Add latest changes from gitlab-org/gitlab@master

2025-05-02 18:13:03 +00:00 · 2025-05-02 18:13:03 +00:00 · 247d342e12
parent ea042ca488
commit 247d342e12
70 changed files with 606 additions and 117 deletions
--- a/.rubocop_todo/migration/prevent_feature_flags_usage.yml
+++ b/.rubocop_todo/migration/prevent_feature_flags_usage.yml
@ -1,6 +0,0 @@
 ---
 Migration/PreventFeatureFlagsUsage:
  Details: grace period
  Exclude:
    - 'db/migrate/20250228183319_migrate_vscode_extension_marketplace_feature_flag_to_data.rb'
    - 'db/post_migrate/20250404151331_backfill_ci_job_live_trace_application_setting.rb'
--- a/2
+++ b/2
@ -699,7 +699,7 @@ gem 'valid_email', '~> 0.1', feature_category: :shared
 # JSON
 gem 'jsonb_accessor', '~> 1.4', feature_category: :shared
-gem 'json', '~> 2.10.0', feature_category: :shared
+gem 'json', '~> 2.11.0', feature_category: :shared
 gem 'json_schemer', '~> 2.3.0', feature_category: :shared
 gem 'oj', '~> 3.16.0', '>=3.16.10', feature_category: :shared
 gem 'oj-introspect', '~> 0.8', feature_category: :shared
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@ -348,8 +348,8 @@
 {"name":"jira-ruby","version":"2.3.0","platform":"ruby","checksum":"abf26e6bff4a8ea40bae06f7df6276a5776905c63fb2070934823ca54f62eb62"},
 {"name":"jmespath","version":"1.6.2","platform":"ruby","checksum":"238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1"},
 {"name":"js_regex","version":"3.8.0","platform":"ruby","checksum":"7934bcdd5a0e6d5af4a520288fd4684a02a472ae55831d9178ccaf82356344b5"},
-{"name":"json","version":"2.10.2","platform":"java","checksum":"fe31faac61ea21ea1448c35450183f84e85c2b94cc6522c241959ba9d1362006"},
+{"name":"json","version":"2.11.3","platform":"java","checksum":"cfe8db24e49073c5bcd93699d106a1c1c9e5bc301fcc0de05965e72fad999a34"},
-{"name":"json","version":"2.10.2","platform":"ruby","checksum":"34e0eada93022b2a0a3345bb0b5efddb6e9ff5be7c48e409cfb54ff8a36a8b06"},
+{"name":"json","version":"2.11.3","platform":"ruby","checksum":"9a10f658a2de67c0eb837eb795dd48132ce797c403e52b5ebef87dcdc7f9ccc1"},
 {"name":"json-jwt","version":"1.16.6","platform":"ruby","checksum":"ab451f9cd8743cecc4137f4170806046c1d8a6d4ee6e8570e0b5c958409b266c"},
 {"name":"json_schemer","version":"2.3.0","platform":"ruby","checksum":"9f1fa173b859ca520f15e9e8d08b0892ffca80b78dd8221feb3e360ff4cdeb35"},
 {"name":"jsonb_accessor","version":"1.4","platform":"java","checksum":"2c5590d33d89c7b929d5cf38ae3d2c52658bf6f84f03b06ede5c88e9d76f3451"},
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1071,7 +1071,7 @@ GEM
      character_set (~> 1.4)
      regexp_parser (~> 2.5)
      regexp_property_values (~> 1.0)
-    json (2.10.2)
+    json (2.11.3)
    json-jwt (1.16.6)
      activesupport (>= 4.2)
      aes_key_wrap
@ -2236,7 +2236,7 @@ DEPENDENCIES
  ipynbdiff!
  jira-ruby (~> 2.3.0)
  js_regex (~> 3.8)
-  json (~> 2.10.0)
+  json (~> 2.11.0)
  json_schemer (~> 2.3.0)
  jsonb_accessor (~> 1.4)
  jwt (~> 2.9.3)
--- a/Gemfile.next.checksum
+++ b/Gemfile.next.checksum
@ -348,8 +348,8 @@
 {"name":"jira-ruby","version":"2.3.0","platform":"ruby","checksum":"abf26e6bff4a8ea40bae06f7df6276a5776905c63fb2070934823ca54f62eb62"},
 {"name":"jmespath","version":"1.6.2","platform":"ruby","checksum":"238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1"},
 {"name":"js_regex","version":"3.8.0","platform":"ruby","checksum":"7934bcdd5a0e6d5af4a520288fd4684a02a472ae55831d9178ccaf82356344b5"},
-{"name":"json","version":"2.10.2","platform":"java","checksum":"fe31faac61ea21ea1448c35450183f84e85c2b94cc6522c241959ba9d1362006"},
+{"name":"json","version":"2.11.3","platform":"java","checksum":"cfe8db24e49073c5bcd93699d106a1c1c9e5bc301fcc0de05965e72fad999a34"},
-{"name":"json","version":"2.10.2","platform":"ruby","checksum":"34e0eada93022b2a0a3345bb0b5efddb6e9ff5be7c48e409cfb54ff8a36a8b06"},
+{"name":"json","version":"2.11.3","platform":"ruby","checksum":"9a10f658a2de67c0eb837eb795dd48132ce797c403e52b5ebef87dcdc7f9ccc1"},
 {"name":"json-jwt","version":"1.16.6","platform":"ruby","checksum":"ab451f9cd8743cecc4137f4170806046c1d8a6d4ee6e8570e0b5c958409b266c"},
 {"name":"json_schemer","version":"2.3.0","platform":"ruby","checksum":"9f1fa173b859ca520f15e9e8d08b0892ffca80b78dd8221feb3e360ff4cdeb35"},
 {"name":"jsonb_accessor","version":"1.4","platform":"java","checksum":"2c5590d33d89c7b929d5cf38ae3d2c52658bf6f84f03b06ede5c88e9d76f3451"},
--- a/Gemfile.next.lock
+++ b/Gemfile.next.lock
@ -1071,7 +1071,7 @@ GEM
      character_set (~> 1.4)
      regexp_parser (~> 2.5)
      regexp_property_values (~> 1.0)
-    json (2.10.2)
+    json (2.11.3)
    json-jwt (1.16.6)
      activesupport (>= 4.2)
      aes_key_wrap
@ -2236,7 +2236,7 @@ DEPENDENCIES
  ipynbdiff!
  jira-ruby (~> 2.3.0)
  js_regex (~> 3.8)
-  json (~> 2.10.0)
+  json (~> 2.11.0)
  json_schemer (~> 2.3.0)
  jsonb_accessor (~> 1.4)
  jwt (~> 2.9.3)
--- a/app/assets/javascripts/authentication/sessions/components/session_expire_modal.vue
+++ b/app/assets/javascripts/authentication/sessions/components/session_expire_modal.vue
@ -0,0 +1,84 @@
 <script>
 import { GlModal } from '@gitlab/ui';
 import { uniqueId } from 'lodash';
 import { visitUrl } from '~/lib/utils/url_utility';
 import { __ } from '~/locale';
 import { INTERVAL_SESSION_MODAL } from '../constants';
 export default {
  components: {
    GlModal,
  },
  props: {
    message: {
      type: String,
      required: true,
    },
    sessionTimeout: {
      type: Number,
      required: true,
    },
    signInUrl: {
      type: String,
      required: true,
    },
    title: {
      type: String,
      required: true,
    },
  },
  data() {
    return {
      intervalId: null,
      modalId: uniqueId('expire-session-modal-'),
      showModal: false,
    };
  },
  async created() {
    this.intervalId = setInterval(this.checkStatus, INTERVAL_SESSION_MODAL);
    document.addEventListener('visibilitychange', this.onDocumentVisible);
  },
  beforeDestroy() {
    this.clearEvents();
  },
  methods: {
    clearEvents() {
      if (this.intervalId) {
        clearInterval(this.intervalId);
        document.removeEventListener('visibilitychange', this.onDocumentVisible);
        this.intervalId = null;
      }
    },
    checkStatus() {
      if (Date.now() >= this.sessionTimeout) {
        this.showModal = true;
        this.clearEvents();
      }
    },
    onDocumentVisible() {
      if (document.visibilityState === 'visible') {
        this.checkStatus();
      }
    },
    goTo() {
      visitUrl(this.signInUrl);
    },
  },
  reload: { text: __('Sign in') },
  cancel: { text: __('Cancel') },
 };
 </script>
 <template>
  <gl-modal
    v-model="showModal"
    :modal-id="modalId"
    :title="title"
    :action-primary="$options.reload"
    :action-cancel="$options.cancel"
    aria-live="assertive"
    @primary="goTo"
  >
    {{ message }}
  </gl-modal>
 </template>
--- a/app/assets/javascripts/authentication/sessions/constants.js
+++ b/app/assets/javascripts/authentication/sessions/constants.js
@ -0,0 +1 @@
 export const INTERVAL_SESSION_MODAL = 10 * 1000;
--- a/app/assets/javascripts/authentication/sessions/index.js
+++ b/app/assets/javascripts/authentication/sessions/index.js
@ -0,0 +1,25 @@
 import Vue from 'vue';
 import { s__ } from '~/locale';
 import SessionExpireModal from './components/session_expire_modal.vue';
 export const initExpireSessionModal = () => {
  const el = document.getElementById('js-session-expire-modal');
  if (!el) return null;
  const { sessionTimeout, signInUrl } = el.dataset;
  const message = s__('SessionExpire|Your session has expired. Please, sign in again.');
  const title = s__('SessionExpire|Your session has expired');
  return new Vue({
    el,
    render: (createElement) =>
      createElement(SessionExpireModal, {
        props: {
          message,
          sessionTimeout: parseInt(sessionTimeout, 10),
          signInUrl,
          title,
        },
      }),
  });
 };
--- a/app/assets/javascripts/ci/pipeline_mini_graph/pipeline_stage_dropdown.vue
+++ b/app/assets/javascripts/ci/pipeline_mini_graph/pipeline_stage_dropdown.vue
@ -159,11 +159,16 @@ export default {
    <template #header>
      <div
        data-testid="pipeline-stage-dropdown-menu-title"
-        class="gl-flex gl-min-h-8 gl-items-center gl-border-b-1 gl-border-b-dropdown !gl-p-4 gl-text-sm gl-font-bold gl-leading-1 gl-border-b-solid"
+        class="gl-border-b gl-flex gl-min-h-8 gl-items-center !gl-p-4 gl-text-sm gl-font-bold gl-leading-1 gl-border-b-solid"
      >
        <span>{{ dropdownHeaderText }}</span>
      </div>
-      <gl-search-box-by-type v-if="searchVisible" v-model="search" class="gl-m-2" borderless />
+      <gl-search-box-by-type
        v-if="searchVisible"
        v-model="search"
        class="pipeline-mini-graph-search"
        borderless
      />
    </template>
    <div v-if="isLoading" class="gl-flex gl-gap-3 gl-px-4 gl-py-3">
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@ -33,7 +33,7 @@ import initWorkItemAttributePopovers from './work_item_attribute_popovers';
 import initBroadcastNotifications from './broadcast_notification';
 import { initCopyCodeButton } from './behaviors/copy_code';
 import initGitlabVersionCheck from './gitlab_version_check';
-
+import { initExpireSessionModal } from './authentication/sessions';
 import 'ee_else_ce/main_ee';
 import 'jh_else_ce/main_jh';
@ -96,6 +96,7 @@ function deferredInitialisation() {
  initDefaultTrackers();
  initCopyCodeButton();
  initGitlabVersionCheck();
  initExpireSessionModal();
  addSelectOnFocusBehaviour('.js-select-on-focus');
--- a/app/assets/stylesheets/page_bundles/pipelines.scss
+++ b/app/assets/stylesheets/page_bundles/pipelines.scss
@ -47,6 +47,26 @@
  }
 }
 .pipeline-mini-graph-search {
  // stylelint-disable-next-line gitlab/no-gl-class
  .gl-form-input {
    @apply gl-w-full gl-h-auto gl-py-4 gl-border-none gl-rounded-none gl-text-base gl-leading-normal;
    padding-left: calc(#{$gl-spacing-scale-7} + #{$gl-spacing-scale-2});
    padding-right: calc(#{$gl-spacing-scale-6} + #{$gl-spacing-scale-2});
    background-color: var(--gl-dropdown-search-background-color);
    @apply gl-border-b;
    &:hover {
      @apply gl-shadow-none;
    }
  }
  // stylelint-disable-next-line gitlab/no-gl-class
  .gl-search-box-by-type-search-icon {
    @apply gl-inset-4;
  }
 }
 // Pipeline failed status
 .ci-job-component.ci-job-item-failed:not(:hover):not(:focus) > a {
  @include ci-job-item-failed-status-bg;
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@ -12,6 +12,11 @@ module SessionsHelper
    Gitlab::Utils::Email.obfuscated_email(email)
  end
  def session_expire_modal_data
    { session_timeout: Gitlab::Auth::SessionExpireFromInitEnforcer.session_expires_at(session) * 1000,
      sign_in_url: new_session_url(:user, redirect_to_referer: 'yes') }
  end
  def remember_me_enabled?
    Gitlab::CurrentSettings.allow_user_remember_me?
  end
--- a/app/models/concerns/has_repository.rb
+++ b/app/models/concerns/has_repository.rb
@ -47,6 +47,10 @@ module HasRepository
    repository.branch_exists?(branch)
  end
  def ref_exists?(ref)
    repository.ref_exists?(ref)
  end
  def commit_by(oid:)
    repository.commit_by(oid: oid)
  end
--- a/app/models/integrations/jira.rb
+++ b/app/models/integrations/jira.rb
@ -184,10 +184,6 @@ module Integrations
    # https://gitlab.com/gitlab-org/gitlab/issues/29404
    # These fields are API only, so no field definition is required.
    data_field :jira_issue_transition_automatic
    data_field :project_key
    data_field :vulnerabilities_enabled
    data_field :vulnerabilities_issuetype
    data_field :customize_jira_issue_enabled
    # When these are false GitLab does not create cross reference
    # comments on Jira except when an issue gets transitioned.
--- a/app/services/merge_requests/build_service.rb
+++ b/app/services/merge_requests/build_service.rb
@ -197,7 +197,29 @@ module MergeRequests
    end
    def source_branch_exists?
-      source_branch.blank? || source_project.branch_exists?(source_branch)
+      source_branch.blank? || source_project.branch_exists?(source_branch) || ref_exists_in_gitaly?
    end
    def ref_exists_in_gitaly?
      return false unless Feature.enabled?(:pull_ref_directly_from_gitaly, project)
      # The following check acts as a fallback if there is a mismatch between
      # the cache and repository state. If the branch ref does not exist in the cache
      # then we validate the repository state with Gitaly to avoid an inconsistent response.
      exists = source_project.ref_exists?("refs/heads/#{source_branch}")
      return false unless exists
      # Only log when we find a ref that exists in Gitaly but was not found elsewhere
      Gitlab::AppJsonLogger.info(
        class: self.class.to_s,
        method: __method__,
        project_id: project.id,
        source_branch: source_branch,
        **Gitlab::ApplicationContext.current
      )
      true
    end
    def target_branch_exists?
--- a/app/views/layouts/_page.html.haml
+++ b/app/views/layouts/_page.html.haml
@ -9,6 +9,7 @@
  %aside.js-super-sidebar.super-sidebar.super-sidebar-loading{ data: { root_path: root_path, sidebar: sidebar_data, force_desktop_expanded_sidebar: @force_desktop_expanded_sidebar.to_s, command_palette: command_palette_data(project: @project, current_ref: current_ref).to_json, is_saas: Gitlab.com?.to_s } }
  = render_if_exists "layouts/tanuki_bot_chat"
  = render_if_exists "layouts/session_expire_modal"
  .content-wrapper{ class: "#{@content_wrapper_class}" }
    -# Broadcast messages
--- a/app/views/layouts/_session_expire_modal.html.haml
+++ b/app/views/layouts/_session_expire_modal.html.haml
@ -0,0 +1,3 @@
 - return unless current_user && Gitlab::CurrentSettings.session_expire_from_init && Feature.enabled?(:session_expire_from_init, :instance)
 #js-session-expire-modal{ data: session_expire_modal_data }
--- a/config/feature_flags/gitlab_com_derisk/pull_ref_directly_from_gitaly.yml
+++ b/config/feature_flags/gitlab_com_derisk/pull_ref_directly_from_gitaly.yml
@ -0,0 +1,9 @@
 ---
 name: pull_ref_directly_from_gitaly
 feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/348565
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/188492
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/536824
 milestone: '18.0'
 group: group::source code
 type: gitlab_com_derisk
 default_enabled: false
--- a/data/deprecations/16-0-deprecate-postgresql-13.yml
+++ b/data/deprecations/16-0-deprecate-postgresql-13.yml
@ -6,7 +6,7 @@
  stage: Enablement
  issue_url: https://gitlab.com/groups/gitlab-org/-/epics/9065
  body: |
-    GitLab follows an [annual upgrade cadence for PostgreSQL](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/data_stores/database/postgresql-upgrade-cadence/).
+    GitLab follows an [annual upgrade cadence for PostgreSQL](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/data-access/database-framework/postgresql-upgrade-cadence/).
    Support for PostgreSQL 13 is scheduled for removal in GitLab 17.0.
    In GitLab 17.0, PostgreSQL 14 becomes the minimum required PostgreSQL version.
--- a/db/migrate/20250228183319_migrate_vscode_extension_marketplace_feature_flag_to_data.rb
+++ b/db/migrate/20250228183319_migrate_vscode_extension_marketplace_feature_flag_to_data.rb
@ -42,11 +42,6 @@ class MigrateVSCodeExtensionMarketplaceFeatureFlagToData < Gitlab::Database::Mig
  private
  def extension_marketplace_flag_enabled?
-    # NOTE: It's possible the flag is only enabled for a specific user, but in that case we'll assume
+    feature_flag_enabled?('web_ide_extensions_marketplace')
    # the instance admin didn't want the feature globally available and we won't initialize the data.
    Feature.enabled?(:web_ide_extensions_marketplace, nil) &&
      # NOTE: We only want to migrate instances that have **explicitly** opted in to the early
      # extensions marketplace experience (not just enabled by default feature flag).
      Feature.persisted_name?(:web_ide_extensions_marketplace)
  end
 end
--- a/db/migrate/20250313171706_partition_vulnerability_archives.rb
+++ b/db/migrate/20250313171706_partition_vulnerability_archives.rb
@ -36,10 +36,29 @@ class PartitionVulnerabilityArchives < Gitlab::Database::Migration[2.2]
  end
  def down
    # Drop the constraint from partitioned table.
    connection.execute(<<~SQL)
      ALTER TABLE vulnerability_archived_records DROP CONSTRAINT fk_rails_601e008d4b;
    SQL
    # Drop the constraint from detached partitions.
    foreign_keys = connection.execute(<<~SQL)
      SELECT
        table_schema,
        table_name
      FROM
        information_schema.table_constraints
      WHERE
        table_name ILIKE 'vulnerability_archived_records%'
        AND constraint_name = 'fk_rails_601e008d4b';
    SQL
    foreign_keys.values.each do |schema, table_name| # rubocop:disable Style/HashEachMethods -- This is a Hash
      connection.execute(<<~SQL)
        ALTER TABLE connection.quote_table_name(#{schema}.#{table_name}) DROP CONSTRAINT fk_rails_601e008d4b;
      SQL
    end
    drop_table :vulnerability_archives
    create_table :vulnerability_archives do |t| # rubocop:disable Migration/EnsureFactoryForTable -- false positive
--- a/db/post_migrate/20250404151331_backfill_ci_job_live_trace_application_setting.rb
+++ b/db/post_migrate/20250404151331_backfill_ci_job_live_trace_application_setting.rb
@ -6,8 +6,8 @@ class BackfillCiJobLiveTraceApplicationSetting < Gitlab::Database::Migration[2.2
  milestone '17.11'
  def up
-    ci_enable_live_trace = Feature.enabled?(:ci_enable_live_trace,
+    ci_enable_live_trace = feature_flag_enabled?('ci_enable_live_trace') &&
-      :instance) && Gitlab.config.artifacts.object_store.enabled
+      Gitlab.config.artifacts.object_store.enabled
    sql = <<~SQL
      UPDATE application_settings
--- a/doc/administration/credentials_inventory.md
+++ b/doc/administration/credentials_inventory.md
@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Authentication
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-title: Credentials inventory for GitLab Self-Managed
+gitlab_dedicated: yes
 title: Credentials inventory
 ---
 {{< details >}}
 - Tier: Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -24,7 +25,7 @@ For GitLab.com, see [Credentials inventory for GitLab.com](../user/group/credent
 {{< /alert >}}
-Use the credentials inventory to monitor and control access to your GitLab Self-Managed instance.
+Use the credentials inventory to monitor and control access to your instance.
 As an administrator, you can:
--- a/doc/administration/repository_checks.md
+++ b/doc/administration/repository_checks.md
@ -2,13 +2,14 @@
 stage: Systems
 group: Gitaly
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Repository checks
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -50,7 +51,7 @@ Instead of checking repositories manually, GitLab can be configured to run the c
 When enabled, GitLab periodically runs a repository check on all project repositories and wiki
 repositories to detect possible data corruption. A project is checked no more than once per month, and new projects aren't checked for at least 24 hours.
-Administrators can configure the frequency of repository checks. To edit the frequency:
+GitLab Self-Managed administrators can configure the frequency of repository checks. To edit the frequency:
 - For Linux package installations, edit `gitlab_rails['repository_check_worker_cron']` in
  `/etc/gitlab/gitlab.rb`.
@ -66,6 +67,12 @@ Repositories with known check failures can be found at
 ## Run a check using the command line
 {{< details >}}
 - Offering: GitLab Self-Managed
 {{< /details >}}
 You can run [`git fsck`](https://git-scm.com/docs/git-fsck) using the command line on repositories on
 [Gitaly servers](gitaly/_index.md). To locate the repositories:
@ -88,6 +95,12 @@ You can run [`git fsck`](https://git-scm.com/docs/git-fsck) using the command li
 ## What to do if a check failed
 {{< details >}}
 - Offering: GitLab Self-Managed
 {{< /details >}}
 If a repository check fails, locate the error in the [`repocheck.log` file](logs/_index.md#repochecklog) on disk at:
 - `/var/log/gitlab/gitlab-rails` for Linux package installations.
@ -103,6 +116,12 @@ If periodic repository checks cause false alarms, you can clear all repository c
 ## Troubleshooting
 {{< details >}}
 - Offering: GitLab Self-Managed
 {{< /details >}}
 When working with repository checks, you might encounter the following issues.
 ### Error: `failed to parse commit <commit SHA> from object database for commit-graph`
--- a/doc/administration/review_abuse_reports.md
+++ b/doc/administration/review_abuse_reports.md
@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Review abuse reports
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/_index.md
+++ b/doc/administration/settings/_index.md
@ -2,6 +2,7 @@
 stage: none
 group: unassigned
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 description: Product settings.
 title: Update your Admin area settings
 ---
@ -9,7 +10,7 @@ title: Update your Admin area settings
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/account_and_limit_settings.md
+++ b/doc/administration/settings/account_and_limit_settings.md
@ -756,6 +756,12 @@ users from deleting their own accounts:
 ## Troubleshooting
 {{< details >}}
 - Offering: GitLab Self-Managed
 {{< /details >}}
 ### 413 Request Entity Too Large
 When attaching a file to a comment or reply in GitLab, the [max attachment size](#max-attachment-size)
--- a/doc/administration/settings/continuous_integration.md
+++ b/doc/administration/settings/continuous_integration.md
@ -2,13 +2,14 @@
 stage: Verify
 group: Pipeline Execution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: CI/CD settings
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/email.md
+++ b/doc/administration/settings/email.md
@ -2,13 +2,14 @@
 stage: Plan
 group: Project Management
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Email
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -23,7 +24,7 @@ The logo in the header of some emails can be customized, see the [logo customiza
 {{< details >}}
 - Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -44,7 +45,7 @@ To include the author's email address in the email body:
 {{< details >}}
 - Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -63,7 +64,7 @@ To enable multipart email:
 {{< details >}}
 - Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -91,7 +92,7 @@ recognized by GitLab. This can directly conflict with certain [Push rules](../..
 {{< details >}}
 - Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -120,13 +121,6 @@ To disable these notifications:
 ### Custom additional text in deactivation emails
 {{< details >}}
 - Tier: Free, Premium, Ultimate
 - Offering: GitLab Self-Managed
 {{< /details >}}
 {{< history >}}
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355964) in GitLab 15.9 [with a flag](../feature_flags.md) named `deactivation_email_additional_text`. Disabled by default.
@ -149,13 +143,6 @@ To add additional text to deactivation emails:
 ## Group and project access token expiry emails to inherited members
 {{< details >}}
 - Tier: Free, Premium, Ultimate
 - Offering: GitLab Self-Managed
 {{< /details >}}
 {{< history >}}
 - Notifications to inherited group members [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/463016) in GitLab 17.7 [with a flag](../feature_flags.md) named `pat_expiry_inherited_members_notification`. Disabled by default.
--- a/doc/administration/settings/external_authorization.md
+++ b/doc/administration/settings/external_authorization.md
@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Authentication
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: External authorization control
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/files_api_rate_limits.md
+++ b/doc/administration/settings/files_api_rate_limits.md
@ -2,14 +2,15 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-description: Configure rate limits for the repository files API on GitLab Self-Managed.
+gitlab_dedicated: yes
 description: Configure rate limits for the repository files API.
 title: Rate limits on Repository files API
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/git_lfs_rate_limits.md
+++ b/doc/administration/settings/git_lfs_rate_limits.md
@ -2,6 +2,7 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 description: Configure rate limits for Git LFS on GitLab.
 title: Rate limits on Git LFS
 ---
@ -9,7 +10,7 @@ title: Rate limits on Git LFS
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed
+- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/import_and_export_settings.md
+++ b/doc/administration/settings/import_and_export_settings.md
@ -2,13 +2,14 @@
 stage: Foundations
 group: Import and Integrate
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Import and export settings
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -121,6 +122,12 @@ To allow mapping of imported user contributions to administrators:
 ## Skip confirmation when reassigning placeholder users
 {{< details >}}
 - Offering: GitLab Self-Managed
 {{< /details >}}
 {{< history >}}
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/534330) in GitLab 18.0 [with a flag](../feature_flags.md) named `importer_user_mapping_allow_bypass_of_confirmation`. Disabled by default.
--- a/doc/administration/settings/incident_management_rate_limits.md
+++ b/doc/administration/settings/incident_management_rate_limits.md
@ -2,13 +2,14 @@
 stage: Monitor
 group: Platform Insights
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Incident management rate limits
 ---
 {{< details >}}
 - Tier: Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/instance_template_repository.md
+++ b/doc/administration/settings/instance_template_repository.md
@ -2,14 +2,15 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-description: Configure a collection of file templates available for all projects on GitLab Self-Managed.
+gitlab_dedicated: yes
 description: Configure a collection of file templates available for all projects.
 title: Instance template repository
 ---
 {{< details >}}
 - Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/localization.md
+++ b/doc/administration/settings/localization.md
@ -2,13 +2,14 @@
 stage: none
 group: unassigned
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Localization
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/package_registry_rate_limits.md
+++ b/doc/administration/settings/package_registry_rate_limits.md
@ -2,13 +2,14 @@
 stage: Package
 group: Package Registry
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Package registry rate limits
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/protected_paths.md
+++ b/doc/administration/settings/protected_paths.md
@ -2,13 +2,14 @@
 stage: none
 group: unassigned
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Protected paths
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/push_event_activities_limit.md
+++ b/doc/administration/settings/push_event_activities_limit.md
@ -2,6 +2,7 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 description: Configure limits on the number of single push events your instance will allow.
 title: Push event activities limit and bulk push events
 ---
@ -9,7 +10,7 @@ title: Push event activities limit and bulk push events
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/security_and_compliance.md
+++ b/doc/administration/settings/security_and_compliance.md
@ -2,13 +2,14 @@
 stage: Application Security Testing
 group: Composition Analysis
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Security and compliance Admin area settings
 ---
 {{< details >}}
 - Tier: Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/security_contact_information.md
+++ b/doc/administration/settings/security_contact_information.md
@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Compliance
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Provide public security contact information
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/administration/settings/visibility_and_access_controls.md
+++ b/doc/administration/settings/visibility_and_access_controls.md
@ -2,14 +2,15 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-description: Control project visibility, creation, retention, and deletion on GitLab Self-Managed.
+gitlab_dedicated: yes
 description: Control project visibility, creation, retention, and deletion.
 title: Control access and visibility
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -59,7 +60,7 @@ is turned on, administrators must enter Admin Mode to create new projects.
 {{< details >}}
 - Tier: Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -342,6 +343,12 @@ This happens even if you select **Only SSH**, because GitLab Runner and CI/CD jo
 ## Customize Git clone URL for HTTP(S)
 {{< details >}}
 - Offering: GitLab Self-Managed
 {{< /details >}}
 You can customize project Git clone URLs for HTTP(S), which affects the clone
 panel shown to users on a project's page. For example, if:
--- a/doc/api/project_integrations.md
+++ b/doc/api/project_integrations.md
@ -1489,6 +1489,10 @@ Parameters:
 | `issues_enabled` | boolean | no | Enable viewing Jira issues in GitLab. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267015) in GitLab 17.0. |
 | `project_keys` | array of strings | no | Keys of Jira projects. When `issues_enabled` is `true`, this setting specifies which Jira projects to view issues from in GitLab. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267015) in GitLab 17.0. |
 | `use_inherited_settings` | boolean | no | Indicates whether to inherit the default settings. Defaults to `false`. |
 | `vulnerabilities_enabled` | boolean | no | Available only in GitLab EE. When set to `true`, creates Jira issues for GitLab vulnerabilities.|
 | `vulnerabilities_issuetype` | number | no | Available only in GitLab EE. ID of the Jira issue type to use when creating issues from vulnerabilities. |
 | `project_key` | string | no | Available only in GitLab EE. Key of the project to use when creating issues from vulnerabilities. This parameter is required if using the integration to create issues from vulnerabilities. |
 | `customize_jira_issue_enabled` | boolean | no | Available only in GitLab EE. When set to `true`, opens a prefilled form on the Jira instance when creating a Jira issue from a vulnerability. |
 ### Disable Jira
--- a/doc/development/adding_service_component.md
+++ b/doc/development/adding_service_component.md
@ -63,7 +63,7 @@ The first iteration should be opt-in, either through the `gitlab.yml` configurat
 Code shipped with GitLab needs to use a license approved by the Legal team. See the list of [existing approved licenses](https://handbook.gitlab.com/handbook/engineering/open-source/#using-open-source-software).
-Notify the [Distribution team](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/systems/distribution/) when adding a new dependency that must be compiled. We must be able to compile the dependency on all supported platforms.
+Notify the [Distribution team](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/gitlab-delivery/distribution/) when adding a new dependency that must be compiled. We must be able to compile the dependency on all supported platforms.
 New services to be bundled with GitLab need to be available in the following environments.
@ -86,7 +86,7 @@ In order for a service to be bundled for end-users or GitLab.com, it needs to be
 Dependencies should be kept up to date and be tracked for security updates. For the Rails codebase, the JavaScript and Ruby dependencies are
 scanned for vulnerabilities using GitLab [dependency scanning](../user/application_security/dependency_scanning/_index.md).
-In addition, any system dependencies used in Omnibus packages or the Cloud Native images should be added to the [dependency update automation](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/systems/distribution/maintenance/dependencies.io/#adding-new-dependencies).
+In addition, any system dependencies used in Omnibus packages or the Cloud Native images should be added to the [dependency update automation](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/gitlab-delivery/distribution/maintenance).
 ## Release management
--- a/doc/development/architecture.md
+++ b/doc/development/architecture.md
@ -90,7 +90,7 @@ new features and services must be written to consider Kubernetes compatibility *
 The simplest way to ensure this, is to add support for your feature or service to
 [the official GitLab Helm chart](https://docs.gitlab.com/charts/) or reach out to
-[the Distribution team](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/systems/distribution/#how-to-work-with-distribution).
+[the Distribution team](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/gitlab-delivery/distribution/#how-to-work-with-distribution).
 Refer to the [process for adding new service components](adding_service_component.md) for more details.
--- a/doc/development/code_review.md
+++ b/doc/development/code_review.md
@ -175,7 +175,7 @@ by a reviewer before passing it to a maintainer as described in the
 | `~frontend` changes <sup>1</sup>       | [Frontend maintainer](https://handbook.gitlab.com/handbook/engineering/projects/#gitlab_maintainers_frontend). |
 | `~UX` user-facing changes <sup>3</sup> | [Product Designer](https://handbook.gitlab.com/handbook/engineering/projects/#gitlab_reviewers_UX). Refer to the [design and user interface guidelines](contributing/design.md) for details. |
 | Adding a new JavaScript library <sup>1</sup> | - [Frontend Design System member](https://about.gitlab.com/direction/foundations/design_system/) if the library significantly increases the [bundle size](https://gitlab.com/gitlab-org/frontend/playground/webpack-memory-metrics/-/blob/main/doc/report.md).<br/>- A [legal department member](https://handbook.gitlab.com/handbook/legal/) if the license used by the new library hasn't been approved for use in GitLab.<br/><br/>More information about license compatibility can be found in our [GitLab Licensing and Compatibility documentation](licensing.md). |
-| A new dependency or a file system change | - [Distribution team member](https://about.gitlab.com/company/team/). See how to work with the [Distribution team](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/systems/distribution/#how-to-work-with-distribution) for more details.<br/>- For RubyGems, request an [AppSec review](gemfile.md#request-an-appsec-review). |
+| A new dependency or a file system change | - [Distribution team member](https://about.gitlab.com/company/team/). See how to work with the [Distribution team](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/gitlab-delivery/distribution/#how-to-work-with-distribution) for more details.<br/>- For RubyGems, request an [AppSec review](gemfile.md#request-an-appsec-review). |
 | `~documentation` or `~UI text` changes | [Technical writer](https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments) based on assignments in the appropriate [DevOps stage group](https://handbook.gitlab.com/handbook/product/categories/#devops-stages). |
 | Changes to development guidelines | Follow the [review process](development_processes.md#development-guidelines-review) and get the approvals accordingly. |
 | End-to-end **and** non-end-to-end changes <sup>4</sup> | [Software Engineer in Test](https://handbook.gitlab.com/handbook/engineering/quality/#individual-contributors). |
--- a/doc/development/database/adding_database_indexes.md
+++ b/doc/development/database/adding_database_indexes.md
@ -328,12 +328,6 @@ Be aware that certain factors can give the false impression that an index is unu
          parent_idx.relname = '<PARENT_INDEX_NAME>';
        ```
      - Run the following command in the Rails console:
        ```ruby
        Gitlab::Database::PostgresPartitionedTable.by_identifier('public.<PARENT_TABLE_NAME>').indexes
        ```
 1. For GitLab.com, you can view index usage data in [Grafana](https://dashboards.gitlab.net/goto/shHCmIxHg?orgId=1).
   - Query the metric `pg_stat_user_indexes_idx_scan` filtered by the relevant index(s) for at least the last 6 months.
     The query below shows index usage across all database instances combined.
--- a/doc/development/database/multiple_databases.md
+++ b/doc/development/database/multiple_databases.md
@ -683,7 +683,7 @@ end
 ```
 Don't hesitate to reach out to the
-[Pods group](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/data_stores/tenant-scale/)
+[Tenant Scale group](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/tenant-scale/)
 for advice.
 ##### Avoid `dependent: :nullify` and `dependent: :destroy` across databases
--- a/doc/development/database/not_null_constraints.md
+++ b/doc/development/database/not_null_constraints.md
@ -160,7 +160,7 @@ end
 #### Check if all records are fixed (next release)
-Use postgres.ai to [create a thin clone](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/data_stores/database/doc/gitlab-com-database/#use-postgresai-to-work-with-a-thin-clone-of-the-database-includes-direct-psql-access-to-the-thin-clone)
+Use postgres.ai to [create a thin clone](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/data-access/database-framework/doc/gitlab-com-database/#use-postgresai-to-work-with-a-thin-clone-of-the-database-includes-direct-psql-access-to-the-thin-clone)
 of the production database and check if all records on GitLab.com have the attribute set.
 If not go back to [Prevent new invalid records](#prevent-new-invalid-records-current-release) step and figure out where
 in the code the attribute is explicitly set to `nil`. Fix the code path then reschedule the migration to fix the existing
--- a/doc/development/database/transaction_guidelines.md
+++ b/doc/development/database/transaction_guidelines.md
@ -11,7 +11,7 @@ For further reference, check PostgreSQL documentation about [transactions](https
 ## Database decomposition and sharding
-The [Pods group](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/data_stores/tenant-scale/) plans
+The [Tenant Scale group](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/tenant-scale/) plans
 to split the main GitLab database and move some of the database tables to other database servers.
 We start decomposing the `ci_*`-related database tables first. To maintain the current application
--- a/doc/development/distribution/_index.md
+++ b/doc/development/distribution/_index.md
@ -16,7 +16,7 @@ to one must be made to the other to retain feature parity.
 ## Contributing
 The primary projects handled by Distribution are listed below. For more
-information, visit the [Distribution team engineering handbook page](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/systems/distribution/)
+information, visit the [Distribution team engineering handbook page](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/gitlab-delivery/distribution/)
 or select one of the subsections in the navigation bar.
 ### GitLab application
--- a/doc/security/ssh_keys_restrictions.md
+++ b/doc/security/ssh_keys_restrictions.md
@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Authentication
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Restrict allowed SSH key technologies and minimum length
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@ -3388,7 +3388,7 @@ In milestone 17.0, we will remove the `pipelines` attribute from the API respons
 </div>
-GitLab follows an [annual upgrade cadence for PostgreSQL](https://handbook.gitlab.com/handbook/engineering/infrastructure/core-platform/data_stores/database/postgresql-upgrade-cadence/).
+GitLab follows an [annual upgrade cadence for PostgreSQL](https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/data-access/database-framework/postgresql-upgrade-cadence/).
 Support for PostgreSQL 13 is scheduled for removal in GitLab 17.0.
 In GitLab 17.0, PostgreSQL 14 becomes the minimum required PostgreSQL version.
--- a/doc/user/application_security/vulnerabilities/validity_check.md
+++ b/doc/user/application_security/vulnerabilities/validity_check.md
@ -10,7 +10,7 @@ title: Validity checks
 Status: Experiment
 - Tier: Ultimate
- Offering: GitLab.com, GitLab Dedicated
+- Offering: GitLab.com
 {{< /details >}}
@ -28,10 +28,7 @@ This feature is available for testing, but not ready for production use.
 {{< /alert >}}
 ## What is a validity check?
 GitLab validity checks determines whether a secret, like an access token, is active.
 A secret is active when:
 - It is not expired.
@ -54,10 +51,10 @@ To enable validity checks for a project:
 - Contact your GitLab representative and ask them to enable validity checks.
 If validity checks are enabled, when the `secret_detection` CI/CD job is complete,
-GitLab checks the status of supported detected secrets. The statuses are displayed on the
+GitLab checks the status of detected secrets. The statuses are displayed on the
 **Findings** page of the vulnerability report.
-## Coverage
+### Coverage
 Validity checks supports the following secret types:
--- a/doc/user/packages/container_registry/container_repository_protection_rules.md
+++ b/doc/user/packages/container_registry/container_repository_protection_rules.md
@ -2,13 +2,14 @@
 stage: Container
 group: Container Registry
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Protected container repositories
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed
+- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/user/packages/package_registry/package_protection_rules.md
+++ b/doc/user/packages/package_registry/package_protection_rules.md
@ -2,13 +2,14 @@
 stage: Package
 group: Package Registry
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Protected packages
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed
+- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/user/profile/account/two_factor_authentication.md
+++ b/doc/user/profile/account/two_factor_authentication.md
@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Authentication
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Two-factor authentication
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed
+- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
@ -431,7 +432,7 @@ This clears all your 2FA registrations, including mobile applications and WebAut
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/user/profile/account/two_factor_authentication_troubleshooting.md
+++ b/doc/user/profile/account/two_factor_authentication_troubleshooting.md
@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Authentication
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Troubleshooting two-factor authentication
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed
+- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/doc/user/tasks.md
+++ b/doc/user/tasks.md
@ -2,13 +2,14 @@
 stage: Plan
 group: Project Management
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 gitlab_dedicated: yes
 title: Tasks
 ---
 {{< details >}}
 - Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed
+- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
 {{< /details >}}
--- a/lib/gitlab/ci/pipeline/chain/command.rb
+++ b/lib/gitlab/ci/pipeline/chain/command.rb
@ -43,10 +43,9 @@ module Gitlab
          end
          def merge_request_ref_exists?
-            strong_memoize(:merge_request_ref_exists) do
+            return check_merge_request_ref if Feature.enabled?(:pull_ref_directly_from_gitaly, project)
-              MergeRequest.merge_request_ref?(origin_ref) &&
+
-                project.repository.ref_exists?(origin_ref)
+            strong_memoize(:merge_request_ref_exists) { check_merge_request_ref }
            end
          end
          def ref
@ -166,6 +165,10 @@ module Gitlab
          def gitlab_org_project?
            project.full_path == 'gitlab-org/gitlab'
          end
          def check_merge_request_ref
            MergeRequest.merge_request_ref?(origin_ref) && project.repository.ref_exists?(origin_ref)
          end
        end
      end
    end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -34011,6 +34011,12 @@ msgstr ""
 msgid "JiraIntegration|Enable viewing Jira issues in GitLab."
 msgstr ""
 msgid "JiraIntegration|Jira issue type to use when creating issues from vulnerabilities."
 msgstr ""
 msgid "JiraIntegration|Key of the project to use when creating issues from vulnerabilities.This parameter is required if using the integration to create Jira issues from vulnerabilities."
 msgstr ""
 msgid "JiraIntegration|Keys of Jira projects. When `issues_enabled` is `true`, this setting specifies which Jira projects to view issues from in GitLab."
 msgstr ""
@ -34038,6 +34044,12 @@ msgstr ""
 msgid "JiraIntegration|The email or username to use with Jira. Use an email for Jira Cloud, and a username for Jira Data Center and Jira Server. Required when using Basic Authentication (`jira_auth_type` is `0`)."
 msgstr ""
 msgid "JiraIntegration|Turn on Jira issue creation for GitLab vulnerabilities."
 msgstr ""
 msgid "JiraIntegration|When set to `true`, opens a prefilled form on the Jira instancewhen creating a Jira issue from a vulnerability."
 msgstr ""
 msgid "JiraRequest|A connection error occurred while connecting to Jira. Try your request again."
 msgstr ""
@ -56850,6 +56862,12 @@ msgstr ""
 msgid "Session ID"
 msgstr ""
 msgid "SessionExpire|Your session has expired"
 msgstr ""
 msgid "SessionExpire|Your session has expired. Please, sign in again."
 msgstr ""
 msgid "Session|There was a error loading the user verification challenge. Refresh to try again."
 msgstr ""
@ -71863,6 +71881,9 @@ msgstr ""
 msgid "image diff"
 msgstr ""
 msgid "image_pull_secrets.namespace and shared_namespace must match if shared_namespace is specified"
 msgstr ""
 msgid "impersonation token"
 msgstr ""
--- a/spec/frontend/authentication/sessions/components/session_expire_modal_spec.js
+++ b/spec/frontend/authentication/sessions/components/session_expire_modal_spec.js
@ -0,0 +1,104 @@
 import { GlModal } from '@gitlab/ui';
 import { shallowMount } from '@vue/test-utils';
 import { nextTick } from 'vue';
 import SessionExpireModal from '~/authentication/sessions/components/session_expire_modal.vue';
 import { INTERVAL_SESSION_MODAL } from '~/authentication/sessions/constants';
 import { visitUrl } from '~/lib/utils/url_utility';
 jest.useFakeTimers();
 jest.mock('~/lib/utils/url_utility');
 describe('SessionExpireModal', () => {
  const message = 'Modal message';
  const sessionTimeout = 0;
  const signInUrl = 'http://gitlab.example.com/users/sign_in?redirect_to_referer=yes';
  const title = 'Modal title';
  let wrapper;
  const createComponent = (props = {}) => {
    wrapper = shallowMount(SessionExpireModal, {
      propsData: {
        message,
        sessionTimeout,
        signInUrl,
        title,
        ...props,
      },
    });
  };
  const findModal = () => wrapper.findComponent(GlModal);
  it('initially, it does not show the modal', () => {
    createComponent();
    expect(findModal().props()).toMatchObject({
      visible: false,
      title,
      actionPrimary: {
        text: 'Sign in',
      },
      actionCancel: {
        text: 'Cancel',
      },
    });
    expect(findModal().attributes()).toMatchObject({
      'aria-live': 'assertive',
    });
  });
  describe('when there is a expiring session', () => {
    it('shows the modal triggered by time elapsed', async () => {
      jest.spyOn(global, 'setInterval');
      jest.spyOn(global, 'clearInterval');
      createComponent();
      expect(setInterval).toHaveBeenCalledTimes(1);
      expect(setInterval).toHaveBeenCalledWith(expect.any(Function), INTERVAL_SESSION_MODAL);
      jest.advanceTimersByTime(INTERVAL_SESSION_MODAL);
      await nextTick();
      expect(findModal().props('visible')).toBe(true);
      expect(clearInterval).toHaveBeenCalledTimes(1);
      expect(clearInterval).toHaveBeenCalledWith(expect.any(Number));
    });
    it('shows the modal triggered by changevisibility event', async () => {
      jest.spyOn(document, 'addEventListener');
      jest.spyOn(document, 'removeEventListener');
      createComponent();
      nextTick();
      expect(document.addEventListener).toHaveBeenCalledTimes(1);
      expect(document.addEventListener).toHaveBeenCalledWith(
        'visibilitychange',
        expect.any(Function),
      );
      document.dispatchEvent(new Event('visibilitychange'));
      await nextTick();
      expect(findModal().props('visible')).toBe(true);
      expect(document.removeEventListener).toHaveBeenCalledTimes(1);
      expect(document.removeEventListener).toHaveBeenCalledWith(
        'visibilitychange',
        expect.any(Function),
      );
    });
    it('shows the correct modal content', async () => {
      createComponent();
      await nextTick();
      expect(findModal().text()).toBe(message);
    });
    it('triggers a refresh of the current page', () => {
      createComponent();
      findModal().vm.$emit('primary');
      expect(visitUrl).toHaveBeenCalledWith(signInUrl);
    });
  });
 });
--- a/spec/helpers/sessions_helper_spec.rb
+++ b/spec/helpers/sessions_helper_spec.rb
@ -3,6 +3,8 @@
 require 'spec_helper'
 RSpec.describe SessionsHelper, feature_category: :system_access do
  include Devise::Test::ControllerHelpers
  describe '#unconfirmed_email?' do
    it 'returns true when the flash alert contains a devise failure unconfirmed message' do
      flash[:alert] = t(:unconfirmed, scope: [:devise, :failure])
@ -91,6 +93,21 @@ RSpec.describe SessionsHelper, feature_category: :system_access do
    end
  end
  describe '#session_expire_modal_data' do
    before do
      allow(Gitlab::Auth::SessionExpireFromInitEnforcer).to receive(:session_expires_at).and_return(5)
    end
    subject { helper.session_expire_modal_data }
    it 'returns the expected data' do
      expect(subject).to match(a_hash_including({
        session_timeout: 5000,
        sign_in_url: a_string_including(/^http/)
      }))
    end
  end
  describe '#remember_me_enabled?' do
    subject { helper.remember_me_enabled? }
--- a/spec/lib/gitlab/ci/pipeline/chain/command_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/chain/command_spec.rb
@ -126,6 +126,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Command, feature_category: :pipeline
      subject { command.merge_request_ref_exists? }
      let!(:merge_request) { create(:merge_request, source_project: project, target_project: project) }
      let(:origin_ref) { merge_request.source_branch }
      context 'for existing merge request ref' do
        let(:origin_ref) { merge_request.ref_path }
@ -134,10 +135,26 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Command, feature_category: :pipeline
      end
      context 'for branch ref' do
        let(:origin_ref) { merge_request.source_branch }
        it { is_expected.to eq(false) }
      end
      it 'does not memoize the result' do
        expect(command).to receive(:check_merge_request_ref).twice
        2.times { command.merge_request_ref_exists? }
      end
      context 'when pull_ref_directly_from_gitaly feature flag is disabled' do
        before do
          stub_feature_flags(pull_ref_directly_from_gitaly: false)
        end
        it 'memoizes the result' do
          expect(command).to receive(:check_merge_request_ref).once
          2.times { command.merge_request_ref_exists? }
        end
      end
    end
    describe '#ref' do
--- a/spec/models/integrations/jira_spec.rb
+++ b/spec/models/integrations/jira_spec.rb
@ -15,7 +15,6 @@ RSpec.describe Integrations::Jira, feature_category: :integrations do
  let(:jira_issue_prefix) { '' }
  let(:jira_issue_regex) { '' }
  let(:password) { 'jira-password' }
  let(:project_key) { 'TEST' }
  let(:project_keys) { %w[TEST1 TEST2] }
  let(:transition_id) { 'test27' }
  let(:server_info_results) { { 'deploymentType' => 'Cloud' } }
@ -26,7 +25,6 @@ RSpec.describe Integrations::Jira, feature_category: :integrations do
      url: url,
      username: username,
      password: password,
      project_key: project_key,
      project_keys: project_keys
    )
  end
@ -223,7 +221,18 @@ RSpec.describe Integrations::Jira, feature_category: :integrations do
    subject(:fields) { integration.fields }
    it 'returns custom fields' do
-      expect(fields.pluck(:name)).to eq(%w[url api_url jira_auth_type username password jira_issue_regex jira_issue_prefix jira_issue_transition_id issues_enabled project_keys])
+      expect(fields.pluck(:name)).to include(
        'url',
        'api_url',
        'jira_auth_type',
        'username',
        'password',
        'jira_issue_regex',
        'jira_issue_prefix',
        'jira_issue_transition_id',
        'issues_enabled',
        'project_keys'
      )
    end
  end
@ -408,7 +417,6 @@ RSpec.describe Integrations::Jira, feature_category: :integrations do
        jira_issue_regex: jira_issue_regex,
        jira_issue_prefix: jira_issue_prefix,
        jira_issue_transition_id: transition_id,
        project_key: project_key,
        project_keys: project_keys
      }
    end
@ -429,7 +437,6 @@ RSpec.describe Integrations::Jira, feature_category: :integrations do
      expect(integration.jira_tracker_data.jira_issue_prefix).to eq(jira_issue_prefix)
      expect(integration.jira_tracker_data.jira_issue_transition_id).to eq(transition_id)
      expect(integration.jira_tracker_data.deployment_cloud?).to be_truthy
      expect(integration.jira_tracker_data.project_key).to eq(project_key)
      expect(integration.jira_tracker_data.project_keys).to eq(project_keys)
    end
--- a/spec/services/merge_requests/build_service_spec.rb
+++ b/spec/services/merge_requests/build_service_spec.rb
@ -14,6 +14,7 @@ RSpec.describe MergeRequests::BuildService, feature_category: :code_review_workf
  let(:issue) { create(:issue, project: project, title: 'A bug', confidential: issue_confidential) }
  let(:description) { nil }
  let(:source_branch) { 'feature' }
  let(:ref_path) { "refs/heads/#{source_branch}" }
  let(:target_branch) { 'master' }
  let(:milestone_id) { nil }
  let(:label_ids) { [] }
@ -133,6 +134,8 @@ RSpec.describe MergeRequests::BuildService, feature_category: :code_review_workf
      before do
        project.add_reporter(user)
        allow(source_project).to receive(:ref_exists?).with(ref_path).and_return(false)
      end
      it 'assigns force_remove_source_branch' do
@ -543,6 +546,7 @@ RSpec.describe MergeRequests::BuildService, feature_category: :code_review_workf
      before do
        allow(project).to receive(:branch_exists?).with(target_branch).and_return(true)
        allow(project).to receive(:branch_exists?).with(source_branch).and_return(false)
        allow(project).to receive(:ref_exists?).with(ref_path).and_return(false)
      end
      it_behaves_like 'forbids the merge request from being created' do
@ -550,6 +554,61 @@ RSpec.describe MergeRequests::BuildService, feature_category: :code_review_workf
      end
    end
    context 'when a source branch ref exists in Gitaly but not in the ref cache' do
      let(:log_arguments) do
        {
          class: 'MergeRequests::BuildService',
          method: :ref_exists_in_gitaly?,
          project_id: project.id,
          source_branch: source_branch
        }
      end
      before do
        allow(service).to receive(:source_project).and_return(project)
        allow(project).to receive(:branch_exists?).with(target_branch).and_return(true)
        allow(project).to receive(:branch_exists?).with(source_branch).and_return(false)
      end
      context 'when the ref exists in Gitaly' do
        before do
          allow(project).to receive(:ref_exists?).with(ref_path).and_return(true)
        end
        it 'logs info' do
          expect(project).to receive(:ref_exists?).with(ref_path)
          expect(Gitlab::AppJsonLogger).to receive(:info).with(hash_including(**log_arguments))
          service.execute
        end
      end
      context 'when the ref does not exist in Gitaly' do
        before do
          allow(project).to receive(:ref_exists?).with(ref_path).and_return(false)
        end
        it 'does not log info' do
          expect(project).to receive(:ref_exists?).with(ref_path)
          expect(Gitlab::AppJsonLogger).not_to receive(:info).with(hash_including(**log_arguments))
          service.execute
        end
      end
      context 'and the pull_ref_directly_from_gitaly FF is disabled' do
        before do
          stub_feature_flags(pull_ref_directly_from_gitaly: false)
        end
        it 'does not check for refs in Gitaly' do
          expect(project).not_to receive(:ref_exists?).with(ref_path)
          service.execute
        end
      end
    end
    context 'target branch does not exist' do
      before do
        allow(project).to receive(:branch_exists?).with(target_branch).and_return(false)
@ -563,6 +622,7 @@ RSpec.describe MergeRequests::BuildService, feature_category: :code_review_workf
    context 'both source and target branches do not exist' do
      before do
        allow(project).to receive(:ref_exists?).with(ref_path).and_return(false)
        allow(project).to receive(:branch_exists?).and_return(false)
      end
--- a/spec/support/shared_contexts/features/integrations/integrations_shared_context.rb
+++ b/spec/support/shared_contexts/features/integrations/integrations_shared_context.rb
@ -40,8 +40,10 @@ RSpec.shared_context 'with integration' do
  let(:custom_attributes) do
    {
      jira: %i[
-        comment_on_event_enabled jira_issue_transition_automatic jira_issue_transition_id project_key
+        comment_on_event_enabled
-        issues_enabled vulnerabilities_enabled vulnerabilities_issuetype
+        jira_issue_transition_automatic
        jira_issue_transition_id
        issues_enabled
      ]
    }
  end
--- a/spec/support/shared_examples/models/concerns/has_repository_shared_examples.rb
+++ b/spec/support/shared_examples/models/concerns/has_repository_shared_examples.rb
@ -139,6 +139,21 @@ RSpec.shared_examples 'model with repository' do
    it { expect(container.repo_exists?).to be(true) }
  end
  describe '#ref_exists?' do
    let(:ref_path) { 'refs/heads/master' }
    let(:non_existent_ref_path) { 'refs/heads/foo' }
    before do
      allow_next_instance_of(Gitlab::GitalyClient::RefService) do |ref_service|
        allow(ref_service).to receive(:ref_exists?).with(ref_path).and_return(true)
        allow(ref_service).to receive(:ref_exists?).with(non_existent_ref_path).and_return(false)
      end
    end
    it { expect(container.ref_exists?(ref_path)).to be(true) }
    it { expect(container.ref_exists?(non_existent_ref_path)).to be(false) }
  end
  describe '#root_ref' do
    let(:root_ref) { container.repository.root_ref }
--- a/spec/views/layouts/_session_expire_modal.html.haml_spec.rb
+++ b/spec/views/layouts/_session_expire_modal.html.haml_spec.rb
@ -0,0 +1,17 @@
 # frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe 'layouts/_session_expire_modal', feature_category: :system_access do
  let(:user) { build_stubbed(:user) }
  before do
    allow(view).to receive_messages(current_user: user, session_expire_modal_data: { session_timeout: 5000 })
    stub_application_setting(session_expire_from_init: true)
  end
  it 'renders the modal' do
    render
    expect(rendered).to have_selector('#js-session-expire-modal')
  end
 end
		`@ -0,0 +1 @@`
							`export const INTERVAL_SESSION_MODAL = 10 * 1000;`
		`@ -0,0 +1,3 @@`
							`- return unless current_user && Gitlab::CurrentSettings.session_expire_from_init && Feature.enabled?(:session_expire_from_init, :instance)`

							`#js-session-expire-modal{ data: session_expire_modal_data }`