Add latest changes from gitlab-org/gitlab@13-12-stable-ee

13 files changed, 249 insertions, 21 deletions

diff --git a/app/controllers/concerns/integrations_actions.rb b/app/controllers/concerns/integrations_actions.rb
index f5a3ec913c2..09087257888 100644
--- a/app/controllers/concerns/integrations_actions.rb
+++ b/app/controllers/concerns/integrations_actions.rb
@@ -48,9 +48,12 @@ module IntegrationsActions
 
   private
 
+  # rubocop: disable Gitlab/ModuleWithInstanceVariables
   def integration
     @integration ||= find_or_initialize_non_project_specific_integration(params[:id])
+    @service ||= @integration # TODO: remove references to @service https://gitlab.com/gitlab-org/gitlab/-/issues/329759
   end
+  # rubocop: enable Gitlab/ModuleWithInstanceVariables
 
   def success_message
     if integration.active?
diff --git a/data/whats_new/202105220001_13_12.yml b/data/whats_new/202105220001_13_12.yml
new file mode 100644
index 00000000000..f298decd75c
--- /dev/null
+++ b/data/whats_new/202105220001_13_12.yml
@@ -0,0 +1,127 @@
+- title: On-demand DAST GA launch
+  body: | 
+     After months of work, we are pleased to announce that our on-demand DAST scanning has reached a General Availability (GA) maturity level. It is ready for usage by anyone who needs to scan an already-deployed application or API outside of a CI/CD pipeline job. With the 13.11 release, we added to on-demand DAST Site profiles the ability to specify authentication information, exclude URLs, add additional request headers, and switch between scanning web applications and APIs. This is in addition to the ability to save scans for quick reusability that was added in 13.9, and the ability to select the branch that a scan is associated with that was added in 13.10. We believe this feature set meets the needs of a majority of GitLab customers.
+
+     As we continue to add features, such as scan scheduling, we expect on-demand DAST scanning to cover an ever-increasing range of use cases. As always, we would love as much feedback about these features as possible. Please let us know how things are working for you by leaving a comment in [issue 327396](https://gitlab.com/gitlab-org/gitlab/-/issues/327396).
+  stage: secure
+  self-managed: true
+  gitlab-com: true
+  packages: [Ultimate]
+  url: https://docs.gitlab.com/ee/user/application_security/dast/#on-demand-scans
+  image_url: https://about.gitlab.com/images/13_12/dast_on_demand_auth.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Filter Project Vulnerability Report by vendor name
+  body: | 
+     GitLab strives to play well with others and security is no exception. We provide many security scanners as part of our Secure offering. We also encourage 3rd party vendors to [integrate their scanning tools](https://docs.gitlab.com/ee/development/integrations/secure.html) using our open API and data interchange formats. A benefit of using GitLab is managing vulnerabilities from multiple scanners in a unified experience. While you were already able to filter by scanner type (SAST, DAST), it wasn't possible to drill down by the tool provider.
+
+     You now have even more granularity when managing vulnerabilities with the new ability to filter by scanner and vendor. You can look at all results across a single vendor's scanners or gain confidence in findings from one scan type (e.g. SAST) that are confirmed by both GitLab and the 3rd party tool. The new filtering capability is available now in Project Vulnerability Reports.
+  stage: secure
+  self-managed: true
+  gitlab-com: true
+  packages: [Ultimate]
+  url: https://docs.gitlab.com/ee/user/application_security/security_dashboard/#vulnerability-report
+  image_url: https://about.gitlab.com/images/13_12/select_scanner_by_vendor.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Lock latest pipeline artifact to prevent deletion
+  body: | 
+     GitLab now automatically locks the latest artifact produced from a successful pipeline on any active branch, merge request, or tag to prevent it from being deleted based on expiration if it is still the most recent artifact. 
+
+     This makes it easier to set a more aggressive expiration policy to clean up older artifacts, helps reduce disk space consumption, and ensures you have always got a copy of the latest artifact from your pipeline. 
+
+     Pipeline artifacts, such as those used by the [test coverage visualization feature](https://docs.gitlab.com/ee/user/project/merge_requests/test_coverage_visualization.html), are not explicitly managed by the `.gitlab-ci.yml` definitions.
+  stage: verify
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in
+  image_url: https://about.gitlab.com/images/growth/verify.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Delete associated package files via API
+  body: | 
+     You use the GitLab Package Registry to publish, install, and share your dependencies. You may do this using a variety of package manager formats, such as Maven or npm. If you do this as part of your CI workflow, you may publish many packages to your registry. When you publish a dependency, it generates several files including the package archive.
+
+     Prior to GitLab 13.12, GitLab didn't provide a way to delete the files from a package. You could only delete the package itself. These extra files can clutter the user interface or result in someone installing an incorrect or outdated dependency.
+
+     In GitLab 13.12, you can now use the Packages API to delete files related to a given package, as well as the package itself. You can easily integrate this new endpoint into your CI workflow and start removing old, unused files. To give you another option for managing your registry, future releases will add the ability to [delete such files through the user interface](https://gitlab.com/gitlab-org/gitlab/-/issues/13537).
+  stage: package
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/api/packages.html#delete-a-package-file
+  image_url: https://about.gitlab.com/images/growth/package.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Configuration tool for Secret Detection
+  body: | 
+    Following in the footsteps of the [GitLab SAST configuration tool](https://docs.gitlab.com/ee/user/application_security/sast/index.html#configure-sast-in-the-ui) we are adding support for Secret Detection on the Security Configuration page. We believe that [security is a team effort](https://about.gitlab.com/direction/secure/#security-is-a-team-effort) and this configuration experience makes it easier for non-CI experts to get started with [GitLab Secret Detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/). The tool helps a user create a merge request to enable Secret Detection scanning while leveraging best configuration practices like using the GitLab-managed [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml). The Configuration tool can create a new `.gitlab-ci.yml` file if one does not exist or update existing simple GitLab CI files, allowing the tool to be used with projects that already have GitLab CI setup.
+  stage: secure
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/user/application_security/configuration/
+  image_url: https://about.gitlab.com/images/13_12/secret_config_button_13_12.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Code quality violation notices in MR diffs
+  body: | 
+    During code reviews, you may have wanted to highlight Code Quality violations and how to resolve them. Previously, this involved having a browser window open to see the violations on the Merge Request summary and another window reviewing the changes in the MR or your IDE. You may have found switching between them too difficult and given up. 
+
+      Now, you can see if the file you are reviewing has new code quality violations that are part of the changes right in the Merge Request diff view. This gives you the necessary context to suggest a fix as part of your normal workflow within GitLab without having to keep additional windows open and context switch back and forth between them.
+  stage: verify
+  self-managed: true
+  gitlab-com: true
+  packages: [Ultimate]
+  url: https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html#code-quality-in-diff-view
+  image_url: https://about.gitlab.com/images/13_12/code-quality-mr-diff-mvc.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Group-level deployment frequency CI/CD chart
+  body: | 
+    As part of our efforts to natively support [DORA4 metrics](https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html#devops-research-and-assessment-dora-key-metrics) in GitLab, the group-level deployment frequency chart is now available. This chart will show the aggregated deployment frequency metrics for all the projects that are part of the group, and allow you to get a full picture of the deployment frequency across multiple projects and teams, so that you can comprehend their efficiency more accurately. Monitoring deployment frequency helps you understand the efficiency of your deployments over time, find bottlenecks, and focus on improvement areas that span across your projects and teams.
+  stage: Release
+  self-managed: true
+  gitlab-com: true
+  packages: [Ultimate]
+  url: https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html#deployment-frequency-charts
+  image_url: https://about.gitlab.com/images/13_12/group_deployment_frequency.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Enforce delayed project removal for all subgroups
+  body: | 
+    Group owners can now enable and enforce [delayed project removal](https://docs.gitlab.com/ee/user/group/#enable-delayed-project-removal) for all subgroups and projects in their group. Delayed project removal protects your data by placing deleted projects in a read-only state after deletion and can be restored, if required. We plan to expand our settings model and allow more settings to be inherited and enforced in subgroups and projects in future milestones. Our new settings management model gives group owners a way to ensure that their subgroups and projects settings adhere to their organization's security and compliance needs. 
+  stage: manage
+  self-managed: true
+  gitlab-com: true
+  packages: [Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/user/group/#enable-delayed-project-removal
+  image_url: https://about.gitlab.com/images/13_12/mushakov_delayed_deletion.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Mobile application binary scanning support
+  body: | 
+     Since GitLab 13.6, we've offered [SAST for Android and iOS mobile projects](https://about.gitlab.com/releases/2020/10/22/gitlab-13-5-released/#sast-support-for-ios-and-android-mobile-apps). Initially our Mobile App SAST supported the automatic detection of Xcode projects and Android manifest files. With this release and contribution from community contributor [@proletarius101](https://gitlab.com/proletarius101), GitLab SAST now also supports the automatic detection of .ipa (iOS) and .apk (Android) binary files enabling the security scanning of fully built mobile application artifacts. This offers mobile teams more flexibility with how they build and scan their mobile projects with GitLab SAST for security vulnerabilities. 
+      Please note that mobile application scanning is still an experimental feature and [requires enabling the experimental flag](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) in your CI template. We will make the mobile application scanner generally available without this flag [in the near future](https://gitlab.com/groups/gitlab-org/-/epics/5977). 
+  stage: secure 
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks
+  image_url: https://about.gitlab.com/images/growth/verify.png
+  published_at: 2021-05-22
+  release: 13.12
+- title: Instance-level Federated Learning of Cohorts (FLoC) opt-in
+  body: | 
+     [Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) is a new type of web tracking, intended to replace the use of third-party cookies. It does this by grouping users into cohorts based on their browsing history, for the primary purpose of interest-based advertising. FLoC is being activated in the Chrome browser in some regions.
+      
+     With GitLab 13.12, FLoC will not incorporate GitLab browsing activity by default. If an instance administrator would like their users' GitLab instance usage to contribute to FLoC, they can re-enable in instance settings.
+  stage: enablement
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/user/admin_area/settings/floc.html
+  image_url: https://about.gitlab.com/images/growth/enablement.png
+  published_at: 2021-05-22
+  release: 13.12
diff --git a/doc/api/groups.md b/doc/api/groups.md
index cbead18ff90..6bec6e0f6f8 100644
--- a/doc/api/groups.md
+++ b/doc/api/groups.md
@@ -722,18 +722,21 @@ Example response:
 }
 ```
 
-### Disabling the results limit
+### Disable the results limit **(FREE SELF)**
 
-The 100 results limit can be disabled if it breaks integrations developed using GitLab
-12.4 and earlier.
+The 100 results limit can break integrations developed using GitLab 12.4 and earlier.
 
-To disable the limit while migrating to using the [list a group's projects](#list-a-groups-projects) endpoint, ask a GitLab administrator
-with Rails console access to run the following command:
+For GitLab 12.5 to GitLab 13.12, the limit can be disabled while migrating to using the
+[list a group's projects](#list-a-groups-projects) endpoint.
+
+Ask a GitLab administrator with Rails console access to run the following command:
 
 ```ruby
 Feature.disable(:limit_projects_in_groups_api)
 ```
 
+For GitLab 14.0 and later, the [limit cannot be disabled](https://gitlab.com/gitlab-org/gitlab/-/issues/257829).
+
 ## New group
 
 Creates a new project group. Available only for users who can create groups.
@@ -918,19 +921,21 @@ Example response:
 }
 ```
 
-### Disabling the results limit
+### Disable the results limit **(FREE SELF)**
 
-The 100 results limit can be disabled if it breaks integrations developed using GitLab
-12.4 and earlier.
+The 100 results limit can break integrations developed using GitLab 12.4 and earlier.
 
-To disable the limit while migrating to using the
-[list a group's projects](#list-a-groups-projects) endpoint, ask a GitLab administrator
-with Rails console access to run the following command:
+For GitLab 12.5 to GitLab 13.12, the limit can be disabled while migrating to using the
+[list a group's projects](#list-a-groups-projects) endpoint.
+
+Ask a GitLab administrator with Rails console access to run the following command:
 
 ```ruby
 Feature.disable(:limit_projects_in_groups_api)
 ```
 
+For GitLab 14.0 and later, the [limit cannot be disabled](https://gitlab.com/gitlab-org/gitlab/-/issues/257829).
+
 ### Options for `shared_runners_setting`
 
 The `shared_runners_setting` attribute determines whether shared runners are enabled for a group's subgroups and projects.
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index dfb91283b50..61eaf0f36d7 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -194,8 +194,10 @@ NOTE:
 For a detailed flow diagram, see the [RFC specification](https://tools.ietf.org/html/rfc6749#section-4.2).
 
 WARNING:
-The Implicit grant flow is inherently insecure. The IETF plans to remove it in
-[OAuth 2.1](https://oauth.net/2.1/).
+Implicit grant flow is inherently insecure and the IETF has removed it in [OAuth 2.1](https://oauth.net/2.1/).
+For this reason, [support for it is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/288516).
+In GitLab 14.0, new applications can't be created using it. In GitLab 14.4, support for it is
+scheduled to be removed for existing applications.
 
 We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
 `application id` (or `client_id`) associated with the access token before granting
diff --git a/doc/user/admin_area/settings/floc.md b/doc/user/admin_area/settings/floc.md
new file mode 100644
index 00000000000..e1d10727341
--- /dev/null
+++ b/doc/user/admin_area/settings/floc.md
@@ -0,0 +1,40 @@
+---
+stage: none
+group: unassigned
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Federated Learning of Cohorts (FLoC) **(FREE SELF)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60933) in GitLab Free 13.12.
+
+Federated Learning of Conhorts (FLoC) is a feature that the Chrome browser has
+rolled out, where users are categorized into different cohorts, so that
+advertisers can use this data to uniquely target and track users. For more
+information, visit the [FLoC repository](https://github.com/WICG/floc).
+
+To avoid users being tracked and categorized in any GitLab instance, FLoC is
+disabled by default by sending the following header:
+
+```plaintext
+Permissions-Policy: interest-cohort=()
+```
+
+To enable it:
+
+1. Go to the Admin Area (**{admin}**) and select **Settings > General**.
+1. Expand **Federated Learning of Cohorts**.
+1. Check the box.
+1. Click **Save changes**.
+
+<!-- ## Troubleshooting
+
+Include any troubleshooting steps that you can foresee. If you know beforehand what issues
+one might have when setting this up, or when something is changed, or on upgrading, it's
+important to describe those, too. Think of things that may go wrong and include them here.
+This is important to minimize requests for support, and to avoid doc comments with
+questions that you know someone might ask.
+
+Each scenario can be a third-level heading, e.g. `### Getting error message X`.
+If you have none to add when creating a doc, leave this section in place
+but commented out to help encourage others to add to it in the future. -->
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index a1f4c6a06e2..a66502d9466 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -28,6 +28,7 @@ Access the default page for admin area settings by navigating to **Admin Area >
 | [External Authentication](external_authorization.md#configuration) | External Classification Policy Authorization |
 | [Web terminal](../../../administration/integration/terminal.md#limiting-websocket-connection-time) | Set max session time for web terminal. |
 | [Web IDE](../../project/web_ide/index.md#enabling-live-preview) | Manage Web IDE Features. |
+| [FLoC](floc.md) | Enable or disable [Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) tracking. |
 
 ## Integrations
 
diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md
index 012992c8a72..f68fb0c5cbb 100644
--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -45,11 +45,11 @@ From the Vulnerability Report you can:
 
 You can filter the vulnerabilities table by:
 
-| Filter  | Available options |
+| Filter   | Available options |
 |:---------|:------------------|
 | Status   | Detected, Confirmed, Dismissed, Resolved. |
 | Severity | Critical, High, Medium, Low, Info, Unknown. |
-| Scanner  | [Available scanners](../index.md#security-scanning-tools). |
+| Scanner  | For more details, see [Scanner filter](#scanner-filter). |
 | Project  | For more details, see [Project filter](#project-filter). |
 | Activity | For more details, see [Activity filter](#activity-filter). |
 
@@ -61,12 +61,27 @@ To filter the list of vulnerabilities:
 1. Select values from the dropdown.
 1. Repeat the above steps for each desired filter.
 
-The vulnerability table is applied immediately. The vulnerability severity totals are also updated.
+After each filter is selected:
+
+- The list of matching vulnerabilities is updated.
+- The vulnerability severity totals are updated.
 
 The filters' criteria are combined to show only vulnerabilities matching all criteria.
 An exception to this behavior is the Activity filter. For more details about how it works, see
 [Activity filter](#activity-filter).
 
+## Scanner filter
+
+The scanner filter allows you to focus on vulnerabilities detected by selected scanners.
+
+When using the scanner filter, you can choose:
+
+- **All scanners** (default).
+- Individual GitLab-provided scanners.
+- Any integrated 3rd-party scanner. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/229661) in GitLab 13.12.
+
+For details of each of the available scanners, see [Security scanning tools](../index.md#security-scanning-tools).
+
 ### Project filter
 
 The content of the Project filter depends on the current level:
@@ -89,8 +104,8 @@ Selection behavior when using the Activity filter:
 
 | Activity selection                  | Results displayed |
 |:------------------------------------|:------------------|
-|  All                                | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this will deselect any other Activity filter options. |
-|  No activity                        | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this will deselect any other Activity filter options. |
+|  All                                | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this deselects any other Activity filter options. |
+|  No activity                        | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this deselects any other Activity filter options. |
 |  With issues                        | Only vulnerabilities with one or more associated issues. Does not include vulnerabilities that also are no longer detected. |
 |  No longer detected                 | Only vulnerabilities that are no longer detected in the latest pipeline scan of the `default` branch. Does not include vulnerabilities with one or more associated issues. |
 |  With issues and No longer detected | Only vulnerabilities that have one or more associated issues and also are no longer detected in the latest pipeline scan of the `default` branch. |
diff --git a/lib/gitlab/email/attachment_uploader.rb b/lib/gitlab/email/attachment_uploader.rb
index 70e281fd4a3..e213adbfcfd 100644
--- a/lib/gitlab/email/attachment_uploader.rb
+++ b/lib/gitlab/email/attachment_uploader.rb
@@ -40,7 +40,7 @@ module Gitlab
       def filter_signature_attachments(message)
         attachments = message.attachments
         content_type = normalize_mime(message.content_type)
-        protocol = normalize_mime(message.content_type_parameters[:protocol])
+        protocol = normalize_mime(message.content_type_parameters&.fetch(:protocol, nil))
 
         if content_type == 'multipart/signed' && protocol
           attachments.delete_if { |attachment| protocol == normalize_mime(attachment.content_type) }
diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb
index f16bd7c735b..34e3be2320b 100644
--- a/lib/google_api/cloud_platform/client.rb
+++ b/lib/google_api/cloud_platform/client.rb
@@ -13,6 +13,10 @@ module GoogleApi
       LEAST_TOKEN_LIFE_TIME = 10.minutes
       CLUSTER_MASTER_AUTH_USERNAME = 'admin'
       CLUSTER_IPV4_CIDR_BLOCK = '/16'
+      # Don't upgrade to > 1.18 before we move away from Basic Auth
+      # See issue: https://gitlab.com/gitlab-org/gitlab/-/issues/331582
+      # Possible solution: https://gitlab.com/groups/gitlab-org/-/epics/6049
+      GKE_VERSION = '1.18'
       CLUSTER_OAUTH_SCOPES = [
         "https://www.googleapis.com/auth/devstorage.read_only",
         "https://www.googleapis.com/auth/logging.write",
@@ -90,6 +94,7 @@ module GoogleApi
           cluster: {
             name: cluster_name,
             initial_node_count: cluster_size,
+            initial_cluster_version: GKE_VERSION,
             node_config: {
               machine_type: machine_type,
               oauth_scopes: CLUSTER_OAUTH_SCOPES
diff --git a/spec/features/merge_request/user_creates_image_diff_notes_spec.rb b/spec/features/merge_request/user_creates_image_diff_notes_spec.rb
index 3cd23764382..cc0d7a279dd 100644
--- a/spec/features/merge_request/user_creates_image_diff_notes_spec.rb
+++ b/spec/features/merge_request/user_creates_image_diff_notes_spec.rb
@@ -278,8 +278,9 @@ RSpec.describe 'Merge request > User creates image diff notes', :js do
   end
 
   def create_image_diff_note
-    expand_text = 'Click to expand it.'
-    page.all('a', text: expand_text, wait: false).each do |element|
+    wait_for_all_requests
+
+    page.all('a', text: 'Click to expand it.', wait: false).each do |element|
       element.click
     end
 
diff --git a/spec/fixtures/emails/no_content_type.eml b/spec/fixtures/emails/no_content_type.eml
new file mode 100644
index 00000000000..18232851bb9
--- /dev/null
+++ b/spec/fixtures/emails/no_content_type.eml
@@ -0,0 +1,18 @@
+Return-path: <frank@example.org>
+Envelope-to: gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black
+Delivery-date: Sun, 23 May 2021 10:28:57 +0100
+Received: from example.plus.com ([212.159.19.195] helo=nut.example.org)
+        by se.example.org with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        (Exim 4.93)
+        (envelope-from <frank@example.org>)
+        id 1lkkPp-009OFG-9z
+        for gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black; Sun, 23 May 2021 10:28:57 +0100
+Received: ***REMOVED***
+To: <gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black>
+X-Mailer: mail (GNU Mailutils 3.10)
+Message-Id: <E1lkkPn-00DuvG-Rf@set>
+From: Frank C Example <frank@example.org>
+Date: Sun, 23 May 2021 10:28:55 +0100
+Subject: Testing Service Desk E-Mail
+
+Test.
diff --git a/spec/lib/gitlab/email/attachment_uploader_spec.rb b/spec/lib/gitlab/email/attachment_uploader_spec.rb
index 6beadb6e1a5..4b4e671f001 100644
--- a/spec/lib/gitlab/email/attachment_uploader_spec.rb
+++ b/spec/lib/gitlab/email/attachment_uploader_spec.rb
@@ -46,5 +46,15 @@ RSpec.describe Gitlab::Email::AttachmentUploader do
         expect(image_link[:url]).to include('gitlab_logo.png')
       end
     end
+
+    context 'with a message with no content type' do
+      let(:message_raw) { fixture_file("emails/no_content_type.eml") }
+
+      it 'uploads all attachments except the signature' do
+        links = described_class.new(message).execute(upload_parent: project, uploader_class: FileUploader)
+
+        expect(links).to eq([])
+      end
+    end
   end
 end
diff --git a/spec/lib/google_api/cloud_platform/client_spec.rb b/spec/lib/google_api/cloud_platform/client_spec.rb
index d217699f79d..b674ae0218f 100644
--- a/spec/lib/google_api/cloud_platform/client_spec.rb
+++ b/spec/lib/google_api/cloud_platform/client_spec.rb
@@ -91,6 +91,7 @@ RSpec.describe GoogleApi::CloudPlatform::Client do
         cluster: {
           name: cluster_name,
           initial_node_count: cluster_size,
+          initial_cluster_version: '1.18',
           node_config: {
             machine_type: machine_type,
             oauth_scopes: [