Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/notebook/cells/output/html.vue

@@ -1,6 +1,5 @@
 <script>
 import { GlSafeHtmlDirective } from '@gitlab/ui';
-import { sanitize } from '~/lib/dompurify';
 import Prompt from '../prompt.vue';
 
 export default {
@@ -25,9 +24,6 @@ export default {
     },
   },
   computed: {
-    sanitizedOutput() {
-      return sanitize(this.rawCode);
-    },
     showOutput() {
       return this.index === 0;
     },
@@ -38,6 +34,6 @@ export default {
 <template>
   <div class="output">
     <prompt type="Out" :count="count" :show-output="showOutput" />
-    <div v-safe-html="sanitizedOutput" class="gl-overflow-auto"></div>
+    <div v-safe-html="rawCode" class="gl-overflow-auto"></div>
   </div>
 </template>

app/graphql/types/ci/stage_type.rb

@@ -17,7 +17,8 @@ module Types
             description: 'Detailed status of the stage.'
       field :jobs, Ci::JobType.connection_type, null: true,
             description: 'Jobs for the stage.',
-            method: 'latest_statuses'
+            method: 'latest_statuses',
+            max_page_size: 200
       field :status, GraphQL::Types::String,
             null: true,
             description: 'Status of the pipeline stage.'

doc/subscriptions/gitlab_com/index.md

@@ -91,21 +91,34 @@ The following table describes details of your subscription:
 > - [Updated](https://gitlab.com/gitlab-org/gitlab/-/issues/292086) in GitLab 13.8 to include public
     email address.
 
-To view a list of seats being used, go to **Settings > Billing**.
-Under **Seats currently in use**, select **See usage**.
-
-You can also see this information in your group settings by going to **Menu > Groups > Your Group > Settings > Usage Quotas**, and the information about **Seat usage** will be under the **Seats** tab.
-
 The **Seat usage** page lists all users occupying seats. Details for each user include:
 
 - Full name
 - Username
 - Public email address (if they have provided one in their [user settings](../../user/profile/index.md#access-your-user-settings))
 
-The Seat usage listing is updated live, but the usage statistics on the billing page are updated
+The seat usage listing is updated live, but the usage statistics on the billing page are updated
 only once per day. For this reason there can be a minor difference between the seat usage listing
 and the billing page.
 
+Every user is included in seat usage, with the following exceptions:
+
+- Users who are pending approval.
+- Members with the Guest role on an Ultimate subscription.
+- Users without project or group memberships on an Ultimate subscription.
+- GitLab-created service accounts: `Ghost User` and bots
+  ([`Support Bot`](../../user/project/service_desk.md#support-bot-user),
+  [`Project bot users`](../../user/project/settings/project_access_tokens.md#project-bot-users), and
+  so on.)
+
+### View seat usage
+
+To view a list of seats being used:
+
+1. On the top bar, select **Menu > Groups** and find your group.
+1. On the left sidebar, select **Settings > Usage Quotas**.
+1. Under the **Seats** tab, view usage information.
+
 ### Search seat usage
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/262875) in GitLab 13.8.

doc/user/infrastructure/clusters/manage/management_project_applications/runner.md

@@ -18,6 +18,8 @@ uncomment this line from your `helmfile.yaml`:
 
 GitLab Runner is installed by default into the `gitlab-managed-apps` namespace of your cluster.
 
+## Required variables
+
 For GitLab Runner to function, you _must_ specify the following in your
 `applications/gitlab-runner/values.yaml.gotmpl` file:
 
@@ -28,7 +30,7 @@ For GitLab Runner to function, you _must_ specify the following in your
 
 These values can be specified using [CI/CD variables](../../../../../ci/variables/index.md):
 
-- `GITLAB_RUNNER_GITLAB_URL` is used for `gitlabUrl`.
+- `CI_SERVER_URL` is used for `gitlabUrl`. If you are using GitLab.com, you don't need to set this variable.
 - `GITLAB_RUNNER_REGISTRATION_TOKEN` is used for `runnerRegistrationToken`
 
 The methods of specifying these values are mutually exclusive. Either specify variables `GITLAB_RUNNER_REGISTRATION_TOKEN` and `GITLAB_RUNNER_TOKEN` as CI variables (recommended) or provide values for `runnerRegistrationToken:` and `runnerToken:` in `applications/gitlab-runner/values.yaml.gotmpl`.

package.json

@@ -65,7 +65,7 @@
     "@rails/ujs": "6.1.3-2",
     "@sentry/browser": "5.30.0",
     "@sourcegraph/code-host-integration": "0.0.60",
-    "@tiptap/core": "^2.0.0-beta.101",
+    "@tiptap/core": "^2.0.0-beta.102",
     "@tiptap/extension-blockquote": "^2.0.0-beta.15",
     "@tiptap/extension-bold": "^2.0.0-beta.15",
     "@tiptap/extension-bullet-list": "^2.0.0-beta.15",

spec/frontend/notebook/cells/output/html_sanitize_fixtures.js

@@ -90,7 +90,8 @@ export default [
         '  </g>\n',
         '</svg>',
       ].join(),
-      output: '<svg height="115.02pt" id="svg2"',
+      output:
+        '<svg xmlns="http://www.w3.org/2000/svg" width="388.84pt" version="1.0" id="svg2" height="115.02pt">',
     },
   ],
 ];

workhorse/internal/upstream/roundtripper/roundtripper.go

@@ -2,6 +2,7 @@ package roundtripper
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@@ -15,10 +16,6 @@ import (
 )
 
 func mustParseAddress(address, scheme string) string {
-	if scheme == "https" {
-		panic("TLS is not supported for backend connections")
-	}
-
 	for _, suffix := range []string{"", ":" + scheme} {
 		address += suffix
 		if host, port, err := net.SplitHostPort(address); err == nil && host != "" && port != "" {
@@ -31,9 +28,14 @@ func mustParseAddress(address, scheme string) string {
 
 // NewBackendRoundTripper returns a new RoundTripper instance using the provided values
 func NewBackendRoundTripper(backend *url.URL, socket string, proxyHeadersTimeout time.Duration, developmentMode bool) http.RoundTripper {
+	return newBackendRoundTripper(backend, socket, proxyHeadersTimeout, developmentMode, nil)
+}
+
+func newBackendRoundTripper(backend *url.URL, socket string, proxyHeadersTimeout time.Duration, developmentMode bool, tlsConf *tls.Config) http.RoundTripper {
 	// Copied from the definition of http.DefaultTransport. We can't literally copy http.DefaultTransport because of its hidden internal state.
 	transport, dialer := newBackendTransport()
 	transport.ResponseHeaderTimeout = proxyHeadersTimeout
+	transport.TLSClientConfig = tlsConf
 
 	if backend != nil && socket == "" {
 		address := mustParseAddress(backend.Host, backend.Scheme)

workhorse/internal/upstream/roundtripper/roundtripper_test.go

@@ -1,6 +1,13 @@
 package roundtripper
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
 	"strconv"
 	"testing"
 
@@ -12,6 +19,7 @@ func TestMustParseAddress(t *testing.T) {
 		{"1.2.3.4:56", "http", "1.2.3.4:56"},
 		{"[::1]:23", "http", "::1:23"},
 		{"4.5.6.7", "http", "4.5.6.7:http"},
+		{"4.5.6.7", "https", "4.5.6.7:https"},
 	}
 	for i, example := range successExamples {
 		t.Run(strconv.Itoa(i), func(t *testing.T) {
@@ -23,7 +31,6 @@ func TestMustParseAddress(t *testing.T) {
 func TestMustParseAddressPanic(t *testing.T) {
 	panicExamples := []struct{ address, scheme string }{
 		{"1.2.3.4", ""},
-		{"1.2.3.4", "https"},
 	}
 
 	for i, panicExample := range panicExamples {
@@ -37,3 +44,50 @@ func TestMustParseAddressPanic(t *testing.T) {
 		})
 	}
 }
+
+func TestSupportsHTTPBackend(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(200)
+		fmt.Fprint(w, "successful response")
+	}))
+	defer ts.Close()
+
+	testNewBackendRoundTripper(t, ts, nil, "successful response")
+}
+
+func TestSupportsHTTPSBackend(t *testing.T) {
+	ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(200)
+		fmt.Fprint(w, "successful response")
+	}))
+	defer ts.Close()
+
+	certpool := x509.NewCertPool()
+	certpool.AddCert(ts.Certificate())
+	tlsClientConfig := &tls.Config{
+		RootCAs: certpool,
+	}
+
+	testNewBackendRoundTripper(t, ts, tlsClientConfig, "successful response")
+}
+
+func testNewBackendRoundTripper(t *testing.T, ts *httptest.Server, tlsClientConfig *tls.Config, expectedResponseBody string) {
+	t.Helper()
+
+	backend, err := url.Parse(ts.URL)
+	require.NoError(t, err, "parse url")
+
+	rt := newBackendRoundTripper(backend, "", 0, true, tlsClientConfig)
+
+	req, err := http.NewRequest("GET", ts.URL+"/", nil)
+	require.NoError(t, err, "build request")
+
+	response, err := rt.RoundTrip(req)
+	require.NoError(t, err, "perform roundtrip")
+	defer response.Body.Close()
+
+	body, err := ioutil.ReadAll(response.Body)
+	require.NoError(t, err)
+
+	require.Equal(t, expectedResponseBody, string(body))
+}

yarn.lock

@@ -1467,10 +1467,10 @@
     dom-accessibility-api "^0.5.1"
     pretty-format "^26.4.2"
 
-"@tiptap/core@^2.0.0-beta.101":
-  version "2.0.0-beta.101"
-  resolved "https://registry.yarnpkg.com/@tiptap/core/-/core-2.0.0-beta.101.tgz#e882836fcbe2b65d851039ddaa0401275a4afe9c"
-  integrity sha512-IhU+uZ+2F2jTKm2qoIxhzkef6OLYvuTuARhCRoZO7xhOMh314hps/QBC25X6OUqU57S/rn8jLMcyTo0V8Qv7og==
+"@tiptap/core@^2.0.0-beta.102":
+  version "2.0.0-beta.102"
+  resolved "https://registry.yarnpkg.com/@tiptap/core/-/core-2.0.0-beta.102.tgz#14afa2f00bef254ee34d78646a597269dd98dc8a"
+  integrity sha512-ykSAyYfyb14xiYWQ6mTaa+GF6j5dQvSDgeXQDNcy8xvBjZHm1g+51D0jm9FF/dsrY0rEps5h8yX883h7MaGFHA==
   dependencies:
     "@types/prosemirror-commands" "^1.0.4"
     "@types/prosemirror-inputrules" "^1.0.4"