Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42

9 files changed, 59 insertions, 44 deletions

diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md
index 0f391118215..8bc5a035e2a 100644
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -50,7 +50,7 @@ You can set a global prefix for all generated Personal Access Tokens.
 
 A prefix can help you identify PATs visually, as well as with automation tools.
 
-### Setting a prefix
+### Set a prefix
 
 Only a GitLab administrator can set the prefix, which is a global setting applied
 to any PAT generated in the system by any user:
@@ -148,7 +148,7 @@ To set a limit on how long these sessions are valid:
 1. Fill in the **Session duration for Git operations when 2FA is enabled (minutes)** field.
 1. Click **Save changes**.
 
-## Limiting lifetime of personal access tokens **(ULTIMATE SELF)**
+## Limit the lifetime of personal access tokens **(ULTIMATE SELF)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3649) in GitLab Ultimate 12.6.
 
@@ -160,7 +160,7 @@ Personal access tokens are the only tokens needed for programmatic access to Git
 However, organizations with security requirements may want to enforce more protection by
 requiring the regular rotation of these tokens.
 
-### Setting a lifetime
+### Set a lifetime
 
 Only a GitLab administrator can set a lifetime. Leaving it empty means
 there are no restrictions.
@@ -180,12 +180,16 @@ Once a lifetime for personal access tokens is set, GitLab:
   allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
   or remove it, before revocation takes place.
 
-## Optional enforcement of SSH key expiration **(ULTIMATE SELF)**
+## Enforce SSH key expiration **(ULTIMATE SELF)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.
 
 By default, expired SSH keys **can still be used**.
-You can prevent the use of expired SSH keys with the following steps:
+
+WARNING:
+Allowing use of expired SSH keys by default is deprecated and scheduled to change in GitLab 14.0.
+
+To prevent the use of expired SSH keys:
 
 1. Navigate to **Admin Area > Settings > General**.
 1. Expand the **Account and limit** section.
@@ -195,7 +199,7 @@ Enforcing SSH key expiration immediately disables all expired SSH keys.
 
 For more information, see the following issue on [SSH key expiration](https://gitlab.com/gitlab-org/gitlab/-/issues/320970).
 
-## Optional non-enforcement of Personal Access Token expiration **(ULTIMATE SELF)**
+## Do not enforce Personal Access Token expiration **(ULTIMATE SELF)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9.
@@ -209,7 +213,7 @@ To do this:
 1. Expand the **Account and limit** section.
 1. Uncheck the **Enforce personal access token expiration** checkbox.
 
-## Disabling user profile name changes **(PREMIUM SELF)**
+## Disable user profile name changes **(PREMIUM SELF)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/24605) in GitLab 12.7.
 
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index 29b5bdd5e05..decd204dbe5 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -19,11 +19,11 @@ for all projects:
 1. Go to **Admin Area > Settings > CI/CD**.
 1. Check (or uncheck to disable) the box that says **Default to Auto DevOps pipeline for all projects**.
 1. Optionally, set up the [Auto DevOps base domain](../../../topics/autodevops/index.md#auto-devops-base-domain)
-   which is going to be used for Auto Deploy and Auto Review Apps.
+   which is used for Auto Deploy and Auto Review Apps.
 1. Hit **Save changes** for the changes to take effect.
 
 From now on, every existing project and newly created ones that don't have a
-`.gitlab-ci.yml`, will use the Auto DevOps pipelines.
+`.gitlab-ci.yml`, uses the Auto DevOps pipelines.
 
 If you want to disable it for a specific project, you can do so in
 [its settings](../../../topics/autodevops/index.md#enable-or-disable-auto-devops).
@@ -49,13 +49,13 @@ To change it at the:
    1. Change the value of maximum artifacts size (in MB).
    1. Click **Save changes** for the changes to take effect.
 
-- Group level (this will override the instance setting):
+- Group level (this overrides the instance setting):
 
   1. Go to the group's **Settings > CI/CD > General Pipelines**.
   1. Change the value of **maximum artifacts size (in MB)**.
   1. Click **Save changes** for the changes to take effect.
 
-- Project level (this will override the instance and group settings):
+- Project level (this overrides the instance and group settings):
 
   1. Go to the project's **Settings > CI/CD > General Pipelines**.
   1. Change the value of **maximum artifacts size (in MB)**.
@@ -80,7 +80,7 @@ This setting is set per job and can be overridden in
 To disable the expiration, set it to `0`. The default unit is in seconds.
 
 NOTE:
-Any changes to this setting will apply to new artifacts only. The expiration time will not
+Any changes to this setting applies to new artifacts only. The expiration time is not
 be updated for artifacts created before this setting was changed.
 The administrator may need to manually search for and expire previously-created
 artifacts, as described in the [troubleshooting documentation](../../../administration/troubleshooting/gitlab_rails_cheat_sheet.md#remove-artifacts-more-than-a-week-old).
@@ -117,7 +117,7 @@ All application settings have a [customizable cache expiry interval](../../../ad
 
 If you have enabled shared runners for your GitLab instance, you can limit their
 usage by setting a maximum number of pipeline minutes that a group can use on
-shared runners per month. Setting this to `0` (default value) will grant
+shared runners per month. Setting this to `0` (default value) grants
 unlimited pipeline minutes. While build limits are stored as minutes, the
 counting is done in seconds. Usage resets on the first day of each month.
 On GitLab.com, the quota is calculated based on your
@@ -157,18 +157,18 @@ Archiving jobs is useful for reducing the CI/CD footprint on the system by
 removing some of the capabilities of the jobs (metadata needed to run the job),
 but persisting the traces and artifacts for auditing purposes.
 
-To set the duration for which the jobs will be considered as old and expired:
+To set the duration for which the jobs are considered as old and expired:
 
 1. Go to **Admin Area > Settings > CI/CD**.
 1. Expand the **Continuous Integration and Deployment** section.
 1. Set the value of **Archive jobs**.
 1. Hit **Save changes** for the changes to take effect.
 
-Once that time passes, the jobs will be archived and no longer able to be
+Once that time passes, the jobs are archived and no longer able to be
 retried. Make it empty to never expire jobs. It has to be no less than 1 day,
 for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>.
 
-As of June 22, 2020 the [value is set](../../gitlab_com/index.md#gitlab-cicd) to 3 months on GitLab.com. Jobs created before that date will be archived after September 22, 2020.
+As of June 22, 2020 the [value is set](../../gitlab_com/index.md#gitlab-cicd) to 3 months on GitLab.com. Jobs created before that date were archived after September 22, 2020.
 
 ## Default CI configuration path
 
diff --git a/doc/user/admin_area/settings/help_page.md b/doc/user/admin_area/settings/help_page.md
index 1ac54bdc037..5739c3e4f10 100644
--- a/doc/user/admin_area/settings/help_page.md
+++ b/doc/user/admin_area/settings/help_page.md
@@ -18,13 +18,8 @@ You can add a help message, which is shown on the GitLab `/help` page (e.g.,
 
 1. Navigate to **Admin Area > Settings > Preferences**, then expand **Help page**.
 1. Under **Help page text**, fill in the information you wish to display on `/help`.
-
-   ![help page help message](img/help_page_help_page_text_v12_3.png)
-
 1. Save your changes. You can now see the message on `/help`.
 
-![help message on help page example](img/help_page_help_page_text_ex_v12_3.png)
-
 ## Adding a help message to the login page **(STARTER)**
 
 You can add a help message, which is shown on the GitLab login page in a new section
diff --git a/doc/user/admin_area/settings/img/help_page_help_page_text_ex_v12_3.png b/doc/user/admin_area/settings/img/help_page_help_page_text_ex_v12_3.png
deleted file mode 100644
index 421fa2977f9..00000000000
--- a/doc/user/admin_area/settings/img/help_page_help_page_text_ex_v12_3.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/help_page_help_page_text_v12_3.png b/doc/user/admin_area/settings/img/help_page_help_page_text_v12_3.png
deleted file mode 100644
index 13c17fb118a..00000000000
--- a/doc/user/admin_area/settings/img/help_page_help_page_text_v12_3.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index 60081f2e0bd..a1f4c6a06e2 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -72,7 +72,7 @@ Access the default page for admin area settings by navigating to **Admin Area >
 | Option | Description |
 | ------ | ----------- |
 | [Spam and Anti-bot Protection](../../../integration/recaptcha.md) | Enable reCAPTCHA or Akismet and set IP limits. For reCAPTCHA, we currently only support [v2](https://developers.google.com/recaptcha/docs/versions). |
-| [Abuse reports](../abuse_reports.md) | Set notification email for abuse reports. |
+| [Abuse reports](../review_abuse_reports.md) | Set notification email for abuse reports. |
 
 ## Metrics and profiling
 
@@ -91,6 +91,7 @@ Access the default page for admin area settings by navigating to **Admin Area >
 | ------ | ----------- |
 | Performance optimization | [Write to "authorized_keys" file](../../../administration/operations/fast_ssh_key_lookup.md#setting-up-fast-lookup-via-gitlab-shell) and [Push event activities limit and bulk push events](push_event_activities_limit.md). Various settings that affect GitLab performance. |
 | [User and IP rate limits](user_and_ip_rate_limits.md) | Configure limits for web and API requests. |
+| [Package Registry Rate Limits](package_registry_rate_limits.md) | Configure specific limits for Packages API requests that supersede the user and IP rate limits. |
 | [Outbound requests](../../../security/webhooks.md) | Allow requests to the local network from hooks and services. |
 | [Protected Paths](protected_paths.md) | Configure paths to be protected by Rack Attack. |
 | [Incident Management](../../../operations/incident_management/index.md) Limits | Configure limits on the number of inbound alerts able to be sent to a project. |
@@ -107,6 +108,7 @@ Access the default page for admin area settings by navigating to **Admin Area >
 | Option | Description |
 | ------ | ----------- |
 | [Email](email.md) | Various email settings. |
+| [What's new](../../../administration/whats-new.md) | Configure What's new drawer and content. |
 | [Help page](help_page.md) | Help page text and support page URL. |
 | [Pages](../../../administration/pages/index.md#custom-domain-verification) | Size and domain settings for static websites |
 | [Real-time features](../../../administration/polling.md) | Change this value to influence how frequently the GitLab UI polls for updates. |
diff --git a/doc/user/admin_area/settings/package_registry_rate_limits.md b/doc/user/admin_area/settings/package_registry_rate_limits.md
new file mode 100644
index 00000000000..578b7cd1236
--- /dev/null
+++ b/doc/user/admin_area/settings/package_registry_rate_limits.md
@@ -0,0 +1,33 @@
+---
+stage: Package
+group: Package
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+type: reference
+---
+
+# Package Registry Rate Limits **(FREE SELF)**
+
+Rate limiting is a common technique used to improve the security and durability of a web
+application. For more details, see [Rate limits](../../../security/rate_limits.md). General user and
+IP rate limits can be enforced in **Admin Area > Settings > Network > User and IP rate limits**.
+For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
+
+With the [GitLab Package Registry](../../packages/package_registry/index.md),
+you can use GitLab as a private or public registry for a variety of common package managers. You can
+publish and share packages, which others can consume as a dependency in downstream projects through
+the [Packages API](../../../api/packages.md).
+
+When downloading such dependencies in downstream projects, many requests are made through the
+Packages API. You may therefore reach enforced user and IP rate limits. To address this issue, you
+can define specific rate limits for the Packages API in
+**Admin Area > Settings > Network > Package Registry Rate Limits**:
+
+- Unauthenticated Packages API requests
+- Authenticated Packages API requests
+
+These limits are disabled by default. When enabled, they supersede the general user and IP rate
+limits for requests to the Packages API. You can therefore keep the general user and IP rate limits,
+and increase (if necessary) the rate limits for the Packages API.
+
+Besides this precedence, there are no differences in functionality compared to the general user and
+IP rate limits. For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md
index 7b2928a3873..647f9332119 100644
--- a/doc/user/admin_area/settings/sign_in_restrictions.md
+++ b/doc/user/admin_area/settings/sign_in_restrictions.md
@@ -20,14 +20,12 @@ To access sign-in restriction settings:
 
 You can restrict the password authentication for web interface and Git over HTTP(S):
 
-- **Web interface**: When this feature is disabled, an [external authentication provider](../../../administration/auth/README.md) must be used.
+- **Web interface**: When this feature is disabled, the **Standard** sign-in tab is removed and an [external authentication provider](../../../administration/auth/README.md) must be used.
 - **Git over HTTP(S)**: When this feature is disabled, a [Personal Access Token](../../profile/personal_access_tokens.md) must be used to authenticate.
 
 ## Admin Mode
 
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2158) in GitLab 13.10.
-> - It's [deployed behind the feature flag](../../../user/feature_flags.md) `:user_mode_in_session`, disabled by default.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to enable it.
 
 When this feature is enabled, instance administrators are limited as regular users. During that period,
 they do not have access to all projects, groups, or the **Admin Area** menu.
@@ -81,25 +79,6 @@ If necessary, you can disable **Admin Mode** as an administrator by using one of
   ::Gitlab::CurrentSettings.update_attributes!(admin_mode: false)
   ```
   
-## Enable or disable Admin Mode
-
-Admin Mode is under development and not ready for production use. It is
-deployed behind a feature flag that is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can enable it.
-
-To enable it:
-
-```ruby
-Feature.enable(:user_mode_in_session)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:user_mode_in_session)
-```
-
 ## Two-factor authentication
 
 When this feature is enabled, all users must use the [two-factor authentication](../../profile/account/two_factor_authentication.md).
diff --git a/doc/user/admin_area/settings/user_and_ip_rate_limits.md b/doc/user/admin_area/settings/user_and_ip_rate_limits.md
index ba4ef890caa..9e64dd59a74 100644
--- a/doc/user/admin_area/settings/user_and_ip_rate_limits.md
+++ b/doc/user/admin_area/settings/user_and_ip_rate_limits.md
@@ -133,6 +133,8 @@ The possible names are:
 - `throttle_unauthenticated_protected_paths`
 - `throttle_authenticated_protected_paths_api`
 - `throttle_authenticated_protected_paths_web`
+- `throttle_unauthenticated_packages_api`
+- `throttle_authenticated_packages_api`
 
 For example, to try out throttles for all authenticated requests to
 non-protected paths can be done by setting