Add latest changes from gitlab-org/gitlab@13-2-stable-ee

36 files changed, 292 insertions, 82 deletions

diff --git a/app/assets/javascripts/design_management_new/pages/index.vue b/app/assets/javascripts/design_management_new/pages/index.vue
index 2a100fae280..700fa903a9c 100644
--- a/app/assets/javascripts/design_management_new/pages/index.vue
+++ b/app/assets/javascripts/design_management_new/pages/index.vue
@@ -246,28 +246,28 @@ export default {
         this.onUploadDesign([newFile]);
       }
     },
-    toggleOnPasteListener(route) {
-      if (route === DESIGNS_ROUTE_NAME) {
-        document.addEventListener('paste', this.onDesignPaste);
-      } else {
-        document.removeEventListener('paste', this.onDesignPaste);
-      }
+    toggleOnPasteListener() {
+      document.addEventListener('paste', this.onDesignPaste);
+    },
+    toggleOffPasteListener() {
+      document.removeEventListener('paste', this.onDesignPaste);
     },
   },
   beforeRouteUpdate(to, from, next) {
-    this.toggleOnPasteListener(to.name);
     this.selectedDesigns = [];
     next();
   },
-  beforeRouteLeave(to, from, next) {
-    this.toggleOnPasteListener(to.name);
-    next();
-  },
 };
 </script>
 
 <template>
-  <div data-testid="designs-root" class="gl-mt-5">
+  <div
+    data-testid="designs-root"
+    class="gl-mt-5"
+    :class="{ 'designs-root': !isDesignListEmpty }"
+    @mouseenter="toggleOnPasteListener"
+    @mouseleave="toggleOffPasteListener"
+  >
     <header v-if="showToolbar" class="row-content-block border-top-0 p-2 d-flex">
       <div class="gl-display-flex gl-justify-content-space-between gl-align-items-center gl-w-full">
         <div>
diff --git a/app/assets/javascripts/diffs/store/actions.js b/app/assets/javascripts/diffs/store/actions.js
index d469ed8ee82..fcc4a8160f4 100644
--- a/app/assets/javascripts/diffs/store/actions.js
+++ b/app/assets/javascripts/diffs/store/actions.js
@@ -748,9 +748,11 @@ export const setCurrentDiffFileIdFromNote = ({ commit, rootGetters }, noteId) =>
 
   if (!note) return;
 
-  const fileHash = rootGetters.getDiscussion(note.discussion_id).diff_file.file_hash;
+  const fileHash = rootGetters.getDiscussion(note.discussion_id).diff_file?.file_hash;
 
-  commit(types.UPDATE_CURRENT_DIFF_FILE_ID, fileHash);
+  if (fileHash) {
+    commit(types.UPDATE_CURRENT_DIFF_FILE_ID, fileHash);
+  }
 };
 
 export const navigateToDiffFileIndex = ({ commit, state }, index) => {
diff --git a/app/assets/stylesheets/components/design_management/design_list_item.scss b/app/assets/stylesheets/components/design_management/design_list_item.scss
index b7f6b2026fe..3a6781b666e 100644
--- a/app/assets/stylesheets/components/design_management/design_list_item.scss
+++ b/app/assets/stylesheets/components/design_management/design_list_item.scss
@@ -1,3 +1,12 @@
+.designs-root {
+  border: 2px dashed transparent;
+  transition: border $gl-transition-duration-medium $general-hover-transition-curve;
+
+  &:hover {
+    border-color: $gray-100;
+  }
+}
+
 .design-list-item {
   height: 280px;
   text-decoration: none;
diff --git a/app/controllers/clusters/base_controller.rb b/app/controllers/clusters/base_controller.rb
index 6b83400971d..c79a0bb01bc 100644
--- a/app/controllers/clusters/base_controller.rb
+++ b/app/controllers/clusters/base_controller.rb
@@ -7,7 +7,7 @@ class Clusters::BaseController < ApplicationController
   before_action :authorize_read_cluster!
 
   before_action do
-    push_frontend_feature_flag(:managed_apps_local_tiller, clusterable)
+    push_frontend_feature_flag(:managed_apps_local_tiller, clusterable, default_enabled: true)
   end
 
   helper_method :clusterable
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index e65e5531b88..5d4514be838 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -84,7 +84,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
         @issuable_sidebar = serializer.represent(@merge_request, serializer: 'sidebar')
         @current_user_data = UserSerializer.new(project: @project).represent(current_user, {}, MergeRequestUserEntity).to_json
         @show_whitespace_default = current_user.nil? || current_user.show_whitespace_in_diffs
-        @file_by_file_default = Feature.enabled?(:view_diffs_file_by_file) && current_user&.view_diffs_file_by_file
+        @file_by_file_default = Feature.enabled?(:view_diffs_file_by_file, default_enabled: true) && current_user&.view_diffs_file_by_file
         @coverage_path = coverage_reports_project_merge_request_path(@project, @merge_request, format: :json) if @merge_request.has_coverage_reports?
         @endpoint_metadata_url = endpoint_metadata_url(@project, @merge_request)
 
diff --git a/app/models/concerns/approvable_base.rb b/app/models/concerns/approvable_base.rb
index 6323bd01c58..d07c4ec43ac 100644
--- a/app/models/concerns/approvable_base.rb
+++ b/app/models/concerns/approvable_base.rb
@@ -13,4 +13,8 @@ module ApprovableBase
 
     approved_by_users.include?(user)
   end
+
+  def can_be_approved_by?(user)
+    user && !approved_by?(user) && user.can?(:approve_merge_request, self)
+  end
 end
diff --git a/app/models/concerns/avatarable.rb b/app/models/concerns/avatarable.rb
index ac84ef94b1c..60de20c3b31 100644
--- a/app/models/concerns/avatarable.rb
+++ b/app/models/concerns/avatarable.rb
@@ -38,7 +38,7 @@ module Avatarable
 
   class_methods do
     def bot_avatar(image:)
-      Rails.root.join('app', 'assets', 'images', 'bot_avatars', image).open
+      Rails.root.join('lib', 'assets', 'images', 'bot_avatars', image).open
     end
   end
 
diff --git a/app/views/profiles/preferences/show.html.haml b/app/views/profiles/preferences/show.html.haml
index 659b3066603..bc1f2cb3072 100644
--- a/app/views/profiles/preferences/show.html.haml
+++ b/app/views/profiles/preferences/show.html.haml
@@ -70,7 +70,7 @@
       = f.check_box :show_whitespace_in_diffs, class: 'form-check-input'
       = f.label :show_whitespace_in_diffs, class: 'form-check-label' do
         = s_('Preferences|Show whitespace changes in diffs')
-    - if Feature.enabled?(:view_diffs_file_by_file)
+    - if Feature.enabled?(:view_diffs_file_by_file, default_enabled: true)
       .form-group.form-check
         = f.check_box :view_diffs_file_by_file, class: 'form-check-input'
         = f.label :view_diffs_file_by_file, class: 'form-check-label' do
diff --git a/app/views/projects/issues/_design_management.html.haml b/app/views/projects/issues/_design_management.html.haml
index 045f032e6e7..9d88d77eac9 100644
--- a/app/views/projects/issues/_design_management.html.haml
+++ b/app/views/projects/issues/_design_management.html.haml
@@ -1,3 +1,8 @@
+- requirements_link_url = help_page_path('user/project/issues/design_management', anchor: 'requirements')
+- requirements_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: requirements_link_url }
+- link_end = '</a>'.html_safe
+- enable_lfs_message = s_("DesignManagement|To upload designs, you'll need to enable LFS. %{requirements_link_start}More information%{requirements_link_end}").html_safe % { requirements_link_start: requirements_link_start, requirements_link_end: link_end }
+
 - if @project.design_management_enabled?
   - if Feature.enabled?(:design_management_moved, @project, default_enabled: true)
     .js-design-management-new{ data: { project_path: @project.full_path, issue_iid: @issue.iid, issue_path: project_issue_path(@project, @issue) } }
@@ -5,13 +10,8 @@
     .js-design-management{ data: { project_path: @project.full_path, issue_iid: @issue.iid, issue_path: project_issue_path(@project, @issue) } }
 - else
   - if Feature.enabled?(:design_management_moved, @project, default_enabled: true)
-    .row.empty-state.design-dropzone-border.gl-mt-5
-      .text-content.center.gl-font-weight-bold
-        - requirements_link_url = help_page_path('user/project/issues/design_management', anchor: 'requirements')
-        - requirements_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: requirements_link_url }
-        - support_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: support_url }
-        - link_end = '</a>'.html_safe
-        = s_("DesignManagement|To enable design management, you'll need to %{requirements_link_start}meet the requirements%{requirements_link_end}. If you need help, reach out to our %{support_link_start}support team%{support_link_end} for assistance.").html_safe % { requirements_link_start: requirements_link_start, requirements_link_end: link_end, support_link_start: support_link_start, support_link_end: link_end }
+    .gl-border-solid.gl-border-1.gl-border-gray-100.gl-rounded-base.gl-mt-5.gl-p-3.gl-text-center
+      = enable_lfs_message
   - else
     .mt-4
       .row.empty-state
@@ -20,8 +20,4 @@
             %h4.center
               = _('The one place for your designs')
             %p.center
-              - requirements_link_url = help_page_path('user/project/issues/design_management', anchor: 'requirements')
-              - requirements_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: requirements_link_url }
-              - support_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: support_url }
-              - link_end = '</a>'.html_safe
-              = s_("DesignManagement|To enable design management, you'll need to %{requirements_link_start}meet the requirements%{requirements_link_end}. If you need help, reach out to our %{support_link_start}support team%{support_link_end} for assistance.").html_safe % { requirements_link_start: requirements_link_start, requirements_link_end: link_end, support_link_start: support_link_start, support_link_end: link_end }
+              = enable_lfs_message
diff --git a/app/views/projects/pipelines/_with_tabs.html.haml b/app/views/projects/pipelines/_with_tabs.html.haml
index 590ae72a2ff..be947b42e25 100644
--- a/app/views/projects/pipelines/_with_tabs.html.haml
+++ b/app/views/projects/pipelines/_with_tabs.html.haml
@@ -1,5 +1,5 @@
 - test_reports_enabled = Feature.enabled?(:junit_pipeline_view, @project)
-- dag_pipeline_tab_enabled = Feature.enabled?(:dag_pipeline_tab, @project, default_enabled: false)
+- dag_pipeline_tab_enabled = Feature.enabled?(:dag_pipeline_tab, @project, default_enabled: true)
 
 .tabs-holder
   %ul.pipelines-tabs.nav-links.no-top.no-bottom.mobile-separator.nav.nav-tabs
diff --git a/changelogs/unreleased/229588-pasting-an-image-into-a-comment-also-uploads-design.yml b/changelogs/unreleased/229588-pasting-an-image-into-a-comment-also-uploads-design.yml
new file mode 100644
index 00000000000..279f0386f7f
--- /dev/null
+++ b/changelogs/unreleased/229588-pasting-an-image-into-a-comment-also-uploads-design.yml
@@ -0,0 +1,5 @@
+---
+title: Resolve Pasting an image into a comment also uploads design
+merge_request: 37171
+author:
+type: fixed
diff --git a/changelogs/unreleased/231251-error-500-in-service-desk-due-missing-asset.yml b/changelogs/unreleased/231251-error-500-in-service-desk-due-missing-asset.yml
new file mode 100644
index 00000000000..ab0dc71c00c
--- /dev/null
+++ b/changelogs/unreleased/231251-error-500-in-service-desk-due-missing-asset.yml
@@ -0,0 +1,5 @@
+---
+title: Fix missing path for avatars of bots
+merge_request: 37671
+author:
+type: fixed
diff --git a/changelogs/unreleased/design-management-shorter-lfs-msg.yml b/changelogs/unreleased/design-management-shorter-lfs-msg.yml
new file mode 100644
index 00000000000..8f052426a35
--- /dev/null
+++ b/changelogs/unreleased/design-management-shorter-lfs-msg.yml
@@ -0,0 +1,5 @@
+---
+title: Shorten 'enable LFS' manage for design management
+merge_request: 37385
+author:
+type: changed
diff --git a/changelogs/unreleased/fix-local-tiller-default-enabled.yml b/changelogs/unreleased/fix-local-tiller-default-enabled.yml
new file mode 100644
index 00000000000..d9753bc320c
--- /dev/null
+++ b/changelogs/unreleased/fix-local-tiller-default-enabled.yml
@@ -0,0 +1,5 @@
+---
+title: Fix local Tiller not being default-enabled on the frontend
+merge_request: 37494
+author:
+type: fixed
diff --git a/changelogs/unreleased/id-fix-approvals-for-ee-without-license.yml b/changelogs/unreleased/id-fix-approvals-for-ee-without-license.yml
new file mode 100644
index 00000000000..4d8d0158e65
--- /dev/null
+++ b/changelogs/unreleased/id-fix-approvals-for-ee-without-license.yml
@@ -0,0 +1,5 @@
+---
+title: Fix merge request approvals for EE without a license
+merge_request: 37246
+author:
+type: fixed
diff --git a/changelogs/unreleased/limit-db-deprecation-notice-window.yml b/changelogs/unreleased/limit-db-deprecation-notice-window.yml
new file mode 100644
index 00000000000..351e6fba3d9
--- /dev/null
+++ b/changelogs/unreleased/limit-db-deprecation-notice-window.yml
@@ -0,0 +1,5 @@
+---
+title: Limit database deprecation notice window
+merge_request: 37009
+author:
+type: changed
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
index ee75ffbb8e9..e8110e21766 100644
--- a/config/locales/devise.en.yml
+++ b/config/locales/devise.en.yml
@@ -53,7 +53,7 @@ en:
   errors:
     messages:
       already_confirmed: "was already confirmed, please try signing in"
-      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one below"
       expired: "has expired, please request a new one"
       not_found: "not found"
       not_locked: "was not locked"
diff --git a/db/migrate/20200715202659_add_index_on_package_files_file_store.rb b/db/migrate/20200715202659_add_index_on_package_files_file_store.rb
new file mode 100644
index 00000000000..92e8364d22c
--- /dev/null
+++ b/db/migrate/20200715202659_add_index_on_package_files_file_store.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddIndexOnPackageFilesFileStore < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :packages_package_files, :file_store
+  end
+
+  def down
+    remove_concurrent_index :packages_package_files, :file_store
+  end
+end
diff --git a/db/structure.sql b/db/structure.sql
index 4cf825da8c9..a1b294e843d 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -19852,6 +19852,8 @@ CREATE INDEX index_packages_maven_metadata_on_package_id_and_path ON public.pack
 
 CREATE INDEX index_packages_nuget_dl_metadata_on_dependency_link_id ON public.packages_nuget_dependency_link_metadata USING btree (dependency_link_id);
 
+CREATE INDEX index_packages_package_files_on_file_store ON public.packages_package_files USING btree (file_store);
+
 CREATE INDEX index_packages_package_files_on_package_id_and_file_name ON public.packages_package_files USING btree (package_id, file_name);
 
 CREATE INDEX index_packages_packages_on_name_trigram ON public.packages_packages USING gin (name public.gin_trgm_ops);
@@ -23862,6 +23864,7 @@ COPY "schema_migrations" (version) FROM STDIN;
 20200712235622
 20200713071042
 20200713152443
+20200715202659
 20200716044023
 20200716120419
 \.
diff --git a/doc/update/README.md b/doc/update/README.md
index 26e52229fd2..fa9fdee4ed4 100644
--- a/doc/update/README.md
+++ b/doc/update/README.md
@@ -227,6 +227,12 @@ GitLab installations that have multiple web nodes will need to be
 [upgraded to 13.1](#1310) before upgrading to 13.2 (and later) due to a
 breaking change in Rails that can result in authorization issues.
 
+GitLab 13.2.0 [remediates](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35492) an [email verification bypass](https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/).
+After upgrading, if some of your users are unexpectedly encountering 404 or 422 errors when signing in,
+or "blocked" messages when using the command line,
+their accounts may have been un-confirmed.
+In that case, please ask them to check their email for a re-confirmation link.
+
 ### 13.1.0
 
 In 13.1.0, you must upgrade to either:
diff --git a/doc/user/project/import/jira.md b/doc/user/project/import/jira.md
index 395cca4726d..482e632baa2 100644
--- a/doc/user/project/import/jira.md
+++ b/doc/user/project/import/jira.md
@@ -15,14 +15,26 @@ Jira issues import is an MVC, project-level feature, meaning that issues from mu
 Jira projects can be imported into a GitLab project. MVC version imports issue title and description
 as well as some other issue metadata as a section in the issue description.
 
-## Future iterations
+## Known limitations
 
-As of GitLab 12.10, the Jira issue importer only brings across the title and description of
-an issue.
+The information imported into GitLab fields from Jira depends on the version of GitLab:
 
-There is an [epic](https://gitlab.com/groups/gitlab-org/-/epics/2738) tracking the
-addition of items such as issue assignees, labels, comments, user mapping, and much more.
-These will be included in the future iterations of the GitLab Jira importer.
+- From GitLab 12.10 to GitLab 13.1, only the issue's title and description are imported
+  directly.
+- From GitLab 13.2:
+  - The issue's labels are also imported directly.
+  - You're also able to map Jira users to GitLab project members when preparing for the
+    import.
+
+Other Jira issue metadata that is not formally mapped to GitLab issue fields is
+imported into the GitLab issue's description as plain text.
+
+Our parser for converting text in Jira issues to GitLab Flavored Markdown is only compatible with
+Jira V3 REST API.
+
+There is an [epic](https://gitlab.com/groups/gitlab-org/-/epics/2738) tracking the addition of
+items, such as issue assignees, comments, and much more. These will be included in the future
+iterations of the GitLab Jira importer.
 
 ## Prerequisites
 
diff --git a/doc/user/project/merge_requests/merge_request_approvals.md b/doc/user/project/merge_requests/merge_request_approvals.md
index dd90449cd86..4e0e609e59e 100644
--- a/doc/user/project/merge_requests/merge_request_approvals.md
+++ b/doc/user/project/merge_requests/merge_request_approvals.md
@@ -2,14 +2,29 @@
 type: reference, concepts
 ---
 
-# Merge request approvals **(STARTER)**
+# Merge Request Approvals
+
+Code review is an essential practice of every successful project, and giving your
+approval once a merge request is in good shape is an important part of the review
+process, as it clearly communicates the ability to merge the change.
+
+## Optional Approvals **(CORE ONLY)**
+
+> Introduced in [GitLab Core 13.2](https://gitlab.com/gitlab-org/gitlab/-/issues/27426).
+
+Any user with Developer or greater [permissions](../../permissions.md) can approve a merge request in GitLab Core.
+This provides a consistent mechanism for reviewers to provide approval, and makes it easy for
+maintainers to know when a change is ready to merge. Approvals in Core are optional and do
+not prevent a merge request from being merged when there is no approval.
+
+## Required Approvals **(STARTER)**
 
 > Introduced in [GitLab Enterprise Edition 7.12](https://about.gitlab.com/releases/2015/06/22/gitlab-7-12-released/#merge-request-approvers-ee-only).
 
-Merge request approvals enable enforced code review by requiring specified people
+Required approvals enable enforced code review by requiring specified people
 to approve a merge request before it can be merged.
 
-Merge request approvals enable multiple use cases:
+Required approvals enable multiple use cases:
 
 - Enforcing review of all code that gets merged into a repository.
 - Specifying reviewers for a given proposed code change, as well as a minimum number
@@ -21,7 +36,16 @@ Merge request approvals enable multiple use cases:
 - [Requiring approval from a security team](#security-approvals-in-merge-requests-ultimate)
   before merging code that could introduce a vulnerability.**(ULTIMATE)**
 
-## Approval rules
+### Approval Rules
+
+Approval rules define how many approvals a merge request must receive before it can
+be merged, and optionally which users should do the approving. Approvals can be defined:
+
+- [As project defaults](#adding--editing-a-default-approval-rule).
+- [Per merge request](#editing--overriding-approval-rules-per-merge-request).
+
+If no approval rules are defined, any user can approve a merge request, though the default
+minimum number of required approvers can still be set in the [project settings for merge request approvals](#merge-request-approvals-project-settings).
 
 Approval rules define how many approvals a merge request must receive before it can
 be merged, and optionally which users should do the approving. Approvals can be defined:
@@ -32,7 +56,7 @@ be merged, and optionally which users should do the approving. Approvals can be
 If no approval rules are defined, any user can approve a merge request, though the default
 minimum number of required approvers can still be set in the [project settings for merge request approvals](#merge-request-approvals-project-settings).
 
-### Eligible approvers
+#### Eligible Approvers
 
 The following users can approve merge requests:
 
@@ -57,14 +81,14 @@ if [**Prevent author approval**](#allowing-merge-request-authors-to-approve-thei
 and [**Prevent committers approval**](#prevent-approval-of-merge-requests-by-their-committers) (disabled by default)
 are enabled on the project settings.
 
-#### Implicit approvers
+##### Implicit Approvers
 
 If the number of required approvals is greater than the number of assigned approvers,
 approvals from other users will count towards meeting the requirement. These would be
 users with developer [permissions](../../permissions.md) or higher in the project who
 were not explicitly listed in the approval rules.
 
-#### Code Owners as eligible approvers
+##### Code Owners as eligible approvers
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/7933) in [GitLab Starter](https://about.gitlab.com/pricing/) 11.5.
 
@@ -88,7 +112,7 @@ indistinguishably.
 Alternatively, you can **require**
 [Code Owner's approvals for Protected Branches](../protected_branches.md#protected-branches-approval-by-code-owners-premium). **(PREMIUM)**
 
-### Adding / editing a default approval rule
+#### Adding / editing a default approval rule
 
 To add or edit the default merge request approval rule:
 
@@ -113,7 +137,7 @@ If a merge request targets a different project, such as from a fork to the upstr
 the default approval rules will be taken from the target (upstream) project, not the
 source (fork).
 
-#### Editing / overriding approval rules per merge request
+##### Editing / overriding approval rules per merge request
 
 > Introduced in GitLab Enterprise Edition 9.4.
 
@@ -127,7 +151,7 @@ settings.
 When creating or editing a merge request, find the **Approval rules** section, then follow
 the same steps as [Adding / editing a default approval rule](#adding--editing-a-default-approval-rule).
 
-### Multiple approval rules **(PREMIUM)**
+#### Multiple approval rules **(PREMIUM)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1979) in [GitLab Premium](https://about.gitlab.com/pricing/) 11.10.
 
@@ -149,7 +173,7 @@ reduce the number of approvals left for all rules that the approver belongs to.
 
 ![Approvals premium merge request widget](img/approvals_premium_mr_widget_v12_7.png)
 
-### Scoped to Protected Branch **(PREMIUM)**
+#### Scoped to Protected Branch **(PREMIUM)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/460) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.8.
 
@@ -165,7 +189,7 @@ Alternatively, you can select a very specific protected branch from the **Target
 
 To enable this configuration, see [Code Owner’s approvals for protected branches](../protected_branches.md#protected-branches-approval-by-code-owners-premium).
 
-## Adding or removing an approval
+### Adding or removing an approval
 
 When an [eligible approver](#eligible-approvers) visits an open merge request,
 one of the following is possible:
@@ -194,12 +218,12 @@ else blocking it. Note that the merge request could still be blocked by other co
 such as merge conflicts, [pending discussions](../../discussions/index.md#only-allow-merge-requests-to-be-merged-if-all-threads-are-resolved),
 or a [failed CI/CD pipeline](merge_when_pipeline_succeeds.md).
 
-## Merge request approvals project settings
+### Merge request approvals project settings
 
 The project settings for Merge request approvals are found by going to
 **{settings}** **Settings > General** and expanding **Merge request approvals**.
 
-### Prevent overriding default approvals
+#### Prevent overriding default approvals
 
 By default, users are able to edit the approval rules in merge requests. If disabled,
 the approval rules for all new merge requests will be determined by the
@@ -208,7 +232,7 @@ the approval rules for all new merge requests will be determined by the
 1. Uncheck the **Can override approvers and approvals required per merge request** checkbox.
 1. Click **Save changes**.
 
-### Resetting approvals on push
+#### Resetting approvals on push
 
 You can force all approvals on a merge request to be removed when new commits are
 pushed to the source branch of the merge request. If disabled, approvals will persist
@@ -222,7 +246,7 @@ NOTE: **Note:**
 Approvals do not get reset when [rebasing a merge request](fast_forward_merge.md)
 from the UI. However, approvals will be reset if the target branch is changed.
 
-### Allowing merge request authors to approve their own merge requests
+#### Allowing merge request authors to approve their own merge requests
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3349) in [GitLab Starter](https://about.gitlab.com/pricing/) 11.3.
 
@@ -234,7 +258,7 @@ approve their merge request. To enable this feature:
    which is enabled by default.
 1. Click **Save changes**.
 
-### Prevent approval of merge requests by their committers
+#### Prevent approval of merge requests by their committers
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10441) in [GitLab Starter](https://about.gitlab.com/pricing/) 11.10.
 
@@ -244,7 +268,7 @@ enable this feature:
 1. Check the **Prevent approval of merge requests by their committers** checkbox.
 1. Click **Save changes**.
 
-### Require authentication when approving a merge request
+#### Require authentication when approving a merge request
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5981) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.0.
 
@@ -261,7 +285,7 @@ To enable this feature:
 1. Check the **Require user password to approve** checkbox.
 1. Click **Save changes**.
 
-## Security approvals in merge requests **(ULTIMATE)**
+### Security approvals in merge requests **(ULTIMATE)**
 
 Merge Request Approvals can be configured to require approval from a member
 of your security team when a vulnerability would be introduced by a merge request.
@@ -269,7 +293,7 @@ of your security team when a vulnerability would be introduced by a merge reques
 For more information, see
 [Security approvals in merge requests](../../application_security/index.md#security-approvals-in-merge-requests).
 
-## Enabling the new approvals interface
+### Enabling the new approvals interface
 
 Since [GitLab v12.0](https://gitlab.com/gitlab-org/gitlab/-/issues/10685), an updated approvals
 interface is available by default. In versions older than 12.0, the updated interface is not
diff --git a/doc/user/project/merge_requests/reviewing_and_managing_merge_requests.md b/doc/user/project/merge_requests/reviewing_and_managing_merge_requests.md
index 162ebdf157d..91ca48f85d5 100644
--- a/doc/user/project/merge_requests/reviewing_and_managing_merge_requests.md
+++ b/doc/user/project/merge_requests/reviewing_and_managing_merge_requests.md
@@ -67,9 +67,10 @@ list.
 ### File-by-file diff navigation
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/222790) in GitLab 13.2.
-> - It's deployed behind a feature flag, disabled by default.
+> - It's deployed behind a feature flag, enabled by default.
+> - It's recommended for production use.
 > - It's enabled on GitLab.com.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-file-by-file-diff-navigation-core-only).
+> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](#enable-or-disable-file-by-file-diff-navigation-core-only).
 
 For larger merge requests it might sometimes be useful to review single files at a time. To enable,
 from your avatar on the top-right navbar, click **Settings**, and go to **Preferences** on the left
@@ -83,9 +84,9 @@ From there, when reviewing merge requests' **Changes** tab, you will see only on
 #### Enable or disable file-by-file diff navigation **(CORE ONLY)**
 
 File-by-file diff navigation is under development but ready for production use. It is
-deployed behind a feature flag that is **disabled by default**.
+deployed behind a feature flag that is **enabled by default**.
 [GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can enable it for your instance.
+can opt to disable it for your instance.
 
 To enable it:
 
diff --git a/lib/api/entities/merge_request_approvals.rb b/lib/api/entities/merge_request_approvals.rb
index e3d58d687c4..0c464844ae7 100644
--- a/lib/api/entities/merge_request_approvals.rb
+++ b/lib/api/entities/merge_request_approvals.rb
@@ -8,8 +8,7 @@ module API
       end
 
       expose :user_can_approve do |merge_request, options|
-        !merge_request.approved_by?(options[:current_user]) &&
-          options[:current_user].can?(:approve_merge_request, merge_request)
+        merge_request.can_be_approved_by?(options[:current_user])
       end
 
       expose :approved do |merge_request|
diff --git a/app/assets/images/bot_avatars/alert-bot.png b/lib/assets/images/bot_avatars/alert-bot.png
index 985d67d6179..985d67d6179 100644
--- a/app/assets/images/bot_avatars/alert-bot.png
+++ b/lib/assets/images/bot_avatars/alert-bot.png
diff --git a/app/assets/images/bot_avatars/security-bot.png b/lib/assets/images/bot_avatars/security-bot.png
index 0709f62f07b..0709f62f07b 100644
--- a/app/assets/images/bot_avatars/security-bot.png
+++ b/lib/assets/images/bot_avatars/security-bot.png
diff --git a/app/assets/images/bot_avatars/support-bot.png b/lib/assets/images/bot_avatars/support-bot.png
index 1335205c191..1335205c191 100644
--- a/app/assets/images/bot_avatars/support-bot.png
+++ b/lib/assets/images/bot_avatars/support-bot.png
diff --git a/lib/gitlab/config_checker/external_database_checker.rb b/lib/gitlab/config_checker/external_database_checker.rb
index c08dd0351f3..af828acb9c0 100644
--- a/lib/gitlab/config_checker/external_database_checker.rb
+++ b/lib/gitlab/config_checker/external_database_checker.rb
@@ -23,7 +23,7 @@ module Gitlab
             }
         end
 
-        if Gitlab::Database.postgresql_upcoming_deprecation?
+        if Gitlab::Database.postgresql_upcoming_deprecation? && Gitlab::Database.within_deprecation_notice_window?
           upcoming_deprecation = Gitlab::Database::UPCOMING_POSTGRES_VERSION_DETAILS
 
           notices <<
diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb
index 2bfb6c32886..d88ca6d7fe3 100644
--- a/lib/gitlab/database.rb
+++ b/lib/gitlab/database.rb
@@ -13,11 +13,15 @@ module Gitlab
     # so administrators can prepare to upgrade
     UPCOMING_POSTGRES_VERSION_DETAILS = {
       gl_version: '13.6.0',
-      gl_version_date: 'November 2020',
+      gl_version_date: 'November 22, 2020',
       pg_version_minimum: 12,
       url: 'https://gitlab.com/groups/gitlab-org/-/epics/2374'
     }.freeze
 
+    # Specifies the maximum number of days in advance to display a notice
+    # regarding an upcoming PostgreSQL version deprecation.
+    DEPRECATION_WINDOW_DAYS = 90
+
     # https://www.postgresql.org/docs/9.2/static/datatype-numeric.html
     MAX_INT_VALUE = 2147483647
 
@@ -119,6 +123,18 @@ module Gitlab
       version.to_f < UPCOMING_POSTGRES_VERSION_DETAILS[:pg_version_minimum]
     end
 
+    def self.days_until_deprecation
+      (
+        Date.parse(UPCOMING_POSTGRES_VERSION_DETAILS[:gl_version_date]) -
+        Date.today
+      ).to_i
+    end
+    private_class_method :days_until_deprecation
+
+    def self.within_deprecation_notice_window?
+      days_until_deprecation <= DEPRECATION_WINDOW_DAYS
+    end
+
     def self.check_postgres_version_and_print_warning
       return if Gitlab::Database.postgresql_minimum_supported_version?
       return if Gitlab::Runtime.rails_runner?
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 314bb6466c9..f983357d037 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -8132,7 +8132,7 @@ msgstr ""
 msgid "DesignManagement|The maximum number of designs allowed to be uploaded is %{upload_limit}. Please try again."
 msgstr ""
 
-msgid "DesignManagement|To enable design management, you'll need to %{requirements_link_start}meet the requirements%{requirements_link_end}. If you need help, reach out to our %{support_link_start}support team%{support_link_end} for assistance."
+msgid "DesignManagement|To upload designs, you'll need to enable LFS. %{requirements_link_start}More information%{requirements_link_end}"
 msgstr ""
 
 msgid "DesignManagement|Unresolve thread"
diff --git a/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb
index 2381e00972f..8070fee5804 100644
--- a/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb
+++ b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb
@@ -46,7 +46,7 @@ RSpec.describe 'User uploads new design', :js do
       let(:feature_enabled) { false }
 
       it 'shows the message about requirements' do
-        expect(page).to have_content("To enable design management, you'll need to meet the requirements.")
+        expect(page).to have_content("To upload designs, you'll need to enable LFS.")
       end
     end
   end
@@ -80,7 +80,7 @@ RSpec.describe 'User uploads new design', :js do
       let(:feature_enabled) { false }
 
       it 'shows the message about requirements' do
-        expect(page).to have_content("To enable design management, you'll need to meet the requirements.")
+        expect(page).to have_content("To upload designs, you'll need to enable LFS.")
       end
     end
   end
diff --git a/spec/frontend/design_management_new/pages/__snapshots__/index_spec.js.snap b/spec/frontend/design_management_new/pages/__snapshots__/index_spec.js.snap
index 3d1fe143ac3..902803b0ad1 100644
--- a/spec/frontend/design_management_new/pages/__snapshots__/index_spec.js.snap
+++ b/spec/frontend/design_management_new/pages/__snapshots__/index_spec.js.snap
@@ -2,7 +2,7 @@
 
 exports[`Design management index page designs does not render toolbar when there is no permission 1`] = `
 <div
-  class="gl-mt-5"
+  class="gl-mt-5 designs-root"
   data-testid="designs-root"
 >
   <!---->
@@ -87,7 +87,7 @@ exports[`Design management index page designs does not render toolbar when there
 
 exports[`Design management index page designs renders designs list and header with upload button 1`] = `
 <div
-  class="gl-mt-5"
+  class="gl-mt-5 designs-root"
   data-testid="designs-root"
 >
   <header
diff --git a/spec/frontend/diffs/store/actions_spec.js b/spec/frontend/diffs/store/actions_spec.js
index ec6ad031813..fc5e39357ca 100644
--- a/spec/frontend/diffs/store/actions_spec.js
+++ b/spec/frontend/diffs/store/actions_spec.js
@@ -1603,6 +1603,18 @@ describe('DiffsStoreActions', () => {
 
       expect(commit).toHaveBeenCalledWith(types.UPDATE_CURRENT_DIFF_FILE_ID, '123');
     });
+
+    it('does not commit UPDATE_CURRENT_DIFF_FILE_ID when discussion has no diff_file', () => {
+      const commit = jest.fn();
+      const rootGetters = {
+        getDiscussion: () => ({ id: '1' }),
+        notesById: { '1': { discussion_id: '2' } },
+      };
+
+      setCurrentDiffFileIdFromNote({ commit, rootGetters }, '1');
+
+      expect(commit).not.toHaveBeenCalled();
+    });
   });
 
   describe('navigateToDiffFileIndex', () => {
diff --git a/spec/lib/gitlab/config_checker/external_database_checker_spec.rb b/spec/lib/gitlab/config_checker/external_database_checker_spec.rb
index 316696bc584..712903e020a 100644
--- a/spec/lib/gitlab/config_checker/external_database_checker_spec.rb
+++ b/spec/lib/gitlab/config_checker/external_database_checker_spec.rb
@@ -36,9 +36,23 @@ RSpec.describe Gitlab::ConfigChecker::ExternalDatabaseChecker do
         allow(Gitlab::Database).to receive(:postgresql_upcoming_deprecation?).and_return(true)
       end
 
-      it 'only returns notice about an upcoming deprecation' do
-        is_expected.to include(a_hash_including(message: include(upcoming_deprecation_warning)))
-        is_expected.not_to include(a_hash_including(message: include(deprecation_warning)))
+      context 'inside the deprecation notice window' do
+        before do
+          allow(Gitlab::Database).to receive(:within_deprecation_notice_window?).and_return(true)
+        end
+
+        it 'only returns notice about an upcoming deprecation' do
+          is_expected.to include(a_hash_including(message: include(upcoming_deprecation_warning)))
+          is_expected.not_to include(a_hash_including(message: include(deprecation_warning)))
+        end
+      end
+
+      context 'outside the deprecation notice window' do
+        before do
+          allow(Gitlab::Database).to receive(:within_deprecation_notice_window?).and_return(false)
+        end
+
+        it { is_expected.to be_empty }
       end
     end
 
@@ -48,11 +62,28 @@ RSpec.describe Gitlab::ConfigChecker::ExternalDatabaseChecker do
         allow(Gitlab::Database).to receive(:postgresql_upcoming_deprecation?).and_return(true)
       end
 
-      it 'returns notice about deprecated database version and an upcoming deprecation' do
-        is_expected.to include(
-          a_hash_including(message: include(deprecation_warning)),
-          a_hash_including(message: include(upcoming_deprecation_warning))
-        )
+      context 'inside the deprecation notice window' do
+        before do
+          allow(Gitlab::Database).to receive(:within_deprecation_notice_window?).and_return(true)
+        end
+
+        it 'returns notice about deprecated database version and an upcoming deprecation' do
+          is_expected.to include(
+            a_hash_including(message: include(deprecation_warning)),
+            a_hash_including(message: include(upcoming_deprecation_warning))
+          )
+        end
+      end
+
+      context 'outside the deprecation notice window' do
+        before do
+          allow(Gitlab::Database).to receive(:within_deprecation_notice_window?).and_return(false)
+        end
+
+        it 'only returns notice about deprecated database version' do
+          is_expected.to include(a_hash_including(message: include(deprecation_warning)))
+          is_expected.not_to include(a_hash_including(message: include(upcoming_deprecation_warning)))
+        end
       end
     end
   end
diff --git a/spec/lib/gitlab/database_spec.rb b/spec/lib/gitlab/database_spec.rb
index cd009f955af..47d2cb05240 100644
--- a/spec/lib/gitlab/database_spec.rb
+++ b/spec/lib/gitlab/database_spec.rb
@@ -129,6 +129,26 @@ RSpec.describe Gitlab::Database do
     end
   end
 
+  describe '.within_deprecation_notice_window?' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:case_name, :days, :result) do
+      'outside window'  | Gitlab::Database::DEPRECATION_WINDOW_DAYS + 1 | false
+      'equal to window' | Gitlab::Database::DEPRECATION_WINDOW_DAYS     | true
+      'within window'   | Gitlab::Database::DEPRECATION_WINDOW_DAYS - 1 | true
+    end
+
+    with_them do
+      it "returns #{params[:result]} when #{params[:case_name]}" do
+        allow(Date)
+          .to receive(:today)
+          .and_return Date.parse(Gitlab::Database::UPCOMING_POSTGRES_VERSION_DETAILS[:gl_version_date]) - days
+
+        expect(described_class.within_deprecation_notice_window?).to eq(result)
+      end
+    end
+  end
+
   describe '.check_postgres_version_and_print_warning' do
     subject { described_class.check_postgres_version_and_print_warning }
 
diff --git a/spec/models/concerns/approvable_base_spec.rb b/spec/models/concerns/approvable_base_spec.rb
index 8fda8bccf09..a9e944cf220 100644
--- a/spec/models/concerns/approvable_base_spec.rb
+++ b/spec/models/concerns/approvable_base_spec.rb
@@ -3,10 +3,10 @@
 require 'spec_helper'
 
 RSpec.describe ApprovableBase do
-  describe '#approved_by?' do
-    let(:merge_request) { create(:merge_request) }
-    let(:user) { create(:user) }
+  let(:merge_request) { create(:merge_request) }
+  let(:user) { create(:user) }
 
+  describe '#approved_by?' do
     subject { merge_request.approved_by?(user) }
 
     context 'when a user has not approved' do
@@ -31,4 +31,32 @@ RSpec.describe ApprovableBase do
       end
     end
   end
+
+  describe '#can_be_approved_by?' do
+    subject { merge_request.can_be_approved_by?(user) }
+
+    before do
+      merge_request.project.add_developer(user)
+    end
+
+    it 'returns true' do
+      is_expected.to be_truthy
+    end
+
+    context 'when a user has approved' do
+      let!(:approval) { create(:approval, merge_request: merge_request, user: user) }
+
+      it 'returns false' do
+        is_expected.to be_falsy
+      end
+    end
+
+    context 'when a user is nil' do
+      let(:user) { nil }
+
+      it 'returns false' do
+        is_expected.to be_falsy
+      end
+    end
+  end
 end