicorp Vault users. To maintain the current behavior, users can switch to using `CI_JOB_JWT_V1`, or update their configuration in GitLab 15.0 to use the improved `CI_JOB_JWT`.
 **Planned removal milestone: 15.0 ()**
 ### Configurable Gitaly `per_repository` election strategy
 Configuring the `per_repository` Gitaly election strategy is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/352612).
@ -1247,6 +1259,32 @@ For further details, see [the deprecation issue for this change](https://gitlab.
 **Planned removal milestone: 15.0 (2022-05-22)**
 ### Secure and Protect analyzer images published in new location
 WARNING:
 This feature will be changed or removed in 15.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to [scan for security vulnerabilities](https://docs.gitlab.com/ee/user/application_security/).
 Each analyzer is distributed as a container image.
 Starting in GitLab 14.8, new versions of GitLab Secure and Protect analyzers are published to a new registry location under `registry.gitlab.com/security-products`.
 We will update the default value of [GitLab-managed CI/CD templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security) to reflect this change:
 - For all analyzers except Container Scanning, we will update the variable `SECURE_ANALYZERS_PREFIX` to the new image registry location.
 - For Container Scanning, the default image address is already updated. There is no `SECURE_ANALYZERS_PREFIX` variable for Container Scanning.
 In a future release, we will stop publishing images to `registry.gitlab.com/gitlab-org/security-products/analyzers`.
 Once this happens, you must take action if you manually pull images and push them into a separate registry. This is commonly the case for [offline deployments](https://docs.gitlab.com/ee/user/application_security/offline_deployments/index.html).
 Otherwise, you won't receive further updates.
 See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564) for more details.
 **Planned removal milestone: 15.0 (2022-05-22)**
 ### Support for gRPC-aware proxy deployed between Gitaly and rest of GitLab
 WARNING:
@ -1305,6 +1343,18 @@ The new security approvals feature is similar to vulnerability check. For exampl
 **Planned removal milestone: 15.0 (2022-05-22)**
 ### `CI_BUILD_*` predefined variables
 WARNING:
 This feature will be changed or removed in 15.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 The predefined CI/CD variables that start with `CI_BUILD_*` were deprecated in GitLab 9.0, and will be removed in GitLab 15.0. If you still use these variables, be sure to change to the current [`CI_JOB_*` predefined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) which are identical (except for the updated name).
 **Planned removal milestone: 15.0 (2022-05-22)**
 ### `fixup!` commit messages setting draft status of associated Merge Request
 The use of `fixup!` as a commit message to trigger draft status
--- a/doc/update/removals.md
+++ b/doc/update/removals.md
@ -30,6 +30,18 @@ For removal reviewers (Technical Writers only):
 ## 14.0
 ### Auto Deploy CI template v1
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 is deprecated going forward.
 Since the v1 and v2 versions are not backward-compatible, your project might encounter an unexpected failure if you already have a deployed application. Follow the [upgrade guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#upgrade-guide) to upgrade your environments. You can also start using the latest template today by following the [early adoption guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#early-adopters).
 ### Breaking changes to Terraform CI template
 WARNING:
@ -64,6 +76,16 @@ changes to your code, settings, or workflow.
 Clair, the default container scanning engine, was deprecated in GitLab 13.9 and is removed from GitLab 14.0 and replaced by Trivy. We advise customers who are customizing variables for their container scanning job to [follow these instructions](https://docs.gitlab.com/ee/user/application_security/container_scanning/#change-scanners) to ensure that their container scanning jobs continue to work.
 ### DAST default template stages
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In GitLab 14.0, we've removed the stages defined in the current `DAST.gitlab-ci.yml` template to avoid the situation where the template overrides manual changes made by DAST users. We're making this change in response to customer issues where the stages in the template cause problems when used with customized DAST configurations. Because of this removal, `gitlab-ci.yml` configurations that do not specify a `dast` stage must be updated to include this stage.
 ### DAST environment variable renaming and removal
 WARNING:
@ -119,7 +141,21 @@ GitLab has already introduced changes that allow you to change the default branc
 For more information, check out our [blog post](https://about.gitlab.com/blog/2021/03/10/new-git-default-branch-name/).
-### Deprecated GraphQL fields have been removed
+### Dependency Scanning
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 As mentioned in [13.9](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#deprecations-for-dependency-scanning) and [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/) several removals for Dependency Scanning take effect.
 Previously, to exclude a DS analyzer, you needed to remove it from the default list of analyzers, and use that to set the `DS_DEFAULT_ANALYZERS` variable in your project’s CI template. We determined it should be easier to avoid running a particular analyzer without losing the benefit of newly added analyzers. As a result, we ask you to migrate from `DS_DEFAULT_ANALYZERS` to `DS_EXCLUDED_ANALYZERS` when it is available. Read about it in [issue #287691](https://gitlab.com/gitlab-org/gitlab/-/issues/287691).
 Previously, to prevent the Gemnasium analyzers to fetch the advisory database at runtime, you needed to set the `GEMNASIUM_DB_UPDATE` variable. However, this is not documented properly, and its naming is inconsistent with the equivalent `BUNDLER_AUDIT_UPDATE_DISABLED` variable. As a result, we ask you to migrate from `GEMNASIUM_DB_UPDATE` to `GEMNASIUM_UPDATE_DISABLED` when it is available. Read about it in [issue #215483](https://gitlab.com/gitlab-org/gitlab/-/issues/215483).
 ### Deprecated GraphQL fields
 WARNING:
 This feature was changed or removed in 14.0
@ -136,7 +172,7 @@ In accordance with our [GraphQL deprecation and removal process](https://docs.gi
 - `DeprecatedMutations (concern**)` - `AddAwardEmoji`, `RemoveAwardEmoji`, `ToggleAwardEmoji`
 - `EE::Types::DeprecatedMutations (concern***)` - `Mutations::Pipelines::RunDastScan`, `Mutations::Vulnerabilities::Dismiss`, `Mutations::Vulnerabilities::RevertToDetected`
-### Deprecations for Dependency Scanning
+### DevOps Adoption API Segments
 WARNING:
 This feature was changed or removed in 14.0
@ -144,11 +180,29 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
-As mentioned in [13.9](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#deprecations-for-dependency-scanning) and [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/) several removals for Dependency Scanning take effect.
+The first release of the DevOps Adoption report had a concept of **Segments**. Segments were [quickly removed from the report](https://gitlab.com/groups/gitlab-org/-/epics/5251) because they introduced an additional layer of complexity on top of **Groups** and **Projects**. Subsequent iterations of the DevOps Adoption report focus on comparing adoption across groups rather than segments. GitLab 14.0 removes all references to **Segments** [from the GraphQL API](https://gitlab.com/gitlab-org/gitlab/-/issues/324414) and replaces them with **Enabled groups**.
-Previously, to exclude a DS analyzer, you needed to remove it from the default list of analyzers, and use that to set the `DS_DEFAULT_ANALYZERS` variable in your project’s CI template. We determined it should be easier to avoid running a particular analyzer without losing the benefit of newly added analyzers. As a result, we ask you to migrate from `DS_DEFAULT_ANALYZERS` to `DS_EXCLUDED_ANALYZERS` when it is available. Read about it in [issue #287691](https://gitlab.com/gitlab-org/gitlab/-/issues/287691).
+### Disk source configuration for GitLab Pages
-Previously, to prevent the Gemnasium analyzers to fetch the advisory database at runtime, you needed to set the `GEMNASIUM_DB_UPDATE` variable. However, this is not documented properly, and its naming is inconsistent with the equivalent `BUNDLER_AUDIT_UPDATE_DISABLED` variable. As a result, we ask you to migrate from `GEMNASIUM_DB_UPDATE` to `GEMNASIUM_UPDATE_DISABLED` when it is available. Read about it in [issue #215483](https://gitlab.com/gitlab-org/gitlab/-/issues/215483).
+WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab Pages [API-based configuration](https://docs.gitlab.com/ee/administration/pages/#gitlab-api-based-configuration) has been available since GitLab 13.0. It replaces the unsupported `disk` source configuration removed in GitLab 14.0, which can no longer be chosen. You should stop using `disk` source configuration, and move to `gitlab` for an API-based configuration. To migrate away from the 'disk' source configuration, set `gitlab_pages['domain_config_source'] = "gitlab"` in your `/etc/gitlab/gitlab.rb` file. We recommend you migrate before updating to GitLab 14.0, to identify and troubleshoot any potential problems before upgrading.
 ### Experimental prefix in Sidekiq queue selector options
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab supports a [queue selector](https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html#queue-selector) to run only a subset of background jobs for a given process. When it was introduced, this option had an 'experimental' prefix (`experimental_queue_selector` in Omnibus, `experimentalQueueSelector` in Helm charts).
 As announced in the [13.6 release post](https://about.gitlab.com/releases/2020/11/22/gitlab-13-6-released/#sidekiq-cluster-queue-selector-configuration-option-has-been-renamed), the 'experimental' prefix is no longer supported. Instead, `queue_selector` for Omnibus and `queueSelector` in Helm charts should be used.
 ### External Pipeline Validation Service Code Changes
@ -160,7 +214,7 @@ changes to your code, settings, or workflow.
 For self-managed instances using the experimental [external pipeline validation service](https://docs.gitlab.com/ee/administration/external_pipeline_validation.html), the range of error codes GitLab accepts will be reduced. Currently, pipelines are invalidated when the validation service returns a response code from `400` to `499`. In GitLab 14.0 and later, pipelines will be invalidated for the `406: Not Accepted` response code only.
-### Geo Foreign Data Wrapper settings removed
+### Geo Foreign Data Wrapper settings
 WARNING:
 This feature was changed or removed in 14.0
@ -207,7 +261,7 @@ changes to your code, settings, or workflow.
 In GitLab Runner 14.0, the installation process will ignore the `skel` directory by default when creating the user home directory. Refer to [issue #4845](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4845) for details.
-### Gitaly Cluster SQL primary elector has been removed
+### Gitaly Cluster SQL primary elector
 WARNING:
 This feature was changed or removed in 14.0
@ -220,6 +274,30 @@ The `per_repository` election strategy is the new default, which is automaticall
 If you had configured the `sql` election strategy, you must follow the [migration instructions](https://docs.gitlab.com/ee/administration/gitaly/praefect.html#migrate-to-repository-specific-primary-gitaly-nodes) before upgrading to 14.0.
 ### Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 With the maturity of GitLab Secure scanning tools, we've needed to add more granularity to our release process. Previously, GitLab shared a major version number for [all analyzers and tools](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks). This requires all tools to share a major version, and prevents the use of [semantic version numbering](https://semver.org/). In GitLab 14.0, SAST removes the `SAST_ANALYZER_IMAGE_TAG` global variable in our [managed `SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml) CI template, in favor of the analyzer job variable setting the `major.minor` tag in the SAST vendored template.
 Each analyzer job now has a scoped `SAST_ANALYZER_IMAGE_TAG` variable, which will be actively managed by GitLab and set to the `major` tag for the respective analyzer. To pin to a specific version, [change the variable value to the specific version tag](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version).
 If you override or maintain custom versions of `SAST.gitlab-ci.yml`, update your CI templates to stop referencing the global `SAST_ANALYZER_IMAGE_TAG`, and move it to a scoped analyzer job tag. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates. This change allows you to more granularly control future analyzer updates with a pinned `major.minor` version.
 This deprecation and removal changes our [previously announced plan](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#pin-static-analysis-analyzers-and-tools-to-minor-versions) to pin the Static Analysis tools.
 ### Hardcoded `master` in CI/CD templates
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 Our CI/CD templates have been updated to no longer use hard-coded references to a `master` branch. In 14.0, they all use a variable that points to your project's configured default branch instead. If your CI/CD pipeline relies on our built-in templates, verify that this change works with your current configuration. For example, if you have a `master` branch and a different default branch, the updates to the templates may cause changes to your pipeline behavior. For more information, [read the issue](https://gitlab.com/gitlab-org/gitlab/-/issues/324131).
 ### Helm v2 support
 WARNING:
@ -232,7 +310,19 @@ Helm v2 was [officially deprecated](https://helm.sh/blog/helm-v2-deprecation-tim
 Users of the chart should [upgrade to Helm v3](https://helm.sh/docs/topics/v2_v3_migration/) to deploy GitLab 14.0 and later.
-### Legacy feature flags removed
+### Legacy DAST domain validation
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 The legacy method of DAST Domain Validation for CI/CD scans was deprecated in GitLab 13.8, and is removed in GitLab 14.0. This method of domain validation only disallows scans if the `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` environment variable is set to `true` in the `gitlab-ci.yml` file, and a `Gitlab-DAST-Permission` header on the site is not set to `allow`. This two-step method required users to opt in to using the variable before they could opt out from using the header.
 For more information, see the [removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/293595).
 ### Legacy feature flags
 WARNING:
 This feature was changed or removed in 14.0
@ -242,7 +332,19 @@ changes to your code, settings, or workflow.
 Legacy feature flags became read-only in GitLab 13.4. GitLab 14.0 removes support for legacy feature flags, so you must migrate them to the [new version](https://docs.gitlab.com/ee/operations/feature_flags.html). You can do this by first taking a note (screenshot) of the legacy flag, then deleting the flag through the API or UI (you don't need to alter the code), and finally create a new Feature Flag with the same name as the legacy flag you deleted. Also, make sure the strategies and environments match the deleted flag. We created a [video tutorial](https://www.youtube.com/watch?v=CAJY2IGep7Y) to help with this migration.
-### Legacy storage removed
+### Legacy fields from DAST report
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 As a part of the migration to a common report format for all of the Secure scanners in GitLab, DAST is making changes to the DAST JSON report. Certain legacy fields were deprecated in 13.8 and have been completely removed in 14.0. These fields are `@generated`, `@version`, `site`, and `spider`. This should not affect any normal DAST operation, but does affect users who consume the JSON report in an automated way and use these fields. Anyone affected by these changes, and needs these fields for business reasons, is encouraged to open a new GitLab issue and explain the need.
 For more information, see [the removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/33915).
 ### Legacy storage
 WARNING:
 This feature was changed or removed in 14.0
@ -252,6 +354,16 @@ changes to your code, settings, or workflow.
 As [announced in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/#planned-removal-of-legacy-storage-in-14.0), [legacy storage](https://docs.gitlab.com/ee/administration/repository_storage_types.html#legacy-storage) has been removed in GitLab 14.0.
 ### License Compliance
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 13.0, we deprecated the License-Management CI template and renamed it License-Scanning. We have been providing backward compatibility by warning users of the old template to switch. Now in 14.0, we are completely removing the License-Management CI template. Read about it in [issue #216261](https://gitlab.com/gitlab-org/gitlab/-/issues/216261) or [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/).
 ### Limit projects returned in `GET /groups/:id/`
 WARNING:
@ -283,7 +395,7 @@ changes to your code, settings, or workflow.
 Until GitLab 13.9, if you wanted to avoid running one particular GitLab SAST analyzer, you needed to remove it from the [long string of analyzers in the `SAST.gitlab-ci.yml` file](https://gitlab.com/gitlab-org/gitlab/-/blob/390afc431e7ce1ac253b35beb39f19e49c746bff/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L12) and use that to set the [`SAST_DEFAULT_ANALYZERS`](https://docs.gitlab.com/ee/user/application_security/sast/#docker-images) variable in your project's CI file. If you did this, it would exclude you from future new analyzers because this string hard codes the list of analyzers to execute. We avoid this problem by inverting this variable's logic to exclude, rather than choose default analyzers.
 Beginning with 13.9, [we migrated](https://gitlab.com/gitlab-org/gitlab/-/blob/14fed7a33bfdbd4663d8928e46002a5ef3e3282c/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml#L13) to `SAST_EXCLUDED_ANALYZERS` in our `SAST.gitlab-ci.yml` file. We encourage anyone who uses a [customized SAST configuration](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) in their project CI file to migrate to this new variable. If you have not overridden `SAST_DEFAULT_ANALYZERS`, no action is needed. The CI/CD variable `SAST_DEFAULT_ANALYZERS` has been removed in GitLab 14.0, which released on June 22, 2021.
-### New Terraform template version
+### Off peak time mode configuration for Docker Machine autoscaling
 WARNING:
 This feature was changed or removed in 14.0
@ -291,18 +403,7 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
-As we continuously [develop GitLab's Terraform integrations](https://gitlab.com/gitlab-org/gitlab/-/issues/325312), to minimize customer disruption, we maintain two GitLab CI/CD templates for Terraform:
+In GitLab Runner 13.0, [issue #5069](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/5069), we introduced new timing options for the GitLab Docker Machine executor. In GitLab Runner 14.0, we have removed the old configuration option, [off peak time mode](https://docs.gitlab.com/runner/configuration/autoscale.html#off-peak-time-mode-configuration-deprecated).
 - The ["latest version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml), which is updated frequently between minor releases of GitLab (such as 13.10, 13.11, etc).
 - The ["major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml), which is updated only at major releases (such as 13.0, 14.0, etc).
 At every major release of GitLab, the "latest version" template becomes the "major version" template, inheriting the "latest template" setup.
 As we have added many new features to the Terraform integration, the new setup for the "major version" template can be considered a breaking change.
 The latest template supports the [Terraform Merge Request widget](https://docs.gitlab.com/ee/user/infrastructure/mr_integration.html) and
 doesn't need additional setup to work with the [GitLab managed Terraform state](https://docs.gitlab.com/ee/user/infrastructure/terraform_state.html).
 To check the new changes, see the [new "major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml).
 ### OpenSUSE Leap 15.1
@ -326,173 +427,7 @@ PostgreSQL 12 will be the minimum required version in GitLab 14.0. It offers [si
 Starting in GitLab 13.7, all new installations default to version 12. From GitLab 13.8, single-node instances are automatically upgraded as well. If you aren't ready to upgrade, you can [opt out of automatic upgrades](https://docs.gitlab.com/omnibus/settings/database.html#opt-out-of-automatic-postgresql-upgrades).
-### Removal of deprecated `trace` parameter from `jobs` API endpoint
+### Redundant timestamp field from DORA metrics API payload
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab Runner was updated in GitLab 13.4 to internally stop passing the `trace` parameter to the `/api/jobs/:id` endpoint. GitLab 14.0 deprecates the `trace` parameter entirely for all other requests of this endpoint. Make sure your [GitLab Runner version matches your GitLab version](https://docs.gitlab.com/runner/#gitlab-runner-versions) to ensure consistent behavior.
 ### Removal of legacy fields from DAST report
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 As a part of the migration to a common report format for all of the Secure scanners in GitLab, DAST is making changes to the DAST JSON report. Certain legacy fields were deprecated in 13.8 and have been completely removed in 14.0. These fields are `@generated`, `@version`, `site`, and `spider`. This should not affect any normal DAST operation, but does affect users who consume the JSON report in an automated way and use these fields. Anyone affected by these changes, and needs these fields for business reasons, is encouraged to open a new GitLab issue and explain the need.
 For more information, see [the removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/33915).
 ### Removal of release description in the Tags API
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab 14.0 removes support for the release description in the Tags API. You can no longer add a release description when [creating a new tag](https://docs.gitlab.com/ee/api/tags.html#create-a-new-tag). You also can no longer [create](https://docs.gitlab.com/ee/api/tags.html#create-a-new-release) or [update](https://docs.gitlab.com/ee/api/tags.html#update-a-release) a release through the Tags API. Please migrate to use the [Releases API](https://docs.gitlab.com/ee/api/releases/#create-a-release) instead.
 ### Removals for License Compliance
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 13.0, we deprecated the License-Management CI template and renamed it License-Scanning. We have been providing backward compatibility by warning users of the old template to switch. Now in 14.0, we are completely removing the License-Management CI template. Read about it in [issue #216261](https://gitlab.com/gitlab-org/gitlab/-/issues/216261) or [this blog post](https://about.gitlab.com/blog/2021/02/08/composition-analysis-14-deprecations-and-removals/).
 ### Remove DAST default template stages
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In GitLab 14.0, we've removed the stages defined in the current `DAST.gitlab-ci.yml` template to avoid the situation where the template overrides manual changes made by DAST users. We're making this change in response to customer issues where the stages in the template cause problems when used with customized DAST configurations. Because of this removal, `gitlab-ci.yml` configurations that do not specify a `dast` stage must be updated to include this stage.
 ### Remove SAST analyzer `SAST_GOSEC_CONFIG` variable in favor of custom rulesets
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 With the release of [SAST Custom Rulesets](https://docs.gitlab.com/ee/user/application_security/sast/#customize-rulesets) in GitLab 13.5 we allow greater flexibility in configuration options for our Go analyzer (GoSec). As a result we no longer plan to support our less flexible [`SAST_GOSEC_CONFIG`](https://docs.gitlab.com/ee/user/application_security/sast/#analyzer-settings) analyzer setting. This variable was deprecated in GitLab 13.10.
 GitLab 14.0 removes the old `SAST_GOSEC_CONFIG variable`. If you use or override `SAST_GOSEC_CONFIG` in your CI file, update your SAST CI configuration or pin to an older version of the GoSec analyzer. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates.
 ### Remove Ubuntu 19.10 (Eoan Ermine) package
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 Ubuntu 19.10 (Eoan Ermine) reached end of life on Friday, July 17, 2020. In GitLab Runner 14.0, Ubuntu 19.10 (Eoan Ermine) is no longer available from our package distribution. Refer to [issue #26036](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26036) for details.
 ### Remove `/usr/lib/gitlab-runner` symlink from package
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In GitLab Runner 13.3, a symlink was added from `/user/lib/gitlab-runner/gitlab-runner` to `/usr/bin/gitlab-runner`. In 14.0, the symlink has been removed and the runner is now installed in `/usr/bin/gitlab-runner`. Refer to [issue #26651](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26651) for details.
 ### Remove `?w=1` URL parameter to ignore whitespace changes
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 To create a consistent experience for users based on their preferences, support for toggling whitespace changes via URL parameter has been removed in GitLab 14.0.
 ### Remove `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 14.0, we have deactivated the `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag. Refer to issue [#26679](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26679) for details.
 ### Remove `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In [GitLab Runner 13.1](https://docs.gitlab.com/runner/executors/shell.html#gitlab-131-and-later), [issue #3376](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3376), we introduced `sigterm` and then `sigkill` to a process in the Shell executor. We also introduced a new feature flag, `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL`, so you can use the previous process termination sequence. In GitLab Runner 14.0, [issue #6413](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/6413), the feature flag has been removed.
 ### Remove `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab Runner 14.0 removes the `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag. Refer to [issue #27175](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27175) for details.
 ### Remove `secret_detection_default_branch` job
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 To ensure Secret Detection was scanning both default branches and feature branches, we introduced two separate secret detection CI jobs (`secret_detection_default_branch` and `secret_detection`) in our managed [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) template. These two CI jobs created confusion and complexity in the CI rules logic. This deprecation moves the `rule` logic into the `script` section, which then determines how the `secret_detection` job is run (historic, on a branch, commits, etc).
 If you override or maintain custom versions of `SAST.gitlab-ci.yml` or `Secret-Detection.gitlab-ci.yml`, you must update your CI templates. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/secret_detection/#custom-settings-example) to future-proof your CI templates. GitLab 14.0 no longer supports the old `secret_detection_default_branch` job.
 ### Remove disk source configuration for GitLab Pages
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab Pages [API-based configuration](https://docs.gitlab.com/ee/administration/pages/#gitlab-api-based-configuration) has been available since GitLab 13.0. It replaces the unsupported `disk` source configuration removed in GitLab 14.0, which can no longer be chosen. You should stop using `disk` source configuration, and move to `gitlab` for an API-based configuration. To migrate away from the 'disk' source configuration, set `gitlab_pages['domain_config_source'] = "gitlab"` in your `/etc/gitlab/gitlab.rb` file. We recommend you migrate before updating to GitLab 14.0, to identify and troubleshoot any potential problems before upgrading.
 ### Remove legacy DAST domain validation
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 The legacy method of DAST Domain Validation for CI/CD scans was deprecated in GitLab 13.8, and is removed in GitLab 14.0. This method of domain validation only disallows scans if the `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` environment variable is set to `true` in the `gitlab-ci.yml` file, and a `Gitlab-DAST-Permission` header on the site is not set to `allow`. This two-step method required users to opt in to using the variable before they could opt out from using the header.
 For more information, see the [removal issue](https://gitlab.com/gitlab-org/gitlab/-/issues/293595).
 ### Remove off peak time mode configuration for Docker Machine autoscaling
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In GitLab Runner 13.0, [issue #5069](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/5069), we introduced new timing options for the GitLab Docker Machine executor. In GitLab Runner 14.0, we have removed the old configuration option, [off peak time mode](https://docs.gitlab.com/runner/configuration/autoscale.html#off-peak-time-mode-configuration-deprecated).
 ### Remove redundant timestamp field from DORA metrics API payload
 WARNING:
 This feature was changed or removed in 14.0
@ -502,7 +437,7 @@ changes to your code, settings, or workflow.
 The [deployment frequency project-level API](https://docs.gitlab.com/ee/api/dora4_project_analytics.html#list-project-deployment-frequencies) endpoint has been deprecated in favor of the [DORA 4 API](https://docs.gitlab.com/ee/api/dora/metrics.html), which consolidates all the metrics under one API with the specific metric as a required field. As a result, the timestamp field, which doesn't allow adding future extensions and causes performance issues, will be removed. With the old API, an example response would be `{ "2021-03-01": 3, "date": "2021-03-01", "value": 3 }`. The first key/value (`"2021-03-01": 3`) will be removed and replaced by the last two (`"date": "2021-03-01", "value": 3`).
-### Remove success and failure for finished build metric conversion
+### Release description in the Tags API
 WARNING:
 This feature was changed or removed in 14.0
@ -510,41 +445,7 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
-In GitLab Runner 13.5, we introduced `failed` and `success` states for a job. To support Prometheus rules, we chose to convert `success/failure` to `finished` for the metric. In 14.0, the conversion has now been removed. Refer to [issue #26900](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26900) for details.
+GitLab 14.0 removes support for the release description in the Tags API. You can no longer add a release description when [creating a new tag](https://docs.gitlab.com/ee/api/tags.html#create-a-new-tag). You also can no longer [create](https://docs.gitlab.com/ee/api/tags.html#create-a-new-release) or [update](https://docs.gitlab.com/ee/api/tags.html#update-a-release) a release through the Tags API. Please migrate to use the [Releases API](https://docs.gitlab.com/ee/api/releases/#create-a-release) instead.
 ### Remove support for Windows Server 1903 image
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 14.0, we have removed Windows Server 1903. Microsoft ended support for this version on 2020-08-12. Refer to [issue #27551](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27551) for details.
 ### Remove support for Windows Server 1909 image
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 14.0, we have removed Windows Server 1909. Microsoft ended support for this version on 2021-05-11. Refer to [issue #27899](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27899) for details.
 ### Removed Global `SAST_ANALYZER_IMAGE_TAG` in SAST CI template
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 With the maturity of GitLab Secure scanning tools, we've needed to add more granularity to our release process. Previously, GitLab shared a major version number for [all analyzers and tools](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks). This requires all tools to share a major version, and prevents the use of [semantic version numbering](https://semver.org/). In GitLab 14.0, SAST removes the `SAST_ANALYZER_IMAGE_TAG` global variable in our [managed `SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml) CI template, in favor of the analyzer job variable setting the `major.minor` tag in the SAST vendored template.
 Each analyzer job now has a scoped `SAST_ANALYZER_IMAGE_TAG` variable, which will be actively managed by GitLab and set to the `major` tag for the respective analyzer. To pin to a specific version, [change the variable value to the specific version tag](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version).
 If you override or maintain custom versions of `SAST.gitlab-ci.yml`, update your CI templates to stop referencing the global `SAST_ANALYZER_IMAGE_TAG`, and move it to a scoped analyzer job tag. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates. This change allows you to more granularly control future analyzer updates with a pinned `major.minor` version.
 This deprecation and removal changes our [previously announced plan](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#pin-static-analysis-analyzers-and-tools-to-minor-versions) to pin the Static Analysis tools.
 ### Ruby version changed in `Ruby.gitlab-ci.yml`
@ -560,7 +461,7 @@ To better support the latest versions of Ruby, the template is changed to use `r
 Relevant Issue: [Updates Ruby version 2.5 to 3.0](https://gitlab.com/gitlab-org/gitlab/-/issues/329160)
-### Segments removed from DevOps Adoption API
+### SAST analyzer `SAST_GOSEC_CONFIG` variable
 WARNING:
 This feature was changed or removed in 14.0
@ -568,9 +469,10 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
-The first release of the DevOps Adoption report had a concept of **Segments**. Segments were [quickly removed from the report](https://gitlab.com/groups/gitlab-org/-/epics/5251) because they introduced an additional layer of complexity on top of **Groups** and **Projects**. Subsequent iterations of the DevOps Adoption report focus on comparing adoption across groups rather than segments. GitLab 14.0 removes all references to **Segments** [from the GraphQL API](https://gitlab.com/gitlab-org/gitlab/-/issues/324414) and replaces them with **Enabled groups**.
+With the release of [SAST Custom Rulesets](https://docs.gitlab.com/ee/user/application_security/sast/#customize-rulesets) in GitLab 13.5 we allow greater flexibility in configuration options for our Go analyzer (GoSec). As a result we no longer plan to support our less flexible [`SAST_GOSEC_CONFIG`](https://docs.gitlab.com/ee/user/application_security/sast/#analyzer-settings) analyzer setting. This variable was deprecated in GitLab 13.10.
 GitLab 14.0 removes the old `SAST_GOSEC_CONFIG variable`. If you use or override `SAST_GOSEC_CONFIG` in your CI file, update your SAST CI configuration or pin to an older version of the GoSec analyzer. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates.
-### Service Templates removed
+### Service Templates
 WARNING:
 This feature was changed or removed in 14.0
@ -582,7 +484,7 @@ Service Templates are [removed in GitLab 14.0](https://gitlab.com/groups/gitlab-
 While they solved part of the problem, _updating_ those values later proved to be a major pain point. [Project Integration Management](https://docs.gitlab.com/ee/user/admin_area/settings/project_integration_management.html) solves this problem by enabling you to create settings at the Group or Instance level, and projects within that namespace inheriting those settings.
-### Sidekiq queue selector options no longer accept the 'experimental' prefix
+### Success and failure for finished build metric conversion
 WARNING:
 This feature was changed or removed in 14.0
@ -590,9 +492,28 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
-GitLab supports a [queue selector](https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html#queue-selector) to run only a subset of background jobs for a given process. When it was introduced, this option had an 'experimental' prefix (`experimental_queue_selector` in Omnibus, `experimentalQueueSelector` in Helm charts).
+In GitLab Runner 13.5, we introduced `failed` and `success` states for a job. To support Prometheus rules, we chose to convert `success/failure` to `finished` for the metric. In 14.0, the conversion has now been removed. Refer to [issue #26900](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26900) for details.
-As announced in the [13.6 release post](https://about.gitlab.com/releases/2020/11/22/gitlab-13-6-released/#sidekiq-cluster-queue-selector-configuration-option-has-been-renamed), the 'experimental' prefix is no longer supported. Instead, `queue_selector` for Omnibus and `queueSelector` in Helm charts should be used.
+### Terraform template version
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 As we continuously [develop GitLab's Terraform integrations](https://gitlab.com/gitlab-org/gitlab/-/issues/325312), to minimize customer disruption, we maintain two GitLab CI/CD templates for Terraform:
 - The ["latest version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml), which is updated frequently between minor releases of GitLab (such as 13.10, 13.11, etc).
 - The ["major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml), which is updated only at major releases (such as 13.0, 14.0, etc).
 At every major release of GitLab, the "latest version" template becomes the "major version" template, inheriting the "latest template" setup.
 As we have added many new features to the Terraform integration, the new setup for the "major version" template can be considered a breaking change.
 The latest template supports the [Terraform Merge Request widget](https://docs.gitlab.com/ee/user/infrastructure/mr_integration.html) and
 doesn't need additional setup to work with the [GitLab managed Terraform state](https://docs.gitlab.com/ee/user/infrastructure/terraform_state.html).
 To check the new changes, see the [new "major version" template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml).
 ### Ubuntu 16.04 support
@ -606,7 +527,17 @@ Ubuntu 16.04 [reached end-of-life in April 2021](https://ubuntu.com/about/releas
 GitLab 13.12 will be the last release with Ubuntu 16.04 support.
-### Unicorn removed in favor of Puma for GitLab self-managed
+### Ubuntu 19.10 (Eoan Ermine) package
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 Ubuntu 19.10 (Eoan Ermine) reached end of life on Friday, July 17, 2020. In GitLab Runner 14.0, Ubuntu 19.10 (Eoan Ermine) is no longer available from our package distribution. Refer to [issue #26036](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26036) for details.
 ### Unicorn in GitLab self-managed
 WARNING:
 This feature was changed or removed in 14.0
@ -616,28 +547,6 @@ changes to your code, settings, or workflow.
 [Support for Unicorn](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6078) has been removed in GitLab 14.0 in favor of Puma. [Puma has a multi-threaded architecture](https://docs.gitlab.com/ee/administration/operations/puma.html) which uses less memory than a multi-process application server like Unicorn. On GitLab.com, we saw a 40% reduction in memory consumption by using Puma.
 ### Update Auto Deploy template version
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In GitLab 14.0, we will update the [Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-deploy) CI template to the latest version. This includes new features, bug fixes, and performance improvements with a dependency on the v2 [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image). Auto Deploy CI template v1 will is deprecated going forward.
 Since the v1 and v2 versions are not backward-compatible, your project might encounter an unexpected failure if you already have a deployed application. Follow the [upgrade guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#upgrade-guide) to upgrade your environments. You can also start using the latest template today by following the [early adoption guide](https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#early-adopters).
 ### Update CI/CD templates to stop using hardcoded `master`
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 Our CI/CD templates have been updated to no longer use hard-coded references to a `master` branch. In 14.0, they all use a variable that points to your project's configured default branch instead. If your CI/CD pipeline relies on our built-in templates, verify that this change works with your current configuration. For example, if you have a `master` branch and a different default branch, the updates to the templates may cause changes to your pipeline behavior. For more information, [read the issue](https://gitlab.com/gitlab-org/gitlab/-/issues/324131).
 ### WIP merge requests renamed 'draft merge requests'
 WARNING:
@ -658,7 +567,47 @@ changes to your code, settings, or workflow.
 The Web Application Firewall (WAF) was deprecated in GitLab 13.6 and is removed from GitLab 14.0. The WAF had limitations inherent in the architectural design that made it difficult to meet the requirements traditionally expected of a WAF. By removing the WAF, GitLab is able to focus on improving other areas in the product where more value can be provided to users. Users who currently rely on the WAF can continue to use the free and open source [ModSecurity](https://github.com/SpiderLabs/ModSecurity) project, which is independent from GitLab. Additional details are available in the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/271276).
-### `CI_PROJECT_CONFIG_PATH` variable has been removed
+### Windows Server 1903 image support
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 14.0, we have removed Windows Server 1903. Microsoft ended support for this version on 2020-08-12. Refer to [issue #27551](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27551) for details.
 ### Windows Server 1909 image support
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 14.0, we have removed Windows Server 1909. Microsoft ended support for this version on 2021-05-11. Refer to [issue #27899](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27899) for details.
 ### `/usr/lib/gitlab-runner` symlink from package
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In GitLab Runner 13.3, a symlink was added from `/user/lib/gitlab-runner/gitlab-runner` to `/usr/bin/gitlab-runner`. In 14.0, the symlink has been removed and the runner is now installed in `/usr/bin/gitlab-runner`. Refer to [issue #26651](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26651) for details.
 ### `?w=1` URL parameter to ignore whitespace changes
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 To create a consistent experience for users based on their preferences, support for toggling whitespace changes via URL parameter has been removed in GitLab 14.0.
 ### `CI_PROJECT_CONFIG_PATH` variable
 WARNING:
 This feature was changed or removed in 14.0
@ -672,6 +621,57 @@ has been removed in favor of `CI_CONFIG_PATH`, which is functionally the same.
 If you are using `CI_PROJECT_CONFIG_PATH` in your pipeline configurations,
 please update them to use `CI_CONFIG_PATH` instead.
 ### `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In 14.0, we have deactivated the `FF_RESET_HELPER_IMAGE_ENTRYPOINT` feature flag. Refer to issue [#26679](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26679) for details.
 ### `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL` feature flag
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 In [GitLab Runner 13.1](https://docs.gitlab.com/runner/executors/shell.html#gitlab-131-and-later), [issue #3376](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3376), we introduced `sigterm` and then `sigkill` to a process in the Shell executor. We also introduced a new feature flag, `FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL`, so you can use the previous process termination sequence. In GitLab Runner 14.0, [issue #6413](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/6413), the feature flag has been removed.
 ### `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab Runner 14.0 removes the `FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER` feature flag. Refer to [issue #27175](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27175) for details.
 ### `secret_detection_default_branch` job
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 To ensure Secret Detection was scanning both default branches and feature branches, we introduced two separate secret detection CI jobs (`secret_detection_default_branch` and `secret_detection`) in our managed [`Secret-Detection.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) template. These two CI jobs created confusion and complexity in the CI rules logic. This deprecation moves the `rule` logic into the `script` section, which then determines how the `secret_detection` job is run (historic, on a branch, commits, etc).
 If you override or maintain custom versions of `SAST.gitlab-ci.yml` or `Secret-Detection.gitlab-ci.yml`, you must update your CI templates. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/secret_detection/#custom-settings-example) to future-proof your CI templates. GitLab 14.0 no longer supports the old `secret_detection_default_branch` job.
 ### `trace` parameter in `jobs` API
 WARNING:
 This feature was changed or removed in 14.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 GitLab Runner was updated in GitLab 13.4 to internally stop passing the `trace` parameter to the `/api/jobs/:id` endpoint. GitLab 14.0 deprecates the `trace` parameter entirely for all other requests of this endpoint. Make sure your [GitLab Runner version matches your GitLab version](https://docs.gitlab.com/runner/#gitlab-runner-versions) to ensure consistent behavior.
 ## 14.1
 ### Remove support for `prometheus.listen_address` and `prometheus.enable`
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@ -514,7 +514,7 @@ registry.gitlab.com/security-products/container-scanning/trivy:4
 The process for importing Docker images into a local offline Docker registry depends on
 **your network security policy**. Please consult your IT staff to find an accepted and approved
 process by which you can import or temporarily access external resources. These scanners
-are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance),
+are [periodically updated](../index.md#vulnerability-scanner-maintenance),
 and you may be able to make occasional updates on your own.
 For more information, see [the specific steps on how to update an image with a pipeline](#automating-container-scanning-vulnerability-database-updates-with-a-pipeline).
@ -738,7 +738,7 @@ scanner includes data from multiple sources:
 - [Trivy](https://aquasecurity.github.io/trivy/latest/vulnerability/detection/data-source/).
 Database update information for other analyzers is available in the
-[maintenance table](../vulnerabilities/index.md#vulnerability-scanner-maintenance).
+[maintenance table](../index.md#vulnerability-scanner-maintenance).
 ## Interacting with the vulnerabilities
--- a/doc/user/application_security/dast/run_dast_offline.md
+++ b/doc/user/application_security/dast/run_dast_offline.md
@ -36,7 +36,7 @@ For DAST, import the following default DAST analyzer image from `registry.gitlab
 The process for importing Docker images into a local offline Docker registry depends on
 **your network security policy**. Please consult your IT staff to find an accepted and approved
 process by which external resources can be imported or temporarily accessed.
-These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
+These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
 with new definitions, and you may be able to make occasional updates on your own.
 For details on saving and transporting Docker images as a file, see Docker's documentation on
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@ -645,7 +645,7 @@ vulnerabilities in your groups, projects and pipelines. Read more about the
 ## Vulnerabilities database update
 For more information about the vulnerabilities database update, see the
-[maintenance table](../vulnerabilities/index.md#vulnerability-scanner-maintenance).
+[maintenance table](../index.md#vulnerability-scanner-maintenance).
 ## Dependency List
@ -821,7 +821,7 @@ registry.gitlab.com/gitlab-org/security-products/analyzers/bundler-audit:2
 The process for importing Docker images into a local offline Docker registry depends on
 **your network security policy**. Please consult your IT staff to find an accepted and approved
 process by which external resources can be imported or temporarily accessed.
-These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
+These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
 with new definitions, and you may be able to make occasional updates on your own.
 For details on saving and transporting Docker images as a file, see Docker's documentation on
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@ -2,7 +2,6 @@
 stage: Secure
 group: Static Analysis
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 type: reference, howto
 ---
 # Secure your application **(ULTIMATE)**
@ -46,6 +45,25 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
 | [Coverage fuzzing](coverage_fuzzing/index.md)                  | Find unknown bugs and vulnerabilities with coverage-guided fuzzing. |
 | [Cluster Image Scanning](cluster_image_scanning/index.md)      | Scan Kubernetes clusters for known vulnerabilities.                 |
 ## Vulnerability scanner maintenance
 The following vulnerability scanners and their databases are regularly updated:
 | Secure scanning tool                                            | Vulnerabilities database updates |
 |:----------------------------------------------------------------|:---------------------------------|
 | [Container Scanning](container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. For more details, see [Vulnerabilities database update](container_scanning/index.md#vulnerabilities-database-update). |
 | [Dependency Scanning](dependency_scanning/index.md)          | Relies on `bundler-audit` (for Ruby gems), `retire.js` (for npm packages), and `gemnasium` (the GitLab tool for all libraries). Both `bundler-audit` and `retire.js` fetch their vulnerabilities data from GitHub repositories, so vulnerabilities added to `ruby-advisory-db` and `retire.js` are immediately available. The tools themselves are updated once per month if there's a new version. The [Gemnasium DB](https://gitlab.com/gitlab-org/security-products/gemnasium-db) is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Security Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
 | [Dynamic Application Security Testing (DAST)](dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
 | [Static Application Security Testing (SAST)](sast/index.md)  | Relies exclusively on [the tools GitLab wraps](sast/index.md#supported-languages-and-frameworks). The underlying analyzers are updated at least once per month if a relevant update is available. The vulnerabilities database is updated by the upstream tools. |
 In versions of GitLab that use the same major version of the analyzer, you do not have to update
 GitLab to benefit from the latest vulnerabilities definitions. The security tools are released as
 Docker images. The vendored job definitions that enable them use major release tags according to
 [semantic versioning](https://semver.org/). Each new release of the tools overrides these tags.
 Although in a major analyzer version you automatically get the latest versions of the scanning
 tools, there are some [known issues](https://gitlab.com/gitlab-org/gitlab/-/issues/9725) with this
 approach.
 ## Security scanning with Auto DevOps
 To enable all GitLab Security scanning tools, with default settings, enable
@ -149,8 +167,8 @@ The artifact generated by the secure analyzer contains all findings it discovers
 ### All tiers
 Merge requests which have run security scans let you know that the generated
-reports are available to download. To download a report, click on the
+reports are available to download. To download a report, select
-**Download results** dropdown, and select the desired report.
+**Download results**, and select the desired report.
 ![Security widget](img/security_widget_v13_7.png)
@ -210,7 +228,7 @@ Vulnerability-Check rule. While this rule is enabled, additional merge request a
 [eligible approvers](../project/merge_requests/approvals/rules.md#eligible-approvers)
 is required when the latest security report in a merge request:
- Contains vulnerabilities with states (for example, `previously detected`, `dismissed`) matching the rule's vulnerability states. Only `newly detected` will be considered if the target branch differs from the project default branch.
+- Contains vulnerabilities with states (for example, `previously detected`, `dismissed`) matching the rule's vulnerability states. Only `newly detected` are considered if the target branch differs from the project default branch.
 - Contains vulnerabilities with severity levels (for example, `high`, `critical`, or `unknown`)
  matching the rule's severity levels.
 - Contains a vulnerability count higher than the rule allows.
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@ -936,7 +936,7 @@ registry.gitlab.com/security-products/sast/spotbugs:2
 The process for importing Docker images into a local offline Docker registry depends on
 **your network security policy**. Please consult your IT staff to find an accepted and approved
-process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
+process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
 with new definitions, and you may be able to make occasional updates on your own.
 For details on saving and transporting Docker images as a file, see Docker's documentation on
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@ -368,7 +368,7 @@ registry.gitlab.com/security-products/secret-detection:3
 The process for importing Docker images into a local offline Docker registry depends on
 **your network security policy**. Please consult your IT staff to find an accepted and approved
-process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../vulnerabilities/index.md#vulnerability-scanner-maintenance)
+process by which external resources can be imported or temporarily accessed. These scanners are [periodically updated](../index.md#vulnerability-scanner-maintenance)
 with new definitions, and you may be able to make occasional updates on your own.
 For details on saving and transporting Docker images as a file, see Docker's documentation on
--- a/doc/user/application_security/vulnerabilities/index.md
+++ b/doc/user/application_security/vulnerabilities/index.md
@ -1,5 +1,4 @@
 ---
 type: reference, howto
 stage: Secure
 group: Threat Insights
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
@ -160,23 +159,3 @@ To manually apply the patch that GitLab generated for a vulnerability:
 1. Ensure your local project has the same commit checked out that was used to generate the patch.
 1. Run `git apply remediation.patch`.
 1. Verify and commit the changes to your branch.
 ## Vulnerability scanner maintenance
 The following vulnerability scanners and their databases are regularly updated:
 | Secure scanning tool                                            | Vulnerabilities database updates |
 |:----------------------------------------------------------------|----------------------------------|
 | [Container Scanning](../container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. For more details, see [Vulnerabilities database update](../container_scanning/index.md#vulnerabilities-database-update). |
 | [Dependency Scanning](../dependency_scanning/index.md)          | Relies on `bundler-audit` (for Ruby gems), `retire.js` (for npm packages), and `gemnasium` (the GitLab tool for all libraries). Both `bundler-audit` and `retire.js` fetch their vulnerabilities data from GitHub repositories, so vulnerabilities added to `ruby-advisory-db` and `retire.js` are immediately available. The tools themselves are updated once per month if there's a new version. The [Gemnasium DB](https://gitlab.com/gitlab-org/security-products/gemnasium-db) is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Security Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
 | [Dynamic Application Security Testing (DAST)](../dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
 | [Static Application Security Testing (SAST)](../sast/index.md)  | Relies exclusively on [the tools GitLab wraps](../sast/index.md#supported-languages-and-frameworks). The underlying analyzers are updated at least once per month if a relevant update is available. The vulnerabilities database is updated by the upstream tools. |
 You do not have to update GitLab to benefit from the latest vulnerabilities definitions.
 The security tools are released as Docker images. The vendored job definitions that enable them use
 major release tags according to [semantic versioning](https://semver.org/). Each new release of the
 tools overrides these tags.
 The Docker images are updated to match the previous GitLab releases. Although
 you automatically get the latest versions of the scanning tools,
 there are some [known issues](https://gitlab.com/gitlab-org/gitlab/-/issues/9725)
 with this approach.
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@ -22,6 +22,8 @@ You can take advantage of License Compliance by either:
  [Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance),
  provided by [Auto DevOps](../../../topics/autodevops/index.md).
 The current major version of the License Scanning analyzer is 3.
 To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline.
 For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation).
 GitLab checks the License Compliance report, compares the
@ -674,7 +676,7 @@ registry.gitlab.com/gitlab-org/security-products/analyzers/license-finder:latest
 The process for importing Docker images into a local offline Docker registry depends on
 **your network security policy**. Please consult your IT staff to find an accepted and approved
-process by which external resources can be imported or temporarily accessed. Note that these scanners are [updated periodically](../../application_security/vulnerabilities/index.md#vulnerability-scanner-maintenance)
+process by which external resources can be imported or temporarily accessed. Note that these scanners are [updated periodically](../../application_security/index.md#vulnerability-scanner-maintenance)
 with new definitions, so consider if you are able to make periodic updates yourself.
 For details on saving and transporting Docker images as a file, see Docker's documentation on
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -28,15 +28,9 @@ msgstr ""
 msgid " Please sign in."
 msgstr ""
 msgid " Target Path"
 msgstr ""
 msgid " Try to %{action} this file again."
 msgstr ""
 msgid " Type"
 msgstr ""
 msgid " You need to do this before %{grace_period_deadline}."
 msgstr ""
@ -6136,9 +6130,6 @@ msgstr ""
 msgid "Broadcast Messages"
 msgstr ""
 msgid "Broadcast messages are displayed for every user and can be used to notify users about scheduled maintenance, recent upgrades and more."
 msgstr ""
 msgid "Browse Directory"
 msgstr ""
@ -31732,6 +31723,12 @@ msgstr ""
 msgid "Saving project."
 msgstr ""
 msgid "ScanResultPolicy|%{thenLabelStart}Then%{thenLabelEnd} Require approval from %{approvalsRequired} of the following approvers: %{approvers}"
 msgstr ""
 msgid "ScanResultPolicy|add an approver"
 msgstr ""
 msgid "Scanner"
 msgstr ""
@ -35702,6 +35699,9 @@ msgstr ""
 msgid "Target branch"
 msgstr ""
 msgid "Target roles"
 msgstr ""
 msgid "Target-Branch"
 msgstr ""
@ -36190,6 +36190,9 @@ msgstr ""
 msgid "The branch or tag does not exist"
 msgstr ""
 msgid "The broadcast message displays only to users in projects and groups who have these roles."
 msgstr ""
 msgid "The character highlighter helps you keep the subject line to %{titleLength} characters and wrap the body at %{bodyLength} so they are readable in git."
 msgstr ""
@ -39435,6 +39438,9 @@ msgstr ""
 msgid "Use authorized_keys file to authenticate SSH keys"
 msgstr ""
 msgid "Use banners and notifications to notify your users about scheduled maintenance, recent upgrades, and more."
 msgstr ""
 msgid "Use cURL"
 msgstr ""
--- a/spec/features/admin/admin_broadcast_messages_spec.rb
+++ b/spec/features/admin/admin_broadcast_messages_spec.rb
@ -7,7 +7,12 @@ RSpec.describe 'Admin Broadcast Messages' do
    admin = create(:admin)
    sign_in(admin)
    gitlab_enable_admin_mode_sign_in(admin)
-    create(:broadcast_message, :expired, message: 'Migration to new server')
+    create(
      :broadcast_message,
      :expired,
      message: 'Migration to new server',
      target_access_levels: [Gitlab::Access::DEVELOPER]
    )
    visit admin_broadcast_messages_path
  end
@ -21,10 +26,13 @@ RSpec.describe 'Admin Broadcast Messages' do
    fill_in 'broadcast_message_target_path', with: '*/user_onboarded'
    fill_in 'broadcast_message_font', with: '#b94a48'
    select Date.today.next_year.year, from: 'broadcast_message_ends_at_1i'
    select 'Guest', from: 'broadcast_message_target_access_levels'
    select 'Owner', from: 'broadcast_message_target_access_levels'
    click_button 'Add broadcast message'
    expect(current_path).to eq admin_broadcast_messages_path
    expect(page).to have_content 'Application update from 4:00 CST to 5:00 CST'
    expect(page).to have_content 'Guest, Owner'
    expect(page).to have_content '*/user_onboarded'
    expect(page).to have_selector 'strong', text: '4:00 CST to 5:00 CST'
    expect(page).to have_selector %(div[style="background-color: #f2dede; color: #b94a48"])
@ -35,10 +43,14 @@ RSpec.describe 'Admin Broadcast Messages' do
    fill_in 'broadcast_message_target_path', with: '*/user_onboarded'
    select 'Notification', from: 'broadcast_message_broadcast_type'
    select Date.today.next_year.year, from: 'broadcast_message_ends_at_1i'
    select 'Reporter', from: 'broadcast_message_target_access_levels'
    select 'Developer', from: 'broadcast_message_target_access_levels'
    select 'Maintainer', from: 'broadcast_message_target_access_levels'
    click_button 'Add broadcast message'
    expect(current_path).to eq admin_broadcast_messages_path
    expect(page).to have_content 'Application update from 4:00 CST to 5:00 CST'
    expect(page).to have_content 'Reporter, Developer, Maintainer'
    expect(page).to have_content '*/user_onboarded'
    expect(page).to have_content 'Notification'
    expect(page).to have_selector 'strong', text: '4:00 CST to 5:00 CST'
@ -47,10 +59,15 @@ RSpec.describe 'Admin Broadcast Messages' do
  it 'edit an existing broadcast message' do
    click_link 'Edit'
    fill_in 'broadcast_message_message', with: 'Application update RIGHT NOW'
    select 'Reporter', from: 'broadcast_message_target_access_levels'
    click_button 'Update broadcast message'
    expect(current_path).to eq admin_broadcast_messages_path
    expect(page).to have_content 'Application update RIGHT NOW'
    page.within('.table-responsive') do
      expect(page).to have_content 'Reporter, Developer'
    end
  end
  it 'remove an existing broadcast message' do
--- a/spec/helpers/broadcast_messages_helper_spec.rb
+++ b/spec/helpers/broadcast_messages_helper_spec.rb
@ -3,6 +3,71 @@
 require 'spec_helper'
 RSpec.describe BroadcastMessagesHelper do
  include Gitlab::Routing.url_helpers
  let_it_be(:user) { create(:user) }
  before do
    allow(helper).to receive(:current_user).and_return(user)
  end
  shared_examples 'returns role-targeted broadcast message when in project, group, or sub-group URL' do
    let(:feature_flag_state) { true }
    before do
      stub_feature_flags(role_targeted_broadcast_messages: feature_flag_state)
      allow(helper).to receive(:cookies) { {} }
    end
    context 'when in a project page' do
      let_it_be(:project) { create(:project) }
      before do
        project.add_developer(user)
        assign(:project, project)
        allow(helper).to receive(:controller) { ProjectsController.new }
      end
      it { is_expected.to eq message }
      context 'when feature flag is disabled' do
        let(:feature_flag_state) { false }
        it { is_expected.to be_nil }
      end
    end
    context 'when in a group page' do
      let_it_be(:group) { create(:group) }
      before do
        group.add_developer(user)
        assign(:group, group)
        allow(helper).to receive(:controller) { GroupsController.new }
      end
      it { is_expected.to eq message }
      context 'when feature flag is disabled' do
        let(:feature_flag_state) { false }
        it { is_expected.to be_nil }
      end
    end
    context 'when not in a project, group, or sub-group page' do
      it { is_expected.to be_nil }
      context 'when feature flag is disabled' do
        let(:feature_flag_state) { false }
        it { is_expected.to be_nil }
      end
    end
  end
  describe 'current_broadcast_notification_message' do
    subject { helper.current_broadcast_notification_message }
@ -24,17 +89,27 @@ RSpec.describe BroadcastMessagesHelper do
    context 'without broadcast notification messages' do
      it { is_expected.to be_nil }
    end
    describe 'user access level targeted messages' do
      let_it_be(:message) { create(:broadcast_message, broadcast_type: 'notification', starts_at: Time.now, target_access_levels: [Gitlab::Access::DEVELOPER]) }
      include_examples 'returns role-targeted broadcast message when in project, group, or sub-group URL'
    end
  end
  describe 'current_broadcast_banner_messages' do
    describe 'user access level targeted messages' do
      let_it_be(:message) { create(:broadcast_message, broadcast_type: 'banner', starts_at: Time.now, target_access_levels: [Gitlab::Access::DEVELOPER]) }
      subject { helper.current_broadcast_banner_messages.first }
      include_examples 'returns role-targeted broadcast message when in project, group, or sub-group URL'
    end
  end
  describe 'broadcast_message' do
    let_it_be(:user) { create(:user) }
    let(:current_broadcast_message) { BroadcastMessage.new(message: 'Current Message') }
    before do
      allow(helper).to receive(:current_user).and_return(user)
    end
    it 'returns nil when no current message' do
      expect(helper.broadcast_message(nil)).to be_nil
    end
--- a/spec/models/broadcast_message_spec.rb
+++ b/spec/models/broadcast_message_spec.rb
@ -23,6 +23,8 @@ RSpec.describe BroadcastMessage do
    it { is_expected.to allow_value(1).for(:broadcast_type) }
    it { is_expected.not_to allow_value(nil).for(:broadcast_type) }
    it { is_expected.not_to allow_value(nil).for(:target_access_levels) }
    it { is_expected.to validate_inclusion_of(:target_access_levels).in_array(described_class::ALLOWED_TARGET_ACCESS_LEVELS) }
  end
  shared_examples 'time constrainted' do |broadcast_type|
@ -175,12 +177,48 @@ RSpec.describe BroadcastMessage do
    end
  end
  shared_examples "matches with user access level" do |broadcast_type|
    context 'when target_access_levels is empty' do
      let_it_be(:message) { create(:broadcast_message, target_access_levels: [], broadcast_type: broadcast_type) }
      it 'returns the message if user access level is not nil' do
        expect(subject.call(nil, Gitlab::Access::MINIMAL_ACCESS)).to include(message)
      end
      it 'returns the message if user access level is nil' do
        expect(subject.call(nil, nil)).to include(message)
      end
    end
    context 'when target_access_levels is not empty' do
      let_it_be(:target_access_levels) { [Gitlab::Access::GUEST] }
      let_it_be(:message) { create(:broadcast_message, target_access_levels: target_access_levels, broadcast_type: broadcast_type) }
      it "does not return the message if user access level is nil" do
        expect(subject.call(nil, nil)).to be_empty
      end
      it "returns the message if user access level is in target_access_levels" do
        expect(subject.call(nil, Gitlab::Access::GUEST)).to include(message)
      end
      it "does not return the message if user access level is not in target_access_levels" do
        expect(subject.call(nil, Gitlab::Access::MINIMAL_ACCESS)).to be_empty
      end
    end
  end
  describe '.current', :use_clean_rails_memory_store_caching do
-    subject { -> (path = nil) { described_class.current(path) } }
+    subject do
      -> (path = nil, user_access_level = nil) do
        described_class.current(current_path: path, user_access_level: user_access_level)
      end
    end
    it_behaves_like 'time constrainted', :banner
    it_behaves_like 'message cache', :banner
    it_behaves_like 'matches with current path', :banner
    it_behaves_like 'matches with user access level', :banner
    it 'returns both types' do
      banner_message = create(:broadcast_message, broadcast_type: :banner)
@ -191,11 +229,16 @@ RSpec.describe BroadcastMessage do
  end
  describe '.current_banner_messages', :use_clean_rails_memory_store_caching do
-    subject { -> (path = nil) { described_class.current_banner_messages(path) } }
+    subject do
      -> (path = nil, user_access_level = nil) do
        described_class.current_banner_messages(current_path: path, user_access_level: user_access_level)
      end
    end
    it_behaves_like 'time constrainted', :banner
    it_behaves_like 'message cache', :banner
    it_behaves_like 'matches with current path', :banner
    it_behaves_like 'matches with user access level', :banner
    it 'only returns banners' do
      banner_message = create(:broadcast_message, broadcast_type: :banner)
@ -206,11 +249,16 @@ RSpec.describe BroadcastMessage do
  end
  describe '.current_notification_messages', :use_clean_rails_memory_store_caching do
-    subject { -> (path = nil) { described_class.current_notification_messages(path) } }
+    subject do
      -> (path = nil, user_access_level = nil) do
        described_class.current_notification_messages(current_path: path, user_access_level: user_access_level)
      end
    end
    it_behaves_like 'time constrainted', :notification
    it_behaves_like 'message cache', :notification
    it_behaves_like 'matches with current path', :notification
    it_behaves_like 'matches with user access level', :notification
    it 'only returns notifications' do
      notification_message = create(:broadcast_message, broadcast_type: :notification)
--- a/spec/views/admin/broadcast_messages/index.html.haml_spec.rb
+++ b/spec/views/admin/broadcast_messages/index.html.haml_spec.rb
@ -0,0 +1,36 @@
 # frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe 'admin/broadcast_messages/index' do
  describe 'Target roles select and table column' do
    let(:feature_flag_state) { true }
    let_it_be(:message) { create(:broadcast_message, broadcast_type: 'banner', target_access_levels: [Gitlab::Access::GUEST, Gitlab::Access::DEVELOPER]) }
    before do
      assign(:broadcast_messages, BroadcastMessage.page(1))
      assign(:broadcast_message, BroadcastMessage.new)
      stub_feature_flags(role_targeted_broadcast_messages: feature_flag_state)
      render
    end
    it 'rendered' do
      expect(rendered).to have_content('Target roles')
      expect(rendered).to have_content('Owner')
      expect(rendered).to have_content('Guest, Developer')
    end
    context 'when feature flag is off' do
      let(:feature_flag_state) { false }
      it 'is not rendered' do
        expect(rendered).not_to have_content('Target roles')
        expect(rendered).not_to have_content('Owner')
        expect(rendered).not_to have_content('Guest, Developer')
      end
    end
  end
 end
		`@ -0,0 +1 @@`
							`6e273d5b92595ae6054b0665b4ff446fb2bed24ff1aab122537833dc8f4d9ab8`
		`@ -0,0 +1 @@`
							`9ce8aa469b9469d25fbba52147e24c95f6242c2ab1e114df8baaf5a45268d2fd`