Add latest changes from gitlab-org/gitlab@master

GITLAB_KAS_VERSION

@@ -1 +1 @@
-adf6423dc236e77ffd6caa9835af6bcadacb1af2
+8a9909381cf05e2d68b28d123337ba8c7bc5da30

data/deprecations/17-9-change-CS-default-severity-threshold.yml

@@ -0,0 +1,24 @@
+- title: "Container Scanning default severity threshold set to `medium`"
+  removal_milestone: "18.0"
+  announcement_milestone: "17.9"
+  breaking_change: true
+  window: 1  # Can be 1, 2, or 3 - The window when the breaking change will be deployed on GitLab.com
+  reporter: gonzoyumo  # The GitLab username of the person reporting the change
+  stage: application security testing
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/515358
+  impact: low # Can be one of: [critical, high, medium, low]
+  scope: project # Can be one or a combination of: [instance, group, project]
+  resolution_role: Maintainer # Can be one of: [Admin, Owner, Maintainer, Developer]
+  manual_task: true  # Can be true or false. Use this to denote whether a resolution action must be performed manually (true), or if it can be automated by using the API or other automation (false).
+  body: |  # (required) Don't change this line.
+    The Container Scanning security feature generates a lot of security findings and this volume is often difficult for engineering teams to manage.
+    By changing the severity threshold to `medium`, we provide a more reasonable default to our users, where any findings with a severity below `medium` are not reported.
+    Starting with GitLab 18.0, the default value for the `CS_SEVERITY_THRESHOLD` environment variable is set to `medium` instead of `unknown`. As a result, the security findings with the `low` and `unknown`
+    severity levels will no longer be reported by default. Consequently, any vulnerablity with these severities that were previously reported on the default branch will be marked as no longer detected
+    upon the next execution of Container Scanning.
+    To continue showing these findings, you must configure the `CS_SEVERITY_THRESHOLD` variable to the desired level.
+  end_of_support_milestone:
+  tiers: [Free, Premium, Ultimate]
+  documentation_url: https://docs.gitlab.com/ee/user/application_security/container_scanning/
+  image_url:
+  video_url:

db/post_migrate/20250124052834_add_merge_request_assignees_project_id_not_null_constraint.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class AddMergeRequestAssigneesProjectIdNotNullConstraint < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '17.9'
+
+  def up
+    add_not_null_constraint :merge_request_assignees, :project_id, validate: false
+  end
+
+  def down
+    remove_not_null_constraint :merge_request_assignees, :project_id
+  end
+end

db/post_migrate/20250124052851_prepare_merge_request_assignees_project_id_not_null_validation.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class PrepareMergeRequestAssigneesProjectIdNotNullValidation < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '17.9'
+
+  CONSTRAINT_NAME = :check_1442f79624
+
+  def up
+    prepare_async_check_constraint_validation :merge_request_assignees, name: CONSTRAINT_NAME
+  end
+
+  def down
+    unprepare_async_check_constraint_validation :merge_request_assignees, name: CONSTRAINT_NAME
+  end
+end

db/schema_migrations/20250124052834

@@ -0,0 +1 @@
+bbcf26aa342058f8645c610eb0d647123e3c67dc39b4af7183fe802b58a8868e

db/schema_migrations/20250124052851

@@ -0,0 +1 @@
+b312844fe0c7245c6f9c768884fdf051d76ad38e146295f0e99be041b3cd1479

db/structure.sql

@@ -26589,6 +26589,9 @@ ALTER TABLE ONLY chat_names
 ALTER TABLE ONLY chat_teams
     ADD CONSTRAINT chat_teams_pkey PRIMARY KEY (id);
 
+ALTER TABLE merge_request_assignees
+    ADD CONSTRAINT check_1442f79624 CHECK ((project_id IS NOT NULL)) NOT VALID;
+
 ALTER TABLE approval_project_rules_users
     ADD CONSTRAINT check_26058e3982 CHECK ((project_id IS NOT NULL)) NOT VALID;
 

doc/administration/object_storage.md

@@ -471,7 +471,7 @@ The following example uses AWS S3 to enable object storage for all supported ser
    ```ruby
    # Consolidated object storage configuration
    gitlab_rails['object_store']['enabled'] = true
-   gitlab_rails['object_store']['proxy_download'] = true
+   gitlab_rails['object_store']['proxy_download'] = false
    gitlab_rails['object_store']['connection'] = {
      'provider' => 'AWS',
      'region' => 'eu-central-1',
@@ -551,7 +551,7 @@ The following example uses AWS S3 to enable object storage for all supported ser
      appConfig:
        object_store:
          enabled: false
-         proxy_download: true
+         proxy_download: false
          storage_options: {}
            # server_side_encryption:
            # server_side_encryption_kms_key_id
@@ -559,34 +559,34 @@ The following example uses AWS S3 to enable object storage for all supported ser
            secret: gitlab-object-storage
        lfs:
          enabled: true
-         proxy_download: true
+         proxy_download: false
          bucket: gitlab-lfs
          connection: {}
            # secret:
            # key:
        artifacts:
          enabled: true
-         proxy_download: true
+         proxy_download: false
          bucket: gitlab-artifacts
          connection: {}
            # secret:
            # key:
        uploads:
          enabled: true
-         proxy_download: true
+         proxy_download: false
          bucket: gitlab-uploads
          connection: {}
            # secret:
            # key:
        packages:
          enabled: true
-         proxy_download: true
+         proxy_download: false
          bucket: gitlab-packages
          connection: {}
        externalDiffs:
          enabled: true
          when:
-         proxy_download: true
+         proxy_download: false
          bucket: gitlab-mr-diffs
          connection: {}
        terraformState:
@@ -599,7 +599,7 @@ The following example uses AWS S3 to enable object storage for all supported ser
          connection: {}
        dependencyProxy:
          enabled: true
-         proxy_download: true
+         proxy_download: false
          bucket: gitlab-dependency-proxy
          connection: {}
    ```
@@ -622,7 +622,7 @@ The following example uses AWS S3 to enable object storage for all supported ser
          GITLAB_OMNIBUS_CONFIG: |
            # Consolidated object storage configuration
            gitlab_rails['object_store']['enabled'] = true
-           gitlab_rails['object_store']['proxy_download'] = true
+           gitlab_rails['object_store']['proxy_download'] = false
            gitlab_rails['object_store']['connection'] = {
              'provider' => 'AWS',
              'region' => 'eu-central-1',
@@ -670,7 +670,7 @@ The following example uses AWS S3 to enable object storage for all supported ser
    production: &base
      object_store:
        enabled: true
-       proxy_download: true
+       proxy_download: false
        connection:
          provider: AWS
          aws_access_key_id: <AWS_ACCESS_KEY_ID>
@@ -769,12 +769,12 @@ For example, a Linux package installation might have the following configuration
 # Original object storage configuration
 gitlab_rails['artifacts_object_store_enabled'] = true
 gitlab_rails['artifacts_object_store_direct_upload'] = true
-gitlab_rails['artifacts_object_store_proxy_download'] = true
+gitlab_rails['artifacts_object_store_proxy_download'] = false
 gitlab_rails['artifacts_object_store_remote_directory'] = 'artifacts'
 gitlab_rails['artifacts_object_store_connection'] = { 'provider' => 'AWS', 'aws_access_key_id' => 'access_key', 'aws_secret_access_key' => 'secret' }
 gitlab_rails['uploads_object_store_enabled'] = true
 gitlab_rails['uploads_object_store_direct_upload'] = true
-gitlab_rails['uploads_object_store_proxy_download'] = true
+gitlab_rails['uploads_object_store_proxy_download'] = false
 gitlab_rails['uploads_object_store_remote_directory'] = 'uploads'
 gitlab_rails['uploads_object_store_connection'] = { 'provider' => 'AWS', 'aws_access_key_id' => 'access_key', 'aws_secret_access_key' => 'secret' }
 ```
@@ -897,11 +897,13 @@ needs to process.
 When the files are stored on local block storage or NFS, GitLab has to act as a proxy.
 This is not the default behavior with object storage.
 
-The `proxy_download` setting controls this behavior: the default is generally `false`.
-Verify this in the documentation for each use case. Set it to `true` if you want
-GitLab to proxy the files.
+The `proxy_download` setting controls this behavior: the default is `false`.
+Verify this in the documentation for each use case.
 
-When not proxying files, GitLab returns an
+Set `proxy_download` to `true` if you want GitLab to proxy the files. 
+There can be a large performance hit to the GitLab server if `proxy_download` is set to `true`. The server deployments of GitLab have `proxy_download` set to `false`.
+
+When `proxy_download` to `false`, GitLab returns an
 [HTTP 302 redirect with a pre-signed, time-limited object storage URL](https://gitlab.com/gitlab-org/gitlab/-/issues/32117#note_218532298).
 This can result in some of the following problems:
 

doc/ci/testing/code_quality.md

@@ -89,6 +89,7 @@ The following integrations are available to replace the built-in plugins:
 | govet        | **{dotted-circle}** No                       | [Integrate golangci-lint](#golangci-lint). golangci-lint [includes govet by default](https://golangci-lint.run/usage/linters#enabled-by-default).                                    |
 | markdownlint | **{dotted-circle}** No (community-supported) | [Integrate markdownlint-cli2](#markdownlint-cli2).                                                                                                                                   |
 | pep8         | **{dotted-circle}** No                       | Integrate an alternative Python linter like [Flake8](#flake8), [Pylint](#pylint), or [Ruff](#ruff).                                                                                  |
+| RuboCop      | **{dotted-circle}** Yes                      | [Integrate RuboCop](#rubocop).                                                                               |
 | SonarPython  | **{dotted-circle}** No                       | Integrate an alternative Python linter like [Flake8](#flake8), [Pylint](#pylint), or [Ruff](#ruff).                                                                                  |
 | Stylelint    | **{dotted-circle}** No (community-supported) | [Integrate Stylelint](#stylelint).                                                                                                                                                   |
 | SwiftLint    | **{dotted-circle}** No                       | [Integrate SwiftLint](#swiftlint).                                                                                                                                                   |
@@ -302,7 +303,19 @@ You can use or adapt the [PMD CI/CD component](https://gitlab.com/explore/catalo
 
 Using [SwiftLint](https://realm.github.io/SwiftLint/) requires additional configuration because its default output doesn't conform to the required format.
 
-You can use or adapt the [PMD CI/CD component](https://gitlab.com/explore/catalog/eakca1/codequality-os-scanners-integration) to run the scan and integrate its output with Code Quality.
+You can use or adapt the [Swiftlint CI/CD component](https://gitlab.com/explore/catalog/eakca1/codequality-os-scanners-integration) to run the scan and integrate its output with Code Quality.
+
+#### RuboCop
+
+Using [RuboCop](https://rubocop.org/) requires additional configuration because its default output doesn't conform to the required format.
+
+You can use or adapt the [RuboCop CI/CD component](https://gitlab.com/explore/catalog/eakca1/codequality-os-scanners-integration) to run the scan and integrate its output with Code Quality.
+
+#### Roslynator
+
+Using [Roslynator](https://josefpihrt.github.io/docs/roslynator/) requires additional configuration because its default output doesn't conform to the required format.
+
+You can use or adapt the [Roslynator CI/CD component](https://gitlab.com/explore/catalog/eakca1/codequality-os-scanners-integration) to run the scan and integrate its output with Code Quality.
 
 ### Documentation scanning tools
 

doc/update/breaking_windows.md

@@ -47,6 +47,7 @@ This window takes place on April 21 - 23, 2025 from 09:00 UTC to 22:00 UTC.
 | [Workspaces `editor` GraphQL field is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/508155) | Low | Create | Project |
 | [Enforce keyset pagination on audit event API](https://gitlab.com/gitlab-org/gitlab/-/issues/382338) | Low | Software supply chain security | Instance, group, project |
 | [Fix typo in user profile visibility updated audit event type](https://gitlab.com/gitlab-org/gitlab/-/issues/474386) | Low | Software supply chain security | Instance |
+| [Container Scanning default severity threshold set to `medium`](https://gitlab.com/gitlab-org/gitlab/-/issues/515358) | Low | Application security testing | Project |
 | [`maxHoursBeforeTermination` GraphQL field is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/509787) | Low | Create | Project |
 | [`RemoteDevelopmentAgentConfig` GraphQL type is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/509787) | Low | Create | Project |
 | [`defaultMaxHoursBeforeTermination` and `maxHoursBeforeTerminationLimit` fields are deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/509787) | Low | Create | Project |

doc/update/deprecations.md

@@ -529,6 +529,27 @@ For more details, see [Scan code for quality violations](https://docs.gitlab.com
 
 <div class="deprecation breaking-change" data-milestone="18.0">
 
+### Container Scanning default severity threshold set to `medium`
+
+<div class="deprecation-notes">
+
+- Announced in GitLab <span class="milestone">17.9</span>
+- Removal in GitLab <span class="milestone">18.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/515358).
+
+</div>
+
+The Container Scanning security feature generates a lot of security findings and this volume is often difficult for engineering teams to manage.
+By changing the severity threshold to `medium`, we provide a more reasonable default to our users, where any findings with a severity below `medium` are not reported.
+Starting with GitLab 18.0, the default value for the `CS_SEVERITY_THRESHOLD` environment variable is set to `medium` instead of `unknown`. As a result, the security findings with the `low` and `unknown`
+severity levels will no longer be reported by default. Consequently, any vulnerablity with these severities that were previously reported on the default branch will be marked as no longer detected
+upon the next execution of Container Scanning.
+To continue showing these findings, you must configure the `CS_SEVERITY_THRESHOLD` variable to the desired level.
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="18.0">
+
 ### Deprecate CI job implementation of Repository X-Ray
 
 <div class="deprecation-notes">

doc/user/application_security/container_scanning/index.md

@@ -268,7 +268,7 @@ positives.
 | `CS_REGISTRY_INSECURE`         | `"false"`     | Allow access to insecure registries (HTTP only). Should only be set to `true` when testing the image locally. Works with all scanners, but the registry must listen on port `80/tcp` for Trivy to work. |
 | `CS_REGISTRY_PASSWORD`         | `$CI_REGISTRY_PASSWORD` | Password for accessing a Docker registry requiring authentication. The default is only set if `$CS_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. |
 | `CS_REGISTRY_USER`                  | `$CI_REGISTRY_USER` | Username for accessing a Docker registry requiring authentication. The default is only set if `$CS_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. |
-| `CS_SEVERITY_THRESHOLD`        | `UNKNOWN`     | Severity level threshold. The scanner outputs vulnerabilities with severity level higher than or equal to this threshold. Supported levels are `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, and `CRITICAL`. |
+| `CS_SEVERITY_THRESHOLD`        | `UNKNOWN`     | Severity level threshold. The scanner outputs vulnerabilities with severity level higher than or equal to this threshold. Supported levels are `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, and `CRITICAL`. **{warning}** **[Default value changed to `MEDIUM`](https://gitlab.com/gitlab-org/gitlab/-/issues/439782)** in GitLab 17.8. |
 | `CS_TRIVY_JAVA_DB`             | `"registry.gitlab.com/gitlab-org/security-products/dependencies/trivy-java-db"` | Specify an alternate location for the [trivy-java-db](https://github.com/aquasecurity/trivy-java-db) vulnerability database. |
 | `SECURE_LOG_LEVEL`             | `info`        | Set the minimum logging level. Messages of this logging level or higher are output. From highest to lowest severity, the logging levels are: `fatal`, `error`, `warn`, `info`, `debug`. |
 | `TRIVY_TIMEOUT`                | `5m0s`        | Set the timeout for the scan. |

doc/user/application_security/dependency_scanning/troubleshooting_dependency_scanning.md

@@ -336,3 +336,7 @@ Historically, the scanner used by Dependency Scanning is `Gemnasium` and this is
 With the rollout of [Dependency Scanning by using SBOM](dependency_scanning_sbom/index.md), we are replacing the `Gemnasium` scanner with the built-in `GitLab SBoM Vulnerability Scanner`. This new scanner is no longer executed in a CI/CD job but rather within the GitLab platform. While the two scanners are expected to provide the same results, because the SBOM scan happens after the existing Dependency Scanning CI/CD job, existing vulnerabilities have their scanner value updated with the new `GitLab SBoM Vulnerability Scanner`.
 
 As we move forward with the rollout and ultimately replace the existing Gemnasium analyzer, the `GitLab SBoM Vulnerability Scanner` will be the only expected value for GitLab built-in Dependency Scanning feature.
+
+## Dependency List for project not being updated based on latest SBOM
+
+When a pipeline has a failing job that would generate an SBOM, the `DeleteNotPresentOccurrencesService` does not execute, which prevents the dependency list from being changed or updated. This can occur even if there are other successful jobs that upload an SBOM, and the pipeline overall is successful. This is designed to prevent accidentally removing dependencies from the dependency list when related security scanning jobs fail. If the project dependency list is not updating as expected, check for any SBOM-related jobs that may have failed in the pipeline, and fix them or remove them.

doc/user/application_security/vulnerabilities/risk_assessment_data.md

@@ -20,12 +20,9 @@ high severity and a low EPSS score.
 
 ## EPSS
 
-> - Introduced in GitLab 17.4 [with flags](../../../administration/feature_flags.md) named `epss_querying` (in issue [470835](https://gitlab.com/gitlab-org/gitlab/-/issues/470835)) and `epss_intgestion` (in issue [467672](https://gitlab.com/gitlab-org/gitlab/-/issues/467672)). Disabled by default.
+> - Introduced in GitLab 17.4 [with flags](../../../administration/feature_flags.md) named `epss_querying` (in issue [470835](https://gitlab.com/gitlab-org/gitlab/-/issues/470835)) and `epss_ingestion` (in issue [467672](https://gitlab.com/gitlab-org/gitlab/-/issues/467672)). Disabled by default.
 > - Renamed to `cve_enrichment_querying` and `cve_enrichment_ingestion` respectively and [enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/481431) in GitLab 17.6.
-
-FLAG:
-The availability of this feature is controlled by a feature flag.
-For more information, see the history.
+> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/11544) in GitLab 17.7. Feature flags `cve_enrichment_querying` and `cve_enrichment_ingestion` removed.
 
 The EPSS score provides an estimate of the likelihood a vulnerability in the CVE catalog will be
 exploited in the next 30 days. EPSS assigns each CVE a score between 0 to 1 (equivalent to 0% to

package.json

@@ -57,7 +57,7 @@
     "@gitlab/application-sdk-browser": "^0.3.3",
     "@gitlab/at.js": "1.5.7",
     "@gitlab/cluster-client": "^2.4.0",
-    "@gitlab/duo-ui": "^6.0.0",
+    "@gitlab/duo-ui": "^8.0.0",
     "@gitlab/favicon-overlay": "2.0.0",
     "@gitlab/fonts": "^1.3.0",
     "@gitlab/query-language-rust": "0.3.2",

scripts/frontend/postinstall.js

@@ -1,5 +1,53 @@
 const { spawnSync } = require('child_process');
+const { join } = require('path');
+const { readFileSync, existsSync } = require('fs');
 const chalk = require('chalk');
+const semver = require('semver');
+
+// Check duo-ui peer dependency
+function checkDuoUiPeerDependency() {
+  try {
+    const duoUiPkgPath = join('node_modules', '@gitlab', 'duo-ui', 'package.json');
+
+    if (!existsSync(duoUiPkgPath)) {
+      console.error(`${chalk.red('error')} Could not find @gitlab/duo-ui package.json`);
+      return false;
+    }
+
+    const packageJson = JSON.parse(readFileSync('package.json', 'utf8'));
+    const duoUiPkgJson = JSON.parse(readFileSync(duoUiPkgPath, 'utf8'));
+
+    const installedUiVersion = packageJson.dependencies['@gitlab/ui'];
+    const requiredUiVersion = duoUiPkgJson.peerDependencies?.['@gitlab/ui'];
+
+    if (!installedUiVersion) {
+      console.error(`${chalk.red('error')} @gitlab/ui is not installed`);
+      return false;
+    }
+
+    if (!requiredUiVersion) {
+      console.error(
+        `${chalk.red('error')} @gitlab/duo-ui does not specify @gitlab/ui peer dependency`,
+      );
+      return false;
+    }
+
+    if (!semver.satisfies(installedUiVersion, requiredUiVersion)) {
+      console.error(`${chalk.red('error')} Peer dependency violation:`);
+      console.error(
+        chalk.red(
+          `@gitlab/duo-ui requires @gitlab/ui@${requiredUiVersion} but ${installedUiVersion} is installed`,
+        ),
+      );
+      return false;
+    }
+
+    return true;
+  } catch (error) {
+    console.error(`${chalk.red('error')} Failed to check duo-ui peer dependency:`, error.message);
+    return false;
+  }
+}
 
 // check that fsevents is available if we're on macOS
 if (process.platform === 'darwin') {
@@ -8,18 +56,24 @@ if (process.platform === 'darwin') {
   } catch (e) {
     console.error(`${chalk.red('error')} Dependency postinstall check failed.`);
     console.error(
-      chalk.red(`
-        The fsevents driver is not installed properly.
+      chalk.red(
+        `The fsevents driver is not installed properly.
         If you are running a new version of Node, please
         ensure that it is supported by the fsevents library.
 
         You can try installing again with \`${chalk.cyan('yarn install --force')}\`
-      `),
+      `,
+      ),
     );
     process.exit(1);
   }
 }
 
+// Check duo-ui peer dependency
+if (!checkDuoUiPeerDependency()) {
+  process.exit(1);
+}
+
 console.log(`${chalk.green('success')} Dependency postinstall check passed.`);
 
 // Apply any patches to our packages

yarn.lock

@@ -1369,10 +1369,10 @@
     core-js "^3.29.1"
     mitt "^3.0.1"
 
-"@gitlab/duo-ui@^6.0.0":
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/@gitlab/duo-ui/-/duo-ui-6.0.0.tgz#244e013cd921f7787654f081fcd9f365997b3ccb"
-  integrity sha512-rxG1wUhKEySl7qwFVkffDRxFK6ZyFupMctC9zqcf7/AM4S4WqTKBdRl6QRA2T3TMaTjejSGRfPUxnk5CJbCJfw==
+"@gitlab/duo-ui@^8.0.0":
+  version "8.0.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/duo-ui/-/duo-ui-8.0.0.tgz#c3d2999c27755288f0524222cdaa4de1bbbc6434"
+  integrity sha512-GOzXSZP30xZQDSCnZl/s1gJDMZO5Lq8FNBzIW22StqSf92HKouTwus/XJJXSxGd6BX9ZM2iCgBLI0ZPcVBdRBw==
   dependencies:
     "@floating-ui/dom" "1.4.3"
     echarts "^5.3.2"
@@ -1412,7 +1412,7 @@
   resolved "https://registry.yarnpkg.com/@gitlab/fonts/-/fonts-1.3.0.tgz#df89c1bb6714e4a8a5d3272568aa4de7fb337267"
   integrity sha512-DoMUIN3DqjEn7wvcxBg/b7Ite5fTdF5EmuOZoBRo2j0UBGweDXmNBi+9HrTZs4cBU660dOxcf1hATFcG3npbPg==
 
-"@gitlab/noop@^1.0.0":
+"@gitlab/noop@^1.0.0", jackspeak@^3.1.2, "jackspeak@npm:@gitlab/noop@1.0.0":
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/@gitlab/noop/-/noop-1.0.0.tgz#b1ecb8ae6b2abf9b2e28927e4fbb05b7a1b2704b"
   integrity sha512-nOltttik5o2BjBo8LnyeTFzHoLpMY/XcCVOC+lm9ZwU+ivEam8wafacMF0KTbRn1KVrIoHYdo70QnqS+vJiOVw==
@@ -9328,11 +9328,6 @@ iterall@^1.2.1:
   resolved "https://registry.yarnpkg.com/iterall/-/iterall-1.3.0.tgz#afcb08492e2915cbd8a0884eb93a8c94d0d72fea"
   integrity sha512-QZ9qOMdF+QLHxy1QIpUHUU1D5pS2CG2P69LF6L6CPjPYA/XMOmKV3PZpawHoAjHNyB0swdVTRxdYT4tbBbxqwg==
 
-jackspeak@^3.1.2, "jackspeak@npm:@gitlab/noop@1.0.0":
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/@gitlab/noop/-/noop-1.0.0.tgz#b1ecb8ae6b2abf9b2e28927e4fbb05b7a1b2704b"
-  integrity sha512-nOltttik5o2BjBo8LnyeTFzHoLpMY/XcCVOC+lm9ZwU+ivEam8wafacMF0KTbRn1KVrIoHYdo70QnqS+vJiOVw==
-
 jed@^1.1.1:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/jed/-/jed-1.1.1.tgz#7a549bbd9ffe1585b0cd0a191e203055bee574b4"