Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-10 16:46:51 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-10 16:46:51 +0000
commit: 04ac4180cb5ba0df460034c7e64862056fd498b3 (patch)
tree: ca5267d12fa2aab80c1c35593b96c8cfceaa747b
parent: 4e9ceea7f8ff3e097ad45f6f54c1b7165248e848 (diff)
download: gitlab-ce-04ac4180cb5ba0df460034c7e64862056fd498b3.tar.gz
99 files changed, 1773 insertions, 544 deletions
diff --git a/.gitlab/ci/build-images.gitlab-ci.yml b/.gitlab/ci/build-images.gitlab-ci.yml
index c1123b29d67..b866446c6e0 100644
--- a/.gitlab/ci/build-images.gitlab-ci.yml
+++ b/.gitlab/ci/build-images.gitlab-ci.yml
@@ -1,13 +1,13 @@
 .base-image-build:
   extends: .use-kaniko
   variables:
-    GIT_LFS_SKIP_SMUDGE: 1 # disable pulling objects from lfs
+    GIT_LFS_SKIP_SMUDGE: 1  # disable pulling objects from lfs
   retry: 2
 
 .base-image-build-buildx:
   extends: .use-buildx
   variables:
-    GIT_LFS_SKIP_SMUDGE: 1 # disable pulling objects from lfs
+    GIT_LFS_SKIP_SMUDGE: 1  # disable pulling objects from lfs
   retry: 2
 
 # This image is used by:
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 23f4aef866c..4362269103b 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -437,7 +437,7 @@
         docker run --rm --privileged ${QEMU_IMAGE} --uninstall qemu-*;
         docker run --rm --privileged ${QEMU_IMAGE} --install all;
       fi
-    - docker buildx create --use # creates and set's to active buildkit builder
+    - docker buildx create --use  # creates and set's to active buildkit builder
 
 .use-kube-context:
   before_script:
diff --git a/.gitlab/ci/package-and-test-nightly/main.gitlab-ci.yml b/.gitlab/ci/package-and-test-nightly/main.gitlab-ci.yml
index 841818d9e0f..4e240bedf3a 100644
--- a/.gitlab/ci/package-and-test-nightly/main.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test-nightly/main.gitlab-ci.yml
@@ -85,5 +85,3 @@ relate-test-failures:
 notify-slack:
   extends:
     - .notify-slack
-  variables:
-    TYPE: "(nightly) "
diff --git a/.gitlab/ci/preflight.gitlab-ci.yml b/.gitlab/ci/preflight.gitlab-ci.yml
index 526492a75c7..7dee87ee715 100644
--- a/.gitlab/ci/preflight.gitlab-ci.yml
+++ b/.gitlab/ci/preflight.gitlab-ci.yml
@@ -31,7 +31,7 @@ rails-production-server-boot:
   script:
     - source scripts/utils.sh
     - bundle exec rails server -e production &
-    - sleep 40 # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114124#note_1309506358
+    - sleep 40  # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114124#note_1309506358
     - retry_times_sleep 10 5 "curl http://0.0.0.0:3000"
     - kill $(jobs -p)
 
diff --git a/.gitlab/ci/qa-common/main.gitlab-ci.yml b/.gitlab/ci/qa-common/main.gitlab-ci.yml
index 49695cb11af..cc0220b12c0 100644
--- a/.gitlab/ci/qa-common/main.gitlab-ci.yml
+++ b/.gitlab/ci/qa-common/main.gitlab-ci.yml
@@ -256,6 +256,7 @@ stages:
     SLACK_ICON_EMOJI: ci_failing
     STATUS_SYM: ☠️
     STATUS: failed
+    TYPE: "($QA_RUN_TYPE) "
   when: always
   script:
     - |
diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml
index 97a2883c9e8..81127b7c113 100644
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@@ -26,7 +26,7 @@
     GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}"
     RUN_WITH_BUNDLE: "true"  # instructs pipeline to install and run gitlab-qa gem via bundler
     QA_PATH: qa  # sets the optional path for bundler to run from
-    DYNAMIC_PIPELINE_YML: package-and-test-pipeline.yml # yml files are generated by scripts/generate-e2e-pipeline script
+    DYNAMIC_PIPELINE_YML: package-and-test-pipeline.yml  # yml files are generated by scripts/generate-e2e-pipeline script
   inherit:
     variables:
       - CHROME_VERSION
diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml
index aa61e67de08..28416c89f68 100644
--- a/.gitlab/ci/review-apps/main.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml
@@ -110,7 +110,7 @@ review-deploy:
   image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3
   needs:
     - review-build-cng
-    - review-delete-deployment # We always want to start from a clean slate (i.e. no helm release, no k8s namespace)
+    - review-delete-deployment  # We always want to start from a clean slate (i.e. no helm release, no k8s namespace)
   cache:
     key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1"
     paths:
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index cccf81b73a4..45a7924fb1e 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -1403,7 +1403,7 @@
       allow_failure: true
     - <<: *if-merge-request
       changes:
-        - qa/Gemfile.lock # qa/Gemfile.lock is a part of *qa-patterns, so this rule must be placed before the one with *qa-patterns changes
+        - qa/Gemfile.lock  # qa/Gemfile.lock is a part of *qa-patterns, so this rule must be placed before the one with *qa-patterns changes
       variables:
         UPDATE_QA_CACHE: "true"
     - <<: *if-merge-request
@@ -1430,7 +1430,7 @@
         KNAPSACK_GENERATE_REPORT: "true"
         UPDATE_QA_CACHE: "true"
         QA_SAVE_TEST_METRICS: "true"
-        QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency
+        QA_EXPORT_TEST_METRICS: "false"  # on main runs, metrics are exported to separate bucket via rake task for better consistency
 
 .qa:rules:package-and-test-ee:
   rules:
@@ -2287,7 +2287,7 @@
       variables:
         KNAPSACK_GENERATE_REPORT: "true"
         QA_SAVE_TEST_METRICS: "true"
-        QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency
+        QA_EXPORT_TEST_METRICS: "false"  # on main runs, metrics are exported to separate bucket via rake task for better consistency
 
 # The following rules needs to be the same as the one for .review:rules:start-review-app-pipeline
 # except that:
@@ -2534,9 +2534,9 @@
     - !reference [".as-if-jh-default-exclusion-rules", rules]
     - <<: *if-merge-request-labels-as-if-jh
       changes: *dependency-patterns
-    # Ideally, we should be able to do this:
-    # - <<: *if-dot-com-gitlab-org-merge-request
-    #   changes: *feature-flag-development-config-patterns && *dependency-patterns
+      # Ideally, we should be able to do this:
+      # - <<: *if-dot-com-gitlab-org-merge-request
+      #   changes: *feature-flag-development-config-patterns && *dependency-patterns
 
 # This rule should share the same logic with .as-if-jh:rules:prepare-as-if-jh
 # Because the jobs using this need jobs using the preparation rules
diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml
index 8e80598bc78..36e2c338748 100644
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@@ -106,7 +106,7 @@ detect-tests:
   variables:
     RSPEC_TESTS_MAPPING_ENABLED: "true"
   before_script:
-    - apt-get update && apt-get install -y curl # Not present in ruby-slim, so we add it manually
+    - apt-get update && apt-get install -y curl  # Not present in ruby-slim, so we add it manually
   script:
     - source ./scripts/utils.sh
     - source ./scripts/rspec_helpers.sh
diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml
index 20d768c9e90..41fd0b49173 100644
--- a/.gitlab/ci/test-metadata.gitlab-ci.yml
+++ b/.gitlab/ci/test-metadata.gitlab-ci.yml
@@ -18,7 +18,7 @@ retrieve-tests-metadata:
   image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim
   stage: prepare
   script:
-    - apt-get update && apt-get install -y curl # Not present in ruby-slim, so we add it manually
+    - apt-get update && apt-get install -y curl  # Not present in ruby-slim, so we add it manually
     - install_gitlab_gem
     - source ./scripts/rspec_helpers.sh
     - retrieve_tests_metadata
diff --git a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
index 6eab87bd84c..ac23ea75eb1 100644
--- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
@@ -42,7 +42,7 @@ include:
     - cd qa && bundle install --jobs=$(nproc) --retry=3 --quiet
     - mkdir -p $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs/gdk $CI_PROJECT_DIR/logs/gitlab
     # This command matches the permissions of the user that runs GDK inside the container.
-    - chown -R 1000:1000 $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs
+    - chown -R 1000:1000 $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs $CI_PROJECT_DIR/qa/knapsack
     - |
       docker run --rm --name gdk --add-host gdk.test:127.0.0.1 --shm-size=2gb \
         --env-file <(bundle exec rake ci:env_var_name_list) \
@@ -120,4 +120,3 @@ notify-slack:
     - .rules:report:process-results
   variables:
     QA_RSPEC_JSON_FILE_PATTERN: $CI_PROJECT_DIR/test_output/rspec-*.json
-    TYPE: "(gdk) "
diff --git a/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue b/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
index 2e8ecbd3a5d..c95d4c96ea9 100644
--- a/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
+++ b/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
@@ -1,5 +1,5 @@
 <script>
-import { GlButton, GlTableLite } from '@gitlab/ui';
+import { GlBroadcastMessage, GlButton, GlTableLite } from '@gitlab/ui';
 import SafeHtml from '~/vue_shared/directives/safe_html';
 import { __ } from '~/locale';
 import { formatDate } from '~/lib/utils/datetime/date_format_utility';
@@ -9,6 +9,7 @@ const DEFAULT_TD_CLASSES = 'gl-vertical-align-middle!';
 export default {
   name: 'MessagesTable',
   components: {
+    GlBroadcastMessage,
     GlButton,
     GlTableLite,
   },
@@ -68,9 +69,6 @@ export default {
       tdClass: `${DEFAULT_TD_CLASSES} gl-white-space-nowrap`,
     },
   ],
-  safeHtmlConfig: {
-    ADD_TAGS: ['use'],
-  },
   methods: {
     formatDate(dateString) {
       return formatDate(new Date(dateString));
@@ -85,8 +83,10 @@ export default {
     :tbody-tr-attr="{ 'data-testid': 'message-row' }"
     stacked="md"
   >
-    <template #cell(preview)="{ item: { preview } }">
-      <div v-safe-html:[$options.safeHtmlConfig]="preview"></div>
+    <template #cell(preview)="{ item: { message, theme, broadcast_type, dismissable } }">
+      <gl-broadcast-message :theme="theme" :type="broadcast_type" :dismissible="dismissable">
+        {{ message }}
+      </gl-broadcast-message>
     </template>
 
     <template #cell(starts_at)="{ item: { starts_at } }">
diff --git a/app/assets/javascripts/super_sidebar/components/menu_section.vue b/app/assets/javascripts/super_sidebar/components/menu_section.vue
index 49e481feb04..5de6e04d827 100644
--- a/app/assets/javascripts/super_sidebar/components/menu_section.vue
+++ b/app/assets/javascripts/super_sidebar/components/menu_section.vue
@@ -102,7 +102,7 @@ export default {
       :id="itemId"
       v-model="isExpanded"
       :aria-label="item.title"
-      class="gl-list-style-none gl-p-0 gl-m-0"
+      class="gl-list-style-none gl-p-0 gl-m-0 gl-transition-duration-medium gl-transition-timing-function-ease"
       data-qa-selector="menu_section"
       :data-qa-section-name="item.title"
       tag="ul"
diff --git a/app/assets/javascripts/vue_shared/components/markdown/mount_markdown_editor.js b/app/assets/javascripts/vue_shared/components/markdown/mount_markdown_editor.js
index b0e609e2433..ac4f06a665d 100644
--- a/app/assets/javascripts/vue_shared/components/markdown/mount_markdown_editor.js
+++ b/app/assets/javascripts/vue_shared/components/markdown/mount_markdown_editor.js
@@ -105,7 +105,6 @@ export function mountMarkdownEditor() {
           enableAutocomplete: true,
           autocompleteDataSources: gl.GfmAutoComplete?.dataSources,
           supportsQuickActions: true,
-          autofocus: true,
         },
       });
     },
diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb
index e88a8cf8fab..84e5cc430ef 100644
--- a/app/controllers/admin/abuse_reports_controller.rb
+++ b/app/controllers/admin/abuse_reports_controller.rb
@@ -4,27 +4,36 @@ class Admin::AbuseReportsController < Admin::ApplicationController
   feature_category :insider_threat
 
   before_action :set_status_param, only: :index, if: -> { Feature.enabled?(:abuse_reports_list) }
+  before_action :find_abuse_report, only: [:show, :update, :destroy]
 
   def index
     @abuse_reports = AbuseReportsFinder.new(params).execute
   end
 
-  def show
-    @abuse_report = AbuseReport.find(params[:id])
+  def show; end
+
+  def update
+    Admin::AbuseReportUpdateService.new(@abuse_report, current_user, permitted_params).execute
   end
 
   def destroy
-    abuse_report = AbuseReport.find(params[:id])
-
-    abuse_report.remove_user(deleted_by: current_user) if params[:remove_user]
-    abuse_report.destroy
+    @abuse_report.remove_user(deleted_by: current_user) if params[:remove_user]
+    @abuse_report.destroy
 
     head :ok
   end
 
   private
 
+  def find_abuse_report
+    @abuse_report = AbuseReport.find(params[:id])
+  end
+
   def set_status_param
     params[:status] ||= 'open'
   end
+
+  def permitted_params
+    params.permit(:user_action, :close, :reason, :comment)
+  end
 end
diff --git a/app/controllers/profiles/preferences_controller.rb b/app/controllers/profiles/preferences_controller.rb
index 64971e01a31..a5a2cbf3733 100644
--- a/app/controllers/profiles/preferences_controller.rb
+++ b/app/controllers/profiles/preferences_controller.rb
@@ -56,7 +56,6 @@ class Profiles::PreferencesController < Profiles::ApplicationController
       :render_whitespace_in_code,
       :markdown_surround_selection,
       :markdown_automatic_lists,
-      :use_legacy_web_ide,
       :use_new_navigation
     ]
     preferences_param_names << :enabled_following if ::Feature.enabled?(:disable_follow_users, user)
diff --git a/app/controllers/projects/metrics_dashboard_controller.rb b/app/controllers/projects/metrics_dashboard_controller.rb
index 08757d11912..510c882d537 100644
--- a/app/controllers/projects/metrics_dashboard_controller.rb
+++ b/app/controllers/projects/metrics_dashboard_controller.rb
@@ -9,6 +9,9 @@ module Projects
     include Gitlab::Utils::StrongMemoize
 
     before_action :authorize_metrics_dashboard!
+    before_action :render_404, only: :show, if: -> do
+      Feature.enabled?(:remove_monitor_metrics)
+    end
 
     feature_category :metrics
     urgency :low
diff --git a/app/graphql/resolvers/ci/inherited_variables_resolver.rb b/app/graphql/resolvers/ci/inherited_variables_resolver.rb
new file mode 100644
index 00000000000..01f966942a4
--- /dev/null
+++ b/app/graphql/resolvers/ci/inherited_variables_resolver.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Resolvers
+  module Ci
+    class InheritedVariablesResolver < BaseResolver
+      type Types::Ci::ProjectVariableType.connection_type, null: true
+
+      def resolve
+        object.group&.self_and_ancestors&.flat_map(&:variables) || []
+      end
+    end
+  end
+end
diff --git a/app/graphql/types/ci/inherited_ci_variable_type.rb b/app/graphql/types/ci/inherited_ci_variable_type.rb
new file mode 100644
index 00000000000..2d8dcdaeefe
--- /dev/null
+++ b/app/graphql/types/ci/inherited_ci_variable_type.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Types
+  module Ci
+    # rubocop: disable Graphql/AuthorizeTypes
+    class InheritedCiVariableType < BaseObject
+      graphql_name 'InheritedCiVariable'
+      description 'CI/CD variables a project inherites from its parent group and ancestors.'
+
+      field :id, GraphQL::Types::ID,
+        null: false,
+        description: 'ID of the variable.'
+
+      field :key, GraphQL::Types::String,
+        null: true,
+        description: 'Name of the variable.'
+
+      field :raw, GraphQL::Types::Boolean,
+        null: true,
+        description: 'Indicates whether the variable is raw.'
+
+      field :variable_type, ::Types::Ci::VariableTypeEnum,
+        null: true,
+        description: 'Type of the variable.'
+
+      field :environment_scope, GraphQL::Types::String,
+        null: true,
+        description: 'Scope defining the environments that can use the variable.'
+
+      field :protected, GraphQL::Types::Boolean,
+        null: true,
+        description: 'Indicates whether the variable is protected.'
+
+      field :masked, GraphQL::Types::Boolean,
+        null: true,
+        description: 'Indicates whether the variable is masked.'
+
+      field :group_name, GraphQL::Types::String,
+        null: true,
+        description: 'Indicates group the variable belongs to.'
+
+      field :group_ci_cd_settings_path, GraphQL::Types::String,
+        null: true,
+        description: 'Indicates the path to the CI/CD settings of the group the variable belongs to.'
+    end
+    # rubocop: enable Graphql/AuthorizeTypes
+  end
+end
diff --git a/app/graphql/types/project_type.rb b/app/graphql/types/project_type.rb
index b10b4621534..6dfbdf765c8 100644
--- a/app/graphql/types/project_type.rb
+++ b/app/graphql/types/project_type.rb
@@ -352,6 +352,12 @@ module Types
           authorize: :admin_build,
           resolver: Resolvers::Ci::VariablesResolver
 
+    field :inherited_ci_variables, Types::Ci::InheritedCiVariableType.connection_type,
+          null: true,
+          description: "List of CI/CD variables the project inherited from its parent group and ancestors.",
+          authorize: :admin_build,
+          resolver: Resolvers::Ci::InheritedVariablesResolver
+
     field :ci_cd_settings, Types::Ci::CiCdSettingType,
           null: true,
           description: 'CI/CD settings for the project.'
diff --git a/app/helpers/broadcast_messages_helper.rb b/app/helpers/broadcast_messages_helper.rb
index d3a196cc0de..2f14c907b12 100644
--- a/app/helpers/broadcast_messages_helper.rb
+++ b/app/helpers/broadcast_messages_helper.rb
@@ -67,7 +67,10 @@ module BroadcastMessagesHelper
       {
         id: message.id,
         status: broadcast_message_status(message),
-        preview: broadcast_message(message, preview: true),
+        message: message.message,
+        theme: message.theme,
+        broadcast_type: message.broadcast_type,
+        dismissable: message.dismissable,
         starts_at: message.starts_at.iso8601,
         ends_at: message.ends_at.iso8601,
         target_roles: target_access_levels_display(message.target_access_levels),
diff --git a/app/helpers/clusters_helper.rb b/app/helpers/clusters_helper.rb
index 5d554f57cc0..b2ae1386727 100644
--- a/app/helpers/clusters_helper.rb
+++ b/app/helpers/clusters_helper.rb
@@ -56,7 +56,11 @@ module ClustersHelper
     when 'environments'
       render_if_exists 'clusters/clusters/environments'
     when 'health'
-      render_if_exists 'clusters/clusters/health'
+      if Feature.enabled?(:remove_monitor_metrics)
+        render('details', expanded: expanded)
+      else
+        render_if_exists 'clusters/clusters/health'
+      end
     when 'apps'
       render 'applications'
     when 'integrations'
diff --git a/app/helpers/ide_helper.rb b/app/helpers/ide_helper.rb
index a8dbaa4325f..0112dc6a35e 100644
--- a/app/helpers/ide_helper.rb
+++ b/app/helpers/ide_helper.rb
@@ -4,7 +4,6 @@ module IdeHelper
   # Overridden in EE
   def ide_data(project:, fork_info:, params:)
     base_data = {
-      'can-use-new-web-ide' => can_use_new_web_ide?.to_s,
       'use-new-web-ide' => use_new_web_ide?.to_s,
       'new-web-ide-help-page-path' => help_page_path('user/project/web_ide/index.md', anchor: 'vscode-reimplementation'),
       'sign-in-path' => new_session_path(current_user),
@@ -24,12 +23,8 @@ module IdeHelper
     )
   end
 
-  def can_use_new_web_ide?
-    Feature.enabled?(:vscode_web_ide, current_user)
-  end
-
   def use_new_web_ide?
-    can_use_new_web_ide? && !current_user.use_legacy_web_ide
+    Feature.enabled?(:vscode_web_ide, current_user)
   end
 
   private
diff --git a/app/models/ci/group_variable.rb b/app/models/ci/group_variable.rb
index b03c46a164f..f04f0d27e51 100644
--- a/app/models/ci/group_variable.rb
+++ b/app/models/ci/group_variable.rb
@@ -29,5 +29,13 @@ module Ci
     def audit_details
       key
     end
+
+    def group_name
+      group.name
+    end
+
+    def group_ci_cd_settings_path
+      Gitlab::Routing.url_helpers.group_settings_ci_cd_path(group)
+    end
   end
 end
diff --git a/app/models/concerns/taskable.rb b/app/models/concerns/taskable.rb
index dee1c820f23..bf645e99b5e 100644
--- a/app/models/concerns/taskable.rb
+++ b/app/models/concerns/taskable.rb
@@ -15,19 +15,19 @@ module Taskable
   INCOMPLETE_PATTERN = /\[[[:space:]]\]/.freeze
   ITEM_PATTERN       = %r{
     ^
-    (?:(?:>\s{0,4})*)             # optional blockquote characters
-    ((?:\s*(?:[-+*]|(?:\d+\.)))+) # list prefix (one or more) required - task item has to be always in a list
-    \s+                           # whitespace prefix has to be always presented for a list item
-    (                             # checkbox
+    (?:(?:>\s{0,4})*)               # optional blockquote characters
+    ((?:\s*(?:[-+*]|(?:\d+[.)])))+) # list prefix (one or more) required - task item has to be always in a list
+    \s+                             # whitespace prefix has to be always presented for a list item
+    (                               # checkbox
       #{COMPLETE_PATTERN}|#{INCOMPLETE_PATTERN}
     )
-    (\s.+)                        # followed by whitespace and some text.
+    (\s.+)                          # followed by whitespace and some text.
   }x.freeze
 
   ITEM_PATTERN_UNTRUSTED =
     '^' \
     '(?:(?:>\s{0,4})*)' \
-    '(?P<prefix>(?:\s*(?:[-+*]|(?:\d+\.)))+)' \
+    '(?P<prefix>(?:\s*(?:[-+*]|(?:\d+[.)])))+)' \
     '\s+' \
     '(?P<checkbox>' \
     "#{COMPLETE_PATTERN.source}|#{INCOMPLETE_PATTERN.source}" \
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index b9c3019bc2d..7b1d4b97d3b 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -1917,7 +1917,6 @@ class MergeRequest < ApplicationRecord
 
   def first_contribution?
     return metrics&.first_contribution if merged? & metrics.present?
-    return false if project.team.max_member_access(author_id) > Gitlab::Access::GUEST
 
     !project.merge_requests.merged.exists?(author_id: author_id)
   end
diff --git a/app/models/namespace_setting.rb b/app/models/namespace_setting.rb
index 3ac585a6957..e7f6db38047 100644
--- a/app/models/namespace_setting.rb
+++ b/app/models/namespace_setting.rb
@@ -64,6 +64,8 @@ class NamespaceSetting < ApplicationRecord
   end
 
   def all_ancestors_have_runner_registration_enabled?
+    return false unless Gitlab::CurrentSettings.valid_runner_registrars.include?('group')
+
     return true unless namespace.has_parent?
 
     !self.class.where(namespace_id: namespace.ancestors, runner_registration_enabled: false).exists?
diff --git a/app/models/resource_events/abuse_report_event.rb b/app/models/resource_events/abuse_report_event.rb
index 0e0af8217fd..2cddfc393e3 100644
--- a/app/models/resource_events/abuse_report_event.rb
+++ b/app/models/resource_events/abuse_report_event.rb
@@ -11,7 +11,10 @@ module ResourceEvents
       ban_user: 1,
       block_user: 2,
       delete_user: 3,
-      close_report: 4
+      close_report: 4,
+      ban_user_and_close_report: 5,
+      block_user_and_close_report: 6,
+      delete_user_and_close_report: 7
     }
 
     enum reason: {
@@ -22,7 +25,8 @@ module ResourceEvents
       credentials: 5,
       copyright: 6,
       malware: 7,
-      other: 8
+      other: 8,
+      unconfirmed: 9
     }
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 3dcb0e4d6ca..71c5afb1c79 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -365,7 +365,6 @@ class User < ApplicationRecord
            :markdown_automatic_lists, :markdown_automatic_lists=,
            :diffs_deletion_color, :diffs_deletion_color=,
            :diffs_addition_color, :diffs_addition_color=,
-           :use_legacy_web_ide, :use_legacy_web_ide=,
            :use_new_navigation, :use_new_navigation=,
            :pinned_nav_items, :pinned_nav_items=,
            :achievements_enabled, :achievements_enabled=,
diff --git a/app/models/user_preference.rb b/app/models/user_preference.rb
index 8fb0535a1d6..3a1fce9c0b4 100644
--- a/app/models/user_preference.rb
+++ b/app/models/user_preference.rb
@@ -22,7 +22,6 @@ class UserPreference < ApplicationRecord
   validates :diffs_deletion_color, :diffs_addition_color,
             format: { with: ColorsHelper::HEX_COLOR_PATTERN },
             allow_blank: true
-  validates :use_legacy_web_ide, allow_nil: false, inclusion: { in: [true, false] }
 
   validates :pass_user_identities_to_ci_jwt, allow_nil: false, inclusion: { in: [true, false] }
 
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 24bc19d982a..285721de387 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -106,7 +106,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
   end
 
   condition(:group_runner_registration_allowed, scope: :subject) do
-    Gitlab::CurrentSettings.valid_runner_registrars.include?('group') && @subject.runner_registration_enabled?
+    @subject.runner_registration_enabled?
   end
 
   rule { can?(:read_group) & design_management_enabled }.policy do
@@ -321,10 +321,12 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
 
   rule { resource_access_token_creation_allowed & can?(:read_resource_access_tokens) }.policy do
     enable :create_resource_access_tokens
+    enable :manage_resource_access_tokens
   end
 
   rule { can?(:project_bot_access) }.policy do
     prevent :create_resource_access_tokens
+    prevent :manage_resource_access_tokens
   end
 
   rule { can?(:admin_group_member) }.policy do
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 463d777842e..c963b364e4a 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -827,6 +827,7 @@ class ProjectPolicy < BasePolicy
 
   rule { can?(:admin_project) & resource_access_token_feature_available & resource_access_token_creation_allowed }.policy do
     enable :create_resource_access_tokens
+    enable :manage_resource_access_tokens
   end
 
   rule { can?(:admin_project) }.policy do
@@ -835,6 +836,7 @@ class ProjectPolicy < BasePolicy
 
   rule { can?(:project_bot_access) }.policy do
     prevent :create_resource_access_tokens
+    prevent :manage_resource_access_tokens
   end
 
   rule { user_defined_variables_allowed | can?(:maintainer_access) }.policy do
diff --git a/app/services/admin/abuse_report_update_service.rb b/app/services/admin/abuse_report_update_service.rb
new file mode 100644
index 00000000000..5b2ad27ede4
--- /dev/null
+++ b/app/services/admin/abuse_report_update_service.rb
@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module Admin
+  class AbuseReportUpdateService < BaseService
+    attr_reader :abuse_report, :params, :current_user, :action
+
+    def initialize(abuse_report, current_user, params)
+      @abuse_report = abuse_report
+      @current_user = current_user
+      @params = params
+      @action = determine_action
+    end
+
+    def execute
+      return ServiceResponse.error(message: 'Admin is required') unless current_user&.can_admin_all_resources?
+      return ServiceResponse.error(message: 'Action is required') unless action.present?
+
+      result = perform_action
+      if result[:status] == :success
+        close_report_and_record_event
+        ServiceResponse.success
+      else
+        ServiceResponse.error(message: result[:message])
+      end
+    end
+
+    private
+
+    def determine_action
+      action = params[:user_action]
+      if action.in?(ResourceEvents::AbuseReportEvent.actions.keys)
+        action.to_sym
+      elsif close_report?
+        :close_report
+      end
+    end
+
+    def perform_action
+      case action
+      when :ban_user then ban_user
+      when :block_user then block_user
+      when :delete_user then delete_user
+      when :close_report then close_report
+      end
+    end
+
+    def ban_user
+      Users::BanService.new(current_user).execute(abuse_report.user)
+    end
+
+    def block_user
+      Users::BlockService.new(current_user).execute(abuse_report.user)
+    end
+
+    def delete_user
+      abuse_report.user.delete_async(deleted_by: current_user)
+      success
+    end
+
+    def close_report
+      abuse_report.closed!
+      success
+    end
+
+    def close_report_and_record_event
+      event = action
+
+      if close_report? && action != :close_report
+        close_report
+        event = "#{action}_and_close_report"
+      end
+
+      record_event(event)
+    end
+
+    def close_report?
+      params[:close].to_s == 'true'
+    end
+
+    def record_event(action)
+      reason = params[:reason]
+      unless reason.in?(ResourceEvents::AbuseReportEvent.reasons.keys)
+        reason = ResourceEvents::AbuseReportEvent.reasons[:other]
+      end
+
+      abuse_report.events.create(action: action, user: current_user, reason: reason, comment: params[:comment])
+    end
+  end
+end
diff --git a/app/views/clusters/clusters/show.html.haml b/app/views/clusters/clusters/show.html.haml
index 7660a8e4ac1..bfeb0d3d7f0 100644
--- a/app/views/clusters/clusters/show.html.haml
+++ b/app/views/clusters/clusters/show.html.haml
@@ -32,7 +32,7 @@
       = gl_tabs_nav do
         = render 'clusters/clusters/details_tab'
         = render_if_exists 'clusters/clusters/environments_tab'
-        = render 'clusters/clusters/health_tab'
+        = render 'clusters/clusters/health_tab' if !Feature.enabled?(:remove_monitor_metrics)
         = render 'clusters/clusters/integrations_tab'
         = render 'clusters/clusters/advanced_settings_tab'
 
diff --git a/app/views/groups/_group_admin_settings.html.haml b/app/views/groups/_group_admin_settings.html.haml
index 8547795b4b7..ca11649e162 100644
--- a/app/views/groups/_group_admin_settings.html.haml
+++ b/app/views/groups/_group_admin_settings.html.haml
@@ -32,8 +32,7 @@
   .form-group.gl-form-group
     %legend.col-form-label.col-form-label
       = s_('Runners|Runner Registration')
-    - parent_disabled = Gitlab::CurrentSettings.valid_runner_registrars.exclude?('group') || !@group.all_ancestors_have_runner_registration_enabled?
     = f.gitlab_ui_checkbox_component :runner_registration_enabled,
       s_('Runners|New group runners can be registered'),
-      checkbox_options: { checked: @group.runner_registration_enabled && !parent_disabled, disabled: parent_disabled },
+      checkbox_options: { checked: @group.runner_registration_enabled?, disabled: !@group.all_ancestors_have_runner_registration_enabled? },
       help_text: s_('Runners|Existing runners are not affected. To permit runner registration for all groups, enable this setting in the Admin Area in Settings &gt; CI/CD.').html_safe
diff --git a/app/views/profiles/preferences/show.html.haml b/app/views/profiles/preferences/show.html.haml
index 6d81866e30e..7f8858411ca 100644
--- a/app/views/profiles/preferences/show.html.haml
+++ b/app/views/profiles/preferences/show.html.haml
@@ -140,21 +140,6 @@
         = f.select :first_day_of_week, first_day_of_week_choices_with_default, {}, class: 'gl-form-select custom-select'
     .col-sm-12
       %hr
-  - if Feature.enabled?(:vscode_web_ide, current_user)
-    .row.js-preferences-form.js-search-settings-section
-      .col-lg-4.profile-settings-sidebar#web-ide
-        %h4.gl-mt-0
-          = s_('Preferences|Web IDE')
-        %p
-          = s_('Preferences|The Web IDE Beta is the default Web IDE experience.')
-          = link_to _('Learn more'), help_page_path('user/project/web_ide_beta/index.md'), target: '_blank', rel: 'noopener noreferrer'
-      .col-lg-8
-        .form-group
-          = f.gitlab_ui_checkbox_component :use_legacy_web_ide,
-            s_('Preferences|Opt out of the Web IDE Beta'),
-            help_text: s_('Preferences|The Web IDE remains available alongside the Beta.')
-      .col-sm-12
-        %hr
   .row.js-preferences-form.js-search-settings-section
     .col-lg-4.profile-settings-sidebar#time-preferences
       %h4.gl-mt-0
@@ -172,17 +157,17 @@
     .row.js-preferences-form.js-search-settings-section
       .col-sm-12
         %hr
-      .col-lg-4.profile-settings-sidebar#disabled_following
+      .col-lg-4.profile-settings-sidebar#enabled_following
         %h4.gl-mt-0
-          = s_('Preferences|Disable follow users feature')
+          = s_('Preferences|Enable follow users feature')
         %p
-          = s_('Preferences|Turns off the ability to follow or be followed by other users.')
+          = s_('Preferences|Turns on or off the ability to follow or be followed by other users.')
           = succeed '.' do
             = link_to _('Learn more'), help_page_path('user/profile/index', anchor: 'follow-users'), target: '_blank', rel: 'noopener noreferrer'
       .col-lg-8
         .form-group
           = f.gitlab_ui_checkbox_component :enabled_following,
-          s_('Preferences|Disable follow users')
+          s_('Preferences|Enable follow users')
 
 
   #js-profile-preferences-app{ data: data_attributes }
diff --git a/config/routes/admin.rb b/config/routes/admin.rb
index 921600125e2..d9cd60f8086 100644
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -35,7 +35,7 @@ namespace :admin do
 
   resource :impersonation, only: :destroy
 
-  resources :abuse_reports, only: [:index, :show, :destroy]
+  resources :abuse_reports, only: [:index, :show, :update, :destroy]
   resources :gitaly_servers, only: [:index]
 
   resources :spam_logs, only: [:index, :destroy] do
diff --git a/data/deprecations/15-10-gitaly-legacy-config.yml b/data/deprecations/15-10-gitaly-legacy-config.yml
index 77f045defb1..cbfc923a16f 100644
--- a/data/deprecations/15-10-gitaly-legacy-config.yml
+++ b/data/deprecations/15-10-gitaly-legacy-config.yml
@@ -30,6 +30,6 @@
   # OTHER OPTIONAL FIELDS
   #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/15-10-helm-chart-updates.yml b/data/deprecations/15-10-helm-chart-updates.yml
index edfdf1b7ae0..08be6fd477c 100644
--- a/data/deprecations/15-10-helm-chart-updates.yml
+++ b/data/deprecations/15-10-helm-chart-updates.yml
@@ -23,7 +23,7 @@
   breaking_change: true  # (required) Change to false if this is not a breaking change.
   reporter: twk3  # (required) GitLab username of the person reporting the change
   stage: enablement  # (required) String value of the stage that the feature was created in. e.g., Growth
-  issue_url: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3442 # (required) Link to the deprecation issue in GitLab
+  issue_url: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3442  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     To coincide with GitLab 16.0, the GitLab Helm Chart will release the 7.0 major version. The following major bundled chart updates will be included:
 
diff --git a/data/deprecations/15-11-geo-project-redownload.yml b/data/deprecations/15-11-geo-project-redownload.yml
index 6b53a0fb6f8..229bab04b0a 100644
--- a/data/deprecations/15-11-geo-project-redownload.yml
+++ b/data/deprecations/15-11-geo-project-redownload.yml
@@ -39,7 +39,7 @@
   #
   # OTHER OPTIONAL FIELDS
   #
-  tiers: ["Premium", "Ultimate"] # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  tiers: ["Premium", "Ultimate"]  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
   documentation_url:  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml b/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml
index 493b3807aae..d9cd4bfb262 100644
--- a/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml
+++ b/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml
@@ -2,11 +2,11 @@
   announcement_milestone: "15.11"  # (required) The milestone when this feature was first announced as deprecated.
   announcement_date: "2023-04-22"  # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
   removal_milestone: "16.1"  # (required) The milestone when this feature is planned to be removed
-  removal_date: "2023-06-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  removal_date: "2023-06-22"  # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
   breaking_change: false  # (required) If this deprecation is a breaking change, set this value to true
   reporter: DarrenEastman  # (required) GitLab username of the person reporting the deprecation
-  stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth
-  issue_url: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29639 # (required) Link to the deprecation issue in GitLab
+  stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29639  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     We will stop publishing runner images based on the following, end-of-life Alpine versions:
 
@@ -14,11 +14,11 @@
     - Alpine 3.13
     - Alpine 3.14 (end-of-life on 2023-05-23)
   end_of_support_milestone: "16.1"  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
-  end_of_support_date: "2023-06-22" # (optional) The date of the milestone release when support for this feature will end.
+  end_of_support_date: "2023-06-22"  # (optional) The date of the milestone release when support for this feature will end.
 
-# OTHER OPTIONAL FIELDS
-#
+  # OTHER OPTIONAL FIELDS
+  #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/runner/install/docker.html#gitlab-runner-container-images-support-lifecycle # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/runner/install/docker.html#gitlab-runner-container-images-support-lifecycle  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/15-8-third-party-registries.yml b/data/deprecations/15-8-third-party-registries.yml
index 6d583cd3d19..83380581505 100644
--- a/data/deprecations/15-8-third-party-registries.yml
+++ b/data/deprecations/15-8-third-party-registries.yml
@@ -21,4 +21,4 @@
 # If an End of Support period applies, the announcement should be shared with GitLab Support
 # in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
 #
-  end_of_support_milestone: 16.0 # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  end_of_support_milestone: 16.0  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
diff --git a/data/deprecations/15-9-JWT-OIDC.yml b/data/deprecations/15-9-JWT-OIDC.yml
index 1afd5056104..48e1b862032 100644
--- a/data/deprecations/15-9-JWT-OIDC.yml
+++ b/data/deprecations/15-9-JWT-OIDC.yml
@@ -7,22 +7,36 @@
   stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/366798  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
-    Now that we have released [ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html)
-    with OIDC support, the old JSON web tokens are deprecated.
-    Both the `CI_JOB_JWT` and `CI_JOB_JWT_V2` tokens, exposed to jobs as predefined variables, will:
+    [ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html) with OIDC support
+    were introduced in GitLab 15.7. These tokens are more configurable than the old JSON web tokens (JWTs), are OIDC compliant,
+    and only available in CI/CD jobs that explictly have ID tokens configured.
+    ID tokens are more secure than the old `CI_JOB_JWT*` JSON web tokens which are exposed in every job,
+    and as a result these old JSON web tokens are deprecated:
 
-    - Not be creatable in GitLab 16.0 and later.
-    - Be removed in GitLab 16.5.
+    - `CI_JOB_JWT`
+    - `CI_JOB_JWT_V1`
+    - `CI_JOB_JWT_V2`
 
-    To prepare for this change:
+    To prepare for this change, configure your pipelines to use [ID tokens](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens)
+    instead of the deprecated tokens. For OIDC compliance, the `iss` claim now uses
+    the fully qualified domain name, for example `https://example.com`, previously
+    introduced with the `CI_JOB_JWT_V2` token.
 
-    - Before the release of GitLab 16.5, configure your pipelines to use the fully configurable and more secure
-      [`id_token`](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens) keyword instead.
-    - [Enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
-      setting, which prevents the old tokens from being exposed to any jobs.
+    In GitLab 15.9 to 15.11, you can [enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
+    setting, which prevents the old tokens from being exposed to any jobs and enables
+    [ID token authentication for the `secrets:vault` keyword](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+
+    In GitLab 16.0 and later:
+
+    - This setting will be removed.
+    - CI/CD jobs that use the `id_tokens` keyword can use ID tokens with `secrets:vault`,
+      and will not have any `CI_JOB_JWT*` tokens available.
+    - Jobs that do not use the `id_tokens` keyword will continue to have the `CI_JOB_JWT*`
+      tokens available until GitLab 16.5.
+
+    In GitLab 16.5, the deprecated tokens will be completely removed and will no longer
+    be available in CI/CD jobs.
 
-      In GitLab 16.0 and later, the ability to set this option will be removed and all new projects will have the option
-      enabled.
 #
 # If an End of Support period applies, the announcement should be shared with GitLab Support
 # in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
diff --git a/data/deprecations/16-0-CiRunner-projects-default-sort.yml b/data/deprecations/16-0-CiRunner-projects-default-sort.yml
index 871406058e6..d462afb757b 100644
--- a/data/deprecations/16-0-CiRunner-projects-default-sort.yml
+++ b/data/deprecations/16-0-CiRunner-projects-default-sort.yml
@@ -7,7 +7,7 @@
   breaking_change: true  # (required) Change to false if this is not a breaking change.
   reporter: pedropombeiro  # (required) GitLab username of the person reporting the change
   stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
-  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/372117 # (required) Link to the deprecation issue in GitLab
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/372117  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     The `CiRunner.projects`'s field default sort order value will change from `id_asc` to `id_desc`.
     If you rely on the order of the returned projects to be `id_asc`, change your scripts to make the choice explicit.
@@ -22,6 +22,6 @@
   # OTHER OPTIONAL FIELDS
   #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerprojects # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerprojects  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/16-0-Vault-integration.yml b/data/deprecations/16-0-Vault-integration.yml
index e08666e67ff..987ac2bed3c 100644
--- a/data/deprecations/16-0-Vault-integration.yml
+++ b/data/deprecations/16-0-Vault-integration.yml
@@ -19,20 +19,28 @@
 #
 - title: "HashiCorp Vault integration will no longer use CI_JOB_JWT by default"
   announcement_milestone: "15.9"  # (required) The milestone when this feature was first announced as deprecated.
-  removal_milestone: "16.0"  # (required) The milestone when this feature is planned to be removed
+  removal_milestone: "16.5"  # (required) The milestone when this feature is planned to be removed
   breaking_change: true  # (required) Change to false if this is not a breaking change.
   reporter: dhershkovitch  # (required) GitLab username of the person reporting the change
-  stage: stage  # (required) String value of the stage that the feature was created in. e.g., Growth
+  stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/366798  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
-    As part of our effort to improve the security of your CI workflows using JWT and OIDC, the native HashiCorp integration is also being updated in GitLab 16.0. Any projects that use the [`secrets:vault`](https://docs.gitlab.com/ee/ci/yaml/#secretsvault) keyword to retrieve secrets from Vault will need to be [configured to use ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+    As part of our effort to improve the security of your CI workflows using JWT and OIDC, the native HashiCorp integration is also being updated in GitLab 16.0. Any projects that use the [`secrets:vault`](https://docs.gitlab.com/ee/ci/yaml/#secretsvault) keyword to retrieve secrets from Vault will need to be [configured to use the ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication). ID tokens were introduced in 15.7.
 
-    To be prepared for this change, you should do the following before GitLab 16.0:
+    To prepare for this change, use the new [`id_tokens`](https://docs.gitlab.com/ee/ci/yaml/#id_tokens)
+    keyword and configure the `aud` claim. Ensure the bound audience is prefixed with `https://`.
 
-    - [Disable the use of JSON web tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication) in the pipeline.
-    - Ensure the bound audience is prefixed with `https://`.
-    - Use the new [`id_tokens`](https://docs.gitlab.com/ee/ci/yaml/#id_tokens) keyword
-      and configure the `aud` claim.
+    In GitLab 15.9 to 15.11, you can [enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
+    setting, which prevents the old tokens from being exposed to any jobs and enables
+    [ID token authentication for the `secrets:vault` keyword](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+
+    In GitLab 16.0 and later:
+
+    - This setting will be removed.
+    - CI/CD jobs that use the `id_tokens` keyword can use ID tokens with `secrets:vault`,
+      and will not have any `CI_JOB_JWT*` tokens available.
+    - Jobs that do not use the `id_tokens` keyword will continue to have the `CI_JOB_JWT*`
+      tokens available until GitLab 16.5.
 # If an End of Support period applies, the announcement should be shared with GitLab Support
 # in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
 #
diff --git a/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml b/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml
index 4f17f60fc85..cfe4b39deac 100644
--- a/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml
+++ b/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml
@@ -19,6 +19,6 @@
   # OTHER OPTIONAL FIELDS
   #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerupgradestatus # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerupgradestatus  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/templates/_deprecation_template.md.erb b/data/deprecations/templates/_deprecation_template.md.erb
index 4733e8bd515..bbca07fbd3c 100644
--- a/data/deprecations/templates/_deprecation_template.md.erb
+++ b/data/deprecations/templates/_deprecation_template.md.erb
@@ -59,7 +59,10 @@ and [GraphQL](https://docs.gitlab.com/ee/api/graphql/removed_items.html) depreca
 - End of Support: GitLab <span class="milestone"><%= deprecation["end_of_support_milestone"]%></span>
 <% end -%>
 <% if deprecation["breaking_change"] -%>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+<%- end -%>
+<% if deprecation["issue_url"] -%>
+- To discuss this change or learn more, see the [deprecation issue](<%= deprecation["issue_url"]%>).
 <%- end -%>
 </div>
 
diff --git a/data/removals/15_10/15_10-non-public-artifacts.yml b/data/removals/15_10/15_10-non-public-artifacts.yml
index bea672d2f22..4a21cf8b612 100644
--- a/data/removals/15_10/15_10-non-public-artifacts.yml
+++ b/data/removals/15_10/15_10-non-public-artifacts.yml
@@ -19,7 +19,7 @@
 #
 # OPTIONAL FIELDS
 #
-  tiers: Free # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic # (optional) This is a link to the current documentation page
+  tiers: Free  # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/removals/16_0/16-0-job_age.yml b/data/removals/16_0/16-0-job_age.yml
new file mode 100644
index 00000000000..8a31b1ad870
--- /dev/null
+++ b/data/removals/16_0/16-0-job_age.yml
@@ -0,0 +1,11 @@
+- title: "Removal of job_age parameter in `POST /jobs/request` Runner endpoint"
+  announcement_milestone: "15.2"  # (required) The milestone when this feature was deprecated.
+  removal_milestone: "16.0"  # (required) The milestone when this feature is being removed.
+  breaking_change: true  # (required) Change to false if this is not a breaking change.
+  reporter: jreporter  # (required) GitLab username of the person reporting the removal
+  stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334253  # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    The `job_age` parameter, returned from the `POST /jobs/request` API endpoint used in communication with GitLab Runner, has been removed in GitLab 16.0.
+
+    This could be a breaking change for anyone that developed their own runner that relies on this parameter being returned by the endpoint. This is not a breaking change for anyone using an officially released version of GitLab Runner, including public shared runners on GitLab.com.
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index b4d43886c97..27dee816dff 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -8989,6 +8989,29 @@ The edge type for [`IncidentManagementOncallShift`](#incidentmanagementoncallshi
 | <a id="incidentmanagementoncallshiftedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
 | <a id="incidentmanagementoncallshiftedgenode"></a>`node` | [`IncidentManagementOncallShift`](#incidentmanagementoncallshift) | The item at the end of the edge. |
 
+#### `InheritedCiVariableConnection`
+
+The connection type for [`InheritedCiVariable`](#inheritedcivariable).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="inheritedcivariableconnectionedges"></a>`edges` | [`[InheritedCiVariableEdge]`](#inheritedcivariableedge) | A list of edges. |
+| <a id="inheritedcivariableconnectionnodes"></a>`nodes` | [`[InheritedCiVariable]`](#inheritedcivariable) | A list of nodes. |
+| <a id="inheritedcivariableconnectionpageinfo"></a>`pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
+
+#### `InheritedCiVariableEdge`
+
+The edge type for [`InheritedCiVariable`](#inheritedcivariable).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="inheritedcivariableedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
+| <a id="inheritedcivariableedgenode"></a>`node` | [`InheritedCiVariable`](#inheritedcivariable) | The item at the end of the edge. |
+
 #### `InstanceExternalAuditEventDestinationConnection`
 
 The connection type for [`InstanceExternalAuditEventDestination`](#instanceexternalauditeventdestination).
@@ -16009,6 +16032,24 @@ A block of time for which a participant is on-call.
 | <a id="incidentmanagementoncallshiftparticipant"></a>`participant` | [`OncallParticipantType`](#oncallparticipanttype) | Participant assigned to the on-call shift. |
 | <a id="incidentmanagementoncallshiftstartsat"></a>`startsAt` | [`Time`](#time) | Start time of the on-call shift. |
 
+### `InheritedCiVariable`
+
+CI/CD variables a project inherites from its parent group and ancestors.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="inheritedcivariableenvironmentscope"></a>`environmentScope` | [`String`](#string) | Scope defining the environments that can use the variable. |
+| <a id="inheritedcivariablegroupcicdsettingspath"></a>`groupCiCdSettingsPath` | [`String`](#string) | Indicates the path to the CI/CD settings of the group the variable belongs to. |
+| <a id="inheritedcivariablegroupname"></a>`groupName` | [`String`](#string) | Indicates group the variable belongs to. |
+| <a id="inheritedcivariableid"></a>`id` | [`ID!`](#id) | ID of the variable. |
+| <a id="inheritedcivariablekey"></a>`key` | [`String`](#string) | Name of the variable. |
+| <a id="inheritedcivariablemasked"></a>`masked` | [`Boolean`](#boolean) | Indicates whether the variable is masked. |
+| <a id="inheritedcivariableprotected"></a>`protected` | [`Boolean`](#boolean) | Indicates whether the variable is protected. |
+| <a id="inheritedcivariableraw"></a>`raw` | [`Boolean`](#boolean) | Indicates whether the variable is raw. |
+| <a id="inheritedcivariablevariabletype"></a>`variableType` | [`CiVariableType`](#civariabletype) | Type of the variable. |
+
 ### `InstanceExternalAuditEventDestination`
 
 Represents an external resource to send instance audit events to.
@@ -18914,6 +18955,7 @@ Represents a product analytics dashboard visualization.
 | <a id="projectid"></a>`id` | [`ID!`](#id) | ID of the project. |
 | <a id="projectimportstatus"></a>`importStatus` | [`String`](#string) | Status of import background job of the project. |
 | <a id="projectincidentmanagementtimelineeventtags"></a>`incidentManagementTimelineEventTags` | [`[TimelineEventTagType!]`](#timelineeventtagtype) | Timeline event tags for the project. |
+| <a id="projectinheritedcivariables"></a>`inheritedCiVariables` | [`InheritedCiVariableConnection`](#inheritedcivariableconnection) | List of CI/CD variables the project inherited from its parent group and ancestors. (see [Connections](#connections)) |
 | <a id="projectiscatalogresource"></a>`isCatalogResource` **{warning-solid}** | [`Boolean`](#boolean) | **Introduced** in 15.11. This feature is an Experiment. It can be changed or removed at any time. Indicates if a project is a catalog resource. |
 | <a id="projectissuesenabled"></a>`issuesEnabled` | [`Boolean`](#boolean) | Indicates if Issues are enabled for the current user. |
 | <a id="projectjiraimportstatus"></a>`jiraImportStatus` | [`String`](#string) | Status of Jira import background job of the project. |
diff --git a/doc/ci/cloud_services/aws/index.md b/doc/ci/cloud_services/aws/index.md
index 733105e9ddf..e3655e67c7f 100644
--- a/doc/ci/cloud_services/aws/index.md
+++ b/doc/ci/cloud_services/aws/index.md
@@ -6,6 +6,10 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Configure OpenID Connect in AWS to retrieve temporary credentials **(FREE)**
 
+WARNING:
+`CI_JOB_JWT_V2` was [deprecated in GitLab 15.9](../../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated)
+and is scheduled to be removed in GitLab 16.5. Use [ID tokens](../../yaml/index.md#id_tokens) instead.
+
 In this tutorial, we'll show you how to use a GitLab CI/CD job with a JSON web token (JWT) to retrieve temporary credentials from AWS without needing to store secrets.
 To do this, you must configure OpenID Connect (OIDC) for ID federation between GitLab and AWS. For background and requirements for integrating GitLab using OIDC, see [Connect to cloud services](../index.md).
 
diff --git a/doc/ci/cloud_services/azure/index.md b/doc/ci/cloud_services/azure/index.md
index c99e30e8bac..912e6597985 100644
--- a/doc/ci/cloud_services/azure/index.md
+++ b/doc/ci/cloud_services/azure/index.md
@@ -6,6 +6,10 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Configure OpenID Connect in Azure to retrieve temporary credentials **(FREE)**
 
+WARNING:
+`CI_JOB_JWT_V2` was [deprecated in GitLab 15.9](../../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated)
+and is scheduled to be removed in GitLab 16.5. Use [ID tokens](../../yaml/index.md#id_tokens) instead.
+
 This tutorial demonstrates how to use a JSON web token (JWT) in a GitLab CI/CD job
 to retrieve temporary credentials from Azure without needing to store secrets.
 
diff --git a/doc/ci/cloud_services/google_cloud/index.md b/doc/ci/cloud_services/google_cloud/index.md
index 352b56cd8c6..5ed22883518 100644
--- a/doc/ci/cloud_services/google_cloud/index.md
+++ b/doc/ci/cloud_services/google_cloud/index.md
@@ -6,9 +6,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Configure OpenID Connect with GCP Workload Identity Federation **(FREE)**
 
-NOTE:
+WARNING:
 `CI_JOB_JWT_V2` was [deprecated in GitLab 15.9](../../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated)
-and is scheduled to be removed in GitLab 16.0. Use [ID tokens](../../yaml/index.md#id_tokens) instead.
+and is scheduled to be removed in GitLab 16.5. Use [ID tokens](../../yaml/index.md#id_tokens) instead.
 
 This tutorial demonstrates authenticating to Google Cloud from a GitLab CI/CD job
 using a JSON Web Token (JWT) token and Workload Identity Federation. This configuration
diff --git a/doc/ci/cloud_services/index.md b/doc/ci/cloud_services/index.md
index 500a3bb702d..54cadc9e1b6 100644
--- a/doc/ci/cloud_services/index.md
+++ b/doc/ci/cloud_services/index.md
@@ -10,6 +10,10 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - `CI_JOB_JWT_V2` variable to support additional OIDC providers [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346737) in GitLab 14.7.
 > - [ID tokens](../yaml/index.md#id_tokens) to support any OIDC provider, including HashiCorp Vault, [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356986) in GitLab 15.7.
 
+WARNING:
+`CI_JOB_JWT` and `CI_JOB_JWT_V2` were [deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated)
+and are scheduled to be removed in GitLab 16.5. Use [ID tokens](../yaml/index.md#id_tokens) instead.
+
 GitLab CI/CD supports [OpenID Connect (OIDC)](https://openid.net/connect/faq/) to
 give your build and deployment jobs access to cloud credentials and services.
 Historically, teams stored secrets in projects or applied permissions on the GitLab Runner
@@ -19,24 +23,18 @@ in the CI/CD job allowing you to follow a scalable and least-privilege security
 In GitLab 15.6 and earlier, you must use `CI_JOB_JWT_V2` instead of an ID token,
 but it is not customizable. In GitLab 14.6 an earlier you must use the `CI_JOB_JWT`, which has limited support.
 
-NOTE:
-`CI_JOB_JWT` and `CI_JOB_JWT_V2` were [deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated)
-and are scheduled to be removed in GitLab 16.5. Use [ID tokens](../yaml/index.md#id_tokens) instead.
-
 ## Prerequisites
 
 - Account on GitLab.
 - Access to a cloud provider that supports OIDC to configure authorization and create roles.
 
-ID tokens and `CI_JOB_JWT_V2` support cloud providers with OIDC, including:
+ID tokens support cloud providers with OIDC, including:
 
 - AWS
 - Azure
 - GCP
 - HashiCorp Vault
 
-The `CI_JOB_JWT` only supports the [HashiCorp Vault integration](../examples/authenticating-with-hashicorp-vault/index.md).
-
 NOTE:
 Configuring OIDC enables JWT token access to the target environments for all pipelines.
 When you configure OIDC for a pipeline, you should complete a software supply chain security
diff --git a/doc/ci/components/index.md b/doc/ci/components/index.md
new file mode 100644
index 00000000000..82040d5990c
--- /dev/null
+++ b/doc/ci/components/index.md
@@ -0,0 +1,201 @@
+---
+stage: Verify
+group: Pipeline Authoring
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference
+---
+
+# CI/CD Components (Experimental)
+
+> Introduced in GitLab 16.0 as an [experimental feature](../../policy/alpha-beta-support.md).
+
+FLAG:
+On self-managed GitLab, by default this feature is not available.
+To make it available, ask an administrator to enable the feature flag named `ci_namespace_catalog_experimental`.
+On GitLab.com, this feature is not available. This feature is not ready for production use.
+
+This feature is an experimental feature and [an epic exists](https://gitlab.com/groups/gitlab-org/-/epics/9897)
+to track future work. Tell us about your use case by leaving comments in the epic.
+
+## Components Repository
+
+A components repository is a GitLab project with a repository that hosts one or more pipeline components. A pipeline component is a reusable single pipeline configuration unit. You can use them to compose an entire pipeline configuration or a small part of a larger pipeline. It can optionally take [input parameters](../yaml/includes.md#define-input-parameters-with-specinputs).
+
+### Create a components repository
+
+To create a components repository, you must:
+
+1. [Create a new project](../../user/project/index.md#create-a-blank-project) with a `README.md` file.
+
+1. Create a `template.yml` file inside the project's root directory that contains the configuration you want to provide as a component. For example:
+
+   ```yaml
+   spec:
+     inputs:
+       stage:
+         default: test
+   ---
+   component-job:
+     script: echo job 1
+     stage: $[[ inputs.stage ]]
+   ```
+
+### Directory structure
+
+A components repository can host one or more components.
+
+Components repositories must follow a mandatory file structure, containing:
+
+- `template.yml`: The component configuration, one file per component. If there is
+  only one component, this file can be in the root of the project. If there are multiple
+  components, each file must be in a separate subdirectory.
+- `README.md`: A documentation file explaining the details of the all the components in the repository.
+
+For example, if the project is on GitLab.com, named `my-component`, and in a personal
+namespace named `my-username`:
+
+- Containing a single component and a simple pipeline to test the component, then
+  the file structure might be:
+
+  ```plaintext
+  ├── template.yml
+  ├── README.md
+  └── .gitlab-ci.yml
+  ```
+
+  This component is referenced with the path `gitlab.com/my-username/my-component@<version>`.
+
+- Containing one default component and multiple sub-components, then the file structure
+  might be:
+
+  ```plaintext
+  ├── template.yml
+  ├── README.md
+  ├── .gitlab-ci.yml
+  ├── unit/
+  │   └── template.yml
+  └── integration/
+      └── template.yml
+  ```
+
+  These components are identified by these paths:
+
+  - `gitlab.com/my-username/my-component`
+  - `gitlab.com/my-username/my-component/unit`
+  - `gitlab.com/my-username/my-component/integration`
+
+It is possible to have a components repository with no default component, by having
+no `template.yml` in the root directory.
+
+**Additional notes:**
+
+Nesting of components is not possible. For example:
+
+```plaintext
+├── unit/
+│   └── template.yml
+│   └── another_folder/
+│       └── nested_template.yml
+```
+
+### Test a component
+
+Testing components as part of the development workflow to ensure that quality maintains high standards is strongly recommended.
+
+Testing changes in a CI/CD pipeline can be done, like any other project, by creating a `.gitlab-ci.yml` in the root directory.
+
+For example:
+
+```yaml
+include:
+  # include the component located in the current project from the current SHA
+  - component: gitlab.com/$CI_PROJECT_PATH@$CI_COMMIT_SHA
+    inputs:
+      stage: build
+
+stages: [build, test, release]
+
+# Expect `component-job` is added.
+# This is an example of testing that the included component works as expected.
+# You can leverage GitLab API endpoints or 3rd party tools to inspect data generated by the component.
+ensure-job-added:
+  stage: test
+  image: badouralix/curl-jq
+  script:
+    - |
+      route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
+      count=`curl --silent --header "PRIVATE-TOKEN: $API_TOKEN" $route | jq 'map(select(.name | contains("component-job"))) | length'`
+      if [ "$count" != "1" ]; then
+        exit 1
+      fi
+
+# If we are tagging a release with a specific convention ("v" + number) and all
+# previous checks succeeded, we proceed with creating a release automatically.
+create-release:
+  stage: release
+  image: registry.gitlab.com/gitlab-org/release-cli:latest
+  rules:
+    - if: $CI_COMMIT_TAG =~ /^v\d+/
+  script: echo "Creating release $CI_COMMIT_TAG"
+  release:
+    tag_name: $CI_COMMIT_TAG
+    description: "Release $CI_COMMIT_TAG of components repository $CI_PROJECT_PATH"
+```
+
+After committing and pushing changes, the pipeline tests the component then releases it if the test passes.
+
+### Release a component
+
+Component repositories are released using the [`release`](../yaml/index.md#release) keyword within a CI pipeline.
+
+Like in the [example above](#test-a-component), after all tests pass in a pipeline running for a tag ref, we can release a new version of the components repository.
+
+All released versions of the components repository are displayed in the Components Catalog page for the given resource, providing users with information about official releases.
+
+### Use a component in a CI/CD configuration
+
+A pipeline component is identified by a unique address in the form `<fully-qualified-doman-name>/<component-path>@<version>`
+containing:
+
+- **A fully qualified domain name (FQDN)**: The FQDN must match the GitLab host.
+- **A specific version**: The version of the component can be (in order of highest priority first):
+  - A commit SHA, for example `gitlab.com/gitlab-org/dast@e3262fdd0914fa823210cdb79a8c421e2cef79d8`.
+  - A tag. for example: `gitlab.com/gitlab-org/dast@1.0`.
+  - `~latest`, which is a special version that always points to the most recent released tag,
+     for example `gitlab.com/gitlab-org/dast@~latest`.
+  - A branch name, for example `gitlab.com/gitlab-org/dast@main`.
+- **A component path**: Contains the project's full path and the directory where the component YAML file `template.yml` is located.
+
+For example, for a component repository located at `gitlab-org/dast` on `gitlab.com`:
+
+- The path `gitlab.com/gitlab-org/dast` tries to load the `template.yml` from the root directory.
+- The path `gitalb.com/gitlab-org/dast/api-scan` tries to load the `template.yml` from the `/api-scan` directory.
+
+**Additional notes:**
+
+- If a tag and branch exist with the same name, the tag takes precedence over the branch.
+- If a tag is named the same as a commit SHA that exists, like `e3262fdd0914fa823210cdb79a8c421e2cef79d8`,
+  the commit SHA takes precedence over the tag.
+
+## Components catalog
+
+The CI/CD Catalog is a list of [components repositories](#components-repository),
+each containing resources that you can add to your CI/CD pipelines.
+
+### Mark the project as a catalog resource
+
+After components are added to a components repository, they can immediately be [used](#use-a-component-in-a-cicd-configuration) to build pipelines in other projects.
+
+However, this repository is not discoverable. You must mark this project as a catalog resource to allow it to be visible in the CI Catalog
+so other users can discover it.
+
+To mark a project as a catalog resource, run the following [graphQL](../../api/graphql/index.md)
+mutation:
+
+```graphql
+mutation {
+    catalogResourcesCreate(input: { projectPath: "path-to-project"}) {
+      errors
+  }
+}
+```
diff --git a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
index a9922920c05..a5289ca0a4d 100644
--- a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
+++ b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
@@ -7,11 +7,13 @@ type: tutorial
 
 # Authenticating and reading secrets with HashiCorp Vault (Deprecated) **(PREMIUM)**
 
-This tutorial demonstrates how to authenticate, configure, and read secrets with HashiCorp's Vault from GitLab CI/CD.
-
-NOTE:
+WARNING:
 Authenticating with HashiCorp Vault by using `CI_JOB_JWT` was [deprecated in GitLab 15.9](../../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated)
-and the token is scheduled to be removed in GitLab 16.0. Use [ID tokens to authenticate with HashiCorp Vault](../../secrets/id_token_authentication.md#automatic-id-token-authentication-with-hashicorp-vault) instead.
+and the token is scheduled to be removed in GitLab 16.5. This change is a breaking change.
+Use [ID tokens to authenticate with HashiCorp Vault](../../secrets/id_token_authentication.md#automatic-id-token-authentication-with-hashicorp-vault)
+instead.
+
+This tutorial demonstrates how to authenticate, configure, and read secrets with HashiCorp's Vault from GitLab CI/CD.
 
 ## Prerequisites
 
diff --git a/doc/ci/secrets/id_token_authentication.md b/doc/ci/secrets/id_token_authentication.md
index 6c02c29628e..1ff2a6efbcf 100644
--- a/doc/ci/secrets/id_token_authentication.md
+++ b/doc/ci/secrets/id_token_authentication.md
@@ -7,6 +7,8 @@ type: tutorial
 
 # OpenID Connect (OIDC) Authentication Using ID Tokens **(FREE)**
 
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356986) in GitLab 15.7.
+
 You can authenticate with third party services using GitLab CI/CD's
 [ID tokens](../yaml/index.md#id_tokens).
 
@@ -130,23 +132,6 @@ manual_authentication:
 You can use ID tokens to automatically fetch secrets from HashiCorp Vault with the
 [`secrets`](../yaml/index.md#secrets) keyword.
 
-<!--- start_remove The following content will be removed on remove_date: '2023-08-22' -->
-
-### Enable automatic ID token authentication (deprecated)
-
-WARNING:
-This setting was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/391886) in GitLab 16.0.
-ID token authentication is now always available, and JSON Web Token access is always limited.
-
-To enable automatic ID token authentication:
-
-1. On the top bar, select **Main menu > Projects** and find your project.
-1. On the left sidebar, select **Settings > CI/CD**.
-1. Expand **Token Access**.
-1. Toggle **Limit JSON Web Token (JWT) access** to enabled.
-
-<!--- end_remove -->
-
 ### Configure automatic ID Token authentication
 
 If one ID token is defined, the `secrets` keyword automatically uses it to authenticate with Vault. For example:
@@ -183,3 +168,20 @@ job_with_secrets:
     - access-first-db.sh --token $FIRST_DB_PASSWORD
     - access-second-db.sh --token $SECOND_DB_PASSWORD
 ```
+
+<!--- start_remove The following content will be removed on remove_date: '2023-08-22' -->
+
+### Enable automatic ID token authentication (deprecated)
+
+WARNING:
+This setting was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/391886) in GitLab 16.0.
+ID token authentication is now always available, and JSON Web Token access is always limited.
+
+To enable automatic ID token authentication:
+
+1. On the top bar, select **Main menu > Projects** and find your project.
+1. On the left sidebar, select **Settings > CI/CD**.
+1. Expand **Token Access**.
+1. Toggle **Limit JSON Web Token (JWT) access** to enabled.
+
+<!--- end_remove -->
diff --git a/doc/ci/variables/predefined_variables.md b/doc/ci/variables/predefined_variables.md
index 3de36479de7..001a599776a 100644
--- a/doc/ci/variables/predefined_variables.md
+++ b/doc/ci/variables/predefined_variables.md
@@ -68,9 +68,9 @@ as it can cause the pipeline to behave unexpectedly.
 | `CI_HAS_OPEN_REQUIREMENTS`               | 13.1   | all    | Only available if the pipeline's project has an open [requirement](../../user/project/requirements/index.md). `true` when available. |
 | `CI_JOB_ID`                              | 9.0    | all    | The internal ID of the job, unique across all jobs in the GitLab instance. |
 | `CI_JOB_IMAGE`                           | 12.9   | 12.9   | The name of the Docker image running the job. |
-| `CI_JOB_JWT` (Deprecated)                | 12.10  | all    | A RS256 JSON web token to authenticate with third party systems that support JWT authentication, for example [HashiCorp's Vault](../secrets/index.md). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 16.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
-| `CI_JOB_JWT_V1` (Deprecated)             | 14.6   | all    | The same value as `CI_JOB_JWT`. [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 16.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
-| `CI_JOB_JWT_V2` (Deprecated)             | 14.6   | all    | A newly formatted RS256 JSON web token to increase compatibility. Similar to `CI_JOB_JWT`, except the issuer (`iss`) claim is changed from `gitlab.com` to `https://gitlab.com`, `sub` has changed from `job_id` to a string that contains the project path, and an `aud` claim is added. The `aud` field is a constant value. Trusting JWTs in multiple relying parties can lead to [one RP sending a JWT to another one and acting maliciously as a job](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72555#note_769112331). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 16.0. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
+| `CI_JOB_JWT` (Deprecated)                | 12.10  | all    | A RS256 JSON web token to authenticate with third party systems that support JWT authentication, for example [HashiCorp's Vault](../secrets/index.md). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 16.5. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
+| `CI_JOB_JWT_V1` (Deprecated)             | 14.6   | all    | The same value as `CI_JOB_JWT`. [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 16.5. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
+| `CI_JOB_JWT_V2` (Deprecated)             | 14.6   | all    | A newly formatted RS256 JSON web token to increase compatibility. Similar to `CI_JOB_JWT`, except the issuer (`iss`) claim is changed from `gitlab.com` to `https://gitlab.com`, `sub` has changed from `job_id` to a string that contains the project path, and an `aud` claim is added. The `aud` field is a constant value. Trusting JWTs in multiple relying parties can lead to [one RP sending a JWT to another one and acting maliciously as a job](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72555#note_769112331). [Deprecated in GitLab 15.9](../../update/deprecations.md#old-versions-of-json-web-tokens-are-deprecated) and scheduled to be removed in GitLab 16.5. Use [ID tokens](../yaml/index.md#id_tokens) instead. |
 | `CI_JOB_MANUAL`                          | 8.12   | all    | Only available if the job was started manually. `true` when available. |
 | `CI_JOB_NAME`                            | 9.0    | 0.5    | The name of the job. |
 | `CI_JOB_NAME_SLUG`                       | 15.4   | all    | `CI_JOB_NAME_SLUG` in lowercase, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in paths. |
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index b335ff6e6a9..f48df6e2c86 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -54,7 +54,8 @@ and [GraphQL](https://docs.gitlab.com/ee/api/graphql/removed_items.html) depreca
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390424).
 </div>
 
 Due to low customer usage, Accessibility Testing is deprecated and will be removed. There is no planned replacement and users should stop using Accessibility Testing before GitLab 17.0.
@@ -67,7 +68,8 @@ Due to low customer usage, Accessibility Testing is deprecated and will be remov
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/369117).
 </div>
 
 The `omniauth_crowd` gem that provides GitLab with the Atlassian Crowd OmniAuth provider will be removed in our
@@ -83,7 +85,8 @@ next major release, GitLab 16.0. This gem sees very little use and its
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/211643).
 </div>
 
 Auto DevOps support for Herokuish is deprecated in favor of [Cloud Native Buildpacks](https://docs.gitlab.com/ee/topics/autodevops/stages.html#auto-build-using-cloud-native-buildpacks). You should [migrate your builds from Herokuish to Cloud Native Buildpacks](https://docs.gitlab.com/ee/topics/autodevops/stages.html#moving-from-herokuish-to-cloud-native-buildpacks). From GitLab 14.0, Auto Build uses Cloud Native Buildpacks by default.
@@ -98,7 +101,8 @@ Because Cloud Native Buildpacks do not support automatic testing, the Auto Test
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/388719).
 </div>
 
 Due to limited customer usage, Browser Performance Testing is deprecated and will be removed. There is no planned replacement and users should stop using Browser Performance Testing before GitLab 17.0.
@@ -111,7 +115,8 @@ Due to limited customer usage, Browser Performance Testing is deprecated and wil
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/372117).
 </div>
 
 The `CiRunner.projects`'s field default sort order value will change from `id_asc` to `id_desc`.
@@ -125,7 +130,8 @@ If you rely on the order of the returned projects to be `id_asc`, change your sc
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/409332).
 </div>
 
 The `CiRunnerUpgradeStatusType` GraphQL type has been renamed to `CiRunnerUpgradeStatus`. In GitLab 17.0,
@@ -139,7 +145,8 @@ the aliasing for the `CiRunnerUpgradeStatusType` type will be removed.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/383467).
 </div>
 
 With the new browser-based DAST analyzer GA in GitLab 15.7, we are working towards making it the default DAST analyzer at some point in the future. In preparation for this, the following legacy DAST variables are being deprecated and scheduled for removal in GitLab 17.0: `DAST_ZAP_CLI_OPTIONS` and `DAST_ZAP_LOG_CONFIGURATION`. These variables allowed for advanced configuration of the legacy DAST analyzer, which was based on OWASP ZAP. The new browser-based analyzer will not include the same functionality, as these were specific to how ZAP worked.
@@ -155,6 +162,7 @@ These three variables will be removed in GitLab 17.0.
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.11</span>
 - End of Support: GitLab <span class="milestone">17.9</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/406679).
 </div>
 
 The runner's legacy escape sequence mechanism to handle variable expansion implements a sub-optimal implementation of Ansi-C quoting. This method means that the runner would expand arguments included in double quotes. As of 15.11, we are deprecating the legacy escaping and quoting methods in the runner shell executor.
@@ -167,7 +175,8 @@ The runner's legacy escape sequence mechanism to handle variable expansion imple
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390855).
 </div>
 
 The `omniauth-dingtalk` gem that provides GitLab with the DingTalk OmniAuth provider will be removed in our next
@@ -181,7 +190,8 @@ major release, GitLab 17.0. This gem sees very little use and is better suited f
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/-/epics/9661).
 </div>
 
 Support for specifying a `filepath` for a direct asset link in the [Releases API](https://docs.gitlab.com/ee/api/releases)
@@ -206,7 +216,8 @@ To avoid any disruptions, you should replace `filepath` with `direct_asset_path`
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/4097).
 </div>
 
 We introduced the `global.kas.tls.*` Helm values to facilitate TLS communication between KAS and your Helm chart components.
@@ -226,7 +237,8 @@ Because the new values provide a streamlined, comprehensive method to enable TLS
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387937).
 </div>
 
 The `runnerPlatforms` and `runnerSetup` queries to get GitLab Runner platforms and installation instructions
@@ -242,7 +254,8 @@ are deprecated and will be removed from the GraphQL API. For installation instru
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.6</span>
 - End of Support: GitLab <span class="milestone">17.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/382077).
 </div>
 
 The [`runner-registration-token`](https://docs.gitlab.com/runner/install/operator.html#install-the-kubernetes-operator) parameter that uses the OpenShift and Kubernetes Vanilla Operator to install a runner on Kubernetes is deprecated. Authentication tokens will be used to register runners instead. Registration tokens, and support for certain configuration arguments,
@@ -263,7 +276,8 @@ This change is a breaking change. You should use an [authentication token](../ci
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/409333).
 </div>
 
 The GraphQL type, `RunnerMembershipFilter`, has been renamed to `CiRunnerMembershipFilter`. In GitLab 17.0,
@@ -277,7 +291,8 @@ the aliasing for the `RunnerMembershipFilter` type will be removed.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/385636).
 </div>
 
 In GitLab 17.0, the `DISABLED_WITH_OVERRIDE` value of the `SharedRunnersSetting` GraphQL enum type will be replaced with the value, `DISABLED_AND_OVERRIDABLE`.
@@ -290,7 +305,8 @@ In GitLab 17.0, the `DISABLED_WITH_OVERRIDE` value of the `SharedRunnersSetting`
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/388723).
 </div>
 
 Due to low customer usage, Load Performance Testing is deprecated and will be removed. There is no planned replacement and users should stop using Load Performance Testing before GitLab 17.0.
@@ -304,7 +320,8 @@ Due to low customer usage, Load Performance Testing is deprecated and will be re
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390787).
 </div>
 
 Running Sidekiq with a [queue selector](https://docs.gitlab.com/ee/administration/sidekiq/processing_specific_job_classes.html#queue-selectors) (having multiple processes listening to a set of queues) and [negate settings](https://docs.gitlab.com/ee/administration/sidekiq/processing_specific_job_classes.html#negate-settings) is deprecated and will be fully removed in 17.0.
@@ -322,7 +339,8 @@ While the above approach is recommended for most instances, Sidekiq can also be
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.6</span>
 - End of Support: GitLab <span class="milestone">17.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/379743).
 </div>
 
 The support for registration tokens and certain runner configuration arguments in the `POST` method operation on the `/api/v4/runners` endpoint is deprecated.
@@ -349,7 +367,8 @@ This change is a breaking change. You should [create a runner in the UI](../ci/r
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.6</span>
 - End of Support: GitLab <span class="milestone">17.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/380872).
 </div>
 
 Registration tokens and certain configuration arguments in the command `gitlab-runner register` that [registers](https://docs.gitlab.com/runner/register/) a runner, are deprecated.
@@ -374,7 +393,8 @@ This change is a breaking change. You should [create a runner in the UI](../ci/r
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/389467).
 </div>
 
 Required Pipeline Configuration will be removed in the 17.0 release. This impacts self-managed users on the Ultimate license.
@@ -390,7 +410,8 @@ that is available now. We recommend this alternative solution because it provide
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/configure/-/epics/8).
 </div>
 
 The certificate-based integration with Kubernetes [will be deprecated and removed](https://about.gitlab.com/blog/2021/11/15/deprecating-the-cert-based-kubernetes-integration/).
@@ -415,7 +436,8 @@ For updates and details about this deprecation, follow [this epic](https://gitla
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387898).
 </div>
 
 Previously, [GitLab's database](https://docs.gitlab.com/omnibus/settings/database.html)
@@ -436,7 +458,8 @@ automatically from GitLab 16.0 onwards.
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
 - End of Support: GitLab <span class="milestone">17.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/372411).
 </div>
 
 As we're consolidating all Slack capabilities into the
@@ -455,7 +478,8 @@ we'll be introducing support in [this epic](https://gitlab.com/groups/gitlab-org
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
 - End of Support: GitLab <span class="milestone">17.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/383341).
 </div>
 
 The support for runner registration tokens is deprecated. As a consequence, the REST API endpoints to reset a registration token are also deprecated and will
@@ -481,7 +505,8 @@ From GitLab 17.0 and later, the runner registration methods implemented by the n
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390263).
 </div>
 
 We will be transitioning to a new IID as a result of moving requirements to a [work item type](https://docs.gitlab.com/ee/development/work_items.html#work-items-and-work-item-types). Users should begin using the new IID as support for the legacy IID and existing formatting will end in GitLab 17.0. The legacy requirement IID remains available until its removal in GitLab 17.0.
@@ -494,7 +519,8 @@ We will be transitioning to a new IID as a result of moving requirements to a [w
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387751).
 </div>
 
 Due to limited customer usage and capabilities, the Visual Reviews feature for Review Apps is deprecated and will be removed. There is no planned replacement and users should stop using Visual Reviews before GitLab 17.0.
@@ -508,7 +534,8 @@ Due to limited customer usage and capabilities, the Visual Reviews feature for R
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
 - End of Support: GitLab <span class="milestone">17.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/385235).
 </div>
 
 The [`gitlab-runner exec`](https://docs.gitlab.com/runner/commands/#gitlab-runner-exec) command is deprecated and will be fully removed from GitLab Runner in 16.0. The `gitlab-runner exec` feature was initially developed to provide the ability to validate a GitLab CI pipeline on a local system without needing to commit the updates to a GitLab instance. However, with the continued evolution of GitLab CI, replicating all GitLab CI features into `gitlab-runner exec` was no longer viable. Pipeline syntax and validation [simulation](https://docs.gitlab.com/ee/ci/pipeline_editor/#simulate-a-cicd-pipeline) are available in the GitLab pipeline editor.
@@ -521,7 +548,8 @@ The [`gitlab-runner exec`](https://docs.gitlab.com/runner/commands/#gitlab-runne
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/285493).
 </div>
 
 In some cases, like when a downstream pipeline had the `passed with warnings` status, trigger jobs that were using [`strategy: depend`](https://docs.gitlab.com/ee/ci/yaml/index.html#strategydepend) did not mirror the status of the downstream pipeline exactly. In GitLab 17.0 trigger jobs will show the exact same status as the the downstream pipeline. If your pipeline relied on this behavior, you should update your pipeline to handle the more accurate status.
@@ -535,7 +563,8 @@ In some cases, like when a downstream pipeline had the `passed with warnings` st
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.6</span>
 - End of Support: GitLab <span class="milestone">17.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/381111).
 </div>
 
 The [`runnerRegistrationToken`](https://docs.gitlab.com/runner/install/kubernetes.html#required-configuration) parameter to use the GitLab Helm Chart to install a runner on Kubernetes is deprecated.
@@ -554,7 +583,8 @@ From GitLab 17.0 and later, the methods to register runners introduced by the ne
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.1</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/343475).
 </div>
 
 Previous work helped [align the vulnerabilities calls for pipeline security tabs](https://gitlab.com/gitlab-org/gitlab/-/issues/343469) to match the vulnerabilities calls for project-level and group-level vulnerability reports. This helped the frontend have a more consistent interface. The old `project.pipeline.securityReportFindings` query was formatted differently than other vulnerability data calls. Now that it has been replaced with the new `project.pipeline.vulnerabilities` field, the old `project.pipeline.securityReportFindings` is being deprecated and will be removed in GitLab 17.0.
@@ -572,7 +602,8 @@ Previous work helped [align the vulnerabilities calls for pipeline security tabs
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/389991).
 </div>
 
 The [Error Tracking UI](https://docs.gitlab.com/ee/operations/error_tracking.html) is deprecated in 15.9 and will be removed in 16.6 (milestone might change) once GitLab Observability UI is made available. In future versions, you should use the [GitLab Observability UI](https://gitlab.com/gitlab-org/opstrace/opstrace-ui/), which will gradually be made available on GitLab.com over the next few releases.
@@ -592,29 +623,72 @@ During the transition to the GitLab Observability UI, we will migrate the [GitLa
 
 <div class="deprecation breaking-change" data-milestone="16.5">
 
+### HashiCorp Vault integration will no longer use CI_JOB_JWT by default
+
+<div class="deprecation-notes">
+- Announced in: GitLab <span class="milestone">15.9</span>
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/366798).
+</div>
+
+As part of our effort to improve the security of your CI workflows using JWT and OIDC, the native HashiCorp integration is also being updated in GitLab 16.0. Any projects that use the [`secrets:vault`](https://docs.gitlab.com/ee/ci/yaml/#secretsvault) keyword to retrieve secrets from Vault will need to be [configured to use the ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication). ID tokens were introduced in 15.7.
+
+To prepare for this change, use the new [`id_tokens`](https://docs.gitlab.com/ee/ci/yaml/#id_tokens)
+keyword and configure the `aud` claim. Ensure the bound audience is prefixed with `https://`.
+
+In GitLab 15.9 to 15.11, you can [enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
+setting, which prevents the old tokens from being exposed to any jobs and enables
+[ID token authentication for the `secrets:vault` keyword](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+
+In GitLab 16.0 and later:
+
+- This setting will be removed.
+- CI/CD jobs that use the `id_tokens` keyword can use ID tokens with `secrets:vault`,
+  and will not have any `CI_JOB_JWT*` tokens available.
+- Jobs that do not use the `id_tokens` keyword will continue to have the `CI_JOB_JWT*`
+  tokens available until GitLab 16.5.
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="16.5">
+
 ### Old versions of JSON web tokens are deprecated
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/366798).
 </div>
 
-Now that we have released [ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html)
-with OIDC support, the old JSON web tokens are deprecated.
-Both the `CI_JOB_JWT` and `CI_JOB_JWT_V2` tokens, exposed to jobs as predefined variables, will:
+[ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html) with OIDC support
+were introduced in GitLab 15.7. These tokens are more configurable than the old JSON web tokens (JWTs), are OIDC compliant,
+and only available in CI/CD jobs that explictly have ID tokens configured.
+ID tokens are more secure than the old `CI_JOB_JWT*` JSON web tokens which are exposed in every job,
+and as a result these old JSON web tokens are deprecated:
 
-- Not be creatable in GitLab 16.0 and later.
-- Be removed in GitLab 16.5.
+- `CI_JOB_JWT`
+- `CI_JOB_JWT_V1`
+- `CI_JOB_JWT_V2`
 
-To prepare for this change:
+To prepare for this change, configure your pipelines to use [ID tokens](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens)
+instead of the deprecated tokens. For OIDC compliance, the `iss` claim now uses
+the fully qualified domain name, for example `https://example.com`, previously
+introduced with the `CI_JOB_JWT_V2` token.
 
-- Before the release of GitLab 16.5, configure your pipelines to use the fully configurable and more secure
-  [`id_token`](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens) keyword instead.
-- [Enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
-  setting, which prevents the old tokens from being exposed to any jobs.
+In GitLab 15.9 to 15.11, you can [enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
+setting, which prevents the old tokens from being exposed to any jobs and enables
+[ID token authentication for the `secrets:vault` keyword](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
 
-  In GitLab 16.0 and later, the ability to set this option will be removed and all new projects will have the option
-  enabled.
+In GitLab 16.0 and later:
+
+- This setting will be removed.
+- CI/CD jobs that use the `id_tokens` keyword can use ID tokens with `secrets:vault`,
+  and will not have any `CI_JOB_JWT*` tokens available.
+- Jobs that do not use the `id_tokens` keyword will continue to have the `CI_JOB_JWT*`
+  tokens available until GitLab 16.5.
+
+In GitLab 16.5, the deprecated tokens will be completely removed and will no longer
+be available in CI/CD jobs.
 
 </div>
 </div>
@@ -630,6 +704,7 @@ To prepare for this change:
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.11</span>
 - End of Support: GitLab <span class="milestone">16.1</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29639).
 </div>
 
 We will stop publishing runner images based on the following, end-of-life Alpine versions:
@@ -646,7 +721,8 @@ We will stop publishing runner images based on the following, end-of-life Alpine
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387561).
 </div>
 
 **Update:** We previously announced we would remove the existing License Compliance CI template in GitLab 16.0. However, due to performance issues with the [license scanning of CycloneDX files](https://docs.gitlab.com/ee/user/compliance/license_scanning_of_cyclonedx_files/) we will do this change in 16.1 instead.
@@ -672,7 +748,8 @@ The GitLab [License Compliance](https://docs.gitlab.com/ee/user/compliance/licen
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/343988).
 </div>
 
 Currently, Auto DevOps provisions an in-cluster PostgreSQL database by default.
@@ -690,7 +767,8 @@ set the `POSTGRES_ENABLED` CI/CD variable to `true`.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/container-registry/-/issues/854).
 </div>
 
 The Azure Storage Driver writes to `//` as the default root directory. This default root directory appears in some places within the Azure UI as `/<no-name>/`. We have maintained this legacy behavior to support older deployments using this storage driver. However, when moving to Azure from another storage driver, this behavior hides all your data until you configure the storage driver to build root paths without an extra leading slash by setting `trimlegacyrootprefix: true`.
@@ -707,7 +785,8 @@ This breaking change will happen in GitLab 16.0.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/4353).
 </div>
 
 The Grafana Helm chart that is bundled with the GitLab Helm Chart is deprecated and will be removed in the GitLab Helm Chart 7.0 release (releasing along with GitLab 16.0).
@@ -729,7 +808,8 @@ and [connect Grafana to the GitLab UI](https://docs.gitlab.com/ee/administration
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/369127).
 </div>
 
 The `omniauth-cas3` gem that provides GitLab with the CAS OmniAuth provider will be removed in our next major
@@ -744,7 +824,8 @@ release, GitLab 16.0. This gem sees very little use and its lack of upstream mai
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/353080).
 </div>
 
 When using the native HashiCorp Vault integration, CI/CD jobs will fail when no secret is returned from Vault. Make sure your configuration always return a secret, or update your pipeline to handle this change, before GitLab 16.0.
@@ -757,7 +838,8 @@ When using the native HashiCorp Vault integration, CI/CD jobs will fail when no
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/408396).
 </div>
 
 We'll change how the MobSF-based analyzer in GitLab SAST handles multi-module Android projects.
@@ -782,7 +864,8 @@ This change doesn't affect scans you run in GitLab 15.11 or previous versions, s
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/353097).
 </div>
 
 To change the approvals required for a merge request, you should no longer use the `/approvals` API endpoint, which was deprecated in GitLab 14.0.
@@ -797,7 +880,8 @@ Instead, use the [`/approval_rules` endpoint](https://docs.gitlab.com/ee/api/mer
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/384455).
 </div>
 
 You can use the GitLab Conan repository with [project-level](https://docs.gitlab.com/ee/user/packages/conan_repository/#add-a-remote-for-your-project) or [instance-level](https://docs.gitlab.com/ee/user/packages/conan_repository/#add-a-remote-for-your-instance) endpoints. Each level supports the conan search command. However, the search endpoint for the project level is also returning packages from outside the target project.
@@ -813,7 +897,8 @@ This unintended functionality is deprecated in GitLab 15.8 and will be removed i
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.6</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/379064).
 </div>
 
 From GitLab 13.6, users can [specify any runner configuration in the GitLab Runner Helm chart](https://docs.gitlab.com/runner/install/kubernetes.html). When we implemented this feature, we deprecated values in the GitLab Helm Chart configuration that were specific to GitLab Runner. These fields are deprecated and we plan to remove them in v1.0 of the GitLab Runner Helm chart.
@@ -826,7 +911,8 @@ From GitLab 13.6, users can [specify any runner configuration in the GitLab Runn
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/388255).
 </div>
 
 You can no longer specify Redis configuration file locations
@@ -843,7 +929,8 @@ config file locations instead, for example `config/redis.cache.yml` or
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/container-registry/-/issues/842).
 </div>
 
 The Container Registry [pull-through cache](https://docs.docker.com/registry/recipes/mirror/) is deprecated in GitLab 15.8 and will be removed in GitLab 16.0. The pull-through cache is part of the upstream [Docker Distribution project](https://github.com/distribution/distribution). However, we are removing the pull-through cache in favor of the GitLab Dependency Proxy, which allows you to proxy and cache container images from Docker Hub. Removing the pull-through cache allows us also to remove the upstream client code without sacrificing functionality.
@@ -856,7 +943,8 @@ The Container Registry [pull-through cache](https://docs.docker.com/registry/rec
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.4</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/371840).
 </div>
 
 All Container Scanning variables that are prefixed by `DOCKER_` in variable name are deprecated. This includes the `DOCKER_IMAGE`, `DOCKER_PASSWORD`, `DOCKER_USER`, and `DOCKERFILE_PATH` variables. Support for these variables will be removed in the GitLab 16.0 release. Use the [new variable names](https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-cicd-variables) `CS_IMAGE`, `CS_REGISTRY_PASSWORD`, `CS_REGISTRY_USER`, and `CS_DOCKERFILE_PATH` in place of the deprecated names.
@@ -869,7 +957,8 @@ All Container Scanning variables that are prefixed by `DOCKER_` in variable name
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387299).
 </div>
 
 Cookie authentication in the GitLab for Jira Cloud app is now deprecated in favor of OAuth authentication.
@@ -884,7 +973,8 @@ to continue to use the GitLab for Jira Cloud app. Without OAuth, you can't manag
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/384198).
 </div>
 
 With the move to the new DAST API analyzer and the `DAST-API.gitlab-ci.yml` template for DAST API scans, we will be removing the ability to scan APIs with the DAST analyzer. Use of the `DAST.gitlab-ci.yml` or `DAST-latest.gitlab-ci.yml` templates for API scans is deprecated as of GitLab 15.7 and will no longer work in GitLab 16.0. Please use `DAST-API.gitlab-ci.yml` template and refer to the [DAST API analyzer](https://docs.gitlab.com/ee/user/application_security/dast_api/#configure-dast-api-with-an-openapi-specification) documentation for configuration details.
@@ -897,7 +987,8 @@ With the move to the new DAST API analyzer and the `DAST-API.gitlab-ci.yml` temp
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/383467).
 </div>
 
 With the switch to the new DAST API analyzer in GitLab 15.6, two legacy DAST API variables are being deprecated. The variables `DAST_API_HOST_OVERRIDE` and `DAST_API_SPECIFICATION` will no longer be used for DAST API scans.
@@ -916,7 +1007,8 @@ These two variables will be removed in GitLab 16.0.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/384340).
 </div>
 
 With the new browser-based DAST analyzer GA in GitLab 15.7, we are working towards making it the default DAST analyzer at some point in the future. In preparation for this, the following legacy DAST variables are being deprecated and scheduled for removal in GitLab 16.0: `DAST_HTML_REPORT`, `DAST_XML_REPORT`, and `DAST_MARKDOWN_REPORT`. These reports relied on the legacy DAST analyzer and we do not plan to implement them in the new browser-based analyzer. As of GitLab 16.0, these report artifacts will no longer be generated.
@@ -931,7 +1023,8 @@ These three variables will be removed in GitLab 16.0.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/395708).
 </div>
 
 In GitLab 14.4 we introduced the ability to [limit your project's CI/CD job token](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#limit-your-projects-job-token-access) (`CI_JOB_TOKEN`) access to make it more secure. You can prevent job tokens **from your project's** pipelines from being used to **access other projects**. When enabled with no other configuration, your pipelines cannot access other projects. To use the job token to access other projects from your pipeline, you must list those projects explicitly in the **Limit CI_JOB_TOKEN access** setting's allowlist, and you must be a maintainer in all the projects.
@@ -952,7 +1045,8 @@ To prepare for this change, users on GitLab.com or self-managed GitLab 15.9 or l
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387560).
 </div>
 
 GitLab has deprecated Dependency Scanning support for Java versions 13, 14, 15, and 16 and plans to remove that support in the upcoming GitLab 16.0 release. This is consistent with [Oracle's support policy](https://www.oracle.com/java/technologies/java-se-support-roadmap.html) as Oracle Premier and Extended Support for these versions has ended. This also allows GitLab to focus Dependency Scanning Java support on LTS versions moving forward.
@@ -965,7 +1059,8 @@ GitLab has deprecated Dependency Scanning support for Java versions 13, 14, 15,
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328500).
 </div>
 
 The Deployment API will now return an error when `updated_at` filtering and `updated_at` sorting are not used together. Some users were using filtering by `updated_at` to fetch "latest" deployment without using `updated_at` sorting, which may produce wrong results. You should instead use them together, or migrate to filtering by `finished_at` and sorting by `finished_at` which will give you "latest deployments" in a consistent way.
@@ -978,7 +1073,8 @@ The Deployment API will now return an error when `updated_at` filtering and `upd
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352609).
 </div>
 
 Using environment variables `GIT_CONFIG_SYSTEM` and `GIT_CONFIG_GLOBAL` to configure Gitaly is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/352609).
@@ -995,7 +1091,8 @@ GitLab instances that use `GIT_CONFIG_SYSTEM` and `GIT_CONFIG_GLOBAL` to configu
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7278).
 </div>
 
 The Consul provided in the GitLab Omnibus package will no longer provide older deprecated Consul metrics starting in GitLab 16.0.
@@ -1015,7 +1112,8 @@ For more information, see [the deprecation notes for Consul 1.9.0](https://githu
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/391896).
 </div>
 
 The [`CI_PRE_CLONE_SCRIPT` variable](https://docs.gitlab.com/ee/ci/runners/saas/linux_saas_runner.html#pre-clone-script) supported by GitLab SaaS Runners is deprecated as of GitLab 15.9 and will be removed in 16.0. The `CI_PRE_CLONE_SCRIPT` variable enables you to run commands in your CI/CD job prior to the runner executing Git init and get fetch. For more information about how this feature works, see [Pre-clone script](https://docs.gitlab.com/ee/ci/runners/saas/linux_saas_runner.html#pre-clone-script). As an alternative, you can use the [`pre_get_sources_script`](https://docs.gitlab.com/ee/ci/yaml/#hookspre_get_sources_script).
@@ -1028,7 +1126,8 @@ The [`CI_PRE_CLONE_SCRIPT` variable](https://docs.gitlab.com/ee/ci/runners/saas/
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387891).
 </div>
 
 The ability for users with the Developer role for a group to import projects to that group is deprecated in GitLab
@@ -1043,7 +1142,8 @@ will be able to import projects to that group.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/375505).
 </div>
 
 In GitLab 16.0 the GitLab Dependency Scanning analyzer will begin reporting development dependencies for both Python/pipenv and PHP/composer projects. Users who do not wish to have these development dependencies reported should set `DS_INCLUDE_DEV_DEPENDENCIES: false` in their CI/CD file.
@@ -1056,7 +1156,8 @@ In GitLab 16.0 the GitLab Dependency Scanning analyzer will begin reporting deve
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/389477).
 </div>
 
 The ability to add Grafana panels in GitLab Flavored Markdown is deprecated in 15.9 and will be removed in 16.0.
@@ -1070,7 +1171,8 @@ We intend to replace this feature with the ability to [embed charts](https://git
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/372770).
 </div>
 
 While CI/CD [job names](https://docs.gitlab.com/ee/ci/jobs/index.html#job-name-limitations) have a strict 255 character limit, other CI/CD parameters do not yet have validations ensuring they also stay under the limit.
@@ -1091,7 +1193,8 @@ Users on self-managed instances should update their pipelines to ensure they do
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/382532).
 </div>
 
 From GitLab 16.0, when you search for environments with the API, you must use at least three characters. This change helps us ensure the scalability of the search operation.
@@ -1104,7 +1207,7 @@ From GitLab 16.0, when you search for environments with the API, you must use at
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 In the [GraphQL API](https://docs.gitlab.com/ee/api/graphql/), the `external` field of [`ReleaseAssetLink` type](https://docs.gitlab.com/ee/api/graphql/reference/index.html#releaseassetlink) was used to indicate whether a [release link](https://docs.gitlab.com/ee/user/project/releases/release_fields.html#links) is internal or external to your GitLab instance.
@@ -1119,7 +1222,7 @@ To avoid any disruptions to your workflow, please stop using the `external` fiel
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 In [Releases API](https://docs.gitlab.com/ee/api/releases/) and [Release Links API](https://docs.gitlab.com/ee/api/releases/links.html), the `external` field was used to indicate whether a [release link](https://docs.gitlab.com/ee/user/project/releases/release_fields.html#links) is internal or external to your GitLab instance.
@@ -1134,6 +1237,7 @@ To avoid any disruptions to your workflow, please stop using the `external` fiel
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.11</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/388868).
 </div>
 
 In secondary Geo sites, the button to "Redownload" a project repository is
@@ -1149,7 +1253,8 @@ GitLab 16.0.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/348909).
 </div>
 
 GitLab self-monitoring gives administrators of self-hosted GitLab instances the tools to monitor the health of their instances. This feature is deprecated in GitLab 14.9, and is scheduled for removal in 16.0.
@@ -1162,6 +1267,7 @@ GitLab self-monitoring gives administrators of self-hosted GitLab instances the
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-com/Product/-/issues/4895).
 </div>
 
 The [GitLab.com importer](https://docs.gitlab.com/ee/user/project/import/gitlab_com.html) is deprecated in GitLab 15.8 and will be removed in GitLab 16.0.
@@ -1180,7 +1286,8 @@ See [migrated group items](https://docs.gitlab.com/ee/user/group/import/#migrate
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/344648).
 </div>
 
 The GitLab Runner GraphQL API endpoints will not return `paused` or `active` as a status in GitLab 16.0.
@@ -1200,7 +1307,8 @@ When checking if a runner is `paused`, API users are advised to check the boolea
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/360545).
 </div>
 
 The `legacyMode` argument to the `status` field in `RunnerType` will be rendered non-functional in the 16.0 release
@@ -1218,7 +1326,8 @@ be present during the 16.x cycle to avoid breaking the API signature, and will b
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/371485).
 </div>
 
 The `confidential` field for a `Note` will be deprecated and renamed to `internal`.
@@ -1227,31 +1336,12 @@ The `confidential` field for a `Note` will be deprecated and renamed to `interna
 
 <div class="deprecation breaking-change" data-milestone="16.0">
 
-### HashiCorp Vault integration will no longer use CI_JOB_JWT by default
-
-<div class="deprecation-notes">
-- Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
-</div>
-
-As part of our effort to improve the security of your CI workflows using JWT and OIDC, the native HashiCorp integration is also being updated in GitLab 16.0. Any projects that use the [`secrets:vault`](https://docs.gitlab.com/ee/ci/yaml/#secretsvault) keyword to retrieve secrets from Vault will need to be [configured to use ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
-
-To be prepared for this change, you should do the following before GitLab 16.0:
-
-- [Disable the use of JSON web tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication) in the pipeline.
-- Ensure the bound audience is prefixed with `https://`.
-- Use the new [`id_tokens`](https://docs.gitlab.com/ee/ci/yaml/#id_tokens) keyword
-  and configure the `aud` claim.
-
-</div>
-
-<div class="deprecation breaking-change" data-milestone="16.0">
-
 ### Jira DVCS connector for Jira Cloud
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.1</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/-/epics/7508).
 </div>
 
 The [Jira DVCS connector](https://docs.gitlab.com/ee/integration/jira/dvcs/) for Jira Cloud has been deprecated and will be removed in GitLab 16.0. If you're using the Jira DVCS connector with Jira Cloud, migrate to the [GitLab for Jira Cloud app](https://docs.gitlab.com/ee/integration/jira/connect-app.html).
@@ -1267,7 +1357,8 @@ The Jira DVCS connector is also deprecated for Jira 8.13 and earlier. You can on
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/383039).
 </div>
 
 The `gitlab.kas.metrics.port` has been deprecated in favor of the new `gitlab.kas.observability.port` configuration field for the [GitLab Helm Chart](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2839).
@@ -1281,7 +1372,8 @@ This port is used for much more than just metrics, which warranted this change t
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/393574).
 </div>
 
 Gitaly configuration within Omnibus GitLab has been updated such that all Gitaly related configuration keys are in a single
@@ -1303,7 +1395,8 @@ You should update to the new configuration structure as soon as possible using
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390291).
 </div>
 
 Previously, Praefect configuration keys were scattered throughout the configuration file. Now, these are in a single configuration structure that matches
@@ -1324,7 +1417,8 @@ didn't match. The change improves consistency between Omnibus GitLab and source
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/214217).
 </div>
 
 GitLab 16.0 removes legacy URLs from the GitLab application.
@@ -1343,7 +1437,8 @@ Update any scripts or bookmarks that reference the legacy URLs. GitLab APIs are
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390417).
 </div>
 
 The [License-Check feature](https://docs.gitlab.com/ee/user/compliance/license_check_rules.html) is now deprecated and is scheduled for removal in GitLab 16.0. Additionally, the Policies tab on the License Compliance page and all APIs related to the License-Check feature are deprecated and planned for removal in GitLab 16.0. Users who wish to continue to enforce approvals based on detected licenses are encouraged to create a new [License Approval policy](https://docs.gitlab.com/ee/user/compliance/license_approval_policies.html) instead.
@@ -1356,7 +1451,8 @@ The [License-Check feature](https://docs.gitlab.com/ee/user/compliance/license_c
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387721).
 </div>
 
 With external authorization enabled, personal access tokens (PATs) and deploy tokens must no longer be able to access container or package registries. This defense-in-depth security measure will be deployed in 16.0. For users that use PATs and deploy tokens to access these registries, this measure breaks this use of these tokens. Disable external authorization to use tokens with container or package registries.
@@ -1369,7 +1465,8 @@ With external authorization enabled, personal access tokens (PATs) and deploy to
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/370471).
 </div>
 
 The ability for users with the Maintainer role to change the **Packages and registries** settings for a group using
@@ -1390,7 +1487,8 @@ settings for the group using either the GitLab UI or GraphQL API.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3442).
 </div>
 
 To coincide with GitLab 16.0, the GitLab Helm Chart will release the 7.0 major version. The following major bundled chart updates will be included:
@@ -1411,7 +1509,8 @@ The full GitLab Helm Chart 7.0 upgrade steps will be available in the [upgrade d
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390417).
 </div>
 
 The [Managed Licenses API](https://docs.gitlab.com/ee/api/managed_licenses.html) is now deprecated and is scheduled for removal in GitLab 16.0.
@@ -1424,6 +1523,7 @@ The [Managed Licenses API](https://docs.gitlab.com/ee/api/managed_licenses.html)
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.3</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/368195).
 </div>
 
 The [**Maximum number of active pipelines per project** limit](https://docs.gitlab.com/ee/user/admin_area/settings/continuous_integration.html#set-cicd-limits) was never enabled by default and will be removed in GitLab 16.0. This limit can also be configured in the Rails console under [`ci_active_pipelines`](https://docs.gitlab.com/ee/administration/instance_limits.html#number-of-pipelines-running-concurrently). Instead, use the other recommended rate limits that offer similar protection:
@@ -1439,7 +1539,8 @@ The [**Maximum number of active pipelines per project** limit](https://docs.gitl
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/346541).
 </div>
 
 By displaying data stored in a Prometheus instance, GitLab allows users to view performance metrics. GitLab also displays visualizations of these metrics in dashboards. The user can connect to a previously-configured external Prometheus instance, or set up Prometheus as a GitLab Managed App.
@@ -1453,7 +1554,8 @@ However, since certificate-based integration with Kubernetes clusters is depreca
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.4</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/369122).
 </div>
 
 Access tokens that have no expiration date are valid indefinitely, which presents a security risk if the access token
@@ -1479,7 +1581,8 @@ default is applied:
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/388269).
 </div>
 
 If GitLab starts without any Redis configuration file present,
@@ -1499,7 +1602,8 @@ and `config/redis.shared_state.yml` files.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/389557).
 </div>
 
 The group and project deletion protection setting in the Admin Area had an option to delete groups and projects immediately. Starting with 16.0, this option will no longer be available, and delayed group and project deletion will become the default behavior.
@@ -1516,7 +1620,8 @@ The option to delete groups and projects immediately by default was deprecated t
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/289956).
 </div>
 
 A request to the API for `/api/v4/projects/:id/packages` returns a paginated result of packages. Each package lists all of its pipelines in this response. This is a performance concern, as it's possible for a package to have hundreds or thousands of associated pipelines.
@@ -1531,7 +1636,8 @@ In milestone 16.0, we will remove the `pipelines` attribute from the API respons
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.1</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/346335).
 </div>
 
 Previously, the [PipelineSecurityReportFinding GraphQL type was updated](https://gitlab.com/gitlab-org/gitlab/-/issues/335372) to include a new `title` field. This field is an alias for the current `name` field, making the less specific `name` field redundant. The `name` field will be removed from the PipelineSecurityReportFinding type in GitLab 16.0.
@@ -1544,7 +1650,8 @@ Previously, the [PipelineSecurityReportFinding GraphQL type was updated](https:/
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.1</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/343475).
 </div>
 
 The [`project_fingerprint`](https://gitlab.com/groups/gitlab-org/-/epics/2791) attribute of vulnerability findings is being deprecated in favor of a `uuid` attribute. By using UUIDv5 values to identify findings, we can easily associate any related entity with a finding. The `project_fingerprint` attribute is no longer being used to track findings, and will be removed in GitLab 16.0.
@@ -1557,7 +1664,8 @@ The [`project_fingerprint`](https://gitlab.com/groups/gitlab-org/-/epics/2791) a
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/349185).
 </div>
 
 Support for PostgreSQL 12 is scheduled for removal in GitLab 16.0.
@@ -1576,7 +1684,8 @@ Support for PostgreSQL 13 was added to Geo in GitLab 15.2.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/385798).
 </div>
 
 We are deprecating the `operations_access_level` field in the Projects API. This field has been replaced by fields to control specific features: `releases_access_level`, `environments_access_level`, `feature_flags_access_level`, `infrastructure_access_level`, and `monitor_access_level`.
@@ -1589,6 +1698,7 @@ We are deprecating the `operations_access_level` field in the Projects API. This
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-com/Product/-/issues/5255).
 </div>
 
 The [Rake task for importing bare repositories](https://docs.gitlab.com/ee/raketasks/import.html) `gitlab:import:repos` is deprecated in GitLab 15.8 and will be removed in GitLab 16.0.
@@ -1618,7 +1728,8 @@ Alternatives to using the `gitlab:import:repos` Rake task include:
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.3</span>
 - End of Support: GitLab <span class="milestone">15.6</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/331468).
 </div>
 
 With GitLab 13.9, in the Omnibus GitLab package and GitLab Helm chart 4.9, the Redis version [was updated to Redis 6](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#omnibus-improvements).
@@ -1633,7 +1744,8 @@ If you are using your own Redis 5.0 instance, you should upgrade it to Redis 6.0
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.2</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/334253).
 </div>
 
 The `job_age` parameter, returned from the `POST /jobs/request` API endpoint used in communication with GitLab Runner, was never used by any GitLab or Runner feature. This parameter will be removed in GitLab 16.0.
@@ -1648,7 +1760,8 @@ This could be a breaking change for anyone that developed their own runner that
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390416).
 </div>
 
 GitLab SAST uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) to scan code for vulnerabilities.
@@ -1687,7 +1800,8 @@ Work to replace the PHPCS Security Audit-based analyzer is tracked in [issue 364
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390912).
 </div>
 
 The Secure stage will be bumping the major versions of its analyzers in tandem with the GitLab 16.0 release. This bump will enable a clear delineation for analyzers, between:
@@ -1729,7 +1843,8 @@ Specifically, the following are being deprecated and will no longer be updated a
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/391822).
 </div>
 
 GitLab-managed CI/CD templates for security scanning will be updated in the GitLab 16.0 release.
@@ -1763,7 +1878,8 @@ However, due to compatibility issues [discussed in the deprecation issue](https:
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/366477).
 </div>
 
 Version 14.x.x [security report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas) are deprecated.
@@ -1783,7 +1899,8 @@ For more information, refer to [security report validation](https://docs.gitlab.
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/377824).
 </div>
 
 The [Shimo Workspace integration](https://docs.gitlab.com/ee/user/project/integrations/shimo.html) has been deprecated
@@ -1797,7 +1914,8 @@ and will be moved to the JiHu GitLab codebase.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.4</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/368828).
 </div>
 
 GitLab's operational container scanning capabilities no longer require starboard to be installed. Consequently, use of the `starboard:` directive in the configuration file for the GitLab Agent for Kubernetes is now deprecated and is scheduled for removal in GitLab 16.0. Update your configuration file to use the `container_scanning:` directive.
@@ -1810,7 +1928,8 @@ GitLab's operational container scanning capabilities no longer require starboard
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/390266).
 </div>
 
 Support for using the `prometheus_exclude_database_from_default_metrics` configuration value is deprecated in GitLab
@@ -1832,7 +1951,8 @@ This may require updating your metrics collection targets to also scrape `/db_me
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/385564).
 </div>
 
 Previously, Terraform state names containing periods were not supported. However, you could still use state names with periods via a workaround.
@@ -1855,7 +1975,8 @@ To use the full state name, including the period, [migrate to the full state fil
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/382129).
 </div>
 
 Currently, GET requests to the [Cluster Agents API](https://docs.gitlab.com/ee/api/cluster_agents.html#list-tokens-for-an-agent)
@@ -1879,7 +2000,8 @@ This change affects the following REST and GraphQL API endpoints:
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-com/Product/-/issues/4894).
 </div>
 
 The [Phabricator task importer](https://docs.gitlab.com/ee/user/project/import/phabricator.html) is being deprecated. Phabricator itself as a project is no longer actively maintained since June 1, 2021. We haven't observed imports using this tool. There has been no activity on the open related issues on GitLab.
@@ -1892,7 +2014,8 @@ The [Phabricator task importer](https://docs.gitlab.com/ee/user/project/import/p
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/386001).
 </div>
 
 With every major GitLab version, we update the stable Terraform templates with the current latest templates.
@@ -1914,7 +2037,8 @@ To accommodate the changes, you might need to adjust the [`rules`](https://docs.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.4</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/365365).
 </div>
 
 In order to make the behavior of toggling the draft status of a merge request more clear via a quick action, we're deprecating and removing the toggle behavior of the `/draft` quick action. Beginning with the 16.0 release of GitLab, `/draft` will only set a merge request to Draft and a new `/ready` quick action will be used to remove the draft status.
@@ -1927,7 +2051,8 @@ In order to make the behavior of toggling the draft status of a merge request mo
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/350670).
 </div>
 
 Toggling notes confidentiality with REST and GraphQL APIs is being deprecated. Updating notes confidential attribute is no longer supported by any means. We are changing this to simplify the experience and prevent private information from being unintentionally exposed.
@@ -1940,7 +2065,8 @@ Toggling notes confidentiality with REST and GraphQL APIs is being deprecated. U
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/367166).
 </div>
 
 You can use the vulnerabilityFindingDismiss GraphQL mutation to set the status of a vulnerability finding to `Dismissed`. Previously, this mutation used the `id` field to identify findings uniquely. However, this did not work for dismissing findings from the pipeline security tab. Therefore, using the `id` field as an identifier has been dropped in favor of the `uuid` field. Using the 'uuid' field as an identifier allows you to dismiss the finding from the pipeline security tab.
@@ -1954,7 +2080,8 @@ You can use the vulnerabilityFindingDismiss GraphQL mutation to set the status o
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/376216).
 </div>
 
 Using third-party container registries with GitLab as an auth endpoint is deprecated in GitLab 15.8 and the [end of support](https://docs.gitlab.com/ee/development/deprecation_guidelines/#terminology) is scheduled for GitLab 16.0. This impacts self-managed customers that have connected their external registry to the GitLab user interface to find, view, and delete container images.
@@ -1975,7 +2102,8 @@ Moving forward, we'll continue to invest in developing and releasing new feature
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.4</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/372332).
 </div>
 
 In GitLab 15.3, [security report schemas below version 15 were deprecated](https://docs.gitlab.com/ee/update/deprecations.html#security-report-schemas-version-14xx).
@@ -1991,7 +2119,8 @@ removed in 16.0.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/393836).
 </div>
 
 Usage of global IDs in work item URLs is deprecated. In the future, only internal IDs (IID) will be supported.
@@ -2012,7 +2141,8 @@ In GitLab 16.0 we will remove the ability to use a global ID in the work items p
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
 - End of Support: GitLab <span class="milestone">16.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/377825).
 </div>
 
 The [ZenTao product integration](https://docs.gitlab.com/ee/user/project/integrations/zentao.html) has been deprecated
@@ -2026,7 +2156,8 @@ and will be moved to the JiHu GitLab codebase.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352957).
 </div>
 
 The predefined CI/CD variables that start with `CI_BUILD_*` were deprecated in GitLab 9.0, and will be removed in GitLab 16.0. If you still use these variables, be sure to change to the replacement [predefined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) which are functionally identical:
@@ -2054,7 +2185,8 @@ The predefined CI/CD variables that start with `CI_BUILD_*` were deprecated in G
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/381669).
 </div>
 
 The `POST ci/lint` API endpoint is deprecated in 15.7, and will be removed in 16.0. This endpoint does not validate the full range of CI/CD configuration options. Instead, use [`POST /projects/:id/ci/lint`](https://docs.gitlab.com/ee/api/lint.html#validate-a-ci-yaml-configuration-with-a-namespace), which properly validates CI/CD configuration.
@@ -2067,7 +2199,8 @@ The `POST ci/lint` API endpoint is deprecated in 15.7, and will be removed in 16
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/365939).
 </div>
 
 To avoid confusion and duplication, the `environment_tier` parameter is deprecated in favor of the `environment_tiers` parameter. The new `environment_tiers` parameter allows DORA APIs to return aggregated data for multiple tiers at the same time. The `environment_tier` parameter will be removed in GitLab 16.0.
@@ -2080,7 +2213,8 @@ To avoid confusion and duplication, the `environment_tier` parameter is deprecat
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/375645).
 </div>
 
 The `VulnerabilityFindingDismiss` GraphQL mutation is being deprecated and will be removed in GitLab 16.0. This mutation was not used often as the Vulnerability Finding ID was not available to users (this field was [deprecated in 15.3](https://docs.gitlab.com/ee/update/deprecations.html#use-of-id-field-in-vulnerabilityfindingdismiss-mutation)). Users should instead use `VulnerabilityDismiss` to dismiss vulnerabilities in the Vulnerability Report or `SecurityFindingDismiss` for security findings in the CI Pipeline Security tab.
@@ -2098,6 +2232,7 @@ The `VulnerabilityFindingDismiss` GraphQL mutation is being deprecated and will
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7371).
 </div>
 
 Distribution support and security updates for openSUSE Leap 15.3 [ended December 2022](https://en.opensuse.org/Lifetime#Discontinued_distributions).
@@ -2120,7 +2255,8 @@ Starting in GitLab 15.7 we started providing packages for openSUSE Leap 15.4, an
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
 - End of Support: GitLab <span class="milestone">15.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387976).
 </div>
 
 We are deprecating support for [uploading backups to remote storage](https://docs.gitlab.com/ee/raketasks/backup_gitlab.html#upload-backups-to-a-remote-cloud-storage) using Openstack Swift and Rackspace APIs. The support for these APIs depends on third-party libraries that are no longer actively maintained and have not been updated for  Ruby 3. GitLab is switching over to Ruby 3 prior to EOL of Ruby 2 in order to stay up to date on security patches.
@@ -2141,7 +2277,8 @@ We are deprecating support for [uploading backups to remote storage](https://doc
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/383889).
 </div>
 
 The Live Preview feature of the Web IDE was intended to provide a client-side preview of static web applications. However, complex configuration steps and a narrow set of supported project types have limited its utility. With the introduction of the Web IDE Beta in GitLab 15.7, you can now connect to a full server-side runtime environment. With upcoming support for installing extensions in the Web IDE, we'll also support more advanced workflows than those available with Live Preview. As of GitLab 15.9, Live Preview is no longer available in the Web IDE.
@@ -2154,7 +2291,8 @@ The Live Preview feature of the Web IDE was intended to provide a client-side pr
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/configure/-/epics/8).
 </div>
 
 The certificate-based integration with Kubernetes will be [deprecated and removed](https://about.gitlab.com/blog/2021/11/15/deprecating-the-cert-based-kubernetes-integration/). As a GitLab SaaS customer, on new namespaces, you will no longer be able to integrate GitLab and your cluster using the certificate-based approach as of GitLab 15.0. The integration for current users will be enabled per namespace.
@@ -2182,7 +2320,8 @@ GitLab self-managed customers can still use the feature [with a feature flag](ht
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/29407).
 </div>
 
 Previously, variables that referenced or applied alias file variables expanded the value of the `File` type variable. For example, the file contents. This behavior was incorrect because it did not comply with typical shell variable expansion rules. To leak secrets or sensitive information stored in `File` type variables, a user could run an $echo command with the variable as an input parameter.
@@ -2227,6 +2366,7 @@ We encourage customers currently using NFS for Git repositories to plan their mi
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.3</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6972).
 </div>
 
 In GitLab 15.4, we will be swapping the bundled Grafana to a fork of Grafana maintained by GitLab.
@@ -2243,7 +2383,8 @@ This is not expected to cause any incompatibilities with the previous version of
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352554).
 </div>
 
 GitLab SAST uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) to scan code for vulnerabilities.
@@ -2292,6 +2433,7 @@ If you applied customizations to any of the affected analyzers or if you current
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.0</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/360516).
 </div>
 
 The ability to sort the Vulnerability Report by the `State` column was disabled and put behind a feature flag in GitLab 14.10 due to a refactor
@@ -2306,6 +2448,7 @@ by this value remains performant. Due to very low usage of the `State` column fo
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">15.1</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/362962).
 </div>
 
 The ability to sort the Vulnerability Report by the `Tool` column (scan type) was disabled and put behind a feature flag in GitLab 14.10 due to a refactor
@@ -2343,7 +2486,8 @@ Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](ht
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/337993).
 </div>
 
 Audit events for [repository events](https://docs.gitlab.com/ee/administration/audit_events.html#removed-events) are now deprecated and will be removed in GitLab 15.0.
@@ -2360,7 +2504,8 @@ dramatically slow down GitLab instances. For this reason, they are being removed
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/26600).
 </div>
 
 To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0. Review the [15.0 specific changes](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html) for the [removed background uploads settings for object storage](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html#removed-background-uploads-settings-for-object-storage).
@@ -2380,7 +2525,8 @@ GitLab will publish additional guidance to assist affected customers in migratin
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.6</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/342800).
 </div>
 
 In GitLab 15.0 we are going to limit the number of characters in CI/CD job names to 255. Any pipeline with job names that exceed the 255 character limit will stop working after the 15.0 release.
@@ -2393,7 +2539,8 @@ In GitLab 15.0 we are going to limit the number of characters in CI/CD job names
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/345347).
 </div>
 
 In GitLab 15.0, you can no longer change an instance (shared) runner to a project (specific) runner.
@@ -2410,7 +2557,7 @@ Administrators who need to add runners for multiple projects can register a runn
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 All functionality related to GitLab's Container Network Security and Container Host Security categories is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0. Users who need a replacement for this functionality are encouraged to evaluate the following open source projects as potential solutions that can be installed and managed outside of GitLab: [AppArmor](https://gitlab.com/apparmor/apparmor), [Cilium](https://github.com/cilium/cilium), [Falco](https://github.com/falcosecurity/falco), [FluentD](https://github.com/fluent/fluentd), [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/). To integrate these technologies into GitLab, add the desired Helm charts into your copy of the [Cluster Management Project Template](https://docs.gitlab.com/ee/user/clusters/management_project_template.html). Deploy these Helm charts in production by calling commands through GitLab [CI/CD](https://docs.gitlab.com/ee/user/clusters/agent/ci_cd_workflow.html).
@@ -2501,7 +2648,8 @@ in the Vulnerability Report.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/334060).
 </div>
 
 For those using Dependency Scanning for Python projects, we are deprecating the default `gemnasium-python:2` image which uses Python 3.6 as well as the custom `gemnasium-python:2-python-3.9` image which uses Python 3.9. The new default image as of GitLab 15.0 will be for Python 3.9 as it is a [supported version](https://endoflife.date/python) and 3.6 [is no longer supported](https://endoflife.date/python).
@@ -2532,7 +2680,7 @@ gemnasium-python-dependency_scanning:
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 In GitLab 15.0, for Dependency Scanning, the default version of Java that the scanner expects will be updated from 11 to 17. Java 17 is [the most up-to-date Long Term Support (LTS) version](https://en.wikipedia.org/wiki/Java_version_history). Dependency scanning continues to support the same [range of versions (8, 11, 13, 14, 15, 16, 17)](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#supported-languages-and-package-managers), only the default version is changing. If your project uses the previous default of Java 11, be sure to [set the `DS_Java_Version` variable to match](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning).
@@ -2569,6 +2717,7 @@ in the Vulnerability Report.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/351345).
 </div>
 
 In GitLab 13.0, we introduced new project and design replication details routes in the Geo Admin UI. These routes are `/admin/geo/replication/projects` and `/admin/geo/replication/designs`. We kept the legacy routes and redirected them to the new routes. In GitLab 15.0, we will remove support for the legacy routes `/admin/geo/projects` and `/admin/geo/designs`. Please update any bookmarks or scripts that may use the legacy routes.
@@ -2581,6 +2730,7 @@ In GitLab 13.0, we introduced new project and design replication details routes
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/351945).
 </div>
 
 In GitLab 14.8, we are [replacing the `geo:db:*` Rake tasks with built-in tasks](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77269/diffs) that are now possible after [switching the Geo tracking database to use Rails' 6 support of multiple databases](https://gitlab.com/groups/gitlab-org/-/epics/6458).
@@ -2612,7 +2762,8 @@ The following `geo:db:*` tasks will be replaced with their corresponding `db:*:g
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/262019).
 </div>
 
 The feature flag `PUSH_RULES_SUPERSEDE_CODE_OWNERS` is being removed in GitLab 15.0. Upon its removal, push rules will supersede Code Owners. Even if Code Owner approval is required, a push rule that explicitly allows a specific user to push code supersedes the Code Owners setting.
@@ -2625,7 +2776,8 @@ The feature flag `PUSH_RULES_SUPERSEDE_CODE_OWNERS` is being removed in GitLab 1
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/350275).
 </div>
 
 Elasticsearch 6.8 is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0.
@@ -2642,6 +2794,7 @@ Elasticsearch 6.8 is also incompatible with Amazon OpenSearch, which we [plan to
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/-/epics/6968).
 </div>
 
 [Security report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
@@ -2666,7 +2819,7 @@ in the Vulnerability Report.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The [external status check API](https://docs.gitlab.com/ee/api/status_checks.html) was originally implemented to
@@ -2705,7 +2858,8 @@ In 15.0, support for daemon mode for GitLab Pages will be removed.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/configure/-/epics/6).
 </div>
 
 GitLab Serverless is a feature set to support Knative-based serverless development with automatic deployments and monitoring.
@@ -2720,6 +2874,7 @@ We decided to remove the GitLab Serverless features as they never really resonat
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/327057).
 </div>
 
 The Godep dependency manager for Golang was deprecated in 2020 by Go and
@@ -2735,7 +2890,8 @@ and will remove it in GitLab 15.0
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/257883).
 </div>
 
 We are removing a non-standard extension to our GraphQL processor, which we added for backwards compatibility. This extension modifies the validation of GraphQL queries, allowing the use of the `ID` type for arguments where it would normally be rejected.
@@ -2798,7 +2954,7 @@ an inline argument expression).
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The GitLab Package stage offers a Package Registry, Container Registry, and Dependency Proxy to help you manage all of your dependencies using GitLab. Each of these product categories has a variety of settings that can be adjusted using the API.
@@ -2818,7 +2974,8 @@ The permissions model for GraphQL is being updated. After 15.0, users with the G
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28192).
 </div>
 
 In [GitLab 14.3](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/3074), we added a configuration setting in the GitLab Runner `config.toml` file. This setting, [`[runners.ssh.disable_strict_host_key_checking]`](https://docs.gitlab.com/runner/executors/ssh.html#security), controls whether or not to use strict host key checking with the SSH executor.
@@ -2833,7 +2990,8 @@ In GitLab 15.0 and later, the default value for this configuration option will c
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.6</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/335707).
 </div>
 
 We deprecated legacy names for approval status of license policy (blacklisted, approved) in the `managed_licenses` API but they are still used in our API queries and responses. They will be removed in 15.0.
@@ -2848,7 +3006,8 @@ If you are using our License Compliance API you should stop using the `approved`
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/338182).
 </div>
 
 The syntax of [GitLabs database](https://docs.gitlab.com/omnibus/settings/database.html)
@@ -2865,7 +3024,8 @@ This deprecation mainly impacts users compiling GitLab from source because Omnib
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/346485).
 </div>
 
 The logging features in GitLab allow users to install the ELK stack (Elasticsearch, Logstash, and Kibana) to aggregate and manage application logs. Users can search for relevant logs in GitLab. However, since deprecating certificate-based integration with Kubernetes clusters and GitLab Managed Apps, we don't have a recommended solution for logging within GitLab. For more information, you can follow the issue for [integrating Opstrace with GitLab](https://gitlab.com/groups/gitlab-org/-/epics/6976).
@@ -2890,7 +3050,7 @@ The [`custom_hooks_dir`](https://docs.gitlab.com/ee/administration/server_hooks.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.0</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The OAuth implicit grant authorization flow will be removed in our next major release, GitLab 15.0. Any applications that use OAuth implicit grant should switch to alternative [supported OAuth flows](https://docs.gitlab.com/ee/api/oauth2.html).
@@ -2903,7 +3063,7 @@ The OAuth implicit grant authorization flow will be removed in our next major re
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 By default, all new applications expire access tokens after 2 hours. In GitLab 14.2 and earlier, OAuth access tokens
@@ -2924,7 +3084,8 @@ tokens before GitLab 15.0 is released:
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.3</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/337384).
 </div>
 
 The `omniauth-kerberos` gem will be removed in our next major release, GitLab 15.0.
@@ -2941,7 +3102,8 @@ Note that we are not deprecating the Kerberos SPNEGO integration, only the old p
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/351962).
 </div>
 
 The feature to disable enforcement of PAT expiration is unusual from a security perspective.
@@ -2956,7 +3118,8 @@ Unexpected behavior in a security feature is inherently dangerous, so we have de
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/351963).
 </div>
 
 The feature to disable enforcement of SSH expiration is unusual from a security perspective.
@@ -2971,7 +3134,8 @@ Unexpected behavior in a security feature is inherently dangerous, so we have de
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352549).
 </div>
 
 The [GitLab SAST SpotBugs analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) scans [Java, Scala, Groovy, and Kotlin code](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks) for security vulnerabilities.
@@ -2995,7 +3159,8 @@ If you rely on Java 8 being present in the analyzer environment, you must take a
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.10</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/359133).
 </div>
 
 As Advanced Search migrations usually require support multiple code paths for a long period of time, it’s important to clean those up when we safely can. We use GitLab major version upgrades as a safe time to remove backward compatibility for indices that have not been fully migrated. See the [upgrade documentation](https://docs.gitlab.com/ee/update/index.html#upgrading-to-a-new-major-version) for details.
@@ -3008,6 +3173,7 @@ As Advanced Search migrations usually require support multiple code paths for a
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/219952).
 </div>
 
 The Pseudonymizer feature is generally unused,
@@ -3023,7 +3189,8 @@ It is now considered deprecated, and will be removed in GitLab 15.0.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/332323).
 </div>
 
 The `instanceStatisticsMeasurements` GraphQL node has been renamed to `usageTrendsMeasurements` in 13.10 and the old field name has been marked as deprecated. To fix the existing GraphQL queries, replace `instanceStatisticsMeasurements` with `usageTrendsMeasurements`.
@@ -3036,7 +3203,8 @@ The `instanceStatisticsMeasurements` GraphQL node has been renamed to `usageTren
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352488).
 </div>
 
 [Request profiling](https://docs.gitlab.com/ee/administration/monitoring/performance/index.html) is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0.
@@ -3055,7 +3223,7 @@ For more information, check the [summary section of the deprecation issue](https
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The [required pipeline configuration](https://docs.gitlab.com/ee/user/admin_area/settings/continuous_integration.html#required-pipeline-configuration) feature is deprecated in GitLab 14.8 for Premium customers and is scheduled for removal in GitLab 15.0. This feature is not deprecated for GitLab Ultimate customers.
@@ -3073,7 +3241,8 @@ This change will also help GitLab remain consistent in its tiering strategy with
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/350510).
 </div>
 
 As of 14.8 the retire.js job is being deprecated from Dependency Scanning. It will continue to be included in our CI/CD template while deprecated. We are removing retire.js from Dependency Scanning on May 22, 2022 in GitLab 15.0. JavaScript scanning functionality will not be affected as it is still being covered by Gemnasium.
@@ -3112,7 +3281,8 @@ in the Vulnerability Report.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352553).
 </div>
 
 The GitLab SAST Security Code Scan analyzer scans .NET code for security vulnerabilities.
@@ -3143,6 +3313,7 @@ If you rely on .NET 2.1 support being present in the analyzer image by default,
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352565).
 </div>
 
 To make it simpler and more reliable to [customize GitLab Secret Detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings), we're deprecating some of the variables that you could previously set in your CI/CD configuration.
@@ -3194,7 +3365,8 @@ in the Vulnerability Report.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564).
 </div>
 
 GitLab uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to [scan for security vulnerabilities](https://docs.gitlab.com/ee/user/application_security/).
@@ -3221,7 +3393,8 @@ See the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352564
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/350936).
 </div>
 
 The Secure and Protect stages will be bumping the major versions of their analyzers in tandem with the GitLab 15.0 release. This major bump will enable a clear delineation for analyzers, between:
@@ -3265,7 +3438,8 @@ Specifically, the following are being deprecated and will no longer be updated a
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/347509).
 </div>
 
 Exporting Sidekiq metrics and health checks using a single process and port is deprecated.
@@ -3296,6 +3470,7 @@ to serve the Sidekiq metrics, similar to the way Sidekiq will behave in 15.0.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/347137).
 </div>
 
 The Static Site Editor will no longer be available starting in GitLab 15.0. Improvements to the Markdown editing experience across GitLab will deliver smiliar benefit but with a wider reach. Incoming requests to the Static Site Editor will be redirected to the [Web IDE](https://docs.gitlab.com/ee/user/project/web_ide/index.html).
@@ -3310,7 +3485,7 @@ Current users of the Static Site Editor can view the [documentation](https://doc
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 Long term service and support (LTSS) for SUSE Linux Enterprise Server (SLES) 12 SP2 [ended on March 31, 2021](https://www.suse.com/lifecycle/). The CA certificates on SP2 include the expired DST root certificate, and it's not getting new CA certificate package updates. We have implemented some [workarounds](https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/merge_requests/191), but we will not be able to continue to keep the build running properly.
@@ -3323,7 +3498,7 @@ Long term service and support (LTSS) for SUSE Linux Enterprise Server (SLES) 12
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 Although not recommended or documented, it was possible to deploy a gRPC-aware proxy between Gitaly and
@@ -3346,7 +3521,7 @@ the [relevant epic](https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/463).
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 To simplify setting a test coverage pattern, in GitLab 15.0 the
@@ -3364,7 +3539,8 @@ testing coverage results in merge requests.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/346540).
 </div>
 
 Tracing in GitLab is an integration with Jaeger, an open-source end-to-end distributed tracing system. GitLab users can navigate to their Jaeger instance to gain insight into the performance of a deployed application, tracking each function or microservice that handles a given request. Tracing in GitLab is deprecated in GitLab 14.7, and scheduled for removal in 15.0. To track work on a possible replacement, see the issue for [Opstrace integration with GitLab](https://gitlab.com/groups/gitlab-org/-/epics/6976).
@@ -3377,7 +3553,8 @@ Tracing in GitLab is an integration with Jaeger, an open-source end-to-end distr
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/336912).
 </div>
 
 In milestone 15.0, support for the `tags` and `tags_count` parameters will be removed from the Container Registry API that [gets registry repositories from a group](../api/container_registry.md#within-a-group).
@@ -3392,7 +3569,8 @@ The `GET /groups/:id/registry/repositories` endpoint will remain, but won't retu
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/343210).
 </div>
 
 We are changing how the date filter works in Value Stream Analytics. Instead of filtering by the time that the issue or merge request was created, the date filter will filter by the end event time of the given stage. This will result in completely different figures after this change has rolled out.
@@ -3407,7 +3585,7 @@ If you monitor Value Stream Analytics metrics and rely on the date filter, to av
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The vulnerability check feature is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0. We encourage you to migrate to the new security approvals feature instead. You can do so by navigating to **Security & Compliance > Policies** and creating a new Scan Result Policy.
@@ -3427,7 +3605,8 @@ The new security approvals feature is similar to vulnerability check. For exampl
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/327453).
 </div>
 
 As part of the work to create a [Package Registry GraphQL API](https://gitlab.com/groups/gitlab-org/-/epics/6318), the Package group deprecated the `Version` type for the basic `PackageType` type and moved it to [`PackageDetailsType`](https://docs.gitlab.com/ee/api/graphql/reference/index.html#packagedetailstype).
@@ -3442,7 +3621,8 @@ In milestone 15.0, we will completely remove `Version` from `PackageType`.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.7</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/348980).
 </div>
 
 Currently, test coverage visualizations in GitLab only support Cobertura reports. Starting 15.0, the
@@ -3458,7 +3638,8 @@ only supported report file in 15.0, but this is the first step towards GitLab su
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/345451).
 </div>
 
 The GraphQL API field `defaultMergeCommitMessageWithDescription` has been deprecated and will be removed in GitLab 15.0. For projects with a commit message template set, it will ignore the template.
@@ -3471,7 +3652,8 @@ The GraphQL API field `defaultMergeCommitMessageWithDescription` has been deprec
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/276777).
 </div>
 
 We added a feature flag because [GitLab-#11582](https://gitlab.com/gitlab-org/gitlab/-/issues/11582) changed how public groups use the Dependency Proxy. Prior to this change, you could use the Dependency Proxy without authentication. The change requires authentication to use the Dependency Proxy.
@@ -3486,7 +3668,8 @@ In milestone 15.0, we will remove the feature flag entirely. Moving forward, you
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/342882).
 </div>
 
 In GraphQL, there are two `pipelines` fields that you can use in a [`PackageDetailsType`](https://docs.gitlab.com/ee/api/graphql/reference/#packagedetailstype) to get the pipelines for package versions:
@@ -3504,7 +3687,7 @@ To mitigate possible performance problems, we will remove the `versions` field's
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The `projectFingerprint` field in the [PipelineSecurityReportFinding](https://docs.gitlab.com/ee/api/graphql/reference/index.html#pipelinesecurityreportfinding)
@@ -3520,7 +3703,8 @@ exposed in the UUID field. Data previously available in the projectFingerprint f
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/345207).
 </div>
 
 In GitLab 14.5, we introduced the command `gitlab-ctl promote` to promote any Geo secondary node to a primary during a failover. This command replaces `gitlab-ctl promote-db` which is used to promote database nodes in multi-node Geo secondary sites. `gitlab-ctl promote-db` will continue to function as-is and be available until GitLab 15.0. We recommend that Geo customers begin testing the new `gitlab-ctl promote` command in their staging environments and incorporating the new command in their failover procedures.
@@ -3533,7 +3717,8 @@ In GitLab 14.5, we introduced the command `gitlab-ctl promote` to promote any Ge
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/345207).
 </div>
 
 In GitLab 14.5, we introduced the command `gitlab-ctl promote` to promote any Geo secondary node to a primary during a failover. This command replaces `gitlab-ctl promote-to-primary-node` which was only usable for single-node Geo sites. `gitlab-ctl promote-to-primary-node` will continue to function as-is and be available until GitLab 15.0. We recommend that Geo customers begin testing the new `gitlab-ctl promote` command in their staging environments and incorporating the new command in their failover procedures.
@@ -3546,7 +3731,8 @@ In GitLab 14.5, we introduced the command `gitlab-ctl promote` to promote any Ge
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/334018).
 </div>
 
 The `started` field in the [iterations API](https://docs.gitlab.com/ee/api/iterations.html#list-project-iterations) is being deprecated and will be removed in GitLab 15.0. This field is being replaced with the `current` field (already available) which aligns with the naming for other time-based entities, such as milestones.
@@ -3559,7 +3745,7 @@ The `started` field in the [iterations API](https://docs.gitlab.com/ee/api/itera
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.6</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The `type` and `types` CI/CD keywords will be removed in GitLab 15.0. Pipelines that use these keywords will stop working, so you must switch to `stage` and `stages`, which have the same behavior.
@@ -3572,7 +3758,8 @@ The `type` and `types` CI/CD keywords will be removed in GitLab 15.0. Pipelines
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.6</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/333233).
 </div>
 
 The API Fuzzing configuration snippet is now being generated client-side and does not require an
@@ -3587,7 +3774,8 @@ which isn't being used in GitLab anymore.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.6</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/289832).
 </div>
 
 As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI/CD template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal Ruby scanning functionality will not be affected as it is still being covered by Gemnasium.
@@ -3602,7 +3790,7 @@ If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you wi
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The Container Registry supports [authentication](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#auth) with `htpasswd`. It relies on an [Apache `htpasswd` file](https://httpd.apache.org/docs/2.4/programs/htpasswd.html), with passwords hashed using `bcrypt`.
@@ -3617,7 +3805,7 @@ Since it isn't used in the context of GitLab (the product), `htpasswd` authentic
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The `user_email_lookup_limit` [API field](https://docs.gitlab.com/ee/api/settings.html) is deprecated and will be removed in GitLab 15.0. Until GitLab 15.0, `user_email_lookup_limit` is aliased to `search_rate_limit` and existing workflows will continue to work.
@@ -3637,7 +3825,7 @@ Any API calls attempting to change the rate limits for `user_email_lookup_limit`
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.9</span>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
 </div>
 
 The GitLab Composer repository can be used to push, search, fetch metadata about, and download PHP dependencies. All these actions require authentication, except for downloading dependencies.
@@ -3657,6 +3845,7 @@ Downloading Composer dependencies without authentication is deprecated in GitLab
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.8</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/352612).
 </div>
 
 Configuring the `per_repository` Gitaly election strategy is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/352612).
@@ -3677,6 +3866,7 @@ This change is part of regular maintenance to keep our codebase clean.
 
 <div class="deprecation-notes">
 - Announced in: GitLab <span class="milestone">14.5</span>
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6427).
 </div>
 
 Distribution support and security updates for openSUSE Leap 15.2 are [ending December 2021](https://en.opensuse.org/Lifetime#openSUSE_Leap).
diff --git a/doc/update/removals.md b/doc/update/removals.md
index 5e5203c634c..8aeaa567f3c 100644
--- a/doc/update/removals.md
+++ b/doc/update/removals.md
@@ -136,6 +136,16 @@ In GitLab 13.9, we updated the Omnibus GitLab package and GitLab Helm chart 4.9
 GitLab 16.0, we have removed support for Redis 5. If you are using your own Redis 5.0 instance, you must upgrade it to Redis 6.0 or later before upgrading to GitLab 16.0
 or later.
 
+### Removal of job_age parameter in `POST /jobs/request` Runner endpoint
+
+WARNING:
+This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+Review the details carefully before upgrading.
+
+The `job_age` parameter, returned from the `POST /jobs/request` API endpoint used in communication with GitLab Runner, has been removed in GitLab 16.0.
+
+This could be a breaking change for anyone that developed their own runner that relies on this parameter being returned by the endpoint. This is not a breaking change for anyone using an officially released version of GitLab Runner, including public shared runners on GitLab.com.
+
 ### Remove legacy configuration fields in GitLab Runner Helm Chart
 
 In GitLab 13.6 and later, users can [specify any runner configuration in the GitLab Runner Helm chart](https://docs.gitlab.com/runner/install/kubernetes.html). When this features was released, we deprecated the fields in the GitLab Helm Chart configuration specific to the runner. As of v1.0 of the GitLab Runner Helm chart (GitLab 16.0), the following fields have been removed and are no longer supported:
diff --git a/doc/user/admin_area/settings/usage_statistics.md b/doc/user/admin_area/settings/usage_statistics.md
index 0580dc5f452..501c9b7f93b 100644
--- a/doc/user/admin_area/settings/usage_statistics.md
+++ b/doc/user/admin_area/settings/usage_statistics.md
@@ -53,6 +53,7 @@ tier. Users can continue to access the features in a paid tier without sharing u
 ### Features available in 16.0 and later
 
 - [Maintenance mode](../../../administration/maintenance_mode/index.md).
+- [Configurable issue boards](../../project/issue_board.md#configurable-issue-boards).
 
 NOTE:
 Registration is not yet required for participation, but may be added in a future milestone.
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index 91f10b5ab60..c510be55981 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -194,13 +194,9 @@ table.supported-languages ul {
       <td rowspan="2">
         8 LTS,
         11 LTS,
-        13<sup><b><a href="#notes-regarding-supported-languages-and-package-managers-2">2</a></b></sup>,
-        14<sup><b><a href="#notes-regarding-supported-languages-and-package-managers-2">2</a></b></sup>,
-        15<sup><b><a href="#notes-regarding-supported-languages-and-package-managers-2">2</a></b></sup>,
-        16<sup><b><a href="#notes-regarding-supported-languages-and-package-managers-2">2</a></b></sup>,
         or 17 LTS
       </td>
-      <td><a href="https://gradle.org/">Gradle</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-3">3</a></b></sup></td>
+      <td><a href="https://gradle.org/">Gradle</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-2">2</a></b></sup></td>
       <td>
         <ul>
             <li><code>build.gradle</code></li>
@@ -232,7 +228,7 @@ table.supported-languages ul {
       <td>Y</td>
     </tr>
     <tr>
-      <td><a href="https://pnpm.io/">pnpm</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-4">4</a></b></sup></td>
+      <td><a href="https://pnpm.io/">pnpm</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-3">3</a></b></sup></td>
       <td><code>pnpm-lock.yaml</code></td>
       <td>Y</td>
     </tr>
@@ -245,7 +241,7 @@ table.supported-languages ul {
     </tr>
     <tr>
       <td rowspan="4">Python</td>
-      <td rowspan="4">3.9, 3.10<sup><b><a href="#notes-regarding-supported-languages-and-package-managers-5">5</a></b></sup></td>
+      <td rowspan="4">3.9, 3.10<sup><b><a href="#notes-regarding-supported-languages-and-package-managers-4">4</a></b></sup></td>
       <td><a href="https://setuptools.readthedocs.io/en/latest/">setuptools</a></td>
       <td><code>setup.py</code></td>
       <td>N</td>
@@ -272,7 +268,7 @@ table.supported-languages ul {
       <td>N</td>
     </tr>
     <tr>
-      <td><a href="https://python-poetry.org/">Poetry</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-6">6</a></b></sup></td>
+      <td><a href="https://python-poetry.org/">Poetry</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-5">5</a></b></sup></td>
       <td><code>poetry.lock</code></td>
       <td>N</td>
     </tr>
@@ -291,7 +287,7 @@ table.supported-languages ul {
     <tr>
       <td>Scala</td>
       <td>All versions</td>
-      <td><a href="https://www.scala-sbt.org/">sbt</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-7">7</a></b></sup></td>
+      <td><a href="https://www.scala-sbt.org/">sbt</a><sup><b><a href="#notes-regarding-supported-languages-and-package-managers-6">6</a></b></sup></td>
       <td><code>build.sbt</code></td>
       <td>N</td>
     </tr>
@@ -308,23 +304,17 @@ table.supported-languages ul {
   <li>
     <a id="notes-regarding-supported-languages-and-package-managers-2"></a>
     <p>
-      Support for these versions of Java is deprecated and is planned to be removed in the GitLab 16.0 release. Additionally, these versions of Java are not supported by the FIPS-enabled image of <code>gemnasium-maven</code>. Official support is limited to LTS versions only. Although it may be possible to use Dependency Scanning with other versions by building a custom dependency scanning image, this approach is not officially supported by GitLab.
-    </p>
-  </li>
-  <li>
-    <a id="notes-regarding-supported-languages-and-package-managers-3"></a>
-    <p>
       Gradle is not supported when <a href="https://docs.gitlab.com/ee/development/fips_compliance.html#enable-fips-mode">FIPS mode</a> is enabled.
     </p>
   </li>
   <li>
-    <a id="notes-regarding-supported-languages-and-package-managers-4"></a>
+    <a id="notes-regarding-supported-languages-and-package-managers-3"></a>
     <p>
       Support for <code>pnpm</code> lockfiles was <a href="https://gitlab.com/gitlab-org/gitlab/-/issues/336809">introduced in GitLab 15.11</a>. <code>pnpm</code> lockfiles do not store bundled dependencies, so the reported dependencies may differ from <code>npm</code> or <code>yarn</code>.
     </p>
   </li>
   <li>
-    <a id="notes-regarding-supported-languages-and-package-managers-5"></a>
+    <a id="notes-regarding-supported-languages-and-package-managers-4"></a>
     <p>
       For support of <code>Python 3.10</code>, add the following stanza to the GitLab CI/CD configuration file. This specifies that the <code>Python 3.10</code> image is to be used, instead of the default <code>Python 3.9</code>.
       <div class="language-yaml highlighter-rouge">
@@ -335,7 +325,7 @@ table.supported-languages ul {
     </p>
   </li>
   <li>
-    <a id="notes-regarding-supported-languages-and-package-managers-6"></a>
+    <a id="notes-regarding-supported-languages-and-package-managers-5"></a>
     <p>
       Support for <a href="https://python-poetry.org/">Poetry</a> projects with a <code>poetry.lock</code> file was <a href="https://gitlab.com/gitlab-org/gitlab/-/issues/7006">added in GitLab 15.0</a>.
       Support for projects without a <code>poetry.lock</code> file is tracked in issue:
@@ -343,7 +333,7 @@ table.supported-languages ul {
     </p>
   </li>
   <li>
-    <a id="notes-regarding-supported-languages-and-package-managers-7"></a>
+    <a id="notes-regarding-supported-languages-and-package-managers-6"></a>
     <p>
       Support for <a href="https://www.scala-sbt.org/">sbt</a> 1.3 and above was added in GitLab 13.9.
     </p>
@@ -453,7 +443,7 @@ To support the following package managers, the GitLab analyzers proceed in two s
           By default, the analyzer uses Java 17 and Gradle 7.3.3.
         </p>
         <p>
-          For Java versions <code>8</code> and <code>11</code>, Gradle <code>6.7.1</code> is automatically selected, and for Java versions <code>13</code> to <code>17</code>, Gradle <code>7.3.3</code> is automatically selected.
+          For Java versions <code>8</code> and <code>11</code>, Gradle <code>6.7.1</code> is automatically selected, and for Java version <code>17</code>, Gradle <code>7.3.3</code> is automatically selected.
         </p>
       </li>
       <li>
@@ -679,7 +669,7 @@ The following variables are used for configuring specific analyzers (used for a
 | `DS_REMEDIATE`                       | `gemnasium`        | `"true"`, `"false"` in FIPS mode | Enable automatic remediation of vulnerable dependencies. Not supported in FIPS mode. |
 | `DS_REMEDIATE_TIMEOUT`               | `gemnasium`        | `5m`                       | Timeout for auto-remediation. |
 | `GEMNASIUM_LIBRARY_SCAN_ENABLED`     | `gemnasium`        | `"true"`                     | Enable detecting vulnerabilities in vendored JavaScript libraries. For now, `gemnasium` leverages [`Retire.js`](https://github.com/RetireJS/retire.js) to do this job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/350512) in GitLab 14.8. |
-| `DS_JAVA_VERSION`                    | `gemnasium-maven`  | `17`                         | Version of Java. Available versions: `8`, `11`, `13`, `14`, `15`, `16`, `17`. Available versions in FIPS-enabled image: `8`, `11`, `17`. |
+| `DS_JAVA_VERSION`                    | `gemnasium-maven`  | `17`                         | Version of Java. Available versions: `8`, `11`, `17`. |
 | `MAVEN_CLI_OPTS`                     | `gemnasium-maven`  | `"-DskipTests --batch-mode"` | List of command line arguments that are passed to `maven` by the analyzer. See an example for [using private repositories](../index.md#using-private-maven-repositories). |
 | `GRADLE_CLI_OPTS`                    | `gemnasium-maven`  |                              | List of command line arguments that are passed to `gradle` by the analyzer. |
 | `SBT_CLI_OPTS`                       | `gemnasium-maven`  |                              | List of command-line arguments that the analyzer passes to `sbt`. |
@@ -756,9 +746,6 @@ Gemnasium scanning jobs automatically use FIPS-enabled image when FIPS mode is e
 
 To manually switch to FIPS-enabled images, set the variable `DS_IMAGE_SUFFIX` to `"-fips"`.
 
-To ensure compliance with FIPS, the FIPS-enabled image of `gemnasium-maven` uses the OpenJDK packages for RedHat UBI.
-As a result, it only supports Java 8, 11, and 17.
-
 Dependency scanning for Gradle projects and auto-remediation for Yarn projects are not supported in FIPS mode.
 
 ## Reports JSON format
diff --git a/lib/api/resource_access_tokens.rb b/lib/api/resource_access_tokens.rb
index 2726e05cd44..b98ed5ec9ff 100644
--- a/lib/api/resource_access_tokens.rb
+++ b/lib/api/resource_access_tokens.rb
@@ -119,6 +119,38 @@ module API
             bad_request!(token_response.message)
           end
         end
+
+        desc 'Rotate a resource access token' do
+          detail 'This feature was introduced in GitLab 16.0.'
+          tags ["#{source_type}_access_tokens"]
+          success Entities::ResourceAccessTokenWithToken
+        end
+        params do
+          requires :id, type: String, desc: "The #{source_type} ID"
+          requires :token_id, type: String, desc: "The ID of the token"
+        end
+        post ':id/access_tokens/:token_id/rotate' do
+          resource = find_source(source_type, params[:id])
+
+          resource_accessible = Ability.allowed?(current_user, :manage_resource_access_tokens, resource)
+          token = find_token(resource, params[:token_id]) if resource_accessible
+
+          if token
+            response = ::PersonalAccessTokens::RotateService.new(current_user, token).execute
+
+            if response.success?
+              status :ok
+
+              new_token = response.payload[:personal_access_token]
+              present new_token, with: Entities::ResourceAccessTokenWithToken, resource: resource
+            else
+              bad_request!(response.message)
+            end
+          else
+            # Only admins should be informed if the token doesn't exist
+            current_user.can_admin_all_resources? ? not_found! : unauthorized!
+          end
+        end
       end
     end
 
diff --git a/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml
index e73e6194760..6d5bd7c2172 100644
--- a/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml
@@ -14,7 +14,7 @@ variables:
   TERRAFORM_MODULE_DIR: ${CI_PROJECT_DIR}    # The relative path to the root directory of the Terraform project.
   TERRAFORM_MODULE_NAME: ${CI_PROJECT_NAME}  # The name of your Terraform module, must not have any spaces or underscores (will be translated to hyphens).
   TERRAFORM_MODULE_SYSTEM: local             # The system or provider your Terraform module targets (ex. local, aws, google).
-  TERRAFORM_MODULE_VERSION: ${CI_COMMIT_TAG} # The version - it's recommended to follow SemVer for Terraform Module Versioning.
+  TERRAFORM_MODULE_VERSION: ${CI_COMMIT_TAG}  # The version - it's recommended to follow SemVer for Terraform Module Versioning.
 
 .terraform-module:fmt:
   stage: validate
@@ -29,7 +29,7 @@ variables:
   stage: deploy
   image: $CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest
   script:
-    - TERRAFORM_MODULE_NAME=$(echo "${TERRAFORM_MODULE_NAME}" | tr " _" -) # module-name must not have spaces or underscores, so translate them to hyphens
+    - TERRAFORM_MODULE_NAME=$(echo "${TERRAFORM_MODULE_NAME}" | tr " _" -)  # module-name must not have spaces or underscores, so translate them to hyphens
     # Builds the Terraform module artifact: a gzipped tar archive with the contents from `$TERRAFORM_MODULE_DIR` without a `.git` directory.
     - tar -vczf /tmp/${TERRAFORM_MODULE_NAME}-${TERRAFORM_MODULE_SYSTEM}-${TERRAFORM_MODULE_VERSION}.tgz -C ${TERRAFORM_MODULE_DIR} --exclude=./.git .
     # Uploads the Terraform module artifact to the GitLab Terraform Module Registry, see
diff --git a/lib/gitlab/source.rb b/lib/gitlab/source.rb
index feacf28cf9c..0e9fb39156d 100644
--- a/lib/gitlab/source.rb
+++ b/lib/gitlab/source.rb
@@ -16,7 +16,7 @@ module Gitlab
                  url_helpers.namespace_project_tag_path(group, project, ref)
                end
 
-        host_url + path
+        Gitlab::Utils.append_path(host_url, path)
       end
 
       private
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 1969102b8d8..0265ade8ad2 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -33778,13 +33778,13 @@ msgstr ""
 msgid "Preferences|Diff colors"
 msgstr ""
 
-msgid "Preferences|Disable follow users"
+msgid "Preferences|Enable Gitpod integration"
 msgstr ""
 
-msgid "Preferences|Disable follow users feature"
+msgid "Preferences|Enable follow users"
 msgstr ""
 
-msgid "Preferences|Enable Gitpod integration"
+msgid "Preferences|Enable follow users feature"
 msgstr ""
 
 msgid "Preferences|Enable integrated code intelligence on code views"
@@ -33817,9 +33817,6 @@ msgstr ""
 msgid "Preferences|Note: You have the new navigation enabled, so only Dark Mode theme significantly changes GitLab's appearance."
 msgstr ""
 
-msgid "Preferences|Opt out of the Web IDE Beta"
-msgstr ""
-
 msgid "Preferences|Preview"
 msgstr ""
 
@@ -33847,27 +33844,18 @@ msgstr ""
 msgid "Preferences|Tab width"
 msgstr ""
 
-msgid "Preferences|The Web IDE Beta is the default Web IDE experience."
-msgstr ""
-
-msgid "Preferences|The Web IDE remains available alongside the Beta."
-msgstr ""
-
 msgid "Preferences|This feature is experimental and translations are not yet complete."
 msgstr ""
 
 msgid "Preferences|Time preferences"
 msgstr ""
 
-msgid "Preferences|Turns off the ability to follow or be followed by other users."
+msgid "Preferences|Turns on or off the ability to follow or be followed by other users."
 msgstr ""
 
 msgid "Preferences|Use relative times"
 msgstr ""
 
-msgid "Preferences|Web IDE"
-msgstr ""
-
 msgid "Preferences|When you type in a description or comment box, pressing %{kbdOpen}Enter%{kbdClose} in a list adds a new item below."
 msgstr ""
 
diff --git a/package.json b/package.json
index 281e33fd156..327cc370d03 100644
--- a/package.json
+++ b/package.json
@@ -50,8 +50,8 @@
     "@apollo/client": "^3.5.10",
     "@babel/core": "^7.18.5",
     "@babel/preset-env": "^7.18.2",
-    "@cubejs-client/core": "^0.32.30",
-    "@cubejs-client/vue": "^0.32.30",
+    "@cubejs-client/core": "^0.33.0",
+    "@cubejs-client/vue": "^0.33.0",
     "@gitlab/at.js": "1.5.7",
     "@gitlab/cluster-client": "^1.2.0",
     "@gitlab/favicon-overlay": "2.0.0",
diff --git a/qa/qa/specs/helpers/context_selector.rb b/qa/qa/specs/helpers/context_selector.rb
index 2527895dc4d..ab8e9bc3639 100644
--- a/qa/qa/specs/helpers/context_selector.rb
+++ b/qa/qa/specs/helpers/context_selector.rb
@@ -28,10 +28,12 @@ module QA
           opts[:domain] = '.+'
           opts[:tld] = opts_tld
 
+          # get uri_tld to decide gitlab or jihulab
           uri = URI(Runtime::Scenario.gitlab_address)
+          uri_tld = get_tld(uri.host)
 
           options.each do |option|
-            opts[:domain] = production_domain if option == :production
+            opts[:domain] = production_domain(uri_tld) if option == :production
 
             next unless option.is_a?(Hash)
 
@@ -102,13 +104,23 @@ module QA
           project_name.to_s.start_with?('gitlab-qa') ? Runtime::Env.default_branch : project_name
         end
 
-        def production_domain
-          GitlabEdition.jh? ? 'jihulab' : 'gitlab'
+        # Get production domain value based on GitLab edition and URI's top level domain
+        #
+        # @param tld [String] top level domain, e.g. 'hk', 'com'
+        # @return [String] 'gitlab' or 'jihulab'
+        def production_domain(tld)
+          return 'gitlab' unless GitlabEdition.jh?
+          return 'gitlab' if tld == 'hk'
+          return 'jihulab' if tld == 'com'
         end
 
         def opts_tld
           GitlabEdition.jh? ? '(.com|.hk)' : '.com'
         end
+
+        def get_tld(host)
+          host.split('.').last
+        end
       end
     end
   end
diff --git a/qa/spec/specs/helpers/context_selector_spec.rb b/qa/spec/specs/helpers/context_selector_spec.rb
index 3c09f938684..f6134cc6177 100644
--- a/qa/spec/specs/helpers/context_selector_spec.rb
+++ b/qa/spec/specs/helpers/context_selector_spec.rb
@@ -75,7 +75,7 @@ RSpec.describe QA::Specs::Helpers::ContextSelector do
         QA::Runtime::Scenario.define(:gitlab_address, "https://jihulab.com/")
         expect(described_class.context_matches?(:production)).to be_truthy
 
-        QA::Runtime::Scenario.define(:gitlab_address, "https://jihulab.hk/")
+        QA::Runtime::Scenario.define(:gitlab_address, "https://gitlab.hk/")
         expect(described_class.context_matches?(:production)).to be_truthy
       end
 
@@ -101,12 +101,12 @@ RSpec.describe QA::Specs::Helpers::ContextSelector do
           expect(described_class.context_matches?(domain: 'jihulab')).to be_truthy
         end
 
-        QA::Runtime::Scenario.define(:gitlab_address, 'https://jihulab.hk')
+        QA::Runtime::Scenario.define(:gitlab_address, 'https://gitlab.hk')
 
         aggregate_failures do
           expect(described_class.context_matches?(:production)).to be_truthy
-          expect(described_class.context_matches?(domain: 'gitlab')).to be_falsey
-          expect(described_class.context_matches?(domain: 'jihulab')).to be_truthy
+          expect(described_class.context_matches?(domain: 'jihulab')).to be_falsey
+          expect(described_class.context_matches?(domain: 'gitlab')).to be_truthy
         end
       end
 
@@ -384,14 +384,14 @@ RSpec.describe QA::Specs::Helpers::ContextSelector do
   context 'jh hk production ' do
     before do
       allow(GitlabEdition).to receive(:jh?).and_return(true)
-      QA::Runtime::Scenario.define(:gitlab_address, 'https://jihulab.hk/')
+      QA::Runtime::Scenario.define(:gitlab_address, 'https://gitlab.hk/')
     end
 
     it 'runs on production' do
       group = describe_successfully do
         it('runs on prod', only: :production) {}
         it('does not run in prod', only: { subdomain: :staging }) {}
-        it('runs in prod and staging', only: { subdomain: /(staging.)?/, domain: 'jihulab' }) {}
+        it('runs in prod and staging', only: { subdomain: /(staging.)?/, domain: 'gitlab' }) {}
       end
 
       aggregate_failures do
@@ -406,7 +406,7 @@ RSpec.describe QA::Specs::Helpers::ContextSelector do
         group = describe_successfully do
           it('skips prod', except: :production) {}
           it('runs on prod', except: { subdomain: :staging }) {}
-          it('skips prod and staging', except: { subdomain: /(staging.)?/, domain: 'jihulab' }) {}
+          it('skips prod and staging', except: { subdomain: /(staging.)?/, domain: 'gitlab' }) {}
         end
 
         aggregate_failures do
diff --git a/qa/spec/specs/helpers/feature_flag_spec.rb b/qa/spec/specs/helpers/feature_flag_spec.rb
index 180890b2701..e9f64dab587 100644
--- a/qa/spec/specs/helpers/feature_flag_spec.rb
+++ b/qa/spec/specs/helpers/feature_flag_spec.rb
@@ -187,7 +187,7 @@ RSpec.describe QA::Specs::Helpers::FeatureFlag do
       end
 
       before(:context) do
-        QA::Runtime::Scenario.define(:gitlab_address, 'https://jihulab.hk')
+        QA::Runtime::Scenario.define(:gitlab_address, 'https://gitlab.hk')
       end
 
       context 'when no scope is defined' do
diff --git a/spec/controllers/profiles/preferences_controller_spec.rb b/spec/controllers/profiles/preferences_controller_spec.rb
index 0554ab3184f..e2ade5e3de9 100644
--- a/spec/controllers/profiles/preferences_controller_spec.rb
+++ b/spec/controllers/profiles/preferences_controller_spec.rb
@@ -53,8 +53,7 @@ RSpec.describe Profiles::PreferencesController do
           first_day_of_week: '1',
           preferred_language: 'jp',
           tab_width: '5',
-          render_whitespace_in_code: 'true',
-          use_legacy_web_ide: 'true'
+          render_whitespace_in_code: 'true'
         }.with_indifferent_access
 
         expect(user).to receive(:assign_attributes).with(ActionController::Parameters.new(prefs).permit!)
diff --git a/spec/features/clusters/cluster_health_dashboard_spec.rb b/spec/features/clusters/cluster_health_dashboard_spec.rb
index ebbc184eaef..e932f8c6b98 100644
--- a/spec/features/clusters/cluster_health_dashboard_spec.rb
+++ b/spec/features/clusters/cluster_health_dashboard_spec.rb
@@ -13,6 +13,8 @@ feature_category: :deployment_management do
   let_it_be(:cluster_path) { project_cluster_path(clusterable, cluster) }
 
   before do
+    stub_feature_flags(remove_monitor_metrics: false)
+
     clusterable.add_maintainer(current_user)
 
     sign_in(current_user)
@@ -28,6 +30,24 @@ feature_category: :deployment_management do
     expect(page).to have_css('.cluster-health-graphs')
   end
 
+  context 'feature remove_monitor_metrics enabled' do
+    before do
+      stub_feature_flags(remove_monitor_metrics: true)
+    end
+
+    it 'does not show the cluster health tab' do
+      visit cluster_path
+
+      expect(page).not_to have_text('Health')
+    end
+
+    it 'does not show the cluster health section' do
+      visit project_cluster_path(clusterable, cluster, { tab: 'health' })
+
+      expect(page).not_to have_text('you must first enable Prometheus in the Integrations tab')
+    end
+  end
+
   context 'no prometheus available' do
     it 'shows enable Prometheus message' do
       visit cluster_path
diff --git a/spec/features/ide_spec.rb b/spec/features/ide_spec.rb
index 615f2a30b34..bdf8be95415 100644
--- a/spec/features/ide_spec.rb
+++ b/spec/features/ide_spec.rb
@@ -48,17 +48,6 @@ RSpec.describe 'IDE', :js, feature_category: :web_ide do
     it_behaves_like 'legacy Web IDE'
   end
 
-  context 'with vscode feature flag on and use_legacy_web_ide=true' do
-    let(:vscode_ff) { true }
-    let(:user) { create(:user, use_legacy_web_ide: true) }
-
-    before do
-      ide_visit(project)
-    end
-
-    it_behaves_like 'legacy Web IDE'
-  end
-
   describe 'sub-groups' do
     let_it_be(:group) { create(:group) }
     let_it_be(:subgroup) { create(:group, parent: group) }
diff --git a/spec/features/profiles/user_edit_preferences_spec.rb b/spec/features/profiles/user_edit_preferences_spec.rb
index 341eec11091..6cc926ed017 100644
--- a/spec/features/profiles/user_edit_preferences_spec.rb
+++ b/spec/features/profiles/user_edit_preferences_spec.rb
@@ -27,24 +27,6 @@ RSpec.describe 'User edit preferences profile', :js, feature_category: :user_pro
     expect(field).not_to be_checked
   end
 
-  it 'allows the user to toggle using the legacy web ide' do
-    field = page.find_field("user[use_legacy_web_ide]")
-
-    expect(field).not_to be_checked
-
-    field.click
-
-    expect(field).to be_checked
-  end
-
-  describe 'when vscode_web_ide feature flag is disabled' do
-    let(:vscode_web_ide) { false }
-
-    it 'does not display the legacy web ide user preference' do
-      expect(page).not_to have_field("user[use_legacy_web_ide]")
-    end
-  end
-
   describe 'User changes tab width to acceptable value' do
     it 'shows success message' do
       fill_in 'Tab width', with: 9
diff --git a/spec/frontend/admin/broadcast_messages/mock_data.js b/spec/frontend/admin/broadcast_messages/mock_data.js
index 2e20b5cf638..54596fbf977 100644
--- a/spec/frontend/admin/broadcast_messages/mock_data.js
+++ b/spec/frontend/admin/broadcast_messages/mock_data.js
@@ -4,7 +4,10 @@ const generateMockMessage = (id) => ({
   edit_path: `/admin/broadcast_messages/${id}/edit`,
   starts_at: new Date().toISOString(),
   ends_at: new Date().toISOString(),
-  preview: '<div>YEET</div>',
+  broadcast_type: 'banner',
+  dismissable: true,
+  message: 'YEET',
+  theme: 'indigo',
   status: 'Expired',
   target_path: '*/welcome',
   target_roles: 'Maintainer, Owner',
diff --git a/spec/graphql/resolvers/ci/inherited_variables_resolver_spec.rb b/spec/graphql/resolvers/ci/inherited_variables_resolver_spec.rb
new file mode 100644
index 00000000000..6837d4b0459
--- /dev/null
+++ b/spec/graphql/resolvers/ci/inherited_variables_resolver_spec.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Resolvers::Ci::InheritedVariablesResolver, feature_category: :secrets_management do
+  include GraphqlHelpers
+
+  describe '#resolve' do
+    let_it_be(:user) { create(:user) }
+    let_it_be(:group) { create(:group) }
+    let_it_be(:subgroup) { create(:group, parent: group) }
+    let_it_be(:project) { create(:project, group: subgroup) }
+    let_it_be(:project_without_group) { create(:project) }
+
+    let_it_be(:inherited_ci_variables) do
+      [
+        create(:ci_group_variable, group: group, key: 'GROUP_VAR_A'),
+        create(:ci_group_variable, group: subgroup, key: 'SUBGROUP_VAR_B')
+      ]
+    end
+
+    subject(:resolve_variables) { resolve(described_class, obj: obj, ctx: { current_user: user }, args: {}) }
+
+    context 'when project does not have a group' do
+      let_it_be(:obj) { project_without_group }
+
+      it 'returns an empty array' do
+        expect(resolve_variables.items.to_a).to match_array([])
+      end
+    end
+
+    context 'when project belongs to a group' do
+      let_it_be(:obj) { project }
+
+      it 'returns variables from parent group and ancestors' do
+        expect(resolve_variables.items.to_a).to match_array(inherited_ci_variables)
+      end
+    end
+  end
+end
diff --git a/spec/graphql/types/ci/inherited_ci_variable_type_spec.rb b/spec/graphql/types/ci/inherited_ci_variable_type_spec.rb
new file mode 100644
index 00000000000..daf80ff9978
--- /dev/null
+++ b/spec/graphql/types/ci/inherited_ci_variable_type_spec.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['InheritedCiVariable'], feature_category: :secrets_management do
+  specify do
+    expect(described_class).to have_graphql_fields(
+      :id,
+      :key,
+      :raw,
+      :variable_type,
+      :environment_scope,
+      :masked,
+      :protected,
+      :group_name,
+      :group_ci_cd_settings_path
+    ).at_least
+  end
+end
diff --git a/spec/graphql/types/project_type_spec.rb b/spec/graphql/types/project_type_spec.rb
index 5c2e67ca787..0f980241db3 100644
--- a/spec/graphql/types/project_type_spec.rb
+++ b/spec/graphql/types/project_type_spec.rb
@@ -38,7 +38,7 @@ RSpec.describe GitlabSchema.types['Project'] do
       ci_template timelogs merge_commit_template squash_commit_template work_item_types
       recent_issue_boards ci_config_path_or_default packages_cleanup_policy ci_variables
       timelog_categories fork_targets branch_rules ci_config_variables pipeline_schedules languages
-      incident_management_timeline_event_tags visible_forks
+      incident_management_timeline_event_tags visible_forks inherited_ci_variables
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)
diff --git a/spec/helpers/broadcast_messages_helper_spec.rb b/spec/helpers/broadcast_messages_helper_spec.rb
index 480aeb94876..5d6d404d24d 100644
--- a/spec/helpers/broadcast_messages_helper_spec.rb
+++ b/spec/helpers/broadcast_messages_helper_spec.rb
@@ -141,7 +141,20 @@ RSpec.describe BroadcastMessagesHelper, feature_category: :onboarding do
     subject(:single_broadcast_message) { Gitlab::Json.parse(admin_broadcast_messages_data([message])).first }
 
     it 'returns the expected messages data attributes' do
-      keys = %w[id status preview starts_at ends_at target_roles target_path type edit_path delete_path]
+      keys = %w[
+        id
+        status
+        message
+        theme
+        broadcast_type
+        dismissable
+        starts_at
+        ends_at
+        target_roles
+        target_path
+        type edit_path
+        delete_path
+      ]
 
       expect(single_broadcast_message.keys).to match(keys)
     end
diff --git a/spec/helpers/ide_helper_spec.rb b/spec/helpers/ide_helper_spec.rb
index 4a184f03935..922155abf65 100644
--- a/spec/helpers/ide_helper_spec.rb
+++ b/spec/helpers/ide_helper_spec.rb
@@ -18,7 +18,6 @@ RSpec.describe IdeHelper, feature_category: :web_ide do
 
     let(:base_data) do
       {
-        'can-use-new-web-ide' => 'false',
         'use-new-web-ide' => 'false',
         'user-preferences-path' => profile_preferences_path,
         'sign-in-path' => 'test-sign-in-path',
@@ -98,7 +97,6 @@ RSpec.describe IdeHelper, feature_category: :web_ide do
     context 'with vscode_web_ide=true' do
       let(:base_data) do
         {
-          'can-use-new-web-ide' => 'true',
           'use-new-web-ide' => 'true',
           'user-preferences-path' => profile_preferences_path,
           'sign-in-path' => 'test-sign-in-path',
@@ -121,8 +119,8 @@ RSpec.describe IdeHelper, feature_category: :web_ide do
           .to include(base_data)
       end
 
-      it 'does not use new web ide if user.use_legacy_web_ide' do
-        allow(user).to receive(:use_legacy_web_ide).and_return(true)
+      it 'does not use new web ide if feature flag is disabled' do
+        stub_feature_flags(vscode_web_ide: false)
 
         expect(helper.ide_data(project: nil, fork_info: fork_info, params: params))
           .to include('use-new-web-ide' => 'false')
diff --git a/spec/lib/gitlab/source_spec.rb b/spec/lib/gitlab/source_spec.rb
index c2ecb4dfb85..0b2515baf2b 100644
--- a/spec/lib/gitlab/source_spec.rb
+++ b/spec/lib/gitlab/source_spec.rb
@@ -28,13 +28,19 @@ RSpec.describe Gitlab::Source, feature_category: :shared do
   describe '.release_url' do
     subject(:release_url) { described_class.release_url }
 
+    def release_path
+      Gitlab::Utils.append_path(
+        described_class.send(:host_url),
+        "#{described_class.send(:group)}/#{described_class.send(:project)}")
+    end
+
     context 'when not on a pre-release' do
       before do
         stub_version('15.0.0-ee', 'a123a123')
       end
 
       it 'returns a tag url' do
-        expect(release_url).to match("https://gitlab.com/gitlab-org/gitlab(-foss)?/-/tags/v15.0.0-ee")
+        expect(release_url).to eq("#{release_path}/-/tags/v15.0.0-ee")
       end
     end
 
@@ -44,7 +50,7 @@ RSpec.describe Gitlab::Source, feature_category: :shared do
       end
 
       it 'returns a commit url' do
-        expect(release_url).to match("https://gitlab.com/gitlab-org/gitlab(-foss)?/-/commits/a123a123")
+        expect(release_url).to eq("#{release_path}/-/commits/a123a123")
       end
     end
   end
diff --git a/spec/models/ci/group_variable_spec.rb b/spec/models/ci/group_variable_spec.rb
index 0e249ec528f..a2751b9fb20 100644
--- a/spec/models/ci/group_variable_spec.rb
+++ b/spec/models/ci/group_variable_spec.rb
@@ -65,4 +65,16 @@ RSpec.describe Ci::GroupVariable, feature_category: :secrets_management do
       expect(subject.audit_details).to eq(subject.key)
     end
   end
+
+  describe '#group_name' do
+    it "equals to the name of the group the variable belongs to" do
+      expect(subject.group_name).to eq(subject.group.name)
+    end
+  end
+
+  describe '#group_ci_cd_settings_path' do
+    it "equals to the path of the CI/CD settings of the group the variable belongs to" do
+      expect(subject.group_ci_cd_settings_path).to eq(Gitlab::Routing.url_helpers.group_settings_ci_cd_path(subject.group))
+    end
+  end
 end
diff --git a/spec/models/concerns/issuable_spec.rb b/spec/models/concerns/issuable_spec.rb
index ea6baac455f..de46da4e27b 100644
--- a/spec/models/concerns/issuable_spec.rb
+++ b/spec/models/concerns/issuable_spec.rb
@@ -860,22 +860,16 @@ RSpec.describe Issuable do
     end
   end
 
-  describe '#first_contribution?' do
+  describe '#first_contribution?', feature_category: :code_review_workflow do
     let(:group) { create(:group) }
     let(:project) { create(:project, namespace: group) }
     let(:other_project) { create(:project) }
-    let(:owner) { create(:owner) }
-    let(:maintainer) { create(:user) }
-    let(:reporter) { create(:user) }
     let(:guest) { create(:user) }
 
     let(:contributor) { create(:user) }
     let(:first_time_contributor) { create(:user) }
 
     before do
-      group.add_owner(owner)
-      project.add_maintainer(maintainer)
-      project.add_reporter(reporter)
       project.add_guest(guest)
       project.add_guest(contributor)
       project.add_guest(first_time_contributor)
@@ -886,24 +880,6 @@ RSpec.describe Issuable do
     let(:merged_mr_other_project) { create(:merge_request, :merged, author: first_time_contributor, target_project: other_project, source_project: other_project) }
 
     context "for merge requests" do
-      it "is false for MAINTAINER" do
-        mr = create(:merge_request, author: maintainer, target_project: project, source_project: project)
-
-        expect(mr).not_to be_first_contribution
-      end
-
-      it "is false for OWNER" do
-        mr = create(:merge_request, author: owner, target_project: project, source_project: project)
-
-        expect(mr).not_to be_first_contribution
-      end
-
-      it "is false for REPORTER" do
-        mr = create(:merge_request, author: reporter, target_project: project, source_project: project)
-
-        expect(mr).not_to be_first_contribution
-      end
-
       it "is true when you don't have any merged MR" do
         expect(open_mr).to be_first_contribution
         expect(merged_mr).not_to be_first_contribution
diff --git a/spec/models/concerns/taskable_spec.rb b/spec/models/concerns/taskable_spec.rb
index 20de8995d13..dad0db2d898 100644
--- a/spec/models/concerns/taskable_spec.rb
+++ b/spec/models/concerns/taskable_spec.rb
@@ -27,6 +27,9 @@ RSpec.describe Taskable, feature_category: :team_planning do
 
         + [ ] Narrow no-break space (U+202F)
         + [ ] Thin space (U+2009)
+
+        1. [ ] Numbered 1
+        2) [x] Numbered 2
       MARKDOWN
     end
 
@@ -35,7 +38,9 @@ RSpec.describe Taskable, feature_category: :team_planning do
         TaskList::Item.new('- [ ]', 'First item'),
         TaskList::Item.new('- [x]', 'Second item'),
         TaskList::Item.new('* [x]', 'First item'),
-        TaskList::Item.new('* [ ]', 'Second item')
+        TaskList::Item.new('* [ ]', 'Second item'),
+        TaskList::Item.new('1. [ ]', 'Numbered 1'),
+        TaskList::Item.new('2) [x]', 'Numbered 2')
       ]
     end
 
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index 72420e275c5..a5e68829c5d 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -4647,18 +4647,11 @@ RSpec.describe MergeRequest, factory_default: :keep, feature_category: :code_rev
           .to(false)
       end
 
-      it 'sets first_contribution to false' do
-        subject.mark_as_merged
-
-        expect(subject.state).to eq('merged')
-        expect(subject.first_contribution?).to be_falsey
-      end
-
-      context 'when it is a contribution from a project non-member' do
-        let(:non_member) { create(:user) }
+      context 'when it is a first contribution' do
+        let(:new_user) { create(:user) }
 
         before do
-          subject.update!(author: non_member)
+          subject.update!(author: new_user)
         end
 
         it 'sets first_contribution' do
@@ -4669,7 +4662,7 @@ RSpec.describe MergeRequest, factory_default: :keep, feature_category: :code_rev
         end
 
         it "doesn't set first_contribution not first contribution" do
-          create(:merged_merge_request, author: non_member)
+          create(:merged_merge_request, author: new_user)
 
           subject.mark_as_merged
 
diff --git a/spec/models/namespace_setting_spec.rb b/spec/models/namespace_setting_spec.rb
index e3d389a2a6e..ba0ce7d6f7f 100644
--- a/spec/models/namespace_setting_spec.rb
+++ b/spec/models/namespace_setting_spec.rb
@@ -194,7 +194,7 @@ RSpec.describe NamespaceSetting, feature_category: :subgroups, type: :model do
     context 'when a group has parent groups' do
       let(:grandparent) { create(:group, namespace_settings: settings) }
       let(:parent)      { create(:group, parent: grandparent) }
-      let!(:group) { create(:group, parent: parent) }
+      let!(:group)      { create(:group, parent: parent) }
 
       context "when a parent group has disabled diff previews" do
         let(:settings) { create(:namespace_settings, show_diff_preview_in_email: false) }
@@ -214,61 +214,87 @@ RSpec.describe NamespaceSetting, feature_category: :subgroups, type: :model do
     end
   end
 
-  describe '#runner_registration_enabled?' do
-    context 'when not a subgroup' do
-      let_it_be(:settings) { create(:namespace_settings) }
-      let_it_be(:group) { create(:group, namespace_settings: settings) }
+  context 'runner registration settings' do
+    shared_context 'with runner registration settings changing in hierarchy' do
+      context 'when there are no parents' do
+        let_it_be(:group) { create(:group) }
 
-      before do
-        group.update!(runner_registration_enabled: runner_registration_enabled)
+        it { is_expected.to be_truthy }
+
+        context 'when no group can register runners' do
+          before do
+            stub_application_setting(valid_runner_registrars: [])
+          end
+
+          it { is_expected.to be_falsey }
+        end
       end
 
-      context 'when :runner_registration_enabled is false' do
-        let(:runner_registration_enabled) { false }
+      context 'when there are parents' do
+        let_it_be(:grandparent) { create(:group) }
+        let_it_be(:parent)      { create(:group, parent: grandparent) }
+        let_it_be(:group)       { create(:group, parent: parent) }
 
-        it 'returns false' do
-          expect(group.runner_registration_enabled?).to be_falsey
+        before do
+          grandparent.update!(runner_registration_enabled: grandparent_runner_registration_enabled)
         end
 
-        it 'does not query the db' do
-          expect { group.runner_registration_enabled? }.not_to exceed_query_limit(0)
+        context 'when a parent group has runner registration disabled' do
+          let(:grandparent_runner_registration_enabled) { false }
+
+          it { is_expected.to be_falsey }
         end
-      end
 
-      context 'when :runner_registration_enabled is true' do
-        let(:runner_registration_enabled) { true }
+        context 'when all parent groups have runner registration enabled' do
+          let(:grandparent_runner_registration_enabled) { true }
 
-        it 'returns true' do
-          expect(group.runner_registration_enabled?).to be_truthy
+          it { is_expected.to be_truthy }
         end
       end
     end
 
-    context 'when a group has parent groups' do
-      let_it_be(:grandparent) { create(:group) }
-      let_it_be(:parent)      { create(:group, parent: grandparent) }
-      let_it_be(:group)       { create(:group, parent: parent) }
+    describe '#runner_registration_enabled?' do
+      subject(:group_setting) { group.runner_registration_enabled? }
+
+      let_it_be(:settings) { create(:namespace_settings) }
+      let_it_be(:group) { create(:group, namespace_settings: settings) }
 
       before do
-        grandparent.update!(runner_registration_enabled: runner_registration_enabled)
+        group.update!(runner_registration_enabled: group_runner_registration_enabled)
       end
 
-      context 'when a parent group has runner registration disabled' do
-        let(:runner_registration_enabled) { false }
+      context 'when runner registration is enabled' do
+        let(:group_runner_registration_enabled) { true }
 
-        it 'returns false' do
-          expect(group.runner_registration_enabled?).to be_falsey
-        end
+        it { is_expected.to be_truthy }
+
+        it_behaves_like 'with runner registration settings changing in hierarchy'
       end
 
-      context 'when all parent groups have runner registration enabled' do
-        let(:runner_registration_enabled) { true }
+      context 'when runner registration is disabled' do
+        let(:group_runner_registration_enabled) { false }
 
-        it 'returns true' do
-          expect(group.runner_registration_enabled?).to be_truthy
+        it { is_expected.to be_falsey }
+
+        it 'does not query the db' do
+          expect { group.runner_registration_enabled? }.not_to exceed_query_limit(0)
+        end
+
+        context 'when group runner registration is disallowed' do
+          before do
+            stub_application_setting(valid_runner_registrars: [])
+          end
+
+          it { is_expected.to be_falsey }
         end
       end
     end
+
+    describe '#all_ancestors_have_runner_registration_enabled?' do
+      subject(:group_setting) { group.all_ancestors_have_runner_registration_enabled? }
+
+      it_behaves_like 'with runner registration settings changing in hierarchy'
+    end
   end
 
   describe '#allow_runner_registration_token?' do
diff --git a/spec/models/user_preference_spec.rb b/spec/models/user_preference_spec.rb
index e085ff934b2..1d7ecb724bf 100644
--- a/spec/models/user_preference_spec.rb
+++ b/spec/models/user_preference_spec.rb
@@ -48,13 +48,6 @@ RSpec.describe UserPreference, feature_category: :user_profile do
       end
     end
 
-    describe 'use_legacy_web_ide' do
-      it { is_expected.to allow_value(true).for(:use_legacy_web_ide) }
-      it { is_expected.to allow_value(false).for(:use_legacy_web_ide) }
-      it { is_expected.not_to allow_value(nil).for(:use_legacy_web_ide) }
-      it { is_expected.not_to allow_value("").for(:use_legacy_web_ide) }
-    end
-
     describe 'pass_user_identities_to_ci_jwt' do
       it { is_expected.to allow_value(true).for(:pass_user_identities_to_ci_jwt) }
       it { is_expected.to allow_value(false).for(:pass_user_identities_to_ci_jwt) }
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 8b6e3199529..eaf4ecda635 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -75,9 +75,6 @@ RSpec.describe User, feature_category: :user_profile do
     it { is_expected.to delegate_method(:diffs_addition_color).to(:user_preference) }
     it { is_expected.to delegate_method(:diffs_addition_color=).to(:user_preference).with_arguments(:args) }
 
-    it { is_expected.to delegate_method(:use_legacy_web_ide).to(:user_preference) }
-    it { is_expected.to delegate_method(:use_legacy_web_ide=).to(:user_preference).with_arguments(:args) }
-
     it { is_expected.to delegate_method(:use_new_navigation).to(:user_preference) }
     it { is_expected.to delegate_method(:use_new_navigation=).to(:user_preference).with_arguments(:args) }
 
diff --git a/spec/requests/admin/abuse_reports_controller_spec.rb b/spec/requests/admin/abuse_reports_controller_spec.rb
index ab527ab4df6..0b5aaabaa61 100644
--- a/spec/requests/admin/abuse_reports_controller_spec.rb
+++ b/spec/requests/admin/abuse_reports_controller_spec.rb
@@ -52,4 +52,41 @@ RSpec.describe Admin::AbuseReportsController, type: :request, feature_category:
       expect(assigns(:abuse_report)).to eq report
     end
   end
+
+  describe 'PUT #update' do
+    let(:report) { create(:abuse_report) }
+    let(:params) { { user_action: 'block_user', close: 'true', reason: 'spam', comment: 'obvious spam' } }
+    let(:expected_params) { ActionController::Parameters.new(params).permit! }
+
+    it 'invokes the Admin::AbuseReportUpdateService' do
+      expect_next_instance_of(Admin::AbuseReportUpdateService, report, admin, expected_params) do |service|
+        expect(service).to receive(:execute)
+      end
+
+      put admin_abuse_report_path(report, params)
+    end
+  end
+
+  describe 'DELETE #destroy' do
+    let!(:report) { create(:abuse_report) }
+    let(:params) { {} }
+
+    subject { delete admin_abuse_report_path(report, params) }
+
+    it 'destroys the report' do
+      expect { subject }.to change { AbuseReport.count }.by(-1)
+    end
+
+    context 'when passing the `remove_user` parameter' do
+      let(:params) { { remove_user: true } }
+
+      it 'calls the `remove_user` method' do
+        expect_next_found_instance_of(AbuseReport) do |report|
+          expect(report).to receive(:remove_user).with(deleted_by: admin)
+        end
+
+        subject
+      end
+    end
+  end
 end
diff --git a/spec/requests/api/graphql/ci/inherited_ci_variables_spec.rb b/spec/requests/api/graphql/ci/inherited_ci_variables_spec.rb
new file mode 100644
index 00000000000..3b4014c178c
--- /dev/null
+++ b/spec/requests/api/graphql/ci/inherited_ci_variables_spec.rb
@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Query.project(fullPath).inheritedCiVariables', feature_category: :secrets_management do
+  include GraphqlHelpers
+
+  let_it_be(:user) { create(:user) }
+  let_it_be(:group) { create(:group) }
+  let_it_be(:subgroup) { create(:group, parent: group) }
+  let_it_be(:project) { create(:project, group: subgroup) }
+
+  let(:query) do
+    %(
+      query {
+        project(fullPath: "#{project.full_path}") {
+          inheritedCiVariables {
+            nodes {
+              id
+              key
+              environmentScope
+              groupName
+              groupCiCdSettingsPath
+              masked
+              protected
+              raw
+              variableType
+            }
+          }
+        }
+      }
+    )
+  end
+
+  def create_variables
+    create(:ci_group_variable, group: group)
+    create(:ci_group_variable, group: subgroup)
+  end
+
+  context 'when user is not a project maintainer' do
+    before do
+      project.add_developer(user)
+    end
+
+    it 'returns nothing' do
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('project', 'inheritedCiVariables')).to be_nil
+    end
+  end
+
+  context 'when user is a project maintainer' do
+    before do
+      project.add_maintainer(user)
+    end
+
+    it "returns the project's CI variables inherited from its parent group and ancestors" do
+      group_var = create(:ci_group_variable, group: group, key: 'GROUP_VAR_A',
+        environment_scope: 'production', masked: false, protected: true, raw: true)
+
+      subgroup_var = create(:ci_group_variable, group: subgroup, key: 'SUBGROUP_VAR_B',
+        masked: true, protected: false, raw: false, variable_type: 'file')
+
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('project', 'inheritedCiVariables', 'nodes')).to eq([
+        {
+          'id' => group_var.to_global_id.to_s,
+          'key' => 'GROUP_VAR_A',
+          'environmentScope' => 'production',
+          'groupName' => group.name,
+          'groupCiCdSettingsPath' => group_var.group_ci_cd_settings_path,
+          'masked' => false,
+          'protected' => true,
+          'raw' => true,
+          'variableType' => 'ENV_VAR'
+        },
+        {
+          'id' => subgroup_var.to_global_id.to_s,
+          'key' => 'SUBGROUP_VAR_B',
+          'environmentScope' => '*',
+          'groupName' => subgroup.name,
+          'groupCiCdSettingsPath' => subgroup_var.group_ci_cd_settings_path,
+          'masked' => true,
+          'protected' => false,
+          'raw' => false,
+          'variableType' => 'FILE'
+        }
+      ])
+    end
+
+    it 'avoids N+1 database queries' do
+      create_variables
+
+      baseline = ActiveRecord::QueryRecorder.new do
+        run_with_clean_state(query, context: { current_user: user })
+      end
+
+      create_variables
+
+      multi = ActiveRecord::QueryRecorder.new do
+        run_with_clean_state(query, context: { current_user: user })
+      end
+
+      expect(multi).not_to exceed_query_limit(baseline)
+    end
+  end
+end
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index d705234b616..50e70a9dc0f 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -1426,7 +1426,7 @@ RSpec.describe API::MergeRequests, :aggregate_failures, feature_category: :sourc
       expect(json_response['merge_error']).to eq(merge_request.merge_error)
       expect(json_response['user']['can_merge']).to be_truthy
       expect(json_response).not_to include('rebase_in_progress')
-      expect(json_response['first_contribution']).to be false
+      expect(json_response['first_contribution']).to be true
       expect(json_response['has_conflicts']).to be false
       expect(json_response['blocking_discussions_resolved']).to be_truthy
       expect(json_response['references']['short']).to eq("!#{merge_request.iid}")
diff --git a/spec/requests/api/resource_access_tokens_spec.rb b/spec/requests/api/resource_access_tokens_spec.rb
index 9277fa18219..a13aa48a497 100644
--- a/spec/requests/api/resource_access_tokens_spec.rb
+++ b/spec/requests/api/resource_access_tokens_spec.rb
@@ -468,10 +468,86 @@ RSpec.describe API::ResourceAccessTokens, feature_category: :system_access do
         end
       end
     end
+
+    context "POST #{source_type}s/:id/access_tokens/:token_id/rotate" do
+      let_it_be(:project_bot) { create(:user, :project_bot) }
+      let_it_be(:token) { create(:personal_access_token, user: project_bot) }
+      let_it_be(:resource_id) { resource.id }
+      let_it_be(:token_id) { token.id }
+
+      let(:path) { "/#{source_type}s/#{resource_id}/access_tokens/#{token_id}/rotate" }
+
+      before do
+        resource.add_maintainer(project_bot)
+        resource.add_owner(user)
+      end
+
+      subject(:rotate_token) { post api(path, user) }
+
+      it "allows owner to rotate token", :freeze_time do
+        rotate_token
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response['token']).not_to eq(token.token)
+        expect(json_response['expires_at']).to eq((Date.today + 1.week).to_s)
+      end
+
+      context 'without permission' do
+        it 'returns an error message' do
+          another_user = create(:user)
+          resource.add_developer(another_user)
+
+          post api(path, another_user)
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+
+      context 'when service raises an error' do
+        let(:error_message) { 'boom!' }
+
+        before do
+          allow_next_instance_of(PersonalAccessTokens::RotateService) do |service|
+            allow(service).to receive(:execute).and_return(ServiceResponse.error(message: error_message))
+          end
+        end
+
+        it 'returns the same error message' do
+          rotate_token
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response['message']).to eq("400 Bad request - #{error_message}")
+        end
+      end
+
+      context 'when token does not exist' do
+        let(:invalid_path) { "/#{source_type}s/#{resource_id}/access_tokens/#{non_existing_record_id}/rotate" }
+
+        context 'for non-admin user' do
+          it 'returns unauthorized' do
+            user = create(:user)
+            resource.add_developer(user)
+
+            post api(invalid_path, user)
+
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+
+        context 'for admin user', :enable_admin_mode do
+          it 'returns not found' do
+            admin = create(:admin)
+            post api(invalid_path, admin)
+
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
+      end
+    end
   end
 
   context 'when the resource is a project' do
-    let_it_be(:resource) { create(:project) }
+    let_it_be(:resource) { create(:project, group: create(:group)) }
     let_it_be(:other_resource) { create(:project) }
     let_it_be(:unknown_resource) { create(:project) }
 
diff --git a/spec/requests/ide_controller_spec.rb b/spec/requests/ide_controller_spec.rb
index f7913b58aa3..fe7210e4372 100644
--- a/spec/requests/ide_controller_spec.rb
+++ b/spec/requests/ide_controller_spec.rb
@@ -169,17 +169,14 @@ RSpec.describe IdeController, feature_category: :web_ide do
 
       # This indirectly tests that `minimal: true` was passed to the fullscreen layout
       describe 'layout' do
-        where(:ff_state, :use_legacy_web_ide, :expect_top_nav) do
-          false | false | true
-          false | true  | true
-          true  | true  | true
-          true  | false | false
+        where(:ff_state, :expect_top_nav) do
+          false | true
+          true  | false
         end
 
         with_them do
           before do
             stub_feature_flags(vscode_web_ide: ff_state)
-            allow(user).to receive(:use_legacy_web_ide).and_return(use_legacy_web_ide)
 
             subject
           end
diff --git a/spec/requests/projects/metrics_dashboard_spec.rb b/spec/requests/projects/metrics_dashboard_spec.rb
index 01925f8345b..d0181275927 100644
--- a/spec/requests/projects/metrics_dashboard_spec.rb
+++ b/spec/requests/projects/metrics_dashboard_spec.rb
@@ -11,6 +11,7 @@ RSpec.describe 'Projects::MetricsDashboardController', feature_category: :metric
   before do
     project.add_developer(user)
     login_as(user)
+    stub_feature_flags(remove_monitor_metrics: false)
   end
 
   describe 'GET /:namespace/:project/-/metrics' do
@@ -37,6 +38,17 @@ RSpec.describe 'Projects::MetricsDashboardController', feature_category: :metric
       expect(response).to redirect_to(dashboard_route(params.merge(environment: environment.id)))
     end
 
+    context 'with remove_monitor_metrics returning true' do
+      before do
+        stub_feature_flags(remove_monitor_metrics: true)
+      end
+
+      it 'renders 404 page' do
+        send_request
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
     context 'with anonymous user and public dashboard visibility' do
       let(:anonymous_user) { create(:user) }
       let(:project) do
diff --git a/spec/services/admin/abuse_report_update_service_spec.rb b/spec/services/admin/abuse_report_update_service_spec.rb
new file mode 100644
index 00000000000..e85b516b87f
--- /dev/null
+++ b/spec/services/admin/abuse_report_update_service_spec.rb
@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Admin::AbuseReportUpdateService, feature_category: :instance_resiliency do
+  let_it_be_with_reload(:abuse_report) { create(:abuse_report) }
+  let(:action) { 'ban_user' }
+  let(:close) { true }
+  let(:reason) { 'spam' }
+  let(:params) { { user_action: action, close: close, reason: reason, comment: 'obvious spam' } }
+  let_it_be(:admin) { create(:admin) }
+
+  let(:service) { described_class.new(abuse_report, admin, params) }
+
+  describe '#execute', :enable_admin_mode do
+    subject { service.execute }
+
+    shared_examples 'returns an error response' do |error|
+      it 'returns an error response' do
+        expect(subject.status).to eq :error
+        expect(subject.message).to eq error
+      end
+    end
+
+    shared_examples 'closes the report' do
+      it 'closes the report' do
+        expect { subject }.to change { abuse_report.closed? }.from(false).to(true)
+      end
+    end
+
+    shared_examples 'does not close the report' do
+      it 'does not close the report' do
+        subject
+        expect(abuse_report.closed?).to be(false)
+      end
+    end
+
+    shared_examples 'does not record an event' do
+      it 'does not record an event' do
+        expect { subject }.not_to change { abuse_report.events.count }
+      end
+    end
+
+    shared_examples 'records an event' do |action:|
+      it 'records the event', :aggregate_failures do
+        expect { subject }.to change { abuse_report.events.count }.by(1)
+
+        expect(abuse_report.events.last).to have_attributes(
+          action: action,
+          user: admin,
+          reason: reason,
+          comment: params[:comment]
+        )
+      end
+    end
+
+    context 'when invalid parameters are given' do
+      describe 'invalid user' do
+        describe 'when no user is given' do
+          let_it_be(:admin) { nil }
+
+          it_behaves_like 'returns an error response', 'Admin is required'
+        end
+
+        describe 'when given user is no admin' do
+          let_it_be(:admin) { create(:user) }
+
+          it_behaves_like 'returns an error response', 'Admin is required'
+        end
+      end
+
+      describe 'invalid action' do
+        describe 'when no action is given' do
+          let(:action) { '' }
+          let(:close) { 'false' }
+
+          it_behaves_like 'returns an error response', 'Action is required'
+        end
+
+        describe 'when unknown action is given' do
+          let(:action) { 'unknown' }
+          let(:close) { 'false' }
+
+          it_behaves_like 'returns an error response', 'Action is required'
+        end
+      end
+
+      describe 'invalid reason' do
+        let(:reason) { '' }
+
+        it 'sets the reason to `other`' do
+          subject
+
+          expect(abuse_report.events.last).to have_attributes(reason: 'other')
+        end
+      end
+    end
+
+    describe 'when banning the user' do
+      it 'calls the Users::BanService' do
+        expect_next_instance_of(Users::BanService, admin) do |service|
+          expect(service).to receive(:execute).with(abuse_report.user).and_return(status: :success)
+        end
+
+        subject
+      end
+
+      context 'when closing the report' do
+        it_behaves_like 'closes the report'
+        it_behaves_like 'records an event', action: 'ban_user_and_close_report'
+      end
+
+      context 'when not closing the report' do
+        let(:close) { 'false' }
+
+        it_behaves_like 'does not close the report'
+        it_behaves_like 'records an event', action: 'ban_user'
+      end
+
+      context 'when banning the user fails' do
+        before do
+          allow_next_instance_of(Users::BanService, admin) do |service|
+            allow(service).to receive(:execute).with(abuse_report.user)
+              .and_return(status: :error, message: 'Banning the user failed')
+          end
+        end
+
+        it_behaves_like 'returns an error response', 'Banning the user failed'
+        it_behaves_like 'does not close the report'
+        it_behaves_like 'does not record an event'
+      end
+    end
+
+    describe 'when blocking the user' do
+      let(:action) { 'block_user' }
+
+      it 'calls the Users::BlockService' do
+        expect_next_instance_of(Users::BlockService, admin) do |service|
+          expect(service).to receive(:execute).with(abuse_report.user).and_return(status: :success)
+        end
+
+        subject
+      end
+
+      context 'when closing the report' do
+        it_behaves_like 'closes the report'
+        it_behaves_like 'records an event', action: 'block_user_and_close_report'
+      end
+
+      context 'when not closing the report' do
+        let(:close) { 'false' }
+
+        it_behaves_like 'does not close the report'
+        it_behaves_like 'records an event', action: 'block_user'
+      end
+
+      context 'when blocking the user fails' do
+        before do
+          allow_next_instance_of(Users::BlockService, admin) do |service|
+            allow(service).to receive(:execute).with(abuse_report.user)
+              .and_return(status: :error, message: 'Blocking the user failed')
+          end
+        end
+
+        it_behaves_like 'returns an error response', 'Blocking the user failed'
+        it_behaves_like 'does not close the report'
+        it_behaves_like 'does not record an event'
+      end
+    end
+
+    describe 'when deleting the user' do
+      let(:action) { 'delete_user' }
+
+      it 'calls the delete_async method' do
+        expect(abuse_report.user).to receive(:delete_async).with(deleted_by: admin)
+        subject
+      end
+
+      context 'when closing the report' do
+        it_behaves_like 'closes the report'
+        it_behaves_like 'records an event', action: 'delete_user_and_close_report'
+      end
+
+      context 'when not closing the report' do
+        let(:close) { 'false' }
+
+        it_behaves_like 'does not close the report'
+        it_behaves_like 'records an event', action: 'delete_user'
+      end
+    end
+
+    describe 'when only closing the report' do
+      let(:action) { '' }
+
+      it_behaves_like 'closes the report'
+      it_behaves_like 'records an event', action: 'close_report'
+    end
+  end
+end
diff --git a/spec/services/task_list_toggle_service_spec.rb b/spec/services/task_list_toggle_service_spec.rb
index b0444a5ba72..5d55c1ca8de 100644
--- a/spec/services/task_list_toggle_service_spec.rb
+++ b/spec/services/task_list_toggle_service_spec.rb
@@ -18,6 +18,8 @@ RSpec.describe TaskListToggleService, feature_category: :team_planning do
         with an embedded paragraph
 
       + [ ] No-break space (U+00A0)
+
+      2) [ ] Another item
     EOT
   end
 
@@ -53,6 +55,11 @@ RSpec.describe TaskListToggleService, feature_category: :team_planning do
           <input type="checkbox" class="task-list-item-checkbox" disabled=""> No-break space (U+00A0)
         </li>
       </ul>
+      <ol start="2" data-sourcepos="15:1-15:19" class="task-list" dir="auto">
+        <li data-sourcepos="15:1-15:19" class="task-list-item">
+          <input type="checkbox" class="task-list-item-checkbox" disabled> Another item
+        </li>
+      </ol>
     EOT
   end
 
@@ -92,10 +99,20 @@ RSpec.describe TaskListToggleService, feature_category: :team_planning do
                                   line_source: '+ [ ] No-break space (U+00A0)', line_number: 13)
 
     expect(toggler.execute).to be_truthy
-    expect(toggler.updated_markdown.lines[12]).to eq "+ [x] No-break space (U+00A0)"
+    expect(toggler.updated_markdown.lines[12]).to eq "+ [x] No-break space (U+00A0)\n"
     expect(toggler.updated_markdown_html).to include('disabled checked> No-break space (U+00A0)')
   end
 
+  it 'checks Another item' do
+    toggler = described_class.new(markdown, markdown_html,
+                                  toggle_as_checked: true,
+                                  line_source: '2) [ ] Another item', line_number: 15)
+
+    expect(toggler.execute).to be_truthy
+    expect(toggler.updated_markdown.lines[14]).to eq "2) [x] Another item"
+    expect(toggler.updated_markdown_html).to include('disabled checked> Another item')
+  end
+
   it 'returns false if line_source does not match the text' do
     toggler = described_class.new(markdown, markdown_html,
                                   toggle_as_checked: false,
diff --git a/spec/views/admin/groups/_form.html.haml_spec.rb b/spec/views/admin/groups/_form.html.haml_spec.rb
new file mode 100644
index 00000000000..87929571a84
--- /dev/null
+++ b/spec/views/admin/groups/_form.html.haml_spec.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'admin/groups/_form', feature_category: :subgroups do
+  using RSpec::Parameterized::TableSyntax
+
+  let_it_be(:admin) { build(:user, :admin) }
+  let_it_be(:group) { build(:group, namespace_settings: build(:namespace_settings)) }
+
+  before do
+    allow(view).to receive(:current_user).and_return(admin)
+    allow(view).to receive(:visibility_level).and_return(group.visibility_level)
+    assign(:group, group)
+  end
+
+  describe 'group runner registration setting' do
+    where(:runner_registration_enabled, :valid_runner_registrars, :checked, :disabled) do
+      true  | ['group']   | true  | false
+      false | ['group']   | false | false
+      false | ['project'] | false | true
+    end
+
+    with_them do
+      before do
+        allow(group).to receive(:runner_registration_enabled?).and_return(runner_registration_enabled)
+        stub_application_setting(valid_runner_registrars: valid_runner_registrars)
+      end
+
+      it 'renders the checkbox correctly' do
+        render
+
+        expect(rendered).to have_field(
+          'New group runners can be registered',
+          type: 'checkbox',
+          checked: checked,
+          disabled: disabled
+        )
+      end
+    end
+  end
+end
diff --git a/spec/views/help/index.html.haml_spec.rb b/spec/views/help/index.html.haml_spec.rb
index 73f1afd17dc..f530e6a8f8d 100644
--- a/spec/views/help/index.html.haml_spec.rb
+++ b/spec/views/help/index.html.haml_spec.rb
@@ -21,10 +21,6 @@ RSpec.describe 'help/index' do
     end
 
     context 'when logged in' do
-      def version_link_regexp(path)
-        %r{#{Regexp.escape(Gitlab::Saas.com_url)}/gitlab-org/(gitlab|gitlab-foss)/#{Regexp.escape(path)}}
-      end
-
       before do
         stub_user
       end
@@ -35,7 +31,7 @@ RSpec.describe 'help/index' do
         render
 
         expect(rendered).to match '8.0.2'
-        expect(rendered).to have_link('8.0.2', href: version_link_regexp('-/tags/v8.0.2'))
+        expect(rendered).to have_link('8.0.2', href: Gitlab::Source.release_url)
       end
 
       it 'shows a link to the commit for pre-releases' do
@@ -44,7 +40,7 @@ RSpec.describe 'help/index' do
         render
 
         expect(rendered).to match '8.0.2'
-        expect(rendered).to have_link('abcdefg', href: version_link_regexp('-/commits/abcdefg'))
+        expect(rendered).to have_link('abcdefg', href: Gitlab::Source.release_url)
       end
     end
   end
diff --git a/yarn.lock b/yarn.lock
index 3dda2e7cfbf..8334f3ac32d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1005,10 +1005,10 @@
   resolved "https://registry.yarnpkg.com/@csstools/selector-specificity/-/selector-specificity-2.0.1.tgz#b6b8d81780b9a9f6459f4bfe9226ac6aefaefe87"
   integrity sha512-aG20vknL4/YjQF9BSV7ts4EWm/yrjagAN7OWBNmlbEOUiu0llj4OGrFoOKK3g2vey4/p2omKCoHrWtPxSwV3HA==
 
-"@cubejs-client/core@^0.32.30":
-  version "0.32.30"
-  resolved "https://registry.yarnpkg.com/@cubejs-client/core/-/core-0.32.30.tgz#40bad1199635363a82a1a5e9f4718a67f2fe4f59"
-  integrity sha512-Lb5qBHIrpp9LpqFVgaOpVInVNZd77Cj452jbGl0hiZVDw+0CErzkqTOrjZ1lBRdKiYqHdYoHU2ZVzg95vNKnPw==
+"@cubejs-client/core@^0.33.0":
+  version "0.33.0"
+  resolved "https://registry.yarnpkg.com/@cubejs-client/core/-/core-0.33.0.tgz#f6edd051e75cd104ae0e7ceae36244ee5d391485"
+  integrity sha512-481ENJFSYnq4cg2Z6VcTn0U6YKLSF4akMmLh8Pt8df2s8WTBXro0AamuINHYOhCfzmvPYl7e26x+wMYGG1ubMA==
   dependencies:
     "@babel/runtime" "^7.1.2"
     core-js "^3.6.5"
@@ -1018,12 +1018,12 @@
     url-search-params-polyfill "^7.0.0"
     uuid "^8.3.2"
 
-"@cubejs-client/vue@^0.32.30":
-  version "0.32.30"
-  resolved "https://registry.yarnpkg.com/@cubejs-client/vue/-/vue-0.32.30.tgz#a192350a8eed901bff4f6311abf7016dcb66d0b4"
-  integrity sha512-AaJR3ZP25/NMKXpSlJaOa7FY4VK5UO7BNyV3sp5wKNhNmyDU+gC8diPVISDp5b7usL8EF4ZKxHHDNEbKrsaKUA==
+"@cubejs-client/vue@^0.33.0":
+  version "0.33.0"
+  resolved "https://registry.yarnpkg.com/@cubejs-client/vue/-/vue-0.33.0.tgz#57ed9a5466de912f8176acad022d36e33d0f49fd"
+  integrity sha512-WPX2zQn5hYLwV0y3DaQy67AqOuRc0hA9taMFP9N6/cO3+N2DOg77ocRwgDt0/KmYRkaq4D37w87I9whAbocgtQ==
   dependencies:
-    "@cubejs-client/core" "^0.32.30"
+    "@cubejs-client/core" "^0.33.0"
     core-js "^3.6.5"
     ramda "^0.27.2"
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-10 16:46:51 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-10 16:46:51 +0000
commit	04ac4180cb5ba0df460034c7e64862056fd498b3 (patch)
tree	ca5267d12fa2aab80c1c35593b96c8cfceaa747b
parent	4e9ceea7f8ff3e097ad45f6f54c1b7165248e848 (diff)
download	gitlab-ce-04ac4180cb5ba0df460034c7e64862056fd498b3.tar.gz