Add latest changes from gitlab-org/gitlab@master

.rubocop_todo/rspec/named_subject.yml

@@ -441,7 +441,6 @@ RSpec/NamedSubject:
     - 'ee/spec/lib/gitlab/llm/templates/generate_commit_message_spec.rb'
     - 'ee/spec/lib/gitlab/llm/templates/summarize_review_spec.rb'
     - 'ee/spec/lib/gitlab/llm/vertex_ai/completions/analyze_ci_job_failure_spec.rb'
-    - 'ee/spec/lib/gitlab/llm/vertex_ai/completions/generate_commit_message_spec.rb'
     - 'ee/spec/lib/gitlab/llm/vertex_ai/completions/summarize_review_spec.rb'
     - 'ee/spec/lib/gitlab/llm/vertex_ai/model_configurations/chat_spec.rb'
     - 'ee/spec/lib/gitlab/llm/vertex_ai/model_configurations/code_chat_spec.rb'

app/assets/javascripts/analytics/shared/constants.js

@@ -130,6 +130,7 @@ export const CONTRIBUTOR_METRICS = {
 
 export const AI_METRICS = {
   CODE_SUGGESTIONS_USAGE_RATE: 'code_suggestions_usage_rate',
+  CODE_SUGGESTIONS_ACCEPTANCE_RATE: 'code_suggestions_acceptance_rate',
 };
 
 export const METRIC_TOOLTIPS = {

app/assets/javascripts/ide/index.js

@@ -1,16 +1,9 @@
-import { identity } from 'lodash';
 import Vue from 'vue';
-// eslint-disable-next-line no-restricted-imports
-import { mapActions } from 'vuex';
-import { DEFAULT_BRANCH, IDE_ELEMENT_ID } from '~/ide/constants';
+import { IDE_ELEMENT_ID } from '~/ide/constants';
 import PerformancePlugin from '~/performance/vue_performance_plugin';
 import Translate from '~/vue_shared/translate';
 import { parseBoolean } from '../lib/utils/common_utils';
 import { resetServiceWorkersPublicPath } from '../lib/utils/webpack';
-import ide from './components/ide.vue';
-import { createRouter } from './ide_router';
-import { DEFAULT_THEME } from './lib/themes';
-import { createStore } from './stores';
 import { OAuthCallbackDomainMismatchErrorApp } from './oauth_callback_domain_mismatch_error';
 
 Vue.use(Translate);
@@ -19,75 +12,6 @@ Vue.use(PerformancePlugin, {
   components: ['FileTree'],
 });
 
-/**
- * Function that receives the default store and returns an extended one.
- * @callback extendStoreCallback
- * @param {Vuex.Store} store
- * @param {Element} el
- */
-
-/**
- * Initialize the IDE on the given element.
- *
- * @param {Element} el - The element that will contain the IDE.
- * @param {Object} options - Extra options for the IDE (Used by EE).
- * @param {Component} options.rootComponent -
- *   Component that overrides the root component.
- * @param {extendStoreCallback} options.extendStore -
- *   Function that receives the default store and returns an extended one.
- */
-export const initLegacyWebIDE = (el, options = {}) => {
-  if (!el) return null;
-
-  const { rootComponent = ide, extendStore = identity } = options;
-
-  const store = createStore();
-  const project = JSON.parse(el.dataset.project);
-  store.dispatch('setProject', { project });
-
-  // fire and forget fetching non-critical project info
-  store.dispatch('fetchProjectPermissions');
-
-  const router = createRouter(store, el.dataset.defaultBranch || DEFAULT_BRANCH);
-
-  return new Vue({
-    el,
-    store: extendStore(store, el),
-    router,
-    created() {
-      this.setEmptyStateSvgs({
-        emptyStateSvgPath: el.dataset.emptyStateSvgPath,
-        noChangesStateSvgPath: el.dataset.noChangesStateSvgPath,
-        committedStateSvgPath: el.dataset.committedStateSvgPath,
-        pipelinesEmptyStateSvgPath: el.dataset.pipelinesEmptyStateSvgPath,
-        promotionSvgPath: el.dataset.promotionSvgPath,
-        switchEditorSvgPath: el.dataset.switchEditorSvgPath,
-      });
-      this.setLinks({
-        webIDEHelpPagePath: el.dataset.webIdeHelpPagePath,
-        newWebIDEHelpPagePath: el.dataset.newWebIdeHelpPagePath,
-        forkInfo: el.dataset.forkInfo ? JSON.parse(el.dataset.forkInfo) : null,
-      });
-      this.init({
-        renderWhitespaceInCode: parseBoolean(el.dataset.renderWhitespaceInCode),
-        editorTheme: window.gon?.user_color_scheme || DEFAULT_THEME,
-        previewMarkdownPath: el.dataset.previewMarkdownPath,
-        userPreferencesPath: el.dataset.userPreferencesPath,
-      });
-    },
-    beforeDestroy() {
-      // This helps tests do Singleton cleanups which we don't really have responsibility to know about here.
-      this.$emit('destroy');
-    },
-    methods: {
-      ...mapActions(['setEmptyStateSvgs', 'setLinks', 'init']),
-    },
-    render(createElement) {
-      return createElement(rootComponent);
-    },
-  });
-};
-
 /**
  * Start the IDE.
  *
@@ -117,6 +41,7 @@ export async function startIde(options) {
     initGitlabWebIDE(ideElement);
   } else {
     resetServiceWorkersPublicPath();
+    const { initLegacyWebIDE } = await import('./init_legacy_web_ide');
     initLegacyWebIDE(ideElement, options);
   }
 }

app/assets/javascripts/ide/init_legacy_web_ide.js

@@ -0,0 +1,63 @@
+// legacyWebIDE.js
+import { identity } from 'lodash';
+import Vue from 'vue';
+// eslint-disable-next-line no-restricted-imports
+import { mapActions } from 'vuex';
+import { parseBoolean } from '../lib/utils/common_utils';
+import { DEFAULT_BRANCH } from './constants';
+import ide from './components/ide.vue';
+import { createRouter } from './ide_router';
+import { DEFAULT_THEME } from './lib/themes';
+import { createStore } from './stores';
+
+export const initLegacyWebIDE = (el, options = {}) => {
+  if (!el) return null;
+
+  const { rootComponent = ide, extendStore = identity } = options;
+
+  const store = createStore();
+  const project = JSON.parse(el.dataset.project);
+  store.dispatch('setProject', { project });
+
+  // fire and forget fetching non-critical project info
+  store.dispatch('fetchProjectPermissions');
+
+  const router = createRouter(store, el.dataset.defaultBranch || DEFAULT_BRANCH);
+
+  return new Vue({
+    el,
+    store: extendStore(store, el),
+    router,
+    created() {
+      this.setEmptyStateSvgs({
+        emptyStateSvgPath: el.dataset.emptyStateSvgPath,
+        noChangesStateSvgPath: el.dataset.noChangesStateSvgPath,
+        committedStateSvgPath: el.dataset.committedStateSvgPath,
+        pipelinesEmptyStateSvgPath: el.dataset.pipelinesEmptyStateSvgPath,
+        promotionSvgPath: el.dataset.promotionSvgPath,
+        switchEditorSvgPath: el.dataset.switchEditorSvgPath,
+      });
+      this.setLinks({
+        webIDEHelpPagePath: el.dataset.webIdeHelpPagePath,
+        newWebIDEHelpPagePath: el.dataset.newWebIdeHelpPagePath,
+        forkInfo: el.dataset.forkInfo ? JSON.parse(el.dataset.forkInfo) : null,
+      });
+      this.init({
+        renderWhitespaceInCode: parseBoolean(el.dataset.renderWhitespaceInCode),
+        editorTheme: window.gon?.user_color_scheme || DEFAULT_THEME,
+        previewMarkdownPath: el.dataset.previewMarkdownPath,
+        userPreferencesPath: el.dataset.userPreferencesPath,
+      });
+    },
+    beforeDestroy() {
+      // This helps tests do Singleton cleanups which we don't really have responsibility to know about here.
+      this.$emit('destroy');
+    },
+    methods: {
+      ...mapActions(['setEmptyStateSvgs', 'setLinks', 'init']),
+    },
+    render(createElement) {
+      return createElement(rootComponent);
+    },
+  });
+};

app/assets/stylesheets/page_bundles/xterm.scss

@@ -433,4 +433,10 @@
       color: $color;
     }
   }
+
+  @each $i, $color in $xterm-colors {
+    .xterm-bg-#{$i} {
+      background-color: $color;
+    }
+  }
 }

db/post_migrate/20240719033346_tmp_index_on_vulnerability_reads.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# See https://docs.gitlab.com/ee/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class TmpIndexOnVulnerabilityReads < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '17.3'
+
+  # TODO: remove this index in https://gitlab.com/gitlab-org/gitlab/-/issues/475161
+  INDEX_NAME = 'tmp_index_vulnerability_reads_where_state_is_detected'
+  TABLE_NAME = :vulnerability_reads
+
+  def up
+    add_concurrent_index TABLE_NAME, :id, name: INDEX_NAME, where: "state = 1"
+  end
+
+  def down
+    remove_concurrent_index_by_name TABLE_NAME, INDEX_NAME
+  end
+end

db/post_migrate/20240730072136_remove_index_projects_on_id_namespace_id.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class RemoveIndexProjectsOnIdNamespaceId < Gitlab::Database::Migration[2.2]
+  milestone '17.3'
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_projects_on_id_and_namespace_id'
+
+  def up
+    remove_concurrent_index_by_name :projects, INDEX_NAME
+  end
+
+  def down
+    add_concurrent_index :projects, [:id, :namespace_id], name: INDEX_NAME
+  end
+end

db/schema_migrations/20240719033346

@@ -0,0 +1 @@
+c4556edb2ff21ee43addc7eb7a49d6fc42d934f56817229eee0187d53c25de89

db/schema_migrations/20240730072136

@@ -0,0 +1 @@
+084d9556891e811b540ba11e11e464c2fa35dff9754b1893ca0c105c54a3ed31

db/structure.sql

@@ -29046,8 +29046,6 @@ CREATE INDEX index_projects_on_description_trigram ON projects USING gin (descri
 
 CREATE INDEX index_projects_on_id_and_archived_and_pending_delete ON projects USING btree (id) WHERE ((archived = false) AND (pending_delete = false));
 
-CREATE INDEX index_projects_on_id_and_namespace_id ON projects USING btree (id, namespace_id);
-
 CREATE UNIQUE INDEX index_projects_on_id_partial_for_visibility ON projects USING btree (id) WHERE (visibility_level = ANY (ARRAY[10, 20]));
 
 CREATE INDEX index_projects_on_id_service_desk_enabled ON projects USING btree (id) WHERE (service_desk_enabled = true);
@@ -30320,6 +30318,8 @@ CREATE INDEX tmp_index_project_statistics_cont_registry_size ON project_statisti
 
 CREATE INDEX tmp_index_vulnerability_overlong_title_html ON vulnerabilities USING btree (id) WHERE (length(title_html) > 800);
 
+CREATE INDEX tmp_index_vulnerability_reads_where_state_is_detected ON vulnerability_reads USING btree (id) WHERE (state = 1);
+
 CREATE UNIQUE INDEX u_project_compliance_standards_adherence_for_reporting ON project_compliance_standards_adherence USING btree (project_id, check_name, standard);
 
 CREATE UNIQUE INDEX u_zoekt_indices_zoekt_enabled_namespace_id_and_zoekt_node_id ON zoekt_indices USING btree (zoekt_enabled_namespace_id, zoekt_node_id);

doc/user/application_security/terminology/index.md

@@ -79,6 +79,13 @@ you can use to identify and describe these weaknesses in terms of CWEs.
 When a category's process deems findings to be the same, or if they are similar enough that a noise reduction is
 required, only one finding is kept and the others are eliminated. Read more about the [deduplication process](../vulnerability_report/pipeline.md#deduplication-process).
 
+## Dependency graph export
+
+A dependency graph export lists the direct and indirect dependencies used by a project **and**
+includes the relationships between them. It's differentiated from a lock file because it may
+_not_ be required by a [package manager](#package-managers) during installation like in the case of a `pipdeptree graph`
+[export](https://github.com/tox-dev/pipdeptree/blob/28ed57c8e96ed1fce13a7abbf167e850625a835c/README.md#visualizing-the-dependency-graph).
+
 ## Duplicate finding
 
 A legitimate finding that is reported multiple times. This can occur when different scanners
@@ -125,6 +132,12 @@ A finding's location fingerprint is a text value that's unique for each location
 surface. Each security product defines this according to its type of attack surface. For example, SAST
 incorporates file path and line number.
 
+## Lock file
+
+A lock file exhaustively lists both the direct and indirect dependencies of an application to ensure reproducible builds
+by a package manager. It _may_ also be a [dependency graph export](#dependency-graph-export) like in the case of a
+`Gemfile.lock` file, but listing dependency relationships is _not_ a requirement or guaranteed.
+
 ## Package managers and package types
 
 ### Package managers

locale/gitlab.pot

@@ -4951,6 +4951,9 @@ msgstr ""
 msgid "AiAnalytics|the ClickHouse data store is not available"
 msgstr ""
 
+msgid "AiImpactAnalytics|Code Suggestions acceptance usage"
+msgstr ""
+
 msgid "AiImpactAnalytics|Code Suggestions usage"
 msgstr ""
 

qa/Gemfile

@@ -24,7 +24,7 @@ gem 'rainbow', '~> 3.1.1'
 gem 'rspec-parameterized', '~> 1.0.2'
 gem 'octokit', '~> 9.1.0', require: false
 gem "faraday-retry", "~> 2.2", ">= 2.2.1"
-gem 'zeitwerk', '~> 2.6', '>= 2.6.16'
+gem 'zeitwerk', '~> 2.6', '>= 2.6.17'
 gem 'influxdb-client', '~> 3.1'
 gem 'terminal-table', '~> 3.0.2', require: false
 gem 'slack-notifier', '~> 2.4', require: false

qa/Gemfile.lock

@@ -382,7 +382,7 @@ GEM
     wisper (2.0.1)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.16)
+    zeitwerk (2.6.17)
 
 PLATFORMS
   ruby
@@ -427,7 +427,7 @@ DEPENDENCIES
   slack-notifier (~> 2.4)
   terminal-table (~> 3.0.2)
   warning (~> 1.4)
-  zeitwerk (~> 2.6, >= 2.6.16)
+  zeitwerk (~> 2.6, >= 2.6.17)
 
 BUNDLED WITH
    2.5.11

spec/frontend_integration/ide/helpers/start.js

@@ -1,7 +1,7 @@
 import { editor as monacoEditor } from 'monaco-editor';
 import setWindowLocation from 'helpers/set_window_location_helper';
 import { TEST_HOST } from 'helpers/test_constants';
-import { initLegacyWebIDE } from '~/ide';
+import { initLegacyWebIDE } from '~/ide/init_legacy_web_ide';
 import extendStore from '~/ide/stores/extend';
 import { getProject, getEmptyProject } from 'jest/../frontend_integration/test_helpers/fixtures';
 import { IDE_DATASET } from './mock_data';