342 files changed, 1737 insertions, 1561 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e220d61b316..feda5e0835b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,253 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.8.0 (2019-02-22)
+
+### Security (7 changes, 1 of them is from the community)
+
+- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2793
+- Update Helm to 2.12.2 to address Helm client vulnerability. !24418 (Takuya Noguchi)
+- Use sanitized user status message for user popover.
+- Validate bundle files before unpacking them.
+- Alias GitHub and BitBucket OAuth2 callback URLs.
+- Fixed XSS content in KaTex links.
+- Disallows unauthorized users from accessing the pipelines section.
+
+### Removed (2 changes, 1 of them is from the community)
+
+- Removed deprecated Redcarpet markdown engine.
+- Remove Cancel all jobs button in general jobs list view. (Jordi Llull)
+
+### Fixed (84 changes, 20 of them are from the community)
+
+- Fix ambiguous brackets in task lists. !18514 (Jared Deckard <jared.deckard@gmail.com>)
+- Fix lost line number when navigating to a specific line in a protected file before authenticating. !19165 (Scott Escue)
+- Fix suboptimal handling of checkbox and radio input events causing group general settings submit button to stay disabled after changing its visibility. !23022
+- Fix upcoming milestones filter not including group milestones. !23098 (Heinrich Lee Yu)
+- Update runner admin page to make description field larger. !23593 (Sascha Reynolds)
+- Fix Bitbucket Server import not allowing personal projects. !23601
+- Fix bug causing repository mirror settings UI to break. !23712
+- Fix foreground color for labels to ensure consistency of label appearance. !23873 (Nathan Friend)
+- Resolve In Merge Request diff screen, master is not a hyperlink. !23874
+- Show the correct error page when access is denied. !23932
+- Increase reliability and performance of toggling task items. !23938
+- Modify file restore to rectify tar issue. !24000
+- Fix default visibility_level for new projects. !24120 (Fabian Schneider @fabsrc)
+- Footnotes now render properly in markdown. !24168
+- Emoji and cancel button are taller than input in set user status modal. !24173 (Dhiraj Bodicherla)
+- Adjusts duplicated line when commenting on unfolded diff lines (in the bottom). !24201
+- Adjust height of "Add list" dropdown in issue boards. !24227
+- Improves restriction of multiple Kubernetes clusters through API. !24251
+- Fix files/blob api endpoints content disposition. !24267
+- Cleanup stale +deleted repo paths on project removal (adjusts project removal bug). !24269
+- Handle regular job dependencies next to parallelized job dependencies. !24273
+- Proper align Projects dropdown on issue boards page. !24277 (Johann Hubert Sonntagbauer)
+- Resolve When merging an MR, the squash checkbox isnt always supported. !24296
+- Fix Bitbucket Server importer error handling. !24343
+- Fix syntax highlighting for suggested changes preview. !24358
+- API: Support dots in wiki slugs. !24383 (Robert Schilling)
+- Show CI artifact file size with 3 significant digits on 'browse job artifacts' page. !24387
+- API: Support username with dots. !24395 (Robert Schilling)
+- API: Fix default_branch_protection admin setting. !24398 (Robert Schilling)
+- Remove unwanted margin above suggested changes. !24419
+- Prevent checking protected_ref? for ambiguous refs. !24437
+- Update metrics environment dropdown to show complete option set. !24441
+- Fix empty labels of CI builds for gitlab-pages on pipeline page. !24451
+- Do not run spam checks on confidential issues. !24453
+- Upgrade KaTeX to version 0.10.0. !24478 (Andrew Harmon)
+- Avoid overwriting default jaeger values with nil. !24482
+- Display SAML failure messages instead of expecting CSRF token. !24509
+- Adjust vertical alignment for project visibility icons. !24511 (Martin Hobert)
+- Load initUserInternalRegexPlaceholder only when required. !24522
+- Hashed Storage: `AfterRenameService` was receiving the wrong `old_path` under some circunstances. !24526
+- Resolve Runners IPv6 address overlaps other values. !24531
+- Fix 404s with snippet uploads in object storage. !24550
+- Fixed oversized custom project notification selector dropdown. !24557
+- Allow users with full private access to read private personal snippets. !24560
+- Resolve Pipeline stages job action button icon is not aligned. !24577
+- Fix cluster page non-interactive on form validation error. !24583
+- Fix 404s for snippet uploads when relative URL root used. !24588
+- Fix markdown table border. !24601
+- Fix CSS grid on a new Project/Group Milestone. !24614 (Takuya Noguchi)
+- Prevent unload when Recaptcha is open. !24625
+- Clean up unicorn sampler metric labels. !24626 (bjk-gitlab)
+- Support bamboo api polymorphism. !24680 (Alex Lossent)
+- Ensure Cert Manager works with Auto DevOps URLs greater than 64 bytes. !24683
+- Fix failed LDAP logins when nil user_id present. !24749
+- fix display comment avatars issue in IE 11. !24777 (Gokhan Apaydin)
+- Fix template labels not being created on new projects. !24803
+- Fix cluster installation processing spinner. !24814
+- Append prioritized label before pagination. !24815
+- Resolve UI bug adding group members with lower permissions. !24820
+- Make `ActionController::Parameters` serializable for sidekiq jobs. !24864
+- Fix Jira Service password validation on project integration services. !24896 (Daniel Juarez)
+- Fix potential Addressable::URI::InvalidURIError. !24908
+- Update Workhorse to v8.2.0. !24909
+- Encode Content-Disposition filenames. !24919
+- Avoid race conditions when creating GpgSignature. !24939
+- Create the source branch for a GitHub import. !25064
+- Fix suggested changes syntax highlighting. !25116
+- Fix counts in milestones dashboard. !25230
+- Fixes incorrect TLD validation errors for Kubernetes cluster domain. !25262
+- Fix 403 errors when adding an assignee list in project boards. !25263
+- Prevent Auto DevOps from trying to deploy without a domain name. !25308
+- Fix uninitialized constant with GitLab Pages.
+- Increase line height of project summaries. (gfyoung)
+- Remove extra space between MR tab bar and sticky file headers.
+- Correct spacing for comparison page.
+- Update CI YAML param table with include.
+- Return bottom border on MR Tabs.
+- Fixes z-index and margins of archived alert in job page.
+- Fixes archived sticky top bar without perfomance bar.
+- Fixed rebase button not showing in merge request widget.
+- Fixed double tooltips on note awards buttons.
+- Allow suggestions to be copied and pasted as GFM.
+- Fix bug that caused Suggestion Markdown toolbar button to insert snippet with leading +/-/<space>.
+- Moved primary button for labels to follow the design patterns used on rest of the site. (Martin Hobert)
+
+### Changed (37 changes, 11 of them are from the community)
+
+- Change spawning of tooltips to be top by default. !21223
+- Standardize filter value capitlization in filter bar in both issues and boards pages. !23846 (obahareth)
+- Refresh group overview to match project overview. !23866
+- Build number does not need to be tweaked anymore for the TeamCity integration to work properly. !23898
+- Added empty project illustration and updated text to user profile overview. !23973 (Fernando Arias)
+- Modified Knative list view to provide more details. !24072 (Chris Baumbauer)
+- Move cancel & new issue button on job page. !24074
+- Make issuable empty states actionable. !24077
+- Fix code search when text is larger than max gRPC message size. !24111
+- Update string structure for available group runners. !24187 (George Tsiolis)
+- Remove multilingual translation from the word "in" in the job details sidebar. !24192 (Nathan Friend)
+- Fix duplicate project disk path in BackfillLegacyProjectRepositories. !24213
+- Ensured links to a comment or system note anchor resolves to the right note if a user has a discussion filter. !24228
+- Remove expansion hover animation from pipeline status icon buttons. !24268 (Nathan Friend)
+- Redesigned related merge requests in issue page. !24270
+- Return the maximum group access level in the projects API. !24403
+- Update project topics styling to use badges design. !24415
+- Display "commented" only for commit discussions on merge requests. !24427
+- Upgrade js-regex gem to version 3.1. !24433 (rroger)
+- Prevent Sidekiq arguments over 10 KB in size from being logged to JSON. !24493
+- Added Avatar in the settings sidebar. !24515 (Yoginth)
+- Refresh empty states for profile page tabs. !24549
+- remove red/green colors from diff view of no-color syntax theme. !24582 (khm)
+- Get remote IP address of runner. !24624
+- Update last_activity_on for Users on some main GET endpoints. !24642
+- Update metrics dashboard graph design. !24653
+- Update to GitLab SVG icon from Font Awesome in profile for location and work. !24671 (Yoginth)
+- Add template for Android with Fastlane. !24722
+- Display timestamps to messages printed by gitlab:backup:restore rake tasks. (Will Chandler)
+- Show MR statistics in diff comparisons.
+- Make possible to toggle file tree while scrolling through diffs.
+- Use delete instead of remove when referring to `git branch -D`.
+- Add folder header to files in merge request tree list.
+- Added fuzzy file finder to merge requests.
+- Collapse directory structure in merge request file tree.
+- Adds skeleton loading to releases page.
+- Support multiple outputs in jupyter notebooks.
+
+### Performance (8 changes, 1 of them is from the community)
+
+- Remove unused button classes `btn-create` and `comment-btn`. !23232 (George Tsiolis)
+- [API] Omit `X-Total` and `X-Total-Pages` headers when items count is more than 10,000. !23931
+- Improve efficiency of GitHub importer by reducing amount of locks needed. !24102
+- Improve milestone queries using subqueries instead of separate queries for ids. !24325
+- Efficiently remove expired artifacts in `ExpireBuildArtifactsWorker`. !24450
+- Eliminate N+1 queries in /api/groups/:id. !24513
+- Use deployment relation to get an environment name. !24890
+- Do not reload daemon if configuration file of pages does not change.
+
+### Added (35 changes, 18 of them are from the community)
+
+- Add badge count to projects. !18425 (George Tsiolis)
+- API: Add support for group labels. !21368 (Robert Schilling)
+- Add setting for first day of the week. !22755 (Fabian Schneider @fabsrc)
+- Pages for subgroups. !23505
+- Add support for customer provided encryption keys for Amazon S3 remote backups. !23797 (Pepijn Van Eeckhoudt)
+- Add Knative detailed view. !23863 (Chris Baumbauer)
+- Add group full path to project's shared_with_groups. !24052 (Mathieu Parent)
+- Added feature to specify a custom Auto DevOps chart repository. !24162 (walkafwalka)
+- Add flat-square badge style. !24172 (Fabian Schneider @fabsrc)
+- Display last activity and created at datetimes for users. !24181
+- Allow setting of feature gates per project. !24184
+- Save issues/merge request sorting options to backend. !24198
+- Added support for custom hosts/domains to Auto DevOps. !24248 (walkafwalka)
+- Adds milestone search. !24265 (Jacopo Beschi @jacopo-beschi)
+- Allow merge request diffs to be placed into an object store. !24276
+- Add Container Registry API with cleanup function. !24303
+- GitLab now supports the profile and email scopes from OpenID Connect. !24335 (Goten Xiao)
+- Add 'in' filter that modifies scope of 'search' filter to issues and merge requests API. !24350 (Hiroyuki Sato)
+- Add `with_programming_language` filter for projects to API. !24377 (Dylan MacKenzie)
+- API: Support searching for tags. !24385 (Robert Schilling)
+- Document graphicsmagick installation for source installation. !24404 (Alexis Reigel)
+- Redirect GET projects/:id to project page. !24467
+- Indicate on Issue Status if an Issue was Moved. !24470
+- Redeploy Auto DevOps deployment on variable updates. !24498 (walkafwalka)
+- Don't create new merge request pipeline without commits. !24503 (Hiroyuki Sato)
+- Add GitLab Pages predefined CI variables 'CI_PAGES_DOMAIN' and 'CI_PAGES_URL'. !24504 (Adrian Moisey)
+- Moves domain setting from Auto DevOps to Cluster's page. !24580
+- API allows setting the squash commit message when squashing a merge request. !24784
+- Added ability to upgrade cluster applications. !24789
+- Add argument iids for issues in GraphQL. !24802
+- Add repositories count to usage ping data. !24823
+- Add support for extensionless pages URLs. !24876
+- Add templates for most popular Pages templates. !24906
+- Introduce Internal API for searching environment names. !24923
+- Allow admins to invalidate markdown texts by setting local markdown version.
+
+### Other (50 changes, 18 of them are from the community)
+
+- Externalize strings from `/app/views/projects/project_members`. !23227 (Tao Wang)
+- Add CSS & JS global flags to represent browser and platform. !24017
+- Fix deprecation: Passing an argument to force an association to reload is now deprecated. !24136 (Jasper Maes)
+- Cleanup legacy artifact background migration. !24144
+- Bump kubectl in Auto DevOps to 1.11.6. !24176
+- Conditionally initialize the global opentracing tracer. !24186
+- Remove horizontal whitespace on user profile overview on small breakpoints. !24189
+- Bump nginx-ingress chart to 1.1.2. !24203
+- Use monospace font for registry table tag id and tag name. !24205
+- Rename project tags to project topics. !24219
+- Add uniqueness validation to url column in Releases::Link model. !24223
+- Update sidekiq-cron to 1.0.4 and use fugit to replace rufus-scheduler to parse cron syntax. !24235
+- Adds inter-service OpenTracing propagation. !24239
+- Fixes Auto DevOps title on CI/CD admin settings. !24249
+- Upgrade kubeclient to 4.2.2 and swap out monkey-patch to disallow redirects. !24284
+- i18n: externalize strings from 'app/views/search'. !24297 (Tao Wang)
+- Fix several ActionController::Parameters deprecations. !24332 (Jasper Maes)
+- Remove all `$theme-gray-{weight}` variables in favor of `$gray-{weight}`. !24333 (George Tsiolis)
+- Update gitlab-styles to 2.5.1. !24336 (Jasper Maes)
+- Modifies environment scope UI on cluster page. !24376
+- Extract process_name from GitLab::Sentry. !24422
+- Upgrade Gitaly to 1.13.0. !24429
+- Actually set raise_on_unfiltered_parameters to true. !24443 (Jasper Maes)
+- Refactored NoteableDiscussion by extracting ResolveDiscussionButton. !24505 (Martin Hobert)
+- Extracted JumpToNextDiscussionButton to its own component. !24506 (Martin Hobert)
+- Extracted ReplyPlaceholder to its own component. !24507 (Martin Hobert)
+- Block emojis and symbol characters from users full names. !24523
+- Update GitLab Runner Helm Chart to 0.1.45. !24564
+- Updated docs for fields in pushing mirror from GitLab to GitHub. !24566 (Joseph Yu)
+- Upgrade gitlab-workhorse to 8.1.0. !24571
+- Externalize strings from `/app/views/sent_notifications`. !24576 (George Tsiolis)
+- Adds tracing support for ActiveRecord notifications. !24604
+- Externalize strings from `/app/views/projects/ci`. !24617 (George Tsiolis)
+- Move permission check of manual actions of deployments. !24660
+- Externalize strings from `/app/views/clusters`. !24666 (George Tsiolis)
+- Update UI for admin appearance settings. !24685
+- Externalize strings from `/app/views/projects/pages_domains`. !24723 (George Tsiolis)
+- Externalize strings from `/app/views/projects/milestones`. !24726 (George Tsiolis)
+- Add OpenTracing instrumentation for Action View Render events. !24728
+- Expose version for each application in cluster_status JSON endpoint. !24791
+- Externalize strings from `/app/views/instance_statistics`. !24809 (George Tsiolis)
+- Update cluster application version on updated and installed status. !24810
+- Project list UI improvements. !24855
+- Externalize strings from `/app/views/email_rejection_mailer`. !24869 (George Tsiolis)
+- Update Gitaly to v1.17.0. !24873
+- Update Workhorse to v8.3.0. !24959
+- Upgrade gitaly to 1.18.0. !24981
+- Update Workhorse to v8.3.1.
+- Upgraded Codesandbox smooshpack package.
+- Creates mixin to reduce code duplication between CE and EE in graph component.
+
+
 ## 11.7.5 (2019-02-06)
 
 ### Fixed (8 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 66e2ae6c25c..39893559155 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-1.19.1
+1.20.0
diff --git a/VERSION b/VERSION
index 43ac3a9e454..897063bb326 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-11.8.0-rc4
+11.8.0
diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
index 35380ca49fb..798114b4b0b 100644
--- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js
+++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
@@ -1,4 +1,5 @@
 import flash from '~/flash';
+import { sprintf, __ } from '../../locale';
 
 // Renders diagrams and flowcharts from text using Mermaid in any element with the
 // `js-render-mermaid` class.
@@ -14,6 +15,9 @@ import flash from '~/flash';
 // </pre>
 //
 
+// This is an arbitary number; Can be iterated upon when suitable.
+const MAX_CHAR_LIMIT = 5000;
+
 export default function renderMermaid($els) {
   if (!$els.length) return;
 
@@ -34,6 +38,21 @@ export default function renderMermaid($els) {
       $els.each((i, el) => {
         const source = el.textContent;
 
+        /**
+         * Restrict the rendering to a certain amount of character to
+         * prevent mermaidjs from hanging up the entire thread and
+         * causing a DoS.
+         */
+        if (source && source.length > MAX_CHAR_LIMIT) {
+          el.textContent = sprintf(
+            __(
+              'Cannot render the image. Maximum character count (%{charLimit}) has been exceeded.',
+            ),
+            { charLimit: MAX_CHAR_LIMIT },
+          );
+          return;
+        }
+
         // Remove any extra spans added by the backend syntax highlighting.
         Object.assign(el, { textContent: source });
 
diff --git a/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js b/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js
index fba31f16d65..5090b0bdc3c 100644
--- a/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js
+++ b/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js
@@ -163,7 +163,7 @@ export default class FilteredSearchVisualTokens {
     const tokenValueElement = tokenValueContainer.querySelector('.value');
     tokenValueElement.innerText = tokenValue;
 
-    if (tokenValue === 'none' || tokenValue === 'any') {
+    if (['none', 'any'].includes(tokenValue.toLowerCase())) {
       return;
     }
 
diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js
index 63db4938cd7..1b722c0505a 100644
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@@ -78,7 +78,6 @@ function deferredInitialisation() {
   initUserPopovers();
 
   if (document.querySelector('.search')) initSearchAutocomplete();
-  if (document.querySelector('#js-peek')) initPerformanceBar({ container: '#js-peek' });
 
   addSelectOnFocusBehaviour('.js-select-on-focus');
 
@@ -145,6 +144,8 @@ document.addEventListener('DOMContentLoaded', () => {
   const $sidebarGutterToggle = $('.js-sidebar-toggle');
   let bootstrapBreakpoint = bp.getBreakpointSize();
 
+  if (document.querySelector('#js-peek')) initPerformanceBar({ container: '#js-peek' });
+
   initLayoutNav();
 
   // Set the default path for all cookies to GitLab's root directory
diff --git a/app/assets/javascripts/notes/components/note_body.vue b/app/assets/javascripts/notes/components/note_body.vue
index ff303d0f55a..fb1d98355b3 100644
--- a/app/assets/javascripts/notes/components/note_body.vue
+++ b/app/assets/javascripts/notes/components/note_body.vue
@@ -95,6 +95,7 @@ export default {
   <div ref="note-body" :class="{ 'js-task-list-container': canEdit }" class="note-body">
     <suggestions
       v-if="hasSuggestion && !isEditing"
+      class="note-text md"
       :suggestions="note.suggestions"
       :note-html="note.note_html"
       :line-type="lineType"
diff --git a/app/assets/javascripts/vue_merge_request_widget/components/states/commits_header.vue b/app/assets/javascripts/vue_merge_request_widget/components/states/commits_header.vue
index a1d3a09cca4..33963d5e1e6 100644
--- a/app/assets/javascripts/vue_merge_request_widget/components/states/commits_header.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/commits_header.vue
@@ -73,14 +73,14 @@ export default {
       <gl-button
         :aria-label="ariaLabel"
         variant="blank"
-        class="commit-edit-toggle mr-2"
+        class="commit-edit-toggle square s24 mr-2"
         @click.stop="toggle()"
       >
         <icon :name="collapseIcon" :size="16" />
       </gl-button>
       <span v-if="expanded">{{ __('Collapse') }}</span>
       <span v-else>
-        <span v-html="message"></span>
+        <span class="vertical-align-middle" v-html="message"></span>
         <gl-button variant="link" class="modify-message-button">
           {{ modifyLinkMessage }}
         </gl-button>
diff --git a/app/assets/javascripts/vue_shared/components/markdown/suggestions.vue b/app/assets/javascripts/vue_shared/components/markdown/suggestions.vue
index c33665c24f6..dcda701f049 100644
--- a/app/assets/javascripts/vue_shared/components/markdown/suggestions.vue
+++ b/app/assets/javascripts/vue_shared/components/markdown/suggestions.vue
@@ -130,6 +130,6 @@ export default {
 <template>
   <div>
     <div class="flash-container js-suggestions-flash"></div>
-    <div v-show="isRendered" ref="container" class="note-text md" v-html="noteHtml"></div>
+    <div v-show="isRendered" ref="container" v-html="noteHtml"></div>
   </div>
 </template>
diff --git a/app/assets/stylesheets/framework/mixins.scss b/app/assets/stylesheets/framework/mixins.scss
index 9837b1a6bd0..b9d0c0d4d96 100644
--- a/app/assets/stylesheets/framework/mixins.scss
+++ b/app/assets/stylesheets/framework/mixins.scss
@@ -36,10 +36,6 @@
     width: fit-content;
   }
 
-  tbody {
-    background-color: $white-light;
-  }
-
   tr {
     th {
       border-bottom: solid 2px $gl-gray-100;
diff --git a/app/assets/stylesheets/pages/builds.scss b/app/assets/stylesheets/pages/builds.scss
index 65f46e3852a..fa5a182243c 100644
--- a/app/assets/stylesheets/pages/builds.scss
+++ b/app/assets/stylesheets/pages/builds.scss
@@ -75,7 +75,11 @@
     @include build-trace-top-bar(35px);
 
     &.has-archived-block {
-      top: $header-height + $performance-bar-height + 28px;
+      top: $header-height + 28px;
+
+      .with-performance-bar & {
+        top: $header-height + $performance-bar-height + 28px;
+      }
     }
 
     &.affix {
diff --git a/app/assets/stylesheets/pages/merge_requests.scss b/app/assets/stylesheets/pages/merge_requests.scss
index 135730d71e9..790d438c7e2 100644
--- a/app/assets/stylesheets/pages/merge_requests.scss
+++ b/app/assets/stylesheets/pages/merge_requests.scss
@@ -738,6 +738,8 @@
   z-index: 103;
   background: $gray-light;
   color: $gl-text-color;
+  margin-top: -1px;
+  border-top: 1px solid $border-color;
 
   .mr-version-menus-container {
     display: flex;
@@ -789,7 +791,6 @@
     position: sticky;
     top: $header-height + $mr-tabs-height;
     width: 100%;
-    border-top: 1px solid $border-color;
 
     &.is-fileTreeOpen {
       margin-left: -16px;
@@ -810,10 +811,7 @@
   top: $header-height;
   z-index: 200;
   background-color: $white-light;
-
-  @include media-breakpoint-down(md) {
-    border-bottom: 1px solid $border-color;
-  }
+  border-bottom: 1px solid $border-color;
 
   @include media-breakpoint-up(sm) {
     position: sticky;
@@ -1019,3 +1017,8 @@
   z-index: 99999;
   background: $black-transparent;
 }
+
+.source-branch-removal-status {
+  padding-left: 50px;
+  padding-bottom: $gl-padding;
+}
diff --git a/app/controllers/concerns/milestone_actions.rb b/app/controllers/concerns/milestone_actions.rb
index eccbe35577b..c0c0160a827 100644
--- a/app/controllers/concerns/milestone_actions.rb
+++ b/app/controllers/concerns/milestone_actions.rb
@@ -8,7 +8,7 @@ module MilestoneActions
       format.html { redirect_to milestone_redirect_path }
       format.json do
         render json: tabs_json("shared/milestones/_merge_requests_tab", {
-          merge_requests: @milestone.sorted_merge_requests, # rubocop:disable Gitlab/ModuleWithInstanceVariables
+          merge_requests: @milestone.sorted_merge_requests(current_user), # rubocop:disable Gitlab/ModuleWithInstanceVariables
           show_project_name: true
         })
       end
diff --git a/app/controllers/concerns/send_file_upload.rb b/app/controllers/concerns/send_file_upload.rb
index 9ca54c5519b..28e4cece548 100644
--- a/app/controllers/concerns/send_file_upload.rb
+++ b/app/controllers/concerns/send_file_upload.rb
@@ -3,7 +3,7 @@
 module SendFileUpload
   def send_upload(file_upload, send_params: {}, redirect_params: {}, attachment: nil, proxy: false, disposition: 'attachment')
     if attachment
-      response_disposition = ::Gitlab::ContentDisposition.format(disposition: 'attachment', filename: attachment)
+      response_disposition = ::Gitlab::ContentDisposition.format(disposition: disposition, filename: attachment)
 
       # Response-Content-Type will not override an existing Content-Type in
       # Google Cloud Storage, so the metadata needs to be cleared on GCS for
diff --git a/app/controllers/dashboard/milestones_controller.rb b/app/controllers/dashboard/milestones_controller.rb
index 9484e4d30cd..912036da0ea 100644
--- a/app/controllers/dashboard/milestones_controller.rb
+++ b/app/controllers/dashboard/milestones_controller.rb
@@ -25,8 +25,6 @@ class Dashboard::MilestonesController < Dashboard::ApplicationController
   private
 
   def group_milestones
-    groups = GroupsFinder.new(current_user, all_available: false).execute
-
     DashboardGroupMilestone.build_collection(groups, params)
   end
 
@@ -45,6 +43,6 @@ class Dashboard::MilestonesController < Dashboard::ApplicationController
   end
 
   def groups
-    @groups ||= GroupsFinder.new(current_user, state_all: true).execute
+    @groups ||= GroupsFinder.new(current_user, all_available: false).execute
   end
 end
diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb
index dd9f5af61b3..ed0995e7ffd 100644
--- a/app/controllers/google_api/authorizations_controller.rb
+++ b/app/controllers/google_api/authorizations_controller.rb
@@ -2,6 +2,10 @@
 
 module GoogleApi
   class AuthorizationsController < ApplicationController
+    include Gitlab::Utils::StrongMemoize
+
+    before_action :validate_session_key!
+
     def callback
       token, expires_at = GoogleApi::CloudPlatform::Client
         .new(nil, callback_google_api_auth_url)
@@ -11,21 +15,27 @@ module GoogleApi
       session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] =
         expires_at.to_s
 
-      state_redirect_uri = redirect_uri_from_session_key(params[:state])
-
-      if state_redirect_uri
-        redirect_to state_redirect_uri
-      else
-        redirect_to root_path
-      end
+      redirect_to redirect_uri_from_session
     end
 
     private
 
-    def redirect_uri_from_session_key(state)
-      key = GoogleApi::CloudPlatform::Client
-        .session_key_for_redirect_uri(params[:state])
-      session[key] if key
+    def validate_session_key!
+      access_denied! unless redirect_uri_from_session.present?
+    end
+
+    def redirect_uri_from_session
+      strong_memoize(:redirect_uri_from_session) do
+        if params[:state].present?
+          session[session_key_for_redirect_uri(params[:state])]
+        else
+          nil
+        end
+      end
+    end
+
+    def session_key_for_redirect_uri(state)
+      GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(state)
     end
   end
 end
diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb
index 9c130af8394..0e3f13045ce 100644
--- a/app/controllers/projects/autocomplete_sources_controller.rb
+++ b/app/controllers/projects/autocomplete_sources_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Projects::AutocompleteSourcesController < Projects::ApplicationController
+  before_action :authorize_read_milestone!, only: :milestones
+
   def members
     render json: ::Projects::ParticipantsService.new(@project, current_user).execute(target)
   end
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index b13c0ae3967..939a09d4fd2 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -65,7 +65,11 @@ class Projects::CommitController < Projects::ApplicationController
   # rubocop: enable CodeReuse/ActiveRecord
 
   def merge_requests
-    @merge_requests = @commit.merge_requests.map do |mr|
+    @merge_requests = MergeRequestsFinder.new(
+      current_user,
+      project_id: @project.id,
+      commit_sha: @commit.sha
+    ).execute.map do |mr|
       { iid: mr.iid, path: merge_request_path(mr), title: mr.title }
     end
 
diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb
index 7c713c19762..bc942ba9288 100644
--- a/app/controllers/projects/group_links_controller.rb
+++ b/app/controllers/projects/group_links_controller.rb
@@ -13,9 +13,10 @@ class Projects::GroupLinksController < Projects::ApplicationController
     group = Group.find(params[:link_group_id]) if params[:link_group_id].present?
 
     if group
-      return render_404 unless can?(current_user, :read_group, group)
+      result = Projects::GroupLinks::CreateService.new(project, current_user, group_link_create_params).execute(group)
+      return render_404 if result[:http_status] == 404
 
-      Projects::GroupLinks::CreateService.new(project, current_user, group_link_create_params).execute(group)
+      flash[:alert] = result[:message] if result[:http_status] == 409
     else
       flash[:alert] = 'Please select a group.'
     end
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb
index b645011a3c5..93bee3f1488 100644
--- a/app/finders/merge_requests_finder.rb
+++ b/app/finders/merge_requests_finder.rb
@@ -37,13 +37,20 @@ class MergeRequestsFinder < IssuableFinder
   end
 
   def filter_items(_items)
-    items = by_source_branch(super)
+    items = by_commit(super)
+    items = by_source_branch(items)
     items = by_wip(items)
     by_target_branch(items)
   end
 
   private
 
+  def by_commit(items)
+    return items unless params[:commit_sha].presence
+
+    items.by_commit_sha(params[:commit_sha])
+  end
+
   def source_branch
     @source_branch ||= params[:source_branch].presence
   end
diff --git a/app/graphql/types/project_type.rb b/app/graphql/types/project_type.rb
index 050706f97be..587e55c611f 100644
--- a/app/graphql/types/project_type.rb
+++ b/app/graphql/types/project_type.rb
@@ -16,7 +16,6 @@ module Types
 
     field :description, GraphQL::STRING_TYPE, null: true
 
-    field :default_branch, GraphQL::STRING_TYPE, null: true
     field :tag_list, GraphQL::STRING_TYPE, null: true
 
     field :ssh_url_to_repo, GraphQL::STRING_TYPE, null: true
@@ -59,7 +58,6 @@ module Types
     end
 
     field :import_status, GraphQL::STRING_TYPE, null: true
-    field :ci_config_path, GraphQL::STRING_TYPE, null: true
 
     field :only_allow_merge_if_pipeline_succeeds, GraphQL::BOOLEAN_TYPE, null: true
     field :request_access_enabled, GraphQL::BOOLEAN_TYPE, null: true
diff --git a/app/mailers/emails/issues.rb b/app/mailers/emails/issues.rb
index 654ae211310..d2e334fb856 100644
--- a/app/mailers/emails/issues.rb
+++ b/app/mailers/emails/issues.rb
@@ -74,6 +74,7 @@ module Emails
 
       @new_issue = new_issue
       @new_project = new_issue.project
+      @can_access_project = recipient.can?(:read_project, @new_project)
       mail_answer_thread(issue, issue_thread_options(updated_by_user.id, recipient.id, reason))
     end
 
diff --git a/app/models/board.rb b/app/models/board.rb
index a137863456c..758a71d6903 100644
--- a/app/models/board.rb
+++ b/app/models/board.rb
@@ -21,6 +21,10 @@ class Board < ActiveRecord::Base
     group_id.present?
   end
 
+  def project_board?
+    project_id.present?
+  end
+
   def backlog_list
     lists.merge(List.backlog).take
   end
diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb
index 7025fc2cc02..8b0dc084c9f 100644
--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -50,7 +50,7 @@ module Clusters
 
     validates :name, cluster_name: true
     validates :cluster_type, presence: true
-    validates :domain, allow_blank: true, hostname: { allow_numeric_hostname: true, require_valid_tld: true }
+    validates :domain, allow_blank: true, hostname: { allow_numeric_hostname: true }
 
     validate :restrict_modification, on: :update
     validate :no_groups, unless: :group_type?
diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb
index c8969351ed9..0e5928550e3 100644
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -41,7 +41,7 @@ module Clusters
       validate :no_namespace, unless: :allow_user_defined_namespace?
 
       # We expect to be `active?` only when enabled and cluster is created (the api_url is assigned)
-      validates :api_url, url: true, presence: true
+      validates :api_url, public_url: true, presence: true
       validates :token, presence: true
 
       validate :prevent_modification, on: :update
diff --git a/app/models/commit_collection.rb b/app/models/commit_collection.rb
index 42ec5b5e664..a9a2e9c81eb 100644
--- a/app/models/commit_collection.rb
+++ b/app/models/commit_collection.rb
@@ -20,8 +20,8 @@ class CommitCollection
     commits.each(&block)
   end
 
-  def committers
-    emails = without_merge_commits.map(&:committer_email).uniq
+  def authors
+    emails = without_merge_commits.map(&:author_email).uniq
 
     User.by_any_email(emails)
   end
diff --git a/app/models/concerns/milestoneish.rb b/app/models/concerns/milestoneish.rb
index 055ffe04646..39372c4f68b 100644
--- a/app/models/concerns/milestoneish.rb
+++ b/app/models/concerns/milestoneish.rb
@@ -46,12 +46,19 @@ module Milestoneish
     end
   end
 
+  def merge_requests_visible_to_user(user)
+    memoize_per_user(user, :merge_requests_visible_to_user) do
+      MergeRequestsFinder.new(user, {})
+        .execute.where(milestone_id: milestoneish_id)
+    end
+  end
+
   def sorted_issues(user)
     issues_visible_to_user(user).preload_associations.sort_by_attribute('label_priority')
   end
 
-  def sorted_merge_requests
-    merge_requests.sort_by_attribute('label_priority')
+  def sorted_merge_requests(user)
+    merge_requests_visible_to_user(user).sort_by_attribute('label_priority')
   end
 
   def upcoming?
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 2035bffd829..0232d2e5078 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -71,7 +71,7 @@ class MergeRequest < ActiveRecord::Base
 
   serialize :merge_params, Hash # rubocop:disable Cop/ActiveRecordSerialize
 
-  after_create :ensure_merge_request_diff, unless: :importing?
+  after_create :ensure_merge_request_diff
   after_update :clear_memoized_shas
   after_update :reload_diff_if_branch_changed
   after_save :ensure_metrics
@@ -286,12 +286,12 @@ class MergeRequest < ActiveRecord::Base
     work_in_progress?(title) ? title : "WIP: #{title}"
   end
 
-  def committers
-    @committers ||= commits.committers
+  def commit_authors
+    @commit_authors ||= commits.authors
   end
 
   def authors
-    User.from_union([committers, User.where(id: self.author_id)])
+    User.from_union([commit_authors, User.where(id: self.author_id)])
   end
 
   # Verifies if title has changed not taking into account WIP prefix
diff --git a/app/models/merge_request_diff.rb b/app/models/merge_request_diff.rb
index 712347e76ed..481be2da8ac 100644
--- a/app/models/merge_request_diff.rb
+++ b/app/models/merge_request_diff.rb
@@ -25,6 +25,8 @@ class MergeRequestDiff < ActiveRecord::Base
 
   has_many :merge_request_diff_commits, -> { order(:merge_request_diff_id, :relative_order) }
 
+  validates :base_commit_sha, :head_commit_sha, :start_commit_sha, sha: true
+
   state_machine :state, initial: :empty do
     event :clean do
       transition any => :without_files
diff --git a/app/models/project_services/prometheus_service.rb b/app/models/project_services/prometheus_service.rb
index 60cb2d380d5..c68a9d923c8 100644
--- a/app/models/project_services/prometheus_service.rb
+++ b/app/models/project_services/prometheus_service.rb
@@ -71,7 +71,7 @@ class PrometheusService < MonitoringService
   end
 
   def prometheus_client
-    RestClient::Resource.new(api_url, max_redirects: 0) if api_url && manual_configuration? && active?
+    RestClient::Resource.new(api_url, max_redirects: 0) if should_return_client?
   end
 
   def prometheus_available?
@@ -83,6 +83,10 @@ class PrometheusService < MonitoringService
 
   private
 
+  def should_return_client?
+    api_url && manual_configuration? && active? && valid?
+  end
+
   def synchronize_service_state
     self.active = prometheus_available? || manual_configuration?
 
diff --git a/app/policies/board_policy.rb b/app/policies/board_policy.rb
index 46db008421f..4bf1e7bd3e1 100644
--- a/app/policies/board_policy.rb
+++ b/app/policies/board_policy.rb
@@ -4,10 +4,12 @@ class BoardPolicy < BasePolicy
   delegate { @subject.parent }
 
   condition(:is_group_board) { @subject.group_board? }
+  condition(:is_project_board) { @subject.project_board? }
 
-  rule { is_group_board ? can?(:read_group) : can?(:read_project) }.enable :read_parent
+  rule { is_project_board & can?(:read_project) }.enable :read_parent
 
   rule { is_group_board & can?(:read_group) }.policy do
+    enable :read_parent
     enable :read_milestone
     enable :read_issue
   end
diff --git a/app/services/projects/group_links/create_service.rb b/app/services/projects/group_links/create_service.rb
index 1392775f805..e3d5bea0852 100644
--- a/app/services/projects/group_links/create_service.rb
+++ b/app/services/projects/group_links/create_service.rb
@@ -4,13 +4,19 @@ module Projects
   module GroupLinks
     class CreateService < BaseService
       def execute(group)
-        return false unless group
+        return error('Not Found', 404) unless group && can?(current_user, :read_namespace, group)
 
-        project.project_group_links.create(
+        link = project.project_group_links.new(
           group: group,
           group_access: params[:link_group_access],
           expires_at: params[:expires_at]
         )
+
+        if link.save
+          success(link: link)
+        else
+          error(link.errors.full_messages.to_sentence, 409)
+        end
       end
     end
   end
diff --git a/app/uploaders/file_mover.rb b/app/uploaders/file_mover.rb
index a7f8615e9ba..236b7ed2b3d 100644
--- a/app/uploaders/file_mover.rb
+++ b/app/uploaders/file_mover.rb
@@ -11,6 +11,8 @@ class FileMover
   end
 
   def execute
+    return unless valid?
+
     move
 
     if update_markdown
@@ -21,6 +23,12 @@ class FileMover
 
   private
 
+  def valid?
+    Pathname.new(temp_file_path).realpath.to_path.start_with?(
+      (Pathname(temp_file_uploader.root) + temp_file_uploader.base_dir).to_path
+    )
+  end
+
   def move
     FileUtils.mkdir_p(File.dirname(file_path))
     FileUtils.move(temp_file_path, file_path)
diff --git a/app/validators/sha_validator.rb b/app/validators/sha_validator.rb
new file mode 100644
index 00000000000..085fca4d65d
--- /dev/null
+++ b/app/validators/sha_validator.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class ShaValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if value.blank? || value.match(/\A\h{40}\z/)
+
+    record.errors.add(attribute, 'is not a valid SHA')
+  end
+end
diff --git a/app/views/notify/issue_moved_email.html.haml b/app/views/notify/issue_moved_email.html.haml
index 472c31e9a5e..b766cb1a523 100644
--- a/app/views/notify/issue_moved_email.html.haml
+++ b/app/views/notify/issue_moved_email.html.haml
@@ -1,6 +1,9 @@
 %p
   Issue was moved to another project.
-%p
-  New issue:
-  = link_to project_issue_url(@new_project, @new_issue) do
-    = @new_issue.title
+- if @can_access_project
+  %p
+    New issue:
+    = link_to project_issue_url(@new_project, @new_issue) do
+      = @new_issue.title
+- else
+  You don't have access to the project.
diff --git a/app/views/notify/issue_moved_email.text.erb b/app/views/notify/issue_moved_email.text.erb
index 66ede43635b..985e689aa9d 100644
--- a/app/views/notify/issue_moved_email.text.erb
+++ b/app/views/notify/issue_moved_email.text.erb
@@ -1,4 +1,8 @@
 Issue was moved to another project.
 
+<% if @can_access_project %>
 New issue location:
 <%= project_issue_url(@new_project, @new_issue) %>
+<% else %>
+You don't have access to the project.
+<% end %>
diff --git a/app/views/projects/blob/viewers/_dependency_manager.html.haml b/app/views/projects/blob/viewers/_dependency_manager.html.haml
index 87aa7c1dbf8..5970d41fdab 100644
--- a/app/views/projects/blob/viewers/_dependency_manager.html.haml
+++ b/app/views/projects/blob/viewers/_dependency_manager.html.haml
@@ -3,9 +3,4 @@
   This project manages its dependencies using
   %strong= viewer.manager_name
 
-  - if viewer.package_name
-    and defines a #{viewer.package_type} named
-    %strong<
-      = link_to_if viewer.package_url.present?, viewer.package_name, viewer.package_url, target: '_blank', rel: 'noopener noreferrer'
-
 = link_to 'Learn more', viewer.manager_url, target: '_blank', rel: 'noopener noreferrer'
diff --git a/app/views/shared/empty_states/_priority_labels.html.haml b/app/views/shared/empty_states/_priority_labels.html.haml
index 555cb4f4af9..bba3475d244 100644
--- a/app/views/shared/empty_states/_priority_labels.html.haml
+++ b/app/views/shared/empty_states/_priority_labels.html.haml
@@ -1,4 +1,4 @@
 .text-center
-  .svg-content
+  .svg-content.qa-label-svg
     = image_tag 'illustrations/priority_labels.svg'
   %p Star labels to start sorting by priority
diff --git a/changelogs/unreleased/19745-forms-with-task-lists-can-be-overwritten-when-editing-simultaneously.yml b/changelogs/unreleased/19745-forms-with-task-lists-can-be-overwritten-when-editing-simultaneously.yml
deleted file mode 100644
index b1177e1717e..00000000000
--- a/changelogs/unreleased/19745-forms-with-task-lists-can-be-overwritten-when-editing-simultaneously.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Increase reliability and performance of toggling task items
-merge_request: 23938
-author:
-type: fixed
diff --git a/changelogs/unreleased/2105-add-setting-for-first-day-of-the-week.yml b/changelogs/unreleased/2105-add-setting-for-first-day-of-the-week.yml
deleted file mode 100644
index f4a52b1aacd..00000000000
--- a/changelogs/unreleased/2105-add-setting-for-first-day-of-the-week.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add setting for first day of the week
-merge_request: 22755
-author: Fabian Schneider @fabsrc
-type: added
diff --git a/changelogs/unreleased/24680-support-bamboo-api-polymorphism.yml b/changelogs/unreleased/24680-support-bamboo-api-polymorphism.yml
deleted file mode 100644
index 5117195cd0c..00000000000
--- a/changelogs/unreleased/24680-support-bamboo-api-polymorphism.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: "Support bamboo api polymorphism"
-merge_request: 24680
-author: Alex Lossent
-type: fixed
\ No newline at end of file
diff --git a/changelogs/unreleased/24875-label.yml b/changelogs/unreleased/24875-label.yml
deleted file mode 100644
index 1f9d2222edf..00000000000
--- a/changelogs/unreleased/24875-label.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Append prioritized label before pagination
-merge_request: 24815
-author:
-type: fixed
diff --git a/changelogs/unreleased/25043-empty-states.yml b/changelogs/unreleased/25043-empty-states.yml
deleted file mode 100644
index 529a8b3206f..00000000000
--- a/changelogs/unreleased/25043-empty-states.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Make issuable empty states actionable
-merge_request: 24077
-author:
-type: changed
diff --git a/changelogs/unreleased/25569-changing-wording-to-delete-when-referring-to-removing-a-branch.yml b/changelogs/unreleased/25569-changing-wording-to-delete-when-referring-to-removing-a-branch.yml
deleted file mode 100644
index 02a667073ca..00000000000
--- a/changelogs/unreleased/25569-changing-wording-to-delete-when-referring-to-removing-a-branch.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Use delete instead of remove when referring to `git branch -D`
-merge_request: !23966
-author:
-type: changed
diff --git a/changelogs/unreleased/26375-markdown-footnotes-not-working.yml b/changelogs/unreleased/26375-markdown-footnotes-not-working.yml
deleted file mode 100644
index 86adef84a2a..00000000000
--- a/changelogs/unreleased/26375-markdown-footnotes-not-working.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Footnotes now render properly in markdown
-merge_request: 24168
-author:
-type: fixed
diff --git a/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml b/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
new file mode 100644
index 00000000000..27ad151cd06
--- /dev/null
+++ b/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
@@ -0,0 +1,6 @@
+---
+title: Remove the possibility to share a project with a group that a user is not a member
+  of
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/28500-empty-states-for-profile-page.yml b/changelogs/unreleased/28500-empty-states-for-profile-page.yml
deleted file mode 100644
index 53f840521ae..00000000000
--- a/changelogs/unreleased/28500-empty-states-for-profile-page.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Refresh empty states for profile page tabs
-merge_request: 24549
-author:
-type: changed
diff --git a/changelogs/unreleased/30120-add-flat-square-badge-style.yml b/changelogs/unreleased/30120-add-flat-square-badge-style.yml
deleted file mode 100644
index a542a58d3fc..00000000000
--- a/changelogs/unreleased/30120-add-flat-square-badge-style.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add flat-square badge style
-merge_request: 24172
-author: Fabian Schneider @fabsrc
-type: added
diff --git a/changelogs/unreleased/36445-better-indication-that-an-issue-has-been-moved-or-marked-as-duplicated.yml b/changelogs/unreleased/36445-better-indication-that-an-issue-has-been-moved-or-marked-as-duplicated.yml
deleted file mode 100644
index 70b561ccbf6..00000000000
--- a/changelogs/unreleased/36445-better-indication-that-an-issue-has-been-moved-or-marked-as-duplicated.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Indicate on Issue Status if an Issue was Moved
-merge_request: 24470
-author:
-type: added
diff --git a/changelogs/unreleased/37990-task-list-bracket.yml b/changelogs/unreleased/37990-task-list-bracket.yml
deleted file mode 100644
index ffa77cf0af7..00000000000
--- a/changelogs/unreleased/37990-task-list-bracket.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix ambiguous brackets in task lists
-merge_request: 18514
-author: Jared Deckard <jared.deckard@gmail.com>
-type: fixed
diff --git a/changelogs/unreleased/40997-gitlab-pages-deploy-jobs-have-a-null-status.yml b/changelogs/unreleased/40997-gitlab-pages-deploy-jobs-have-a-null-status.yml
deleted file mode 100644
index 01036253151..00000000000
--- a/changelogs/unreleased/40997-gitlab-pages-deploy-jobs-have-a-null-status.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix empty labels of CI builds for gitlab-pages on pipeline page
-merge_request: 24451
-author:
-type: fixed
diff --git a/changelogs/unreleased/42769-remove-expansion-hover-animation-from-status-icon-buttons.yml b/changelogs/unreleased/42769-remove-expansion-hover-animation-from-status-icon-buttons.yml
deleted file mode 100644
index 5a4ff8b3358..00000000000
--- a/changelogs/unreleased/42769-remove-expansion-hover-animation-from-status-icon-buttons.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove expansion hover animation from pipeline status icon buttons
-merge_request: 24268
-author: Nathan Friend
-type: changed
diff --git a/changelogs/unreleased/43681-display-last-activity-and-created-at-datetimes-for-users-in-admin-users.yml b/changelogs/unreleased/43681-display-last-activity-and-created-at-datetimes-for-users-in-admin-users.yml
deleted file mode 100644
index 0fbf6314a27..00000000000
--- a/changelogs/unreleased/43681-display-last-activity-and-created-at-datetimes-for-users-in-admin-users.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display last activity and created at datetimes for users
-merge_request: 24181
-author:
-type: added
diff --git a/changelogs/unreleased/44332-add-openid-profile-scopes.yml b/changelogs/unreleased/44332-add-openid-profile-scopes.yml
deleted file mode 100644
index b554fab5139..00000000000
--- a/changelogs/unreleased/44332-add-openid-profile-scopes.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: GitLab now supports the profile and email scopes from OpenID Connect
-merge_request: 24335
-author: Goten Xiao
-type: added
diff --git a/changelogs/unreleased/44698-recaptcha.yml b/changelogs/unreleased/44698-recaptcha.yml
deleted file mode 100644
index e1760a6c635..00000000000
--- a/changelogs/unreleased/44698-recaptcha.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent unload when Recaptcha is open
-merge_request: 24625
-author:
-type: fixed
diff --git a/changelogs/unreleased/45779-fix-default-visibility-level-for-projects.yml b/changelogs/unreleased/45779-fix-default-visibility-level-for-projects.yml
deleted file mode 100644
index b4cba5041d1..00000000000
--- a/changelogs/unreleased/45779-fix-default-visibility-level-for-projects.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix default visibility_level for new projects
-merge_request: 24120
-author: Fabian Schneider @fabsrc
-type: fixed
diff --git a/changelogs/unreleased/45791-number-of-repositories-usage-ping.yml b/changelogs/unreleased/45791-number-of-repositories-usage-ping.yml
deleted file mode 100644
index 8d1f5df56ea..00000000000
--- a/changelogs/unreleased/45791-number-of-repositories-usage-ping.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add repositories count to usage ping data
-merge_request: 24823
-author:
-type: added
diff --git a/changelogs/unreleased/46448-add-timestamps-for-each-stage-of-gitlab-rake-gitlab-backup-restore.yml b/changelogs/unreleased/46448-add-timestamps-for-each-stage-of-gitlab-rake-gitlab-backup-restore.yml
deleted file mode 100644
index 4ce6787570a..00000000000
--- a/changelogs/unreleased/46448-add-timestamps-for-each-stage-of-gitlab-rake-gitlab-backup-restore.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display timestamps to messages printed by gitlab:backup:restore rake tasks
-merge_request:
-author: Will Chandler
-type: changed
diff --git a/changelogs/unreleased/47007-related-merge-requests-in-issue-design-restyle.yml b/changelogs/unreleased/47007-related-merge-requests-in-issue-design-restyle.yml
deleted file mode 100644
index 28e2a4cc377..00000000000
--- a/changelogs/unreleased/47007-related-merge-requests-in-issue-design-restyle.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Redesigned related merge requests in issue page.
-merge_request: 24270
-author:
-type: changed
diff --git a/changelogs/unreleased/47988-improve-milestone-queries-with-subqueries.yml b/changelogs/unreleased/47988-improve-milestone-queries-with-subqueries.yml
deleted file mode 100644
index d1a80ab43cf..00000000000
--- a/changelogs/unreleased/47988-improve-milestone-queries-with-subqueries.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Improve milestone queries using subqueries instead of separate queries for ids
-merge_request: 24325
-author:
-type: performance
diff --git a/changelogs/unreleased/50013-add-browser-platform-flags.yml b/changelogs/unreleased/50013-add-browser-platform-flags.yml
deleted file mode 100644
index 6176b8b64a7..00000000000
--- a/changelogs/unreleased/50013-add-browser-platform-flags.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add CSS & JS global flags to represent browser and platform
-merge_request: 24017
-author:
-type: other
diff --git a/changelogs/unreleased/50352-sort-save.yml b/changelogs/unreleased/50352-sort-save.yml
deleted file mode 100644
index cd046c8b785..00000000000
--- a/changelogs/unreleased/50352-sort-save.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Save issues/merge request sorting options to backend
-merge_request: 24198
-author:
-type: added
diff --git a/changelogs/unreleased/50521-block-emojis-and-symbol-characters-from-user-s-full-names-2.yml b/changelogs/unreleased/50521-block-emojis-and-symbol-characters-from-user-s-full-names-2.yml
deleted file mode 100644
index 04caf8262c6..00000000000
--- a/changelogs/unreleased/50521-block-emojis-and-symbol-characters-from-user-s-full-names-2.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Block emojis and symbol characters from users full names
-merge_request: 24523
-author:
-type: other
diff --git a/changelogs/unreleased/51754-admin-view-private-personal-snippets.yml b/changelogs/unreleased/51754-admin-view-private-personal-snippets.yml
deleted file mode 100644
index cf3d73fce0c..00000000000
--- a/changelogs/unreleased/51754-admin-view-private-personal-snippets.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Allow users with full private access to read private personal snippets.
-merge_request: 24560
-author:
-type: fixed
diff --git a/changelogs/unreleased/51759-filter-by-language.yml b/changelogs/unreleased/51759-filter-by-language.yml
deleted file mode 100644
index 6b5bedd6b2d..00000000000
--- a/changelogs/unreleased/51759-filter-by-language.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add `with_programming_language` filter for projects to API
-merge_request: 24377
-author: Dylan MacKenzie
-type: added
diff --git a/changelogs/unreleased/51913-api-getting-projects-for-users-with-dot-gets-404.yml b/changelogs/unreleased/51913-api-getting-projects-for-users-with-dot-gets-404.yml
deleted file mode 100644
index 9d72efdd52a..00000000000
--- a/changelogs/unreleased/51913-api-getting-projects-for-users-with-dot-gets-404.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'API: Support username with dots'
-merge_request: 24395
-author: Robert Schilling
-type: fixed
diff --git a/changelogs/unreleased/52275-fix-master-to-be-hyperlink.yml b/changelogs/unreleased/52275-fix-master-to-be-hyperlink.yml
deleted file mode 100644
index c1cde0ceff6..00000000000
--- a/changelogs/unreleased/52275-fix-master-to-be-hyperlink.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Resolve In Merge Request diff screen, master is not a hyperlink
-merge_request: 23874
-author:
-type: fixed
diff --git a/changelogs/unreleased/52278-squash-checkbox-fix.yml b/changelogs/unreleased/52278-squash-checkbox-fix.yml
deleted file mode 100644
index c81748ae419..00000000000
--- a/changelogs/unreleased/52278-squash-checkbox-fix.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Resolve When merging an MR, the squash checkbox isnt always supported
-merge_request: 24296
-author:
-type: fixed
diff --git a/changelogs/unreleased/52347-lines-changed-statistics-is-not-easily-visible-in-mr-changes-view.yml b/changelogs/unreleased/52347-lines-changed-statistics-is-not-easily-visible-in-mr-changes-view.yml
deleted file mode 100644
index cf1c4378f18..00000000000
--- a/changelogs/unreleased/52347-lines-changed-statistics-is-not-easily-visible-in-mr-changes-view.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Show MR statistics in diff comparisons
-merge_request: !24569
-author:
-type: changed
diff --git a/changelogs/unreleased/52363-modifies-environment-scope-field-on-cluster-page.yml b/changelogs/unreleased/52363-modifies-environment-scope-field-on-cluster-page.yml
deleted file mode 100644
index 07cb35e6529..00000000000
--- a/changelogs/unreleased/52363-modifies-environment-scope-field-on-cluster-page.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Modifies environment scope UI on cluster page
-merge_request: 24376
-author:
-type: other
diff --git a/changelogs/unreleased/52363-ui-changes-to-cluster-and-ado-pages.yml b/changelogs/unreleased/52363-ui-changes-to-cluster-and-ado-pages.yml
deleted file mode 100644
index eb4851971fb..00000000000
--- a/changelogs/unreleased/52363-ui-changes-to-cluster-and-ado-pages.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Moves domain setting from Auto DevOps to Cluster's page
-merge_request: 24580
-author:
-type: added
diff --git a/changelogs/unreleased/52568-external-mr-diffs.yml b/changelogs/unreleased/52568-external-mr-diffs.yml
deleted file mode 100644
index b1c9d5cb809..00000000000
--- a/changelogs/unreleased/52568-external-mr-diffs.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Allow merge request diffs to be placed into an object store
-merge_request: 24276
-author:
-type: added
diff --git a/changelogs/unreleased/52674-api-v4-projects-project_id-jobs-endpoint-hits-statement-timeout.yml b/changelogs/unreleased/52674-api-v4-projects-project_id-jobs-endpoint-hits-statement-timeout.yml
deleted file mode 100644
index f79078c1fd9..00000000000
--- a/changelogs/unreleased/52674-api-v4-projects-project_id-jobs-endpoint-hits-statement-timeout.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: "[API] Omit `X-Total` and `X-Total-Pages` headers when items count is more than 10,000"
-merge_request: 23931
-author:
-type: performance
diff --git a/changelogs/unreleased/52971-merge-request-file-browser-should-always-be-possible-show-hide.yml b/changelogs/unreleased/52971-merge-request-file-browser-should-always-be-possible-show-hide.yml
deleted file mode 100644
index b661c55957d..00000000000
--- a/changelogs/unreleased/52971-merge-request-file-browser-should-always-be-possible-show-hide.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Make possible to toggle file tree while scrolling through diffs
-merge_request: !24103
-author:
-type: changed
diff --git a/changelogs/unreleased/53104-redesign-group-overview-ui-mvc.yml b/changelogs/unreleased/53104-redesign-group-overview-ui-mvc.yml
deleted file mode 100644
index cb810b7ac7f..00000000000
--- a/changelogs/unreleased/53104-redesign-group-overview-ui-mvc.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Refresh group overview to match project overview
-merge_request: 23866
-author:
-type: changed
diff --git a/changelogs/unreleased/53431-fix-upcoming-milestone-filter-for-groups.yml b/changelogs/unreleased/53431-fix-upcoming-milestone-filter-for-groups.yml
deleted file mode 100644
index 1e9c7f3913c..00000000000
--- a/changelogs/unreleased/53431-fix-upcoming-milestone-filter-for-groups.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix upcoming milestones filter not including group milestones
-merge_request: 23098
-author: Heinrich Lee Yu
-type: fixed
diff --git a/changelogs/unreleased/53671-redirect-projects-id-to-project-page.yml b/changelogs/unreleased/53671-redirect-projects-id-to-project-page.yml
deleted file mode 100644
index 08c5ded05d5..00000000000
--- a/changelogs/unreleased/53671-redirect-projects-id-to-project-page.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Redirect GET projects/:id to project page
-merge_request: 24467
-author:
-type: added
diff --git a/changelogs/unreleased/53676-ip-address-of-gitlab-runner-is-wrong-in-the-runners-description.yml b/changelogs/unreleased/53676-ip-address-of-gitlab-runner-is-wrong-in-the-runners-description.yml
deleted file mode 100644
index 12a6509e6f7..00000000000
--- a/changelogs/unreleased/53676-ip-address-of-gitlab-runner-is-wrong-in-the-runners-description.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Get remote IP address of runner
-merge_request: 24624
-author:
-type: changed
diff --git a/changelogs/unreleased/53714-inconsistent-text-color-for-labels.yml b/changelogs/unreleased/53714-inconsistent-text-color-for-labels.yml
deleted file mode 100644
index d804e2df2cd..00000000000
--- a/changelogs/unreleased/53714-inconsistent-text-color-for-labels.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix foreground color for labels to ensure consistency of label appearance
-merge_request: 23873
-author: Nathan Friend
-type: fixed
diff --git a/changelogs/unreleased/53856-changing-group-visibility-does-not-re-enable-save-button.yml b/changelogs/unreleased/53856-changing-group-visibility-does-not-re-enable-save-button.yml
deleted file mode 100644
index 1daa72fb9c4..00000000000
--- a/changelogs/unreleased/53856-changing-group-visibility-does-not-re-enable-save-button.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Fix suboptimal handling of checkbox and radio input events causing
-  group general settings submit button to stay disabled after changing its visibility
-merge_request: 23022
-author:
-type: fixed
diff --git a/changelogs/unreleased/53950-commit-comments-displayed-on-a-merge-request.yml b/changelogs/unreleased/53950-commit-comments-displayed-on-a-merge-request.yml
deleted file mode 100644
index adaaed7f1aa..00000000000
--- a/changelogs/unreleased/53950-commit-comments-displayed-on-a-merge-request.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display "commented" only for commit discussions on merge requests
-merge_request: 24427
-author:
-type: changed
diff --git a/changelogs/unreleased/54167-rename-project-tags-to-project-topics.yml b/changelogs/unreleased/54167-rename-project-tags-to-project-topics.yml
deleted file mode 100644
index 6fc8aa1a195..00000000000
--- a/changelogs/unreleased/54167-rename-project-tags-to-project-topics.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Rename project tags to project topics
-merge_request: 24219
-author:
-type: other
diff --git a/changelogs/unreleased/54213-standardize-token-value-capitalization-in-filter-bar.yml b/changelogs/unreleased/54213-standardize-token-value-capitalization-in-filter-bar.yml
deleted file mode 100644
index 37dea77b8d2..00000000000
--- a/changelogs/unreleased/54213-standardize-token-value-capitalization-in-filter-bar.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Standardize filter value capitlization in filter bar in both issues and boards pages
-merge_request: 23846
-author: obahareth
-type: changed
diff --git a/changelogs/unreleased/54250-upstream-kubeclient-redirect-patch.yml b/changelogs/unreleased/54250-upstream-kubeclient-redirect-patch.yml
deleted file mode 100644
index d1bdbccb20a..00000000000
--- a/changelogs/unreleased/54250-upstream-kubeclient-redirect-patch.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade kubeclient to 4.2.2 and swap out monkey-patch to disallow redirects
-merge_request: 24284
-author:
-type: other
diff --git a/changelogs/unreleased/54484-anchor-links-to-comments-or-system-notes-can-break-with-discussion-filters.yml b/changelogs/unreleased/54484-anchor-links-to-comments-or-system-notes-can-break-with-discussion-filters.yml
deleted file mode 100644
index 4d543db567d..00000000000
--- a/changelogs/unreleased/54484-anchor-links-to-comments-or-system-notes-can-break-with-discussion-filters.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Ensured links to a comment or system note anchor resolves to the right note if a user has a discussion filter.
-merge_request: 24228
-author:
-type: changed
diff --git a/changelogs/unreleased/54544-update-project-topics-styling-to-use-badges-design.yml b/changelogs/unreleased/54544-update-project-topics-styling-to-use-badges-design.yml
deleted file mode 100644
index de12c66e9ef..00000000000
--- a/changelogs/unreleased/54544-update-project-topics-styling-to-use-badges-design.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update project topics styling to use badges design
-merge_request: 24415
-author:
-type: changed
diff --git a/changelogs/unreleased/54905-milestone-search.yml b/changelogs/unreleased/54905-milestone-search.yml
deleted file mode 100644
index 88717242e7c..00000000000
--- a/changelogs/unreleased/54905-milestone-search.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adds milestone search
-merge_request: 24265
-author: Jacopo Beschi @jacopo-beschi
-type: added
diff --git a/changelogs/unreleased/55098-ui-bug-adding-group-members-with-lower-permissions.yml b/changelogs/unreleased/55098-ui-bug-adding-group-members-with-lower-permissions.yml
deleted file mode 100644
index f22524ef4b2..00000000000
--- a/changelogs/unreleased/55098-ui-bug-adding-group-members-with-lower-permissions.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Resolve UI bug adding group members with lower permissions
-merge_request: 24820
-author:
-type: fixed
diff --git a/changelogs/unreleased/55111-gitlab-api-does-not-manage-default_branch_protection-3-value.yml b/changelogs/unreleased/55111-gitlab-api-does-not-manage-default_branch_protection-3-value.yml
deleted file mode 100644
index b609fc2d60b..00000000000
--- a/changelogs/unreleased/55111-gitlab-api-does-not-manage-default_branch_protection-3-value.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'API: Fix default_branch_protection admin setting'
-merge_request: 24398
-author: Robert Schilling
-type: fixed
diff --git a/changelogs/unreleased/55242-skeleton-loading-releases.yml b/changelogs/unreleased/55242-skeleton-loading-releases.yml
deleted file mode 100644
index 43cda64ce04..00000000000
--- a/changelogs/unreleased/55242-skeleton-loading-releases.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adds skeleton loading to releases page
-merge_request:
-author:
-type: changed
diff --git a/changelogs/unreleased/55495-teamcity-use-revision-in-query.yml b/changelogs/unreleased/55495-teamcity-use-revision-in-query.yml
deleted file mode 100644
index 724de733b7c..00000000000
--- a/changelogs/unreleased/55495-teamcity-use-revision-in-query.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Build number does not need to be tweaked anymore for the TeamCity integration to work properly.
-merge_request: 23898
-author:
-type: changed
diff --git a/changelogs/unreleased/55628-artifacts-from-a-job-defined-after-a-parallel-job-are-not-downloaded.yml b/changelogs/unreleased/55628-artifacts-from-a-job-defined-after-a-parallel-job-are-not-downloaded.yml
deleted file mode 100644
index 071036cd568..00000000000
--- a/changelogs/unreleased/55628-artifacts-from-a-job-defined-after-a-parallel-job-are-not-downloaded.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Handle regular job dependencies next to parallelized job dependencies.
-merge_request: 24273
-author:
-type: fixed
diff --git a/changelogs/unreleased/55820-adds-common-name-chart-value.yml b/changelogs/unreleased/55820-adds-common-name-chart-value.yml
deleted file mode 100644
index 1871abbfc6b..00000000000
--- a/changelogs/unreleased/55820-adds-common-name-chart-value.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Ensure Cert Manager works with Auto DevOps URLs greater than 64 bytes
-merge_request: 24683
-author:
-type: fixed
diff --git a/changelogs/unreleased/55884-adjust-emoji-and-cancel-buttons-height-in-user-status-modal-when-emoji-is-changed.yml b/changelogs/unreleased/55884-adjust-emoji-and-cancel-buttons-height-in-user-status-modal-when-emoji-is-changed.yml
deleted file mode 100644
index 2fbf334f5e9..00000000000
--- a/changelogs/unreleased/55884-adjust-emoji-and-cancel-buttons-height-in-user-status-modal-when-emoji-is-changed.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Emoji and cancel button are taller than input in set user status modal
-merge_request: 24173
-author: Dhiraj Bodicherla
-type: fixed
diff --git a/changelogs/unreleased/55945-suggested-change-preview-highlight.yml b/changelogs/unreleased/55945-suggested-change-preview-highlight.yml
deleted file mode 100644
index 997290a5d50..00000000000
--- a/changelogs/unreleased/55945-suggested-change-preview-highlight.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix syntax highlighting for suggested changes preview
-merge_request: 24358
-author:
-type: fixed
diff --git a/changelogs/unreleased/55966-when-ref-is-ambiguous-createpipelineservice-raises-an-error.yml b/changelogs/unreleased/55966-when-ref-is-ambiguous-createpipelineservice-raises-an-error.yml
deleted file mode 100644
index 01a162944d3..00000000000
--- a/changelogs/unreleased/55966-when-ref-is-ambiguous-createpipelineservice-raises-an-error.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent checking protected_ref? for ambiguous refs.
-merge_request: 24437
-author:
-type: fixed
diff --git a/changelogs/unreleased/56010-user-profile-page-horizonal-whitespace-between-overview-columns-breaks-two-column-layout.yml b/changelogs/unreleased/56010-user-profile-page-horizonal-whitespace-between-overview-columns-breaks-two-column-layout.yml
deleted file mode 100644
index 407346bbf22..00000000000
--- a/changelogs/unreleased/56010-user-profile-page-horizonal-whitespace-between-overview-columns-breaks-two-column-layout.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove horizontal whitespace on user profile overview on small breakpoints
-merge_request: 24189
-author:
-type: other
diff --git a/changelogs/unreleased/56014-api-merge-request-squash-commit-messages.yml b/changelogs/unreleased/56014-api-merge-request-squash-commit-messages.yml
deleted file mode 100644
index e324baa94a3..00000000000
--- a/changelogs/unreleased/56014-api-merge-request-squash-commit-messages.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: API allows setting the squash commit message when squashing a merge request
-merge_request: 24784
-author:
-type: added
diff --git a/changelogs/unreleased/56019-archived-stuck.yml b/changelogs/unreleased/56019-archived-stuck.yml
deleted file mode 100644
index de3698a327b..00000000000
--- a/changelogs/unreleased/56019-archived-stuck.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixes z-index and margins of archived alert in job page
-merge_request:
-author:
-type: fixed
diff --git a/changelogs/unreleased/56036-fix-translation-of-in-in-job-details-sidebar.yml b/changelogs/unreleased/56036-fix-translation-of-in-in-job-details-sidebar.yml
deleted file mode 100644
index ff9d4f2c175..00000000000
--- a/changelogs/unreleased/56036-fix-translation-of-in-in-job-details-sidebar.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-title: Remove multilingual translation from the word "in" in the job details sidebar.
-merge_request: 24192
-author: Nathan Friend
-type: changed
diff --git a/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml b/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml
deleted file mode 100644
index 4da14114225..00000000000
--- a/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Improves restriction of multiple Kubernetes clusters through API
-merge_request: 24251
-author:
-type: fixed
diff --git a/changelogs/unreleased/56172-docs-fix-add-include-to-ci-param-list.yml b/changelogs/unreleased/56172-docs-fix-add-include-to-ci-param-list.yml
deleted file mode 100644
index 92592290ac4..00000000000
--- a/changelogs/unreleased/56172-docs-fix-add-include-to-ci-param-list.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update CI YAML param table with include
-merge_request: !24309
-author:
-type: fixed
diff --git a/changelogs/unreleased/56334-runners-ipv6-address-overlaps-other-values.yml b/changelogs/unreleased/56334-runners-ipv6-address-overlaps-other-values.yml
deleted file mode 100644
index 8a6adef5dae..00000000000
--- a/changelogs/unreleased/56334-runners-ipv6-address-overlaps-other-values.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Resolve Runners IPv6 address overlaps other values
-merge_request: 24531
-author:
-type: fixed
diff --git a/changelogs/unreleased/56363-inconsitent-file-size-indication-across-different-ci-pages.yml b/changelogs/unreleased/56363-inconsitent-file-size-indication-across-different-ci-pages.yml
deleted file mode 100644
index 7c923422534..00000000000
--- a/changelogs/unreleased/56363-inconsitent-file-size-indication-across-different-ci-pages.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Show CI artifact file size with 3 significant digits on 'browse job artifacts'
-  page
-merge_request: 24387
-author:
-type: fixed
diff --git a/changelogs/unreleased/56371-don-t-check-confidential-issues-for-spam.yml b/changelogs/unreleased/56371-don-t-check-confidential-issues-for-spam.yml
deleted file mode 100644
index fcfa29977d1..00000000000
--- a/changelogs/unreleased/56371-don-t-check-confidential-issues-for-spam.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not run spam checks on confidential issues
-merge_request: 24453
-author:
-type: fixed
diff --git a/changelogs/unreleased/56379-pipeline-stages-job-action-button-icon-is-not-aligned.yml b/changelogs/unreleased/56379-pipeline-stages-job-action-button-icon-is-not-aligned.yml
deleted file mode 100644
index ec8a1d9d6ea..00000000000
--- a/changelogs/unreleased/56379-pipeline-stages-job-action-button-icon-is-not-aligned.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Resolve Pipeline stages job action button icon is not aligned
-merge_request: 24577
-author:
-type: fixed
diff --git a/changelogs/unreleased/56389-remove-unwanted-suggestion-flash-margin.yml b/changelogs/unreleased/56389-remove-unwanted-suggestion-flash-margin.yml
deleted file mode 100644
index 3494feb9be1..00000000000
--- a/changelogs/unreleased/56389-remove-unwanted-suggestion-flash-margin.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove unwanted margin above suggested changes.
-merge_request: 24419
-author:
-type: fixed
diff --git a/changelogs/unreleased/56398-fix-cluster-installation-loading-state.yml b/changelogs/unreleased/56398-fix-cluster-installation-loading-state.yml
deleted file mode 100644
index 19ff408ddf4..00000000000
--- a/changelogs/unreleased/56398-fix-cluster-installation-loading-state.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix cluster installation processing spinner
-merge_request: 24814
-author:
-type: fixed
diff --git a/changelogs/unreleased/56417-update-helm-to-2-12-2.yml b/changelogs/unreleased/56417-update-helm-to-2-12-2.yml
deleted file mode 100644
index f01915c532f..00000000000
--- a/changelogs/unreleased/56417-update-helm-to-2-12-2.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Helm to 2.12.2 to address Helm client vulnerability
-merge_request: 24418
-author: Takuya Noguchi
-type: security
diff --git a/changelogs/unreleased/56507-sh-bump-katex-0.10.0.yml b/changelogs/unreleased/56507-sh-bump-katex-0.10.0.yml
deleted file mode 100644
index 671e204da21..00000000000
--- a/changelogs/unreleased/56507-sh-bump-katex-0.10.0.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade KaTeX to version 0.10.0
-merge_request: 24478
-author: Andrew Harmon
-type: fixed
\ No newline at end of file
diff --git a/changelogs/unreleased/56543-project-lists-further-iteration-improvements.yml b/changelogs/unreleased/56543-project-lists-further-iteration-improvements.yml
deleted file mode 100644
index 388ff1d062a..00000000000
--- a/changelogs/unreleased/56543-project-lists-further-iteration-improvements.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Project list UI improvements
-merge_request: 24855
-author:
-type: other
diff --git a/changelogs/unreleased/56547-limit-sidekiq-logging-based-on-argument-size.yml b/changelogs/unreleased/56547-limit-sidekiq-logging-based-on-argument-size.yml
deleted file mode 100644
index 9ef274f3b49..00000000000
--- a/changelogs/unreleased/56547-limit-sidekiq-logging-based-on-argument-size.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent Sidekiq arguments over 10 KB in size from being logged to JSON
-merge_request: 24493
-author:
-type: changed
diff --git a/changelogs/unreleased/56556-fix-markdown-table-border.yml b/changelogs/unreleased/56556-fix-markdown-table-border.yml
deleted file mode 100644
index 7724f49d4e9..00000000000
--- a/changelogs/unreleased/56556-fix-markdown-table-border.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix markdown table border.
-merge_request: 24601
-author:
-type: fixed
diff --git a/changelogs/unreleased/56622-admin-settings-cannot-read-property-addeventlistener-of-null.yml b/changelogs/unreleased/56622-admin-settings-cannot-read-property-addeventlistener-of-null.yml
deleted file mode 100644
index 52b2db0e999..00000000000
--- a/changelogs/unreleased/56622-admin-settings-cannot-read-property-addeventlistener-of-null.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Load initUserInternalRegexPlaceholder only when required
-merge_request: 24522
-author:
-type: fixed
diff --git a/changelogs/unreleased/56636-hashed-storage-afterrenameservice.yml b/changelogs/unreleased/56636-hashed-storage-afterrenameservice.yml
deleted file mode 100644
index 1f808850554..00000000000
--- a/changelogs/unreleased/56636-hashed-storage-afterrenameservice.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'Hashed Storage: `AfterRenameService` was receiving the wrong `old_path` under some circunstances'
-merge_request: 24526
-author:
-type: fixed
diff --git a/changelogs/unreleased/56764-poor-ui-on-milestone-validation-error-page.yml b/changelogs/unreleased/56764-poor-ui-on-milestone-validation-error-page.yml
deleted file mode 100644
index 089ffd47321..00000000000
--- a/changelogs/unreleased/56764-poor-ui-on-milestone-validation-error-page.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix CSS grid on a new Project/Group Milestone
-merge_request: 24614
-author: Takuya Noguchi
-type: fixed
diff --git a/changelogs/unreleased/56788-unicorn-metric-labels.yml b/changelogs/unreleased/56788-unicorn-metric-labels.yml
deleted file mode 100644
index 824c981780c..00000000000
--- a/changelogs/unreleased/56788-unicorn-metric-labels.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Clean up unicorn sampler metric labels
-merge_request: 24626
-author: bjk-gitlab
-type: fixed
diff --git a/changelogs/unreleased/56938-diff-file-headers-on-compare-not-quite-right.yml b/changelogs/unreleased/56938-diff-file-headers-on-compare-not-quite-right.yml
deleted file mode 100644
index f619a009a63..00000000000
--- a/changelogs/unreleased/56938-diff-file-headers-on-compare-not-quite-right.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Correct spacing for comparison page
-merge_request: !24783
-author:
-type: fixed
diff --git a/changelogs/unreleased/57063-implement-new-arguments-iid-for-issuesresolver-in-graphql.yml b/changelogs/unreleased/57063-implement-new-arguments-iid-for-issuesresolver-in-graphql.yml
deleted file mode 100644
index b05ab07e14c..00000000000
--- a/changelogs/unreleased/57063-implement-new-arguments-iid-for-issuesresolver-in-graphql.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add argument iids for issues in GraphQL
-merge_request: 24802
-author:
-type: added
diff --git a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml b/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml
deleted file mode 100644
index 3a663ce2132..00000000000
--- a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix potential Addressable::URI::InvalidURIError
-merge_request: 24908
-author:
-type: fixed
diff --git a/changelogs/unreleased/57589-update-workhorse.yml b/changelogs/unreleased/57589-update-workhorse.yml
deleted file mode 100644
index 525913bba4c..00000000000
--- a/changelogs/unreleased/57589-update-workhorse.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Workhorse to v8.3.1
-merge_request:
-author:
-type: other
diff --git a/changelogs/unreleased/8688-recursive-pipelines-ce-backport.yml b/changelogs/unreleased/8688-recursive-pipelines-ce-backport.yml
deleted file mode 100644
index cd7b56a1e05..00000000000
--- a/changelogs/unreleased/8688-recursive-pipelines-ce-backport.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Creates mixin to reduce code duplication between CE and EE in graph component
-merge_request:
-author:
-type: other
diff --git a/changelogs/unreleased/Projects--dropdown-is-misaligned-on-issue-boards-page.yml b/changelogs/unreleased/Projects--dropdown-is-misaligned-on-issue-boards-page.yml
deleted file mode 100644
index 49511294c48..00000000000
--- a/changelogs/unreleased/Projects--dropdown-is-misaligned-on-issue-boards-page.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Proper align Projects dropdown on issue boards page
-merge_request: 24277
-author: Johann Hubert Sonntagbauer
-type: fixed
diff --git a/changelogs/unreleased/ab-54270-github-iid.yml b/changelogs/unreleased/ab-54270-github-iid.yml
deleted file mode 100644
index 1776b0aeb86..00000000000
--- a/changelogs/unreleased/ab-54270-github-iid.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Improve efficiency of GitHub importer by reducing amount of locks needed.
-merge_request: 24102
-author:
-type: performance
diff --git a/changelogs/unreleased/ac-pages-subgroups.yml b/changelogs/unreleased/ac-pages-subgroups.yml
deleted file mode 100644
index ef5a0c1872e..00000000000
--- a/changelogs/unreleased/ac-pages-subgroups.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Pages for subgroups
-merge_request: 23505
-author:
-type: added
diff --git a/changelogs/unreleased/actioncontroller-parameters-deprecations.yml b/changelogs/unreleased/actioncontroller-parameters-deprecations.yml
deleted file mode 100644
index ddd15c37542..00000000000
--- a/changelogs/unreleased/actioncontroller-parameters-deprecations.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix several ActionController::Parameters deprecations
-merge_request: 24332
-author: Jasper Maes
-type: other
diff --git a/changelogs/unreleased/add-badge-count-to-projects-and-groups.yml b/changelogs/unreleased/add-badge-count-to-projects-and-groups.yml
deleted file mode 100644
index e200bbaa806..00000000000
--- a/changelogs/unreleased/add-badge-count-to-projects-and-groups.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add badge count to projects
-merge_request: 18425
-author: George Tsiolis
-type: added
diff --git a/changelogs/unreleased/add-uniqueness-validation-to-url-column-in-releases-link-model.yml b/changelogs/unreleased/add-uniqueness-validation-to-url-column-in-releases-link-model.yml
deleted file mode 100644
index 7d767e220f7..00000000000
--- a/changelogs/unreleased/add-uniqueness-validation-to-url-column-in-releases-link-model.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add uniqueness validation to url column in Releases::Link model
-merge_request: 24223
-author:
-type: other
diff --git a/changelogs/unreleased/adrianmoisey-GITLAB_PAGES_PREDEFINED_VARIABLES.yml b/changelogs/unreleased/adrianmoisey-GITLAB_PAGES_PREDEFINED_VARIABLES.yml
deleted file mode 100644
index a664c44e1d7..00000000000
--- a/changelogs/unreleased/adrianmoisey-GITLAB_PAGES_PREDEFINED_VARIABLES.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add GitLab Pages predefined CI variables 'CI_PAGES_DOMAIN' and 'CI_PAGES_URL'
-merge_request: 24504
-author: Adrian Moisey
-type: added
diff --git a/changelogs/unreleased/adriel-remove-feature-flag.yml b/changelogs/unreleased/adriel-remove-feature-flag.yml
deleted file mode 100644
index d442e120d60..00000000000
--- a/changelogs/unreleased/adriel-remove-feature-flag.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update metrics dashboard graph design
-merge_request: 24653
-author:
-type: changed
diff --git a/changelogs/unreleased/an-dtracing-test-for-invalid-tracers.yml b/changelogs/unreleased/an-dtracing-test-for-invalid-tracers.yml
deleted file mode 100644
index 5365260cbae..00000000000
--- a/changelogs/unreleased/an-dtracing-test-for-invalid-tracers.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Avoid overwriting default jaeger values with nil
-merge_request: 24482
-author:
-type: fixed
diff --git a/changelogs/unreleased/an-gilab-process-name.yml b/changelogs/unreleased/an-gilab-process-name.yml
deleted file mode 100644
index 72d811ee21f..00000000000
--- a/changelogs/unreleased/an-gilab-process-name.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Extract process_name from GitLab::Sentry
-merge_request: 24422
-author:
-type: other
diff --git a/changelogs/unreleased/an-opentracing-active-record-tracing.yml b/changelogs/unreleased/an-opentracing-active-record-tracing.yml
deleted file mode 100644
index 59b480675ec..00000000000
--- a/changelogs/unreleased/an-opentracing-active-record-tracing.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adds tracing support for ActiveRecord notifications
-merge_request: 24604
-author:
-type: other
diff --git a/changelogs/unreleased/an-opentracing-factory.yml b/changelogs/unreleased/an-opentracing-factory.yml
deleted file mode 100644
index c04736f3e63..00000000000
--- a/changelogs/unreleased/an-opentracing-factory.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Conditionally initialize the global opentracing tracer
-merge_request: 24186
-author:
-type: other
diff --git a/changelogs/unreleased/an-opentracing-propagation.yml b/changelogs/unreleased/an-opentracing-propagation.yml
deleted file mode 100644
index d9aa7cd0048..00000000000
--- a/changelogs/unreleased/an-opentracing-propagation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adds inter-service OpenTracing propagation
-merge_request: 24239
-author:
-type: other
diff --git a/changelogs/unreleased/an-opentracing-render-tracing.yml b/changelogs/unreleased/an-opentracing-render-tracing.yml
deleted file mode 100644
index 6ff7f1f3cf2..00000000000
--- a/changelogs/unreleased/an-opentracing-render-tracing.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add OpenTracing instrumentation for Action View Render events
-merge_request: 24728
-author:
-type: other
diff --git a/changelogs/unreleased/api-group-labels.yml b/changelogs/unreleased/api-group-labels.yml
deleted file mode 100644
index 0df6f15a9b6..00000000000
--- a/changelogs/unreleased/api-group-labels.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'API: Add support for group labels'
-merge_request: 21368
-author: Robert Schilling
-type: added
diff --git a/changelogs/unreleased/api-nested-group-permission.yml b/changelogs/unreleased/api-nested-group-permission.yml
deleted file mode 100644
index 3ec0df6893f..00000000000
--- a/changelogs/unreleased/api-nested-group-permission.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Return the maximum group access level in the projects API
-merge_request: 24403
-author:
-type: changed
diff --git a/changelogs/unreleased/api-tags-search.yml b/changelogs/unreleased/api-tags-search.yml
deleted file mode 100644
index 1501acd5a9e..00000000000
--- a/changelogs/unreleased/api-tags-search.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'API: Support searching for tags'
-merge_request: 24385
-author: Robert Schilling
-type: added
diff --git a/changelogs/unreleased/api-wiki-dot-slug.yml b/changelogs/unreleased/api-wiki-dot-slug.yml
deleted file mode 100644
index 82c76fa7450..00000000000
--- a/changelogs/unreleased/api-wiki-dot-slug.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'API: Support dots in wiki slugs'
-merge_request: 24383
-author: Robert Schilling
-type: fixed
diff --git a/changelogs/unreleased/auto-devops-custom-domains.yml b/changelogs/unreleased/auto-devops-custom-domains.yml
deleted file mode 100644
index 37e8ee26a4d..00000000000
--- a/changelogs/unreleased/auto-devops-custom-domains.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added support for custom hosts/domains to Auto DevOps
-merge_request: 24248
-author: walkafwalka
-type: added
diff --git a/changelogs/unreleased/auto-devops-kubectl-1-11-6.yml b/changelogs/unreleased/auto-devops-kubectl-1-11-6.yml
deleted file mode 100644
index 1a8cdead4ac..00000000000
--- a/changelogs/unreleased/auto-devops-kubectl-1-11-6.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Bump kubectl in Auto DevOps to 1.11.6
-merge_request: 24176
-author:
-type: other
diff --git a/changelogs/unreleased/backup_aws_sse-c.yml b/changelogs/unreleased/backup_aws_sse-c.yml
deleted file mode 100644
index 78b57d7efc3..00000000000
--- a/changelogs/unreleased/backup_aws_sse-c.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-title: Add support for customer provided encryption keys for Amazon S3 remote backups
-merge_request: 23797
-author: Pepijn Van Eeckhoudt
-type: added
-
diff --git a/changelogs/unreleased/backup_restore_fix_issue_46891.yml b/changelogs/unreleased/backup_restore_fix_issue_46891.yml
deleted file mode 100644
index b8fe3b1b861..00000000000
--- a/changelogs/unreleased/backup_restore_fix_issue_46891.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Modify file restore to rectify tar issue
-merge_request: 24000
-author:
-type: fixed
diff --git a/changelogs/unreleased/bump-ingress-chart-112.yml b/changelogs/unreleased/bump-ingress-chart-112.yml
deleted file mode 100644
index 8a46fedb4b0..00000000000
--- a/changelogs/unreleased/bump-ingress-chart-112.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Bump nginx-ingress chart to 1.1.2
-merge_request: 24203
-author:
-type: other
diff --git a/changelogs/unreleased/bvl-fix-race-condition-creating-signature.yml b/changelogs/unreleased/bvl-fix-race-condition-creating-signature.yml
deleted file mode 100644
index 307b4f526bb..00000000000
--- a/changelogs/unreleased/bvl-fix-race-condition-creating-signature.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Avoid race conditions when creating GpgSignature
-merge_request: 24939
-author:
-type: fixed
diff --git a/changelogs/unreleased/chore-update-js-regex.yml b/changelogs/unreleased/chore-update-js-regex.yml
deleted file mode 100644
index d45d0b47457..00000000000
--- a/changelogs/unreleased/chore-update-js-regex.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade js-regex gem to version 3.1
-merge_request: 24433
-author: rroger
-type: changed
diff --git a/changelogs/unreleased/cleanup-leagcy-artifact-migration.yml b/changelogs/unreleased/cleanup-leagcy-artifact-migration.yml
deleted file mode 100644
index 6e8dac97249..00000000000
--- a/changelogs/unreleased/cleanup-leagcy-artifact-migration.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Cleanup legacy artifact background migration
-merge_request: 24144
-author:
-type: other
diff --git a/changelogs/unreleased/cluster_application_version_updated.yml b/changelogs/unreleased/cluster_application_version_updated.yml
deleted file mode 100644
index 34fe55dcc5e..00000000000
--- a/changelogs/unreleased/cluster_application_version_updated.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update cluster application version on updated and installed status
-merge_request: 24810
-author:
-type: other
diff --git a/changelogs/unreleased/cluster_status_for_ugprading.yml b/changelogs/unreleased/cluster_status_for_ugprading.yml
deleted file mode 100644
index ca1f8b3a786..00000000000
--- a/changelogs/unreleased/cluster_status_for_ugprading.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Expose version for each application in cluster_status JSON endpoint
-merge_request: 24791
-author:
-type: other
diff --git a/changelogs/unreleased/container-repository-cleanup-api.yml b/changelogs/unreleased/container-repository-cleanup-api.yml
deleted file mode 100644
index c2b23a9add0..00000000000
--- a/changelogs/unreleased/container-repository-cleanup-api.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add Container Registry API with cleanup function
-merge_request: 24303
-author:
-type: added
diff --git a/changelogs/unreleased/custom-helm-chart-repo.yml b/changelogs/unreleased/custom-helm-chart-repo.yml
deleted file mode 100644
index 592d2f60ca2..00000000000
--- a/changelogs/unreleased/custom-helm-chart-repo.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added feature to specify a custom Auto DevOps chart repository
-merge_request: 24162
-author: walkafwalka
-type: added
diff --git a/changelogs/unreleased/deprecated-force-reload.yml b/changelogs/unreleased/deprecated-force-reload.yml
deleted file mode 100644
index 2a0e97089e0..00000000000
--- a/changelogs/unreleased/deprecated-force-reload.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: 'Fix deprecation: Passing an argument to force an association to reload is
-  now deprecated'
-merge_request: 24136
-author: Jasper Maes
-type: other
diff --git a/changelogs/unreleased/diff-file-finder.yml b/changelogs/unreleased/diff-file-finder.yml
deleted file mode 100644
index 3160e9fc91b..00000000000
--- a/changelogs/unreleased/diff-file-finder.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added fuzzy file finder to merge requests
-merge_request:
-author:
-type: changed
diff --git a/changelogs/unreleased/diff-tree-collapse-directories.yml b/changelogs/unreleased/diff-tree-collapse-directories.yml
deleted file mode 100644
index 6eae48f2352..00000000000
--- a/changelogs/unreleased/diff-tree-collapse-directories.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Collapse directory structure in merge request file tree
-merge_request:
-author:
-type: changed
diff --git a/changelogs/unreleased/dm-copy-suggestion-as-gfm.yml b/changelogs/unreleased/dm-copy-suggestion-as-gfm.yml
deleted file mode 100644
index 96115e6ade1..00000000000
--- a/changelogs/unreleased/dm-copy-suggestion-as-gfm.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Allow suggestions to be copied and pasted as GFM
-merge_request:
-author:
-type: fixed
diff --git a/changelogs/unreleased/dm-trim-discussion-truncated-line-first-chars.yml b/changelogs/unreleased/dm-trim-discussion-truncated-line-first-chars.yml
deleted file mode 100644
index 1e1fa8295c3..00000000000
--- a/changelogs/unreleased/dm-trim-discussion-truncated-line-first-chars.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix bug that caused Suggestion Markdown toolbar button to insert snippet with leading +/-/<space>
-merge_request:
-author:
-type: fixed
diff --git a/changelogs/unreleased/docs-push-mirror-GitLab-GitHub.yml b/changelogs/unreleased/docs-push-mirror-GitLab-GitHub.yml
deleted file mode 100644
index 4539a9b7985..00000000000
--- a/changelogs/unreleased/docs-push-mirror-GitLab-GitHub.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Updated docs for fields in pushing mirror from GitLab to GitHub
-merge_request: 24566
-author: Joseph Yu
-type: other
diff --git a/changelogs/unreleased/expire-job-artifacts-worker.yml b/changelogs/unreleased/expire-job-artifacts-worker.yml
deleted file mode 100644
index cda6e9ff497..00000000000
--- a/changelogs/unreleased/expire-job-artifacts-worker.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Efficiently remove expired artifacts in `ExpireBuildArtifactsWorker`
-merge_request: 24450
-author:
-type: performance
diff --git a/changelogs/unreleased/features-document-graphicsmagick-source-installation.yml b/changelogs/unreleased/features-document-graphicsmagick-source-installation.yml
deleted file mode 100644
index b224cace4bf..00000000000
--- a/changelogs/unreleased/features-document-graphicsmagick-source-installation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Document graphicsmagick installation for source installation
-merge_request: 24404
-author: Alexis Reigel
-type: added
diff --git a/changelogs/unreleased/fix-39759-new-project-icon-vertical-align.yml b/changelogs/unreleased/fix-39759-new-project-icon-vertical-align.yml
deleted file mode 100644
index 3d87807dbc1..00000000000
--- a/changelogs/unreleased/fix-39759-new-project-icon-vertical-align.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adjust vertical alignment for project visibility icons
-merge_request: 24511
-author: Martin Hobert
-type: fixed
diff --git a/changelogs/unreleased/fix-403-page-is-rendered-but-404-is-the-response.yml b/changelogs/unreleased/fix-403-page-is-rendered-but-404-is-the-response.yml
deleted file mode 100644
index eda69b32094..00000000000
--- a/changelogs/unreleased/fix-403-page-is-rendered-but-404-is-the-response.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Show the correct error page when access is denied
-merge_request: 23932
-author:
-type: fixed
diff --git a/changelogs/unreleased/fix-49388.yml b/changelogs/unreleased/fix-49388.yml
deleted file mode 100644
index f8b5e3e1943..00000000000
--- a/changelogs/unreleased/fix-49388.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update metrics environment dropdown to show complete option set
-merge_request: 24441
-author:
-type: fixed
diff --git a/changelogs/unreleased/fix-55956-oversized-dropdown-button-custom-notifications.yml b/changelogs/unreleased/fix-55956-oversized-dropdown-button-custom-notifications.yml
deleted file mode 100644
index e33699a2112..00000000000
--- a/changelogs/unreleased/fix-55956-oversized-dropdown-button-custom-notifications.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixed oversized custom project notification selector dropdown
-merge_request: 24557
-author:
-type: fixed
diff --git a/changelogs/unreleased/fix-56558-move-primary-button.yml b/changelogs/unreleased/fix-56558-move-primary-button.yml
deleted file mode 100644
index 4dcc896b327..00000000000
--- a/changelogs/unreleased/fix-56558-move-primary-button.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Moved primary button for labels to follow the design patterns used on rest of the site
-merge_request:
-author: Martin Hobert
-type: fixed
diff --git a/changelogs/unreleased/fix-auto-devops-domain-title-on-admin-settings.yml b/changelogs/unreleased/fix-auto-devops-domain-title-on-admin-settings.yml
deleted file mode 100644
index bb0b193a846..00000000000
--- a/changelogs/unreleased/fix-auto-devops-domain-title-on-admin-settings.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixes Auto DevOps title on CI/CD admin settings
-merge_request: 24249
-author:
-type: other
diff --git a/changelogs/unreleased/fix-repo-settings-file-upload-error.yml b/changelogs/unreleased/fix-repo-settings-file-upload-error.yml
deleted file mode 100644
index b219fdfaa1e..00000000000
--- a/changelogs/unreleased/fix-repo-settings-file-upload-error.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix bug causing repository mirror settings UI to break
-merge_request: 23712
-author:
-type: fixed
diff --git a/changelogs/unreleased/fix_jira_integration_VCS1019.yml b/changelogs/unreleased/fix_jira_integration_VCS1019.yml
deleted file mode 100644
index 3582ec1fe0f..00000000000
--- a/changelogs/unreleased/fix_jira_integration_VCS1019.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix Jira Service password validation on project integration services.
-merge_request: 24896
-author: Daniel Juarez
-type: fixed
diff --git a/changelogs/unreleased/fj-55882-fix-files-api-content-disposition.yml b/changelogs/unreleased/fj-55882-fix-files-api-content-disposition.yml
deleted file mode 100644
index f64b29644b0..00000000000
--- a/changelogs/unreleased/fj-55882-fix-files-api-content-disposition.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix files/blob api endpoints content disposition
-merge_request: 24267
-author:
-type: fixed
diff --git a/changelogs/unreleased/force-redeploy-on-updated-secrets.yml b/changelogs/unreleased/force-redeploy-on-updated-secrets.yml
deleted file mode 100644
index 3b727c99dd5..00000000000
--- a/changelogs/unreleased/force-redeploy-on-updated-secrets.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Redeploy Auto DevOps deployment on variable updates
-merge_request: 24498
-author: walkafwalka
-type: added
diff --git a/changelogs/unreleased/gitaly-update-1-13-0.yml b/changelogs/unreleased/gitaly-update-1-13-0.yml
deleted file mode 100644
index 73de25a532d..00000000000
--- a/changelogs/unreleased/gitaly-update-1-13-0.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade Gitaly to 1.13.0
-merge_request: 24429
-author:
-type: other
diff --git a/changelogs/unreleased/gitaly-update-1.18.0.yml b/changelogs/unreleased/gitaly-update-1.18.0.yml
deleted file mode 100644
index 392527f5e5d..00000000000
--- a/changelogs/unreleased/gitaly-update-1.18.0.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade gitaly to 1.18.0
-merge_request: 24981
-author:
-type: other
diff --git a/changelogs/unreleased/gitlab-workhorse-update-8.1.0.yml b/changelogs/unreleased/gitlab-workhorse-update-8.1.0.yml
deleted file mode 100644
index 1e0160c4d40..00000000000
--- a/changelogs/unreleased/gitlab-workhorse-update-8.1.0.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade gitlab-workhorse to 8.1.0
-merge_request: 24571
-author:
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-clusters.yml b/changelogs/unreleased/gt-externalize-app-views-clusters.yml
deleted file mode 100644
index 6d2284ead37..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-clusters.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/clusters`
-merge_request: 24666
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-email_rejection_mailer.yml b/changelogs/unreleased/gt-externalize-app-views-email_rejection_mailer.yml
deleted file mode 100644
index 8f6fbdceb54..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-email_rejection_mailer.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/email_rejection_mailer`
-merge_request: 24869
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-instance_statistics.yml b/changelogs/unreleased/gt-externalize-app-views-instance_statistics.yml
deleted file mode 100644
index a3bf54a1339..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-instance_statistics.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/instance_statistics`
-merge_request: 24809
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-projects-ci.yml b/changelogs/unreleased/gt-externalize-app-views-projects-ci.yml
deleted file mode 100644
index ecc878ab892..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-projects-ci.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/projects/ci`
-merge_request: 24617
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-projects-milestones.yml b/changelogs/unreleased/gt-externalize-app-views-projects-milestones.yml
deleted file mode 100644
index 56aaac812bb..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-projects-milestones.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/projects/milestones`
-merge_request: 24726
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-projects-pages_domains.yml b/changelogs/unreleased/gt-externalize-app-views-projects-pages_domains.yml
deleted file mode 100644
index f60776a2ed8..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-projects-pages_domains.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/projects/pages_domains`
-merge_request: 24723
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-projects-project_members.yml b/changelogs/unreleased/gt-externalize-app-views-projects-project_members.yml
deleted file mode 100644
index 1acea10fcaa..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-projects-project_members.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/projects/project_members`
-merge_request: 23227
-author: Tao Wang
-type: other
diff --git a/changelogs/unreleased/gt-externalize-app-views-sent_notifications.yml b/changelogs/unreleased/gt-externalize-app-views-sent_notifications.yml
deleted file mode 100644
index e77b5376fa8..00000000000
--- a/changelogs/unreleased/gt-externalize-app-views-sent_notifications.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Externalize strings from `/app/views/sent_notifications`
-merge_request: 24576
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-remove-unused-button-class.yml b/changelogs/unreleased/gt-remove-unused-button-class.yml
deleted file mode 100644
index f7889e1d6f6..00000000000
--- a/changelogs/unreleased/gt-remove-unused-button-class.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove unused button classes `btn-create` and `comment-btn`
-merge_request: 23232
-author: George Tsiolis
-type: performance
diff --git a/changelogs/unreleased/gt-rename-gray-theme-color-variables.yml b/changelogs/unreleased/gt-rename-gray-theme-color-variables.yml
deleted file mode 100644
index b612bb3ee39..00000000000
--- a/changelogs/unreleased/gt-rename-gray-theme-color-variables.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove all `$theme-gray-{weight}` variables in favor of `$gray-{weight}`
-merge_request: 24333
-author: George Tsiolis
-type: other
diff --git a/changelogs/unreleased/gt-update-string-struture-for-group-runners.yml b/changelogs/unreleased/gt-update-string-struture-for-group-runners.yml
deleted file mode 100644
index fa06a78adae..00000000000
--- a/changelogs/unreleased/gt-update-string-struture-for-group-runners.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update string structure for available group runners
-merge_request: 24187
-author: George Tsiolis
-type: changed
diff --git a/changelogs/unreleased/hnk-master-patch-61932.yml b/changelogs/unreleased/hnk-master-patch-61932.yml
deleted file mode 100644
index 8cc9d0057a9..00000000000
--- a/changelogs/unreleased/hnk-master-patch-61932.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update runner admin page to make description field larger
-merge_request: 23593
-author: Sascha Reynolds
-type: fixed
diff --git a/changelogs/unreleased/homepage-proj-descr-cutoff.yml b/changelogs/unreleased/homepage-proj-descr-cutoff.yml
deleted file mode 100644
index 837c01f6722..00000000000
--- a/changelogs/unreleased/homepage-proj-descr-cutoff.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Increase line height of project summaries
-merge_request:
-author: gfyoung
-type: fixed
diff --git a/changelogs/unreleased/introduce-environment-search-endpoint.yml b/changelogs/unreleased/introduce-environment-search-endpoint.yml
deleted file mode 100644
index 01851ba7d27..00000000000
--- a/changelogs/unreleased/introduce-environment-search-endpoint.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Introduce Internal API for searching environment names
-merge_request: 24923
-author:
-type: added
diff --git a/changelogs/unreleased/iss-32584-preserve-line-number-fragment-after-redirect.yml b/changelogs/unreleased/iss-32584-preserve-line-number-fragment-after-redirect.yml
deleted file mode 100644
index 8025cd472bd..00000000000
--- a/changelogs/unreleased/iss-32584-preserve-line-number-fragment-after-redirect.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Fix lost line number when navigating to a specific line in a protected file
-  before authenticating.
-merge_request: 19165
-author: Scott Escue
-type: fixed
diff --git a/changelogs/unreleased/issue_55744.yml b/changelogs/unreleased/issue_55744.yml
deleted file mode 100644
index 6a643732b18..00000000000
--- a/changelogs/unreleased/issue_55744.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix template labels not being created on new projects
-merge_request: 24803
-author:
-type: fixed
diff --git a/changelogs/unreleased/jej-avoid-csrf-check-on-saml-failure.yml b/changelogs/unreleased/jej-avoid-csrf-check-on-saml-failure.yml
deleted file mode 100644
index 18cced2906a..00000000000
--- a/changelogs/unreleased/jej-avoid-csrf-check-on-saml-failure.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display SAML failure messages instead of expecting CSRF token
-merge_request: 24509
-author:
-type: fixed
diff --git a/changelogs/unreleased/jlenny-AddPagesTemplates.yml b/changelogs/unreleased/jlenny-AddPagesTemplates.yml
deleted file mode 100644
index 0985e4e18ed..00000000000
--- a/changelogs/unreleased/jlenny-AddPagesTemplates.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add templates for most popular Pages templates
-merge_request: 24906
-author:
-type: added
diff --git a/changelogs/unreleased/jlenny-NewAndroidTemplate.yml b/changelogs/unreleased/jlenny-NewAndroidTemplate.yml
deleted file mode 100644
index ae8c58da859..00000000000
--- a/changelogs/unreleased/jlenny-NewAndroidTemplate.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add template for Android with Fastlane
-merge_request: 24722
-author:
-type: changed
diff --git a/changelogs/unreleased/jprovazn-remove-redcarpet.yml b/changelogs/unreleased/jprovazn-remove-redcarpet.yml
deleted file mode 100644
index 4e12de2d19b..00000000000
--- a/changelogs/unreleased/jprovazn-remove-redcarpet.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Removed deprecated Redcarpet markdown engine.
-merge_request:
-author:
-type: removed
diff --git a/changelogs/unreleased/knative-list.yml b/changelogs/unreleased/knative-list.yml
deleted file mode 100644
index 754d8e172cf..00000000000
--- a/changelogs/unreleased/knative-list.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Modified Knative list view to provide more details
-merge_request: 24072
-author: Chris Baumbauer
-type: changed
diff --git a/changelogs/unreleased/knative-show-page.yml b/changelogs/unreleased/knative-show-page.yml
deleted file mode 100644
index a48b754940f..00000000000
--- a/changelogs/unreleased/knative-show-page.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add Knative detailed view
-merge_request: 23863
-author: Chris Baumbauer
-type: added
diff --git a/changelogs/unreleased/local-markdown-version-bkp3.yml b/changelogs/unreleased/local-markdown-version-bkp3.yml
deleted file mode 100644
index ce5bff6ae6b..00000000000
--- a/changelogs/unreleased/local-markdown-version-bkp3.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Allow admins to invalidate markdown texts by setting local markdown version.
-merge_request:
-author:
-type: added
diff --git a/changelogs/unreleased/mg-fix-bad-cluster-update-entrypoint.yml b/changelogs/unreleased/mg-fix-bad-cluster-update-entrypoint.yml
deleted file mode 100644
index 932850cc825..00000000000
--- a/changelogs/unreleased/mg-fix-bad-cluster-update-entrypoint.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix cluster page non-interactive on form validation error
-merge_request: 24583
-author:
-type: fixed
diff --git a/changelogs/unreleased/monospace-registry-tags.yml b/changelogs/unreleased/monospace-registry-tags.yml
deleted file mode 100644
index b5992707d8c..00000000000
--- a/changelogs/unreleased/monospace-registry-tags.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Use monospace font for registry table tag id and tag name
-merge_request: 24205
-author:
-type: other
diff --git a/changelogs/unreleased/move-job-cancel-btn.yml b/changelogs/unreleased/move-job-cancel-btn.yml
deleted file mode 100644
index 41f8e1be5f8..00000000000
--- a/changelogs/unreleased/move-job-cancel-btn.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Move cancel & new issue button on job page
-merge_request: 24074
-author:
-type: changed
diff --git a/changelogs/unreleased/move-permission-check-manual-actions-on-deployments.yml b/changelogs/unreleased/move-permission-check-manual-actions-on-deployments.yml
deleted file mode 100644
index 9e979b48ad1..00000000000
--- a/changelogs/unreleased/move-permission-check-manual-actions-on-deployments.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Move permission check of manual actions of deployments
-merge_request: 24660
-author:
-type: other
diff --git a/changelogs/unreleased/mr-file-tree-blob-truncate-improvements.yml b/changelogs/unreleased/mr-file-tree-blob-truncate-improvements.yml
deleted file mode 100644
index b01962591c6..00000000000
--- a/changelogs/unreleased/mr-file-tree-blob-truncate-improvements.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add folder header to files in merge request tree list
-merge_request:
-author:
-type: changed
diff --git a/changelogs/unreleased/mr-rebase-failing-tests.yml b/changelogs/unreleased/mr-rebase-failing-tests.yml
deleted file mode 100644
index 07ae05766b1..00000000000
--- a/changelogs/unreleased/mr-rebase-failing-tests.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixed rebase button not showing in merge request widget
-merge_request:
-author:
-type: fixed
diff --git a/changelogs/unreleased/not-run-pipeline-on-empty-merge-request.yml b/changelogs/unreleased/not-run-pipeline-on-empty-merge-request.yml
deleted file mode 100644
index 732e4baf4e9..00000000000
--- a/changelogs/unreleased/not-run-pipeline-on-empty-merge-request.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't create new merge request pipeline without commits
-merge_request: 24503
-author: Hiroyuki Sato
-type: added
diff --git a/changelogs/unreleased/notebook-multiple-outputs.yml b/changelogs/unreleased/notebook-multiple-outputs.yml
deleted file mode 100644
index 38cc52c0634..00000000000
--- a/changelogs/unreleased/notebook-multiple-outputs.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Support multiple outputs in jupyter notebooks
-merge_request:
-author:
-type: changed
diff --git a/changelogs/unreleased/notes-awards-double-tooltip-fix.yml b/changelogs/unreleased/notes-awards-double-tooltip-fix.yml
deleted file mode 100644
index 23338a60c2a..00000000000
--- a/changelogs/unreleased/notes-awards-double-tooltip-fix.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixed double tooltips on note awards buttons
-merge_request:
-author:
-type: fixed
diff --git a/changelogs/unreleased/osw-enforces-project-removal-with-past-failed-attempts.yml b/changelogs/unreleased/osw-enforces-project-removal-with-past-failed-attempts.yml
deleted file mode 100644
index 6a2a67e7aa8..00000000000
--- a/changelogs/unreleased/osw-enforces-project-removal-with-past-failed-attempts.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Cleanup stale +deleted repo paths on project removal (adjusts project removal bug)
-merge_request: 24269
-author:
-type: fixed
diff --git a/changelogs/unreleased/osw-fix-bottom-expansion-diff-comment.yml b/changelogs/unreleased/osw-fix-bottom-expansion-diff-comment.yml
deleted file mode 100644
index b2ac53312ae..00000000000
--- a/changelogs/unreleased/osw-fix-bottom-expansion-diff-comment.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adjusts duplicated line when commenting on unfolded diff lines (in the bottom)
-merge_request: 24201
-author:
-type: fixed
diff --git a/changelogs/unreleased/patch-38.yml b/changelogs/unreleased/patch-38.yml
deleted file mode 100644
index 9179fc6846e..00000000000
--- a/changelogs/unreleased/patch-38.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: fix display comment avatars issue in IE 11
-merge_request: 24777
-author: Gokhan Apaydin
-type: fixed
diff --git a/changelogs/unreleased/pl-serialize-ac-parameters.yml b/changelogs/unreleased/pl-serialize-ac-parameters.yml
deleted file mode 100644
index aad222b5506..00000000000
--- a/changelogs/unreleased/pl-serialize-ac-parameters.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Make `ActionController::Parameters` serializable for sidekiq jobs
-merge_request: 24864
-author:
-type: fixed
diff --git a/changelogs/unreleased/profile-project-empty-state.yml b/changelogs/unreleased/profile-project-empty-state.yml
deleted file mode 100644
index 484306d5b98..00000000000
--- a/changelogs/unreleased/profile-project-empty-state.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added empty project illustration and updated text to user profile overview
-merge_request: 23973
-author: Fernando Arias
-type: changed
diff --git a/changelogs/unreleased/raise-on-unfiltered-params.yml b/changelogs/unreleased/raise-on-unfiltered-params.yml
deleted file mode 100644
index 531e9ba807e..00000000000
--- a/changelogs/unreleased/raise-on-unfiltered-params.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Actually set raise_on_unfiltered_parameters to true
-merge_request: 24443
-author: Jasper Maes
-type: other
diff --git a/changelogs/unreleased/rd-update-last_activity_on-on-logins-and-browsing-activity-54947.yml b/changelogs/unreleased/rd-update-last_activity_on-on-logins-and-browsing-activity-54947.yml
deleted file mode 100644
index abce9dcc0c6..00000000000
--- a/changelogs/unreleased/rd-update-last_activity_on-on-logins-and-browsing-activity-54947.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update last_activity_on for Users on some main GET endpoints
-merge_request: 24642
-author:
-type: changed
diff --git a/changelogs/unreleased/refactor-56366-extract-resolve-discussion-button.yml b/changelogs/unreleased/refactor-56366-extract-resolve-discussion-button.yml
deleted file mode 100644
index 98859e8aa07..00000000000
--- a/changelogs/unreleased/refactor-56366-extract-resolve-discussion-button.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Refactored NoteableDiscussion by extracting ResolveDiscussionButton
-merge_request: 24505
-author: Martin Hobert
-type: other
diff --git a/changelogs/unreleased/refactor-56369-extract-jump-to-next-discussion-button.yml b/changelogs/unreleased/refactor-56369-extract-jump-to-next-discussion-button.yml
deleted file mode 100644
index 9a0d16c2d70..00000000000
--- a/changelogs/unreleased/refactor-56369-extract-jump-to-next-discussion-button.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Extracted JumpToNextDiscussionButton to its own component
-author: Martin Hobert
-merge_request: 24506
-type: other
diff --git a/changelogs/unreleased/refactor-56370-extract-reply-placeholder-component.yml b/changelogs/unreleased/refactor-56370-extract-reply-placeholder-component.yml
deleted file mode 100644
index a216d294b30..00000000000
--- a/changelogs/unreleased/refactor-56370-extract-reply-placeholder-component.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Extracted ReplyPlaceholder to its own component
-merge_request: 24507
-author: Martin Hobert
-type: other
diff --git a/changelogs/unreleased/remove-cancel-all-button-in-job-list-view.yml b/changelogs/unreleased/remove-cancel-all-button-in-job-list-view.yml
deleted file mode 100644
index 06546bc5a8e..00000000000
--- a/changelogs/unreleased/remove-cancel-all-button-in-job-list-view.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove Cancel all jobs button in general jobs list view
-merge_request:
-author: Jordi Llull
-type: removed
diff --git a/changelogs/unreleased/remove-diff-coloring.yml b/changelogs/unreleased/remove-diff-coloring.yml
deleted file mode 100644
index 1ee1b525c35..00000000000
--- a/changelogs/unreleased/remove-diff-coloring.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'remove red/green colors from diff view of no-color syntax theme'
-merge_request: 24582
-author: khm
-type: changed
diff --git a/changelogs/unreleased/remove-gap-between-mr-tabs-and-file-header.yml b/changelogs/unreleased/remove-gap-between-mr-tabs-and-file-header.yml
deleted file mode 100644
index ce8e1829b48..00000000000
--- a/changelogs/unreleased/remove-gap-between-mr-tabs-and-file-header.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove extra space between MR tab bar and sticky file headers
-merge_request:
-author:
-type: fixed
diff --git a/changelogs/unreleased/search-title.yml b/changelogs/unreleased/search-title.yml
deleted file mode 100644
index ff0933ed0b2..00000000000
--- a/changelogs/unreleased/search-title.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add 'in' filter that modifies scope of 'search' filter to issues and merge requests API
-merge_request: 24350
-author: Hiroyuki Sato
-type: added
diff --git a/changelogs/unreleased/security-22076-sanitize-url-in-names.yml b/changelogs/unreleased/security-22076-sanitize-url-in-names.yml
deleted file mode 100644
index 4e0ad4dd4c4..00000000000
--- a/changelogs/unreleased/security-22076-sanitize-url-in-names.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Sanitize user full name to clean up any URL to prevent mail clients from auto-linking
-  URLs
-merge_request: 2793
-author:
-type: security
diff --git a/changelogs/unreleased/security-2770-verify-bundle-import-files.yml b/changelogs/unreleased/security-2770-verify-bundle-import-files.yml
deleted file mode 100644
index dea40dd1ef1..00000000000
--- a/changelogs/unreleased/security-2770-verify-bundle-import-files.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Validate bundle files before unpacking them
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2797-milestone-mrs.yml b/changelogs/unreleased/security-2797-milestone-mrs.yml
new file mode 100644
index 00000000000..5bb104ec403
--- /dev/null
+++ b/changelogs/unreleased/security-2797-milestone-mrs.yml
@@ -0,0 +1,5 @@
+---
+title: Show only merge requests visible to user on milestone detail page
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-2799-emails.yml b/changelogs/unreleased/security-2799-emails.yml
new file mode 100644
index 00000000000..dbf1207810e
--- /dev/null
+++ b/changelogs/unreleased/security-2799-emails.yml
@@ -0,0 +1,5 @@
+---
+title: Don't show new issue link after move when a user does not have permissions
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-50334.yml b/changelogs/unreleased/security-50334.yml
new file mode 100644
index 00000000000..828ef82b517
--- /dev/null
+++ b/changelogs/unreleased/security-50334.yml
@@ -0,0 +1,5 @@
+---
+title: Fix git clone revealing private repo's presence
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-55320-stored-xss-in-user-status.yml b/changelogs/unreleased/security-55320-stored-xss-in-user-status.yml
deleted file mode 100644
index 8ea9ae0ccdf..00000000000
--- a/changelogs/unreleased/security-55320-stored-xss-in-user-status.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Use sanitized user status message for user popover
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-55468-check-validity-before-querying.yml b/changelogs/unreleased/security-55468-check-validity-before-querying.yml
new file mode 100644
index 00000000000..8bb11a97f52
--- /dev/null
+++ b/changelogs/unreleased/security-55468-check-validity-before-querying.yml
@@ -0,0 +1,5 @@
+---
+title: Fix blind SSRF in Prometheus integration by checking URL before querying
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-56348.yml b/changelogs/unreleased/security-56348.yml
new file mode 100644
index 00000000000..a289e4e9077
--- /dev/null
+++ b/changelogs/unreleased/security-56348.yml
@@ -0,0 +1,5 @@
+---
+title: Check snippet attached file to be moved is within designated directory
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-commit-private-related-mr.yml b/changelogs/unreleased/security-commit-private-related-mr.yml
new file mode 100644
index 00000000000..c4de200b0d8
--- /dev/null
+++ b/changelogs/unreleased/security-commit-private-related-mr.yml
@@ -0,0 +1,5 @@
+---
+title: Don't allow non-members to see private related MRs.
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml b/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml
new file mode 100644
index 00000000000..e98d4e89712
--- /dev/null
+++ b/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml
@@ -0,0 +1,5 @@
+---
+title: Fix arbitrary file read via diffs during import
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-issue_54789_2.yml b/changelogs/unreleased/security-issue_54789_2.yml
new file mode 100644
index 00000000000..8ecb72a2ae3
--- /dev/null
+++ b/changelogs/unreleased/security-issue_54789_2.yml
@@ -0,0 +1,5 @@
+---
+title: Do not disclose milestone titles for unauthorized users
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-kubernetes-google-login-csrf.yml b/changelogs/unreleased/security-kubernetes-google-login-csrf.yml
new file mode 100644
index 00000000000..2f87100a8dd
--- /dev/null
+++ b/changelogs/unreleased/security-kubernetes-google-login-csrf.yml
@@ -0,0 +1,5 @@
+---
+title: Validate session key when authorizing with GCP to create a cluster
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-kubernetes-local-ssrf.yml b/changelogs/unreleased/security-kubernetes-local-ssrf.yml
new file mode 100644
index 00000000000..7a2ad092339
--- /dev/null
+++ b/changelogs/unreleased/security-kubernetes-local-ssrf.yml
@@ -0,0 +1,5 @@
+---
+title: Block local URLs for Kubernetes integration
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-mermaid.yml b/changelogs/unreleased/security-mermaid.yml
new file mode 100644
index 00000000000..ec42b5a1615
--- /dev/null
+++ b/changelogs/unreleased/security-mermaid.yml
@@ -0,0 +1,5 @@
+---
+title: Limit mermaid rendering to 5K characters
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-osw-stop-linking-to-packages.yml b/changelogs/unreleased/security-osw-stop-linking-to-packages.yml
new file mode 100644
index 00000000000..078f06140fe
--- /dev/null
+++ b/changelogs/unreleased/security-osw-stop-linking-to-packages.yml
@@ -0,0 +1,5 @@
+---
+title: Stop linking to unrecognized package sources
+merge_request: 55518
+author:
+type: security
diff --git a/changelogs/unreleased/security-protect-private-repo-information.yml b/changelogs/unreleased/security-protect-private-repo-information.yml
new file mode 100644
index 00000000000..8b1a528206d
--- /dev/null
+++ b/changelogs/unreleased/security-protect-private-repo-information.yml
@@ -0,0 +1,5 @@
+---
+title: Fix leaking private repository information in API
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-stored-xss-via-katex.yml b/changelogs/unreleased/security-stored-xss-via-katex.yml
deleted file mode 100644
index a71ae1123f2..00000000000
--- a/changelogs/unreleased/security-stored-xss-via-katex.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixed XSS content in KaTex links
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/sh-disable-nil-user-id-identity-validation.yml b/changelogs/unreleased/sh-disable-nil-user-id-identity-validation.yml
deleted file mode 100644
index 5af3bdce51b..00000000000
--- a/changelogs/unreleased/sh-disable-nil-user-id-identity-validation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix failed LDAP logins when nil user_id present
-merge_request: 24749
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-encode-content-disposition.yml b/changelogs/unreleased/sh-encode-content-disposition.yml
deleted file mode 100644
index b40ee6a85a8..00000000000
--- a/changelogs/unreleased/sh-encode-content-disposition.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Encode Content-Disposition filenames
-merge_request: 24919
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-fix-backfill-project-repo-migration.yml b/changelogs/unreleased/sh-fix-backfill-project-repo-migration.yml
deleted file mode 100644
index d1d4412eb50..00000000000
--- a/changelogs/unreleased/sh-fix-backfill-project-repo-migration.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix duplicate project disk path in BackfillLegacyProjectRepositories
-merge_request: 24213
-author:
-type: changed
diff --git a/changelogs/unreleased/sh-fix-bitbucket-server-error-handling.yml b/changelogs/unreleased/sh-fix-bitbucket-server-error-handling.yml
deleted file mode 100644
index 87405fa0a78..00000000000
--- a/changelogs/unreleased/sh-fix-bitbucket-server-error-handling.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix Bitbucket Server importer error handling
-merge_request: 24343
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-fix-import-redirect-vulnerability.yml b/changelogs/unreleased/sh-fix-import-redirect-vulnerability.yml
deleted file mode 100644
index addf327b69d..00000000000
--- a/changelogs/unreleased/sh-fix-import-redirect-vulnerability.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Alias GitHub and BitBucket OAuth2 callback URLs
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/sh-fix-pages-zip-constant.yml b/changelogs/unreleased/sh-fix-pages-zip-constant.yml
deleted file mode 100644
index fcd8aa45825..00000000000
--- a/changelogs/unreleased/sh-fix-pages-zip-constant.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix uninitialized constant with GitLab Pages
-merge_request:
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-fix-snippet-uploads-path-lookup.yml b/changelogs/unreleased/sh-fix-snippet-uploads-path-lookup.yml
deleted file mode 100644
index 414c8663049..00000000000
--- a/changelogs/unreleased/sh-fix-snippet-uploads-path-lookup.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix 404s with snippet uploads in object storage
-merge_request: 24550
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-fix-upload-snippets-with-relative-url-root.yml b/changelogs/unreleased/sh-fix-upload-snippets-with-relative-url-root.yml
deleted file mode 100644
index 8bc1e4b4f8a..00000000000
--- a/changelogs/unreleased/sh-fix-upload-snippets-with-relative-url-root.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix 404s for snippet uploads when relative URL root used
-merge_request: 24588
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-import-source-branch-github-forks.yml b/changelogs/unreleased/sh-import-source-branch-github-forks.yml
deleted file mode 100644
index b5ea60202c0..00000000000
--- a/changelogs/unreleased/sh-import-source-branch-github-forks.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Create the source branch for a GitHub import
-merge_request: 25064
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-issue-53419-fix.yml b/changelogs/unreleased/sh-issue-53419-fix.yml
deleted file mode 100644
index ab8b65857e2..00000000000
--- a/changelogs/unreleased/sh-issue-53419-fix.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix Bitbucket Server import not allowing personal projects
-merge_request: 23601
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-preload-associations-for-group-api.yml b/changelogs/unreleased/sh-preload-associations-for-group-api.yml
deleted file mode 100644
index 24e424b7efb..00000000000
--- a/changelogs/unreleased/sh-preload-associations-for-group-api.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Eliminate N+1 queries in /api/groups/:id
-merge_request: 24513
-author:
-type: performance
diff --git a/changelogs/unreleased/shared_with_group_path.yml b/changelogs/unreleased/shared_with_group_path.yml
deleted file mode 100644
index 73ba9a9f30a..00000000000
--- a/changelogs/unreleased/shared_with_group_path.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add group full path to project's shared_with_groups
-merge_request: 24052
-author: Mathieu Parent
-type: added
diff --git a/changelogs/unreleased/support-chunking-in-client.yml b/changelogs/unreleased/support-chunking-in-client.yml
deleted file mode 100644
index e50648ea4b2..00000000000
--- a/changelogs/unreleased/support-chunking-in-client.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix code search when text is larger than max gRPC message size
-merge_request: 24111
-author:
-type: changed
diff --git a/changelogs/unreleased/test-permissions.yml b/changelogs/unreleased/test-permissions.yml
deleted file mode 100644
index cfb69fdcb1e..00000000000
--- a/changelogs/unreleased/test-permissions.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disallows unauthorized users from accessing the pipelines section.
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/tooltips-to-top.yml b/changelogs/unreleased/tooltips-to-top.yml
deleted file mode 100644
index 51bf127089e..00000000000
--- a/changelogs/unreleased/tooltips-to-top.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Change spawning of tooltips to be top by default
-merge_request: 21223
-author:
-type: changed
diff --git a/changelogs/unreleased/twang2218-gitlab-ce-i18n-extract-app-views-search.yml b/changelogs/unreleased/twang2218-gitlab-ce-i18n-extract-app-views-search.yml
deleted file mode 100644
index 1af1fe09f33..00000000000
--- a/changelogs/unreleased/twang2218-gitlab-ce-i18n-extract-app-views-search.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'i18n: externalize strings from ''app/views/search'''
-merge_request: 24297
-author: Tao Wang
-type: other
diff --git a/changelogs/unreleased/update-gitaly.yml b/changelogs/unreleased/update-gitaly.yml
deleted file mode 100644
index 4ba42a689a7..00000000000
--- a/changelogs/unreleased/update-gitaly.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Gitaly to v1.17.0
-merge_request: 24873
-author:
-type: other
diff --git a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-1-45.yml b/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-1-45.yml
deleted file mode 100644
index 7d92929221f..00000000000
--- a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-1-45.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update GitLab Runner Helm Chart to 0.1.45
-merge_request: 24564
-author:
-type: other
diff --git a/changelogs/unreleased/update-gitlab-styles.yml b/changelogs/unreleased/update-gitlab-styles.yml
deleted file mode 100644
index 379f0ad4486..00000000000
--- a/changelogs/unreleased/update-gitlab-styles.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update gitlab-styles to 2.5.1
-merge_request: 24336
-author: Jasper Maes
-type: other
diff --git a/changelogs/unreleased/update-pages-config-only-when-changed.yml b/changelogs/unreleased/update-pages-config-only-when-changed.yml
deleted file mode 100644
index 8d9e02df678..00000000000
--- a/changelogs/unreleased/update-pages-config-only-when-changed.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not reload daemon if configuration file of pages does not change
-merge_request:
-author:
-type: performance
diff --git a/changelogs/unreleased/update-pages-extensionless-urls.yml b/changelogs/unreleased/update-pages-extensionless-urls.yml
deleted file mode 100644
index 13b3e1df500..00000000000
--- a/changelogs/unreleased/update-pages-extensionless-urls.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add support for extensionless pages URLs
-merge_request: 24876
-author:
-type: added
diff --git a/changelogs/unreleased/update-sidekiq-cron.yml b/changelogs/unreleased/update-sidekiq-cron.yml
deleted file mode 100644
index edce32e3753..00000000000
--- a/changelogs/unreleased/update-sidekiq-cron.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Update sidekiq-cron to 1.0.4 and use fugit to replace rufus-scheduler to parse
-  cron syntax
-merge_request: 24235
-author:
-type: other
diff --git a/changelogs/unreleased/update-smooshpack.yml b/changelogs/unreleased/update-smooshpack.yml
deleted file mode 100644
index a9222088d53..00000000000
--- a/changelogs/unreleased/update-smooshpack.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgraded Codesandbox smooshpack package
-merge_request:
-author:
-type: other
diff --git a/changelogs/unreleased/update-spriteicon-from-icon-on-profile.yml b/changelogs/unreleased/update-spriteicon-from-icon-on-profile.yml
deleted file mode 100644
index 32259bfacd4..00000000000
--- a/changelogs/unreleased/update-spriteicon-from-icon-on-profile.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update to GitLab SVG icon from Font Awesome in profile for location and work
-merge_request: 24671
-author: Yoginth
-type: changed
diff --git a/changelogs/unreleased/update-ui-admin-appearance.yml b/changelogs/unreleased/update-ui-admin-appearance.yml
deleted file mode 100644
index 7bc35029d77..00000000000
--- a/changelogs/unreleased/update-ui-admin-appearance.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update UI for admin appearance settings
-merge_request: 24685
-author:
-type: other
diff --git a/changelogs/unreleased/update-workhorse-8-2-0.yml b/changelogs/unreleased/update-workhorse-8-2-0.yml
deleted file mode 100644
index 7d593917a25..00000000000
--- a/changelogs/unreleased/update-workhorse-8-2-0.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Workhorse to v8.2.0
-merge_request: 24909
-author:
-type: fixed
diff --git a/changelogs/unreleased/use-deployment-relation-to-fetch-environment-ce.yml b/changelogs/unreleased/use-deployment-relation-to-fetch-environment-ce.yml
deleted file mode 100644
index 1ec276b4abc..00000000000
--- a/changelogs/unreleased/use-deployment-relation-to-fetch-environment-ce.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Use deployment relation to get an environment name
-merge_request: 24890
-author:
-type: performance
diff --git a/changelogs/unreleased/use_upgrade_install_for_helm_apps.yml b/changelogs/unreleased/use_upgrade_install_for_helm_apps.yml
deleted file mode 100644
index b41c3cfa1ab..00000000000
--- a/changelogs/unreleased/use_upgrade_install_for_helm_apps.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added ability to upgrade cluster applications
-merge_request: 24789
-author:
-type: added
diff --git a/changelogs/unreleased/winh-add-list-dropdown-height.yml b/changelogs/unreleased/winh-add-list-dropdown-height.yml
deleted file mode 100644
index 6bcedc15cc9..00000000000
--- a/changelogs/unreleased/winh-add-list-dropdown-height.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adjust height of "Add list" dropdown in issue boards
-merge_request: 24227
-author:
-type: fixed
diff --git a/changelogs/unreleased/workhorse-8-3-0.yml b/changelogs/unreleased/workhorse-8-3-0.yml
deleted file mode 100644
index 6ae01d64ae5..00000000000
--- a/changelogs/unreleased/workhorse-8-3-0.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Workhorse to v8.3.0
-merge_request: 24959
-author:
-type: other
diff --git a/changelogs/unreleased/yoginth-avatar-on-settings-sidebar.yml b/changelogs/unreleased/yoginth-avatar-on-settings-sidebar.yml
deleted file mode 100644
index 0ec76f9ce02..00000000000
--- a/changelogs/unreleased/yoginth-avatar-on-settings-sidebar.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added Avatar in the settings sidebar
-merge_request: 24515
-author: Yoginth
-type: changed
diff --git a/changelogs/unreleased/zj-feature-gate-set-project-path.yml b/changelogs/unreleased/zj-feature-gate-set-project-path.yml
deleted file mode 100644
index b426a2f3fe7..00000000000
--- a/changelogs/unreleased/zj-feature-gate-set-project-path.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Allow setting of feature gates per project
-merge_request: 24184
-author:
-type: added
diff --git a/config/routes/git_http.rb b/config/routes/git_http.rb
index ec5c68f81df..a959d40881b 100644
--- a/config/routes/git_http.rb
+++ b/config/routes/git_http.rb
@@ -40,7 +40,7 @@ scope(path: '*namespace_id/:project_id',
     # /info/refs?service=git-receive-pack, but nothing else.
     #
     git_http_handshake = lambda do |request|
-      ::Constraints::ProjectUrlConstrainer.new.matches?(request) &&
+      ::Constraints::ProjectUrlConstrainer.new.matches?(request, existence_check: false) &&
         (request.query_string.blank? ||
          request.query_string.match(/\Aservice=git-(upload|receive)-pack\z/))
     end
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index 93767aefb51..8358fe64f18 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -14,6 +14,10 @@ include:
 - [Usage statistics](usage_statistics.md)
 - [Visibility and access controls](visibility_and_access_controls.md)
 
+NOTE: **Note:**
+You can change the [first day of the week](../../profile/preferences.md) for the entire GitLab instance
+in the **Localization** section of **Admin area > Settings > Preferences**.
+
 ## GitLab.com admin area settings
 
 Most of the settings under the admin area change the behavior of the whole
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 019652b2408..8f3d2a18ef6 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -61,6 +61,7 @@ The following table depicts the various user permission levels in a project.
 | Manage related issues **[STARTER]**   |         | ✓          | ✓           | ✓        | ✓      |
 | Lock issue discussions                |         | ✓          | ✓           | ✓        | ✓      |
 | Create issue from vulnerability **[ULTIMATE]** |         | ✓          | ✓           | ✓        | ✓      |
+| View Error Tracking list              |         | ✓          | ✓           | ✓        | ✓      |
 | Lock merge request discussions        |         |            | ✓           | ✓        | ✓      |
 | Create new environments               |         |            | ✓           | ✓        | ✓      |
 | Stop environments                     |         |            | ✓           | ✓        | ✓      |
@@ -101,6 +102,7 @@ The following table depicts the various user permission levels in a project.
 | Manage clusters                       |         |            |             | ✓        | ✓      |
 | Manage license policy **[ULTIMATE]**  |         |            |             | ✓        | ✓      |
 | Edit comments (posted by any user)    |         |            |             | ✓        | ✓      |
+| Manage Error Tracking                 |         |            |             | ✓        | ✓      |
 | Switch visibility level               |         |            |             |          | ✓      |
 | Transfer project to another namespace |         |            |             |          | ✓      |
 | Remove project                        |         |            |             |          | ✓      |
diff --git a/doc/user/project/operations/error_tracking.md b/doc/user/project/operations/error_tracking.md
index fe4b36062f7..90bb92d2062 100644
--- a/doc/user/project/operations/error_tracking.md
+++ b/doc/user/project/operations/error_tracking.md
@@ -14,10 +14,14 @@ You may sign up to the cloud hosted <https://sentry.io> or deploy your own [on-p
 
 ### Enabling Sentry
 
+NOTE: **Note:**
+You will need at least Maintainer [permissions](../../permissions.md) to enable the Sentry integration.
+
 GitLab provides an easy way to connect Sentry to your project:
 
 1. Sign up to Sentry.io or [deploy your own](#deploying-sentry) Sentry instance.
 1. [Find or generate](https://docs.sentry.io/api/auth/) a Sentry auth token for your Sentry project.
+Make sure to give the token at least the following scopes: `event:read` and `project:read`.
 1. Navigate to your project’s **Settings > Operations** and provide the Sentry API URL and auth token.
 1. Ensure that the 'Active' checkbox is set.
 1. Click **Save changes** for the changes to take effect.
@@ -25,6 +29,9 @@ GitLab provides an easy way to connect Sentry to your project:
 
 ## Error Tracking List
 
+NOTE: **Note:**
+You will need at least Reporter [permissions](../../permissions.md) to view the Error Tracking list.
+
 The Error Tracking list may be found at **Operations > Error Tracking** in your project's sidebar.
 
 ![Error Tracking list](img/error_tracking_list.png)
diff --git a/lib/api/commits.rb b/lib/api/commits.rb
index 9d23daafe95..be682982897 100644
--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
@@ -318,10 +318,18 @@ module API
         use :pagination
       end
       get ':id/repository/commits/:sha/merge_requests', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do
+        authorize! :read_merge_request, user_project
+
         commit = user_project.commit(params[:sha])
         not_found! 'Commit' unless commit
 
-        present paginate(commit.merge_requests), with: Entities::MergeRequestBasic
+        commit_merge_requests = MergeRequestsFinder.new(
+          current_user,
+          project_id: user_project.id,
+          commit_sha: commit.sha
+        ).execute
+
+        present paginate(commit_merge_requests), with: Entities::MergeRequestBasic
       end
     end
   end
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index beb8ce349b4..a758b040601 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -156,7 +156,7 @@ module API
     class BasicProjectDetails < ProjectIdentity
       include ::API::ProjectsRelationBuilder
 
-      expose :default_branch
+      expose :default_branch, if: -> (project, options) { Ability.allowed?(options[:current_user], :download_code, project) }
       # Avoids an N+1 query: https://github.com/mbleigh/acts-as-taggable-on/issues/91#issuecomment-168273770
       expose :tag_list do |project|
         # project.tags.order(:name).pluck(:name) is the most suitable option
@@ -261,7 +261,7 @@ module API
       expose :open_issues_count, if: lambda { |project, options| project.feature_available?(:issues, options[:current_user]) }
       expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] }
       expose :public_builds, as: :public_jobs
-      expose :ci_config_path
+      expose :ci_config_path, if: -> (project, options) { Ability.allowed?(options[:current_user], :download_code, project) }
       expose :shared_with_groups do |project, options|
         SharedGroup.represent(project.project_group_links, options)
       end
@@ -270,8 +270,9 @@ module API
       expose :only_allow_merge_if_all_discussions_are_resolved
       expose :printing_merge_request_link_enabled
       expose :merge_method
-
-      expose :statistics, using: 'API::Entities::ProjectStatistics', if: :statistics
+      expose :statistics, using: 'API::Entities::ProjectStatistics', if: -> (project, options) {
+        options[:statistics] && Ability.allowed?(options[:current_user], :download_code, project)
+      }
 
       # rubocop: disable CodeReuse/ActiveRecord
       def self.preload_relation(projects_relation, options = {})
diff --git a/lib/api/environments.rb b/lib/api/environments.rb
index 0278c6c54a5..5b0f3b914cb 100644
--- a/lib/api/environments.rb
+++ b/lib/api/environments.rb
@@ -22,7 +22,7 @@ module API
       get ':id/environments' do
         authorize! :read_environment, user_project
 
-        present paginate(user_project.environments), with: Entities::Environment
+        present paginate(user_project.environments), with: Entities::Environment, current_user: current_user
       end
 
       desc 'Creates a new environment' do
@@ -40,7 +40,7 @@ module API
         environment = user_project.environments.create(declared_params)
 
         if environment.persisted?
-          present environment, with: Entities::Environment
+          present environment, with: Entities::Environment, current_user: current_user
         else
           render_validation_error!(environment)
         end
@@ -63,7 +63,7 @@ module API
 
         update_params = declared_params(include_missing: false).extract!(:name, :external_url)
         if environment.update(update_params)
-          present environment, with: Entities::Environment
+          present environment, with: Entities::Environment, current_user: current_user
         else
           render_validation_error!(environment)
         end
@@ -99,7 +99,7 @@ module API
         environment.stop_with_action!(current_user)
 
         status 200
-        present environment, with: Entities::Environment
+        present environment, with: Entities::Environment, current_user: current_user
       end
     end
   end
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 6a93ef9f3ad..f8ffa768277 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -184,7 +184,8 @@ module API
 
         if project.saved?
           present project, with: Entities::Project,
-                           user_can_admin_project: can?(current_user, :admin_project, project)
+                           user_can_admin_project: can?(current_user, :admin_project, project),
+                           current_user: current_user
         else
           if project.errors[:limit_reached].present?
             error!(project.errors[:limit_reached], 403)
@@ -217,7 +218,8 @@ module API
 
         if project.saved?
           present project, with: Entities::Project,
-                           user_can_admin_project: can?(current_user, :admin_project, project)
+                           user_can_admin_project: can?(current_user, :admin_project, project),
+                           current_user: current_user
         else
           render_validation_error!(project)
         end
@@ -279,7 +281,8 @@ module API
           conflict!(forked_project.errors.messages)
         else
           present forked_project, with: Entities::Project,
-                                  user_can_admin_project: can?(current_user, :admin_project, forked_project)
+                                  user_can_admin_project: can?(current_user, :admin_project, forked_project),
+                                  current_user: current_user
         end
       end
 
@@ -328,7 +331,8 @@ module API
 
         if result[:status] == :success
           present user_project, with: Entities::Project,
-                                user_can_admin_project: can?(current_user, :admin_project, user_project)
+                                user_can_admin_project: can?(current_user, :admin_project, user_project),
+                                current_user: current_user
         else
           render_validation_error!(user_project)
         end
@@ -342,7 +346,7 @@ module API
 
         ::Projects::UpdateService.new(user_project, current_user, archived: true).execute
 
-        present user_project, with: Entities::Project
+        present user_project, with: Entities::Project, current_user: current_user
       end
 
       desc 'Unarchive a project' do
@@ -353,7 +357,7 @@ module API
 
         ::Projects::UpdateService.new(@project, current_user, archived: false).execute
 
-        present user_project, with: Entities::Project
+        present user_project, with: Entities::Project, current_user: current_user
       end
 
       desc 'Star a project' do
@@ -366,7 +370,7 @@ module API
           current_user.toggle_star(user_project)
           user_project.reload
 
-          present user_project, with: Entities::Project
+          present user_project, with: Entities::Project, current_user: current_user
         end
       end
 
@@ -378,7 +382,7 @@ module API
           current_user.toggle_star(user_project)
           user_project.reload
 
-          present user_project, with: Entities::Project
+          present user_project, with: Entities::Project, current_user: current_user
         else
           not_modified!
         end
@@ -414,7 +418,7 @@ module API
         result = ::Projects::ForkService.new(fork_from_project, current_user).execute(user_project)
 
         if result
-          present user_project.reload, with: Entities::Project
+          present user_project.reload, with: Entities::Project, current_user: current_user
         else
           render_api_error!("Project already forked", 409) if user_project.forked?
         end
@@ -436,27 +440,24 @@ module API
       end
       params do
         requires :group_id, type: Integer, desc: 'The ID of a group'
-        requires :group_access, type: Integer, values: Gitlab::Access.values, desc: 'The group access level'
+        requires :group_access, type: Integer, values: Gitlab::Access.values, as: :link_group_access, desc: 'The group access level'
         optional :expires_at, type: Date, desc: 'Share expiration date'
       end
       post ":id/share" do
         authorize! :admin_project, user_project
         group = Group.find_by_id(params[:group_id])
 
-        unless group && can?(current_user, :read_group, group)
-          not_found!('Group')
-        end
-
         unless user_project.allowed_to_share_with_group?
           break render_api_error!("The project sharing with group is disabled", 400)
         end
 
-        link = user_project.project_group_links.new(declared_params(include_missing: false))
+        result = ::Projects::GroupLinks::CreateService.new(user_project, current_user, declared_params(include_missing: false))
+          .execute(group)
 
-        if link.save
-          present link, with: Entities::ProjectGroupLink
+        if result[:status] == :success
+          present result[:link], with: Entities::ProjectGroupLink
         else
-          render_api_error!(link.errors.full_messages.first, 409)
+          render_api_error!(result[:message], result[:http_status])
         end
       end
 
@@ -520,7 +521,7 @@ module API
         result = ::Projects::TransferService.new(user_project, current_user).execute(namespace)
 
         if result
-          present user_project, with: Entities::Project
+          present user_project, with: Entities::Project, current_user: current_user
         else
           render_api_error!("Failed to transfer project #{user_project.errors.messages}", 400)
         end
diff --git a/lib/banzai/filter/footnote_filter.rb b/lib/banzai/filter/footnote_filter.rb
index 97527976437..de133774dfa 100644
--- a/lib/banzai/filter/footnote_filter.rb
+++ b/lib/banzai/filter/footnote_filter.rb
@@ -29,21 +29,30 @@ module Banzai
         # Sanitization stripped off the section wrapper - add it back in
         first_footnote.parent.wrap('<section class="footnotes">')
         rand_suffix = "-#{random_number}"
+        modified_footnotes = {}
 
         doc.css('sup > a[id]').each do |link_node|
           ref_num       = link_node[:id].delete_prefix(FOOTNOTE_LINK_ID_PREFIX)
           footnote_node = doc.at_css("li[id=#{fn_id(ref_num)}]")
-          backref_node  = footnote_node.at_css("a[href=\"##{fnref_id(ref_num)}\"]")
 
-          if ref_num =~ INTEGER_PATTERN && footnote_node && backref_node
-            link_node[:href]    += rand_suffix
-            link_node[:id]      += rand_suffix
-            footnote_node[:id]  += rand_suffix
-            backref_node[:href] += rand_suffix
+          if INTEGER_PATTERN.match?(ref_num) && (footnote_node || modified_footnotes[ref_num])
+            link_node[:href] += rand_suffix
+            link_node[:id]   += rand_suffix
 
             # Sanitization stripped off class - add it back in
             link_node.parent.append_class('footnote-ref')
-            backref_node.append_class('footnote-backref')
+
+            unless modified_footnotes[ref_num]
+              footnote_node[:id] += rand_suffix
+              backref_node        = footnote_node.at_css("a[href=\"##{fnref_id(ref_num)}\"]")
+
+              if backref_node
+                backref_node[:href] += rand_suffix
+                backref_node.append_class('footnote-backref')
+              end
+
+              modified_footnotes[ref_num] = true
+            end
           end
         end
 
diff --git a/lib/constraints/project_url_constrainer.rb b/lib/constraints/project_url_constrainer.rb
index eadfbf7bc01..d41490d2ebd 100644
--- a/lib/constraints/project_url_constrainer.rb
+++ b/lib/constraints/project_url_constrainer.rb
@@ -2,12 +2,13 @@
 
 module Constraints
   class ProjectUrlConstrainer
-    def matches?(request)
+    def matches?(request, existence_check: true)
       namespace_path = request.params[:namespace_id]
       project_path = request.params[:project_id] || request.params[:id]
       full_path = [namespace_path, project_path].join('/')
 
       return false unless ProjectPathValidator.valid_path?(full_path)
+      return true unless existence_check
 
       # We intentionally allow SELECT(*) here so result of this query can be used
       # as cache for further Project.find_by_full_path calls within request
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
index e369d26f22f..cb547cc2eaa 100644
--- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
@@ -826,7 +826,7 @@ rollout 100%:
 
   # Function to ensure backwards compatibility with AUTO_DEVOPS_DOMAIN
   function ensure_kube_ingress_base_domain() {
-    if [ -z ${KUBE_INGRESS_BASE_DOMAIN+x} ]; then
+    if [ -z ${KUBE_INGRESS_BASE_DOMAIN+x} ] && [ -n "$AUTO_DEVOPS_DOMAIN" ] ; then
       export KUBE_INGRESS_BASE_DOMAIN=$AUTO_DEVOPS_DOMAIN
     fi
   }
diff --git a/lib/gitlab/dependency_linker/base_linker.rb b/lib/gitlab/dependency_linker/base_linker.rb
index ac2efe598b4..ffad00fa7d7 100644
--- a/lib/gitlab/dependency_linker/base_linker.rb
+++ b/lib/gitlab/dependency_linker/base_linker.rb
@@ -4,6 +4,7 @@ module Gitlab
   module DependencyLinker
     class BaseLinker
       URL_REGEX = %r{https?://[^'" ]+}.freeze
+      GIT_INVALID_URL_REGEX = /^git\+#{URL_REGEX}/.freeze
       REPO_REGEX = %r{[^/'" ]+/[^/'" ]+}.freeze
 
       class_attribute :file_type
@@ -29,8 +30,25 @@ module Gitlab
         highlighted_lines.join.html_safe
       end
 
+      def external_url(name, external_ref)
+        return if external_ref =~ GIT_INVALID_URL_REGEX
+
+        case external_ref
+        when /\A#{URL_REGEX}\z/
+          external_ref
+        when /\A#{REPO_REGEX}\z/
+          github_url(external_ref)
+        else
+          package_url(name)
+        end
+      end
+
       private
 
+      def package_url(_name)
+        raise NotImplementedError
+      end
+
       def link_dependencies
         raise NotImplementedError
       end
diff --git a/lib/gitlab/dependency_linker/composer_json_linker.rb b/lib/gitlab/dependency_linker/composer_json_linker.rb
index 22d2bead891..4b8862b31ee 100644
--- a/lib/gitlab/dependency_linker/composer_json_linker.rb
+++ b/lib/gitlab/dependency_linker/composer_json_linker.rb
@@ -8,8 +8,8 @@ module Gitlab
       private
 
       def link_packages
-        link_packages_at_key("require", &method(:package_url))
-        link_packages_at_key("require-dev", &method(:package_url))
+        link_packages_at_key("require")
+        link_packages_at_key("require-dev")
       end
 
       def package_url(name)
diff --git a/lib/gitlab/dependency_linker/gemfile_linker.rb b/lib/gitlab/dependency_linker/gemfile_linker.rb
index 8ab219c4962..c6e02248b0a 100644
--- a/lib/gitlab/dependency_linker/gemfile_linker.rb
+++ b/lib/gitlab/dependency_linker/gemfile_linker.rb
@@ -3,8 +3,14 @@
 module Gitlab
   module DependencyLinker
     class GemfileLinker < MethodLinker
+      class_attribute :package_keyword
+
+      self.package_keyword = :gem
       self.file_type = :gemfile
 
+      GITHUB_REGEX = /(github:|:github\s*=>)\s*['"](?<name>[^'"]+)['"]/.freeze
+      GIT_REGEX = /(git:|:git\s*=>)\s*['"](?<name>#{URL_REGEX})['"]/.freeze
+
       private
 
       def link_dependencies
@@ -14,21 +20,35 @@ module Gitlab
 
       def link_urls
         # Link `github: "user/repo"` to https://github.com/user/repo
-        link_regex(/(github:|:github\s*=>)\s*['"](?<name>[^'"]+)['"]/, &method(:github_url))
+        link_regex(GITHUB_REGEX, &method(:github_url))
 
         # Link `git: "https://gitlab.example.com/user/repo"` to https://gitlab.example.com/user/repo
-        link_regex(/(git:|:git\s*=>)\s*['"](?<name>#{URL_REGEX})['"]/, &:itself)
+        link_regex(GIT_REGEX, &:itself)
 
         # Link `source "https://rubygems.org"` to https://rubygems.org
         link_method_call('source', URL_REGEX, &:itself)
       end
 
       def link_packages
-        # Link `gem "package_name"` to https://rubygems.org/gems/package_name
-        link_method_call('gem') do |name|
-          "https://rubygems.org/gems/#{name}"
+        packages = parse_packages
+
+        return if packages.blank?
+
+        packages.each do |package|
+          link_method_call('gem', package.name) do
+            external_url(package.name, package.external_ref)
+          end
         end
       end
+
+      def package_url(name)
+        "https://rubygems.org/gems/#{name}"
+      end
+
+      def parse_packages
+        parser = Gitlab::DependencyLinker::Parser::Gemfile.new(plain_text)
+        parser.parse(keyword: self.class.package_keyword)
+      end
     end
   end
 end
diff --git a/lib/gitlab/dependency_linker/gemspec_linker.rb b/lib/gitlab/dependency_linker/gemspec_linker.rb
index b924ea86d89..94c2b375cf9 100644
--- a/lib/gitlab/dependency_linker/gemspec_linker.rb
+++ b/lib/gitlab/dependency_linker/gemspec_linker.rb
@@ -11,7 +11,7 @@ module Gitlab
         link_method_call('homepage', URL_REGEX, &:itself)
         link_method_call('license', &method(:license_url))
 
-        link_method_call(%w[name add_dependency add_runtime_dependency add_development_dependency]) do |name|
+        link_method_call(%w[add_dependency add_runtime_dependency add_development_dependency]) do |name|
           "https://rubygems.org/gems/#{name}"
         end
       end
diff --git a/lib/gitlab/dependency_linker/method_linker.rb b/lib/gitlab/dependency_linker/method_linker.rb
index d4d85bb3390..33899a931c6 100644
--- a/lib/gitlab/dependency_linker/method_linker.rb
+++ b/lib/gitlab/dependency_linker/method_linker.rb
@@ -23,18 +23,22 @@ module Gitlab
       #   link_method_call('name')
       #   # Will link `package` in `self.name = "package"`
       def link_method_call(method_name, value = nil, &url_proc)
+        regex = method_call_regex(method_name, value)
+
+        link_regex(regex, &url_proc)
+      end
+
+      def method_call_regex(method_name, value = nil)
         method_name = regexp_for_value(method_name)
         value = regexp_for_value(value)
 
-        regex = %r{
+        %r{
           #{method_name}            # Method name
           \s*                       # Whitespace
           [(=]?                     # Opening brace or equals sign
           \s*                       # Whitespace
           ['"](?<name>#{value})['"] # Package name in quotes
         }x
-
-        link_regex(regex, &url_proc)
       end
     end
   end
diff --git a/lib/gitlab/dependency_linker/package.rb b/lib/gitlab/dependency_linker/package.rb
new file mode 100644
index 00000000000..8a509bbd562
--- /dev/null
+++ b/lib/gitlab/dependency_linker/package.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module DependencyLinker
+    class Package
+      attr_reader :name, :git_ref, :github_ref
+
+      def initialize(name, git_ref, github_ref)
+        @name = name
+        @git_ref = git_ref
+        @github_ref = github_ref
+      end
+
+      def external_ref
+        @git_ref || @github_ref
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/dependency_linker/package_json_linker.rb b/lib/gitlab/dependency_linker/package_json_linker.rb
index 578e25f806a..6857f2a4fa2 100644
--- a/lib/gitlab/dependency_linker/package_json_linker.rb
+++ b/lib/gitlab/dependency_linker/package_json_linker.rb
@@ -8,7 +8,6 @@ module Gitlab
       private
 
       def link_dependencies
-        link_json('name', json["name"], &method(:package_url))
         link_json('license', &method(:license_url))
         link_json(%w[homepage url], URL_REGEX, &:itself)
 
@@ -16,25 +15,19 @@ module Gitlab
       end
 
       def link_packages
-        link_packages_at_key("dependencies", &method(:package_url))
-        link_packages_at_key("devDependencies", &method(:package_url))
+        link_packages_at_key("dependencies")
+        link_packages_at_key("devDependencies")
       end
 
-      def link_packages_at_key(key, &url_proc)
+      def link_packages_at_key(key)
         dependencies = json[key]
         return unless dependencies
 
         dependencies.each do |name, version|
-          link_json(name, version, link: :key, &url_proc)
-
-          link_json(name) do |value|
-            case value
-            when /\A#{URL_REGEX}\z/
-              value
-            when /\A#{REPO_REGEX}\z/
-              github_url(value)
-            end
-          end
+          external_url = external_url(name, version)
+
+          link_json(name, version, link: :key) { external_url }
+          link_json(name) { external_url }
         end
       end
 
diff --git a/lib/gitlab/dependency_linker/parser/gemfile.rb b/lib/gitlab/dependency_linker/parser/gemfile.rb
new file mode 100644
index 00000000000..7f755375cea
--- /dev/null
+++ b/lib/gitlab/dependency_linker/parser/gemfile.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module DependencyLinker
+    module Parser
+      class Gemfile < MethodLinker
+        GIT_REGEX = Gitlab::DependencyLinker::GemfileLinker::GIT_REGEX
+        GITHUB_REGEX = Gitlab::DependencyLinker::GemfileLinker::GITHUB_REGEX
+
+        def initialize(plain_text)
+          @plain_text = plain_text
+        end
+
+        # Returns a list of Gitlab::DependencyLinker::Package
+        #
+        # keyword - The package definition keyword, e.g. `:gem` for
+        # Gemfile parsing, `:pod` for Podfile.
+        def parse(keyword:)
+          plain_lines.each_with_object([]) do |line, packages|
+            name = fetch(line, method_call_regex(keyword))
+
+            next unless name
+
+            git_ref = fetch(line, GIT_REGEX)
+            github_ref = fetch(line, GITHUB_REGEX)
+
+            packages << Gitlab::DependencyLinker::Package.new(name, git_ref, github_ref)
+          end
+        end
+
+        private
+
+        def fetch(line, regex, group: :name)
+          match = line.match(regex)
+          match[group] if match
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/dependency_linker/podfile_linker.rb b/lib/gitlab/dependency_linker/podfile_linker.rb
index def9b04cca9..a20d285da79 100644
--- a/lib/gitlab/dependency_linker/podfile_linker.rb
+++ b/lib/gitlab/dependency_linker/podfile_linker.rb
@@ -5,12 +5,21 @@ module Gitlab
     class PodfileLinker < GemfileLinker
       include Cocoapods
 
+      self.package_keyword = :pod
       self.file_type = :podfile
 
       private
 
       def link_packages
-        link_method_call('pod', &method(:package_url))
+        packages = parse_packages
+
+        return unless packages
+
+        packages.each do |package|
+          link_method_call('pod', package.name) do
+            external_url(package.name, package.external_ref)
+          end
+        end
       end
     end
   end
diff --git a/lib/gitlab/dependency_linker/podspec_linker.rb b/lib/gitlab/dependency_linker/podspec_linker.rb
index 6b1758c5a43..14abd3999c4 100644
--- a/lib/gitlab/dependency_linker/podspec_linker.rb
+++ b/lib/gitlab/dependency_linker/podspec_linker.rb
@@ -19,7 +19,7 @@ module Gitlab
         link_method_call('license', &method(:license_url))
         link_regex(/license\s*=\s*\{\s*(type:|:type\s*=>)\s*#{STRING_REGEX}/, &method(:license_url))
 
-        link_method_call(%w[name dependency], &method(:package_url))
+        link_method_call('dependency', &method(:package_url))
       end
     end
   end
diff --git a/lib/gitlab/import_export/merge_request_parser.rb b/lib/gitlab/import_export/merge_request_parser.rb
index 040a70d6775..deb2f59f05f 100644
--- a/lib/gitlab/import_export/merge_request_parser.rb
+++ b/lib/gitlab/import_export/merge_request_parser.rb
@@ -20,6 +20,17 @@ module Gitlab
           create_target_branch unless branch_exists?(@merge_request.target_branch)
         end
 
+        # The merge_request_diff associated with the current @merge_request might
+        # be invalid. Than means, when the @merge_request object is saved, the
+        # @merge_request.merge_request_diff won't. This can leave the merge request
+        # in an invalid state, because a merge request must have an associated
+        # merge request diff.
+        # In this change, if the associated merge request diff is invalid, we set
+        # it to nil. This change, in association with the after callback
+        # :ensure_merge_request_diff in the MergeRequest class, makes that
+        # when the merge request is going to be created and it doesn't have
+        # one, a default one will be generated.
+        @merge_request.merge_request_diff = nil unless @merge_request.merge_request_diff&.valid?
         @merge_request
       end
 
diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb
index 624c2c67551..de14df56555 100644
--- a/lib/gitlab/kubernetes/kube_client.rb
+++ b/lib/gitlab/kubernetes/kube_client.rb
@@ -82,6 +82,8 @@ module Gitlab
       def initialize(api_prefix, **kubeclient_options)
         @api_prefix = api_prefix
         @kubeclient_options = kubeclient_options.merge(http_max_redirects: 0)
+
+        validate_url!
       end
 
       def create_or_update_cluster_role_binding(resource)
@@ -118,6 +120,12 @@ module Gitlab
 
       private
 
+      def validate_url!
+        return if Gitlab::CurrentSettings.allow_local_requests_from_hooks_and_services?
+
+        Gitlab::UrlBlocker.validate!(api_prefix, allow_local_network: false)
+      end
+
       def cluster_role_binding_exists?(resource)
         get_cluster_role_binding(resource.metadata.name)
       rescue ::Kubeclient::ResourceNotFoundError
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index c3349980d60..3a50ed4f787 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -1293,6 +1293,9 @@ msgstr ""
 msgid "Cannot modify managed Kubernetes cluster"
 msgstr ""
 
+msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
+msgstr ""
+
 msgid "Certificate"
 msgstr ""
 
diff --git a/package.json b/package.json
index 7110baef8b3..cc4edbfacd8 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "@babel/preset-env": "^7.3.1",
     "@gitlab/csslab": "^1.8.0",
     "@gitlab/svgs": "^1.51.0",
-    "@gitlab/ui": "^2.0.2",
+    "@gitlab/ui": "^2.0.4",
     "apollo-boost": "^0.1.20",
     "apollo-client": "^2.4.5",
     "autosize": "^4.0.0",
diff --git a/qa/qa/page/label/index.rb b/qa/qa/page/label/index.rb
index f0d323ca3b4..de0cfa9f293 100644
--- a/qa/qa/page/label/index.rb
+++ b/qa/qa/page/label/index.rb
@@ -14,6 +14,10 @@ module QA
           element :label_svg
         end
 
+        view 'app/views/shared/empty_states/_priority_labels.html.haml' do
+          element :label_svg
+        end
+
         def go_to_new_label
           # The 'labels.svg' takes a fraction of a second to load after which the "New label" button shifts up a bit
           # This can cause webdriver to miss the hit so we wait for the svg to load (implicitly with has_element?)
diff --git a/qa/qa/runtime/namespace.rb b/qa/qa/runtime/namespace.rb
index 704c65467e0..9d7c1aea508 100644
--- a/qa/qa/runtime/namespace.rb
+++ b/qa/qa/runtime/namespace.rb
@@ -8,7 +8,9 @@ module QA
       end
 
       def name
-        Runtime::Env.namespace_name || "qa-test-#{time.strftime('%Y-%m-%d-%H-%M-%S')}"
+        # If any changes are made to the name tag, following script has to be considered:
+        # https://ops.gitlab.net/gitlab-com/gl-infra/traffic-generator/blob/master/bin/janitor.bash
+        @name ||= Runtime::Env.namespace_name || "qa-test-#{time.strftime('%Y-%m-%d-%H-%M-%S')}-#{SecureRandom.hex(8)}"
       end
 
       def path
diff --git a/qa/qa/specs/features/browser_ui/3_create/merge_request/squash_merge_request_spec.rb b/qa/qa/specs/features/browser_ui/3_create/merge_request/squash_merge_request_spec.rb
index 545da0a8b85..bf20ff99a99 100644
--- a/qa/qa/specs/features/browser_ui/3_create/merge_request/squash_merge_request_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/merge_request/squash_merge_request_spec.rb
@@ -2,7 +2,7 @@
 
 module QA
   # Failure issue: https://gitlab.com/gitlab-org/quality/staging/issues/31
-  context 'Create', :quarantine do
+  context 'Create' do
     describe 'Merge request squashing' do
       it 'user squashes commits while merging' do
         Runtime::Browser.visit(:gitlab, Page::Main::Login)
diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/push_over_http_file_size_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/push_over_http_file_size_spec.rb
index 23ea55c2e61..4d3ced60f6d 100644
--- a/qa/qa/specs/features/browser_ui/3_create/repository/push_over_http_file_size_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/repository/push_over_http_file_size_spec.rb
@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 module QA
-  context 'Create' do
+  # Failure issue: https://gitlab.com/gitlab-org/quality/staging/issues/37
+  context 'Create', :quarantine do
     describe 'push after setting the file size limit via admin/application_settings' do
       before(:all) do
         push = Resource::Repository::ProjectPush.fabricate! do |p|
diff --git a/qa/spec/spec_helper.rb b/qa/spec/spec_helper.rb
index 0f3cf5f4408..cddaa6fc6e0 100644
--- a/qa/spec/spec_helper.rb
+++ b/qa/spec/spec_helper.rb
@@ -17,26 +17,16 @@ RSpec.configure do |config|
     end
   end
 
-  config.before do |example|
-    QA::Runtime::Logger.debug("Starting test: #{example.full_description}") if QA::Runtime::Env.debug?
-
-    # If quarantine is tagged, skip tests that have other metadata unless
-    # they're also tagged. This lets us run quarantined tests in a particular
-    # category without running tests in other categories.
-    # E.g., if a test is tagged 'smoke' and 'quarantine', and another is tagged
-    # 'ldap' and 'quarantine', if we wanted to run just quarantined smoke tests
-    # using `--tag quarantine --tag smoke`, without this check we'd end up
-    # running that ldap test as well.
-    if config.inclusion_filter[:quarantine]
-      skip("Running tests tagged with all of #{config.inclusion_filter.rules.keys}") unless quarantine_and_optional_other_tag?(example, config)
+  config.before(:context) do
+    if self.class.metadata.keys.include?(:quarantine)
+      skip_or_run_quarantined_tests(self.class.metadata.keys, config.inclusion_filter.rules.keys)
     end
   end
 
-  config.before(:each, :quarantine) do |example|
-    # Skip tests in quarantine unless we explicitly focus on them
-    # We could use an exclusion filter, but this way the test report will list
-    # the quarantined tests when they're not run so that we're aware of them
-    skip('In quarantine') unless config.inclusion_filter[:quarantine]
+  config.before do |example|
+    QA::Runtime::Logger.debug("Starting test: #{example.full_description}") if QA::Runtime::Env.debug?
+
+    skip_or_run_quarantined_tests(example.metadata.keys, config.inclusion_filter.rules.keys)
   end
 
   config.expect_with :rspec do |expectations|
@@ -55,18 +45,41 @@ RSpec.configure do |config|
   Kernel.srand config.seed
 end
 
+# Skip tests in quarantine unless we explicitly focus on them.
+# Skip the entire context if a context is tagged. This avoids running before
+# blocks unnecessarily.
+# If quarantine is focussed, skip tests/contexts that have other metadata
+# unless they're also focussed. This lets us run quarantined tests in a
+# particular category without running tests in other categories.
+# E.g., if a test is tagged 'smoke' and 'quarantine', and another is tagged
+# 'ldap' and 'quarantine', if we wanted to run just quarantined smoke tests
+# using `--tag quarantine --tag smoke`, without this check we'd end up
+# running that ldap test as well.
+# We could use an exclusion filter, but this way the test report will list
+# the quarantined tests when they're not run so that we're aware of them
+def skip_or_run_quarantined_tests(metadata_keys, filter_keys)
+  included_filters = filters_other_than_quarantine(filter_keys)
+
+  if filter_keys.include?(:quarantine)
+    skip("Only running tests tagged with :quarantine and any of #{included_filters}") unless quarantine_and_optional_other_tag?(metadata_keys, included_filters)
+  else
+    skip('In quarantine') if metadata_keys.include?(:quarantine)
+  end
+end
+
+def filters_other_than_quarantine(filter_keys)
+  filter_keys.reject { |key| key == :quarantine }
+end
+
 # Checks if a test has the 'quarantine' tag and other tags in the inclusion filter.
 #
 # Returns true if
-# - the example metadata includes the quarantine tag
-# - and the metadata and inclusion filter both have any other tag
-# - or no other tags are in the inclusion filter
-def quarantine_and_optional_other_tag?(example, config)
-  return false unless example.metadata.keys.include? :quarantine
-
-  filters_other_than_quarantine = config.inclusion_filter.rules.keys.reject { |key| key == :quarantine }
-
-  return true if filters_other_than_quarantine.empty?
+# - the metadata includes the quarantine tag
+#   - and the metadata and inclusion filter both have any other tag
+#   - or no other tags are in the inclusion filter
+def quarantine_and_optional_other_tag?(metadata_keys, included_filters)
+  return false unless metadata_keys.include? :quarantine
+  return true if included_filters.empty?
 
-  filters_other_than_quarantine.any? { |key| example.metadata.keys.include? key }
+  included_filters.any? { |key| metadata_keys.include? key }
 end
diff --git a/qa/spec/spec_helper_spec.rb b/qa/spec/spec_helper_spec.rb
index f001200fb52..2427999e110 100644
--- a/qa/spec/spec_helper_spec.rb
+++ b/qa/spec/spec_helper_spec.rb
@@ -10,79 +10,79 @@ describe 'rspec config tests' do
         end
       end
 
+      context 'default' do
+        it_behaves_like 'passing tests'
+      end
+
       context 'foo', :foo do
         it_behaves_like 'passing tests'
       end
 
-      context 'default' do
+      context 'quarantine', :quarantine do
+        it_behaves_like 'passing tests'
+      end
+
+      context 'bar quarantine', :bar, :quarantine do
         it_behaves_like 'passing tests'
       end
     end
   end
 
-  context 'default config' do
-    it 'tests are skipped if in quarantine' do
+  context 'with no tags focussed' do
+    before do
       group.run
+    end
 
-      foo_context = group.children.find { |c| c.description == "foo" }
-      foo_examples = foo_context.descendant_filtered_examples
-      expect(foo_examples.count).to eq(2)
-
-      ex = foo_examples.find { |e| e.description == "not in quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+    context 'in a context tagged :foo' do
+      it 'skips tests in quarantine' do
+        context = group.children.find { |c| c.description == "foo" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to eq(2)
 
-      ex = foo_examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('In quarantine')
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
 
-      default_context = group.children.find { |c| c.description == "default" }
-      default_examples = default_context.descendant_filtered_examples
-      expect(default_examples.count).to eq(2)
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+        expect(ex.execution_result.pending_message).to eq('In quarantine')
+      end
+    end
 
-      ex = default_examples.find { |e| e.description == "not in quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+    context 'in an untagged context' do
+      it 'skips tests in quarantine' do
+        context = group.children.find { |c| c.description == "default" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to eq(2)
 
-      ex = default_examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('In quarantine')
-    end
-  end
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
 
-  context "with 'quarantine' tagged" do
-    before do
-      RSpec.configure do |config|
-        config.inclusion_filter = :quarantine
-      end
-    end
-    after do
-      RSpec.configure do |config|
-        config.inclusion_filter.clear
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+        expect(ex.execution_result.pending_message).to eq('In quarantine')
       end
     end
 
-    it "only quarantined tests are run" do
-      group.run
-
-      foo_context = group.children.find { |c| c.description == "foo" }
-      foo_examples = foo_context.descendant_filtered_examples
-      expect(foo_examples.count).to be(1)
-
-      ex = foo_examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+    context 'in a context tagged :quarantine' do
+      it 'skips all tests' do
+        context = group.children.find { |c| c.description == "quarantine" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to eq(2)
 
-      default_context = group.children.find { |c| c.description == "default" }
-      default_examples = default_context.descendant_filtered_examples
-      expect(default_examples.count).to be(1)
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
 
-      ex = default_examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+        expect(ex.execution_result.pending_message).to eq('In quarantine')
+      end
     end
   end
 
-  context "with 'foo' tagged" do
+  context 'with :quarantine focussed' do
     before do
       RSpec.configure do |config|
-        config.inclusion_filter = :foo
+        config.inclusion_filter = :quarantine
       end
 
       group.run
@@ -93,30 +93,50 @@ describe 'rspec config tests' do
       end
     end
 
-    it "tests are not run if not tagged 'foo'" do
-      default_context = group.children.find { |c| c.description == "default" }
-      expect(default_context.descendant_filtered_examples.count).to eq(0)
+    context 'in an untagged context' do
+      it 'only runs quarantined tests' do
+        context = group.children.find { |c| c.description == "default" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(1)
+
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
+      end
     end
 
-    it "tests are skipped if in quarantine" do
-      foo_context = group.children.find { |c| c.description == "foo" }
-      foo_examples = foo_context.descendant_filtered_examples
-      expect(foo_examples.count).to eq(2)
+    context 'in a context tagged :foo' do
+      it 'only runs quarantined tests' do
+        context = group.children.find { |c| c.description == "foo" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(1)
 
-      ex = foo_examples.find { |e| e.description == "not in quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
+      end
+    end
+
+    context 'in a context tagged :quarantine' do
+      it 'runs all tests' do
+        context = group.children.find { |c| c.description == "quarantine" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
+
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
 
-      ex = foo_examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('In quarantine')
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
+      end
     end
   end
 
-  context "with 'quarantine' and 'foo' tagged" do
+  context 'with a non-quarantine tag (:foo) focussed' do
     before do
       RSpec.configure do |config|
-        config.inclusion_filter = { quarantine: true, foo: true }
+        config.inclusion_filter = :foo
       end
+
+      group.run
     end
     after do
       RSpec.configure do |config|
@@ -124,38 +144,43 @@ describe 'rspec config tests' do
       end
     end
 
-    it 'of tests tagged foo, only tests in quarantine run' do
-      group.run
+    context 'in an untagged context' do
+      it 'runs no tests' do
+        context = group.children.find { |c| c.description == "default" }
+        expect(context.descendant_filtered_examples.count).to eq(0)
+      end
+    end
 
-      foo_context = group.children.find { |c| c.description == "foo" }
-      foo_examples = foo_context.descendant_filtered_examples
-      expect(foo_examples.count).to eq(2)
+    context 'in a context tagged :foo' do
+      it 'skips quarantined tests' do
+        context = group.children.find { |c| c.description == "foo" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
 
-      ex = foo_examples.find { |e| e.description == "not in quarantine" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('Running tests tagged with all of [:quarantine, :foo]')
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
 
-      ex = foo_examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+        expect(ex.execution_result.pending_message).to eq('In quarantine')
+      end
     end
 
-    it 'if tests are not tagged they are skipped, even if they are in quarantine' do
-      group.run
-      default_context = group.children.find { |c| c.description == "default" }
-      default_examples = default_context.descendant_filtered_examples
-      expect(default_examples.count).to eq(1)
-
-      ex = default_examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('Running tests tagged with all of [:quarantine, :foo]')
+    context 'in a context tagged :quarantine' do
+      it 'runs no tests' do
+        context = group.children.find { |c| c.description == "quarantine" }
+        expect(context.descendant_filtered_examples.count).to eq(0)
+      end
     end
   end
 
-  context "with 'foo' and 'bar' tagged" do
+  context 'with :quarantine and a non-quarantine tag (:foo) focussed' do
     before do
       RSpec.configure do |config|
-        config.inclusion_filter = { bar: true, foo: true }
+        config.inclusion_filter = { quarantine: true, foo: true }
       end
+
+      group.run
     end
     after do
       RSpec.configure do |config|
@@ -163,67 +188,67 @@ describe 'rspec config tests' do
       end
     end
 
-    it "runs tests tagged either 'foo' or 'bar'" do
-      group = RSpec.describe do
-        example 'foo', :foo do
-        end
-        example 'bar', :bar do
-        end
-        example 'foo and bar', :foo, :bar do
-        end
-      end
-
-      group.run
-      expect(group.examples.count).to eq(3)
+    context 'in an untagged context' do
+      it 'ignores untagged tests and skips tests even if in quarantine' do
+        context = group.children.find { |c| c.description == "default" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to eq(1)
 
-      ex = group.examples.find { |e| e.description == "foo" }
-      expect(ex.execution_result.status).to eq(:passed)
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+      end
+    end
 
-      ex = group.examples.find { |e| e.description == "bar" }
-      expect(ex.execution_result.status).to eq(:passed)
+    context 'in a context tagged :foo' do
+      it 'only runs quarantined tests' do
+        context = group.children.find { |c| c.description == "foo" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
 
-      ex = group.examples.find { |e| e.description == "foo and bar" }
-      expect(ex.execution_result.status).to eq(:passed)
-    end
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
 
-    it "skips quarantined tests tagged 'foo' and/or 'bar'" do
-      group = RSpec.describe do
-        example 'foo in quarantine', :foo, :quarantine do
-        end
-        example 'foo and bar in quarantine', :foo, :bar, :quarantine do
-        end
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
       end
+    end
 
-      group.run
-      expect(group.examples.count).to eq(2)
+    context 'in a context tagged :quarantine' do
+      it 'skips all tests' do
+        context = group.children.find { |c| c.description == "quarantine" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
 
-      ex = group.examples.find { |e| e.description == "foo in quarantine" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('In quarantine')
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
 
-      ex = group.examples.find { |e| e.description == "foo and bar in quarantine" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('In quarantine')
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+      end
     end
 
-    it "ignores quarantined tests not tagged either 'foo' or 'bar'" do
-      group = RSpec.describe do
-        example 'in quarantine', :quarantine do
-        end
-      end
+    context 'in a context tagged :bar and :quarantine' do
+      it 'skips all tests' do
+        context = group.children.find { |c| c.description == "quarantine" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
 
-      group.run
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
 
-      ex = group.examples.find { |e| e.description == "in quarantine" }
-      expect(ex.execution_result.status).to be_nil
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+      end
     end
   end
 
-  context "with 'foo' and 'bar' and 'quarantined' tagged" do
+  context 'with :quarantine and multiple non-quarantine tags focussed' do
     before do
       RSpec.configure do |config|
         config.inclusion_filter = { bar: true, foo: true, quarantine: true }
       end
+
+      group.run
     end
     after do
       RSpec.configure do |config|
@@ -231,34 +256,49 @@ describe 'rspec config tests' do
       end
     end
 
-    it "runs tests tagged 'quarantine' and 'foo' or 'bar'" do
-      group = RSpec.describe do
-        example 'foo', :foo do
-        end
-        example 'bar and quarantine', :bar, :quarantine do
-        end
-        example 'foo and bar', :foo, :bar do
-        end
-        example 'foo, bar, and quarantine', :foo, :bar, :quarantine do
-        end
+    context 'in a context tagged :foo' do
+      it 'only runs quarantined tests' do
+        context = group.children.find { |c| c.description == "foo" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
+
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
+
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+        expect(ex.execution_result.pending_message).to eq('Only running tests tagged with :quarantine and any of [:bar, :foo]')
       end
+    end
 
-      group.run
-      expect(group.examples.count).to eq(4)
+    context 'in a context tagged :quarantine' do
+      it 'skips all tests' do
+        context = group.children.find { |c| c.description == "quarantine" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
 
-      ex = group.examples.find { |e| e.description == "foo" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('Running tests tagged with all of [:bar, :foo, :quarantine]')
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+        expect(ex.execution_result.pending_message).to eq('Only running tests tagged with :quarantine and any of [:bar, :foo]')
 
-      ex = group.examples.find { |e| e.description == "bar and quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:pending)
+        expect(ex.execution_result.pending_message).to eq('Only running tests tagged with :quarantine and any of [:bar, :foo]')
+      end
+    end
 
-      ex = group.examples.find { |e| e.description == "foo and bar" }
-      expect(ex.execution_result.status).to eq(:pending)
-      expect(ex.execution_result.pending_message).to eq('Running tests tagged with all of [:bar, :foo, :quarantine]')
+    context 'in a context tagged :bar and :quarantine' do
+      it 'runs all tests' do
+        context = group.children.find { |c| c.description == "bar quarantine" }
+        examples = context.descendant_filtered_examples
+        expect(examples.count).to be(2)
 
-      ex = group.examples.find { |e| e.description == "foo, bar, and quarantine" }
-      expect(ex.execution_result.status).to eq(:passed)
+        ex = examples.find { |e| e.description == "in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
+
+        ex = examples.find { |e| e.description == "not in quarantine" }
+        expect(ex.execution_result.status).to eq(:passed)
+      end
     end
   end
 end
diff --git a/spec/controllers/concerns/send_file_upload_spec.rb b/spec/controllers/concerns/send_file_upload_spec.rb
index a07113a6156..cf3b24f50a3 100644
--- a/spec/controllers/concerns/send_file_upload_spec.rb
+++ b/spec/controllers/concerns/send_file_upload_spec.rb
@@ -52,6 +52,23 @@ describe SendFileUpload do
       end
     end
 
+    context 'with inline image' do
+      let(:filename) { 'test.png' }
+      let(:params) { { disposition: 'inline', attachment: filename } }
+
+      it 'sends a file with inline disposition' do
+        # Notice the filename= is omitted from the disposition; this is because
+        # Rails 5 will append this header in send_file
+        expected_params = {
+          filename: 'test.png',
+          disposition: "inline; filename*=UTF-8''test.png"
+        }
+        expect(controller).to receive(:send_file).with(uploader.path, expected_params)
+
+        subject
+      end
+    end
+
     context 'with attachment' do
       let(:filename) { 'test.js' }
       let(:params) { { attachment: filename } }
diff --git a/spec/controllers/dashboard/milestones_controller_spec.rb b/spec/controllers/dashboard/milestones_controller_spec.rb
index 8b176e07bc8..4b164d0aa6b 100644
--- a/spec/controllers/dashboard/milestones_controller_spec.rb
+++ b/spec/controllers/dashboard/milestones_controller_spec.rb
@@ -3,11 +3,9 @@ require 'spec_helper'
 describe Dashboard::MilestonesController do
   let(:project) { create(:project) }
   let(:group) { create(:group) }
-  let(:public_group) { create(:group, :public) }
   let(:user) { create(:user) }
   let(:project_milestone) { create(:milestone, project: project) }
   let(:group_milestone) { create(:milestone, group: group) }
-  let!(:public_milestone) { create(:milestone, group: public_group) }
   let(:milestone) do
     DashboardMilestone.build(
       [project],
@@ -45,6 +43,9 @@ describe Dashboard::MilestonesController do
   end
 
   describe "#index" do
+    let(:public_group) { create(:group, :public) }
+    let!(:public_milestone) { create(:milestone, group: public_group) }
+
     render_views
 
     it 'returns group and project milestones to which the user belongs' do
@@ -74,10 +75,10 @@ describe Dashboard::MilestonesController do
       expect(response.body).not_to include(project_milestone.title)
     end
 
-    it 'should contain group and project milestones to which the user belongs to' do
+    it 'should show counts of group and project milestones to which the user belongs to' do
       get :index
 
-      expect(response.body).to include("Open\n<span class=\"badge badge-pill\">3</span>")
+      expect(response.body).to include("Open\n<span class=\"badge badge-pill\">2</span>")
       expect(response.body).to include("Closed\n<span class=\"badge badge-pill\">0</span>")
     end
   end
diff --git a/spec/controllers/google_api/authorizations_controller_spec.rb b/spec/controllers/google_api/authorizations_controller_spec.rb
index 1e8e82da4f3..d9ba85cf56a 100644
--- a/spec/controllers/google_api/authorizations_controller_spec.rb
+++ b/spec/controllers/google_api/authorizations_controller_spec.rb
@@ -6,7 +6,7 @@ describe GoogleApi::AuthorizationsController do
     let(:token) { 'token' }
     let(:expires_at) { 1.hour.since.strftime('%s') }
 
-    subject { get :callback, params: { code: 'xxx', state: @state } }
+    subject { get :callback, params: { code: 'xxx', state: state } }
 
     before do
       sign_in(user)
@@ -15,35 +15,57 @@ describe GoogleApi::AuthorizationsController do
         .to receive(:get_token).and_return([token, expires_at])
     end
 
-    it 'sets token and expires_at in session' do
-      subject
+    shared_examples_for 'access denied' do
+      it 'returns a 404' do
+        subject
 
-      expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token])
-        .to eq(token)
-      expect(session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at])
-        .to eq(expires_at)
+        expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token]).to be_nil
+        expect(response).to have_http_status(:not_found)
+      end
     end
 
-    context 'when redirect uri key is stored in state' do
-      set(:project) { create(:project) }
-      let(:redirect_uri) { project_clusters_url(project).to_s }
+    context 'session key is present' do
+      let(:session_key) { 'session-key' }
+      let(:redirect_uri) { 'example.com' }
 
       before do
-        @state = GoogleApi::CloudPlatform::Client
-          .new_session_key_for_redirect_uri do |key|
-          session[key] = redirect_uri
+        session[GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(session_key)] = redirect_uri
+      end
+
+      context 'session key matches state param' do
+        let(:state) { session_key }
+
+        it 'sets token and expires_at in session' do
+          subject
+
+          expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token])
+            .to eq(token)
+          expect(session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at])
+            .to eq(expires_at)
+        end
+
+        it 'redirects to the URL stored in state param' do
+          expect(subject).to redirect_to(redirect_uri)
         end
       end
 
-      it 'redirects to the URL stored in state param' do
-        expect(subject).to redirect_to(redirect_uri)
+      context 'session key does not match state param' do
+        let(:state) { 'bad-key' }
+
+        it_behaves_like 'access denied'
       end
-    end
 
-    context 'when redirection url is not stored in state' do
-      it 'redirects to root_path' do
-        expect(subject).to redirect_to(root_path)
+      context 'state param is blank' do
+        let(:state) { '' }
+
+        it_behaves_like 'access denied'
       end
     end
+
+    context 'state param is present, but session key is blank' do
+      let(:state) { 'session-key' }
+
+      it_behaves_like 'access denied'
+    end
   end
 end
diff --git a/spec/controllers/groups/clusters_controller_spec.rb b/spec/controllers/groups/clusters_controller_spec.rb
index 360030102e0..ef23ffaa843 100644
--- a/spec/controllers/groups/clusters_controller_spec.rb
+++ b/spec/controllers/groups/clusters_controller_spec.rb
@@ -453,7 +453,7 @@ describe Groups::ClustersController do
     end
 
     context 'when domain is invalid' do
-      let(:domain) { 'not-a-valid-domain' }
+      let(:domain) { 'http://not-a-valid-domain' }
 
       it 'should not update cluster attributes' do
         go
diff --git a/spec/controllers/groups/shared_projects_controller_spec.rb b/spec/controllers/groups/shared_projects_controller_spec.rb
index dab7700cf64..b0c20fb5a90 100644
--- a/spec/controllers/groups/shared_projects_controller_spec.rb
+++ b/spec/controllers/groups/shared_projects_controller_spec.rb
@@ -6,6 +6,8 @@ describe Groups::SharedProjectsController do
   end
 
   def share_project(project)
+    group.add_developer(user)
+
     Projects::GroupLinks::CreateService.new(
       project,
       user,
diff --git a/spec/controllers/projects/autocomplete_sources_controller_spec.rb b/spec/controllers/projects/autocomplete_sources_controller_spec.rb
new file mode 100644
index 00000000000..382e6d547df
--- /dev/null
+++ b/spec/controllers/projects/autocomplete_sources_controller_spec.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Projects::AutocompleteSourcesController do
+  describe 'GET milestones' do
+    let(:user) { create(:user) }
+    let(:group) { create(:group, :public) }
+    let(:project) { create(:project, :public, namespace: group) }
+    let!(:project_milestone) { create(:milestone, project: project) }
+    let!(:group_milestone) { create(:milestone, group: group) }
+
+    before do
+      sign_in(user)
+    end
+
+    it 'lists milestones' do
+      group.add_owner(user)
+
+      get :milestones, format: :json, params: { namespace_id: group.path, project_id: project.path }
+
+      milestone_titles = json_response.map { |milestone| milestone["title"] }
+      expect(milestone_titles).to match_array([project_milestone.title, group_milestone.title])
+    end
+
+    context 'when user cannot read project issues and merge requests' do
+      it 'renders 404' do
+        project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
+        project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)
+
+        get :milestones, format: :json, params: { namespace_id: group.path, project_id: project.path }
+
+        expect(response).to have_gitlab_http_status(404)
+      end
+    end
+  end
+end
diff --git a/spec/controllers/projects/group_links_controller_spec.rb b/spec/controllers/projects/group_links_controller_spec.rb
index 675eeff8d12..ce021b2f085 100644
--- a/spec/controllers/projects/group_links_controller_spec.rb
+++ b/spec/controllers/projects/group_links_controller_spec.rb
@@ -65,8 +65,24 @@ describe Projects::GroupLinksController do
       end
     end
 
+    context 'when user does not have access to the public group' do
+      let(:group) { create(:group, :public) }
+
+      include_context 'link project to group'
+
+      it 'renders 404' do
+        expect(response.status).to eq 404
+      end
+
+      it 'does not share project with that group' do
+        expect(group.shared_projects).not_to include project
+      end
+    end
+
     context 'when project group id equal link group id' do
       before do
+        group2.add_developer(user)
+
         post(:create, params: {
                         namespace_id: project.namespace,
                         project_id: project,
@@ -102,5 +118,26 @@ describe Projects::GroupLinksController do
         expect(flash[:alert]).to eq('Please select a group.')
       end
     end
+
+    context 'when link is not persisted in the database' do
+      before do
+        allow(::Projects::GroupLinks::CreateService).to receive_message_chain(:new, :execute)
+          .and_return({ status: :error, http_status: 409, message: 'error' })
+
+        post(:create, params: {
+                        namespace_id: project.namespace,
+                        project_id: project,
+                        link_group_id: group.id,
+                        link_group_access: ProjectGroupLink.default_access
+                      })
+      end
+
+      it 'redirects to project group links page' do
+        expect(response).to redirect_to(
+          project_project_members_path(project)
+        )
+        expect(flash[:alert]).to eq('error')
+      end
+    end
   end
 end
diff --git a/spec/controllers/snippets_controller_spec.rb b/spec/controllers/snippets_controller_spec.rb
index 5c6858dc7b2..77a94f26d8c 100644
--- a/spec/controllers/snippets_controller_spec.rb
+++ b/spec/controllers/snippets_controller_spec.rb
@@ -205,6 +205,8 @@ describe SnippetsController do
     end
 
     context 'when the snippet description contains a file' do
+      include FileMoverHelpers
+
       let(:picture_file) { '/-/system/temp/secret56/picture.jpg' }
       let(:text_file) { '/-/system/temp/secret78/text.txt' }
       let(:description) do
@@ -215,6 +217,8 @@ describe SnippetsController do
       before do
         allow(FileUtils).to receive(:mkdir_p)
         allow(FileUtils).to receive(:move)
+        stub_file_mover(text_file)
+        stub_file_mover(picture_file)
       end
 
       subject { create_snippet({ description: description }, { files: [picture_file, text_file] }) }
diff --git a/spec/features/merge_request/user_sees_versions_spec.rb b/spec/features/merge_request/user_sees_versions_spec.rb
index aa91ade46ca..5c45e363997 100644
--- a/spec/features/merge_request/user_sees_versions_spec.rb
+++ b/spec/features/merge_request/user_sees_versions_spec.rb
@@ -1,7 +1,11 @@
 require 'rails_helper'
 
 describe 'Merge request > User sees versions', :js do
-  let(:merge_request) { create(:merge_request, importing: true) }
+  let(:merge_request) do
+    create(:merge_request).tap do |mr|
+      mr.merge_request_diff.destroy
+    end
+  end
   let(:project) { merge_request.source_project }
   let(:user) { project.creator }
   let!(:merge_request_diff1) { merge_request.merge_request_diffs.create(head_commit_sha: '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9') }
diff --git a/spec/features/projects/blobs/blob_show_spec.rb b/spec/features/projects/blobs/blob_show_spec.rb
index 3edcc7ac2cd..a7aa63018fd 100644
--- a/spec/features/projects/blobs/blob_show_spec.rb
+++ b/spec/features/projects/blobs/blob_show_spec.rb
@@ -548,10 +548,7 @@ describe 'File blob', :js do
     it 'displays an auxiliary viewer' do
       aggregate_failures do
         # shows names of dependency manager and package
-        expect(page).to have_content('This project manages its dependencies using RubyGems and defines a gem named activerecord.')
-
-        # shows a link to the gem
-        expect(page).to have_link('activerecord', href: 'https://rubygems.org/gems/activerecord')
+        expect(page).to have_content('This project manages its dependencies using RubyGems.')
 
         # shows a learn more link
         expect(page).to have_link('Learn more', href: 'https://rubygems.org/')
diff --git a/spec/features/projects/members/invite_group_spec.rb b/spec/features/projects/members/invite_group_spec.rb
index fceead0b45e..b2d2dba55f1 100644
--- a/spec/features/projects/members/invite_group_spec.rb
+++ b/spec/features/projects/members/invite_group_spec.rb
@@ -27,6 +27,7 @@ describe 'Project > Members > Invite group', :js do
 
       before do
         project.add_maintainer(maintainer)
+        group_to_share_with.add_guest(maintainer)
         sign_in(maintainer)
       end
 
@@ -112,6 +113,7 @@ describe 'Project > Members > Invite group', :js do
 
     before do
       project.add_maintainer(maintainer)
+      group.add_guest(maintainer)
       sign_in(maintainer)
 
       visit project_settings_members_path(project)
diff --git a/spec/features/projects/settings/user_manages_group_links_spec.rb b/spec/features/projects/settings/user_manages_group_links_spec.rb
index 676659b90c3..e5a58c44e41 100644
--- a/spec/features/projects/settings/user_manages_group_links_spec.rb
+++ b/spec/features/projects/settings/user_manages_group_links_spec.rb
@@ -10,6 +10,7 @@ describe 'Projects > Settings > User manages group links' do
 
   before do
     project.add_maintainer(user)
+    group_market.add_guest(user)
     sign_in(user)
 
     share_link = project.project_group_links.new(group_access: Gitlab::Access::MAINTAINER)
diff --git a/spec/finders/merge_requests_finder_spec.rb b/spec/finders/merge_requests_finder_spec.rb
index 107da08a0a9..79f854cdb96 100644
--- a/spec/finders/merge_requests_finder_spec.rb
+++ b/spec/finders/merge_requests_finder_spec.rb
@@ -31,7 +31,7 @@ describe MergeRequestsFinder do
       p
     end
   end
-  let(:project4) { create_project_without_n_plus_1(group: subgroup) }
+  let(:project4) { create_project_without_n_plus_1(:repository, group: subgroup) }
   let(:project5) { create_project_without_n_plus_1(group: subgroup) }
   let(:project6) { create_project_without_n_plus_1(group: subgroup) }
 
@@ -68,6 +68,15 @@ describe MergeRequestsFinder do
       expect(merge_requests.size).to eq(2)
     end
 
+    it 'filters by commit sha' do
+      merge_requests = described_class.new(
+        user,
+        commit_sha: merge_request5.merge_request_diff.last_commit_sha
+      ).execute
+
+      expect(merge_requests).to contain_exactly(merge_request5)
+    end
+
     context 'filtering by group' do
       it 'includes all merge requests when user has access' do
         params = { group_id: group.id }
@@ -269,6 +278,21 @@ describe MergeRequestsFinder do
         expect(merge_requests).to contain_exactly(old_merge_request, new_merge_request)
       end
     end
+
+    context 'when project restricts merge requests' do
+      let(:non_member) { create(:user) }
+      let(:project) { create(:project, :repository, :public, :merge_requests_private) }
+      let!(:merge_request) { create(:merge_request, source_project: project) }
+
+      it "returns nothing to to non members" do
+        merge_requests = described_class.new(
+          non_member,
+          project_id: project.id
+        ).execute
+
+        expect(merge_requests).to be_empty
+      end
+    end
   end
 
   describe '#row_count', :request_store do
diff --git a/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js b/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js
index 9aa3cbaa231..6230da77f49 100644
--- a/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js
+++ b/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js
@@ -755,6 +755,17 @@ describe('Filtered Search Visual Tokens', () => {
       expect(updateUserTokenAppearanceSpy.calls.count()).toBe(0);
     });
 
+    it('does not update user token appearance for `None` filter', () => {
+      const { tokenNameElement } = findElements(authorToken);
+
+      const tokenName = tokenNameElement.innerText;
+      const tokenValue = 'None';
+
+      subject.renderVisualTokenValue(authorToken, tokenName, tokenValue);
+
+      expect(updateUserTokenAppearanceSpy.calls.count()).toBe(0);
+    });
+
     it('does not update user token appearance for `none` filter', () => {
       const { tokenNameElement } = findElements(authorToken);
 
diff --git a/spec/lib/banzai/filter/footnote_filter_spec.rb b/spec/lib/banzai/filter/footnote_filter_spec.rb
index 2e50e4e2351..c6dcb4e46fd 100644
--- a/spec/lib/banzai/filter/footnote_filter_spec.rb
+++ b/spec/lib/banzai/filter/footnote_filter_spec.rb
@@ -11,6 +11,7 @@ describe Banzai::Filter::FootnoteFilter do
   let(:footnote) do
     <<~EOF
       <p>first<sup><a href="#fn1" id="fnref1">1</a></sup> and second<sup><a href="#fn2" id="fnref2">2</a></sup></p>
+      <p>same reference<sup><a href="#fn1" id="fnref1">1</a></sup></p>
       <ol>
       <li id="fn1">
       <p>one <a href="#fnref1">↩</a></p>
@@ -25,6 +26,7 @@ describe Banzai::Filter::FootnoteFilter do
   let(:filtered_footnote) do
     <<~EOF
       <p>first<sup class="footnote-ref"><a href="#fn1-#{identifier}" id="fnref1-#{identifier}">1</a></sup> and second<sup class="footnote-ref"><a href="#fn2-#{identifier}" id="fnref2-#{identifier}">2</a></sup></p>
+      <p>same reference<sup class="footnote-ref"><a href="#fn1-#{identifier}" id="fnref1-#{identifier}">1</a></sup></p>
       <section class="footnotes"><ol>
       <li id="fn1-#{identifier}">
       <p>one <a href="#fnref1-#{identifier}" class="footnote-backref">↩</a></p>
diff --git a/spec/lib/constraints/project_url_constrainer_spec.rb b/spec/lib/constraints/project_url_constrainer_spec.rb
index c96e7ab8495..3496b01ebcc 100644
--- a/spec/lib/constraints/project_url_constrainer_spec.rb
+++ b/spec/lib/constraints/project_url_constrainer_spec.rb
@@ -16,6 +16,10 @@ describe Constraints::ProjectUrlConstrainer do
         let(:request) { build_request('foo', 'bar') }
 
         it { expect(subject.matches?(request)).to be_falsey }
+
+        context 'existence_check is false' do
+          it { expect(subject.matches?(request, existence_check: false)).to be_truthy }
+        end
       end
 
       context "project id ending with .git" do
diff --git a/spec/lib/gitlab/dependency_linker/composer_json_linker_spec.rb b/spec/lib/gitlab/dependency_linker/composer_json_linker_spec.rb
index 4d222564fd0..0ebd8994636 100644
--- a/spec/lib/gitlab/dependency_linker/composer_json_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker/composer_json_linker_spec.rb
@@ -50,8 +50,8 @@ describe Gitlab::DependencyLinker::ComposerJsonLinker do
       %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
     end
 
-    it 'links the module name' do
-      expect(subject).to include(link('laravel/laravel', 'https://packagist.org/packages/laravel/laravel'))
+    it 'does not link the module name' do
+      expect(subject).not_to include(link('laravel/laravel', 'https://packagist.org/packages/laravel/laravel'))
     end
 
     it 'links the homepage' do
diff --git a/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb b/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb
index a97803b119e..f00f6b47b94 100644
--- a/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb
@@ -41,13 +41,16 @@ describe Gitlab::DependencyLinker::GemfileLinker do
     end
 
     it 'links dependencies' do
-      expect(subject).to include(link('rails', 'https://rubygems.org/gems/rails'))
       expect(subject).to include(link('rails-deprecated_sanitizer', 'https://rubygems.org/gems/rails-deprecated_sanitizer'))
-      expect(subject).to include(link('responders', 'https://rubygems.org/gems/responders'))
-      expect(subject).to include(link('sprockets', 'https://rubygems.org/gems/sprockets'))
       expect(subject).to include(link('default_value_for', 'https://rubygems.org/gems/default_value_for'))
     end
 
+    it 'links to external dependencies' do
+      expect(subject).to include(link('rails', 'https://github.com/rails/rails'))
+      expect(subject).to include(link('responders', 'https://github.com/rails/responders'))
+      expect(subject).to include(link('sprockets', 'https://gitlab.example.com/gems/sprockets'))
+    end
+
     it 'links GitHub repos' do
       expect(subject).to include(link('rails/rails', 'https://github.com/rails/rails'))
       expect(subject).to include(link('rails/responders', 'https://github.com/rails/responders'))
diff --git a/spec/lib/gitlab/dependency_linker/gemspec_linker_spec.rb b/spec/lib/gitlab/dependency_linker/gemspec_linker_spec.rb
index 24ad7d12f4c..6c6a5d70576 100644
--- a/spec/lib/gitlab/dependency_linker/gemspec_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker/gemspec_linker_spec.rb
@@ -43,8 +43,8 @@ describe Gitlab::DependencyLinker::GemspecLinker do
       %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
     end
 
-    it 'links the gem name' do
-      expect(subject).to include(link('gitlab_git', 'https://rubygems.org/gems/gitlab_git'))
+    it 'does not link the gem name' do
+      expect(subject).not_to include(link('gitlab_git', 'https://rubygems.org/gems/gitlab_git'))
     end
 
     it 'links the license' do
diff --git a/spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb b/spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb
index 1e8b72afb7b..9050127af7f 100644
--- a/spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb
@@ -33,7 +33,8 @@ describe Gitlab::DependencyLinker::PackageJsonLinker do
             "express": "4.2.x",
             "bigpipe": "bigpipe/pagelet",
             "plates": "https://github.com/flatiron/plates/tarball/master",
-            "karma": "^1.4.1"
+            "karma": "^1.4.1",
+            "random": "git+https://EdOverflow@github.com/example/example.git"
           },
           "devDependencies": {
             "vows": "^0.7.0",
@@ -51,8 +52,8 @@ describe Gitlab::DependencyLinker::PackageJsonLinker do
       %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
     end
 
-    it 'links the module name' do
-      expect(subject).to include(link('module-name', 'https://npmjs.com/package/module-name'))
+    it 'does not link the module name' do
+      expect(subject).not_to include(link('module-name', 'https://npmjs.com/package/module-name'))
     end
 
     it 'links the homepage' do
@@ -71,14 +72,21 @@ describe Gitlab::DependencyLinker::PackageJsonLinker do
       expect(subject).to include(link('primus', 'https://npmjs.com/package/primus'))
       expect(subject).to include(link('async', 'https://npmjs.com/package/async'))
       expect(subject).to include(link('express', 'https://npmjs.com/package/express'))
-      expect(subject).to include(link('bigpipe', 'https://npmjs.com/package/bigpipe'))
-      expect(subject).to include(link('plates', 'https://npmjs.com/package/plates'))
       expect(subject).to include(link('karma', 'https://npmjs.com/package/karma'))
       expect(subject).to include(link('vows', 'https://npmjs.com/package/vows'))
       expect(subject).to include(link('assume', 'https://npmjs.com/package/assume'))
       expect(subject).to include(link('pre-commit', 'https://npmjs.com/package/pre-commit'))
     end
 
+    it 'links dependencies to URL detected on value' do
+      expect(subject).to include(link('bigpipe', 'https://github.com/bigpipe/pagelet'))
+      expect(subject).to include(link('plates', 'https://github.com/flatiron/plates/tarball/master'))
+    end
+
+    it 'does not link to NPM when invalid git URL' do
+      expect(subject).not_to include(link('random', 'https://npmjs.com/package/random'))
+    end
+
     it 'links GitHub repos' do
       expect(subject).to include(link('bigpipe/pagelet', 'https://github.com/bigpipe/pagelet'))
     end
diff --git a/spec/lib/gitlab/dependency_linker/parser/gemfile_spec.rb b/spec/lib/gitlab/dependency_linker/parser/gemfile_spec.rb
new file mode 100644
index 00000000000..f81dbcf62da
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/parser/gemfile_spec.rb
@@ -0,0 +1,42 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::Parser::Gemfile do
+  describe '#parse' do
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        source 'https://rubygems.org'
+
+        gem "rails", '4.2.6', github: "rails/rails"
+        gem 'rails-deprecated_sanitizer', '~> 1.0.3'
+        gem 'responders', '~> 2.0', :github => 'rails/responders'
+        gem 'sprockets', '~> 3.6.0', git: 'https://gitlab.example.com/gems/sprockets'
+        gem 'default_value_for', '~> 3.0.0'
+      CONTENT
+    end
+
+    subject { described_class.new(file_content).parse(keyword: 'gem') }
+
+    def fetch_package(name)
+      subject.find { |package| package.name == name }
+    end
+
+    it 'returns parsed packages' do
+      expect(subject.size).to eq(5)
+      expect(subject).to all(be_a(Gitlab::DependencyLinker::Package))
+    end
+
+    it 'packages respond to name and external_ref accordingly' do
+      expect(fetch_package('rails')).to have_attributes(name: 'rails',
+                                                        github_ref: 'rails/rails',
+                                                        git_ref: nil)
+
+      expect(fetch_package('sprockets')).to have_attributes(name: 'sprockets',
+                                                            github_ref: nil,
+                                                            git_ref: 'https://gitlab.example.com/gems/sprockets')
+
+      expect(fetch_package('default_value_for')).to have_attributes(name: 'default_value_for',
+                                                                    github_ref: nil,
+                                                                    git_ref: nil)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/podfile_linker_spec.rb b/spec/lib/gitlab/dependency_linker/podfile_linker_spec.rb
index cdfd7ad9826..8f1b523653e 100644
--- a/spec/lib/gitlab/dependency_linker/podfile_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker/podfile_linker_spec.rb
@@ -43,7 +43,10 @@ describe Gitlab::DependencyLinker::PodfileLinker do
 
     it 'links packages' do
       expect(subject).to include(link('AFNetworking', 'https://cocoapods.org/pods/AFNetworking'))
-      expect(subject).to include(link('Interstellar/Core', 'https://cocoapods.org/pods/Interstellar'))
+    end
+
+    it 'links external packages' do
+      expect(subject).to include(link('Interstellar/Core', 'https://github.com/ashfurrow/Interstellar.git'))
     end
 
     it 'links Git repos' do
diff --git a/spec/lib/gitlab/dependency_linker/podspec_linker_spec.rb b/spec/lib/gitlab/dependency_linker/podspec_linker_spec.rb
index ed60ab45955..bacec830103 100644
--- a/spec/lib/gitlab/dependency_linker/podspec_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker/podspec_linker_spec.rb
@@ -42,8 +42,8 @@ describe Gitlab::DependencyLinker::PodspecLinker do
       %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
     end
 
-    it 'links the gem name' do
-      expect(subject).to include(link('Reachability', 'https://cocoapods.org/pods/Reachability'))
+    it 'does not link the pod name' do
+      expect(subject).not_to include(link('Reachability', 'https://cocoapods.org/pods/Reachability'))
     end
 
     it 'links the license' do
diff --git a/spec/lib/gitlab/import_export/merge_request_parser_spec.rb b/spec/lib/gitlab/import_export/merge_request_parser_spec.rb
index 68eaa70e6b6..4b234411a44 100644
--- a/spec/lib/gitlab/import_export/merge_request_parser_spec.rb
+++ b/spec/lib/gitlab/import_export/merge_request_parser_spec.rb
@@ -41,4 +41,20 @@ describe Gitlab::ImportExport::MergeRequestParser do
 
     expect(parsed_merge_request).to eq(merge_request)
   end
+
+  context 'when the merge request has diffs' do
+    let(:merge_request) do
+      build(:merge_request, source_project: forked_project, target_project: project)
+    end
+
+    context 'when the diff is invalid' do
+      let(:merge_request_diff) { build(:merge_request_diff, merge_request: merge_request, base_commit_sha: 'foobar') }
+
+      it 'sets the diff to nil' do
+        expect(merge_request_diff).to be_invalid
+        expect(merge_request_diff.merge_request).to eq merge_request
+        expect(parsed_merge_request.merge_request_diff).to be_nil
+      end
+    end
+  end
 end
diff --git a/spec/lib/gitlab/kubernetes/kube_client_spec.rb b/spec/lib/gitlab/kubernetes/kube_client_spec.rb
index 02364e92149..978e64c4407 100644
--- a/spec/lib/gitlab/kubernetes/kube_client_spec.rb
+++ b/spec/lib/gitlab/kubernetes/kube_client_spec.rb
@@ -50,6 +50,36 @@ describe Gitlab::Kubernetes::KubeClient do
     end
   end
 
+  describe '#initialize' do
+    shared_examples 'local address' do
+      it 'blocks local addresses' do
+        expect { client }.to raise_error(Gitlab::UrlBlocker::BlockedUrlError)
+      end
+
+      context 'when local requests are allowed' do
+        before do
+          stub_application_setting(allow_local_requests_from_hooks_and_services: true)
+        end
+
+        it 'allows local addresses' do
+          expect { client }.not_to raise_error
+        end
+      end
+    end
+
+    context 'localhost address' do
+      let(:api_url) { 'http://localhost:22' }
+
+      it_behaves_like 'local address'
+    end
+
+    context 'private network address' do
+      let(:api_url) { 'http://192.168.1.2:3003' }
+
+      it_behaves_like 'local address'
+    end
+  end
+
   describe '#core_client' do
     subject { client.core_client }
 
diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb
index 4f578c48d5b..418f707a130 100644
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -194,23 +194,53 @@ describe Notify do
         let(:new_issue) { create(:issue) }
         subject { described_class.issue_moved_email(recipient, issue, new_issue, current_user) }
 
-        it_behaves_like 'an answer to an existing thread with reply-by-email enabled' do
-          let(:model) { issue }
-        end
-        it_behaves_like 'it should show Gmail Actions View Issue link'
-        it_behaves_like 'an unsubscribeable thread'
+        context 'when a user has permissions to access the new issue' do
+          before do
+            new_issue.project.add_developer(recipient)
+          end
+
+          it_behaves_like 'an answer to an existing thread with reply-by-email enabled' do
+            let(:model) { issue }
+          end
+          it_behaves_like 'it should show Gmail Actions View Issue link'
+          it_behaves_like 'an unsubscribeable thread'
+
+          it 'contains description about action taken' do
+            is_expected.to have_body_text 'Issue was moved to another project'
+          end
+
+          it 'has the correct subject and body' do
+            new_issue_url = project_issue_path(new_issue.project, new_issue)
 
-        it 'contains description about action taken' do
-          is_expected.to have_body_text 'Issue was moved to another project'
+            aggregate_failures do
+              is_expected.to have_referable_subject(issue, reply: true)
+              is_expected.to have_body_text(new_issue_url)
+              is_expected.to have_body_text(project_issue_path(project, issue))
+            end
+          end
+
+          it 'contains the issue title' do
+            is_expected.to have_body_text new_issue.title
+          end
         end
 
-        it 'has the correct subject and body' do
-          new_issue_url = project_issue_path(new_issue.project, new_issue)
+        context 'when a user does not permissions to access the new issue' do
+          it 'has the correct subject and body' do
+            new_issue_url = project_issue_path(new_issue.project, new_issue)
 
-          aggregate_failures do
-            is_expected.to have_referable_subject(issue, reply: true)
-            is_expected.to have_body_text(new_issue_url)
-            is_expected.to have_body_text(project_issue_path(project, issue))
+            aggregate_failures do
+              is_expected.to have_referable_subject(issue, reply: true)
+              is_expected.not_to have_body_text(new_issue_url)
+              is_expected.to have_body_text(project_issue_path(project, issue))
+            end
+          end
+
+          it 'does not contain the issue title' do
+            is_expected.not_to have_body_text new_issue.title
+          end
+
+          it 'contains information about missing permissions' do
+            is_expected.to have_body_text "You don't have access to the project."
           end
         end
       end
diff --git a/spec/models/clusters/cluster_spec.rb b/spec/models/clusters/cluster_spec.rb
index 92ce2b0999a..3feed4e9718 100644
--- a/spec/models/clusters/cluster_spec.rb
+++ b/spec/models/clusters/cluster_spec.rb
@@ -265,12 +265,12 @@ describe Clusters::Cluster do
         it { is_expected.to be_valid }
       end
 
-      context 'when cluster has an invalid domain' do
-        let(:cluster) { build(:cluster, domain: 'not-valid-domain') }
+      context 'when cluster is not a valid hostname' do
+        let(:cluster) { build(:cluster, domain: 'http://not.a.valid.hostname') }
 
         it 'should add an error on domain' do
           expect(subject).not_to be_valid
-          expect(subject.errors[:domain].first).to eq('is not a fully qualified domain name')
+          expect(subject.errors[:domain].first).to eq('contains invalid characters (valid characters: [a-z0-9\\-])')
         end
       end
 
diff --git a/spec/models/clusters/platforms/kubernetes_spec.rb b/spec/models/clusters/platforms/kubernetes_spec.rb
index c273fa7e164..8dfc9297d0a 100644
--- a/spec/models/clusters/platforms/kubernetes_spec.rb
+++ b/spec/models/clusters/platforms/kubernetes_spec.rb
@@ -98,6 +98,22 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
 
         it { expect(kubernetes.save).to be_truthy }
       end
+
+      context 'when api_url is localhost' do
+        let(:api_url) { 'http://localhost:22' }
+
+        it { expect(kubernetes.save).to be_falsey }
+
+        context 'Application settings allows local requests' do
+          before do
+            allow(ApplicationSetting)
+              .to receive(:current)
+              .and_return(ApplicationSetting.build_from_defaults(allow_local_requests_from_hooks_and_services: true))
+          end
+
+          it { expect(kubernetes.save).to be_truthy }
+        end
+      end
     end
 
     context 'when validates token' do
diff --git a/spec/models/commit_collection_spec.rb b/spec/models/commit_collection_spec.rb
index 12e59b35428..0f5d03ff458 100644
--- a/spec/models/commit_collection_spec.rb
+++ b/spec/models/commit_collection_spec.rb
@@ -12,26 +12,26 @@ describe CommitCollection do
     end
   end
 
-  describe '.committers' do
+  describe '.authors' do
     it 'returns a relation of users when users are found' do
-      user = create(:user, email: commit.committer_email.upcase)
+      user = create(:user, email: commit.author_email.upcase)
       collection = described_class.new(project, [commit])
 
-      expect(collection.committers).to contain_exactly(user)
+      expect(collection.authors).to contain_exactly(user)
     end
 
-    it 'returns empty array when committers cannot be found' do
+    it 'returns empty array when authors cannot be found' do
       collection = described_class.new(project, [commit])
 
-      expect(collection.committers).to be_empty
+      expect(collection.authors).to be_empty
     end
 
     it 'excludes authors of merge commits' do
       commit = project.commit("60ecb67744cb56576c30214ff52294f8ce2def98")
-      create(:user, email: commit.committer_email.upcase)
+      create(:user, email: commit.author_email.upcase)
       collection = described_class.new(project, [commit])
 
-      expect(collection.committers).to be_empty
+      expect(collection.authors).to be_empty
     end
   end
 
diff --git a/spec/models/concerns/milestoneish_spec.rb b/spec/models/concerns/milestoneish_spec.rb
index 87bf731340f..4647eecbdef 100644
--- a/spec/models/concerns/milestoneish_spec.rb
+++ b/spec/models/concerns/milestoneish_spec.rb
@@ -48,7 +48,7 @@ describe Milestone, 'Milestoneish' do
       merge_request_2 = create(:labeled_merge_request, labels: [label_1], source_project: project, source_branch: 'branch_2', milestone: milestone)
       merge_request_3 = create(:labeled_merge_request, labels: [label_3], source_project: project, source_branch: 'branch_3', milestone: milestone)
 
-      merge_requests = milestone.sorted_merge_requests
+      merge_requests = milestone.sorted_merge_requests(member)
 
       expect(merge_requests.first).to eq(merge_request_2)
       expect(merge_requests.second).to eq(merge_request_1)
@@ -56,6 +56,51 @@ describe Milestone, 'Milestoneish' do
     end
   end
 
+  describe '#merge_requests_visible_to_user' do
+    let(:merge_request) { create(:merge_request, source_project: project, milestone: milestone) }
+
+    context 'when project is private' do
+      before do
+        project.update(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+      end
+
+      it 'does not return any merge request for a non member' do
+        merge_requests = milestone.merge_requests_visible_to_user(non_member)
+        expect(merge_requests).to be_empty
+      end
+
+      it 'returns milestone merge requests for a member' do
+        merge_requests = milestone.merge_requests_visible_to_user(member)
+        expect(merge_requests).to contain_exactly(merge_request)
+      end
+    end
+
+    context 'when project is public' do
+      context 'when merge requests are available to anyone' do
+        it 'returns milestone merge requests for a non member' do
+          merge_requests = milestone.merge_requests_visible_to_user(non_member)
+          expect(merge_requests).to contain_exactly(merge_request)
+        end
+      end
+
+      context 'when merge requests are available to project members' do
+        before do
+          project.project_feature.update(merge_requests_access_level: ProjectFeature::PRIVATE)
+        end
+
+        it 'does not return any merge request for a non member' do
+          merge_requests = milestone.merge_requests_visible_to_user(non_member)
+          expect(merge_requests).to be_empty
+        end
+
+        it 'returns milestone merge requests for a member' do
+          merge_requests = milestone.merge_requests_visible_to_user(member)
+          expect(merge_requests).to contain_exactly(merge_request)
+        end
+      end
+    end
+  end
+
   describe '#closed_items_count' do
     it 'does not count confidential issues for non project members' do
       expect(milestone.closed_items_count(non_member)).to eq 2
diff --git a/spec/models/merge_request_diff_spec.rb b/spec/models/merge_request_diff_spec.rb
index 1849d3bac12..e530e0302f5 100644
--- a/spec/models/merge_request_diff_spec.rb
+++ b/spec/models/merge_request_diff_spec.rb
@@ -3,6 +3,18 @@ require 'spec_helper'
 describe MergeRequestDiff do
   let(:diff_with_commits) { create(:merge_request).merge_request_diff }
 
+  describe 'validations' do
+    subject { diff_with_commits }
+
+    it 'checks sha format of base_commit_sha, head_commit_sha and start_commit_sha' do
+      subject.base_commit_sha = subject.head_commit_sha = subject.start_commit_sha = 'foobar'
+
+      expect(subject.valid?).to be false
+      expect(subject.errors.count).to eq 3
+      expect(subject.errors).to all(include('is not a valid SHA'))
+    end
+  end
+
   describe 'create new record' do
     subject { diff_with_commits }
 
@@ -78,7 +90,7 @@ describe MergeRequestDiff do
       it 'returns persisted diffs if cannot compare with diff refs' do
         expect(diff).to receive(:load_diffs).and_call_original
 
-        diff.update!(head_commit_sha: 'invalid-sha')
+        diff.update!(head_commit_sha: Digest::SHA1.hexdigest(SecureRandom.hex))
 
         diff.diffs.diff_files
       end
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index afa87b8a62d..39ffef5f051 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -435,6 +435,7 @@ describe MergeRequest do
       it 'does not cache issues from external trackers' do
         issue  = ExternalIssue.new('JIRA-123', subject.project)
         commit = double('commit1', safe_message: "Fixes #{issue.to_reference}")
+
         allow(subject).to receive(:commits).and_return([commit])
 
         expect { subject.cache_merge_request_closes_issues!(subject.author) }.not_to raise_error
@@ -1023,23 +1024,23 @@ describe MergeRequest do
     end
   end
 
-  describe '#committers' do
-    it 'returns all the committers of every commit in the merge request' do
-      users = subject.commits.map(&:committer_email).uniq.map do |email|
+  describe '#commit_authors' do
+    it 'returns all the authors of every commit in the merge request' do
+      users = subject.commits.map(&:author_email).uniq.map do |email|
         create(:user, email: email)
       end
 
-      expect(subject.committers).to match_array(users)
+      expect(subject.commit_authors).to match_array(users)
     end
 
-    it 'returns an empty array if no committer is associated with a user' do
-      expect(subject.committers).to be_empty
+    it 'returns an empty array if no author is associated with a user' do
+      expect(subject.commit_authors).to be_empty
     end
   end
 
   describe '#authors' do
-    it 'returns a list with all the committers in the merge request and author' do
-      users = subject.commits.map(&:committer_email).uniq.map do |email|
+    it 'returns a list with all the commit authors in the merge request and author' do
+      users = subject.commits.map(&:author_email).uniq.map do |email|
         create(:user, email: email)
       end
 
diff --git a/spec/models/project_services/prometheus_service_spec.rb b/spec/models/project_services/prometheus_service_spec.rb
index b6cf4c72450..e9c7c94ad70 100644
--- a/spec/models/project_services/prometheus_service_spec.rb
+++ b/spec/models/project_services/prometheus_service_spec.rb
@@ -33,18 +33,38 @@ describe PrometheusService, :use_clean_rails_memory_store_caching do
   describe 'Validations' do
     context 'when manual_configuration is enabled' do
       before do
-        subject.manual_configuration = true
+        service.manual_configuration = true
       end
 
-      it { is_expected.to validate_presence_of(:api_url) }
+      it 'validates presence of api_url' do
+        expect(service).to validate_presence_of(:api_url)
+      end
     end
 
     context 'when manual configuration is disabled' do
       before do
-        subject.manual_configuration = false
+        service.manual_configuration = false
       end
 
-      it { is_expected.not_to validate_presence_of(:api_url) }
+      it 'does not validate presence of api_url' do
+        expect(service).not_to validate_presence_of(:api_url)
+      end
+    end
+
+    context 'when the api_url domain points to localhost or local network' do
+      let(:domain) { Addressable::URI.parse(service.api_url).hostname }
+
+      it 'cannot query' do
+        expect(service.can_query?).to be true
+
+        aggregate_failures do
+          ['127.0.0.1', '192.168.2.3'].each do |url|
+            allow(Addrinfo).to receive(:getaddrinfo).with(domain, any_args).and_return([Addrinfo.tcp(url, 80)])
+
+            expect(service.can_query?).to be false
+          end
+        end
+      end
     end
   end
 
@@ -74,30 +94,35 @@ describe PrometheusService, :use_clean_rails_memory_store_caching do
   end
 
   describe '#prometheus_client' do
+    let(:api_url) { 'http://some_url' }
+
+    before do
+      service.active = true
+      service.api_url = api_url
+      service.manual_configuration = manual_configuration
+    end
+
     context 'manual configuration is enabled' do
-      let(:api_url) { 'http://some_url' }
+      let(:manual_configuration) { true }
 
-      before do
-        subject.active = true
-        subject.manual_configuration = true
-        subject.api_url = api_url
+      it 'returns rest client from api_url' do
+        expect(service.prometheus_client.url).to eq(api_url)
       end
 
-      it 'returns rest client from api_url' do
-        expect(subject.prometheus_client.url).to eq(api_url)
+      it 'calls valid?' do
+        allow(service).to receive(:valid?).and_call_original
+
+        expect(service.prometheus_client).not_to be_nil
+
+        expect(service).to have_received(:valid?)
       end
     end
 
     context 'manual configuration is disabled' do
-      let(:api_url) { 'http://some_url' }
-
-      before do
-        subject.manual_configuration = false
-        subject.api_url = api_url
-      end
+      let(:manual_configuration) { false }
 
       it 'no client provided' do
-        expect(subject.prometheus_client).to be_nil
+        expect(service.prometheus_client).to be_nil
       end
     end
   end
diff --git a/spec/policies/board_policy_spec.rb b/spec/policies/board_policy_spec.rb
new file mode 100644
index 00000000000..4b76d65ef69
--- /dev/null
+++ b/spec/policies/board_policy_spec.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe BoardPolicy do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, :private) }
+  let(:group) { create(:group, :private) }
+  let(:group_board) { create(:board, group: group) }
+  let(:project_board) { create(:board, project: project) }
+
+  let(:board_permissions) do
+    [
+      :read_parent,
+      :read_milestone,
+      :read_issue
+    ]
+  end
+
+  def expect_allowed(*permissions)
+    permissions.each { |p| is_expected.to be_allowed(p) }
+  end
+
+  def expect_disallowed(*permissions)
+    permissions.each { |p| is_expected.not_to be_allowed(p) }
+  end
+
+  context 'group board' do
+    subject { described_class.new(user, group_board) }
+
+    context 'user has access' do
+      before do
+        group.add_developer(user)
+      end
+
+      it do
+        expect_allowed(*board_permissions)
+      end
+    end
+
+    context 'user does not have access' do
+      it do
+        expect_disallowed(*board_permissions)
+      end
+    end
+  end
+
+  context 'project board' do
+    subject { described_class.new(user, project_board) }
+
+    context 'user has access' do
+      before do
+        project.add_developer(user)
+      end
+
+      it do
+        expect_allowed(*board_permissions)
+      end
+    end
+
+    context 'user does not have access' do
+      it do
+        expect_disallowed(*board_permissions)
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb
index 6b9bc6eda6a..c24e17fda3f 100644
--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -1430,8 +1430,8 @@ describe API::Commits do
   end
 
   describe 'GET /projects/:id/repository/commits/:sha/merge_requests' do
-    let!(:project) { create(:project, :repository, :private) }
-    let!(:merged_mr) { create(:merge_request, source_project: project, source_branch: 'master', target_branch: 'feature') }
+    let(:project) { create(:project, :repository, :private) }
+    let(:merged_mr) { create(:merge_request, source_project: project, source_branch: 'master', target_branch: 'feature') }
     let(:commit) { merged_mr.merge_request_diff.commits.last }
 
     it 'returns the correct merge request' do
@@ -1456,5 +1456,16 @@ describe API::Commits do
 
       expect(response).to have_gitlab_http_status(404)
     end
+
+    context 'public project' do
+      let(:project) { create(:project, :repository, :public, :merge_requests_private) }
+      let(:non_member) { create(:user) }
+
+      it 'responds 403 when only members are allowed to read merge requests' do
+        get api("/projects/#{project.id}/repository/commits/#{commit.id}/merge_requests", non_member)
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
   end
 end
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index cfa7a1a31a3..365d49ce2d9 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -110,6 +110,7 @@ describe API::Projects do
     end
 
     let!(:public_project) { create(:project, :public, name: 'public_project') }
+
     before do
       project
       project2
@@ -942,8 +943,16 @@ describe API::Projects do
 
   describe 'GET /projects/:id' do
     context 'when unauthenticated' do
-      it 'returns the public projects' do
-        public_project = create(:project, :public)
+      it 'does not return private projects' do
+        private_project = create(:project, :private)
+
+        get api("/projects/#{private_project.id}")
+
+        expect(response).to have_gitlab_http_status(404)
+      end
+
+      it 'returns public projects' do
+        public_project = create(:project, :repository, :public)
 
         get api("/projects/#{public_project.id}")
 
@@ -951,8 +960,34 @@ describe API::Projects do
         expect(json_response['id']).to eq(public_project.id)
         expect(json_response['description']).to eq(public_project.description)
         expect(json_response['default_branch']).to eq(public_project.default_branch)
+        expect(json_response['ci_config_path']).to eq(public_project.ci_config_path)
         expect(json_response.keys).not_to include('permissions')
       end
+
+      context 'and the project has a private repository' do
+        let(:project) { create(:project, :repository, :public, :repository_private) }
+        let(:protected_attributes) { %w(default_branch ci_config_path) }
+
+        it 'hides protected attributes of private repositories if user is not a member' do
+          get api("/projects/#{project.id}", user)
+
+          expect(response).to have_gitlab_http_status(200)
+          protected_attributes.each do |attribute|
+            expect(json_response.keys).not_to include(attribute)
+          end
+        end
+
+        it 'exposes protected attributes of private repositories if user is a member' do
+          project.add_developer(user)
+
+          get api("/projects/#{project.id}", user)
+
+          expect(response).to have_gitlab_http_status(200)
+          protected_attributes.each do |attribute|
+            expect(json_response.keys).to include(attribute)
+          end
+        end
+      end
     end
 
     context 'when authenticated' do
@@ -1104,6 +1139,26 @@ describe API::Projects do
         expect(json_response).to include 'statistics'
       end
 
+      context "and the project has a private repository" do
+        let(:project) { create(:project, :public, :repository, :repository_private) }
+
+        it "does not include statistics if user is not a member" do
+          get api("/projects/#{project.id}", user), params: { statistics: true }
+
+          expect(response).to have_gitlab_http_status(200)
+          expect(json_response).not_to include 'statistics'
+        end
+
+        it "includes statistics if user is a member" do
+          project.add_developer(user)
+
+          get api("/projects/#{project.id}", user), params: { statistics: true }
+
+          expect(response).to have_gitlab_http_status(200)
+          expect(json_response).to include 'statistics'
+        end
+      end
+
       it "includes import_error if user can admin project" do
         get api("/projects/#{project.id}", user)
 
@@ -1484,6 +1539,9 @@ describe API::Projects do
 
   describe "POST /projects/:id/share" do
     let(:group) { create(:group) }
+    before do
+      group.add_developer(user)
+    end
 
     it "shares project with group" do
       expires_at = 10.days.from_now.to_date
@@ -1534,6 +1592,15 @@ describe API::Projects do
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['error']).to eq 'group_access does not have a valid value'
     end
+
+    it "returns a 409 error when link is not saved" do
+      allow(::Projects::GroupLinks::CreateService).to receive_message_chain(:new, :execute)
+        .and_return({ status: :error, http_status: 409, message: 'error' })
+
+      post api("/projects/#{project.id}/share", user), params: { group_id: group.id, group_access: Gitlab::Access::DEVELOPER }
+
+      expect(response).to have_gitlab_http_status(409)
+    end
   end
 
   describe 'DELETE /projects/:id/share/:group_id' do
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index 5b625fd47be..bfa178f5cae 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -104,6 +104,70 @@ describe 'Git HTTP requests' do
     end
   end
 
+  shared_examples_for 'project path without .git suffix' do
+    context "GET info/refs" do
+      let(:path) { "/#{project_path}/info/refs" }
+
+      context "when no params are added" do
+        before do
+          get path
+        end
+
+        it "redirects to the .git suffix version" do
+          expect(response).to redirect_to("/#{project_path}.git/info/refs")
+        end
+      end
+
+      context "when the upload-pack service is requested" do
+        let(:params) { { service: 'git-upload-pack' } }
+
+        before do
+          get path, params: params
+        end
+
+        it "redirects to the .git suffix version" do
+          expect(response).to redirect_to("/#{project_path}.git/info/refs?service=#{params[:service]}")
+        end
+      end
+
+      context "when the receive-pack service is requested" do
+        let(:params) { { service: 'git-receive-pack' } }
+
+        before do
+          get path, params: params
+        end
+
+        it "redirects to the .git suffix version" do
+          expect(response).to redirect_to("/#{project_path}.git/info/refs?service=#{params[:service]}")
+        end
+      end
+
+      context "when the params are anything else" do
+        let(:params) { { service: 'git-implode-pack' } }
+
+        before do
+          get path, params: params
+        end
+
+        it "redirects to the sign-in page" do
+          expect(response).to redirect_to(new_user_session_path)
+        end
+      end
+    end
+
+    context "POST git-upload-pack" do
+      it "fails to find a route" do
+        expect { clone_post(project_path) }.to raise_error(ActionController::RoutingError)
+      end
+    end
+
+    context "POST git-receive-pack" do
+      it "fails to find a route" do
+        expect { push_post(project_path) }.to raise_error(ActionController::RoutingError)
+      end
+    end
+  end
+
   describe "User with no identities" do
     let(:user) { create(:user) }
 
@@ -143,6 +207,10 @@ describe 'Git HTTP requests' do
             expect(response).to have_gitlab_http_status(:unprocessable_entity)
           end
         end
+
+        it_behaves_like 'project path without .git suffix' do
+          let(:project_path) { "#{user.namespace.path}/project.git-project" }
+        end
       end
     end
 
@@ -706,70 +774,8 @@ describe 'Git HTTP requests' do
         end
       end
 
-      context "when the project path doesn't end in .git" do
-        let(:project) { create(:project, :repository, :public, path: 'project.git-project') }
-
-        context "GET info/refs" do
-          let(:path) { "/#{project.full_path}/info/refs" }
-
-          context "when no params are added" do
-            before do
-              get path
-            end
-
-            it "redirects to the .git suffix version" do
-              expect(response).to redirect_to("/#{project.full_path}.git/info/refs")
-            end
-          end
-
-          context "when the upload-pack service is requested" do
-            let(:params) { { service: 'git-upload-pack' } }
-
-            before do
-              get path, params: params
-            end
-
-            it "redirects to the .git suffix version" do
-              expect(response).to redirect_to("/#{project.full_path}.git/info/refs?service=#{params[:service]}")
-            end
-          end
-
-          context "when the receive-pack service is requested" do
-            let(:params) { { service: 'git-receive-pack' } }
-
-            before do
-              get path, params: params
-            end
-
-            it "redirects to the .git suffix version" do
-              expect(response).to redirect_to("/#{project.full_path}.git/info/refs?service=#{params[:service]}")
-            end
-          end
-
-          context "when the params are anything else" do
-            let(:params) { { service: 'git-implode-pack' } }
-
-            before do
-              get path, params: params
-            end
-
-            it "redirects to the sign-in page" do
-              expect(response).to redirect_to(new_user_session_path)
-            end
-          end
-        end
-
-        context "POST git-upload-pack" do
-          it "fails to find a route" do
-            expect { clone_post(project.full_path) }.to raise_error(ActionController::RoutingError)
-          end
-        end
-
-        context "POST git-receive-pack" do
-          it "fails to find a route" do
-            expect { push_post(project.full_path) }.to raise_error(ActionController::RoutingError)
-          end
-        end
+      it_behaves_like 'project path without .git suffix' do
+        let(:project_path) { create(:project, :repository, :public, path: 'project.git-project').full_path }
       end
 
       context "retrieving an info/refs file" do
diff --git a/spec/services/projects/group_links/create_service_spec.rb b/spec/services/projects/group_links/create_service_spec.rb
index ffb270d277e..68fd82b4cbe 100644
--- a/spec/services/projects/group_links/create_service_spec.rb
+++ b/spec/services/projects/group_links/create_service_spec.rb
@@ -12,6 +12,10 @@ describe Projects::GroupLinks::CreateService, '#execute' do
   end
   let(:subject) { described_class.new(project, user, opts) }
 
+  before do
+    group.add_developer(user)
+  end
+
   it 'adds group to project' do
     expect { subject.execute(group) }.to change { project.project_group_links.count }.from(0).to(1)
   end
@@ -19,4 +23,8 @@ describe Projects::GroupLinks::CreateService, '#execute' do
   it 'returns false if group is blank' do
     expect { subject.execute(nil) }.not_to change { project.project_group_links.count }
   end
+
+  it 'returns error if user is not allowed to share with a group' do
+    expect { subject.execute(create :group) }.not_to change { project.project_group_links.count }
+  end
 end
diff --git a/spec/support/helpers/file_mover_helpers.rb b/spec/support/helpers/file_mover_helpers.rb
new file mode 100644
index 00000000000..1ba7cc03354
--- /dev/null
+++ b/spec/support/helpers/file_mover_helpers.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module FileMoverHelpers
+  def stub_file_mover(file_path, stub_real_path: nil)
+    file_name = File.basename(file_path)
+    allow(Pathname).to receive(:new).and_call_original
+
+    expect_next_instance_of(Pathname, a_string_including(file_name)) do |pathname|
+      allow(pathname).to receive(:realpath) { stub_real_path || pathname.cleanpath }
+    end
+  end
+end
diff --git a/spec/uploaders/file_mover_spec.rb b/spec/uploaders/file_mover_spec.rb
index de29d0c943f..e474a714b10 100644
--- a/spec/uploaders/file_mover_spec.rb
+++ b/spec/uploaders/file_mover_spec.rb
@@ -1,8 +1,9 @@
 require 'spec_helper'
 
 describe FileMover do
+  include FileMoverHelpers
+
   let(:filename) { 'banana_sample.gif' }
-  let(:file) { fixture_file_upload(File.join('spec', 'fixtures', filename)) }
   let(:temp_file_path) { File.join('uploads/-/system/temp', 'secret55', filename) }
 
   let(:temp_description) do
@@ -12,7 +13,7 @@ describe FileMover do
   let(:file_path) { File.join('uploads/-/system/personal_snippet', snippet.id.to_s, 'secret55', filename) }
   let(:snippet) { create(:personal_snippet, description: temp_description) }
 
-  subject { described_class.new(file_path, snippet).execute }
+  subject { described_class.new(temp_file_path, snippet).execute }
 
   describe '#execute' do
     before do
@@ -20,6 +21,8 @@ describe FileMover do
       expect(FileUtils).to receive(:move).with(a_string_including(temp_file_path), a_string_including(file_path))
       allow_any_instance_of(CarrierWave::SanitizedFile).to receive(:exists?).and_return(true)
       allow_any_instance_of(CarrierWave::SanitizedFile).to receive(:size).and_return(10)
+
+      stub_file_mover(temp_file_path)
     end
 
     context 'when move and field update successful' do
@@ -66,4 +69,30 @@ describe FileMover do
       end
     end
   end
+
+  context 'security' do
+    context 'when relative path is involved' do
+      let(:temp_file_path) { File.join('uploads/-/system/temp', '..', 'another_subdir_of_temp') }
+
+      it 'does not trigger move if path is outside designated directory' do
+        stub_file_mover('uploads/-/system/another_subdir_of_temp')
+        expect(FileUtils).not_to receive(:move)
+
+        subject
+
+        expect(snippet.reload.description).to eq(temp_description)
+      end
+    end
+
+    context 'when symlink is involved' do
+      it 'does not trigger move if path is outside designated directory' do
+        stub_file_mover(temp_file_path, stub_real_path: Pathname('/etc'))
+        expect(FileUtils).not_to receive(:move)
+
+        subject
+
+        expect(snippet.reload.description).to eq(temp_description)
+      end
+    end
+  end
 end
diff --git a/spec/validators/sha_validator_spec.rb b/spec/validators/sha_validator_spec.rb
new file mode 100644
index 00000000000..b9242ef931e
--- /dev/null
+++ b/spec/validators/sha_validator_spec.rb
@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe ShaValidator do
+  let(:validator) { described_class.new(attributes: [:base_commit_sha]) }
+  let(:merge_diff) { build(:merge_request_diff) }
+
+  subject { validator.validate_each(merge_diff, :base_commit_sha, value) }
+
+  context 'with empty value' do
+    let(:value) { nil }
+
+    it 'does not add any error if value is empty' do
+      subject
+
+      expect(merge_diff.errors).to be_empty
+    end
+  end
+
+  context 'with valid sha' do
+    let(:value) { Digest::SHA1.hexdigest(SecureRandom.hex) }
+
+    it 'does not add any error if value is empty' do
+      subject
+
+      expect(merge_diff.errors).to be_empty
+    end
+  end
+
+  context 'with invalid sha' do
+    let(:value) { 'foo' }
+
+    it 'adds error to the record' do
+      expect(merge_diff.errors).to be_empty
+
+      subject
+
+      expect(merge_diff.errors).not_to be_empty
+    end
+  end
+end
diff --git a/spec/workers/update_head_pipeline_for_merge_request_worker_spec.rb b/spec/workers/update_head_pipeline_for_merge_request_worker_spec.rb
index 963237ceadf..f29e49f202a 100644
--- a/spec/workers/update_head_pipeline_for_merge_request_worker_spec.rb
+++ b/spec/workers/update_head_pipeline_for_merge_request_worker_spec.rb
@@ -18,7 +18,7 @@ describe UpdateHeadPipelineForMergeRequestWorker do
 
       context 'when merge request sha does not equal pipeline sha' do
         before do
-          merge_request.merge_request_diff.update(head_commit_sha: 'different_sha')
+          merge_request.merge_request_diff.update(head_commit_sha: Digest::SHA1.hexdigest(SecureRandom.hex))
         end
 
         it 'does not update head pipeline' do
diff --git a/yarn.lock b/yarn.lock
index 9d0ba6640f0..550566bd252 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -658,10 +658,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-1.51.0.tgz#1b608f68dfb74284401b1cbdb823440f6e8b0091"
   integrity sha512-B1Wdhfy5ZClkHuaaCUUZyOBF8CFxxHqxGGhveRekOowtlMExa3tx+YkqNa5XPsEVMF6Aqnh8evQmmN4b+zrHVQ==
 
-"@gitlab/ui@^2.0.2":
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-2.0.2.tgz#611571c931181fb783f57f712e1c2388059b301b"
-  integrity sha512-rUWVhWmM9EkwIEruYJEjizrQKe7TzNyKArwWY/nfEL4HptDtwbe+xHfR8IJHbpql3oI87cTO3BheMxYF6b2Ebg==
+"@gitlab/ui@^2.0.4":
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-2.0.4.tgz#ba86f6e5868ef7bc7f504cef9ca504c2d2f6bffd"
+  integrity sha512-dJ+KKpeqIAPYZtYZeciXhC/whNiGPVRjp5IgjQRddh3zsreqmfwQq58nSH7HepAAIepaqTe0UFuzBgrSWvVM6w==
   dependencies:
     babel-standalone "^6.26.0"
     bootstrap-vue "^2.0.0-rc.11"