From 5231344d99fd052e193243041dc180ed26cfe2ac Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 11 Feb 2021 15:09:11 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .haml-lint_todo.yml | 1 - CHANGELOG.md | 43 ++ GITALY_SERVER_VERSION | 2 +- GITLAB_SHELL_VERSION | 2 +- .../behaviors/shortcuts/shortcuts.js | 75 +-- .../behaviors/shortcuts/shortcuts_help.vue | 525 +++++++++++++++++ .../notes/components/comment_form.vue | 50 +- .../notes/components/note_header.vue | 6 +- .../projects/security/configuration/index.js | 3 + .../pages/projects/serverless/index.js | 6 +- .../registry/explorer/constants/list.js | 10 +- ...ntainer_repositories_details.query.graphql | 19 +- .../registry/explorer/pages/list.vue | 52 +- .../security_configuration/components/app.vue | 23 + .../components/configuration_table.vue | 97 ++++ .../components/features_constants.js | 112 ++++ .../components/manage_sast.vue | 57 ++ .../components/upgrade.vue | 26 + .../graphql/configure_sast.mutation.graphql | 6 + .../security_configuration/index.js | 29 + .../reviewers/uncollapsed_reviewer_list.vue | 66 +-- .../javascripts/sidebar/sidebar_mediator.js | 4 +- .../components/states/ready_to_merge.vue | 5 +- .../states/ready_to_merge.fragment.graphql | 1 + .../vue_shared/security_reports/constants.js | 6 + app/controllers/concerns/notes_actions.rb | 3 +- app/controllers/concerns/redis_tracking.rb | 16 +- app/controllers/concerns/snippets_actions.rb | 2 +- app/controllers/concerns/wiki_actions.rb | 3 +- app/controllers/projects/blob_controller.rb | 2 +- app/controllers/projects/issues_controller.rb | 1 + .../projects/pipelines_controller.rb | 1 + app/controllers/search_controller.rb | 2 +- .../get_container_repositories.query.graphql | 19 +- app/graphql/types/user_type.rb | 3 + app/models/ci/pipeline.rb | 1 + app/models/commit_status.rb | 1 + app/models/member.rb | 19 + .../project_services/prometheus_service.rb | 12 +- app/models/project_statistics.rb | 1 + app/policies/project_policy.rb | 5 + .../ci/abort_project_pipelines_service.rb | 25 + .../ci/cancel_user_pipelines_service.rb | 1 + .../design_management/save_designs_service.rb | 1 - app/services/members/create_service.rb | 13 +- app/services/projects/destroy_service.rb | 3 + .../registry/repositories/index.html.haml | 2 +- app/views/help/_shortcuts.html.haml | 353 ----------- app/views/help/shortcuts.js.haml | 3 - .../commit/_signature_badge.html.haml | 2 +- .../registry/repositories/index.html.haml | 2 +- .../security/configuration/show.html.haml | 2 +- ...-allow-set-confidential-note-attribute.yml | 5 + .../unreleased/267140-add-user-bot-gql.yml | 5 + ...ort-order-of-the-image-repository-list.yml | 5 + ...paceonboardingaction-model-to-onboardi.yml | 5 + ...es-burnup_charts_spec-rb-burnup-charts.yml | 5 + ...io-bulkimports-import-group-membership.yml | 5 + .../unreleased/khanchi-designs-patch2.yml | 5 - changelogs/unreleased/link-new-line-gpg.yml | 5 + ...tage-reduce-db-updates-ci-minute-reset.yml | 5 + .../abort_deleted_project_pipelines.yml | 8 + .../development/confidential_notes.yml | 8 + config/known_invalid_graphql_queries.yml | 1 + ...033527_add_daily_invites_to_plan_limits.rb | 9 + ...033723_insert_daily_invites_plan_limits.rb | 25 + ...ign_key_on_namespace_onboarding_actions.rb | 19 + ...move_namespace_onboarding_actions_table.rb | 23 + db/schema_migrations/20201007033527 | 1 + db/schema_migrations/20201007033723 | 1 + db/schema_migrations/20210205143926 | 1 + db/schema_migrations/20210205144537 | 1 + db/structure.sql | 27 +- doc/administration/instance_limits.md | 7 + .../graphql/reference/gitlab_schema.graphql | 5 + doc/api/graphql/reference/gitlab_schema.json | 18 + doc/api/graphql/reference/index.md | 1 + doc/api/issues.md | 4 +- doc/development/fe_guide/style/html.md | 32 + doc/development/usage_ping.md | 9 +- .../img/confidential_comments_v13_9.png | Bin 0 -> 18739 bytes doc/user/discussions/index.md | 122 ++-- doc/user/permissions.md | 2 + doc/user/project/integrations/prometheus.md | 2 + doc/user/project/settings/index.md | 10 +- lib/api/lint.rb | 4 +- lib/api/merge_request_approvals.rb | 2 + lib/api/merge_request_diffs.rb | 4 + lib/api/merge_requests.rb | 11 + lib/api/todos.rb | 5 + .../groups/graphql/get_members_query.rb | 55 ++ .../groups/loaders/members_loader.rb | 17 + .../groups/pipelines/members_pipeline.rb | 31 + .../member_attributes_transformer.rb | 56 ++ lib/bulk_imports/importers/group_importer.rb | 1 + .../auth/otp/strategies/forti_token_cloud.rb | 3 +- .../ci/pipeline/chain/validate/abilities.rb | 4 + lib/gitlab/gon_helper.rb | 1 - lib/gitlab/tree_summary.rb | 51 +- .../usage/metrics/aggregates/aggregate.rb | 2 +- .../usage_data_counters/hll_redis_counter.rb | 8 + lib/uploaded_file.rb | 10 - locale/gitlab.pot | 55 +- .../concerns/redis_tracking_spec.rb | 137 ++--- .../projects/blob_controller_spec.rb | 4 +- .../projects/notes_controller_spec.rb | 38 +- .../projects/refs_controller_spec.rb | 12 - spec/controllers/search_controller_spec.rb | 2 +- spec/controllers/snippets_controller_spec.rb | 2 +- spec/factories/projects.rb | 7 +- spec/features/help_pages_spec.rb | 2 +- .../projects/user_uses_shortcuts_spec.rb | 7 +- .../notes/components/comment_form_spec.js | 128 +++- .../registry/explorer/pages/list_spec.js | 59 +- .../security_configuration/app_spec.js | 27 + .../configuration_table_spec.js | 48 ++ .../manage_sast_spec.js | 136 +++++ .../security_configuration/upgrade_spec.js | 29 + .../uncollapsed_reviewer_list_spec.js | 91 +++ spec/frontend/sidebar/user_data_mock.js | 2 + .../design_management/upload_spec.rb | 9 +- spec/graphql/types/user_type_spec.rb | 1 + .../groups/graphql/get_members_query_spec.rb | 34 ++ .../groups/loaders/members_loader_spec.rb | 42 ++ .../groups/pipelines/members_pipeline_spec.rb | 85 +++ .../member_attributes_transformer_spec.rb | 101 ++++ .../importers/group_importer_spec.rb | 3 +- .../otp/strategies/forti_token_cloud_spec.rb | 21 +- .../pipeline/chain/validate/abilities_spec.rb | 8 + spec/lib/gitlab/tree_summary_spec.rb | 75 +++ .../metrics/aggregates/aggregate_spec.rb | 6 + .../ci_template_unique_counter_spec.rb | 2 +- .../hll_redis_counter_spec.rb | 32 +- spec/lib/uploaded_file_spec.rb | 14 - .../insert_daily_invites_plan_limits_spec.rb | 55 ++ spec/models/ci/pipeline_spec.rb | 10 +- spec/models/member_spec.rb | 52 ++ spec/models/plan_limits_spec.rb | 1 + .../prometheus_service_spec.rb | 61 +- spec/policies/project_policy_spec.rb | 72 +++ spec/requests/api/lint_spec.rb | 182 ++++-- .../api/merge_request_approvals_spec.rb | 6 + spec/requests/api/merge_request_diffs_spec.rb | 12 + spec/requests/api/merge_requests_spec.rb | 30 + .../api/npm_instance_packages_spec.rb | 2 +- .../requests/api/npm_project_packages_spec.rb | 34 +- spec/requests/api/project_attributes.yml | 149 +++++ spec/requests/api/projects_spec.rb | 51 ++ spec/requests/api/terraform/state_spec.rb | 2 +- spec/requests/api/todos_spec.rb | 8 + .../abort_project_pipelines_service_spec.rb | 42 ++ .../save_designs_service_spec.rb | 20 +- .../services/projects/destroy_service_spec.rb | 6 + .../refinements/fixture_file_refinements.rb | 26 - spec/support/renameable_upload.rb | 15 + .../api/npm_packages_shared_context.rb | 15 +- .../controllers/unique_hll_events_examples.rb | 12 +- .../wiki_actions_shared_examples.rb | 2 +- .../api/merge_requests_shared_examples.rb | 23 + .../api/npm_packages_shared_examples.rb | 548 +++++++++++------- .../api/npm_packages_tags_shared_examples.rb | 190 ++++++ .../api/packages_tags_shared_examples.rb | 185 ------ 162 files changed, 4043 insertions(+), 1357 deletions(-) create mode 100644 app/assets/javascripts/behaviors/shortcuts/shortcuts_help.vue create mode 100644 app/assets/javascripts/pages/projects/security/configuration/index.js create mode 100644 app/assets/javascripts/security_configuration/components/app.vue create mode 100644 app/assets/javascripts/security_configuration/components/configuration_table.vue create mode 100644 app/assets/javascripts/security_configuration/components/features_constants.js create mode 100644 app/assets/javascripts/security_configuration/components/manage_sast.vue create mode 100644 app/assets/javascripts/security_configuration/components/upgrade.vue create mode 100644 app/assets/javascripts/security_configuration/graphql/configure_sast.mutation.graphql create mode 100644 app/assets/javascripts/security_configuration/index.js create mode 100644 app/services/ci/abort_project_pipelines_service.rb delete mode 100644 app/views/help/_shortcuts.html.haml delete mode 100644 app/views/help/shortcuts.js.haml create mode 100644 changelogs/unreleased/207473-allow-set-confidential-note-attribute.yml create mode 100644 changelogs/unreleased/267140-add-user-bot-gql.yml create mode 100644 changelogs/unreleased/290302-update-the-default-sort-order-of-the-image-repository-list.yml create mode 100644 changelogs/unreleased/296754-followup-from-refactor-namespaceonboardingaction-model-to-onboardi.yml create mode 100644 changelogs/unreleased/297346-flaky-spec-in-ee-spec-features-burnup_charts_spec-rb-burnup-charts.yml create mode 100644 changelogs/unreleased/kassio-bulkimports-import-group-membership.yml delete mode 100644 changelogs/unreleased/khanchi-designs-patch2.yml create mode 100644 changelogs/unreleased/link-new-line-gpg.yml create mode 100644 changelogs/unreleased/mc-backstage-reduce-db-updates-ci-minute-reset.yml create mode 100644 config/feature_flags/development/abort_deleted_project_pipelines.yml create mode 100644 config/feature_flags/development/confidential_notes.yml create mode 100644 db/migrate/20201007033527_add_daily_invites_to_plan_limits.rb create mode 100644 db/migrate/20201007033723_insert_daily_invites_plan_limits.rb create mode 100644 db/migrate/20210205143926_remove_namespace_id_foreign_key_on_namespace_onboarding_actions.rb create mode 100644 db/post_migrate/20210205144537_remove_namespace_onboarding_actions_table.rb create mode 100644 db/schema_migrations/20201007033527 create mode 100644 db/schema_migrations/20201007033723 create mode 100644 db/schema_migrations/20210205143926 create mode 100644 db/schema_migrations/20210205144537 create mode 100644 doc/user/discussions/img/confidential_comments_v13_9.png create mode 100644 lib/bulk_imports/groups/graphql/get_members_query.rb create mode 100644 lib/bulk_imports/groups/loaders/members_loader.rb create mode 100644 lib/bulk_imports/groups/pipelines/members_pipeline.rb create mode 100644 lib/bulk_imports/groups/transformers/member_attributes_transformer.rb create mode 100644 spec/frontend/security_configuration/app_spec.js create mode 100644 spec/frontend/security_configuration/configuration_table_spec.js create mode 100644 spec/frontend/security_configuration/manage_sast_spec.js create mode 100644 spec/frontend/security_configuration/upgrade_spec.js create mode 100644 spec/frontend/sidebar/components/reviewers/uncollapsed_reviewer_list_spec.js create mode 100644 spec/lib/bulk_imports/groups/graphql/get_members_query_spec.rb create mode 100644 spec/lib/bulk_imports/groups/loaders/members_loader_spec.rb create mode 100644 spec/lib/bulk_imports/groups/pipelines/members_pipeline_spec.rb create mode 100644 spec/lib/bulk_imports/groups/transformers/member_attributes_transformer_spec.rb create mode 100644 spec/migrations/insert_daily_invites_plan_limits_spec.rb create mode 100644 spec/requests/api/project_attributes.yml create mode 100644 spec/services/ci/abort_project_pipelines_service_spec.rb delete mode 100644 spec/support/refinements/fixture_file_refinements.rb create mode 100644 spec/support/renameable_upload.rb create mode 100644 spec/support/shared_examples/requests/api/merge_requests_shared_examples.rb create mode 100644 spec/support/shared_examples/requests/api/npm_packages_tags_shared_examples.rb delete mode 100644 spec/support/shared_examples/requests/api/packages_tags_shared_examples.rb diff --git a/.haml-lint_todo.yml b/.haml-lint_todo.yml index bb546632335..7f1a7ff4cb6 100644 --- a/.haml-lint_todo.yml +++ b/.haml-lint_todo.yml @@ -109,7 +109,6 @@ linters: - 'app/views/groups/runners/edit.html.haml' - 'app/views/groups/settings/_advanced.html.haml' - 'app/views/groups/settings/_lfs.html.haml' - - 'app/views/help/_shortcuts.html.haml' - 'app/views/help/index.html.haml' - 'app/views/help/instance_configuration.html.haml' - 'app/views/help/instance_configuration/_gitlab_ci.html.haml' diff --git a/CHANGELOG.md b/CHANGELOG.md index d0688ebf570..ea9b789ce05 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.8.4 (2021-02-11) + +### Security (9 changes) + +- Cancel running and pending jobs when a project is deleted. !1220 +- Prevent Denial of Service Attack on gitlab-shell. +- Prevent exposure of confidential issue titles in file browser. +- Updates authorization for linting API. +- Check user access on API merge request read actions. +- Limit daily invitations to groups and projects. +- Enforce the analytics enabled project setting for project-level analytics features. +- Perform SSL verification for FortiTokenCloud Integration. +- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP. + + ## 13.8.3 (2021-02-05) ### Fixed (2 changes) @@ -387,6 +402,21 @@ entry. - Add verbiage + link sast to show it's in core. !51935 +## 13.7.7 (2021-02-11) + +### Security (9 changes) + +- Cancel running and pending jobs when a project is deleted. !1220 +- Prevent Denial of Service Attack on gitlab-shell. +- Prevent exposure of confidential issue titles in file browser. +- Updates authorization for linting API. +- Check user access on API merge request read actions. +- Limit daily invitations to groups and projects. +- Enforce the analytics enabled project setting for project-level analytics features. +- Perform SSL verification for FortiTokenCloud Integration. +- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP. + + ## 13.7.6 (2021-02-01) ### Security (5 changes) @@ -908,6 +938,19 @@ entry. - Update GitLab Workhorse to v8.57.0. +## 13.6.7 (2021-02-11) + +### Security (7 changes) + +- Cancel running and pending jobs when a project is deleted. !1220 +- Updates authorization for linting API. +- Prevent exposure of confidential issue titles in file browser. +- Check user access on API merge request read actions. +- Prevent Denial of Service Attack on gitlab-shell. +- Limit daily invitations to groups and projects. +- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP. + + ## 13.6.6 (2021-02-01) ### Security (5 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 76e955d251d..b102cab1df4 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -88ef3e7f64498ae3574f29b0705c29cf3b4e9311 +d0a79053ba4fef55b59543b99327fc89aed64876 diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index 3da85016902..592a1a89678 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -13.16.0 +13.16.1 diff --git a/app/assets/javascripts/behaviors/shortcuts/shortcuts.js b/app/assets/javascripts/behaviors/shortcuts/shortcuts.js index 6cdf083378b..d586c0c8dd0 100644 --- a/app/assets/javascripts/behaviors/shortcuts/shortcuts.js +++ b/app/assets/javascripts/behaviors/shortcuts/shortcuts.js @@ -3,12 +3,11 @@ import Cookies from 'js-cookie'; import Mousetrap from 'mousetrap'; import Vue from 'vue'; import { flatten } from 'lodash'; -import { parseBoolean, getCspNonceValue } from '~/lib/utils/common_utils'; -import axios from '../../lib/utils/axios_utils'; -import { refreshCurrentPage, visitUrl } from '../../lib/utils/url_utility'; -import findAndFollowLink from '../../lib/utils/navigation_utility'; +import { refreshCurrentPage, visitUrl } from '~/lib/utils/url_utility'; +import findAndFollowLink from '~/lib/utils/navigation_utility'; +import { parseBoolean } from '~/lib/utils/common_utils'; + import { disableShortcuts, shouldDisableShortcuts } from './shortcuts_toggle'; -import ShortcutsToggle from './shortcuts_toggle.vue'; import { keysFor, TOGGLE_PERFORMANCE_BAR, TOGGLE_CANARY } from './keybindings'; const defaultStopCallback = Mousetrap.prototype.stopCallback; @@ -20,15 +19,6 @@ Mousetrap.prototype.stopCallback = function customStopCallback(e, element, combo return defaultStopCallback.call(this, e, element, combo); }; -function initToggleButton() { - return new Vue({ - el: document.querySelector('.js-toggle-shortcuts'), - render(createElement) { - return createElement(ShortcutsToggle); - }, - }); -} - /** * The key used to save and fetch the local Mousetrap instance * attached to a `