From a6c81e88d3d79cc8dbad04c65996e5a9c5b2d915 Mon Sep 17 00:00:00 2001
From: bmarjanovic <bmarjanovic@gitlab.com>
Date: Fri, 11 Jul 2025 10:54:04 +0200
Subject: [PATCH 1/3] Update grape gem to 2.1.3

---
 Gemfile                                       |  2 +-
 Gemfile.checksum                              |  5 +-
 Gemfile.lock                                  | 17 +++----
 Gemfile.next.checksum                         |  5 +-
 Gemfile.next.lock                             | 17 +++----
 .../virtual_registries/packages/endpoint.rb   |  2 +-
 ee/lib/api/dependency_proxy/packages/npm.rb   |  2 +-
 .../packages/maven/endpoints.rb               |  5 +-
 .../api/group_service_accounts_spec.rb        |  8 ++--
 ee/spec/requests/api/groups_spec.rb           |  4 +-
 ee/spec/requests/api/projects_spec.rb         |  4 +-
 .../packages/maven/cache/entries_spec.rb      |  4 +-
 .../packages/maven/registries_spec.rb         |  6 +--
 .../packages/maven/upstreams_spec.rb          |  6 +--
 .../internal/upcoming_reconciliations_spec.rb |  4 +-
 .../packages/nuget/public_endpoints.rb        |  2 +-
 lib/api/helpers.rb                            |  6 ++-
 lib/api/integrations/slack/request.rb         |  4 +-
 lib/api/npm_project_packages.rb               |  2 +-
 lib/api/nuget_project_packages.rb             |  2 +-
 lib/api/releases.rb                           |  4 +-
 .../modules/v1/namespace_packages.rb          |  2 +-
 .../terraform/modules/v1/project_packages.rb  |  2 +-
 .../loggers/filter_parameters.rb              |  8 ++--
 lib/tasks/ci/job_tokens_task.rb               |  8 ++--
 spec/lib/api/api_spec.rb                      |  2 +-
 .../loggers/filter_parameters_spec.rb         |  6 +--
 spec/requests/api/api_spec.rb                 |  4 +-
 spec/requests/api/groups_spec.rb              |  4 +-
 spec/requests/api/helpers_spec.rb             |  4 +-
 spec/requests/api/projects_spec.rb            |  4 +-
 spec/requests/api/suggestions_spec.rb         |  4 +-
 spec/requests/api/topics_spec.rb              | 18 +++----
 spec/requests/api/users_spec.rb               |  4 +-
 .../api/protection_rules_shared_examples.rb   |  4 +-
 spec/tasks/ci/job_tokens_task_spec.rb         | 48 +++++++++++--------
 36 files changed, 120 insertions(+), 113 deletions(-)

diff --git a/Gemfile b/Gemfile
index 3a45a24b241ce3..636222c4e4444f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -156,7 +156,7 @@ gem 'gitlab_omniauth-ldap', '~> 2.2.0', require: 'omniauth-ldap', feature_catego
 gem 'net-ldap', '~> 0.17.1', feature_category: :system_access
 
 # API
-gem 'grape', '~> 2.0.0', feature_category: :api
+gem 'grape', '~> 2.1.3', feature_category: :api
 gem 'grape-entity', '~> 1.0.1', feature_category: :api
 gem 'grape-swagger', '~> 2.1.2', group: [:development, :test], feature_category: :api
 gem 'grape-swagger-entity', '~> 0.5.5', group: [:development, :test], feature_category: :api
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 1a4f45f24db954..a97d422ec63b29 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -284,7 +284,7 @@
 {"name":"googleapis-common-protos-types","version":"1.20.0","platform":"ruby","checksum":"5e374b06bcfc7e13556e7c0d87b99f1fa3d42de6396a1de3d8fc13aefb4dd07f"},
 {"name":"googleauth","version":"1.8.1","platform":"ruby","checksum":"814adadaaa1221dce72a67131e3ecbd6d23491a161ec84fb15fd353b87d8c9e7"},
 {"name":"gpgme","version":"2.0.24","platform":"ruby","checksum":"53eccd7042abb4fd5c78f30bc9ed075b1325e6450eab207f2f6a1e7e28ae3b64"},
-{"name":"grape","version":"2.0.0","platform":"ruby","checksum":"3aeff94c17e84ccead4ff98833df691e7da0c108878cc128ca31f80c1047494a"},
+{"name":"grape","version":"2.1.3","platform":"ruby","checksum":"62973acde2a89ac275baa9efb67adcc9240b83b0016ca561807f81a829a47e37"},
 {"name":"grape-entity","version":"1.0.1","platform":"ruby","checksum":"e00f9e94e407aff77aa2945d741f544d07e48501927942988799913151d02634"},
 {"name":"grape-path-helpers","version":"2.0.1","platform":"ruby","checksum":"ad5216e52c6e796738a9118087352ab4c962900dbad1d8f8c0f96e093c6702d7"},
 {"name":"grape-swagger","version":"2.1.2","platform":"ruby","checksum":"8ad7bd53c8baee704575808875dba8c08d269c457db3cf8f1b8a2a1dbf827294"},
@@ -408,7 +408,7 @@
 {"name":"multipart-post","version":"2.2.3","platform":"ruby","checksum":"462979de2971b8df33c2ee797fd497731617241f9dcd93960cc3caccb2dd13d8"},
 {"name":"murmurhash3","version":"0.1.7","platform":"ruby","checksum":"370a2ce2e9ab0711e51554e530b5f63956927a6554a296855f42a1a4a5ed0936"},
 {"name":"mustermann","version":"3.0.0","platform":"ruby","checksum":"6d3569aa3c3b2f048c60626f48d9b2d561cc8d2ef269296943b03da181c08b67"},
-{"name":"mustermann-grape","version":"1.0.2","platform":"ruby","checksum":"6f5309d6a338f801f211c644e8c2d3cc2577a8693f9cd51dadfdb29c1260f5fe"},
+{"name":"mustermann-grape","version":"1.1.0","platform":"ruby","checksum":"8d258a986004c8f01ce4c023c0b037c168a9ed889cf5778068ad54398fa458c5"},
 {"name":"mutex_m","version":"0.3.0","platform":"ruby","checksum":"cfcb04ac16b69c4813777022fdceda24e9f798e48092a2b817eb4c0a782b0751"},
 {"name":"nap","version":"1.1.0","platform":"ruby","checksum":"949691660f9d041d75be611bb2a8d2fd559c467537deac241f4097d9b5eea576"},
 {"name":"nenv","version":"0.3.0","platform":"ruby","checksum":"d9de6d8fb7072228463bf61843159419c969edb34b3cef51832b516ae7972765"},
@@ -550,7 +550,6 @@
 {"name":"racc","version":"1.8.1","platform":"java","checksum":"54f2e6d1e1b91c154013277d986f52a90e5ececbe91465d29172e49342732b98"},
 {"name":"racc","version":"1.8.1","platform":"ruby","checksum":"4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f"},
 {"name":"rack","version":"2.2.17","platform":"ruby","checksum":"5fe02a1ca80d6fb2271dba00985ee2962d6f5620b6f46dfed89f5301ac4699dd"},
-{"name":"rack-accept","version":"0.4.5","platform":"ruby","checksum":"66247b5449db64ebb93ae2ec4af4764b87d1ae8a7463c7c68893ac13fa8d4da2"},
 {"name":"rack-attack","version":"6.7.0","platform":"ruby","checksum":"3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c"},
 {"name":"rack-cors","version":"2.0.2","platform":"ruby","checksum":"415d4e1599891760c5dc9ef0349c7fecdf94f7c6a03e75b2e7c2b54b82adda1b"},
 {"name":"rack-oauth2","version":"2.2.1","platform":"ruby","checksum":"c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5"},
diff --git a/Gemfile.lock b/Gemfile.lock
index b65917a5f973b6..005b6a64332da4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -920,13 +920,12 @@ GEM
       signet (>= 0.16, < 2.a)
     gpgme (2.0.24)
       mini_portile2 (~> 2.7)
-    grape (2.0.0)
-      activesupport (>= 5)
-      builder
+    grape (2.1.3)
+      activesupport (>= 6)
       dry-types (>= 1.1)
-      mustermann-grape (~> 1.0.0)
-      rack (>= 1.3.0)
-      rack-accept
+      mustermann-grape (~> 1.1.0)
+      rack (>= 2)
+      zeitwerk
     grape-entity (1.0.1)
       activesupport (>= 3.0.0)
       multi_json (>= 1.3.2)
@@ -1195,7 +1194,7 @@ GEM
     murmurhash3 (0.1.7)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
-    mustermann-grape (1.0.2)
+    mustermann-grape (1.1.0)
       mustermann (>= 1.0.0)
     mutex_m (0.3.0)
     nap (1.1.0)
@@ -1518,8 +1517,6 @@ GEM
     raabro (1.4.0)
     racc (1.8.1)
     rack (2.2.17)
-    rack-accept (0.4.5)
-      rack (>= 0.4)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (2.0.2)
@@ -2197,7 +2194,7 @@ DEPENDENCIES
   google-protobuf (~> 3.25, >= 3.25.3)
   googleauth (~> 1.8.1)
   gpgme (~> 2.0.24)
-  grape (~> 2.0.0)
+  grape (~> 2.1.3)
   grape-entity (~> 1.0.1)
   grape-path-helpers (~> 2.0.1)
   grape-swagger (~> 2.1.2)
diff --git a/Gemfile.next.checksum b/Gemfile.next.checksum
index 98483921c7f39f..d2a01f9dd17478 100644
--- a/Gemfile.next.checksum
+++ b/Gemfile.next.checksum
@@ -284,7 +284,7 @@
 {"name":"googleapis-common-protos-types","version":"1.20.0","platform":"ruby","checksum":"5e374b06bcfc7e13556e7c0d87b99f1fa3d42de6396a1de3d8fc13aefb4dd07f"},
 {"name":"googleauth","version":"1.8.1","platform":"ruby","checksum":"814adadaaa1221dce72a67131e3ecbd6d23491a161ec84fb15fd353b87d8c9e7"},
 {"name":"gpgme","version":"2.0.24","platform":"ruby","checksum":"53eccd7042abb4fd5c78f30bc9ed075b1325e6450eab207f2f6a1e7e28ae3b64"},
-{"name":"grape","version":"2.0.0","platform":"ruby","checksum":"3aeff94c17e84ccead4ff98833df691e7da0c108878cc128ca31f80c1047494a"},
+{"name":"grape","version":"2.1.3","platform":"ruby","checksum":"62973acde2a89ac275baa9efb67adcc9240b83b0016ca561807f81a829a47e37"},
 {"name":"grape-entity","version":"1.0.1","platform":"ruby","checksum":"e00f9e94e407aff77aa2945d741f544d07e48501927942988799913151d02634"},
 {"name":"grape-path-helpers","version":"2.0.1","platform":"ruby","checksum":"ad5216e52c6e796738a9118087352ab4c962900dbad1d8f8c0f96e093c6702d7"},
 {"name":"grape-swagger","version":"2.1.2","platform":"ruby","checksum":"8ad7bd53c8baee704575808875dba8c08d269c457db3cf8f1b8a2a1dbf827294"},
@@ -408,7 +408,7 @@
 {"name":"multipart-post","version":"2.2.3","platform":"ruby","checksum":"462979de2971b8df33c2ee797fd497731617241f9dcd93960cc3caccb2dd13d8"},
 {"name":"murmurhash3","version":"0.1.7","platform":"ruby","checksum":"370a2ce2e9ab0711e51554e530b5f63956927a6554a296855f42a1a4a5ed0936"},
 {"name":"mustermann","version":"3.0.0","platform":"ruby","checksum":"6d3569aa3c3b2f048c60626f48d9b2d561cc8d2ef269296943b03da181c08b67"},
-{"name":"mustermann-grape","version":"1.0.2","platform":"ruby","checksum":"6f5309d6a338f801f211c644e8c2d3cc2577a8693f9cd51dadfdb29c1260f5fe"},
+{"name":"mustermann-grape","version":"1.1.0","platform":"ruby","checksum":"8d258a986004c8f01ce4c023c0b037c168a9ed889cf5778068ad54398fa458c5"},
 {"name":"mutex_m","version":"0.3.0","platform":"ruby","checksum":"cfcb04ac16b69c4813777022fdceda24e9f798e48092a2b817eb4c0a782b0751"},
 {"name":"nap","version":"1.1.0","platform":"ruby","checksum":"949691660f9d041d75be611bb2a8d2fd559c467537deac241f4097d9b5eea576"},
 {"name":"nenv","version":"0.3.0","platform":"ruby","checksum":"d9de6d8fb7072228463bf61843159419c969edb34b3cef51832b516ae7972765"},
@@ -550,7 +550,6 @@
 {"name":"racc","version":"1.8.1","platform":"java","checksum":"54f2e6d1e1b91c154013277d986f52a90e5ececbe91465d29172e49342732b98"},
 {"name":"racc","version":"1.8.1","platform":"ruby","checksum":"4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f"},
 {"name":"rack","version":"2.2.17","platform":"ruby","checksum":"5fe02a1ca80d6fb2271dba00985ee2962d6f5620b6f46dfed89f5301ac4699dd"},
-{"name":"rack-accept","version":"0.4.5","platform":"ruby","checksum":"66247b5449db64ebb93ae2ec4af4764b87d1ae8a7463c7c68893ac13fa8d4da2"},
 {"name":"rack-attack","version":"6.7.0","platform":"ruby","checksum":"3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c"},
 {"name":"rack-cors","version":"2.0.2","platform":"ruby","checksum":"415d4e1599891760c5dc9ef0349c7fecdf94f7c6a03e75b2e7c2b54b82adda1b"},
 {"name":"rack-oauth2","version":"2.2.1","platform":"ruby","checksum":"c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5"},
diff --git a/Gemfile.next.lock b/Gemfile.next.lock
index 3d1d266f5af951..470c8337fe6489 100644
--- a/Gemfile.next.lock
+++ b/Gemfile.next.lock
@@ -914,13 +914,12 @@ GEM
       signet (>= 0.16, < 2.a)
     gpgme (2.0.24)
       mini_portile2 (~> 2.7)
-    grape (2.0.0)
-      activesupport (>= 5)
-      builder
+    grape (2.1.3)
+      activesupport (>= 6)
       dry-types (>= 1.1)
-      mustermann-grape (~> 1.0.0)
-      rack (>= 1.3.0)
-      rack-accept
+      mustermann-grape (~> 1.1.0)
+      rack (>= 2)
+      zeitwerk
     grape-entity (1.0.1)
       activesupport (>= 3.0.0)
       multi_json (>= 1.3.2)
@@ -1189,7 +1188,7 @@ GEM
     murmurhash3 (0.1.7)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
-    mustermann-grape (1.0.2)
+    mustermann-grape (1.1.0)
       mustermann (>= 1.0.0)
     mutex_m (0.3.0)
     nap (1.1.0)
@@ -1512,8 +1511,6 @@ GEM
     raabro (1.4.0)
     racc (1.8.1)
     rack (2.2.17)
-    rack-accept (0.4.5)
-      rack (>= 0.4)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (2.0.2)
@@ -2192,7 +2189,7 @@ DEPENDENCIES
   google-protobuf (~> 3.25, >= 3.25.3)
   googleauth (~> 1.8.1)
   gpgme (~> 2.0.24)
-  grape (~> 2.0.0)
+  grape (~> 2.1.3)
   grape-entity (~> 1.0.1)
   grape-path-helpers (~> 2.0.1)
   grape-swagger (~> 2.1.2)
diff --git a/ee/lib/api/concerns/virtual_registries/packages/endpoint.rb b/ee/lib/api/concerns/virtual_registries/packages/endpoint.rb
index 62bb17fc692a0f..1cedff674ce857 100644
--- a/ee/lib/api/concerns/virtual_registries/packages/endpoint.rb
+++ b/ee/lib/api/concerns/virtual_registries/packages/endpoint.rb
@@ -20,7 +20,7 @@ module Endpoint
             X-Checksum-Sha1
           ].freeze
           WEB_BROWSER_ERROR_MESSAGE = 'This endpoint is not meant to be accessed by a web browser.'
-          UPSTREAM_GID_HEADER = 'X-Gitlab-Virtual-Registry-Upstream-Global-Id'
+          UPSTREAM_GID_HEADER = 'X-Gitlab-Virtual-Registry-Upstream-Global-Id'.downcase
           MAX_FILE_SIZE = 5.gigabytes
 
           included do
diff --git a/ee/lib/api/dependency_proxy/packages/npm.rb b/ee/lib/api/dependency_proxy/packages/npm.rb
index 64ccad70184274..d112f70258a826 100644
--- a/ee/lib/api/dependency_proxy/packages/npm.rb
+++ b/ee/lib/api/dependency_proxy/packages/npm.rb
@@ -97,7 +97,7 @@ def track_events?
               requires :package_name, type: String, desc: 'Package name', regexp: Gitlab::Regex.npm_package_name_regex
               requires :file_name, type: String, desc: 'Package file name', file_path: true
             end
-            get '*package_name/-/*file_name', format: false do
+            get '*package_name/-/*file_name', format: true do
               package_file = ::Packages::PackageFileFinder.new(package, declared_params[:file_name]).execute! if package
 
               handle(package_file)
diff --git a/ee/lib/api/virtual_registries/packages/maven/endpoints.rb b/ee/lib/api/virtual_registries/packages/maven/endpoints.rb
index fd7d193f383e9c..26a46eb5bc1049 100644
--- a/ee/lib/api/virtual_registries/packages/maven/endpoints.rb
+++ b/ee/lib/api/virtual_registries/packages/maven/endpoints.rb
@@ -11,6 +11,7 @@ class Endpoints < ::API::Base
 
           AUTHENTICATE_REALM_HEADER = 'WWW-Authenticate'
           AUTHENTICATE_REALM_NAME = 'Basic realm="GitLab Virtual Registry"'
+          ETAG_HEADER_KEY = 'etag'
 
           SHA1_CHECKSUM_HEADER = 'x-checksum-sha1'
           MD5_CHECKSUM_HEADER = 'x-checksum-md5'
@@ -85,7 +86,7 @@ def unauthorized!(reason = nil)
             params do
               use :id_and_path
             end
-            get format: false do
+            get format: true do
               service_response = ::VirtualRegistries::Packages::Maven::HandleFileRequestService.new(
                 registry: registry,
                 current_user: current_user,
@@ -124,7 +125,7 @@ def unauthorized!(reason = nil)
               authorize!(:read_virtual_registry, registry)
 
               etag, content_type, upstream_gid = headers.fetch_values(
-                'Etag',
+                ETAG_HEADER_KEY,
                 ::Gitlab::Workhorse::SEND_DEPENDENCY_CONTENT_TYPE_HEADER,
                 UPSTREAM_GID_HEADER
               ) { nil }
diff --git a/ee/spec/requests/api/group_service_accounts_spec.rb b/ee/spec/requests/api/group_service_accounts_spec.rb
index 0ac8d3df78e6e7..2c6037084c2080 100644
--- a/ee/spec/requests/api/group_service_accounts_spec.rb
+++ b/ee/spec/requests/api/group_service_accounts_spec.rb
@@ -96,10 +96,10 @@
       expect(json_response['message']).to eq('404 User Not Found')
     end
 
-    it "returns a 400 for invalid ID" do
+    it "returns a 404 for invalid ID" do
       perform_enqueued_jobs { delete api("/groups/#{group_id}/service_accounts/ASDF", admin, admin_mode: true) }
 
-      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(response).to have_gitlab_http_status(:not_found)
     end
 
     context "when hard delete disabled" do
@@ -288,10 +288,10 @@
         expect(json_response['message']).to eq('404 User Not Found')
       end
 
-      it "returns a 400 for invalid user ID" do
+      it "returns a 404 for invalid user ID" do
         patch api("/groups/#{group_id}/service_accounts/ASDF", user), params: params
 
-        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
 
       context 'when target user is not a service account' do
diff --git a/ee/spec/requests/api/groups_spec.rb b/ee/spec/requests/api/groups_spec.rb
index ab61d50309a484..9cedff4c5eb79f 100644
--- a/ee/spec/requests/api/groups_spec.rb
+++ b/ee/spec/requests/api/groups_spec.rb
@@ -1348,7 +1348,7 @@
             context 'invalid audit_event_id' do
               let(:path) { "/groups/#{group.id}/audit_events/an-invalid-id" }
 
-              it_behaves_like '400 response' do
+              it_behaves_like '404 response' do
                 let(:request) { get api(path, user) }
               end
             end
@@ -1461,7 +1461,7 @@
             context 'invalid audit_event_id' do
               let(:path) { "/groups/#{group.id}/audit_events/an-invalid-id" }
 
-              it_behaves_like '400 response' do
+              it_behaves_like '404 response' do
                 let(:request) { get api(path, user) }
               end
             end
diff --git a/ee/spec/requests/api/projects_spec.rb b/ee/spec/requests/api/projects_spec.rb
index 53d4ce4a9b3a6f..c7e68a59f9cc71 100644
--- a/ee/spec/requests/api/projects_spec.rb
+++ b/ee/spec/requests/api/projects_spec.rb
@@ -1132,7 +1132,7 @@
             context 'invalid audit_event_id' do
               let(:path) { "/projects/#{project.id}/audit_events/an-invalid-id" }
 
-              it_behaves_like '400 response' do
+              it_behaves_like '404 response' do
                 let(:request) { get api(path, user) }
               end
             end
@@ -1246,7 +1246,7 @@
             context 'invalid audit_event_id' do
               let(:path) { "/projects/#{project.id}/audit_events/an-invalid-id" }
 
-              it_behaves_like '400 response' do
+              it_behaves_like '404 response' do
                 let(:request) { get api(path, user) }
               end
             end
diff --git a/ee/spec/requests/api/virtual_registries/packages/maven/cache/entries_spec.rb b/ee/spec/requests/api/virtual_registries/packages/maven/cache/entries_spec.rb
index d61f0d7ee56226..3a1b0166accab3 100644
--- a/ee/spec/requests/api/virtual_registries/packages/maven/cache/entries_spec.rb
+++ b/ee/spec/requests/api/virtual_registries/packages/maven/cache/entries_spec.rb
@@ -46,8 +46,8 @@
     context 'with invalid upstream' do
       where(:upstream_id, :status) do
         non_existing_record_id | :not_found
-        'foo'                  | :bad_request
-        ''                     | :bad_request
+        'foo'                  | :not_found
+        ''                     | :not_found
       end
 
       with_them do
diff --git a/ee/spec/requests/api/virtual_registries/packages/maven/registries_spec.rb b/ee/spec/requests/api/virtual_registries/packages/maven/registries_spec.rb
index 10926a416cf829..f211d2a4d7d41f 100644
--- a/ee/spec/requests/api/virtual_registries/packages/maven/registries_spec.rb
+++ b/ee/spec/requests/api/virtual_registries/packages/maven/registries_spec.rb
@@ -216,8 +216,8 @@
     context 'with invalid registry_id' do
       where(:registry_id, :status) do
         non_existing_record_id | :not_found
-        'foo'                  | :bad_request
-        ''                     | :bad_request
+        'foo'                  | :not_found
+        ''                     | :not_found
       end
 
       with_them do
@@ -349,7 +349,7 @@
     context 'with invalid registry_id' do
       where(:registry_id, :status) do
         non_existing_record_id | :not_found
-        'foo'                  | :bad_request
+        'foo'                  | :not_found
         ''                     | :not_found
       end
 
diff --git a/ee/spec/requests/api/virtual_registries/packages/maven/upstreams_spec.rb b/ee/spec/requests/api/virtual_registries/packages/maven/upstreams_spec.rb
index 1a25f442dbfa17..913dc6c382044f 100644
--- a/ee/spec/requests/api/virtual_registries/packages/maven/upstreams_spec.rb
+++ b/ee/spec/requests/api/virtual_registries/packages/maven/upstreams_spec.rb
@@ -40,8 +40,8 @@
     context 'with invalid registry' do
       where(:registry_id, :status) do
         non_existing_record_id | :not_found
-        'foo'                  | :bad_request
-        ''                     | :bad_request
+        'foo'                  | :not_found
+        ''                     | :not_found
       end
 
       with_them do
@@ -130,7 +130,7 @@
     context 'with invalid registry' do
       where(:registry_id, :status) do
         non_existing_record_id | :not_found
-        'foo'                  | :bad_request
+        'foo'                  | :not_found
         ''                     | :not_found
       end
 
diff --git a/ee/spec/requests/gitlab_subscriptions/api/internal/upcoming_reconciliations_spec.rb b/ee/spec/requests/gitlab_subscriptions/api/internal/upcoming_reconciliations_spec.rb
index a1f5c55e37a8b3..192676c2d67acf 100644
--- a/ee/spec/requests/gitlab_subscriptions/api/internal/upcoming_reconciliations_spec.rb
+++ b/ee/spec/requests/gitlab_subscriptions/api/internal/upcoming_reconciliations_spec.rb
@@ -88,7 +88,7 @@ def upcoming_reconciliations_path(namespace_id)
               display_alert_from: Date.today - 2.days
             }
 
-            put upcoming_reconciliations_path(-1), headers: internal_api_headers, params: params
+            put upcoming_reconciliations_path(non_existing_record_id), headers: internal_api_headers, params: params
 
             expect(response).to have_gitlab_http_status(:not_found)
             expect(json_response['message']).to eq('404 Namespace Not Found')
@@ -132,7 +132,7 @@ def upcoming_reconciliations_path(namespace_id)
 
       context 'when namespace does not exist' do
         it 'returns namespace not found error' do
-          delete upcoming_reconciliations_path(-1), headers: internal_api_headers
+          delete upcoming_reconciliations_path(non_existing_record_id), headers: internal_api_headers
 
           expect(response).to have_gitlab_http_status(:not_found)
           expect(json_response['message']).to eq('404 Namespace Not Found')
diff --git a/lib/api/concerns/packages/nuget/public_endpoints.rb b/lib/api/concerns/packages/nuget/public_endpoints.rb
index 2cb7e9914c933a..4dde27c216d5fe 100644
--- a/lib/api/concerns/packages/nuget/public_endpoints.rb
+++ b/lib/api/concerns/packages/nuget/public_endpoints.rb
@@ -74,7 +74,7 @@ module PublicEndpoints
                   documentation: { example: 'k813f89485474661234z7109cve5709eFFFFFFFF' }
                 requires :same_file_name, same_as: :file_name
               end
-              get '*file_name/*signature/*same_file_name', format: false, urgency: :low do
+              get '*file_name/*signature/*same_file_name', format: true, urgency: :low do
                 bad_request!('Missing checksum header') if headers['Symbolchecksum'].blank?
 
                 project_or_group_without_auth
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index a668a9fee5de45..71a28ba0634b16 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -632,7 +632,9 @@ def render_api_error_with_reason!(status, message, reason)
     end
 
     def render_api_error!(message, status)
-      render_structured_api_error!({ 'message' => message }, status)
+      error_message = message.is_a?(ActiveModel::Errors) ? message.to_hash : message
+
+      render_structured_api_error!({ 'message' => error_message }, status)
     end
 
     def render_structured_api_error!(hash, status)
@@ -676,7 +678,7 @@ def handle_api_exception(exception)
           '500 Internal Server Error'
         end
 
-      rack_response({ 'message' => response_message }.to_json, 500)
+      error!({ 'message' => response_message }, 500)
     end
 
     # project helpers
diff --git a/lib/api/integrations/slack/request.rb b/lib/api/integrations/slack/request.rb
index ef57d8bd9b3830..77f06d84d12cd0 100644
--- a/lib/api/integrations/slack/request.rb
+++ b/lib/api/integrations/slack/request.rb
@@ -5,8 +5,8 @@ class Integrations
     module Slack
       module Request
         VERIFICATION_VERSION = 'v0'
-        VERIFICATION_TIMESTAMP_HEADER = 'X-Slack-Request-Timestamp'
-        VERIFICATION_SIGNATURE_HEADER = 'X-Slack-Signature'
+        VERIFICATION_TIMESTAMP_HEADER = 'x-slack-request-timestamp'
+        VERIFICATION_SIGNATURE_HEADER = 'x-slack-signature'
         VERIFICATION_DELIMITER = ':'
         VERIFICATION_HMAC_ALGORITHM = 'sha256'
         VERIFICATION_TIMESTAMP_EXPIRY = 1.minute.to_i
diff --git a/lib/api/npm_project_packages.rb b/lib/api/npm_project_packages.rb
index e04063761a1582..7c870299a76c32 100644
--- a/lib/api/npm_project_packages.rb
+++ b/lib/api/npm_project_packages.rb
@@ -63,7 +63,7 @@ def project_id_or_nil
       route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
       route_setting :authorization, job_token_policies: :read_packages,
         allow_public_access_for_enabled_project_features: :package_registry
-      get '*package_name/-/*file_name', format: false do
+      get '*package_name/-/*file_name', format: true do
         authorize_read_package!(project)
 
         package = ::Packages::Npm::Package
diff --git a/lib/api/nuget_project_packages.rb b/lib/api/nuget_project_packages.rb
index 925e899485fa2a..0f844b6010b848 100644
--- a/lib/api/nuget_project_packages.rb
+++ b/lib/api/nuget_project_packages.rb
@@ -379,7 +379,7 @@ def track_package_event_attrs
             requires :package_version, type: String, allow_blank: false, desc: 'The NuGet package version',
               regexp: Gitlab::Regex.nuget_version_regex, documentation: { example: '1.0.1' }
           end
-          delete '*package_name/*package_version', format: false, urgency: :low do
+          delete '*package_name/*package_version', format: true, urgency: :low do
             authorize_destroy_package!(project_or_group)
 
             destroy_conditionally!(find_package) do |package|
diff --git a/lib/api/releases.rb b/lib/api/releases.rb
index d3f386d8faacc0..45ea6d430acbef 100644
--- a/lib/api/releases.rb
+++ b/lib/api/releases.rb
@@ -166,7 +166,7 @@ class Releases < ::API::Base
       route_setting :authentication, job_token_allowed: true
       route_setting :authorization, job_token_policies: :read_releases,
         allow_public_access_for_enabled_project_features: [:repository, :releases]
-      get ':id/releases/:tag_name/downloads/*direct_asset_path', format: false, requirements: RELEASE_ENDPOINT_REQUIREMENTS do
+      get ':id/releases/:tag_name/downloads/*direct_asset_path', format: true, requirements: RELEASE_ENDPOINT_REQUIREMENTS do
         authorize_read_code!
 
         not_found! unless release
@@ -196,7 +196,7 @@ class Releases < ::API::Base
       route_setting :authentication, job_token_allowed: true
       route_setting :authorization, job_token_policies: :read_releases,
         allow_public_access_for_enabled_project_features: [:repository, :releases]
-      get ':id/releases/permalink/latest(/)(*suffix_path)', format: false, requirements: RELEASE_ENDPOINT_REQUIREMENTS do
+      get ':id/releases/permalink/latest(/)(*suffix_path)', format: true, requirements: RELEASE_ENDPOINT_REQUIREMENTS.merge(suffix_path: /.+/) do
         authorize_read_code!
 
         # Try to find the latest release
diff --git a/lib/api/terraform/modules/v1/namespace_packages.rb b/lib/api/terraform/modules/v1/namespace_packages.rb
index acb21eddba84d5..ab9959cf3b06f6 100644
--- a/lib/api/terraform/modules/v1/namespace_packages.rb
+++ b/lib/api/terraform/modules/v1/namespace_packages.rb
@@ -235,7 +235,7 @@ def package_file
                 ]
                 tags %w[terraform_registry]
               end
-              get format: false do
+              get format: true do
                 presenter = ::Terraform::ModuleVersionPresenter.new(package, params[:module_system])
                 present presenter, with: ::API::Entities::Terraform::ModuleVersion
               end
diff --git a/lib/api/terraform/modules/v1/project_packages.rb b/lib/api/terraform/modules/v1/project_packages.rb
index f4f9e73a6c7f88..297bdfabb64fc6 100644
--- a/lib/api/terraform/modules/v1/project_packages.rb
+++ b/lib/api/terraform/modules/v1/project_packages.rb
@@ -115,7 +115,7 @@ def authorize_workhorse_params
                 params do
                   use :terraform_get
                 end
-                get format: false do
+                get format: true do
                   present_package_file
                 end
 
diff --git a/lib/gitlab/grape_logging/loggers/filter_parameters.rb b/lib/gitlab/grape_logging/loggers/filter_parameters.rb
index ae9df203544c11..2d12556b109ae2 100644
--- a/lib/gitlab/grape_logging/loggers/filter_parameters.rb
+++ b/lib/gitlab/grape_logging/loggers/filter_parameters.rb
@@ -13,15 +13,15 @@ class FilterParameters < ::GrapeLogging::Loggers::FilterParameters
 
         def safe_parameters(request)
           loggable_params = super
-          settings = request.env[Grape::Env::API_ENDPOINT]&.route&.settings
+          options = request.env[Grape::Env::API_ENDPOINT]&.route&.options
 
-          return loggable_params unless settings&.key?(:log_safety)
+          return loggable_params unless options&.dig(:settings, :log_safety)
 
-          settings[:log_safety][:safe].each do |key|
+          options[:settings][:log_safety][:safe].each do |key|
             loggable_params[key] = request.params[key] if loggable_params.key?(key)
           end
 
-          settings[:log_safety][:unsafe].each do |key|
+          options[:settings][:log_safety][:unsafe].each do |key|
             loggable_params[key] = @replacement if loggable_params.key?(key)
           end
 
diff --git a/lib/tasks/ci/job_tokens_task.rb b/lib/tasks/ci/job_tokens_task.rb
index 34c0fb07d9911b..bc6bfa2d832f3b 100644
--- a/lib/tasks/ci/job_tokens_task.rb
+++ b/lib/tasks/ci/job_tokens_task.rb
@@ -120,7 +120,7 @@ def format_route(route, include_policies, user_docs)
 
         row << [
           "`#{route_path(route)}`",
-          route.description
+          route.options[:description]
         ]
 
         markdown_row(row)
@@ -155,15 +155,15 @@ def route_path(route)
       end
 
       def allowed_route?(route)
-        route.settings.dig(:authentication, :job_token_allowed)
+        route.options.dig(:settings, :authentication, :job_token_allowed)
       end
 
       def skip_route?(route)
-        route.settings.dig(:authorization, :skip_job_token_policies)
+        route.options.dig(:settings, :authorization, :skip_job_token_policies)
       end
 
       def policies_for(route)
-        Array(route.settings.dig(:authorization, :job_token_policies))
+        Array(route.options.dig(:settings, :authorization, :job_token_policies))
       end
     end
   end
diff --git a/spec/lib/api/api_spec.rb b/spec/lib/api/api_spec.rb
index cf08eaa765384f..a6068d81aa9fc8 100644
--- a/spec/lib/api/api_spec.rb
+++ b/spec/lib/api/api_spec.rb
@@ -5,7 +5,7 @@
 RSpec.describe API::API do
   describe '.prefix' do
     it 'has a prefix defined' do
-      expect(described_class.prefix).to eq :api
+      expect(described_class.prefix).to eq 'api'
     end
   end
 
diff --git a/spec/lib/gitlab/grape_logging/loggers/filter_parameters_spec.rb b/spec/lib/gitlab/grape_logging/loggers/filter_parameters_spec.rb
index 15c842c9f4445b..bf5cd320a11aee 100644
--- a/spec/lib/gitlab/grape_logging/loggers/filter_parameters_spec.rb
+++ b/spec/lib/gitlab/grape_logging/loggers/filter_parameters_spec.rb
@@ -6,7 +6,7 @@
   subject { described_class.new }
 
   describe ".parameters" do
-    let(:route) { instance_double('Grape::Router::Route', settings: settings) }
+    let(:route) { instance_double('Grape::Router::Route', options: options) }
     let(:endpoint) { instance_double('Grape::Endpoint', route: route) }
 
     let(:env) do
@@ -24,7 +24,7 @@
     end
 
     context 'when the log_safety setting is provided' do
-      let(:settings) { { log_safety: { safe: %w[foo bar key], unsafe: %w[oof rab value] } } }
+      let(:options) { { settings: { log_safety: { safe: %w[foo bar key], unsafe: %w[oof rab value] } } } }
 
       it 'includes safe parameters, and filters unsafe ones' do
         data = subject.parameters(mock_request, nil)
@@ -42,7 +42,7 @@
     end
 
     context 'when the log_safety is not provided' do
-      let(:settings) { {} }
+      let(:options) { {} }
 
       it 'behaves like the normal parameter filter' do
         data = subject.parameters(mock_request, nil)
diff --git a/spec/requests/api/api_spec.rb b/spec/requests/api/api_spec.rb
index 9d829da176403d..fde7382a6c78d4 100644
--- a/spec/requests/api/api_spec.rb
+++ b/spec/requests/api/api_spec.rb
@@ -582,8 +582,10 @@
   end
 
   describe 'Grape::Exceptions::Base handler' do
+    let_it_be(:user) { create(:user) }
+
     it 'returns 400 on JSON parse errors' do
-      post api('/projects'),
+      post api('/projects', user),
         params: '{"test":"random_\$escaped/symbols\;here"}',
         headers: { 'content-type' => 'application/json' }
 
diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index 498b2d7b50b183..3ab7641b3cb7a8 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -3760,10 +3760,10 @@ def make_request(user)
         end.to change { shared_group.shared_with_group_links.count }.by(-1)
       end
 
-      it 'requires the group id to be an integer' do
+      it 'returns a 404 error when the group id is not an integer' do
         delete api("/groups/#{shared_group.id}/share/foo", user)
 
-        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
 
       it 'returns a 404 error when group link does not exist' do
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb
index 45879ce1e80275..3b85180d49cec2 100644
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -42,7 +42,7 @@ def warden_authenticate_returns(value)
     env['warden'] = warden
   end
 
-  def error!(message, status, header)
+  def error!(message, status, header = {})
     raise StandardError, "#{status} - #{message}"
   end
 
@@ -336,7 +336,7 @@ def set_param(key, value)
 
   describe '.handle_api_exception' do
     before do
-      allow_any_instance_of(self.class).to receive(:rack_response)
+      allow_any_instance_of(self.class).to receive(:error!)
 
       stub_sentry_settings
 
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 7887c3e25fbb35..019cc2898d778a 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -4043,10 +4043,10 @@ def request
       end
     end
 
-    it 'returns a 400 when group id is not an integer' do
+    it 'returns a 404 when group id is not an integer' do
       delete api("/projects/#{project.id}/share/foo", user)
 
-      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(response).to have_gitlab_http_status(:not_found)
     end
 
     it 'returns a 404 error when group link does not exist' do
diff --git a/spec/requests/api/suggestions_spec.rb b/spec/requests/api/suggestions_spec.rb
index f4994324059435..6e4b046c32ed26 100644
--- a/spec/requests/api/suggestions_spec.rb
+++ b/spec/requests/api/suggestions_spec.rb
@@ -111,8 +111,8 @@
 
         put api(url, user)
 
-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(json_response).to eq({ 'error' => 'id is invalid' })
+        expect(response).to have_gitlab_http_status(:not_found)
+        expect(json_response).to eq({ 'error' => '404 Not Found' })
       end
     end
 
diff --git a/spec/requests/api/topics_spec.rb b/spec/requests/api/topics_spec.rb
index f2e7e1066fa7f1..8aa2f529c8268f 100644
--- a/spec/requests/api/topics_spec.rb
+++ b/spec/requests/api/topics_spec.rb
@@ -129,11 +129,11 @@
       expect(response).to have_gitlab_http_status(:not_found)
     end
 
-    it 'returns 400 for invalid `id` parameter' do
+    it 'returns 404 for invalid `id` parameter' do
       get api('/topics/invalid')
 
-      expect(response).to have_gitlab_http_status(:bad_request)
-      expect(json_response['error']).to eql('id is invalid')
+      expect(response).to have_gitlab_http_status(:not_found)
+      expect(json_response['error']).to eql('404 Not Found')
     end
   end
 
@@ -245,11 +245,11 @@
         expect(response).to have_gitlab_http_status(:not_found)
       end
 
-      it 'returns 400 for invalid `id` parameter' do
+      it 'returns 404 for invalid `id` parameter' do
         put api('/topics/invalid', admin, admin_mode: true), params: params
 
-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(json_response['error']).to eql('id is invalid')
+        expect(response).to have_gitlab_http_status(:not_found)
+        expect(json_response['error']).to eql('404 Not Found')
       end
 
       context 'with blank avatar' do
@@ -318,11 +318,11 @@
         expect(response).to have_gitlab_http_status(:not_found)
       end
 
-      it 'returns 400 for invalid `id` parameter' do
+      it 'returns 404 for invalid `id` parameter' do
         delete api('/topics/invalid', admin, admin_mode: true), params: params
 
-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(json_response['error']).to eql('id is invalid')
+        expect(response).to have_gitlab_http_status(:not_found)
+        expect(json_response['error']).to eql('404 Not Found')
       end
     end
 
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 308bc176cdfe05..26b2f15808b4ca 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -3823,10 +3823,10 @@ def request
       expect(response).to have_gitlab_http_status(:unauthorized)
     end
 
-    it "returns 400 for invalid ID" do
+    it "returns 404 for invalid ID" do
       delete api("/user/emails/ASDF", admin, admin_mode: true)
 
-      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(response).to have_gitlab_http_status(:not_found)
     end
   end
 
diff --git a/spec/support/shared_examples/requests/api/protection_rules_shared_examples.rb b/spec/support/shared_examples/requests/api/protection_rules_shared_examples.rb
index cea4293b395bbe..0204d3809aa7d3 100644
--- a/spec/support/shared_examples/requests/api/protection_rules_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/protection_rules_shared_examples.rb
@@ -28,8 +28,8 @@
   let(:url) { "/projects/#{project_id}/#{path}" }
 
   where(:project_id, :protection_rule_id, :status) do
-    ref(:valid_project_id) | 'invalid'                      | :bad_request
-    ref(:valid_project_id) | non_existing_record_id         | :not_found
+    ref(:valid_project_id) | 'invalid'                | :not_found
+    ref(:valid_project_id) | non_existing_record_id   | :not_found
     ref(:other_project_id) | ref(:valid_protection_rule_id) | :not_found
   end
 
diff --git a/spec/tasks/ci/job_tokens_task_spec.rb b/spec/tasks/ci/job_tokens_task_spec.rb
index 939459b1bed44c..9a3d9c025495c5 100644
--- a/spec/tasks/ci/job_tokens_task_spec.rb
+++ b/spec/tasks/ci/job_tokens_task_spec.rb
@@ -190,59 +190,69 @@
 
   def allowed_route_without_policies
     instance_double(Grape::Router::Route,
-      settings: {
-        authentication: { job_token_allowed: true }
+      options: {
+        description: 'route description',
+        settings: {
+          authentication: { job_token_allowed: true }
+        }
       },
       request_method: 'GET',
-      description: 'route description',
       origin: 'path/to/allowed_route_without_policies'
     )
   end
 
   def allowed_route_with_invalid_policies
     instance_double(Grape::Router::Route,
-      settings: {
-        authentication: { job_token_allowed: true },
-        authorization: { job_token_policies: :invalid_policy }
+      options: {
+        description: 'route description',
+        settings: {
+          authentication: { job_token_allowed: true },
+          authorization: { job_token_policies: :invalid_policy }
+        }
       },
       request_method: 'GET',
-      description: 'route description',
       origin: 'path/to/allowed_route_with_invalid_policies'
     )
   end
 
   def allowed_route_with_valid_policies
     instance_double(Grape::Router::Route,
-      settings: {
-        authentication: { job_token_allowed: true },
-        authorization: { job_token_policies: :read_packages }
+      options: {
+        description: 'route description',
+        settings: {
+          authentication: { job_token_allowed: true },
+          authorization: { job_token_policies: :read_packages }
+        }
       },
       request_method: 'GET',
-      description: 'route description',
       origin: 'path/to/allowed_route_with_valid_policies'
     )
   end
 
   def allowed_route_with_skipped_policies
     instance_double(Grape::Router::Route,
-      settings: {
-        authentication: { job_token_allowed: true },
-        authorization: { skip_job_token_policies: true }
+      options: {
+        description: 'route description',
+        settings: {
+          authentication: { job_token_allowed: true },
+          authorization: { skip_job_token_policies: true }
+        }
       },
       request_method: 'GET',
-      description: 'route description',
       origin: 'path/to/allowed_route_with_skipped_policies'
     )
   end
 
   def not_allowed_route
     instance_double(Grape::Router::Route,
-      settings: {
-        authentication: { job_token_allowed: false },
-        authorization: { job_token_policies: :read_packages }
+      options: {
+        description: 'route description',
+        settings: {
+          authentication: { job_token_allowed: false },
+          authorization: { job_token_policies: :read_packages }
+        }
       },
       request_method: 'GET',
-      description: 'route description',
       origin: 'path/to/route'
     )
   end
-- 
GitLab


From 612258f074387360125f52a564d8ca8ac87699ad Mon Sep 17 00:00:00 2001
From: bmarjanovic <bmarjanovic@gitlab.com>
Date: Fri, 11 Jul 2025 11:12:48 +0200
Subject: [PATCH 2/3] Update openapi docs

---
 doc/api/openapi/openapi_v2.yaml | 1290 +++++++++++++++----------------
 1 file changed, 645 insertions(+), 645 deletions(-)

diff --git a/doc/api/openapi/openapi_v2.yaml b/doc/api/openapi/openapi_v2.yaml
index ef701bd361c6d9..7ef5fc31c0415f 100644
--- a/doc/api/openapi/openapi_v2.yaml
+++ b/doc/api/openapi/openapi_v2.yaml
@@ -471,18 +471,18 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of the emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: epic_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: epic_iid
+        name: award_id
+        description: ID of the emoji reaction.
         type: integer
         format: int32
         required: true
@@ -504,18 +504,18 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of an emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: epic_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: epic_iid
+        name: award_id
+        description: ID of an emoji reaction.
         type: integer
         format: int32
         required: true
@@ -537,6 +537,21 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: epic_iid
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: note_id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -553,21 +568,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: epic_iid
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: note_id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: List an awardable's emoji reactions for groups
@@ -630,23 +630,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of the emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: epic_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: epic_iid
+        name: note_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: note_id
+        name: award_id
+        description: ID of the emoji reaction.
         type: integer
         format: int32
         required: true
@@ -668,23 +668,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of an emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: epic_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: epic_iid
+        name: note_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: note_id
+        name: award_id
+        description: ID of an emoji reaction.
         type: integer
         format: int32
         required: true
@@ -908,16 +908,16 @@ paths:
       produces:
       - application/json
       parameters:
-      - in: path
-        name: key
-        description: The key of the custom attribute
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: key
+        description: The key of the custom attribute
+        type: string
+        required: true
       responses:
         '200':
           description: Get a custom attribute on a group
@@ -933,16 +933,16 @@ paths:
       consumes:
       - application/json
       parameters:
-      - in: path
-        name: key
-        description: The key of the custom attribute
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: key
+        description: The key of the custom attribute
+        type: string
+        required: true
       - name: putApiV4GroupsIdCustomAttributesKey
         in: body
         required: true
@@ -959,16 +959,16 @@ paths:
       produces:
       - application/json
       parameters:
-      - in: path
-        name: key
-        description: The key of the custom attribute
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: key
+        description: The key of the custom attribute
+        type: string
+        required: true
       responses:
         '204':
           description: Delete a custom attribute on a group
@@ -2208,6 +2208,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: created_after
         description: Return audit events created after the specified time
@@ -2238,11 +2243,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of audit events in this group.
@@ -2260,13 +2260,13 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: audit_event_id
-        description: The ID of the audit event
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: audit_event_id
+        description: The ID of the audit event
         type: integer
         format: int32
         required: true
@@ -2284,6 +2284,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: username
         description: Return single user with a specific username.
@@ -2334,11 +2339,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of SAML users of the group
@@ -2355,6 +2355,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: username
         description: Return a single user with a specific username
@@ -2405,11 +2410,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of users provisioned by the group
@@ -2424,6 +2424,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: search
         description: Search users by name, email or username
@@ -2461,11 +2466,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of users for the group
@@ -2487,6 +2487,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -2503,11 +2508,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of ssh certificates created for a group.
@@ -3088,18 +3088,18 @@ paths:
         description: The group ID or full group path.
         type: string
         required: true
-      - in: path
-        name: project_id
-        description: The Project Id
-        type: integer
-        format: int32
-        required: true
       - in: path
         name: distribution
         description: The Debian Codename or Suite
         type: string
         required: true
         example: my-distro
+      - in: path
+        name: project_id
+        description: The Project Id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: letter
         description: The Debian Classification (first-letter or lib-first-letter)
@@ -6262,6 +6262,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The name of the integration
@@ -6319,11 +6324,6 @@ paths:
         - mock-ci
         - mock-monitoring
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Disable an integration
@@ -6342,6 +6342,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The name of the integration
@@ -6399,11 +6404,6 @@ paths:
         - mock-ci
         - mock-monitoring
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get an integration settings
@@ -6553,6 +6553,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -6569,11 +6574,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get the list of uploads of a group
@@ -6595,13 +6595,13 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: upload_id
-        description: The ID of a group upload
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: upload_id
+        description: The ID of a group upload
         type: integer
         format: int32
         required: true
@@ -6623,13 +6623,13 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: upload_id
-        description: The ID of a group upload
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: upload_id
+        description: The ID of a group upload
         type: integer
         format: int32
         required: true
@@ -6651,6 +6651,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: secret
         description: The 32-character secret of a group upload
@@ -6661,11 +6666,6 @@ paths:
         description: The filename of a group upload
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Download a single project upload by secret and filename
@@ -6683,6 +6683,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: secret
         description: The 32-character secret of a group upload
@@ -6693,11 +6698,6 @@ paths:
         description: The filename of a group upload
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Delete a single group upload by secret and filename
@@ -8187,18 +8187,18 @@ paths:
         type: integer
         format: int32
         required: true
-      - in: query
-        name: file_identifier
-        description: The PyPi package file identifier
-        type: string
-        required: true
-        example: my.pypi.package-0.0.1.tar.gz
       - in: path
         name: sha256
         description: The PyPi package sha256 check sum
         type: string
         required: true
         example: 5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff
+      - in: query
+        name: file_identifier
+        description: The PyPi package file identifier
+        type: string
+        required: true
+        example: my.pypi.package-0.0.1.tar.gz
       responses:
         '200':
           description: Download a package file from a group
@@ -8369,17 +8369,17 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: with_content
         description: Include pages' content
         type: boolean
         default: false
         required: false
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of wiki pages
@@ -8429,6 +8429,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The slug of a wiki page
@@ -8445,11 +8450,6 @@ paths:
         type: boolean
         default: false
         required: false
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a wiki page
@@ -8501,16 +8501,16 @@ paths:
       produces:
       - application/json
       parameters:
-      - in: path
-        name: slug
-        description: The slug of a wiki page
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: slug
+        description: The slug of a wiki page
+        type: string
+        required: true
       responses:
         '204':
           description: Delete a wiki page
@@ -8973,18 +8973,18 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of the emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: issue_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: issue_iid
+        name: award_id
+        description: ID of the emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9006,18 +9006,18 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of an emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: issue_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: issue_iid
+        name: award_id
+        description: ID of an emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9039,6 +9039,21 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: issue_iid
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: note_id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -9055,21 +9070,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: issue_iid
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: note_id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: List an awardable's emoji reactions for projects
@@ -9132,23 +9132,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of the emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: issue_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: issue_iid
+        name: note_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: note_id
+        name: award_id
+        description: ID of the emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9170,23 +9170,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of an emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: issue_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: issue_iid
+        name: note_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: note_id
+        name: award_id
+        description: ID of an emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9293,18 +9293,18 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of the emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: merge_request_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: merge_request_iid
+        name: award_id
+        description: ID of the emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9326,18 +9326,18 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of an emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: merge_request_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: merge_request_iid
+        name: award_id
+        description: ID of an emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9359,58 +9359,6 @@ paths:
       produces:
       - application/json
       parameters:
-      - in: query
-        name: page
-        description: Current page number
-        type: integer
-        format: int32
-        default: 1
-        required: false
-        example: 1
-      - in: query
-        name: per_page
-        description: Number of items per page
-        type: integer
-        format: int32
-        default: 20
-        required: false
-        example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: note_id
-        type: integer
-        format: int32
-        required: true
-      responses:
-        '200':
-          description: List an awardable's emoji reactions for projects
-          schema:
-            type: array
-            items:
-              "$ref": "#/definitions/API_Entities_AwardEmoji"
-        '404':
-          description: Not Found
-      tags:
-      - award_emoji
-      operationId: getApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji
-    post:
-      summary: Add a new emoji reaction
-      description: Add an emoji reaction on the specified awardable. This feature
-        was introduced in 8.9
-      produces:
-      - application/json
-      consumes:
-      - application/json
-      parameters:
       - in: path
         name: id
         type: integer
@@ -9426,120 +9374,6 @@ paths:
         type: integer
         format: int32
         required: true
-      - name: postApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji
-        in: body
-        required: true
-        schema:
-          "$ref": "#/definitions/postApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji"
-      responses:
-        '201':
-          description: Add a new emoji reaction
-          schema:
-            "$ref": "#/definitions/API_Entities_AwardEmoji"
-        '400':
-          description: Bad Request
-        '404':
-          description: Not Found
-      tags:
-      - award_emoji
-      operationId: postApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji
-  "/api/v4/projects/{id}/merge_requests/{merge_request_iid}/notes/{note_id}/award_emoji/{award_id}":
-    get:
-      summary: Get a single emoji reaction
-      description: Get a single emoji reaction from an issue, snippet, or merge request.
-        This feature was introduced in 8.9
-      produces:
-      - application/json
-      parameters:
-      - in: path
-        name: award_id
-        description: ID of the emoji reaction.
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: note_id
-        type: integer
-        format: int32
-        required: true
-      responses:
-        '200':
-          description: Get a single emoji reaction
-          schema:
-            "$ref": "#/definitions/API_Entities_AwardEmoji"
-        '404':
-          description: Not Found
-      tags:
-      - award_emoji
-      operationId: getApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmojiAwardId
-    delete:
-      summary: Delete an emoji reaction
-      description: Only an administrator or the author of the reaction can delete
-        an emoji reaction. This feature was introduced in 8.9
-      produces:
-      - application/json
-      parameters:
-      - in: path
-        name: award_id
-        description: ID of an emoji reaction.
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: note_id
-        type: integer
-        format: int32
-        required: true
-      responses:
-        '204':
-          description: Delete an emoji reaction
-        '401':
-          description: Unauthorized
-        '404':
-          description: Not Found
-      tags:
-      - award_emoji
-      operationId: deleteApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmojiAwardId
-  "/api/v4/projects/{id}/snippets/{snippet_id}/award_emoji":
-    get:
-      summary: List an awardable's emoji reactions for projects
-      description: Get a list of all emoji reactions for a specified awardable. This
-        feature was introduced in 8.9
-      produces:
-      - application/json
-      parameters:
-      - in: path
-        name: id
-        description: The ID or URL-encoded path of the project
-        type: string
-        required: true
-      - in: path
-        name: snippet_id
-        description: ID (`iid` for merge requests/issues/epics, `id` for snippets)
-          of an awardable.
-        type: integer
-        format: int32
-        required: true
       - in: query
         name: page
         description: Current page number
@@ -9567,7 +9401,7 @@ paths:
           description: Not Found
       tags:
       - award_emoji
-      operationId: getApiV4ProjectsIdSnippetsSnippetIdAwardEmoji
+      operationId: getApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji
     post:
       summary: Add a new emoji reaction
       description: Add an emoji reaction on the specified awardable. This feature
@@ -9583,15 +9417,20 @@ paths:
         format: int32
         required: true
       - in: path
-        name: snippet_id
+        name: merge_request_iid
         type: integer
         format: int32
         required: true
-      - name: postApiV4ProjectsIdSnippetsSnippetIdAwardEmoji
+      - in: path
+        name: note_id
+        type: integer
+        format: int32
+        required: true
+      - name: postApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji
         in: body
         required: true
         schema:
-          "$ref": "#/definitions/postApiV4ProjectsIdSnippetsSnippetIdAwardEmoji"
+          "$ref": "#/definitions/postApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji"
       responses:
         '201':
           description: Add a new emoji reaction
@@ -9603,8 +9442,8 @@ paths:
           description: Not Found
       tags:
       - award_emoji
-      operationId: postApiV4ProjectsIdSnippetsSnippetIdAwardEmoji
-  "/api/v4/projects/{id}/snippets/{snippet_id}/award_emoji/{award_id}":
+      operationId: postApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmoji
+  "/api/v4/projects/{id}/merge_requests/{merge_request_iid}/notes/{note_id}/award_emoji/{award_id}":
     get:
       summary: Get a single emoji reaction
       description: Get a single emoji reaction from an issue, snippet, or merge request.
@@ -9613,18 +9452,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of the emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: merge_request_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: snippet_id
+        name: note_id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: award_id
+        description: ID of the emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9637,7 +9481,7 @@ paths:
           description: Not Found
       tags:
       - award_emoji
-      operationId: getApiV4ProjectsIdSnippetsSnippetIdAwardEmojiAwardId
+      operationId: getApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmojiAwardId
     delete:
       summary: Delete an emoji reaction
       description: Only an administrator or the author of the reaction can delete
@@ -9646,18 +9490,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of an emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: merge_request_iid
         type: integer
         format: int32
         required: true
       - in: path
-        name: snippet_id
+        name: note_id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: award_id
+        description: ID of an emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9670,8 +9519,8 @@ paths:
           description: Not Found
       tags:
       - award_emoji
-      operationId: deleteApiV4ProjectsIdSnippetsSnippetIdAwardEmojiAwardId
-  "/api/v4/projects/{id}/snippets/{snippet_id}/notes/{note_id}/award_emoji":
+      operationId: deleteApiV4ProjectsIdMergeRequestsMergeRequestIidNotesNoteIdAwardEmojiAwardId
+  "/api/v4/projects/{id}/snippets/{snippet_id}/award_emoji":
     get:
       summary: List an awardable's emoji reactions for projects
       description: Get a list of all emoji reactions for a specified awardable. This
@@ -9679,6 +9528,18 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        description: The ID or URL-encoded path of the project
+        type: string
+        required: true
+      - in: path
+        name: snippet_id
+        description: ID (`iid` for merge requests/issues/epics, `id` for snippets)
+          of an awardable.
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -9695,6 +9556,129 @@ paths:
         default: 20
         required: false
         example: 20
+      responses:
+        '200':
+          description: List an awardable's emoji reactions for projects
+          schema:
+            type: array
+            items:
+              "$ref": "#/definitions/API_Entities_AwardEmoji"
+        '404':
+          description: Not Found
+      tags:
+      - award_emoji
+      operationId: getApiV4ProjectsIdSnippetsSnippetIdAwardEmoji
+    post:
+      summary: Add a new emoji reaction
+      description: Add an emoji reaction on the specified awardable. This feature
+        was introduced in 8.9
+      produces:
+      - application/json
+      consumes:
+      - application/json
+      parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: snippet_id
+        type: integer
+        format: int32
+        required: true
+      - name: postApiV4ProjectsIdSnippetsSnippetIdAwardEmoji
+        in: body
+        required: true
+        schema:
+          "$ref": "#/definitions/postApiV4ProjectsIdSnippetsSnippetIdAwardEmoji"
+      responses:
+        '201':
+          description: Add a new emoji reaction
+          schema:
+            "$ref": "#/definitions/API_Entities_AwardEmoji"
+        '400':
+          description: Bad Request
+        '404':
+          description: Not Found
+      tags:
+      - award_emoji
+      operationId: postApiV4ProjectsIdSnippetsSnippetIdAwardEmoji
+  "/api/v4/projects/{id}/snippets/{snippet_id}/award_emoji/{award_id}":
+    get:
+      summary: Get a single emoji reaction
+      description: Get a single emoji reaction from an issue, snippet, or merge request.
+        This feature was introduced in 8.9
+      produces:
+      - application/json
+      parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: snippet_id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: award_id
+        description: ID of the emoji reaction.
+        type: integer
+        format: int32
+        required: true
+      responses:
+        '200':
+          description: Get a single emoji reaction
+          schema:
+            "$ref": "#/definitions/API_Entities_AwardEmoji"
+        '404':
+          description: Not Found
+      tags:
+      - award_emoji
+      operationId: getApiV4ProjectsIdSnippetsSnippetIdAwardEmojiAwardId
+    delete:
+      summary: Delete an emoji reaction
+      description: Only an administrator or the author of the reaction can delete
+        an emoji reaction. This feature was introduced in 8.9
+      produces:
+      - application/json
+      parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: snippet_id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: award_id
+        description: ID of an emoji reaction.
+        type: integer
+        format: int32
+        required: true
+      responses:
+        '204':
+          description: Delete an emoji reaction
+        '401':
+          description: Unauthorized
+        '404':
+          description: Not Found
+      tags:
+      - award_emoji
+      operationId: deleteApiV4ProjectsIdSnippetsSnippetIdAwardEmojiAwardId
+  "/api/v4/projects/{id}/snippets/{snippet_id}/notes/{note_id}/award_emoji":
+    get:
+      summary: List an awardable's emoji reactions for projects
+      description: Get a list of all emoji reactions for a specified awardable. This
+        feature was introduced in 8.9
+      produces:
+      - application/json
+      parameters:
       - in: path
         name: id
         type: integer
@@ -9710,6 +9694,22 @@ paths:
         type: integer
         format: int32
         required: true
+      - in: query
+        name: page
+        description: Current page number
+        type: integer
+        format: int32
+        default: 1
+        required: false
+        example: 1
+      - in: query
+        name: per_page
+        description: Number of items per page
+        type: integer
+        format: int32
+        default: 20
+        required: false
+        example: 20
       responses:
         '200':
           description: List an awardable's emoji reactions for projects
@@ -9772,23 +9772,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of the emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: snippet_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: snippet_id
+        name: note_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: note_id
+        name: award_id
+        description: ID of the emoji reaction.
         type: integer
         format: int32
         required: true
@@ -9810,23 +9810,23 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: award_id
-        description: ID of an emoji reaction.
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: snippet_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: snippet_id
+        name: note_id
         type: integer
         format: int32
         required: true
       - in: path
-        name: note_id
+        name: award_id
+        description: ID of an emoji reaction.
         type: integer
         format: int32
         required: true
@@ -10365,13 +10365,13 @@ paths:
         type: string
         required: true
       - in: query
-        name: job
-        description: The name of the job.
+        name: artifact_path
+        description: Path to a file inside the artifacts archive.
         type: string
         required: true
       - in: query
-        name: artifact_path
-        description: Path to a file inside the artifacts archive.
+        name: job
+        description: The name of the job.
         type: string
         required: true
       - in: query
@@ -10632,17 +10632,17 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: job_id
-        description: The ID of a job
+        name: id
         type: integer
         format: int32
         required: true
-        example: 88
       - in: path
-        name: id
+        name: job_id
+        description: The ID of a job
         type: integer
         format: int32
         required: true
+        example: 88
       responses:
         '200':
           description: Get a specific job of a project
@@ -10664,17 +10664,17 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: job_id
-        description: The ID of a job
+        name: id
         type: integer
         format: int32
         required: true
-        example: 88
       - in: path
-        name: id
+        name: job_id
+        description: The ID of a job
         type: integer
         format: int32
         required: true
+        example: 88
       responses:
         '200':
           description: Get a trace of a specific job of a project
@@ -10698,17 +10698,17 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: job_id
-        description: The ID of a job
+        name: id
         type: integer
         format: int32
         required: true
-        example: 88
       - in: path
-        name: id
+        name: job_id
+        description: The ID of a job
         type: integer
         format: int32
         required: true
+        example: 88
       - name: postApiV4ProjectsIdJobsJobIdCancel
         in: body
         required: true
@@ -10737,17 +10737,17 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: job_id
-        description: The ID of a job
+        name: id
         type: integer
         format: int32
         required: true
-        example: 88
       - in: path
-        name: id
+        name: job_id
+        description: The ID of a job
         type: integer
         format: int32
         required: true
+        example: 88
       responses:
         '201':
           description: Retry a specific job of a project
@@ -10771,17 +10771,17 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: job_id
-        description: The ID of a build
+        name: id
         type: integer
         format: int32
         required: true
-        example: 88
       - in: path
-        name: id
+        name: job_id
+        description: The ID of a build
         type: integer
         format: int32
         required: true
+        example: 88
       responses:
         '201':
           description: Erase job (remove artifacts and the trace)
@@ -10808,17 +10808,17 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: job_id
-        description: The ID of a Job
+        name: id
         type: integer
         format: int32
         required: true
-        example: 88
       - in: path
-        name: id
+        name: job_id
+        description: The ID of a Job
         type: integer
         format: int32
         required: true
+        example: 88
       - name: postApiV4ProjectsIdJobsJobIdPlay
         in: body
         required: true
@@ -13350,6 +13350,11 @@ paths:
         description: The ID or URL-encoded path of the project
         type: string
         required: true
+      - in: path
+        name: sha
+        description: A commit sha, or the name of a branch or tag
+        type: string
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -13366,11 +13371,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: sha
-        description: A commit sha, or the name of a branch or tag
-        type: string
-        required: true
       responses:
         '200':
           description: Get a commit's comments
@@ -13839,18 +13839,18 @@ paths:
         description: The ID or URL-encoded path of a project
         type: string
         required: true
-      - in: query
-        name: sha
-        description: Shasum of current json
-        type: string
-        required: true
-        example: 673594f85a55fe3c0eb45df7bd2fa9d95a1601ab
       - in: query
         name: package_name
         description: The Composer package name
         type: string
         required: true
         example: my-composer-package
+      - in: query
+        name: sha
+        description: Shasum of current json
+        type: string
+        required: true
+        example: 673594f85a55fe3c0eb45df7bd2fa9d95a1601ab
       responses:
         '200':
           description: Composer package endpoint to download a package archive
@@ -17199,6 +17199,12 @@ paths:
           user
         type: string
         required: true
+      - in: path
+        name: deployment_id
+        description: The ID of the deployment
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -17215,12 +17221,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: deployment_id
-        description: The ID of the deployment
-        type: integer
-        format: int32
-        required: true
       - in: query
         name: author_id
         description: Returns merge requests created by the given user `id`. Mutually
@@ -21336,6 +21336,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The name of the integration
@@ -21393,11 +21398,6 @@ paths:
         - mock-ci
         - mock-monitoring
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Disable an integration
@@ -21416,6 +21416,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The name of the integration
@@ -21473,11 +21478,6 @@ paths:
         - mock-ci
         - mock-monitoring
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get an integration settings
@@ -23369,6 +23369,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The name of the integration
@@ -23426,11 +23431,6 @@ paths:
         - mock-ci
         - mock-monitoring
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Disable an integration
@@ -23449,6 +23449,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The name of the integration
@@ -23506,11 +23511,6 @@ paths:
         - mock-ci
         - mock-monitoring
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get an integration settings
@@ -23865,6 +23865,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: sha
         description: 'Deprecated: Use content_ref instead'
@@ -23901,11 +23906,6 @@ paths:
           to the default branch of the project. Only used when dry_run is true
         type: string
         required: false
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Validates a CI YAML configuration with a namespace
@@ -23998,6 +23998,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -24014,11 +24019,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get the list of uploads of a project
@@ -24040,13 +24040,13 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: upload_id
-        description: The ID of a project upload
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: upload_id
+        description: The ID of a project upload
         type: integer
         format: int32
         required: true
@@ -24068,13 +24068,13 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: upload_id
-        description: The ID of a project upload
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: upload_id
+        description: The ID of a project upload
         type: integer
         format: int32
         required: true
@@ -24096,6 +24096,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: secret
         description: The 32-character secret of a project upload
@@ -24106,11 +24111,6 @@ paths:
         description: The filename of a project upload
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Download a single project upload by secret and filename
@@ -24128,6 +24128,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: secret
         description: The 32-character secret of a project upload
@@ -24138,11 +24143,6 @@ paths:
         description: The filename of a project upload
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Delete a single project upload by secret and filename
@@ -25532,6 +25532,11 @@ paths:
         description: The ID or URL-encoded path of the project.
         type: string
         required: true
+      - in: path
+        name: merge_request_iid
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -25548,11 +25553,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get single merge request commits
@@ -25636,6 +25636,11 @@ paths:
         description: The ID or URL-encoded path of the project.
         type: string
         required: true
+      - in: path
+        name: merge_request_iid
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: commits
         description: The context commits’ SHA.
@@ -25643,11 +25648,6 @@ paths:
         items:
           type: string
         required: true
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Delete merge request context commits
@@ -25673,17 +25673,17 @@ paths:
         description: The ID or URL-encoded path of the project.
         type: string
         required: true
+      - in: path
+        name: merge_request_iid
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: unidiff
         description: A diff in a Unified diff format
         type: boolean
         default: false
         required: false
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get single merge request changes
@@ -25706,6 +25706,11 @@ paths:
         description: The ID or URL-encoded path of the project.
         type: string
         required: true
+      - in: path
+        name: merge_request_iid
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -25728,11 +25733,6 @@ paths:
         type: boolean
         default: false
         required: false
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get the merge request diffs
@@ -25993,6 +25993,11 @@ paths:
         description: The ID or URL-encoded path of the project.
         type: string
         required: true
+      - in: path
+        name: merge_request_iid
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -26009,11 +26014,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: List issues that close on merge
@@ -26039,6 +26039,11 @@ paths:
         description: The ID or URL-encoded path of the project.
         type: string
         required: true
+      - in: path
+        name: merge_request_iid
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -26055,11 +26060,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: merge_request_iid
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: List issues related to merge request
@@ -26167,13 +26167,13 @@ paths:
         type: string
         required: true
       - in: path
-        name: file_name
-        description: File name
+        name: model_version_id
+        description: Model version id
         type: string
         required: true
       - in: path
-        name: model_version_id
-        description: Model version id
+        name: file_name
+        description: File name
         type: string
         required: true
       - name: putApiV4ProjectsIdPackagesMlModelsModelVersionIdFiles(*path)FileNameAuthorize
@@ -26208,13 +26208,13 @@ paths:
         type: string
         required: true
       - in: path
-        name: file_name
-        description: File name
+        name: model_version_id
+        description: Model version id
         type: string
         required: true
       - in: path
-        name: model_version_id
-        description: Model version id
+        name: file_name
+        description: File name
         type: string
         required: true
       - name: putApiV4ProjectsIdPackagesMlModelsModelVersionIdFiles(*path)FileName
@@ -26246,8 +26246,8 @@ paths:
         type: string
         required: true
       - in: path
-        name: file_name
-        description: File name
+        name: model_version_id
+        description: Model version id
         type: string
         required: true
       - in: query
@@ -26255,6 +26255,11 @@ paths:
         description: File directory path
         type: string
         required: false
+      - in: path
+        name: file_name
+        description: File name
+        type: string
+        required: true
       - in: query
         name: status
         description: Package status
@@ -26263,11 +26268,6 @@ paths:
         - default
         - hidden
         required: false
-      - in: path
-        name: model_version_id
-        description: Model version id
-        type: string
-        required: true
       responses:
         '200':
           description: Download an ml_model package file
@@ -28701,6 +28701,11 @@ paths:
       consumes:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: hook_id
         description: The ID of the hook
@@ -28712,11 +28717,6 @@ paths:
         description: The key of the variable
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       - name: putApiV4ProjectsIdHooksHookIdUrlVariablesKey
         in: body
         required: true
@@ -28733,6 +28733,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: hook_id
         description: The ID of the hook
@@ -28744,11 +28749,6 @@ paths:
         description: The key of the variable
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Un-Set a url variable
@@ -28763,6 +28763,11 @@ paths:
       consumes:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: hook_id
         description: The ID of the hook
@@ -28774,11 +28779,6 @@ paths:
         description: The key of the custom header
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       - name: putApiV4ProjectsIdHooksHookIdCustomHeadersKey
         in: body
         required: true
@@ -28795,6 +28795,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: hook_id
         description: The ID of the hook
@@ -28806,11 +28811,6 @@ paths:
         description: The key of the custom header
         type: string
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '204':
           description: Un-Set a custom header
@@ -28984,6 +28984,16 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
+      - in: path
+        name: hook_id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: status
         type: array
@@ -29075,16 +29085,6 @@ paths:
         default: 1
         required: false
         example: 1
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
-      - in: path
-        name: hook_id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get events for a given hook id
@@ -29106,6 +29106,11 @@ paths:
       consumes:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: hook_id
         description: The ID of the hook
@@ -29135,11 +29140,6 @@ paths:
         - wiki_page_events
         - vulnerability_events
         required: true
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '201':
           description: Triggers a hook test
@@ -31246,6 +31246,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -31262,11 +31267,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Fetch project inbound allowlist for CI_JOB_TOKEN access settings.
@@ -31324,6 +31324,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -31340,11 +31345,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Fetch project groups allowlist for CI_JOB_TOKEN access settings.
@@ -31643,6 +31643,12 @@ paths:
         description: The ID or URL-encoded path of the project
         type: string
         required: true
+      - in: path
+        name: package_id
+        description: The ID of a package
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: page
         description: Current page number
@@ -31661,12 +31667,6 @@ paths:
         maximum: 20
         required: false
         example: 20
-      - in: path
-        name: package_id
-        description: The ID of a package
-        type: integer
-        format: int32
-        required: true
       - in: query
         name: cursor
         description: Cursor for obtaining the next set of records
@@ -31827,16 +31827,16 @@ paths:
       produces:
       - application/x-tar
       parameters:
-      - in: query
-        name: wiki
-        description: Set to true to receive the wiki repository
-        type: boolean
-        required: false
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: query
+        name: wiki
+        description: Set to true to receive the wiki repository
+        type: boolean
+        required: false
       responses:
         '200':
           description: Download a (possibly inconsistent) snapshot of a repository
@@ -32046,9 +32046,9 @@ paths:
         type: string
         required: true
       - in: path
-        name: file_path
-        description: The url encoded path to the file, e.g. lib%2Fclass%2Erb
-        type: string
+        name: snippet_id
+        type: integer
+        format: int32
         required: true
       - in: path
         name: ref
@@ -32056,9 +32056,9 @@ paths:
         type: string
         required: true
       - in: path
-        name: snippet_id
-        type: integer
-        format: int32
+        name: file_path
+        description: The url encoded path to the file, e.g. lib%2Fclass%2Erb
+        type: string
         required: true
       responses:
         '200':
@@ -32265,16 +32265,16 @@ paths:
       produces:
       - application/json
       parameters:
-      - in: path
-        name: key
-        description: The key of the custom attribute
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: key
+        description: The key of the custom attribute
+        type: string
+        required: true
       responses:
         '200':
           description: Get a custom attribute on a project
@@ -32290,16 +32290,16 @@ paths:
       consumes:
       - application/json
       parameters:
-      - in: path
-        name: key
-        description: The key of the custom attribute
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: key
+        description: The key of the custom attribute
+        type: string
+        required: true
       - name: putApiV4ProjectsIdCustomAttributesKey
         in: body
         required: true
@@ -32316,16 +32316,16 @@ paths:
       produces:
       - application/json
       parameters:
-      - in: path
-        name: key
-        description: The key of the custom attribute
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: key
+        description: The key of the custom attribute
+        type: string
+        required: true
       responses:
         '204':
           description: Delete a custom attribute on a project
@@ -33759,6 +33759,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: created_after
         description: Return audit events created after the specified time
@@ -33789,11 +33794,6 @@ paths:
         default: 20
         required: false
         example: 20
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of audit events in this project.
@@ -33811,13 +33811,13 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: audit_event_id
-        description: The ID of the audit event
+        name: id
         type: integer
         format: int32
         required: true
       - in: path
-        name: id
+        name: audit_event_id
+        description: The ID of the audit event
         type: integer
         format: int32
         required: true
@@ -34153,18 +34153,18 @@ paths:
         description: The ID or URL-encoded path of the project
         type: string
         required: true
-      - in: query
-        name: file_identifier
-        description: The PyPi package file identifier
-        type: string
-        required: true
-        example: my.pypi.package-0.0.1.tar.gz
       - in: path
         name: sha256
         description: The PyPi package sha256 check sum
         type: string
         required: true
         example: 5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff
+      - in: query
+        name: file_identifier
+        description: The PyPi package file identifier
+        type: string
+        required: true
+        example: my.pypi.package-0.0.1.tar.gz
       responses:
         '200':
           description: The PyPi package download endpoint
@@ -34590,16 +34590,16 @@ paths:
       consumes:
       - application/json
       parameters:
-      - in: path
-        name: tag_name
-        description: The Git tag the release is associated with
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: tag_name
+        description: The Git tag the release is associated with
+        type: string
+        required: true
       responses:
         '201':
           description: Collect release evidence
@@ -35549,17 +35549,17 @@ paths:
         description: The ID or URL-encoded path of the project
         type: string
         required: true
-      - in: path
-        name: event_id
-        description: The ID of a resource milestone event
-        type: string
-        required: true
       - in: path
         name: eventable_id
         description: The ID of the eventable
         type: integer
         format: int32
         required: true
+      - in: path
+        name: event_id
+        description: The ID of a resource milestone event
+        type: string
+        required: true
       responses:
         '200':
           description: Get single Issue milestone event
@@ -35626,17 +35626,17 @@ paths:
         description: The ID or URL-encoded path of the project
         type: string
         required: true
-      - in: path
-        name: event_id
-        description: The ID of a resource milestone event
-        type: string
-        required: true
       - in: path
         name: eventable_id
         description: The ID of the eventable
         type: integer
         format: int32
         required: true
+      - in: path
+        name: event_id
+        description: The ID of a resource milestone event
+        type: string
+        required: true
       responses:
         '200':
           description: Get single Merge request milestone event
@@ -36492,16 +36492,16 @@ paths:
         description: The ID or URL-encoded path of the project
         type: string
         required: true
-      - in: query
-        name: ID
-        description: Terraform state lock ID
-        type: string
-        required: false
       - in: path
         name: name
         type: integer
         format: int32
         required: true
+      - in: query
+        name: ID
+        description: Terraform state lock ID
+        type: string
+        required: false
       responses:
         '204':
           description: Unlock a Terraform state of a certain name
@@ -36588,17 +36588,17 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: with_content
         description: Include pages' content
         type: boolean
         default: false
         required: false
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a list of wiki pages
@@ -36648,6 +36648,11 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        type: integer
+        format: int32
+        required: true
       - in: path
         name: slug
         description: The slug of a wiki page
@@ -36664,11 +36669,6 @@ paths:
         type: boolean
         default: false
         required: false
-      - in: path
-        name: id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Get a wiki page
@@ -36720,16 +36720,16 @@ paths:
       produces:
       - application/json
       parameters:
-      - in: path
-        name: slug
-        description: The slug of a wiki page
-        type: string
-        required: true
       - in: path
         name: id
         type: integer
         format: int32
         required: true
+      - in: path
+        name: slug
+        description: The slug of a wiki page
+        type: string
+        required: true
       responses:
         '204':
           description: Delete a wiki page
@@ -36775,6 +36775,12 @@ paths:
       produces:
       - application/json
       parameters:
+      - in: path
+        name: id
+        description: The batched background migration id
+        type: integer
+        format: int32
+        required: true
       - in: query
         name: database
         description: The name of the database
@@ -36787,12 +36793,6 @@ paths:
         - embedding
         - geo
         required: false
-      - in: path
-        name: id
-        description: The batched background migration id
-        type: integer
-        format: int32
-        required: true
       responses:
         '200':
           description: Retrieve a batched background migration
@@ -42679,9 +42679,9 @@ paths:
       - application/json
       parameters:
       - in: path
-        name: file_path
-        description: The url encoded path to the file, e.g. lib%2Fclass%2Erb
-        type: string
+        name: id
+        type: integer
+        format: int32
         required: true
       - in: path
         name: ref
@@ -42689,9 +42689,9 @@ paths:
         type: string
         required: true
       - in: path
-        name: id
-        type: integer
-        format: int32
+        name: file_path
+        description: The url encoded path to the file, e.g. lib%2Fclass%2Erb
+        type: string
         required: true
       responses:
         '200':
@@ -53313,15 +53313,15 @@ definitions:
       package_version:
         type: string
         description: Package version
+      path:
+        type: integer
+        format: int32
       status:
         type: string
         description: Package status
         enum:
         - default
         - hidden
-      path:
-        type: integer
-        format: int32
     required:
     - package_version
     - path
-- 
GitLab


From 141fe5d1ec3ef5078d7efcdff11b651ea0a6b183 Mon Sep 17 00:00:00 2001
From: bmarjanovic <bmarjanovic@gitlab.com>
Date: Fri, 11 Jul 2025 12:50:22 +0200
Subject: [PATCH 3/3] Fixes failing specs

---
 ee/spec/requests/api/service_accounts_spec.rb        | 4 ++--
 lib/api/ci/job_artifacts.rb                          | 4 ++--
 lib/api/concerns/packages/npm_namespace_endpoints.rb | 2 +-
 lib/api/ml/mlflow_artifacts/artifacts.rb             | 2 +-
 lib/api/npm_project_packages.rb                      | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ee/spec/requests/api/service_accounts_spec.rb b/ee/spec/requests/api/service_accounts_spec.rb
index 645114308b2a8a..ce4f2f297d71d9 100644
--- a/ee/spec/requests/api/service_accounts_spec.rb
+++ b/ee/spec/requests/api/service_accounts_spec.rb
@@ -277,10 +277,10 @@
             expect(json_response['message']).to eq('404 Not found')
           end
 
-          it "returns a 400 for and invalid user ID" do
+          it "returns a 404 for and invalid user ID" do
             patch api("/service_accounts/ASDF", current_user), params: params
 
-            expect(response).to have_gitlab_http_status(:bad_request)
+            expect(response).to have_gitlab_http_status(:not_found)
           end
 
           it "returns a 400 for a non-service account user" do
diff --git a/lib/api/ci/job_artifacts.rb b/lib/api/ci/job_artifacts.rb
index 5fcb4f046e8c68..f403d3d31e0c41 100644
--- a/lib/api/ci/job_artifacts.rb
+++ b/lib/api/ci/job_artifacts.rb
@@ -77,7 +77,7 @@ def audit_download(build, filename); end
           allow_public_access_for_enabled_project_features: [:repository, :builds]
         get ':id/jobs/artifacts/:ref_name/raw/*artifact_path',
           urgency: :low,
-          format: false,
+          format: true,
           requirements: { ref_name: /.+/ } do
           authorize_download_artifacts!
 
@@ -135,7 +135,7 @@ def audit_download(build, filename); end
         end
         route_setting :authentication, job_token_allowed: true
         route_setting :authorization, job_token_policies: :read_jobs
-        get ':id/jobs/:job_id/artifacts/*artifact_path', urgency: :low, format: false do
+        get ':id/jobs/:job_id/artifacts/*artifact_path', urgency: :low, format: true do
           authorize_download_artifacts!
 
           build = find_build!(params[:job_id])
diff --git a/lib/api/concerns/packages/npm_namespace_endpoints.rb b/lib/api/concerns/packages/npm_namespace_endpoints.rb
index c8e856844fe8b5..f7986650c5fc6a 100644
--- a/lib/api/concerns/packages/npm_namespace_endpoints.rb
+++ b/lib/api/concerns/packages/npm_namespace_endpoints.rb
@@ -60,7 +60,7 @@ def project
           route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true,
             authenticate_non_public: true
           route_setting :authorization, skip_job_token_policies: true
-          get '*package_name', format: false, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
+          get '*package_name', format: true, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
             package_name = declared_params[:package_name]
             packages =
               if Feature.enabled?(:npm_allow_packages_in_multiple_projects, group_or_namespace)
diff --git a/lib/api/ml/mlflow_artifacts/artifacts.rb b/lib/api/ml/mlflow_artifacts/artifacts.rb
index f7184bb4a6128a..a8fc7822725e7e 100644
--- a/lib/api/ml/mlflow_artifacts/artifacts.rb
+++ b/lib/api/ml/mlflow_artifacts/artifacts.rb
@@ -43,7 +43,7 @@ class Artifacts < ::API::Base
           present package_files, with: Entities::Ml::MlflowArtifacts::ArtifactsList
         end
 
-        get 'artifacts/:model_version/*file_path', format: false, urgency: :low do
+        get 'artifacts/:model_version/*file_path', format: true, urgency: :low do
           if candidate_version?(params[:model_version])
             version = params[:model_version].delete_prefix(CANDIDATE_PREFIX)
             present_package_file!(find_run_artifact(user_project, version, CGI.escape(params[:file_path])))
diff --git a/lib/api/npm_project_packages.rb b/lib/api/npm_project_packages.rb
index 7c870299a76c32..3f89d6c70bf63b 100644
--- a/lib/api/npm_project_packages.rb
+++ b/lib/api/npm_project_packages.rb
@@ -144,7 +144,7 @@ def project_id_or_nil
         authenticate_non_public: true
       route_setting :authorization, job_token_policies: :read_packages,
         allow_public_access_for_enabled_project_features: :package_registry
-      get '*package_name', format: false, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
+      get '*package_name', format: true, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
         package_name = declared_params[:package_name]
         packages = ::Packages::Npm::PackageFinder.new(project: project_or_nil, params: { package_name: package_name }).execute
 
-- 
GitLab