This is used by Duo Workflow for storing intermediate checkpoint data
when interrupting a workflow.

Changlog: added

Changelog: other
EE: true

Context
----------------------

After a gap analysis of the features available on the group and
project level dependency pages[^1], we have begun work to bring the
pages to parity.

It appears the same [finder][0] is used in the [group][1] and [project][2]
controllers. This means that all we need to do for adding a filter or
sort param is:

1. add the new param to the controller's permitted params
2. add spec coverage

This change
----------------------

1. Adds the `licenses` key as a valid filter param
2. Adds a spec making sure the controller is wired up properly to the finder[^2]

[^1]: There is a table of the analysis on the [epic][3]
[^2]: More extensive testing of the filtering (e.g. multiple values,
      nil values, etc.) is left to the finder's spec. Here, we are only
      concerned that the parameters are flowing to the finder as expected

[0]:https://gitlab.com/gitlab-org/gitlab/-/blob/0a5af4787ad597d3f1726d3cd00ee93d16c35e2c/ee/app/finders/sbom/dependencies_finder.rb
[1]:https://gitlab.com/gitlab-org/gitlab/-/blob/0a5af4787ad597d3f1726d3cd00ee93d16c35e2c/ee/app/controllers/groups/dependencies_controller.rb#L104
[2]:https://gitlab.com/gitlab-org/gitlab/-/blob/0a5af4787ad597d3f1726d3cd00ee93d16c35e2c/ee/app/controllers/projects/dependencies_controller.rb#L92
[3]:&15305

---

related to: #493773
MR: !179432

Missing thread was causing the Duo Code Review Chat to load the
messages from first thread all the time which is incorrect.
It should load messages from the current thread only.

- cover more cases
- improve readablity

This permission allows members to view the user management pages in the
Admin area.

EE: true
Changelog: added

Changelog: added

EE: true

Fixes bug in Value Stream Analytics where success alert was not being
dismissed upon deleting a newly created/updated value stream.

Changelog: fixed
EE: true

Migrates data from SystemAccess::MicrosoftApplication to
SystemAccess::GroupMicrosoftApplication. This is to enable the table to
be split between instance application records for instance-wide SAML
sync, and per-group application records for group-based SAML sync.

This way we can shard the data appropriately for Cells.

The code will initially write to both tables during the transition, with
a feature flag to control which table is read from. When the feature
flag is removed, we can remove writing to the legacy table.

Changelog: changed
EE: true

Since `work_item_epics_ssot` is already used for other parts of the
code, it's safer to use a separate feature flag for this rollout.

This reverts merge request !177883

Add group or project as sharding key.
Backfill all records in a post deploy migration
as the table is very small

Changelog: other

Sometimes users must reindex or recreate the index to take advantage of
Advanced Search improvements in certain releases. The elastic info rake
task will now output the version in which the index was created.

Changelog: added
MR: !179446
EE: true

- Add and trigger worker to analyze the config when policy changes
- Update policy metadata with enforced scanners

This method is slow because of the `MergeRequest#approved?` method.
Especially in EE, there are so many logic and it takes a lot of time.

In the codebase, the preloads of the MR associations are handled but not
in this part. I am copying the preload logic here but I created another
issue for the related team to handle all preloads of merge requests.
(https://gitlab.com/gitlab-org/gitlab/-/issues/515959)

Related to #515980

Feature flag: ci_merge_request_variables_preload

Increases the allowed file size to 2MB

Changelog: changed

Context
----------------------

After a gap analysis of the features available on the group and
project level dependency pages[^1], we have begun work to bring the
pages to parity.

It appears the same [finder][0] is used in the [group][1] and [project][2]
controllers. This means that all we need to do for adding a filter or
sort param is:

1. add the new param to the controller's permitted params
2. add spec coverage

This change
----------------------

1. Adds the `package_manager` key as a valid filter param
2. Adds a spec making sure the controller is wired up properly to the finder[^2]

[^1]: There is a table of the analysis on the [epic][3]
[^2]: More extensive testing of the filtering (e.g. multiple values,
      nil values, etc.) is left to the finder's spec. Here, we are only
      concerned that the parameters are flowing to the finder as expected

[0]:https://gitlab.com/gitlab-org/gitlab/-/blob/0a5af4787ad597d3f1726d3cd00ee93d16c35e2c/ee/app/finders/sbom/dependencies_finder.rb
[1]:https://gitlab.com/gitlab-org/gitlab/-/blob/0a5af4787ad597d3f1726d3cd00ee93d16c35e2c/ee/app/controllers/groups/dependencies_controller.rb#L104
[2]:https://gitlab.com/gitlab-org/gitlab/-/blob/0a5af4787ad597d3f1726d3cd00ee93d16c35e2c/ee/app/controllers/projects/dependencies_controller.rb#L92
[3]:&15305

---

related to: #493774
MR: !179513

This change improves the UX when a user uses
the "Resolve with AI" feature on the MR-security
widget.

Currently it can happen that the page needs to do
a hard-fresh once the given vulnerability is
resolved and the added comment, containing the
solutions details, is scrolled into view.

This change decreases the likelihood of this
happening by utilizing a mutation observer.

Roadmap relies on Epic API and we plan to move it to use Work Item API
as a part of #478011, but
until that the expectation is that there is no significant mismatch of
data between both the APIs especially because other attributes of Epics
are consistent between old and new experience.

To fix that, we're presenting the Epic dates with the `WorkItem` logic.

Related to: #514066

Changelog: fixed
EE: true

Types that require a license will not be returned when not available

Changelog: added
EE: true

Fixes a bug where if the approvals data times out in the merge request
GraphQL query we will not render any data. This fixes it by seperating the 2 requests,
this way we can still render merge requests even if the approvals data
times out.

Adds new provision service that will do the complete
provisioning for a namespace based on the internal
call from CustomersDot.

See MR: !178532

EE: true
Changelog: other

Changelog: changed
EE: true

- Removing unneeded label-for
- Adding sr-only label for user-cap input

Adds additional tests for the date range filter dropdown
options prop.

Follow up MR for: !178999

Block group branch modifications
only loads top level groups
linked to spp

Changelog: changed
EE: true