diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 4e3c7bfb515..96bb214cf39 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -275,6 +275,14 @@ Dangerfile
 /ee/spec/services/software_license_policies/**
 /spec/finders/security/license_compliance_jobs_finder_spec.rb
 
+^[Secure::Static Analysis] @gitlab-org/secure/static-analysis
+/ee/lib/gitlab/checks/secrets_check.rb
+/ee/spec/lib/gitlab/checks/secrets_check_spec.rb
+/ee/spec/support/shared_contexts/secrets_check_shared_contexts.rb
+/ee/spec/support/shared_examples/lib/gitlab/secrets_check_shared_examples.rb
+/lib/gitlab/checks/changed_blobs.rb
+/spec/lib/gitlab/checks/changed_blobs.rb
+
 ^[Code Owners] @reprazent @kerrizor @garyh
 /ee/lib/gitlab/code_owners.rb
 /ee/lib/gitlab/code_owners/
diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml
index 754d31a99b2..2095d2c1ca3 100644
--- a/.rubocop_todo/layout/line_length.yml
+++ b/.rubocop_todo/layout/line_length.yml
@@ -3703,6 +3703,7 @@ Layout/LineLength:
     - 'spec/lib/gitlab/import_export/uploads_manager_spec.rb'
     - 'spec/lib/gitlab/import_export/version_checker_spec.rb'
     - 'spec/lib/gitlab/import_sources_spec.rb'
+    - 'spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb'
     - 'spec/lib/gitlab/issuable_metadata_spec.rb'
     - 'spec/lib/gitlab/issues/rebalancing/state_spec.rb'
     - 'spec/lib/gitlab/jira/dvcs_spec.rb'
diff --git a/.rubocop_todo/lint/ambiguous_operator_precedence.yml b/.rubocop_todo/lint/ambiguous_operator_precedence.yml
index a7cac8214c0..5b352842a87 100644
--- a/.rubocop_todo/lint/ambiguous_operator_precedence.yml
+++ b/.rubocop_todo/lint/ambiguous_operator_precedence.yml
@@ -102,6 +102,7 @@ Lint/AmbiguousOperatorPrecedence:
     - 'spec/lib/gitlab/database/batch_count_spec.rb'
     - 'spec/lib/gitlab/database/consistency_checker_spec.rb'
     - 'spec/lib/gitlab/graphql/tracers/metrics_tracer_spec.rb'
+    - 'spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb'
     - 'spec/lib/gitlab/issues/rebalancing/state_spec.rb'
     - 'spec/lib/gitlab/kroki_spec.rb'
     - 'spec/lib/gitlab/memory/instrumentation_spec.rb'
diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml
index d8ea0ce942a..6f3b6141d36 100644
--- a/.rubocop_todo/rspec/feature_category.yml
+++ b/.rubocop_todo/rspec/feature_category.yml
@@ -3587,6 +3587,7 @@ RSpec/FeatureCategory:
     - 'spec/lib/gitlab/instrumentation/rate_limiting_gates_spec.rb'
     - 'spec/lib/gitlab/instrumentation/redis_base_spec.rb'
     - 'spec/lib/gitlab/instrumentation/redis_cluster_validator_spec.rb'
+    - 'spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb'
     - 'spec/lib/gitlab/instrumentation/redis_spec.rb'
     - 'spec/lib/gitlab/internal_post_receive/response_spec.rb'
     - 'spec/lib/gitlab/issuable/clone/attributes_rewriter_spec.rb'
@@ -5323,7 +5324,6 @@ RSpec/FeatureCategory:
     - 'spec/views/layouts/devise_empty.html.haml_spec.rb'
     - 'spec/views/layouts/fullscreen.html.haml_spec.rb'
     - 'spec/views/layouts/profile.html.haml_spec.rb'
-    - 'spec/views/layouts/signup_onboarding.html.haml_spec.rb'
     - 'spec/views/layouts/terms.html.haml_spec.rb'
     - 'spec/views/notify/approved_merge_request_email.html.haml_spec.rb'
     - 'spec/views/notify/autodevops_disabled_email.text.erb_spec.rb'
diff --git a/.rubocop_todo/rspec/named_subject.yml b/.rubocop_todo/rspec/named_subject.yml
index dcaf7041819..0b1090a90c9 100644
--- a/.rubocop_todo/rspec/named_subject.yml
+++ b/.rubocop_todo/rspec/named_subject.yml
@@ -2332,6 +2332,7 @@ RSpec/NamedSubject:
     - 'spec/lib/gitlab/rack_attack_spec.rb'
     - 'spec/lib/gitlab/reactive_cache_set_cache_spec.rb'
     - 'spec/lib/gitlab/redis/boolean_spec.rb'
+    - 'spec/lib/gitlab/redis/cross_slot_spec.rb'
     - 'spec/lib/gitlab/redis/db_load_balancing_spec.rb'
     - 'spec/lib/gitlab/redis/multi_store_spec.rb'
     - 'spec/lib/gitlab/redis/queues_spec.rb'
diff --git a/.rubocop_todo/style/inline_disable_annotation.yml b/.rubocop_todo/style/inline_disable_annotation.yml
index 31f59f51bf7..4bf891cd5c3 100644
--- a/.rubocop_todo/style/inline_disable_annotation.yml
+++ b/.rubocop_todo/style/inline_disable_annotation.yml
@@ -2517,6 +2517,7 @@ Style/InlineDisableAnnotation:
     - 'lib/gitlab/import_export/project/relation_factory.rb'
     - 'lib/gitlab/import_sources.rb'
     - 'lib/gitlab/instrumentation/redis_cluster_validator.rb'
+    - 'lib/gitlab/instrumentation/redis_interceptor.rb'
     - 'lib/gitlab/internal_events.rb'
     - 'lib/gitlab/issuable/clone/copy_resource_events_service.rb'
     - 'lib/gitlab/issues/rebalancing/state.rb'
@@ -2555,6 +2556,7 @@ Style/InlineDisableAnnotation:
     - 'lib/gitlab/pagination/offset_pagination.rb'
     - 'lib/gitlab/pagination_delegate.rb'
     - 'lib/gitlab/patch/action_cable_subscription_adapter_identifier.rb'
+    - 'lib/gitlab/patch/node_loader.rb'
     - 'lib/gitlab/patch/prependable.rb'
     - 'lib/gitlab/patch/redis_cache_store.rb'
     - 'lib/gitlab/patch/sidekiq_cron_poller.rb'
@@ -2571,6 +2573,7 @@ Style/InlineDisableAnnotation:
     - 'lib/gitlab/rack_attack.rb'
     - 'lib/gitlab/rack_attack/request.rb'
     - 'lib/gitlab/rack_attack/store.rb'
+    - 'lib/gitlab/redis/cross_slot.rb'
     - 'lib/gitlab/redis/hll.rb'
     - 'lib/gitlab/redis/multi_store.rb'
     - 'lib/gitlab/reference_extractor.rb'
@@ -2939,7 +2942,9 @@ Style/InlineDisableAnnotation:
     - 'spec/lib/gitlab/pagination/keyset/order_spec.rb'
     - 'spec/lib/gitlab/pagination/keyset/simple_order_builder_spec.rb'
     - 'spec/lib/gitlab/patch/database_config_spec.rb'
+    - 'spec/lib/gitlab/patch/node_loader_spec.rb'
     - 'spec/lib/gitlab/quick_actions/dsl_spec.rb'
+    - 'spec/lib/gitlab/redis/cross_slot_spec.rb'
     - 'spec/lib/gitlab/redis/multi_store_spec.rb'
     - 'spec/lib/gitlab/search/abuse_detection_spec.rb'
     - 'spec/lib/gitlab/shard_health_cache_spec.rb'
diff --git a/Gemfile b/Gemfile
index 3d4c5362426..e0f6f0a5f3a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -288,9 +288,8 @@ gem 'js_regex', '~> 3.8' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'device_detector' # rubocop:todo Gemfile/MissingFeatureCategory
 
 # Redis
-gem 'redis-namespace', '~> 1.10.0', feature_category: :redis
-gem 'redis', '~> 5.0.0', feature_category: :redis
-gem 'redis-clustering', '~> 5.0.0', feature_category: :redis
+gem 'redis', '~> 4.8.0' # rubocop:todo Gemfile/MissingFeatureCategory
+gem 'redis-namespace', '~> 1.10.0' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'connection_pool', '~> 2.4' # rubocop:todo Gemfile/MissingFeatureCategory
 
 # Redis session store
@@ -512,7 +511,7 @@ group :test do
 
   gem 'shoulda-matchers', '~> 5.1.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
   gem 'email_spec', '~> 2.2.0' # rubocop:todo Gemfile/MissingFeatureCategory
-  gem 'webmock', '~> 3.19.1' # rubocop:todo Gemfile/MissingFeatureCategory
+  gem 'webmock', '~> 3.20.0' # rubocop:todo Gemfile/MissingFeatureCategory
   gem 'rails-controller-testing' # rubocop:todo Gemfile/MissingFeatureCategory
   gem 'concurrent-ruby', '~> 1.1' # rubocop:todo Gemfile/MissingFeatureCategory
   gem 'test-prof', '~> 1.3.1' # rubocop:todo Gemfile/MissingFeatureCategory
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 48be2807e86..92e33d2e5f3 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -523,11 +523,9 @@
 {"name":"recaptcha","version":"5.12.3","platform":"ruby","checksum":"37d1894add9e70a54d0c6c7f0ecbeedffbfa7d075acfbd4c509818dfdebdb7ee"},
 {"name":"recursive-open-struct","version":"1.1.3","platform":"ruby","checksum":"a3538a72552fcebcd0ada657bdff313641a4a5fbc482c08cfb9a65acb1c9de5a"},
 {"name":"redcarpet","version":"3.6.0","platform":"ruby","checksum":"8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9"},
-{"name":"redis","version":"5.0.8","platform":"ruby","checksum":"3b770ea597850b26d6a9718fa184241e53e6c8a7ae0486ee8bfaefd29f26f3d8"},
+{"name":"redis","version":"4.8.0","platform":"ruby","checksum":"2000cf5014669c9dc821704b6d322a35a9a33852a95208911d9175d63b448a44"},
 {"name":"redis-actionpack","version":"5.4.0","platform":"ruby","checksum":"f10cf649ab05914716d63334d7f709221ecc883b87cf348f90ecfe0c35ea3540"},
 {"name":"redis-client","version":"0.19.0","platform":"ruby","checksum":"6ed9af23ff5aa87cf4d59439db77082b4cae5a0abbdd114ec5420bd63456324d"},
-{"name":"redis-cluster-client","version":"0.7.5","platform":"ruby","checksum":"12fd1c9eda17157a5cd2ce46afba13a024c28d24922092299a8daa9f46e4e78a"},
-{"name":"redis-clustering","version":"5.0.8","platform":"ruby","checksum":"8e2f3de3b1a700668eeac59125636e01be6ecd985e635a4d5649c47d71f6e166"},
 {"name":"redis-namespace","version":"1.10.0","platform":"ruby","checksum":"2c1c6ea7c6c5e343e75b9bee3aa4c265e364a5b9966507397467af2bb3758d94"},
 {"name":"redis-rack","version":"3.0.0","platform":"ruby","checksum":"abb50b82ae10ad4d11ca2e4901bfc2b98256cdafbbd95f80c86fc9e001478380"},
 {"name":"redis-store","version":"1.10.0","platform":"ruby","checksum":"f258894f9f7e82834308a3d86242294f0cff2c9db9ae66e5cb4c553a5ec8b09e"},
@@ -710,7 +708,7 @@
 {"name":"warning","version":"1.3.0","platform":"ruby","checksum":"23695a5d8e50bd5c46068931b529bee0b28e4982cbcefbe77d867800dde8069e"},
 {"name":"webauthn","version":"3.0.0","platform":"ruby","checksum":"3f77d422c2a8a4b31e56cf42f83414bd066e0506e9896936e1730262dc4a20e6"},
 {"name":"webfinger","version":"1.2.0","platform":"ruby","checksum":"7814ef1c85da47514f65c6e5ca14205fa9ce41ea2a70785e0c872842162852a2"},
-{"name":"webmock","version":"3.19.1","platform":"ruby","checksum":"eae7eee33989478188451f1fda4224d7fbe097c5c14e96b40b57347ef2d5d16d"},
+{"name":"webmock","version":"3.20.0","platform":"ruby","checksum":"cc33eaacc0fcfb5b36a127949557ab7089d4249b03a7cb0215dbc40e617a8365"},
 {"name":"webrick","version":"1.8.1","platform":"ruby","checksum":"19411ec6912911fd3df13559110127ea2badd0c035f7762873f58afc803e158f"},
 {"name":"websocket","version":"1.2.10","platform":"ruby","checksum":"2cc1a4a79b6e63637b326b4273e46adcddf7871caa5dc5711f2ca4061a629fa8"},
 {"name":"websocket-driver","version":"0.7.6","platform":"java","checksum":"bc894b9e9d5aee55ac04b61003e1957c4ef411a5a048199587d0499785b505c3"},
diff --git a/Gemfile.lock b/Gemfile.lock
index 8e3604c85fa..5d1139a6578 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1385,19 +1385,13 @@ GEM
       json
     recursive-open-struct (1.1.3)
     redcarpet (3.6.0)
-    redis (5.0.8)
-      redis-client (>= 0.17.0)
+    redis (4.8.0)
     redis-actionpack (5.4.0)
       actionpack (>= 5, < 8)
       redis-rack (>= 2.1.0, < 4)
       redis-store (>= 1.1.0, < 2)
     redis-client (0.19.0)
       connection_pool
-    redis-cluster-client (0.7.5)
-      redis-client (~> 0.12)
-    redis-clustering (5.0.8)
-      redis (= 5.0.8)
-      redis-cluster-client (>= 0.7.0)
     redis-namespace (1.10.0)
       redis (>= 4)
     redis-rack (3.0.0)
@@ -1796,7 +1790,7 @@ GEM
     webfinger (1.2.0)
       activesupport
       httpclient (>= 2.4)
-    webmock (3.19.1)
+    webmock (3.20.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -2075,9 +2069,8 @@ DEPENDENCIES
   rbtrace (~> 0.4)
   re2 (= 2.7.0)
   recaptcha (~> 5.12)
-  redis (~> 5.0.0)
+  redis (~> 4.8.0)
   redis-actionpack (~> 5.4.0)
-  redis-clustering (~> 5.0.0)
   redis-namespace (~> 1.10.0)
   request_store (~> 1.5.1)
   responders (~> 3.0)
@@ -2153,7 +2146,7 @@ DEPENDENCIES
   vmstat (~> 2.3.0)
   warning (~> 1.3.0)
   webauthn (~> 3.0)
-  webmock (~> 3.19.1)
+  webmock (~> 3.20.0)
   webrick (~> 1.8.1)
   wikicloth (= 0.8.1)
   yajl-ruby (~> 1.4.3)
diff --git a/app/assets/javascripts/ci/job_details/store/getters.js b/app/assets/javascripts/ci/job_details/store/getters.js
index db967da87fb..e48b4886967 100644
--- a/app/assets/javascripts/ci/job_details/store/getters.js
+++ b/app/assets/javascripts/ci/job_details/store/getters.js
@@ -34,7 +34,7 @@ export const emptyStateIllustration = (state) => state?.job?.status?.illustratio
 export const emptyStateAction = (state) => state?.job?.status?.action || null;
 
 /**
- * Shared runners limit is only rendered when
+ * Instance/shared runners limit is only rendered when
  * used quota is bigger or equal than the limit
  *
  * @returns {Boolean}
diff --git a/app/assets/javascripts/group_settings/components/shared_runners_form.vue b/app/assets/javascripts/group_settings/components/shared_runners_form.vue
index d396169c0a3..1a5be851a4a 100644
--- a/app/assets/javascripts/group_settings/components/shared_runners_form.vue
+++ b/app/assets/javascripts/group_settings/components/shared_runners_form.vue
@@ -127,13 +127,13 @@ export default {
         :value="sharedRunnersToggleValue"
         :is-loading="isLoading"
         :disabled="isSharedRunnersToggleDisabled"
-        :label="__('Enable shared runners for this group')"
-        :description="__('Enable shared runners for all projects and subgroups in this group.')"
+        :label="__('Enable instance runners for this group')"
+        :description="__('Enable instance runners for all projects and subgroups in this group.')"
         data-testid="shared-runners-toggle"
         @change="onSharedRunnersToggle"
       >
         <template v-if="isSharedRunnersToggleDisabled" #help>
-          {{ s__('Runners|Shared runners are disabled.') }}
+          {{ s__('Runners|Instance runners are disabled.') }}
           <gl-sprintf
             v-if="isParentAvailable"
             :message="s__('Runners|Go to %{groupLink} to enable them.')"
@@ -159,7 +159,7 @@ export default {
         @change="onOverrideToggle"
       >
         <template v-if="isSharedRunnersToggleDisabled" #help>
-          {{ s__('Runners|Shared runners are disabled.') }}
+          {{ s__('Runners|Instance runners are disabled.') }}
           <gl-sprintf
             v-if="isParentAvailable"
             :message="s__('Runners|Go to %{groupLink} to enable them.')"
diff --git a/app/assets/javascripts/group_settings/constants.js b/app/assets/javascripts/group_settings/constants.js
index 3b595bac686..315ad4b8834 100644
--- a/app/assets/javascripts/group_settings/constants.js
+++ b/app/assets/javascripts/group_settings/constants.js
@@ -1,12 +1,12 @@
 import { __, s__ } from '~/locale';
 
 export const I18N_CONFIRM_MESSAGE = s__(
-  'Runners|Shared runners will be disabled for all projects and subgroups in this group.',
+  'Runners|Instance runners will be disabled for all projects and subgroups in this group.',
 );
-export const I18N_CONFIRM_OK = s__('Runners|Yes, disable shared runners');
-export const I18N_CONFIRM_CANCEL = s__('Runners|No, keep shared runners enabled');
+export const I18N_CONFIRM_OK = s__('Runners|Yes, disable instance runners');
+export const I18N_CONFIRM_CANCEL = s__('Runners|No, keep instance runners enabled');
 export const I18N_CONFIRM_TITLE = s__(
-  'Runners|Are you sure you want to disable shared runners for %{groupName}?',
+  'Runners|Are you sure you want to disable instance runners for %{groupName}?',
 );
 
 export const I18N_UPDATE_ERROR_MESSAGE = __('An error occurred while updating configuration.');
diff --git a/app/assets/javascripts/projects/settings/components/shared_runners_toggle.vue b/app/assets/javascripts/projects/settings/components/shared_runners_toggle.vue
index a02a33992b5..db3d4a22c33 100644
--- a/app/assets/javascripts/projects/settings/components/shared_runners_toggle.vue
+++ b/app/assets/javascripts/projects/settings/components/shared_runners_toggle.vue
@@ -6,7 +6,7 @@ import { CC_VALIDATION_REQUIRED_ERROR } from '../constants';
 
 const DEFAULT_ERROR_MESSAGE = __('An error occurred while updating the configuration.');
 const REQUIRES_VALIDATION_TEXT = s__(
-  `Billings|Shared runners cannot be enabled until a valid credit card is on file.`,
+  `Billings|Instance runners cannot be enabled until a valid credit card is on file.`,
 );
 
 export default {
@@ -122,13 +122,13 @@ export default {
         ref="sharedRunnersToggle"
         :disabled="isDisabledAndUnoverridable"
         :is-loading="isLoading"
-        :label="__('Enable shared runners for this project')"
+        :label="__('Enable instance runners for this project')"
         :value="isSharedRunnerEnabled"
         data-testid="toggle-shared-runners"
         @change="toggleSharedRunners"
       >
         <template v-if="isDisabledAndUnoverridable" #help>
-          {{ s__('Runners|Shared runners are disabled in the group settings.') }}
+          {{ s__('Runners|Instance runners are disabled in the group settings.') }}
           <gl-sprintf
             v-if="isGroupSettingsAvailable"
             :message="s__('Runners|Go to %{groupLink} to enable them.')"
diff --git a/app/assets/javascripts/projects/settings/constants.js b/app/assets/javascripts/projects/settings/constants.js
index 37a9fe0c741..f43fb1e147a 100644
--- a/app/assets/javascripts/projects/settings/constants.js
+++ b/app/assets/javascripts/projects/settings/constants.js
@@ -17,5 +17,5 @@ export const ACCESS_LEVEL_NONE = 0;
 
 // must match shared_runners_setting in update_service.rb
 export const CC_VALIDATION_REQUIRED_ERROR = __(
-  'Shared runners enabled cannot be enabled until a valid credit card is on file',
+  'Instance runners enabled cannot be enabled until a valid credit card is on file',
 );
diff --git a/app/assets/stylesheets/framework/mixins.scss b/app/assets/stylesheets/framework/mixins.scss
index 0bc68eca904..7f093f062ab 100644
--- a/app/assets/stylesheets/framework/mixins.scss
+++ b/app/assets/stylesheets/framework/mixins.scss
@@ -442,3 +442,11 @@
     color: $gl-text-color;
   }
 }
+
+@mixin devise-errors {
+  h2 {
+    margin-top: 0;
+    font-size: $gl-font-size;
+    color: var(--red-700, $red-700);
+  }
+}
diff --git a/app/assets/stylesheets/page_bundles/login.scss b/app/assets/stylesheets/page_bundles/login.scss
index 3537c9630ff..0debe85c5bd 100644
--- a/app/assets/stylesheets/page_bundles/login.scss
+++ b/app/assets/stylesheets/page_bundles/login.scss
@@ -1,5 +1,23 @@
 @import 'mixins_and_variables_and_functions';
 
+.html-devise-layout {
+  margin: 0;
+  padding: 0;
+  height: 100%;
+  
+  body {
+    &.with-system-header {
+      padding-top: $system-header-height;
+    }
+    
+    &.with-system-footer {
+      .footer-container {
+        padding-bottom: $system-footer-height;
+      }
+    }
+  }
+}
+
 /* Login Page */
 .login-page {
   .container {
@@ -42,30 +60,9 @@
     }
   }
 
+
   .devise-errors {
-    h2 {
-      margin-top: 0;
-      font-size: 14px;
-      color: $red-700;
-    }
-  }
-}
-
-.html-devise-layout {
-  margin: 0;
-  padding: 0;
-  height: 100%;
-
-  body {
-    &.with-system-header {
-      padding-top: $system-header-height;
-    }
-
-    &.with-system-footer {
-      .footer-container {
-        padding-bottom: $system-footer-height;
-      }
-    }
+    @include devise-errors;
   }
 }
 
diff --git a/app/assets/stylesheets/page_bundles/signup.scss b/app/assets/stylesheets/page_bundles/signup.scss
index f016f2564ec..2f692b7eaab 100644
--- a/app/assets/stylesheets/page_bundles/signup.scss
+++ b/app/assets/stylesheets/page_bundles/signup.scss
@@ -1,13 +1,6 @@
 @import 'mixins_and_variables_and_functions';
 
 .signup-page {
-  .devise-errors {
-    h2 {
-      font-size: $gl-font-size;
-      color: var(--red-700, $red-700);
-    }
-  }
-
   .decline-page {
     width: 350px;
   }
@@ -16,3 +9,7 @@
 .edit-profile {
   max-width: 460px;
 }
+
+.devise-errors {
+  @include devise-errors;
+}
diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index d98d443bdc9..16d4a81ee9f 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -29,7 +29,7 @@ class InvitesController < ApplicationController
 
   def decline
     if member.decline_invite!
-      return render layout: 'signup_onboarding' if !current_user && member.invite_to_unknown_user? && member.created_by
+      return render layout: 'minimal' if !current_user && member.invite_to_unknown_user? && member.created_by
 
       path =
         if current_user
diff --git a/app/graphql/mutations/groups/update.rb b/app/graphql/mutations/groups/update.rb
index be7a14d0b43..9bedc377957 100644
--- a/app/graphql/mutations/groups/update.rb
+++ b/app/graphql/mutations/groups/update.rb
@@ -16,8 +16,14 @@ module Mutations
       argument :full_path, GraphQL::Types::ID,
                required: true,
                description: 'Full path of the group that will be updated.'
+      argument :lock_math_rendering_limits_enabled, GraphQL::Types::Boolean,
+                required: false,
+                description: copy_field_description(Types::GroupType, :lock_math_rendering_limits_enabled)
+      argument :math_rendering_limits_enabled, GraphQL::Types::Boolean,
+                 required: false,
+                 description: copy_field_description(Types::GroupType, :math_rendering_limits_enabled)
       argument :shared_runners_setting, Types::Namespace::SharedRunnersSettingEnum,
-               required: true,
+               required: false,
                description: copy_field_description(Types::GroupType, :shared_runners_setting)
 
       def resolve(full_path:, **args)
diff --git a/app/graphql/types/group_type.rb b/app/graphql/types/group_type.rb
index 2b4def94281..b2d05cef8fa 100644
--- a/app/graphql/types/group_type.rb
+++ b/app/graphql/types/group_type.rb
@@ -311,6 +311,18 @@ module Types
           resolver: Resolvers::AutocompleteUsersResolver,
           description: 'Search users for autocompletion'
 
+    field :lock_math_rendering_limits_enabled,
+          GraphQL::Types::Boolean,
+          null: true,
+          method: :lock_math_rendering_limits_enabled?,
+          description: 'Indicates if math rendering limits are locked for all descendant groups.'
+
+    field :math_rendering_limits_enabled,
+          GraphQL::Types::Boolean,
+          null: true,
+          method: :math_rendering_limits_enabled?,
+          description: 'Indicates if math rendering limits are used for this group.'
+
     def label(title:)
       BatchLoader::GraphQL.for(title).batch(key: group) do |titles, loader, args|
         LabelsFinder
diff --git a/app/models/active_session.rb b/app/models/active_session.rb
index 756e0b7fbf9..2eb9c9bca7f 100644
--- a/app/models/active_session.rb
+++ b/app/models/active_session.rb
@@ -84,7 +84,7 @@ class ActiveSession
       )
 
       Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-        redis.pipelined do |pipeline|
+        Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
           pipeline.setex(
             key_name(user.id, session_private_id),
             expiry,
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index bb1f77680ff..f8f0a7403b3 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -157,6 +157,12 @@ class Namespace < ApplicationRecord
     :npm_package_requests_forwarding,
     to: :package_settings
   delegate :default_branch_protection_defaults, to: :namespace_settings, allow_nil: true
+  delegate :math_rendering_limits_enabled,
+    :lock_math_rendering_limits_enabled,
+    to: :namespace_settings, allow_nil: true
+  delegate :math_rendering_limits_enabled?,
+    :lock_math_rendering_limits_enabled?,
+    to: :namespace_settings
 
   before_save :update_new_emails_created_column, if: -> { emails_disabled_changed? }
   before_create :sync_share_with_group_lock_with_parent
diff --git a/app/models/namespace_setting.rb b/app/models/namespace_setting.rb
index 6ad0f8305c7..4f43f30638f 100644
--- a/app/models/namespace_setting.rb
+++ b/app/models/namespace_setting.rb
@@ -12,6 +12,7 @@ class NamespaceSetting < ApplicationRecord
 
   cascading_attr :toggle_security_policy_custom_ci
   cascading_attr :toggle_security_policies_policy_scope
+  cascading_attr :math_rendering_limits_enabled
 
   belongs_to :namespace, inverse_of: :namespace_settings
 
@@ -50,6 +51,8 @@ class NamespaceSetting < ApplicationRecord
     subgroup_runner_token_expiration_interval
     project_runner_token_expiration_interval
     default_branch_protection_defaults
+    math_rendering_limits_enabled
+    lock_math_rendering_limits_enabled
   ].freeze
 
   # matches the size set in the database constraint
diff --git a/app/services/branch_rules/base_service.rb b/app/services/branch_rules/base_service.rb
new file mode 100644
index 00000000000..17b3cbd472b
--- /dev/null
+++ b/app/services/branch_rules/base_service.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module BranchRules
+  class BaseService
+    include Gitlab::Allowable
+
+    attr_accessor :project, :branch_rule, :current_user
+
+    def initialize(branch_rule, user = nil)
+      @branch_rule = branch_rule
+      @project = branch_rule.project
+      @current_user = user
+    end
+  end
+end
+
+BranchRules::BaseService.prepend_mod
diff --git a/app/services/branch_rules/destroy_service.rb b/app/services/branch_rules/destroy_service.rb
new file mode 100644
index 00000000000..8ff1fd43e2d
--- /dev/null
+++ b/app/services/branch_rules/destroy_service.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module BranchRules
+  class DestroyService < BaseService
+    def execute
+      raise Gitlab::Access::AccessDeniedError unless can_destroy_branch_rule?
+
+      return destroy_protected_branch if branch_rule.instance_of?(Projects::BranchRule)
+
+      yield if block_given?
+
+      ServiceResponse.error(message: 'Unknown branch rule type.')
+    end
+
+    private
+
+    def can_destroy_branch_rule?
+      can?(current_user, :destroy_protected_branch, branch_rule)
+    end
+
+    def destroy_protected_branch
+      service = ProtectedBranches::DestroyService.new(project, current_user)
+
+      return ServiceResponse.success if service.execute(branch_rule.protected_branch)
+
+      ServiceResponse.error(message: 'Failed to delete branch rule.')
+    end
+  end
+end
+
+BranchRules::DestroyService.prepend_mod
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index f768087b877..0fdc73ef2b3 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -74,6 +74,8 @@ module Groups
       end
 
       params.delete(:allow_mfa_for_subgroups)
+      params.delete(:math_rendering_limits_enabled)
+      params.delete(:lock_math_rendering_limits_enabled)
     end
 
     def create_chat_team?
diff --git a/app/services/groups/update_service.rb b/app/services/groups/update_service.rb
index bdf943091e9..8c47feb813f 100644
--- a/app/services/groups/update_service.rb
+++ b/app/services/groups/update_service.rb
@@ -141,6 +141,11 @@ module Groups
         params.delete(:default_branch_protection)
         params.delete(:default_branch_protection_defaults)
       end
+
+      unless can?(current_user, :admin_namespace, group)
+        params.delete(:math_rendering_limits_enabled)
+        params.delete(:lock_math_rendering_limits_enabled)
+      end
     end
 
     def handle_changes
diff --git a/app/views/admin/application_settings/_ci_cd.html.haml b/app/views/admin/application_settings/_ci_cd.html.haml
index 8092299fb61..f63a9862c13 100644
--- a/app/views/admin/application_settings/_ci_cd.html.haml
+++ b/app/views/admin/application_settings/_ci_cd.html.haml
@@ -15,14 +15,14 @@
           = link_to _('Learn more.'), help_page_path('topics/autodevops/stages', anchor: 'auto-review-apps'), target: '_blank', rel: 'noopener noreferrer'
 
       .form-group
-        = f.gitlab_ui_checkbox_component :shared_runners_enabled, s_("AdminSettings|Enable shared runners for new projects"), help_text: s_("AdminSettings|All new projects can use the instance's shared runners by default.")
+        = f.gitlab_ui_checkbox_component :shared_runners_enabled, s_("AdminSettings|Enable instance runners for new projects"), help_text: s_("AdminSettings|All new projects can use instance runners by default.")
 
       = render_if_exists 'admin/application_settings/shared_runners_minutes_setting', form: f
 
       .form-group
-        = f.label :shared_runners_text, _('Shared runners details'), class: 'label-bold'
+        = f.label :shared_runners_text, s_('AdminSettings|Instance runners details'), class: 'label-bold'
         = f.text_area :shared_runners_text, class: 'form-control gl-form-input', rows: 4
-        .form-text.text-muted= _("Add a custom message with details about the instance's shared runners. The message is visible when you view runners for projects and groups. Markdown is supported.")
+        .form-text.text-muted= s_('AdminSettings|Add a custom message with details about instance runners. The message is visible when you view runners for projects and groups. Markdown is supported.')
       .form-group
         = f.label :max_artifacts_size, _('Maximum artifacts size (MB)'), class: 'label-bold'
         = f.number_field :max_artifacts_size, class: 'form-control gl-form-input'
diff --git a/app/views/admin/application_settings/ci_cd.html.haml b/app/views/admin/application_settings/ci_cd.html.haml
index b7a43916a30..c48cb5234a1 100644
--- a/app/views/admin/application_settings/ci_cd.html.haml
+++ b/app/views/admin/application_settings/ci_cd.html.haml
@@ -21,7 +21,7 @@
     = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p.gl-text-secondary
-      = _('Customize CI/CD settings, including Auto DevOps, shared runners, and job artifacts.')
+      = _('Customize CI/CD settings, including Auto DevOps, instance runners, and job artifacts.')
   = render 'ci_cd'
 
 = render_if_exists 'admin/application_settings/required_instance_ci_setting', expanded: expanded_by_default?
diff --git a/app/views/admin/dashboard/index.html.haml b/app/views/admin/dashboard/index.html.haml
index 75152586860..343570b8c81 100644
--- a/app/views/admin/dashboard/index.html.haml
+++ b/app/views/admin/dashboard/index.html.haml
@@ -117,7 +117,7 @@
             enabled: Gitlab.config.pages.enabled,
             doc_href: help_instance_configuration_url)
 
-          = feature_entry(_('Shared Runners'),
+          = feature_entry(_('Instance Runners'),
             href: admin_runners_path,
             enabled: Gitlab.config.gitlab_ci.shared_runners_enabled)
     .col-md-4.gl-mb-6
diff --git a/app/views/admin/users/_access.html.haml b/app/views/admin/users/_access.html.haml
index 062f31d46b1..e0cbfbf3671 100644
--- a/app/views/admin/users/_access.html.haml
+++ b/app/views/admin/users/_access.html.haml
@@ -46,5 +46,5 @@
     = f.fields_for :credit_card_validation do |ff|
       = ff.gitlab_ui_checkbox_component :credit_card_validated_at,
         s_('AdminUsers|Validate user account'),
-        help_text: s_('AdminUsers|A user can validate themselves by inputting a credit/debit card, or an admin can manually validate a user. Validated users can use free CI minutes on shared runners.'),
+        help_text: s_('AdminUsers|A user can validate themselves by inputting a credit/debit card, or an admin can manually validate a user. Validated users can use free CI minutes on instance runners.'),
         checkbox_options: { checked: @user.credit_card_validated_at.present? }
diff --git a/app/views/layouts/devise.html.haml b/app/views/layouts/devise.html.haml
index 8a366d8e398..52e30dcb191 100644
--- a/app/views/layouts/devise.html.haml
+++ b/app/views/layouts/devise.html.haml
@@ -1,5 +1,6 @@
 - add_page_specific_style 'page_bundles/login'
 - custom_text = custom_sign_in_description
+
 !!! 5
 %html.html-devise-layout{ class: user_application_theme, lang: I18n.locale }
   = render "layouts/head"
diff --git a/app/views/layouts/signup_onboarding.html.haml b/app/views/layouts/signup_onboarding.html.haml
deleted file mode 100644
index 45e682f1b88..00000000000
--- a/app/views/layouts/signup_onboarding.html.haml
+++ /dev/null
@@ -1,14 +0,0 @@
-- add_page_specific_style 'page_bundles/signup'
-- add_page_specific_style 'page_bundles/login'
-!!! 5
-%html.html-devise-layout{ class: user_application_theme, lang: I18n.locale }
-  = render "layouts/head"
-  %body.signup-page{ class: "#{system_message_class} #{client_class_list}", data: body_data }
-    = header_message
-    = render "layouts/init_client_detection_flags"
-    = render "layouts/header/logo_with_title"
-    .container.gl-align-self-center
-      .content
-        = yield
-
-    = footer_message
diff --git a/app/views/projects/commits/_commits.html.haml b/app/views/projects/commits/_commits.html.haml
index 010f15ec6f2..cb2b18bb03c 100644
--- a/app/views/projects/commits/_commits.html.haml
+++ b/app/views/projects/commits/_commits.html.haml
@@ -43,10 +43,8 @@
   .add-review-item-modal-trigger{ data: { context_commits_empty: 'true' } }
 
 - if commits.size == 0 && context_commits.nil?
-  .commits-empty.gl-mt-6
-    .svg-content.svg-150
-      = image_tag('illustrations/empty-state/empty-search-md.svg')
-    %h4
-      = _('Your search didn\'t match any commits.')
-    %p
+  = render Pajamas::EmptyStateComponent.new(svg_path: 'illustrations/empty-state/empty-search-md.svg',
+    title: _('Your search didn\'t match any commits.')) do |c|
+
+    - c.with_description do
       = _('Try changing or removing filters.')
diff --git a/app/views/projects/runners/_shared_runners.html.haml b/app/views/projects/runners/_shared_runners.html.haml
index 9e7bbd6cefe..fd77ac0505c 100644
--- a/app/views/projects/runners/_shared_runners.html.haml
+++ b/app/views/projects/runners/_shared_runners.html.haml
@@ -3,11 +3,11 @@
 #toggle-shared-runners-form{ data: toggle_shared_runners_settings_data(@project) }
 
 - if @shared_runners_count == 0
-  = _('This GitLab instance does not provide any shared runners yet. Instance administrators can register shared runners in the admin area.')
+  = _('This GitLab instance does not provide any instance runners yet. Administrators can register instance runners in the admin area.')
 - else
   %div{ data: { testid: 'available-shared-runners' } }
     %h5.gl-mt-6.gl-mb-0
-      = s_('Runners|Available shared runners: %{count}') % {count: @shared_runners_count}
+      = s_('Runners|Available instance runners: %{count}') % {count: @shared_runners_count}
     %ul.bordered-list
       = render partial: 'projects/runners/runner', collection: @shared_runners, as: :runner
     = paginate @shared_runners, theme: "gitlab", param_name: "shared_runners_page", params: { expand_runners: true, anchor: 'js-runners-settings' }
diff --git a/app/views/shared/empty_states/_issues.html.haml b/app/views/shared/empty_states/_issues.html.haml
index a4ea98a0fb7..457c4252d92 100644
--- a/app/views/shared/empty_states/_issues.html.haml
+++ b/app/views/shared/empty_states/_issues.html.haml
@@ -48,7 +48,7 @@
           %strong
             = s_('JiraService|Using Jira for issue tracking?')
         %p.gl-text-center.gl-mb-0
-          - jira_docs_link_url = help_page_url('integration/jira/issues', anchor: 'view-jira-issues')
+          - jira_docs_link_url = help_page_url('integration/jira/configure', anchor: 'view-jira-issues')
           - jira_docs_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: jira_docs_link_url }
           = html_escape(s_('JiraService|%{jira_docs_link_start}Enable the Jira integration%{jira_docs_link_end} to view your Jira issues in GitLab.')) % { jira_docs_link_start: jira_docs_link_start.html_safe, jira_docs_link_end: '</a>'.html_safe }
         %p.gl-text-center.gl-mb-0.gl-text-gray-500
diff --git a/app/views/shared/runners/_runner_description.html.haml b/app/views/shared/runners/_runner_description.html.haml
index 6f918ae8103..35b6e2cff50 100644
--- a/app/views/shared/runners/_runner_description.html.haml
+++ b/app/views/shared/runners/_runner_description.html.haml
@@ -18,5 +18,5 @@
         = _('- Not available to run jobs.')
 
   %p
-    = s_("Runners|Tags control which type of jobs a runner can handle. By tagging a runner, you make sure shared runners only handle the jobs they are equipped to run.")
+    = s_("Runners|Tags control which type of jobs a runner can handle. By tagging a runner, you make sure runners only handle the jobs they are equipped to run.")
     = link_to _("Learn more."), help_page_path("ci/runners/configure_runners", anchor: "how-the-runner-uses-tags"), target: '_blank'
diff --git a/app/views/shared/runners/_runner_type_alert.html.haml b/app/views/shared/runners/_runner_type_alert.html.haml
index 26c3501e3d9..48affe294ef 100644
--- a/app/views/shared/runners/_runner_type_alert.html.haml
+++ b/app/views/shared/runners/_runner_type_alert.html.haml
@@ -12,5 +12,5 @@
     title: s_('Runners|This runner is associated with specific projects.'),
     dismissible: false) do |c|
     - c.with_body do
-      = s_('Runners|You can set up a project runner to be used by multiple projects but you cannot make this a shared or group runner.')
+      = s_('Runners|You can set up a project runner to be used by multiple projects but you cannot make this an instance or group runner.')
       = link_to _('Learn more.'), help_page_path('ci/runners/runners_scope', anchor: 'project-runners'), target: '_blank', rel: 'noopener noreferrer'
diff --git a/app/views/shared/runners/_shared_runners_description.html.haml b/app/views/shared/runners/_shared_runners_description.html.haml
index 89da1a6fa09..aab78fe35d1 100644
--- a/app/views/shared/runners/_shared_runners_description.html.haml
+++ b/app/views/shared/runners/_shared_runners_description.html.haml
@@ -1,7 +1,7 @@
 - shared_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('ci/runners/runners_scope', anchor: 'shared-runners') }
 
 %h4
-  = _('Shared runners')
+  = s_('Runners|Instance runners')
 
 .bs-callout{ data: { testid: 'shared-runners-description' } }
   %p= s_('Runners|%{link_start}These runners%{link_end} are available to all groups and projects.').html_safe % { link_start: shared_link_start, link_end: '</a>'.html_safe }
diff --git a/app/workers/concerns/limited_capacity/job_tracker.rb b/app/workers/concerns/limited_capacity/job_tracker.rb
index 2ac3c5e991b..b4d884f914d 100644
--- a/app/workers/concerns/limited_capacity/job_tracker.rb
+++ b/app/workers/concerns/limited_capacity/job_tracker.rb
@@ -21,7 +21,7 @@ module LimitedCapacity
 
     def register(jid, max_jids)
       with_redis do |redis|
-        redis.eval(LUA_REGISTER_SCRIPT, keys: [counter_key], argv: [jid.to_s, max_jids.to_i])
+        redis.eval(LUA_REGISTER_SCRIPT, keys: [counter_key], argv: [jid, max_jids])
       end.present?
     end
 
@@ -59,7 +59,7 @@ module LimitedCapacity
     end
 
     def remove_job_keys(redis, keys)
-      redis.srem?(counter_key, keys) if keys.present?
+      redis.srem?(counter_key, keys)
     end
 
     def with_redis(&block)
diff --git a/config/initializers/7_redis.rb b/config/initializers/7_redis.rb
index c7385612602..fbd2cbaabad 100644
--- a/config/initializers/7_redis.rb
+++ b/config/initializers/7_redis.rb
@@ -21,6 +21,12 @@ end
 # :nocov:
 # rubocop:enable Gitlab/NoCodeCoverageComment
 
+Redis::Client.prepend(Gitlab::Instrumentation::RedisInterceptor)
+Redis::Cluster::NodeLoader.prepend(Gitlab::Patch::NodeLoader)
+Redis::Cluster::SlotLoader.prepend(Gitlab::Patch::SlotLoader)
+Redis::Cluster::CommandLoader.prepend(Gitlab::Patch::CommandLoader)
+Redis::Cluster.prepend(Gitlab::Patch::RedisCluster)
+
 # this only instruments `RedisClient` used in `Sidekiq.redis`
 RedisClient.register(Gitlab::Instrumentation::RedisClientMiddleware)
 RedisClient.prepend(Gitlab::Patch::RedisClient)
diff --git a/config/initializers/action_cable.rb b/config/initializers/action_cable.rb
index 1d22c774443..dc69a108f56 100644
--- a/config/initializers/action_cable.rb
+++ b/config/initializers/action_cable.rb
@@ -25,17 +25,7 @@ raise "Do not configure cable.yml with a Redis Cluster as ActionCable only works
 # https://github.com/rails/rails/blob/bb5ac1623e8de08c1b7b62b1368758f0d3bb6379/actioncable/lib/action_cable/subscription_adapter/redis.rb#L18
 ActionCable::SubscriptionAdapter::Redis.redis_connector = lambda do |config|
   args = config.except(:adapter, :channel_prefix)
-    .merge(custom: { instrumentation_class: "ActionCable" })
-
-  if args[:url]
-    # cable.yml uses the url key but unix sockets needs to be passed into Redis
-    # under the `path` key. We do a simple reassignment to resolve that.
-    uri = URI.parse(args[:url])
-    if uri.scheme == 'unix'
-      args[:path] = uri.path
-      args.delete(:url)
-    end
-  end
+    .merge(instrumentation_class: ::Gitlab::Instrumentation::Redis::ActionCable)
 
   ::Redis.new(args)
 end
diff --git a/config/initializers/peek.rb b/config/initializers/peek.rb
index 72e7d3f10f9..e1c59851fb1 100644
--- a/config/initializers/peek.rb
+++ b/config/initializers/peek.rb
@@ -6,7 +6,7 @@ Peek::Adapters::Redis.prepend ::Gitlab::PerformanceBar::RedisAdapterWhenPeekEnab
 Peek.singleton_class.prepend ::Gitlab::PerformanceBar::WithTopLevelWarnings
 
 Rails.application.config.peek.adapter = :redis, {
-  client: Gitlab::Redis::Cache.redis,
+  client: ::Redis.new(Gitlab::Redis::Cache.params),
   expires_in: 5.minutes
 }
 
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 70bd3d012d0..7f410d7bf7b 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -29,12 +29,12 @@ cookie_key = if Rails.env.development?
                "_gitlab_session"
              end
 
-::Redis::Store::Factory.prepend(Gitlab::Patch::RedisStoreFactory)
+store = Gitlab::Redis::Sessions.store(namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE)
 
 Rails.application.configure do
   config.session_store(
     :redis_store, # Using the cookie_store would enable session replay attacks.
-    redis_server: Gitlab::Redis::Sessions.params.merge(namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE),
+    redis_store: store,
     key: cookie_key,
     secure: Gitlab.config.gitlab.https,
     httponly: true,
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index 401d18df790..9b7233dbd14 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -28,7 +28,7 @@ def enable_semi_reliable_fetch_mode?
 end
 
 # Custom Queues configuration
-queues_config_hash = Gitlab::Redis::Queues.params
+queues_config_hash = Gitlab::Redis::Queues.redis_client_params
 
 enable_json_logs = Gitlab.config.sidekiq.log_format != 'text'
 
diff --git a/db/migrate/20240126223640_add_cascade_math_rendering_limits.rb b/db/migrate/20240126223640_add_cascade_math_rendering_limits.rb
new file mode 100644
index 00000000000..84619671b6e
--- /dev/null
+++ b/db/migrate/20240126223640_add_cascade_math_rendering_limits.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class AddCascadeMathRenderingLimits < Gitlab::Database::Migration[2.2]
+  milestone '16.9'
+
+  enable_lock_retries!
+
+  def change
+    add_column :namespace_settings, :math_rendering_limits_enabled, :boolean, null: true
+    add_column :namespace_settings, :lock_math_rendering_limits_enabled, :boolean, default: false, null: false
+    add_column :application_settings, :lock_math_rendering_limits_enabled, :boolean, default: false, null: false
+  end
+end
diff --git a/db/post_migrate/20240206105336_delete_project_id_component_id_index.rb b/db/post_migrate/20240206105336_delete_project_id_component_id_index.rb
new file mode 100644
index 00000000000..b2766d5eea7
--- /dev/null
+++ b/db/post_migrate/20240206105336_delete_project_id_component_id_index.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class DeleteProjectIdComponentIdIndex < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '16.9'
+  INDEX_NAME = 'index_sbom_occurrences_on_project_id_component_id'
+
+  def up
+    remove_concurrent_index_by_name :sbom_occurrences, INDEX_NAME
+  end
+
+  def down
+    add_concurrent_index :sbom_occurrences, [:project_id, :component_id], name: INDEX_NAME
+  end
+end
diff --git a/db/schema_migrations/20240126223640 b/db/schema_migrations/20240126223640
new file mode 100644
index 00000000000..0ba3e81042e
--- /dev/null
+++ b/db/schema_migrations/20240126223640
@@ -0,0 +1 @@
+1c76bf19f1eef758de90d3a9750c28e40e8070d9efcd12d63552301a42201e92
\ No newline at end of file
diff --git a/db/schema_migrations/20240206105336 b/db/schema_migrations/20240206105336
new file mode 100644
index 00000000000..989e1968f77
--- /dev/null
+++ b/db/schema_migrations/20240206105336
@@ -0,0 +1 @@
+bafc4d42dfa19a97208d9967f444d65c5069d44accd48ebf54faf187f981280c
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 955e6449729..2203921199f 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -12650,6 +12650,7 @@ CREATE TABLE application_settings (
     rate_limits jsonb DEFAULT '{}'::jsonb NOT NULL,
     elasticsearch_max_code_indexing_concurrency integer DEFAULT 30 NOT NULL,
     enable_member_promotion_management boolean DEFAULT false NOT NULL,
+    lock_math_rendering_limits_enabled boolean DEFAULT false NOT NULL,
     CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
     CONSTRAINT app_settings_container_registry_pre_import_tags_rate_positive CHECK ((container_registry_pre_import_tags_rate >= (0)::numeric)),
     CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)),
@@ -20113,6 +20114,8 @@ CREATE TABLE namespace_settings (
     lock_toggle_security_policy_custom_ci boolean DEFAULT false NOT NULL,
     toggle_security_policies_policy_scope boolean,
     lock_toggle_security_policies_policy_scope boolean DEFAULT false NOT NULL,
+    math_rendering_limits_enabled boolean,
+    lock_math_rendering_limits_enabled boolean DEFAULT false NOT NULL,
     CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255)),
     CONSTRAINT namespace_settings_unique_project_download_limit_alertlist_size CHECK ((cardinality(unique_project_download_limit_alertlist) <= 100)),
     CONSTRAINT namespace_settings_unique_project_download_limit_allowlist_size CHECK ((cardinality(unique_project_download_limit_allowlist) <= 100))
@@ -35494,8 +35497,6 @@ CREATE INDEX index_sbom_occurrences_on_project_id_and_id ON sbom_occurrences USI
 
 CREATE INDEX index_sbom_occurrences_on_project_id_and_package_manager ON sbom_occurrences USING btree (project_id, package_manager);
 
-CREATE INDEX index_sbom_occurrences_on_project_id_component_id ON sbom_occurrences USING btree (project_id, component_id);
-
 CREATE INDEX index_sbom_occurrences_on_source_id ON sbom_occurrences USING btree (source_id);
 
 CREATE UNIQUE INDEX index_sbom_occurrences_on_uuid ON sbom_occurrences USING btree (uuid);
diff --git a/doc/administration/auth/ldap/ldap-troubleshooting.md b/doc/administration/auth/ldap/ldap-troubleshooting.md
index 42bf2d2679a..7617db1186d 100644
--- a/doc/administration/auth/ldap/ldap-troubleshooting.md
+++ b/doc/administration/auth/ldap/ldap-troubleshooting.md
@@ -501,7 +501,8 @@ To sync all groups manually when debugging is unnecessary,
 [use the Rake task](../../raketasks/ldap.md#run-a-group-sync) instead.
 
 The output from a manual [group sync](ldap_synchronization.md#group-sync) can show you what happens
-when GitLab syncs its LDAP group memberships against LDAP.
+when GitLab syncs its LDAP group memberships against LDAP. Enter the [rails console](#rails-console)
+and then run:
 
 ```ruby
 Rails.logger.level = Logger::DEBUG
diff --git a/doc/administration/redis/troubleshooting.md b/doc/administration/redis/troubleshooting.md
index 7ec6414bf45..aebb3004223 100644
--- a/doc/administration/redis/troubleshooting.md
+++ b/doc/administration/redis/troubleshooting.md
@@ -124,7 +124,7 @@ To make sure your configuration is correct:
 1. Run in the console:
 
    ```ruby
-   redis = Gitlab::Redis::SharedState.redis
+   redis = Redis.new(Gitlab::Redis::SharedState.params)
    redis.info
    ```
 
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index d5f4a6e6d6f..8c9c69d51d7 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -4548,7 +4548,9 @@ Input type: `GroupUpdateInput`
 | ---- | ---- | ----------- |
 | <a id="mutationgroupupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
 | <a id="mutationgroupupdatefullpath"></a>`fullPath` | [`ID!`](#id) | Full path of the group that will be updated. |
-| <a id="mutationgroupupdatesharedrunnerssetting"></a>`sharedRunnersSetting` | [`SharedRunnersSetting!`](#sharedrunnerssetting) | Shared runners availability for the namespace and its descendants. |
+| <a id="mutationgroupupdatelockmathrenderinglimitsenabled"></a>`lockMathRenderingLimitsEnabled` | [`Boolean`](#boolean) | Indicates if math rendering limits are locked for all descendant groups. |
+| <a id="mutationgroupupdatemathrenderinglimitsenabled"></a>`mathRenderingLimitsEnabled` | [`Boolean`](#boolean) | Indicates if math rendering limits are used for this group. |
+| <a id="mutationgroupupdatesharedrunnerssetting"></a>`sharedRunnersSetting` | [`SharedRunnersSetting`](#sharedrunnerssetting) | Shared runners availability for the namespace and its descendants. |
 
 #### Fields
 
@@ -19587,6 +19589,8 @@ GPG signature for a signed commit.
 | <a id="groupid"></a>`id` | [`ID!`](#id) | ID of the namespace. |
 | <a id="groupistemporarystorageincreaseenabled"></a>`isTemporaryStorageIncreaseEnabled` **{warning-solid}** | [`Boolean`](#boolean) | **Deprecated** in 16.7. Feature removal, will be completely removed in 17.0. |
 | <a id="grouplfsenabled"></a>`lfsEnabled` | [`Boolean`](#boolean) | Indicates if Large File Storage (LFS) is enabled for namespace. |
+| <a id="grouplockmathrenderinglimitsenabled"></a>`lockMathRenderingLimitsEnabled` | [`Boolean`](#boolean) | Indicates if math rendering limits are locked for all descendant groups. |
+| <a id="groupmathrenderinglimitsenabled"></a>`mathRenderingLimitsEnabled` | [`Boolean`](#boolean) | Indicates if math rendering limits are used for this group. |
 | <a id="groupmaxaccesslevel"></a>`maxAccessLevel` | [`AccessLevel!`](#accesslevel) | The maximum access level of the current user in the group. |
 | <a id="groupmentionsdisabled"></a>`mentionsDisabled` | [`Boolean`](#boolean) | Indicates if a group is disabled from getting mentioned. |
 | <a id="groupname"></a>`name` | [`String!`](#string) | Name of the namespace. |
diff --git a/doc/api/groups.md b/doc/api/groups.md
index d7a9e89985a..014f0897471 100644
--- a/doc/api/groups.md
+++ b/doc/api/groups.md
@@ -719,7 +719,9 @@ Example response:
       ]
     }
   ],
-  "ip_restriction_ranges": null
+  "ip_restriction_ranges": null,
+  "math_rendering_limits_enabled": true,
+  "lock_math_rendering_limits_enabled": false
 }
 ```
 
@@ -1025,18 +1027,20 @@ PUT /groups/:id
 | `subgroup_creation_level`                               | string  | no       | Allowed to [create subgroups](../user/group/subgroups/index.md#create-a-subgroup). Can be `owner` (Owners), or `maintainer` (users with the Maintainer role). |
 | `two_factor_grace_period`                               | integer | no       | Time before Two-factor authentication is enforced (in hours). |
 | `visibility`                                            | string  | no       | The visibility level of the group. Can be `private`, `internal`, or `public`. |
-| `extra_shared_runners_minutes_limit` | integer | no       | Can be set by administrators only. Additional compute minutes for this group. Self-managed, Premium and Ultimate only. |
-| `file_template_project_id`               | integer | no       | The ID of a project to load custom file templates from. Premium and Ultimate only. |
-| `membership_lock`                    | boolean | no       | Users cannot be added to projects in this group. Premium and Ultimate only. |
-| `prevent_forking_outside_group`        | boolean | no       | When enabled, users can **not** fork projects from this group to external namespaces. Premium and Ultimate only. |
-| `shared_runners_minutes_limit` | integer | no       | Can be set by administrators only. Maximum number of monthly compute minutes for this group. Can be `nil` (default; inherit system default), `0` (unlimited), or `> 0`. Self-managed, Premium and Ultimate only. |
-| `unique_project_download_limit` | integer | no | Maximum number of unique projects a user can download in the specified time period before they are banned. Available only on top-level groups. Default: 0, Maximum: 10,000. Ultimate only. |
-| `unique_project_download_limit_interval_in_seconds` | integer | no | Time period during which a user can download a maximum amount of projects before they are banned. Available only on top-level groups. Default: 0, Maximum: 864,000 seconds (10 days). Ultimate only. |
-| `unique_project_download_limit_allowlist` | array of strings | no | List of usernames excluded from the unique project download limit. Available only on top-level groups. Default: `[]`, Maximum: 100 usernames. Ultimate only.|
-| `unique_project_download_limit_alertlist` | array of integers | no | List of user IDs that are emailed when the unique project download limit is exceeded. Available only on top-level groups. Default: `[]`, Maximum: 100 user IDs. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110201) in GitLab 15.9. Ultimate only.|
-| `auto_ban_user_on_excessive_projects_download` | boolean | no | When enabled, users are automatically banned from the group when they download more than the maximum number of unique projects specified by `unique_project_download_limit` and `unique_project_download_limit_interval_in_seconds`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94159) in GitLab 15.4. Ultimate only.|
-| `ip_restriction_ranges`                | string  | no       | Comma-separated list of IP addresses or subnet masks to restrict group access. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351493) in GitLab 15.4. Premium and Ultimate only.|
-| `wiki_access_level`                    | string  | no       | The wiki access level. Can be `disabled`, `private`, or `enabled`. Premium and Ultimate only.|
+| `extra_shared_runners_minutes_limit`                    | integer | no       | Can be set by administrators only. Additional compute minutes for this group. Self-managed, Premium and Ultimate only. |
+| `file_template_project_id`                              | integer | no       | The ID of a project to load custom file templates from. Premium and Ultimate only. |
+| `membership_lock`                                       | boolean | no       | Users cannot be added to projects in this group. Premium and Ultimate only. |
+| `prevent_forking_outside_group`                         | boolean | no       | When enabled, users can **not** fork projects from this group to external namespaces. Premium and Ultimate only. |
+| `shared_runners_minutes_limit`                          | integer | no       | Can be set by administrators only. Maximum number of monthly compute minutes for this group. Can be `nil` (default; inherit system default), `0` (unlimited), or `> 0`. Self-managed, Premium and Ultimate only. |
+| `unique_project_download_limit`                         | integer | no       | Maximum number of unique projects a user can download in the specified time period before they are banned. Available only on top-level groups. Default: 0, Maximum: 10,000. Ultimate only. |
+| `unique_project_download_limit_interval_in_seconds`     | integer | no       | Time period during which a user can download a maximum amount of projects before they are banned. Available only on top-level groups. Default: 0, Maximum: 864,000 seconds (10 days). Ultimate only. |
+| `unique_project_download_limit_allowlist`               | array of strings | no | List of usernames excluded from the unique project download limit. Available only on top-level groups. Default: `[]`, Maximum: 100 usernames. Ultimate only.|
+| `unique_project_download_limit_alertlist`               | array of integers | no | List of user IDs that are emailed when the unique project download limit is exceeded. Available only on top-level groups. Default: `[]`, Maximum: 100 user IDs. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110201) in GitLab 15.9. Ultimate only.|
+| `auto_ban_user_on_excessive_projects_download`          | boolean | no       | When enabled, users are automatically banned from the group when they download more than the maximum number of unique projects specified by `unique_project_download_limit` and `unique_project_download_limit_interval_in_seconds`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94159) in GitLab 15.4. Ultimate only.|
+| `ip_restriction_ranges`                                 | string  | no       | Comma-separated list of IP addresses or subnet masks to restrict group access. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351493) in GitLab 15.4. Premium and Ultimate only.|
+| `wiki_access_level`                                     | string  | no       | The wiki access level. Can be `disabled`, `private`, or `enabled`. Premium and Ultimate only.|
+| `math_rendering_limits_enabled`                         | boolean | no       | Indicates if math rendering limits are used for this group.|
+| `lock_math_rendering_limits_enabled`                    | boolean | no       | Indicates if math rendering limits are locked for all descendent groups.|
 
 NOTE:
 The `projects` and `shared_projects` attributes in the response are deprecated and [scheduled for removal in API v5](https://gitlab.com/gitlab-org/gitlab/-/issues/213797).
@@ -1115,7 +1119,9 @@ Example response:
       "request_access_enabled": false
     }
   ],
-  "ip_restriction_ranges": null
+  "ip_restriction_ranges": null,
+  "math_rendering_limits_enabled": true,
+  "lock_math_rendering_limits_enabled": false
 }
 ```
 
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index 856dd7ee745..29bb6dfb8e2 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -2494,7 +2494,7 @@ JWTs created this way support OIDC authentication. The required `aud` sub-keywor
 job_with_id_tokens:
   id_tokens:
     ID_TOKEN_1:
-      aud: https://gitlab.com
+      aud: https://vault.example.com
     ID_TOKEN_2:
       aud:
         - https://gcp.com
@@ -2502,8 +2502,9 @@ job_with_id_tokens:
     SIGSTORE_ID_TOKEN:
       aud: sigstore
   script:
-    - command_to_authenticate_with_gitlab $ID_TOKEN_1
+    - command_to_authenticate_with_vault $ID_TOKEN_1
     - command_to_authenticate_with_aws $ID_TOKEN_2
+    - command_to_authenticate_with_gcp $ID_TOKEN_2
 ```
 
 **Related topics**:
diff --git a/doc/development/ai_features/duo_chat.md b/doc/development/ai_features/duo_chat.md
index def0c010ed5..05e2d54f931 100644
--- a/doc/development/ai_features/duo_chat.md
+++ b/doc/development/ai_features/duo_chat.md
@@ -216,7 +216,7 @@ GitLab Duo Chat is enabled in the [Staging](https://staging.gitlab.com) and
 [Staging Ref](https://staging-ref.gitlab.com/) GitLab environments.
 
 Because GitLab Duo Chat is currently only available to members of groups in the
-Premium tier, Staging Ref may be an easier place to test changes as a GitLab
+Premium and Ultimate tiers, Staging Ref may be an easier place to test changes as a GitLab
 team member because
 [you can make yourself an instance Admin in Staging Ref](https://handbook.gitlab.com/handbook/engineering/infrastructure/environments/staging-ref/#admin-access)
 and, as an Admin, easily create licensed groups for testing.
diff --git a/doc/development/documentation/testing.md b/doc/development/documentation/testing.md
index bf8f632d9bf..279793563e7 100644
--- a/doc/development/documentation/testing.md
+++ b/doc/development/documentation/testing.md
@@ -27,9 +27,15 @@ in the relevant projects:
 
 We also run some documentation tests in the:
 
+- GitLab CLI project: <https://gitlab.com/gitlab-org/cli/-/blob/main/.gitlab-ci.yml>
 - GitLab Development Kit project:
   <https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/.gitlab/ci/test.gitlab-ci.yml>.
 - Gitaly project: <https://gitlab.com/gitlab-org/gitaly/-/blob/master/.gitlab-ci.yml>.
+- GitLab Duo Plugin for JetBrains: <https://gitlab.com/gitlab-org/editor-extensions/gitlab-jetbrains-plugin/-/blob/main/.gitlab-ci.yml>
+- GitLab VS Code Extension project: <https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/blob/main/.gitlab-ci.yml>.
+- GitLab Plugin for Neovim project: <https://gitlab.com/gitlab-org/editor-extensions/gitlab.vim/-/blob/main/.gitlab-ci.yml>.
+- GitLab Language Server project: <https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp/-/blob/main/.gitlab-ci.yml>.
+- GitLab Extension for Visual Studio project: <https://gitlab.com/gitlab-org/editor-extensions/gitlab-visual-studio-extension/-/blob/main/.gitlab-ci.yml>.
 
 ## Run tests locally
 
diff --git a/doc/development/identity_verification.md b/doc/development/identity_verification.md
index 5f545edc46b..a46fa051d54 100644
--- a/doc/development/identity_verification.md
+++ b/doc/development/identity_verification.md
@@ -60,18 +60,10 @@ On rows where `json.event` is `Failed Attempt`, you can find valuable debugging
 
 #### View Telesign SMS status update logs
 
-To view logs of Telesign status updates for an SMS sent to a user:
-
-1. Get a `telesign_reference_id` value for an SMS sent to a specific user:
+To view Telesign status updates logs for SMS sent to a user, query the GitLab production logs with:
 
    ```plaintext
-   json.message: "IdentityVerification::Phone" AND json.username:<username>`
-   ```
-
-1. Search for status update logs associated with `telesign_reference_id` value:
-
-   ```plaintext
-   json.message: "IdentityVerification::Phone" AND json.event: "Telesign transaction status update" AND json.telesign_reference_id:replace_ref_id_value_here`
+   json.message: "IdentityVerification::Phone" AND json.event: "Telesign transaction status update" AND json.username:<username>`
    ```
 
 Status update logs include the following fields:
diff --git a/doc/development/redis.md b/doc/development/redis.md
index 368f6709367..f9afe5e0718 100644
--- a/doc/development/redis.md
+++ b/doc/development/redis.md
@@ -81,10 +81,10 @@ Developers are highly encouraged to use [hash-tags](https://redis.io/docs/refere
 where appropriate to facilitate future adoption of Redis Cluster in more Redis types. For example, the Namespace model uses hash-tags
 for its [config cache keys](https://gitlab.com/gitlab-org/gitlab/-/blob/1a12337058f260d38405886d82da5e8bb5d8da0b/app/models/namespace.rb#L786).
 
-To perform multi-key commands, developers may use the [`.pipelined`](https://github.com/redis-rb/redis-cluster-client#interfaces) method which splits and sends commands to each node and aggregates replies.
+To perform multi-key commands, developers may use the [`Gitlab::Redis::CrossSlot::Pipeline`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/redis/cross_slot.rb) wrapper.
 However, this does not work for [transactions](https://redis.io/docs/interact/transactions/) as Redis Cluster does not support cross-slot transactions.
 
-For `Rails.cache`, we handle the `MGET` command found in `read_multi_get` by [patching it](https://gitlab.com/gitlab-org/gitlab/-/blob/c2bad2aac25e2f2778897bd4759506a72b118b15/lib/gitlab/patch/redis_cache_store.rb#L10) to use the `.pipelined` method.
+For `Rails.cache`, we handle the `MGET` command found in `read_multi_get` by [patching it](https://gitlab.com/gitlab-org/gitlab/-/blob/c2bad2aac25e2f2778897bd4759506a72b118b15/lib/gitlab/patch/redis_cache_store.rb#L10) to use the `Gitlab::Redis::CrossSlot::Pipeline` wrapper.
 The minimum size of the pipeline is set to 1000 commands and it can be adjusted by using the `GITLAB_REDIS_CLUSTER_PIPELINE_BATCH_LIMIT` environment variable.
 
 ## Redis in structured logging
diff --git a/doc/development/redis/new_redis_instance.md b/doc/development/redis/new_redis_instance.md
index 054364fce5e..ff5394cef8f 100644
--- a/doc/development/redis/new_redis_instance.md
+++ b/doc/development/redis/new_redis_instance.md
@@ -147,8 +147,8 @@ module Gitlab
         # Don't use multistore if redis.foo configuration is not provided
         return super if config_fallback?
 
-        primary_store = init_redis(params)
-        secondary_store = init_redis(config_fallback.params)
+        primary_store = ::Redis.new(params)
+        secondary_store = ::Redis.new(config_fallback.params)
 
         MultiStore.new(primary_store, secondary_store, store_name)
       end
diff --git a/doc/integration/jira/configure.md b/doc/integration/jira/configure.md
index 5c056bc6652..6a0cc83e813 100644
--- a/doc/integration/jira/configure.md
+++ b/doc/integration/jira/configure.md
@@ -23,7 +23,7 @@ Prerequisites:
   - You must have a [Jira Cloud API token](#create-a-jira-cloud-api-token) and the email address you used to create the token.
   - If you've enabled
   [IP allowlists](https://support.atlassian.com/security-and-access-policies/docs/specify-ip-addresses-for-product-access/), add the
-  [GitLab.com IP range](../../user/gitlab_com/index.md#ip-range) to the allowlist to [view Jira issues](issues.md#view-jira-issues) in GitLab.
+  [GitLab.com IP range](../../user/gitlab_com/index.md#ip-range) to the allowlist to [view Jira issues](#view-jira-issues) in GitLab.
 - **For Jira Data Center or Jira Server**, you must have one of the following:
   - [Jira username and password](jira_server_configuration.md).
   - Jira personal access token (GitLab 16.0 and later).
@@ -67,7 +67,7 @@ To configure your project settings in GitLab:
    - For **Jira issue regex**, [enter a regex pattern](issues.md#define-a-regex-pattern).
    - For **Jira issue prefix**, [enter a prefix](issues.md#define-a-prefix).
 1. Optional. In the **Issues** section:
-   - To [view issues](issues.md#view-jira-issues) from a single Jira project in a GitLab project:
+   - To [view issues](#view-jira-issues) from a single Jira project in a GitLab project:
      1. Select the **Enable Jira issues** checkbox.
      1. Enter the Jira project key.
 
@@ -86,6 +86,36 @@ To configure your project settings in GitLab:
 
 Your GitLab project can now interact with all Jira projects on your instance.
 
+## View Jira issues
+
+DETAILS:
+**Tier:** Premium, Ultimate
+**Offering:** SaaS, self-managed
+
+> - Ability to enable Jira issues at the group level [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/325715) in GitLab 16.9.
+
+Prerequisites:
+
+- Ensure the Jira issue integration is [configured](#configure-the-integration)
+  and the **Enable Jira issues** checkbox is selected.
+
+To view issues from a single Jira project in a GitLab project:
+
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Plan > Jira issues**.
+
+By default, the issues are sorted by **Created date**.
+The most recently created issues appear at the top.
+You can [search and filter the issue list](issues.md#search-and-filter-the-issue-list)
+and select an issue to view that issue in GitLab.
+
+Issues are grouped into the following tabs based on their
+[Jira status](https://confluence.atlassian.com/adminjiraserver070/defining-status-field-values-749382903.html):
+
+- **Open**: issues with any Jira status other than **Done**.
+- **Closed**: issues with a **Done** Jira status.
+- **All**: issues with any Jira status.
+
 ## Create a Jira issue for a vulnerability
 
 DETAILS:
diff --git a/doc/integration/jira/index.md b/doc/integration/jira/index.md
index b763b6604e1..9991420621b 100644
--- a/doc/integration/jira/index.md
+++ b/doc/integration/jira/index.md
@@ -48,7 +48,7 @@ This table shows the features available with the Jira issue integration and the
 | Mention a Jira issue ID in a GitLab branch name, and the Jira issue shows the branch name. | **{dotted-circle}** No | **{check-circle}** Yes, in the Jira issue's development panel. |
 | Add time tracking to a Jira issue. | **{dotted-circle}** No | **{check-circle}** Yes, with Jira Smart Commits. |
 | Use a GitLab commit or merge request to transition a Jira issue. |**{check-circle}** Yes, only a single transition. Typically used to close the Jira issue. | **{check-circle}** Yes, transition the Jira issue to any state with Jira Smart Commits. |
-| [View a list of Jira issues](issues.md#view-jira-issues). | **{check-circle}** Yes | **{dotted-circle}** No |
+| [View a list of Jira issues](configure.md#view-jira-issues). | **{check-circle}** Yes | **{dotted-circle}** No |
 | [Create a Jira issue for a vulnerability](configure.md#create-a-jira-issue-for-a-vulnerability). | **{check-circle}** Yes | **{dotted-circle}** No |
 | Create a GitLab branch from a Jira issue. | **{dotted-circle}** No | **{check-circle}** Yes, in the Jira issue's development panel. |
 | Mention a Jira issue ID in a GitLab merge request, branch name, or any of the last 5,000 commits to the branch after the last successful deployment to the environment to sync a GitLab deployment to a Jira issue. | **{dotted-circle}** No | **{check-circle}** Yes, in the Jira issue's development panel. |
diff --git a/doc/integration/jira/issues.md b/doc/integration/jira/issues.md
index aaec3d75c3f..aa5a6a34ed5 100644
--- a/doc/integration/jira/issues.md
+++ b/doc/integration/jira/issues.md
@@ -146,34 +146,7 @@ Consider this example:
    - GitLab adds a formatted comment to Jira, linking back to the commit that
      resolved the issue. You can [disable comments](#disable-comments-on-jira-issues).
 
-## View Jira issues
-
-DETAILS:
-**Tier:** Premium, Ultimate
-**Offering:** SaaS, self-managed
-
-You can view and search issues from a selected Jira project directly in GitLab,
-provided your GitLab administrator [has configured the integration](configure.md#configure-the-integration).
-
-To view Jira issues:
-
-1. On the left sidebar, select **Search or go to** and find your project.
-1. Select **Plan > Jira issues**.
-
-The issues are sorted by **Created date** by default, with the most recently created issues listed at the top.
-
-- To display the most recently updated issues first, select **Updated date**.
-- You can [search and filter the issue list](#search-and-filter-the-issue-list).
-- You can [select an issue from the list to view the issue in GitLab](https://gitlab.com/gitlab-org/gitlab/-/issues/299832).
-
-Issues are grouped into tabs based on their
-[Jira status](https://confluence.atlassian.com/adminjiraserver070/defining-status-field-values-749382903.html):
-
-- **Open** tab: All issues with a Jira status in any category other than Done.
-- **Closed** tab: All issues with a Jira status categorized as Done.
-- **All** tab: All issues of any status.
-
-### Search and filter the issue list
+## Search and filter the issue list
 
 DETAILS:
 **Tier:** Premium, Ultimate
diff --git a/doc/integration/jira/troubleshooting.md b/doc/integration/jira/troubleshooting.md
index 0b8e778a3d9..d6b985eda86 100644
--- a/doc/integration/jira/troubleshooting.md
+++ b/doc/integration/jira/troubleshooting.md
@@ -217,7 +217,7 @@ end
 
 ## Jira issue list
 
-When [viewing Jira issues](issues.md#view-jira-issues) in GitLab, you might encounter the following issues.
+When [viewing Jira issues](configure.md#view-jira-issues) in GitLab, you might encounter the following issues.
 
 ### `500 We're sorry` when accessing a Jira issue in GitLab
 
diff --git a/doc/user/ai_features.md b/doc/user/ai_features.md
index 2046a76ca14..22459ff03ec 100644
--- a/doc/user/ai_features.md
+++ b/doc/user/ai_features.md
@@ -19,7 +19,7 @@ Some features are still in development. View details about [support for each sta
 | Goal | Feature | Tier/Offering/Status |
 |---|---|---|
 | Helps you write code more efficiently by showing code suggestions as you type. <br><br><i class="fa fa-youtube-play youtube" aria-hidden="true"></i> [Watch overview](https://www.youtube.com/watch?v=hCAyCTacdAQ) | [Code Suggestions](project/repository/code_suggestions/index.md) | **Free Open Access** subject to the [Testing Agreement](https://handbook.gitlab.com/handbook/legal/testing-agreement/) available through February 14, 2024:<br>- SaaS, All subscription tiers <br>- Self-managed, Premium and Ultimate tiers<br><br> **Generally Available** starting February 15, 2024: <br> - SaaS, self-managed <br>- Premium and Ultimate tiers as part of [GitLab Duo Pro](https://about.gitlab.com/press/releases/2024-01-17-gitlab-announces-pricing-of-gitLab-duo-pro.html/) |
-| Processes and generates text and code in a conversational manner. Helps you quickly identify useful information in large volumes of text in issues, epics, code, and GitLab documentation. | [Chat](gitlab_duo_chat.md) | **Beta Access** subject to the [Testing Agreement](https://handbook.gitlab.com/handbook/legal/testing-agreement/):<br>- SaaS, self-managed <br>- Ultimate tier<br><br>**Status:** Beta |
+| Processes and generates text and code in a conversational manner. Helps you quickly identify useful information in large volumes of text in issues, epics, code, and GitLab documentation. | [Chat](gitlab_duo_chat.md) | **Beta Access** subject to the [Testing Agreement](https://handbook.gitlab.com/handbook/legal/testing-agreement/):<br>- SaaS, self-managed <br>- Premium and Ultimate tiers<br><br>**Status:** Beta |
 | Helps you discover or recall Git commands when and where you need them. | [Git suggestions](../editor_extensions/gitlab_cli/index.md#gitlab-duo-commands) | **Tier:** Ultimate <br>**Offering:** SaaS <br>**Status:** Experiment |
 | Assists with quickly getting everyone up to speed on lengthy conversations to help ensure you are all on the same page. | [Discussion summary](#summarize-issue-discussions-with-discussion-summary) | **Tier:** Ultimate <br>**Offering:** SaaS <br>**Status:** Experiment |
 | Generates issue descriptions. | [Issue description generation](#summarize-an-issue-with-issue-description-generation) | **Tier:** Ultimate<br>**Offering:** SaaS <br>**Status:** Experiment |
diff --git a/doc/user/analytics/dora_metrics.md b/doc/user/analytics/dora_metrics.md
index 7ef29b7a844..4ae4230bb9f 100644
--- a/doc/user/analytics/dora_metrics.md
+++ b/doc/user/analytics/dora_metrics.md
@@ -182,7 +182,7 @@ To track DORA metrics in these cases, you can [create a deployment record](../..
 ### Measure DORA metrics with Jira
 
 - Deployment frequency and lead time for changes are calculated based on GitLab CI/CD and Merge Requests (MRs), and do not require Jira data.
-- Time to restore service and change failure rate require [GitLab incidents](../../operations/incident_management/manage_incidents.md) for the calculation. For more information, see [Measure DORA Time to restore service and Change failure rate with external incidents](#measure-dora-time-to-restore-service-and-change-failure-rate-with-external-incidents).
+- Time to restore service and change failure rate require [GitLab incidents](../../operations/incident_management/manage_incidents.md) for the calculation. For more information, see [Measure DORA Time to restore service and Change failure rate with external incidents](#measure-dora-time-to-restore-service-and-change-failure-rate-with-external-incidents) and the [Jira incident replicator guide](https://gitlab.com/smathur/jira-incident-replicator).
 
 ### Measure DORA Time to restore service and Change failure rate with external incidents
 
diff --git a/doc/user/gitlab_duo_chat.md b/doc/user/gitlab_duo_chat.md
index ebb0aebb640..dd9776ae5da 100644
--- a/doc/user/gitlab_duo_chat.md
+++ b/doc/user/gitlab_duo_chat.md
@@ -7,13 +7,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # GitLab Duo Chat
 
 DETAILS:
-**Tier:** Ultimate
+**Tier:** Premium, Ultimate
 **Offering:** SaaS, self-managed
 **Status:** Beta
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117695) as an [Experiment](../policy/experiment-beta-support.md#experiment) for SaaS in GitLab 16.0.
 > - Changed to [Beta](../policy/experiment-beta-support.md#beta) for SaaS in GitLab 16.6.
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/11251) as a [Beta](../policy/experiment-beta-support.md#beta) for self-managed in GitLab 16.8.
+> - Changed from Ultimate to [Premium](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142808) tier in GitLab 16.9.
 
 GitLab Duo Chat is your personal AI-powered assistant for boosting productivity.
 It can assist various tasks of your daily work with the AI-generated content.
diff --git a/doc/user/group/custom_project_templates.md b/doc/user/group/custom_project_templates.md
index 398f2b82175..65347ea211d 100644
--- a/doc/user/group/custom_project_templates.md
+++ b/doc/user/group/custom_project_templates.md
@@ -102,14 +102,10 @@ and tags. For example, if the template contains a protected branch:
 - In the project created from the template, the branch allows _you_ to merge into
   the default branch.
 
-<!-- ## Troubleshooting
+## Troubleshooting
 
-Include any troubleshooting steps that you can foresee. If you know beforehand what issues
-one might have when setting this up, or when something is changed, or on upgrading, it's
-important to describe those, too. Think of things that may go wrong and include them here.
-This is important to minimize requests for support, and to avoid doc comments with
-questions that you know someone might ask.
+### Administrator cannot see custom group-level project templates when creating a project
 
-Each scenario can be a third-level heading, for example `### Getting error message X`.
-If you have none to add when creating a doc, leave this section in place
-but commented out to help encourage others to add to it in the future. -->
+Custom group-level project templates are only available to group members.
+If the administrator account you are using is not a member of a group,
+you can't access the templates. 
diff --git a/doc/user/group/manage.md b/doc/user/group/manage.md
index 95dadac8dac..b91b5d7ce6a 100644
--- a/doc/user/group/manage.md
+++ b/doc/user/group/manage.md
@@ -450,7 +450,7 @@ for the ability to set merge request approval rules for groups is tracked in
 ## Enable Experiment and Beta features
 
 DETAILS:
-**Tier:** Ultimate, Premium
+**Tier:** Premium, Ultimate
 **Offering:** SaaS
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118222) in GitLab 16.0.
diff --git a/doc/user/organization/index.md b/doc/user/organization/index.md
index d16c2768fc1..4edbc63a838 100644
--- a/doc/user/organization/index.md
+++ b/doc/user/organization/index.md
@@ -71,7 +71,10 @@ To view the organizations you have access to:
 
 1. On the left sidebar, select **Organizations** (**{organization}**) and find the organization you want to manage.
 1. Select **Manage > Groups and projects**.
-1. To switch between groups and projects, use the **Display** filter next to the search box.
+1. Optional. Filter the results:
+   - To search for specific groups or projects, in the search box enter your search term.
+   - To view only groups or projects, from the **Display** dropdown list select an option.
+1. Optional. To sort the results by name, date created, or date updated, from the dropdown list select an option. Then select ascending (**{sort-lowest}**) or descending (**{sort-highest}**) order.
 
 ## Manage users
 
diff --git a/doc/user/packages/npm_registry/index.md b/doc/user/packages/npm_registry/index.md
index c1fd69e277b..055a76968dd 100644
--- a/doc/user/packages/npm_registry/index.md
+++ b/doc/user/packages/npm_registry/index.md
@@ -20,7 +20,7 @@ Watch a [video demo](https://youtu.be/yvLxtkvsFDA) of how to publish npm package
 
 ### Authentication to the package registry
 
-You need an token to publish a package. There are different tokens available depending on what you're trying to achieve. For more information, review the [guidance on tokens](../../../user/packages/package_registry/index.md#authenticate-with-the-registry).
+You need a token to publish a package. There are different tokens available depending on what you're trying to achieve. For more information, review the [guidance on tokens](../../../user/packages/package_registry/index.md#authenticate-with-the-registry).
 
 - If your organization uses two factor authentication (2FA), you must use a personal access token with the scope set to `api`.
 - If you are publishing a package via CI/CD pipelines, you must use a CI job token.
diff --git a/doc/user/project/merge_requests/creating_merge_requests.md b/doc/user/project/merge_requests/creating_merge_requests.md
index d645e262faa..2ec0ecf0621 100644
--- a/doc/user/project/merge_requests/creating_merge_requests.md
+++ b/doc/user/project/merge_requests/creating_merge_requests.md
@@ -182,9 +182,9 @@ For more information, [see the forking workflow documentation](../repository/for
 
 ### Set the default target project
 
-By default, merge requests originating from a fork target your fork, not the upstream project.
-If you frequently contribute back to the upstream project, and want to target it
-by default, change the default target for your fork.
+By default, merge requests originating from a fork target the upstream project, not the forked project.
+
+You can configure your forked project to be the default target rather than the upstream project.
 
 Prerequisites:
 
diff --git a/lib/api/entities/group.rb b/lib/api/entities/group.rb
index 14491c2396a..c20fb161c6a 100644
--- a/lib/api/entities/group.rb
+++ b/lib/api/entities/group.rb
@@ -14,6 +14,8 @@ module API
       expose :emails_enabled, documentation: { type: 'boolean' }
       expose :mentions_disabled
       expose :lfs_enabled?, as: :lfs_enabled
+      expose :math_rendering_limits_enabled, documentation: { type: 'boolean' }
+      expose :lock_math_rendering_limits_enabled, documentation: { type: 'boolean' }
       expose :default_branch_protection
       expose :default_branch_protection_defaults
       expose :avatar_url do |group, options|
diff --git a/lib/api/helpers/groups_helpers.rb b/lib/api/helpers/groups_helpers.rb
index 1861ef7c402..dece139d27c 100644
--- a/lib/api/helpers/groups_helpers.rb
+++ b/lib/api/helpers/groups_helpers.rb
@@ -43,6 +43,8 @@ module API
 
       params :optional_update_params do
         optional :prevent_sharing_groups_outside_hierarchy, type: Boolean, desc: 'Prevent sharing groups within this namespace with any groups outside the namespace. Only available on top-level groups.'
+        optional :lock_math_rendering_limits_enabled, type: Boolean, desc: 'Indicates if math rendering limits are locked for all descendent groups.'
+        optional :math_rendering_limits_enabled, type: Boolean, desc: 'Indicates if math rendering limits are used for this group.'
       end
 
       params :optional_update_params_ee do
diff --git a/lib/banzai/pipeline/broadcast_message_pipeline.rb b/lib/banzai/pipeline/broadcast_message_pipeline.rb
index 27118269bd0..94202ba5c43 100644
--- a/lib/banzai/pipeline/broadcast_message_pipeline.rb
+++ b/lib/banzai/pipeline/broadcast_message_pipeline.rb
@@ -5,6 +5,7 @@ module Banzai
     class BroadcastMessagePipeline < DescriptionPipeline
       def self.filters
         @filters ||= FilterArray[
+          Filter::BlockquoteFenceFilter,
           Filter::MarkdownFilter,
           Filter::BroadcastMessageSanitizationFilter,
           Filter::EmojiFilter,
diff --git a/lib/banzai/pipeline/plain_markdown_pipeline.rb b/lib/banzai/pipeline/plain_markdown_pipeline.rb
index 205bbc2140d..59596145a17 100644
--- a/lib/banzai/pipeline/plain_markdown_pipeline.rb
+++ b/lib/banzai/pipeline/plain_markdown_pipeline.rb
@@ -12,6 +12,7 @@ module Banzai
         FilterArray[
           Filter::MarkdownPreEscapeFilter,
           Filter::DollarMathPreFilter,
+          Filter::BlockquoteFenceFilter,
           Filter::MarkdownFilter,
           Filter::DollarMathPostFilter,
           Filter::MarkdownPostEscapeFilter
diff --git a/lib/banzai/pipeline/pre_process_pipeline.rb b/lib/banzai/pipeline/pre_process_pipeline.rb
index eb6f35b0e2a..663fab7cf01 100644
--- a/lib/banzai/pipeline/pre_process_pipeline.rb
+++ b/lib/banzai/pipeline/pre_process_pipeline.rb
@@ -8,7 +8,6 @@ module Banzai
           Filter::NormalizeSourceFilter,
           Filter::TruncateSourceFilter,
           Filter::FrontMatterFilter,
-          Filter::BlockquoteFenceFilter,
         ]
       end
 
diff --git a/lib/gitlab/auth/unique_ips_limiter.rb b/lib/gitlab/auth/unique_ips_limiter.rb
index 0c4a5147a38..341edbed9c2 100644
--- a/lib/gitlab/auth/unique_ips_limiter.rb
+++ b/lib/gitlab/auth/unique_ips_limiter.rb
@@ -31,7 +31,7 @@ module Gitlab
 
           Gitlab::Redis::SharedState.with do |redis|
             redis.multi do |r|
-              r.zadd(key, time, ip) if ip
+              r.zadd(key, time, ip)
               r.zremrangebyscore(key, 0, time - config.unique_ips_limit_time_window)
               r.zcard(key)
             end.last
diff --git a/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl.rb b/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl.rb
index 7886abdb6d4..2672498b627 100644
--- a/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl.rb
+++ b/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl.rb
@@ -14,7 +14,7 @@ module Gitlab
           ttl_jitter = 2.hours.to_i
 
           Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-            redis.pipelined do |pipeline|
+            Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
               keys.each { |key| pipeline.expire(key, ttl_duration + rand(-ttl_jitter..ttl_jitter)) }
             end
           end
@@ -25,7 +25,7 @@ module Gitlab
         end
 
         def redis
-          @redis ||= Gitlab::Redis::Cache.redis
+          @redis ||= ::Redis.new(Gitlab::Redis::Cache.params)
         end
       end
     end
diff --git a/lib/gitlab/cache/ci/project_pipeline_status.rb b/lib/gitlab/cache/ci/project_pipeline_status.rb
index 9320233501f..4beb8f54abf 100644
--- a/lib/gitlab/cache/ci/project_pipeline_status.rb
+++ b/lib/gitlab/cache/ci/project_pipeline_status.rb
@@ -99,7 +99,7 @@ module Gitlab
         def store_in_cache
           with_redis do |redis|
             redis.pipelined do |p|
-              p.mapped_hmset(cache_key, { sha: sha.to_s, status: status.to_s, ref: ref.to_s })
+              p.mapped_hmset(cache_key, { sha: sha, status: status, ref: ref })
               p.expire(cache_key, STATUS_KEY_TTL)
             end
           end
diff --git a/lib/gitlab/cache/import/caching.rb b/lib/gitlab/cache/import/caching.rb
index 0b24137076d..c538e5162c7 100644
--- a/lib/gitlab/cache/import/caching.rb
+++ b/lib/gitlab/cache/import/caching.rb
@@ -139,7 +139,7 @@ module Gitlab
           key = cache_key_for(raw_key)
 
           with_redis do |redis|
-            redis.sismember(key, value || value.to_s)
+            redis.sismember(key, value)
           end
         end
 
@@ -162,7 +162,7 @@ module Gitlab
         def self.write_multiple(mapping, key_prefix: nil, timeout: TIMEOUT)
           with_redis do |redis|
             Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-              redis.pipelined do |pipeline|
+              Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
                 mapping.each do |raw_key, value|
                   key = cache_key_for("#{key_prefix}#{raw_key}")
 
diff --git a/lib/gitlab/diff/highlight_cache.rb b/lib/gitlab/diff/highlight_cache.rb
index 0d5a66175f8..dc5f4e1b324 100644
--- a/lib/gitlab/diff/highlight_cache.rb
+++ b/lib/gitlab/diff/highlight_cache.rb
@@ -197,9 +197,7 @@ module Gitlab
         record_hit_ratio(results)
 
         results.map! do |result|
-          unless result.nil?
-            Gitlab::Json.parse(gzip_decompress(result.force_encoding(Encoding::UTF_8)), symbolize_names: true)
-          end
+          Gitlab::Json.parse(gzip_decompress(result), symbolize_names: true) unless result.nil?
         end
 
         file_paths.zip(results).to_h
diff --git a/lib/gitlab/discussions_diff/highlight_cache.rb b/lib/gitlab/discussions_diff/highlight_cache.rb
index dbdc8c3c95c..18ff7c28e17 100644
--- a/lib/gitlab/discussions_diff/highlight_cache.rb
+++ b/lib/gitlab/discussions_diff/highlight_cache.rb
@@ -16,7 +16,7 @@ module Gitlab
         def write_multiple(mapping)
           with_redis do |redis|
             Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-              redis.pipelined do |pipelined|
+              Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipelined|
                 mapping.each do |raw_key, value|
                   key = cache_key_for(raw_key)
 
@@ -42,7 +42,7 @@ module Gitlab
             with_redis do |redis|
               Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
                 if Gitlab::Redis::ClusterUtil.cluster?(redis)
-                  redis.pipelined do |pipeline|
+                  Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
                     keys.each { |key| pipeline.get(key) }
                   end
                 else
@@ -54,7 +54,7 @@ module Gitlab
           content.map! do |lines|
             next unless lines
 
-            Gitlab::Json.parse(gzip_decompress(lines.force_encoding(Encoding::UTF_8))).map! do |line|
+            Gitlab::Json.parse(gzip_decompress(lines)).map! do |line|
               Gitlab::Diff::Line.safe_init_from_hash(line)
             end
           end
diff --git a/lib/gitlab/etag_caching/store.rb b/lib/gitlab/etag_caching/store.rb
index 57c160c9607..5fdf5ac9436 100644
--- a/lib/gitlab/etag_caching/store.rb
+++ b/lib/gitlab/etag_caching/store.rb
@@ -17,7 +17,7 @@ module Gitlab
 
         Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
           with_redis do |redis|
-            redis.pipelined do |pipeline|
+            Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
               keys.each_with_index do |key, i|
                 pipeline.set(redis_shared_state_key(key), etags[i], ex: EXPIRY_TIME, nx: only_if_missing)
               end
diff --git a/lib/gitlab/exclusive_lease.rb b/lib/gitlab/exclusive_lease.rb
index bae1bf06143..0b18a337707 100644
--- a/lib/gitlab/exclusive_lease.rb
+++ b/lib/gitlab/exclusive_lease.rb
@@ -60,7 +60,6 @@ module Gitlab
 
     def self.cancel(key, uuid)
       return unless key.present?
-      return unless uuid.present?
 
       Gitlab::Redis::SharedState.with do |redis|
         redis.eval(LUA_CANCEL_SCRIPT, keys: [ensure_prefixed_key(key)], argv: [uuid])
@@ -111,7 +110,7 @@ module Gitlab
     # false if the lease is taken by a different UUID or inexistent.
     def renew
       Gitlab::Redis::SharedState.with do |redis|
-        result = redis.eval(LUA_RENEW_SCRIPT, keys: [@redis_shared_state_key], argv: [@uuid, @timeout.to_i])
+        result = redis.eval(LUA_RENEW_SCRIPT, keys: [@redis_shared_state_key], argv: [@uuid, @timeout])
         result == @uuid
       end
     end
diff --git a/lib/gitlab/instrumentation/redis_cluster_validator.rb b/lib/gitlab/instrumentation/redis_cluster_validator.rb
index 5c3655f8f80..948132e6edd 100644
--- a/lib/gitlab/instrumentation/redis_cluster_validator.rb
+++ b/lib/gitlab/instrumentation/redis_cluster_validator.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'rails'
-require 'redis-clustering'
+require 'redis'
 
 module Gitlab
   module Instrumentation
@@ -230,7 +230,7 @@ module Gitlab
         end
 
         def key_slot(key)
-          ::RedisClient::Cluster::KeySlotConverter.convert(extract_hash_tag(key))
+          ::Redis::Cluster::KeySlotConverter.convert(extract_hash_tag(key))
         end
 
         # This is almost identical to Redis::Cluster::Command#extract_hash_tag,
diff --git a/lib/gitlab/instrumentation/redis_interceptor.rb b/lib/gitlab/instrumentation/redis_interceptor.rb
new file mode 100644
index 00000000000..9c89af6a0dc
--- /dev/null
+++ b/lib/gitlab/instrumentation/redis_interceptor.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Instrumentation
+    module RedisInterceptor
+      include RedisHelper
+
+      def call(command)
+        instrument_call([command], instrumentation_class) do
+          super
+        end
+      end
+
+      def call_pipeline(pipeline)
+        instrument_call(pipeline.commands, instrumentation_class, true) do
+          super
+        end
+      end
+
+      def write(command)
+        measure_write_size(command, instrumentation_class) if ::RequestStore.active?
+        super
+      end
+
+      def read
+        result = super
+        measure_read_size(result, instrumentation_class) if ::RequestStore.active?
+        result
+      end
+
+      def ensure_connected
+        super do
+          instrument_reconnection_errors do
+            yield
+          end
+        end
+      end
+
+      def instrument_reconnection_errors
+        yield
+      rescue ::Redis::BaseConnectionError => ex
+        instrumentation_class.instance_count_connection_exception(ex)
+
+        raise ex
+      end
+
+      # That's required so it knows which GitLab Redis instance
+      # it's interacting with in order to categorize accordingly.
+      #
+      def instrumentation_class
+        @options[:instrumentation_class] # rubocop:disable Gitlab/ModuleWithInstanceVariables
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/issues/rebalancing/state.rb b/lib/gitlab/issues/rebalancing/state.rb
index 12cc5f6e5dd..c60dac6f571 100644
--- a/lib/gitlab/issues/rebalancing/state.rb
+++ b/lib/gitlab/issues/rebalancing/state.rb
@@ -100,7 +100,7 @@ module Gitlab
         def refresh_keys_expiration
           with_redis do |redis|
             Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-              redis.pipelined do |pipeline|
+              Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
                 pipeline.expire(issue_ids_key, REDIS_EXPIRY_TIME)
                 pipeline.expire(current_index_key, REDIS_EXPIRY_TIME)
                 pipeline.expire(current_project_key, REDIS_EXPIRY_TIME)
diff --git a/lib/gitlab/markdown_cache/redis/store.rb b/lib/gitlab/markdown_cache/redis/store.rb
index 85aeaba92c4..af9098c3300 100644
--- a/lib/gitlab/markdown_cache/redis/store.rb
+++ b/lib/gitlab/markdown_cache/redis/store.rb
@@ -11,7 +11,7 @@ module Gitlab
 
           data = Gitlab::Redis::Cache.with do |r|
             Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-              r.pipelined do |pipeline|
+              Gitlab::Redis::CrossSlot::Pipeline.new(r).pipelined do |pipeline|
                 subjects.each do |subject|
                   new(subject).read(pipeline)
                 end
diff --git a/lib/gitlab/patch/command_loader.rb b/lib/gitlab/patch/command_loader.rb
new file mode 100644
index 00000000000..357b6270b0d
--- /dev/null
+++ b/lib/gitlab/patch/command_loader.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Patch
+    module CommandLoader
+      extend ActiveSupport::Concern
+
+      class_methods do
+        # Shuffle the node list to spread out initial connection creation amongst all nodes
+        #
+        # The input is a Redis::Cluster::Node instance which is an Enumerable.
+        #  `super` receives an Array of Redis::Client instead of a Redis::Cluster::Node
+        def load(nodes)
+          super(nodes.to_a.shuffle)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/patch/node_loader.rb b/lib/gitlab/patch/node_loader.rb
new file mode 100644
index 00000000000..85237abc137
--- /dev/null
+++ b/lib/gitlab/patch/node_loader.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# Patch to address https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/2212#note_1287996694
+# It uses hostname instead of IP address if the former is present in `CLUSTER NODES` output.
+if Gem::Version.new(Redis::VERSION) > Gem::Version.new('4.8.1')
+  raise 'New version of redis detected, please remove or update this patch'
+end
+
+module Gitlab
+  module Patch
+    module NodeLoader
+      extend ActiveSupport::Concern
+
+      class_methods do
+        # Shuffle the node list to spread out initial connection creation amongst all nodes
+        #
+        # The input is a Redis::Cluster::Node instance which is an Enumerable.
+        #  `super` receives an Array of Redis::Client instead of a Redis::Cluster::Node
+        def load_flags(nodes)
+          super(nodes.to_a.shuffle)
+        end
+      end
+
+      def self.prepended(base)
+        base.class_eval do
+          # monkey-patches https://github.com/redis/redis-rb/blob/v4.8.0/lib/redis/cluster/node_loader.rb#L23
+          def self.fetch_node_info(node)
+            node.call(%i[cluster nodes]).split("\n").map(&:split).to_h do |arr|
+              [
+                extract_host_identifier(arr[1]),
+                (arr[2].split(',') & %w[master slave]).first # rubocop:disable Naming/InclusiveLanguage
+              ]
+            end
+          end
+
+          # Since `CLUSTER SLOT` uses the preferred endpoint determined by
+          # the `cluster-preferred-endpoint-type` config value, we will prefer hostname over IP address.
+          # See https://redis.io/commands/cluster-nodes/ for details on the output format.
+          #
+          # @param [String] Address info matching fhe format: <ip:port@cport[,hostname[,auxiliary_field=value]*]>
+          def self.extract_host_identifier(node_address)
+            ip_chunk, hostname, _auxiliaries = node_address.split(',')
+            return ip_chunk.split('@').first if hostname.blank?
+
+            port = ip_chunk.split('@').first.split(':')[1]
+            "#{hostname}:#{port}"
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/patch/redis_cache_store.rb b/lib/gitlab/patch/redis_cache_store.rb
index 35c617ba72b..96729056ce5 100644
--- a/lib/gitlab/patch/redis_cache_store.rb
+++ b/lib/gitlab/patch/redis_cache_store.rb
@@ -20,7 +20,7 @@ module Gitlab
         delete_count = 0
         redis.with do |conn|
           entries.each_slice(pipeline_batch_size) do |subset|
-            delete_count += conn.pipelined do |pipeline|
+            delete_count += Gitlab::Redis::CrossSlot::Pipeline.new(conn).pipelined do |pipeline|
               subset.each { |entry| pipeline.del(entry) }
             end.sum
           end
@@ -58,7 +58,7 @@ module Gitlab
 
       def pipeline_mget(conn, keys)
         keys.each_slice(pipeline_batch_size).flat_map do |subset|
-          conn.pipelined do |p|
+          Gitlab::Redis::CrossSlot::Pipeline.new(conn).pipelined do |p|
             subset.each { |key| p.get(key) }
           end
         end
diff --git a/lib/gitlab/patch/redis_cluster.rb b/lib/gitlab/patch/redis_cluster.rb
new file mode 100644
index 00000000000..145ce35a317
--- /dev/null
+++ b/lib/gitlab/patch/redis_cluster.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# Patch to expose `find_node_key` method for cross-slot pipelining
+# In redis v5.0.x, cross-slot pipelining is implemented via redis-cluster-client.
+# This patch should be removed since there is no need for it.
+# Gitlab::Redis::CrossSlot and its usage should be removed as well.
+if Gem::Version.new(Redis::VERSION) != Gem::Version.new('4.8.0')
+  raise 'New version of redis detected, please remove or update this patch'
+end
+
+module Gitlab
+  module Patch
+    module RedisCluster
+      # _find_node_key exposes a private function of the same name in Redis::Cluster.
+      # See https://github.com/redis/redis-rb/blob/v4.8.0/lib/redis/cluster.rb#L282
+      def _find_node_key(command)
+        find_node_key(command)
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/patch/redis_store_factory.rb b/lib/gitlab/patch/redis_store_factory.rb
deleted file mode 100644
index 81636ed665d..00000000000
--- a/lib/gitlab/patch/redis_store_factory.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-module Gitlab
-  module Patch
-    module RedisStoreFactory
-      def create
-        # rubocop:disable Gitlab/ModuleWithInstanceVariables -- patched code references @options in redis-store
-        opt = @options
-        # rubocop:enable Gitlab/ModuleWithInstanceVariables
-        return Gitlab::Redis::ClusterStore.new(opt) if opt[:nodes]
-
-        super
-      end
-    end
-  end
-end
diff --git a/lib/gitlab/patch/slot_loader.rb b/lib/gitlab/patch/slot_loader.rb
new file mode 100644
index 00000000000..e302d844078
--- /dev/null
+++ b/lib/gitlab/patch/slot_loader.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Patch
+    module SlotLoader
+      extend ActiveSupport::Concern
+
+      class_methods do
+        # Shuffle the node list to spread out initial connection creation amongst all nodes
+        #
+        # The input is a Redis::Cluster::Node instance which is an Enumerable.
+        #  `super` receives an Array of Redis::Client instead of a Redis::Cluster::Node
+        def load(nodes)
+          super(nodes.to_a.shuffle)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/redis/cluster_store.rb b/lib/gitlab/redis/cluster_store.rb
deleted file mode 100644
index d660c782d4d..00000000000
--- a/lib/gitlab/redis/cluster_store.rb
+++ /dev/null
@@ -1,81 +0,0 @@
-# frozen_string_literal: true
-
-require 'redis-clustering'
-require 'redis/store/ttl'
-require 'redis/store/interface'
-require 'redis/store/namespace'
-require 'redis/store/serialization'
-
-module Gitlab
-  module Redis
-    class ClusterStore < ::Redis::Cluster
-      include ::Redis::Store::Interface
-
-      def initialize(options = {})
-        orig_options = options.dup
-
-        @serializer = orig_options.key?(:serializer) ? orig_options.delete(:serializer) : Marshal
-
-        unless orig_options[:marshalling].nil?
-          # `marshalling` only used here, might not be supported in `super`
-          @serializer = orig_options.delete(:marshalling) ? Marshal : nil
-        end
-
-        _remove_unsupported_options(options)
-        super(options)
-
-        _extend_marshalling
-        _extend_namespace orig_options
-      end
-
-      # copies ::Redis::Store::Ttl implementation in a redis-v5 compatible manner
-      def set(key, value, options = nil)
-        ttl = get_ttl(options)
-        if ttl
-          setex(key, ttl.to_i, value, raw: true)
-        else
-          super(key, value)
-        end
-      end
-
-      # copies ::Redis::Store::Ttl implementation in a redis-v5 compatible manner
-      def setnx(key, value, options = nil)
-        ttl = get_ttl(options)
-        if ttl
-          multi do |m|
-            m.setnx(key, value)
-            m.expire(key, ttl)
-          end
-        else
-          super(key, value)
-        end
-      end
-
-      private
-
-      def get_ttl(options)
-        # https://github.com/redis-store/redis-store/blob/v1.10.0/lib/redis/store/ttl.rb#L37
-        options[:expire_after] || options[:expires_in] || options[:expire_in] if options
-      end
-
-      def _remove_unsupported_options(options)
-        # Unsupported keywords should be removed to avoid errors
-        # https://github.com/redis-rb/redis-client/blob/v0.13.0/lib/redis_client/config.rb#L21
-        options.delete(:raw)
-        options.delete(:serializer)
-        options.delete(:marshalling)
-        options.delete(:namespace)
-        options.delete(:scheme)
-      end
-
-      def _extend_marshalling
-        extend ::Redis::Store::Serialization unless @serializer.nil?
-      end
-
-      def _extend_namespace(options)
-        @namespace = options[:namespace]
-        extend ::Redis::Store::Namespace
-      end
-    end
-  end
-end
diff --git a/lib/gitlab/redis/cluster_util.rb b/lib/gitlab/redis/cluster_util.rb
index 99f337749d0..9e307940de3 100644
--- a/lib/gitlab/redis/cluster_util.rb
+++ b/lib/gitlab/redis/cluster_util.rb
@@ -13,14 +13,14 @@ module Gitlab
           if obj.is_a?(MultiStore)
             cluster?(obj.primary_store) || cluster?(obj.secondary_store)
           else
-            obj.is_a?(::Redis::Cluster)
+            obj.respond_to?(:_client) && obj._client.is_a?(::Redis::Cluster)
           end
         end
 
         def batch_unlink(keys, redis)
           expired_count = 0
           keys.each_slice(1000) do |subset|
-            expired_count += redis.pipelined do |pipeline|
+            expired_count += Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
               subset.each { |key| pipeline.unlink(key) }
             end.sum
           end
@@ -30,7 +30,7 @@ module Gitlab
         # Redis cluster alternative to mget
         def batch_get(keys, redis)
           keys.each_slice(1000).flat_map do |subset|
-            redis.pipelined do |pipeline|
+            Gitlab::Redis::CrossSlot::Pipeline.new(redis).pipelined do |pipeline|
               subset.map { |key| pipeline.get(key) }
             end
           end
diff --git a/lib/gitlab/redis/command_builder.rb b/lib/gitlab/redis/command_builder.rb
deleted file mode 100644
index 99d26760b3d..00000000000
--- a/lib/gitlab/redis/command_builder.rb
+++ /dev/null
@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-
-module Gitlab
-  module Redis
-    module CommandBuilder
-      extend self
-
-      # Ref: https://github.com/redis-rb/redis-client/blob/v0.19.1/lib/redis_client/command_builder.rb
-      # we modify the command builder to convert nil to strings as this behaviour was present in
-      # https://github.com/redis/redis-rb/blob/v4.8.0/lib/redis/connection/command_helper.rb#L20
-      #
-      # Note that we only adopt the Ruby3.x-compatible logic in .generate.
-      # Symbol.method_defined?(:name) is true in Ruby 3
-      def generate(args, kwargs = nil)
-        command = args.flat_map do |element|
-          case element
-          when Hash
-            element.flatten
-          else
-            element
-          end
-        end
-
-        kwargs&.each do |key, value|
-          if value
-            if value == true
-              command << key.name
-            else
-              command << key.name << value
-            end
-          end
-        end
-
-        command.map! do |element|
-          case element
-          when String
-            element
-          when Symbol
-            element.name
-          when Integer, Float, NilClass
-            element.to_s
-          else
-            raise TypeError, "Unsupported command argument type: #{element.class}"
-          end
-        end
-
-        raise ArgumentError, "can't issue an empty redis command" if command.empty?
-
-        command
-      end
-    end
-  end
-end
diff --git a/lib/gitlab/redis/cross_slot.rb b/lib/gitlab/redis/cross_slot.rb
new file mode 100644
index 00000000000..e5aa6d9ce72
--- /dev/null
+++ b/lib/gitlab/redis/cross_slot.rb
@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Redis
+    module CrossSlot
+      class Router
+        attr_reader :node_mapping, :futures, :node_sequence, :cmd_queue
+
+        delegate :respond_to_missing?, to: :@redis
+
+        # This map contains redis-rb methods which does not map directly
+        # to a standard Redis command. It is used transform unsupported commands to standard commands
+        # to find the node key for unsupported commands.
+        #
+        # Redis::Cluster::Command only contains details of commands which the Redis Server
+        # returns. Hence, commands like mapped_hmget and hscan_each internally will call the
+        # base command, hmget and hscan respectively.
+        #
+        # See https://github.com/redis/redis-rb/blob/v4.8.0/lib/redis/cluster/command.rb
+        UNSUPPORTED_CMD_MAPPING = {
+          # Internally, redis-rb calls the supported Redis command and transforms the output.
+          # See https://github.com/redis/redis-rb/blob/v4.8.0/lib/redis/commands/hashes.rb#L104
+          mapped_hmget: :hmget
+        }.freeze
+
+        # Initializes the CrossSlot::Router
+        # @param {::Redis}
+        def initialize(redis)
+          @redis = redis
+          @node_mapping = {}
+          @futures = {}
+          @node_sequence = []
+          @cmd_queue = []
+        end
+
+        # For now we intercept every redis.call and return a Gitlab-Future object.
+        # This method groups every commands to a node for fan-out. Commands are grouped using the first key.
+        #
+        # rubocop:disable Style/MissingRespondToMissing
+        def method_missing(cmd, *args, **kwargs, &blk)
+          # Note that we can re-map the command without affecting execution as it is
+          # solely for finding the node key. The original cmd will be executed.
+          node = @redis._client._find_node_key([UNSUPPORTED_CMD_MAPPING.fetch(cmd, cmd)] + args)
+
+          @node_mapping[node] ||= []
+          @futures[node] ||= []
+
+          @node_sequence << node
+          @node_mapping[node] << [cmd, args, kwargs || {}, blk]
+          f = Future.new
+          @futures[node] << f
+          @cmd_queue << [f, cmd, args, kwargs || {}, blk]
+          f
+        end
+        # rubocop:enable Style/MissingRespondToMissing
+      end
+
+      # Wraps over redis-rb's Future in
+      # https://github.com/redis/redis-rb/blob/v4.8.0/lib/redis/pipeline.rb#L244
+      class Future
+        def set(future, is_val = false)
+          @redis_future = future
+          @is_val = is_val
+        end
+
+        def value
+          return @redis_val if @is_val
+
+          @redis_future.value
+        end
+      end
+
+      # Pipeline allows cross-slot pipelined to be called. The fan-out logic is implemented in
+      # https://github.com/redis-rb/redis-cluster-client/blob/master/lib/redis_client/cluster/pipeline.rb
+      # which is available in redis-rb v5.0.
+      #
+      # This file can be deprecated after redis-rb v4.8.0 is upgraded to v5.0
+      class Pipeline
+        # Initializes the CrossSlot::Pipeline
+        # @param {::Redis}
+        def initialize(redis)
+          @redis = redis
+        end
+
+        # pipelined is used in place of ::Redis `.pipelined` when running in a cluster context
+        # where cross-slot operations may happen.
+        def pipelined(&block)
+          # Directly call .pipelined and defer the pipeline execution to MultiStore.
+          # MultiStore could wrap over 0, 1, or 2 Redis Cluster clients, handling it here
+          # will not work for 2 clients since the key-slot topology can differ.
+          if use_cross_slot_pipelining?
+            router = Router.new(@redis)
+            yield router
+            execute_commands(router)
+          else
+            # use redis-rb's pipelined method
+            @redis.pipelined(&block)
+          end
+        end
+
+        private
+
+        def use_cross_slot_pipelining?
+          !@redis.instance_of?(::Gitlab::Redis::MultiStore) && @redis._client.instance_of?(::Redis::Cluster)
+        end
+
+        def execute_commands(router)
+          router.node_mapping.each do |node_key, commands|
+            # TODO possibly use Threads to speed up but for now `n` is 3-5 which is small.
+            @redis.pipelined do |p|
+              commands.each_with_index do |command, idx|
+                future = router.futures[node_key][idx]
+                cmd, args, kwargs, blk = command
+                future.set(p.public_send(cmd, *args, **kwargs, &blk)) # rubocop:disable GitlabSecurity/PublicSend
+              end
+            end
+          end
+
+          router.node_sequence.map do |node_key|
+            router.futures[node_key].shift.value
+          end
+        rescue ::Redis::CommandError => err
+          if err.message.start_with?('MOVED', 'ASK')
+            Gitlab::ErrorTracking.log_exception(err)
+            return execute_commands_sequentially(router)
+          end
+
+          raise
+        end
+
+        def execute_commands_sequentially(router)
+          router.cmd_queue.map do |command|
+            future, cmd, args, kwargs, blk = command
+            future.set(@redis.public_send(cmd, *args, **kwargs, &blk), true) # rubocop:disable GitlabSecurity/PublicSend
+            future.value
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/redis/multi_store.rb b/lib/gitlab/redis/multi_store.rb
index 476077cb96f..e6262f7f61b 100644
--- a/lib/gitlab/redis/multi_store.rb
+++ b/lib/gitlab/redis/multi_store.rb
@@ -432,6 +432,16 @@ module Gitlab
 
       # rubocop:disable GitlabSecurity/PublicSend
       def send_command(redis_instance, command_name, *args, **kwargs, &block)
+        # Run wrapped pipeline for each instance individually so that the fan-out is distinct.
+        # If both primary and secondary are Redis Clusters, the slot-node distribution could
+        # be different.
+        #
+        # We ignore args and kwargs since `pipelined` does not accept arguments
+        # See https://github.com/redis/redis-rb/blob/v4.8.0/lib/redis.rb#L164
+        if command_name.to_s == 'pipelined' && redis_instance._client.instance_of?(::Redis::Cluster)
+          return Gitlab::Redis::CrossSlot::Pipeline.new(redis_instance).pipelined(&block)
+        end
+
         if block
           # Make sure that block is wrapped and executed only on the redis instance that is executing the block
           redis_instance.send(command_name, *args, **kwargs) do |*params|
@@ -452,7 +462,7 @@ module Gitlab
       end
 
       def redis_store?(pool)
-        pool.with { |c| c.instance_of?(Gitlab::Redis::MultiStore) || c.is_a?(::Redis) || c.is_a?(::Redis::Cluster) }
+        pool.with { |c| c.instance_of?(Gitlab::Redis::MultiStore) || c.is_a?(::Redis) }
       end
 
       def validate_stores!
diff --git a/lib/gitlab/redis/wrapper.rb b/lib/gitlab/redis/wrapper.rb
index f7a7e703d90..a106ed3884e 100644
--- a/lib/gitlab/redis/wrapper.rb
+++ b/lib/gitlab/redis/wrapper.rb
@@ -20,7 +20,7 @@ module Gitlab
       CommandExecutionError = Class.new(StandardError)
 
       class << self
-        delegate :params, :url, :store, :encrypted_secrets, to: :new
+        delegate :params, :url, :store, :encrypted_secrets, :redis_client_params, to: :new
 
         def with
           pool.with { |redis| yield redis }
@@ -90,17 +90,7 @@ module Gitlab
         end
 
         def redis
-          init_redis(params)
-        end
-
-        private
-
-        def init_redis(config)
-          if config[:nodes].present?
-            ::Redis::Cluster.new(config.merge({ concurrency: { model: :none } }))
-          else
-            ::Redis.new(config)
-          end
+          ::Redis.new(params)
         end
       end
 
@@ -109,8 +99,13 @@ module Gitlab
       end
 
       def params
+        redis_store_options
+      end
+
+      # redis_client_params modifies redis_store_options to be compatible with redis-client
+      # TODO: when redis-rb is updated to v5, there is no need to support 2 types of config format
+      def redis_client_params
         options = redis_store_options
-        options[:command_builder] = CommandBuilder
 
         # avoid passing classes into options as Sidekiq scrubs the options with Marshal.dump + Marshal.load
         # ref https://github.com/sidekiq/sidekiq/blob/v7.1.6/lib/sidekiq/redis_connection.rb#L37
@@ -119,14 +114,14 @@ module Gitlab
         # we use strings to look up Gitlab::Instrumentation::Redis.storage_hash as a bypass
         options[:custom] = { instrumentation_class: self.class.store_name }
 
+        # TODO: add support for cluster when upgrading to redis-rb v5.y.z we do not need cluster support
+        # as Sidekiq workload should not and does not run in a Redis Cluster
+        # support to be added in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134862
         if options[:sentinels]
           # name is required in RedisClient::SentinelConfig
           # https://github.com/redis-rb/redis-client/blob/1ab081c1d0e47df5d55e011c9390c70b2eef6731/lib/redis_client/sentinel_config.rb#L17
           options[:name] = options[:host]
           options.except(:scheme, :instrumentation_class, :host, :port)
-        elsif options[:cluster]
-          options[:nodes] = options[:cluster].map { |c| c.except(:scheme) }
-          options.except(:scheme, :instrumentation_class, :cluster)
         else
           # remove disallowed keys as seen in
           # https://github.com/redis-rb/redis-client/blob/1ab081c1d0e47df5d55e011c9390c70b2eef6731/lib/redis_client/config.rb#L21
@@ -139,7 +134,7 @@ module Gitlab
       end
 
       def db
-        redis_store_options[:db] || 0
+        redis_store_options[:db]
       end
 
       def sentinels
@@ -161,7 +156,7 @@ module Gitlab
       end
 
       def store(extras = {})
-        ::Redis::Store::Factory.create(params.merge(extras))
+        ::Redis::Store::Factory.create(redis_store_options.merge(extras))
       end
 
       def encrypted_secrets
@@ -187,11 +182,7 @@ module Gitlab
         final_config = parse_extra_config(decrypted_config)
 
         result = if final_config[:cluster].present?
-                   final_config[:cluster] = final_config[:cluster].map do |node|
-                     next node unless node.is_a?(String)
-
-                     ::Redis::Store::Factory.extract_host_options_from_uri(node)
-                   end
+                   final_config[:db] = 0 # Redis Cluster only supports db 0
                    final_config
                  else
                    parse_redis_url(final_config)
diff --git a/lib/gitlab/repository_hash_cache.rb b/lib/gitlab/repository_hash_cache.rb
index 6da5556833f..fab0e9e09e8 100644
--- a/lib/gitlab/repository_hash_cache.rb
+++ b/lib/gitlab/repository_hash_cache.rb
@@ -86,8 +86,6 @@ module Gitlab
 
       full_key = cache_key(key)
 
-      hash = standardize_hash(hash)
-
       with do |redis|
         results = redis.pipelined do |pipeline|
           # Set each hash key to the provided value
diff --git a/lib/gitlab/set_cache.rb b/lib/gitlab/set_cache.rb
index 967a139e7fb..eb73a0a3d31 100644
--- a/lib/gitlab/set_cache.rb
+++ b/lib/gitlab/set_cache.rb
@@ -62,7 +62,7 @@ module Gitlab
 
       with do |redis|
         redis.multi do |multi|
-          multi.sismember(full_key, value.to_s)
+          multi.sismember(full_key, value)
           multi.exists?(full_key) # rubocop:disable CodeReuse/ActiveRecord
         end
       end
diff --git a/lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb b/lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb
index c40f125db40..883e1ba0558 100644
--- a/lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb
+++ b/lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb
@@ -75,7 +75,7 @@ module Gitlab
           argv = []
           job_wal_locations.each do |connection_name, location|
             diff = pg_wal_lsn_diff(connection_name)
-            argv += [connection_name, diff ? diff.to_f : '', location]
+            argv += [connection_name, diff || '', location]
           end
 
           with_redis { |r| r.eval(UPDATE_WAL_COOKIE_SCRIPT, keys: [cookie_key], argv: argv) }
diff --git a/lib/system_check/helpers.rb b/lib/system_check/helpers.rb
index 3ead1cae8df..82cbacc339e 100644
--- a/lib/system_check/helpers.rb
+++ b/lib/system_check/helpers.rb
@@ -20,6 +20,16 @@ module SystemCheck
       end
     end
 
+    # Construct a help page based on the instance's external_url
+    #
+    # @param <String> path of the documentation page
+    # @param <String> anchor to the specific docs heading
+    #
+    # @return <String> URL of the help page
+    def construct_help_page_url(path, anchor = nil)
+      Rails.application.routes.url_helpers.help_page_url(path, anchor)
+    end
+
     def see_installation_guide_section(section)
       "doc/install/installation.md in section \"#{section}\""
     end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 1648c6d4ecc..9a17bfbc199 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -2857,9 +2857,6 @@ msgstr ""
 msgid "Add a confidential internal note to this %{noteableDisplayName}."
 msgstr ""
 
-msgid "Add a custom message with details about the instance's shared runners. The message is visible when you view runners for projects and groups. Markdown is supported."
-msgstr ""
-
 msgid "Add a general comment to this %{noteableDisplayName}."
 msgstr ""
 
@@ -3475,10 +3472,13 @@ msgstr ""
 msgid "AdminSettings|A Let's Encrypt account will be configured for this GitLab instance using this email address. You will receive emails to warn of expiring certificates. %{link_start}Learn more.%{link_end}"
 msgstr ""
 
+msgid "AdminSettings|Add a custom message with details about instance runners. The message is visible when you view runners for projects and groups. Markdown is supported."
+msgstr ""
+
 msgid "AdminSettings|Affects all new and existing groups."
 msgstr ""
 
-msgid "AdminSettings|All new projects can use the instance's shared runners by default."
+msgid "AdminSettings|All new projects can use instance runners by default."
 msgstr ""
 
 msgid "AdminSettings|Allow migrating GitLab groups and projects by direct transfer"
@@ -3556,6 +3556,9 @@ msgstr ""
 msgid "AdminSettings|Enable collection of application metrics. Restart required. %{link_start}Learn how to export metrics to Prometheus%{link_end}."
 msgstr ""
 
+msgid "AdminSettings|Enable instance runners for new projects"
+msgstr ""
+
 msgid "AdminSettings|Enable kuromoji custom analyzer: Indexing"
 msgstr ""
 
@@ -3568,9 +3571,6 @@ msgstr ""
 msgid "AdminSettings|Enable product analytics"
 msgstr ""
 
-msgid "AdminSettings|Enable shared runners for new projects"
-msgstr ""
-
 msgid "AdminSettings|Enable smartcn custom analyzer: Indexing"
 msgstr ""
 
@@ -3634,6 +3634,9 @@ msgstr ""
 msgid "AdminSettings|Inactive project deletion"
 msgstr ""
 
+msgid "AdminSettings|Instance runners details"
+msgstr ""
+
 msgid "AdminSettings|Instance runners expiration"
 msgstr ""
 
@@ -3904,7 +3907,7 @@ msgstr ""
 msgid "AdminUsers|2FA Enabled"
 msgstr ""
 
-msgid "AdminUsers|A user can validate themselves by inputting a credit/debit card, or an admin can manually validate a user. Validated users can use free CI minutes on shared runners."
+msgid "AdminUsers|A user can validate themselves by inputting a credit/debit card, or an admin can manually validate a user. Validated users can use free CI minutes on instance runners."
 msgstr ""
 
 msgid "AdminUsers|Access"
@@ -4159,7 +4162,7 @@ msgstr ""
 msgid "AdminUsers|Stop monitoring %{username} for possible spam?"
 msgstr ""
 
-msgid "AdminUsers|The maximum compute minutes that jobs in this namespace can use on shared runners each month. Set 0 for unlimited. Set empty to inherit the global setting of %{minutes}"
+msgid "AdminUsers|The maximum compute minutes that jobs in this namespace can use on instance runners each month. Set 0 for unlimited. Set empty to inherit the global setting of %{minutes}"
 msgstr ""
 
 msgid "AdminUsers|The user can create issues, notes, snippets, and merge requests that appear to be spam without being blocked."
@@ -8074,19 +8077,19 @@ msgstr ""
 msgid "Billings|In a seat"
 msgstr ""
 
+msgid "Billings|Instance runners cannot be enabled until a valid credit card is on file."
+msgstr ""
+
 msgid "Billings|Seats in use / Seats available"
 msgstr ""
 
 msgid "Billings|Seats in use / Seats in subscription"
 msgstr ""
 
-msgid "Billings|Shared runners cannot be enabled until a valid credit card is on file."
+msgid "Billings|To use free compute minutes on instance runners, you'll need to validate your account with a credit card. If you prefer not to provide one, you can run pipelines by bringing your own runners and disabling instance runners for your project. This is required to discourage and reduce abuse on GitLab infrastructure. %{strongStart}GitLab will not charge your card, it will only be used for validation.%{strongEnd} %{linkStart}Learn more%{linkEnd}."
 msgstr ""
 
-msgid "Billings|To use free compute minutes on shared runners, you'll need to validate your account with a credit card. If you prefer not to provide one, you can run pipelines by bringing your own runners and disabling shared runners for your project. This is required to discourage and reduce abuse on GitLab infrastructure. %{strongStart}GitLab will not charge your card, it will only be used for validation.%{strongEnd} %{linkStart}Learn more%{linkEnd}."
-msgstr ""
-
-msgid "Billings|To use free compute minutes on shared runners, you'll need to validate your account with a credit card. This is required to discourage and reduce abuse on GitLab infrastructure. %{strongStart}GitLab will not charge your card, it will only be used for validation.%{strongEnd}"
+msgid "Billings|To use free compute minutes on instance runners, you'll need to validate your account with a credit card. This is required to discourage and reduce abuse on GitLab infrastructure. %{strongStart}GitLab will not charge your card, it will only be used for validation.%{strongEnd}"
 msgstr ""
 
 msgid "Billings|User validation required"
@@ -8098,7 +8101,7 @@ msgstr ""
 msgid "Billings|Validate user account"
 msgstr ""
 
-msgid "Billings|You'll now be able to take advantage of free compute minutes on shared runners."
+msgid "Billings|You'll now be able to take advantage of free compute minutes on instance runners."
 msgstr ""
 
 msgid "Billings|Your account has been validated"
@@ -9423,10 +9426,13 @@ msgstr ""
 msgid "CICDAnalytics|Deployment frequency"
 msgstr ""
 
-msgid "CICDAnalytics|Lead time"
+msgid "CICDAnalytics|Instance runner duration is the total runtime of all jobs that ran on instance runners"
 msgstr ""
 
-msgid "CICDAnalytics|No shared runner minute usage data available"
+msgid "CICDAnalytics|Instance runner pipeline minute duration by month"
+msgstr ""
+
+msgid "CICDAnalytics|Lead time"
 msgstr ""
 
 msgid "CICDAnalytics|Projects with releases"
@@ -9443,19 +9449,13 @@ msgstr ""
 msgid "CICDAnalytics|Releases"
 msgstr ""
 
-msgid "CICDAnalytics|Shared runner duration is the total runtime of all jobs that ran on shared runners"
-msgstr ""
-
-msgid "CICDAnalytics|Shared runner pipeline minute duration by month"
-msgstr ""
-
 msgid "CICDAnalytics|Something went wrong while fetching release statistics"
 msgstr ""
 
 msgid "CICDAnalytics|Time to restore service"
 msgstr ""
 
-msgid "CICDAnalytics|What is shared runner duration?"
+msgid "CICDAnalytics|What is instance runner duration?"
 msgstr ""
 
 msgid "CICD|Add a %{base_domain_link_start}base domain%{link_end} to your %{kubernetes_cluster_link_start}Kubernetes cluster%{link_end} for your deployment strategy to work."
@@ -15212,7 +15212,7 @@ msgstr ""
 msgid "Customer relations organizations"
 msgstr ""
 
-msgid "Customize CI/CD settings, including Auto DevOps, shared runners, and job artifacts."
+msgid "Customize CI/CD settings, including Auto DevOps, instance runners, and job artifacts."
 msgstr ""
 
 msgid "Customize colors"
@@ -18948,6 +18948,15 @@ msgstr ""
 msgid "Enable incident management inbound alert limit"
 msgstr ""
 
+msgid "Enable instance runners for all projects and subgroups in this group."
+msgstr ""
+
+msgid "Enable instance runners for this group"
+msgstr ""
+
+msgid "Enable instance runners for this project"
+msgstr ""
+
 msgid "Enable integration"
 msgstr ""
 
@@ -18987,15 +18996,6 @@ msgstr ""
 msgid "Enable security training"
 msgstr ""
 
-msgid "Enable shared runners for all projects and subgroups in this group."
-msgstr ""
-
-msgid "Enable shared runners for this group"
-msgstr ""
-
-msgid "Enable shared runners for this project"
-msgstr ""
-
 msgid "Enable two-factor authentication"
 msgstr ""
 
@@ -26187,6 +26187,12 @@ msgstr[1] ""
 msgid "Instance Configuration"
 msgstr ""
 
+msgid "Instance Runners"
+msgstr ""
+
+msgid "Instance Runners:"
+msgstr ""
+
 msgid "Instance access request"
 msgstr ""
 
@@ -26202,6 +26208,12 @@ msgstr ""
 msgid "Instance overview"
 msgstr ""
 
+msgid "Instance runners enabled cannot be enabled until a valid credit card is on file"
+msgstr ""
+
+msgid "Instance runners help link"
+msgstr ""
+
 msgid "Insufficient permissions"
 msgstr ""
 
@@ -30279,7 +30291,7 @@ msgstr ""
 msgid "MemberRole|Base role to use as template"
 msgstr ""
 
-msgid "MemberRole|Could not fetch available permissions: %{message}"
+msgid "MemberRole|Could not fetch available permissions."
 msgstr ""
 
 msgid "MemberRole|Create new role"
@@ -30312,7 +30324,7 @@ msgstr ""
 msgid "MemberRole|Failed to delete role. %{message}"
 msgstr ""
 
-msgid "MemberRole|Failed to fetch roles: %{message}"
+msgid "MemberRole|Failed to fetch roles."
 msgstr ""
 
 msgid "MemberRole|ID"
@@ -42370,7 +42382,7 @@ msgstr ""
 msgid "Runners|Architecture"
 msgstr ""
 
-msgid "Runners|Are you sure you want to disable shared runners for %{groupName}?"
+msgid "Runners|Are you sure you want to disable instance runners for %{groupName}?"
 msgstr ""
 
 msgid "Runners|Assigned Group"
@@ -42388,7 +42400,7 @@ msgstr ""
 msgid "Runners|Available"
 msgstr ""
 
-msgid "Runners|Available shared runners: %{count}"
+msgid "Runners|Available instance runners: %{count}"
 msgstr ""
 
 msgid "Runners|Available to all projects"
@@ -42600,6 +42612,18 @@ msgstr ""
 msgid "Runners|Instance"
 msgstr ""
 
+msgid "Runners|Instance runners"
+msgstr ""
+
+msgid "Runners|Instance runners are disabled in the group settings."
+msgstr ""
+
+msgid "Runners|Instance runners are disabled."
+msgstr ""
+
+msgid "Runners|Instance runners will be disabled for all projects and subgroups in this group."
+msgstr ""
+
 msgid "Runners|Instance: Median job queued time"
 msgstr ""
 
@@ -42699,7 +42723,7 @@ msgstr ""
 msgid "Runners|No spot. This is the default choice for Linux Docker executor."
 msgstr ""
 
-msgid "Runners|No, keep shared runners enabled"
+msgid "Runners|No, keep instance runners enabled"
 msgstr ""
 
 msgid "Runners|Not accepting jobs"
@@ -42726,6 +42750,12 @@ msgstr ""
 msgid "Runners|Operating systems"
 msgstr ""
 
+msgid "Runners|Other projects"
+msgstr ""
+
+msgid "Runners|Other runners"
+msgstr ""
+
 msgid "Runners|Owner"
 msgstr ""
 
@@ -42943,15 +42973,6 @@ msgstr ""
 msgid "Runners|Separate multiple tags with a comma. For example, %{example}."
 msgstr ""
 
-msgid "Runners|Shared runners are disabled in the group settings."
-msgstr ""
-
-msgid "Runners|Shared runners are disabled."
-msgstr ""
-
-msgid "Runners|Shared runners will be disabled for all projects and subgroups in this group."
-msgstr ""
-
 msgid "Runners|Show only inherited"
 msgstr ""
 
@@ -43000,7 +43021,7 @@ msgstr ""
 msgid "Runners|Tags"
 msgstr ""
 
-msgid "Runners|Tags control which type of jobs a runner can handle. By tagging a runner, you make sure shared runners only handle the jobs they are equipped to run."
+msgid "Runners|Tags control which type of jobs a runner can handle. By tagging a runner, you make sure runners only handle the jobs they are equipped to run."
 msgstr ""
 
 msgid "Runners|The %{boldStart}runner authentication token%{boldEnd} %{token} displays here %{boldStart}for a short time only%{boldEnd}. After you register the runner, this token is stored in the %{codeStart}config.toml%{codeEnd} and cannot be accessed again from the UI."
@@ -43163,16 +43184,16 @@ msgstr ""
 msgid "Runners|Windows 2019 Shell with manual scaling and optional scheduling. Non-spot."
 msgstr ""
 
-msgid "Runners|Yes, disable shared runners"
+msgid "Runners|Yes, disable instance runners"
 msgstr ""
 
 msgid "Runners|Yes, start deleting stale runners"
 msgstr ""
 
-msgid "Runners|You can set up a project runner to be used by multiple projects but you cannot make this a shared or group runner."
+msgid "Runners|You can set up a project runner to be used by multiple projects but you cannot make this an instance or group runner."
 msgstr ""
 
-msgid "Runners|You have used %{quotaUsed} out of %{quotaLimit} of your shared Runners pipeline minutes."
+msgid "Runners|You have used %{quotaUsed} out of %{quotaLimit} of your instance runners pipeline minutes."
 msgstr ""
 
 msgid "Runners|You may lose access to the runner token if you leave this page."
@@ -46441,27 +46462,9 @@ msgstr ""
 msgid "Share the %{strong_open}GitLab single sign-on URL%{strong_close} with members so they can sign in to your group through your identity provider"
 msgstr ""
 
-msgid "Shared Runners"
-msgstr ""
-
-msgid "Shared Runners:"
-msgstr ""
-
 msgid "Shared projects"
 msgstr ""
 
-msgid "Shared runners"
-msgstr ""
-
-msgid "Shared runners details"
-msgstr ""
-
-msgid "Shared runners enabled cannot be enabled until a valid credit card is on file"
-msgstr ""
-
-msgid "Shared runners help link"
-msgstr ""
-
 msgid "SharedRunnersMinutesSettings|Reset compute usage"
 msgstr ""
 
@@ -49913,7 +49916,7 @@ msgstr ""
 msgid "The maximum amount of time users have to set up two-factor authentication before it's enforced."
 msgstr ""
 
-msgid "The maximum compute minutes that jobs in a namespace can use on shared runners each month. 0 for unlimited."
+msgid "The maximum compute minutes that jobs in a namespace can use on instance runners each month. 0 for unlimited."
 msgstr ""
 
 msgid "The maximum file size allowed is %{size}."
@@ -50561,7 +50564,7 @@ msgstr ""
 msgid "This Cron pattern is invalid"
 msgstr ""
 
-msgid "This GitLab instance does not provide any shared runners yet. Instance administrators can register shared runners in the admin area."
+msgid "This GitLab instance does not provide any instance runners yet. Administrators can register instance runners in the admin area."
 msgstr ""
 
 msgid "This PDF is too large to display. Please download to view."
@@ -53240,7 +53243,7 @@ msgstr ""
 msgid "UsageQuotas|Namespace transfer data used"
 msgstr ""
 
-msgid "UsageQuota|%{linkStart}Shared runners%{linkEnd} are disabled, so there are no limits set on pipeline usage"
+msgid "UsageQuota|%{linkStart}Instance runners%{linkEnd} are disabled, so there are no limits set on pipeline usage"
 msgstr ""
 
 msgid "UsageQuota|%{linkTitle} help link"
@@ -53321,6 +53324,9 @@ msgstr ""
 msgid "UsageQuota|Includes project artifacts, repositories, packages, and container registries."
 msgstr ""
 
+msgid "UsageQuota|Instance runner duration"
+msgstr ""
+
 msgid "UsageQuota|Job artifacts created by CI/CD."
 msgstr ""
 
@@ -53387,9 +53393,6 @@ msgstr ""
 msgid "UsageQuota|Shared bits of code and text."
 msgstr ""
 
-msgid "UsageQuota|Shared runner duration"
-msgstr ""
-
 msgid "UsageQuota|Something went wrong while fetching pipeline statistics"
 msgstr ""
 
@@ -53429,13 +53432,13 @@ msgstr ""
 msgid "UsageQuota|This namespace has %{planLimit} of storage."
 msgstr ""
 
-msgid "UsageQuota|This namespace has no projects which used shared runners in the current period"
+msgid "UsageQuota|This namespace has no projects which used instance runners in the current period"
 msgstr ""
 
 msgid "UsageQuota|This namespace is under project-level limits, so only repository and LFS storage usage above the limit included in the plan is counted as excess storage. You can increase excess storage limit by purchasing storage packages."
 msgstr ""
 
-msgid "UsageQuota|This table omits projects that used 0 compute minutes or 0 shared runners duration"
+msgid "UsageQuota|This table omits projects that used 0 compute minutes or 0 instance runners duration"
 msgstr ""
 
 msgid "UsageQuota|Total excess storage"
@@ -54455,13 +54458,13 @@ msgstr ""
 msgid "VerificationReminder|Pipeline failing? To keep GitLab spam and abuse free we ask that you verify your identity."
 msgstr ""
 
-msgid "VerificationReminder|Until then, shared runners will be unavailable. %{validateLinkStart}Validate your account%{validateLinkEnd} or %{docsLinkStart}use your own runners%{docsLinkEnd}."
+msgid "VerificationReminder|Until then, instance runners will be unavailable. %{validateLinkStart}Validate your account%{validateLinkEnd} or %{docsLinkStart}use your own runners%{docsLinkEnd}."
 msgstr ""
 
 msgid "VerificationReminder|Your account has been validated"
 msgstr ""
 
-msgid "VerificationReminder|You’ll now be able to take advantage of free compute minutes on shared runners."
+msgid "VerificationReminder|You’ll now be able to take advantage of free compute minutes on instance runners."
 msgstr ""
 
 msgid "Verifications status"
diff --git a/qa/qa/page/main/login.rb b/qa/qa/page/main/login.rb
index f935d1590c5..244f5999c4a 100644
--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -103,6 +103,8 @@ module QA
           end
 
           Page::Main::Menu.perform(&:signed_in?)
+
+          dismiss_duo_chat_popup
         end
 
         # Handle request for password change
@@ -243,6 +245,8 @@ module QA
 
           wait_for_gitlab_to_respond
 
+          dismiss_duo_chat_popup
+
           return if skip_page_validation
 
           Page::Main::Menu.validate_elements_present!
@@ -250,6 +254,14 @@ module QA
           validate_canary!
         end
 
+        def dismiss_duo_chat_popup
+          return unless has_element?('duo-chat-promo-callout-popover')
+
+          within_element('duo-chat-promo-callout-popover') do
+            click_element('close-button')
+          end
+        end
+
         def fill_in_credential(user)
           fill_element 'username-field', user.username
           fill_element 'password-field', user.password
diff --git a/spec/controllers/concerns/product_analytics_tracking_spec.rb b/spec/controllers/concerns/product_analytics_tracking_spec.rb
index 247be5429a1..7b48782be98 100644
--- a/spec/controllers/concerns/product_analytics_tracking_spec.rb
+++ b/spec/controllers/concerns/product_analytics_tracking_spec.rb
@@ -109,8 +109,7 @@ RSpec.describe ProductAnalyticsTracking, :snowplow, feature_category: :product_a
       end
 
       it 'tracks total Redis counters' do
-        expect(Gitlab::Usage::Metrics::Instrumentations::TotalCountMetric).to receive(:redis_key)
-          .twice.and_call_original # total and 7d
+        expect(Gitlab::Usage::Metrics::Instrumentations::TotalCountMetric).to receive(:redis_key).twice # total and 7d
 
         get :index
       end
diff --git a/spec/features/groups/settings/ci_cd_spec.rb b/spec/features/groups/settings/ci_cd_spec.rb
index bf056f535f2..54970c4d325 100644
--- a/spec/features/groups/settings/ci_cd_spec.rb
+++ b/spec/features/groups/settings/ci_cd_spec.rb
@@ -23,8 +23,8 @@ RSpec.describe 'Group CI/CD settings', feature_category: :continuous_integration
       visit group_settings_ci_cd_path(group)
     end
 
-    it 'has "Enable shared runners for this group" toggle', :js do
-      expect(shared_runners_toggle).to have_content(_('Enable shared runners for this group'))
+    it 'has "Enable instance runners for this group" toggle', :js do
+      expect(shared_runners_toggle).to have_content(_('Enable instance runners for this group'))
     end
 
     it 'clicks on toggle to enable setting', :js do
diff --git a/spec/features/markdown/markdown_spec.rb b/spec/features/markdown/markdown_spec.rb
index 34c9219101f..a2e76addcd0 100644
--- a/spec/features/markdown/markdown_spec.rb
+++ b/spec/features/markdown/markdown_spec.rb
@@ -51,6 +51,10 @@ RSpec.describe 'GitLab Markdown', :aggregate_failures, feature_category: :team_p
         expect(doc.to_html).not_to match('foo<em>bar</em>baz')
       end
 
+      aggregate_failures 'parses multiline blockquotes' do
+        expect(doc).to have_selector('blockquote:contains("A multiline blockquote")')
+      end
+
       aggregate_failures 'parses table Markdown' do
         expect(doc).to have_selector('th:contains("Header")')
         expect(doc).to have_selector('th:contains("Row")')
diff --git a/spec/features/runners_spec.rb b/spec/features/runners_spec.rb
index e7047610180..67ad9547d77 100644
--- a/spec/features/runners_spec.rb
+++ b/spec/features/runners_spec.rb
@@ -139,14 +139,14 @@ RSpec.describe 'Runners', feature_category: :fleet_visibility do
           end
         end
 
-        context 'when multiple shared runners are configured' do
+        context 'when multiple instance runners are configured' do
           let_it_be(:shared_runner_2) { create(:ci_runner, :instance) }
 
           it 'shows the runner count' do
             visit project_runners_path(project)
 
             within '[data-testid="available-shared-runners"]' do
-              expect(page).to have_content format(_('Available shared runners: %{count}'), { count: 2 })
+              expect(page).to have_content format(_('Available instance runners: %{count}'), { count: 2 })
             end
           end
 
diff --git a/spec/fixtures/config/redis_new_format_host_standalone.yml b/spec/fixtures/config/redis_new_format_host_standalone.yml
deleted file mode 100644
index f5836586247..00000000000
--- a/spec/fixtures/config/redis_new_format_host_standalone.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-# redis://[:password@]host[:port][/db-number][?option=value]
-# more details: http://www.iana.org/assignments/uri-schemes/prov/redis
-development:
-  url: redis://:mynewpassword@development-host:6379/99
-test:
-  url: redis://:mynewpassword@test-host:6379/99
-production:
-  url: redis://:mynewpassword@production-host:6379/99
diff --git a/spec/fixtures/markdown.md.erb b/spec/fixtures/markdown.md.erb
index 8e11f95be8b..ce637e20337 100644
--- a/spec/fixtures/markdown.md.erb
+++ b/spec/fixtures/markdown.md.erb
@@ -15,6 +15,12 @@ It has some special features. Let's try 'em out!
 
 This string should have no emphasis: foo_bar_baz
 
+### Multiline Blockquotes
+
+>>>
+A multiline blockquote
+>>>
+
 ### Tables
 
 | Header   | Row  | Example |
diff --git a/spec/frontend/group_settings/components/shared_runners_form_spec.js b/spec/frontend/group_settings/components/shared_runners_form_spec.js
index b39b9a62661..afafb0323ba 100644
--- a/spec/frontend/group_settings/components/shared_runners_form_spec.js
+++ b/spec/frontend/group_settings/components/shared_runners_form_spec.js
@@ -106,7 +106,7 @@ describe('group_settings/components/shared_runners_form', () => {
       'toggle %# is disabled',
       (findToggle) => {
         expect(findToggle().props('disabled')).toBe(true);
-        expect(findToggle().text()).toContain(s__('Runners|Shared runners are disabled.'));
+        expect(findToggle().text()).toContain(s__('Runners|Instance runners are disabled.'));
 
         if (isParentLinkExpected) {
           expect(findToggle().text()).toContain(
diff --git a/spec/frontend/projects/settings/components/shared_runners_toggle_spec.js b/spec/frontend/projects/settings/components/shared_runners_toggle_spec.js
index 4fee969ee62..735f287b833 100644
--- a/spec/frontend/projects/settings/components/shared_runners_toggle_spec.js
+++ b/spec/frontend/projects/settings/components/shared_runners_toggle_spec.js
@@ -62,7 +62,7 @@ describe('projects/settings/components/shared_runners', () => {
 
     it('renders text explaining why the toggle is disabled', () => {
       expect(findSharedRunnersToggle().text()).toEqual(
-        'Shared runners are disabled in the group settings.',
+        'Instance runners are disabled in the group settings.',
       );
     });
 
diff --git a/spec/graphql/mutations/groups/update_spec.rb b/spec/graphql/mutations/groups/update_spec.rb
index 620c9d6ee91..5227d24af01 100644
--- a/spec/graphql/mutations/groups/update_spec.rb
+++ b/spec/graphql/mutations/groups/update_spec.rb
@@ -15,7 +15,7 @@ RSpec.describe Mutations::Groups::Update do
   describe '#resolve' do
     subject { described_class.new(object: group, context: { current_user: user }, field: nil).resolve(**params) }
 
-    RSpec.shared_examples 'updating the group shared runners setting' do
+    shared_examples 'updating the group shared runners setting' do
       it 'updates the group shared runners setting' do
         expect { subject }
           .to change { group.reload.shared_runners_setting }.from('enabled').to(Namespace::SR_DISABLED_AND_UNOVERRIDABLE)
@@ -42,7 +42,19 @@ RSpec.describe Mutations::Groups::Update do
       end
     end
 
-    RSpec.shared_examples 'denying access to group shared runners setting' do
+    shared_examples 'updating the group math rendering settings' do
+      it 'updates the settings' do
+        expect { subject }
+          .to change { group.reload.math_rendering_limits_enabled? }.to(false)
+          .and change { group.reload.lock_math_rendering_limits_enabled? }.to(true)
+      end
+
+      it 'returns no errors' do
+        expect(subject).to eq(errors: [], group: group)
+      end
+    end
+
+    shared_examples 'denying access to group' do
       it 'raises Gitlab::Graphql::Errors::ResourceNotAvailable' do
         expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
       end
@@ -56,10 +68,38 @@ RSpec.describe Mutations::Groups::Update do
 
       where(:user_role, :shared_examples_name) do
         :owner      | 'updating the group shared runners setting'
-        :developer  | 'denying access to group shared runners setting'
-        :reporter   | 'denying access to group shared runners setting'
-        :guest      | 'denying access to group shared runners setting'
-        :anonymous  | 'denying access to group shared runners setting'
+        :maintainer | 'denying access to group'
+        :developer  | 'denying access to group'
+        :reporter   | 'denying access to group'
+        :guest      | 'denying access to group'
+        :anonymous  | 'denying access to group'
+      end
+
+      with_them do
+        before do
+          group.send("add_#{user_role}", user) unless user_role == :anonymous
+        end
+
+        it_behaves_like params[:shared_examples_name]
+      end
+    end
+
+    context 'changing math rendering settings' do
+      let_it_be(:params) do
+        {
+          full_path: group.full_path,
+          math_rendering_limits_enabled: false,
+          lock_math_rendering_limits_enabled: true
+        }
+      end
+
+      where(:user_role, :shared_examples_name) do
+        :owner      | 'updating the group math rendering settings'
+        :maintainer | 'denying access to group'
+        :developer  | 'denying access to group'
+        :reporter   | 'denying access to group'
+        :guest      | 'denying access to group'
+        :anonymous  | 'denying access to group'
       end
 
       with_them do
diff --git a/spec/graphql/types/group_type_spec.rb b/spec/graphql/types/group_type_spec.rb
index e3b14287d37..dd23dbb0370 100644
--- a/spec/graphql/types/group_type_spec.rb
+++ b/spec/graphql/types/group_type_spec.rb
@@ -28,6 +28,7 @@ RSpec.describe GitlabSchema.types['Group'], feature_category: :groups_and_projec
       shared_runners_setting timelogs organization_state_counts organizations
       contact_state_counts contacts work_item_types
       recent_issue_boards ci_variables releases environment_scopes work_items autocomplete_users
+      lock_math_rendering_limits_enabled math_rendering_limits_enabled
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)
diff --git a/spec/initializers/action_cable_subscription_adapter_identifier_spec.rb b/spec/initializers/action_cable_subscription_adapter_identifier_spec.rb
index d89ad21ca82..cf82fd751dd 100644
--- a/spec/initializers/action_cable_subscription_adapter_identifier_spec.rb
+++ b/spec/initializers/action_cable_subscription_adapter_identifier_spec.rb
@@ -27,7 +27,7 @@ RSpec.describe 'ActionCableSubscriptionAdapterIdentifier override' do
 
         sub = ActionCable.server.pubsub.send(:redis_connection)
 
-        expect(sub.connection[:id]).to eq('/home/localuser/redis/redis.socket/0')
+        expect(sub.connection[:id]).to eq('unix:///home/localuser/redis/redis.socket/0')
         expect(ActionCable.server.config.cable[:id]).to be_nil
       end
     end
diff --git a/spec/initializers/session_store_spec.rb b/spec/initializers/session_store_spec.rb
index bd943830f6e..c9333d022dd 100644
--- a/spec/initializers/session_store_spec.rb
+++ b/spec/initializers/session_store_spec.rb
@@ -15,7 +15,7 @@ RSpec.describe 'Session initializer for GitLab' do
 
   describe 'config#session_store' do
     it 'initialized as a redis_store with a proper servers configuration' do
-      expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_server: Gitlab::Redis::Sessions.params.merge(namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE)))
+      expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
 
       load_session_store
     end
diff --git a/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb b/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb
index 55575d4cf84..ce3eeccc912 100644
--- a/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb
+++ b/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb
@@ -9,10 +9,6 @@ RSpec.describe Banzai::Pipeline::PreProcessPipeline, feature_category: :team_pla
       foo: :foo_symbol
       bar: :bar_symbol
       ---
-
-      >>>
-      blockquote
-      >>>
     MD
 
     result = described_class.call(markdown, {})
@@ -21,7 +17,6 @@ RSpec.describe Banzai::Pipeline::PreProcessPipeline, feature_category: :team_pla
       expect(result[:output]).not_to include "\xEF\xBB\xBF"
       expect(result[:output]).not_to include '---'
       expect(result[:output]).to include "```yaml:frontmatter\nfoo: :foo_symbol\n"
-      expect(result[:output]).to include "> blockquote\n"
     end
   end
 
diff --git a/spec/lib/click_house/migration_support/exclusive_lock_spec.rb b/spec/lib/click_house/migration_support/exclusive_lock_spec.rb
index 17e58a4ddef..5176cc75266 100644
--- a/spec/lib/click_house/migration_support/exclusive_lock_spec.rb
+++ b/spec/lib/click_house/migration_support/exclusive_lock_spec.rb
@@ -5,8 +5,6 @@ require 'spec_helper'
 RSpec.describe ClickHouse::MigrationSupport::ExclusiveLock, feature_category: :database do
   include ExclusiveLeaseHelpers
 
-  let(:worker_id) { 1 }
-
   let(:worker_class) do
     # This worker will be active longer than the ClickHouse worker TTL
     Class.new do
@@ -83,7 +81,7 @@ RSpec.describe ClickHouse::MigrationSupport::ExclusiveLock, feature_category: :d
       end
 
       around do |example|
-        described_class.register_running_worker(worker_class, worker_id) do
+        described_class.register_running_worker(worker_class, anything) do
           example.run
         end
       end
diff --git a/spec/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl_spec.rb b/spec/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl_spec.rb
index a55ae5711a8..c52d1b4c9f2 100644
--- a/spec/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl_spec.rb
+++ b/spec/lib/gitlab/background_migration/redis/backfill_project_pipeline_status_ttl_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'
 
 RSpec.describe Gitlab::BackgroundMigration::Redis::BackfillProjectPipelineStatusTtl,
   :clean_gitlab_redis_cache, feature_category: :redis do
-  let(:redis) { ::Gitlab::Redis::Cache.redis }
+  let(:redis) { ::Redis.new(::Gitlab::Redis::Cache.params) }
   let(:keys) { ["cache:gitlab:project:1:pipeline_status", "cache:gitlab:project:2:pipeline_status"] }
   let(:invalid_keys) { ["cache:gitlab:project:pipeline_status:1", "cache:gitlab:project:pipeline_status:2"] }
 
diff --git a/spec/lib/gitlab/database/migrations/runner_backoff/communicator_spec.rb b/spec/lib/gitlab/database/migrations/runner_backoff/communicator_spec.rb
index 9f1ade529b1..cfc3fb398e2 100644
--- a/spec/lib/gitlab/database/migrations/runner_backoff/communicator_spec.rb
+++ b/spec/lib/gitlab/database/migrations/runner_backoff/communicator_spec.rb
@@ -28,7 +28,7 @@ RSpec.describe Gitlab::Database::Migrations::RunnerBackoff::Communicator, :clean
 
     it 'reads from Redis' do
       recorder = RedisCommands::Recorder.new { subject }
-      expect(recorder.log).to include(['exists', 'gitlab:exclusive_lease:gitlab/database/migration/runner/backoff'])
+      expect(recorder.log).to include([:exists, 'gitlab:exclusive_lease:gitlab/database/migration/runner/backoff'])
     end
 
     context 'with runner_migrations_backoff disabled' do
diff --git a/spec/lib/gitlab/discussions_diff/highlight_cache_spec.rb b/spec/lib/gitlab/discussions_diff/highlight_cache_spec.rb
index 8068be798d3..30981e4bd7d 100644
--- a/spec/lib/gitlab/discussions_diff/highlight_cache_spec.rb
+++ b/spec/lib/gitlab/discussions_diff/highlight_cache_spec.rb
@@ -33,7 +33,7 @@ RSpec.describe Gitlab::DiscussionsDiff::HighlightCache, :clean_gitlab_redis_cach
 
       mapping.each do |key, value|
         full_key = described_class.cache_key_for(key)
-        found_key = Gitlab::Redis::Cache.with { |r| r.get(full_key).force_encoding("UTF-8") }
+        found_key = Gitlab::Redis::Cache.with { |r| r.get(full_key) }
 
         expect(described_class.gzip_decompress(found_key)).to eq(value.to_json)
       end
diff --git a/spec/lib/gitlab/external_authorization/cache_spec.rb b/spec/lib/gitlab/external_authorization/cache_spec.rb
index 3dc23422e4e..186bf7d7ec1 100644
--- a/spec/lib/gitlab/external_authorization/cache_spec.rb
+++ b/spec/lib/gitlab/external_authorization/cache_spec.rb
@@ -23,9 +23,9 @@ RSpec.describe Gitlab::ExternalAuthorization::Cache, :clean_gitlab_redis_cache d
   describe '#load' do
     it 'reads stored info from redis' do
       freeze_time do
-        set_in_redis(:access, false.to_s)
+        set_in_redis(:access, false)
         set_in_redis(:reason, 'Access denied for now')
-        set_in_redis(:refreshed_at, Time.now.to_s)
+        set_in_redis(:refreshed_at, Time.now)
 
         access, reason, refreshed_at = cache.load
 
diff --git a/spec/lib/gitlab/instrumentation/redis_client_middleware_spec.rb b/spec/lib/gitlab/instrumentation/redis_client_middleware_spec.rb
index 2eb77add2ed..a8bded69696 100644
--- a/spec/lib/gitlab/instrumentation/redis_client_middleware_spec.rb
+++ b/spec/lib/gitlab/instrumentation/redis_client_middleware_spec.rb
@@ -9,9 +9,10 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
   include RedisHelpers
 
   let_it_be(:redis_store_class) { define_helper_redis_store_class }
+  let_it_be(:redis_client) { RedisClient.new(redis_store_class.redis_client_params) }
 
   before do
-    redis_store_class.with(&:flushdb)
+    redis_client.call("flushdb")
   end
 
   describe 'read and write' do
@@ -23,30 +24,27 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
       # The response is 1001, so 4 bytes. Exercise counting an integer reply.
       [[:set, 'foobar', 1000]] | [:incr, 'foobar'] | (4 + 6) | 4
 
-      # Exercise counting empty multi bulk reply.
-      [] | [:hgetall, 'foobar'] | (7 + 6) | 0
+      # Exercise counting empty multi bulk reply. Returns an empty hash `{}`
+      [] | [:hgetall, 'foobar'] | (7 + 6) | 2
 
       # Hgetall response length is combined length of keys and values in the
       # hash. Exercises counting of a multi bulk reply
-      [[:hset, 'myhash', 'field', 'hello world']] | [:hgetall, 'myhash'] | (7 + 6) | (5 + 11)
+      # Returns `{"field"=>"hello world"}`, 5 for field, 11 for hello world, 8 for {, }, 4 "s, =, >
+      [[:hset, 'myhash', 'field', 'hello world']] | [:hgetall, 'myhash'] | (7 + 6) | (5 + 11 + 8)
 
       # Exercise counting of a bulk reply
       [[:set, 'foo', 'bar' * 100]] | [:get, 'foo'] | (3 + 3) | (3 * 100)
 
-      # Nested array response: [['foo', 0], ['bar', 1.1000000000000001]] due to Redis precision
-      # See https://github.com/redis/redis/issues/1499
+      # Nested array response: [['foo', 0.0], ['bar', 1.0]]. Returns scores as float.
       [[:zadd, 'myset', 0, 'foo'],
-        [:zadd, 'myset', 1.1,
-          'bar']] | [:zrange, 'myset', 0, -1, 'withscores'] | (6 + 5 + 1 + 2 + 10) | (3 + 1 + 3 + 18)
+        [:zadd, 'myset', 1, 'bar']] | [:zrange, 'myset', 0, -1, 'withscores'] | (6 + 5 + 1 + 2 + 10) | (3 + 3 + 3 + 3)
     end
 
     with_them do
       it 'counts bytes read and written' do
-        redis_store_class.with do |redis|
-          setup.each { |cmd| redis.call(cmd) }
-          RequestStore.clear!
-          redis.call(command)
-        end
+        setup.each { |cmd| redis_client.call(*cmd) }
+        RequestStore.clear!
+        redis_client.call(*command)
 
         expect(Gitlab::Instrumentation::Redis.read_bytes).to eq(expect_read)
         expect(Gitlab::Instrumentation::Redis.write_bytes).to eq(expect_write)
@@ -60,48 +58,35 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
     it 'counts successful requests' do
       expect(instrumentation_class).to receive(:instance_count_request).with(1).and_call_original
 
-      redis_store_class.with { |redis| redis.call(:get, 'foobar') }
+      redis_client.call(:get, 'foobar')
     end
 
     it 'counts successful pipelined requests' do
       expect(instrumentation_class).to receive(:instance_count_request).with(2).and_call_original
       expect(instrumentation_class).to receive(:instance_count_pipelined_request).with(2).and_call_original
 
-      redis_store_class.with do |redis|
-        redis.pipelined do |pipeline|
-          pipeline.call(:get, '{foobar}buz')
-          pipeline.call(:get, '{foobar}baz')
-        end
+      redis_client.pipelined do |pipeline|
+        pipeline.call(:get, '{foobar}buz')
+        pipeline.call(:get, '{foobar}baz')
       end
     end
 
     context 'when encountering exceptions' do
-      where(:case_name, :exception, :exception_counter) do
-        'generic exception' | Redis::CommandError.new                             | :instance_count_exception
-        'moved redirection' | Redis::CommandError.new("MOVED 123 127.0.0.1:6380") | :instance_count_cluster_redirection
-        'ask redirection'   | Redis::CommandError.new("ASK 123 127.0.0.1:6380")   | :instance_count_cluster_redirection
+      before do
+        allow(redis_client.instance_variable_get(:@raw_connection)).to receive(:call).and_raise(
+          RedisClient::Error)
       end
 
-      with_them do
-        before do
-          redis_store_class.with do |redis|
-            # We need to go 1 layer deeper to stub _client as we monkey-patch Redis::Client
-            # with the interceptor. Stubbing `redis` will skip the instrumentation_class.
-            allow(redis._client.instance_variable_get(:@raw_connection)).to receive(:call).and_raise(exception)
-          end
-        end
+      it 'counts exception' do
+        expect(instrumentation_class).to receive(:instance_count_exception)
+                                           .with(instance_of(RedisClient::Error)).and_call_original
+        expect(instrumentation_class).to receive(:log_exception)
+                                           .with(instance_of(RedisClient::Error)).and_call_original
+        expect(instrumentation_class).to receive(:instance_count_request).and_call_original
 
-        it 'counts exception' do
-          expect(instrumentation_class).to receive(exception_counter)
-                                             .with(instance_of(Redis::CommandError)).and_call_original
-          expect(instrumentation_class).to receive(:log_exception)
-                                             .with(instance_of(Redis::CommandError)).and_call_original
-          expect(instrumentation_class).to receive(:instance_count_request).and_call_original
-
-          expect do
-            redis_store_class.with { |redis| redis.call(:auth, 'foo', 'bar') }
-          end.to raise_exception(Redis::CommandError)
-        end
+        expect do
+          redis_client.call(:auth, 'foo', 'bar')
+        end.to raise_error(RedisClient::Error)
       end
     end
 
@@ -114,7 +99,7 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
         expect(instrumentation_class).to receive(:increment_cross_slot_request_count).and_call_original
         expect(instrumentation_class).not_to receive(:increment_allowed_cross_slot_request_count).and_call_original
 
-        redis_store_class.with { |redis| redis.call(:mget, 'foo', 'bar') }
+        redis_client.call(:mget, 'foo', 'bar')
       end
 
       it 'does not count allowed cross-slot requests' do
@@ -122,7 +107,7 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
         expect(instrumentation_class).to receive(:increment_allowed_cross_slot_request_count).and_call_original
 
         Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-          redis_store_class.with { |redis| redis.call(:mget, 'foo', 'bar') }
+          redis_client.call(:mget, 'foo', 'bar')
         end
       end
 
@@ -131,7 +116,7 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
         expect(instrumentation_class).not_to receive(:increment_allowed_cross_slot_request_count).and_call_original
 
         Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
-          redis_store_class.with { |redis| redis.call(:get, 'bar') }
+          redis_client.call(:mget, 'bar')
         end
       end
 
@@ -139,7 +124,7 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
         expect(instrumentation_class).not_to receive(:increment_cross_slot_request_count).and_call_original
         expect(instrumentation_class).not_to receive(:increment_allowed_cross_slot_request_count).and_call_original
 
-        redis_store_class.with { |redis| redis.call(:mget, '{foo}bar', '{foo}baz') }
+        redis_client.call(:mget, '{foo}bar', '{foo}baz')
       end
     end
 
@@ -150,7 +135,7 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
 
       it 'still runs cross-slot validation' do
         expect do
-          redis_store_class.with { |redis| redis.mget('foo', 'bar') }
+          redis_client.call('mget', 'foo', 'bar')
         end.to raise_error(instance_of(Gitlab::Instrumentation::RedisClusterValidator::CrossSlotError))
       end
     end
@@ -172,7 +157,7 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
           expect(instrumentation_class).to receive(:instance_observe_duration).with(a_value > 0)
             .and_call_original
 
-          redis_store_class.with { |redis| redis.call(*command) }
+          redis_client.call(*command)
         end
       end
 
@@ -181,21 +166,17 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
           expect(instrumentation_class).to receive(:instance_observe_duration).twice.with(a_value > 0)
             .and_call_original
 
-          redis_store_class.with do |redis|
-            redis.pipelined do |pipeline|
-              pipeline.call(:get, '{foobar}buz')
-              pipeline.call(:get, '{foobar}baz')
-            end
+          redis_client.pipelined do |pipeline|
+            pipeline.call(:get, '{foobar}buz')
+            pipeline.call(:get, '{foobar}baz')
           end
         end
 
         it 'raises error when keys are not from the same slot' do
           expect do
-            redis_store_class.with do |redis|
-              redis.pipelined do |pipeline|
-                pipeline.call(:get, 'foo')
-                pipeline.call(:get, 'bar')
-              end
+            redis_client.pipelined do |pipeline|
+              pipeline.call(:get, 'foo')
+              pipeline.call(:get, 'bar')
             end
           end.to raise_error(instance_of(Gitlab::Instrumentation::RedisClusterValidator::CrossSlotError))
         end
@@ -219,11 +200,11 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
 
       with_them do
         it 'skips requests we do not want in the apdex' do
-          setup.each { |cmd| redis_store_class.with { |redis| redis.call(*cmd) } }
+          setup.each { |cmd| redis_client.call(*cmd) }
 
           expect(instrumentation_class).not_to receive(:instance_observe_duration)
 
-          redis_store_class.with { |redis| redis.call(*command) }
+          redis_client.call(*command)
         end
       end
 
@@ -231,12 +212,10 @@ RSpec.describe Gitlab::Instrumentation::RedisClientMiddleware, :request_store, f
         it 'skips requests that have blocking commands' do
           expect(instrumentation_class).not_to receive(:instance_observe_duration)
 
-          redis_store_class.with do |redis|
-            redis.pipelined do |pipeline|
-              pipeline.call(:get, '{foobar}buz')
-              pipeline.call(:rpush, '{foobar}baz', 1)
-              pipeline.call(:brpop, '{foobar}baz', 0)
-            end
+          redis_client.pipelined do |pipeline|
+            pipeline.call(:get, '{foobar}buz')
+            pipeline.call(:rpush, '{foobar}baz', 1)
+            pipeline.call(:brpop, '{foobar}baz', 0)
           end
         end
       end
diff --git a/spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb b/spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb
new file mode 100644
index 00000000000..2a160a9d316
--- /dev/null
+++ b/spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb
@@ -0,0 +1,261 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rspec-parameterized'
+require 'support/helpers/rails_helpers'
+
+RSpec.describe Gitlab::Instrumentation::RedisInterceptor, :request_store, feature_category: :scalability do
+  using RSpec::Parameterized::TableSyntax
+  include RedisHelpers
+
+  let_it_be(:redis_store_class) { define_helper_redis_store_class }
+
+  before do
+    redis_store_class.with(&:flushdb)
+  end
+
+  describe 'read and write' do
+    where(:setup, :command, :expect_write, :expect_read) do
+      # The response is 'OK', the request size is the combined size of array
+      # elements. Exercise counting of a status reply.
+      [] | [:set, 'foo', 'bar'] | 3 + 3 + 3 | 2
+
+      # The response is 1001, so 4 bytes. Exercise counting an integer reply.
+      [[:set, 'foobar', 1000]] | [:incr, 'foobar'] | 4 + 6 | 4
+
+      # Exercise counting empty multi bulk reply
+      [] | [:hgetall, 'foobar'] | 7 + 6 | 0
+
+      # Hgetall response length is combined length of keys and values in the
+      # hash. Exercises counting of a multi bulk reply
+      [[:hset, 'myhash', 'field', 'hello world']] | [:hgetall, 'myhash'] | 7 + 6 | 5 + 11
+
+      # Exercise counting of a bulk reply
+      [[:set, 'foo', 'bar' * 100]] | [:get, 'foo'] | 3 + 3 | 3 * 100
+
+      # Nested array response: [['foo', 0], ['bar', 1]]
+      [[:zadd, 'myset', 0, 'foo'], [:zadd, 'myset', 1, 'bar']] | [:zrange, 'myset', 0, -1, 'withscores'] | 6 + 5 + 1 + 2 + 10 | 3 + 1 + 3 + 1
+    end
+
+    with_them do
+      it 'counts bytes read and written' do
+        redis_store_class.with do |redis|
+          setup.each { |cmd| redis.call(cmd) }
+          RequestStore.clear!
+          redis.call(command)
+        end
+
+        expect(Gitlab::Instrumentation::Redis.read_bytes).to eq(expect_read)
+        expect(Gitlab::Instrumentation::Redis.write_bytes).to eq(expect_write)
+      end
+    end
+  end
+
+  describe 'counting' do
+    let(:instrumentation_class) { redis_store_class.instrumentation_class }
+
+    it 'counts successful requests' do
+      expect(instrumentation_class).to receive(:instance_count_request).with(1).and_call_original
+
+      redis_store_class.with { |redis| redis.call(:get, 'foobar') }
+    end
+
+    it 'counts successful pipelined requests' do
+      expect(instrumentation_class).to receive(:instance_count_request).with(2).and_call_original
+      expect(instrumentation_class).to receive(:instance_count_pipelined_request).with(2).and_call_original
+
+      redis_store_class.with do |redis|
+        redis.pipelined do |pipeline|
+          pipeline.call(:get, '{foobar}buz')
+          pipeline.call(:get, '{foobar}baz')
+        end
+      end
+    end
+
+    context 'when encountering connection exceptions within process' do
+      before do
+        redis_store_class.with do |redis|
+          allow(redis._client).to receive(:write).and_call_original
+        end
+      end
+
+      it 'counts connection exceptions' do
+        redis_store_class.with do |redis|
+          expect(redis._client).to receive(:write).with([:get, 'foobar']).and_raise(::Redis::ConnectionError)
+        end
+
+        expect(instrumentation_class).to receive(:instance_count_connection_exception)
+                                             .with(instance_of(Redis::ConnectionError)).and_call_original
+
+        redis_store_class.with { |redis| redis.call(:get, 'foobar') }
+      end
+    end
+
+    context 'when encountering exceptions' do
+      where(:case_name, :exception, :exception_counter) do
+        'generic exception' | Redis::CommandError                                 | :instance_count_exception
+        'moved redirection' | Redis::CommandError.new("MOVED 123 127.0.0.1:6380") | :instance_count_cluster_redirection
+        'ask redirection'   | Redis::CommandError.new("ASK 123 127.0.0.1:6380")   | :instance_count_cluster_redirection
+      end
+
+      with_them do
+        before do
+          redis_store_class.with do |redis|
+            # We need to go 1 layer deeper to stub _client as we monkey-patch Redis::Client
+            # with the interceptor. Stubbing `redis` will skip the instrumentation_class.
+            allow(redis._client).to receive(:process).and_raise(exception)
+          end
+        end
+
+        it 'counts exception' do
+          expect(instrumentation_class).to receive(exception_counter)
+                                             .with(instance_of(Redis::CommandError)).and_call_original
+          expect(instrumentation_class).to receive(:log_exception)
+                                             .with(instance_of(Redis::CommandError)).and_call_original
+          expect(instrumentation_class).to receive(:instance_count_request).and_call_original
+
+          expect do
+            redis_store_class.with { |redis| redis.call(:auth, 'foo', 'bar') }
+          end.to raise_exception(Redis::CommandError)
+
+          expect(Thread.current[:redis_client_error_count]).to eq(0)
+        end
+      end
+    end
+
+    context 'in production environment' do
+      before do
+        stub_rails_env('production') # to avoid raising CrossSlotError
+      end
+
+      it 'counts disallowed cross-slot requests' do
+        expect(instrumentation_class).to receive(:increment_cross_slot_request_count).and_call_original
+        expect(instrumentation_class).not_to receive(:increment_allowed_cross_slot_request_count).and_call_original
+
+        redis_store_class.with { |redis| redis.call(:mget, 'foo', 'bar') }
+      end
+
+      it 'does not count allowed cross-slot requests' do
+        expect(instrumentation_class).not_to receive(:increment_cross_slot_request_count).and_call_original
+        expect(instrumentation_class).to receive(:increment_allowed_cross_slot_request_count).and_call_original
+
+        Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
+          redis_store_class.with { |redis| redis.call(:mget, 'foo', 'bar') }
+        end
+      end
+
+      it 'does not count allowed non-cross-slot requests' do
+        expect(instrumentation_class).not_to receive(:increment_cross_slot_request_count).and_call_original
+        expect(instrumentation_class).not_to receive(:increment_allowed_cross_slot_request_count).and_call_original
+
+        Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
+          redis_store_class.with { |redis| redis.call(:get, 'bar') }
+        end
+      end
+
+      it 'skips count for non-cross-slot requests' do
+        expect(instrumentation_class).not_to receive(:increment_cross_slot_request_count).and_call_original
+        expect(instrumentation_class).not_to receive(:increment_allowed_cross_slot_request_count).and_call_original
+
+        redis_store_class.with { |redis| redis.call(:mget, '{foo}bar', '{foo}baz') }
+      end
+    end
+
+    context 'without active RequestStore' do
+      before do
+        ::RequestStore.end!
+      end
+
+      it 'still runs cross-slot validation' do
+        expect do
+          redis_store_class.with { |redis| redis.mget('foo', 'bar') }
+        end.to raise_error(instance_of(Gitlab::Instrumentation::RedisClusterValidator::CrossSlotError))
+      end
+    end
+  end
+
+  describe 'latency' do
+    let(:instrumentation_class) { redis_store_class.instrumentation_class }
+
+    describe 'commands in the apdex' do
+      where(:command) do
+        [
+          [[:get, 'foobar']],
+          [%w[GET foobar]]
+        ]
+      end
+
+      with_them do
+        it 'measures requests we want in the apdex' do
+          expect(instrumentation_class).to receive(:instance_observe_duration).with(a_value > 0)
+            .and_call_original
+
+          redis_store_class.with { |redis| redis.call(*command) }
+        end
+      end
+
+      context 'with pipelined commands' do
+        it 'measures requests that do not have blocking commands' do
+          expect(instrumentation_class).to receive(:instance_observe_duration).twice.with(a_value > 0)
+            .and_call_original
+
+          redis_store_class.with do |redis|
+            redis.pipelined do |pipeline|
+              pipeline.call(:get, '{foobar}buz')
+              pipeline.call(:get, '{foobar}baz')
+            end
+          end
+        end
+
+        it 'raises error when keys are not from the same slot' do
+          expect do
+            redis_store_class.with do |redis|
+              redis.pipelined do |pipeline|
+                pipeline.call(:get, 'foo')
+                pipeline.call(:get, 'bar')
+              end
+            end
+          end.to raise_error(instance_of(Gitlab::Instrumentation::RedisClusterValidator::CrossSlotError))
+        end
+      end
+    end
+
+    describe 'commands not in the apdex' do
+      where(:setup, :command) do
+        [['rpush', 'foobar', 1]] | ['brpop', 'foobar', 0]
+        [['rpush', 'foobar', 1]] | ['blpop', 'foobar', 0]
+        [['rpush', '{abc}foobar', 1]] | ['brpoplpush', '{abc}foobar', '{abc}bazqux', 0]
+        [['rpush', '{abc}foobar', 1]] | ['brpoplpush', '{abc}foobar', '{abc}bazqux', 0]
+        [['zadd', 'foobar', 1, 'a']] | ['bzpopmin', 'foobar', 0]
+        [['zadd', 'foobar', 1, 'a']] | ['bzpopmax', 'foobar', 0]
+        [['xadd', 'mystream', 1, 'myfield', 'mydata']] | ['xread', 'block', 1, 'streams', 'mystream', '0-0']
+        [['xadd', 'foobar', 1, 'myfield', 'mydata'], ['xgroup', 'create', 'foobar', 'mygroup', 0]] | ['xreadgroup', 'group', 'mygroup', 'myconsumer', 'block', 1, 'streams', 'foobar', '0-0']
+        [] | ['command']
+      end
+
+      with_them do
+        it 'skips requests we do not want in the apdex' do
+          redis_store_class.with { |redis| setup.each { |cmd| redis.call(*cmd) } }
+
+          expect(instrumentation_class).not_to receive(:instance_observe_duration)
+
+          redis_store_class.with { |redis| redis.call(*command) }
+        end
+      end
+
+      context 'with pipelined commands' do
+        it 'skips requests that have blocking commands' do
+          expect(instrumentation_class).not_to receive(:instance_observe_duration)
+
+          redis_store_class.with do |redis|
+            redis.pipelined do |pipeline|
+              pipeline.call(:get, '{foobar}buz')
+              pipeline.call(:rpush, '{foobar}baz', 1)
+              pipeline.call(:brpop, '{foobar}baz', 0)
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/other_markup_spec.rb b/spec/lib/gitlab/other_markup_spec.rb
index 266cb75a8ac..8ae4bb39e4e 100644
--- a/spec/lib/gitlab/other_markup_spec.rb
+++ b/spec/lib/gitlab/other_markup_spec.rb
@@ -99,8 +99,8 @@ RSpec.describe Gitlab::OtherMarkup, feature_category: :wiki do
     end
 
     it 'times out' do
-      # expect 3 times because of timeout in SyntaxHighlightFilter and BlockquoteFenceFilter
-      expect(Gitlab::RenderTimeout).to receive(:timeout).exactly(3).times.and_call_original
+      # expect 2 times because of timeout in SyntaxHighlightFilter
+      expect(Gitlab::RenderTimeout).to receive(:timeout).twice.and_call_original
       expect(Gitlab::ErrorTracking).to receive(:track_exception).with(
         instance_of(Timeout::Error),
         project_id: context[:project].id, file_name: file_name,
diff --git a/spec/lib/gitlab/patch/node_loader_spec.rb b/spec/lib/gitlab/patch/node_loader_spec.rb
new file mode 100644
index 00000000000..000083fc6d0
--- /dev/null
+++ b/spec/lib/gitlab/patch/node_loader_spec.rb
@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Patch::NodeLoader, feature_category: :redis do
+  using RSpec::Parameterized::TableSyntax
+
+  describe '#fetch_node_info' do
+    let(:redis) { double(:redis) } # rubocop:disable RSpec/VerifiedDoubles
+
+    # rubocop:disable Naming/InclusiveLanguage
+    where(:case_name, :args, :value) do
+      [
+        [
+          'when only ip address is present',
+          "07c37df 127.0.0.1:30004@31004 slave e7d1eec 0 1426238317239 4 connected
+67ed2db 127.0.0.1:30002@31002 master - 0 1426238316232 2 connected 5461-10922
+292f8b3 127.0.0.1:30003@31003 master - 0 1426238318243 3 connected 10923-16383
+6ec2392 127.0.0.1:30005@31005 slave 67ed2db 0 1426238316232 5 connected
+824fe11 127.0.0.1:30006@31006 slave 292f8b3 0 1426238317741 6 connected
+e7d1eec 127.0.0.1:30001@31001 myself,master - 0 0 1 connected 0-5460",
+          {
+            '127.0.0.1:30004' => 'slave', '127.0.0.1:30002' => 'master', '127.0.0.1:30003' => 'master',
+            '127.0.0.1:30005' => 'slave', '127.0.0.1:30006' => 'slave', '127.0.0.1:30001' => 'master'
+          }
+        ],
+        [
+          'when hostname is present',
+          "07c37df 127.0.0.1:30004@31004,host1 slave e7d1eec 0 1426238317239 4 connected
+67ed2db 127.0.0.1:30002@31002,host2 master - 0 1426238316232 2 connected 5461-10922
+292f8b3 127.0.0.1:30003@31003,host3 master - 0 1426238318243 3 connected 10923-16383
+6ec2392 127.0.0.1:30005@31005,host4 slave 67ed2db 0 1426238316232 5 connected
+824fe11 127.0.0.1:30006@31006,host5 slave 292f8b3 0 1426238317741 6 connected
+e7d1eec 127.0.0.1:30001@31001,host6 myself,master - 0 0 1 connected 0-5460",
+          {
+            'host1:30004' => 'slave', 'host2:30002' => 'master', 'host3:30003' => 'master',
+            'host4:30005' => 'slave', 'host5:30006' => 'slave', 'host6:30001' => 'master'
+          }
+        ],
+        [
+          'when auxiliary fields are present',
+          "07c37df 127.0.0.1:30004@31004,,shard-id=69bc slave e7d1eec 0 1426238317239 4 connected
+67ed2db 127.0.0.1:30002@31002,,shard-id=114f master - 0 1426238316232 2 connected 5461-10922
+292f8b3 127.0.0.1:30003@31003,,shard-id=fdb3 master - 0 1426238318243 3 connected 10923-16383
+6ec2392 127.0.0.1:30005@31005,,shard-id=114f slave 67ed2db 0 1426238316232 5 connected
+824fe11 127.0.0.1:30006@31006,,shard-id=fdb3 slave 292f8b3 0 1426238317741 6 connected
+e7d1eec 127.0.0.1:30001@31001,,shard-id=69bc myself,master - 0 0 1 connected 0-5460",
+          {
+            '127.0.0.1:30004' => 'slave', '127.0.0.1:30002' => 'master', '127.0.0.1:30003' => 'master',
+            '127.0.0.1:30005' => 'slave', '127.0.0.1:30006' => 'slave', '127.0.0.1:30001' => 'master'
+          }
+        ],
+        [
+          'when hostname and auxiliary fields are present',
+          "07c37df 127.0.0.1:30004@31004,host1,shard-id=69bc slave e7d1eec 0 1426238317239 4 connected
+67ed2db 127.0.0.1:30002@31002,host2,shard-id=114f master - 0 1426238316232 2 connected 5461-10922
+292f8b3 127.0.0.1:30003@31003,host3,shard-id=fdb3 master - 0 1426238318243 3 connected 10923-16383
+6ec2392 127.0.0.1:30005@31005,host4,shard-id=114f slave 67ed2db 0 1426238316232 5 connected
+824fe11 127.0.0.1:30006@31006,host5,shard-id=fdb3 slave 292f8b3 0 1426238317741 6 connected
+e7d1eec 127.0.0.1:30001@31001,host6,shard-id=69bc myself,master - 0 0 1 connected 0-5460",
+          {
+            'host1:30004' => 'slave', 'host2:30002' => 'master', 'host3:30003' => 'master',
+            'host4:30005' => 'slave', 'host5:30006' => 'slave', 'host6:30001' => 'master'
+          }
+        ]
+      ]
+    end
+    # rubocop:enable Naming/InclusiveLanguage
+
+    with_them do
+      before do
+        allow(redis).to receive(:call).with([:cluster, :nodes]).and_return(args)
+      end
+
+      it do
+        expect(Redis::Cluster::NodeLoader.load_flags([redis])).to eq(value)
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/patch/redis_cache_store_spec.rb b/spec/lib/gitlab/patch/redis_cache_store_spec.rb
index ae9c31e0c51..21c256fdbbe 100644
--- a/spec/lib/gitlab/patch/redis_cache_store_spec.rb
+++ b/spec/lib/gitlab/patch/redis_cache_store_spec.rb
@@ -13,8 +13,6 @@ RSpec.describe Gitlab::Patch::RedisCacheStore, :use_clean_rails_redis_caching, f
     cache.write('{user1}:x', 1)
     cache.write('{user1}:y', 2)
     cache.write('{user1}:z', 3)
-
-    cache.instance_variable_set(:@pipeline_batch_size, nil)
   end
 
   describe '#read_multi_mget' do
@@ -36,7 +34,7 @@ RSpec.describe Gitlab::Patch::RedisCacheStore, :use_clean_rails_redis_caching, f
       end
 
       context 'when reading large amount of keys' do
-        let(:input_size) { 2100 }
+        let(:input_size) { 2000 }
         let(:chunk_size) { 1000 }
 
         shared_examples 'read large amount of keys' do
@@ -47,11 +45,10 @@ RSpec.describe Gitlab::Patch::RedisCacheStore, :use_clean_rails_redis_caching, f
                 ::Gitlab::Redis::ClusterUtil.cluster?(redis.default_store)
 
               if normal_cluster || multistore_cluster
-                times = (input_size.to_f / chunk_size).ceil
-                expect(redis).to receive(:pipelined).exactly(times).times.and_call_original
-
-                expect_next_instances_of(::Redis::PipelinedConnection, times) do |p|
-                  expect(p).to receive(:get).at_most(chunk_size).times
+                expect_next_instances_of(Gitlab::Redis::CrossSlot::Pipeline, 2) do |pipeline|
+                  obj = instance_double(::Redis)
+                  expect(pipeline).to receive(:pipelined).and_yield(obj)
+                  expect(obj).to receive(:get).exactly(chunk_size).times
                 end
               else
                 expect(redis).to receive(:mget).and_call_original
diff --git a/spec/lib/gitlab/patch/redis_client_spec.rb b/spec/lib/gitlab/patch/redis_client_spec.rb
index 3e2d46dd19c..af094e9e0d2 100644
--- a/spec/lib/gitlab/patch/redis_client_spec.rb
+++ b/spec/lib/gitlab/patch/redis_client_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe Gitlab::Patch::RedisClient, feature_category: :redis do
   include RedisHelpers
 
   let_it_be(:redis_store_class) { define_helper_redis_store_class }
-  let_it_be(:redis_client) { RedisClient.new(redis_store_class.params) }
+  let_it_be(:redis_client) { RedisClient.new(redis_store_class.redis_client_params) }
 
   before do
     Thread.current[:redis_client_error_count] = 1
diff --git a/spec/lib/gitlab/patch/redis_store_factory_spec.rb b/spec/lib/gitlab/patch/redis_store_factory_spec.rb
deleted file mode 100644
index be37a044ac1..00000000000
--- a/spec/lib/gitlab/patch/redis_store_factory_spec.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe Gitlab::Patch::RedisStoreFactory, feature_category: :redis do
-  describe '#create' do
-    let(:params) { { host: 'localhost' } }
-
-    subject(:factory_create) { ::Redis::Store::Factory.create(params) } # rubocop:disable Rails/SaveBang -- redis-store does not implement create!
-
-    context 'when using standalone Redis' do
-      it 'does not create ClusterStore' do
-        expect(Gitlab::Redis::ClusterStore).not_to receive(:new)
-
-        factory_create
-      end
-    end
-
-    context 'when using a Redis Cluster' do
-      let(:params) { { nodes: ["redis://localhost:6001", "redis://localhost:6002"] } }
-
-      it 'creates a ClusterStore' do
-        expect(Gitlab::Redis::ClusterStore).to receive(:new).with(params.merge({ raw: false }))
-
-        factory_create
-      end
-    end
-  end
-end
diff --git a/spec/lib/gitlab/rack_attack/store_spec.rb b/spec/lib/gitlab/rack_attack/store_spec.rb
index efe6f9382f9..19b3f239d91 100644
--- a/spec/lib/gitlab/rack_attack/store_spec.rb
+++ b/spec/lib/gitlab/rack_attack/store_spec.rb
@@ -102,7 +102,7 @@ RSpec.describe Gitlab::RackAttack::Store, :clean_gitlab_redis_rate_limiting, fea
       before do
         broken_redis = Redis.new(
           url: 'redis://127.0.0.0:0',
-          custom: { instrumentation_class: Gitlab::Redis::RateLimiting.instrumentation_class }
+          instrumentation_class: Gitlab::Redis::RateLimiting.instrumentation_class
         )
         allow(Gitlab::Redis::RateLimiting).to receive(:with).and_yield(broken_redis)
       end
diff --git a/spec/lib/gitlab/redis/cluster_store_spec.rb b/spec/lib/gitlab/redis/cluster_store_spec.rb
deleted file mode 100644
index aaeee6156a0..00000000000
--- a/spec/lib/gitlab/redis/cluster_store_spec.rb
+++ /dev/null
@@ -1,116 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-# This spec only runs if a Redis Cluster is configured for Gitlab::Redis::Cache.
-# ::Redis::Cluster fetches the cluster details from the server on `initialize` and will raise
-# an error if the cluster is not found.
-#
-# An example would be the following in config/redis.yml assuming gdk is set up with redis-cluster.
-# test:
-#   cache
-#     cluster:
-#       - "redis://127.0.0.1:6003"
-#       - "redis://127.0.0.1:6004"
-#       - "redis://127.0.0.1:6005"
-RSpec.describe Gitlab::Redis::ClusterStore, :clean_gitlab_redis_cache,
-  feature_category: :redis, if: ::Gitlab::Redis::Cache.params[:nodes] do
-  let(:params) { ::Gitlab::Redis::Cache.params }
-
-  subject(:store) { ::Redis::Store::Factory.create(params) } # rubocop:disable Rails/SaveBang -- not a rails method
-
-  describe '.new' do
-    it 'initialises a cluster store' do
-      expect(store).to be_instance_of(::Gitlab::Redis::ClusterStore)
-    end
-
-    it 'extends Serialization by default' do
-      expect(store.is_a?(::Redis::Store::Serialization)).to eq(true)
-    end
-
-    it 'sets a default serializer when left empty' do
-      expect(store.instance_variable_get(:@serializer)).to eq(Marshal)
-    end
-
-    context 'when serializer field is defined' do
-      let(:params) { ::Gitlab::Redis::Cache.params.merge(serializer: Class) }
-
-      it 'sets serializer according to the options' do
-        expect(store.instance_variable_get(:@serializer)).to eq(Class)
-      end
-    end
-
-    context 'when marshalling field is defined' do
-      let(:params) { ::Gitlab::Redis::Cache.params.merge(marshalling: true, serializer: Class) }
-
-      it 'overrides serializer with Marshal' do
-        expect(store.instance_variable_get(:@serializer)).to eq(Marshal)
-      end
-    end
-
-    context 'when marshalling field is false' do
-      let(:params) { ::Gitlab::Redis::Cache.params.merge(marshalling: false, serializer: Class) }
-
-      it 'overrides serializer with Marshal' do
-        expect(store.instance_variable_get(:@serializer)).to eq(nil)
-      end
-    end
-
-    context 'when namespace is defined' do
-      let(:params) { ::Gitlab::Redis::Cache.params.merge(namespace: 'testing') }
-
-      it 'extends namespace' do
-        expect(store.is_a?(::Redis::Store::Namespace)).to eq(true)
-      end
-
-      it 'write keys with namespace' do
-        store.set('testkey', 1)
-
-        ::Gitlab::Redis::Cache.with do |conn|
-          expect(conn.exists('testing:testkey')).to eq(1)
-        end
-      end
-    end
-  end
-
-  describe '#set' do
-    context 'when ttl is added' do
-      it 'writes the key and sets a ttl' do
-        expect(store.set('test', 1, expire_after: 100)).to eq('OK')
-
-        expect(store.ttl('test')).to be > 95
-        expect(store.get('test')).to eq(1)
-      end
-    end
-
-    context 'when there is no ttl' do
-      it 'sets the key' do
-        expect(store.set('test', 1)).to eq('OK')
-
-        expect(store.get('test')).to eq(1)
-        expect(store.ttl('test')).to eq(-1)
-      end
-    end
-  end
-
-  describe '#setnx' do
-    context 'when ttl is added' do
-      it 'writes the key if not exists and sets a ttl' do
-        expect(store.setnx('test', 1, expire_after: 100)).to eq([true, true])
-        expect(store.ttl('test')).to be > 95
-        expect(store.get('test')).to eq(1)
-        expect(store.setnx('test', 1, expire_after: 100)).to eq([false, true])
-      end
-    end
-
-    context 'when there is no ttl' do
-      it 'writes the key if not exists' do
-        expect(store.setnx('test', 1)).to eq(true)
-        expect(store.setnx('test', 1)).to eq(false)
-
-        expect(store.get('test')).to eq(1)
-        expect(store.ttl('test')).to eq(-1)
-      end
-    end
-  end
-end
diff --git a/spec/lib/gitlab/redis/cluster_util_spec.rb b/spec/lib/gitlab/redis/cluster_util_spec.rb
index 1cd6a450584..a5175450145 100644
--- a/spec/lib/gitlab/redis/cluster_util_spec.rb
+++ b/spec/lib/gitlab/redis/cluster_util_spec.rb
@@ -5,14 +5,10 @@ require 'spec_helper'
 RSpec.describe Gitlab::Redis::ClusterUtil, feature_category: :scalability do
   using RSpec::Parameterized::TableSyntax
 
-  let(:router_stub) { instance_double(::RedisClient::Cluster::Router) }
-
-  before do
-    allow(::RedisClient::Cluster::Router).to receive(:new).and_return(router_stub)
-  end
-
   describe '.cluster?' do
     context 'when MultiStore' do
+      let(:redis_cluster) { instance_double(::Redis::Cluster) }
+
       where(:pri_store, :sec_store, :expected_val) do
         :cluster | :cluster | true
         :cluster | :single  | true
@@ -21,7 +17,10 @@ RSpec.describe Gitlab::Redis::ClusterUtil, feature_category: :scalability do
       end
 
       before do
-        allow(router_stub).to receive(:node_keys).and_return([])
+        # stub all initialiser steps in Redis::Cluster.new to avoid connecting to a Redis Cluster node
+        allow(::Redis::Cluster).to receive(:new).and_return(redis_cluster)
+        allow(redis_cluster).to receive(:is_a?).with(::Redis::Cluster).and_return(true)
+        allow(redis_cluster).to receive(:id).and_return(1)
 
         allow(Gitlab::Redis::MultiStore).to receive(:same_redis_store?).and_return(false)
         skip_default_enabled_yaml_check
@@ -29,8 +28,8 @@ RSpec.describe Gitlab::Redis::ClusterUtil, feature_category: :scalability do
 
       with_them do
         it 'returns expected value' do
-          primary_redis = pri_store == :cluster ? Redis::Cluster.new(nodes: ['redis://localhost:6000']) : Redis.new
-          secondary_redis = sec_store == :cluster ? Redis::Cluster.new(nodes: ['redis://localhost:6000']) : Redis.new
+          primary_redis = pri_store == :cluster ? ::Redis.new(cluster: ['redis://localhost:6000']) : ::Redis.new
+          secondary_redis = sec_store == :cluster ? ::Redis.new(cluster: ['redis://localhost:6000']) : ::Redis.new
           primary_pool = ConnectionPool.new { primary_redis }
           secondary_pool = ConnectionPool.new { secondary_redis }
           multistore = Gitlab::Redis::MultiStore.new(primary_pool, secondary_pool, 'teststore')
@@ -49,8 +48,16 @@ RSpec.describe Gitlab::Redis::ClusterUtil, feature_category: :scalability do
     end
 
     context 'when is Redis::Cluster' do
+      let(:redis_cluster) { instance_double(::Redis::Cluster) }
+
+      before do
+        # stub all initialiser steps in Redis::Cluster.new to avoid connecting to a Redis Cluster node
+        allow(::Redis::Cluster).to receive(:new).and_return(redis_cluster)
+        allow(redis_cluster).to receive(:is_a?).with(::Redis::Cluster).and_return(true)
+      end
+
       it 'returns true' do
-        expect(described_class.cluster?(Redis::Cluster.new(nodes: ['redis://localhost:6000']))).to be_truthy
+        expect(described_class.cluster?(::Redis.new(cluster: ['redis://localhost:6000']))).to be_truthy
       end
     end
   end
diff --git a/spec/lib/gitlab/redis/command_builder_spec.rb b/spec/lib/gitlab/redis/command_builder_spec.rb
deleted file mode 100644
index 7ebb0228d2d..00000000000
--- a/spec/lib/gitlab/redis/command_builder_spec.rb
+++ /dev/null
@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-# references specs in https://github.com/redis-rb/redis-client/blob/master/test/redis_client/command_builder_test.rb
-# we add `handles nil arguments` to test our own added logic
-RSpec.describe Gitlab::Redis::CommandBuilder, feature_category: :redis do
-  describe '.generate' do
-    def call(*args, **kwargs)
-      described_class.generate(args, kwargs)
-    end
-
-    it 'handles nil arguments' do
-      expect(call("a", nil)).to eq(["a", ""])
-    end
-
-    it 'handles positional arguments' do
-      expect(call("a", "b", "c")).to eq(%w[a b c])
-    end
-
-    it 'handles arrays' do
-      expect(call("a", %w[b c])).to eq(%w[a b c])
-    end
-
-    it 'handles hashes' do
-      expect(call("a", { "b" => "c" })).to eq(%w[a b c])
-    end
-
-    it 'handles symbols' do
-      expect(call(:a, { b: :c }, :d)).to eq(%w[a b c d])
-    end
-
-    it 'handles numerics' do
-      expect(call(1, 2.3)).to eq(["1", "2.3"])
-    end
-
-    it 'handles kwargs booleans' do
-      expect(call(ttl: nil, ex: false, withscores: true)).to eq(["withscores"])
-    end
-
-    it 'handles kwargs values' do
-      expect(call(ttl: 42)).to eq(%w[ttl 42])
-    end
-
-    it 'handles nil kwargs' do
-      expect(call(%i[a b c])).to eq(%w[a b c])
-    end
-
-    it 'raises error on unsupported types' do
-      expect { call(hash: {}) }.to raise_error(TypeError)
-    end
-
-    it 'raises error on empty commands' do
-      expect { call }.to raise_error(ArgumentError)
-    end
-  end
-end
diff --git a/spec/lib/gitlab/redis/cross_slot_spec.rb b/spec/lib/gitlab/redis/cross_slot_spec.rb
new file mode 100644
index 00000000000..4e9830f4110
--- /dev/null
+++ b/spec/lib/gitlab/redis/cross_slot_spec.rb
@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Redis::CrossSlot, feature_category: :redis do
+  include RedisHelpers
+
+  let_it_be(:redis_store_class) { define_helper_redis_store_class }
+
+  before do
+    redis_store_class.with(&:flushdb)
+  end
+
+  describe '.pipelined' do
+    context 'when using redis client' do
+      before do
+        redis_store_class.with { |redis| redis.set('a', 1) }
+      end
+
+      it 'performs redis-rb pipelined' do
+        expect(Gitlab::Redis::CrossSlot::Router).not_to receive(:new)
+
+        expect(
+          Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
+            redis_store_class.with do |redis|
+              described_class::Pipeline.new(redis).pipelined do |p|
+                p.get('a')
+                p.set('b', 1)
+              end
+            end
+          end
+        ).to eq(%w[1 OK])
+      end
+    end
+
+    context 'when using with MultiStore' do
+      let_it_be(:primary_db) { 1 }
+      let_it_be(:secondary_db) { 2 }
+      let_it_be(:primary_store) { create_redis_store(redis_store_class.params, db: primary_db, serializer: nil) }
+      let_it_be(:secondary_store) { create_redis_store(redis_store_class.params, db: secondary_db, serializer: nil) }
+      let_it_be(:primary_pool) { ConnectionPool.new { primary_store } }
+      let_it_be(:secondary_pool) { ConnectionPool.new { secondary_store } }
+      let_it_be(:multistore) { Gitlab::Redis::MultiStore.new(primary_pool, secondary_pool, 'testing') }
+
+      before do
+        primary_store.set('a', 1)
+        secondary_store.set('a', 1)
+        skip_default_enabled_yaml_check
+      end
+
+      it 'performs multistore pipelined' do
+        expect(Gitlab::Redis::CrossSlot::Router).not_to receive(:new)
+
+        expect(
+          Gitlab::Instrumentation::RedisClusterValidator.allow_cross_slot_commands do
+            multistore.with_borrowed_connection do
+              described_class::Pipeline.new(multistore).pipelined do |p|
+                p.get('a')
+                p.set('b', 1)
+              end
+            end
+          end
+        ).to eq(%w[1 OK])
+      end
+    end
+
+    context 'when using Redis::Cluster' do
+      # Only stub redis client internals since the CI pipeline does not run a Redis Cluster
+      let(:redis) { double(:redis) } # rubocop:disable RSpec/VerifiedDoubles
+      let(:client) { double(:client) } # rubocop:disable RSpec/VerifiedDoubles
+      let(:pipeline) { double(:pipeline) } # rubocop:disable RSpec/VerifiedDoubles
+
+      let(:arguments) { %w[a b c d] }
+
+      subject do
+        described_class::Pipeline.new(redis).pipelined do |p|
+          arguments.each { |key| p.get(key) }
+        end
+      end
+
+      before do
+        allow(redis).to receive(:_client).and_return(client)
+        allow(redis).to receive(:pipelined).and_yield(pipeline)
+        allow(client).to receive(:instance_of?).with(::Redis::Cluster).and_return(true)
+      end
+
+      it 'fan-out and fan-in commands to separate shards' do
+        # simulate fan-out to 3 shards with random order
+        expect(client).to receive(:_find_node_key).exactly(4).times.and_return(3, 2, 1, 3)
+
+        arguments.each do |key|
+          f = double('future') # rubocop:disable RSpec/VerifiedDoubles
+          expect(pipeline).to receive(:get).with(key).and_return(f)
+          expect(f).to receive(:value).and_return(key)
+        end
+
+        expect(subject).to eq(arguments)
+      end
+
+      shared_examples 'fallback on cross-slot' do |redirection|
+        context 'when redis cluster undergoing slot migration' do
+          before do
+            allow(pipeline).to receive(:get).and_raise(::Redis::CommandError.new("#{redirection} 1 127.0.0.1:7001"))
+          end
+
+          it 'logs error and executes sequentially' do
+            expect(client).to receive(:_find_node_key).exactly(4).times.and_return(3, 2, 1, 3)
+            expect(Gitlab::ErrorTracking).to receive(:log_exception).with(an_instance_of(::Redis::CommandError))
+
+            arguments.each do |key|
+              expect(redis).to receive(:get).with(key).and_return(key)
+            end
+
+            subject
+          end
+        end
+      end
+
+      it_behaves_like 'fallback on cross-slot', 'MOVED'
+      it_behaves_like 'fallback on cross-slot', 'ASK'
+
+      context 'when receiving non-MOVED/ASK command errors' do
+        before do
+          allow(pipeline).to receive(:get).and_raise(::Redis::CommandError.new)
+          allow(client).to receive(:_find_node_key).exactly(4).times.and_return(3, 2, 1, 3)
+        end
+
+        it 'raises error' do
+          expect { subject }.to raise_error(::Redis::CommandError)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/redis/multi_store_spec.rb b/spec/lib/gitlab/redis/multi_store_spec.rb
index 0d841be4e3c..348215d553c 100644
--- a/spec/lib/gitlab/redis/multi_store_spec.rb
+++ b/spec/lib/gitlab/redis/multi_store_spec.rb
@@ -58,7 +58,6 @@ RSpec.describe Gitlab::Redis::MultiStore, feature_category: :redis do
   context 'when primary_store is not a ::Redis instance' do
     before do
       allow(primary_store).to receive(:is_a?).with(::Redis).and_return(false)
-      allow(primary_store).to receive(:is_a?).with(::Redis::Cluster).and_return(false)
     end
 
     it 'fails with exception' do
@@ -70,7 +69,6 @@ RSpec.describe Gitlab::Redis::MultiStore, feature_category: :redis do
   context 'when secondary_store is not a ::Redis instance' do
     before do
       allow(secondary_store).to receive(:is_a?).with(::Redis).and_return(false)
-      allow(secondary_store).to receive(:is_a?).with(::Redis::Cluster).and_return(false)
     end
 
     it 'fails with exception' do
@@ -620,6 +618,35 @@ RSpec.describe Gitlab::Redis::MultiStore, feature_category: :redis do
         end
       end
 
+      context 'when either store is a an instance of ::Redis::Cluster' do
+        let(:pipeline) { double }
+        let(:client) { double }
+
+        before do
+          allow(client).to receive(:instance_of?).with(::Redis::Cluster).and_return(true)
+          allow(pipeline).to receive(:pipelined)
+          multi_store.with_borrowed_connection do
+            allow(multi_store.default_store).to receive(:_client).and_return(client)
+          end
+        end
+
+        it 'calls cross-slot pipeline within multistore' do
+          if name == :pipelined
+            # we intentionally exclude `.and_call_original` since primary_store/secondary_store
+            # may not be running on a proper Redis Cluster.
+            multi_store.with_borrowed_connection do
+              expect(Gitlab::Redis::CrossSlot::Pipeline).to receive(:new)
+                                                              .with(multi_store.default_store)
+                                                              .exactly(:once)
+                                                              .and_return(pipeline)
+              expect(Gitlab::Redis::CrossSlot::Pipeline).not_to receive(:new).with(multi_store.non_default_store)
+            end
+          end
+
+          subject
+        end
+      end
+
       context 'when with_readonly_pipeline is used' do
         it 'calls the default store only' do
           expect(primary_store).to receive(:send).and_call_original
diff --git a/spec/lib/gitlab/redis/sessions_spec.rb b/spec/lib/gitlab/redis/sessions_spec.rb
index e822b7399b7..874822e3e6a 100644
--- a/spec/lib/gitlab/redis/sessions_spec.rb
+++ b/spec/lib/gitlab/redis/sessions_spec.rb
@@ -8,9 +8,9 @@ RSpec.describe Gitlab::Redis::Sessions do
   describe '#store' do
     subject(:store) { described_class.store(namespace: described_class::SESSION_NAMESPACE) }
 
-    # Check that Gitlab::Redis::Sessions is configured as RedisStore or ClusterStore
+    # Check that Gitlab::Redis::Sessions is configured as RedisStore.
     it 'instantiates an instance of Redis::Store' do
-      expect([::Redis::Store, ::Gitlab::Redis::ClusterStore].include?(store.class)).to eq(true)
+      expect(store).to be_instance_of(::Redis::Store)
     end
   end
 end
diff --git a/spec/models/namespace_setting_spec.rb b/spec/models/namespace_setting_spec.rb
index 5cc33274127..249fcbdaea9 100644
--- a/spec/models/namespace_setting_spec.rb
+++ b/spec/models/namespace_setting_spec.rb
@@ -456,6 +456,10 @@ RSpec.describe NamespaceSetting, feature_category: :groups_and_projects, type: :
     it_behaves_like 'a cascading namespace setting boolean attribute', settings_attribute_name: :toggle_security_policies_policy_scope
   end
 
+  describe '#math_rendering_limits_enabled' do
+    it_behaves_like 'a cascading namespace setting boolean attribute', settings_attribute_name: :math_rendering_limits_enabled
+  end
+
   describe 'default_branch_protection_defaults' do
     let(:defaults) { { name: 'main', push_access_level: 30, merge_access_level: 30, unprotect_access_level: 40 } }
 
diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb
index a28e8b42d67..d3d35b689ef 100644
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
@@ -509,6 +509,9 @@ RSpec.describe Namespace, feature_category: :groups_and_projects do
     it { is_expected.to delegate_method(:maven_package_requests_forwarding).to(:package_settings) }
     it { is_expected.to delegate_method(:pypi_package_requests_forwarding).to(:package_settings) }
     it { is_expected.to delegate_method(:npm_package_requests_forwarding).to(:package_settings) }
+    it { is_expected.to delegate_method(:math_rendering_limits_enabled).to(:namespace_settings) }
+    it { is_expected.to delegate_method(:math_rendering_limits_enabled?).to(:namespace_settings) }
+    it { is_expected.to delegate_method(:lock_math_rendering_limits_enabled?).to(:namespace_settings) }
 
     it do
       is_expected.to delegate_method(:prevent_sharing_groups_outside_hierarchy=).to(:namespace_settings)
diff --git a/spec/requests/api/graphql/mutations/groups/update_spec.rb b/spec/requests/api/graphql/mutations/groups/update_spec.rb
index b75b2464c22..1e17f2d455c 100644
--- a/spec/requests/api/graphql/mutations/groups/update_spec.rb
+++ b/spec/requests/api/graphql/mutations/groups/update_spec.rb
@@ -11,7 +11,11 @@ RSpec.describe 'GroupUpdate', feature_category: :groups_and_projects do
   let(:variables) do
     {
       full_path: group.full_path,
-      shared_runners_setting: 'DISABLED_AND_OVERRIDABLE'
+      shared_runners_setting: 'DISABLED_AND_OVERRIDABLE',
+
+      # set to `false` since the default of this cascaded setting is `true`
+      math_rendering_limits_enabled: false,
+      lock_math_rendering_limits_enabled: true
     }
   end
 
@@ -32,7 +36,7 @@ RSpec.describe 'GroupUpdate', feature_category: :groups_and_projects do
 
     context 'when a non-admin group member' do
       before do
-        group.add_developer(user)
+        group.add_maintainer(user)
       end
 
       it_behaves_like 'unauthorized'
@@ -44,6 +48,15 @@ RSpec.describe 'GroupUpdate', feature_category: :groups_and_projects do
       group.add_owner(user)
     end
 
+    it 'updates math rendering settings' do
+      post_graphql_mutation(mutation, current_user: user)
+
+      expect(response).to have_gitlab_http_status(:success)
+      expect(graphql_errors).to be_nil
+      expect(group.reload.math_rendering_limits_enabled?).to be_falsey
+      expect(group.reload.lock_math_rendering_limits_enabled?).to be_truthy
+    end
+
     it 'updates shared runners settings' do
       post_graphql_mutation(mutation, current_user: user)
 
diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index f2876ddee1b..cacf11e2f67 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -595,6 +595,7 @@ RSpec.describe API::Groups, feature_category: :groups_and_projects do
         expect(json_response['shared_projects']).to be_an Array
         expect(json_response['shared_projects'].length).to eq(1)
         expect(json_response['shared_projects'][0]['id']).to eq(project.id)
+        expect(json_response['math_rendering_limits_enabled']).to eq(group2.math_rendering_limits_enabled?)
       end
 
       it "returns one of user1's groups without projects when with_projects option is set to false", :aggregate_failures do
@@ -916,7 +917,9 @@ RSpec.describe API::Groups, feature_category: :groups_and_projects do
             subgroup_creation_level: "maintainer",
             default_branch_protection: ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS,
             prevent_sharing_groups_outside_hierarchy: true,
-            avatar: fixture_file_upload(file_path)
+            avatar: fixture_file_upload(file_path),
+            math_rendering_limits_enabled: false,
+            lock_math_rendering_limits_enabled: true
           }
         )
 
@@ -942,7 +945,8 @@ RSpec.describe API::Groups, feature_category: :groups_and_projects do
         expect(json_response['shared_projects'].length).to eq(0)
         expect(json_response['default_branch_protection']).to eq(::Gitlab::Access::MAINTAINER_PROJECT_ACCESS)
         expect(json_response['avatar_url']).to end_with('dk.png')
-        expect(json_response['prevent_sharing_groups_outside_hierarchy']).to eq(true)
+        expect(json_response['math_rendering_limits_enabled']).to eq(false)
+        expect(json_response['lock_math_rendering_limits_enabled']).to eq(true)
       end
 
       it 'removes the group avatar', :aggregate_failures do
diff --git a/spec/services/branch_rules/destroy_service_spec.rb b/spec/services/branch_rules/destroy_service_spec.rb
new file mode 100644
index 00000000000..510bd1214d2
--- /dev/null
+++ b/spec/services/branch_rules/destroy_service_spec.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe BranchRules::DestroyService, feature_category: :source_code_management do
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:protected_branch) { create(:protected_branch) }
+
+  describe '#execute' do
+    let(:branch_rule) { Projects::BranchRule.new(project, protected_branch) }
+    let(:action_allowed) { true }
+    let(:destroy_service) { ProtectedBranches::DestroyService }
+    let(:destroy_service_instance) { instance_double(destroy_service) }
+
+    subject(:execute) { described_class.new(branch_rule, user).execute }
+
+    before do
+      # We need to stub the call inside the nested services first
+      allow(Ability).to receive(:allowed?).and_return(true)
+      allow(Ability)
+        .to receive(:allowed?).with(user, :destroy_protected_branch, branch_rule)
+        .and_return(action_allowed)
+    end
+
+    context 'when the current_user cannot destroy the branch rule' do
+      let(:action_allowed) { false }
+
+      it 'raises an access denied error' do
+        expect { execute }.to raise_error(Gitlab::Access::AccessDeniedError)
+      end
+    end
+
+    context 'when branch_rule is a Projects::BranchRule' do
+      it 'deletes the ProtectedBranch and returns a success execute' do
+        expect(execute[:status]).to eq(:success)
+        expect(protected_branch).to be_destroyed
+      end
+
+      context 'if the deletion fails' do
+        before do
+          allow(destroy_service).to receive(:new).and_return(destroy_service_instance)
+          allow(destroy_service_instance).to receive(:execute).and_return(false)
+        end
+
+        it 'returns an error execute' do
+          response = execute
+          expect(response[:message]).to eq('Failed to delete branch rule.')
+          expect(response[:status]).to eq(:error)
+        end
+      end
+    end
+
+    context 'when branch_rule is a ProtectedBranch' do
+      let(:branch_rule) { protected_branch }
+
+      it 'returns error' do
+        response = execute
+        expect(response[:message]).to eq('Unknown branch rule type.')
+        expect(response[:status]).to eq(:error)
+      end
+    end
+  end
+end
diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb
index e812b577b27..a4227b3b28b 100644
--- a/spec/services/groups/create_service_spec.rb
+++ b/spec/services/groups/create_service_spec.rb
@@ -104,6 +104,18 @@ RSpec.describe Groups::CreateService, '#execute', feature_category: :groups_and_
     it_behaves_like 'creating a group'
   end
 
+  context 'with `math_rendering_limits_enabled` attribute' do
+    let(:extra_params) { { math_rendering_limits_enabled: false } }
+
+    it_behaves_like 'creating a group'
+  end
+
+  context 'with `lock_math_rendering_limits_enabled` attribute' do
+    let(:extra_params) { { lock_math_rendering_limits_enabled: false } }
+
+    it_behaves_like 'creating a group'
+  end
+
   context 'for a top level group' do
     context 'when user can create a group' do
       before do
diff --git a/spec/services/groups/update_service_spec.rb b/spec/services/groups/update_service_spec.rb
index ceb0f5c45b4..0d160911eab 100644
--- a/spec/services/groups/update_service_spec.rb
+++ b/spec/services/groups/update_service_spec.rb
@@ -384,10 +384,44 @@ RSpec.describe Groups::UpdateService, feature_category: :groups_and_projects do
     end
 
     it 'does not update when not group owner' do
+      internal_group.add_member(user, Gitlab::Access::MAINTAINER)
+
       expect { service.execute }.not_to change { internal_group.emails_disabled }
     end
   end
 
+  context 'when updating #math_rendering_limits_enabled' do
+    let(:service) { described_class.new(internal_group, user, math_rendering_limits_enabled: false) }
+
+    it 'updates attribute' do
+      internal_group.add_member(user, Gitlab::Access::OWNER)
+
+      expect { service.execute }.to change { internal_group.math_rendering_limits_enabled }.to(false)
+    end
+
+    it 'does not update when not group owner' do
+      internal_group.add_member(user, Gitlab::Access::MAINTAINER)
+
+      expect { service.execute }.not_to change { internal_group.math_rendering_limits_enabled }
+    end
+  end
+
+  context 'when updating #lock_math_rendering_limits_enabled' do
+    let(:service) { described_class.new(internal_group, user, lock_math_rendering_limits_enabled: true) }
+
+    it 'updates attribute' do
+      internal_group.add_member(user, Gitlab::Access::OWNER)
+
+      expect { service.execute }.to change { internal_group.lock_math_rendering_limits_enabled? }.to(true)
+    end
+
+    it 'does not update when not group owner' do
+      internal_group.add_member(user, Gitlab::Access::MAINTAINER)
+
+      expect { service.execute }.not_to change { internal_group.lock_math_rendering_limits_enabled? }
+    end
+  end
+
   context 'updating default_branch_protection' do
     let(:service) do
       described_class.new(internal_group, user, default_branch_protection: Gitlab::Access::PROTECTION_NONE)
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 7deb34c0a64..058208fdf98 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -544,15 +544,15 @@ end
 
 Rack::Test::UploadedFile.prepend(TouchRackUploadedFile)
 
-# Inject middleware to enable ActiveSupport::Notifications for Redis commands
+# Monkey-patch to enable ActiveSupport::Notifications for Redis commands
 module RedisCommands
   module Instrumentation
-    def call(command, redis_config)
-      ActiveSupport::Notifications.instrument('redis.process_commands', commands: command) do
-        super(command, redis_config)
+    def process(commands, &block)
+      ActiveSupport::Notifications.instrument('redis.process_commands', commands: commands) do
+        super(commands, &block)
       end
     end
   end
 end
 
-RedisClient.register(RedisCommands::Instrumentation)
+Redis::Client.prepend(RedisCommands::Instrumentation)
diff --git a/spec/support/helpers/database/duplicate_indexes.yml b/spec/support/helpers/database/duplicate_indexes.yml
index 29202d49e78..6162c1f0791 100644
--- a/spec/support/helpers/database/duplicate_indexes.yml
+++ b/spec/support/helpers/database/duplicate_indexes.yml
@@ -134,9 +134,6 @@ requirements_management_test_reports:
 sbom_component_versions:
   index_sbom_component_versions_on_component_id_and_version:
     - index_sbom_component_versions_on_component_id
-sbom_occurrences:
-  index_sbom_occurrences_on_project_id_and_component_id_and_id:
-    - index_sbom_occurrences_on_project_id_component_id
 search_namespace_index_assignments:
   index_search_namespace_index_assignments_uniqueness_index_type:
     - index_search_namespace_index_assignments_on_namespace_id
diff --git a/spec/support/helpers/dns_helpers.rb b/spec/support/helpers/dns_helpers.rb
index 27310c7e04c..0250e432609 100644
--- a/spec/support/helpers/dns_helpers.rb
+++ b/spec/support/helpers/dns_helpers.rb
@@ -60,8 +60,8 @@ module DnsHelpers
   def permit_redis!
     # https://github.com/redis-rb/redis-client/blob/v0.11.2/lib/redis_client/ruby_connection.rb#L51 uses Socket.tcp that
     # calls Addrinfo.getaddrinfo internally.
-    hosts = Gitlab::Redis::ALL_CLASSES.flat_map do |redis_instance|
-      redis_instance.params[:host] || redis_instance.params[:nodes]&.map { |n| n[:host] }
+    hosts = Gitlab::Redis::ALL_CLASSES.map do |redis_instance|
+      redis_instance.redis_client_params[:host]
     end.uniq.compact
 
     hosts.each do |host|
diff --git a/spec/support/matchers/exceed_redis_call_limit.rb b/spec/support/matchers/exceed_redis_call_limit.rb
index 2cb92089723..2b1e1ebad23 100644
--- a/spec/support/matchers/exceed_redis_call_limit.rb
+++ b/spec/support/matchers/exceed_redis_call_limit.rb
@@ -14,7 +14,7 @@ module ExceedRedisCallLimitHelpers
   end
 
   def verify_commands_count(command, expected, block)
-    @actual = build_recorder(block).by_command(command.to_s).count
+    @actual = build_recorder(block).by_command(command).count
 
     @actual > expected
   end
diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml
index 0e642a5c8d1..a9de4a6da59 100644
--- a/spec/support/rspec_order_todo.yml
+++ b/spec/support/rspec_order_todo.yml
@@ -6292,6 +6292,7 @@
 - './spec/lib/gitlab/instrumentation/rate_limiting_gates_spec.rb'
 - './spec/lib/gitlab/instrumentation/redis_base_spec.rb'
 - './spec/lib/gitlab/instrumentation/redis_cluster_validator_spec.rb'
+- './spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb'
 - './spec/lib/gitlab/instrumentation/redis_spec.rb'
 - './spec/lib/gitlab/internal_post_receive/response_spec.rb'
 - './spec/lib/gitlab/issuable/clone/attributes_rewriter_spec.rb'
@@ -9284,7 +9285,6 @@
 - './spec/views/layouts/_head.html.haml_spec.rb'
 - './spec/views/layouts/profile.html.haml_spec.rb'
 - './spec/views/layouts/_published_experiments.html.haml_spec.rb'
-- './spec/views/layouts/signup_onboarding.html.haml_spec.rb'
 - './spec/views/layouts/terms.html.haml_spec.rb'
 - './spec/views/notify/autodevops_disabled_email.text.erb_spec.rb'
 - './spec/views/notify/changed_milestone_email.html.haml_spec.rb'
diff --git a/spec/support/shared_examples/lib/gitlab/bitbucket_import/object_import_shared_examples.rb b/spec/support/shared_examples/lib/gitlab/bitbucket_import/object_import_shared_examples.rb
index 55ce520caab..3dbe43d822f 100644
--- a/spec/support/shared_examples/lib/gitlab/bitbucket_import/object_import_shared_examples.rb
+++ b/spec/support/shared_examples/lib/gitlab/bitbucket_import/object_import_shared_examples.rb
@@ -25,7 +25,7 @@ RSpec.shared_examples Gitlab::BitbucketImport::ObjectImporter do
 
         expect(Gitlab::JobWaiter).to receive(:notify).with(waiter_key, anything)
 
-        worker.class.perform_inline(project_id, {}, waiter_key)
+        worker.perform(project_id, {}, waiter_key)
       end
     end
 
@@ -49,7 +49,7 @@ RSpec.shared_examples Gitlab::BitbucketImport::ObjectImporter do
         expect(Gitlab::BitbucketImport::Logger).to receive(:info).twice
         expect_next(worker.importer_class, project, kind_of(Hash)).to receive(:execute)
 
-        worker.class.perform_inline(project_id, {}, waiter_key)
+        worker.perform(project_id, {}, waiter_key)
       end
 
       it_behaves_like 'notifies the waiter'
@@ -62,7 +62,7 @@ RSpec.shared_examples Gitlab::BitbucketImport::ObjectImporter do
         it 'tracks the error' do
           expect(Gitlab::Import::ImportFailureService).to receive(:track).once
 
-          worker.class.perform_inline(project_id, {}, waiter_key)
+          worker.perform(project_id, {}, waiter_key)
         end
       end
 
@@ -74,7 +74,7 @@ RSpec.shared_examples Gitlab::BitbucketImport::ObjectImporter do
         it 'tracks the error and raises the error' do
           expect(Gitlab::Import::ImportFailureService).to receive(:track).once
 
-          expect { worker.class.perform_inline(project_id, {}, waiter_key) }.to raise_error(StandardError)
+          expect { worker.perform(project_id, {}, waiter_key) }.to raise_error(StandardError)
         end
       end
     end
@@ -85,7 +85,7 @@ RSpec.shared_examples Gitlab::BitbucketImport::ObjectImporter do
       it 'does not call the importer' do
         expect_next(worker.importer_class).not_to receive(:execute)
 
-        worker.class.perform_inline(project_id, {}, waiter_key)
+        worker.perform(project_id, {}, waiter_key)
       end
 
       it_behaves_like 'notifies the waiter'
diff --git a/spec/support/shared_examples/lib/gitlab/bitbucket_server_import/object_import_shared_examples.rb b/spec/support/shared_examples/lib/gitlab/bitbucket_server_import/object_import_shared_examples.rb
index 89eec531b87..45248f57683 100644
--- a/spec/support/shared_examples/lib/gitlab/bitbucket_server_import/object_import_shared_examples.rb
+++ b/spec/support/shared_examples/lib/gitlab/bitbucket_server_import/object_import_shared_examples.rb
@@ -19,10 +19,6 @@ RSpec.shared_examples Gitlab::BitbucketServerImport::ObjectImporter do
     let(:project_id) { project_id }
     let(:waiter_key) { 'key' }
 
-    before do
-      allow(Gitlab::JobWaiter).to receive(:notify).with(waiter_key, anything, ttl: Gitlab::Import::JOB_WAITER_TTL)
-    end
-
     shared_examples 'notifies the waiter' do
       specify do
         allow_next(worker.importer_class).to receive(:execute)
diff --git a/spec/support/shared_examples/redis/redis_shared_examples.rb b/spec/support/shared_examples/redis/redis_shared_examples.rb
index 2f387528740..1c153b7c31b 100644
--- a/spec/support/shared_examples/redis/redis_shared_examples.rb
+++ b/spec/support/shared_examples/redis/redis_shared_examples.rb
@@ -80,17 +80,18 @@ RSpec.shared_examples "redis_shared_examples" do
 
     context 'with new format' do
       it_behaves_like 'redis store' do
-        # use new format host without sentinel details as `.to_s` checks `config` which
-        # tries to resolve master/replica details with an actual sentinel instance.
-        # https://github.com/redis-rb/redis-client/blob/v0.18.0/lib/redis_client/sentinel_config.rb#L128
-        let(:config_file_name) { "spec/fixtures/config/redis_new_format_host_standalone.yml" }
+        let(:config_file_name) { config_new_format_host }
         let(:host) { "development-host:#{redis_port}" }
       end
     end
   end
 
-  describe '.params' do
-    subject { described_class.new(rails_env).params }
+  describe '.redis_client_params' do
+    # .redis_client_params wraps over `.redis_store_options` by modifying its outputs
+    # to be compatible with `RedisClient`. We test for compatibility in this block while
+    # the contents of redis_store_options are tested in the `.params` block.
+
+    subject { described_class.new(rails_env).redis_client_params }
 
     let(:rails_env) { 'development' }
     let(:config_file_name) { config_old_format_socket }
@@ -102,6 +103,56 @@ RSpec.shared_examples "redis_shared_examples" do
       end
     end
 
+    context 'when url is host based' do
+      context 'with old format' do
+        let(:config_file_name) { config_old_format_host }
+
+        it 'does not raise ArgumentError for invalid keywords' do
+          expect { RedisClient.config(**subject) }.not_to raise_error
+        end
+
+        it_behaves_like 'instrumentation_class in custom key'
+      end
+
+      context 'with new format' do
+        let(:config_file_name) { config_new_format_host }
+
+        where(:rails_env, :host) do
+          [
+            %w[development development-host],
+            %w[test test-host],
+            %w[production production-host]
+          ]
+        end
+
+        with_them do
+          it 'does not raise ArgumentError for invalid keywords in SentinelConfig' do
+            expect(subject[:name]).to eq(host)
+            expect { RedisClient.sentinel(**subject) }.not_to raise_error
+          end
+
+          it_behaves_like 'instrumentation_class in custom key'
+        end
+      end
+    end
+
+    context 'when url contains unix socket reference' do
+      let(:config_file_name) { config_old_format_socket }
+
+      it 'does not raise ArgumentError for invalid keywords' do
+        expect { RedisClient.config(**subject) }.not_to raise_error
+      end
+
+      it_behaves_like 'instrumentation_class in custom key'
+    end
+  end
+
+  describe '.params' do
+    subject { described_class.new(rails_env).params }
+
+    let(:rails_env) { 'development' }
+    let(:config_file_name) { config_old_format_socket }
+
     it 'withstands mutation' do
       params1 = described_class.params
       params2 = described_class.params
@@ -200,16 +251,10 @@ RSpec.shared_examples "redis_shared_examples" do
 
         with_them do
           it 'returns hash with host, port, db, and password' do
-            is_expected.to include(name: host, password: 'mynewpassword', db: redis_database)
+            is_expected.to include(host: host, password: 'mynewpassword', port: redis_port, db: redis_database)
             is_expected.not_to have_key(:url)
           end
-
-          it 'does not raise ArgumentError for invalid keywords in SentinelConfig' do
-            expect { RedisClient.sentinel(**subject) }.not_to raise_error
-          end
         end
-
-        it_behaves_like 'instrumentation_class in custom key'
       end
 
       context 'with redis cluster format' do
@@ -227,19 +272,13 @@ RSpec.shared_examples "redis_shared_examples" do
           it 'returns hash with cluster and password' do
             is_expected.to include(
               password: 'myclusterpassword',
-              nodes: [
+              cluster: [
                 { host: "#{host}1", port: redis_port },
                 { host: "#{host}2", port: redis_port }
               ]
             )
             is_expected.not_to have_key(:url)
           end
-
-          it 'does not raise ArgumentError for invalid keywords in ClusterConfig' do
-            expect { RedisClient::ClusterConfig.new(**subject) }.not_to raise_error
-          end
-
-          it_behaves_like 'instrumentation_class in custom key'
         end
       end
     end
diff --git a/spec/support_specs/helpers/redis_commands/recorder_spec.rb b/spec/support_specs/helpers/redis_commands/recorder_spec.rb
index 5c200f15bae..ef46db5e29e 100644
--- a/spec/support_specs/helpers/redis_commands/recorder_spec.rb
+++ b/spec/support_specs/helpers/redis_commands/recorder_spec.rb
@@ -13,7 +13,7 @@ RSpec.describe RedisCommands::Recorder, :use_clean_rails_redis_caching do
       it 'records Redis commands' do
         recorder = described_class.new { cache.read('key1') }
 
-        expect(recorder.log).to include(['get', 'cache:gitlab:key1'])
+        expect(recorder.log).to include([:get, 'cache:gitlab:key1'])
       end
     end
 
@@ -35,10 +35,10 @@ RSpec.describe RedisCommands::Recorder, :use_clean_rails_redis_caching do
         cache.delete('key1')
       end
 
-      expect(recorder.log).to include(['set', 'cache:gitlab:key1', anything, anything, anything])
-      expect(recorder.log).to include(['get', 'cache:gitlab:key1'])
-      expect(recorder.log).to include(['get', 'cache:gitlab:key2'])
-      expect(recorder.log).to include(['del', 'cache:gitlab:key1'])
+      expect(recorder.log).to include([:set, 'cache:gitlab:key1', anything, anything, anything])
+      expect(recorder.log).to include([:get, 'cache:gitlab:key1'])
+      expect(recorder.log).to include([:get, 'cache:gitlab:key2'])
+      expect(recorder.log).to include([:del, 'cache:gitlab:key1'])
     end
 
     it 'does not record commands before the call' do
@@ -48,8 +48,8 @@ RSpec.describe RedisCommands::Recorder, :use_clean_rails_redis_caching do
         cache.read('key1')
       end
 
-      expect(recorder.log).not_to include(['set', anything, anything])
-      expect(recorder.log).to include(['get', 'cache:gitlab:key1'])
+      expect(recorder.log).not_to include([:set, anything, anything])
+      expect(recorder.log).to include([:get, 'cache:gitlab:key1'])
     end
 
     it 'refreshes recording after reinitialization' do
@@ -68,15 +68,15 @@ RSpec.describe RedisCommands::Recorder, :use_clean_rails_redis_caching do
         cache.read('key4')
       end
 
-      expect(recorder1.log).to include(['get', 'cache:gitlab:key2'])
-      expect(recorder1.log).not_to include(['get', 'cache:gitlab:key1'])
-      expect(recorder1.log).not_to include(['get', 'cache:gitlab:key3'])
-      expect(recorder1.log).not_to include(['get', 'cache:gitlab:key4'])
+      expect(recorder1.log).to include([:get, 'cache:gitlab:key2'])
+      expect(recorder1.log).not_to include([:get, 'cache:gitlab:key1'])
+      expect(recorder1.log).not_to include([:get, 'cache:gitlab:key3'])
+      expect(recorder1.log).not_to include([:get, 'cache:gitlab:key4'])
 
-      expect(recorder2.log).to include(['get', 'cache:gitlab:key4'])
-      expect(recorder2.log).not_to include(['get', 'cache:gitlab:key1'])
-      expect(recorder2.log).not_to include(['get', 'cache:gitlab:key2'])
-      expect(recorder2.log).not_to include(['get', 'cache:gitlab:key3'])
+      expect(recorder2.log).to include([:get, 'cache:gitlab:key4'])
+      expect(recorder2.log).not_to include([:get, 'cache:gitlab:key1'])
+      expect(recorder2.log).not_to include([:get, 'cache:gitlab:key2'])
+      expect(recorder2.log).not_to include([:get, 'cache:gitlab:key3'])
     end
   end
 
@@ -91,10 +91,10 @@ RSpec.describe RedisCommands::Recorder, :use_clean_rails_redis_caching do
         cache.delete('key2')
       end
 
-      expect(recorder.log).to include(['set', 'cache:gitlab:key1', anything, anything, anything])
-      expect(recorder.log).to include(['get', 'cache:gitlab:key1'])
-      expect(recorder.log).not_to include(['get', 'cache:gitlab:key2'])
-      expect(recorder.log).not_to include(['del', 'cache:gitlab:key2'])
+      expect(recorder.log).to include([:set, 'cache:gitlab:key1', anything, anything, anything])
+      expect(recorder.log).to include([:get, 'cache:gitlab:key1'])
+      expect(recorder.log).not_to include([:get, 'cache:gitlab:key2'])
+      expect(recorder.log).not_to include([:del, 'cache:gitlab:key2'])
     end
   end
 
@@ -107,7 +107,7 @@ RSpec.describe RedisCommands::Recorder, :use_clean_rails_redis_caching do
         cache.delete('key2')
       end
 
-      expect(recorder.by_command('del')).to match_array([['del', 'cache:gitlab:key2']])
+      expect(recorder.by_command(:del)).to match_array([[:del, 'cache:gitlab:key2']])
     end
   end
 
diff --git a/spec/views/layouts/signup_onboarding.html.haml_spec.rb b/spec/views/layouts/signup_onboarding.html.haml_spec.rb
deleted file mode 100644
index 24fba191cab..00000000000
--- a/spec/views/layouts/signup_onboarding.html.haml_spec.rb
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe 'layouts/signup_onboarding' do
-  it_behaves_like 'a layout which reflects the application theme setting'
-  it_behaves_like 'a layout which reflects the preferred language'
-end
diff --git a/spec/workers/gitlab/github_gists_import/import_gist_worker_spec.rb b/spec/workers/gitlab/github_gists_import/import_gist_worker_spec.rb
index 4cb0a25f892..d11b044b093 100644
--- a/spec/workers/gitlab/github_gists_import/import_gist_worker_spec.rb
+++ b/spec/workers/gitlab/github_gists_import/import_gist_worker_spec.rb
@@ -108,24 +108,17 @@ RSpec.describe Gitlab::GithubGistsImport::ImportGistWorker, feature_category: :i
 
         before do
           allow(importer).to receive(:execute).and_return(importer_result)
-          allow(Gitlab::GithubGistsImport::Representation::Gist)
-            .to receive(:from_json_hash)
-            .with(anything)
-            .and_return(gist_object)
         end
 
         it 'tracks and logs error' do
-          # use `anything` since jid is created in Sidekiq's middleware. `jid` does not exist until
-          # perform_inline is called.
           expect(Gitlab::GithubImport::Logger)
             .to receive(:error)
-            .with(log_attributes.merge('message' => 'importer failed', 'exception.message' => 'error_message',
-              'jid' => anything))
+            .with(log_attributes.merge('message' => 'importer failed', 'exception.message' => 'error_message'))
           expect(Gitlab::JobWaiter)
             .to receive(:notify)
-            .with('some_key', anything, ttl: Gitlab::Import::JOB_WAITER_TTL)
+            .with('some_key', subject.jid, ttl: Gitlab::Import::JOB_WAITER_TTL)
 
-          subject.class.perform_inline(user.id, gist_hash, 'some_key') # perform_inline calls .perform
+          subject.perform(user.id, gist_hash, 'some_key')
 
           expect_snowplow_event(
             category: 'Gitlab::GithubGistsImport::ImportGistWorker',
@@ -137,7 +130,7 @@ RSpec.describe Gitlab::GithubGistsImport::ImportGistWorker, feature_category: :i
         end
 
         it 'persists failure' do
-          expect { subject.class.perform_inline(user.id, gist_hash, 'some_key') }
+          expect { subject.perform(user.id, gist_hash, 'some_key') }
             .to change { ImportFailure.where(user: user).count }.from(0).to(1)
 
           expect(ImportFailure.where(user_id: user.id).first).to have_attributes(
diff --git a/spec/workers/gitlab/jira_import/import_issue_worker_spec.rb b/spec/workers/gitlab/jira_import/import_issue_worker_spec.rb
index c9c4c6e2d2b..3b2114ee488 100644
--- a/spec/workers/gitlab/jira_import/import_issue_worker_spec.rb
+++ b/spec/workers/gitlab/jira_import/import_issue_worker_spec.rb
@@ -46,7 +46,7 @@ RSpec.describe Gitlab::JiraImport::ImportIssueWorker, feature_category: :importe
 
       context 'when import label does not exist' do
         it 'does not record import failure' do
-          subject.class.perform_inline(project.id, 123, issue_attrs, some_key)
+          subject.perform(project.id, 123, issue_attrs, some_key)
 
           expect(label.issues.count).to eq(0)
           expect(Gitlab::Cache::Import::Caching.read(Gitlab::JiraImport.failed_issues_counter_cache_key(project.id)).to_i).to eq(0)
@@ -57,7 +57,7 @@ RSpec.describe Gitlab::JiraImport::ImportIssueWorker, feature_category: :importe
         before do
           Gitlab::JiraImport.cache_import_label_id(project.id, label.id)
 
-          subject.class.perform_inline(project.id, 123, issue_attrs, some_key)
+          subject.perform(project.id, 123, issue_attrs, some_key)
         end
 
         it 'does not record import failure' do
diff --git a/spec/workers/redis_migration_worker_spec.rb b/spec/workers/redis_migration_worker_spec.rb
index d8f2cacdb13..9f29c84a948 100644
--- a/spec/workers/redis_migration_worker_spec.rb
+++ b/spec/workers/redis_migration_worker_spec.rb
@@ -30,7 +30,7 @@ RSpec.describe RedisMigrationWorker, :clean_gitlab_redis_shared_state, feature_c
         end
 
         def redis
-          ::Gitlab::Redis::Cache.redis
+          ::Redis.new(::Gitlab::Redis::Cache.params)
         end
       end
     end