16 files changed, 45 insertions, 39 deletions

diff --git a/doc/user/admin_area/index.md b/doc/user/admin_area/index.md
index 57a4a746ff0..bc42a35f57a 100644
--- a/doc/user/admin_area/index.md
+++ b/doc/user/admin_area/index.md
@@ -172,6 +172,7 @@ By default, impersonation is enabled. GitLab can be configured to [disable imper
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1772) in GitLab 13.8.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/292436) in GitLab 13.9.
+> - [Moved to delivery by email](https://gitlab.com/gitlab-org/gitlab/-/issues/343859) in GitLab 14.8.
 
 An administrator can export user permissions for all users in the GitLab instance from the Admin Area's Users page.
 The export lists direct membership the users have in groups and projects.
@@ -189,6 +190,11 @@ Only the first 100,000 user accounts are exported.
 
 ![user permission export button](img/export_permissions_v13_11.png)
 
+GitLab creates a CSV file and:
+
+- In GitLab 14.7 and earlier, the file is downloaded in your browser.
+- In GitLab 14.8 and later, the file is sent to your primary email address.
+
 #### Users statistics
 
 The **Users statistics** page provides an overview of user accounts by role. These statistics are
diff --git a/doc/user/analytics/merge_request_analytics.md b/doc/user/analytics/merge_request_analytics.md
index f9ca06c0ef9..06774c3f16a 100644
--- a/doc/user/analytics/merge_request_analytics.md
+++ b/doc/user/analytics/merge_request_analytics.md
@@ -40,7 +40,7 @@ To view the number of merge requests merged per month:
 
 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Analytics > Merge request**.
-1. Optional. Filter results:   
+1. Optional. Filter results:
    1. Select the filter bar.
    1. Select a parameter.
    1. Select a value or enter text to refine the results.
diff --git a/doc/user/analytics/value_stream_analytics.md b/doc/user/analytics/value_stream_analytics.md
index 4bbdccbb765..92c4d447ed9 100644
--- a/doc/user/analytics/value_stream_analytics.md
+++ b/doc/user/analytics/value_stream_analytics.md
@@ -68,7 +68,7 @@ To view the median time spent in each stage:
       - In the **From** field, select a start date.
       - In the **To** field, select an end date.
 1. To view the median time for each stage, above the **Filter results** text box, point to a stage.
-    
+
 ## View the lead time and cycle time for issues
 
 Value stream analytics shows the lead time and cycle time for issues in your project:
@@ -116,7 +116,7 @@ To view deployment metrics, you must have a
 [production environment configured](../../ci/environments/index.md#deployment-tier-of-environments).
 
 Value stream analytics shows the following deployment metrics for your project:  
- 
+
 - Deploys: The number of successful deployments in the date range.
 - Deployment Frequency: The average number of successful deployments per day in the date range.
 
@@ -174,14 +174,14 @@ This example shows a workflow through all seven stages in one day. In this
 example, milestones have been created and CI for testing and setting environments is configured.
 
 - 09:00: Create issue. **Issue** stage starts.
-- 11:00: Add issue to a milestone, start work on the issue, and create a branch locally. 
-**Issue** stage stops and **Plan** stage starts. 
+- 11:00: Add issue to a milestone, start work on the issue, and create a branch locally.
+**Issue** stage stops and **Plan** stage starts.
 - 12:00: Make the first commit.
 - 12:30: Make the second commit to the branch that mentions the issue number. **Plan** stage stops and **Code** stage starts.
 - 14:00: Push branch and create a merge request that contains the [issue closing pattern](../project/issues/managing_issues.md#closing-issues-automatically). **Code** stage stops and **Test** and **Review** stages start.
-- The CI takes 5 minutes to run scripts defined in [`.gitlab-ci.yml`](../../ci/yaml/index.md). 
+- The CI takes 5 minutes to run scripts defined in [`.gitlab-ci.yml`](../../ci/yaml/index.md).
 **Test** stage stops.
-- Review merge request. 
+- Review merge request.
 - 19:00: Merge the merge request. **Review** stage stops and **Staging** stage starts.
 - 19:30: Deployment to the `production` environment starts and finishes. **Staging** stops.
 
@@ -191,7 +191,7 @@ Value stream analytics records the following times for each stage:
 - **Plan**: 11:00 to 12:00: 1 hr
 - **Code**: 12:00 to 14:00: 2 hrs
 - **Test**: 5 minutes
-- **Review**: 14:00 to 19:00: 5 hrs 
+- **Review**: 14:00 to 19:00: 5 hrs
 - **Staging**: 19:00 to 19:30: 30 minutes
 
 There are some additional considerations for this example:
@@ -202,5 +202,5 @@ still collects analytics data for the issue.
 as every merge request should be tested.
 - This example illustrates only one cycle of multiple stages. The value
 stream analytics dashboard shows the calculated median elapsed time for these issues.
-- Value stream analytics identifies production environments based on the 
+- Value stream analytics identifies production environments based on the
 [deployment tier of environments](../../ci/environments/index.md#deployment-tier-of-environments).
diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md
index 4eb721f8832..8e3a23390d6 100644
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -804,7 +804,7 @@ variables:
 
 If the value must be generated or regenerated on expiration, you can provide a program or script for
 the API fuzzer to execute on a specified interval. The provided script runs in an Alpine Linux
-container that has Python 3 and Bash installed. 
+container that has Python 3 and Bash installed.
 
 You have to set the environment variable `FUZZAPI_OVERRIDES_CMD` to the program or script you would like
 to execute. The provided command creates the overrides JSON file as defined previously.
@@ -813,7 +813,7 @@ You might want to install other scripting runtimes like NodeJS or Ruby, or maybe
 your overrides command. In this case, we recommend setting the `FUZZAPI_PRE_SCRIPT` to the file path of a script which
 provides those prerequisites. The script provided by `FUZZAPI_PRE_SCRIPT` is executed once, before the analyzer starts.
 
-See the [Alpine Linux package management](https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management) 
+See the [Alpine Linux package management](https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management)
 page for information about installing Alpine Linux packages.
 
 You must provide three CI/CD variables, each set for correct operation:
diff --git a/doc/user/application_security/dast/checks/200.1.md b/doc/user/application_security/dast/checks/200.1.md
index 98a482b4a0f..9795ad11b0b 100644
--- a/doc/user/application_security/dast/checks/200.1.md
+++ b/doc/user/application_security/dast/checks/200.1.md
@@ -8,13 +8,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 ## Description
 
-A private RFC 1918 was identified in the target application. Public facing websites should not be issuing 
-requests to private IP Addresses. Attackers attempting to execute subsequent attacks, such as Server-Side 
+A private RFC 1918 was identified in the target application. Public facing websites should not be issuing
+requests to private IP Addresses. Attackers attempting to execute subsequent attacks, such as Server-Side
 Request Forgery (SSRF), may be able to use this information to identify additional internal targets.
 
 ## Remediation
 
-Identify the resource that is incorrectly specifying an internal IP address and replace it with it's public 
+Identify the resource that is incorrectly specifying an internal IP address and replace it with it's public
 facing version, or remove the reference from the target application.
 
 ## Details
diff --git a/doc/user/application_security/dast/checks/548.1.md b/doc/user/application_security/dast/checks/548.1.md
index 94f747739c5..d6371c5491d 100644
--- a/doc/user/application_security/dast/checks/548.1.md
+++ b/doc/user/application_security/dast/checks/548.1.md
@@ -8,8 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 ## Description
 
-The target web server is configured to list the contents of directories that do not contain an index file 
-such as `index.html`. This could lead to accidental exposure of sensitive information, or give an attacker 
+The target web server is configured to list the contents of directories that do not contain an index file
+such as `index.html`. This could lead to accidental exposure of sensitive information, or give an attacker
 details on how filenames and directories are structured and stored.
 
 ## Remediation
@@ -17,11 +17,11 @@ details on how filenames and directories are structured and stored.
 Directory indexing should be disabled.
 
 Apache:
-For Apache based web sites, ensure all `<Directory>` definitions have `Options -Indexes` configured in the 
+For Apache based web sites, ensure all `<Directory>` definitions have `Options -Indexes` configured in the
 `apache2.conf` or `httpd.conf` configuration file.
 
 NGINX:
-For NGINX based websites, ensure all `location` definitions have the `autoindex off` directive set in the 
+For NGINX based websites, ensure all `location` definitions have the `autoindex off` directive set in the
 `nginx.conf` file.
 
 IIS:
diff --git a/doc/user/application_security/dast_api/index.md b/doc/user/application_security/dast_api/index.md
index cc20b49764f..839833d9d98 100644
--- a/doc/user/application_security/dast_api/index.md
+++ b/doc/user/application_security/dast_api/index.md
@@ -479,8 +479,8 @@ Follow these steps to provide the bearer token with `DAST_API_OVERRIDES_ENV`:
    `{"headers":{"Authorization":"Bearer dXNlcm5hbWU6cGFzc3dvcmQ="}}` (substitute your token). You
    can create CI/CD variables from the GitLab projects page at **Settings > CI/CD**, in the
    **Variables** section.
-   Due to the format of `TEST_API_BEARERAUTH` it's not possible to mask the variable. 
-   To mask the token's value, you can create a second variable with the token value's, and define 
+   Due to the format of `TEST_API_BEARERAUTH` it's not possible to mask the variable.
+   To mask the token's value, you can create a second variable with the token value's, and define
    `TEST_API_BEARERAUTH` with the value `{"headers":{"Authorization":"Bearer $MASKED_VARIABLE"}}`.
 
 1. In your `.gitlab-ci.yml` file, set `DAST_API_OVERRIDES_ENV` to the variable you just created:
@@ -876,7 +876,7 @@ variables:
 
 If the value must be generated or regenerated on expiration, you can provide a program or script for
 the DAST API scanner to execute on a specified interval. The provided command runs in an Alpine Linux
-container that has Python 3 and Bash installed. 
+container that has Python 3 and Bash installed.
 
 You have to set the environment variable `DAST_API_OVERRIDES_CMD` to the program or script you would like
 to execute. The provided command creates the overrides JSON file as defined previously.
@@ -885,7 +885,7 @@ You might want to install other scripting runtimes like NodeJS or Ruby, or maybe
 your overrides command. In this case, we recommend setting the `DAST_API_PRE_SCRIPT` to the file path of a script which
 provides those prerequisites. The script provided by `DAST_API_PRE_SCRIPT` is executed once, before the analyzer starts.
 
-See the [Alpine Linux package management](https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management) 
+See the [Alpine Linux package management](https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management)
 page for information about installing Alpine Linux packages.
 
 You must provide three CI/CD variables, each set for correct operation:
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 3c0a2caf114..cade8918eab 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -878,12 +878,12 @@ variables:
 
 ## Reports JSON format
 
-SAST outputs a report file in JSON format. The report file contains details of all found vulnerabilities. 
-To download the report file, you can either: 
+SAST outputs a report file in JSON format. The report file contains details of all found vulnerabilities.
+To download the report file, you can either:
 
 - Download the file from the CI/CD pipelines page.
-- In the pipelines tab on merge requests, set [`artifacts: paths`](../../../ci/yaml/index.md#artifactspaths) to `gl-sast-report.json`.  
- 
+- In the pipelines tab on merge requests, set [`artifacts: paths`](../../../ci/yaml/index.md#artifactspaths) to `gl-sast-report.json`.
+
 For information, see [Download job artifacts](../../../ci/pipelines/job_artifacts.md#download-job-artifacts).
 
 For details of the report file's schema, see
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index 336d1027656..a5b6628c211 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -442,9 +442,9 @@ secret_detection:
 
 ### `secret-detection` job fails with `ERR fatal: ambiguous argument` message
 
-Your `secret-detection` job can fail with `ERR fatal: ambiguous argument` error if your 
-repository's default branch is unrelated to the branch the job was triggered for. 
+Your `secret-detection` job can fail with `ERR fatal: ambiguous argument` error if your
+repository's default branch is unrelated to the branch the job was triggered for.
 See issue [!352014](https://gitlab.com/gitlab-org/gitlab/-/issues/352014) for more details.
 
-To resolve the issue, make sure to correctly [set your default branch](../../project/repository/branches/default.md#change-the-default-branch-name-for-a-project) on your repository. You should set it to a branch 
-that has related history with the branch you run the `secret-detection` job on. 
+To resolve the issue, make sure to correctly [set your default branch](../../project/repository/branches/default.md#change-the-default-branch-name-for-a-project) on your repository. You should set it to a branch
+that has related history with the branch you run the `secret-detection` job on.
diff --git a/doc/user/application_security/secret_detection/post_processing.md b/doc/user/application_security/secret_detection/post_processing.md
index 972558c3b95..643da47d876 100644
--- a/doc/user/application_security/secret_detection/post_processing.md
+++ b/doc/user/application_security/secret_detection/post_processing.md
@@ -56,7 +56,7 @@ A vendor revocation receiver service integrates with a GitLab instance to receiv
 a web notification and respond to leaked token requests.
 
 To implement a receiver service to revoke leaked tokens:
- 
+
 1. Create a publicly accessible HTTP service matching the corresponding API contract
    below. Your service should be idempotent and rate-limited.
 1. When a pipeline corresponding to its revocable token type (in the example, `my_api_token`)
diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md
index ba1455ab70a..8a8bc1e9913 100644
--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -7,7 +7,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Vulnerability Report **(ULTIMATE)**
 
-The Vulnerability Report provides information about vulnerabilities from scans of the default branch. It contains cumulative results of all successful jobs, regardless of whether the pipeline was successful. 
+The Vulnerability Report provides information about vulnerabilities from scans of the default branch. It contains cumulative results of all successful jobs, regardless of whether the pipeline was successful.
 
 The scan results from a pipeline are only ingested after all the jobs in the pipeline complete. Partial results for a pipeline with jobs in progress can be seen in the pipeline security tab.
 
diff --git a/doc/user/clusters/agent/ci_cd_tunnel.md b/doc/user/clusters/agent/ci_cd_tunnel.md
index 62b634ea8ff..d74f8ee6f89 100644
--- a/doc/user/clusters/agent/ci_cd_tunnel.md
+++ b/doc/user/clusters/agent/ci_cd_tunnel.md
@@ -21,7 +21,7 @@ Then you can run Kubernetes API commands as part of your GitLab CI/CD pipeline.
 To ensure access to your cluster is safe:
 
 - Each agent has a separate context (`kubecontext`).
-- Only the project where the agent is, and any additional projects you authorize can access the agent in your cluster. 
+- Only the project where the agent is, and any additional projects you authorize can access the agent in your cluster.
 
 You do not need to have a runner in the cluster with the agent.
 
@@ -208,7 +208,7 @@ SPDY protocol.
 [An issue exists](https://gitlab.com/gitlab-org/gitlab/-/issues/346248) to add support for these commands.
 
 ### Grant write permissions to `~/.kube/cache`
- 
+
 Tools like `kubectl`, Helm, `kpt`, and `kustomize` cache information about
 the cluster in `~/.kube/cache`. If this directory is not writable, the tool fetches information on each invocation,
 making interactions slower and creating unnecessary load on the cluster. For the best experience, in the
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index d86bce3f8b6..d1834659204 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -226,7 +226,7 @@ To change the SAML app used for sign in:
 ### Migrate to a different SAML provider
 
 You can migrate to a different SAML provider. During the migration process users will not be able to access any of the SAML groups.
-To mitigate this, you can disable [SSO enforcement](#sso-enforcement). 
+To mitigate this, you can disable [SSO enforcement](#sso-enforcement).
 
 To migrate SAML providers:
 
diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index 546743e0174..f2bf27d0633 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -51,7 +51,7 @@ Once [Group Single Sign-On](index.md) has been configured, we can:
 
 The SAML application that was created during [Single sign-on](index.md) setup for [Azure](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/view-applications-portal) now needs to be set up for SCIM. You can refer to [Azure SCIM setup documentation](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#getting-started).
 
-1. In your app, go to the Provisioning tab, and set the **Provisioning Mode** to **Automatic**. 
+1. In your app, go to the Provisioning tab, and set the **Provisioning Mode** to **Automatic**.
    Then fill in the **Admin Credentials**, and save. The **Tenant URL** and **secret token** are the items
    retrieved in the [previous step](#gitlab-configuration).
 
@@ -60,7 +60,7 @@ The SAML application that was created during [Single sign-on](index.md) setup fo
     - **Settings**: We recommend setting a notification email and selecting the **Send an email notification when a failure occurs** checkbox.
       You also control what is actually synced by selecting the **Scope**. For example, **Sync only assigned users and groups** only syncs the users and groups assigned to the application. Otherwise, it syncs the whole Active Directory.
 
-    - **Mappings**: We recommend keeping **Provision Azure Active Directory Users** enabled, and disable **Provision Azure Active Directory Groups**. 
+    - **Mappings**: We recommend keeping **Provision Azure Active Directory Users** enabled, and disable **Provision Azure Active Directory Groups**.
       Leaving **Provision Azure Active Directory Groups** enabled does not break the SCIM user provisioning, but it causes errors in Azure AD that may be confusing and misleading.
 
 1. You can then test the connection by selecting **Test Connection**. If the connection is successful, save your configuration before moving on. See below for [troubleshooting](#troubleshooting).
diff --git a/doc/user/packages/package_registry/reduce_package_registry_storage.md b/doc/user/packages/package_registry/reduce_package_registry_storage.md
index c2e4cd8d889..f8a1e63a228 100644
--- a/doc/user/packages/package_registry/reduce_package_registry_storage.md
+++ b/doc/user/packages/package_registry/reduce_package_registry_storage.md
@@ -16,7 +16,7 @@ We recommend deleting unnecessary packages and files. This page offers examples
 
 ## Check Package Registry Storage Use
 
-The Usage Quotas page (**Settings > Usage Quotas > Storage**) displays storage usage for Packages. 
+The Usage Quotas page (**Settings > Usage Quotas > Storage**) displays storage usage for Packages.
 
 ## Delete a package
 
diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md
index c2c77f00875..a78226ac2f8 100644
--- a/doc/user/project/settings/project_access_tokens.md
+++ b/doc/user/project/settings/project_access_tokens.md
@@ -24,7 +24,7 @@ Project access tokens are similar to [group access tokens](../../group/settings/
 and [personal access tokens](../../profile/personal_access_tokens.md), except they are
 associated with a project rather than a group or user.
 
-In self-managed instances, project access tokens are subject to the same [maximum lifetime limits](../../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-personal-access-tokens) as personal access tokens if the limit is set. 
+In self-managed instances, project access tokens are subject to the same [maximum lifetime limits](../../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-personal-access-tokens) as personal access tokens if the limit is set.
 
 You can use project access tokens: