Add latest changes from gitlab-org/gitlab@master

4 files changed, 43 insertions, 31 deletions

diff --git a/doc/.vale/gitlab/spelling-exceptions.txt b/doc/.vale/gitlab/spelling-exceptions.txt
index 1798513b82b..2f17064e27b 100644
--- a/doc/.vale/gitlab/spelling-exceptions.txt
+++ b/doc/.vale/gitlab/spelling-exceptions.txt
@@ -167,6 +167,7 @@ GitHub
 GitLab
 gitlabsos
 Gitleaks
+Gitpod
 Gitter
 globals
 Gmail
diff --git a/doc/integration/gitpod.md b/doc/integration/gitpod.md
index 05f129e6049..6c8285f75f8 100644
--- a/doc/integration/gitpod.md
+++ b/doc/integration/gitpod.md
@@ -10,45 +10,55 @@ info: "To determine the technical writer assigned to the Stage/Group associated
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/228893) in GitLab 13.4.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/258206) in GitLab 13.8
 
-With [Gitpod](https://gitpod.io/) you can describe your dev environment as code to get fully set
-up, compiled, and tested dev environments for any GitLab project. The dev environments are not only
-automated but also prebuilt which means that Gitpod continuously builds your Git branches like a CI
-server. By that you don’t have to wait for dependencies to be downloaded and builds to finish, but
-you can start coding immediately.
+With [Gitpod](https://gitpod.io/) you can describe your development environment as code to get fully
+set up, compiled, and tested development environments for any GitLab project. The development
+environments are not only automated but also prebuilt which means that Gitpod continuously builds
+your Git branches like a CI/CD server.
 
-In short: With Gitpod you can start coding instantly on any project, branch, and merge request from
-any device, at any time.
+This means you don't have to wait for dependencies to be downloaded and builds to finish, you can start
+coding immediately. With Gitpod you can start coding instantly on any project, branch, and merge
+request from any device, at any time.
 
-![Gitpod interface](img/gitpod_web_interface_v13_4.png)
+To use the GitLab Gitpod integration, it must be enabled for your GitLab instance. Users of:
 
-You can launch Gitpod directly from GitLab by clicking the **Gitpod** button from the **Web IDE**
-dropdown on the project page:
-
-![Gitpod Button on Project Page](img/gitpod_button_project_page_v13_4.png)
+- GitLab.com can use it immediately after it's [enabled in their user settings](#enable-gitpod-in-your-user-settings).
+- GitLab self-managed instances can use it after:
+  1. It's [enabled and configured by a GitLab administrator](#configure-a-self-managed-instance).
+  1. It's [enabled in their user settings](#enable-gitpod-in-your-user-settings).
 
 To learn more about Gitpod, see their [features](https://www.gitpod.io/features/) and
 [documentation](https://www.gitpod.io/docs/).
 
-To use the GitLab-Gitpod integration, you need to enable it from your user preferences:
+## Enable Gitpod in your user settings
+
+With the Gitpod integration enabled for your GitLab instance, to enable it for yourself:
+
+1. Select your avatar in the top-right corner, then select **Settings > Preferences**.
+1. Under **Integrations**, locate the **Gitpod** section.
+1. Check the **Enable Gitpod integration** checkbox and select the **Save changes** button.
 
-1. From the GitLab UI, click your avatar in the top-right corner, then click **Settings**.
-1. On the left-hand nav, click **Preferences**.
-1. Under **Integrations**, find the **Gitpod** section.
-1. Check **Enable Gitpod**.
+## Configure a self-managed instance **(CORE ONLY)**
 
-Users of GitLab.com can enable it and start using straightaway. Users of GitLab self-managed instances
-can follow the same steps once the integration has been enabled and configured by a GitLab administrator.
+For GitLab self-managed instances, a GitLab administrator needs to:
 
-## Configure your GitLab instance with Gitpod **(CORE ONLY)**
+1. Set up a Gitpod instance to integrate with GitLab. Refer to the [Gitpod documentation](https://www.gitpod.io/docs/self-hosted/latest/self-hosted/)
+   to get your instance up and running.
+1. Enable it in GitLab:
+   1. Go to **Admin Area > Settings > General**.
+   1. Expand the **Gitpod** configuration section.
+   1. Check the **Enable Gitpod integration** checkbox.
+   1. Add your Gitpod instance URL (for example, `https://gitpod.example.com`).
+   1. Select the **Save changes** button.
 
-The integration of Gitpod with GitLab is enabled on GitLab.com and available to all users.
-For GitLab self-managed instances, a GitLab administrator needs to enable it through the admin settings.
+Your users then need to [enable it for themselves](#enable-gitpod-in-your-user-settings).
 
-First, you (GitLab admin) need to set up a Gitpod instance to integrate with GitLab.
-Head over to the [Gitpod documentation](https://www.gitpod.io/docs/self-hosted/latest/self-hosted/) to
-get your instance up and running. Once done:
+## Launch Gitpod in GitLab
 
-1. In GitLab, go to **Admin Area > Settings > General**.
-1. Expand the **Gitpod** configuration section.
-1. Check **Enable Gitpod**.
-1. Add your Gitpod instance URL (for example, `https://gitpod.example.com`).
+You can launch Gitpod directly from GitLab by clicking the **Gitpod** button from the **Web IDE**
+dropdown on the project page:
+
+![Gitpod Button on Project Page](img/gitpod_button_project_page_v13_4.png)
+
+A project launched in GitLab looks like:
+
+![Gitpod interface](img/gitpod_web_interface_v13_4.png)
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 395a8702d1b..3ce60aa31e8 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -570,7 +570,7 @@ DAST can be [configured](#customizing-the-dast-settings) using environment varia
 | `DAST_PASSWORD_FIELD` | string | The name of password field at the sign-in HTML form. |
 | `DAST_SKIP_TARGET_CHECK` | boolean | Set to `true` to prevent DAST from checking that the target is available before scanning. Default: `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/229067) in GitLab 13.8. |
 | `DAST_MASK_HTTP_HEADERS` | string | Comma-separated list of request and response headers to be masked (GitLab 13.1). Must contain **all** headers to be masked. Refer to [list of headers that are masked by default](#hide-sensitive-information). |
-| `DAST_EXCLUDE_URLS` | URLs | The URLs to skip during the authenticated scan; comma-separated. Regular expression syntax can be used to match multiple URLs. For example, `.*` matches an arbitrary character sequence. Not supported for API scans. In [GitLab 13.7 and earlier](https://gitlab.com/gitlab-org/security-products/dast/-/merge_requests/367), was `DAST_AUTH_EXCLUDE_URLS` (which we plan to support until GitLab 14.0). |
+| `DAST_EXCLUDE_URLS` | URLs | The URLs to skip during the authenticated scan; comma-separated. Regular expression syntax can be used to match multiple URLs. For example, `.*` matches an arbitrary character sequence. Not supported for API scans. |
 | `DAST_FULL_SCAN_ENABLED` | boolean | Set to `true` to run a [ZAP Full Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan) instead of a [ZAP Baseline Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan). Default: `false` |
 | `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` | boolean | Set to `true` to require [domain validation](#domain-validation) when running DAST full scans. Not supported for API scans. Default: `false` |
 | `DAST_AUTO_UPDATE_ADDONS` | boolean | ZAP add-ons are pinned to specific versions in the DAST Docker image. Set to `true` to download the latest versions when the scan starts. Default: `false` |
@@ -590,6 +590,7 @@ DAST can be [configured](#customizing-the-dast-settings) using environment varia
 | `DAST_FIRST_SUBMIT_FIELD` | string | The `id` or `name` of the element that when clicked submits the username form of a multi-page login process. [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/9894) in GitLab 12.4. |
 | `DAST_ZAP_CLI_OPTIONS` | string | ZAP server command-line options. For example, `-Xmx3072m` would set the Java maximum memory allocation pool size. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. |
 | `DAST_ZAP_LOG_CONFIGURATION` | string | Set to a semicolon-separated list of additional log4j properties for the ZAP Server. For example, `log4j.logger.org.parosproxy.paros.network.HttpSender=DEBUG;log4j.logger.com.crawljax=DEBUG` |
+| `DAST_AUTH_EXCLUDE_URLS` | URLs | [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/289959) in GitLab 13.8, to be removed in 14.0, and replaced by `DAST_EXCLUDE_URLS`. The URLs to skip during the authenticated scan; comma-separated. Regular expression syntax can be used to match multiple URLs. For example, `.*` matches an arbitrary character sequence. Not supported for API scans. |
 
 ### DAST command-line options
 
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index 417ce70665c..2d6cb7956ea 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -261,7 +261,7 @@ vulnerability as you learn more over time.
 
 #### Dismissing multiple vulnerabilities
 
-> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
 
 You can dismiss multiple vulnerabilities at once, providing an optional reason.
 Selecting the checkboxes on the side of each vulnerability in the list selects that individual vulnerability.