From 2ed66de8a0d11eea8d75e0d7df60a021a24d0c4d Mon Sep 17 00:00:00 2001
From: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Date: Tue, 14 Jan 2025 21:48:24 +0000
Subject: [PATCH 01/14] Update VERSION files

[merge-train skip]
---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index a905a35c8a7e74..efb1f29c48fd98 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-17.8.0-pre
\ No newline at end of file
+17.8.0-rc42-ee
\ No newline at end of file
-- 
GitLab


From 927a83d0f58bbd04af482f0f5d84a6c8eeb9c066 Mon Sep 17 00:00:00 2001
From: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Date: Wed, 15 Jan 2025 09:47:06 +0000
Subject: [PATCH 02/14] Update managed components version to 17.8.0

[ci skip]
---
 GITALY_SERVER_VERSION | 2 +-
 GITLAB_KAS_VERSION    | 2 +-
 GITLAB_PAGES_VERSION  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index cff93f42cf7d6a..4e13374707906b 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-910eed4ca9f4a5175336d3e543b34244e830f599
+17.8.0
\ No newline at end of file
diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION
index 0560ea82879f52..4e13374707906b 100644
--- a/GITLAB_KAS_VERSION
+++ b/GITLAB_KAS_VERSION
@@ -1 +1 @@
-9f6b60a00d85240eec76d6a6f9a4511686f80e78
+17.8.0
\ No newline at end of file
diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION
index 0439dd77735b28..4e13374707906b 100644
--- a/GITLAB_PAGES_VERSION
+++ b/GITLAB_PAGES_VERSION
@@ -1 +1 @@
-45d5c77a77939f051b23b2052bb171d6314bb8e5
+17.8.0
\ No newline at end of file
-- 
GitLab


From 5f11b1d52b72613ff7279ab544bd8dd7bec85f71 Mon Sep 17 00:00:00 2001
From: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Date: Wed, 15 Jan 2025 09:47:12 +0000
Subject: [PATCH 03/14] Update changelog for 17.8.0

[ci skip]
---
 CHANGELOG.md | 456 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 456 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19ec0adb7328fe..2288e3126396e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,462 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 17.8.0 (2025-01-15)
+
+### Added (127 changes)
+
+- [Add more specs for most_recent_commit_sha method](https://gitlab.com/gitlab-org/gitlab/-/commit/12172c6fcc8ca1b7b77acaab3d0d3ce508a8a1f2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176467)) **GitLab Enterprise Edition**
+- [Update runners owned by non-existent projects](https://gitlab.com/gitlab-org/gitlab/-/commit/804d81dc1ab1d576b6c27168a1e0d7c82fddfcd0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177271))
+- [Delete orphaned project runners when project is deleted](https://gitlab.com/gitlab-org/gitlab/-/commit/a78c44336335a6f7e3f156bbda44bbee6f06739e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176879))
+- [Allow configuring "auto_stop_setting" through graphql](https://gitlab.com/gitlab-org/gitlab/-/commit/369ad4b24d91cb8a4eaf613a53e44f01fe7c42c7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176083))
+- [Create GraphQL query for the pages settings](https://gitlab.com/gitlab-org/gitlab/-/commit/2d64cec39dccdd31ceb3d78409b6d76bcaccba36) by @antonkalmykov ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169835))
+- [Add elastic client to active context gem](https://gitlab.com/gitlab-org/gitlab/-/commit/8cb64dfa3f2a6dd172b6cbd92a1d22f6a70c038d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176973)) **GitLab Enterprise Edition**
+- [Save branch name of code suggestion events](https://gitlab.com/gitlab-org/gitlab/-/commit/a24f245be6492d3fb3ca153b571d4a193035983f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176389)) **GitLab Enterprise Edition**
+- [Release protected pypi packages feature](https://gitlab.com/gitlab-org/gitlab/-/commit/ce95ef89875fbd7b4ee54a7b0ad7ad14e64a5e98) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177096))
+- [Model experiments: Add href to CI Job](https://gitlab.com/gitlab-org/gitlab/-/commit/59fc8c9973c5ede619bf2c3a7b5788585d10e388) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177710))
+- [Add graphql field ai_xray_reports to ProjectType](https://gitlab.com/gitlab-org/gitlab/-/commit/1a563af4a1ca22fa4cef9f54e0e7590bc33167f9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176901))
+- [Add LinkedResources work item widget placeholder](https://gitlab.com/gitlab-org/gitlab/-/commit/03da3ff54eec1262503bfd43c2f8504ec9b714c0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177508))
+- [Add ability to add related item for work items](https://gitlab.com/gitlab-org/gitlab/-/commit/68147984bf315d22883e61fdec6b0c7dde9876ef) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176169))
+- [Create siphon ClickHouse table for projects](https://gitlab.com/gitlab-org/gitlab/-/commit/cb4845306917c82ca1d2dcca50863a149dbe2cae) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177486))
+- [Add Rest and GraphQL API to configure scheduled merge](https://gitlab.com/gitlab-org/gitlab/-/commit/7cfd279b88758ae09abd783e473feb229ec01693) by @Taucher2003 ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177300))
+- [Promote runs in a model's experiments to a model version](https://gitlab.com/gitlab-org/gitlab/-/commit/ba293bdcd29f6be9b4cd70e934adc30db76269f2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177110))
+- [Allow users to configure skip_ci for pipeline execution policies](https://gitlab.com/gitlab-org/gitlab/-/commit/e1da67076029b7bce6e06099da80bdd9c9f0085d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177394)) **GitLab Enterprise Edition**
+- [Add indices for sharding_key_id for runners and runner managers](https://gitlab.com/gitlab-org/gitlab/-/commit/4ae5548552345ef788ad95bce89037f89816c39f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176865))
+- [Release protected container repositories feature](https://gitlab.com/gitlab-org/gitlab/-/commit/794937eea2cc3e9bea794d7edde61e1c0c8fdcaa) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173811))
+- [Add resolve MR discussion arguments to create work item mutation](https://gitlab.com/gitlab-org/gitlab/-/commit/20d3bf017c1af78bdb40b98dfbcb2786502d189a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177211))
+- [Add directory or file name with icon](https://gitlab.com/gitlab-org/gitlab/-/commit/916cf3e2856bc818e15482bb1fb351c014cac568) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177261))
+- [Adds workflows_definition to Duo Workflow](https://gitlab.com/gitlab-org/gitlab/-/commit/651b3faceb9296c49c0787b38ae03561b7dba05a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176266)) **GitLab Enterprise Edition**
+- [Allow filtering tokens by before and after expires at](https://gitlab.com/gitlab-org/gitlab/-/commit/284d6005e973048ce2b1577ad1c6eb9b192dc1b9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176996))
+- [Adds bso instrumentation metric](https://gitlab.com/gitlab-org/gitlab/-/commit/1ab0ff584629d2c39c169e607fb769c3248cf62a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177262)) **GitLab Enterprise Edition**
+- [Update runner taggings owned by non-existing projects](https://gitlab.com/gitlab-org/gitlab/-/commit/f9e9740a37ec25fdd28f6aaa2a0a0424b579f903) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177453))
+- [Update runner managers owned by non-existing projects](https://gitlab.com/gitlab-org/gitlab/-/commit/5240af72f0d253320dad4de85f8b1820786d0562) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177423))
+- [Mock Api for custom statuses](https://gitlab.com/gitlab-org/gitlab/-/commit/1ec52b6baacd07710423764949e8c240f6be547a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176843)) **GitLab Enterprise Edition**
+- [Surface user.type to frontend](https://gitlab.com/gitlab-org/gitlab/-/commit/054cb968685487f728481e995e00871ef9672432) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175972))
+- [Remove use_list_commits_rpc_network_graph feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/4a638bc7cfab46736cad21ccf8b6494f55bda109) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177373))
+- [Add support in UI to select Pages primary domain](https://gitlab.com/gitlab-org/gitlab/-/commit/b8eba5f91ab2cfa56f0aa39a00e0484485fa126d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176699))
+- [Model experiments: Improve candidate table](https://gitlab.com/gitlab-org/gitlab/-/commit/dd5da6033c717c8f8fa1abc874eca7ac73bddac4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176099))
+- [Add Restricted Access option to Seat Controls](https://gitlab.com/gitlab-org/gitlab/-/commit/c784016c9f1d2924ccc8536b5868882e05c81d89) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175705)) **GitLab Enterprise Edition**
+- [Add linkedWorkItems field to EpicType](https://gitlab.com/gitlab-org/gitlab/-/commit/36b8d5bf970e0c4805b25b12e3f95cdc1b1e1a20) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177097)) **GitLab Enterprise Edition**
+- [Use legacy destination helper in legacy destination create APIs](https://gitlab.com/gitlab-org/gitlab/-/commit/e41835e675afad567a6c7cff57d12c93e33bff15) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175753)) **GitLab Enterprise Edition**
+- [Add xray context to /refactor](https://gitlab.com/gitlab-org/gitlab/-/commit/f1d5eda1204b3402757964fd9cb50e50934b5bd1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173750)) **GitLab Enterprise Edition**
+- [Add optional variables for passing on to CI](https://gitlab.com/gitlab-org/gitlab/-/commit/43302ca2aea99ba03e1f501ee78f121c05b609cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177026)) **GitLab Enterprise Edition**
+- [Group level support for dropdown API](https://gitlab.com/gitlab-org/gitlab/-/commit/b9e8335618948f9e471650f4857380b1c7ff9e64) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175902)) **GitLab Enterprise Edition**
+- [Enable group-level vulnerability management policies by default](https://gitlab.com/gitlab-org/gitlab/-/commit/5857afaaf061217e83648bb2f220cdc6a46f0049) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177228)) **GitLab Enterprise Edition**
+- [Update GitLab Pages version](https://gitlab.com/gitlab-org/gitlab/-/commit/3278b6c4e7ee89f1ab64c1a76e0c8411aacdd249) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177213))
+- [Full support for Vulnerability Webhook events](https://gitlab.com/gitlab-org/gitlab/-/commit/1a36642693f7abedf61e1a1b082a708e6faaa6be) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176064)) **GitLab Enterprise Edition**
+- [Remove amazon_q_integration feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/effde0dc90e9accf7fbcee6d25fa75773bfa0791) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177196))
+- [Search in accessible deploy keys](https://gitlab.com/gitlab-org/gitlab/-/commit/2a24e17deec63d2d9f9f2fd149241e99f262a0c1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176538))
+- [Model experiments: Add copy button to MLflow usage](https://gitlab.com/gitlab-org/gitlab/-/commit/9cc8565d80140f4ba12d716b3d5950be320b9be1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176037))
+- [Model experiments: Add experiment id](https://gitlab.com/gitlab-org/gitlab/-/commit/998afb6a4e142ec30c394237103fe61029c8fed2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177119))
+- [Add linkedWorkItems field to EpicType](https://gitlab.com/gitlab-org/gitlab/-/commit/ebec8b8de0790492679ae32695e694ecaefa1bcd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177116)) **GitLab Enterprise Edition**
+- [Model experiments: Add creator to candidates table](https://gitlab.com/gitlab-org/gitlab/-/commit/2631c30f7244a381b39356c2f7b39280ef06090f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176121))
+- [Adding project control status table](https://gitlab.com/gitlab-org/gitlab/-/commit/ef78b3c2d2c6a19d95828ad83ba64ba7c32c0264) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176581)) **GitLab Enterprise Edition**
+- [Model experiments: Add creator field to candidates type](https://gitlab.com/gitlab-org/gitlab/-/commit/f347666c05b01d650172c031e55459060b0ab192) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177073))
+- [Add retry_duo_workflow_execution event](https://gitlab.com/gitlab-org/gitlab/-/commit/37e847fa45ba298059a97a46df58a588741cb895) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177070)) **GitLab Enterprise Edition**
+- [Model experiments: Add Experiments to GraphQL](https://gitlab.com/gitlab-org/gitlab/-/commit/bb25ee1fcc2a5ada1e018f4746576128b92521d4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175815))
+- [Added destroy requested changes GraphQL mutation](https://gitlab.com/gitlab-org/gitlab/-/commit/f8b808fc0a86354d7f059ac7aa5a76741f95145f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176363)) **GitLab Enterprise Edition**
+- [Sync index for p_ci_pipelines.trigger_id](https://gitlab.com/gitlab-org/gitlab/-/commit/a3ab66164f942f5b75b7488a9970ab74d0260d6b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175213))
+- [Add CUD endpoints for tag protection rule](https://gitlab.com/gitlab-org/gitlab/-/commit/492be0979e6ebdea14e83391e6a6b00aefba9f4e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175736))
+- [Introduce lazy loading of projects list in framework drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/277ec524094270497316264c03f7c1ca1bfe547d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175197)) **GitLab Enterprise Edition**
+- [Add skip ci configuration](https://gitlab.com/gitlab-org/gitlab/-/commit/a3872d7eae9bea5728f798676d810e5688852f16) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176523)) **GitLab Enterprise Edition**
+- [Add optional variables to dast_site_profiles table](https://gitlab.com/gitlab-org/gitlab/-/commit/2d60326719cf0cfe87242b41ee384f066ad9a846) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175476)) **GitLab Enterprise Edition**
+- [Helper method for legacy audit event destinations graphql create](https://gitlab.com/gitlab-org/gitlab/-/commit/30c134a30592562a655dfa0d2851e20033125c49) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175628)) **GitLab Enterprise Edition**
+- [Helper method for audit event destinations graphql create](https://gitlab.com/gitlab-org/gitlab/-/commit/91bade77a232e4a7e25ceec894054995b7a95c6a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173752)) **GitLab Enterprise Edition**
+- [Create v2 enpoints and add feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/dabbf89307bc51bfc77cd851e263ade3f88e4e2b) by @ScanianJP ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/165034))
+- [Link user_destroyed event for user provisioned by group to the group](https://gitlab.com/gitlab-org/gitlab/-/commit/7ca8e4bfed2efc57a262c8ad19e8926c174b55ef) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176405)) **GitLab Enterprise Edition**
+- [Remove log_advanced_search_cluster_health_elastic flag](https://gitlab.com/gitlab-org/gitlab/-/commit/79590ee3215f2def69bf1d6e52999aaae2873f3a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177076)) **GitLab Enterprise Edition**
+- [Add skip ci configuration to a policy drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/a09baa682f840942f6753c3c950f15697739f00e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176616)) **GitLab Enterprise Edition**
+- [Add licenses to scan_result_policies](https://gitlab.com/gitlab-org/gitlab/-/commit/3d533069346897fd4d4c6488f4e1ab02e6fda3a3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176715)) **GitLab Enterprise Edition**
+- [GraphQL: add TagCreate mutation](https://gitlab.com/gitlab-org/gitlab/-/commit/9f592e98a4c9c47105273c43009ac469391446a3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175833))
+- [Update policy schema to support package exclusion](https://gitlab.com/gitlab-org/gitlab/-/commit/7038d8b9d88afa2e61cf7178a52f27012337f00c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176433)) **GitLab Enterprise Edition**
+- [Delete orphaned ci_runner_projects records](https://gitlab.com/gitlab-org/gitlab/-/commit/d319bae2246e991c0c7abcca80c46120c90f5b09) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176676))
+- [Add an audit event for user provisioning by group SCIM](https://gitlab.com/gitlab-org/gitlab/-/commit/b224928751954887e24552dea819c3a62b7ca169) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174040)) **GitLab Enterprise Edition**
+- [Reorganise project-level packages and registries settings](https://gitlab.com/gitlab-org/gitlab/-/commit/cb82e5ebef1d1e4f2bb1605a703accb32fe30841) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176343))
+- [Added merge request requested changes to the merge request GraphQL type](https://gitlab.com/gitlab-org/gitlab/-/commit/f79b3606d62680ab7d7ef9608e4c30591d764ed3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176300))
+- [Enable third-party UCM flags by default](https://gitlab.com/gitlab-org/gitlab/-/commit/b381a70264f81842fa48112e540c5289e490fad4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176675))
+- [Set gh user mapping ff to true](https://gitlab.com/gitlab-org/gitlab/-/commit/c52246f6f097060bf2fdc5c52378958a2a5cfdb1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176633))
+- [Update loading state of create merge request button](https://gitlab.com/gitlab-org/gitlab/-/commit/e89f8643e23c4bfcf0bd1be7e28f000d77d66501) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176481))
+- [Show title suggestions to project work items](https://gitlab.com/gitlab-org/gitlab/-/commit/5cc74f8a8e52f8281e430621451aaefff290398a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176455))
+- [Add new table subcsrption_provision_syncs](https://gitlab.com/gitlab-org/gitlab/-/commit/dcb7051432bfa43cae676a76f8c04dda739bc586) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176606)) **GitLab Enterprise Edition**
+- [Automatically enable group hierarchy optimization](https://gitlab.com/gitlab-org/gitlab/-/commit/25d6eb5f54ef2cbf2b83c900ea42a7e0de852221) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176648))
+- [Fix policies update MR blocked](https://gitlab.com/gitlab-org/gitlab/-/commit/dc144264209fbc0422a9a2d41613145ef1a4a319) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176608)) **GitLab Enterprise Edition**
+- [Expose `move_design` policy in GraphQL permission type](https://gitlab.com/gitlab-org/gitlab/-/commit/fc4abdf1ccadc41a9286422966126a3aaef2780f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176542))
+- [Adding tables and models for requirement controls](https://gitlab.com/gitlab-org/gitlab/-/commit/5ede88ea8d4a6299ab0a6debd2521a5e9e2290e4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175812)) **GitLab Enterprise Edition**
+- [Log all AI Gateway responses related to Amazon Q](https://gitlab.com/gitlab-org/gitlab/-/commit/90c36b09f7f143abf7b0d840136c7e14d93d879a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176548))
+- [Expose EPSS and KEV in finding entity](https://gitlab.com/gitlab-org/gitlab/-/commit/585fa176ec99ccaccd94de6e8975dd99a539a59e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175792)) **GitLab Enterprise Edition**
+- [Remove track_member_activity feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/314c13081b1c421eed21b4f168503d04b364d1bd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176480))
+- [Remove epic_and_work_item_associations_unification ff](https://gitlab.com/gitlab-org/gitlab/-/commit/6d915390b0b9e1842d7ceba97af2db1ac7f76f65) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170264)) **GitLab Enterprise Edition**
+- [Show modal when updating with pipeline](https://gitlab.com/gitlab-org/gitlab/-/commit/18651dfefffe31a7855deb28dc5774361c2ab13c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173584)) **GitLab Enterprise Edition**
+- [Add API endpoints and services for Account Ownership Verification PIN](https://gitlab.com/gitlab-org/gitlab/-/commit/1f436f665766f88e87ebf24893cc5000cf16ac4a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175040))
+- [Add read compliance dashboard as a custom ability](https://gitlab.com/gitlab-org/gitlab/-/commit/5c754f867624f9629735a9af190de40a287e7d49) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175066)) **GitLab Enterprise Edition**
+- [Add Amazon Q system note support](https://gitlab.com/gitlab-org/gitlab/-/commit/72e510361ea5f54702be76e4bdf087bb3c0555ab) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176413))
+- [Add `async` arg to `PipelineCreate` mutation](https://gitlab.com/gitlab-org/gitlab/-/commit/e608229d005ddc6bc8011fe2a6c780c89c50bf7c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174577))
+- [Add quick actions messages to work items](https://gitlab.com/gitlab-org/gitlab/-/commit/f5e9f208c99488c49613021cd141f7a1a143696b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175449))
+- [Add topic to catalog resources](https://gitlab.com/gitlab-org/gitlab/-/commit/f85f2927590e6f8ffc5580bb090313c731e9ce1e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176257))
+- [Add a confirmation alert when an environment is protected/unprotected](https://gitlab.com/gitlab-org/gitlab/-/commit/4740c742ece1da0cd5c7c9414861b3ea6dc8640d) by @antonkalmykov ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176103)) **GitLab Enterprise Edition**
+- [Implement project secrets graphql query](https://gitlab.com/gitlab-org/gitlab/-/commit/21e07e933143d1a1db5eef0a0f38e4688ba95866) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175603))
+- [Show Closed MRs deprecated in the list](https://gitlab.com/gitlab-org/gitlab/-/commit/caae8a052e8ab01c57213fb25c3dcceb7cbdb2c2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176087))
+- [Defined event and metrics](https://gitlab.com/gitlab-org/gitlab/-/commit/35b2c20ddcbe1f307b138ac577e26506b5e66e80) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175762)) **GitLab Enterprise Edition**
+- [Remove create branch and merge request from behind FF](https://gitlab.com/gitlab-org/gitlab/-/commit/5556cb570226109a78a012fbfdbc5d21d1b06de9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176218))
+- [Show warning when approval settings are overridden for MR](https://gitlab.com/gitlab-org/gitlab/-/commit/f901f9cbc8717ef2e00e6378ccde48bf4e1ae7be) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175674)) **GitLab Enterprise Edition**
+- [Make composite_identity FF default enabled](https://gitlab.com/gitlab-org/gitlab/-/commit/e8cec24fb2ff7ab6dbb77ae1e69a469e217851ff) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176301))
+- [Model registry: Add empty state to candidate list](https://gitlab.com/gitlab-org/gitlab/-/commit/65c7d3da7f372c08617dd02e68ab19f95920d601) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176122))
+- [Implement delete pipl users](https://gitlab.com/gitlab-org/gitlab/-/commit/cb5dfce0419853bd2be312d2cb2177832db76d39) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175861)) **GitLab Enterprise Edition**
+- [Add arkose_labs_data_exchange_enabled setting](https://gitlab.com/gitlab-org/gitlab/-/commit/1b5f4168d0c7bcfa45354b647a9e7840fd62bedb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176034)) **GitLab Enterprise Edition**
+- [Model experiments: Split Experiment card into tabs](https://gitlab.com/gitlab-org/gitlab/-/commit/fc03c89d7d8e3bd6d40f1bd6d1f2e06bd95f6600) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174686))
+- [Allow configuring "auto_stop_setting" through Environments API](https://gitlab.com/gitlab-org/gitlab/-/commit/88f28e81ec895d8c5c96a0ae469e8a405d4696ed) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175940))
+- [Connect Amazon Q trigger service to issuable create/update](https://gitlab.com/gitlab-org/gitlab/-/commit/ad22de2e58d32d25b4e7fd2edef88778a7eee6d3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176221)) **GitLab Enterprise Edition**
+- [Connect Amazon Q trigger service to quick actions](https://gitlab.com/gitlab-org/gitlab/-/commit/9f4f0eced50aa434eee04aa73415f1c91a606e1a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176217)) **GitLab Enterprise Edition**
+- [Add `inputs` key to trigger include objects CI schema](https://gitlab.com/gitlab-org/gitlab/-/commit/c5727f72a70cb9f8d91967c69b097957f9ad8bf7) by @Ben.Leith ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173216))
+- [Add 'Start review' button to MR Overview](https://gitlab.com/gitlab-org/gitlab/-/commit/9138d1311b749b3c0cc4c9c80782537b15923598) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169815))
+- [Add `group_analytics_dashboard_editor` feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/016034f278e3727cf548499607c5c1fd4d475bda) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175604)) **GitLab Enterprise Edition**
+- [Add base support for Amazon Q quick actions service](https://gitlab.com/gitlab-org/gitlab/-/commit/7f0d00e0c7eba45f88869e46621240d9860d1b8e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175919))
+- [Add duo_add_on_groups config for LDAP](https://gitlab.com/gitlab-org/gitlab/-/commit/58cab9d68b3cbaddda171bbe6cd7f4fbcd727d32) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175101)) **GitLab Enterprise Edition**
+- [Model registry: Add link to candidate](https://gitlab.com/gitlab-org/gitlab/-/commit/f0b433de5bd79fe2347a34bc5393b2ef5403c81b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176149))
+- [Add audit event to CreateRunnerService](https://gitlab.com/gitlab-org/gitlab/-/commit/dfaa9d256941e78e614e5d276a1dfa9a82f627b0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175447)) **GitLab Enterprise Edition**
+- [Model experiments: Enhance experiment card title](https://gitlab.com/gitlab-org/gitlab/-/commit/66eb033cb2d8b0da8423f648de5e8352d1ceea98) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175700))
+- [Show Related MR's in dev widget with deduplication](https://gitlab.com/gitlab-org/gitlab/-/commit/6f65f199034936fbf8385593dfd27a06fcca42bd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174812))
+- [Add iteration support to content editor](https://gitlab.com/gitlab-org/gitlab/-/commit/c842a08facaeb9ba6945d7a9e67f4c8710a36bc8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175981))
+- [Adds scheduled workers for dormant member removal](https://gitlab.com/gitlab-org/gitlab/-/commit/1921d01eb14fd691ed3f9a8a7138bcb9ab3cb35f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157930))
+- [Add web_hook_logs_daily table](https://gitlab.com/gitlab-org/gitlab/-/commit/8bb2d8c31fdddd7a8c5f2369bfc52503cdf4c516) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175379))
+- [Update semver_dialects to 3.4.5](https://gitlab.com/gitlab-org/gitlab/-/commit/ac417ebfca206d21d557bda4a21cc8d3f54d0837) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175297))
+- [Add status deprecated to the packages statuses](https://gitlab.com/gitlab-org/gitlab/-/commit/a66644a0a15aad39b43384e447ce3184de92f900) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174312))
+- [Add ability to assign GitLab Duo seats based on SAML groups](https://gitlab.com/gitlab-org/gitlab/-/commit/2e5ea3cb9cb2db172f80479e5ffcbd3d16af6e6a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170502)) **GitLab Enterprise Edition**
+- [Extend GraphQL with  policies overriding project approval settings in MR](https://gitlab.com/gitlab-org/gitlab/-/commit/4cd2fe2da596e9c3a560ca4d149bcff100ad0683) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175614)) **GitLab Enterprise Edition**
+- [Update GitLab Pages version](https://gitlab.com/gitlab-org/gitlab/-/commit/bbafba73fd3eeb17747eb5ae6526b1a022134f2c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176014))
+- [Add container tag protection rules to project](https://gitlab.com/gitlab-org/gitlab/-/commit/b18810e676c3ea3f84dd60bd8c0ff6a79196ed7d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174954))
+- [Model registry: Add Experiment to model card](https://gitlab.com/gitlab-org/gitlab/-/commit/cf4046fa83d03710c65263f0b482ec4c565a0c9d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174378))
+- [Add unique domain regenerate button](https://gitlab.com/gitlab-org/gitlab/-/commit/3268fba94e3c77b896008db3cc6d5da5b1dc7a8a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/172479))
+- [Add warning modal when creating work item](https://gitlab.com/gitlab-org/gitlab/-/commit/da38beec44ec6f3cd4505b0264409b0dfac72b79) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170657))
+- [Add arkose_labs_enabled application setting](https://gitlab.com/gitlab-org/gitlab/-/commit/4c5867249aabba2a2403888b11e3ddc5a5171a81) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175748)) **GitLab Enterprise Edition**
+- [Remove feature flag custom_ability_admin_push_rules & keep new code](https://gitlab.com/gitlab-org/gitlab/-/commit/a720e9f423f13723160a3659b97928433b30e998) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175807))
+- [Adding Service Ping metric for dependency api](https://gitlab.com/gitlab-org/gitlab/-/commit/73a7f22b0ad0f3b4238f2bd7e0e95b1331f4bb51) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175725)) **GitLab Enterprise Edition**
+- [Add support for using ActiveRecord::Encryption](https://gitlab.com/gitlab-org/gitlab/-/commit/df74fa198c25095508b54e765d4629959b1e44ee) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175154))
+
+### Fixed (88 changes)
+
+- [Prevent Direct Transfer from incorrectly marking entities as stale](https://gitlab.com/gitlab-org/gitlab/-/commit/9815b2ccb4b9a4fffec75884b8aa34cb2604e73c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177587))
+- [Reassign runner's owner when owning project is deleted](https://gitlab.com/gitlab-org/gitlab/-/commit/0a8f791205092ca19ea34d7623eb463237627e3a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176879))
+- [Fix visitor location country localization](https://gitlab.com/gitlab-org/gitlab/-/commit/ce7e367a04bfbc5f8fd863b83030c6ad0beacb38) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177761))
+- [Reset `resolved_at` attribute vulnerabilities](https://gitlab.com/gitlab-org/gitlab/-/commit/ec370e873dd44e6fc76d4fb6ad394a94176e663e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177713)) **GitLab Enterprise Edition**
+- [Fix `/unlink` quick command to work with epic work items](https://gitlab.com/gitlab-org/gitlab/-/commit/538cbb0d79866ef533aa458bca7fc530076c4028) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177763)) **GitLab Enterprise Edition**
+- [Use NamespaceProjectIdsEachBatch instead of for_group_and_its_subgroups](https://gitlab.com/gitlab-org/gitlab/-/commit/144b66e5dce6ece67e746aa2bec0a5dd8af858fd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177091))
+- [Add resource context to Duo Chat history](https://gitlab.com/gitlab-org/gitlab/-/commit/68c5d5b33f87810c8071a4c6c79632bc368232c4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174881)) **GitLab Enterprise Edition**
+- [Protected Container Repositories: Fix link in documentation](https://gitlab.com/gitlab-org/gitlab/-/commit/ad0cab62b9755d3eabb0af2faa8f17d6521cf44d) by @nwittstruck ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177672))
+- [Fix UI text in lock and unlock file modal](https://gitlab.com/gitlab-org/gitlab/-/commit/5e8244ddb76abf11b548ba24a4623bdd9e37823e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177601)) **GitLab Enterprise Edition**
+- [BBS handle missing users when user mapping](https://gitlab.com/gitlab-org/gitlab/-/commit/28ac706e06c66f8ea9f8b2d68d34211e12a6dea1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177321))
+- [Documentation and refactor for Duo group/subgroups bug fix](https://gitlab.com/gitlab-org/gitlab/-/commit/2d69d67ca8be67bd0d8a4e661756107ecbd3d6c0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177340)) **GitLab Enterprise Edition**
+- [Make ClickHouse write buffer workers compatible with Redis 6.0](https://gitlab.com/gitlab-org/gitlab/-/commit/cab74b70535f6d1b7bc5e9596875e20469d15b7c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176184))
+- [Update FinishBatchedRelationExportWorker to fail export on timeout](https://gitlab.com/gitlab-org/gitlab/-/commit/55b1e3c03a894aca2ae15a63c726899a9fb7dd67) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177559))
+- [Last commit: Fix alignemnt of right content](https://gitlab.com/gitlab-org/gitlab/-/commit/270547c59af84924adfde92cf61fa39d18f97895) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177543))
+- [Fix circular reference with pipeline execution policy variables](https://gitlab.com/gitlab-org/gitlab/-/commit/be4dfeff61d610be9801a27cf64269b05c9cec37) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176152)) **GitLab Enterprise Edition**
+- [Update Secure sub-section of the sidebar to show only permitted items](https://gitlab.com/gitlab-org/gitlab/-/commit/28e52591b2c2d87e1288e43f7792f060093ec547) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175865)) **GitLab Enterprise Edition**
+- [Fix Pages primary domain not getting saved](https://gitlab.com/gitlab-org/gitlab/-/commit/0e9055eb18a8187cb201c9500b0a33d76bd33f1b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177424))
+- [Set the used_storage_bytes to default when it is 0](https://gitlab.com/gitlab-org/gitlab/-/commit/a06f86d21e04f401843f8aa667efe134363e8ed4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177419)) **GitLab Enterprise Edition**
+- [Lazily initiate a Redis publish/subscribe channel](https://gitlab.com/gitlab-org/gitlab/-/commit/e8deefcce4bba742843c6958eb58ff1f8a80630a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177057))
+- [Fix handling of short gzip metadata files](https://gitlab.com/gitlab-org/gitlab/-/commit/978fa9a5fee79895a493d63b32c9ea08e73c8c49) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177221))
+- [Apply all filters to flowMetricsQuery](https://gitlab.com/gitlab-org/gitlab/-/commit/dfd1585cbe3c4074a43841bdfad1ef6882bd4175) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176346))
+- [Update the default API value for environment auto stop setting](https://gitlab.com/gitlab-org/gitlab/-/commit/8bd0140346bd7061b8ac642470f434569fb15895) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177328))
+- [Make sure MR sticky header is accessible when browser font size=large](https://gitlab.com/gitlab-org/gitlab/-/commit/2a2206fde85af31147c759e564d3658c0281a2a9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177310))
+- [Fix mobile layout for requirements list page](https://gitlab.com/gitlab-org/gitlab/-/commit/654b0054eff607c3e0101cf6807dd24f27f458d6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177170)) **GitLab Enterprise Edition**
+- [Show Iteration field on items within the work items Child widget](https://gitlab.com/gitlab-org/gitlab/-/commit/ca3c94c06e0ef1787ce6174c02f67f5bf37d9047) by @vedant-jain03 ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176306))
+- [Fix pipeline execution policies skipping when allowed](https://gitlab.com/gitlab-org/gitlab/-/commit/3263e938b0cc96bd57927d9706d87f04aa86bbe5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177266)) **GitLab Enterprise Edition**
+- [Reverse toggle to enable skip ci behavior for policy](https://gitlab.com/gitlab-org/gitlab/-/commit/9faa0041eac38656236cf156897cac01af42419b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177169)) **GitLab Enterprise Edition**
+- [Fix sizing of done/redo button on mobile todo page](https://gitlab.com/gitlab-org/gitlab/-/commit/ec3cc5e09ae15e7cac653206ae367b843458e3d7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177168))
+- [Show milestone popover for GFM references to group milestones](https://gitlab.com/gitlab-org/gitlab/-/commit/3ca6538bfe7d17eb638cafea58a94f38e4df3e9c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177186))
+- [Use data from current tab of Vue MR list page for export to CSV](https://gitlab.com/gitlab-org/gitlab/-/commit/40665a30700c21752cfa516905f800bf4be51752) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176196))
+- [Geo Replication - Fix incorrect breadcrumbs](https://gitlab.com/gitlab-org/gitlab/-/commit/452a5985a13d7d2e905ce8e4276e12ccdc1f13bb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177148)) **GitLab Enterprise Edition**
+- [Ensure REST API handles SSH key expiry todos](https://gitlab.com/gitlab-org/gitlab/-/commit/99cfae558b38464fe3e52931d6e4a790bf3180f8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177144))
+- [Ensure users can receive notifications before verifying email](https://gitlab.com/gitlab-org/gitlab/-/commit/28eafda13a1d73f3476fe279df950e1cd9a44fbe) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176818))
+- [Fix typo in policy UI editor for skip ci allowlist](https://gitlab.com/gitlab-org/gitlab/-/commit/afa464ecc77b153b66b3782194a69af2b811b481) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177081)) **GitLab Enterprise Edition**
+- [Fix undefined method error for `remaining_pipl_access_days`](https://gitlab.com/gitlab-org/gitlab/-/commit/fe9f38d8e08b73995298501aa0bde8b42c720ea5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176851)) **GitLab Enterprise Edition**
+- [Fix missing variables for DAST scans](https://gitlab.com/gitlab-org/gitlab/-/commit/b88d72b08b43ba9d6651d93e1dd6e3f7ac49b63d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176882)) **GitLab Enterprise Edition**
+- [Fix resource access token bot namespace bug for admin users](https://gitlab.com/gitlab-org/gitlab/-/commit/23276cf43c0e7948925d52829edfa825a1d67151) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177018))
+- [Remove unnecessary padding for policy warning icon](https://gitlab.com/gitlab-org/gitlab/-/commit/58da79a17c9df4c8b132a7c93673c5f0ac5e7782) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176974))
+- [Remove "go_get_handle_relative_url" feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/911c3b164305c9eeebf6d4418a66d29c7897272e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176972))
+- [Use add on trial dates for combined trial on premium](https://gitlab.com/gitlab-org/gitlab/-/commit/26abffe3593b3156f0d8e36ec8c022fbf29d5d24) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176780)) **GitLab Enterprise Edition**
+- [Fix policy name in MR with trailing numbers](https://gitlab.com/gitlab-org/gitlab/-/commit/fcc13de079cf1575607f649cac36f82bdb85e2be) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176629)) **GitLab Enterprise Edition**
+- [Move User namespace audit events to instance scope](https://gitlab.com/gitlab-org/gitlab/-/commit/0ef9e46a77413ac93de17611bf108a7ce696e0ee) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176943)) **GitLab Enterprise Edition**
+- [Don't post policy bot comments in MRs of archived projects](https://gitlab.com/gitlab-org/gitlab/-/commit/0cff41469d3e0b62481ee9aea0c8cd11786cf66d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176870)) **GitLab Enterprise Edition**
+- [Fixing audit event group path failure](https://gitlab.com/gitlab-org/gitlab/-/commit/649066800d572f51305408994c83f0e5d686d8bb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176855))
+- [Add BoardEpicConnection type policy for pagination](https://gitlab.com/gitlab-org/gitlab/-/commit/a70ec596c2f07f9a05289994bd2af8baedcb3bd1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176803)) **GitLab Enterprise Edition**
+- [Fix 500 error when banzai commit filter incorrectly captures a group](https://gitlab.com/gitlab-org/gitlab/-/commit/40588193b6092caefd20babecfe3ba8aadb457d7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176770))
+- [Add reference permission check for group level items](https://gitlab.com/gitlab-org/gitlab/-/commit/38a0a03077346fa5824a519430e4c38efde57a6c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176500))
+- [Merge branch...](https://gitlab.com/gitlab-org/gitlab/-/commit/af768407f2bbb1b2fbdf707dde684ae87f2aed5a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176552))
+- [Update acme-client to v2.0.19](https://gitlab.com/gitlab-org/gitlab/-/commit/6371ad0e9f88a691291dbc19b5afbeffb179e154) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176465))
+- [Fix failed jobs widget polling issue](https://gitlab.com/gitlab-org/gitlab/-/commit/6f61aaa0b4127f4dd9a456ea672575a428655f3f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176402))
+- [Restore diff file draft note editing state](https://gitlab.com/gitlab-org/gitlab/-/commit/c65ad27d08fb29605d1c3af8fcb7693174c9e695) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176559))
+- [Add a migration to regenerate CI job token signing key](https://gitlab.com/gitlab-org/gitlab/-/commit/192b99d50c6349f64f2a2bc727c6d532903c8311) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176483))
+- [Fix CI job token signing key not always generated](https://gitlab.com/gitlab-org/gitlab/-/commit/72a4f3c0bc3f4af6e7eb7fa7fb1d83f1303f0c52) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176483))
+- [Fix issues boards unable to fetch issues for anonymous users](https://gitlab.com/gitlab-org/gitlab/-/commit/0b97b746eb70d1d3010af5ea8282f80d9465da74) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176482))
+- [bug: Fix appearance of protected badge in group package overview](https://gitlab.com/gitlab-org/gitlab/-/commit/1de4111988e5ab69f2c805615e4d1fb6dc81060d) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174243))
+- [Fix NoMethodError on most_recent_commit_sha method](https://gitlab.com/gitlab-org/gitlab/-/commit/d11b82291734d08ad790d00284f592cdd1ac466e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176308)) **GitLab Enterprise Edition**
+- [Only create Geo verification records if primary checksumming enabled](https://gitlab.com/gitlab-org/gitlab/-/commit/7dce11060c4fe1a67f5989f6c902f3e3629f6209) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173901)) **GitLab Enterprise Edition**
+- [Update subscription check for hide duo section](https://gitlab.com/gitlab-org/gitlab/-/commit/f2c6c3e66d570d99e4cd0bffc8c81ee47f610f7d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175625)) **GitLab Enterprise Edition**
+- [Provide a workaround for users that do not have a registration_type](https://gitlab.com/gitlab-org/gitlab/-/commit/7ba2277afb48ac878c4a189bc068e442b127f93c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176195)) **GitLab Enterprise Edition**
+- [Only show repo file tooltip when truncated](https://gitlab.com/gitlab-org/gitlab/-/commit/b494fcb7864aa887e517e2b4103f66d90481ab28) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158252))
+- [Make ClickHouse exclusive lock compatilble with Redis 6](https://gitlab.com/gitlab-org/gitlab/-/commit/12339e03f48dc5044ce6c1a875b74bc647513543) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176041))
+- [Fix Analytics dashboards description `Show more` toggle button](https://gitlab.com/gitlab-org/gitlab/-/commit/6ce5d5ec2d8dc14537998d622a39d05fc48bebbf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176395)) **GitLab Enterprise Edition**
+- [Use the project_id_from and project_id_to in InitialIndexingEventWorker](https://gitlab.com/gitlab-org/gitlab/-/commit/af38e768f23d31c881036b90fdef206698508bc8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176224)) **GitLab Enterprise Edition**
+- [Fix resetting timer on ChunkWriter](https://gitlab.com/gitlab-org/gitlab/-/commit/04f347b3306fc6fa508e1dc18c675b869d656df9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176348))
+- [Fix last commit styling when description is expanded](https://gitlab.com/gitlab-org/gitlab/-/commit/0175a0467051995a13b723a749650bbd817ec4a2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175764))
+- [Preserve saved access levels when re-enabling project features](https://gitlab.com/gitlab-org/gitlab/-/commit/d234c0c342f5718aa13cb9eda02d60ea7757edcb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174114))
+- [Handle SSO redirect during authorization](https://gitlab.com/gitlab-org/gitlab/-/commit/cf9fcdbb7c07b09cbaf83f4eb6828972a41c165c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175618)) **GitLab Enterprise Edition**
+- [Fix Gitlab::Audit::NullAuthor string keyword splat](https://gitlab.com/gitlab-org/gitlab/-/commit/e218991b2b346967dcbc6ab95e9af8a4057ab9fa) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176327))
+- [Protected containers: Show protected badge in group container overview](https://gitlab.com/gitlab-org/gitlab/-/commit/a58934bb2b29f4cb408f47f7cda589fd0dda5ea9) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174033))
+- [Fix index to evict event worker](https://gitlab.com/gitlab-org/gitlab/-/commit/76d9174c509963a41205f89e61866a87d50ae847) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176246)) **GitLab Enterprise Edition**
+- [Fix foreign key error while backfilling](https://gitlab.com/gitlab-org/gitlab/-/commit/499fd72f4ebd426777426db19a036330cea2731b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174545)) **GitLab Enterprise Edition**
+- [Fix appearance of merge split button](https://gitlab.com/gitlab-org/gitlab/-/commit/9197848c24b2c9dfd64ea6543442654bb2582c08) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175315))
+- [Fix infinite scroll when inviting a group to a project](https://gitlab.com/gitlab-org/gitlab/-/commit/440b8c1dfe11158e9575920087e66987d8b17862) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176194))
+- [Pipeline stage job polling fix](https://gitlab.com/gitlab-org/gitlab/-/commit/580f444d8875b5e7bdefb2fd3b07eb70f264893c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175926))
+- [Fix backoff of disabled webhooks ramp up too fast](https://gitlab.com/gitlab-org/gitlab/-/commit/1715a8d64a9a4ae5325d9f1673467f14b7c68beb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/172449))
+- [Fix audit events destination_url to be public](https://gitlab.com/gitlab-org/gitlab/-/commit/601539bb03afb4ebf23b801da9c9658151cf3910) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175903)) **GitLab Enterprise Edition**
+- [MR widget alert warning: border bottom and fix border-radius](https://gitlab.com/gitlab-org/gitlab/-/commit/959c1c16afb1a85186a56a7d3311f21459d46fc2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176094))
+- [Zoekt: Fix negative unclaimed storage bytes](https://gitlab.com/gitlab-org/gitlab/-/commit/0826899d3b854628dc11af54174d4d4e5ace93b7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175561)) **GitLab Enterprise Edition**
+- [Replace DB unique index with model validator](https://gitlab.com/gitlab-org/gitlab/-/commit/692b65dcc9aedbedb07c5cb13d39314b3186da94) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175167))
+- [Fix edge case when trying to access policy approval_settings](https://gitlab.com/gitlab-org/gitlab/-/commit/cf065a5eb1938189fcebbc50020ac887e48dbf38) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176098)) **GitLab Enterprise Edition**
+- [Fix issue in RTE with image resize](https://gitlab.com/gitlab-org/gitlab/-/commit/2e79df1681b805fbb72c490b56c94615a5f508b3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176017))
+- [Fix issue with preserving checkboxes whitespace](https://gitlab.com/gitlab-org/gitlab/-/commit/39128a438791f7f7634ce3224691ee69470b9bce) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175991))
+- [Use correct height value for emoji picker rows](https://gitlab.com/gitlab-org/gitlab/-/commit/5cd2cf85460841d5a336c088584944345911e106) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176045))
+- [Fix a case-sensitivity issue in the application rate limiter](https://gitlab.com/gitlab-org/gitlab/-/commit/ac404842d0b44168cb3275580a0d12b943929b54) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175930))
+- [Skip copying over custom award emoji that do not exist](https://gitlab.com/gitlab-org/gitlab/-/commit/1c15f2091557a0cab04ec22b7e45fc6e13ea6b43) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175712))
+- [Fix Random.rand for zero values in RuleScheduleService](https://gitlab.com/gitlab-org/gitlab/-/commit/d138c824fffd8344123d8cbf06f0548c16028d7d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175838)) **GitLab Enterprise Edition**
+- [Ignore system notes when indexing notes on work items](https://gitlab.com/gitlab-org/gitlab/-/commit/c102c108431418d9f57f32f46e1364b9a18f7417) by @joe-snyder ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175632)) **GitLab Enterprise Edition**
+- [Restrict PAT informaton endpoint to PAT authentication](https://gitlab.com/gitlab-org/gitlab/-/commit/8e93cea85b1834b7187ac67304107223435673ab) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175820))
+
+### Changed (102 changes)
+
+- [Fix layout of requirements](https://gitlab.com/gitlab-org/gitlab/-/commit/4844cfe12d7f1419f82c065087d6157339531848) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177179))
+- [Abstract project topics to reusable component](https://gitlab.com/gitlab-org/gitlab/-/commit/84cd634b90287153e2999ff9316ebb74cb281375) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177496))
+- [Change language filter icon to "code"](https://gitlab.com/gitlab-org/gitlab/-/commit/fbec86ddb305a7cff59cbebe6bf0ed7653c61924) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177789))
+- [Update environments list page](https://gitlab.com/gitlab-org/gitlab/-/commit/d5ec48b57977d027eb4184a6d2c0fc1a00424196) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176595)) **GitLab Enterprise Edition**
+- [Modify gl-icon in email_verification.vue to use info variant and size 16](https://gitlab.com/gitlab-org/gitlab/-/commit/faf36fd1f8d6f27b51283f3fca8173d2e97bceb9) by @alvinowyong ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177295))
+- [Update operational vulnerabilities info](https://gitlab.com/gitlab-org/gitlab/-/commit/f563283112e558e415157828accf4dce9bd8e69e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177618))
+- [Fix AdjustmentService to use SEC DB connection](https://gitlab.com/gitlab-org/gitlab/-/commit/60a263669aeb2bd2770ad35ae6b256dbf7bb285e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177731)) **GitLab Enterprise Edition**
+- [Split SCIM tables](https://gitlab.com/gitlab-org/gitlab/-/commit/fa66c7e206bc167529aea6fbe64865b11dc95df9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170565))
+- [Reject soft-deletion of groups containing security policy projects](https://gitlab.com/gitlab-org/gitlab/-/commit/6525f1ba7459c1aae178113c8f5b88a011713f5a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176602)) **GitLab Enterprise Edition**
+- [Specify SCIM as reason for DestroyService audit event](https://gitlab.com/gitlab-org/gitlab/-/commit/5db084a9c7494dcb6dad3f54a757fe0d432d8858) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177629)) **GitLab Enterprise Edition**
+- [Set Amazon Q service account username](https://gitlab.com/gitlab-org/gitlab/-/commit/e9936ea7e50c56b48996dfcef31652b37c1f254e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177521)) **GitLab Enterprise Edition**
+- [Adjust hidden variables error messages](https://gitlab.com/gitlab-org/gitlab/-/commit/fe15ba4ead868f0e04b11ec1ec3d5d40d60dcf77) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166286))
+- [Set codeowner_role_approvers to default enabled](https://gitlab.com/gitlab-org/gitlab/-/commit/a37075c4582c33a5907909918fa99f471c22363d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177410))
+- [Added project id to the internal workflow API get method](https://gitlab.com/gitlab-org/gitlab/-/commit/5ae03db3dac22cb6279a6f7466c6efd252799674) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177565)) **GitLab Enterprise Edition**
+- [Remove flag gitaly_pack_objects_hook_with_sidechannel](https://gitlab.com/gitlab-org/gitlab/-/commit/39f51b573d9370f9a8f2fb8020c0e1cc513f5c77) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176393))
+- [Update edit blob to use commit change modal](https://gitlab.com/gitlab-org/gitlab/-/commit/94cb69d12af14f89e59726e17ea2ba68765cb542) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174936))
+- [Amazon Q service account has private profile](https://gitlab.com/gitlab-org/gitlab/-/commit/7732f2cb6d0f9602153b5c5c004d432612315f99) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177513)) **GitLab Enterprise Edition**
+- [Easily copy link to current issue template from URL](https://gitlab.com/gitlab-org/gitlab/-/commit/07d9b1f36c766c374716efec5bcf0a2ef4389bb1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177215))
+- [Remove `auto_resolve_vulnerabilities` feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/c20e9d5ab184c1329cbf1262513f76755329f4b0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177487)) **GitLab Enterprise Edition**
+- [Support enablement of Fireworks/Qwen model by top-level group](https://gitlab.com/gitlab-org/gitlab/-/commit/a73aec8262d259e47e9d51d63484bc371cd5d786) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176841)) **GitLab Enterprise Edition**
+- [Remove tooltip from activity item](https://gitlab.com/gitlab-org/gitlab/-/commit/249e22a64ec988d86930b0bc7760d48693fb7710) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177313))
+- [Model experiments: Rename candidate to run](https://gitlab.com/gitlab-org/gitlab/-/commit/ed296a14e6f6896c59fbcd4a89f8beed13c797c2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177444))
+- [Remove duo_seat_assignment_email_for_sm feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/aca41518cf9a5211949ea56766289bd64d6cb8ef) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177462)) **GitLab Enterprise Edition**
+- [Model registry: rename candidate to "run"](https://gitlab.com/gitlab-org/gitlab/-/commit/e73083a1c41a06024c87a1a7becabcf8673c952c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177294))
+- [Enable FF policies_always_override_project_ci by default](https://gitlab.com/gitlab-org/gitlab/-/commit/1f91a1f665e7871453ebaef7146d6c1af6d383f4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177469)) **GitLab Enterprise Edition**
+- [Dont show amazon q with duo add ons](https://gitlab.com/gitlab-org/gitlab/-/commit/4d99370cb9418c0aef56ef1db3163ff058dfa35d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177317))
+- [Make in-app trials display fixed](https://gitlab.com/gitlab-org/gitlab/-/commit/1b19d6b0be2582258c0dd1062e49d4f762ff4e39) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177264)) **GitLab Enterprise Edition**
+- [Show file type in security scan artifact download dropdown](https://gitlab.com/gitlab-org/gitlab/-/commit/b42bf9d862d1eddee8a2e6ccc915e6cfc083604f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177272))
+- [Promote project.dependencies to generally available](https://gitlab.com/gitlab-org/gitlab/-/commit/90fb84cecada748b6989a85b4cff740f6ae12fd4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177450)) **GitLab Enterprise Edition**
+- [Update adherence report drawer heading](https://gitlab.com/gitlab-org/gitlab/-/commit/f98dda4fd55059470755e43f64cd9f56d51499a6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177332)) **GitLab Enterprise Edition**
+- [Add X-Gitlab-Feature-Enablement-Type AI Gateway header](https://gitlab.com/gitlab-org/gitlab/-/commit/cb9ba07ad89f090ab3cc666e9d375f0ababe03c4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176329)) **GitLab Enterprise Edition**
+- [Enhance model experiments listing page](https://gitlab.com/gitlab-org/gitlab/-/commit/bdf6779047dd79920cb5712df768a3bc90e5b6a5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176603))
+- [Ref container darkmode color changes](https://gitlab.com/gitlab-org/gitlab/-/commit/4b4b00d3d8acb7b412d3f28cc2b16aa4dc9947b8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/171561))
+- [Remove automatic feature access level adjustments when updating project visibility](https://gitlab.com/gitlab-org/gitlab/-/commit/05dc8f47f7bdd6d5ce6d9f06096103a00593442d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175070))
+- [Remove WalReceiverSaturation indicator](https://gitlab.com/gitlab-org/gitlab/-/commit/cfdd6bf4b05b23b42bf45ff1dfdf9c5356c2b49a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177021))
+- [Rename pages_default_domain_redirect to pages_primary_domain](https://gitlab.com/gitlab-org/gitlab/-/commit/f45bed58832d47b9f9bea6ac052a9a20959b9775) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176651))
+- [Drop use of AWS SDK v1 in Workhorse uploads](https://gitlab.com/gitlab-org/gitlab/-/commit/bd66f8ff561b80fd1a20a8e82af4391748130349) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177161))
+- [Change tooltip text and icon for Summarize button on issues](https://gitlab.com/gitlab-org/gitlab/-/commit/f12ef10445ea74668c120d125cfc87cac6f4241f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175087))
+- [Allow nil values for project_id_to in zoekt index metadata](https://gitlab.com/gitlab-org/gitlab/-/commit/0850cac2723dc6c9949b9e4ba228bf970c99e0f4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175945)) **GitLab Enterprise Edition**
+- [Update CreateIssueService rollback](https://gitlab.com/gitlab-org/gitlab/-/commit/45bfc379c9396c80a34ce635dde4378266b1c1a3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176154)) **GitLab Enterprise Edition**
+- [Remove default value for organization_id](https://gitlab.com/gitlab-org/gitlab/-/commit/75f3d3ef47eff70a64e0797a542881217d0a2187) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177080))
+- [Change tooltips to HelpPopover in projects import](https://gitlab.com/gitlab-org/gitlab/-/commit/d6264503e29cf3078ca403a72c2a088d11162414) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176750))
+- [Use diff_blobs for streaming compare rapid diffs](https://gitlab.com/gitlab-org/gitlab/-/commit/cb786bbb976bcbd369de8811ae7c880cf0d5b529) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174982))
+- [Reject deletion of security policy projects](https://gitlab.com/gitlab-org/gitlab/-/commit/2b4b439c654a77ac07949877b81182dfc5f76adc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176601)) **GitLab Enterprise Edition**
+- [Change pipeline identifier priority](https://gitlab.com/gitlab-org/gitlab/-/commit/38a814a3f67e3f72faad971d8002bf8053934ae1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177011))
+- [Repaced and removed css gl-last-of-type-border-b-0](https://gitlab.com/gitlab-org/gitlab/-/commit/5921d0fc52a7f67dc7d5f59e952bad6478f764ab) by @illia_bakunovskyi ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/172870))
+- [Group usage quotas: Update page hierarchy](https://gitlab.com/gitlab-org/gitlab/-/commit/763b438bea7b7154974e0d7f772ec5da922f823e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176265)) **GitLab Enterprise Edition**
+- [Refactor topics admin page to use PageHeadingComponent](https://gitlab.com/gitlab-org/gitlab/-/commit/68f0dce2d59495b34f155359516f87840328335e) by @bufferoverflow ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/170241))
+- [Add validation for license rule](https://gitlab.com/gitlab-org/gitlab/-/commit/3917deddddcc245d3d10c12f2e68975b40977aa4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176445)) **GitLab Enterprise Edition**
+- [Update widget in pipeline editor to use pipeline summary component](https://gitlab.com/gitlab-org/gitlab/-/commit/77c7d396c2857a0a730332a3b1d7b8679d297b75) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175179))
+- [Update licenses validation](https://gitlab.com/gitlab-org/gitlab/-/commit/1c4267febf66844af1560dc29f32413067358d8f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176889)) **GitLab Enterprise Edition**
+- [Unify error messages styling when onboarding](https://gitlab.com/gitlab-org/gitlab/-/commit/ca2788e54c7d1664f2a5246b602fc577bcd5d9b6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176846))
+- [Updates BBM docs](https://gitlab.com/gitlab-org/gitlab/-/commit/53b9386e18c1c412253724e0cbcb829a1c6f98bc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175994))
+- [New split view for a policy editor](https://gitlab.com/gitlab-org/gitlab/-/commit/92e1315b6cace0d2d57ef4118247baecd5ecc140) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176062)) **GitLab Enterprise Edition**
+- [Remove validation for branches on group level](https://gitlab.com/gitlab-org/gitlab/-/commit/5c45399c5b3805a3057068cc5c1db63939d9a4e6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175866)) **GitLab Enterprise Edition**
+- [Enhance experiment candidate(run) detail page](https://gitlab.com/gitlab-org/gitlab/-/commit/e96e0f085bb7c282368560939ecf308f3d113ada) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175957))
+- [Fix icon text alignment](https://gitlab.com/gitlab-org/gitlab/-/commit/3865a55ffdd733258354d41b74c2c58eaed3143f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176680)) **GitLab Enterprise Edition**
+- [Sync index creation for p_ci_builds.trigger_request_id](https://gitlab.com/gitlab-org/gitlab/-/commit/2076737fd69773c0006ea090058b5ed7f39b660a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176641))
+- [Moved seat_control from helper to controller](https://gitlab.com/gitlab-org/gitlab/-/commit/0deea04db8477c31d49a911014f6620a175da432) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176649)) **GitLab Enterprise Edition**
+- [Remove old completions class and update service_class](https://gitlab.com/gitlab-org/gitlab/-/commit/0ebb0daf3776d466788571beefa837843098b7d1) ([merge request](https://gitlab.com/foo/bar/-/merge_requests/176468))
+- [Enable scan_execution_pipeline_concurrency_control ff](https://gitlab.com/gitlab-org/gitlab/-/commit/229bae74c99e2faa81a3f7e3417c8c54aad9dd1e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176469)) **GitLab Enterprise Edition**
+- [Remove database default for organization_id from oauth tables](https://gitlab.com/gitlab-org/gitlab/-/commit/6106b31a16dae67ed50f4cd9bbb63d21fb2ab29b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175690))
+- [Removed sync code for seat_control and new_user_signups_cap](https://gitlab.com/gitlab-org/gitlab/-/commit/26d3684a816e1ceff2338f4c152c4e722196753e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174712)) **GitLab Enterprise Edition**
+- [Changes index on namespace_settings](https://gitlab.com/gitlab-org/gitlab/-/commit/eb97d8f5cd6dacb1350f7931d6617f56217e6583) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176454))
+- [Add instructions in the pipeline editor for configuring jobs for MRs](https://gitlab.com/gitlab-org/gitlab/-/commit/7f39e9b7620ce55a51fdb8a9277571550c2c1ef9) by @antonkalmykov ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175715))
+- [New machine learning runs use ml_model package type](https://gitlab.com/gitlab-org/gitlab/-/commit/8934468f93e76b22495557646320a850cbcf7ad3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173680))
+- [Make details disclosures easier to spot in rendered markdown](https://gitlab.com/gitlab-org/gitlab/-/commit/8cee1c3660cf2745bcc9b1799d559ba12c5c245b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176396))
+- [Added link to project and group](https://gitlab.com/gitlab-org/gitlab/-/commit/05d7b3ac0644e98b478d9323d3f7af0e25d6917a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176379))
+- [Update label text for protected branch in commit change modal](https://gitlab.com/gitlab-org/gitlab/-/commit/dc046d7abeda5b5f9b6ff632af61408417f880f7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176190))
+- [Help Icon: Removes small size and replaces it with default](https://gitlab.com/gitlab-org/gitlab/-/commit/f01ef9c192026c79ee21db19d999406b3c985298) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176252))
+- [Consolidate pipeline queries](https://gitlab.com/gitlab-org/gitlab/-/commit/4fe561fc1b84f467f566c5a8dc45d6416e3a503e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175914))
+- [Update Kubernetes agent registration](https://gitlab.com/gitlab-org/gitlab/-/commit/8b0d1ea6e6c7e2087f26be6187a1858e469ce4a5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175766)) **GitLab Enterprise Edition**
+- [Improve readability of status icon](https://gitlab.com/gitlab-org/gitlab/-/commit/c6e09b5b3e9ce9ecb9fdd61174c9c848a66fba78) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176337)) **GitLab Enterprise Edition**
+- [feat: Toggle Duo Chat drawer state instead of only showing](https://gitlab.com/gitlab-org/gitlab/-/commit/2d5efd1590b66e9dc9f2b5a3aa855f33bc47f710) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176288)) **GitLab Enterprise Edition**
+- [Remove `download_code` dependency from access to read merge requests](https://gitlab.com/gitlab-org/gitlab/-/commit/1c2beb5e05a289be664cce8440952f41f3cd51e7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175444))
+- [Markdown: Use fixed type scale](https://gitlab.com/gitlab-org/gitlab/-/commit/e977306445647036bfb1d98dca299e58ea0256bf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175258))
+- [Add auto-approval param in CE](https://gitlab.com/gitlab-org/gitlab/-/commit/a8cd7c3f6676ed894d624f8f735338f265ae32f1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176026))
+- [Use diff_blobs for streaming commit rapid diffs](https://gitlab.com/gitlab-org/gitlab/-/commit/4832a7b37ee28057cd44d3e15f78cb187e34770c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174863))
+- [Updated SeatControl UX](https://gitlab.com/gitlab-org/gitlab/-/commit/de31b5bd361011d1b636bceed83125bb4e627fb9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174514)) **GitLab Enterprise Edition**
+- [Allow dots in path_prefix in Pages](https://gitlab.com/gitlab-org/gitlab/-/commit/e116421722541fddd85621118d3e34730a4e7bfd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175563))
+- [Fix Direct Transfer scopes copy to be precise](https://gitlab.com/gitlab-org/gitlab/-/commit/e0e707b530a6c8f079999dfebcffd7d77ed7c221) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176211))
+- [Use YMD date for value stream metrics queries](https://gitlab.com/gitlab-org/gitlab/-/commit/d31dacd8fd204d20b3e987ecbe8c006442be6ab3) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175081))
+- [Update edit blob to use commit change modal](https://gitlab.com/gitlab-org/gitlab/-/commit/1abc4f15c479e9dd118318095ef08252abb67655) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174287))
+- [Update styling in pipeline mini graph dropdown](https://gitlab.com/gitlab-org/gitlab/-/commit/e07fa88c9442ffa68a1032e5dc231647b0df39a6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175888))
+- [Show an Actions column name on the pipelines list on the desktop view](https://gitlab.com/gitlab-org/gitlab/-/commit/fbcfc70f16ad1e9dff770e3aa6f4a358096d07ff) by @antonkalmykov ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176019))
+- [Release feature flag ml_experiment_tracking](https://gitlab.com/gitlab-org/gitlab/-/commit/d3813a073988bd66698a66ca7f9daa88f1a83f5e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175814))
+- [Model Experiments: Add menu item to MLflow usage example](https://gitlab.com/gitlab-org/gitlab/-/commit/3479919e0ced5f6c7ea7b2b2de4076eaa05ed130) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175813))
+- [Remove default value from namespaces.organization_id column](https://gitlab.com/gitlab-org/gitlab/-/commit/3940199f1fd7b5644698a89460f6fd75d4110f67) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174559))
+- [Replace NamespaceSettings index with composite](https://gitlab.com/gitlab-org/gitlab/-/commit/19c14b16220a0b0059f189fa8698eebbd3dde84e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175678))
+- [Add Auditor badge to Admin area Users page](https://gitlab.com/gitlab-org/gitlab/-/commit/ea9d892642d681d1c5a6782b7eb3af1329243714) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175654)) **GitLab Enterprise Edition**
+- [Uses organization id on Topics GraphQL](https://gitlab.com/gitlab-org/gitlab/-/commit/1e8f770c7944da17fd1f3e0386d83ceb57b8a1bc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175114))
+- [Update sign up path on Admin Settings](https://gitlab.com/gitlab-org/gitlab/-/commit/5c8388d6c13b2efd07ab111d9620443fae15b401) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176011))
+- [Remove BackfillPCiPipelinesTriggerId](https://gitlab.com/gitlab-org/gitlab/-/commit/9e2cba271682a3665893719274733ec2a6c5b0fb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175517))
+- [Change CreateMergeRequestService rollback for sec](https://gitlab.com/gitlab-org/gitlab/-/commit/2e9dd22fb7e93fc6ef749264e05572f13958e11c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/172673)) **GitLab Enterprise Edition**
+- [Fix first and last pagination icon sizes](https://gitlab.com/gitlab-org/gitlab/-/commit/e19abef1284a1a5015debd6cb7e772f0644f5a37) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175320))
+- [Use projects icon and add tooltips in admin > groups](https://gitlab.com/gitlab-org/gitlab/-/commit/aef53ef54fccc85a285a705bd82440e838b21639) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175965))
+- [Update text in dependency table](https://gitlab.com/gitlab-org/gitlab/-/commit/55af56d5b736dd5729e169f3d1c8a34bf4973f3c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175722)) **GitLab Enterprise Edition**
+- [Remove increase_lsif_artifacts_limit feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/bdeda8e613c87cb2d4227e9911862164ab955830) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175685))
+- [Increase ci_max_artifact_size_lsif default limit](https://gitlab.com/gitlab-org/gitlab/-/commit/dc7de5ed4cc655b168555aca75bbd028f03074d7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175684))
+- [Remove correct_work_item_type feature flags](https://gitlab.com/gitlab-org/gitlab/-/commit/ad39360932acce95be609d8bc2d906a22c88c529) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175934))
+- [Update dependency auto-deploy-image to v2.115.0](https://gitlab.com/gitlab-org/gitlab/-/commit/9513699bb86fecab8cd60fc83efe4991ca420966) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175416))
+- [Set cache: [] in SAST latest CI templates](https://gitlab.com/gitlab-org/gitlab/-/commit/613bab02b3ce3ff4fd94b83a889980872620db3c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174987))
+
+### Removed (17 changes)
+
+- [Removed the ignore rule](https://gitlab.com/gitlab-org/gitlab/-/commit/16e980b27a1eccb7f19bacf5320a4cd1cd9bdd3a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176730)) **GitLab Enterprise Edition**
+- [Remove top-level group concurrency docs](https://gitlab.com/gitlab-org/gitlab/-/commit/ee2b19ee7f77dfe47d45b5939181b0c3d39837e0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177632)) **GitLab Enterprise Edition**
+- [Remove feature flag 'vulnerability_code_flow'](https://gitlab.com/gitlab-org/gitlab/-/commit/f52b0757bcb79b2bc3eaedfd965a7b371b5fc17b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177248))
+- [Remove ci_graphql_pipeline_mini_graph](https://gitlab.com/gitlab-org/gitlab/-/commit/67b3cb5a12ab1d9211a9847cd8e2841434a7fb3b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176822))
+- [Remove pipeline editor dead code](https://gitlab.com/gitlab-org/gitlab/-/commit/5c5f29d24c91926659479554e3ae7522810faf30) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175334))
+- [Removing ci_secure_files_read_only feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/e5c0a143be5d6248939bbcc551958db2956d70aa) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177033))
+- [Remove epic cached count checking](https://gitlab.com/gitlab-org/gitlab/-/commit/0c3ea92d9cd91e7d5729504148b4c02b8bcadb20) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176976)) **GitLab Enterprise Edition**
+- [Remove sync_audit_events_to_clickhouse feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/eb6be9bb3fd10d96120caae122530a9ec259b246) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175370))
+- [Create migration for synchronous index removal](https://gitlab.com/gitlab-org/gitlab/-/commit/41c7dfc9a7e8de5fce5085f623bffd9b5b4b6b8a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176673))
+- [Remove namespace_descendants_cache_expiration FF](https://gitlab.com/gitlab-org/gitlab/-/commit/6c2d1737f15b4f588dfe69abaa66ff3f64e5992d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176643))
+- [Dropping confidence column from security_findings](https://gitlab.com/gitlab-org/gitlab/-/commit/832e071a3789e475532be32821b7147b6ba255de) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176415))
+- [Remove `use_holt_winters_forecast_for_deployment_frequency`](https://gitlab.com/gitlab-org/gitlab/-/commit/57073e040576fc72e3f333ba8938c621b601cf83) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175893)) **GitLab Enterprise Edition**
+- [Remove require_resource_id feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/6b715a248f4026707a4c060187dfa835f88f65a7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176155))
+- [Remove self_hosted_models_beta_ended FF](https://gitlab.com/gitlab-org/gitlab/-/commit/15709f32291a6402e79ffbea9a986b7cd97a6ba1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176278))
+- [Remove code_suggestions_usage_events_in_pg feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/326e9b308f206b2062f68b06d625ed49ab83b1db) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175836)) **GitLab Enterprise Edition**
+- [Remove groups_with_event_streaming_destinations metric](https://gitlab.com/gitlab-org/gitlab/-/commit/6f61a3d13eaf22c77e41e157474e8dfa48568115) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173590)) **GitLab Enterprise Edition**
+- [Remove the 'auth_finder_no_token_length_detection' FF](https://gitlab.com/gitlab-org/gitlab/-/commit/31ce2ac7133143e567350dc2c7fc53c0d745d6c5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175276))
+
+### Security (12 changes)
+
+- [Update KaTeX to fix several CVEs](https://gitlab.com/gitlab-org/gitlab/-/commit/6c0e0890a99748f9e73c9ebb6e010934f795c9d1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176404))
+- [Update rails to 7.0.8.7](https://gitlab.com/gitlab-org/gitlab/-/commit/ed8267b6d57c9bb995eb714d790fbff81f65277e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176769))
+- [Revert "Merge branch 'sh-fix-http-io-empty-gz-handling' into 'master'"](https://gitlab.com/gitlab-org/gitlab/-/commit/7d5162c849e182435b05da0def80642972700502)
+- [Add strong parameters to the passwords_controller](https://gitlab.com/gitlab-org/gitlab/-/commit/1bb92907f6c0e02cbf3152f8759b5f31e4fb26f6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177050))
+- [Fix handling of short gzip metadata files](https://gitlab.com/gitlab-org/gitlab/-/commit/0bd210b633756857a3ed1884eef58d248fc7ad0c)
+- [Filter out sensitive parameters on Auth logs](https://gitlab.com/gitlab-org/gitlab/-/commit/4f778ed32ee45feb6ad66087108e2972ae2b9dee)
+- [Prevent cyclic reference in work item hierarchy widget from frontend](https://gitlab.com/gitlab-org/gitlab/-/commit/2fdbe509828bc42960f70c576b1d94073610634c)
+- [Allow external_provider config take precedence over external_groups](https://gitlab.com/gitlab-org/gitlab/-/commit/c2de306ba30f5afda1e7a24afb94c8e7dc04cedb)
+- [Don't allow unauthorized users to close issues automatically](https://gitlab.com/gitlab-org/gitlab/-/commit/92c10374afb3a86ee76c149202204a642f8702ae)
+- [Update golang.org/x/net package](https://gitlab.com/gitlab-org/gitlab/-/commit/776e269a1eab799fdeb891ac0e9e37d2c7d09037) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176775))
+- [Update net-ssh to fix CVE-2023-48795](https://gitlab.com/gitlab-org/gitlab/-/commit/3d1006d7fdfd87028028d33d6cb3220832ef580d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176092))
+- [Update yard to fix CVE-2024-27285](https://gitlab.com/gitlab-org/gitlab/-/commit/9ec01eecb1d1c229f723920622798e26ebfcdebd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176096))
+
+### Performance (4 changes)
+
+- [Implement included remote checksum in the Maven package registry](https://gitlab.com/gitlab-org/gitlab/-/commit/54d9368daf0d2d187e54a8108578291819d265b0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177142))
+- [Remove auto_merge_process_worker_sticky feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/b0b910de2eda218f1220385f1ac55f6d42f67851) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177639))
+- [Load entire discussion first when linking to a note](https://gitlab.com/gitlab-org/gitlab/-/commit/a85cea378a33605e7f0f1c907874a01588e281de) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177058))
+- [Lazy load create epic modal in group sidebar](https://gitlab.com/gitlab-org/gitlab/-/commit/a5cf2160ae974d9e3158002e81a00904b7452cb1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176945))
+
+### Other (83 changes)
+
+- [Finalize migration BackfillMlCandidateMetadataProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/bf4313ce6236ccecac61b9dfe26b6764ad322e9f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177814))
+- [Add not null constraint on boards_epic_lists.group_id](https://gitlab.com/gitlab-org/gitlab/-/commit/95af350244cf1d4370543b0856b102e8cc5a8e5e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177348))
+- [Introduce partitioned table for maven virtual registry cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/04a2f8cd79bceba6ceca3d38d33cfc633ff8714c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174985))
+- [Remove ci_catalog_ranking_from_new_usage_table feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/342fd847c9583e6292970693dbfafc8b096f48e9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177553))
+- [Add Asana instance integraiton model](https://gitlab.com/gitlab-org/gitlab/-/commit/b250029c95115685ef2269e96bf37a36bc25e7af) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177009))
+- [Regenerate RuboCop TODO files](https://gitlab.com/gitlab-org/gitlab/-/commit/845076c6395d038a8045e830922ac229b1ce6c0f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177727))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/065b821dde75a03d953c28f9f5ef5942b8d73c6a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177530))
+- [Cleanup lfs_sync_before_branch_updates FF](https://gitlab.com/gitlab-org/gitlab/-/commit/db5b8e427a4a5b704e707f400817781b90738e7b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175629))
+- [Remove actor override flag for GH and BBS importer](https://gitlab.com/gitlab-org/gitlab/-/commit/c31986a0ddf2adf22769fddd0bb7e8e227ea3a1d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177225))
+- [Finalize migration BackfillVulnerabilityIssueLinksProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/f44eddf3233085cfe20e35a155606edb8735c4ab) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173199))
+- [Remove unnecessary wrapper method](https://gitlab.com/gitlab-org/gitlab/-/commit/1f8bf9d684128ca7abe5f86dd685c837828e5585) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176589))
+- [Re-queue migration to delete orphaned groups](https://gitlab.com/gitlab-org/gitlab/-/commit/c987504d9fc3ab700ee2aab263bbb4065024d32f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176705))
+- [Add closed reason urls to work item GraphQL types](https://gitlab.com/gitlab-org/gitlab/-/commit/6a0355bd1506bd802199a89a799d7fc6bcc02874) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176410))
+- [Reorder migrations for ci_deleted_objects](https://gitlab.com/gitlab-org/gitlab/-/commit/811a15e015b86be3ad9460c3c8f58bf7c53f9ff6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177541))
+- [Add ClickHouse table siphon for namespaces](https://gitlab.com/gitlab-org/gitlab/-/commit/439790c4a8d8245a0aced68b3affee354653628a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176809))
+- [Remove actor override when Direct Transfer disabled](https://gitlab.com/gitlab-org/gitlab/-/commit/1fe4d0c48e09b07acdd85fa21047d7e37c127946) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177121))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/a4de4da3eb89ab6f2bcfc7737593e716c1cacb2c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/168911))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/59114bd0f80fe80d958e5bf548a5707f71c79e25) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175660))
+- [Cell ID to default to null instead of 1](https://gitlab.com/gitlab-org/gitlab/-/commit/83bd31861bbb6f8f876dcc87a663e950df28ea74) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176605))
+- [Add Assembla instance integraiton model](https://gitlab.com/gitlab-org/gitlab/-/commit/61122c53f24dc875aed30c02685e9df3c8f56d01) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177125))
+- [Revert ElasticsearchSettingsFromApplicationSettings pd migration](https://gitlab.com/gitlab-org/gitlab/-/commit/c3297053affbbccd9daf032573ebb66f68afaa49) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176987))
+- [Remove Search::Zoekt::DeleteProjectWorker job instances](https://gitlab.com/gitlab-org/gitlab/-/commit/62d09ab48c065c57b49bb386c25fb903c582b020) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176796))
+- [Drop sequence for work_item_types.id column](https://gitlab.com/gitlab-org/gitlab/-/commit/d7bd2d3a510a3b388bab70a2fd611cc1f4aeec35) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177316))
+- [Simplify Rouge/HLJS mapping](https://gitlab.com/gitlab-org/gitlab/-/commit/7288241f313b537e8d0147b599b62da48d35c8d2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177237))
+- [Fix issues.work_item_type_id values](https://gitlab.com/gitlab-org/gitlab/-/commit/b6187cdf82dac351a58d0caf7344fd239ae7f3a1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177008))
+- [Regenerate RuboCop TODO files](https://gitlab.com/gitlab-org/gitlab/-/commit/0c6ee9f4a1ffbb157a1d12229db86d3838bcad0b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176965))
+- [refactor: Extract shared examples in create_package_service_spec.rb](https://gitlab.com/gitlab-org/gitlab/-/commit/a530d278547df27923777283767355289a8e0958) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/135552))
+- [Only show active trial widget for ultimate trial plans](https://gitlab.com/gitlab-org/gitlab/-/commit/5989ba369767945fdce7f0d55cdb1d4c0fddef71) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175126)) **GitLab Enterprise Edition**
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/8b772b9c2bf37c48facaa5a6e850584efd13ab19) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177206))
+- [Finalize migration BackfillVulnerabilityMergeRequestLinksProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/17d866ec5b1b9eef51a2aeb57eb69f7673be8bdf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177102))
+- [Finalize migration MigrateOsSbomOccurrencesToComponentsWithoutPrefix](https://gitlab.com/gitlab-org/gitlab/-/commit/a964506ec361525a586e3d2a8e18c6f862776e21) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176555))
+- [Update downtime migration docs](https://gitlab.com/gitlab-org/gitlab/-/commit/454a7c8b049538bf067b5b26f216b24c0dd5f6cb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177006))
+- [Remove feature flag definition](https://gitlab.com/gitlab-org/gitlab/-/commit/3baa76347186820170868cd57bd586d137a4551f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177063))
+- [Cleanup multiple_approval_actions feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/7c3464b10f99f0e9436b0a0cb6a68e5a938a2846) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176958)) **GitLab Enterprise Edition**
+- [Finalize migration BackfillVulnerabilityUserMentionsProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/35d58d1d41fbb4fa582c96f20e46a9d383da8dbe) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177105))
+- [Fix work_item_types.id values with sequential values 1-9](https://gitlab.com/gitlab-org/gitlab/-/commit/a7d408d949089bc57e8841515462ed2e65302a1e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176199))
+- [Enable pause control for zoekt workers](https://gitlab.com/gitlab-org/gitlab/-/commit/bd5fcddc39a1e9731bf685e6a8e7523e7b983c50) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176397)) **GitLab Enterprise Edition**
+- [Cleanup premium_can_trial_again feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/7014d9705e4cc911681699f96635d0dc99c118fc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177012)) **GitLab Enterprise Edition**
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/bb539f05999f23195e720c414e08ea0a0bf03642) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176531))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/69387fa4904ced09c9e11a8008a0df850bb3cd2d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176734))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/5a3e9a5ac09bd65b0374e8ef9fa671a51f3e7ba7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175935))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/ce1d3d5ccbc19db047edf5cb208f9e40cca49d66) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176904))
+- [Remove orphaned managers from .com ci_runner_machines_687967fa8a](https://gitlab.com/gitlab-org/gitlab/-/commit/462aaa7069a91bd8728ed5d03e7e66304965ca1a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176702))
+- [Requeue backfill of ci_runners_e59bb2812d table](https://gitlab.com/gitlab-org/gitlab/-/commit/352640b68f23df48a4c55ade1a5b86edac0eee1c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176848))
+- [Fix a misspelling in BBM docs](https://gitlab.com/gitlab-org/gitlab/-/commit/d0ddaaa93a750f4d94f1e17932782587e51b4c2f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176816))
+- [Add tracking metrics for multiple approver actions](https://gitlab.com/gitlab-org/gitlab/-/commit/69698ce2a8fb498aa4fe23ae28b03f9f90732323) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176669)) **GitLab Enterprise Edition**
+- [Delete redundant docs link from "Linked items"](https://gitlab.com/gitlab-org/gitlab/-/commit/02f55377e3ad2a835565f4649c537d1c8eae7db1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176373))
+- [Remove UpdateIndexUsedBytesWorker job instances](https://gitlab.com/gitlab-org/gitlab/-/commit/e6ff37c5d5baf2c726a0e040adefe2cdf7ef0d4d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176370))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/a1e0166ed5be34e20a383ef708532601ea78e9e7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176436))
+- [Add feature category to github import specs](https://gitlab.com/gitlab-org/gitlab/-/commit/1eeee0715368cc84e14984a7ca129e85b4d26ef9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176639))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/77584f240200517e72f1bc2ee337f1b04adb98ed) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176622))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/6c7305dc7df6a81c2715092a1d7c3662b2f2fbef) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176623))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/5794d86d54baa394202f1f884cf5a00b10ab0f2e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176529))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/6c3878db73f8b22319370bf04157708fd93b1f4f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176528))
+- [Remove feature_flag admin_agnostic_token_finder](https://gitlab.com/gitlab-org/gitlab/-/commit/98f46d84b317d58b390d132db614bf01ff7166cd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175948))
+- [Finalize migration BackfillVulnerabilityFindingLinksProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/f6a25bd597ee9ea6d40af40d264c197b903b16f2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173669))
+- [Finalize migration BackfillVulnerabilityFlagsProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/1535feaa3f0cf60aa2d7d687db1d2a0095adbcf9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173666))
+- [Finalize migration BackfillVulnerabilityFindingEvidencesProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/18aa5ef132089182d9161d2a43bde86a8191bf82) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173670))
+- [Finalize migration BackfillVulnerabilityFindingSignaturesProjectId](https://gitlab.com/gitlab-org/gitlab/-/commit/e1fd372507b4c2a4ed7df951e1b3ae35fe345cff) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173668))
+- [Protected packages: Add regex validation for pypi protection rules](https://gitlab.com/gitlab-org/gitlab/-/commit/8f36ed9ab9ebbd936d3656196ac1f93174482377) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/163504))
+- [Merge branch '458891-metadata-api-get-kas-version-by-serverinfo-rpc' into 'master' ](https://gitlab.com/gitlab-org/gitlab/-/commit/df2696997a349f2eee23249ee03d544421620caf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/164579))
+- [Create helper method for tree header app](https://gitlab.com/gitlab-org/gitlab/-/commit/80c65af2ce8e4ded806234fae0bc52fd32380c8b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175882)) **GitLab Enterprise Edition**
+- [Removed git_guardian_integration FF](https://gitlab.com/gitlab-org/gitlab/-/commit/6010a33d68859beb94e2752e1d1fa1f1dc5cc070) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176391))
+- [Detail view renders legcy issue view for unsupported work item types](https://gitlab.com/gitlab-org/gitlab/-/commit/1dc9935158f50957e8e085d4bb02484c22dc8abb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175109))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/8df9984fee8f89a492bf588ee579a12c20806b6f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175780))
+- [Updates step_url for users that do not have registration_type](https://gitlab.com/gitlab-org/gitlab/-/commit/016db0bc2dc46dad61420cca3e44bbfea99ebf47) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176324))
+- [Update vulnerability_management_policy to clarify group availability](https://gitlab.com/gitlab-org/gitlab/-/commit/ab4a7bf97d0d641172a9beb4f3210bbd01843a73) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176297)) **GitLab Enterprise Edition**
+- [Consolidate elasticsearch application settings into one JSON field](https://gitlab.com/gitlab-org/gitlab/-/commit/32cdd44b376797f334d7caee3c1ae6ff479aff3f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174172)) **GitLab Enterprise Edition**
+- [Run EnsureFactoryForTable in CE to avoid RedundantCopDisableDirective](https://gitlab.com/gitlab-org/gitlab/-/commit/bb76605d0478523248efd3dfcf66db71c1f8c377) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176077))
+- [Add missing widgets to incidents for parity with issues](https://gitlab.com/gitlab-org/gitlab/-/commit/088689c5ac4cd35385fde8f2a9dcddc5685102b4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175386))
+- [Add & backfill sharding keys for protected_branch_unprotect_access_level](https://gitlab.com/gitlab-org/gitlab/-/commit/dbfa3214907589f2b72b6a6209b133879687ba4d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175718))
+- [Remove feature flag write_to_ci_runner_taggings](https://gitlab.com/gitlab-org/gitlab/-/commit/49f214f6bab911e8759e7d2b505955c2fd27c954) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176163))
+- [test: Move test from feature test to model test](https://gitlab.com/gitlab-org/gitlab/-/commit/c6758b7dabde0357b81c001037d48da16cca0d21) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176136))
+- [Reclaim disk space used by old job tokens](https://gitlab.com/gitlab-org/gitlab/-/commit/2fda52e5b7c0f7ee4311b80cf7b3d2bcfab8336f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/176025))
+- [Quarantine a flaky test](https://gitlab.com/gitlab-org/gitlab/-/commit/6d1ff2c64b8bd29805d313ce6c279eba470b8fc2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175782))
+- [Fix variable literal](https://gitlab.com/gitlab-org/gitlab/-/commit/9aaead6bf01a3d7e14ecfc7ffe23b4f85bcd53a9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175983)) **GitLab Enterprise Edition**
+- [Add and backfill namespace_id for issuable_slas](https://gitlab.com/gitlab-org/gitlab/-/commit/2ac50a8ce7a485bac517029185f48cde9558ce80) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175719))
+- [Add & backfill sharding keys for bulk_import_export_uploads](https://gitlab.com/gitlab-org/gitlab/-/commit/f38e81eda4b4c71cb1bae5372ddf6e6dc2045a19) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175723))
+- [Use the project_id_from and project_id_to in InitialIndexingEventWorker](https://gitlab.com/gitlab-org/gitlab/-/commit/9f084888bf20d6e4c0e4ddb0523f01f8e150ed64) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175844)) **GitLab Enterprise Edition**
+- [Remove cache_autocomplete_sources_* feature flags](https://gitlab.com/gitlab-org/gitlab/-/commit/20bb52a61f038d6e09f69fd852f8b0191846cbc6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175874))
+- [Remove feature flag `ai_custom_model`](https://gitlab.com/gitlab-org/gitlab/-/commit/790adc35614aa08ea66a4a3b66233e9320cf9dce) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175687))
+- [Remove default on `group_saved_replies_flag feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/75d49fe13646e1e0d3b68233ac4a965c86853917) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175647))
+- [Remove use_actual_plan_in_license_check flag](https://gitlab.com/gitlab-org/gitlab/-/commit/b8c3fe16aedb69c82ff52d1c695d72e933c4b946) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175649))
+
 ## 17.7.1 (2025-01-08)
 
 ### Fixed (3 changes)
-- 
GitLab


From f03594b9e09b648c839e9c008286a24c93c82373 Mon Sep 17 00:00:00 2001
From: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Date: Wed, 15 Jan 2025 09:47:21 +0000
Subject: [PATCH 04/14] Update VERSION files

[merge-train skip]
---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index efb1f29c48fd98..781a4212e96ed8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-17.8.0-rc42-ee
\ No newline at end of file
+17.8.0-ee
\ No newline at end of file
-- 
GitLab


From 56ec66bf17ebe35fe952167cc79dd60565c6d059 Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Thu, 25 Jan 2024 00:03:42 +0100
Subject: [PATCH 05/14] Add self_rotate scope for access token self rotate
 endpoint

Add a new scope which allows personal access tokens to rotate themselves
without the `api` scope. The following endpoint can now be accessed with
`self_rotate` scope:

- POST /personal_access_tokens/self/rotate

Changelog: added
---
 config/locales/doorkeeper.en.yml              |  4 ++
 lib/gitlab/auth.rb                            |  5 ++-
 spec/lib/gitlab/auth_spec.rb                  | 37 ++++++++++---------
 .../settings/access_tokens_controller_spec.rb |  1 +
 spec/requests/openid_connect_spec.rb          |  2 +-
 .../settings/access_tokens_controller_spec.rb |  1 +
 6 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index 624955ed912926..8e824d10a14451 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -81,6 +81,7 @@ en:
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes.
       ai_features: Access to API endpoints needed for GitLab Duo features
       read_service_ping: Grant access to download Service Ping payload via API when authenticated as an admin user
+      self_rotate: Grant token to rotate itself
       user:*: Grants access only if both the token owner and user:<id> has access to the resource.
     scope_desc:
       api: Grants complete read/write access to the API, including all groups and projects, the container registry, the dependency proxy, and the package registry.
@@ -102,6 +103,7 @@ en:
       manage_runner: Grants access to manage the runners.
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes.
       read_service_ping: Grant access to download Service Ping payload via API when authenticated as an admin user
+      self_rotate: Grants token to rotate itself.
     group_access_token_scope_desc:
       api: Grants complete read and write access to the scoped group and related project API, including the container registry, the dependency proxy, and the package registry.
       read_api: Grants read access to the scoped group and related project API, including the package registry.
@@ -121,6 +123,7 @@ en:
       create_runner: Grants permission to create runners in a group.
       manage_runner: Grants access to manage the runners in a group.
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes in a group.
+      self_rotate: Grants token to rotate itself.
     project_access_token_scope_desc:
       api: Grants complete read and write access to the scoped project API, including the container registry, the dependency proxy, and the package registry.
       read_api: Grants read access to the scoped project API, including the Package Registry.
@@ -134,6 +137,7 @@ en:
       manage_runner: Grants access to manage the runners.
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes.
       ai_features: Grants access to GitLab Duo related API endpoints.
+      self_rotate: Grants token to rotate itself.
     flash:
       applications:
         create:
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 4fa771b447c7d5..02fc0c0d5adefa 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -7,6 +7,9 @@ module Auth
     # Scopes used for GitLab internal API (Kubernetes cluster access)
     K8S_PROXY_SCOPE = :k8s_proxy
 
+    # Scopes used for token allowed to rotate themselves
+    ROTATE_SELF_SCOPE = :self_rotate
+
     # Scopes used for GitLab API access
     API_SCOPE = :api
     READ_API_SCOPE = :read_api
@@ -17,7 +20,7 @@ module Auth
       API_SCOPE, READ_API_SCOPE,
       READ_USER_SCOPE,
       CREATE_RUNNER_SCOPE, MANAGE_RUNNER_SCOPE,
-      K8S_PROXY_SCOPE
+      K8S_PROXY_SCOPE, ROTATE_SELF_SCOPE
     ].freeze
 
     # Scopes for Duo
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index b1df7cf55d2d07..38a0263aca3eda 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -15,7 +15,7 @@
 
   describe 'constants' do
     it 'API_SCOPES contains all scopes for API access' do
-      expect(subject::API_SCOPES).to match_array %i[api read_user read_api create_runner manage_runner k8s_proxy]
+      expect(subject::API_SCOPES).to match_array %i[api read_user read_api create_runner manage_runner k8s_proxy self_rotate]
     end
 
     it 'ADMIN_SCOPES contains all scopes for ADMIN access' do
@@ -47,7 +47,7 @@
     it 'contains all non-default scopes' do
       expect(subject.all_available_scopes).to match_array %i[
         api read_user read_api read_repository read_service_ping write_repository read_registry write_registry
-        sudo admin_mode read_observability write_observability create_runner manage_runner k8s_proxy ai_features
+        sudo admin_mode read_observability write_observability create_runner manage_runner k8s_proxy ai_features self_rotate
       ]
     end
 
@@ -56,7 +56,7 @@
 
       expect(subject.available_scopes_for(user)).to match_array %i[
         api read_user read_api read_repository write_repository read_registry write_registry
-        create_runner manage_runner k8s_proxy ai_features
+        create_runner manage_runner k8s_proxy ai_features self_rotate
       ]
     end
 
@@ -65,14 +65,14 @@
 
       expect(subject.available_scopes_for(user)).to match_array %i[
         api read_user read_api read_repository read_service_ping write_repository read_registry write_registry
-        sudo admin_mode create_runner manage_runner k8s_proxy ai_features
+        sudo admin_mode create_runner manage_runner k8s_proxy ai_features self_rotate
       ]
     end
 
     it 'contains for project all resource bot scopes' do
       expect(subject.available_scopes_for(project)).to match_array %i[
         api read_api read_repository write_repository read_registry write_registry
-        read_observability write_observability create_runner manage_runner k8s_proxy ai_features
+        read_observability write_observability create_runner manage_runner k8s_proxy ai_features self_rotate
       ]
     end
 
@@ -81,7 +81,7 @@
 
       expect(subject.available_scopes_for(group)).to match_array %i[
         api read_api read_repository write_repository read_registry write_registry
-        read_observability write_observability create_runner manage_runner k8s_proxy ai_features
+        read_observability write_observability create_runner manage_runner k8s_proxy ai_features self_rotate
       ]
     end
 
@@ -106,6 +106,7 @@
         read_repository
         read_service_ping
         read_user
+        self_rotate
         sudo
         user:*
         write_observability
@@ -127,7 +128,7 @@
 
           expect(subject.available_scopes_for(group)).to match_array %i[
             api read_api read_repository write_repository read_registry write_registry create_runner manage_runner
-            k8s_proxy ai_features
+            k8s_proxy ai_features self_rotate
           ]
         end
 
@@ -139,7 +140,7 @@
 
           expect(subject.available_scopes_for(project)).to match_array %i[
             api read_api read_repository write_repository read_registry write_registry create_runner manage_runner
-            k8s_proxy ai_features
+            k8s_proxy ai_features self_rotate
           ]
         end
       end
@@ -156,26 +157,26 @@
           stub_feature_flags(observability_features: parent)
         end
 
-        it 'contains for group all resource bot scopes including observability scopes' do
-          expect(subject.available_scopes_for(group)).to match_array %i[
-            api read_api read_repository write_repository read_registry write_registry
-            read_observability write_observability create_runner manage_runner k8s_proxy ai_features
-          ]
-        end
+          it 'contains for group all resource bot scopes including observability scopes' do
+            expect(subject.available_scopes_for(group)).to match_array %i[
+              api read_api read_repository write_repository read_registry write_registry
+              read_observability write_observability create_runner manage_runner k8s_proxy ai_features
+            ]
+          end
 
         it 'contains for admin user all non-default scopes with ADMIN access and without observability scopes' do
           user = build_stubbed(:user, admin: true)
 
           expect(subject.available_scopes_for(user)).to match_array %i[
             api read_user read_api read_repository write_repository read_registry write_registry read_service_ping
-            sudo admin_mode create_runner manage_runner k8s_proxy ai_features
+            sudo admin_mode create_runner manage_runner k8s_proxy ai_features self_rotate
           ]
         end
 
         it 'contains for project all resource bot scopes including observability scopes' do
           expect(subject.available_scopes_for(project)).to match_array %i[
             api read_api read_repository write_repository read_registry write_registry
-            read_observability write_observability create_runner manage_runner k8s_proxy ai_features
+            read_observability write_observability create_runner manage_runner k8s_proxy ai_features self_rotate
           ]
         end
 
@@ -187,7 +188,7 @@
 
           expect(subject.available_scopes_for(other_group)).to match_array %i[
             api read_api read_repository write_repository read_registry write_registry
-            create_runner manage_runner k8s_proxy ai_features
+            create_runner manage_runner k8s_proxy ai_features self_rotate
           ]
         end
 
@@ -200,7 +201,7 @@
 
           expect(subject.available_scopes_for(other_project)).to match_array %i[
             api read_api read_repository write_repository read_registry write_registry
-            create_runner manage_runner k8s_proxy ai_features
+            create_runner manage_runner k8s_proxy ai_features self_rotate
           ]
         end
       end
diff --git a/spec/requests/groups/settings/access_tokens_controller_spec.rb b/spec/requests/groups/settings/access_tokens_controller_spec.rb
index ecccbc7f9e0867..f0537fbcb53752 100644
--- a/spec/requests/groups/settings/access_tokens_controller_spec.rb
+++ b/spec/requests/groups/settings/access_tokens_controller_spec.rb
@@ -120,6 +120,7 @@
 
     it 'sets available scopes' do
       expect(assigns(:scopes)).to include(Gitlab::Auth::K8S_PROXY_SCOPE)
+      expect(assigns(:scopes)).to include(Gitlab::Auth::ROTATE_SELF_SCOPE)
     end
   end
 end
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb
index 561a3154ae6e59..e8ce642f2fb5f5 100644
--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -274,7 +274,7 @@ def request_user_info!
     let(:expected_scopes) do
       %w[
         admin_mode api read_user read_api read_repository write_repository sudo openid profile email
-        read_observability write_observability create_runner manage_runner k8s_proxy ai_features read_service_ping ai_workflows user:*
+        read_observability write_observability create_runner manage_runner k8s_proxy ai_features read_service_ping ai_workflows self_rotate user:*
       ]
     end
 
diff --git a/spec/requests/projects/settings/access_tokens_controller_spec.rb b/spec/requests/projects/settings/access_tokens_controller_spec.rb
index 62855e9a7e47e3..382be2976f9f98 100644
--- a/spec/requests/projects/settings/access_tokens_controller_spec.rb
+++ b/spec/requests/projects/settings/access_tokens_controller_spec.rb
@@ -121,6 +121,7 @@
 
     it 'sets available scopes' do
       expect(assigns(:scopes)).to include(Gitlab::Auth::K8S_PROXY_SCOPE)
+      expect(assigns(:scopes)).to include(Gitlab::Auth::ROTATE_SELF_SCOPE)
     end
   end
 end
-- 
GitLab


From 1a0f268ae415e4252be78359a7773b0f8d496dbe Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Thu, 25 Jan 2024 01:49:08 +0100
Subject: [PATCH 06/14] Allow `self_rotate' scoped token to self rotate

---
 lib/api/personal_access_tokens/self_rotation.rb             | 1 +
 .../api/personal_access_tokens/self_rotation_spec.rb        | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/api/personal_access_tokens/self_rotation.rb b/lib/api/personal_access_tokens/self_rotation.rb
index da21fca8b554be..3cdc7690e82917 100644
--- a/lib/api/personal_access_tokens/self_rotation.rb
+++ b/lib/api/personal_access_tokens/self_rotation.rb
@@ -10,6 +10,7 @@ class SelfRotation < ::API::Base
       helpers ::API::Helpers::PersonalAccessTokensHelpers
 
       allow_access_with_scope :api
+      allow_access_with_scope :self_rotate
 
       before { authenticate! }
 
diff --git a/spec/requests/api/personal_access_tokens/self_rotation_spec.rb b/spec/requests/api/personal_access_tokens/self_rotation_spec.rb
index 697f8f3a07fb79..5e0e6af6a5e4ed 100644
--- a/spec/requests/api/personal_access_tokens/self_rotation_spec.rb
+++ b/spec/requests/api/personal_access_tokens/self_rotation_spec.rb
@@ -55,7 +55,7 @@
           let(:current_user) { create(:admin) }
           let(:token) { create(:personal_access_token, scopes: [scope], user: current_user) }
 
-          if [Gitlab::Auth::API_SCOPE].include? scope
+          if [Gitlab::Auth::API_SCOPE, Gitlab::Auth::ROTATE_SELF_SCOPE].include? scope
             it_behaves_like 'rotating token succeeds'
           else
             it_behaves_like 'rotating token denied', :forbidden
@@ -87,7 +87,7 @@
           let(:current_user) { create(:user) }
           let(:token) { create(:personal_access_token, scopes: [scope], user: current_user) }
 
-          if [Gitlab::Auth::API_SCOPE].include? scope
+          if [Gitlab::Auth::API_SCOPE, Gitlab::Auth::ROTATE_SELF_SCOPE].include? scope
             it_behaves_like 'rotating token succeeds'
           else
             it_behaves_like 'rotating token denied', :forbidden
@@ -141,7 +141,7 @@
         context "with a '#{scope}' scoped token" do
           let(:token) { create(:oauth_access_token, scopes: [scope]) }
 
-          if [Gitlab::Auth::API_SCOPE].include? scope
+          if [Gitlab::Auth::API_SCOPE, Gitlab::Auth::ROTATE_SELF_SCOPE].include? scope
             it_behaves_like 'rotating token denied', :method_not_allowed
           else
             it_behaves_like 'rotating token denied', :forbidden
-- 
GitLab


From 37c98971122d4023a3a5d5618e716b28cdb59865 Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Fri, 26 Jan 2024 22:30:15 +0100
Subject: [PATCH 07/14] Allow GrAT and PrAT to use the self-rotation API

Group access tokens and project access token, having `api` or
`self_rotate` scope can now be rotated using the
POST /personal_access_tokens/self/rotate endpoint.

Changelog: changed
---
 .../personal_access_tokens/self_rotation.rb   |  1 -
 .../self_rotation_spec.rb                     | 29 ++++++++++++++++---
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/lib/api/personal_access_tokens/self_rotation.rb b/lib/api/personal_access_tokens/self_rotation.rb
index 3cdc7690e82917..320af5f1a314ad 100644
--- a/lib/api/personal_access_tokens/self_rotation.rb
+++ b/lib/api/personal_access_tokens/self_rotation.rb
@@ -34,7 +34,6 @@ class SelfRotation < ::API::Base
         end
         post 'self/rotate' do
           not_allowed! unless access_token.is_a? PersonalAccessToken
-          forbidden! if current_user.project_bot?
 
           new_token = rotate_token(access_token, declared_params)
 
diff --git a/spec/requests/api/personal_access_tokens/self_rotation_spec.rb b/spec/requests/api/personal_access_tokens/self_rotation_spec.rb
index 5e0e6af6a5e4ed..e14a4bfb98a66b 100644
--- a/spec/requests/api/personal_access_tokens/self_rotation_spec.rb
+++ b/spec/requests/api/personal_access_tokens/self_rotation_spec.rb
@@ -93,6 +93,15 @@
             it_behaves_like 'rotating token denied', :forbidden
           end
         end
+
+        context "with '#{scope}' and 'self_rotate' scoped token" do
+          let(:current_user) { create(:user) }
+          let(:token) do
+            create(:personal_access_token, scopes: [scope, Gitlab::Auth::ROTATE_SELF_SCOPE], user: current_user)
+          end
+
+          it_behaves_like 'rotating token succeeds'
+        end
       end
     end
 
@@ -170,26 +179,38 @@
     context 'when current_user is a project bot' do
       let(:current_user) { create(:user, :project_bot) }
 
-      it_behaves_like 'rotating token denied', :forbidden
+      it_behaves_like 'rotating token succeeds'
 
       context 'when expiry is defined' do
         let(:expiry_date) { Date.today + 1.month }
         let(:params) { { expires_at: expiry_date } }
 
-        it_behaves_like 'rotating token denied', :forbidden
+        it_behaves_like 'rotating token succeeds'
       end
 
       context 'with impersonated token' do
         let(:token) { create(:personal_access_token, :impersonation, user: current_user) }
 
-        it_behaves_like 'rotating token denied', :forbidden
+        it_behaves_like 'rotating token succeeds'
       end
 
       Gitlab::Auth.resource_bot_scopes.each do |scope|
         context "with a '#{scope}' scoped token" do
           let(:token) { create(:personal_access_token, scopes: [scope], user: current_user) }
 
-          it_behaves_like 'rotating token denied', :forbidden
+          if [Gitlab::Auth::API_SCOPE, Gitlab::Auth::ROTATE_SELF_SCOPE].include? scope
+            it_behaves_like 'rotating token succeeds'
+          else
+            it_behaves_like 'rotating token denied', :forbidden
+          end
+        end
+
+        context "with '#{scope}' and 'self_rotate' scoped token" do
+          let(:token) do
+            create(:personal_access_token, scopes: [scope, Gitlab::Auth::ROTATE_SELF_SCOPE], user: current_user)
+          end
+
+          it_behaves_like 'rotating token succeeds'
         end
       end
     end
-- 
GitLab


From 13d12710e1e75be8fd4f0506fca33367e66626d4 Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Fri, 26 Jan 2024 22:30:46 +0100
Subject: [PATCH 08/14] Update API documentation

---
 doc/api/personal_access_tokens.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/api/personal_access_tokens.md b/doc/api/personal_access_tokens.md
index c5fdfd89d76a74..929cd6f0ed49ea 100644
--- a/doc/api/personal_access_tokens.md
+++ b/doc/api/personal_access_tokens.md
@@ -275,7 +275,7 @@ Example response:
 
 Requires:
 
-- `api` scope.
+- `api` or `self_rotate` scope.
 
 In GitLab 16.6 and later, you can use the `expires_at` parameter to set a different expiry date. This non-default expiry date is subject to the [maximum allowable lifetime limits](../user/profile/personal_access_tokens.md#access-token-expiration).
 
-- 
GitLab


From c90139515ee45873865198e4b8e92c0dc1955504 Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Tue, 13 Feb 2024 20:48:17 +0100
Subject: [PATCH 09/14] Add self_rotate scope in  project/group/personal token
 documentation

---
 doc/user/group/settings/group_access_tokens.md     |  1 +
 doc/user/profile/personal_access_tokens.md         |  1 +
 doc/user/project/settings/project_access_tokens.md |  1 +
 spec/lib/gitlab/auth_spec.rb                       | 12 ++++++------
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md
index 31fccf72a9074e..bd7795005b37ac 100644
--- a/doc/user/group/settings/group_access_tokens.md
+++ b/doc/user/group/settings/group_access_tokens.md
@@ -172,6 +172,7 @@ The scope determines the actions you can perform when you authenticate with a gr
 | `manage_runner`    | Grants permission to manage runners in a group.                                                                                                                                                                                                                                                            |
 | `ai_features`      | Grants permission to perform API actions for GitLab Duo. This scope is designed to work with the GitLab Duo Plugin for JetBrains. For all other extensions, see scope requirements.                                                                                                          |
 | `k8s_proxy`        | Grants permission to perform Kubernetes API calls using the agent for Kubernetes in a group.                                                                                                                                                                                                               |
+| `self_rotate`      | Grants permission to use the [personal access token API](../../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10.)                                                       |
 
 ## Restrict the creation of group access tokens
 
diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md
index 86d8e4e82f3ce5..89516ecfbc8abd 100644
--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -205,6 +205,7 @@ A personal access token can perform actions based on the assigned scopes.
 | `manage_runner`    | Grants permission to manage runners.                                                                    |
 | `ai_features`      | This scope:<br>- Grants permission to perform API actions for features like GitLab Duo, Code Suggestions API and Duo Chat API.<br>- Does not work for GitLab self-managed versions 16.5, 16.6, and 16.7.<br>For GitLab Duo plugin for JetBrains, this scope:<br>- Supports users with AI features enabled in the GitLab Duo plugin for JetBrains.<br>- Addresses a security vulnerability in JetBrains IDE plugins that could expose personal access tokens.<br>- Is designed to minimize potential risks for GitLab Duo plugin users by limiting the impact of compromised tokens.<br>For all other extensions, see the individual scope requirements in their documentation.                                                                                                                                |
 | `k8s_proxy`        | Grants permission to perform Kubernetes API calls using the agent for Kubernetes.                                                                                                                                                                                                                                  |
+| `self_rotate`      | Grants permission to use the [personal access token API](../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10.)                                                               |
 | `read_service_ping`| Grant access to download Service Ping payload through the API when authenticated as an admin use. |
 
 WARNING:
diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md
index bf2dfd8e5d88b1..45767a95780cac 100644
--- a/doc/user/project/settings/project_access_tokens.md
+++ b/doc/user/project/settings/project_access_tokens.md
@@ -128,6 +128,7 @@ See the warning in [create a project access token](#create-a-project-access-toke
 | `manage_runner`    | Grants permission to manage runners in the project.                                                                                                                                                                                                                                      |
 | `ai_features`      | Grants permission to perform API actions for GitLab Duo. This scope is designed to work with the GitLab Duo Plugin for JetBrains. For all other extensions, see scope requirements.                                                                                                          |
 | `k8s_proxy`        | Grants permission to perform Kubernetes API calls using the agent for Kubernetes in the project.                                                                                                                                                                                         |
+| `self_rotate`      | Grants permission to use the [personal access token API](../../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10.)                                     |
 
 ## Restrict the creation of project access tokens
 
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 38a0263aca3eda..08b50a98b900fe 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -157,12 +157,12 @@
           stub_feature_flags(observability_features: parent)
         end
 
-          it 'contains for group all resource bot scopes including observability scopes' do
-            expect(subject.available_scopes_for(group)).to match_array %i[
-              api read_api read_repository write_repository read_registry write_registry
-              read_observability write_observability create_runner manage_runner k8s_proxy ai_features
-            ]
-          end
+        it 'contains for group all resource bot scopes including observability scopes' do
+          expect(subject.available_scopes_for(group)).to match_array %i[
+            api read_api read_repository write_repository read_registry write_registry
+            read_observability write_observability create_runner manage_runner k8s_proxy ai_features
+          ]
+        end
 
         it 'contains for admin user all non-default scopes with ADMIN access and without observability scopes' do
           user = build_stubbed(:user, admin: true)
-- 
GitLab


From 09cb4d17a5d09fcbae76d8f7708228328f3a1265 Mon Sep 17 00:00:00 2001
From: Jon Glassman <jglassman@gitlab.com>
Date: Wed, 14 Feb 2024 12:36:15 +0000
Subject: [PATCH 10/14] Move history items in documentation

---
 doc/user/group/settings/group_access_tokens.md     | 3 ++-
 doc/user/profile/personal_access_tokens.md         | 3 ++-
 doc/user/project/settings/project_access_tokens.md | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md
index bd7795005b37ac..173e09690cde4d 100644
--- a/doc/user/group/settings/group_access_tokens.md
+++ b/doc/user/group/settings/group_access_tokens.md
@@ -157,6 +157,7 @@ To revoke or rotate a group access token:
 
 > - `k8s_proxy` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/422408) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `k8s_proxy_pat`. Enabled by default.
 > - Feature flag `k8s_proxy_pat` [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131518) in GitLab 16.5.
+> - `self_rotate` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10. Enabled by default.
 
 The scope determines the actions you can perform when you authenticate with a group access token.
 
@@ -172,7 +173,7 @@ The scope determines the actions you can perform when you authenticate with a gr
 | `manage_runner`    | Grants permission to manage runners in a group.                                                                                                                                                                                                                                                            |
 | `ai_features`      | Grants permission to perform API actions for GitLab Duo. This scope is designed to work with the GitLab Duo Plugin for JetBrains. For all other extensions, see scope requirements.                                                                                                          |
 | `k8s_proxy`        | Grants permission to perform Kubernetes API calls using the agent for Kubernetes in a group.                                                                                                                                                                                                               |
-| `self_rotate`      | Grants permission to use the [personal access token API](../../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10.)                                                       |
+| `self_rotate`      | Grants permission to use the [personal access token API](../../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself.                                                        |
 
 ## Restrict the creation of group access tokens
 
diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md
index 89516ecfbc8abd..566f842b44a640 100644
--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -185,6 +185,7 @@ To view the last time a token was used, and the IP addresses from where the toke
 > - Personal access tokens no longer being able to access container or package registries [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387721) in GitLab 16.0.
 > - `k8s_proxy` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/422408) in GitLab 16.4 [with a flag](../../administration/feature_flags.md) named `k8s_proxy_pat`. Enabled by default.
 > - Feature flag `k8s_proxy_pat` [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131518) in GitLab 16.5.
+> - `self_rotate` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10. Enabled by default.
 > - `read_service_ping` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/42692#note_1222832412) in GitLab 17.1.
 > - `manage_runner` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/460721) in GitLab 17.1.
 
@@ -205,7 +206,7 @@ A personal access token can perform actions based on the assigned scopes.
 | `manage_runner`    | Grants permission to manage runners.                                                                    |
 | `ai_features`      | This scope:<br>- Grants permission to perform API actions for features like GitLab Duo, Code Suggestions API and Duo Chat API.<br>- Does not work for GitLab self-managed versions 16.5, 16.6, and 16.7.<br>For GitLab Duo plugin for JetBrains, this scope:<br>- Supports users with AI features enabled in the GitLab Duo plugin for JetBrains.<br>- Addresses a security vulnerability in JetBrains IDE plugins that could expose personal access tokens.<br>- Is designed to minimize potential risks for GitLab Duo plugin users by limiting the impact of compromised tokens.<br>For all other extensions, see the individual scope requirements in their documentation.                                                                                                                                |
 | `k8s_proxy`        | Grants permission to perform Kubernetes API calls using the agent for Kubernetes.                                                                                                                                                                                                                                  |
-| `self_rotate`      | Grants permission to use the [personal access token API](../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10.)                                                               |
+| `self_rotate`      | Grants permission to use the [personal access token API](../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself.                                                                |
 | `read_service_ping`| Grant access to download Service Ping payload through the API when authenticated as an admin use. |
 
 WARNING:
diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md
index 45767a95780cac..fbf61d91f4f63e 100644
--- a/doc/user/project/settings/project_access_tokens.md
+++ b/doc/user/project/settings/project_access_tokens.md
@@ -110,6 +110,7 @@ To revoke or rotate a project access token:
 
 > - `k8s_proxy` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/422408) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `k8s_proxy_pat`. Enabled by default.
 > - Feature flag `k8s_proxy_pat` [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131518) in GitLab 16.5.
+> - `self_rotate` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10. Enabled by default.
 
 The scope determines the actions you can perform when you authenticate with a project access token.
 
@@ -128,7 +129,7 @@ See the warning in [create a project access token](#create-a-project-access-toke
 | `manage_runner`    | Grants permission to manage runners in the project.                                                                                                                                                                                                                                      |
 | `ai_features`      | Grants permission to perform API actions for GitLab Duo. This scope is designed to work with the GitLab Duo Plugin for JetBrains. For all other extensions, see scope requirements.                                                                                                          |
 | `k8s_proxy`        | Grants permission to perform Kubernetes API calls using the agent for Kubernetes in the project.                                                                                                                                                                                         |
-| `self_rotate`      | Grants permission to use the [personal access token API](../../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142995) in GitLab 16.10.)                                     |
+| `self_rotate`      | Grants permission to use the [personal access token API](../../../api/personal_access_tokens.md#use-a-request-header) to rotate the token with itself.                                      |
 
 ## Restrict the creation of project access tokens
 
-- 
GitLab


From a5684662e2ab007c7b5766b587fe76b9ae490aa9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Talbot?= <stephane.talbot@univ-savoie.fr>
Date: Wed, 14 Feb 2024 13:03:00 +0000
Subject: [PATCH 11/14] Apply 4 suggestion(s) to 1 file(s)

---
 config/locales/doorkeeper.en.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index 8e824d10a14451..201da8bd9fcd77 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -81,7 +81,7 @@ en:
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes.
       ai_features: Access to API endpoints needed for GitLab Duo features
       read_service_ping: Grant access to download Service Ping payload via API when authenticated as an admin user
-      self_rotate: Grant token to rotate itself
+      self_rotate: Grants permission for token to rotate itself
       user:*: Grants access only if both the token owner and user:<id> has access to the resource.
     scope_desc:
       api: Grants complete read/write access to the API, including all groups and projects, the container registry, the dependency proxy, and the package registry.
@@ -103,7 +103,7 @@ en:
       manage_runner: Grants access to manage the runners.
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes.
       read_service_ping: Grant access to download Service Ping payload via API when authenticated as an admin user
-      self_rotate: Grants token to rotate itself.
+      self_rotate: Grants permission for token to rotate itself.
     group_access_token_scope_desc:
       api: Grants complete read and write access to the scoped group and related project API, including the container registry, the dependency proxy, and the package registry.
       read_api: Grants read access to the scoped group and related project API, including the package registry.
@@ -123,7 +123,7 @@ en:
       create_runner: Grants permission to create runners in a group.
       manage_runner: Grants access to manage the runners in a group.
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes in a group.
-      self_rotate: Grants token to rotate itself.
+      self_rotate: Grants permission for token to rotate itself.
     project_access_token_scope_desc:
       api: Grants complete read and write access to the scoped project API, including the container registry, the dependency proxy, and the package registry.
       read_api: Grants read access to the scoped project API, including the Package Registry.
@@ -137,7 +137,7 @@ en:
       manage_runner: Grants access to manage the runners.
       k8s_proxy: Grants permission to perform Kubernetes API calls using the agent for Kubernetes.
       ai_features: Grants access to GitLab Duo related API endpoints.
-      self_rotate: Grants token to rotate itself.
+      self_rotate: Grants permission for token to rotate itself.
     flash:
       applications:
         create:
-- 
GitLab


From fdbe62aa1ffe9c5b89c6952378edee40c908bc82 Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Sat, 17 Feb 2024 20:30:06 +0100
Subject: [PATCH 12/14] Add tests for resource token self rotate APIs

---
 .../self_rotation_spec.rb                     | 189 ++++++++++++++++++
 1 file changed, 189 insertions(+)
 create mode 100644 spec/requests/api/resource_access_tokens/self_rotation_spec.rb

diff --git a/spec/requests/api/resource_access_tokens/self_rotation_spec.rb b/spec/requests/api/resource_access_tokens/self_rotation_spec.rb
new file mode 100644
index 00000000000000..e527886c5b4e9b
--- /dev/null
+++ b/spec/requests/api/resource_access_tokens/self_rotation_spec.rb
@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::ResourceAccessTokens::SelfRotation, feature_category: :system_access do
+  let(:token) { create(:personal_access_token, user: current_user) }
+  let(:expiry_date) { Date.today + 1.week }
+  let(:params) { {} }
+
+  let_it_be(:current_user) { create(:user, :project_bot) }
+  let_it_be(:other_user) { create(:user, :project_bot) }
+
+  subject(:rotate_token) { post(api(path, personal_access_token: token), params: params) }
+
+  shared_examples 'rotating token succeeds' do
+    it 'rotate token', :aggregate_failures do
+      rotate_token
+
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(json_response['token']).not_to eq(token.token)
+      expect(json_response['expires_at']).to eq(expiry_date.to_s)
+      expect(token.reload).to be_revoked
+    end
+  end
+
+  shared_examples 'rotating token denied' do |status|
+    it 'cannot rotate token' do
+      rotate_token
+
+      expect(response).to have_gitlab_http_status(status)
+    end
+  end
+
+  shared_examples 'rotating resource access token' do |source_type|
+    let(:resource_id) { resource.id }
+    let(:path) { "/#{source_type}s/#{resource_id}/access_tokens/self/rotate" }
+
+    describe "POST #{source_type}s/:id/access_tokens/self/rotate" do
+      context 'when token is not a valid resource token' do
+        context 'when token is a personal access token' do
+          before do
+            resource.add_guest(current_user)
+          end
+
+          context 'when current_user is an administrator', :enable_admin_mode do
+            let_it_be(:current_user) { create(:admin) }
+
+            it_behaves_like 'rotating token denied', :method_not_allowed
+          end
+
+          context 'when current_user is not an administrator' do
+            let_it_be(:current_user) { create(:user) }
+
+            it_behaves_like 'rotating token denied', :method_not_allowed
+          end
+        end
+
+        context 'when token is invalid' do
+          let(:token) { instance_double(PersonalAccessToken, token: 'invalidtoken') }
+
+          it_behaves_like 'rotating token denied', :unauthorized
+        end
+
+        context 'with a revoked token' do
+          let(:token) { create(:personal_access_token, :revoked, user: current_user) }
+
+          it_behaves_like 'rotating token denied', :unauthorized
+        end
+
+        context 'with an expired token' do
+          let(:token) { create(:personal_access_token, expires_at: 1.day.ago, user: current_user) }
+
+          it_behaves_like 'rotating token denied', :unauthorized
+        end
+
+        context 'with a rotated token' do
+          let(:token) { create(:personal_access_token, :revoked, user: current_user) }
+          let!(:child_token) { create(:personal_access_token, previous_personal_access_token_id: token.id) }
+
+          it_behaves_like 'rotating token denied', :unauthorized
+
+          it 'revokes token family' do
+            rotate_token
+
+            expect(child_token.reload).to be_revoked
+          end
+        end
+
+        context 'with an OAuth token' do
+          subject(:rotate_token) { post(api(path, oauth_access_token: token), params: params) }
+
+          context 'with default scope' do
+            let(:token) { create(:oauth_access_token) }
+
+            it_behaves_like 'rotating token denied', :forbidden
+          end
+
+          context 'with api or self_rotate scope' do
+            let(:token) do
+              create(:oauth_access_token, scopes: [Gitlab::Auth::API_SCOPE, Gitlab::Auth::ROTATE_SELF_SCOPE])
+            end
+
+            it_behaves_like 'rotating token denied', :method_not_allowed
+          end
+        end
+
+        context 'with a deploy token' do
+          let(:token) { create(:deploy_token) }
+          let(:headers) { { Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => token.token } }
+
+          subject(:rotate_token) { post(api(path), params: params, headers: headers) }
+
+          it_behaves_like 'rotating token denied', :unauthorized
+        end
+
+        context 'with a job token' do
+          let(:job) { create(:ci_build, :running, user: current_user) }
+
+          subject(:rotate_token) { post(api(path, job_token: job.token), params: params) }
+
+          it_behaves_like 'rotating token denied', :unauthorized
+        end
+      end
+
+      context "when token is a valid #{source_type} token" do
+        it_behaves_like 'rotating token succeeds'
+
+        context 'when expiry is defined' do
+          let(:expiry_date) { Date.today + 1.month }
+          let(:params) { { expires_at: expiry_date } }
+
+          it_behaves_like 'rotating token succeeds'
+        end
+
+        Gitlab::Auth.resource_bot_scopes.each do |scope|
+          context "with a '#{scope}' scoped token" do
+            let(:token) { create(:personal_access_token, scopes: [scope], user: current_user) }
+
+            if [Gitlab::Auth::API_SCOPE, Gitlab::Auth::ROTATE_SELF_SCOPE].include? scope
+              it_behaves_like 'rotating token succeeds'
+            else
+              it_behaves_like 'rotating token denied', :forbidden
+            end
+          end
+
+          context "with '#{scope}' and 'self_rotate' scoped token" do
+            let(:token) do
+              create(:personal_access_token, scopes: [scope, Gitlab::Auth::ROTATE_SELF_SCOPE], user: current_user)
+            end
+
+            it_behaves_like 'rotating token succeeds'
+          end
+        end
+      end
+
+      context "when token does not belong to the resource" do
+        Gitlab::VisibilityLevel.string_values.each do |visibility|
+          context "when resource visibility is '#{visibility}'" do
+            let_it_be(:resource) { create(source_type, visibility) }
+
+            let(:token) { create(:personal_access_token, user: other_user) }
+
+            if Gitlab::VisibilityLevel.level_value(visibility) != Gitlab::VisibilityLevel::PRIVATE
+              it_behaves_like 'rotating token denied', :unauthorized
+            else
+              it_behaves_like 'rotating token denied', :not_found
+            end
+          end
+        end
+      end
+    end
+  end
+
+  context 'when the resource is a project' do
+    let_it_be(:resource) { create(:project) }
+
+    before_all { resource.add_guest(current_user) }
+
+    it_behaves_like 'rotating resource access token', 'project'
+  end
+
+  context 'when the resource is a group' do
+    let_it_be(:resource) { create(:group) }
+
+    before_all { resource.add_guest(current_user) }
+
+    it_behaves_like 'rotating resource access token', 'group'
+  end
+end
-- 
GitLab


From 8c224902b4348e93223f0b96ec590bd218466d4d Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Sat, 17 Feb 2024 20:31:16 +0100
Subject: [PATCH 13/14] Add token self rotate API for projects and groups

---
 lib/api/api.rb                                |  1 +
 .../resource_access_tokens/self_rotation.rb   | 55 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 lib/api/resource_access_tokens/self_rotation.rb

diff --git a/lib/api/api.rb b/lib/api/api.rb
index aed3a2befd7c72..e15eaf166c2c74 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -332,6 +332,7 @@ def initialize(location_url)
         mount ::API::Release::Links
         mount ::API::RemoteMirrors
         mount ::API::Repositories
+        mount ::API::ResourceAccessTokens::SelfRotation
         mount ::API::ResourceAccessTokens
         mount ::API::ResourceMilestoneEvents
         mount ::API::RpmProjectPackages
diff --git a/lib/api/resource_access_tokens/self_rotation.rb b/lib/api/resource_access_tokens/self_rotation.rb
new file mode 100644
index 00000000000000..a2ec067bd1e9e8
--- /dev/null
+++ b/lib/api/resource_access_tokens/self_rotation.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module API
+  class ResourceAccessTokens
+    class SelfRotation < ::API::Base
+      include APIGuard
+
+      feature_category :system_access
+
+      helpers ::API::Helpers::PersonalAccessTokensHelpers
+      helpers ::API::ResourceAccessTokens.helpers
+
+      allow_access_with_scope :api
+      allow_access_with_scope :self_rotate
+
+      before { authenticate! }
+
+      %w[project group].each do |source_type|
+        resource source_type.pluralize, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
+          desc 'Rotate a resource access token' do
+            detail 'Rotates a resource access token by passing it to the API in a header'
+            success code: 200, model: Entities::ResourceAccessTokenWithToken
+            failure [
+              { code: 400, message: 'Bad Request' },
+              { code: 401, message: 'Unauthorized' },
+              { code: 403, message: 'Forbidden' },
+              { code: 405, message: 'Method not allowed' }
+            ]
+            tags %w[personal_access_tokens]
+          end
+          params do
+            requires :id, type: String, desc: "The #{source_type} ID"
+            optional :expires_at,
+              type: Date,
+              desc: "The expiration date of the token",
+              documentation: { example: '2021-01-31' }
+          end
+          post ':id/access_tokens/self/rotate' do
+            not_allowed! unless access_token.is_a? PersonalAccessToken
+            not_allowed! unless current_user.project_bot?
+
+            resource = find_source(source_type, params[:id])
+            token = find_token(resource, access_token.id)
+
+            unauthorized! unless token
+
+            new_token = rotate_token(token, declared_params)
+
+            present new_token, with: Entities::ResourceAccessTokenWithToken, resource: resource
+          end
+        end
+      end
+    end
+  end
+end
-- 
GitLab


From 55102faa8a0319dc31f32f9a4cc6dbfbda156152 Mon Sep 17 00:00:00 2001
From: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
Date: Sun, 18 Feb 2024 17:07:12 +0100
Subject: [PATCH 14/14] Add automatic reuse detection for group and project
 /self/rotate endpoint

---
 lib/gitlab/auth/auth_finders.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index be3dbb507e5839..beb13c7e981114 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -480,8 +480,7 @@ def revoke_token_family(token)
       end
 
       def access_token_rotation_request?
-        current_request.path.match(%r{access_tokens/\d+/rotate$}) ||
-          current_request.path.match(%r{/personal_access_tokens/self/rotate$})
+        current_request.path.match(%r{access_tokens/(\d+|self)/rotate$})
       end
 
       # To prevent Rack Attack from incorrectly rate limiting
-- 
GitLab