diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 51d7b03cfb5..b61833d745a 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -1706,16 +1706,21 @@
         MR_CODE_PATTERNS: "true"
 
 .qa:e2e-test-schedule-variables: &qa-e2e-test-schedule-variables
-  variables:
-    CREATE_TEST_FAILURE_ISSUES: "true"
-    PROCESS_TEST_RESULTS: "true"
-    KNAPSACK_GENERATE_REPORT: "true"
-    QA_SAVE_TEST_METRICS: "true"
-    QA_RUN_IN_PARALLEL: "false" # disable single job parallelization due to incompatibility with knapsack and coverband
+  CREATE_TEST_FAILURE_ISSUES: "true"
+  PROCESS_TEST_RESULTS: "true"
+  QA_SAVE_TEST_METRICS: "true"
 
 .qa:rules:e2e-schedule-blocking:
   rules:
-    - <<: [*if-dot-com-gitlab-org-schedule, *qa-e2e-test-schedule-variables]
+    - <<: *if-default-branch-schedule-nightly
+      variables:
+        <<: *qa-e2e-test-schedule-variables
+        KNAPSACK_GENERATE_REPORT: "true"
+        QA_RUN_IN_PARALLEL: "false"
+    - <<: *if-dot-com-gitlab-org-schedule
+      variables:
+        <<: *qa-e2e-test-schedule-variables
+        KNAPSACK_GENERATE_REPORT: "false"
 
 .qa:rules:code-suggestions-eval-base:
   rules:
@@ -1827,11 +1832,10 @@
       changes: *gdk-component-patterns
     - <<: *if-dot-com-gitlab-org-schedule
       variables:
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        PROCESS_TEST_RESULTS: "true"
+        <<: *qa-e2e-test-schedule-variables
         KNAPSACK_GENERATE_REPORT: "true"
-        QA_SAVE_TEST_METRICS: "true"
         COVERBAND_ENABLED: "true"
+        QA_RUN_IN_PARALLEL: "false"
 
 .qa:rules:e2e:test-on-cng:
   rules:
@@ -1846,20 +1850,7 @@
     - !reference [".qa:rules:e2e-blocking-base-before", rules]
     - !reference [".prevent-tier-2-and-below", rules]
     - !reference [".qa:rules:e2e-blocking-base-after", rules]
-    - <<: *if-default-branch-schedule-nightly
-      variables:
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        PROCESS_TEST_RESULTS: "true"
-        KNAPSACK_GENERATE_REPORT: "true"
-        QA_SAVE_TEST_METRICS: "true"
-        QA_RUN_IN_PARALLEL: "false" # disable single job parallelization due to incompatibility with knapsack
-    - <<: *if-dot-com-gitlab-org-schedule
-      variables:
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        PROCESS_TEST_RESULTS: "true"
-        KNAPSACK_GENERATE_REPORT: "false"
-        QA_SAVE_TEST_METRICS: "true"
-        QA_RUN_IN_PARALLEL: "true"
+    - !reference [".qa:rules:e2e-schedule-blocking", rules]
 
 .qa:rules:test-on-omnibus-nightly:
   rules:
@@ -1869,10 +1860,9 @@
     - <<: *if-default-branch-schedule-nightly
       allow_failure: true
       variables:
+        <<: *qa-e2e-test-schedule-variables
         KNAPSACK_GENERATE_REPORT: "true"
-        PROCESS_TEST_RESULTS: "true"
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        QA_SAVE_TEST_METRICS: "true"
+        QA_RUN_IN_PARALLEL: "false"
 
 .qa:rules:fulfillment-e2e-quarantine-report:
   rules:
diff --git a/app/assets/javascripts/admin/broadcast_messages/components/base.vue b/app/assets/javascripts/admin/broadcast_messages/components/base.vue
index bc2a411fb94..49ce19da2ce 100644
--- a/app/assets/javascripts/admin/broadcast_messages/components/base.vue
+++ b/app/assets/javascripts/admin/broadcast_messages/components/base.vue
@@ -136,7 +136,7 @@ export default {
         :messages="visibleMessages"
         @delete-message="deleteMessage"
       />
-      <div v-else-if="!showAddForm" class="gl-text-secondary">
+      <div v-else-if="!showAddForm" class="gl-text-subtle">
         {{ $options.i18n.emptyMessage }}
       </div>
 
diff --git a/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue b/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
index 2209bec3752..5313a660009 100644
--- a/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
+++ b/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
@@ -104,7 +104,7 @@ export default {
   >
     <template #cell(preview)="{ item: { message, theme, broadcast_type, dismissable } }">
       <gl-broadcast-message :theme="theme" :type="broadcast_type" :dismissible="dismissable">
-        {{ message }}
+        <span v-safe-html="message"></span>
       </gl-broadcast-message>
     </template>
 
diff --git a/app/assets/javascripts/vue_shared/issuable/show/components/issuable_edit_form.vue b/app/assets/javascripts/vue_shared/issuable/show/components/issuable_edit_form.vue
index a10a1d3ff23..ebb038ed475 100644
--- a/app/assets/javascripts/vue_shared/issuable/show/components/issuable_edit_form.vue
+++ b/app/assets/javascripts/vue_shared/issuable/show/components/issuable_edit_form.vue
@@ -152,7 +152,7 @@ export default {
         @keydown="handleKeydown($event, 'description')"
       />
     </gl-form-group>
-    <div data-testid="actions" class="col-12 clearfix gl-mb-3 gl-mt-3 gl-flex gl-gap-3 gl-px-0">
+    <div data-testid="actions" class="gl-my-3 gl-flex gl-flex-col gl-gap-3">
       <slot
         name="edit-form-actions"
         :issuable-title="title"
diff --git a/app/models/concerns/token_authenticatable_strategies/base.rb b/app/models/concerns/token_authenticatable_strategies/base.rb
index 1abb112356b..fc2d38de268 100644
--- a/app/models/concerns/token_authenticatable_strategies/base.rb
+++ b/app/models/concerns/token_authenticatable_strategies/base.rb
@@ -17,15 +17,15 @@ module TokenAuthenticatableStrategies
       @options = options
     end
 
-    def find_token_authenticatable(instance, unscoped = false)
+    def find_token_authenticatable(token_owner_record, unscoped = false)
       raise NotImplementedError
     end
 
-    def get_token(instance)
+    def get_token(token_owner_record)
       raise NotImplementedError
     end
 
-    def set_token(instance, token)
+    def set_token(token_owner_record, token)
       raise NotImplementedError
     end
 
@@ -42,31 +42,31 @@ module TokenAuthenticatableStrategies
       token_fields - [@expires_at_field]
     end
 
-    def ensure_token(instance)
-      write_new_token(instance) unless token_set?(instance)
-      get_token(instance)
+    def ensure_token(token_owner_record)
+      write_new_token(token_owner_record) unless token_set?(token_owner_record)
+      get_token(token_owner_record)
     end
 
     # Returns a token, but only saves when the database is in read & write mode
-    def ensure_token!(instance)
-      reset_token!(instance) unless token_set?(instance)
-      get_token(instance)
+    def ensure_token!(token_owner_record)
+      reset_token!(token_owner_record) unless token_set?(token_owner_record)
+      get_token(token_owner_record)
     end
 
     # Resets the token, but only saves when the database is in read & write mode
-    def reset_token!(instance)
-      write_new_token(instance)
-      instance.save! if Gitlab::Database.read_write?
+    def reset_token!(token_owner_record)
+      write_new_token(token_owner_record)
+      token_owner_record.save! if Gitlab::Database.read_write?
     end
 
-    def expires_at(instance)
-      instance.read_attribute(@expires_at_field)
+    def expires_at(token_owner_record)
+      token_owner_record.read_attribute(@expires_at_field)
     end
 
-    def expired?(instance)
+    def expired?(token_owner_record)
       return false unless expirable? && token_expiration_enforced?
 
-      exp = expires_at(instance)
+      exp = expires_at(token_owner_record)
       !!exp && exp.past?
     end
 
@@ -74,8 +74,8 @@ module TokenAuthenticatableStrategies
       !!@options[:expires_at]
     end
 
-    def token_with_expiration(instance)
-      API::Support::TokenWithExpiration.new(self, instance)
+    def token_with_expiration(token_owner_record)
+      API::Support::TokenWithExpiration.new(self, token_owner_record)
     end
 
     def self.fabricate(model, field, options)
@@ -94,12 +94,12 @@ module TokenAuthenticatableStrategies
 
     private
 
-    def prefix_for(instance)
+    def prefix_for(token_owner_record)
       case prefix_option = options[:format_with_prefix]
       when nil
         nil
       when Symbol
-        instance.send(prefix_option) # rubocop:disable GitlabSecurity/PublicSend
+        token_owner_record.send(prefix_option) # rubocop:disable GitlabSecurity/PublicSend
       else
         raise NotImplementedError
       end
@@ -107,19 +107,19 @@ module TokenAuthenticatableStrategies
 
     # If a `format_with_prefix` option is provided, it applies and returns the formatted token.
     # Otherwise, default implementation returns the token as-is
-    def format_token(instance, token)
-      prefix = prefix_for(instance)
+    def format_token(token_owner_record, token)
+      prefix = prefix_for(token_owner_record)
 
       prefix ? "#{prefix}#{token}" : token
     end
 
-    def write_new_token(instance)
-      new_token = generate_available_token(instance)
-      formatted_token = format_token(instance, new_token)
-      set_token(instance, formatted_token)
+    def write_new_token(token_owner_record)
+      new_token = generate_available_token(token_owner_record)
+      formatted_token = format_token(token_owner_record, new_token)
+      set_token(token_owner_record, formatted_token)
 
       if expirable?
-        instance[@expires_at_field] = @options[:expires_at].to_proc.call(instance)
+        token_owner_record[@expires_at_field] = @options[:expires_at].to_proc.call(token_owner_record)
       end
     end
 
@@ -127,26 +127,26 @@ module TokenAuthenticatableStrategies
       @options.fetch(:unique, true)
     end
 
-    def generate_available_token(instance)
+    def generate_available_token(token_owner_record)
       loop do
-        token = generate_token(instance)
+        token = generate_token(token_owner_record)
         break token unless unique && find_token_authenticatable(token, true)
       end
     end
 
-    def generate_token(instance)
+    def generate_token(token_owner_record)
       if @options[:token_generator]
         @options[:token_generator].call
       # TODO: Make all tokens routable by default: https://gitlab.com/gitlab-org/gitlab/-/issues/500016
-      elsif generate_routable_token?(instance)
-        generate_routable_payload(@options[:routable_token], instance)
+      elsif generate_routable_token?(token_owner_record)
+        generate_routable_payload(@options[:routable_token], token_owner_record)
       else
         Devise.friendly_token
       end
     end
 
-    def generate_routable_token?(instance)
-      @options[:routable_token] && instance.respond_to?(:user) && Feature.enabled?(:routable_token, instance.user)
+    def generate_routable_token?(token_owner_record)
+      @options[:routable_token] && token_owner_record.respond_to?(:user) && Feature.enabled?(:routable_token, token_owner_record.user)
     end
 
     def default_routing_payload_hash
@@ -156,9 +156,9 @@ module TokenAuthenticatableStrategies
       }
     end
 
-    def generate_routable_payload(routable_parts, instance)
+    def generate_routable_payload(routable_parts, token_owner_record)
       payload_hash = default_routing_payload_hash.merge(
-        routable_parts.transform_values { |generator| generator.call(instance) }
+        routable_parts.transform_values { |generator| generator.call(token_owner_record) }
       ).compact_blank
 
       Base64.urlsafe_encode64(payload_hash.sort.map { |k, v| "#{k}:#{v}" }.join("\n"), padding: false)
@@ -168,7 +168,7 @@ module TokenAuthenticatableStrategies
       unscoped ? @klass.unscoped : @klass.where(not_expired)
     end
 
-    def token_set?(instance)
+    def token_set?(token_owner_record)
       raise NotImplementedError
     end
 
diff --git a/app/models/concerns/token_authenticatable_strategies/digest.rb b/app/models/concerns/token_authenticatable_strategies/digest.rb
index 5c94f25949f..3ec304724d4 100644
--- a/app/models/concerns/token_authenticatable_strategies/digest.rb
+++ b/app/models/concerns/token_authenticatable_strategies/digest.rb
@@ -18,20 +18,20 @@ module TokenAuthenticatableStrategies
       token_authenticatable
     end
 
-    def get_token(instance)
-      token = instance.cleartext_tokens&.[](@token_field)
-      token ||= fallback_strategy.get_token(instance) if @options[:fallback]
+    def get_token(token_owner_record)
+      token = token_owner_record.cleartext_tokens&.[](@token_field)
+      token ||= fallback_strategy.get_token(token_owner_record) if @options[:fallback]
 
       token
     end
 
-    def set_token(instance, token)
+    def set_token(token_owner_record, token)
       return unless token
 
-      instance.cleartext_tokens ||= {}
-      instance.cleartext_tokens[@token_field] = token
-      instance[token_field_name] = Gitlab::CryptoHelper.sha256(token)
-      instance[@token_field] = nil if @options[:fallback]
+      token_owner_record.cleartext_tokens ||= {}
+      token_owner_record.cleartext_tokens[@token_field] = token
+      token_owner_record[token_field_name] = Gitlab::CryptoHelper.sha256(token)
+      token_owner_record[@token_field] = nil if @options[:fallback]
     end
 
     protected
@@ -40,9 +40,9 @@ module TokenAuthenticatableStrategies
       @fallback_strategy ||= TokenAuthenticatableStrategies::Insecure.new(@klass, @token_field, @options)
     end
 
-    def token_set?(instance)
-      token_digest = instance.read_attribute(token_field_name)
-      token_digest ||= instance.read_attribute(@token_field) if @options[:fallback]
+    def token_set?(token_owner_record)
+      token_digest = token_owner_record.read_attribute(token_field_name)
+      token_digest ||= token_owner_record.read_attribute(@token_field) if @options[:fallback]
 
       token_digest.present?
     end
diff --git a/app/models/concerns/token_authenticatable_strategies/encrypted.rb b/app/models/concerns/token_authenticatable_strategies/encrypted.rb
index 4b3b80437db..d50bf17d0e8 100644
--- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb
+++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb
@@ -9,21 +9,20 @@ module TokenAuthenticatableStrategies
     def find_token_authenticatable(token, unscoped = false)
       return if token.blank?
 
-      instance = if required?
-                   find_by_encrypted_token(token, unscoped)
-                 elsif optional?
-                   find_by_encrypted_token(token, unscoped) ||
-                     find_by_plaintext_token(token, unscoped)
-                 elsif migrating?
-                   find_by_plaintext_token(token, unscoped)
-                 else
-                   raise ArgumentError, _("Unknown encryption strategy: %{encrypted_strategy}!") % { encrypted_strategy: encrypted_strategy }
-                 end
+      token_owner_record =
+        if required?
+          find_by_encrypted_token(token, unscoped)
+        elsif optional?
+          find_by_encrypted_token(token, unscoped) ||
+            find_by_plaintext_token(token, unscoped)
+        elsif migrating?
+          find_by_plaintext_token(token, unscoped)
+        end
 
-      instance if instance && matches_prefix?(instance, token)
+      token_owner_record if token_owner_record && matches_prefix?(token_owner_record, token)
     end
 
-    def ensure_token(instance)
+    def ensure_token(token_owner_record)
       # TODO, tech debt, because some specs are testing migrations, but are still
       # using factory bot to create resources, it might happen that a database
       # schema does not have "#{token_name}_encrypted" field yet, however a bunch
@@ -35,27 +34,27 @@ module TokenAuthenticatableStrategies
       # Another use case is when we are caching resources / columns, like we do
       # in case of ApplicationSetting.
 
-      return super if instance.has_attribute?(encrypted_field)
+      return super if token_owner_record.has_attribute?(encrypted_field)
 
       if required?
         raise ArgumentError, _('Using required encryption strategy when encrypted field is missing!')
       else
-        insecure_strategy.ensure_token(instance)
+        insecure_strategy.ensure_token(token_owner_record)
       end
     end
 
-    def get_token(instance)
-      return insecure_strategy.get_token(instance) if migrating?
+    def get_token(token_owner_record)
+      return insecure_strategy.get_token(token_owner_record) if migrating?
 
-      get_encrypted_token(instance)
+      get_encrypted_token(token_owner_record)
     end
 
-    def set_token(instance, token)
+    def set_token(token_owner_record, token)
       raise ArgumentError unless token.present?
 
-      instance[encrypted_field] = EncryptionHelper.encrypt_token(token)
-      instance[token_field] = token if migrating?
-      instance[token_field] = nil if optional?
+      token_owner_record[encrypted_field] = EncryptionHelper.encrypt_token(token)
+      token_owner_record[token_field] = token if migrating?
+      token_owner_record[token_field] = nil if optional?
       token
     end
 
@@ -73,10 +72,10 @@ module TokenAuthenticatableStrategies
 
     protected
 
-    def get_encrypted_token(instance)
-      encrypted_token = instance.read_attribute(encrypted_field)
+    def get_encrypted_token(token_owner_record)
+      encrypted_token = token_owner_record.read_attribute(encrypted_field)
       token = EncryptionHelper.decrypt_token(encrypted_token)
-      token || (insecure_strategy.get_token(instance) if optional?)
+      token || (insecure_strategy.get_token(token_owner_record) if optional?)
     end
 
     def encrypted_strategy
@@ -105,18 +104,18 @@ module TokenAuthenticatableStrategies
         .new(klass, token_field, options)
     end
 
-    def matches_prefix?(instance, token)
-      !options[:require_prefix_for_validation] || token.start_with?(prefix_for(instance))
+    def matches_prefix?(token_owner_record, token)
+      !options[:require_prefix_for_validation] || token.start_with?(prefix_for(token_owner_record))
     end
 
-    def token_set?(instance)
-      token = get_encrypted_token(instance)
+    def token_set?(token_owner_record)
+      token = get_encrypted_token(token_owner_record)
 
       unless required?
-        token ||= insecure_strategy.get_token(instance)
+        token ||= insecure_strategy.get_token(token_owner_record)
       end
 
-      token.present? && matches_prefix?(instance, token)
+      token.present? && matches_prefix?(token_owner_record, token)
     end
 
     def encrypted_field
diff --git a/app/models/concerns/token_authenticatable_strategies/insecure.rb b/app/models/concerns/token_authenticatable_strategies/insecure.rb
index 5f915259521..b3bffcbebd9 100644
--- a/app/models/concerns/token_authenticatable_strategies/insecure.rb
+++ b/app/models/concerns/token_authenticatable_strategies/insecure.rb
@@ -6,18 +6,18 @@ module TokenAuthenticatableStrategies
       relation(unscoped).find_by(@token_field => token) if token
     end
 
-    def get_token(instance)
-      instance.read_attribute(@token_field)
+    def get_token(token_owner_record)
+      token_owner_record.read_attribute(@token_field)
     end
 
-    def set_token(instance, token)
-      instance[@token_field] = token if token
+    def set_token(token_owner_record, token)
+      token_owner_record[@token_field] = token if token
     end
 
     protected
 
-    def token_set?(instance)
-      instance.read_attribute(@token_field).present?
+    def token_set?(token_owner_record)
+      token_owner_record.read_attribute(@token_field).present?
     end
   end
 end
diff --git a/config/feature_flags/gitlab_com_derisk/ci_variables_optimize_kubernetes_variables.yml b/config/feature_flags/beta/ci_variables_optimize_kubernetes_variables.yml
similarity index 87%
rename from config/feature_flags/gitlab_com_derisk/ci_variables_optimize_kubernetes_variables.yml
rename to config/feature_flags/beta/ci_variables_optimize_kubernetes_variables.yml
index 46d12989f0e..08b07ba350b 100644
--- a/config/feature_flags/gitlab_com_derisk/ci_variables_optimize_kubernetes_variables.yml
+++ b/config/feature_flags/beta/ci_variables_optimize_kubernetes_variables.yml
@@ -5,5 +5,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/168809
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/498651
 milestone: '17.6'
 group: group::pipeline authoring
-type: gitlab_com_derisk
-default_enabled: false
+type: beta
+default_enabled: true
diff --git a/config/metrics/settings/20210201124935_database_adapter.yml b/config/metrics/settings/20210201124935_database_adapter.yml
index 4b180cb2cbb..3d9c28160f5 100644
--- a/config/metrics/settings/20210201124935_database_adapter.yml
+++ b/config/metrics/settings/20210201124935_database_adapter.yml
@@ -16,6 +16,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51709
diff --git a/config/metrics/settings/20210204124856_instance_auto_devops_enabled.yml b/config/metrics/settings/20210204124856_instance_auto_devops_enabled.yml
index f98643bc58f..fbc81584032 100644
--- a/config/metrics/settings/20210204124856_instance_auto_devops_enabled.yml
+++ b/config/metrics/settings/20210204124856_instance_auto_devops_enabled.yml
@@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
diff --git a/config/metrics/settings/20210204124858_container_registry_enabled.yml b/config/metrics/settings/20210204124858_container_registry_enabled.yml
index 03efed65add..2b226e54532 100644
--- a/config/metrics/settings/20210204124858_container_registry_enabled.yml
+++ b/config/metrics/settings/20210204124858_container_registry_enabled.yml
@@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
diff --git a/config/metrics/settings/20210204124900_dependency_proxy_enabled.yml b/config/metrics/settings/20210204124900_dependency_proxy_enabled.yml
index ef866c629d9..afa530c67fb 100644
--- a/config/metrics/settings/20210204124900_dependency_proxy_enabled.yml
+++ b/config/metrics/settings/20210204124900_dependency_proxy_enabled.yml
@@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124902_gitlab_shared_runners_enabled.yml b/config/metrics/settings/20210204124902_gitlab_shared_runners_enabled.yml
index b06115a9922..4b303aaabdc 100644
--- a/config/metrics/settings/20210204124902_gitlab_shared_runners_enabled.yml
+++ b/config/metrics/settings/20210204124902_gitlab_shared_runners_enabled.yml
@@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
diff --git a/config/metrics/settings/20210204124904_gravatar_enabled.yml b/config/metrics/settings/20210204124904_gravatar_enabled.yml
index e1ae8b48035..3e9e7f2be5d 100644
--- a/config/metrics/settings/20210204124904_gravatar_enabled.yml
+++ b/config/metrics/settings/20210204124904_gravatar_enabled.yml
@@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124906_ldap_enabled.yml b/config/metrics/settings/20210204124906_ldap_enabled.yml
index 277706e52f3..1dc2eece1cd 100644
--- a/config/metrics/settings/20210204124906_ldap_enabled.yml
+++ b/config/metrics/settings/20210204124906_ldap_enabled.yml
@@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124908_mattermost_enabled.yml b/config/metrics/settings/20210204124908_mattermost_enabled.yml
index 84529a71be3..da7859af301 100644
--- a/config/metrics/settings/20210204124908_mattermost_enabled.yml
+++ b/config/metrics/settings/20210204124908_mattermost_enabled.yml
@@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124910_omniauth_enabled.yml b/config/metrics/settings/20210204124910_omniauth_enabled.yml
index 00ab7ce310c..c5d580a4ec0 100644
--- a/config/metrics/settings/20210204124910_omniauth_enabled.yml
+++ b/config/metrics/settings/20210204124910_omniauth_enabled.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124912_prometheus_enabled.yml b/config/metrics/settings/20210204124912_prometheus_enabled.yml
index 108adb7b572..af6f1277f71 100644
--- a/config/metrics/settings/20210204124912_prometheus_enabled.yml
+++ b/config/metrics/settings/20210204124912_prometheus_enabled.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
diff --git a/config/metrics/settings/20210204124914_prometheus_metrics_enabled.yml b/config/metrics/settings/20210204124914_prometheus_metrics_enabled.yml
index 3d3b7a87b5d..48b5bdb3848 100644
--- a/config/metrics/settings/20210204124914_prometheus_metrics_enabled.yml
+++ b/config/metrics/settings/20210204124914_prometheus_metrics_enabled.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
diff --git a/config/metrics/settings/20210204124916_reply_by_email_enabled.yml b/config/metrics/settings/20210204124916_reply_by_email_enabled.yml
index fc4d8d3aa25..6a73bdbf2bd 100644
--- a/config/metrics/settings/20210204124916_reply_by_email_enabled.yml
+++ b/config/metrics/settings/20210204124916_reply_by_email_enabled.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124918_signup_enabled.yml b/config/metrics/settings/20210204124918_signup_enabled.yml
index 658cbaefa64..566ed05fdc7 100644
--- a/config/metrics/settings/20210204124918_signup_enabled.yml
+++ b/config/metrics/settings/20210204124918_signup_enabled.yml
@@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124920_web_ide_clientside_preview_enabled.yml b/config/metrics/settings/20210204124920_web_ide_clientside_preview_enabled.yml
index e41d6b1db4a..c1f082233f3 100644
--- a/config/metrics/settings/20210204124920_web_ide_clientside_preview_enabled.yml
+++ b/config/metrics/settings/20210204124920_web_ide_clientside_preview_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124922_grafana_link_enabled.yml b/config/metrics/settings/20210204124922_grafana_link_enabled.yml
index b13b9b06774..3016337db9b 100644
--- a/config/metrics/settings/20210204124922_grafana_link_enabled.yml
+++ b/config/metrics/settings/20210204124922_grafana_link_enabled.yml
@@ -14,6 +14,8 @@ distribution:
 - ce
 tier:
 - free
+tiers:
+- free
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210204124934_pages_enabled.yml b/config/metrics/settings/20210204124934_pages_enabled.yml
index 265cf0ad166..3a18d98b575 100644
--- a/config/metrics/settings/20210204124934_pages_enabled.yml
+++ b/config/metrics/settings/20210204124934_pages_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210216174829_smtp_server.yml b/config/metrics/settings/20210216174829_smtp_server.yml
index 4bb238186cf..82042ba2d4f 100644
--- a/config/metrics/settings/20210216174829_smtp_server.yml
+++ b/config/metrics/settings/20210216174829_smtp_server.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml b/config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml
index f588cd8b449..cf47e3633b4 100644
--- a/config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml
+++ b/config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216175604_edition.yml b/config/metrics/settings/20210216175604_edition.yml
index 019469942c5..77c01898239 100644
--- a/config/metrics/settings/20210216175604_edition.yml
+++ b/config/metrics/settings/20210216175604_edition.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
diff --git a/config/metrics/settings/20210216175606_ldap_encrypted_secrets_enabled.yml b/config/metrics/settings/20210216175606_ldap_encrypted_secrets_enabled.yml
index 9854c7027e9..b19b1c2c562 100644
--- a/config/metrics/settings/20210216175606_ldap_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20210216175606_ldap_encrypted_secrets_enabled.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216175609_version.yml b/config/metrics/settings/20210216175609_version.yml
index 9ee62f2d7d6..b7a77e10782 100644
--- a/config/metrics/settings/20210216175609_version.yml
+++ b/config/metrics/settings/20210216175609_version.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180314_gitpod_enabled.yml b/config/metrics/settings/20210216180314_gitpod_enabled.yml
index 9026f51f47e..06ad2ec2846 100644
--- a/config/metrics/settings/20210216180314_gitpod_enabled.yml
+++ b/config/metrics/settings/20210216180314_gitpod_enabled.yml
@@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180836_enabled.yml b/config/metrics/settings/20210216180836_enabled.yml
index 38f9160db32..7aad11d7976 100644
--- a/config/metrics/settings/20210216180836_enabled.yml
+++ b/config/metrics/settings/20210216180836_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180838_enabled.yml b/config/metrics/settings/20210216180838_enabled.yml
index 358adaab377..c42adcb9dc9 100644
--- a/config/metrics/settings/20210216180838_enabled.yml
+++ b/config/metrics/settings/20210216180838_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180840_direct_upload.yml b/config/metrics/settings/20210216180840_direct_upload.yml
index 5bcd92df824..7b8b11a0865 100644
--- a/config/metrics/settings/20210216180840_direct_upload.yml
+++ b/config/metrics/settings/20210216180840_direct_upload.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180841_background_upload.yml b/config/metrics/settings/20210216180841_background_upload.yml
index 1496f364087..f59e097b04d 100644
--- a/config/metrics/settings/20210216180841_background_upload.yml
+++ b/config/metrics/settings/20210216180841_background_upload.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180843_provider.yml b/config/metrics/settings/20210216180843_provider.yml
index d1e9c945833..d74b064bff1 100644
--- a/config/metrics/settings/20210216180843_provider.yml
+++ b/config/metrics/settings/20210216180843_provider.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180845_enabled.yml b/config/metrics/settings/20210216180845_enabled.yml
index 836d67d2967..5420b62d90a 100644
--- a/config/metrics/settings/20210216180845_enabled.yml
+++ b/config/metrics/settings/20210216180845_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180847_enabled.yml b/config/metrics/settings/20210216180847_enabled.yml
index d25c9c7af38..1abae38ab9a 100644
--- a/config/metrics/settings/20210216180847_enabled.yml
+++ b/config/metrics/settings/20210216180847_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180849_direct_upload.yml b/config/metrics/settings/20210216180849_direct_upload.yml
index e03a7ca31ff..67f6ac6a7e0 100644
--- a/config/metrics/settings/20210216180849_direct_upload.yml
+++ b/config/metrics/settings/20210216180849_direct_upload.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180851_background_upload.yml b/config/metrics/settings/20210216180851_background_upload.yml
index 639cfb49a4b..c7cf10cd229 100644
--- a/config/metrics/settings/20210216180851_background_upload.yml
+++ b/config/metrics/settings/20210216180851_background_upload.yml
@@ -16,6 +16,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180852_provider.yml b/config/metrics/settings/20210216180852_provider.yml
index e09075950b2..ca218329fb0 100644
--- a/config/metrics/settings/20210216180852_provider.yml
+++ b/config/metrics/settings/20210216180852_provider.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180854_enabled.yml b/config/metrics/settings/20210216180854_enabled.yml
index de6d31c0153..01e841d5bac 100644
--- a/config/metrics/settings/20210216180854_enabled.yml
+++ b/config/metrics/settings/20210216180854_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180856_enabled.yml b/config/metrics/settings/20210216180856_enabled.yml
index 0e377486fd6..0ce2366c01a 100644
--- a/config/metrics/settings/20210216180856_enabled.yml
+++ b/config/metrics/settings/20210216180856_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180858_direct_upload.yml b/config/metrics/settings/20210216180858_direct_upload.yml
index 2ae05c9cb28..e9875228caf 100644
--- a/config/metrics/settings/20210216180858_direct_upload.yml
+++ b/config/metrics/settings/20210216180858_direct_upload.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180900_background_upload.yml b/config/metrics/settings/20210216180900_background_upload.yml
index e53fc2269ac..0058b59e559 100644
--- a/config/metrics/settings/20210216180900_background_upload.yml
+++ b/config/metrics/settings/20210216180900_background_upload.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180902_provider.yml b/config/metrics/settings/20210216180902_provider.yml
index 8e0d6a09c65..9befdd860cb 100644
--- a/config/metrics/settings/20210216180902_provider.yml
+++ b/config/metrics/settings/20210216180902_provider.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180903_enabled.yml b/config/metrics/settings/20210216180903_enabled.yml
index e38cb97b037..a3e8d730cf5 100644
--- a/config/metrics/settings/20210216180903_enabled.yml
+++ b/config/metrics/settings/20210216180903_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180905_enabled.yml b/config/metrics/settings/20210216180905_enabled.yml
index 6db289cd87d..ce803e6ce1d 100644
--- a/config/metrics/settings/20210216180905_enabled.yml
+++ b/config/metrics/settings/20210216180905_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180907_direct_upload.yml b/config/metrics/settings/20210216180907_direct_upload.yml
index 786a6168a24..b8d137ec5f5 100644
--- a/config/metrics/settings/20210216180907_direct_upload.yml
+++ b/config/metrics/settings/20210216180907_direct_upload.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180909_background_upload.yml b/config/metrics/settings/20210216180909_background_upload.yml
index 3266f22a3f3..ebbc974ac15 100644
--- a/config/metrics/settings/20210216180909_background_upload.yml
+++ b/config/metrics/settings/20210216180909_background_upload.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180911_provider.yml b/config/metrics/settings/20210216180911_provider.yml
index a7b100c2444..b2da668172c 100644
--- a/config/metrics/settings/20210216180911_provider.yml
+++ b/config/metrics/settings/20210216180911_provider.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180913_enabled.yml b/config/metrics/settings/20210216180913_enabled.yml
index c76f7f39041..20daf31cf15 100644
--- a/config/metrics/settings/20210216180913_enabled.yml
+++ b/config/metrics/settings/20210216180913_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
diff --git a/config/metrics/settings/20210216180915_enabled.yml b/config/metrics/settings/20210216180915_enabled.yml
index c6759ea6708..9b311ed72d4 100644
--- a/config/metrics/settings/20210216180915_enabled.yml
+++ b/config/metrics/settings/20210216180915_enabled.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180916_direct_upload.yml b/config/metrics/settings/20210216180916_direct_upload.yml
index dc9adfffc8e..59085ab4978 100644
--- a/config/metrics/settings/20210216180916_direct_upload.yml
+++ b/config/metrics/settings/20210216180916_direct_upload.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180918_background_upload.yml b/config/metrics/settings/20210216180918_background_upload.yml
index f93ce9b7a39..952a3009b7b 100644
--- a/config/metrics/settings/20210216180918_background_upload.yml
+++ b/config/metrics/settings/20210216180918_background_upload.yml
@@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216180920_provider.yml b/config/metrics/settings/20210216180920_provider.yml
index 441db6854d0..e13cd13c816 100644
--- a/config/metrics/settings/20210216180920_provider.yml
+++ b/config/metrics/settings/20210216180920_provider.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216183241_filesystems.yml b/config/metrics/settings/20210216183241_filesystems.yml
index e6dc412fb91..2e9993478b8 100644
--- a/config/metrics/settings/20210216183241_filesystems.yml
+++ b/config/metrics/settings/20210216183241_filesystems.yml
@@ -14,5 +14,9 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210216183248_pg_system_id.yml b/config/metrics/settings/20210216183248_pg_system_id.yml
index ebf2c11b9cd..7db36fc01eb 100644
--- a/config/metrics/settings/20210216183248_pg_system_id.yml
+++ b/config/metrics/settings/20210216183248_pg_system_id.yml
@@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
diff --git a/config/metrics/settings/20210225045628_operating_system.yml b/config/metrics/settings/20210225045628_operating_system.yml
index 75ac2b5e784..ddbcc73eca5 100644
--- a/config/metrics/settings/20210225045628_operating_system.yml
+++ b/config/metrics/settings/20210225045628_operating_system.yml
@@ -17,4 +17,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
diff --git a/config/metrics/settings/20210321224827_gitaly_apdex.yml b/config/metrics/settings/20210321224827_gitaly_apdex.yml
index 66a292683cf..6b0dcd9a1e1 100644
--- a/config/metrics/settings/20210321224827_gitaly_apdex.yml
+++ b/config/metrics/settings/20210321224827_gitaly_apdex.yml
@@ -17,4 +17,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
diff --git a/config/metrics/settings/20210323120839_topology.yml b/config/metrics/settings/20210323120839_topology.yml
index ef8f4c1d792..8faa2ec0030 100644
--- a/config/metrics/settings/20210323120839_topology.yml
+++ b/config/metrics/settings/20210323120839_topology.yml
@@ -16,5 +16,9 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: 'config/metrics/objects_schemas/topology_schema.json'
 performance_indicator_type: []
diff --git a/config/metrics/settings/20210702140138_collected_data_categories.yml b/config/metrics/settings/20210702140138_collected_data_categories.yml
index 4b4db26f112..7f2f21c8566 100644
--- a/config/metrics/settings/20210702140138_collected_data_categories.yml
+++ b/config/metrics/settings/20210702140138_collected_data_categories.yml
@@ -18,5 +18,9 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: 'config/metrics/objects_schemas/collected_data_categories_schema.json'
 performance_indicator_type: []
diff --git a/config/metrics/settings/20210812202137_smtp_encrypted_secrets_enabled.yml b/config/metrics/settings/20210812202137_smtp_encrypted_secrets_enabled.yml
index 02f68c62482..80c7deef982 100644
--- a/config/metrics/settings/20210812202137_smtp_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20210812202137_smtp_encrypted_secrets_enabled.yml
@@ -17,3 +17,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20210915152326_service_ping_features_enabled.yml b/config/metrics/settings/20210915152326_service_ping_features_enabled.yml
index 55fd72f622a..42e6b9d491b 100644
--- a/config/metrics/settings/20210915152326_service_ping_features_enabled.yml
+++ b/config/metrics/settings/20210915152326_service_ping_features_enabled.yml
@@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20211124061450_snowplow_enabled.yml b/config/metrics/settings/20211124061450_snowplow_enabled.yml
index b08042f7f83..15837021abc 100644
--- a/config/metrics/settings/20211124061450_snowplow_enabled.yml
+++ b/config/metrics/settings/20211124061450_snowplow_enabled.yml
@@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20211124085521_snowplow_configured_to_gitlab_collector_hostname.yml b/config/metrics/settings/20211124085521_snowplow_configured_to_gitlab_collector_hostname.yml
index 8f9cdbb4b69..88509b1b12d 100644
--- a/config/metrics/settings/20211124085521_snowplow_configured_to_gitlab_collector_hostname.yml
+++ b/config/metrics/settings/20211124085521_snowplow_configured_to_gitlab_collector_hostname.yml
@@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20211201012652_flavor.yml b/config/metrics/settings/20211201012652_flavor.yml
index 7767d588ec0..a59a893cb6b 100644
--- a/config/metrics/settings/20211201012652_flavor.yml
+++ b/config/metrics/settings/20211201012652_flavor.yml
@@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20220222181654_certificate_based_clusters_ff.yml b/config/metrics/settings/20220222181654_certificate_based_clusters_ff.yml
index 53901ceb5b4..1704965f531 100644
--- a/config/metrics/settings/20220222181654_certificate_based_clusters_ff.yml
+++ b/config/metrics/settings/20220222181654_certificate_based_clusters_ff.yml
@@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20221015152126_deactivate_dormant_users_enabled.yml b/config/metrics/settings/20221015152126_deactivate_dormant_users_enabled.yml
index f4cb8534cf7..edb784ec8b0 100644
--- a/config/metrics/settings/20221015152126_deactivate_dormant_users_enabled.yml
+++ b/config/metrics/settings/20221015152126_deactivate_dormant_users_enabled.yml
@@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20221015161233_deactivate_dormant_users_period.yml b/config/metrics/settings/20221015161233_deactivate_dormant_users_period.yml
index 395a20a30cc..645919827ca 100644
--- a/config/metrics/settings/20221015161233_deactivate_dormant_users_period.yml
+++ b/config/metrics/settings/20221015161233_deactivate_dormant_users_period.yml
@@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20230125220526_incoming_email_encrypted_secrets_enabled.yml b/config/metrics/settings/20230125220526_incoming_email_encrypted_secrets_enabled.yml
index 8c73209ce67..ab20cd353ee 100644
--- a/config/metrics/settings/20230125220526_incoming_email_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20230125220526_incoming_email_encrypted_secrets_enabled.yml
@@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20230125221700_service_desk_email_encrypted_secrets_enabled.yml b/config/metrics/settings/20230125221700_service_desk_email_encrypted_secrets_enabled.yml
index b9c7f779df3..b10ec12cde5 100644
--- a/config/metrics/settings/20230125221700_service_desk_email_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20230125221700_service_desk_email_encrypted_secrets_enabled.yml
@@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20230203164341_index_inconsistencies_metric.yml b/config/metrics/settings/20230203164341_index_inconsistencies_metric.yml
index 30a64814551..8085fbd914c 100644
--- a/config/metrics/settings/20230203164341_index_inconsistencies_metric.yml
+++ b/config/metrics/settings/20230203164341_index_inconsistencies_metric.yml
@@ -19,4 +19,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: "config/metrics/objects_schemas/index_inconsistencies_metric.json"
diff --git a/config/metrics/settings/20230328165533_mode.yml b/config/metrics/settings/20230328165533_mode.yml
index 88666f2d57c..55c504c4a9c 100644
--- a/config/metrics/settings/20230328165533_mode.yml
+++ b/config/metrics/settings/20230328165533_mode.yml
@@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/settings/20230602180038_batched_background_migrations_metric.yml b/config/metrics/settings/20230602180038_batched_background_migrations_metric.yml
index 77ea352ba42..1f8f7655113 100644
--- a/config/metrics/settings/20230602180038_batched_background_migrations_metric.yml
+++ b/config/metrics/settings/20230602180038_batched_background_migrations_metric.yml
@@ -19,4 +19,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: "config/metrics/objects_schemas/batched_background_migrations_metric.json"
diff --git a/config/metrics/settings/20230612132238_schema_inconsistencies_metric.yml b/config/metrics/settings/20230612132238_schema_inconsistencies_metric.yml
index f5cd1cc01d2..f9bfca17f79 100644
--- a/config/metrics/settings/20230612132238_schema_inconsistencies_metric.yml
+++ b/config/metrics/settings/20230612132238_schema_inconsistencies_metric.yml
@@ -19,4 +19,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: "config/metrics/objects_schemas/schema_inconsistencies_metric.json"
diff --git a/config/metrics/settings/20240425162824_instance_runner_registration_token_allowed.yml b/config/metrics/settings/20240425162824_instance_runner_registration_token_allowed.yml
index 5875b66dead..98a575ba8ba 100644
--- a/config/metrics/settings/20240425162824_instance_runner_registration_token_allowed.yml
+++ b/config/metrics/settings/20240425162824_instance_runner_registration_token_allowed.yml
@@ -18,3 +18,7 @@ tier:
   - free
   - premium
   - ultimate
+tiers:
+  - free
+  - premium
+  - ultimate
diff --git a/config/metrics/settings/20240607181654_observability_features_ff.yml b/config/metrics/settings/20240607181654_observability_features_ff.yml
index 30a8335efd4..7972e6ab7e8 100644
--- a/config/metrics/settings/20240607181654_observability_features_ff.yml
+++ b/config/metrics/settings/20240607181654_observability_features_ff.yml
@@ -15,3 +15,5 @@ distribution:
 - ee
 tier:
 - ultimate
+tiers:
+- ultimate
diff --git a/db/migrate/20241021123147_allow_null_file_checksum_in_xray_reports.rb b/db/migrate/20241021123147_allow_null_file_checksum_in_xray_reports.rb
new file mode 100644
index 00000000000..f7e5ee98c29
--- /dev/null
+++ b/db/migrate/20241021123147_allow_null_file_checksum_in_xray_reports.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class AllowNullFileChecksumInXrayReports < Gitlab::Database::Migration[2.2]
+  milestone '17.6'
+
+  def change
+    change_column_null :xray_reports, :file_checksum, true
+  end
+end
diff --git a/db/schema_migrations/20241021123147 b/db/schema_migrations/20241021123147
new file mode 100644
index 00000000000..2a46711a1d6
--- /dev/null
+++ b/db/schema_migrations/20241021123147
@@ -0,0 +1 @@
+b7dcafc4a5211261d39d17e8879a445297297faa021b739f36435774790d1987
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index f3aaf7324bc..9a4d58bbc1b 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -21490,7 +21490,7 @@ CREATE TABLE xray_reports (
     updated_at timestamp with time zone NOT NULL,
     lang text NOT NULL,
     payload jsonb NOT NULL,
-    file_checksum bytea NOT NULL,
+    file_checksum bytea,
     CONSTRAINT check_6da5a3b473 CHECK ((char_length(lang) <= 255))
 );
 
diff --git a/doc/.vale/gitlab_base/SubstitutionWarning.yml b/doc/.vale/gitlab_base/SubstitutionWarning.yml
index 3240ea9f49b..0f12e912326 100644
--- a/doc/.vale/gitlab_base/SubstitutionWarning.yml
+++ b/doc/.vale/gitlab_base/SubstitutionWarning.yml
@@ -40,6 +40,8 @@ swap:
   installation from source: self-compiled installation
   installations from source: self-compiled installations
   it is recommended: "you should"
+  life cycle: "lifecycle"
+  life-cycle: "lifecycle"
   log in: "sign in"
   log-in: "sign in"
   logged in user: "authenticated user"
diff --git a/doc/administration/dedicated/configure_instance.md b/doc/administration/dedicated/configure_instance.md
index d447f660a4f..fea14e363c6 100644
--- a/doc/administration/dedicated/configure_instance.md
+++ b/doc/administration/dedicated/configure_instance.md
@@ -447,14 +447,6 @@ To manage your own email notification preferences:
 
 You will see an alert confirming that your notification preferences have been updated.
 
-Switchboard Tenant Admins can also manage email notifications for other users with access to their organization's tenant:
-
-1. From the **Users** page, open the dropdown in the **Email notifications** column next to the user's email.
-1. To turn off email notifications for that user, select **No**.
-1. To turn on email notifications for that user, select **Yes**.
-
-You will see an alert confirming that your notification preferences have been updated.
-
 ### Application logs
 
 GitLab delivers [application logs](../../administration/logs/index.md) to an Amazon S3 bucket in the GitLab tenant account, which can be shared with you.
diff --git a/doc/ci/img/get_started_cicd_v16_11.png b/doc/ci/img/get_started_cicd_v16_11.png
index c83e26b9f17..a997978d16d 100644
Binary files a/doc/ci/img/get_started_cicd_v16_11.png and b/doc/ci/img/get_started_cicd_v16_11.png differ
diff --git a/doc/ci/runners/runners_scope.md b/doc/ci/runners/runners_scope.md
index 5022cbd34bb..631cc2ad830 100644
--- a/doc/ci/runners/runners_scope.md
+++ b/doc/ci/runners/runners_scope.md
@@ -526,6 +526,11 @@ When you delete a project runner, it is permanently deleted from the GitLab inst
 no longer be used by projects. If you want to temporarily stop the runner from accepting
 jobs, you can [pause](#pause-or-resume-a-project-runner) the runner instead.
 
+When you delete a runner, its configuration still exists in the runner host's `config.toml` file.
+If the deleted runner's configuration is still present in this file, the runner host continues to contact GitLab.
+To prevent unnecessary API traffic, you must also
+[unregister the deleted runner](https://docs.gitlab.com/runner/commands/#gitlab-runner-unregister).
+
 1. On the left sidebar, select **Search or go to** and
    find the project where you want to enable the runner.
 1. Select **Settings > CI/CD**.
diff --git a/doc/development/contributing/first_contribution/configure-dev-env-gdk-in-a-box.md b/doc/development/contributing/first_contribution/configure-dev-env-gdk-in-a-box.md
index 9b0491e0c94..364bab466b6 100644
--- a/doc/development/contributing/first_contribution/configure-dev-env-gdk-in-a-box.md
+++ b/doc/development/contributing/first_contribution/configure-dev-env-gdk-in-a-box.md
@@ -54,6 +54,7 @@ You might need to modify the system configuration (CPU cores and RAM) before sta
 1. In VS Code, install the **Remote - SSH** extension:
    - [VS Code](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-ssh)
    - [VSCodium](https://open-vsx.org/extension/jeanp413/open-remote-ssh)
+1. Make sure that VS Code has access to the local network (**Privacy & Security > Local Network**).
 1. Connect VS Code to the VM:
    - Select **Remote-SSH: Connect to host** from the command palette.
    - Enter the SSH host: `debian@gdk.local`
diff --git a/doc/development/documentation/metadata.md b/doc/development/documentation/metadata.md
index b836e0177ba..66ee68b7bbb 100644
--- a/doc/development/documentation/metadata.md
+++ b/doc/development/documentation/metadata.md
@@ -92,7 +92,7 @@ When this metadata is set on a page:
 The following metadata is optional and is not actively maintained.
 
 - `feedback`: Set to `false` to not include the "Help & Feedback" footer.
-- `noindex`: Set to `false` to prevent the page from being indexed by search engines.
+- `noindex`: Set to `true` to prevent the page from being indexed by search engines.
 - `redirect_to`: Used to control redirects. For more information, see [Redirects in GitLab documentation](redirects.md).
 - `searchbar`: Set to `false` to not include the search bar in the page header.
 - `toc`: Set to `false` to not include the "On this page" navigation.
diff --git a/doc/development/documentation/styleguide/word_list.md b/doc/development/documentation/styleguide/word_list.md
index 0f6cd002687..c8942f22aaa 100644
--- a/doc/development/documentation/styleguide/word_list.md
+++ b/doc/development/documentation/styleguide/word_list.md
@@ -1327,6 +1327,12 @@ Instead of:
 - This setting is turned on at the group level.
 - This is a project-level setting.
 
+## lifecycle, life cycle, life-cycle
+
+Use one word for **lifecycle**. Do not use **life cycle** or **life-cycle**.
+
+([Vale](../testing/vale.md) rule: [`SubstitutionWarning.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/.vale/gitlab_base/SubstitutionWarning.yml))
+
 ## list
 
 Do not use **list** when referring to a [**dropdown list**](#dropdown-list).
diff --git a/doc/development/sec/analyzer_development_guide.md b/doc/development/sec/analyzer_development_guide.md
index f1fa6608c3d..26a0d2d5342 100644
--- a/doc/development/sec/analyzer_development_guide.md
+++ b/doc/development/sec/analyzer_development_guide.md
@@ -282,6 +282,41 @@ The [security-report-schema](https://gitlab.com/gitlab-org/security-products/sec
 - [SAST](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/sast-report-format.json)
 - [Secret Detection](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/secret-detection-report-format.json)
 
+#### Compatibility with report schema
+
+Security reports uploaded as [artifacts](../../user/application_security/index.md#all-tiers) to
+GitLab are [validated](../integrations/secure.md#report-validation) before being
+[ingested](security_report_ingestion_overview.md).
+
+Security report schemas are versioned using SchemaVer: `MODEL-REVISION-ADDITION`. The Sec Section
+is responsible for the
+[`security-report-schemas` project](https://gitlab.com/gitlab-org/security-products/security-report-schemas),
+including the compatibility of GitLab and the schema versions. Schema changes must follow the
+product-wide [deprecation guidelines](../deprecation_guidelines/index.md).
+
+When a new `MODEL` version is introduced, analyzers that adopt the new schema are responsible for
+ensuring that GitLab deployments that do not vendor this new schema version continue to ingest
+security reports without errors or warnings.
+
+This can be accomplished in different ways:
+
+1. Implement support for multiple schema versions in the analyzer. Based on the GitLab version, the
+   analyzer emits a security report using the latest schema version supported by GitLab.
+   - Pro: analyzer can decide at runtime what the best version to utilize is.
+   - Con: implementation effort and increased complexity.
+1. Release a new analyzer major version. Instances that don't vendor the latest `MODEL` schema
+   version continue to use an analyzer version that emits reports using version `MODEL-1`.
+   - Pro: keeps analyzer code simple.
+   - Con: extra analyzer version to maintain.
+1. Delay use of new schema. This relies on `additionalProperties=true`, which allows a report to
+   include properties that are not present in the schema. A new analyzer major version would be
+   released at the usual cadence.
+   - Pro: no extra analyzer to maintain, keep analyzer code simple.
+   - Con: increased risk and/or effort to mitigate the risk of not having the schema validated.
+
+If you are unsure which path to follow, reach-out to the
+[`security-report-schemas` maintainers](https://gitlab.com/groups/gitlab-org/maintainers/security-report-schemas/-/group_members?with_inherited_permissions=exclude).
+
 ### Location of Container Images
 
 In order to
diff --git a/doc/legal/corporate_contributor_license_agreement.md b/doc/legal/corporate_contributor_license_agreement.md
index 327fd2c7569..5855dde4201 100644
--- a/doc/legal/corporate_contributor_license_agreement.md
+++ b/doc/legal/corporate_contributor_license_agreement.md
@@ -8,14 +8,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Corporate contributor license agreement
 
 You accept and agree to the following terms and conditions for Your present and
-future Contributions submitted to GitLab B.V.. Except for the license granted
-herein to GitLab B.V. and recipients of software distributed by GitLab B.V., You
+future Contributions submitted to GitLab Inc. Except for the license granted
+herein to GitLab Inc. and recipients of software distributed by GitLab Inc., You
 reserve all right, title, and interest in and to Your Contributions.
 
 "1." **Definitions:**
 
   "You" (or "Your") shall mean the copyright owner or legal entity authorized by
-  the copyright owner that is making this Agreement with GitLab B.V.. For legal
+  the copyright owner that is making this Agreement with GitLab Inc. For legal
   entities, the entity making a Contribution and all other entities that
   control, are controlled by, or are under common control with that entity are
   considered to be a single Contributor. For the purposes of this definition,
@@ -26,20 +26,20 @@ reserve all right, title, and interest in and to Your Contributions.
 
   "Contribution" shall mean the code, documentation or other original works of
   authorship, including any modifications or additions to an existing work, that
-  is submitted by You to GitLab B.V. for inclusion in, or documentation of, any
-  of the products owned or managed by GitLab B.V. (the "Work"). For the purposes
+  is submitted by You to GitLab Inc. for inclusion in, or documentation of, any
+  of the products owned or managed by GitLab Inc. (the "Work"). For the purposes
   of this definition, "submitted" means any form of electronic, verbal, or
-  written communication sent to GitLab B.V. or its representatives, including
+  written communication sent to GitLab Inc. or its representatives, including
   but not limited to communication on electronic mailing lists, source code
   control systems, and issue tracking systems that are managed by, or on behalf
-  of, GitLab B.V. for the purpose of discussing and improving the Work, but
+  of, GitLab Inc. for the purpose of discussing and improving the Work, but
   excluding communication that is conspicuously marked or otherwise designated
   in writing by You as "Not a Contribution."
 
 "2." **Grant of Copyright License:**
 
   Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
   perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   copyright license to reproduce, prepare derivative works of, publicly display,
   publicly perform, sublicense, and distribute Your Contributions and such
@@ -48,7 +48,7 @@ reserve all right, title, and interest in and to Your Contributions.
 "3." **Grant of Patent License:**
 
   Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
   perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   (except as stated in this section) patent license to make, have made, use,
   offer to sell, sell, import, and otherwise transfer the Work, where such
@@ -68,7 +68,7 @@ reserve all right, title, and interest in and to Your Contributions.
   writing by You as "Not authorized to submit Contributions on behalf of (name
   of Your corporation here)." Such designations of exclusion for unauthorized
   employees are to be submitted via email to `legal@gitlab.com`. It is Your
-  responsibility to notify GitLab B.V. when any change is required to the list
+  responsibility to notify GitLab Inc. when any change is required to the list
   of designated employees excluded from submitting Contributions on Your behalf.
   Such notification should also be sent via email to `legal@gitlab.com`.
 
@@ -77,7 +77,7 @@ reserve all right, title, and interest in and to Your Contributions.
   You represent that each of Your Contributions is Your original creation.
 
   Should You wish to submit work that is not Your original creation, You may
-  submit it to GitLab B.V. separately from any Contribution, identifying the
+  submit it to GitLab Inc. separately from any Contribution, identifying the
   complete details of its source and of any license or other restriction
   (including, but not limited to, related patents, trademarks, and license
   agreements) of which you are personally aware, and conspicuously marking the
diff --git a/doc/legal/individual_contributor_license_agreement.md b/doc/legal/individual_contributor_license_agreement.md
index 24eb855f2bc..2b6fb6d85f1 100644
--- a/doc/legal/individual_contributor_license_agreement.md
+++ b/doc/legal/individual_contributor_license_agreement.md
@@ -8,14 +8,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Individual contributor license agreement
 
 You accept and agree to the following terms and conditions for Your present and
-future Contributions submitted to GitLab B.V.. Except for the license granted
-herein to GitLab B.V. and recipients of software distributed by GitLab B.V., You
+future Contributions submitted to GitLab Inc. Except for the license granted
+herein to GitLab Inc. and recipients of software distributed by GitLab Inc., You
 reserve all right, title, and interest in and to Your Contributions.
 
 "1." **Definitions:**
 
   "You" (or "Your") shall mean the copyright owner or legal entity authorized by
-  the copyright owner that is making this Agreement with GitLab B.V.. For legal
+  the copyright owner that is making this Agreement with GitLab Inc. For legal
   entities, the entity making a Contribution and all other entities that
   control, are controlled by, or are under common control with that entity are
   considered to be a single Contributor. For the purposes of this definition,
@@ -26,20 +26,20 @@ reserve all right, title, and interest in and to Your Contributions.
 
   "Contribution" shall mean any original work of authorship, including any
   modifications or additions to an existing work, that is intentionally
-  submitted by You to GitLab B.V. for inclusion in, or documentation of, any of
-  the products owned or managed by GitLab B.V. (the "Work"). For the purposes of
+  submitted by You to GitLab Inc. for inclusion in, or documentation of, any of
+  the products owned or managed by GitLab Inc. (the "Work"). For the purposes of
   this definition, "submitted" means any form of electronic, verbal, or written
-  communication sent to GitLab B.V. or its representatives, including but not
+  communication sent to GitLab Inc. or its representatives, including but not
   limited to communication on electronic mailing lists, source code control
   systems, and issue tracking systems that are managed by, or on behalf of,
-  GitLab B.V. for the purpose of discussing and improving the Work, but
+  GitLab Inc. for the purpose of discussing and improving the Work, but
   excluding communication that is conspicuously marked or otherwise designated
   in writing by You as "Not a Contribution."
 
 "2." **Grant of Copyright License:**
 
   Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
   perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   copyright license to reproduce, prepare derivative works of, publicly display,
   publicly perform, sublicense, and distribute Your Contributions and such
@@ -48,7 +48,7 @@ reserve all right, title, and interest in and to Your Contributions.
 "3." **Grant of Patent License:**
 
   Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
   perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   (except as stated in this section) patent license to make, have made, use,
   offer to sell, sell, import, and otherwise transfer the Work, where such
@@ -66,8 +66,8 @@ reserve all right, title, and interest in and to Your Contributions.
   your employer(s) has rights to intellectual property that you create that
   includes your Contributions, you represent that you have received permission
   to make Contributions on behalf of that employer, that your employer has
-  waived such rights for your Contributions to GitLab B.V., or that your
-  employer has executed a separate Corporate CLA with GitLab B.V..
+  waived such rights for your Contributions to GitLab Inc., or that your
+  employer has executed a separate Corporate CLA with GitLab Inc.
 
 "4." **Contributions:**
 
@@ -78,7 +78,7 @@ reserve all right, title, and interest in and to Your Contributions.
   are associated with any part of Your Contributions.
 
   Should You wish to submit work that is not Your original creation, You may
-  submit it to GitLab B.V. separately from any Contribution, identifying the
+  submit it to GitLab Inc. separately from any Contribution, identifying the
   complete details of its source and of any license or other restriction
   (including, but not limited to, related patents, trademarks, and license
   agreements) of which you are personally aware, and conspicuously marking the
@@ -92,7 +92,7 @@ reserve all right, title, and interest in and to Your Contributions.
   limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT,
   MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
 
-You agree to notify GitLab B.V. of any facts or circumstances of which you
+You agree to notify GitLab Inc. of any facts or circumstances of which you
 become aware that would make these representations inaccurate in any respect.
 
 This text is licensed under the
diff --git a/doc/topics/git/img/get_started_git_v16_11.png b/doc/topics/git/img/get_started_git_v16_11.png
index 6e19926b046..67c0777b264 100644
Binary files a/doc/topics/git/img/get_started_git_v16_11.png and b/doc/topics/git/img/get_started_git_v16_11.png differ
diff --git a/doc/update/breaking_window.md b/doc/update/breaking_window.md
index 7e30d5a23cd..e9343849a38 100644
--- a/doc/update/breaking_window.md
+++ b/doc/update/breaking_window.md
@@ -2,7 +2,7 @@
 stage: none
 group: none
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-noindex: false
+noindex: true
 ---
 
 # Breaking change deployments on GitLab.com
diff --git a/doc/user/analytics/index.md b/doc/user/analytics/index.md
index 0961f48e1e9..37750deeba3 100644
--- a/doc/user/analytics/index.md
+++ b/doc/user/analytics/index.md
@@ -10,7 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - Group-level analytics moved to GitLab Premium in 13.9.
 
 GitLab provides different types of analytics insights at the instance, group, and project level.
-These insights appear on the left sidebar, under [**Analyze**](../project/settings/index.md#disable-project-analytics).
+These insights appear on the left sidebar, under [**Analyze**](../project/settings/index.md#turn-off-project-analytics).
 
 ## Analytics features
 
diff --git a/doc/user/application_security/img/get_started_app_sec_v16_11.png b/doc/user/application_security/img/get_started_app_sec_v16_11.png
index 8d600b6bddc..c15d325c1df 100644
Binary files a/doc/user/application_security/img/get_started_app_sec_v16_11.png and b/doc/user/application_security/img/get_started_app_sec_v16_11.png differ
diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md
index 04a7edc5386..723e6d429d7 100644
--- a/doc/user/compliance/audit_event_types.md
+++ b/doc/user/compliance/audit_event_types.md
@@ -471,6 +471,7 @@ Audit event types belong to the following product categories.
 
 | Name | Description | Saved to database | Streamed | Introduced in | Scope |
 |:------------|:------------|:------------------|:---------|:--------------|:--------------|
+| [`project_security_exclusion_applied`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is applied in one of the security scanners | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.6](https://gitlab.com/gitlab-org/gitlab/-/issues/492465) | Project |
 | [`project_security_exclusion_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is created | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/492464) | Project |
 | [`project_security_exclusion_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is deleted | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/492464) | Project |
 | [`project_security_exclusion_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/492464) | Project |
diff --git a/doc/user/custom_roles.md b/doc/user/custom_roles.md
index a94de2888bf..e7b12866e70 100644
--- a/doc/user/custom_roles.md
+++ b/doc/user/custom_roles.md
@@ -25,21 +25,20 @@ For a demo of the custom roles feature, see [[Demo] Ultimate Guest can view code
 You can discuss individual custom role and permission requests in [issue 391760](https://gitlab.com/gitlab-org/gitlab/-/issues/391760).
 
 NOTE:
-Most custom roles are considered [billable users that use a seat](#billing-and-seat-usage). When you add a user to your group with a custom role, a warning is displayed if you are about to incur additional charges for having more seats than are included in your subscription.
+Most custom roles are considered [billable users that use a seat](#billing-and-seat-usage). When you add a user to your group with a custom role and you are about to incur additional charges for having more seats than are included in your subscription, a warning is displayed.
 
 ## Available permissions
 
 For more information on available permissions, see [custom permissions](custom_roles/abilities.md).
 
 WARNING:
-Depending on the permissions added to a lower base role such as Guest, a user with a custom role might be able to perform actions that are usually restricted to the Maintainer role or higher. For example, if a custom role is Guest plus managing CI/CD variables, a user with this role can manage CI/CD variables added by other Maintainers or Owners for that group or project.
+Depending on the permissions added to a lower base role such as Guest, a user with a custom role might be able to perform actions that are usually restricted to the Maintainer role or higher. For example, if a custom role is Guest plus a permisions to manage CI/CD variables, a user with this role can manage CI/CD variables added by other Maintainers or Owners for that group or project.
 
 ## Create a custom role
 
 You create a custom role by adding [permissions](#available-permissions) to a base role.
-
-You can select any number of permissions. For example, you can create a custom role
-with the permission to:
+You can add multiple permissions to that custom role. For example, you can create a custom role
+with the permission to do all of the following:
 
 - View vulnerability reports.
 - Change the status of vulnerabilities.
@@ -129,13 +128,13 @@ Prerequisites:
 
 To edit a custom role, you can also [use the API](../api/graphql/reference/index.md#mutationmemberroleupdate).
 
-## Delete the custom role
+## Delete a custom role
 
 Prerequisites:
 
 - You must be an administrator or have the Owner role for the group.
 
-You can remove a custom role from a group only if no members have that role. See [unassign a custom role from a group or project member](#unassign-a-custom-role-from-a-group-or-project-member).
+You can't remove a custom role from a group if there are members assigned that role. See [unassign a custom role from a group or project member](#unassign-a-custom-role-from-a-group-or-project-member).
 
 1. On the left sidebar:
    - For self-managed, at the bottom, select **Admin**.
@@ -144,7 +143,7 @@ You can remove a custom role from a group only if no members have that role. See
 1. Select **Custom Roles**.
 1. In the **Actions** column, select **Delete role** (**{remove}**) and confirm.
 
-You can also [use the API](../api/graphql/reference/index.md#mutationmemberroledelete) to delete a custom role. To use the API, you must know the `id` of the custom role. If you do not know this `id`, find it by making an [API request on the group](../api/graphql/reference/index.md#groupmemberroles) or an [API request on the instance](../api/graphql/reference/index.md#querymemberroles).
+You can also [use the API](../api/graphql/reference/index.md#mutationmemberroledelete) to delete a custom role. To use the API, you must provide the `id` of the custom role. If you do not know this `id`, you can find it by making an [API request on the group](../api/graphql/reference/index.md#groupmemberroles) or an [API request on the instance](../api/graphql/reference/index.md#querymemberroles).
 
 ## Add a user with a custom role to your group or project
 
@@ -160,7 +159,7 @@ To add a user with a custom role:
 - To a group, see [add users to a group](group/index.md#add-users-to-a-group).
 - To a project, see [add users to a project](project/members/index.md#add-users-to-a-project).
 
-If a group or project member has a custom role, the [group or project members list](group/index.md#view-group-members) displays "Custom Role" in the **Max role** column of the table.
+If a group or project member has a custom role, the [group or project members list](group/index.md#view-group-members) displays **Custom Role** in the **Max role** column of the table.
 
 ## Assign a custom role to an existing group or project member
 
@@ -244,7 +243,7 @@ curl --request PUT --header "Content-Type: application/json" --header "Authoriza
 
 ## Inheritance
 
-If a user belongs to a group, they are a _direct member_ of the group
+If a user belongs to a group, they are a direct member of the group
 and an [inherited member](project/members/index.md#membership-types)
 of any subgroups or projects. If a user is assigned a custom role
 by the top-level group, the permissions of the role are also inherited by subgroups
@@ -256,12 +255,12 @@ For example, assume the following structure exists:
   - Subgroup B
     - Project 1
 
-If a custom role with Developer + `Manage CI/CD variables` permission is assigned to Group A,
-the user also has `Manage CI/CD variables` permission for Subgroup B and Project 1.
+If a custom role with the Developer role plus the `Manage CI/CD variables` permission is assigned to Group A,
+the user also has `Manage CI/CD variables` permission in Subgroup B and Project 1.
 
 ## Billing and seat usage
 
-When you enable a custom role for a user with the Guest role, that user has
+When you assign a custom role to a user with the Guest role, that user has
 access to elevated permissions over the base role, and therefore:
 
 - Is considered a [billable user](../subscriptions/self_managed/index.md#billable-users) on self-managed GitLab.
@@ -302,6 +301,7 @@ Group B invites Group A. The following table shows the maximum role that each th
 | Group B invites Group A with Developer + `admin_vulnerability` | Guest  | Guest + `read_code` | Guest + `read_vulnerability` | Developer                    | Developer + `admin_vulnerability` |
 
 When User C is invited to Group B with the same default role (Guest), but different custom permissions with the same base access level (`read_code` and `read_vulnerability`), User C retains the custom permission from Group A (`read_vulnerability`).
+The ability to assign a custom role when sharing a group to a project can be tracked in [issue 468329](https://gitlab.com/gitlab-org/gitlab/-/issues/468329).
 
 ## Supported objects
 
diff --git a/doc/user/get_started/img/get_started_code_workflow_v16_11.png b/doc/user/get_started/img/get_started_code_workflow_v16_11.png
index 995979e09d4..8e2fff8b21c 100644
Binary files a/doc/user/get_started/img/get_started_code_workflow_v16_11.png and b/doc/user/get_started/img/get_started_code_workflow_v16_11.png differ
diff --git a/doc/user/get_started/img/get_started_managing_infrastructure_v16_11.png b/doc/user/get_started/img/get_started_managing_infrastructure_v16_11.png
index 3fcf1b1c8a9..451701d08c0 100644
Binary files a/doc/user/get_started/img/get_started_managing_infrastructure_v16_11.png and b/doc/user/get_started/img/get_started_managing_infrastructure_v16_11.png differ
diff --git a/doc/user/get_started/img/get_started_monitor_app_v17_3.png b/doc/user/get_started/img/get_started_monitor_app_v17_3.png
index d744da38cbe..dd2a7d674fb 100644
Binary files a/doc/user/get_started/img/get_started_monitor_app_v17_3.png and b/doc/user/get_started/img/get_started_monitor_app_v17_3.png differ
diff --git a/doc/user/get_started/img/get_started_planning_v16_11.png b/doc/user/get_started/img/get_started_planning_v16_11.png
index 338dedb740f..e7585499628 100644
Binary files a/doc/user/get_started/img/get_started_planning_v16_11.png and b/doc/user/get_started/img/get_started_planning_v16_11.png differ
diff --git a/doc/user/get_started/img/get_started_projects_v16_11.png b/doc/user/get_started/img/get_started_projects_v16_11.png
index 1a42dac6fab..52ec2dd4e21 100644
Binary files a/doc/user/get_started/img/get_started_projects_v16_11.png and b/doc/user/get_started/img/get_started_projects_v16_11.png differ
diff --git a/doc/user/get_started/img/get_started_release_v16_11.png b/doc/user/get_started/img/get_started_release_v16_11.png
index 0e9d8afa7a5..a5e356bc745 100644
Binary files a/doc/user/get_started/img/get_started_release_v16_11.png and b/doc/user/get_started/img/get_started_release_v16_11.png differ
diff --git a/doc/user/gitlab_duo_chat/examples.md b/doc/user/gitlab_duo_chat/examples.md
index 06239542589..de000738363 100644
--- a/doc/user/gitlab_duo_chat/examples.md
+++ b/doc/user/gitlab_duo_chat/examples.md
@@ -366,7 +366,7 @@ To start a new conversation, but keep the previous conversations visible in the
 In both cases, the conversation history will not be considered when you ask new questions.
 Deleting or resetting might help improve the answers when you switch contexts, because Duo Chat will not get confused by the unrelated conversations.
 
-## Supported slash commands
+## GitLab Duo Chat slash commands
 
 Duo Chat has a list of supported commands, each of which is preceded by a slash (`/`).
 Use the following commands to quickly accomplish specific tasks.
diff --git a/doc/user/packages/npm_registry/index.md b/doc/user/packages/npm_registry/index.md
index 698503dc541..ce3a9645a1b 100644
--- a/doc/user/packages/npm_registry/index.md
+++ b/doc/user/packages/npm_registry/index.md
@@ -52,13 +52,13 @@ If you're installing:
 - From an instance:
 
   ```shell
-  //your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken="${NPM_TOKEN}"
+  //your_domain_name/api/v4/packages/npm/:_authToken="${NPM_TOKEN}"
   ```
 
 - From a group:
 
   ```shell
-  //your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken="${NPM_TOKEN}"
+  //your_domain_name/api/v4/groups/your_group_id/-/packages/npm/:_authToken="${NPM_TOKEN}"
   ```
 
 - From a project:
diff --git a/doc/user/project/settings/index.md b/doc/user/project/settings/index.md
index 640133706df..12df7ae27bd 100644
--- a/doc/user/project/settings/index.md
+++ b/doc/user/project/settings/index.md
@@ -18,23 +18,25 @@ To configure features and permissions for a project:
 1. Select **Settings > General**.
 1. Expand **Visibility, project features, permissions**.
 1. To allow users to request access to the project, select the **Users can request access** checkbox.
-1. To enable or disable features in the project, use the feature toggles.
+1. To turn features on or off in the project, use the feature toggles.
 1. Select **Save changes**.
 
-When you disable a feature, the following additional features are also disabled:
+### Feature dependencies
 
-- If you disable the **Issues** feature, project users cannot use:
+When you turn off a feature, the following additional features are also unavailable:
+
+- If you turn off the **Issues** feature, project users cannot use:
 
   - **Issue Boards**
   - **Service Desk**
   - Project users can still access **Milestones** from merge requests.
 
-- If you disable **Issues** and **Merge Requests**, project users cannot use:
+- If you turn off **Issues** and **Merge Requests**, project users cannot use:
 
   - **Labels**
   - **Milestones**
 
-- If you disable **Repository**, project users cannot access:
+- If you turn off **Repository**, project users cannot access:
 
   - **Merge requests**
   - **CI/CD**
@@ -44,23 +46,24 @@ When you disable a feature, the following additional features are also disabled:
 - The metrics dashboard requires read access to project environments and deployments.
   Users with access to the metrics dashboard can also access environments and deployments.
 
-## Enable and disable project features
+## Toggle project features
 
-Enabled project features are visible and accessible to project members.
-You can disable specific project features, so that they are not visible and accessible to project members, regardless of their role.
+Available project features are visible and accessible to project members.
+You can turn off specific project features, so that they are not visible
+and accessible to project members, regardless of their role.
 
-To enable or disable individual features in a project:
+To toggle the availability of individual features in a project:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > General**.
 1. Expand **Visibility, project features, permissions**.
-1. To enable a feature, turn on the toggle. To disable a feature, turn off the toggle.
+1. To change the availability of a feature, turn the toggle on or off.
 1. Select **Save changes**.
 
-## Disable project analytics
+## Turn off project analytics
 
 By default, project analytics are displayed under the **Analyze** item in the left sidebar.
-To disable this feature and remove the **Analyze** item from the left sidebar:
+To turn this feature off and remove the **Analyze** item from the left sidebar:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > General**.
@@ -68,7 +71,7 @@ To disable this feature and remove the **Analyze** item from the left sidebar:
 1. Turn off the **Analytics** toggle.
 1. Select **Save changes**.
 
-## Disable CVE identifier request in issues
+## Turn off CVE identifier request in issues
 
 DETAILS:
 **Tier:** Free, Premium, Ultimate
@@ -78,7 +81,7 @@ DETAILS:
 
 In some environments, users can submit a [CVE identifier request](../../application_security/cve_id_request.md) in an issue.
 
-To disable the CVE identifier request option in issues in your project:
+To turn off the CVE identifier request option in issues in your project:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > General**.
@@ -86,7 +89,7 @@ To disable the CVE identifier request option in issues in your project:
 1. Under **Issues**, turn off the **CVE ID requests in the issue sidebar** toggle.
 1. Select **Save changes**.
 
-## Disable project email notifications
+## Turn off project email notifications
 
 Prerequisites:
 
@@ -97,7 +100,7 @@ Prerequisites:
 1. Expand the **Visibility, project features, permissions** section.
 1. Clear the **Enable email notifications** checkbox.
 
-### Disable diff previews in project email notifications
+### Turn off diff previews in project email notifications
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/24733) in GitLab 15.6 [with the flag](../../../administration/feature_flags.md) named `diff_preview_in_email`. Disabled by default.
 > - [Enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/382055) the flag `diff_preview_in_email` on GitLab.com, self-managed, and GitLab Dedicated in GitLab 17.1.
@@ -116,7 +119,7 @@ Prerequisites:
 
 - You must have the Owner role for the project.
 
-To disable diff previews for a project:
+To turn off diff previews for a project:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > General**.
@@ -130,7 +133,7 @@ Configure your project's merge request settings:
 
 - Set up the [merge request method](../merge_requests/methods/index.md) (merge commit, fast-forward merge).
 - Add merge request [description templates](../description_templates.md).
-- Enable:
+- Turn on:
   - [Merge request approvals](../merge_requests/approvals/index.md).
   - [Status checks](../merge_requests/status_checks.md).
   - [Merge only if pipeline succeeds](../merge_requests/auto_merge.md).
diff --git a/gems/gitlab-secret_detection/.rubocop.yml b/gems/gitlab-secret_detection/.rubocop.yml
index 1dc800520ca..f591ab360a9 100644
--- a/gems/gitlab-secret_detection/.rubocop.yml
+++ b/gems/gitlab-secret_detection/.rubocop.yml
@@ -4,5 +4,8 @@ inherit_from:
 AllCops:
   NewCops: enable
 
+Style/HashSyntax:
+  EnforcedShorthandSyntax: consistent
+
 RSpec/MultipleMemoizedHelpers:
   Max: 25
diff --git a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/finding.rb b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/finding.rb
index e8d83178b09..cb552a699d8 100644
--- a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/finding.rb
+++ b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/finding.rb
@@ -20,11 +20,11 @@ module Gitlab
 
       def to_h
         {
-          blob_id: blob_id,
-          status: status,
-          line_number: line_number,
-          type: type,
-          description: description
+          blob_id:,
+          status:,
+          line_number:,
+          type:,
+          description:
         }
       end
 
diff --git a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/response.rb b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/response.rb
index e39c994889f..c16bfd860ab 100644
--- a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/response.rb
+++ b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/response.rb
@@ -4,15 +4,17 @@ module Gitlab
   module SecretDetection
     # Response is the data object returned by the scan operation with the following structure
     #
-    # +status+:: One of values from SecretDetection::Status indicating the scan operation's status
+    # +status+:: One of values from SecretDetection::Status indicating the scan operation's status.
     # +results+:: Array of SecretDetection::Finding values. Default value is nil.
+    # +applied_exclusions+:: Array of exclusions that were applied during the scan. Default value is [].
     class Response
-      attr_reader :results
+      attr_reader :results, :applied_exclusions
       attr_accessor :status
 
-      def initialize(status, results = nil)
+      def initialize(status, results = nil, applied_exclusions = [])
         @status = status
         @results = results
+        @applied_exclusions = applied_exclusions
       end
 
       def ==(other)
@@ -22,7 +24,7 @@ module Gitlab
       protected
 
       def state
-        [status, results]
+        [status, results, applied_exclusions]
       end
     end
   end
diff --git a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb
index 237b5122961..f360e4df473 100644
--- a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb
+++ b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb
@@ -71,7 +71,8 @@ module Gitlab
       # Returns an instance of SecretDetection::Response by following below structure:
       # {
       #     status: One of the SecretDetection::Status values
-      #     results: [SecretDetection::Finding]
+      #     results: [SecretDetection::Finding],
+      #     applied_exclusions: [Security::ProjectSecurityExclusion]
       # }
       #
       def secrets_scan(
@@ -88,15 +89,20 @@ module Gitlab
 
           next SecretDetection::Response.new(SecretDetection::Status::NOT_FOUND) if matched_blobs.empty?
 
-          secrets = if subprocess
-                      run_scan_within_subprocess(matched_blobs, blob_timeout, exclusions)
-                    else
-                      run_scan(matched_blobs, blob_timeout, exclusions)
-                    end
+          scan_result =
+            if subprocess
+              run_scan_within_subprocess(matched_blobs, blob_timeout, exclusions)
+            else
+              run_scan(matched_blobs, blob_timeout, exclusions)
+            end
 
-          scan_status = overall_scan_status(secrets)
+          scan_status = overall_scan_status(scan_result[:secrets])
 
-          SecretDetection::Response.new(scan_status, secrets)
+          SecretDetection::Response.new(
+            scan_status,
+            scan_result[:secrets],
+            scan_result[:applied_exclusions]
+          )
         end
       rescue Timeout::Error => e
         logger.error "Secret detection operation timed out: #{e}"
@@ -159,46 +165,69 @@ module Gitlab
       end
 
       def run_scan(blobs, blob_timeout, exclusions)
-        blobs.flat_map do |blob|
+        results = blobs.flat_map do |blob|
           Timeout.timeout(blob_timeout) do
             find_secrets(blob, exclusions)
           end
         rescue Timeout::Error => e
           logger.error "Secret Detection scan timed out on the blob(id:#{blob.id}): #{e}"
-          SecretDetection::Finding.new(blob.id,
-            SecretDetection::Status::PAYLOAD_TIMEOUT)
+
+          # This mimics the structure returned from `find_secrets(...)`.
+          {
+            secrets: [SecretDetection::Finding.new(blob.id, SecretDetection::Status::PAYLOAD_TIMEOUT)],
+            applied_exclusions: []
+          }
         end
+
+        {
+          secrets: results.flat_map { |result| result[:secrets] },
+          applied_exclusions: results.flat_map { |result| result[:applied_exclusions] }
+        }
       end
 
       def run_scan_within_subprocess(blobs, blob_timeout, exclusions)
         blob_sizes = blobs.map(&:size)
-        grouped_blob_indicies = group_by_chunk_size(blob_sizes)
 
+        grouped_blob_indicies = group_by_chunk_size(blob_sizes)
         grouped_blobs = grouped_blob_indicies.map { |idx_arr| idx_arr.map { |i| blobs[i] } }
 
-        Parallel.flat_map(
+        results = Parallel.flat_map(
           grouped_blobs,
           in_processes: MAX_PROCS_PER_REQUEST,
           isolation: true # do not reuse sub-processes
         ) do |grouped_blob|
-          grouped_blob.flat_map do |blob|
+          grouped_blob.map do |blob|
             Timeout.timeout(blob_timeout) do
               find_secrets(blob, exclusions)
             end
           rescue Timeout::Error => e
             logger.error "Secret Detection scan timed out on the blob(id:#{blob.id}): #{e}"
-            SecretDetection::Finding.new(blob.id,
-              SecretDetection::Status::PAYLOAD_TIMEOUT)
+
+            # This mimics the structure returned from `find_secrets(...)`.
+            {
+              secrets: [SecretDetection::Finding.new(blob.id, SecretDetection::Status::PAYLOAD_TIMEOUT)],
+              applied_exclusions: []
+            }
           end
         end
+
+        {
+          secrets: results.flat_map { |result| result[:secrets] },
+          applied_exclusions: results.flat_map { |result| result[:applied_exclusions] }
+        }
       end
 
       # finds secrets in the given blob with a timeout circuit breaker
       def find_secrets(blob, exclusions)
         secrets = []
+        applied_exclusions = []
 
         blob.data.each_line.with_index do |line, index|
           exclusions[:raw_value]&.each do |exclusion|
+            next unless line.include?(exclusion.value)
+
+            applied_exclusions << exclusion
+
             line.gsub!(exclusion.value, '') # remove excluded raw value from the line.
           end
 
@@ -209,13 +238,14 @@ module Gitlab
           next unless patterns.any?
 
           line_number = index + 1
+
           patterns.each do |pattern|
             type = rules[pattern]["id"]
-
-            next if exclusions[:rule]&.any? { |exclusion| exclusion.value == type }
-
             description = rules[pattern]["description"]
 
+            # Check if rule type is excluded and if so, skip this rule and count this as an applied exclusion
+            next if applied_rule_exclusion?(type, exclusions[:rule], applied_exclusions)
+
             secrets << SecretDetection::Finding.new(
               blob.id,
               SecretDetection::Status::FOUND,
@@ -226,11 +256,19 @@ module Gitlab
           end
         end
 
-        secrets
+        { secrets:, applied_exclusions: }
       rescue StandardError => e
         logger.error "Secret Detection scan failed on the blob(id:#{blob.id}): #{e}"
 
-        SecretDetection::Finding.new(blob.id, SecretDetection::Status::SCAN_ERROR)
+        {
+          secrets: [SecretDetection::Finding.new(blob.id, SecretDetection::Status::SCAN_ERROR)],
+          applied_exclusions: []
+        }
+      end
+
+      def applied_rule_exclusion?(type, rule_exclusions, applied_exclusions)
+        applied_exclusion = rule_exclusions&.find { |rule_exclusion| rule_exclusion.value == type }
+        applied_exclusion && (applied_exclusions << applied_exclusion)
       end
 
       def validate_scan_input(blobs)
diff --git a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan_diffs.rb b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan_diffs.rb
index 70c224a953e..6622247c43b 100644
--- a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan_diffs.rb
+++ b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan_diffs.rb
@@ -72,7 +72,8 @@ module Gitlab
       # Returns an instance of SecretDetection::Response by following below structure:
       # {
       #     status: One of the SecretDetection::Status values
-      #     results: [SecretDetection::Finding]
+      #     results: [SecretDetection::Finding],
+      #     applied_exclusions: [Security::ProjectSecurityExclusion]
       # }
       #
       def secrets_scan(
@@ -90,16 +91,20 @@ module Gitlab
 
           next SecretDetection::Response.new(SecretDetection::Status::NOT_FOUND) if matched_diffs.empty?
 
-          secrets =
+          scan_result =
             if subprocess
               run_scan_within_subprocess(matched_diffs, payload_timeout, exclusions)
             else
               run_scan(matched_diffs, payload_timeout, exclusions)
             end
 
-          scan_status = overall_scan_status(secrets)
+          scan_status = overall_scan_status(scan_result[:secrets])
 
-          SecretDetection::Response.new(scan_status, secrets)
+          SecretDetection::Response.new(
+            scan_status,
+            scan_result[:secrets],
+            scan_result[:applied_exclusions]
+          )
         end
       rescue Timeout::Error => e
         logger.error "Secret detection operation timed out: #{e}"
@@ -109,7 +114,7 @@ module Gitlab
 
       private
 
-      attr_reader :logger, :rules, :keywords, :pattern_matcher
+      attr_reader :logger, :rules, :keywords, :pattern_matcher, :applied_exclusions
 
       # parses given ruleset file and returns the parsed rules
       def parse_ruleset(ruleset_file_path)
@@ -162,46 +167,65 @@ module Gitlab
       end
 
       def run_scan(diffs, payload_timeout, exclusions)
-        diffs.flat_map do |diff|
+        results = diffs.flat_map do |diff|
           Timeout.timeout(payload_timeout) do
             find_secrets(diff, exclusions)
           end
         rescue Timeout::Error => e
           logger.error "Secret Detection scan timed out on the diff(id:#{diff.right_blob_id}): #{e}"
-          SecretDetection::Finding.new(diff.right_blob_id,
-            SecretDetection::Status::PAYLOAD_TIMEOUT)
+
+          # This mimics the structure returned from `find_secrets(...)`.
+          {
+            secrets: [SecretDetection::Finding.new(diff.right_blob_id, SecretDetection::Status::PAYLOAD_TIMEOUT)],
+            applied_exclusions: []
+          }
         end
+
+        {
+          secrets: results.flat_map { |result| result[:secrets] },
+          applied_exclusions: results.flat_map { |result| result[:applied_exclusions] }
+        }
       end
 
       def run_scan_within_subprocess(diffs, payload_timeout, exclusions)
         diff_sizes = diffs.map { |diff| diff.patch.bytesize }
-        grouped_diff_indicies = group_by_chunk_size(diff_sizes)
 
+        grouped_diff_indicies = group_by_chunk_size(diff_sizes)
         grouped_diffs = grouped_diff_indicies.map { |idx_arr| idx_arr.map { |i| diffs[i] } }
 
-        Parallel.flat_map(
+        results = Parallel.flat_map(
           grouped_diffs,
           in_processes: MAX_PROCS_PER_REQUEST,
           isolation: true # do not reuse sub-processes
         ) do |grouped_diff|
-          grouped_diff.flat_map do |diff|
+          grouped_diff.map do |diff|
             Timeout.timeout(payload_timeout) do
               find_secrets(diff, exclusions)
             end
           rescue Timeout::Error => e
             logger.error "Secret Detection scan timed out on the diff(id:#{diff.right_blob_id}): #{e}"
-            SecretDetection::Finding.new(diff.right_blob_id,
-              SecretDetection::Status::PAYLOAD_TIMEOUT)
+
+            # This mimics the structure returned from `find_secrets(...)`.
+            {
+              secrets: [SecretDetection::Finding.new(diff.right_blob_id, SecretDetection::Status::PAYLOAD_TIMEOUT)],
+              applied_exclusions: []
+            }
           end
         end
+
+        {
+          secrets: results.flat_map { |result| result[:secrets] },
+          applied_exclusions: results.flat_map { |result| result[:applied_exclusions] }
+        }
       end
 
       # finds secrets in the given diff with a timeout circuit breaker
       def find_secrets(diff, exclusions)
-        line_number_offset = 0
         secrets = []
+        applied_exclusions = []
+        line_number_offset = 0
 
-        # The following section parses the diff patch.
+        # The following section parses a single line in a diff patch.
         #
         # If the line starts with @@, it is the hunk header, used to calculate the line number.
         # If the line starts with +, it is newly added in this diff, and we
@@ -221,6 +245,10 @@ module Gitlab
         #  -this context line has a - but starts with a space so isnt a removal
         diff.patch.each_line do |line|
           exclusions[:raw_value]&.each do |exclusion|
+            next unless line.include?(exclusion.value)
+
+            applied_exclusions << exclusion
+
             line.gsub!(exclusion.value, '') # remove excluded raw value from the line.
           end
 
@@ -236,13 +264,15 @@ module Gitlab
             line_content = line[1..]
 
             patterns = pattern_matcher.match(line_content, exception: false)
+
             next unless patterns.any?
 
             patterns.each do |pattern|
               type = rules[pattern]["id"]
               description = rules[pattern]["description"]
 
-              next if exclusions[:rule]&.any? { |exclusion| exclusion.value == type }
+              # Check if rule type is excluded and if so, skip this rule and count this as an applied exclusion
+              next if applied_rule_exclusion?(type, exclusions[:rule], applied_exclusions)
 
               secrets << SecretDetection::Finding.new(
                 diff.right_blob_id,
@@ -261,11 +291,19 @@ module Gitlab
           end
         end
 
-        secrets
+        { secrets:, applied_exclusions: }
       rescue StandardError => e
         logger.error "Secret Detection scan failed on the diff(id:#{diff.right_blob_id}): #{e}"
 
-        SecretDetection::Finding.new(diff.right_blob_id, SecretDetection::Status::SCAN_ERROR)
+        {
+          secrets: [SecretDetection::Finding.new(diff.right_blob_id, SecretDetection::Status::SCAN_ERROR)],
+          applied_exclusions: []
+        }
+      end
+
+      def applied_rule_exclusion?(type, rule_exclusions, applied_exclusions)
+        applied_exclusion = rule_exclusions&.find { |rule_exclusion| rule_exclusion.value == type }
+        applied_exclusion && (applied_exclusions << applied_exclusion)
       end
 
       def validate_scan_input(diffs)
diff --git a/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_diffs_spec.rb b/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_diffs_spec.rb
index b5b86f6e6ba..e1e53ca0f49 100644
--- a/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_diffs_spec.rb
+++ b/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_diffs_spec.rb
@@ -9,13 +9,13 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
     Struct.new(:left_blob_id, :right_blob_id, :patch, :status, :binary, :over_patch_bytes_limit, keyword_init: true)
   end
 
+  let(:exclusion) do
+    Struct.new('Exclusion', :value, :keyword_init)
+  end
+
   let(:sha1_blank_sha) { ('0' * 40).freeze }
   let(:sample_blob_id) { 'fe29d93da4843da433e62711ace82db601eb4f8f' }
 
-  let(:exclusion) do
-    Struct.new(:value, keyword_init: true)
-  end
-
   let(:ruleset) do
     {
       "title" => "gitleaks config",
@@ -52,6 +52,8 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
     }
   end
 
+  let(:empty_applied_exclusions) { [] }
+
   it "does not raise an error parsing the toml file" do
     expect { scan }.not_to raise_error
   end
@@ -86,7 +88,11 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
       end
 
       it "does not match" do
-        expected_response = Gitlab::SecretDetection::Response.new(Gitlab::SecretDetection::Status::NOT_FOUND)
+        expected_response = Gitlab::SecretDetection::Response.new(
+          Gitlab::SecretDetection::Status::NOT_FOUND,
+          nil,
+          empty_applied_exclusions
+        )
 
         expect(scan.secrets_scan(diffs)).to eq(expected_response)
       end
@@ -229,7 +235,8 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
               ruleset['rules'][2]['id'],
               ruleset['rules'][2]['description']
             )
-          ]
+          ],
+          empty_applied_exclusions
         )
       end
 
@@ -316,10 +323,15 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
       it "whole secret detection scan operation times out" do
         scan_timeout_secs = 0.000_001 # 1 micro-sec to intentionally timeout large diff
 
-        expected_response = Gitlab::SecretDetection::Response.new(Gitlab::SecretDetection::Status::SCAN_TIMEOUT)
+        expected_response = Gitlab::SecretDetection::Response.new(
+          Gitlab::SecretDetection::Status::SCAN_TIMEOUT,
+          nil,
+          empty_applied_exclusions
+        )
 
         begin
           response = scan.secrets_scan(diffs, timeout: scan_timeout_secs)
+
           expect(response).to eq(expected_response)
         rescue ArgumentError
           # When RSpec's main process terminates and attempts to clean up child processes upon completion, it terminates
@@ -350,7 +362,8 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
               diffs[2].right_blob_id,
               Gitlab::SecretDetection::Status::PAYLOAD_TIMEOUT
             )
-          ]
+          ],
+          empty_applied_exclusions
         )
 
         expect(scan.secrets_scan(diffs, payload_timeout: each_payload_timeout_secs)).to eq(expected_response)
@@ -375,7 +388,8 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
               all_large_diffs[2].right_blob_id,
               Gitlab::SecretDetection::Status::PAYLOAD_TIMEOUT
             )
-          ]
+          ],
+          empty_applied_exclusions
         )
 
         expect(scan.secrets_scan(all_large_diffs, payload_timeout: each_payload_timeout_secs)).to eq(expected_response)
@@ -482,10 +496,11 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
                 ruleset['rules'][1]['id'],
                 ruleset['rules'][1]['description']
               )
-            ]
+            ],
+            exclusions[:raw_value]
           )
 
-          expect(scan.secrets_scan(diffs, exclusions: exclusions)).to eq(expected_response)
+          expect(scan.secrets_scan(diffs, exclusions:)).to eq(expected_response)
         end
       end
 
@@ -512,10 +527,16 @@ RSpec.describe Gitlab::SecretDetection::ScanDiffs, feature_category: :secret_det
                 ruleset['rules'][1]['id'],
                 ruleset['rules'][1]['description']
               )
+            ],
+            [
+              exclusion.new(value: "gitlab_runner_registration_token"),
+              exclusion.new(value: "gitlab_runner_registration_token"),
+              exclusion.new(value: "gitlab_runner_registration_token"),
+              exclusion.new(value: "gitlab_personal_access_token")
             ]
           )
 
-          expect(scan.secrets_scan(diffs, exclusions: exclusions)).to eq(expected_response)
+          expect(scan.secrets_scan(diffs, exclusions:)).to eq(expected_response)
         end
       end
     end
diff --git a/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb b/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
index 98a200ecacf..d42c193cfc9 100644
--- a/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
+++ b/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
@@ -9,8 +9,8 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
     Struct.new(:id, :data).new(id, data)
   end
 
-  def create_exclusion(value:)
-    Struct.new(:value).new(value)
+  let(:exclusion) do
+    Struct.new('Exclusion', :value, :keyword_init)
   end
 
   let(:ruleset) do
@@ -49,6 +49,8 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
     }
   end
 
+  let(:empty_applied_exclusions) { [] }
+
   it "does not raise an error parsing the toml file" do
     expect { scan }.not_to raise_error
   end
@@ -76,7 +78,11 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
       end
 
       it "does not match" do
-        expected_response = Gitlab::SecretDetection::Response.new(Gitlab::SecretDetection::Status::NOT_FOUND)
+        expected_response = Gitlab::SecretDetection::Response.new(
+          Gitlab::SecretDetection::Status::NOT_FOUND,
+          nil,
+          empty_applied_exclusions
+        )
 
         expect(scan.secrets_scan(blobs)).to eq(expected_response)
       end
@@ -165,7 +171,8 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
               ruleset['rules'][2]['id'],
               ruleset['rules'][2]['description']
             )
-          ]
+          ],
+          empty_applied_exclusions
         )
       end
 
@@ -249,7 +256,11 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
       it "whole secret detection scan operation times out" do
         scan_timeout_secs = 0.000_001 # 1 micro-sec to intentionally timeout large blob
 
-        expected_response = Gitlab::SecretDetection::Response.new(Gitlab::SecretDetection::Status::SCAN_TIMEOUT)
+        expected_response = Gitlab::SecretDetection::Response.new(
+          Gitlab::SecretDetection::Status::SCAN_TIMEOUT,
+          nil,
+          empty_applied_exclusions
+        )
 
         begin
           response = scan.secrets_scan(blobs, timeout: scan_timeout_secs)
@@ -283,7 +294,8 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
               blobs[2].id,
               Gitlab::SecretDetection::Status::PAYLOAD_TIMEOUT
             )
-          ]
+          ],
+          empty_applied_exclusions
         )
 
         expect(scan.secrets_scan(blobs, blob_timeout: each_blob_timeout_secs)).to eq(expected_response)
@@ -308,7 +320,8 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
               all_large_blobs[2].id,
               Gitlab::SecretDetection::Status::PAYLOAD_TIMEOUT
             )
-          ]
+          ],
+          empty_applied_exclusions
         )
 
         expect(scan.secrets_scan(all_large_blobs, blob_timeout: each_blob_timeout_secs)).to eq(expected_response)
@@ -333,8 +346,8 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
         let(:exclusions) do
           {
             raw_value: [
-              create_exclusion(value: 'GR134894112312312312312312312'), # gitleaks:allow
-              create_exclusion(value: 'glpat-12312312312312312312') # gitleaks:allow
+              exclusion.new(value: 'GR134894112312312312312312312'), # gitleaks:allow
+              exclusion.new(value: 'glpat-12312312312312312312') # gitleaks:allow
             ]
           }
         end
@@ -374,10 +387,11 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
                 ruleset['rules'][1]['id'],
                 ruleset['rules'][1]['description']
               )
-            ]
+            ],
+            exclusions[:raw_value]
           )
 
-          expect(scan.secrets_scan(blobs, exclusions: exclusions)).to eq(expected_response)
+          expect(scan.secrets_scan(blobs, exclusions:)).to eq(expected_response)
         end
       end
 
@@ -385,8 +399,8 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
         let(:exclusions) do
           {
             rule: [
-              create_exclusion(value: "gitlab_runner_registration_token"),
-              create_exclusion(value: "gitlab_personal_access_token")
+              exclusion.new(value: "gitlab_runner_registration_token"),
+              exclusion.new(value: "gitlab_personal_access_token")
             ]
           }
         end
@@ -404,10 +418,16 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
                 ruleset['rules'][1]['id'],
                 ruleset['rules'][1]['description']
               )
+            ],
+            [
+              exclusion.new(value: "gitlab_runner_registration_token"),
+              exclusion.new(value: "gitlab_runner_registration_token"),
+              exclusion.new(value: "gitlab_runner_registration_token"),
+              exclusion.new(value: "gitlab_personal_access_token")
             ]
           )
 
-          expect(scan.secrets_scan(blobs, exclusions: exclusions)).to eq(expected_response)
+          expect(scan.secrets_scan(blobs, exclusions:)).to eq(expected_response)
         end
       end
     end
diff --git a/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml
index 764a5b639a7..a5cfd3e0111 100644
--- a/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml
@@ -28,7 +28,4 @@ variables:
     - tar -vczf "${TAR_FILENAME}" -C "${TERRAFORM_MODULE_DIR}" --exclude=./.git .
     # Uploads the Terraform module artifact to the GitLab Terraform Module Registry, see
     # docs/user/packages/terraform_module_registry/index.html#publish-a-terraform-module
-    - 'curl --fail-with-body --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}"
-        --upload-file "$TAR_FILENAME"
-        --upload-file "${TAR_FILENAME}"
-        "${UPLOAD_URL}"'
+    - 'curl --fail-with-body --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${TAR_FILENAME}" "${UPLOAD_URL}"'
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 715ce9f57b5..72550fa325a 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -58682,9 +58682,6 @@ msgstr ""
 msgid "Unknown data source: %{source}"
 msgstr ""
 
-msgid "Unknown encryption strategy: %{encrypted_strategy}!"
-msgstr ""
-
 msgid "Unknown format"
 msgstr ""
 
diff --git a/package.json b/package.json
index 2c751b9b5c1..f5839d44e66 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
     "@gitlab/fonts": "^1.3.0",
     "@gitlab/query-language": "^0.0.5-a-20241017",
     "@gitlab/svgs": "3.119.0",
-    "@gitlab/ui": "98.4.0",
+    "@gitlab/ui": "98.5.2",
     "@gitlab/web-ide": "^0.0.1-dev-20240909013227",
     "@mattiasbuelens/web-streams-adapter": "^0.1.0",
     "@rails/actioncable": "7.0.8-4",
diff --git a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb
index 64c76e54e66..e6136629599 100644
--- a/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/migration/gitlab_migration_project_spec.rb
@@ -119,7 +119,7 @@ module QA
         end
 
         it(
-          'successfully imports project wiki',
+          'successfully imports project wiki', :blocking,
           testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347567'
         ) do
           expect_project_import_finished_successfully
diff --git a/spec/models/concerns/token_authenticatable_strategies/base_spec.rb b/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
index 35d3ca15401..45b05723e09 100644
--- a/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
+++ b/spec/models/concerns/token_authenticatable_strategies/base_spec.rb
@@ -15,21 +15,21 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
 
   let(:concrete_strategy) do
     Class.new(described_class) do
-      def get_token(instance)
-        instance[token_field]
+      def get_token(token_owner_record)
+        token_owner_record[token_field]
       end
 
-      def set_token(instance, token)
-        instance[token_field] = token if token
+      def set_token(token_owner_record, token)
+        token_owner_record[token_field] = token if token
       end
 
-      def token_set?(instance)
-        instance[token_field].present?
+      def token_set?(token_owner_record)
+        token_owner_record[token_field].present?
       end
     end
   end
 
-  let(:instance) { test_class.new }
+  let(:token_owner_record) { test_class.new }
 
   subject(:strategy) { concrete_strategy.new(test_class, field, options) }
 
@@ -76,7 +76,7 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
     subject(:strategy) { described_class.new(test_class, field, options) }
 
     it 'raises a NotImplementedError error' do
-      expect { strategy.find_token_authenticatable(instance) }.to raise_error(NotImplementedError)
+      expect { strategy.find_token_authenticatable(token_owner_record) }.to raise_error(NotImplementedError)
     end
   end
 
@@ -84,7 +84,7 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
     subject(:strategy) { described_class.new(test_class, field, options) }
 
     it 'raises a NotImplementedError error' do
-      expect { strategy.get_token(instance) }.to raise_error(NotImplementedError)
+      expect { strategy.get_token(token_owner_record) }.to raise_error(NotImplementedError)
     end
   end
 
@@ -92,7 +92,7 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
     subject(:strategy) { described_class.new(test_class, field, options) }
 
     it 'raises a NotImplementedError error' do
-      expect { strategy.set_token(instance, 'foo') }.to raise_error(NotImplementedError)
+      expect { strategy.set_token(token_owner_record, 'foo') }.to raise_error(NotImplementedError)
     end
   end
 
@@ -127,10 +127,10 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
   describe '#ensure_token' do
     let(:token_prefix) { nil }
     let(:token_generator) { nil }
-    let(:instance) { test_class.new(name: 'foo', token_prefix: token_prefix) }
+    let(:token_owner_record) { test_class.new(name: 'foo', token_prefix: token_prefix) }
     let(:random_bytes) { 'random-bytes' }
 
-    subject(:token) { strategy.ensure_token(instance) }
+    subject(:token) { strategy.ensure_token(token_owner_record) }
 
     before do
       allow(described_class).to receive(:random_bytes).and_return(random_bytes)
@@ -177,7 +177,7 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
       let(:cell_setting) { {} }
       let(:options) do
         super().merge(
-          routable_token: { n: ->(instance) { instance.name } },
+          routable_token: { n: ->(token_owner_record) { token_owner_record.name } },
           format_with_prefix: :token_prefix
         )
       end
@@ -186,7 +186,7 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
         allow(Settings).to receive(:cell).and_return(cell_setting)
       end
 
-      context 'when instance does not respond to #user' do
+      context 'when token_owner_record does not respond to #user' do
         it 'generates a non routable token' do
           expect(Devise).to receive(:friendly_token).and_return('devise_token')
 
@@ -194,12 +194,12 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
         end
       end
 
-      context 'when instance responds to #user' do
+      context 'when token_owner_record responds to #user' do
         let(:user) { build(:user) }
 
         before do
           stub_feature_flags(routable_token: user)
-          allow(instance).to receive(:user).and_return(user)
+          allow(token_owner_record).to receive(:user).and_return(user)
         end
 
         context 'when Settings.cells.id is not present' do
@@ -229,15 +229,15 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
   end
 
   describe '#ensure_token!' do
-    subject(:token) { strategy.ensure_token!(instance) }
+    subject(:token) { strategy.ensure_token!(token_owner_record) }
 
     it 'populates and saves the token' do
-      expect(instance).to receive(:save!)
+      expect(token_owner_record).to receive(:save!)
       expect(token).to be_present
     end
 
     context 'when token is already present' do
-      let(:instance) { test_class.new(token: 'foo') }
+      let(:token_owner_record) { test_class.new(token: 'foo') }
 
       it 'does not overwrite the token' do
         expect(token).to eq('foo')
@@ -247,34 +247,34 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
 
   describe '#reset_token!' do
     it 'populates and saves the token' do
-      expect(instance).to receive(:save!)
+      expect(token_owner_record).to receive(:save!)
 
-      strategy.reset_token!(instance)
+      strategy.reset_token!(token_owner_record)
 
-      expect(strategy.get_token(instance)).to be_present
+      expect(strategy.get_token(token_owner_record)).to be_present
     end
 
     context 'when token is already present' do
-      let(:instance) { test_class.new(token: 'foo') }
+      let(:token_owner_record) { test_class.new(token: 'foo') }
 
       it 'overwrites the token' do
-        expect(instance).to receive(:save!)
+        expect(token_owner_record).to receive(:save!)
 
-        strategy.reset_token!(instance)
+        strategy.reset_token!(token_owner_record)
 
-        expect(strategy.get_token(instance)).to be_present
-        expect(strategy.get_token(instance)).not_to eq('foo')
+        expect(strategy.get_token(token_owner_record)).to be_present
+        expect(strategy.get_token(token_owner_record)).not_to eq('foo')
       end
     end
 
     context 'when database is not in read & write' do
       it 'does not save the token the token' do
         expect(Gitlab::Database).to receive(:read_write?).and_return(false)
-        expect(instance).not_to receive(:save!)
+        expect(token_owner_record).not_to receive(:save!)
 
-        strategy.reset_token!(instance)
+        strategy.reset_token!(token_owner_record)
 
-        expect(strategy.get_token(instance)).to be_present
+        expect(strategy.get_token(token_owner_record)).to be_present
       end
     end
   end
@@ -283,24 +283,24 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
     let(:options) { super().merge(expires_at: ->(_) { 1.day.from_now }) }
 
     before do
-      strategy.ensure_token(instance)
+      strategy.ensure_token(token_owner_record)
     end
 
     it 'returns the expires_at date' do
-      expect(strategy.expires_at(instance)).to be_within(1.minute).of(1.day.from_now)
+      expect(strategy.expires_at(token_owner_record)).to be_within(1.minute).of(1.day.from_now)
     end
   end
 
   describe '#expired?' do
     before do
-      strategy.ensure_token(instance)
+      strategy.ensure_token(token_owner_record)
     end
 
     context 'when expires_at is in the future' do
       let(:options) { super().merge(expires_at: ->(_) { 1.day.from_now }) }
 
       it 'returns false when expires_at is in the future' do
-        expect(strategy.expired?(instance)).to be(false)
+        expect(strategy.expired?(token_owner_record)).to be(false)
       end
     end
 
@@ -308,7 +308,7 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
       let(:options) { super().merge(expires_at: ->(_) { 1.day.ago }) }
 
       it 'returns true when expires_at is in the past' do
-        expect(strategy.expired?(instance)).to be(true)
+        expect(strategy.expired?(token_owner_record)).to be(true)
       end
     end
   end
@@ -327,9 +327,9 @@ RSpec.describe TokenAuthenticatableStrategies::Base, feature_category: :system_a
 
   describe '#token_with_expiration' do
     it 'delegates to API::Support::TokenWithExpiration' do
-      expect(API::Support::TokenWithExpiration).to receive(:new).with(strategy, instance)
+      expect(API::Support::TokenWithExpiration).to receive(:new).with(strategy, token_owner_record)
 
-      strategy.token_with_expiration(instance)
+      strategy.token_with_expiration(token_owner_record)
     end
   end
 end
diff --git a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
index 5b3f65a8242..c1fda42215b 100644
--- a/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
+++ b/spec/models/concerns/token_authenticatable_strategies/encrypted_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'
 
 RSpec.describe TokenAuthenticatableStrategies::Encrypted, feature_category: :system_access do
   let(:model) { double(:model) }
-  let(:instance) { double(:instance) }
+  let(:token_owner_record) { double(:token_owner_record) }
   let(:original_token) { 'my-value' }
   let(:resource) { double(:resource) }
   let(:options) { other_options.merge(encrypted: encrypted_option) }
@@ -135,24 +135,94 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted, feature_category: :sys
     end
   end
 
+  describe '#ensure_token' do
+    context 'when encryption is required' do
+      let(:encrypted_option) { :required }
+
+      context 'when encrypted attribute exists' do
+        before do
+          allow(token_owner_record).to receive(:has_attribute?)
+            .with('some_field_encrypted')
+            .and_return(true)
+        end
+
+        it 'returns decrypted token when an encrypted with static iv token is present' do
+          expect(token_owner_record).to receive(:read_attribute)
+            .with('some_field_encrypted').twice
+            .and_return(Gitlab::CryptoHelper.aes256_gcm_encrypt('my-test-value'))
+
+          expect(subject.ensure_token(token_owner_record)).to eq 'my-test-value'
+        end
+      end
+
+      context 'when encrypted attribute does not exist' do
+        before do
+          allow(token_owner_record).to receive(:has_attribute?)
+            .with('some_field_encrypted')
+            .and_return(false)
+        end
+
+        it 'raises an ArgumentError error' do
+          expect { subject.ensure_token(token_owner_record) }.to raise_error(ArgumentError)
+        end
+      end
+    end
+
+    context 'when encryption is not required' do
+      let(:encrypted_option) { :optional }
+
+      context 'when encrypted attribute exists' do
+        before do
+          allow(token_owner_record).to receive(:has_attribute?)
+            .with('some_field_encrypted')
+            .and_return(true)
+        end
+
+        it 'returns decrypted token when an encrypted with static iv token is present' do
+          expect(token_owner_record).to receive(:read_attribute)
+            .with('some_field_encrypted').twice
+            .and_return(Gitlab::CryptoHelper.aes256_gcm_encrypt('my-test-value'))
+
+          expect(subject.ensure_token(token_owner_record)).to eq 'my-test-value'
+        end
+      end
+
+      context 'when encrypted attribute does not exist' do
+        before do
+          allow(token_owner_record).to receive(:has_attribute?)
+            .with('some_field_encrypted')
+            .and_return(false)
+        end
+
+        it 'returns unencrypted token' do
+          expect(token_owner_record).to receive(:read_attribute)
+            .with('some_field').twice
+            .and_return('my-test-value')
+
+          expect(subject.ensure_token(token_owner_record)).to eq 'my-test-value'
+        end
+      end
+    end
+  end
+
   describe '#get_token' do
     context 'when encryption is required' do
       let(:encrypted_option) { :required }
 
       it 'returns decrypted token when an encrypted with static iv token is present' do
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field_encrypted')
           .and_return(Gitlab::CryptoHelper.aes256_gcm_encrypt('my-test-value'))
 
-        expect(subject.get_token(instance)).to eq 'my-test-value'
+        expect(subject.get_token(token_owner_record)).to eq 'my-test-value'
       end
 
       it 'returns decrypted token when an encrypted token is present' do
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field_encrypted')
           .and_return(encrypted)
 
-        expect(subject.get_token(instance)).to eq 'my-value'
+        expect(subject.get_token(token_owner_record)).to eq 'my-value'
       end
     end
 
@@ -160,31 +230,31 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted, feature_category: :sys
       let(:encrypted_option) { :optional }
 
       it 'returns decrypted token when an encrypted token is present' do
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field_encrypted')
           .and_return(encrypted)
 
-        expect(subject.get_token(instance)).to eq 'my-value'
+        expect(subject.get_token(token_owner_record)).to eq 'my-value'
       end
 
       it 'returns decrypted token when an encrypted with static iv token is present' do
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field_encrypted')
           .and_return(Gitlab::CryptoHelper.aes256_gcm_encrypt('my-test-value'))
 
-        expect(subject.get_token(instance)).to eq 'my-test-value'
+        expect(subject.get_token(token_owner_record)).to eq 'my-test-value'
       end
 
       it 'returns the plaintext token when encrypted token is not present' do
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field_encrypted')
           .and_return(nil)
 
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field')
           .and_return('cleartext value')
 
-        expect(subject.get_token(instance)).to eq 'cleartext value'
+        expect(subject.get_token(token_owner_record)).to eq 'cleartext value'
       end
     end
 
@@ -192,27 +262,25 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted, feature_category: :sys
       let(:encrypted_option) { :migrating }
 
       it 'returns cleartext token when an encrypted token is present' do
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).not_to receive(:read_attribute)
           .with('some_field_encrypted')
-          .and_return(encrypted)
 
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field')
           .and_return('my-cleartext-value')
 
-        expect(subject.get_token(instance)).to eq 'my-cleartext-value'
+        expect(subject.get_token(token_owner_record)).to eq 'my-cleartext-value'
       end
 
       it 'returns the cleartext token when encrypted token is not present' do
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).not_to receive(:read_attribute)
           .with('some_field_encrypted')
-          .and_return(nil)
 
-        allow(instance).to receive(:read_attribute)
+        expect(token_owner_record).to receive(:read_attribute)
           .with('some_field')
           .and_return('cleartext value')
 
-        expect(subject.get_token(instance)).to eq 'cleartext value'
+        expect(subject.get_token(token_owner_record)).to eq 'cleartext value'
       end
     end
   end
@@ -222,10 +290,10 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted, feature_category: :sys
       let(:encrypted_option) { :required }
 
       it 'writes encrypted token and returns it' do
-        expect(instance).to receive(:[]=)
+        expect(token_owner_record).to receive(:[]=)
           .with('some_field_encrypted', encrypted)
 
-        expect(subject.set_token(instance, 'my-value')).to eq 'my-value'
+        expect(subject.set_token(token_owner_record, 'my-value')).to eq 'my-value'
       end
     end
 
@@ -233,12 +301,12 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted, feature_category: :sys
       let(:encrypted_option) { :optional }
 
       it 'writes encrypted token and removes plaintext token and returns it' do
-        expect(instance).to receive(:[]=)
+        expect(token_owner_record).to receive(:[]=)
           .with('some_field_encrypted', encrypted)
-        expect(instance).to receive(:[]=)
+        expect(token_owner_record).to receive(:[]=)
           .with('some_field', nil)
 
-        expect(subject.set_token(instance, 'my-value')).to eq 'my-value'
+        expect(subject.set_token(token_owner_record, 'my-value')).to eq 'my-value'
       end
     end
 
@@ -246,12 +314,12 @@ RSpec.describe TokenAuthenticatableStrategies::Encrypted, feature_category: :sys
       let(:encrypted_option) { :migrating }
 
       it 'writes encrypted token and writes plaintext token' do
-        expect(instance).to receive(:[]=)
+        expect(token_owner_record).to receive(:[]=)
           .with('some_field_encrypted', encrypted)
-        expect(instance).to receive(:[]=)
+        expect(token_owner_record).to receive(:[]=)
           .with('some_field', 'my-value')
 
-        expect(subject.set_token(instance, 'my-value')).to eq 'my-value'
+        expect(subject.set_token(token_owner_record, 'my-value')).to eq 'my-value'
       end
     end
   end
diff --git a/yarn.lock b/yarn.lock
index 2fcfe79401c..6a6afc7c079 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1401,10 +1401,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.119.0.tgz#becbeea7e7ee241baecdad02b9ad04de7a8aed04"
   integrity sha512-Os/PF37pCY75uLA0dmGaZe13BmirzlWH+pFLinCAPRChEC7KhHCJtIy0efRAxzkA4uatmHpJHxftuTc7NeiSNQ==
 
-"@gitlab/ui@98.4.0":
-  version "98.4.0"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-98.4.0.tgz#6f00322f1138abf894ccaed27f19609e9d6ab376"
-  integrity sha512-M+00vM4h4wTRr87C8vGWJzoKGKBtKmlmmdQUzATDratdWbGDqHGRn8qIu/ETjugBPcmfnkRPgipEWhrCTkCoOg==
+"@gitlab/ui@98.5.2":
+  version "98.5.2"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-98.5.2.tgz#7dd8b670c474c3d7e6bf910955c1a3695ffc7496"
+  integrity sha512-5FQgkHat0nIjjxLlygSlhIMSS0hE4VPYOY+WSk4XEQzt9Cqgl/GXsPyjxDMw7o8f90pkCUNNoEiEmf0mZ8bF5w==
   dependencies:
     "@floating-ui/dom" "1.4.3"
     echarts "^5.3.2"