Add latest changes from gitlab-org/gitlab@master

17 files changed, 164 insertions, 93 deletions

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index 75abad54255..53b59d09df9 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -152,11 +152,6 @@ Rails/NegateInclude:
 Rails/RakeEnvironment:
   Enabled: false
 
-# Offense count: 62
-# Cop supports --auto-correct.
-Rails/RedundantForeignKey:
-  Enabled: false
-
 # Offense count: 278
 # Cop supports --auto-correct.
 Rails/SquishedSQLHeredocs:
diff --git a/.rubocop_todo/rails/redundant_foreign_key.yml b/.rubocop_todo/rails/redundant_foreign_key.yml
new file mode 100644
index 00000000000..6b2300ba792
--- /dev/null
+++ b/.rubocop_todo/rails/redundant_foreign_key.yml
@@ -0,0 +1,66 @@
+---
+# Cop supports --auto-correct.
+Rails/RedundantForeignKey:
+  # Offense count: 90
+  # Temporarily disabled due to too many offenses
+  Enabled: false
+  Exclude:
+    - 'app/models/alert_management/metric_image.rb'
+    - 'app/models/ci/build.rb'
+    - 'app/models/ci/build_need.rb'
+    - 'app/models/ci/build_pending_state.rb'
+    - 'app/models/ci/build_trace_chunk.rb'
+    - 'app/models/ci/daily_build_group_report_result.rb'
+    - 'app/models/ci/job_artifact.rb'
+    - 'app/models/ci/job_variable.rb'
+    - 'app/models/ci/pipeline.rb'
+    - 'app/models/ci/sources/pipeline.rb'
+    - 'app/models/ci/stage.rb'
+    - 'app/models/ci/unit_test_failure.rb'
+    - 'app/models/clusters/applications/runner.rb'
+    - 'app/models/clusters/concerns/application_core.rb'
+    - 'app/models/clusters/integrations/elastic_stack.rb'
+    - 'app/models/clusters/integrations/prometheus.rb'
+    - 'app/models/commit_signatures/x509_commit_signature.rb'
+    - 'app/models/concerns/analytics/cycle_analytics/stage.rb'
+    - 'app/models/concerns/commit_signature.rb'
+    - 'app/models/group.rb'
+    - 'app/models/group_group_link.rb'
+    - 'app/models/integrations/zentao_tracker_data.rb'
+    - 'app/models/member.rb'
+    - 'app/models/merge_request.rb'
+    - 'app/models/merge_request/metrics.rb'
+    - 'app/models/namespace.rb'
+    - 'app/models/namespaces/project_namespace.rb'
+    - 'app/models/packages/debian/publication.rb'
+    - 'app/models/project.rb'
+    - 'app/models/resource_state_event.rb'
+    - 'app/models/review.rb'
+    - 'app/models/user.rb'
+    - 'app/models/x509_certificate.rb'
+    - 'ee/app/models/allowed_email_domain.rb'
+    - 'ee/app/models/boards/epic_board.rb'
+    - 'ee/app/models/boards/epic_list_user_preference.rb'
+    - 'ee/app/models/ci/sources/project.rb'
+    - 'ee/app/models/concerns/incident_management/base_pending_escalation.rb'
+    - 'ee/app/models/deployments/approval.rb'
+    - 'ee/app/models/ee/iteration.rb'
+    - 'ee/app/models/ee/service_desk_setting.rb'
+    - 'ee/app/models/geo/event_log.rb'
+    - 'ee/app/models/incident_management/escalation_rule.rb'
+    - 'ee/app/models/incident_management/oncall_participant.rb'
+    - 'ee/app/models/incident_management/oncall_shift.rb'
+    - 'ee/app/models/incident_management/pending_escalations/alert.rb'
+    - 'ee/app/models/incident_management/pending_escalations/issue.rb'
+    - 'ee/app/models/incident_management/timeline_event.rb'
+    - 'ee/app/models/issuable_metric_image.rb'
+    - 'ee/app/models/security/orchestration_policy_configuration.rb'
+    - 'ee/app/models/security/orchestration_policy_rule_schedule.rb'
+    - 'ee/app/models/vulnerabilities/feedback.rb'
+    - 'ee/app/models/vulnerabilities/finding.rb'
+    - 'ee/app/models/vulnerabilities/finding_signature.rb'
+    - 'ee/app/models/vulnerabilities/identifier.rb'
+    - 'ee/lib/ee/gitlab/background_migration/populate_uuids_for_security_findings.rb'
+    - 'ee/lib/ee/gitlab/background_migration/recalculate_vulnerability_finding_signatures_for_findings.rb'
+    - 'lib/gitlab/background_migration/drop_invalid_vulnerabilities.rb'
+    - 'lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid.rb'
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index a080b009f04..f56dc2e2ba9 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-19ca087328db313caab60c700b3617352421f99a
+6aeaf165b7624e55e418cf29f634076658cb28bc
diff --git a/data/removals/15_0/15-0-geo-remove-promote-to-primary-node.yml b/data/removals/15_0/15-0-geo-remove-promote-to-primary-node.yml
new file mode 100644
index 00000000000..becc7b26b9a
--- /dev/null
+++ b/data/removals/15_0/15-0-geo-remove-promote-to-primary-node.yml
@@ -0,0 +1,13 @@
+- name: "Remove `promote-to-primary-node` command from `gitlab-ctl`"
+  announcement_milestone: "14.5"
+  announcement_date: "2021-11-22"
+  removal_milestone: "15.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: sranasinghe
+  stage: enablement
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/345207
+  body: |
+    In GitLab 14.5, we introduced the command `gitlab-ctl promote` to promote any Geo secondary node to a primary during a failover. This command replaces `gitlab-ctl promote-to-primary-node` which was only usable for single-node Geo sites. `gitlab-ctl promote-to-primary-node` has been removed in GitLab 15.0.
+  tiers: [Premium, Ultimate]
+  documentation_url: https://docs.gitlab.com/ee/administration/geo/disaster_recovery/planned_failover.html
diff --git a/data/removals/15_0/15-0-remove-background-upload-object-storage.yml b/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
new file mode 100644
index 00000000000..7d077175b29
--- /dev/null
+++ b/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
@@ -0,0 +1,20 @@
+- name: "Background upload for object storage"
+  announcement_milestone: "14.9"
+  announcement_date: "2022-03-22"
+  removal_milestone: "15.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: fzimmer
+  body: |  # Do not modify this line, instead modify the lines below.
+    To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` has been removed in GitLab 15.0.
+
+    This impacts a small subset of object storage providers, including but not limited to:
+
+    - **OpenStack** Customers using OpenStack need to change their configuration to use the S3 API instead of Swift.
+    - **RackSpace** Customers using RackSpace-based object storage need to migrate data to a different provider.
+
+    If your object storage provider does not support `background_upload`, please [migrate objects to a supported object storage provider](https://docs.gitlab.com/ee/administration/object_storage.html#migrate-objects-to-a-different-object-storage-provider).
+  stage: Enablement
+  tiers: [Core, Premium, Ultimate]
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/26600
+  documentation_url: https://docs.gitlab.com/ee/administration/object_storage.html
diff --git a/doc/api/features.md b/doc/api/features.md
index c3800933920..346f4879358 100644
--- a/doc/api/features.md
+++ b/doc/api/features.md
@@ -129,7 +129,7 @@ POST /features/:name
 | `feature_group` | string | no | A Feature group name |
 | `user` | string | no | A GitLab username |
 | `group` | string | no | A GitLab group's path, for example `gitlab-org` |
-| `namespace` | string | no | A GitLab group or user namespace's path, for example `gitlab-org` or username path |
+| `namespace` | string | no | A GitLab group or user namespace's path, for example `gitlab-org` or username path. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353117) in GitLab 15.0. |
 | `project` | string | no | A projects path, for example `gitlab-org/gitlab-foss` |
 | `force` | boolean | no | Skip feature flag validation checks, such as a YAML definition |
 
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 510f95ef27e..a52e82ee277 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -15341,6 +15341,7 @@ Returns [`[SecurityTrainingUrl!]`](#securitytrainingurl).
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="projectsecuritytrainingurlsidentifierexternalids"></a>`identifierExternalIds` | [`[String!]!`](#string) | List of external IDs of vulnerability identifiers. |
+| <a id="projectsecuritytrainingurlslanguage"></a>`language` | [`String`](#string) | Desired language for training urls. |
 
 ##### `Project.sentryDetailedError`
 
diff --git a/doc/api/merge_request_approvals.md b/doc/api/merge_request_approvals.md
index 721e4db3314..37a926366df 100644
--- a/doc/api/merge_request_approvals.md
+++ b/doc/api/merge_request_approvals.md
@@ -277,12 +277,7 @@ GET /projects/:id/approval_rules/:approval_rule_id
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
 > - Moved to GitLab Premium in 13.9.
-
-WARNING:
-The Vulnerability-Check feature, including the Vulnerability-Check attributes listed here, is in its
-end-of-life process. It is [deprecated](../update/deprecations.md#vulnerability-check)
-in GitLab 14.8, and is planned for removal in GitLab 15.0. Users should migrate to the new
-[Security Approval Policies](../user/application_security/policies/#scan-result-policy-editor).
+> - [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/357300) the Vulnerability-Check feature in GitLab 15.0.
 
 You can create project approval rules using the following endpoint:
 
@@ -301,11 +296,7 @@ POST /projects/:id/approval_rules
 | `user_ids`             | Array   | no       | The ids of users as approvers                                    |
 | `group_ids`            | Array   | no       | The ids of groups as approvers                                   |
 | `protected_branch_ids` | Array   | no       | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). |
-| `report_type` | string   | no       | The report type required when the rule type is `report_approver`. The supported report types are: `vulnerability`, `license_scanning`, `code_coverage`. The `vulnerability` report type is part of the Vulnerability-Check feature, which deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
-| `scanners` | Array   | no       | The security scanners the Vulnerability-Check approval rule considers. The supported scanners are: `sast`, `secret_detection`, `dependency_scanning`, `container_scanning`, `dast`, `coverage_fuzzing`, `api_fuzzing`. Defaults to all supported scanners. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
-| `severity_levels` | Array   | no       | The severity levels the Vulnerability-Check approval rule considers. The supported severity levels are: `info`, `unknown`, `low`, `medium`, `high`, `critical`. Defaults to `unknown`, `high`, and `critical`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
-| `vulnerabilities_allowed` | integer   | no       | The number of vulnerabilities allowed for the Vulnerability-Check approval rule. Defaults to `0`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
-| `vulnerability_states` | Array   | no       | The vulnerability states the Vulnerability-Check approval rule considers. The supported vulnerability states are: `newly_detected` (default), `detected`, `confirmed`, `resolved`, `dismissed`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
+| `report_type` | string   | no       | The report type required when the rule type is `report_approver`. The supported report types are: `license_scanning` and `code_coverage`.|
 
 ```json
 {
@@ -409,12 +400,7 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
 > - Moved to GitLab Premium in 13.9.
-
-WARNING:
-The Vulnerability-Check feature, including the Vulnerability-Check attributes listed here, is in its
-end-of-life process. It is [deprecated](../update/deprecations.md#vulnerability-check)
-in GitLab 14.8, and is planned for removal in GitLab 15.0. Users should migrate to the new
-[Security Approval Policies](../user/application_security/policies/#scan-result-policy-editor).
+> - [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/357300) the Vulnerability-Check feature in GitLab 15.0.
 
 You can update project approval rules using the following endpoint:
 
@@ -435,10 +421,6 @@ PUT /projects/:id/approval_rules/:approval_rule_id
 | `user_ids`             | Array   | no       | The ids of users as approvers                                    |
 | `group_ids`            | Array   | no       | The ids of groups as approvers                                   |
 | `protected_branch_ids` | Array   | no       | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). |
-| `scanners` | Array   | no       | The security scanners the Vulnerability-Check approval rule considers. The supported scanners are: `sast`, `secret_detection`, `dependency_scanning`, `container_scanning`, `dast`, `coverage_fuzzing`, `api_fuzzing`. Defaults to all supported scanners. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
-| `severity_levels` | Array   | no       | The severity levels the Vulnerability-Check approval rule considers. The supported severity levels are: `info`, `unknown`, `low`, `medium`, `high`, `critical`. Defaults to `unknown`, `high`, and `critical`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
-| `vulnerabilities_allowed` | integer   | no       | The number of vulnerabilities allowed for the Vulnerability-Check approval rule. Defaults to `0`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
-| `vulnerability_states` | Array   | no       | The vulnerability states the Vulnerability-Check approval rule considers. The supported vulnerability states are: `newly_detected` (default), `detected`, `confirmed`, `resolved`, `dismissed`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
 
 ```json
 {
diff --git a/doc/ci/caching/index.md b/doc/ci/caching/index.md
index 2b41694bebb..219ca7a1e91 100644
--- a/doc/ci/caching/index.md
+++ b/doc/ci/caching/index.md
@@ -2,12 +2,11 @@
 stage: Verify
 group: Pipeline Authoring
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
-type: index, concepts, howto
 ---
 
 # Caching in GitLab CI/CD **(FREE)**
 
-A cache is one or more files that a job downloads and saves. Subsequent jobs that use
+A cache is one or more files a job downloads and saves. Subsequent jobs that use
 the same cache don't have to download the files again, so they execute more quickly.
 
 To learn how to define the cache in your `.gitlab-ci.yml` file,
@@ -550,12 +549,10 @@ The next time the pipeline runs, the cache is stored in a different location.
 
 ### Clear the cache manually
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/41249) in GitLab 10.4.
-
 You can clear the cache in the GitLab UI:
 
 1. On the top bar, select **Menu > Projects** and find your project.
-1. On the left sidebar, select **CI/CD > Pipelines** page.
+1. On the left sidebar, select **CI/CD > Pipelines**.
 1. In the top right, select **Clear runner caches**.
 
 On the next commit, your CI/CD jobs use a new cache.
@@ -574,7 +571,7 @@ If you have a cache mismatch, follow these steps to troubleshoot.
 | You use multiple standalone runners (not in autoscale mode) attached to one project without a shared cache. | Use only one runner for your project or use multiple runners with distributed cache enabled. |
 | You use runners in autoscale mode without a distributed cache enabled. | Configure the autoscale runner to use a distributed cache. |
 | The machine the runner is installed on is low on disk space or, if you've set up distributed cache, the S3 bucket where the cache is stored doesn't have enough space. | Make sure you clear some space to allow new caches to be stored. There's no automatic way to do this. |
-| You use the same `key` for jobs where they cache different paths. | Use different cache keys to that the cache archive is stored to a different location and doesn't overwrite wrong caches. |
+| You use the same `key` for jobs where they cache different paths. | Use different cache keys so that the cache archive is stored to a different location and doesn't overwrite wrong caches. |
 
 #### Cache mismatch example 1
 
diff --git a/doc/development/documentation/testing.md b/doc/development/documentation/testing.md
index 5de054d9c50..485d2225e6d 100644
--- a/doc/development/documentation/testing.md
+++ b/doc/development/documentation/testing.md
@@ -23,6 +23,10 @@ in the relevant projects:
 - <https://gitlab.com/gitlab-org/gitlab-runner/-/blob/main/.gitlab/ci/docs.gitlab-ci.yml>
 - <https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/master/gitlab-ci-config/gitlab-com.yml>
 - <https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/.gitlab-ci.yml>
+- <https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/blob/master/.gitlab-ci.yml>
+
+We also run some documentation tests in the GitLab Development Kit project:
+<https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/.gitlab/ci/test.gitlab-ci.yml>.
 
 ## Run tests locally
 
@@ -169,6 +173,7 @@ To update the linting images:
    - <https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/master/gitlab-ci-config/gitlab-com.yml> ([Example MR](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6037))
    - <https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/.gitlab-ci.yml> ([Example MR](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2511))
    - <https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/blob/master/.gitlab-ci.yml> ([Example MR](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/merge_requests/462))
+   - <https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/.gitlab/ci/test.gitlab-ci.yml> ([Example MR](https://gitlab.com/gitlab-org/gitlab-development-kit/-/merge_requests/2417))
 1. In each merge request, check the relevant job output to confirm the updated image was
    used for the test. ([Example job output](https://gitlab.com/gitlab-org/charts/gitlab/-/jobs/2335470260#L24))
 1. Assign the merge requests to any technical writer to review and merge.
@@ -202,6 +207,7 @@ markdownlint configuration is found in the following projects:
 - [`omnibus-gitlab`](https://gitlab.com/gitlab-org/omnibus-gitlab)
 - [`charts`](https://gitlab.com/gitlab-org/charts/gitlab)
 - [`gitlab-development-kit`](https://gitlab.com/gitlab-org/gitlab-development-kit)
+- [`gitlab-operator`](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator)
 
 This configuration is also used in build pipelines.
 
diff --git a/doc/development/event_store.md b/doc/development/event_store.md
index 967272dcf2e..afd5640271e 100644
--- a/doc/development/event_store.md
+++ b/doc/development/event_store.md
@@ -313,17 +313,17 @@ we have added helpers and shared examples to standardize the way we test subscri
 
 ```ruby
 RSpec.describe MergeRequests::UpdateHeadPipelineWorker do
-  let(:event) { Ci::PipelineCreatedEvent.new(data: ({ pipeline_id: pipeline.id })) }
+  let(:pipeline_created_event) { Ci::PipelineCreatedEvent.new(data: ({ pipeline_id: pipeline.id })) }
 
   # This shared example ensures that an event is published and correctly processed by
   # the current subscriber (`described_class`).
-  it_behaves_like 'consumes the published event' do
-    let(:event) { event }
+  it_behaves_like 'subscribes to event' do
+    let(:event) { pipeline_created_event }
   end
   
   it 'does something' do
     # This helper directly executes `perform` ensuring that `handle_event` is called correctly.
-    consume_event(subscriber: described_class, event: event)
+    consume_event(subscriber: described_class, event: pipeline_created_event)
 
     # run expectations
   end
diff --git a/doc/update/removals.md b/doc/update/removals.md
index 8dbfd363c6f..4ca93a671e7 100644
--- a/doc/update/removals.md
+++ b/doc/update/removals.md
@@ -30,6 +30,23 @@ For removal reviewers (Technical Writers only):
 
 ## 15.0
 
+### Background upload for object storage
+
+WARNING:
+This feature was changed or removed in 15.0
+as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
+Before updating GitLab, review the details carefully to determine if you need to make any
+changes to your code, settings, or workflow.
+
+To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` has been removed in GitLab 15.0.
+
+This impacts a small subset of object storage providers, including but not limited to:
+
+- **OpenStack** Customers using OpenStack need to change their configuration to use the S3 API instead of Swift.
+- **RackSpace** Customers using RackSpace-based object storage need to migrate data to a different provider.
+
+If your object storage provider does not support `background_upload`, please [migrate objects to a supported object storage provider](https://docs.gitlab.com/ee/administration/object_storage.html#migrate-objects-to-a-different-object-storage-provider).
+
 ### Container Network and Host Security
 
 WARNING:
@@ -107,6 +124,16 @@ As part of the work to create a [Package Registry GraphQL API](https://gitlab.co
 
 In GitLab 15.0, we will completely remove `Version` from `PackageType`.
 
+### Remove `promote-to-primary-node` command from `gitlab-ctl`
+
+WARNING:
+This feature was changed or removed in 15.0
+as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
+Before updating GitLab, review the details carefully to determine if you need to make any
+changes to your code, settings, or workflow.
+
+In GitLab 14.5, we introduced the command `gitlab-ctl promote` to promote any Geo secondary node to a primary during a failover. This command replaces `gitlab-ctl promote-to-primary-node` which was only usable for single-node Geo sites. `gitlab-ctl promote-to-primary-node` has been removed in GitLab 15.0.
+
 ### Remove dependency_proxy_for_private_groups feature flag
 
 WARNING:
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index 3de43ed40ea..f5f438dd1ad 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -201,56 +201,24 @@ By default, the vulnerability report does not show vulnerabilities of `dismissed
 
 ## Security approvals in merge requests
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in GitLab 12.2.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in GitLab 12.2.
+> - [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/357300) the Vulnerability-Check feature in GitLab 15.0.
 
 You can enforce an additional approval for merge requests that would introduce one of the following
 security issues:
 
-- A security vulnerability. For more details, read
-  [Vulnerability-Check rule](#vulnerability-check-rule).
+- A security vulnerability. For more details, read [Scan result policies](policies/scan-result-policies.md).
 - A software license compliance violation. For more details, read
   [Enabling license approvals within a project](../compliance/license_compliance/index.md#enabling-license-approvals-within-a-project).
 
-### Vulnerability-Check rule
+### Migration of existing Vulnerability-Check rules
 
-WARNING:
-This feature is in its end-of-life process. It is [deprecated](../../update/deprecations.md#vulnerability-check)
-in GitLab 14.8, and is planned for removal in GitLab 15.0. Users should migrate to the new
-[Security Approval Policies](policies/scan-result-policies.md).
+If your projects have rules that have a security orchestration project, a new MR with 
+the existing rule's content is created automatically against the default branch belonging
+to the security orchestration project. To maintain the same security approval rules you 
+had before GitLab 15.0, we recommend merging this new MR.
 
-To prevent a merge request introducing a security vulnerability in a project, enable the
-Vulnerability-Check rule. While this rule is enabled, additional merge request approval by
-[eligible approvers](../project/merge_requests/approvals/rules.md#eligible-approvers)
-is required when the latest security report in a merge request:
-
-- Contains vulnerabilities with states (for example, `previously detected`, `dismissed`) matching the rule's vulnerability states. Only `newly detected` are considered if the target branch differs from the project default branch.
-- Contains vulnerabilities with severity levels (for example, `high`, `critical`, or `unknown`)
-  matching the rule's severity levels.
-- Contains a vulnerability count higher than the rule allows.
-- Is not yet generated (until pipeline completion).
-
-An approval is optional when the security report:
-
-- Contains only vulnerabilities with states (for example, `newly detected`, `resolved`) **NOT** matching the rule's vulnerability states.
-- Contains only vulnerabilities with severity levels (for example, `low`, `medium`) **NOT** matching
-  the rule's severity levels.
-- Contains a vulnerability count equal to or less than what the rule allows.
-
-Project members with at least the Maintainer role can enable or edit
-the Vulnerability-Check rule.
-
-#### Enable the Vulnerability-Check rule
-
-To enable or edit the Vulnerability-Check rule:
-
-1. On the top bar, select **Menu > Projects** and find your project.
-1. On the left sidebar, select **Settings > General**.
-1. Expand **Merge request approvals**.
-1. Select **Activate** or **Edit** of the Vulnerability-Check.
-1. Complete the fields. **Approvals required** must be at least 1.
-1. Select **Add approval rule**.
-
-The approval rule is enabled for all merge requests. Any code changes reset the approvals required.
+If your projects have rules without a security orchestration project, a new security orchestration project is created automatically with the content of the existing rule. No additional action is required.
 
 ## Using private Maven repositories
 
@@ -691,3 +659,6 @@ These security pages can be populated by running the jobs from the manual step o
 There is [an issue open to handle this scenario](https://gitlab.com/gitlab-org/gitlab/-/issues/346843).
 Please upvote the issue to help with prioritization, and
 [contributions are welcomed](https://about.gitlab.com/community/contribute/).
+  doc/user/project/merge_requests/approvals/settings.md 
++
+0
diff --git a/doc/user/project/merge_requests/approvals/settings.md b/doc/user/project/merge_requests/approvals/settings.md
index 0ede9310393..b2d3fb788cc 100644
--- a/doc/user/project/merge_requests/approvals/settings.md
+++ b/doc/user/project/merge_requests/approvals/settings.md
@@ -122,13 +122,6 @@ when more changes are added to it:
 Approvals aren't reset when a merge request is [rebased from the UI](../fast_forward_merge.md)
 However, approvals are reset if the target branch is changed.
 
-## Security approvals in merge requests **(ULTIMATE)**
-
-You can require that a member of your security team approves a merge request if a
-merge request could introduce a vulnerability.
-
-To learn more, see [Security approvals in merge requests](../../../application_security/index.md#security-approvals-in-merge-requests).
-
 ## Code coverage check approvals
 
 You can require specific approvals if a merge request would result in a decline in code test
diff --git a/doc/user/project/web_ide/img/command_palette_v13_6.png b/doc/user/project/web_ide/img/command_palette_v13_6.png
deleted file mode 100644
index 54580a79ebd..00000000000
--- a/doc/user/project/web_ide/img/command_palette_v13_6.png
+++ /dev/null
diff --git a/doc/user/project/web_ide/index.md b/doc/user/project/web_ide/index.md
index 8f9486633d5..96d01c7c2be 100644
--- a/doc/user/project/web_ide/index.md
+++ b/doc/user/project/web_ide/index.md
@@ -52,7 +52,8 @@ Some commands have a keyboard shortcut assigned to them. The command palette
 displays this shortcut next to each command. You can use this shortcut to invoke
 the command without having to select it in the command palette.
 
-![Command palette](img/command_palette_v13_6.png)
+For a full list of keyboard shortcuts in the Web IDE, refer to the
+[Keyboard shortcuts](../../shortcuts.md#web-ide) list.
 
 ## Syntax highlighting
 
diff --git a/doc/user/project/wiki/group.md b/doc/user/project/wiki/group.md
index f0bf97d404a..b4f3e741f89 100644
--- a/doc/user/project/wiki/group.md
+++ b/doc/user/project/wiki/group.md
@@ -1,8 +1,7 @@
 ---
 stage: Create
 group: Editor
-info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
-type: reference, how-to
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
 # Group wikis **(PREMIUM)**
@@ -76,11 +75,11 @@ To open group settings:
 1. Expand **Permissions and group features**.
 ```
 
-In the wiki section you may select one from the following options:
+In the wiki section, select one of these options:
 
-- Enabled: everyone who can access the group can access the wiki.
-- Private: only group members can access the wiki.
-- Disabled: the wiki will be entirely disabled and it won't be accessible nor downloadable.
+- Enabled: Everyone who can access the group can access the wiki.
+- Private: Only group members can access the wiki.
+- Disabled: The wiki isn't accessible, and cannot be downloaded.
 
 ## Related topics