diff --git a/doc/ci/testing/code_quality.md b/doc/ci/testing/code_quality.md
index d953699dbee..f8e18199c23 100644
--- a/doc/ci/testing/code_quality.md
+++ b/doc/ci/testing/code_quality.md
@@ -239,7 +239,7 @@ To use a rootless private runner:
      --token "<project_token>" \
      --non-interactive \
      --builds-dir "/tmp/builds" \
-     --env "DOCKER_HOST=unix:///run/user/<gitlab-runner-user>/docker.sock"
+     --env "DOCKER_HOST=unix:///run/user/<gitlab-runner-user>/docker.sock" \
      --docker-host "unix:///run/user/<gitlab-runner-user>/docker.sock"
    ```
 
diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md
index e993c164935..fd5e5ca0b2d 100644
--- a/doc/user/application_security/policies/index.md
+++ b/doc/user/application_security/policies/index.md
@@ -348,9 +348,6 @@ The workaround is to amend your group or instance push rules to allow branches f
 - When creating a Scan Result Policy, neither the array `severity_levels` nor the array
   `vulnerability_states` in the [`scan_finding` rule](../policies/scan-result-policies.md#scan_finding-rule-type)
   can be left empty. For a working rule, at least one entry must exist.
-- When configuring pipeline and merge request approval policies, it's important to remember that security scans
-  performed in manual jobs are not verified to determine whether MR approval is required. When you
-  run a manual job with security scans, it does not ensure approval even if vulnerabilities are
-  introduced.
+- When merge request approval policies are enforced on projects containing manual jobs in their pipeline, policies evaluate the completed pipeline jobs and ignore the manual jobs. When the manual jobs are run, the policy re-evaluates the MR.
 
 If you are still experiencing issues, you can [view recent reported bugs](https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=popularity&state=opened&label_name%5B%5D=group%3A%3Asecurity%20policies&label_name%5B%5D=type%3A%3Abug&first_page_size=20) and raise new unreported issues.
diff --git a/qa/Gemfile b/qa/Gemfile
index 1862d1551f0..10b61076282 100644
--- a/qa/Gemfile
+++ b/qa/Gemfile
@@ -37,7 +37,7 @@ gem 'chemlab', '~> 0.11', '>= 0.11.1'
 gem 'chemlab-library-www-gitlab-com', '~> 0.1', '>= 0.1.1'
 
 # dependencies for jenkins client
-gem 'nokogiri', '~> 1.16', '>= 1.16.2'
+gem 'nokogiri', '~> 1.16', '>= 1.16.3'
 
 gem 'deprecation_toolkit', '~> 2.2.0', require: false
 
diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock
index b363dcb1e9a..04b05f04483 100644
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@@ -214,7 +214,7 @@ GEM
     multi_json (1.15.0)
     multi_xml (0.6.0)
     netrc (0.11.0)
-    nokogiri (1.16.2)
+    nokogiri (1.16.3)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     octokit (8.1.0)
@@ -365,7 +365,7 @@ DEPENDENCIES
   gitlab_quality-test_tooling (~> 1.19.1)
   influxdb-client (~> 3.1)
   knapsack (~> 4.0)
-  nokogiri (~> 1.16, >= 1.16.2)
+  nokogiri (~> 1.16, >= 1.16.3)
   octokit (~> 8.1.0)
   parallel (~> 1.24)
   parallel_tests (~> 4.4)