From 227ef21f9409936b0128d66dbc3a44ccafd6bb34 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 14 Jul 2025 03:12:27 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 .rubocop_todo/database/prevent_wildcard_injection.yml    | 8 --------
 ...ptimistic_locking_for_namespace_descendants_cache.yml | 2 +-
 lib/gitlab/seeder.rb                                     | 9 ++++++---
 3 files changed, 7 insertions(+), 12 deletions(-)
 delete mode 100644 .rubocop_todo/database/prevent_wildcard_injection.yml

diff --git a/.rubocop_todo/database/prevent_wildcard_injection.yml b/.rubocop_todo/database/prevent_wildcard_injection.yml
deleted file mode 100644
index c76582119ee..00000000000
--- a/.rubocop_todo/database/prevent_wildcard_injection.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-Database/PreventWildcardInjection:
-  Details: grace period
-  Exclude:
-    - 'ee/app/models/ee/note.rb'
-    - 'ee/app/models/geo_node.rb'
-    - 'ee/app/models/vulnerabilities/read.rb'
-    - 'lib/gitlab/seeder.rb'
diff --git a/config/feature_flags/beta/optimistic_locking_for_namespace_descendants_cache.yml b/config/feature_flags/beta/optimistic_locking_for_namespace_descendants_cache.yml
index c9193708845..06ff3ba1940 100644
--- a/config/feature_flags/beta/optimistic_locking_for_namespace_descendants_cache.yml
+++ b/config/feature_flags/beta/optimistic_locking_for_namespace_descendants_cache.yml
@@ -7,4 +7,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/551832
 milestone: '18.2'
 group: group::optimize
 type: beta
-default_enabled: false
+default_enabled: true
diff --git a/lib/gitlab/seeder.rb b/lib/gitlab/seeder.rb
index d7237c40dbc..ff9db88e25d 100644
--- a/lib/gitlab/seeder.rb
+++ b/lib/gitlab/seeder.rb
@@ -17,7 +17,7 @@ module Gitlab
 
       included do
         scope :not_mass_generated, -> do
-          where.not("path LIKE '#{MASS_INSERT_GROUP_START}%'")
+          where.not("path LIKE '#{sanitize_sql_like(MASS_INSERT_GROUP_START)}%'")
         end
       end
     end
@@ -27,7 +27,7 @@ module Gitlab
 
       included do
         scope :not_mass_generated, -> do
-          where.not("path LIKE '#{MASS_INSERT_PROJECT_START}%'")
+          where.not("path LIKE '#{sanitize_sql_like(MASS_INSERT_PROJECT_START)}%'")
         end
       end
     end
@@ -37,7 +37,10 @@ module Gitlab
 
       included do
         scope :not_mass_generated, -> do
-          where.not("username LIKE '#{MASS_INSERT_USER_START}%' OR username LIKE '#{REPORTED_USER_START}%'")
+          where.not(
+            "username LIKE '#{sanitize_sql_like(MASS_INSERT_USER_START)}%' OR " \
+              "username LIKE '#{sanitize_sql_like(REPORTED_USER_START)}%'"
+          )
         end
       end
     end