Add latest changes from gitlab-org/gitlab@master

2024-07-12 12:33:54 +00:00 · 2024-07-12 12:33:54 +00:00 · 19c89d68d0
parent f2288ffc90
commit 19c89d68d0
50 changed files with 423 additions and 114 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10214,7 +10214,7 @@ No changes.
 - [Environment Update GraphQL Mutation](gitlab-org/gitlab@a30be2ee991ee80915eac59cff28a79e5facecf2) ([merge request](gitlab-org/gitlab!120561))
 - [Enable work items type quick action](gitlab-org/gitlab@9802d0da4f4eea6dbfd9fed3a6b1963d7857909b) ([merge request](gitlab-org/gitlab!120839))
 - [Add audit events schema definitions](gitlab-org/gitlab@8c20ecb957509c79736e24127ad63e6ce2713c18) ([merge request](gitlab-org/gitlab!120805)) **GitLab Enterprise Edition**
- [[Audit Events] Synchronous database index addition](gitlab-org/gitlab@49cdd7e4b9584985615c08749d1306951c747b80) ([merge request](gitlab-org/gitlab!120599)) **GitLab Enterprise Edition**
+- [[Audit events] Synchronous database index addition](gitlab-org/gitlab@49cdd7e4b9584985615c08749d1306951c747b80) ([merge request](gitlab-org/gitlab!120599)) **GitLab Enterprise Edition**
 - [Support password reset from any verified email](gitlab-org/gitlab@94069d38c9cd63202cc21e7febfaaad596052c0d) ([merge request](gitlab-org/gitlab!119231))
 - [Add HLL counter for users that create a dashboard](gitlab-org/gitlab@ecee89037f8307c562b70f86a5667b427d951fee) ([merge request](gitlab-org/gitlab!119790)) **GitLab Enterprise Edition**
 - [Add support for `/.well-known/change-password` URL](gitlab-org/gitlab@f51bcb5a895439628b8ee49cc7dc59033026cc47) ([merge request](gitlab-org/gitlab!119630))
@ -10575,7 +10575,7 @@ No changes.
 - [Revert to using SearchService for user autocomplete](gitlab-org/gitlab@95cd097985f47b1d3cbe42f06a81fed3b9d70069) ([merge request](gitlab-org/gitlab!122289))
 - [Display completed training urls](gitlab-org/gitlab@ad59dd1b42fa66c0c9ba8e858b3be3cc26807c7b) ([merge request](gitlab-org/gitlab!122366)) **GitLab Enterprise Edition**
 - [Reshedule links related migration with](gitlab-org/gitlab@8f84c5dce446494689114a9eb93e656051c0f70c) ([merge request](gitlab-org/gitlab!121404))
- [[Audit Events] Provide all audit events under a group via the API](gitlab-org/gitlab@794911016bb0294a5cf0229374298f2a0caa20a7) ([merge request](gitlab-org/gitlab!115898)) **GitLab Enterprise Edition**
+- [[Audit events] Provide all audit events under a group via the API](gitlab-org/gitlab@794911016bb0294a5cf0229374298f2a0caa20a7) ([merge request](gitlab-org/gitlab!115898)) **GitLab Enterprise Edition**
 - [Add option to not show banner broadcast message in CLI](gitlab-org/gitlab@f87b9bf9f487fcb44a248e3937107c2fa80e8703) ([merge request](gitlab-org/gitlab!122000))
 - [Branches: Branch item update](gitlab-org/gitlab@546c5e551ac1f56231c5bea4af5b5ee10376e779) ([merge request](gitlab-org/gitlab!119637))
 - [Update usage charts to use compute terminology](gitlab-org/gitlab@9ffd5f636fefed33d226f913225d8fd0671be04a) ([merge request](gitlab-org/gitlab!122015)) **GitLab Enterprise Edition**
@ -11044,7 +11044,7 @@ No changes.
 - [Add emoji awards for work item](gitlab-org/gitlab@1ce458ee16d86aa0e760c7dfb32797db05bd2197) ([merge request](gitlab-org/gitlab!119585)) **GitLab Enterprise Edition**
 - [GraphQL project fields for refs containing a commit](gitlab-org/gitlab@2fea8e046fcdd05ab6cebf7e11198e5b446995bc) ([merge request](gitlab-org/gitlab!116705))
 - [Make group-level git protocol control available](gitlab-org/gitlab@4f6f078c27f4f62e169097edbd30eaf7926f34eb) ([merge request](gitlab-org/gitlab!113360))
- [[Audit Events] Asynchronous database index addition](gitlab-org/gitlab@ec1804b76ef4af2bd807f2f6a3cd9c2423d14fdc) ([merge request](gitlab-org/gitlab!120581)) **GitLab Enterprise Edition**
+- [[Audit events] Asynchronous database index addition](gitlab-org/gitlab@ec1804b76ef4af2bd807f2f6a3cd9c2423d14fdc) ([merge request](gitlab-org/gitlab!120581)) **GitLab Enterprise Edition**
 - [Show alert about any configured deploy freezes](gitlab-org/gitlab@40ccf5c48df47d07b2d72c3bfca6705063d26726) ([merge request](gitlab-org/gitlab!120351))
 - [Model and table for google cloud logging integration](gitlab-org/gitlab@98ece342bb378c4b971d8440f0a9990b6a15d0cf) ([merge request](gitlab-org/gitlab!119943))
 - [Add to do widget for work items](gitlab-org/gitlab@7dcd1687a054b299a3e9a8a6def44cd27e4006dc) ([merge request](gitlab-org/gitlab!118135)) **GitLab Enterprise Edition**
--- a/2
+++ b/2
@ -1 +1 @@
-12e666f3d26fc81966e6fd375c921317bf7b2085
+5b2dbcc5002a7461ae685cc4435403a13b655097
--- a/2
+++ b/2
@ -143,7 +143,7 @@ gem 'rack-cors', '~> 2.0.1', require: 'rack/cors' # rubocop:todo Gemfile/Missing

 # GraphQL API
 gem 'graphql', '~> 2.3.5', feature_category: :api
-gem 'graphql-docs', '~> 4.0.0', group: [:development, :test], feature_category: :api
+gem 'graphql-docs', '~> 5.0.0', group: [:development, :test], feature_category: :api
 gem 'graphiql-rails', '~> 1.10', feature_category: :api
 gem 'apollo_upload_server', '~> 2.1.6', feature_category: :api
 gem 'graphlient', '~> 0.6.0', feature_category: :importers # Used by BulkImport feature (group::import)
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@ -103,7 +103,6 @@
 {"name":"cvss-suite","version":"3.0.1","platform":"ruby","checksum":"b5ca9e9e94032a42fd0dc28c1e305378b62c949e35ed7111fc4a1d76f68ad3f9"},
 {"name":"danger","version":"9.4.2","platform":"ruby","checksum":"43e552c6731030235a30fdeafe703d2e2ab9c30917154489cb0ecd9ad3259d80"},
 {"name":"danger-gitlab","version":"8.0.0","platform":"ruby","checksum":"497dd7d0f6513913de651019223d8058cf494df10acbd17de92b175dfa04a3a8"},
-{"name":"dartsass","version":"1.49.8","platform":"ruby","checksum":"267e7262a5655c8f0baa1ef663e976252bdbfa8bbf40c175153544a2dc8e1345"},
 {"name":"database_cleaner-active_record","version":"2.1.0","platform":"ruby","checksum":"7384b973d67bcc1b5a850b876a4638aa83cca3bc88f9d87562fe25cd2dd60d8a"},
 {"name":"database_cleaner-core","version":"2.0.1","platform":"ruby","checksum":"8646574c32162e59ed7b5258a97a208d3c44551b854e510994f24683865d846c"},
 {"name":"date","version":"3.3.3","platform":"java","checksum":"584e0a582d1eb2207b4eaac089d8a43f2ca10bea02682f286099642f15c56cce"},
@ -287,7 +286,7 @@
 {"name":"graphlyte","version":"1.0.0","platform":"ruby","checksum":"b5af4ab67dde6e961f00ea1c18f159f73b52ed11395bb4ece297fe628fa1804d"},
 {"name":"graphql","version":"2.3.5","platform":"ruby","checksum":"9c367835f86541660d24c3d81632267ecee553d304577aaee070f8ac05860af1"},
 {"name":"graphql-client","version":"0.23.0","platform":"ruby","checksum":"f238b8e451676baad06bd15f95396e018192243dcf12c4e6d13fb41d9a2babc1"},
-{"name":"graphql-docs","version":"4.0.0","platform":"ruby","checksum":"f68296959263db26e1b7ba7058856d67b641cf508187222268be58f09dfa02d7"},
+{"name":"graphql-docs","version":"5.0.0","platform":"ruby","checksum":"76baca6e5a803a4b6a9fbbbfdbf16742b7c4c546c8592b6e1a7aa4e79e562d04"},
 {"name":"grpc","version":"1.63.0","platform":"aarch64-linux","checksum":"dc75c5fd570b819470781d9512105dddfdd11d984f38b8e60bb946f92d1f79ee"},
 {"name":"grpc","version":"1.63.0","platform":"arm64-darwin","checksum":"91b93a354508a9d1772f095554f2e4c04358c2b32d7a670e3705b7fc4695c996"},
 {"name":"grpc","version":"1.63.0","platform":"ruby","checksum":"5f4383c4ee2886e92c31b90422261b7527f26e3baa585d877e9804e715983686"},
@ -624,6 +623,33 @@
 {"name":"safe_yaml","version":"1.0.4","platform":"ruby","checksum":"248193992ef1730a0c9ec579999ef2256a2b3a32a9bd9d708a1e12544a489ec2"},
 {"name":"safety_net_attestation","version":"0.4.0","platform":"ruby","checksum":"96be2d74e7ed26453a51894913449bea0e072f44490021545ac2d1c38b0718ce"},
 {"name":"sanitize","version":"6.0.2","platform":"ruby","checksum":"48c4eb8e92bb1699056b6000986ac50fc9df82f458a941abf2c4d6759bccd5cf"},
+{"name":"sass-embedded","version":"1.77.5","platform":"aarch64-linux-android","checksum":"ba9c75b59b34e12679c55a6a42da5b8b90311bd4e41477ff7d34a3738d2bf2e0"},
+{"name":"sass-embedded","version":"1.77.5","platform":"aarch64-linux-gnu","checksum":"c84eda6b86669a15695d9a7ddbc7a6e3cb706735d17fe37c5c4e1c584d467534"},
+{"name":"sass-embedded","version":"1.77.5","platform":"aarch64-linux-musl","checksum":"6f6224df2d4a22ba686a636ea8a4a7f146208d9e3dbbe35041a7daed63528c40"},
+{"name":"sass-embedded","version":"1.77.5","platform":"aarch64-mingw-ucrt","checksum":"66abfce03d940ca5c231c5eaf3df658508761dac09f7474101db9ee549561080"},
+{"name":"sass-embedded","version":"1.77.5","platform":"arm-linux-androideabi","checksum":"f5c55676da02a33d664d3ebef043e6b3813d64fd4fc1016420dd8ed4c5b252bf"},
+{"name":"sass-embedded","version":"1.77.5","platform":"arm-linux-gnueabihf","checksum":"e0e067f06ea4bb001c7c2099d6f0980d1fad918b3ea182857563f6488f07ff65"},
+{"name":"sass-embedded","version":"1.77.5","platform":"arm-linux-musleabihf","checksum":"ad2b7cf152d5a7195d57508d466ebce56cdcac5d3ef95f05fa62664eeb9a5eda"},
+{"name":"sass-embedded","version":"1.77.5","platform":"arm64-darwin","checksum":"a6a524aefe8b181c55d5f11c26b2329a06e20de32180f18904fc8488b89bdb36"},
+{"name":"sass-embedded","version":"1.77.5","platform":"riscv64-linux-android","checksum":"04cd2e96f12e1fc84010a01d213dd4496afbd7c92ed3f72b904a5cf55b8048c7"},
+{"name":"sass-embedded","version":"1.77.5","platform":"riscv64-linux-gnu","checksum":"7527f7eb49dc788892a2db4e22d23d06bbce05ddf6663950069cd8f933005484"},
+{"name":"sass-embedded","version":"1.77.5","platform":"riscv64-linux-musl","checksum":"b658e258db2eaa183143a12e95fa229b97f39fb74fa0d4463899bfbb05dba375"},
+{"name":"sass-embedded","version":"1.77.5","platform":"ruby","checksum":"a2a6adc4ce695ece780f40388d207de396e5091ddd28767440c7907a4501beda"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x64-mingw-ucrt","checksum":"20d1464c7faaec4481f81cc173ca1374a2cda5f558fa4e98b8bb3c7c386763d3"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x64-mingw32","checksum":"95b4c534bc31db1f5692fcfc0e965c81a21fd4dce7e72261d682780851f0d4b2"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x64-mswin64","checksum":"6591f5aa8c6940f7584004ad41581048d62d5ab8c83bbf65507c801098bcdb94"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86-cygwin","checksum":"834ee1a4cb4be1d354f12422550ada9db5966a836c6af05c2a2e7c3aa3790117"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86-linux-android","checksum":"4b0334b50a5475bcb621257abc4b32ca802205dbb23608a78c60b1ce1745d4b3"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86-linux-gnu","checksum":"de9255b988ce9866a4734acfcb44f55e73055607e11a1cfa4a0105e5fd6fd928"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86-linux-musl","checksum":"8fc2a3dda88a903550f422c99a0bab9385af493d731f2256cd580fe4a4e92423"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86-mingw-ucrt","checksum":"ea7544b5b30d64a4c9547d576eb2e76f66de8d0d773cfe205357cf564cfae773"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86-mingw32","checksum":"58f2879d01b31bab07f59f641badc62168ccfa7931c69aa906e79ede502c1911"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86-mswin32","checksum":"b699e56fde6bfbaa1b2042ad58680e84b6cc535b88dd1a0cfaabeee7c0af880f"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86_64-cygwin","checksum":"11eeea03f15ae39b03a84bebf8d80f8824941d2cfde57b1c21dbb31d65de0dc3"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86_64-darwin","checksum":"228ee25c012e50bef83e433415b20dddaaaa9c01c8c40c4f99669d919f26bfc3"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86_64-linux-android","checksum":"e183bf5a0b3916eb3f5b3c7596ae44fd72edb0fe233dd00df48131271ed752ea"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86_64-linux-gnu","checksum":"3000a6b984ea746eac1f0c9a17400134fe76c3d41b33436262ac82b5d153d7b4"},
+{"name":"sass-embedded","version":"1.77.5","platform":"x86_64-linux-musl","checksum":"c5dd43155112f7b4eb9e3cafb8ceaa54a157977a2033b1022875bac71a4a4d56"},
 {"name":"sawyer","version":"0.9.2","platform":"ruby","checksum":"fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca"},
 {"name":"sd_notify","version":"0.1.1","platform":"ruby","checksum":"cbc7ac6caa7cedd26b30a72b5eeb6f36050dc0752df263452ea24fb5a4ad3131"},
 {"name":"seed-fu","version":"2.3.7","platform":"ruby","checksum":"f19673443e9af799b730e3d4eca6a89b39e5a36825015dffd00d02ea3365cf74"},
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -457,7 +457,6 @@ GEM
    danger-gitlab (8.0.0)
      danger
      gitlab (~> 4.2, >= 4.2.0)
-    dartsass (1.49.8)
    database_cleaner-active_record (2.1.0)
      activerecord (>= 5.a)
      database_cleaner-core (~> 2.0.0)
@ -894,14 +893,14 @@ GEM
    graphql-client (0.23.0)
      activesupport (>= 3.0)
      graphql (>= 1.13.0)
-    graphql-docs (4.0.0)
+    graphql-docs (5.0.0)
      commonmarker (~> 0.23, >= 0.23.6)
-      dartsass (~> 1.49)
      escape_utils (~> 1.2)
      extended-markdown-filter (~> 0.4)
      gemoji (~> 3.0)
      graphql (~> 2.0)
      html-pipeline (~> 2.14, >= 2.14.3)
+      sass-embedded (~> 1.58)
    grpc (1.63.0)
      google-protobuf (~> 3.25)
      googleapis-common-protos-types (~> 1.0)
@ -1655,6 +1654,9 @@ GEM
    sanitize (6.0.2)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
+    sass-embedded (1.77.5)
+      google-protobuf (>= 3.25, < 5.0)
+      rake (>= 13)
    sawyer (0.9.2)
      addressable (>= 2.3.5)
      faraday (>= 0.17.3, < 3)
@ -2071,7 +2073,7 @@ DEPENDENCIES
  graphlient (~> 0.6.0)
  graphlyte (~> 1.0.0)
  graphql (~> 2.3.5)
-  graphql-docs (~> 4.0.0)
+  graphql-docs (~> 5.0.0)
  grpc (~> 1.63)
  gssapi (~> 1.3.1)
  guard-rspec
--- a/app/assets/javascripts/members/components/placeholders/placeholder_actions.vue
+++ b/app/assets/javascripts/members/components/placeholders/placeholder_actions.vue
@ -14,6 +14,7 @@ import {
 } from '~/import_entities/import_groups/constants';
 import importSourceUserReassignMutation from '../../placeholders/graphql/mutations/reassign.mutation.graphql';
 import importSourceUserKeepAsPlaceholderMutation from '../../placeholders/graphql/mutations/keep_as_placeholder.mutation.graphql';
+import importSourceUseResendNotificationMutation from '../../placeholders/graphql/mutations/resend_notification.mutation.graphql';
 import importSourceUserCancelReassignmentMutation from '../../placeholders/graphql/mutations/cancel_reassignment.mutation.graphql';

 const USERS_PER_PAGE = 20;
@ -183,8 +184,31 @@ export default {

    onNotify() {
      this.isNotifyLoading = true;
-      this.$toast.show(s__('UserMapping|Notification email sent.'));
-      this.isNotifyLoading = false;
+      this.$apollo
+        .mutate({
+          mutation: importSourceUseResendNotificationMutation,
+          variables: {
+            id: this.sourceUser.id,
+          },
+        })
+        .then(({ data }) => {
+          const { errors } = getFirstPropertyValue(data);
+          if (errors?.length) {
+            createAlert({ message: errors.join() });
+          } else {
+            this.$toast.show(s__('UserMapping|Notification email sent.'));
+          }
+        })
+        .catch((error) => {
+          createAlert({
+            message:
+              error?.message ||
+              s__('UserMapping|There was a problem resending notification email.'),
+          });
+        })
+        .finally(() => {
+          this.isNotifyLoading = false;
+        });
    },
    onCancel() {
      this.isCancelLoading = true;
--- a/app/assets/javascripts/members/placeholders/graphql/mutations/resend_notification.mutation.graphql
+++ b/app/assets/javascripts/members/placeholders/graphql/mutations/resend_notification.mutation.graphql
@ -0,0 +1,10 @@
+#import "../fragments/import_source_user.fragment.graphql"
+
+mutation resendNotification($id: ImportSourceUserID!) {
+  importSourceUserResendNotification(input: { id: $id }) {
+    errors
+    importSourceUser {
+      ...ImportSourceUser
+    }
+  }
+}
--- a/app/assets/javascripts/observability/components/date_range_filter.vue
+++ b/app/assets/javascripts/observability/components/date_range_filter.vue
@ -31,6 +31,11 @@ export default {
      required: false,
      default: null,
    },
+    dateTimeRangePickerState: {
+      type: Boolean,
+      required: false,
+      default: null,
+    },
  },
  data() {
    return {
@ -113,6 +118,7 @@ export default {
      :max-date-range="maxDateRange"
      :default-max-date="defaultMaxDate"
      :default-min-date="defaultMinDate"
+      :state="dateTimeRangePickerState"
      @input="onCustomRangeSelected"
    />
  </div>
--- a/app/assets/javascripts/observability/components/datetime_range_picker.vue
+++ b/app/assets/javascripts/observability/components/datetime_range_picker.vue
@ -40,6 +40,11 @@ export default {
      required: false,
      default: null,
    },
+    state: {
+      type: Boolean,
+      required: false,
+      default: null,
+    },
  },
  data() {
    return {
@ -98,6 +103,8 @@ export default {
    :default-min-date="defaultMinDate"
    :max-date-range="maxDateRange"
    :same-day-selection="true"
+    :start-picker-state="state"
+    :end-picker-state="state"
    @input="onDateRangeChange"
  >
    <template #after-start>
@ -106,6 +113,7 @@ export default {
        :class="$options.TIME_INPUT_CLASS"
        type="time"
        step="10"
+        :state="state"
        @blur="onTimeInputBlur"
      />
    </template>
@ -115,6 +123,7 @@ export default {
        :class="$options.TIME_INPUT_CLASS"
        type="time"
        step="10"
+        :state="state"
        @blur="onTimeInputBlur"
      />
    </template>
--- a/app/controllers/projects/pages_controller.rb
+++ b/app/controllers/projects/pages_controller.rb
@ -17,11 +17,6 @@ class Projects::PagesController < Projects::ApplicationController
  end

  def show
-    unless @project.pages_enabled?
-      render :disabled
-      return
-    end
-
    if @project.pages_show_onboarding?
      redirect_to action: 'new'
      return
--- a/app/models/integration.rb
+++ b/app/models/integration.rb
@ -704,7 +704,16 @@ class Integration < ApplicationRecord

  def async_execute(data)
    return if ::Gitlab::SilentMode.enabled?
-    return unless supported_events.include?(data[:object_kind])
+
+    # Temporarily log when we return within this method to gather data for
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/382999
+    unless supported_events.include?(data[:object_kind])
+      log_info(
+        'async_execute did nothing due to event not being supported',
+        event: data[:object_kind]
+      )
+      return
+    end

    Integrations::ExecuteWorker.perform_async(id, data.deep_stringify_keys)
  end
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@ -665,7 +665,10 @@ class ProjectPolicy < BasePolicy
    prevent(*create_read_update_admin_destroy(:merge_request))
  end

-  rule { pages_disabled }.prevent :read_pages_content
+  rule { pages_disabled }.policy do
+    prevent :read_pages_content
+    prevent(*create_read_update_admin_destroy(:pages))
+  end

  rule { issues_disabled & merge_requests_disabled }.policy do
    prevent(*create_read_update_admin_destroy(:label))
--- a/app/views/projects/pages/disabled.html.haml
+++ b/app/views/projects/pages/disabled.html.haml
@ -1,7 +0,0 @@
-= render 'header'
-
-= render Pajamas::AlertComponent.new(dismissible: false,
-  variant: :warning,
-  show_icon: false) do |c|
-  - c.with_body do
-    = html_escape_once(s_('GitLabPages|GitLab Pages are disabled for this project. You can enable them on your project\'s %{strong_start}Settings &gt; General &gt; Visibility%{strong_end} page.')).html_safe % { strong_start: '<strong>'.html_safe, strong_end: '</strong>'.html_safe }
--- a/db/post_migrate/20240708121037_remove_idx_project_statistics_storage_size_and_project_id_sync.rb
+++ b/db/post_migrate/20240708121037_remove_idx_project_statistics_storage_size_and_project_id_sync.rb
@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class RemoveIdxProjectStatisticsStorageSizeAndProjectIdSync < Gitlab::Database::Migration[2.2]
+  milestone '17.2'
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_project_statistics_on_storage_size_and_project_id'
+  COLUMNS = %i[storage_size project_id]
+
+  def up
+    return unless should_run?
+
+    remove_concurrent_index_by_name :project_statistics, name: INDEX_NAME
+  end
+
+  def down
+    return unless should_run?
+
+    add_concurrent_index :project_statistics, COLUMNS, name: INDEX_NAME
+  end
+
+  def should_run?
+    Gitlab.com_except_jh?
+  end
+end
--- a/db/post_migrate/20240710130455_drop_idx_ns_state_severity_vuln_on_reads.rb
+++ b/db/post_migrate/20240710130455_drop_idx_ns_state_severity_vuln_on_reads.rb
@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class DropIdxNsStateSeverityVulnOnReads < Gitlab::Database::Migration[2.2]
+  TABLE_NAME = :vulnerability_reads
+  INDEX = 'index_vuln_reads_on_namespace_id_state_severity_and_vuln_id'
+
+  milestone '17.2'
+  disable_ddl_transaction!
+
+  def up
+    remove_concurrent_index_by_name TABLE_NAME, name: INDEX
+  end
+
+  def down
+    add_concurrent_index(
+      TABLE_NAME,
+      "namespace_id, state, severity, vulnerability_id DESC",
+      name: INDEX
+    )
+  end
+end
--- a/db/schema_migrations/20240708121037
+++ b/db/schema_migrations/20240708121037
@ -0,0 +1 @@
+9a51da84b0b6bb947fd5c0d816a71a1f0feec7d72ee60e9ea13ba7b811f27dfa
--- a/db/schema_migrations/20240710130455
+++ b/db/schema_migrations/20240710130455
@ -0,0 +1 @@
+d4c2b04d7a22dcc32343d3d2cd7c2ccda11117c029f5ea4e60ec4eebed531fec
--- a/db/structure.sql
+++ b/db/structure.sql
@ -29620,8 +29620,6 @@ CREATE INDEX index_vuln_reads_common_query_on_resolved_on_default_branch ON vuln

 CREATE INDEX index_vuln_reads_on_casted_cluster_agent_id_where_it_is_null ON vulnerability_reads USING btree (casted_cluster_agent_id) WHERE (casted_cluster_agent_id IS NOT NULL);

-CREATE INDEX index_vuln_reads_on_namespace_id_state_severity_and_vuln_id ON vulnerability_reads USING btree (namespace_id, state, severity, vulnerability_id DESC);
-
 CREATE INDEX index_vuln_reads_on_project_id_owasp_top_10 ON vulnerability_reads USING btree (project_id, owasp_top_10);

 CREATE INDEX index_vuln_reads_on_project_id_state_severity_and_vuln_id ON vulnerability_reads USING btree (project_id, state, severity, vulnerability_id DESC);
--- a/doc/administration/admin_area.md
+++ b/doc/administration/admin_area.md
@ -486,13 +486,13 @@ For details of these log files and their contents, see [Log system](logs/index.m

 The content of each log file is listed in chronological order. To minimize performance issues, a maximum 2000 lines of each log file are shown.

-### Audit Events
+### Audit events

 DETAILS:
 **Tier:** Premium, Ultimate
 **Offering:** Self-managed, GitLab Dedicated

-The **Audit Events** page lists changes made within the GitLab server. With this information you can control, analyze, and track every change.
+The **Audit events** page lists changes made within the GitLab server. With this information you can control, analyze, and track every change.

 ### Statistics

--- a/doc/administration/audit_event_reports.md
+++ b/doc/administration/audit_event_reports.md
@ -19,14 +19,14 @@ You can view audit events from user actions across an entire GitLab instance.
 To view instance audit events:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. Filter by the following:
   - Member of the project (user) who performed the action
   - Group
   - Project
   - Date Range

-Instance audit events can also be accessed using the [Instance Audit Events API](../api/audit_events.md#instance-audit-events). Instance audit event queries are limited to a maximum of 30 days.
+Instance audit events can also be accessed using the [instance audit events API](../api/audit_events.md#instance-audit-events). Instance audit event queries are limited to a maximum of 30 days.

 ## Exporting audit events

@ -40,7 +40,7 @@ You can export the current view (including filters) of your instance audit event
 CSV(comma-separated values) file. To export the instance audit events to CSV:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. Select the available search filters.
 1. Select **Export as CSV**.

--- a/doc/administration/audit_event_streaming/index.md
+++ b/doc/administration/audit_event_streaming/index.md
@ -57,7 +57,7 @@ Prerequisites:
 To add a streaming destination for an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations.
 1. In the **Name** and **Destination URL** fields, add a destination name and URL.
@ -76,7 +76,7 @@ Prerequisites:
 To list the streaming destinations for an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the stream to expand it and see all the custom HTTP headers.

@ -89,7 +89,7 @@ Prerequisites:
 To update a instance streaming destination's name:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the stream to expand.
 1. In the **Name** fields, add a destination name to update.
@ -98,7 +98,7 @@ To update a instance streaming destination's name:
 To update a instance streaming destination's custom HTTP headers:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the stream to expand.
 1. Locate the **Custom HTTP headers** table.
@ -120,7 +120,7 @@ Prerequisites:
 To delete the streaming destinations for an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the stream to expand.
 1. Select **Delete destination**.
@ -129,7 +129,7 @@ To delete the streaming destinations for an instance:
 To delete only the custom HTTP headers for a streaming destination:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. To the right of the item, select **Edit** (**{pencil}**).
 1. Locate the **Custom HTTP headers** table.
@ -156,7 +156,7 @@ Prerequisites:
 To list streaming destinations for an instance and see the verification tokens:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. View the verification token on the right side of each item.

@ -172,7 +172,7 @@ A streaming destination that has an event type filter set has a **filtered** (**
 To update a streaming destination's event filters:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the stream to expand.
 1. Locate the **Filter by audit event type** dropdown list.
@ -214,7 +214,7 @@ Prerequisites:
 To add Google Cloud Logging streaming destinations to an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select **Add streaming destination** and select **Google Cloud Logging** to show the section for adding destinations.
 1. Enter a random string to use as a name for the new destination.
@ -231,7 +231,7 @@ Prerequisites:
 To list Google Cloud Logging streaming destinations for an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the Google Cloud Logging stream to expand and see all the fields.

@ -244,7 +244,7 @@ Prerequisites:
 To update Google Cloud Logging streaming destinations to an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the Google Cloud Logging stream to expand.
 1. Enter a random string to use as a name for the destination.
@ -262,7 +262,7 @@ Prerequisites:
 To delete Google Cloud Logging streaming destinations to an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the Google Cloud Logging stream to expand.
 1. Select **Delete destination**.
@ -292,7 +292,7 @@ Prerequisites:
 To add AWS S3 streaming destinations to an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select **Add streaming destination** and select **AWS S3** to show the section for adding destinations.
 1. Enter a random string to use as a name for the new destination.
@ -308,7 +308,7 @@ Prerequisites:
 To list AWS S3 streaming destinations for an instance.

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the AWS S3 stream to expand and see all the fields.

@ -321,7 +321,7 @@ Prerequisites:
 To update AWS S3 streaming destinations to an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the AWS S3 stream to expand.
 1. Enter a random string to use as a name for the destination.
@ -338,7 +338,7 @@ Prerequisites:
 To delete AWS S3 streaming destinations on an instance:

 1. On the left sidebar, at the bottom, select **Admin Area**.
-1. Select **Monitoring > Audit Events**.
+1. Select **Monitoring > Audit events**.
 1. On the main area, select the **Streams** tab.
 1. Select the AWS S3 stream to expand.
 1. Select **Delete destination**.
--- a/doc/administration/settings/account_and_limit_settings.md
+++ b/doc/administration/settings/account_and_limit_settings.md
@ -283,7 +283,7 @@ DETAILS:
 **Tier:** Premium, Ultimate
 **Offering:** Self-managed

-To maintain integrity of user details in [Audit Events](../../administration/audit_event_reports.md), GitLab administrators can choose to disable a user's ability to change their profile name.
+To maintain integrity of user details in [audit events](../../administration/audit_event_reports.md), GitLab administrators can choose to disable a user's ability to change their profile name.

 To do this:

--- a/doc/api/api_resources.md
+++ b/doc/api/api_resources.md
@ -159,7 +159,7 @@ The following API resources are available outside of project and group contexts
 |:---------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------|
 | [Appearance](appearance.md)                                                                  | `/application/appearance`                                                                        |
 | [Applications](applications.md)                                                              | `/applications`                                                                                  |
-| [Audit Events](audit_events.md)                                                              | `/audit_events`                                                                                  |
+| [Audit events](audit_events.md)                                                              | `/audit_events`                                                                                  |
 | [Avatar](avatar.md)                                                                          | `/avatar`                                                                                        |
 | [Broadcast messages](broadcast_messages.md)                                                  | `/broadcast_messages`                                                                            |
 | [Code snippets](snippets.md)                                                                 | `/snippets`                                                                                      |
--- a/doc/api/audit_events.md
+++ b/doc/api/audit_events.md
@ -4,7 +4,7 @@ group: Compliance
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

-# Audit Events API
+# Audit events API

 DETAILS:
 **Tier:** Premium, Ultimate
@ -12,7 +12,7 @@ DETAILS:

 > - [Author Email added to the response body](https://gitlab.com/gitlab-org/gitlab/-/issues/386322) in GitLab 15.9.

-## Instance Audit Events
+## Instance audit events

 DETAILS:
 **Tier:** Premium, Ultimate
@ -167,7 +167,7 @@ Example response:
 }
 ```

-## Group Audit Events
+## Group audit events

 > - Support for keyset pagination [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333968) in GitLab 15.2.

@ -284,7 +284,7 @@ Example response:
 }
 ```

-## Project Audit Events
+## Project audit events

 Use this API to retrieve project audit events.

--- a/doc/ci/secure_files/index.md
+++ b/doc/ci/secure_files/index.md
@ -83,6 +83,6 @@ with the [`download-secure-files`](https://gitlab.com/gitlab-org/incubation-engi
 tool. This tool automatically verifies the checksum of each file as it is downloaded.

 Any project member with at least the Developer role can access Project-level secure files.
-Interactions with Project-level secure files are not included in Audit Events, but
+Interactions with Project-level secure files are not included in audit events, but
 [issue 117](https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/readme/-/issues/117)
 proposes adding this functionality.
--- a/doc/development/audit_event_guide/index.md
+++ b/doc/development/audit_event_guide/index.md
@ -6,15 +6,15 @@ info: Any user with at least the Maintainer role can merge updates to this conte

 # Audit event development guidelines

-This guide provides an overview of how Audit Events work, and how to instrument
+This guide provides an overview of how audit events work, and how to instrument
 new audit events.

-## What are Audit Events?
+## What are audit events?

-Audit Events are a tool for GitLab owners and administrators to view records of important
+Audit events are a tool for GitLab owners and administrators to view records of important
 actions performed across the application.

-## What should not be Audit Events?
+## What should not be audit events?

 While any events could trigger an Audit Event, not all events should. In general, events that are not good candidates for audit events are:

@ -38,7 +38,7 @@ To instrument an audit event, the following attributes should be provided:
 | `message`    | String                              | true      | Message describing the action ([not translated](#i18n-and-the-audit-event-message-attribute)) |
 | `created_at` | DateTime                            | false     | The time when the action occurred. Defaults to `DateTime.current` |

-## How to instrument new Audit Events
+## How to instrument new audit events

 1. Create a [YAML type definition](#add-a-new-audit-event-type) for the new audit event.
 1. Call `Gitlab::Audit::Auditor.audit`, passing an action block.
--- a/doc/subscriptions/bronze_starter.md
+++ b/doc/subscriptions/bronze_starter.md
@ -75,7 +75,7 @@ the tiers are no longer mentioned in GitLab documentation:
  - [Contribution Analytics](../user/group/contribution_analytics/index.md)
  - [Merge Request Analytics](../user/analytics/merge_request_analytics.md)
  - [Code Review Analytics](../user/analytics/code_review_analytics.md)
-  - [Audit Events](../administration/audit_event_reports.md)
+  - [Audit events](../administration/audit_event_reports.md)
 - Rake tasks:
  - [Displaying GitLab license information](../administration/raketasks/maintenance.md#show-gitlab-license-information)
 - Reference Architecture information:
--- a/doc/user/application_security/sast/customize_rulesets.md
+++ b/doc/user/application_security/sast/customize_rulesets.md
@ -108,8 +108,8 @@ See [specify a private remote configuration example](#specify-a-private-remote-c
 If remote configuration file doesn't seem to be applying customizations correctly, the causes can be:

 1. Your repository has a local `.gitlab/sast-ruleset.toml` file.
-    - A local file is used if it's present, even if a remote configuration is set as a variable.
-    - A change to this logic is considered in [issue 414732](https://gitlab.com/gitlab-org/gitlab/-/issues/414732).
+    - By default, a local file is used if it's present, even if a remote configuration is set as a variable.
+    - You can set the [SECURE_ENABLE_LOCAL_CONFIGURATION CI/CD variable](../../../ci/variables/index.md) to `false` to ignore the local configuration file.
 1. There is a problem with authentication.
    - To check whether this is the cause of the problem, try referencing a configuration file from a repository location that doesn't require authentication.

--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@ -588,7 +588,8 @@ Some analyzers can be customized with CI/CD variables.
 | `FAIL_NEVER`                | SpotBugs   | Set to `1` to ignore compilation failure.                                                                                                                                                                                          |
 | `SAST_SEMGREP_METRICS` | Semgrep | Set to `"false"` to disable sending anonymized scan metrics to [r2c](https://semgrep.dev). Default: `true`. |
 | `SAST_SCANNER_ALLOWED_CLI_OPTS`        | Semgrep | CLI options (arguments with value, or flags) that are passed to the underlying security scanner when running scan operation. Only a limited set of [options](#security-scanner-configuration) are accepted. Separate a CLI option and its value using either a blank space or equals (`=`) character. For example: `name1 value1` or `name1=value1`. Multiple options must be separated by blank spaces. For example: `name1 value1 name2 value2`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/368565) in GitLab 15.3. |
-| `SAST_RULESET_GIT_REFERENCE` | All     | Defines a path to a custom ruleset configuration. If a project has a `.gitlab/sast-ruleset.toml` file committed, that local configuration takes precedence and the file from `SAST_RULESET_GIT_REFERENCE` isn’t used. This variable is available for the Ultimate tier only. |
+| `SAST_RULESET_GIT_REFERENCE` | All     | Defines a path to a custom ruleset configuration. If a project has a `.gitlab/sast-ruleset.toml` file committed, that local configuration takes precedence and the file from `SAST_RULESET_GIT_REFERENCE` isn’t used. This variable is available for the Ultimate tier only.|
+| `SECURE_ENABLE_LOCAL_CONFIGURATION` | All     | Enables the option to use custom ruleset configuration. If `SECURE_ENABLE_LOCAL_CONFIGURATION` is set to `false`, the project's custom ruleset configuration file at `.gitlab/sast-ruleset.toml` is ignored and the file from `SAST_RULESET_GIT_REFERENCE` or the default configuration takes precedence. |

 #### Security scanner configuration

--- a/doc/user/application_security/secret_detection/pipeline/index.md
+++ b/doc/user/application_security/secret_detection/pipeline/index.md
@ -392,7 +392,8 @@ optional authentication, and optional Git SHA. The variable uses the following f
 ```

 NOTE:
-A local `.gitlab/secret-detection-ruleset.toml` file in the project takes precedence over `SECRET_DETECTION_RULESET_GIT_REFERENCE`.
+A local `.gitlab/secret-detection-ruleset.toml` file in the project takes precedence over `SECRET_DETECTION_RULESET_GIT_REFERENCE` by default or if `SECURE_ENABLE_LOCAL_CONFIGURATION` is set to `true`.
+If you set `SECURE_ENABLE_LOCAL_CONFIGURATION` to `false`, the local file is ignored and the default configuration or `SECRET_DETECTION_RULESET_GIT_REFERENCE` (if set) is used.

 The following example includes the Pipeline Secret Detection template in a project to be scanned and specifies
 the `SECRET_DETECTION_RULESET_GIT_REFERENCE` variable for referencing a separate project configuration.
--- a/doc/user/compliance/audit_events.md
+++ b/doc/user/compliance/audit_events.md
@ -57,7 +57,7 @@ To view a group's audit events:
 1. Select **Secure > Audit events**.
 1. Filter the audit events by the member of the project (user) who performed the action and date range.

-Group audit events can also be accessed using the [Group Audit Events API](../../api/audit_events.md#group-audit-events). Group audit event queries `created_after` and `created_before` parameters are limited to a maximum 30 day difference between the dates.
+Group audit events can also be accessed using the [group audit events API](../../api/audit_events.md#group-audit-events). Group audit event queries `created_after` and `created_before` parameters are limited to a maximum 30 day difference between the dates.

 ### Project audit events

@ -69,7 +69,7 @@ DETAILS:
 1. Select **Secure > Audit events**.
 1. Filter the audit events by the member of the project (user) who performed the action and date range.

-Project audit events can also be accessed using the [Project Audit Events API](../../api/audit_events.md#project-audit-events). Project audit event queries `created_after` and `created_before` parameters are limited to a maximum 30 day difference between the dates.
+Project audit events can also be accessed using the [project audit events API](../../api/audit_events.md#project-audit-events). Project audit event queries `created_after` and `created_before` parameters are limited to a maximum 30 day difference between the dates.

 ### Sign-in audit events

@ -91,7 +91,7 @@ After upgrading to a paid tier, you can also see successful sign-in events on au
 The time zone used for audit events depends on where you view them:

 - In GitLab UI, your local time zone (GitLab 15.7 and later) or UTC (GitLab 15.6 and earlier) is used.
- The [Audit Events API](../../api/audit_events.md) returns dates and times in UTC by default, or the
+- The [audit events API](../../api/audit_events.md) returns dates and times in UTC by default, or the
  [configured time zone](../../administration/timezone.md) on a self-managed GitLab instance.
 - In CSV exports, UTC is used.

--- a/doc/user/group/saml_sso/troubleshooting.md
+++ b/doc/user/group/saml_sso/troubleshooting.md
@ -309,7 +309,7 @@ As outlined in the [user access section](index.md#link-saml-to-your-existing-git
 If the top-level group has [restricted membership by email domain](../access_and_permissions.md#restrict-group-access-by-domain), and a user with an email domain that is not allowed tries to sign in with SSO, that user might receive a 404. Users might have multiple accounts, and their SAML identity might be linked to their personal account which has an email address that is different than the company domain. To check this, verify the following:

 - That the top-level group has restricted membership by email domain.
- That, in [Audit Events](../../../administration/audit_event_reports.md) for the top-level group:
+- That, in [audit events](../../../administration/audit_event_reports.md) for the top-level group:
  - You can see **Signed in with GROUP_SAML authentication** action for that user.
  - That the user's username is the same as the username you configured for SAML SSO, by selecting the **Author** name.
    - If the username is different to the username you configured for SAML SSO, ask the user to [unlink the SAML identity](index.md#unlink-accounts) from their personal account.
--- a/doc/user/group/saml_sso/troubleshooting_scim.md
+++ b/doc/user/group/saml_sso/troubleshooting_scim.md
@ -252,7 +252,7 @@ invalid JSON primitives (such as `.`). Removing or URL encoding these characters

 ### `(Field) can't be blank` sync error

-When checking the Audit Events for the provisioning, you sometimes see a
+When checking the audit events for the provisioning, you sometimes see a
 `Namespace can't be blank, Name can't be blank, and User can't be blank.` error.

 This error can occur because not all required fields (such as first name and last name) are present for all users
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@ -341,7 +341,7 @@ The following table lists group permissions available for each role:
 | Create and edit [group wiki](project/wiki/group.md) pages                               |       |          | ✓         | ✓          | ✓     |       |
 | Create project in group                                                                 |       |          | ✓         | ✓          | ✓     | Developers, Maintainers and Owners: Only if the project creation role is set at the [instance level](../administration/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects) or the [group level](group/index.md#specify-who-can-add-projects-to-a-group).<br><br>Developers: Developers can push commits to the default branch of a new project only if the [default branch protection](group/manage.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected". |
 | Create/edit/delete metrics dashboard annotations                                        |       |          | ✓         | ✓          | ✓     |       |
-| View group Audit Events                                                                 |       |          | ✓         | ✓          | ✓     | Developers and Maintainers can only view events based on their individual actions. |
+| View group audit events                                                                 |       |          | ✓         | ✓          | ✓     | Developers and Maintainers can only view events based on their individual actions. |
 | Delete [group wiki](project/wiki/group.md) pages                                        |       |          | ✓         | ✓          | ✓     |       |
 | Create subgroup                                                                         |       |          |           | ✓          | ✓     | Maintainers: Only if users with the Maintainer role [can create subgroups](group/subgroups/index.md#change-who-can-create-subgroups). |
 | Create/edit/delete [Maven](packages/maven_repository/index.md#do-not-allow-duplicate-maven-packages), [generic](packages/generic_packages/index.md#do-not-allow-duplicate-generic-packages), [NuGet](packages/nuget_repository/index.md#do-not-allow-duplicate-nuget-packages), and [Terraform Modules](packages/terraform_module_registry/index.md#allow-duplicate-terraform-modules) package duplicate settings |  |  |  |   | ✓ |       |
--- a/lib/gitlab/internal_events.rb
+++ b/lib/gitlab/internal_events.rb
@ -94,9 +94,7 @@ module Gitlab
        return unless event_definition

        event_definition.event_selection_rules.each do |event_selection_rule|
-          matches_filter = event_selection_rule.filter.all? do |property_name, value|
-            additional_properties[property_name] == value
-          end
+          matches_filter = event_selection_rule.matches?(additional_properties)

          next unless matches_filter

--- a/lib/gitlab/usage/event_selection_rule.rb
+++ b/lib/gitlab/usage/event_selection_rule.rb
@ -48,6 +48,12 @@ module Gitlab
        unique_identifier_name.nil?
      end

+      def matches?(additional_properties)
+        filter.all? do |property_name, value|
+          additional_properties[property_name] == value
+        end
+      end
+
      # Implementing `==` to make sure that `a == b` is true if and only if `a` and `b` have equal properties
      # Checks equality by comparing each attribute.
      # @param [Object] Object to be compared
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -7343,9 +7343,6 @@ msgstr ""
 msgid "Attempted to update the pipeline trigger token but failed"
 msgstr ""

-msgid "Audit Events"
-msgstr ""
-
 msgid "Audit events"
 msgstr ""

@ -23885,9 +23882,6 @@ msgstr ""
 msgid "GitLabPages|Force HTTPS (requires valid certificates)"
 msgstr ""

-msgid "GitLabPages|GitLab Pages are disabled for this project. You can enable them on your project's %{strong_start}Settings &gt; General &gt; Visibility%{strong_end} page."
-msgstr ""
-
 msgid "GitLabPages|Maximum size (MB)"
 msgstr ""

@ -42668,10 +42662,10 @@ msgstr ""
 msgid "Promotions|Upgrade your plan to activate Advanced Search."
 msgstr ""

-msgid "Promotions|Upgrade your plan to activate Audit Events."
+msgid "Promotions|Upgrade your plan to activate Group Webhooks."
 msgstr ""

-msgid "Promotions|Upgrade your plan to activate Group Webhooks."
+msgid "Promotions|Upgrade your plan to activate audit events."
 msgstr ""

 msgid "Promotions|Upgrade your plan to improve merge requests."
@ -57776,6 +57770,9 @@ msgstr ""
 msgid "UserMapping|There was a problem reassigning placeholder user."
 msgstr ""

+msgid "UserMapping|There was a problem resending notification email."
+msgstr ""
+
 msgid "UserMapping|To learn more about reassignments, %{link_start}visit the docs%{link_end}. If you don't recognize this request, you can safely ignore this email or %{report_link_start}report abuse%{report_link_end}."
 msgstr ""

--- a/spec/controllers/projects/pages_controller_spec.rb
+++ b/spec/controllers/projects/pages_controller_spec.rb
@ -89,8 +89,8 @@ RSpec.describe Projects::PagesController, feature_category: :pages do
    context 'when pages is disabled' do
      let(:project) { create(:project, :pages_disabled) }

-      it 'renders the disabled view' do
-        expect(subject).to render_template :disabled
+      it 'returns 404 status' do
+        expect(subject).to have_gitlab_http_status(:not_found)
      end
    end
  end
--- a/spec/features/projects/pages/user_edits_settings_spec.rb
+++ b/spec/features/projects/pages/user_edits_settings_spec.rb
@ -32,16 +32,6 @@ RSpec.describe 'Pages edits pages settings', :js, feature_category: :pages do
        expect(page).to have_content('Access pages')
      end

-      context 'when pages are disabled in the project settings' do
-        it 'renders disabled warning' do
-          project.project_feature.update!(pages_access_level: ProjectFeature::DISABLED)
-
-          visit project_pages_path(project)
-
-          expect(page).to have_content('GitLab Pages are disabled for this project')
-        end
-      end
-
      shared_examples 'does not render access control warning' do
        it 'does not render access control warning' do
          visit project_pages_path(project)
@ -213,14 +203,4 @@ RSpec.describe 'Pages edits pages settings', :js, feature_category: :pages do
      end
    end
  end
-
-  context 'when pages are disabled for project' do
-    let_it_be_with_reload(:project) { create(:project, :pages_disabled) }
-
-    it 'renders warning message' do
-      visit project_pages_path(project)
-
-      expect(page).to have_content('GitLab Pages are disabled for this project')
-    end
-  end
 end
--- a/spec/frontend/members/components/placeholders/mock_data.js
+++ b/spec/frontend/members/components/placeholders/mock_data.js
@ -109,6 +109,19 @@ export const mockKeepAsPlaceholderMutationResponse = {
    },
  },
 };
+export const mockResendNotificationMutationResponse = {
+  data: {
+    importSourceUserResendNotification: {
+      errors: [],
+      importSourceUser: {
+        ...mockSourceUsers[0],
+        status: 'AWAITING_APPROVAL',
+        reassignToUser: createMockReassignUser(1),
+      },
+      __typename: 'ImportSourceUserResendNotificationPayload',
+    },
+  },
+};
 export const mockCancelReassignmentMutationResponse = {
  data: {
    importSourceUserCancelReassignment: {
--- a/spec/frontend/members/components/placeholders/placeholder_actions_spec.js
+++ b/spec/frontend/members/components/placeholders/placeholder_actions_spec.js
@ -10,12 +10,14 @@ import PlaceholderActions from '~/members/components/placeholders/placeholder_ac
 import searchUsersQuery from '~/graphql_shared/queries/users_search_all_paginated.query.graphql';
 import importSourceUserReassignMutation from '~/members/placeholders/graphql/mutations/reassign.mutation.graphql';
 import importSourceUserKeepAsPlaceholderMutation from '~/members/placeholders/graphql/mutations/keep_as_placeholder.mutation.graphql';
+import importSourceUserResendNotificationMutation from '~/members/placeholders/graphql/mutations/resend_notification.mutation.graphql';
 import importSourceUserCancelReassignmentMutation from '~/members/placeholders/graphql/mutations/cancel_reassignment.mutation.graphql';

 import {
  mockSourceUsers,
  mockReassignMutationResponse,
  mockKeepAsPlaceholderMutationResponse,
+  mockResendNotificationMutationResponse,
  mockCancelReassignmentMutationResponse,
  mockUser1,
  mockUser2,
@ -41,6 +43,9 @@ describe('PlaceholderActions', () => {
  const cancelReassignmentMutationHandler = jest
    .fn()
    .mockResolvedValue(mockCancelReassignmentMutationResponse);
+  const resendNotificationMutationHandler = jest
+    .fn()
+    .mockResolvedValue(mockResendNotificationMutationResponse);
  const $toast = {
    show: jest.fn(),
  };
@ -50,6 +55,7 @@ describe('PlaceholderActions', () => {
      [searchUsersQuery, seachUsersQueryHandler],
      [importSourceUserReassignMutation, reassignMutationHandler],
      [importSourceUserKeepAsPlaceholderMutation, keepAsPlaceholderMutationHandler],
+      [importSourceUserResendNotificationMutation, resendNotificationMutationHandler],
      [importSourceUserCancelReassignmentMutation, cancelReassignmentMutationHandler],
    ]);

@ -297,10 +303,22 @@ describe('PlaceholderActions', () => {
      expect(findConfirmButton().exists()).toBe(false);
    });

-    it('shows toast when Notify button is clicked', () => {
-      findNotifyButton().vm.$emit('click');
+    describe('when Notify button is clicked', () => {
+      beforeEach(async () => {
+        findNotifyButton().vm.$emit('click');
+        await nextTick();
+      });

-      expect($toast.show).toHaveBeenCalledWith('Notification email sent.');
+      it('calls resendNotification mutation and calls toast', async () => {
+        expect(findNotifyButton().props('loading')).toBe(true);
+        await waitForPromises();
+        expect(findNotifyButton().props('loading')).toBe(false);
+
+        expect(resendNotificationMutationHandler).toHaveBeenCalledWith({
+          id: mockSourceUser.id,
+        });
+        expect($toast.show).toHaveBeenCalledWith('Notification email sent.');
+      });
    });

    describe('when Cancel button is clicked', () => {
--- a/spec/frontend/observability/components/datetime_range_picker_spec.js
+++ b/spec/frontend/observability/components/datetime_range_picker_spec.js
@ -129,4 +129,11 @@ describe('DatetimeRangePicker', () => {

    expect(wrapper.emitted().input).toBeUndefined();
  });
+
+  it('sets the state props of the underlying components', () => {
+    createComponent({ ...defaultProps, state: false });
+
+    expect(findGlDaterangePicker().props('startPickerState')).toEqual(false);
+    expect(findGlDaterangePicker().props('endPickerState')).toEqual(false);
+  });
 });
--- a/spec/frontend/observability/date_range_filter_spec.js
+++ b/spec/frontend/observability/date_range_filter_spec.js
@ -226,4 +226,17 @@ describe('DateRangeFilter', () => {

    expect(findDatetimeRangesPicker().props('maxDateRange')).toBe(7);
  });
+
+  it('sets dateTimeRangePickerState to state', () => {
+    mount({
+      selected: {
+        value: 'custom',
+        startDate: new Date('2022-01-01'),
+        endDate: new Date('2022-01-02'),
+      },
+      dateTimeRangePickerState: false,
+    });
+
+    expect(findDatetimeRangesPicker().props('state')).toBe(false);
+  });
 });
--- a/spec/lib/gitlab/usage/event_selection_rule_spec.rb
+++ b/spec/lib/gitlab/usage/event_selection_rule_spec.rb
@ -205,6 +205,53 @@ RSpec.describe Gitlab::Usage::EventSelectionRule, feature_category: :service_pin
    end
  end

+  describe '.matches?' do
+    subject do
+      described_class
+        .new(name: 'an_event', time_framed: true, filter: filter, unique_identifier_name: :user)
+        .matches?(additional_properties)
+    end
+
+    context 'with no filter' do
+      let(:filter) { {} }
+      let(:additional_properties) { {} }
+
+      context "with no additional_properties" do
+        let(:additional_properties) { {} }
+
+        it { is_expected.to eq true }
+      end
+
+      context "with additional_properties" do
+        let(:additional_properties) { { label: 'label1' } }
+
+        it { is_expected.to eq true }
+      end
+    end
+
+    context 'with filter' do
+      let(:filter) { { label: 'label1' } }
+
+      context "with matching additional_properties" do
+        let(:additional_properties) { { label: 'label1', proeprty: 'prop1' } }
+
+        it { is_expected.to eq true }
+      end
+
+      context "with not matching additional_properties" do
+        let(:additional_properties) { { proeprty: 'prop1' } }
+
+        it { is_expected.to eq false }
+      end
+
+      context "with no additional_properties" do
+        let(:additional_properties) { {} }
+
+        it { is_expected.to eq false }
+      end
+    end
+  end
+
  describe 'object equality - #eql' do
    def expect_inequality(actual, other)
      expect(actual.eql?(other)).to be_falsey
--- a/spec/lib/sidebars/projects/menus/deployments_menu_spec.rb
+++ b/spec/lib/sidebars/projects/menus/deployments_menu_spec.rb
@ -86,6 +86,8 @@ RSpec.describe Sidebars::Projects::Menus::DeploymentsMenu, feature_category: :na

          it { is_expected.to be_nil }
        end
+
+        it_behaves_like 'access rights checks'
      end

      describe 'when pages are not enabled' do
--- a/spec/migrations/20240611121101_remove_project_statistics_storage_size_and_project_id_index_spec.rb
+++ b/spec/migrations/20240611121101_remove_project_statistics_storage_size_and_project_id_index_spec.rb
@ -4,7 +4,9 @@ require 'spec_helper'

 require_migration!

-RSpec.describe RemoveProjectStatisticsStorageSizeAndProjectIdIndex, feature_category: :consumables_cost_management do
+RSpec.describe RemoveProjectStatisticsStorageSizeAndProjectIdIndex,
+  feature_category: :consumables_cost_management,
+  schema: 20240611121101 do
  let(:migration) { described_class.new }
  let(:postgres_async_indexes) { table(:postgres_async_indexes) }

--- a/spec/migrations/20240708121037_remove_idx_project_statistics_storage_size_and_project_id_sync_spec.rb
+++ b/spec/migrations/20240708121037_remove_idx_project_statistics_storage_size_and_project_id_sync_spec.rb
@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!
+
+RSpec.describe RemoveIdxProjectStatisticsStorageSizeAndProjectIdSync,
+  feature_category: :consumables_cost_management,
+  schema: 20240708121037 do
+  let(:migration) { described_class.new }
+
+  describe '#up' do
+    it 'does nothing when not on gitlab.com' do
+      expect(migration).not_to receive(:remove_concurrent_index_by_name)
+
+      migration.up
+    end
+
+    it 'removes the index when on gitlab.com', :saas do
+      expect(migration).to receive(:remove_concurrent_index_by_name)
+
+      migration.up
+    end
+  end
+
+  describe '#down' do
+    it 'does nothing when not on gitlab.com' do
+      expect(migration).not_to receive(:add_concurrent_index)
+
+      migration.down
+    end
+
+    it 're-adds the index when on gitlab.com', :saas do
+      expect(migration).to receive(:add_concurrent_index)
+
+      migration.down
+    end
+  end
+end
--- a/spec/models/integration_spec.rb
+++ b/spec/models/integration_spec.rb
@ -1674,7 +1674,7 @@ RSpec.describe Integration, feature_category: :integrations do
  end

  describe '#async_execute' do
-    let(:integration) { described_class.new(id: 123) }
+    let(:integration) { build(:jenkins_integration, id: 123) }
    let(:data) { { object_kind: 'build' } }
    let(:serialized_data) { data.deep_stringify_keys }
    let(:supported_events) { %w[push build] }
@ -1699,6 +1699,18 @@ RSpec.describe Integration, feature_category: :integrations do

        async_execute
      end
+
+      it 'writes a log' do
+        expect(Gitlab::IntegrationsLogger).to receive(:info).with(
+          hash_including(
+            message: 'async_execute did nothing due to event not being supported',
+            integration_class: 'Integrations::Jenkins',
+            event: 'build'
+          )
+        ).and_call_original
+
+        async_execute
+      end
    end

    context 'when the Gitlab::SilentMode is enabled' do
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@ -3557,6 +3557,54 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
    end
  end

+  describe 'pages' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:ability, :current_user, :access_level, :allowed) do
+      :admin_pages | ref(:maintainer) | Featurable::ENABLED  | true
+      :admin_pages | ref(:reporter)   | Featurable::ENABLED  | false
+      :admin_pages | ref(:guest)      | Featurable::ENABLED  | false
+      :admin_pages | ref(:non_member) | Featurable::ENABLED  | false
+
+      :update_pages | ref(:maintainer) | Featurable::ENABLED  | true
+      :update_pages | ref(:reporter)   | Featurable::ENABLED  | false
+      :update_pages | ref(:guest)      | Featurable::ENABLED  | false
+      :update_pages | ref(:non_member) | Featurable::ENABLED  | false
+
+      :remove_pages | ref(:maintainer) | Featurable::ENABLED  | true
+      :remove_pages | ref(:reporter)   | Featurable::ENABLED  | false
+      :remove_pages | ref(:guest)      | Featurable::ENABLED  | false
+      :remove_pages | ref(:non_member) | Featurable::ENABLED  | false
+
+      :read_pages | ref(:maintainer) | Featurable::ENABLED  | true
+      :read_pages | ref(:reporter)   | Featurable::ENABLED  | false
+      :read_pages | ref(:guest)      | Featurable::ENABLED  | false
+      :read_pages | ref(:non_member) | Featurable::ENABLED  | false
+
+      :read_pages_content | ref(:maintainer) | Featurable::ENABLED  | true
+      :read_pages_content | ref(:reporter)   | Featurable::ENABLED  | true
+      :read_pages_content | ref(:reporter)   | Featurable::PRIVATE  | true
+      :read_pages_content | ref(:reporter)   | Featurable::DISABLED | false
+      :read_pages_content | ref(:guest)      | Featurable::ENABLED  | true
+      :read_pages_content | ref(:guest)      | Featurable::PRIVATE  | true
+      :read_pages_content | ref(:guest)      | Featurable::DISABLED | false
+      :read_pages_content | ref(:non_member) | Featurable::ENABLED  | true
+      :read_pages_content | ref(:non_member) | Featurable::PRIVATE  | false
+      :read_pages_content | ref(:non_member) | Featurable::DISABLED | false
+    end
+    with_them do
+      before do
+        project.project_feature.update!(pages_access_level: access_level)
+      end
+
+      if params[:allowed]
+        it { expect_allowed(ability) }
+      else
+        it { expect_disallowed(ability) }
+      end
+    end
+  end
+
  describe 'read_model_registry' do
    using RSpec::Parameterized::TableSyntax

--- a/spec/support/shared_examples/controllers/internal_event_tracking_examples.rb
+++ b/spec/support/shared_examples/controllers/internal_event_tracking_examples.rb
@ -15,6 +15,10 @@

 RSpec.shared_examples 'internal event tracking' do
  let(:all_metrics) do
+    additional_properties = Gitlab::InternalEvents::ALLOWED_ADDITIONAL_PROPERTIES.to_h do |key, _val|
+      [key, try(key)]
+    end
+
    Gitlab::Usage::MetricDefinition.all.filter_map do |definition|
      matching_rules = definition.event_selection_rules.map do |event_selection_rule|
        next unless event_selection_rule.name == event
@ -22,9 +26,7 @@ RSpec.shared_examples 'internal event tracking' do
        # Only include unique metrics if the unique_identifier_name is present in the spec
        next if event_selection_rule.unique_identifier_name && !try(event_selection_rule.unique_identifier_name)

-        event_selection_rule.filter.all? do |property_name, value|
-          try(property_name) == value
-        end
+        event_selection_rule.matches?(additional_properties)
      end

      definition.key if matching_rules.flatten.any?
				`@ -0,0 +1 @@`
				`9a51da84b0b6bb947fd5c0d816a71a1f0feec7d72ee60e9ea13ba7b811f27dfa`
				`@ -0,0 +1 @@`
				`d4c2b04d7a22dcc32343d3d2cd7c2ccda11117c029f5ea4e60ec4eebed531fec`