Add latest changes from gitlab-org/gitlab@12-9-stable-ee

.gitlab/issue_templates/QA failure.md

@@ -40,7 +40,10 @@ Attach the screenshot and HTML snapshot of the page from the job's artifacts:
 /due in 2 weeks
 <!-- Base labels. -->
-/label ~Quality ~QA ~bug ~S1
+/label ~Quality ~QA ~test
+
+<!-- Test failure type label, please use just one.-->
+/label ~"failure::broken-test" ~"failure::flaky-test" ~"failure::stale-test" ~"failure::test-environment" ~"failure::investigating"
 <!--
 Choose the stage that appears in the test path, e.g. ~"devops::create" for

.gitlab/issue_templates/Security Release.md

@@ -4,6 +4,10 @@
 Set the title to: `Security Release: 12.2.X, 12.1.X, and 12.0.X`
 -->
+:warning: **Only Release Managers and members of the AppSec team can edit the description of this issue**
+
+-------
+
 ## Releases tasks
 - https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/release-manager.md
@@ -12,31 +16,17 @@ Set the title to: `Security Release: 12.2.X, 12.1.X, and 12.0.X`
 ## Version issues:
-* 12.2.X: {release task link}
-* 12.1.X: {release task link}
-* 12.0.X: {release task link}
+12.2.X, 12.1.X, 12.0.X: {release task link}
 ## Issues in GitLab Security
-* {https://gitlab.com/gitlab-org/security/gitlab/issues/ link}
-
-| Version | MR |
-|---------|----|
-| 12.2 | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
-| 12.1 | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
-| 12.0 | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
-| master | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
-
-## Issues in Omnibus-GitLab
-
-* {https://gitlab.com/gitlab-org/security/gitlab/issues/ link}
-| Version | MR |
-|---------|----|
-| 12.2 | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
-| 12.1 | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
-| 12.0 | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
-| master | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
+To include your issue and merge requests in this Security Release, please mark
+your security issues as related to this release tracking issue. You can do this
+in the "Linked issues" section below this issue description.
+:warning: If your security issues are not marked as related to this release
+tracking issue, their merge requests may not be included in the security
+release.
 ## QA
 {QA issue link}
@@ -49,5 +39,5 @@ GitLab.com: {https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/ link}
 ## Email notification
 {https://gitlab.com/gitlab-com/marketing/general/issues/ link}
-/label ~security
+/label ~security ~"upcoming security release"
 /confidential

.gitlab/issue_templates/Technical Evaluation.md

@@ -9,9 +9,12 @@
 <!-- Outline the tasks with issues that you need evaluate as a part of the implementation issue -->
-- [ ] Add task
-- [ ] Add task
-- [ ] Add task
+- [ ] Determine feasibility of the feature
+- [ ] Create issue for implementation or update existing implementation issue description with implementation proposal 
+- [ ] Set weight on implementation issue
+- [ ] If weight is greater than 5, break issue into smaller issues
+- [ ] Add task 
+- [ ] Add task 
 ### Risks and Implementation Considerations 

.gitlab/merge_request_templates/Documentation.md

 <!-- Follow the documentation workflow https://docs.gitlab.com/ee/development/documentation/workflow.html -->
 <!-- Additional information is located at https://docs.gitlab.com/ee/development/documentation/ -->
+<!-- To find the designated Tech Writer for the stage/group, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers -->
 <!-- Mention "documentation" or "docs" in the MR title -->
 <!-- For changing documentation location use the "Change documentation location" template -->

.gitlab/merge_request_templates/Security Release.md

@@ -12,7 +12,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
 ## Developer checklist
-- [ ] **Make sure this merge request mentions the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).**
+- [ ] **On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).**
 - [ ] Merge request targets `master`, or `X-Y-stable` for backports.
 - [ ] Milestone is set for the version this merge request applies to. A closed milestone can be assigned via [quick actions].
 - [ ] Title of this merge request is the same as for all backports.

.markdownlint.json

@@ -123,5 +123,6 @@
       "YouTrack"
     ],
     "code_blocks": false
-  }
+  },
+  "code-fence-style": false
 }

.rubocop.yml

@@ -331,25 +331,19 @@ RSpec/MissingExampleGroupArgument:
 RSpec/UnspecifiedException:
   Enabled: false
-# Work in progress. See https://gitlab.com/gitlab-org/gitlab/issues/196163
 RSpec/HaveGitlabHttpStatus:
   Enabled: true
   Exclude:
     - 'spec/support/matchers/have_gitlab_http_status.rb'
   Include:
-    - 'spec/support/**/*'
-    - 'ee/spec/support/**/*'
-    - 'spec/features/**/*'
-    - 'ee/spec/features/**/*'
-    - 'spec/controllers/**/*'
-    - 'ee/spec/controllers/**/*'
-    - 'spec/requests/*.rb'
-    - 'ee/spec/requests/*.rb'
-    - 'spec/requests/api/*/**/*.rb'
-    - 'ee/spec/requests/api/*/**/*.rb'
+    - 'spec/**/*'
+    - 'ee/spec/**/*'
 Style/MultilineWhenThen:
   Enabled: false
 Style/FloatDivision:
   Enabled: false
+
+Cop/BanCatchThrow:
+  Enabled: true

.vale.ini

-# Vale configuration file, taken from https://errata-ai.github.io/vale/config/
-# The relative path to the folder containing linting rules (styles)
-# -----------------------------------------------------------------
-StylesPath = doc/.linting/vale/styles
-
-# Minimum alert level
-# -------------------
-# The minimum alert level to display (suggestion, warning, or error).
-# If integrated into CI, builds fail by default on error-level alerts,
-# unless you execute Vale with the --no-exit flag
+# Vale configuration file.
+#
+# For more information, see https://errata-ai.gitbook.io/vale/getting-started/configuration.
+StylesPath = doc/.vale
 MinAlertLevel = suggestion
-# Should Vale parse any file formats other than .md files as Markdown?
-# --------------------------------------------------------------------
-[formats]
-mdx = md
-
-# What file types should Vale test?
-# ----------------------------------
 [*.md]
-
-# Styles to load
-# --------------
-# What styles, located in the StylesPath folder, should Vale load?
-# Vale also currently includes write-good, proselint, joblint, and vale
 BasedOnStyles = gitlab
-
-# Enabling or disabling specific rules in a style
-# -----------------------------------------------
-# To disable a rule in an enabled style, use the following format:
-# {style}.{filename} = NO
-# To enable a single rule in a disabled style, use the following format:
-# vale.Editorializing = YES
-
-# Altering the severity of a rule in a style
-# ------------------------------------------
-# To change the reporting level (suggestion, warning, error) of a rule,
-# use the following format: {style}.{filename} = {level}
-# vale.Hedging = error

CHANGELOG-EE.md

@@ -17,11 +17,11 @@ Please view this file on the master branch, on stable branches it's out of date.
 ## 12.8.4
-- Unreleased due to tagging failure.
+- No changes.
 ## 12.8.3
-- Unreleased due to tagging failure.
+- No changes.
 ## 12.8.2

CHANGELOG.md

@@ -41,11 +41,49 @@ entry.
 ## 12.8.4
-- Unreleased due to tagging failure.
+### Fixed (8 changes)
+
+- Fix Group Import API file upload when object storage is disabled. !25715
+- Fix Web IDE fork modal showing no text. !25842
+- Fixed regression when URL was encoded in a loop. !25849
+- Fixed repository browsing for folders with non-ascii characters. !25877
+- Fix search for Sentry error list. !26129
+- Send credentials with GraphQL fetch requests. !26386
+- Show CI status in project dashboards. !26403
+- Rescue invalid URLs during badge retrieval in asset proxy. !26524
+
+### Performance (2 changes)
+
+- Disable Marginalia line backtrace in production. !26199
+- Remove unnecessary Redis deletes for broadcast messages. !26541
+
+### Other (1 change, 1 of them is from the community)
+
+- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
+
 ## 12.8.3
-- Unreleased due to tagging failure.
+### Fixed (8 changes)
+
+- Fix Group Import API file upload when object storage is disabled. !25715
+- Fix Web IDE fork modal showing no text. !25842
+- Fixed regression when URL was encoded in a loop. !25849
+- Fixed repository browsing for folders with non-ascii characters. !25877
+- Fix search for Sentry error list. !26129
+- Send credentials with GraphQL fetch requests. !26386
+- Show CI status in project dashboards. !26403
+- Rescue invalid URLs during badge retrieval in asset proxy. !26524
+
+### Performance (2 changes)
+
+- Disable Marginalia line backtrace in production. !26199
+- Remove unnecessary Redis deletes for broadcast messages. !26541
+
+### Other (1 change, 1 of them is from the community)
+
+- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
+
 ## 12.8.2

GITALY_SERVER_VERSION

-12.8.7
+1b7629e1c76556e0e216784deebb989b43169d62

GITLAB_PAGES_VERSION

-1.16.0
+1.17.0

GITLAB_SHELL_VERSION

-11.0.0
+12.0.0

GITLAB_WORKHORSE_VERSION

-8.21.0
+8.25.0

Gemfile

@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 gem 'rails', '6.0.2'
-gem 'bootsnap', '~> 1.4'
+gem 'bootsnap', '~> 1.4.6'
 # Improves copy-on-write performance for MRI
 gem 'nakayoshi_fork', '~> 0.0.4'
@@ -58,7 +58,7 @@ gem 'akismet', '~> 3.0'
 gem 'invisible_captcha', '~> 0.12.1'
 # Two-factor authentication
-gem 'devise-two-factor', '~> 3.0.0'
+gem 'devise-two-factor', '~> 3.1.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
 gem 'attr_encrypted', '~> 3.1.0'
 gem 'u2f', '~> 0.2.1'
@@ -87,7 +87,7 @@ gem 'grape-entity', '~> 0.7.1'
 gem 'rack-cors', '~> 1.0.6', require: 'rack/cors'
 # GraphQL API
-gem 'graphql', '~> 1.9.12'
+gem 'graphql', '~> 1.9.19'
 # NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab/issues/31771
 # TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
 # https://gitlab.com/gitlab-org/gitlab/issues/31747
@@ -149,7 +149,7 @@ gem 'wikicloth', '0.8.1'
 gem 'asciidoctor', '~> 2.0.10'
 gem 'asciidoctor-include-ext', '~> 0.3.1', require: false
 gem 'asciidoctor-plantuml', '0.0.10'
-gem 'rouge', '~> 3.15.0'
+gem 'rouge', '~> 3.17.0'
 gem 'truncato', '~> 0.7.11'
 gem 'bootstrap_form', '~> 4.2.0'
 gem 'nokogiri', '~> 1.10.5'
@@ -159,7 +159,7 @@ gem 'escape_utils', '~> 1.1'
 gem 'icalendar'
 # Diffs
-gem 'diffy', '~> 3.1.0'
+gem 'diffy', '~> 3.3'
 gem 'diff_match_patch', '~> 0.1.0'
 # Application server
@@ -171,7 +171,7 @@ group :unicorn do
 end
 group :puma do
-  gem 'gitlab-puma', '~> 4.3.1.gitlab.2', require: false
+  gem 'gitlab-puma', '~> 4.3.3.gitlab.2', require: false
   gem 'gitlab-puma_worker_killer', '~> 0.1.1.gitlab.1', require: false
   gem 'rack-timeout', require: false
 end
@@ -237,7 +237,7 @@ gem 'atlassian-jwt', '~> 0.2.0'
 gem 'flowdock', '~> 0.7'
 # Slack integration
-gem 'slack-notifier', '~> 1.5.1'
+gem 'slack-messenger', '~> 2.3.3'
 # Hangouts Chat integration
 gem 'hangouts-chat', '~> 0.0.5'
@@ -301,7 +301,7 @@ gem 'sentry-raven', '~> 2.9'
 gem 'premailer-rails', '~> 1.10.3'
 # LabKit: Tracing and Correlation
-gem 'gitlab-labkit', '0.9.1'
+gem 'gitlab-labkit', '0.11.0'
 # I18n
 gem 'ruby_parser', '~> 3.8', require: false
@@ -319,7 +319,7 @@ gem 'peek', '~> 1.1'
 gem 'snowplow-tracker', '~> 0.6.1'
 # Memory benchmarks
-gem 'derailed_benchmarks', require: false
+gem 'gitlab-derailed_benchmarks', require: false
 # Metrics
 group :metrics do
@@ -355,7 +355,7 @@ group :development, :test do
   gem 'database_cleaner', '~> 1.7.0'
   gem 'factory_bot_rails', '~> 5.1.0'
-  gem 'rspec-rails', '~> 4.0.0.beta3'
+  gem 'rspec-rails', '~> 4.0.0.beta4'
   # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
   gem 'minitest', '~> 5.11.0'
@@ -374,8 +374,8 @@ group :development, :test do
   gem 'scss_lint', '~> 0.56.0', require: false
   gem 'haml_lint', '~> 0.34.0', require: false
-  gem 'simplecov', '~> 0.16.1', require: false
-  gem 'bundler-audit', '~> 0.5.0', require: false
+  gem 'simplecov', '~> 0.18.5', require: false
+  gem 'bundler-audit', '~> 0.6.1', require: false
   gem 'benchmark-ips', '~> 2.3.0', require: false
@@ -383,7 +383,7 @@ group :development, :test do
   gem 'simple_po_parser', '~> 1.1.2', require: false
-  gem 'timecop', '~> 0.8.0'
+  gem 'timecop', '~> 0.9.1'
   gem 'png_quantizator', '~> 0.2.1', require: false
@@ -419,7 +419,8 @@ end
 gem 'octokit', '~> 4.15'
-gem 'mail_room', '~> 0.10.0'
+# https://gitlab.com/gitlab-org/gitlab/issues/207207
+gem 'gitlab-mail_room', '~> 0.0.3', require: 'mail_room'
 gem 'email_reply_trimmer', '~> 0.1'
 gem 'html2text'
@@ -455,7 +456,7 @@ group :ed25519 do
 end
 # Gitaly GRPC protocol definitions
-gem 'gitaly', '~> 1.86.0'
+gem 'gitaly', '~> 12.9.0.pre.rc4'
 gem 'grpc', '~> 1.24.0'

Gemfile.lock

@@ -123,7 +123,7 @@ GEM
     binding_ninja (0.2.3)
     binding_of_caller (0.8.0)
       debug_inspector (>= 0.0.1)
-    bootsnap (1.4.5)
+    bootsnap (1.4.6)
       msgpack (~> 1.0)
     bootstrap_form (4.2.0)
       actionpack (>= 5.0)
@@ -134,8 +134,8 @@ GEM
     bullet (6.0.2)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
-    bundler-audit (0.5.0)
-      bundler (~> 1.2)
+    bundler-audit (0.6.1)
+      bundler (>= 1.2.0, < 3)
       thor (~> 0.18)
     byebug (9.1.0)
     capybara (3.22.0)
@@ -211,15 +211,6 @@ GEM
     declarative-option (0.1.0)
     default_value_for (3.3.0)
       activerecord (>= 3.2.0, < 6.1)
-    derailed_benchmarks (1.4.2)
-      benchmark-ips (~> 2)
-      get_process_mem (~> 0)
-      heapy (~> 0)
-      memory_profiler (~> 0)
-      rack (>= 1)
-      rake (> 10, < 14)
-      ruby-statistics (>= 2.1)
-      thor (~> 0.19)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
     device_detector (1.0.0)
@@ -229,18 +220,18 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
-    devise-two-factor (3.0.0)
-      activesupport
+    devise-two-factor (3.1.0)
+      activesupport (< 6.1)
       attr_encrypted (>= 1.3, < 4, != 2)
       devise (~> 4.0)
-      railties
+      railties (< 6.1)
       rotp (~> 2.0)
     diff-lcs (1.3)
     diff_match_patch (0.1.0)
-    diffy (3.1.0)
+    diffy (3.3.0)
     discordrb-webhooks-blackst0ne (3.3.0)
       rest-client (~> 2.0)
-    docile (1.3.1)
+    docile (1.3.2)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
     doorkeeper (5.0.2)
@@ -375,12 +366,21 @@ GEM
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
     git (1.5.0)
-    gitaly (1.86.0)
+    gitaly (12.9.0.pre.rc4)
       grpc (~> 1.0)
     github-markup (1.7.0)
     gitlab-chronic (0.10.5)
       numerizer (~> 0.2)
-    gitlab-labkit (0.9.1)
+    gitlab-derailed_benchmarks (1.6.1)
+      benchmark-ips (~> 2)
+      get_process_mem (~> 0)
+      heapy (~> 0)
+      memory_profiler (~> 0)
+      rack (>= 1)
+      rake (> 10, < 14)
+      ruby-statistics (>= 2.1)
+      thor (>= 0.19, < 2)
+    gitlab-labkit (0.11.0)
       actionpack (>= 5.0.0, < 6.1.0)
       activesupport (>= 5.0.0, < 6.1.0)
       grpc (~> 1.19)
@@ -388,9 +388,10 @@ GEM
       opentracing (~> 0.4)
       redis (> 3.0.0, < 5.0.0)
     gitlab-license (1.0.0)
+    gitlab-mail_room (0.0.3)
     gitlab-markup (1.7.0)
     gitlab-net-dns (0.9.1)
-    gitlab-puma (4.3.1.gitlab.2)
+    gitlab-puma (4.3.3.gitlab.2)
       nio4r (~> 2.0)
     gitlab-puma_worker_killer (0.1.1.gitlab.1)
       get_process_mem (~> 0.2)
@@ -433,7 +434,7 @@ GEM
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
       signet (~> 0.7)
-    gpgme (2.0.19)
+    gpgme (2.0.20)
       mini_portile2 (~> 2.3)
     grape (1.1.0)
       activesupport
@@ -455,7 +456,7 @@ GEM
     graphiql-rails (1.4.10)
       railties
       sprockets-rails
-    graphql (1.9.12)
+    graphql (1.9.19)
     graphql-docs (1.6.0)
       commonmarker (~> 0.16)
       escape_utils (~> 1.2)
@@ -616,7 +617,6 @@ GEM
     lumberjack (1.0.13)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    mail_room (0.10.0)
     marcel (0.3.3)
       mimemagic (~> 0.3.2)
     marginalia (1.8.0)
@@ -889,41 +889,41 @@ GEM
     retriable (3.1.2)
     rinku (2.0.0)
     rotp (2.1.2)
-    rouge (3.15.0)
+    rouge (3.17.0)
     rqrcode (0.7.0)
       chunky_png
     rqrcode-rails3 (0.1.7)
       rqrcode (>= 0.4.2)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.2)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.4)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.1)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
+      rspec-support (~> 3.9.0)
     rspec-parameterized (0.4.2)
       binding_ninja (>= 0.2.3)
       parser
       proc_to_ast
       rspec (>= 2.13, < 4)
       unparser
-    rspec-rails (4.0.0.beta3)
+    rspec-rails (4.0.0.beta4)
       actionpack (>= 4.2)
       activesupport (>= 4.2)
       railties (>= 4.2)
-      rspec-core (~> 3.8)
-      rspec-expectations (~> 3.8)
-      rspec-mocks (~> 3.8)
-      rspec-support (~> 3.8)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
     rspec-retry (0.6.1)
       rspec-core (> 3.3)
     rspec-set (0.1.3)
-    rspec-support (3.8.2)
+    rspec-support (3.9.2)
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
     rspec_profiling (0.0.5)
@@ -955,7 +955,7 @@ GEM
     ruby-progressbar (1.10.1)
     ruby-saml (1.7.2)
       nokogiri (>= 1.5.10)
-    ruby-statistics (2.1.1)
+    ruby-statistics (2.1.2)
     ruby_dep (1.5.0)
     ruby_parser (3.13.1)
       sexp_processor (~> 4.9)
@@ -1015,13 +1015,12 @@ GEM
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
     simple_po_parser (1.1.2)
-    simplecov (0.16.1)
+    simplecov (0.18.5)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.2)
     sixarm_ruby_unaccent (1.2.0)
-    slack-notifier (1.5.1)
+    slack-messenger (2.3.3)
     snowplow-tracker (0.6.1)
       contracts (~> 0.7, <= 0.11)
     spring (2.0.2)
@@ -1065,7 +1064,7 @@ GEM
     thread_safe (0.3.6)
     thrift (0.11.0.0)
     tilt (2.0.10)
-    timecop (0.8.1)
+    timecop (0.9.1)
     timfel-krb5-auth (0.8.3)
     toml (0.2.0)
       parslet (~> 1.8.0)
@@ -1171,12 +1170,12 @@ DEPENDENCIES
   benchmark-memory (~> 0.1)
   better_errors (~> 2.5.0)
   binding_of_caller (~> 0.8.0)
-  bootsnap (~> 1.4)
+  bootsnap (~> 1.4.6)
   bootstrap_form (~> 4.2.0)
   brakeman (~> 4.2)
   browser (~> 2.5)
   bullet (~> 6.0.2)
-  bundler-audit (~> 0.5.0)
+  bundler-audit (~> 0.6.1)
   capybara (~> 3.22.0)
   capybara-screenshot (~> 1.0.22)
   carrierwave (~> 1.3)
@@ -1190,12 +1189,11 @@ DEPENDENCIES
   database_cleaner (~> 1.7.0)
   deckar01-task_list (= 2.3.1)
   default_value_for (~> 3.3.0)
-  derailed_benchmarks
   device_detector
   devise (~> 4.6)
-  devise-two-factor (~> 3.0.0)
+  devise-two-factor (~> 3.1.0)
   diff_match_patch (~> 0.1.0)
-  diffy (~> 3.1.0)
+  diffy (~> 3.3)
   discordrb-webhooks-blackst0ne (~> 3.3)
   doorkeeper (~> 5.0.2)
   doorkeeper-openid_connect (~> 1.6.3)
@@ -1230,14 +1228,16 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.3)
-  gitaly (~> 1.86.0)
+  gitaly (~> 12.9.0.pre.rc4)
   github-markup (~> 1.7.0)
   gitlab-chronic (~> 0.10.5)
-  gitlab-labkit (= 0.9.1)
+  gitlab-derailed_benchmarks
+  gitlab-labkit (= 0.11.0)
   gitlab-license (~> 1.0)
+  gitlab-mail_room (~> 0.0.3)
   gitlab-markup (~> 1.7.0)
   gitlab-net-dns (~> 0.9.1)
-  gitlab-puma (~> 4.3.1.gitlab.2)
+  gitlab-puma (~> 4.3.3.gitlab.2)
   gitlab-puma_worker_killer (~> 0.1.1.gitlab.1)
   gitlab-sidekiq-fetcher (= 0.5.2)
   gitlab-styles (~> 3.1.0)
@@ -1252,7 +1252,7 @@ DEPENDENCIES
   grape-path-helpers (~> 1.2)
   grape_logging (~> 1.7)
   graphiql-rails (~> 1.4.10)
-  graphql (~> 1.9.12)
+  graphql (~> 1.9.19)
   graphql-docs (~> 1.6.0)
   grpc (~> 1.24.0)
   gssapi
@@ -1284,7 +1284,6 @@ DEPENDENCIES
   loofah (~> 2.2)
   lru_redux
   mail (= 2.7.1)
-  mail_room (~> 0.10.0)
   marginalia (~> 1.8.0)
   memory_profiler (~> 0.9)
   method_source (~> 0.8)
@@ -1347,10 +1346,10 @@ DEPENDENCIES
   request_store (~> 1.3)
   responders (~> 3.0)
   retriable (~> 3.1.2)
-  rouge (~> 3.15.0)
+  rouge (~> 3.17.0)
   rqrcode-rails3 (~> 0.1.7)
   rspec-parameterized
-  rspec-rails (~> 4.0.0.beta3)
+  rspec-rails (~> 4.0.0.beta4)
   rspec-retry (~> 0.6.1)
   rspec-set (~> 0.1.3)
   rspec_junit_formatter
@@ -1375,8 +1374,8 @@ DEPENDENCIES
   sidekiq (~> 5.2.7)
   sidekiq-cron (~> 1.0)
   simple_po_parser (~> 1.1.2)
-  simplecov (~> 0.16.1)
-  slack-notifier (~> 1.5.1)
+  simplecov (~> 0.18.5)
+  slack-messenger (~> 2.3.3)
   snowplow-tracker (~> 0.6.1)
   spring (~> 2.0.0)
   spring-commands-rspec (~> 1.0.4)
@@ -1387,7 +1386,7 @@ DEPENDENCIES
   sys-filesystem (~> 1.1.6)
   test-prof (~> 0.10.0)
   thin (~> 1.7.0)
-  timecop (~> 0.8.0)
+  timecop (~> 0.9.1)
   toml-rb (~> 1.0.0)
   truncato (~> 0.7.11)
   u2f (~> 0.2.1)

app/assets/javascripts/api.js

-import $ from 'jquery';
-import _ from 'underscore';
 import axios from './lib/utils/axios_utils';
 import { joinPaths } from './lib/utils/url_utility';
 import flash from '~/flash';
@@ -47,6 +45,7 @@ const Api = {
   adminStatisticsPath: '/api/:version/application/statistics',
   pipelineSinglePath: '/api/:version/projects/:id/pipelines/:pipeline_id',
   lsifPath: '/api/:version/projects/:id/commits/:commit_id/lsif/info',
+  environmentsPath: '/api/:version/projects/:id/environments',
   group(groupId, callback) {
     const url = Api.buildUrl(Api.groupPath).replace(':id', groupId);
@@ -69,7 +68,7 @@ const Api = {
   },
   // Return groups list. Filtered by query
-  groups(query, options, callback = $.noop) {
+  groups(query, options, callback = () => {}) {
     const url = Api.buildUrl(Api.groupsPath);
     return axios
       .get(url, {
@@ -107,7 +106,7 @@ const Api = {
   },
   // Return projects list. Filtered by query
-  projects(query, options, callback = _.noop) {
+  projects(query, options, callback = () => {}) {
     const url = Api.buildUrl(Api.projectsPath);
     const defaults = {
       search: query,
@@ -475,12 +474,17 @@ const Api = {
     return axios.get(url);
   },
-  lsifData(projectPath, commitId, path) {
+  lsifData(projectPath, commitId, paths) {
     const url = Api.buildUrl(this.lsifPath)
       .replace(':id', encodeURIComponent(projectPath))
       .replace(':commit_id', commitId);
-    return axios.get(url, { params: { path } });
+    return axios.get(url, { params: { paths } });
+  },
+
+  environments(id) {
+    const url = Api.buildUrl(this.environmentsPath).replace(':id', encodeURIComponent(id));
+    return axios.get(url);
   },
   buildUrl(url) {

app/assets/javascripts/badges/components/badge_form.vue

 <script>
-import _ from 'underscore';
+import { escape, debounce } from 'lodash';
 import { mapActions, mapState } from 'vuex';
 import { GlLoadingIcon, GlFormInput, GlFormGroup } from '@gitlab/ui';
 import createFlash from '~/flash';
@@ -54,7 +54,7 @@ export default {
         s__('Badges|The %{docsLinkStart}variables%{docsLinkEnd} GitLab supports: %{placeholders}'),
         {
           docsLinkEnd: '</a>',
-          docsLinkStart: `<a href="${_.escape(this.docsUrl)}">`,
+          docsLinkStart: `<a href="${escape(this.docsUrl)}">`,
           placeholders,
         },
         false,
@@ -118,7 +118,7 @@ export default {
   },
   methods: {
     ...mapActions(['addBadge', 'renderBadge', 'saveBadge', 'stopEditing', 'updateBadgeInForm']),
-    debouncedPreview: _.debounce(function preview() {
+    debouncedPreview: debounce(function preview() {
       this.renderBadge();
     }, badgePreviewDelayInMilliseconds),
     onCancel() {