Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/shared/popover.js

 import $ from 'jquery';
-import _ from 'underscore';
+import { debounce } from 'lodash';
 export function togglePopover(show) {
   const isAlreadyShown = this.hasClass('js-popover-show');
@@ -29,5 +29,5 @@ export function mouseenter() {
 }
 export function debouncedMouseleave(debounceTimeout = 300) {
-  return _.debounce(mouseleave, debounceTimeout);
+  return debounce(mouseleave, debounceTimeout);
 }

app/views/clusters/clusters/_namespace.html.haml

 - managed_namespace_help_text = s_('ClusterIntegration|Set a prefix for your namespaces. If not set, defaults to your project path. If modified, existing environments will use their current namespaces until the cluster cache is cleared.')
-- non_managed_namespace_help_text = s_('ClusterIntegration|The namespace associated with your project. This will be used for deploy boards, pod logs, and Web terminals.')
+- non_managed_namespace_help_text = s_('ClusterIntegration|The namespace associated with your project. This will be used for deploy boards, logs, and Web terminals.')
 - managed_namespace_help_link = link_to _('More information'), help_page_path('user/project/clusters/index.md',
   anchor: 'gitlab-managed-clusters'), target: '_blank'

changelogs/unreleased/jivanvl-change-pod-logs-name.yml

+---
+title: Rename pod logs to logs
+merge_request: 26313
+author:
+type: changed

doc/development/dangerbot.md

@@ -13,6 +13,25 @@ If Danger is asking you to change something about your merge request, it's best
 just to make the change. If you want to learn how Danger works, or make changes
 to the existing rules, then this is the document for you.
+## Danger comments in merge requests
+
+As of [2020-03-03](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/26275),
+Danger is posting a new comment each time it runs in a pipeline and removes the
+previous comments it posted. Before that, Danger would only post one comment and
+update its content on subsequent `danger-review` runs.
+
+### Advantages
+
+- You get email notifications of Danger failures before the pipeline fails.
+- If someone introduces a change that creates a new Danger warning, it's very obvious now, both in email and in the UI.
+- If there are no new Danger warnings - just the roulette message - then the email acts as confirmation of that.
+- It's easier to see if a roulette recommendation changed, which is useful for people that think about roulette logic/behavior quite often.
+- You don't have to scroll up to get to the first Danger comment (sometimes MR can have more than discussions).
+
+### Disadvantages
+
+- You get new email notifications for each `danger-review` run, which can clutter threaded discussions in email clients.
+
 ## Run Danger locally
 A subset of the current checks can be run locally with the following rake task:

doc/user/admin_area/appearance.md

@@ -47,7 +47,7 @@ instance, including the sign in / sign up page. The default color is white text
 an orange background, but this can be customized by clicking on **Customize colors**.
 Limited [Markdown](../markdown.md) is supported, such as bold, italics, and links, for
-example. Other Markdown features, including lists, images and quotes, are not supported,
+example. Other Markdown features, including lists, images, and quotes are not supported
 as the header and footer messages can only be a single line.
 ![header and footer screenshot](img/appearance_header_footer_v12_3.png)

doc/user/admin_area/settings/continuous_integration.md

@@ -4,7 +4,7 @@ type: reference
 # Continuous Integration and Deployment Admin settings **(CORE ONLY)**
-In this area, you will find settings for Auto DevOps, Runners and job artifacts.
+In this area, you will find settings for Auto DevOps, Runners, and job artifacts.
 You can find it in the **Admin Area > Settings > CI/CD**.
 ![Admin Area settings button](../img/admin_area_settings_button.png)

doc/user/analytics/productivity_analytics.md

@@ -8,7 +8,7 @@ For many companies, the development cycle is a blackbox and getting an estimate
 long, on average, it takes to deliver features is an enormous endeavor.
 While [Value Stream Analytics](../project/cycle_analytics.md) focuses on the entire
-Software Development Life Cycle (SDLC) process, Productivity Analytics provides a way for Engineering Management to drill down in a systematic way to uncover patterns and causes for success or failure at an individual, project or group level.
+Software Development Life Cycle (SDLC) process, Productivity Analytics provides a way for Engineering Management to drill down in a systematic way to uncover patterns and causes for success or failure at an individual, project, or group level.
 Productivity can slow down for many reasons ranging from degrading code base to quickly growing teams. In order to investigate, department or team leaders can start by visualizing the time it takes for merge requests to be merged.
@@ -18,7 +18,7 @@ Productivity Analytics allows GitLab users to:
 - Visualize typical merge request (MR) lifetime and statistics. Use a histogram that shows the distribution of the time elapsed between creating and merging merge requests.
 - Drill down into the most time consuming merge requests, select a number of outliers, and filter down all subsequent charts to investigate potential causes.
-- Filter by group, project, author, label, milestone, or a specific date range. Filter down, for example, to the merge requests of a specific author in a group or project during a milestone or specific date range.
+- Filter by group, project, author, label, milestone, or a specific date range. For example, filter down to the merge requests of a specific author in a group or project during a milestone or specific date range.
 - Measure velocity over time. Visualize the trends of each metric from the charts above over time in order to observe progress. Zoom in on a particular date range if you notice outliers.
 ## Accessing metrics and visualizations

doc/user/application_security/container_scanning/index.md

@@ -35,6 +35,10 @@ Having an extra job in your pipeline that checks for those vulnerabilities,
 and the fact that they are displayed inside a merge request, makes it very easy
 to perform audits for your Docker-based apps.
+[//]: # "NOTE: The container scanning tool references the following heading in the code, so if you"
+[//]: # "      make a change to this heading, make sure to update the documentation URLs used in the"
+[//]: # "      container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)"
+
 ## Requirements
 To enable Container Scanning in your pipeline, you need:
@@ -158,6 +162,10 @@ container_scanning:
     GIT_STRATEGY: fetch
 ```
+[//]: # "NOTE: The container scanning tool references the following heading in the code, so if you"
+[//]: # "      make a change to this heading, make sure to update the documentation URLs used in the"
+[//]: # "      container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)"
+
 ### Available variables
 Container Scanning can be [configured](#overriding-the-container-scanning-template)

doc/user/application_security/sast/index.md

@@ -476,6 +476,77 @@ Once a vulnerability is found, you can interact with it. Read more on how to
 For more information about the vulnerabilities database update, check the
 [maintenance table](../index.md#maintenance-and-update-of-the-vulnerabilities-database).
+## GitLab SAST in an offline air-gapped installation
+
+For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
+to external resources via the internet, some adjustments are required for the SAST job to
+successfully run.
+
+### Requirements for offline SAST
+
+To use SAST in an offline environment, you need:
+
+- GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
+- Docker Container Registry with locally available copies of SAST [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
+
+NOTE: **Note:**
+GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy),
+meaning the runner may try to pull remote images even if a local copy is available. Set GitLab
+Runner's [`pull_policy` to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy)
+in an offline environment if you prefer using only locally available Docker images.
+
+### Make GitLab SAST analyzer images available inside your Docker registry
+
+For SAST with all [supported languages and frameworks](#supported-languages-and-frameworks),
+import the following default SAST analyzer images from `registry.gitlab.com` to your local "offline"
+registry:
+
+```
+registry.gitlab.com/gitlab-org/security-products/analyzers/bandit:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/eslint:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/flawfinder:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/go-ast-scanner:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/gosec:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/kubesec:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/pmd-apex:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/secrets:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/security-code-scan:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/sobelow:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/spotbugs:2
+registry.gitlab.com/gitlab-org/security-products/analyzers/tslint:2
+```
+
+The process for importing Docker images into a local offline Docker registry depends on
+**your network security policy**. Please consult your IT staff to find an accepted and approved
+process by which external resources can be imported or temporarily accessed. Note that these scanners are [updated periodically](../index.md#maintenance-and-update-of-the-vulnerabilities-database)
+with new definitions, so consider if you are able to make periodic updates yourself.
+
+For details on saving and transporting Docker images as a file, see Docker's documentation on
+[`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
+[`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
+
+### Set SAST CI job variables to use local SAST analyzers
+
+[Override SAST environment variables](#customizing-the-sast-settings) to use to your [local container registry](./analyzers.md#using-a-custom-docker-mirror)
+as the source for SAST analyzer images.
+
+For example, assuming a local Docker registry repository of `localhost:5000/analyzers`:
+
+  ```yaml
+include:
+  - template: SAST.gitlab-ci.yml
+
+variables:
+  SAST_ANALYZER_IMAGE_PREFIX: "localhost:5000/analyzers"
+  SAST_DISABLE_DIND: "true"
+  ```
+
+The SAST job should now use local copies of the SAST analyzers to scan your code and generate
+security reports without requiring internet access.
+
 ## Troubleshooting
 ### Error response from daemon: error processing tar file: docker-tar: relocation error

doc/user/application_security/security_dashboard/index.md

@@ -26,7 +26,7 @@ The Security Dashboard supports the following reports:
 ## Requirements
-To use the instance, group, project or pipeline security dashboard:
+To use the instance, group, project, or pipeline security dashboard:
 1. At least one project inside a group must be configured with at least one of
    the [supported reports](#supported-reports).

doc/user/group/epics/index.md

@@ -156,10 +156,12 @@ These are dynamic dates which are recalculated if any of the following occur:
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/7332) in GitLab 12.5 to replace **From milestones**.
-If you select **Inherited** for the start date, GitLab will scan all child epics and issues assigned to the epic,
-and will set the start date to match the earliest found start date or milestone. Similarly, if you select
-**Inherited** for the due date, GitLab will set the due date to match the latest due date or milestone
-found among its child epics and issues.
+If you select:
+
+- **Inherited** for the start date, GitLab will scan all child epics and issues assigned to the epic,
+  and will set the start date to match the earliest found start date or milestone.
+- **Inherited** for the due date, GitLab will set the due date to match the latest due date or
+  milestone found among its child epics and issues.
 These are dynamic dates and recalculated if any of the following occur:

doc/user/group/index.md

@@ -347,7 +347,7 @@ Changing a group's path can have unintended side effects. Read
 before proceeding.
 If you are vacating the path so it can be claimed by another group or user,
-you may need to rename the group, too, since both names and paths must
+you may need to rename the group too, since both names and paths must
 be unique.
 To change your group path:

doc/user/group/saml_sso/index.md

@@ -266,7 +266,7 @@ For example, to unlink the `MyOrg` account, the following **Disconnect** button
 | Term | Description |
 |------|-------------|
-| Identity Provider | The service which manages your user identities such as ADFS, Okta, Onelogin or Ping Identity. |
+| Identity Provider | The service which manages your user identities such as ADFS, Okta, Onelogin, or Ping Identity. |
 | Service Provider | SAML considers GitLab to be a service provider. |
 | Assertion | A piece of information about a user's identity, such as their name or role. Also know as claims or attributes. |
 | SSO | Single Sign On. |

doc/user/instance_statistics/user_cohorts.md

@@ -25,5 +25,5 @@ How do we measure the activity of users? GitLab considers a user active if:
 - The user signs in.
 - The user has Git activity (whether push or pull).
-- The user visits pages related to Dashboards, Projects, Issues and Merge Requests ([introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/54947) in GitLab 11.8).
+- The user visits pages related to Dashboards, Projects, Issues, and Merge Requests ([introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/54947) in GitLab 11.8).
 - The user uses the API

doc/user/packages/conan_repository/index.md

@@ -198,7 +198,7 @@ Add the Conan recipe to the `[requires]` section of the file:
  cmake
 ```
-Next, from the root of your project, create a build directory and navigate to it:
+Next, create a build directory from the root of your project and navigate to it:
 ```shell
 mkdir build && cd build

doc/user/permissions.md

@@ -9,7 +9,11 @@ particular group or project. If a user is both in a project's group and the
 project itself, the highest permission level is used.
 On public and internal projects the Guest role is not enforced. All users will
-be able to create issues, leave comments, and clone or download the project code.
+be able to:
+
+- Create issues.
+- Leave comments.
+- Clone or download the project code.
 When a member leaves a team's project, all the assigned [Issues](project/issues/index.md) and [Merge Requests](project/merge_requests/index.md)
 will be unassigned automatically.
@@ -267,7 +271,7 @@ External users:
   logged out).
 Access can be granted by adding the user as member to the project or group.
-They will, like usual users, receive a role in the project or group with all
+Like usual users, they will receive a role in the project or group with all
 the abilities that are mentioned in the [permissions table above](#project-members-permissions).
 For example, if an external user is added as Guest, and your project is
 private, they will not have access to the code; you would need to grant the external

doc/user/project/import/bitbucket_server.md

@@ -39,7 +39,7 @@ Import your projects from Bitbucket Server to GitLab with minimal effort.
 The Bitbucket Server importer works as follows:
-1. The user will be prompted to enter the URl, username, and password or personal access token to login to Bitbucket.
+1. The user will be prompted to enter the URL, username, and password (or personal access token) to log in to Bitbucket.
    These credentials are preserved only as long as the importer is running.
 1. The importer will attempt to list all the current repositories on the Bitbucket Server.
 1. Upon selection, the importer will clone the repository and import pull requests and comments.

doc/user/project/issues/issue_data_and_actions.md

@@ -200,8 +200,12 @@ to let them know your reaction without spamming them.
 #### 21. Show all activity
 You can filter what is displayed in the issue history by clicking on **Show all activity**
-and selecting either **Show comments only**, which only shows threads and hides
-updates to the issue, or **Show history only**, which hides threads and only shows updates.
+and selecting either:
+
+- **Show comments only**, which only shows threads and hides updates to the issue.
+- **Show history only**, which hides threads and only shows updates.
+
+Also:
 - You can mention a user or a group present in your GitLab instance with
   `@username` or `@groupname` and they will be notified via To-Do items

doc/user/project/labels.md

@@ -210,7 +210,7 @@ means higher priority.
 ![Drag to change label priority](img/labels_drag_priority_v12_1.gif)
-On the epic, merge request, and issue list pages, for both groups and projects, you
+On the epic, merge request, and issue list pages (for both groups and projects) you
 can sort by `Label priority` or `Priority`.
 If you sort by `Label priority`, GitLab uses this sort comparison order:

lib/api/todos.rb

@@ -13,13 +13,6 @@ module API
       'issues' => ->(iid) { find_project_issue(iid) }
     }.freeze
-    helpers do
-      # EE::API::Todos would override this method
-      def find_todos
-        TodosFinder.new(current_user, params).execute
-      end
-    end
-
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
@@ -48,6 +41,10 @@ module API
     resource :todos do
       helpers do
+        def find_todos
+          TodosFinder.new(current_user, params).execute
+        end
+
         def issuable_and_awardable?(type)
           obj_type = Object.const_get(type, false)