Add latest changes from gitlab-org/gitlab@master

.rubocop_todo/rails/active_record_callbacks_order.yml

@@ -12,7 +12,6 @@ Rails/ActiveRecordCallbacksOrder:
     - 'app/models/namespace_statistics.rb'
     - 'app/models/note.rb'
     - 'app/models/pages_domain.rb'
-    - 'app/models/personal_access_token.rb'
     - 'app/models/project.rb'
     - 'app/models/prometheus_alert.rb'
     - 'app/models/remote_mirror.rb'

app/models/personal_access_token.rb

@@ -18,6 +18,7 @@ class PersonalAccessToken < ApplicationRecord
 
   belongs_to :user
 
+  after_initialize :set_default_scopes, if: :persisted?
   before_save :ensure_token
 
   scope :active, -> { not_revoked.not_expired }
@@ -41,8 +42,6 @@ class PersonalAccessToken < ApplicationRecord
   validates :scopes, presence: true
   validate :validate_scopes
 
-  after_initialize :set_default_scopes, if: :persisted?
-
   def revoke!
     update!(revoked: true)
   end

app/views/groups/settings/_permissions.html.haml

@@ -52,4 +52,4 @@
           checkbox_options: { checked: @group.crm_enabled? },
           help_text: s_('GroupSettings|Organizations and contacts can be created and associated with issues.')
 
-  = f.submit _('Save changes'), class: 'btn gl-button btn-confirm gl-mt-3 js-dirty-submit', data: { qa_selector: 'save_permissions_changes_button' }
+  = f.submit _('Save changes'), pajamas_button: true, class: 'gl-mt-3 js-dirty-submit', data: { qa_selector: 'save_permissions_changes_button' }

doc/.vale/gitlab/SubstitutionSuggestions.yml

@@ -1,30 +0,0 @@
----
-# Suggestion: gitlab.SubstitutionSuggestions
-#
-# Suggests better options for frequently misused terms that are often - but not always - incorrect.
-# SubstitutionWarning.yml and Substitutions.yml also exist.
-#
-# For a list of all options, see https://vale.sh/docs/topics/styles/
-extends: substitution
-message: "Consider '%s' instead of '%s'."
-link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
-level: suggestion
-ignorecase: true
-swap:
-  active user: "billable user"
-  active users: "billable users"
-  docs: "documentation"
-  e-mail: "email"
-  GLFM: "GitLab Flavored Markdown"
-  it is recommended: "you should"
-  we recommend: "you should"
-  navigate: go
-  OAuth2: "OAuth 2.0"
-  once that: "after that"
-  once the: "after the"
-  once you: "after you"
-  since: "because' or 'after"
-  sub-group: "subgroup"
-  sub-groups: "subgroups"
-  within: "in"
-  ex: "for example"

doc/.vale/gitlab/SubstitutionWarning.yml

@@ -1,16 +1,18 @@
 ---
 # Warning: gitlab.SubstitutionWarning
 #
-# Checks for misused terms or common shorthand that should never be used at GitLab, but can't be flagged as errors.
-# Substitutions.yml and SubstitionSuggestions.yml also exist.
+# Checks for misused terms or common shorthand that should not be used at GitLab, but can't be flagged as errors.
+# Substitutions.yml also exists.
 #
 # For a list of all options, see https://vale.sh/docs/topics/styles/
 extends: substitution
-message: "If possible, use %s instead of '%s'."
-link: https://about.gitlab.com/handbook/communication/#top-misused-terms
+message: "Use '%s' instead of '%s' when possible."
+link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html
 level: warning
 ignorecase: true
 swap:
+  active user: "billable user"
+  active users: "billable users"
   air(?:-| )?gapped: "offline environment"
   bullet: "list item"
   click: "select"
@@ -19,11 +21,26 @@ swap:
   deselect: "clear"
   deselected: "cleared"
   distro: "distribution"
+  docs: "documentation"
+  e-mail: "email"
+  ex: "for example"
   file name: "filename"
   filesystem: "file system"
-  GFM: "'GitLab Flavored Markdown' or 'GitHub Flavored Markdown'"
+  GLFM: "GitLab Flavored Markdown"
+  GFM: "GitLab Flavored Markdown' or 'GitHub Flavored Markdown"
   info: "information"
+  it is recommended: "you should"
   n/a: "not applicable"
+  navigate to: "go to"
+  OAuth2: "OAuth 2.0"
+  once that: "after that"
+  once the: "after the"
+  once you: "after you"
   repo: "repository"
+  since: "because' or 'after"
+  sub-group: "subgroup"
+  sub-groups: "subgroups"
   timezone: "time zone"
   utilize: "use"
+  we recommend: "you should"
+  within: "in"

doc/.vale/gitlab/Substitutions.yml

@@ -2,7 +2,7 @@
 # Error: gitlab.Substitutions
 #
 # Checks for misused terms that should never be used at GitLab.
-# SubstitutionWarning.yml and SubstitionSuggestions.yml also exist.
+# SubstitutionWarning.yml also exists.
 #
 # For a list of all options, see https://vale.sh/docs/topics/styles/
 extends: substitution

doc/update/index.md

@@ -889,6 +889,27 @@ for how to proceed.
 
 - See [Maintenance mode issue in GitLab 13.9 to 14.4](#maintenance-mode-issue-in-gitlab-139-to-144).
 
+- You may see the following error when setting up two factor authentication (2FA) for accounts
+  that authenticate using an LDAP password:
+
+  ```plaintext
+  You must provide a valid current password
+  ```
+
+  - The error occurs because verification is incorrectly performed against accounts'
+    randomly generated internal GitLab passwords, not the LDAP passwords.
+  - This is [fixed in GitLab 14.5.0 and backported to 14.4.3](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73538).
+  - Workarounds:
+    - Instead of upgrading to GitLab 14.3.x to comply with the supported upgrade path:
+      1. Upgrade to 14.4.5.
+      1. Make sure the [`MigrateMergeRequestDiffCommitUsers` background migration](#1430) has finished.
+      1. Upgrade to GitLab 14.5 or later.
+    - Reset the random password for affected accounts, using [the Rake task](../security/reset_user_password.md#use-a-rake-task):
+
+      ```plaintext
+      sudo gitlab-rake "gitlab:password:reset[user_handle]"
+      ```
+
 ### 14.2.0
 
 - [Instances running 14.0.0 - 14.0.4 should not upgrade directly to GitLab 14.2 or later](#upgrading-to-later-14y-releases).

spec/controllers/projects/merge_requests_controller_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe Projects::MergeRequestsController do
+RSpec.describe Projects::MergeRequestsController, feature_category: :code_review do
   include ProjectForksHelper
   include Gitlab::Routing
   using RSpec::Parameterized::TableSyntax

spec/features/groups_spec.rb

@@ -352,8 +352,8 @@ RSpec.describe 'Group', feature_category: :subgroups do
 
     it_behaves_like 'dirty submit form', [{ form: '.js-general-settings-form', input: 'input[name="group[name]"]', submit: 'button[type="submit"]' },
                                           { form: '.js-general-settings-form', input: '#group_visibility_level_0', submit: 'button[type="submit"]' },
-                                          { form: '.js-general-permissions-form', input: '#group_request_access_enabled' },
-                                          { form: '.js-general-permissions-form', input: 'input[name="group[two_factor_grace_period]"]' }]
+                                          { form: '.js-general-permissions-form', input: '#group_request_access_enabled', submit: 'button[type="submit"]' },
+                                          { form: '.js-general-permissions-form', input: 'input[name="group[two_factor_grace_period]"]', submit: 'button[type="submit"]' }]
 
     it 'saves new settings' do
       page.within('.gs-general') do