From f2288ffc9068f2016f654a72170df46eaf6d6f90 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 12 Jul 2024 09:37:35 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 .../pipelines/charts/components/app.vue       |  22 ++--
 .../groups/group_members_controller.rb        |   2 +-
 .../projects/pipelines_controller.rb          |   8 +-
 .../mutations/work_items/shared_arguments.rb  |  28 +++++
 .../mutations/work_items/update_arguments.rb  |  62 ----------
 app/graphql/mutations/work_items/create.rb    |  72 ++++++------
 app/graphql/mutations/work_items/update.rb    |  47 +++++++-
 .../virtual_registries/packages/maven.rb      |  11 ++
 .../packages/maven/registry.rb                |  18 +++
 .../packages/maven/registry_upstream.rb       |  16 +++
 .../packages/maven/upstream.rb                |  45 ++++++++
 app/services/projects/update_pages_service.rb |  17 +++
 .../bulk_imports/relation_export_worker.rb    |   2 +-
 config/bounded_contexts.yml                   |   9 +-
 config/events/create_pages_deployment.yml     |  18 +++
 .../events/visit_ci_cd_failure_rate_tab.yml   |  18 +++
 ...isit_ci_cd_time_to_restore_service_tab.yml |  18 +++
 ...s_unique_visits_for_any_target_monthly.yml |   4 +
 ..._ci_cd_time_to_restore_service_monthly.yml |   9 +-
 ...tics_ci_cd_change_failure_rate_monthly.yml |   9 +-
 ...d_from_create_pages_deployment_monthly.yml |  22 ++++
 ...d_from_create_pages_deployment_monthly.yml |  22 ++++
 ...s_ci_cd_time_to_restore_service_weekly.yml |   9 +-
 ...ytics_ci_cd_change_failure_rate_weekly.yml |   9 +-
 ...id_from_create_pages_deployment_weekly.yml |  22 ++++
 ...id_from_create_pages_deployment_weekly.yml |  22 ++++
 .../count_total_create_pages_deployment.yml   |  21 ++++
 ...l_registries_packages_maven_registries.yml |  12 ++
 ...ries_packages_maven_registry_upstreams.yml |  12 ++
 ...al_registries_packages_maven_upstreams.yml |  12 ++
 ...al_registries_packages_maven_registries.rb |  29 +++++
 ...ual_registries_packages_maven_upstreams.rb |  33 ++++++
 ...tries_packages_maven_registry_upstreams.rb |  33 ++++++
 db/schema_migrations/20240619141712           |   1 +
 db/schema_migrations/20240619154655           |   1 +
 db/schema_migrations/20240619192156           |   1 +
 db/structure.sql                              |  98 ++++++++++++++++
 doc/administration/gitaly/configure_gitaly.md |   2 +-
 doc/topics/git/troubleshooting_git.md         |   2 +-
 doc/user/analytics/dora_metrics.md            |   2 +
 .../reviews/img/bypass_17_2.png               | Bin 0 -> 17546 bytes
 .../project/merge_requests/reviews/index.md   |  33 +++---
 doc/user/ssh.md                               |  67 +----------
 doc/user/ssh_troubleshooting.md               |  72 ++++++++++++
 .../json/streaming_serializer.rb              |   2 +-
 .../hll_redis_key_overrides.yml               |  10 ++
 .../hll_redis_legacy_events.yml               |   2 -
 lib/tasks/dev.rake                            |   2 +-
 .../projects/pipelines_controller_spec.rb     |  20 +---
 .../packages/maven/registries.rb              |   8 ++
 .../packages/maven/registry_upstreams.rb      |  17 +++
 .../packages/maven/upstreams.rb               |  15 +++
 .../pipelines/charts/components/app_spec.js   |  38 +------
 .../packages/maven/registry_spec.rb           |  29 +++++
 .../packages/maven/registry_upstream_spec.rb  |  29 +++++
 .../packages/maven/upstream_spec.rb           | 106 ++++++++++++++++++
 .../projects/update_pages_service_spec.rb     |   8 ++
 57 files changed, 982 insertions(+), 276 deletions(-)
 create mode 100644 app/graphql/mutations/concerns/mutations/work_items/shared_arguments.rb
 delete mode 100644 app/graphql/mutations/concerns/mutations/work_items/update_arguments.rb
 create mode 100644 app/models/virtual_registries/packages/maven.rb
 create mode 100644 app/models/virtual_registries/packages/maven/registry.rb
 create mode 100644 app/models/virtual_registries/packages/maven/registry_upstream.rb
 create mode 100644 app/models/virtual_registries/packages/maven/upstream.rb
 create mode 100644 config/events/create_pages_deployment.yml
 create mode 100644 config/events/visit_ci_cd_failure_rate_tab.yml
 create mode 100644 config/events/visit_ci_cd_time_to_restore_service_tab.yml
 create mode 100644 config/metrics/counts_28d/count_distinct_project_id_from_create_pages_deployment_monthly.yml
 create mode 100644 config/metrics/counts_28d/count_distinct_user_id_from_create_pages_deployment_monthly.yml
 create mode 100644 config/metrics/counts_7d/count_distinct_project_id_from_create_pages_deployment_weekly.yml
 create mode 100644 config/metrics/counts_7d/count_distinct_user_id_from_create_pages_deployment_weekly.yml
 create mode 100644 config/metrics/counts_all/count_total_create_pages_deployment.yml
 create mode 100644 db/docs/virtual_registries_packages_maven_registries.yml
 create mode 100644 db/docs/virtual_registries_packages_maven_registry_upstreams.yml
 create mode 100644 db/docs/virtual_registries_packages_maven_upstreams.yml
 create mode 100644 db/migrate/20240619141712_create_virtual_registries_packages_maven_registries.rb
 create mode 100644 db/migrate/20240619154655_create_virtual_registries_packages_maven_upstreams.rb
 create mode 100644 db/migrate/20240619192156_create_virtual_registries_packages_maven_registry_upstreams.rb
 create mode 100644 db/schema_migrations/20240619141712
 create mode 100644 db/schema_migrations/20240619154655
 create mode 100644 db/schema_migrations/20240619192156
 create mode 100644 doc/user/project/merge_requests/reviews/img/bypass_17_2.png
 create mode 100644 doc/user/ssh_troubleshooting.md
 create mode 100644 spec/factories/virtual_registries/packages/maven/registries.rb
 create mode 100644 spec/factories/virtual_registries/packages/maven/registry_upstreams.rb
 create mode 100644 spec/factories/virtual_registries/packages/maven/upstreams.rb
 create mode 100644 spec/models/virtual_registries/packages/maven/registry_spec.rb
 create mode 100644 spec/models/virtual_registries/packages/maven/registry_upstream_spec.rb
 create mode 100644 spec/models/virtual_registries/packages/maven/upstream_spec.rb

diff --git a/app/assets/javascripts/projects/pipelines/charts/components/app.vue b/app/assets/javascripts/projects/pipelines/charts/components/app.vue
index 18c0a6173a2..e8304fe9e2d 100644
--- a/app/assets/javascripts/projects/pipelines/charts/components/app.vue
+++ b/app/assets/javascripts/projects/pipelines/charts/components/app.vue
@@ -1,6 +1,5 @@
 <script>
 import { GlTabs, GlTab } from '@gitlab/ui';
-import API from '~/api';
 import { mergeUrlParams, updateHistory, getParameterValues } from '~/lib/utils/url_utility';
 import { InternalEvents } from '~/tracking';
 import PipelineCharts from './pipeline_charts.vue';
@@ -22,8 +21,8 @@ export default {
   piplelinesTabEvent: 'p_analytics_ci_cd_pipelines',
   deploymentFrequencyTabEvent: 'p_analytics_ci_cd_deployment_frequency',
   leadTimeTabEvent: 'p_analytics_ci_cd_lead_time',
-  timeToRestoreServiceTabEvent: 'p_analytics_ci_cd_time_to_restore_service',
-  changeFailureRateTabEvent: 'p_analytics_ci_cd_change_failure_rate',
+  timeToRestoreServiceTabEvent: 'visit_ci_cd_time_to_restore_service_tab',
+  changeFailureRateTabEvent: 'visit_ci_cd_failure_rate_tab',
   mixins: [InternalEvents.mixin()],
   inject: {
     shouldRenderDoraCharts: {
@@ -77,13 +76,6 @@ export default {
         updateHistory({ url: path, title: window.title });
       }
     },
-    trackTabClick(event, trackWithInternalEvents = false) {
-      if (trackWithInternalEvents) {
-        this.trackEvent(event);
-        return;
-      }
-      API.trackRedisHllUserEvent(event);
-    },
   },
 };
 </script>
@@ -93,7 +85,7 @@ export default {
       <gl-tab
         :title="__('Pipelines')"
         data-testid="pipelines-tab"
-        @click="trackTabClick($options.piplelinesTabEvent, true)"
+        @click="trackEvent($options.piplelinesTabEvent)"
       >
         <pipeline-charts />
       </gl-tab>
@@ -101,28 +93,28 @@ export default {
         <gl-tab
           :title="__('Deployment frequency')"
           data-testid="deployment-frequency-tab"
-          @click="trackTabClick($options.deploymentFrequencyTabEvent, true)"
+          @click="trackEvent($options.deploymentFrequencyTabEvent)"
         >
           <deployment-frequency-charts />
         </gl-tab>
         <gl-tab
           :title="__('Lead time')"
           data-testid="lead-time-tab"
-          @click="trackTabClick($options.leadTimeTabEvent, true)"
+          @click="trackEvent($options.leadTimeTabEvent)"
         >
           <lead-time-charts />
         </gl-tab>
         <gl-tab
           :title="s__('DORA4Metrics|Time to restore service')"
           data-testid="time-to-restore-service-tab"
-          @click="trackTabClick($options.timeToRestoreServiceTabEvent)"
+          @click="trackEvent($options.timeToRestoreServiceTabEvent)"
         >
           <time-to-restore-service-charts />
         </gl-tab>
         <gl-tab
           :title="s__('DORA4Metrics|Change failure rate')"
           data-testid="change-failure-rate-tab"
-          @click="trackTabClick($options.changeFailureRateTabEvent)"
+          @click="trackEvent($options.changeFailureRateTabEvent)"
         >
           <change-failure-rate-charts />
         </gl-tab>
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index 7b105606793..04dcf9ffae0 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -17,7 +17,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
   before_action :authorize_read_group_member!, only: :index
 
   before_action only: [:index] do
-    push_frontend_feature_flag(:bulk_import_user_mapping, @group)
+    push_frontend_feature_flag(:bulk_import_user_mapping, current_user)
     push_frontend_feature_flag(:service_accounts_crud, @group)
     push_frontend_feature_flag(:webui_members_inherited_users, current_user)
   end
diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index 59b4ee1e397..96e57a5eed7 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -38,8 +38,8 @@ class Projects::PipelinesController < Projects::ApplicationController
   track_internal_event :charts, name: 'p_analytics_ci_cd_pipelines', conditions: -> { should_track_ci_cd_pipelines? }
   track_internal_event :charts, name: 'p_analytics_ci_cd_deployment_frequency', conditions: -> { should_track_ci_cd_deployment_frequency? }
   track_internal_event :charts, name: 'p_analytics_ci_cd_lead_time', conditions: -> { should_track_ci_cd_lead_time? }
-  track_event :charts, name: 'p_analytics_ci_cd_time_to_restore_service', conditions: -> { should_track_ci_cd_time_to_restore_service? }
-  track_event :charts, name: 'p_analytics_ci_cd_change_failure_rate', conditions: -> { should_track_ci_cd_change_failure_rate? }
+  track_internal_event :charts, name: 'visit_ci_cd_time_to_restore_service_tab', conditions: -> { should_track_visit_ci_cd_time_to_restore_service_tab? }
+  track_internal_event :charts, name: 'visit_ci_cd_failure_rate_tab', conditions: -> { should_track_visit_ci_cd_change_failure_tab? }
 
   wrap_parameters Ci::Pipeline
 
@@ -357,11 +357,11 @@ class Projects::PipelinesController < Projects::ApplicationController
     params[:chart] == 'lead-time'
   end
 
-  def should_track_ci_cd_time_to_restore_service?
+  def should_track_visit_ci_cd_time_to_restore_service_tab?
     params[:chart] == 'time-to-restore-service'
   end
 
-  def should_track_ci_cd_change_failure_rate?
+  def should_track_visit_ci_cd_change_failure_tab?
     params[:chart] == 'change-failure-rate'
   end
 
diff --git a/app/graphql/mutations/concerns/mutations/work_items/shared_arguments.rb b/app/graphql/mutations/concerns/mutations/work_items/shared_arguments.rb
new file mode 100644
index 00000000000..f7246d0aa82
--- /dev/null
+++ b/app/graphql/mutations/concerns/mutations/work_items/shared_arguments.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Mutations
+  module WorkItems
+    module SharedArguments
+      extend ActiveSupport::Concern
+
+      included do
+        argument :assignees_widget,
+          ::Types::WorkItems::Widgets::AssigneesInputType,
+          required: false,
+          description: 'Input for assignees widget.'
+        argument :confidential,
+          GraphQL::Types::Boolean,
+          required: false,
+          description: 'Sets the work item confidentiality.'
+        argument :description_widget,
+          ::Types::WorkItems::Widgets::DescriptionInputType,
+          required: false,
+          description: 'Input for description widget.'
+        argument :milestone_widget,
+          ::Types::WorkItems::Widgets::MilestoneInputType,
+          required: false,
+          description: 'Input for milestone widget.'
+      end
+    end
+  end
+end
diff --git a/app/graphql/mutations/concerns/mutations/work_items/update_arguments.rb b/app/graphql/mutations/concerns/mutations/work_items/update_arguments.rb
deleted file mode 100644
index 73eff799103..00000000000
--- a/app/graphql/mutations/concerns/mutations/work_items/update_arguments.rb
+++ /dev/null
@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-
-module Mutations
-  module WorkItems
-    module UpdateArguments
-      extend ActiveSupport::Concern
-
-      included do
-        argument :id, ::Types::GlobalIDType[::WorkItem],
-          required: true,
-          description: 'Global ID of the work item.'
-        argument :state_event, Types::WorkItems::StateEventEnum,
-          description: 'Close or reopen a work item.',
-          required: false
-        argument :title, GraphQL::Types::String,
-          required: false,
-          description: copy_field_description(Types::WorkItemType, :title)
-        argument :confidential, GraphQL::Types::Boolean,
-          required: false,
-          description: 'Sets the work item confidentiality.'
-        argument :description_widget, ::Types::WorkItems::Widgets::DescriptionInputType,
-          required: false,
-          description: 'Input for description widget.'
-        argument :assignees_widget, ::Types::WorkItems::Widgets::AssigneesInputType,
-          required: false,
-          description: 'Input for assignees widget.'
-        argument :hierarchy_widget, ::Types::WorkItems::Widgets::HierarchyUpdateInputType,
-          required: false,
-          description: 'Input for hierarchy widget.'
-        argument :start_and_due_date_widget, ::Types::WorkItems::Widgets::StartAndDueDateUpdateInputType,
-          required: false,
-          description: 'Input for start and due date widget.'
-        argument :labels_widget, ::Types::WorkItems::Widgets::LabelsUpdateInputType,
-          required: false,
-          description: 'Input for labels widget.'
-        argument :milestone_widget, ::Types::WorkItems::Widgets::MilestoneInputType,
-          required: false,
-          description: 'Input for milestone widget.'
-        argument :notifications_widget,
-          ::Types::WorkItems::Widgets::NotificationsUpdateInputType,
-          required: false,
-          description: 'Input for notifications widget.'
-        argument :current_user_todos_widget,
-          ::Types::WorkItems::Widgets::CurrentUserTodosInputType,
-          required: false,
-          description: 'Input for to-dos widget.'
-        argument :award_emoji_widget,
-          ::Types::WorkItems::Widgets::AwardEmojiUpdateInputType,
-          required: false,
-          description: 'Input for emoji reactions widget.'
-        argument :notes_widget,
-          ::Types::WorkItems::Widgets::NotesInputType,
-          required: false,
-          description: 'Input for notes widget.'
-        argument :time_tracking_widget,
-          ::Types::WorkItems::Widgets::TimeTracking::TimeTrackingInputType,
-          required: false,
-          description: 'Input for time tracking widget.'
-      end
-    end
-  end
-end
diff --git a/app/graphql/mutations/work_items/create.rb b/app/graphql/mutations/work_items/create.rb
index 0556950e2e3..590e1feb939 100644
--- a/app/graphql/mutations/work_items/create.rb
+++ b/app/graphql/mutations/work_items/create.rb
@@ -7,6 +7,7 @@ module Mutations
 
       include Mutations::SpamProtection
       include FindsNamespace
+      include Mutations::WorkItems::SharedArguments
       include Mutations::WorkItems::Widgetable
 
       description "Creates a work item."
@@ -16,44 +17,39 @@ module Mutations
       MUTUALLY_EXCLUSIVE_ARGUMENTS_ERROR = 'Please provide either projectPath or namespacePath argument, but not both.'
       DISABLED_FF_ERROR = 'create_group_level_work_items feature flag is disabled. Only project paths allowed.'
 
-      argument :assignees_widget, ::Types::WorkItems::Widgets::AssigneesInputType,
-               required: false,
-               description: 'Input for assignees widget.'
-      argument :confidential, GraphQL::Types::Boolean,
-               required: false,
-               description: 'Sets the work item confidentiality.'
-      argument :description, GraphQL::Types::String,
-               required: false,
-               description: copy_field_description(Types::WorkItemType, :description),
-               deprecated: { milestone: '16.9', reason: 'use description widget instead' }
-      argument :description_widget, ::Types::WorkItems::Widgets::DescriptionInputType,
-               required: false,
-               description: 'Input for description widget.'
-      argument :hierarchy_widget, ::Types::WorkItems::Widgets::HierarchyCreateInputType,
-               required: false,
-               description: 'Input for hierarchy widget.'
-      argument :labels_widget, ::Types::WorkItems::Widgets::LabelsCreateInputType,
-               required: false,
-               description: 'Input for labels widget.'
-      argument :milestone_widget, ::Types::WorkItems::Widgets::MilestoneInputType,
-               required: false,
-               description: 'Input for milestone widget.'
-      argument :namespace_path, GraphQL::Types::ID,
-               required: false,
-               description: 'Full path of the namespace(project or group) the work item is created in.'
-      argument :project_path, GraphQL::Types::ID,
-               required: false,
-               description: 'Full path of the project the work item is associated with.',
-               deprecated: {
-                 reason: 'Please use namespace_path instead. That will cover for both projects and groups',
-                 milestone: '15.10'
-               }
-      argument :title, GraphQL::Types::String,
-               required: true,
-               description: copy_field_description(Types::WorkItemType, :title)
-      argument :work_item_type_id, ::Types::GlobalIDType[::WorkItems::Type],
-               required: true,
-               description: 'Global ID of a work item type.'
+      argument :description,
+        GraphQL::Types::String,
+        required: false,
+        description: copy_field_description(Types::WorkItemType, :description),
+        deprecated: { milestone: '16.9', reason: 'use description widget instead' }
+      argument :hierarchy_widget,
+        ::Types::WorkItems::Widgets::HierarchyCreateInputType,
+        required: false,
+        description: 'Input for hierarchy widget.'
+      argument :labels_widget,
+        ::Types::WorkItems::Widgets::LabelsCreateInputType,
+        required: false,
+        description: 'Input for labels widget.'
+      argument :namespace_path,
+        GraphQL::Types::ID,
+        required: false,
+        description: 'Full path of the namespace(project or group) the work item is created in.'
+      argument :project_path,
+        GraphQL::Types::ID,
+        required: false,
+        description: 'Full path of the project the work item is associated with.',
+        deprecated: {
+          reason: 'Please use namespace_path instead. That will cover for both projects and groups',
+          milestone: '15.10'
+        }
+      argument :title,
+        GraphQL::Types::String,
+        required: true,
+        description: copy_field_description(Types::WorkItemType, :title)
+      argument :work_item_type_id,
+        ::Types::GlobalIDType[::WorkItems::Type],
+        required: true,
+        description: 'Global ID of a work item type.'
 
       field :work_item, Types::WorkItemType,
             null: true,
diff --git a/app/graphql/mutations/work_items/update.rb b/app/graphql/mutations/work_items/update.rb
index 1a140f0c0ca..b9e4b7cc4f2 100644
--- a/app/graphql/mutations/work_items/update.rb
+++ b/app/graphql/mutations/work_items/update.rb
@@ -7,11 +7,56 @@ module Mutations
       description "Updates a work item by Global ID."
 
       include Mutations::SpamProtection
-      include Mutations::WorkItems::UpdateArguments
+      include Mutations::WorkItems::SharedArguments
       include Mutations::WorkItems::Widgetable
 
       authorize :read_work_item
 
+      argument :award_emoji_widget,
+        ::Types::WorkItems::Widgets::AwardEmojiUpdateInputType,
+        required: false,
+        description: 'Input for emoji reactions widget.'
+      argument :current_user_todos_widget,
+        ::Types::WorkItems::Widgets::CurrentUserTodosInputType,
+        required: false,
+        description: 'Input for to-dos widget.'
+      argument :hierarchy_widget,
+        ::Types::WorkItems::Widgets::HierarchyUpdateInputType,
+        required: false,
+        description: 'Input for hierarchy widget.'
+      argument :id,
+        ::Types::GlobalIDType[::WorkItem],
+        required: true,
+        description: 'Global ID of the work item.'
+      argument :labels_widget,
+        ::Types::WorkItems::Widgets::LabelsUpdateInputType,
+        required: false,
+        description: 'Input for labels widget.'
+      argument :notes_widget,
+        ::Types::WorkItems::Widgets::NotesInputType,
+        required: false,
+        description: 'Input for notes widget.'
+      argument :notifications_widget,
+        ::Types::WorkItems::Widgets::NotificationsUpdateInputType,
+        required: false,
+        description: 'Input for notifications widget.'
+      argument :start_and_due_date_widget,
+        ::Types::WorkItems::Widgets::StartAndDueDateUpdateInputType,
+        required: false,
+        description: 'Input for start and due date widget.'
+      argument :state_event,
+        Types::WorkItems::StateEventEnum,
+        description: 'Close or reopen a work item.',
+        required: false
+      argument :time_tracking_widget,
+        ::Types::WorkItems::Widgets::TimeTracking::TimeTrackingInputType,
+        required: false,
+        description: 'Input for time tracking widget.'
+      argument :title,
+        GraphQL::Types::String,
+        required: false,
+        description: copy_field_description(Types::WorkItemType, :title)
+
       field :work_item, Types::WorkItemType,
             null: true,
             description: 'Updated work item.'
diff --git a/app/models/virtual_registries/packages/maven.rb b/app/models/virtual_registries/packages/maven.rb
new file mode 100644
index 00000000000..87042b2043c
--- /dev/null
+++ b/app/models/virtual_registries/packages/maven.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module VirtualRegistries
+  module Packages
+    module Maven
+      def self.table_name_prefix
+        'virtual_registries_packages_maven_'
+      end
+    end
+  end
+end
diff --git a/app/models/virtual_registries/packages/maven/registry.rb b/app/models/virtual_registries/packages/maven/registry.rb
new file mode 100644
index 00000000000..f1006196899
--- /dev/null
+++ b/app/models/virtual_registries/packages/maven/registry.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module VirtualRegistries
+  module Packages
+    module Maven
+      class Registry < ApplicationRecord
+        belongs_to :group
+        has_one :registry_upstream,
+          class_name: 'VirtualRegistries::Packages::Maven::RegistryUpstream',
+          inverse_of: :registry
+        has_one :upstream, class_name: 'VirtualRegistries::Packages::Maven::Upstream', through: :registry_upstream
+
+        validates :group, top_level_group: true, presence: true, uniqueness: true
+        validates :cache_validity_hours, numericality: { greater_than_or_equal_to: 0, only_integer: true }
+      end
+    end
+  end
+end
diff --git a/app/models/virtual_registries/packages/maven/registry_upstream.rb b/app/models/virtual_registries/packages/maven/registry_upstream.rb
new file mode 100644
index 00000000000..b06de684424
--- /dev/null
+++ b/app/models/virtual_registries/packages/maven/registry_upstream.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module VirtualRegistries
+  module Packages
+    module Maven
+      class RegistryUpstream < ApplicationRecord
+        belongs_to :group
+        belongs_to :registry, class_name: 'VirtualRegistries::Packages::Maven::Registry', inverse_of: :registry_upstream
+        belongs_to :upstream, class_name: 'VirtualRegistries::Packages::Maven::Upstream', inverse_of: :registry_upstream
+
+        validates :registry_id, :upstream_id, uniqueness: true
+        validates :group, top_level_group: true, presence: true
+      end
+    end
+  end
+end
diff --git a/app/models/virtual_registries/packages/maven/upstream.rb b/app/models/virtual_registries/packages/maven/upstream.rb
new file mode 100644
index 00000000000..0a19e8f3193
--- /dev/null
+++ b/app/models/virtual_registries/packages/maven/upstream.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module VirtualRegistries
+  module Packages
+    module Maven
+      class Upstream < ApplicationRecord
+        belongs_to :group
+        has_one :registry_upstream,
+          class_name: 'VirtualRegistries::Packages::Maven::RegistryUpstream',
+          inverse_of: :upstream
+        has_one :registry, class_name: 'VirtualRegistries::Packages::Maven::Registry', through: :registry_upstream
+
+        attr_encrypted :credentials,
+          mode: :per_attribute_iv,
+          key: Settings.attr_encrypted_db_key_base_32,
+          algorithm: 'aes-256-gcm',
+          marshal: true,
+          marshaler: ::Gitlab::Json,
+          encode: false,
+          encode_iv: false
+        attribute :username, :string, default: nil
+        attribute :password, :string, default: nil
+
+        validates :group, top_level_group: true, presence: true
+        validates :url, addressable_url: { allow_localhost: false, allow_local_network: false }, presence: true
+        validates :username, presence: true, if: :password?
+        validates :password, presence: true, if: :username?
+        validates :url, :username, :password, length: { maximum: 255 }
+
+        after_initialize :read_credentials
+        before_save :write_credentials
+
+        private
+
+        def read_credentials
+          self.username, self.password = (credentials || {}).values_at('username', 'password')
+        end
+
+        def write_credentials
+          self.credentials = (credentials || {}).merge('username' => username, 'password' => password)
+        end
+      end
+    end
+  end
+end
diff --git a/app/services/projects/update_pages_service.rb b/app/services/projects/update_pages_service.rb
index 96cb9425c25..ee2d9ddfef6 100644
--- a/app/services/projects/update_pages_service.rb
+++ b/app/services/projects/update_pages_service.rb
@@ -2,6 +2,7 @@
 
 module Projects
   class UpdatePagesService < BaseService
+    include Gitlab::InternalEventsTracking
     include Gitlab::Utils::StrongMemoize
 
     # old deployment can be cached by pages daemon
@@ -33,6 +34,22 @@ module Projects
         break error('The uploaded artifact size does not match the expected value') unless deployment
         break error(deployment_validations.errors.first.full_message) unless deployment_validations.valid?
 
+        track_internal_event(
+          'create_pages_deployment',
+          project: project,
+          namespace: project.namespace,
+          user: build.user
+        )
+
+        if deployment.path_prefix.present?
+          track_internal_event(
+            'create_pages_extra_deployment',
+            project: project,
+            namespace: project.namespace,
+            user: build.user
+          )
+        end
+
         deactive_old_deployments(deployment)
         success
       end
diff --git a/app/workers/bulk_imports/relation_export_worker.rb b/app/workers/bulk_imports/relation_export_worker.rb
index 8d49e557b2a..c0934b786e5 100644
--- a/app/workers/bulk_imports/relation_export_worker.rb
+++ b/app/workers/bulk_imports/relation_export_worker.rb
@@ -38,7 +38,7 @@ module BulkImports
         log_extra_metadata_on_done(:batched, true)
         BatchedRelationExportService.new(user, portable, relation, jid).execute
       elsif config.user_contributions_relation?(relation)
-        return if Feature.disabled?(:bulk_import_user_mapping, portable)
+        return if Feature.disabled?(:bulk_import_user_mapping, user)
 
         log_extra_metadata_on_done(:batched, false)
         UserContributionsExportWorker.perform_async(portable_id, portable_class, user_id)
diff --git a/config/bounded_contexts.yml b/config/bounded_contexts.yml
index efa3013683d..fd1823e4ad2 100644
--- a/config/bounded_contexts.yml
+++ b/config/bounded_contexts.yml
@@ -118,7 +118,7 @@ domains:
       - dependency_management
 
   DependencyProxy:
-    description:
+    description: Dependency Proxy for container images.
     feature_categories:
       - virtual_registry
       - package_registry
@@ -227,7 +227,7 @@ domains:
       - cell
 
   Packages:
-    description:
+    description: Package registry implementation for each supported format (such as Maven, NPM, NuGet, ...).
     feature_categories:
       - package_registry
       - mlops
@@ -310,6 +310,11 @@ domains:
     feature_categories:
       - consumables_cost_management
 
+  VirtualRegistries:
+    description: Virtual registries implementation that manage artifacts (packages or container images) from external upstreams.
+    feature_categories:
+      - virtual_registry
+
   Vulnerabilities:
     description: Vulnerability management
     feature_categories:
diff --git a/config/events/create_pages_deployment.yml b/config/events/create_pages_deployment.yml
new file mode 100644
index 00000000000..d375c35a4ae
--- /dev/null
+++ b/config/events/create_pages_deployment.yml
@@ -0,0 +1,18 @@
+---
+description: GitLab Pages deployment created
+internal_events: true
+action: create_pages_deployment
+identifiers:
+- project
+- namespace
+- user
+product_group: knowledge
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157474
+distributions:
+- ce
+- ee
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/events/visit_ci_cd_failure_rate_tab.yml b/config/events/visit_ci_cd_failure_rate_tab.yml
new file mode 100644
index 00000000000..d10f5cc1456
--- /dev/null
+++ b/config/events/visit_ci_cd_failure_rate_tab.yml
@@ -0,0 +1,18 @@
+---
+description: "Visits to the project level CI/CD Analytics Change failure rate tab"
+internal_events: true
+action: visit_ci_cd_failure_rate_tab
+identifiers:
+  - project
+  - namespace
+  - user
+product_group: optimize
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156593
+distributions:
+  - ce
+  - ee
+tiers:
+  - free
+  - premium
+  - ultimate
diff --git a/config/events/visit_ci_cd_time_to_restore_service_tab.yml b/config/events/visit_ci_cd_time_to_restore_service_tab.yml
new file mode 100644
index 00000000000..216c5184d1f
--- /dev/null
+++ b/config/events/visit_ci_cd_time_to_restore_service_tab.yml
@@ -0,0 +1,18 @@
+---
+description: Tracks visits to the project level CI/CD Analytics Time to Restore Service tab
+internal_events: true
+action: visit_ci_cd_time_to_restore_service_tab
+identifiers:
+- project
+- namespace
+- user
+product_group: optimize
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156593
+distributions:
+- ce
+- ee
+tiers:
+- free
+- premium
+- ultimate
diff --git a/config/metrics/counts_28d/20210216174910_analytics_unique_visits_for_any_target_monthly.yml b/config/metrics/counts_28d/20210216174910_analytics_unique_visits_for_any_target_monthly.yml
index 0b74b7f861e..9f292450cbf 100644
--- a/config/metrics/counts_28d/20210216174910_analytics_unique_visits_for_any_target_monthly.yml
+++ b/config/metrics/counts_28d/20210216174910_analytics_unique_visits_for_any_target_monthly.yml
@@ -49,8 +49,12 @@ events:
   unique: user.id
 - name: p_analytics_ci_cd_lead_time
   unique: user.id
+- name: visit_ci_cd_time_to_restore_service_tab
+  unique: user.id
 - name: p_analytics_ci_cd_time_to_restore_service
   unique: user.id
+- name: visit_ci_cd_failure_rate_tab
+  unique: user.id
 - name: p_analytics_ci_cd_change_failure_rate
   unique: user.id
 - name: g_analytics_ci_cd_release_statistics
diff --git a/config/metrics/counts_28d/20220622084700_p_analytics_ci_cd_time_to_restore_service_monthly.yml b/config/metrics/counts_28d/20220622084700_p_analytics_ci_cd_time_to_restore_service_monthly.yml
index f554572066b..c75dc10752a 100644
--- a/config/metrics/counts_28d/20220622084700_p_analytics_ci_cd_time_to_restore_service_monthly.yml
+++ b/config/metrics/counts_28d/20220622084700_p_analytics_ci_cd_time_to_restore_service_monthly.yml
@@ -7,9 +7,8 @@ status: active
 milestone: "15.2"
 introduced_by_url:
 time_frame: 28d
-data_source: redis_hll
+data_source: internal_events
 data_category: operational
-instrumentation_class: RedisHLLMetric
 performance_indicator_type: []
 distribution:
 - ce
@@ -17,6 +16,6 @@ distribution:
 tier:
 - premium
 - ultimate
-options:
-  events:
-    - p_analytics_ci_cd_time_to_restore_service
+events:
+  - name: visit_ci_cd_time_to_restore_service_tab
+    unique: user.id
diff --git a/config/metrics/counts_28d/20220707054530_p_analytics_ci_cd_change_failure_rate_monthly.yml b/config/metrics/counts_28d/20220707054530_p_analytics_ci_cd_change_failure_rate_monthly.yml
index e3edbc05828..bd8b6bb1fae 100644
--- a/config/metrics/counts_28d/20220707054530_p_analytics_ci_cd_change_failure_rate_monthly.yml
+++ b/config/metrics/counts_28d/20220707054530_p_analytics_ci_cd_change_failure_rate_monthly.yml
@@ -7,9 +7,8 @@ status: active
 milestone: "15.2"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91726
 time_frame: 28d
-data_source: redis_hll
+data_source: internal_events
 data_category: operational
-instrumentation_class: RedisHLLMetric
 performance_indicator_type: []
 distribution:
 - ce
@@ -17,6 +16,6 @@ distribution:
 tier:
 - premium
 - ultimate
-options:
-  events:
-    - p_analytics_ci_cd_change_failure_rate
+events:
+  - name: visit_ci_cd_failure_rate_tab
+    unique: user.id
diff --git a/config/metrics/counts_28d/count_distinct_project_id_from_create_pages_deployment_monthly.yml b/config/metrics/counts_28d/count_distinct_project_id_from_create_pages_deployment_monthly.yml
new file mode 100644
index 00000000000..6063f68dd9b
--- /dev/null
+++ b/config/metrics/counts_28d/count_distinct_project_id_from_create_pages_deployment_monthly.yml
@@ -0,0 +1,22 @@
+---
+key_path: redis_hll_counters.count_distinct_project_id_from_create_pages_deployment_monthly
+description: Monthly count of unique projects where a Pages deployment was created
+product_group: knowledge
+performance_indicator_type: []
+value_type: number
+status: active
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157474
+time_frame: 28d
+data_source: internal_events
+data_category: optional
+distribution:
+- ce
+- ee
+tier:
+- free
+- premium
+- ultimate
+events:
+- name: create_pages_deployment
+  unique: project.id
diff --git a/config/metrics/counts_28d/count_distinct_user_id_from_create_pages_deployment_monthly.yml b/config/metrics/counts_28d/count_distinct_user_id_from_create_pages_deployment_monthly.yml
new file mode 100644
index 00000000000..90d5fac1535
--- /dev/null
+++ b/config/metrics/counts_28d/count_distinct_user_id_from_create_pages_deployment_monthly.yml
@@ -0,0 +1,22 @@
+---
+key_path: redis_hll_counters.count_distinct_user_id_from_create_pages_deployment_monthly
+description: Monthly count of unique users who created a Pages deployment
+product_group: knowledge
+performance_indicator_type: []
+value_type: number
+status: active
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157474
+time_frame: 28d
+data_source: internal_events
+data_category: optional
+distribution:
+- ce
+- ee
+tier:
+- free
+- premium
+- ultimate
+events:
+- name: create_pages_deployment
+  unique: user.id
diff --git a/config/metrics/counts_7d/20220622084654_p_analytics_ci_cd_time_to_restore_service_weekly.yml b/config/metrics/counts_7d/20220622084654_p_analytics_ci_cd_time_to_restore_service_weekly.yml
index 32120f03018..864816c64bb 100644
--- a/config/metrics/counts_7d/20220622084654_p_analytics_ci_cd_time_to_restore_service_weekly.yml
+++ b/config/metrics/counts_7d/20220622084654_p_analytics_ci_cd_time_to_restore_service_weekly.yml
@@ -7,9 +7,8 @@ status: active
 milestone: "15.2"
 introduced_by_url:
 time_frame: 7d
-data_source: redis_hll
+data_source: internal_events
 data_category: operational
-instrumentation_class: RedisHLLMetric
 performance_indicator_type: []
 distribution:
 - ce
@@ -17,6 +16,6 @@ distribution:
 tier:
 - premium
 - ultimate
-options:
-  events:
-    - p_analytics_ci_cd_time_to_restore_service
+events:
+  - name: visit_ci_cd_time_to_restore_service_tab
+    unique: user.id
diff --git a/config/metrics/counts_7d/20220707054526_p_analytics_ci_cd_change_failure_rate_weekly.yml b/config/metrics/counts_7d/20220707054526_p_analytics_ci_cd_change_failure_rate_weekly.yml
index 36f17024f06..a34ed8ce596 100644
--- a/config/metrics/counts_7d/20220707054526_p_analytics_ci_cd_change_failure_rate_weekly.yml
+++ b/config/metrics/counts_7d/20220707054526_p_analytics_ci_cd_change_failure_rate_weekly.yml
@@ -7,9 +7,8 @@ status: active
 milestone: "15.2"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91726
 time_frame: 7d
-data_source: redis_hll
+data_source: internal_events
 data_category: operational
-instrumentation_class: RedisHLLMetric
 performance_indicator_type: []
 distribution:
 - ce
@@ -17,6 +16,6 @@ distribution:
 tier:
 - premium
 - ultimate
-options:
-  events:
-    - p_analytics_ci_cd_change_failure_rate
+events:
+  - name: visit_ci_cd_failure_rate_tab
+    unique: user.id
diff --git a/config/metrics/counts_7d/count_distinct_project_id_from_create_pages_deployment_weekly.yml b/config/metrics/counts_7d/count_distinct_project_id_from_create_pages_deployment_weekly.yml
new file mode 100644
index 00000000000..93e5f5f92f0
--- /dev/null
+++ b/config/metrics/counts_7d/count_distinct_project_id_from_create_pages_deployment_weekly.yml
@@ -0,0 +1,22 @@
+---
+key_path: redis_hll_counters.count_distinct_project_id_from_create_pages_deployment_weekly
+description: Weekly count of unique projects where a Pages deployment was created
+product_group: knowledge
+performance_indicator_type: []
+value_type: number
+status: active
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157474
+time_frame: 7d
+data_source: internal_events
+data_category: optional
+distribution:
+- ce
+- ee
+tier:
+- free
+- premium
+- ultimate
+events:
+- name: create_pages_deployment
+  unique: project.id
diff --git a/config/metrics/counts_7d/count_distinct_user_id_from_create_pages_deployment_weekly.yml b/config/metrics/counts_7d/count_distinct_user_id_from_create_pages_deployment_weekly.yml
new file mode 100644
index 00000000000..c994603fec8
--- /dev/null
+++ b/config/metrics/counts_7d/count_distinct_user_id_from_create_pages_deployment_weekly.yml
@@ -0,0 +1,22 @@
+---
+key_path: redis_hll_counters.count_distinct_user_id_from_create_pages_deployment_weekly
+description: Weekly count of unique users who created a Pages deployment
+product_group: knowledge
+performance_indicator_type: []
+value_type: number
+status: active
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157474
+time_frame: 7d
+data_source: internal_events
+data_category: optional
+distribution:
+- ce
+- ee
+tier:
+- free
+- premium
+- ultimate
+events:
+- name: create_pages_deployment
+  unique: user.id
diff --git a/config/metrics/counts_all/count_total_create_pages_deployment.yml b/config/metrics/counts_all/count_total_create_pages_deployment.yml
new file mode 100644
index 00000000000..6206231924b
--- /dev/null
+++ b/config/metrics/counts_all/count_total_create_pages_deployment.yml
@@ -0,0 +1,21 @@
+---
+key_path: counts.count_total_create_pages_deployment
+description: Total count of Pages deployments created
+product_group: knowledge
+performance_indicator_type: []
+value_type: number
+status: active
+milestone: '17.2'
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157474
+time_frame: all
+data_source: internal_events
+data_category: optional
+distribution:
+- ce
+- ee
+tier:
+- free
+- premium
+- ultimate
+events:
+- name: create_pages_deployment
diff --git a/db/docs/virtual_registries_packages_maven_registries.yml b/db/docs/virtual_registries_packages_maven_registries.yml
new file mode 100644
index 00000000000..04a25d23ed7
--- /dev/null
+++ b/db/docs/virtual_registries_packages_maven_registries.yml
@@ -0,0 +1,12 @@
+---
+table_name: virtual_registries_packages_maven_registries
+classes:
+- VirtualRegistries::Packages::Maven::Registry
+feature_categories:
+- virtual_registry
+description: A virtual registry object for a packages of kind Maven.
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156930
+milestone: '17.2'
+gitlab_schema: gitlab_main_cell
+sharding_key:
+  group_id: namespaces
diff --git a/db/docs/virtual_registries_packages_maven_registry_upstreams.yml b/db/docs/virtual_registries_packages_maven_registry_upstreams.yml
new file mode 100644
index 00000000000..977c3394930
--- /dev/null
+++ b/db/docs/virtual_registries_packages_maven_registry_upstreams.yml
@@ -0,0 +1,12 @@
+---
+table_name: virtual_registries_packages_maven_registry_upstreams
+classes:
+- VirtualRegistries::Packages::Maven::RegistryUpstream
+feature_categories:
+- virtual_registry
+description: Link a Maven Registry with a Maven Upstream.
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156930
+milestone: '17.2'
+gitlab_schema: gitlab_main_cell
+sharding_key:
+  group_id: namespaces
diff --git a/db/docs/virtual_registries_packages_maven_upstreams.yml b/db/docs/virtual_registries_packages_maven_upstreams.yml
new file mode 100644
index 00000000000..03e6d81f74a
--- /dev/null
+++ b/db/docs/virtual_registries_packages_maven_upstreams.yml
@@ -0,0 +1,12 @@
+---
+table_name: virtual_registries_packages_maven_upstreams
+classes:
+- VirtualRegistries::Packages::Maven::Upstream
+feature_categories:
+- virtual_registry
+description: Upstream object for Maven Virtual Registries.
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156930
+milestone: '17.2'
+gitlab_schema: gitlab_main_cell
+sharding_key:
+  group_id: namespaces
diff --git a/db/migrate/20240619141712_create_virtual_registries_packages_maven_registries.rb b/db/migrate/20240619141712_create_virtual_registries_packages_maven_registries.rb
new file mode 100644
index 00000000000..da220b6f87c
--- /dev/null
+++ b/db/migrate/20240619141712_create_virtual_registries_packages_maven_registries.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class CreateVirtualRegistriesPackagesMavenRegistries < Gitlab::Database::Migration[2.2]
+  milestone '17.2'
+  disable_ddl_transaction!
+
+  TABLE_NAME = :virtual_registries_packages_maven_registries
+  INDEX_NAME = 'virtual_registries_pkgs_maven_registries_on_unique_group_ids'
+
+  def up
+    with_lock_retries do
+      create_table TABLE_NAME, if_not_exists: true do |t|
+        t.references :group,
+          null: false,
+          index: { unique: true, name: INDEX_NAME },
+          foreign_key: { to_table: :namespaces, on_delete: :cascade }
+        t.timestamps_with_timezone null: false
+        t.integer :cache_validity_hours, limit: 2, null: false, default: 1
+      end
+    end
+
+    constraint = check_constraint_name(TABLE_NAME.to_s, 'cache_validity_hours', 'zero_or_positive')
+    add_check_constraint(TABLE_NAME, 'cache_validity_hours >= 0', constraint)
+  end
+
+  def down
+    drop_table TABLE_NAME
+  end
+end
diff --git a/db/migrate/20240619154655_create_virtual_registries_packages_maven_upstreams.rb b/db/migrate/20240619154655_create_virtual_registries_packages_maven_upstreams.rb
new file mode 100644
index 00000000000..46d47f635a1
--- /dev/null
+++ b/db/migrate/20240619154655_create_virtual_registries_packages_maven_upstreams.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class CreateVirtualRegistriesPackagesMavenUpstreams < Gitlab::Database::Migration[2.2]
+  milestone '17.2'
+  disable_ddl_transaction!
+
+  TABLE_NAME = :virtual_registries_packages_maven_upstreams
+
+  def up
+    with_lock_retries do
+      create_table TABLE_NAME, if_not_exists: true do |t|
+        t.references :group,
+          null: false,
+          index: { name: 'index_virtual_reg_pkgs_maven_upstreams_on_group_id' },
+          foreign_key: { to_table: :namespaces, on_delete: :cascade }
+        t.timestamps_with_timezone null: false
+        t.text :url, null: false, limit: 255
+        t.binary :encrypted_credentials, null: true
+        t.binary :encrypted_credentials_iv, null: true
+      end
+    end
+
+    constraint = check_constraint_name(TABLE_NAME.to_s, 'encrypted_credentials', 'max_length')
+    add_check_constraint(TABLE_NAME, 'octet_length(encrypted_credentials) <= 1020', constraint)
+
+    constraint = check_constraint_name(TABLE_NAME.to_s, 'encrypted_credentials_iv', 'max_length')
+    add_check_constraint(TABLE_NAME, 'octet_length(encrypted_credentials_iv) <= 1020', constraint)
+  end
+
+  def down
+    drop_table TABLE_NAME
+  end
+end
diff --git a/db/migrate/20240619192156_create_virtual_registries_packages_maven_registry_upstreams.rb b/db/migrate/20240619192156_create_virtual_registries_packages_maven_registry_upstreams.rb
new file mode 100644
index 00000000000..32acf54273d
--- /dev/null
+++ b/db/migrate/20240619192156_create_virtual_registries_packages_maven_registry_upstreams.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class CreateVirtualRegistriesPackagesMavenRegistryUpstreams < Gitlab::Database::Migration[2.2]
+  milestone '17.2'
+  disable_ddl_transaction!
+
+  TABLE_NAME = :virtual_registries_packages_maven_registry_upstreams
+
+  def up
+    with_lock_retries do
+      create_table TABLE_NAME, if_not_exists: true do |t|
+        t.references :group,
+          null: false,
+          index: { name: 'index_virtual_reg_pkgs_maven_reg_upstreams_on_group_id' },
+          foreign_key: { to_table: :namespaces, on_delete: :cascade }
+        t.references :registry,
+          null: false,
+          index: { unique: true, name: 'virtual_reg_packages_maven_reg_upstreams_on_unique_reg_ids' },
+          foreign_key: { to_table: :virtual_registries_packages_maven_registries, on_delete: :cascade }
+        t.references :upstream,
+          null: false,
+          index: { unique: true, name: 'virtual_reg_packages_maven_reg_upstreams_on_unique_upstream_ids' },
+          foreign_key: { to_table: :virtual_registries_packages_maven_upstreams, on_delete: :cascade }
+
+        t.timestamps_with_timezone null: false
+      end
+    end
+  end
+
+  def down
+    drop_table TABLE_NAME
+  end
+end
diff --git a/db/schema_migrations/20240619141712 b/db/schema_migrations/20240619141712
new file mode 100644
index 00000000000..7e6aabdacf3
--- /dev/null
+++ b/db/schema_migrations/20240619141712
@@ -0,0 +1 @@
+16b265699f55b815bd1ac4e9b71242ac9b3ccfa06b91426168912fac45d6c019
\ No newline at end of file
diff --git a/db/schema_migrations/20240619154655 b/db/schema_migrations/20240619154655
new file mode 100644
index 00000000000..37d7751ea92
--- /dev/null
+++ b/db/schema_migrations/20240619154655
@@ -0,0 +1 @@
+aca6b5cc21a8b5f1dff79352b2a6f851fd07069af22d84925cc618a73dd49d98
\ No newline at end of file
diff --git a/db/schema_migrations/20240619192156 b/db/schema_migrations/20240619192156
new file mode 100644
index 00000000000..c9717eec9b8
--- /dev/null
+++ b/db/schema_migrations/20240619192156
@@ -0,0 +1 @@
+39a0c550cd99b1c52e980c31f04723ba353f241474fb8d9efcb9453c695d4ed9
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 0016e042634..742197e1959 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -18900,6 +18900,64 @@ CREATE SEQUENCE value_stream_dashboard_counts_id_seq
 
 ALTER SEQUENCE value_stream_dashboard_counts_id_seq OWNED BY value_stream_dashboard_counts.id;
 
+CREATE TABLE virtual_registries_packages_maven_registries (
+    id bigint NOT NULL,
+    group_id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    cache_validity_hours smallint DEFAULT 1 NOT NULL,
+    CONSTRAINT check_b3fbe8eb62 CHECK ((cache_validity_hours >= 0))
+);
+
+CREATE SEQUENCE virtual_registries_packages_maven_registries_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE virtual_registries_packages_maven_registries_id_seq OWNED BY virtual_registries_packages_maven_registries.id;
+
+CREATE TABLE virtual_registries_packages_maven_registry_upstreams (
+    id bigint NOT NULL,
+    group_id bigint NOT NULL,
+    registry_id bigint NOT NULL,
+    upstream_id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL
+);
+
+CREATE SEQUENCE virtual_registries_packages_maven_registry_upstreams_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE virtual_registries_packages_maven_registry_upstreams_id_seq OWNED BY virtual_registries_packages_maven_registry_upstreams.id;
+
+CREATE TABLE virtual_registries_packages_maven_upstreams (
+    id bigint NOT NULL,
+    group_id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    url text NOT NULL,
+    encrypted_credentials bytea,
+    encrypted_credentials_iv bytea,
+    CONSTRAINT check_26c0572777 CHECK ((char_length(url) <= 255)),
+    CONSTRAINT check_4af2999ab8 CHECK ((octet_length(encrypted_credentials_iv) <= 1020)),
+    CONSTRAINT check_b9e3bfa31a CHECK ((octet_length(encrypted_credentials) <= 1020))
+);
+
+CREATE SEQUENCE virtual_registries_packages_maven_upstreams_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE virtual_registries_packages_maven_upstreams_id_seq OWNED BY virtual_registries_packages_maven_upstreams.id;
+
 CREATE TABLE vs_code_settings (
     id bigint NOT NULL,
     user_id bigint NOT NULL,
@@ -21564,6 +21622,12 @@ ALTER TABLE ONLY users_statistics ALTER COLUMN id SET DEFAULT nextval('users_sta
 
 ALTER TABLE ONLY value_stream_dashboard_counts ALTER COLUMN id SET DEFAULT nextval('value_stream_dashboard_counts_id_seq'::regclass);
 
+ALTER TABLE ONLY virtual_registries_packages_maven_registries ALTER COLUMN id SET DEFAULT nextval('virtual_registries_packages_maven_registries_id_seq'::regclass);
+
+ALTER TABLE ONLY virtual_registries_packages_maven_registry_upstreams ALTER COLUMN id SET DEFAULT nextval('virtual_registries_packages_maven_registry_upstreams_id_seq'::regclass);
+
+ALTER TABLE ONLY virtual_registries_packages_maven_upstreams ALTER COLUMN id SET DEFAULT nextval('virtual_registries_packages_maven_upstreams_id_seq'::regclass);
+
 ALTER TABLE ONLY vs_code_settings ALTER COLUMN id SET DEFAULT nextval('vs_code_settings_id_seq'::regclass);
 
 ALTER TABLE ONLY vulnerabilities ALTER COLUMN id SET DEFAULT nextval('vulnerabilities_id_seq'::regclass);
@@ -24266,6 +24330,15 @@ ALTER TABLE ONLY value_stream_dashboard_counts
 ALTER TABLE ONLY verification_codes
     ADD CONSTRAINT verification_codes_pkey PRIMARY KEY (created_at, visitor_id_code, code, phone);
 
+ALTER TABLE ONLY virtual_registries_packages_maven_registries
+    ADD CONSTRAINT virtual_registries_packages_maven_registries_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY virtual_registries_packages_maven_registry_upstreams
+    ADD CONSTRAINT virtual_registries_packages_maven_registry_upstreams_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY virtual_registries_packages_maven_upstreams
+    ADD CONSTRAINT virtual_registries_packages_maven_upstreams_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY vs_code_settings
     ADD CONSTRAINT vs_code_settings_pkey PRIMARY KEY (id);
 
@@ -29535,6 +29608,10 @@ CREATE UNIQUE INDEX index_verification_codes_on_phone_and_visitor_id_code ON ONL
 
 COMMENT ON INDEX index_verification_codes_on_phone_and_visitor_id_code IS 'JiHu-specific index';
 
+CREATE INDEX index_virtual_reg_pkgs_maven_reg_upstreams_on_group_id ON virtual_registries_packages_maven_registry_upstreams USING btree (group_id);
+
+CREATE INDEX index_virtual_reg_pkgs_maven_upstreams_on_group_id ON virtual_registries_packages_maven_upstreams USING btree (group_id);
+
 CREATE UNIQUE INDEX index_vuln_findings_on_uuid_including_vuln_id_1 ON vulnerability_occurrences USING btree (uuid) INCLUDE (vulnerability_id);
 
 CREATE UNIQUE INDEX index_vuln_historical_statistics_on_project_id_and_date ON vulnerability_historical_statistics USING btree (project_id, date);
@@ -30091,6 +30168,12 @@ CREATE UNIQUE INDEX unique_zoekt_shards_uuid ON zoekt_shards USING btree (uuid);
 
 CREATE INDEX user_follow_users_followee_id_idx ON user_follow_users USING btree (followee_id);
 
+CREATE UNIQUE INDEX virtual_reg_packages_maven_reg_upstreams_on_unique_reg_ids ON virtual_registries_packages_maven_registry_upstreams USING btree (registry_id);
+
+CREATE UNIQUE INDEX virtual_reg_packages_maven_reg_upstreams_on_unique_upstream_ids ON virtual_registries_packages_maven_registry_upstreams USING btree (upstream_id);
+
+CREATE UNIQUE INDEX virtual_registries_pkgs_maven_registries_on_unique_group_ids ON virtual_registries_packages_maven_registries USING btree (group_id);
+
 CREATE UNIQUE INDEX vulnerability_occurrence_pipelines_on_unique_keys ON vulnerability_occurrence_pipelines USING btree (occurrence_id, pipeline_id);
 
 CREATE INDEX wi_colors_namespace_id_index ON work_item_colors USING btree (namespace_id);
@@ -33775,6 +33858,9 @@ ALTER TABLE ONLY wiki_page_slugs
 ALTER TABLE ONLY board_labels
     ADD CONSTRAINT fk_rails_362b0600a3 FOREIGN KEY (label_id) REFERENCES labels(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY virtual_registries_packages_maven_upstreams
+    ADD CONSTRAINT fk_rails_3649ef6e9a FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY merge_request_blocks
     ADD CONSTRAINT fk_rails_364d4bea8b FOREIGN KEY (blocked_merge_request_id) REFERENCES merge_requests(id) ON DELETE CASCADE;
 
@@ -33817,6 +33903,9 @@ ALTER TABLE ONLY cluster_groups
 ALTER TABLE ONLY note_diff_files
     ADD CONSTRAINT fk_rails_3d66047aeb FOREIGN KEY (diff_note_id) REFERENCES notes(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY virtual_registries_packages_maven_registry_upstreams
+    ADD CONSTRAINT fk_rails_3dc6bd8333 FOREIGN KEY (upstream_id) REFERENCES virtual_registries_packages_maven_upstreams(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY snippet_user_mentions
     ADD CONSTRAINT fk_rails_3e00189191 FOREIGN KEY (snippet_id) REFERENCES snippets(id) ON DELETE CASCADE;
 
@@ -33991,6 +34080,9 @@ ALTER TABLE ONLY geo_node_namespace_links
 ALTER TABLE ONLY abuse_events
     ADD CONSTRAINT fk_rails_55101e588c FOREIGN KEY (abuse_report_id) REFERENCES abuse_reports(id);
 
+ALTER TABLE ONLY virtual_registries_packages_maven_registries
+    ADD CONSTRAINT fk_rails_555e85e52c FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY issuable_metric_images
     ADD CONSTRAINT fk_rails_56417a5a7f FOREIGN KEY (issue_id) REFERENCES issues(id) ON DELETE CASCADE;
 
@@ -34324,6 +34416,9 @@ ALTER TABLE ONLY group_wiki_repository_states
 ALTER TABLE ONLY cluster_enabled_grants
     ADD CONSTRAINT fk_rails_8336ce35af FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY virtual_registries_packages_maven_registry_upstreams
+    ADD CONSTRAINT fk_rails_838d054752 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY dast_site_profiles
     ADD CONSTRAINT fk_rails_83e309d69e FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
 
@@ -34738,6 +34833,9 @@ ALTER TABLE ONLY packages_composer_cache_files
 ALTER TABLE ONLY abuse_trust_scores
     ADD CONSTRAINT fk_rails_b903079eb4 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY virtual_registries_packages_maven_registry_upstreams
+    ADD CONSTRAINT fk_rails_b991fff0be FOREIGN KEY (registry_id) REFERENCES virtual_registries_packages_maven_registries(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY dora_configurations
     ADD CONSTRAINT fk_rails_b9b8d90ddb FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
 
diff --git a/doc/administration/gitaly/configure_gitaly.md b/doc/administration/gitaly/configure_gitaly.md
index 16ecdb3f994..2d81cfc0b72 100644
--- a/doc/administration/gitaly/configure_gitaly.md
+++ b/doc/administration/gitaly/configure_gitaly.md
@@ -395,7 +395,7 @@ You can't define Gitaly servers with some as a local Gitaly server
 server (with `gitaly_address`) unless you use
 [mixed configuration](#mixed-configuration).
 
-Configure Gitaly clients in one of two ways:
+Configure Gitaly clients in one of two ways. These instructions are for unencrypted connections but you can also enable [TLS support](tls_support.md):
 
 ::Tabs
 
diff --git a/doc/topics/git/troubleshooting_git.md b/doc/topics/git/troubleshooting_git.md
index c9eb72a9d8c..1f424aba00a 100644
--- a/doc/topics/git/troubleshooting_git.md
+++ b/doc/topics/git/troubleshooting_git.md
@@ -92,7 +92,7 @@ If neither approach fixes the error, you may need a different internet service p
 **If pushing over SSH**, first check your SSH configuration as 'Broken pipe'
 errors can sometimes be caused by underlying issues with SSH (such as
 authentication). Make sure that SSH is correctly configured by following the
-instructions in the [SSH troubleshooting](../../user/ssh.md#password-prompt-with-git-clone) documentation.
+instructions in the [SSH troubleshooting](../../user/ssh_troubleshooting.md#password-prompt-with-git-clone) documentation.
 
 If you're a GitLab administrator with server access, you can also prevent
 session timeouts by configuring SSH `keep-alive` on the client or the server.
diff --git a/doc/user/analytics/dora_metrics.md b/doc/user/analytics/dora_metrics.md
index bce361c8041..7f947100fb6 100644
--- a/doc/user/analytics/dora_metrics.md
+++ b/doc/user/analytics/dora_metrics.md
@@ -49,6 +49,8 @@ GitLab calculates the deployment frequency from the number of finished deploymen
 
 The calculation takes into account the production `environment tier` or the environments named `production/prod`. The environment must be part of the production deployment tier for its deployment information to appear on the graphs.
 
+You can configure DORA metrics for different environments by specifying `other` under the `environment_tiers` parameter in the [`.gitlab/insights.yml` file](../project/insights/index.md#insights-configuration-file).
+
 ### How to improve deployment frequency
 
 The first step is to benchmark the cadence of code releases between groups and projects. Next, you should consider:
diff --git a/doc/user/project/merge_requests/reviews/img/bypass_17_2.png b/doc/user/project/merge_requests/reviews/img/bypass_17_2.png
new file mode 100644
index 0000000000000000000000000000000000000000..ac19cff3d5620d59afd16766c9b67ce4f825583c
GIT binary patch
literal 17546
zcma&N1yo#5voE@5aCZnA0>RzgB|va@cXyXba0o#X+}$O3@Zj$5!QEXS|L;5RoOACw
z_r5oK^;B1PS9SlYy1LftnH{bu{|N<=01*HH6lp1OWdMMBtAg0z{~^B^e<r*UXbTZJ
zkvA?H>B$J@pI#T`PohA@DA7IufDx@!HC;93WO+>->==zq9gNKwJ?$LdMgai7C+}O;
z&dk+_)YHz^-i6mwfb3r*c;D*(G&7Nr{%eS<jR2XZoFb{1gR>baCnGZ>GnpVFDJdzx
zv#B|+vbf}bh`(_HWR|Y3j=W4v9v&Wy9&C&b&K688JUl#1%&bhTtPF1>7+k#UU5z{$
z>|MzJt>pjJBW~tm;%w#UYUN;0`j1{CV+S`^0Wz|GCi>6Mzt`z%W&U3?*}MD)tT%v6
z|MW1iFfud!Phw`CR{saFe|r8c_Agxjo{s+?WxUE}E)KSC|Ex;Q-pW;wmH%IJ{O`^G
zwMhPdbnz-$d79a3id)&4*}J@n3UYCB^E3UAJ^!Pm)_+N|F?0QQ$^X{#ACmk`|5)q4
zS?}Mj`B&?kZv+wfnf}wyf`|@r;$?5HM{tzVasdD&tbYm!NJ)G5&&E=eRh4*nczAt%
zU0z;&?>5B7%I)Ip`D^BRg$@<ns$EP}>i+(L#HH`Lz0u9pTYz8G%hT`f?p|C>IyE)(
z&!4W_+uMut3k`LhkdTOy;_~_V1rK-Mot@o{znj(7wO3bH*Vi|SiF2Win>RN%DJkiL
zgTs5fdkG0C(o%9siK+5(%0WTlBO_xc$0z=NU%q|~`MbVB?m2vTaJaU%zPz*?9u}36
zp55O5=koG0Hs(iqdZx6L{I|&Hlatf2(Qy-Fb5#}1v$JzZKu|<@l#-&FwY7bDc~#W6
z*wfRqhWg*NHTB=4VrOP%{d~W+w{@7AT4`(P|NNPlmshyFypo-r*V@|78#*2q8YwC9
zd1z>4b91Y*vif&p^Yiob(b4hv*hF(vOL0-DuC5^j5*QQ|`s-JXU-jD7)^=k<Q%v-a
z-k!d~!V-pn(eCaZvz$dw58txVipq*#b#;xK$Jd62W{ZnU^K%OU{(+kto3fvkwzqfs
z`vwm74;FT>78jPXGIOS<XATdKe7qrjy#p;RZKQ7fr&o6@Uq`jm7pQzjE-o%pJGWzF
z;$L1~J32Z8>o#`u<?o+f+}ym>Qs(ye_OEa6qrd-{7@ri58jFjIcXD*KFIvvcEoh%V
zIgSe<^B9<%oVK#G)z>rbTs-Yrxg6WLHq4wqyts>O-kzM8ij9q*-MY-`-E%KrQ&Liw
zkDvMAF+4Xr@8cb?dU(@3d$N0aL*qL<FfeFtW*y(YEf_gvZ|783+i-XPz!o%KF?L{U
z<LLiu{o>~C^Us->*6r$vqmto$vF}q3_AVzkPo16J!+)<_Ts-<#&eFQ~tn!!h2luag
zI=0UquJ4}<dUwbFo_8;uCYJRS6ckCuOlLGqJD039OdmgAUmv(x4zHd21Vp5#XO|3}
zKCG{X#}`&jKbDVOLqdM)XdB$kOx}$RUlwJpGGRY%Z*E9&ymRdJ^a;%CSeJ>NYF#)_
z`88Bu*BF=I5)zwp8XFv)S?3=V8<kQSo81`rEiJocF*rIazPK~$a`r7SNC9ba5mnE{
zqjUvXY%P+$!~Mjht0cH!SFT7fVprz(ui0Aftl|qW)D7$ZV3<rZVt?u1tD*%_7{f}<
zBO%m;RM{j|F|J$fj)&`h{Bx8d$N8Z<G8~Sn8jk53Z^mv@yT*(j`)kg|aM9K24@<Rn
z?@E2Q>r<7}=aPMUIc8a++;bX3O(4Vw^ezO(FzF79l%}sa*k}XZL4Gn0kk&8!lL)5F
zU`|{8r~@IQ%0#DJb=;W;d)_~cb+5f!uY;NIv<M6rs;>f&kvhQ4^gt%^o0@mH5TpOn
z$&I_daETY);1KY%anB~GGhB!@)gA+k`7hgFlGAl`Cj&xu2E7Wt?#Z5*>-RS}{JT>_
z-O<48_3L)$p+==XQ_B_$B%BG9k^G^(ilOuCeat05sSnM3xu&yZYoDB4)vARA`#IFg
zN<6`Vl)`gOdjbDQzx7(b%F@lq!_i_mH{$+)NyFFNDBzSgJ$|Q*(Iz!5iu1IX2)&`Q
zeBQq#$s`m;lLw%;jWjY^KwpPu78%mlZtDrPlJ9aTpU$zro&{ty@Mb^w?f=n2c(0w{
zF}<r($mUu>n<A|3=IV#;)6><7gM-`0?XC&I!9N?a8}h_Yg`)$}T4|jv!LMh2#t<P|
ztpaAk?oT2={sC734(RJWgP;xqus%Hk=?7vms3uI|A-91Nrr@N>_jlS7k3Z@AXKjL{
zGK1)_aSU~DiP-2t5z8b7r77#v>K}Zq=CQL>Z@CswtP4!D;-RUVOh=-=sX&zsxtE^W
zB<5ERlY&SZuVktnGIiz-S&P-Hk<gmuK(*o;KN`7VUU`Pz3o~J_xG3Wmg!w!a(Ew_R
z(eg-ti!KKwaSdG%V+bQEf}Pi-A${1#m5E4aDG?-02wBnVL7o5?0<$miU!L_4Qo<{i
z6dVSb^%Bd#7b)X$OkfZEJsFIAkAX_AD}r;TXsnCC3|g)y6u*gKl<y=y9;bFT$^7ju
zGCF<rLFX#Fr3PoDQ;Edhhqe;Q30Mf+uKo(mTwvDF7{2etHEc1<7kKYq*v6g2h!(cw
znk55)dZ%#f6DR)RVKnFu*j5H4ija*%=RgBVIcv`;dR_3oV=He{He(?drot4**^!2j
z(DQbyJPCu@5o1G4|4vH-#C$y*^peor^rNDvbf8Hk4*IrFv})Y+5pG-v<5VJZ2bNHE
zp@`|wjRyWgi+{0mpgLFt#KK0=5yr*mZiY6<>c~94n{Ut%Yn&8y1gc*lo%2x8^agQU
z7boP6ALoiT7UqCWA*22NKY5)b!ZztUDAU0b;DC|400mG8BsE6sqcD6?$t25X41U@m
zG=Z;-r5c~qtm5Oz(n1(jAqI-zMx|2aiNjp;>|`k6@<o(k0cc|v;KRdGd*ANPqA6({
zRMG5-w^E2ODRXdmO-Xz*6kt%iyWREPhD;@Z0y3|0oFUFl+o3hA%*TGx1LJ1-wt^AR
z@VEir%bEk?#~yZCB`d{_N!1WzniyFOf2m*|xiTFmw?s7p$0Tskw;8xf%=M<G8~@N+
z63+zati3wIJ?xwux8Hy(jDak3qTWf;$2-$j?huxq7kx7WaUk;{BR7xE<&3x*ra$&!
zV251?q7SWFgIby#4KrUR%?$I(d;XdsUA3p!AQ}&>P;+&U-1{W}(Te8sUyu<B$6-Ar
z3WWQ5a7(l!Wnv@1O|B+sv`2VQdiNiN^9fZ_Rt&$JQ_u)vc2L)!FsD~2H|SFBmMw`H
z(ek?u;*v_0caNhuNqKD-34V-OB)33`^^yxCQC$M(l?EcsgO9pe(7SphV^e%rwrIw8
zT9L42G^t+JPC1LPQ-Uls5e$EtRM5*R*&sS%oTW;iz0)12k&1-RYS@EUyxO11<(<U*
zpb)8hhkEBEOz|g~WNQh9_sds_c<9|unH7|k%av|TQ>i4#qX%*IIBv&&YBIMV6`S~1
z{R6w~zi{csa1;Y}mX|l#UAXJm)=X*PvR@E!n~NWO$5>=qsjlyr*xo$ThC+bY`e--K
z)s8_qQ~qF^4UImEL4aJ1f(f~h{YC!gwQEfZFp-7Bj85^eXWoXLR1RW6NxZ8k+RI^g
z(^PZh6GxJfXeW@%L5ZViLZn$uov?ND2vmkLu+BR*OtLnMkW_)-51LweWYmb7>QRok
zk7E~wu$nD<G?oWe|5*Q_dhDD8y-0)Vlh-c;{SgHnr}nhd8Q1U<@hoJJ@IfUk{vFiK
zl94o@<vZ$7uh#;ao##UO!%`^}H5R%lT0#;>`Za~TFBta~lh{6ixR1yAkF1FegZ$PE
z#1ccRKV6n}Ur6+3i=I6-%dKJ$@C_W-s{k7m5aEMKqto4iIjPEBkD;Iui1TH4ymyNE
zs+P!~AxS|Sa(gd4%-oJXOvMBQe2fcs0Nsh5%laa97({k<{|1n2_U+yh6fQ&owhPSs
zmTBG+P1jq>`QMpgb1aC_MhpdrJtUm(Edjw8{v!nQU-|8SNlgF2+}kxaTini;H{bf^
zf%)6&?3T*;SYQNp>01^J#~wx^_ykK_e62S$tdgDWcVXQZT<tB7QCjCVSYB=wuTIrb
zkM7^Wggtr7ego}SHRgQqdv-VTYF|X4vkEvY(JFtQl~Eg#^og|lU9u}iz0$#WYdp6|
zNYM6u=x&WzPiqMBD(H2wbrK+$1b7^+$wx4>hPGOte}UfPZ7iXtxp1Hmd*{mqB3c|2
z=&9G8VM97Y>VD1OP*1$uVcQrBcohaOYdu_7_1VCWbCZp|FNhz-m%Wy(m;2V=a`X{1
zYb5_wP+|&}Fh(QCD$$%Q+NU6&s%Q#&Ka>1Iss`V&mPKc05vI9Fve;kgv+7?(!8TQw
z7yhT?l=tJU-`mKG+AXe&xH3NdwFL8vjM$slF(n8G;`B~Y<(G=Xc(i?{^dw(2ZB}#}
z(>;JubuSjwc{ughF*21(9amuQkG1~{ks`0zH4D|k!pZVe9(5Pb4C6(5m?76&98uR3
z(#*D6)k;oGHJ&2_@m@I;&zeU1@h8Jwno9E{8p1r2T)wX8oL1njE2P}C2l!onfew4V
zZ{dIz_OJO=U@4;NKAOF>ycK_4H_$&fI3BMbR(NG>fVx9&DdhejQ0#|ERr~B*e~HFz
zf`aFmfAa~cs5c%{I@V0zN8sLlgiwm!uBU-GM#O@zT48$E%zD-+&mX3?*5gCh8_M^4
z;u{j5fuDtQUrbBH*6`bRk!q??@3R?svJz%cGRSzp{l1~ytE1>I*p$3c)6oC%yYC;M
zYN5sOWQvdQq2*M@dRt}&pCspE51h1w;iercVhg@aXn*X8;g|Hn6umjGCA}ZS@Ffm~
zg4BP6)c2xiL65&&EEv2#N59s1)Cnk2Xx*6#T;|jLzQG~n2#eyC!rIqEU!xq1+@Rl-
z2dLz+(xL*xPUYATG1=Bj@CjY-I$+t`nCDq3_uzxRRY-Nwex1BC`jjUAtylUE?Ilpa
z&7gVTylJksiTwKG>QckO^zUFjg&Cd(`-kKlG`um$=|tlkPS%)0s^$)SdT44=GhCL>
za_WLj6dUN<dS=2`c<6a(#qVy4N(faS^-$0l2ZDc6`bvs@z#*-~nN?HDoMghElW2rr
zXU14JCqY@$@ge|KcTiK4MOQJ00p2|x?Cxbe?iA=+AN<hx4yUi7tVZ2raH+dWB?-${
zk-y|2Ltt33H!uXxeop$zhovvw(CmKX7hkFRL#qqVe3k^e&!4j8gm!DmzTts-NcpM9
zOeTy@dqzl{q9d`^_%91Yfn_M9_9ktZxy%#3mUIM+YL$M%3*`Z#PYH&Wl1{!KBo%IW
zBxCpX0a0q9G0)CE#kmQ?9U@&-1Iy+#Ul=)IEK)P-sy>}20PF#$UEX{-Q~TY<`PLo9
z+W;#utqbUTg;RoIvD5MT?>{UAB)?_I(;Pk`dw&VksX!!y=o=|?>F69=f7B1XI0)2s
z@T9F4jP+q)TeQ5U1cmHX;nobEfjsIZz1jk;sq-@U(q*_1t?IrCp^cNab_8CaEay&y
zt?`tlLN`~(jr<rHwxD={G34PYCtY0a96i=5z@h4xYn+VJw{C1Jy%NdrgB~X%Wx$Y6
z#`*wv#+tBzG9GXBMc;wEN(3p*qd{czOaM|-Y51+*vC^bAcEb8>DBXh)OmUf9Blv#%
zItWi@COTe3`s}N&R7W>dChkvyIl4P97K|)tuiR_*E={KSgbK|hXlDAkV}j0FdJY^p
zZKW@0=9Cb12h4SHUe&*Cw64wu2wD1Hz5JJXqX7P&*>zF;1W|YCT}{$e=UznqF<%jc
zy-p}**a_(+Tqw%8$~^P)4X<G~l1`csJrwm8=|4hPFDk86UMJz9-=RS#m^Tqx^`2Ix
z<!?jk6s`CuV1D>4r6j>gvT4a&QVSCj+7^d<pq`aVL+IErfs4D_gjVt5MMYs3Z@*TS
z_4IIT@Bk$!;>-o&5C)`vriSn&7*$I!&5!kM`V(l)g!@|Zd_!DPQzZMjI06(e00w`B
zI^UB0#6f$Xa}>bp=8y`F;@ho#@KccmNho)~$0)(Met@a~17aMP?#e|5`L}C`ywYwG
z-^-E<^PE8UYa$Q%R|l47EmkQfgkoKcfSGlv{`zNqw3rPM&MvGXGK@e8%wL=OLoIFY
zJL2hv3m#rMIW1i5CETR1fu;X~&Gg8y8ZGjQZ}p@=)q&P{sPO3wEC0Zzj6a$5m=m@|
zOgp(1Uk*HvY1RkIfZjE<($jjt{Q-E31g7aEkWO{Xf2TWOnlhZFL*4v)q`(YvPkgG~
zN>F{h)E$N=hpbALHWb*EOvM@Q&Q!)wo()|rswGaJOzlp6;!-*i*-cZonqdb^ZS#mt
z8aJw4)cglNgZ0QCs4`Y!2vuz5+!hlts!36$H42;FU9^N~X5#@w_HZ>qP|g#B#$+A6
zad<V%2>K;<&|^QLJ!;G$t%8E5P=~oRT{CcY_K076Ng7|$=GM3a?63(QA2-@C+$lOa
zAtI3SG{6Hy#A;mJ1QzxJ8P}oAQbV=9BXGvxqmzlUk$Scn828|p;Fk+Y=bJ{MG+W+-
z!Mi}88}F~y$YrnWHd39Z!*B}5kxww35p<@r`HOPeJAw%z76)3R^j{tDFLA)!aMUVV
zl5Bn)Ikk#*mNpc*WY=k)8po1??<eEafJ<~F>Zm(zJywEqzEIc8;Fou<!9f>D&uB{X
z!yW@QHW*VwfV)zk4jVGvAVR+u%Y~ll%5|}P_evccsoElQDZFD;pYYtyu+q&Ja&cj7
zFbZ09<APn5twy;2yQRmL^td(s({@S$Z18<@fO8Ov0_)h8$}EWoxC7^fw!3oTCOYnD
zr|0)mOjB7%%up`2|Fp?>Ws}q$NhWR!4UeRwOEJ0x-%`OH+B|C0&ENfc6HAuY>bY#i
z2Q><s38sQ{H8z>Yg=Dts3o~;>^p}BeAP84%;U99#W7oo~iWP#())*0fr8uz2A<q%c
zeEx-jTaU3rsKME(n+DrK$(o#)q_}BpTNUmMVXWS(>qOxdXu%2qcjNP&390#D=35$E
zrrQ1L#b7&`MQmY!%@g;*@4t?FuXWkFdHeH_fMJ)owOsbY>{71N8oUn@w`Sy|qB}dC
z&YzXrrI8;n(#E!Jbg+uBF__n8jcfYFG>i&xFI-RUt*CYwYrlo5VSdhKS3b8*h&9N>
zymY)z2f*M{?5_a$EAU@m;5Y97T;5ZHprL~l>md;MFVN7?Z_NMSVvY~$466RSzWb!9
znSqlUm}Hu*GPGN{l!j%JXx!i%s6P^xoY%f4ORuwzCJJ%Pw(Y0e?&E#p=0syD-k>z>
zMb#xS$uw?2?o0em-I{{IM)SV?_I<TKQseDYZ%s;(dhYS90f#s5hErEzA9<oeRB|R&
zXl@gJY6KUE48g3O0^HG*<b$&^Df3Dn>mTf)lR+x1Dtq6^njWCNFEv*CwRM=yH_c}1
zxk61gX`d={DfQ>neT6~4i@7S7+&ON481+v(Oks`o?^?LpTnMqj6#<an2I!zI=ke=G
zHv}8nuc|z77j$M;Cp5V!cs8q*gEnw^eJDG62re2Ln+YaxAH&Tb#e|gq<g4qMHDf9X
z=3tU);dG*^-=pFjsq4IBT@(jCk*ut%F8=K|UU-k(<R_<+z-KY9Y58l2ZKT2>1~m%3
zhn57|(o|s$4MbKVo&wE0Q)Tiam{azvSvH=Lg)<E%h#BAY*+#EZTjPTc>G1;X7)MF*
z{1s!sW{e=~$>1*-w2y@*$7|`D=9WLKXqPmme(fd60CMnrn%jKhRXR3CgO-INs3cp6
z0n!*f)j~uq7w2bvi>|QiUYWOTH#N`py}m2sY<t8SVzJWiaqj-yA}doq%qQjNXZ|i=
zr|X=2T%Hp1JV9z~VH(J;?CFs#Z?!+QDQREbzATtddeL%`qcm{xUQzelFuvuvwP*ju
z87&Ht){agI1N<AtOemsX{PCt;?|m~4Yqg_%S}nqYbFq?FV;iwZbL1VFL8{k>nr7K<
zKhU-I+Vd9xZ8fmv!)#Mfod{$R4p*~oET*r(c#2PMGL<6IUn3Z(D+$VrTHb>mSF0aE
zm%{p&p)rnTwUbyEtqf`AQDXS8wdfza{$zdNm^*g6U&1kCgc$9hu)}KVT-p=_J<maX
zgK4^7_KR)3SvxUm1!?RQ8RrLy`nH`oi@;q999*~UEb3#8%p%Ngcx2iIF;=!OBpN?Z
zF>NxErH?^@cDyd)<V4vHt=sys!MXvR%Dsj`zf+p$l`r;I`1lVFZW}z8*1uO4_noE#
z++C6+*EJq;fZQ{$x|Ze2M{(RHPpq@^5_I9IhFOX-6fjY5i(RCwm#r-7g?z!M@ro5S
ziVk~@Vo2>aEXXz9?gvnU?jAPi5oXvhOC~P)2>p`STJsvdp}l!$;*-Md6X(`|ho=nV
zg@DHy!5B8l2yP{7ka7r4pf61tO!f2w4fI5AeCCM7sS`>H%PX3r-#`holp0KJjW3xm
z`K?qb6gFX5{VMhv=rcOZQ^Pk@CIR#L?>!|mADhKa+KNDCvITfxcT2E(K{Y`ja>K;T
zZ)~$K+M(J9)ZCkKt97+eaLv=sv5Y}6PF(J}zuqQ!QbmHOd4)+05BN|QSrlg3CfuAU
zTcpjfW%%Ik5yEF=+O^9(u2Zx^m#-W-`{$6jvmi(R7X3_G0dJziG~P_~>1O^3%8sbD
z<Ai*roLQX7CG~)h=1T<L*&5*ja$Jo~wYKF#cUG|a%;GNspwoc?XZE1L4jH&>86IFd
z7mb!PMzOHSpTL|b<pGv8ndp~90CtS}KNoiB?vdok1jo;LInx9dv_lyZ_%HAAqN}xG
z`R#1oVs4~?-f61Mr59%4`z4&kLFFsO7CtFF!1sVbtTOZ@;$2x@9yMEC+<d4FeBHI+
zi)J}#3f02<$#rh2R~HOkN8{PFTP=xSi6mh1@Y!P)3q_k0ngNm`s%y$yCg<fhz5%kL
zNDQg(YRAoV%ZbZDq))TTMkurG;3LB+?`{05=N{`=Z`)Z`Pj?hx!G;@PX(`zsoMCud
zJuL@@d(rk1=@IUyckGL2o40z&7^Vv~RCXk8=cRD|#u_G`GEkThl83NX?rk;@09#Qv
z>4O0@(gKarOQSVap<$udRC~wk_xGa@e_7UOW`i@iq!k@-9r>R=Xl9(lY?qHlzrVO|
z#yUZ^@ql)e`%O6``*TG)!eQF%N1Y+GA?BOC#pgsXzs01CzB@;!f1Xn|@>|nBTk~}$
zrKPyNjPg=@u%A`V&;yhDpulA%rU`0`I=c<I)8k9e0qA5$ibD+|^9<231jk_KY1mYR
zeGVt@KI{O2NZ>A6gP}~Yy?4iyFZHxmkLip1IsW5Q1_A)J+42!#56~?r<GiOqhDhqS
zYJzi_SK)K*1S9?Z+b%H$@^N{5F{7jZFdq(b(t|uPVLPyRp_!-qN=YS;n32y|&}0Lt
z=4F3A>*0N%38?>K-=0y6tIZj!ZOH-SZu}afaCqIcrcGORi-Wa`!U`r-fp_xFJ>9Xk
zb#kw>(FYIc^8iEl<UBsdvc^9aW#la!#u=879AYsQ3-8(Ff{3l}IpLeH$%7;xW$~JC
zO))Sh#S_g8VmX$M?$|Vi1OmAJZ1Z;SXx~mb6emsg=`cl6j0c6z?Wth_i@r=y=eFt>
z>b|=ai?2gS1h4@A?b@-A2vcn{KN_4z9qibt&?w`2*H0fsg^8if==qhuoN}Jpl>*RR
zMWqaH?&#nCjo!F>=p`Mn_m~_nynen$eAU9H<UT7hRsUmLG?G#osk|36ry}9SrnoBM
zwaU>k*@#P4Rb@z@>Pb#^uPoo}F|XDE38Q}EqMUMgh=F4<94l2y>*i=u=RKd0tY7;@
z$_9eZMEMG^Zba8Qkl|Kra3CAy0igL<deUnbbHqg7%w6t#Q$s^co_{{fZysbtPU?MG
zzsK@@_B{~#3#WgnqAdiQd;PQC-3I7r@LyCZh3fdkIr_lI0)M<>J23`WKB49J2}}Wi
zxxBfhYKx^Un*EWHM)kxOsn9ESSe;@G5)}uxM@W?}8vdw5O|UL{@VPhrRy&KN581Vc
zY#O?^HyJWAsAG7a6nF;>fI3J4cmNjEVTcYO|KEr?CkXN<i<&U-4<>w|2*CU%`~O9f
zcwiyn)Xh0L`2)CrG*+q|WcX(*6APg37)%P_05&B~qhIbRk0sJagkEK@S~X`3tAB5d
zpAuN6z{1c<^%N$7Gv)`SJL;7ho@I6$RQ!BWykJPO6CjRj_MSp+S)+A*leN?YCv&D4
z^$-r90Pyu0aQ6{xxRJ?ccPw=Kz0!6m#Zo*7uVLt5cKcJdE>_X_(Eso%1>0tE?oYm|
z-Ox)`by8mZ2O!A`L|RS#h!ppS>XA2&P^Vk2Nn*><D}(JbjPOdE;h~!|be?jG1<kM5
z)^9Ot+c$^k1s(djVg%odqJl7W7W+1C@{Z^mLK%atb#CxJ=gd`-!vp5p0P`)hM&^^P
zRhvrc-ts$qyU?-5dRGdo36Rt;5!T}A_(=kQufu$8B&svP5vE=r9PWl7OuP@>&(k8#
zm~X9fI`-!TlS&0080Le92to7JIa{nm+jd#UwZ$%Pob0Lb0!L&hqpEr|<)Er}Stao6
zu)l)os@#C?CTP-u3cJ}v(K?35NOGNpS$1gP67@4_-<R0ujV~T6aJE{X>StovE55({
zKozcoh1jQaLXnDpA@+rzoy}j<R#U3!H&d)Dzb-_mDa8PWYXL*rLG?_~N8pB=lds${
zW+{h3uHF&IQ}zY}Mu<nm;+|AJO;<V%j<1%Ie=&dmEU{~Cf3k!W`9cG14F8<rC_qf@
zsB;{O<7gZ2CcPHo&4FJwAeDaw4Rm79)Af(`v_$D9`X8Fn_(*z}rYSiWm)4sFNSp4)
zvfiM#6x`waPbJa7b;$lChBg!^^Knd%sTGF=HzWM&1^8=D)Ek)QfbsZA(zIE%CD6+s
z0A9sV3}auJaKP<v!&{b9ql@}nv6%3@FgSm+XDn53zR4Ap><tV{EO^hy`^VljYvdHv
zqvEucNJpP>tunuzZ}V?px>8&>l}qX+0;<I6GBD30du8E(%J13-hRiNFkORyoUlx~l
z|Mz(LCzkvz-r}TI+?ZJtY{dK)Wr2X<|CP9)L4;cl{V+6q*P}1KTTB<h+3@X*ofdJd
z{VvX?R>><e!Wx}Ph7}ghlsYhd2t;SjmDC$D4}i1iK>i{p!IR)cmXJpF(Xar7{@V88
z{Na1&QD+2BNC8~E?BAFvB)m3>(y-hRg+mz~RQZizhbwczaF+B};)`Ge5DL$wXxtQO
zg9Dvv?(dnb6ZkTHo8%nO2cQxw(TVo=6)~cMi-^<|3ewj~6_YjResY;!o!SWQ1Ioe;
z^%l2wznyU|w*9SL(T&yBv-`1v=XJy5EFO?Vf+9dK@o+8i>>E#QH}VTN!6&ixrO=v_
z6nec5)0=pEPR;L=KF3G@28{)4L5mV=e+_`_`$H2sejM>gLIZ3EnLlzRR<2>TvZZZ5
zl>pt>X>gIri{YIY>n?sAKD42d6df#t;&3MOz!WymzJU~QfE9jf2?zys2#&zn14~+=
zx3fNrX&9B4*gelATg$gQiPo776f_14Qv)}N+{^FFp{che6OSINdi0VFU@Rt6TAQap
zaZ}4DDICVuc-$?wshUH}n5TVJ3)$?27xA#6K0M9z5#*9TFLY0Pwg#dXn-iWF4H}>~
za#CB1Z$HlinhSb=<%32e^-sa-ihh3;FJ>>fe(aAX_C_)6wv144x@q|)F)Xv#dstP9
zIr+k@zl>-5w(liulmVVG_fZ;3L{*d{$9|5A%fS3~CZ5Q_R;DM?og6Uzg%y~mD)1|D
zU?t6f8yce_R4=>suB^hjp9%ALoRM(2yrHhj=f(MiwDimr>fH2^>u!b&aHb3f0Srez
z5$bWq7im;#K=<KHM8n1u@@db7r9`QyNqpRhPs--}3tc>_1#2E>O_WdbJn{`?`DlqX
zW0aGJh`O5pHq~l0G$13LpUXq6jMJCcN?z@LM+pEV=l}c{VDNVYoeYdlG3{Nd^SdpK
zqcf&4+6GFY1KE7lA4pG`tuE2U8!}LL8dN4Xsiw~1d!%?<>SvgLh8WN!d@#iAMe-u}
zb(x|`6;P<ZG7Ktb(0-_;;QTeK-7Rjk84-<52Xjyouvc*b*BjuPJKMct+VI?vYFocx
z;oi<>VScjx0lZLNK8&|L-0Cu#e42Lpn0}d_3}y1??32ChUzdK?+MdRrBcBC8G0`SH
zN}lMfPGy`3Lfb35#h+37km$?h{%{q4v(due7|gHuh>LhrOQy}4xS@UU<r;^32kkmz
zQFSg!`({fT7DDox#?NB|xJnfFP3x!s5Isl>p{c{r^lpVE6yb_mU4*Cb!!TF5Rmb(n
zCAR)0cul`4$yJU3Ig!Q!h4pyC;Q~Y*qOcIBVah}3o3GO*PcX%Y{GUk+<g^uLzpf-5
zLJ5C}F|z9UO-64@H(AmI9qj^iY8}^^ViT+jg%wWFl6?`3(Xrj*ltHdRFIy%b(LBt-
z?p{?D3j0F>p%Vn8x?C5iVM<ug^7si&m6Nc$S$`!DZfDI{!zifmPclCQW|k6?B2je6
z0CZO4QnX5FMHrv<!=QQYC86_H5RJK?Y<GaH(1MSZIc0rU=$5mH#lTN6J%xn=CE;Gd
zgm&sT_U0SBFRd71;hu^`C1_;Wl{~v#Ks*2GbzV4d)cqn!R9sw~&6u~!`8~PVJC^v;
zO_#7KjUAnXY~<~NZW9W)H%N%oNbW(TZu|;W717hS%}+(7Yo%6&tX`d_)G8Tnl;>Ci
zwqu(mAhq0w{~o)orO?;{Kw7D25mpRsI)15^F#V7d$H1E=%d6xf?j@@Gh6yM_{2|3#
zf$W;FQynFbItcbfEjbJz`G-}+MGhpu83_@Qpf%zF%xn{Ur8eT8cVGEoi22P?CP}qn
zz4*mV&g@_=CL^^DyokB9OG3zHWjYtX6&c_&jvLKE^KnTFjj(T66|s5~`y^fD5Su9b
z(pHzBZ*YZI28vY92g(}E<OpfzZ1&0)KTkU@Dr0m?#9!W{K)y{co-L_0w&kzpy5O(`
z&_(}{X!so#rAoGC)XW?1MjE0(?3C8!JdBqjpUd0nMO_FP_V6=@$)H)WuVD;t5aoal
z=BQciV#ndY8B<8CTOBgs&NZ9kIl?n0mUUT)pTQ1-Xev<7({RES%NYyU60xbo(_yDT
zU&iq5L3m#mwff_Z5Cd&-=WV9|DGSYRwfV_puLxs~xq@P$ke>YE-SRTpL_DCin;noX
zcKhC}*R#Lw)A()VhQ={Q?hM~jXArx@NsP5e-N{wU02o}!24-gX{jkIg_8j283Rj<X
z*gho*JxWw%7cl`f>Xu|clU40(2<0N_!U_swNdU+mc6-j00`Uv7%jhjfhga8+7J$96
zUY%Rd-Z`~F_m~HP8@cZ%TkkIkY2DONGrK5^Wa|@?i~}|k&#=+L-6-!3QjF%(DMcvK
zg6vvarEpE6DaD43L9OUOsCDTvzQgcs!GJ$(M4I3Afh)`@5Oe%&+>)A8L5BpCUtFnY
z<M$_8?D)?7uzKq<y|XaUEKGU?-SDM8P)w-O^D%a`N)uarZPMsk9_(iwOEHIlO<4a^
zGsQ?hcR6B^9F*{ZdYqz|(yZ%jsf&^&=D(1U2wQyqpqJag?r1>_iiub;%D2TROP%sX
z=e!QA%0p^i=$f(DuA1=F!}-hd{Sim|Gfopt<imwQ|EYv){$+~{j*s%rpOXt-%|ElP
z<H|B?_2d20R^qwZhA{PHO;!t84=w2tR5ZMRn<PTr9X7zPak!G4cLR@7AtxP%O99id
z7QCcAfvc^Mc;YT5g>9y}3zuxb3<yrO#1c%Vmlb3bDf+9K)y=J8x(4Km!Z7Nt%?mFQ
zU-`Y1_6oXqzFm3HX%B)FecTw|;(7dBy#$@CTKJ#CibO^dO(X}&i30=-ttzvEu`8{1
zS%9%M)phdh<{2$z#A}kkK#IN}QT(XSZT0mSf0()(U_;%Rgzg(}o6*-kiS$ve9(l~~
z7StW19J`gE!uhm`=NuPEjqXNNj@+i|8lea9f^P8IBh`$xjwLqV!;~UH7Hosh?25Z~
zHB)j$e~7caZSr<sH|yAonHHOc@`zR0_fw+=fd2l7BN61ap=!jjS^niGXIH#e^|MOV
zj4x){!z5h`u{Zls=tPJ^C`sDIa<mg)ZEg#QD@d9WC>Yl9s&hw929j7Sd!Re8u>dSU
zMHYB_SU}7@Z>-9HR{XK69ea&$;t?PS5E@G0O}51vV8@AioOg;WY)^5M7~?gM88}V8
z`T<@~g=2z(AaE*~4KVE>0XR9dUtT~i?N2#)Pkz;;6Y~V=aodM4nMj>HqU-Xt%&r82
z$_@1b=?fGN2<=}!8$9?<+}EA%n~Q9lD86e@IJu0TACpr9e&{UW@{i1Xy{}AbsfsQ*
z3QP0;Wf}rJ$?4y%4_pE<Pzws568E0o`=Bj|+hl1Vn$Er}|1-77WmA)aZ7!RAlxJOt
z>7y_;1Z^m-qSBF3P@wqQ{~j7bw$^%>K1XsR!4w+V8LFXxvV73!eSJWYeeV@7wHox?
z?uit%)(Q_HL^EOqoXCD(<jtzLvB^PADmVgUyW<#0;zQp+S@`RfYw}2t%o%H7{jspx
zoN=;|JbdY&b%-9(0<mmxq;`k^r5ay+ceoQ15422?VpJ*vp9x4Erl0DrGN)T2Vw4DS
zc%6{Z;}`@)*LB8X{WW%$DxJ~(AmX2R<eTcDsQGnyrdxsJ8+OCTuPX!rcg#_>&COd6
z{NOCbXYn|_>^Y>fe8=;U=_hn~x36ndg=*2QKJp`O=QkazeAdoU=0T~6xuF>uSU0PI
zaM1>Myl|mGk6i0JQy)Ycp9YHe_Efl30p3&8<+hT9-#k)4+IxZ~=#dHHkqLue<c%I4
z>(|Z55H9hFhyA=+M$8`Q^`_DhDb&RDI(8ksHL~0JdS#3o9gde#4rc(xdQ^KTqbIs-
zLx#|FE+d96u}VL#Yqm2-{bfL-;>aKibhdT7u}0H-zw5yf@HExg?)%7e{urPm&bxep
zws5iKbKWd8mH3JwaZi}Q_fqxljD%=l!&}|%ClWWHb!dhIG`qFGt1=8ts*+a0taeG4
zFLE9%Ce$G{jhdMptsLW+8kX|fx-r%gJkSwr7IiSx=Cj3o-q*!iSb_uW4c@P<3&8Lo
zID0Od8>Yvnnx}F7R4b)$SkN2}j9MoC)U1sc*!q#RA(*TZ(?Xji$dtPWQp-#mk0C6N
z6E{JkzwoLIpx+uS{0dyoy%UDbyyM(~z0Lch^!rzP+o$6QqFCpd`nzDBHGK+=P}_kh
zx>(|6pH&3eNL7W!dQ&)!e&v{Vt8sK8LAF}SKNuGSyBTk!31vN7Kl*i=eelNX*c?sm
ztc!di<k+8oJa63=Wux#*gk$V{^f_I@yAf!9d?$$AM(~Zq^Feqo@HXHxR$sFRtUQ`z
z>Ejt+@V1{vfV{-*%A@!CiuqsnHNouM<mbmEVz-vH1rGy5AV@v(-iE4<v$wjxE$OhL
z{#<k`J~yaa>9B+?VR}nQb9#;P60b}9ra!d9nftu4Jzr?o@dL+mKdlYzVLt9I!SfHw
zSF_V6<CMWk;H78hQ0zx4=Qd}sjANm&SPWoXh1L@kH(sEKm1jwW5{O3p4*eAwL)NJZ
zdqc+dOyp<ipKjAQH|8Jo;>l51)8ZCaR+8_BJ6I`S!mBE)COCKlZuxdIe0*pEdRNkA
zS5|y5TWfchUD_}Gc0EQtP6XEM)D(FVXaM@ZXrG0cM#rSac5&Zsh|dx;KU$seyqF5s
zHeMlTGPJ&=dhMKd4vC@d6rVM7r!9?VX`9j2Z{IP0LaxXkEc4F!1?%D3EGjD1bmz!O
z_pU>_-^1O5?DUf;tC1w1{!yNP`+K{l%i{%WD74H_@Kr}Wb4>#((9=d^hal%we$$rz
z?rX@#fZaRAOO?(G>&wrZ>HS@X0+aNp#zYa%41%R7{NZKP-*-oFjV5fdC7s*}auuUA
zb?66@fes01a`7=fBElGt!wjjIpBuUO_G#Y10I5j1MHHQjtc=K~y6(;5W5EslhAP<@
zhCkrtY78AKdaJabMRV`td#FGVWu|<-0=-OMb6ylK*-U@GM;FfTuh-aPjm#obe;Ri0
zjOGfNukdw0%<YY$rwIa%F@sO%?4S<atVb+7`Z*lDJx0Z1It{7<M!l5ASBzM8vxgL@
zj@Kq$C!`9reBCUZax=ylGCrGLN=^oihb;5Ozw>yrx}>gw6w9dUHy3&hL`dS6j?jBj
z&J0mR8baZ!M>?<_bk6p;3B#2E%&EH{FNbp$o-QnEyqtP{_kQ2g2r>%^i3665F-wyH
z++~AaTTl>9UO*>nMMkAW4`)&zp~din{NVhqqwdbHwtqa}15FwWqxNnpU4at=<w){Y
zv(5C}H4l_EuTjV#q2d&NWrXrOx%vXCgww54xvr&wXopTn!K?vVxsalvst)fltD>=z
zc28X|Yaxi<Ck<K{{-KJGoDu!>uY|AkaC)^T+Qav+k>*YQ2RLAWmq?66f3f@Xg@*Hd
zatX`m%yl*nmhEt1Ml_FHelZ6m2XnII&ETQ7Ew6WIXFXawr~;FeK%+ak8@Ff7^);gk
zp065ep$BN0PfE22SZ=aN@yuM4=5>pHVH0TS)tEdz<ACgAp#rawb8a3B1cqKV_&~%F
zJyT+x(<0m;F&O3T=A6k3y6iMI9E$ok?QfrD+;wftQRmbhWQX?#upQBBE<y%5Y9}hb
zGJY#hN68CMNkEc`fg>$Da6wB^OR35up!$V^7{Y(|Iq5;YjrL<RHyu2;*SCPK#QcA3
zsa{ZscTuJ0;g1NUs=gm}Qj<Do2e2OxYV$24Qn}DK1|wiq?GA$St-T!Z;SWKcUu$EE
zL!I!#=PSX67P~j-z;O(hc03P&x~oHf@EFYS`yL^(COn+lW3r070$A_SO<85gWh~Eo
zW*vurZ<1`*_{n}2$YKR3tN`lki+I}mqqUU~m90AiV;~Fx(!?8epf~vU)M6G2BHto(
zjsmyNX`njJ^V1Lp;2PSGfSUx3*Chbx)io{roCXufiY-xiilCSx+kIxZ4wVKNG6F#M
zGpYvxV2ug*zUD6Qw;TFDMJ}`iUABXTBi#b?HK0hBx|&Y40r(FKJvKjlVb6?97nwgK
zGjCP`z&*x*d2|d?HPL@WvYo{aN~mXO76+t%4&n36#V{U-7>L?J=fDI=`w;W+-g35b
zGA10UN~B@M0k?iF%Hu*Re2JdVR*~tFjh!9pN19TXNEHxZ&8UGxsr_{l$wMMX^c-W&
zC9O&u8!$e3CICcenrOb84FTxa)o2D!_k&&GHtbl-M-M8$QQB~@0NIJ6m+`AGRH{=&
zCIci$w!>)pZ=Va9`@}(l_0rF9p%n^pEiQ)>yV2^vxS99s7DpRwR)vbC&V;shdsFaH
zOVq&R2tzF_H|8pJCO1gSKXe0pJhBvWN(-oJ4=S?(Rs*S5MVZdl8c>F)yE_KbmzAgj
zo`WmTGoU0b-F4uu^$!6GM2W~_e(o(w1{haECzRfogRJ>y)JBc`g;Zi?lbjd;aj5Kc
zb>QfIvtwSrKupo>0#`mmb}{C+9gf(s4O{q|2?F7*!yvO6Wd|CUx_uzb=opp?q<Ca=
z{DV3dx{uSNi`o6=cr_Cr0P_M_J;8BgU7=xH8%r6a%_@fYVsrW+;TkNKHIyGl-Kb_k
zXPPW6Uo5mOX>G=Vbu<0E5kRK($$X4)s@sD-ER7}EejM8Iv5a<N25PJKOzhsu(9cf>
zu0sF^!bCOd@7iVBG?JN<&dX=YD;%$zr6Q!y1JyC&JcZH&L*~O-ZfhssNnyHc=PK?U
zM=V&SMrNbs#zL~`@x@wk5RBTP#9Jc?DE8H<^5^(RG%c3`hA*K(Td%|I;=Zj_lmJrn
zIY>tskDQVNFsux^ufPGYug*~EgSNQnZttELCO@*zk!I}LIKJ&Ra=Oj8AD?!o5_7(=
zkD{rB4sWbvubNd}=(yd;S$(!d<ZQ0`sg4(%PrU%8?JuLL&Tz<Jf=dik8Hl2Rm}MBp
zy<q3rn`?#$Ff1tnSk~u{^Es_4lJ@HUL4QhpCs&-^sW&C!(|Bp(@pRSo1_o~z!@TdY
z3{y9JDm*cl^ZCg#v~LA(d1%@51u)uHDR!b=N*m~|=jq4lWo#DERP#)k$aibQT2(~V
zpOh-SEk0rOPdZF#oX$R$UmPfW-OU`WQ3LKp4h4}FGoXIb`&7p1wq}r-UT-+3l~2qs
z4Y#ba4=k^`jkL*B1QS^5n6Le;4=R|}z*Jkfy5}|0s{8Kh)+jOcHC6rbCcuX-NHD*3
z_4romc1^V&)}|h=;dSm9##&tA(>%hf$G|-DtqzrrgZm!W?DlCjJ|ky(`Zg!PJgJlP
zZ6ym9`1d2p8V7>JelrCOKa#h?0PHUoLKxf6c=ado`}WtIpUk=(CB2b=Gh(km(WAe+
z*2QDdp7(OMjCP&4mKsPpnCT&Zzy0(Aj6I*$;Di%&)0K1|8J?_+bXmC8l{lET*pV&r
zhM}0}p%f=cf1M`<U)(j|HuWn>+p6XIS9dB`BbL?WD~C!%u}^+&`f3Rm<9-<-o~3D{
zT=G{*r9%7(A%xH<s{(ZV1EKyy9(#sx8IBsKah(wlxfu~;5WYj+qNi#LJ)7V7FeU7P
z<_|GWvzTGefJjS`B!QKPUQD#lWe=<%hhkY#rFz5{j^#!yaze0MOt9QFBaI-0hdsL1
zSUtRGGUU1h`2?dYL~;-v*v$n@M%A5_#Hpj3JXFFT_WSJYFZ9d0*ozv9V<oi}@sO*S
zVcV#*k+5@X(jPk(QTv?8u{Et);J8Jwf-@cRsPLpz5yJJ=LTp_LCE1nDfwN;M>as4!
zLIRIGaF+OUM^=!+!#x2hzA|}KZB~V38U8?Q8K)FX#IKR2Sa`l{=v1TWo`$RM6YQI+
zAau2_20AdiC(O2%d9uHSpAz{V3x6pFU3^=I-!l3h_K=<3+FYv)WJwSdi|7SP>2VFn
z?1Os%LHKech%!YZCCU&!%_b1!y9Ilkc=$^+=t46u{rT<QhU6Nnp|@oK76b`nmw|Cp
zGxW?tDPMlC4Aqmf3SMra1ZL&6RJFpM$N34_%PjJ~fjjJbtM0aJDSn3fX38Vf=<$#p
ze7cGGky#2RC5uuP(Q8HMUKxxIC;<29c0ILOsUbqrO=y8Y<=CR?0kl`!Q(J=#sS9p>
zGZj*(k$&!+B@71=`;SS?EU-WDnzBSGQ<tH?QT{c?Y{9d}Y?U~jzm}TqBWeh#i>LhX
zxN$+YzU9h9P8-oD&CHY&B%+x7#mo$9=tQWBsq+P-p{6$@U^l%LH$i>**vapD?NH+F
zeW0Q@v!Y^f1?N%$kG_`+f-p{rKn{7^=?}~Qs(Ak%wyE7P5Tf`lx%gD5w3yi>zp$xs
z|LGU;YwtEn7=71~P^lxwyQ^QIJqKw6Wub*!JCZ%RFYi%n(E!JT4d6&#5f=&og8)+W
zw|8~_Ph|WHoS~JV$C{--g8%37RdChM$I@ztD;q|1U{MFyxm9{DgdXmSMp#q<oa6oS
zb?;c-UI&JU1|Y)!D``d){&eW_nqLN5FFl02m?OD-#O~P*wa)YcLXgW$T4&^w!jda*
zy=UDk8pQ+*P7#4%aqT1n0gJYj%X;kF_A&nhCU^ST83+9M_8KQpDxVu)dkpb5jrUwP
z@pfU|THiYWniW-;tS*Z_uR=}-fkli6|7>y;#{-+mHlCk><P=FbOm2}52+M;yTj-Ko
z6Z3XFDoPD-qSs$rTnv#jyR86PRDR*ZbX4AL5t5Ql0ef^;`(}p%`TXX4n}YdpCVugC
zr@Xy1`A<G#nXL|z3GJL!B1<`2SWPkBIE4~IZqU?&DQy*pLpC&NInrce1ex9CgO}JZ
zhqnlPZaTo|D*w=dpIkA4{kJ4k5+cZDkR=R-pSB$v+ULu4bX=0Z@*aFmIO+;>H#u}&
z)=4@Tp76yRHZ4MyTW6=^!MLv3m)YJw6fEalll)8K1W&dS^%T2s;E8Ee--nE^c)NrT
z)*}A`!CUF&G4HY#^9GLB6g`CP%)dh&GVV!W7C2N7EQ~1}qaQ+!50}_etkv=isj6hv
zEyleeFBAwjlOij5o=*xuhM$K4GS;_0Z;UKA8M&6>dv3t!>FV|jD5bp9QNTC<{7TSA
z8CN@_FgyuE&N&kppyl!g`r~YSHuOmOAp)Hk#h1QKrp-pG7c|@X;wA97fO9Z1sj2~|
zOPqL&<C&rO(^1<7V#wpGY-68r3S4N_nIoG210?uUzpQlad3WY?F8fjA64r*z#mX87
zvc6gTnAi!)gnSKu8~LhrPSaw)u;6~mZ(n?3@)3hHI&tH08O@M+fQZZw#ck^;aZ!ss
zhuG^#P_BlM2DfLBA)7$y^h&v2T#HPV5*GzoP_&aRC?MX@p_zBRmg*OZG<xZke|_Oz
zsRDjrQ>GGtt6};1J(C75i`{LgWdl_!Qf-(4%^<A)4g%7TqgDfON3*bcM?Rh^Hbg03
zSAll$T|JxZyV_5t<K3uTRVocoq@k+0XDHaDROpD3d4ZvOV5d*t<yWH`1i15pLsM_k
zG(E$Hhl?x_t%ra6YT<>Ii-1m#rO4q(!xSHxb?`_HR>Lj(UPvVG3GAK`ti3c9W5m8k
zP{;!f$kK4@+)dk(dtc#Z1n8(62_!OPN;Q8|sH)Xk3*E^iP>7lt=i|C+Wqd$}0L~H)
zJjc?uVwmlsO98V88}aW^LHI%_O;s5k(%K$aH8nMNbx;uLVQ;RMUX{AuIM|m;D1dIA
zW+~-fnqR`_Q*C5z#85f1mM`4*sYb0XMsq#@^@m{$y6UiGCj-X*`UhbBJCR3j^_=}^
z2O|T&CW_hLuwmUT=}awPoTGtUe1?_>s73Pcvei9IB^V>IXFT5c&4I4XJ%#YA+f+Lw
z4@&Xtix^iHTbL*P--U4F?F2=uOzjmv?F9Jv@SrODv@_&vgZxxM6puF)^kSG>mn?wk
zYv1mhgYFN3A<w~R3yq>DR6z0^){iS=3xSRsBhmrffvEW|M|l!d#p((e=G#LFlT4(f
z@aKK?aTsTTIG&*cXVYtB@<3iNTxoV;sF%u9xp|6r9!Syqgxh)<xnrQ@B;-lCP6IrS
zzm-`7LQnXh16Fj8gR40b|CNvozfu+nj{|M`&n`+x-&N^O&G>LtTExidR6mu`&HC}z
zqHojKJ5<E!XIZf0T9RR*;Q2V%+(9tY9jNNyr6+z!<I(jmp%z3Gj)V1$k^_i95pNb3
z!+JLXQ?1+pT4ynuD#F9f?tEZtbwws6;`bCNW-$Ct)K^O=4+I6nRc5#5Z7<QXx=21V
zD6;g2{>o^BAPDCl&J%uuY`Q{skW>%e{^;`}ulwQ(G@A7T#ljPj`c#14gxG4EU`9H%
zx;+A+LGzM4O5$L(cv1Quei=r_hZdx1Rp&Ter}-cAAs?mEz?g+!p8#R=XdtBR;l4!v
z@TyVJDF8-+)`@?huXbwA{8a)g(O>ppM=L|s+LA#8<QZ&IzKIQ?Y2n|7cLW=n^@GAT
zw{#H;acWS2_$OV9njOU8@PqKTbB+KmtKi#H6pu5%vosL&PsFdwUA-^0PMyIwUl3XJ
z3duya_8q|^P&%{)x^Y58yde|({nnSMR@3FR<d7<4k^HT36jn0e&W{U@v@$Nn^1GL^
z3N~GR5b=ONW!}*j`p-d&;S_bRxc`7s{WR^n^{>ztFYLPq4`Ks^2q_X96n2?E-W`rv
zZDw=`opY4(>YIj#6qUbDv-pdGk`#=e-DrE|_x_(Pnev6f^{3$e4U7{cXE}G|9}Bj(
zHGGqFuTFJ`)p?n=YZ01nm?95`{gYb$WT|n!{pNSs$@8Zb>TNt{I^jFt?_;GUmo@7W
zC7p^-S3iETfBUcAq_w(^jjwc_WIHdlwR}pG>alnOO3>-E`I{f~^fSKOt0A6mc4nSu
zd&IoBCH|i?w|nO3bUFNN?DJ)utzw)K_(ox(SB}@&A8Q48mu#`!^}XzieAt`lb%%O8
z_w~zHIqWv$xL5o2#d-JeBR{X)-6Q_u+vY`o`V$=fI35+dUwgYXVgH-o2U<5Ya~*he
zIs3+p*=@TW@4JU>{qFeJeg(sUw-@By8XkTA{UFVPL7`gk!FK1vxxgj>tkPy^SSbjs
z!+rX=nHc`rGbL1&1eg(MC&)4|XeFdKZ1NWsV_3-WhBsiFrobkK6WPp64mZR8-~Ob-
zP!P95iJj$?QfSMWU-?W7OsT6G7%-b1sm=e`qrXRZ>jw8mgH8$YboFyt=akR{03yAa
AS^xk5

literal 0
HcmV?d00001

diff --git a/doc/user/project/merge_requests/reviews/index.md b/doc/user/project/merge_requests/reviews/index.md
index 62b79ce1730..3b87e78cfad 100644
--- a/doc/user/project/merge_requests/reviews/index.md
+++ b/doc/user/project/merge_requests/reviews/index.md
@@ -50,7 +50,7 @@ DETAILS:
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated
 
 To assign multiple reviewers to a merge request, in a text area in
-the merge request, use the `/assign_reviewer @user`
+the merge request, use the `/assign_reviewer @user1 @user2`
 [quick action](../../quick_actions.md#issues-merge-requests-and-epics), or:
 
 1. On the left sidebar, select **Search or go to** and find your project.
@@ -123,7 +123,7 @@ To submit your completed review, you can:
 
 - Use the `/submit_review` [quick action](../../quick_actions.md) in the text of a non-review comment.
 - Select **Finish review**, then select **Submit review** at the bottom of the dialog.
-  In the dialog, you can supply a **Summary comment**, approve the merge request, and
+  In the dialog, you can supply a **Summary comment**, approve (or reject) the merge request, and
   include quick actions:
 
   ![Finish review with comment](img/mr_summary_comment_v16_9.png)
@@ -137,8 +137,8 @@ When you submit your review, GitLab:
 - Optional. Shows whether you have also approved or requested changes:
   - **Comment**: Leave general feedback without explicit approval.
   - **Approve**: Leave feedback and approve the changes.
-  - **Request changes**: Leave feedback the author should address before merging.
-    You can use this status to block the merge request from merging.
+  - **Request changes**: Block the merge request from merging until the author
+    addresses your feedback.
 
 ### Prevent merge when you request changes
 
@@ -147,17 +147,24 @@ DETAILS:
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/430728) in GitLab 16.11 [with a flag](../../../../administration/feature_flags.md) named `mr_reviewer_requests_changes`. Disabled by default.
-> - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/451211) in GitLab 17.2.
-> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158226) in GitLab 17.2 by default.
+> - Enabled by default [on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/451211) and [self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158226) in GitLab 17.2.
 
-Any reviewer [requesting changes](#submit-a-review) blocks the merge request.
-In the merge request reports area, it shows the message **The change requests must be completed or resolved.**
-The request for changes is resolved when the reviewer who requested changes is asked
-to [re-review](#re-request-a-review) and then approves the merge request.
+A reviewer [requesting changes](#submit-a-review) blocks a merge request from merging.
+When this happens, the merge request reports area shows the message
+**The change requests must be completed or resolved.** To unblock the merge request,
+the reviewer who requested changes should [re-review and approve](#re-request-a-review) the merge request.
 
-If the user who has previously requested changes is unable to re-review or provide an approval,
-users with permission to merge the merge request can override this check in the
-merge request reports area by selecting **Bypass**.
+If the user who requested changes is unable to re-review or provide an approval,
+another user with permission to merge the merge request can override this check in the
+merge request reports area by selecting **Bypass**:
+
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Code > Merge requests** and find your merge request.
+1. Select the title of the merge request to view it.
+1. On the merge request **Overview**, scroll to the merge request reports area.
+1. Next to **The change requests must be completed or resolved**, select **Bypass**:
+
+   ![A merge request that has been blocked by a user requesting changes](img/bypass_17_2.png)
 
 ### See how reviewers map to approval rules
 
diff --git a/doc/user/ssh.md b/doc/user/ssh.md
index f8ad75d3c13..fbd618da493 100644
--- a/doc/user/ssh.md
+++ b/doc/user/ssh.md
@@ -80,7 +80,7 @@ Available documentation suggests ED25519 is more secure than RSA.
 If you use an RSA key, the US National Institute of Standards and Technology in
 [Publication 800-57 Part 3 (PDF)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)
 recommends a key size of at least 2048 bits. Due to limitations in Go,
-RSA keys [cannot exceed 8192 bits](#tls-server-sent-certificate-containing-rsa-key-larger-than-8192-bits).
+RSA keys [cannot exceed 8192 bits](ssh_troubleshooting.md#tls-server-sent-certificate-containing-rsa-key-larger-than-8192-bits).
 
 The default key size depends on your version of `ssh-keygen`.
 Review the `man` page for your installed `ssh-keygen` command for details.
@@ -559,68 +559,3 @@ chmod 700  /var/opt/gitlab/.ssh/
 chmod 600  /var/opt/gitlab/.ssh/authorized_keys
 chmod 644  /var/opt/gitlab/.ssh/authorized_keys.lock
 ```
-
-## Troubleshooting
-
-### TLS: server sent certificate containing RSA key larger than 8192 bits
-
-In GitLab 16.3 and later, Go limits RSA keys to a maximum of 8192 bits.
-To check the length of a key:
-
-```shell
-openssl rsa -in <your-key-file> -text -noout | grep "Key:"
-```
-
-Replace any key longer than 8192 bits with a shorter key.
-
-### Password prompt with `git clone`
-
-When you run `git clone`, you may be prompted for a password, like `git@gitlab.example.com's password:`.
-This indicates that something is wrong with your SSH setup.
-
-- Ensure that you generated your SSH key pair correctly and added the public SSH
-  key to your GitLab profile.
-- Try to manually register your private SSH key by using `ssh-agent`.
-- Try to debug the connection by running `ssh -Tv git@example.com`.
-  Replace `example.com` with your GitLab URL.
-- Ensure you followed all the instructions in [Use SSH on Microsoft Windows](#use-ssh-on-microsoft-windows).
-- Ensure that you have [Verify GitLab SSH ownership and permissions](#verify-gitlab-ssh-ownership-and-permissions). If you have several hosts ensure that permissions are correct in all hosts.
-
-### `Could not resolve hostname` error
-
-You may receive the following error when [verifying that you can connect](#verify-that-you-can-connect):
-
-```shell
-ssh: Could not resolve hostname gitlab.example.com: nodename nor servname provided, or not known
-```
-
-If you receive this error, restart your terminal and try the command again.
-
-### `Key enrollment failed: invalid format` error
-
-You may receive the following error when [generating an SSH key pair for a FIDO2 hardware security key](#generate-an-ssh-key-pair-for-a-fido2-hardware-security-key):
-
-```shell
-Key enrollment failed: invalid format
-```
-
-You can troubleshoot this by trying the following:
-
-- Run the `ssh-keygen` command using `sudo`.
-- Verify your FIDO2 hardware security key supports
-  the key type provided.
-- Verify the version of OpenSSH is 8.2 or greater by
-  running `ssh -V`.
-
-### Error: `SSH host keys are not available on this system.`
-
-If GitLab does not have access to the host SSH keys, when you visit `gitlab.example/help/instance_configuration`, you see the following error message under the **SSH host key fingerprints** header instead of the instance SSH fingerprint:
-
-```plaintext
-SSH host keys are not available on this system. Please use ssh-keyscan command or contact your GitLab administrator for more information.
-```
-
-To resolve this error:
-
-- On Helm chart (Kubernetes) deployments, update the `values.yaml` to set [`sshHostKeys.mount`](https://docs.gitlab.com/charts/charts/gitlab/webservice/) to `true` under the `webservice` section.
-- On GitLab self-managed installations, check the `/etc/ssh` directory for the host keys.
diff --git a/doc/user/ssh_troubleshooting.md b/doc/user/ssh_troubleshooting.md
new file mode 100644
index 00000000000..0e0e5d89e60
--- /dev/null
+++ b/doc/user/ssh_troubleshooting.md
@@ -0,0 +1,72 @@
+---
+stage: Govern
+group: Authentication
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Troubleshooting SSH
+
+When working with SSH keys, you might encounter the following issues.
+
+## TLS: server sent certificate containing RSA key larger than 8192 bits
+
+In GitLab 16.3 and later, Go limits RSA keys to a maximum of 8192 bits.
+To check the length of a key:
+
+```shell
+openssl rsa -in <your-key-file> -text -noout | grep "Key:"
+```
+
+Replace any key longer than 8192 bits with a shorter key.
+
+## Password prompt with `git clone`
+
+When you run `git clone`, you may be prompted for a password, like `git@gitlab.example.com's password:`.
+This indicates that something is wrong with your SSH setup.
+
+- Ensure that you generated your SSH key pair correctly and added the public SSH
+  key to your GitLab profile.
+- Try to manually register your private SSH key by using `ssh-agent`.
+- Try to debug the connection by running `ssh -Tv git@example.com`.
+  Replace `example.com` with your GitLab URL.
+- Ensure you followed all the instructions in [Use SSH on Microsoft Windows](ssh.md#use-ssh-on-microsoft-windows).
+- Ensure that you have [Verify GitLab SSH ownership and permissions](ssh.md#verify-gitlab-ssh-ownership-and-permissions). If you have several hosts ensure that permissions are correct in all hosts.
+
+## `Could not resolve hostname` error
+
+You may receive the following error when [verifying that you can connect](ssh.md#verify-that-you-can-connect):
+
+```shell
+ssh: Could not resolve hostname gitlab.example.com: nodename nor servname provided, or not known
+```
+
+If you receive this error, restart your terminal and try the command again.
+
+### `Key enrollment failed: invalid format` error
+
+You may receive the following error when [generating an SSH key pair for a FIDO2 hardware security key](ssh.md#generate-an-ssh-key-pair-for-a-fido2-hardware-security-key):
+
+```shell
+Key enrollment failed: invalid format
+```
+
+You can troubleshoot this by trying the following:
+
+- Run the `ssh-keygen` command using `sudo`.
+- Verify your FIDO2 hardware security key supports
+  the key type provided.
+- Verify the version of OpenSSH is 8.2 or greater by
+  running `ssh -V`.
+
+## Error: `SSH host keys are not available on this system.`
+
+If GitLab does not have access to the host SSH keys, when you visit `gitlab.example/help/instance_configuration`, you see the following error message under the **SSH host key fingerprints** header instead of the instance SSH fingerprint:
+
+```plaintext
+SSH host keys are not available on this system. Please use ssh-keyscan command or contact your GitLab administrator for more information.
+```
+
+To resolve this error:
+
+- On Helm chart (Kubernetes) deployments, update the `values.yaml` to set [`sshHostKeys.mount`](https://docs.gitlab.com/charts/charts/gitlab/webservice/) to `true` under the `webservice` section.
+- On GitLab self-managed installations, check the `/etc/ssh` directory for the host keys.
diff --git a/lib/gitlab/import_export/json/streaming_serializer.rb b/lib/gitlab/import_export/json/streaming_serializer.rb
index 1ea68fcfa8b..f7b8c4954cd 100644
--- a/lib/gitlab/import_export/json/streaming_serializer.rb
+++ b/lib/gitlab/import_export/json/streaming_serializer.rb
@@ -257,7 +257,7 @@ module Gitlab
         end
 
         def after_read_callback(record)
-          if Feature.enabled?(:bulk_import_user_mapping, exportable)
+          if Feature.enabled?(:bulk_import_user_mapping, current_user)
             user_contributions_export_mapper.cache_user_contributions_on_record(record)
           end
 
diff --git a/lib/gitlab/usage_data_counters/hll_redis_key_overrides.yml b/lib/gitlab/usage_data_counters/hll_redis_key_overrides.yml
index ef2990c34d8..ddfcba56a12 100644
--- a/lib/gitlab/usage_data_counters/hll_redis_key_overrides.yml
+++ b/lib/gitlab/usage_data_counters/hll_redis_key_overrides.yml
@@ -177,3 +177,13 @@ value_streams_dashboard_metric_link_clicked-user: value_streams_dashboard_metric
 value_streams_dashboard_time_to_restore_service_link_clicked-user: value_streams_dashboard_time_to_restore_service_link_clicked
 value_streams_dashboard_vulnerability_critical_link_clicked-user: value_streams_dashboard_vulnerability_critical_link_clicked
 value_streams_dashboard_vulnerability_high_link_clicked-user: value_streams_dashboard_vulnerability_high_link_clicked
+'view_merge_request_widget-filter:[label:accessibility]-user': i_code_review_merge_request_widget_accessibility_view
+'view_merge_request_widget-filter:[label:code_quality]-user': i_code_review_merge_request_widget_code_quality_view
+'view_merge_request_widget-filter:[label:license_compliance]-user': i_code_review_merge_request_widget_license_compliance_view
+'view_merge_request_widget-filter:[label:status_checks]-user': i_code_review_merge_request_widget_status_checks_view
+'view_merge_request_widget-filter:[label:terraform]-user': i_code_review_merge_request_widget_terraform_view
+'view_merge_request_widget-filter:[label:test_summary]-user': i_code_review_merge_request_widget_test_summary_view
+'view_merge_request_widget-filter:[label:metrics]-user': i_code_review_merge_request_widget_metrics_view
+'view_merge_request_widget-filter:[label:security_reports]-user': i_code_review_merge_request_widget_security_reports_view
+visit_ci_cd_failure_rate_tab-user: p_analytics_ci_cd_change_failure_rate
+visit_ci_cd_time_to_restore_service_tab-user: p_analytics_ci_cd_time_to_restore_service
diff --git a/lib/gitlab/usage_data_counters/hll_redis_legacy_events.yml b/lib/gitlab/usage_data_counters/hll_redis_legacy_events.yml
index b719162e118..4480670311c 100644
--- a/lib/gitlab/usage_data_counters/hll_redis_legacy_events.yml
+++ b/lib/gitlab/usage_data_counters/hll_redis_legacy_events.yml
@@ -355,8 +355,6 @@
 - merge_request_action
 - o_pipeline_authoring_unique_users_committing_ciconfigfile
 - o_pipeline_authoring_unique_users_pushing_mr_ciconfigfile
-- p_analytics_ci_cd_change_failure_rate
-- p_analytics_ci_cd_time_to_restore_service
 - p_analytics_code_reviews
 - p_analytics_insights
 - p_analytics_issues
diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake
index e1799617ea0..ffc9f7ecbb0 100644
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@@ -74,7 +74,7 @@ namespace :dev do
   databases = ActiveRecord::Tasks::DatabaseTasks.setup_initial_database_yaml
 
   namespace :copy_db do
-    ALLOWED_DATABASES = %w[ci].freeze
+    ALLOWED_DATABASES = %w[ci sec].freeze
 
     ActiveRecord::Tasks::DatabaseTasks.for_each(databases) do |name|
       next unless ALLOWED_DATABASES.include?(name)
diff --git a/spec/controllers/projects/pipelines_controller_spec.rb b/spec/controllers/projects/pipelines_controller_spec.rb
index e39a9cc34bd..f549b1b763e 100644
--- a/spec/controllers/projects/pipelines_controller_spec.rb
+++ b/spec/controllers/projects/pipelines_controller_spec.rb
@@ -768,27 +768,17 @@ RSpec.describe Projects::PipelinesController, feature_category: :continuous_inte
     [
       {
         chart_param: 'time-to-restore-service',
-        event: 'p_analytics_ci_cd_time_to_restore_service'
+        event: 'visit_ci_cd_time_to_restore_service_tab'
       },
       {
         chart_param: 'change-failure-rate',
-        event: 'p_analytics_ci_cd_change_failure_rate'
+        event: 'visit_ci_cd_failure_rate_tab'
       }
     ].each do |tab|
-      it_behaves_like 'tracking unique visits', :charts do
-        let(:request_params) { { namespace_id: project.namespace, project_id: project, id: pipeline.id, chart: tab[:chart_param] } }
-        let(:target_id) { ['p_analytics_pipelines', tab[:event]] }
-      end
+      it 'tracks internal events' do
+        request_params = { namespace_id: project.namespace, project_id: project, id: pipeline.id, chart: tab[:chart_param] }
 
-      it_behaves_like 'Snowplow event tracking with RedisHLL context' do
-        subject { get :charts, params: request_params, format: :html }
-
-        let(:request_params) { { namespace_id: project.namespace, project_id: project, id: pipeline.id, chart: tab[:chart_param] } }
-        let(:category) { described_class.name }
-        let(:action) { 'perform_analytics_usage_action' }
-        let(:namespace) { project.namespace }
-        let(:label) { 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly' }
-        let(:property) { 'p_analytics_pipelines' }
+        expect { get :charts, params: request_params, format: :html }.to trigger_internal_events(tab[:event])
       end
     end
 
diff --git a/spec/factories/virtual_registries/packages/maven/registries.rb b/spec/factories/virtual_registries/packages/maven/registries.rb
new file mode 100644
index 00000000000..cdfa5d1b012
--- /dev/null
+++ b/spec/factories/virtual_registries/packages/maven/registries.rb
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :virtual_registries_packages_maven_registry, class: 'VirtualRegistries::Packages::Maven::Registry' do
+    group
+    cache_validity_hours { 1 }
+  end
+end
diff --git a/spec/factories/virtual_registries/packages/maven/registry_upstreams.rb b/spec/factories/virtual_registries/packages/maven/registry_upstreams.rb
new file mode 100644
index 00000000000..cc6ca46d348
--- /dev/null
+++ b/spec/factories/virtual_registries/packages/maven/registry_upstreams.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :virtual_registries_packages_maven_registry_upstream,
+    class: 'VirtualRegistries::Packages::Maven::RegistryUpstream' do
+    group { registry.group }
+    registry { association(:virtual_registries_packages_maven_registry) }
+    upstream do
+      association(
+        :virtual_registries_packages_maven_upstream,
+        group: registry.group,
+        registry: registry,
+        registry_upstream: nil
+      )
+    end
+  end
+end
diff --git a/spec/factories/virtual_registries/packages/maven/upstreams.rb b/spec/factories/virtual_registries/packages/maven/upstreams.rb
new file mode 100644
index 00000000000..bb43effa890
--- /dev/null
+++ b/spec/factories/virtual_registries/packages/maven/upstreams.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :virtual_registries_packages_maven_upstream, class: 'VirtualRegistries::Packages::Maven::Upstream' do
+    url { 'http://local.test/maven' }
+    username { 'user' }
+    password { 'password' }
+    registry { association(:virtual_registries_packages_maven_registry) }
+    group { registry.group }
+
+    after(:build) do |entry, _|
+      entry.registry_upstream.group = entry.group if entry.registry_upstream
+    end
+  end
+end
diff --git a/spec/frontend/projects/pipelines/charts/components/app_spec.js b/spec/frontend/projects/pipelines/charts/components/app_spec.js
index 631757ca90e..927872c60f8 100644
--- a/spec/frontend/projects/pipelines/charts/components/app_spec.js
+++ b/spec/frontend/projects/pipelines/charts/components/app_spec.js
@@ -123,28 +123,14 @@ describe('ProjectsPipelinesChartsApp', () => {
     });
 
     describe('event tracking', () => {
-      describe('RedisHLL events', () => {
-        it.each`
-          testId                           | event
-          ${'time-to-restore-service-tab'} | ${'p_analytics_ci_cd_time_to_restore_service'}
-          ${'change-failure-rate-tab'}     | ${'p_analytics_ci_cd_change_failure_rate'}
-        `('tracks the $event event when clicked', ({ testId, event }) => {
-          const trackApiSpy = jest.spyOn(API, 'trackRedisHllUserEvent');
-
-          expect(trackApiSpy).not.toHaveBeenCalled();
-
-          wrapper.findByTestId(testId).vm.$emit('click');
-
-          expect(trackApiSpy).toHaveBeenCalledWith(event);
-        });
-      });
-
       describe('Internal Events RedisHLL events', () => {
         it.each`
-          testId                        | event
-          ${'pipelines-tab'}            | ${'p_analytics_ci_cd_pipelines'}
-          ${'deployment-frequency-tab'} | ${'p_analytics_ci_cd_deployment_frequency'}
-          ${'lead-time-tab'}            | ${'p_analytics_ci_cd_lead_time'}
+          testId                           | event
+          ${'pipelines-tab'}               | ${'p_analytics_ci_cd_pipelines'}
+          ${'deployment-frequency-tab'}    | ${'p_analytics_ci_cd_deployment_frequency'}
+          ${'lead-time-tab'}               | ${'p_analytics_ci_cd_lead_time'}
+          ${'time-to-restore-service-tab'} | ${'visit_ci_cd_time_to_restore_service_tab'}
+          ${'change-failure-rate-tab'}     | ${'visit_ci_cd_failure_rate_tab'}
         `('tracks the $event event when clicked', ({ testId, event }) => {
           const trackApiSpy = jest.spyOn(API, 'trackInternalEvent');
 
@@ -177,18 +163,6 @@ describe('ProjectsPipelinesChartsApp', () => {
             },
           });
         });
-
-        it.each`
-          tab
-          ${'time-to-restore-service-tab'}
-          ${'change-failure-rate-tab'}
-        `('does not track when tab $tab is clicked', ({ tab }) => {
-          const trackingSpy = mockTracking(undefined, wrapper.element, jest.spyOn);
-
-          wrapper.findByTestId(tab).vm.$emit('click');
-
-          expect(trackingSpy).not.toHaveBeenCalled();
-        });
       });
     });
   });
diff --git a/spec/models/virtual_registries/packages/maven/registry_spec.rb b/spec/models/virtual_registries/packages/maven/registry_spec.rb
new file mode 100644
index 00000000000..d188772fd84
--- /dev/null
+++ b/spec/models/virtual_registries/packages/maven/registry_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe VirtualRegistries::Packages::Maven::Registry, type: :model, feature_category: :virtual_registry do
+  subject(:registry) { build(:virtual_registries_packages_maven_registry) }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:group) }
+
+    it do
+      is_expected.to have_one(:registry_upstream)
+        .class_name('VirtualRegistries::Packages::Maven::RegistryUpstream')
+        .inverse_of(:registry)
+    end
+
+    it do
+      is_expected.to have_one(:upstream)
+        .through(:registry_upstream)
+        .class_name('VirtualRegistries::Packages::Maven::Upstream')
+    end
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_uniqueness_of(:group) }
+    it { is_expected.to validate_presence_of(:group) }
+    it { is_expected.to validate_numericality_of(:cache_validity_hours).only_integer.is_greater_than_or_equal_to(0) }
+  end
+end
diff --git a/spec/models/virtual_registries/packages/maven/registry_upstream_spec.rb b/spec/models/virtual_registries/packages/maven/registry_upstream_spec.rb
new file mode 100644
index 00000000000..2b0e8ba83e2
--- /dev/null
+++ b/spec/models/virtual_registries/packages/maven/registry_upstream_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe VirtualRegistries::Packages::Maven::RegistryUpstream, type: :model, feature_category: :virtual_registry do
+  subject(:registry_upstream) { build(:virtual_registries_packages_maven_registry_upstream) }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:group) }
+
+    it do
+      is_expected.to belong_to(:registry)
+        .class_name('VirtualRegistries::Packages::Maven::Registry')
+        .inverse_of(:registry_upstream)
+    end
+
+    it do
+      is_expected.to belong_to(:upstream)
+       .class_name('VirtualRegistries::Packages::Maven::Upstream')
+      .inverse_of(:registry_upstream)
+    end
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_presence_of(:group) }
+    it { is_expected.to validate_uniqueness_of(:registry_id) }
+    it { is_expected.to validate_uniqueness_of(:upstream_id) }
+  end
+end
diff --git a/spec/models/virtual_registries/packages/maven/upstream_spec.rb b/spec/models/virtual_registries/packages/maven/upstream_spec.rb
new file mode 100644
index 00000000000..bcacc8f9f00
--- /dev/null
+++ b/spec/models/virtual_registries/packages/maven/upstream_spec.rb
@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe VirtualRegistries::Packages::Maven::Upstream, type: :model, feature_category: :virtual_registry do
+  using RSpec::Parameterized::TableSyntax
+
+  subject(:upstream) { build(:virtual_registries_packages_maven_upstream) }
+
+  describe 'associations' do
+    it do
+      is_expected.to have_one(:registry_upstream)
+        .class_name('VirtualRegistries::Packages::Maven::RegistryUpstream')
+        .inverse_of(:upstream)
+    end
+
+    it do
+      is_expected.to have_one(:registry)
+        .through(:registry_upstream)
+        .class_name('VirtualRegistries::Packages::Maven::Registry')
+    end
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_presence_of(:group) }
+    it { is_expected.to validate_presence_of(:url) }
+    it { is_expected.to validate_presence_of(:username) }
+    it { is_expected.to validate_presence_of(:password) }
+    it { is_expected.to validate_length_of(:url).is_at_most(255) }
+    it { is_expected.to validate_length_of(:username).is_at_most(255) }
+    it { is_expected.to validate_length_of(:password).is_at_most(255) }
+
+    context 'for url' do
+      where(:url, :valid, :error_messages) do
+        'http://test.maven'   | true  | nil
+        'https://test.maven'  | true  | nil
+        'git://test.maven'    | false | ['Url is blocked: Only allowed schemes are http, https']
+        nil                   | false | ["Url can't be blank", 'Url must be a valid URL']
+        ''                    | false | ["Url can't be blank", 'Url must be a valid URL']
+        "http://#{'a' * 255}" | false | 'Url is too long (maximum is 255 characters)'
+        'http://127.0.0.1'    | false | 'Url is blocked: Requests to localhost are not allowed'
+        'maven.local'         | false | 'Url is blocked: Only allowed schemes are http, https'
+        'http://192.168.1.2'  | false | 'Url is blocked: Requests to the local network are not allowed'
+      end
+
+      with_them do
+        before do
+          upstream.url = url
+        end
+
+        if params[:valid]
+          it { expect(upstream).to be_valid }
+        else
+          it do
+            expect(upstream).not_to be_valid
+            expect(upstream.errors).to contain_exactly(*error_messages)
+          end
+        end
+      end
+    end
+
+    context 'for credentials' do
+      where(:username, :password, :valid, :error_message) do
+        'user'      | 'password'   | true  | nil
+        ''          | ''           | true  | nil
+        ''          | nil          | true  | nil
+        nil         | ''           | true  | nil
+        nil         | 'password'   | false | "Username can't be blank"
+        'user'      | nil          | false | "Password can't be blank"
+        ''          | 'password'   | false | "Username can't be blank"
+        'user'      | ''           | false | "Password can't be blank"
+        ('a' * 256) | 'password'   | false | 'Username is too long (maximum is 255 characters)'
+        'user'      | ('a' * 256)  | false | 'Password is too long (maximum is 255 characters)'
+      end
+
+      with_them do
+        before do
+          upstream.username = username
+          upstream.password = password
+        end
+
+        if params[:valid]
+          it { expect(upstream).to be_valid }
+        else
+          it do
+            expect(upstream).not_to be_valid
+            expect(upstream.errors).to contain_exactly(error_message)
+          end
+        end
+      end
+    end
+  end
+
+  context 'for credentials persistance' do
+    it 'persists and reads back credentials properly' do
+      upstream.username = 'test'
+      upstream.password = 'test'
+
+      upstream.save!
+
+      upstream_read = upstream.reload
+      expect(upstream_read.username).to eq('test')
+      expect(upstream_read.password).to eq('test')
+    end
+  end
+end
diff --git a/spec/services/projects/update_pages_service_spec.rb b/spec/services/projects/update_pages_service_spec.rb
index b5d1276988f..6712c12fab6 100644
--- a/spec/services/projects/update_pages_service_spec.rb
+++ b/spec/services/projects/update_pages_service_spec.rb
@@ -160,6 +160,14 @@ RSpec.describe Projects::UpdatePagesService, feature_category: :pages do
           .by(1)
       end
 
+      it_behaves_like 'internal event tracking' do
+        let(:event) { 'create_pages_deployment' }
+        let(:category) { 'Projects::UpdatePagesService' }
+        let(:namespace) { project.namespace }
+
+        subject(:track_event) { service.execute }
+      end
+
       context 'when archive does not have pages directory' do
         let(:file) { empty_file }
         let(:metadata_filename) { empty_metadata_filename }