10 files changed, 22 insertions, 10 deletions

diff --git a/lib/api/groups.rb b/lib/api/groups.rb
index 6c88b61eee8..52fa3f8a68e 100644
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -31,7 +31,7 @@ module API
         find_params = params.slice(:all_available, :custom_attributes, :owned, :min_access_level)
         find_params[:parent] = find_group!(parent_id) if parent_id
         find_params[:all_available] =
-          find_params.fetch(:all_available, current_user&.full_private_access?)
+          find_params.fetch(:all_available, current_user&.can_read_all_resources?)
 
         groups = GroupsFinder.new(current_user, find_params).execute
         groups = groups.search(params[:search]) if params[:search].present?
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index d15784bb1ab..37cb6d6a639 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -213,9 +213,9 @@ module API
       unauthorized! unless Devise.secure_compare(secret_token, input)
     end
 
-    def authenticated_with_full_private_access!
+    def authenticated_with_can_read_all_resources!
       authenticate!
-      forbidden! unless current_user.full_private_access?
+      forbidden! unless current_user.can_read_all_resources?
     end
 
     def authenticated_as_admin!
diff --git a/lib/api/helpers/project_snapshots_helpers.rb b/lib/api/helpers/project_snapshots_helpers.rb
index 13cec1bfd5c..e708dbf0156 100644
--- a/lib/api/helpers/project_snapshots_helpers.rb
+++ b/lib/api/helpers/project_snapshots_helpers.rb
@@ -6,7 +6,7 @@ module API
       prepend_if_ee('::EE::API::Helpers::ProjectSnapshotsHelpers') # rubocop: disable Cop/InjectEnterpriseEditionModule
 
       def authorize_read_git_snapshot!
-        authenticated_with_full_private_access!
+        authenticated_with_can_read_all_resources!
       end
 
       def send_git_snapshot(repository)
diff --git a/lib/api/keys.rb b/lib/api/keys.rb
index 8f2fd8cbae2..8f837107192 100644
--- a/lib/api/keys.rb
+++ b/lib/api/keys.rb
@@ -24,9 +24,11 @@ module API
         requires :fingerprint, type: String, desc: 'Search for a SSH fingerprint'
       end
       get do
-        authenticated_with_full_private_access!
+        authenticated_with_can_read_all_resources!
 
-        key = KeysFinder.new(current_user, params).execute
+        finder_params = params.merge(key_type: 'ssh')
+
+        key = KeysFinder.new(current_user, finder_params).execute
 
         not_found!('Key') unless key
         present key, with: Entities::SSHKeyWithUser, current_user: current_user
diff --git a/lib/api/pages.rb b/lib/api/pages.rb
index e049493b10d..39c8f1e6bdf 100644
--- a/lib/api/pages.rb
+++ b/lib/api/pages.rb
@@ -4,7 +4,7 @@ module API
   class Pages < Grape::API
     before do
       require_pages_config_enabled!
-      authenticated_with_full_private_access!
+      authenticated_with_can_read_all_resources!
     end
 
     params do
diff --git a/lib/api/pages_domains.rb b/lib/api/pages_domains.rb
index 2d02a4e624c..9f8c1e4f916 100644
--- a/lib/api/pages_domains.rb
+++ b/lib/api/pages_domains.rb
@@ -37,7 +37,7 @@ module API
     resource :pages do
       before do
         require_pages_config_enabled!
-        authenticated_with_full_private_access!
+        authenticated_with_can_read_all_resources!
       end
 
       desc "Get all pages domains" do
diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
index bdbce9edd97..e531f6316e1 100644
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -47,6 +47,7 @@ dependency_scanning:
           DS_PULL_ANALYZER_IMAGE_TIMEOUT \
           DS_RUN_ANALYZER_TIMEOUT \
           DS_PYTHON_VERSION \
+          DS_PIP_VERSION \
           DS_PIP_DEPENDENCY_PATH \
           PIP_INDEX_URL \
           PIP_EXTRA_INDEX_URL \
diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb
index a1d462ea9f5..082d93aa354 100644
--- a/lib/gitlab/visibility_level.rb
+++ b/lib/gitlab/visibility_level.rb
@@ -29,7 +29,7 @@ module Gitlab
       def levels_for_user(user = nil)
         return [PUBLIC] unless user
 
-        if user.full_private_access?
+        if user.can_read_all_resources?
           [PRIVATE, INTERNAL, PUBLIC]
         elsif user.external?
           [PUBLIC]
diff --git a/lib/gitlab/webpack/manifest.rb b/lib/gitlab/webpack/manifest.rb
index 1d2aff5e5b4..d2c01bbd55e 100644
--- a/lib/gitlab/webpack/manifest.rb
+++ b/lib/gitlab/webpack/manifest.rb
@@ -12,11 +12,12 @@ module Gitlab
         def entrypoint_paths(source)
           raise ::Webpack::Rails::Manifest::WebpackError, manifest["errors"] unless manifest_bundled?
 
+          dll_assets = manifest.fetch("dllAssets", [])
           entrypoint = manifest["entrypoints"][source]
           if entrypoint && entrypoint["assets"]
             # Can be either a string or an array of strings.
             # Do not include source maps as they are not javascript
-            [entrypoint["assets"]].flatten.reject { |p| p =~ /.*\.map$/ }.map do |p|
+            [dll_assets, entrypoint["assets"]].flatten.reject { |p| p =~ /.*\.map$/ }.map do |p|
               "/#{::Rails.configuration.webpack.public_path}/#{p}"
             end
           else
diff --git a/lib/tasks/gitlab/assets.rake b/lib/tasks/gitlab/assets.rake
index 7a42e4e92a0..3aa1dc403d6 100644
--- a/lib/tasks/gitlab/assets.rake
+++ b/lib/tasks/gitlab/assets.rake
@@ -8,6 +8,7 @@ namespace :gitlab do
         yarn:check
         gettext:po_to_json
         rake:assets:precompile
+        gitlab:assets:vendor
         webpack:compile
         gitlab:assets:fix_urls
       ].each(&Gitlab::TaskHelpers.method(:invoke_and_time_task))
@@ -49,5 +50,12 @@ namespace :gitlab do
         end
       end
     end
+
+    desc 'GitLab | Assets | Compile vendor assets'
+    task :vendor do
+      unless system('yarn webpack-vendor')
+        abort 'Error: Unable to compile webpack DLL.'.color(:red)
+      end
+    end
   end
 end