Skip to content
Snippets Groups Projects
Commit 0b881f91 authored by GitLab Bot's avatar GitLab Bot
Browse files

Add latest changes from gitlab-org/gitlab@master

parent 7671216b
No related branches found
No related tags found
No related merge requests found
Showing
with 104 additions and 15 deletions
Loading
Loading
@@ -9,10 +9,11 @@ Set the title to: `Description of the original issue`
## Prior to starting the security release work
 
- [ ] Read the [security process for developers] if you are not familiar with it.
- [ ] Link this issue in the Security Release issue on GitLab.com. You can find this issue in the topic of the `#releases` channel.
- [ ] Add a link to the confidential `gitlab-org/gitlab` issue describing the vulnerability next to **Original issue** in the [links table](#links).
- [ ] Add a link to the confidential `gitlab-org/gitlab` Security release issue next to **Security release issue** in the [links table](#links).
- [ ] Mark this [issue as related] to the Security Release tracking issue. You can find it on the topic of the `#releases` Slack channel.
- [ ] Run `scripts/security-harness` in your local repository to prevent accidentally pushing to any remote besides `gitlab.com/gitlab-org/security`.
- Fill out the [Links section](#links):
- [ ] Next to **Issue on GitLab**, add a link to the `gitlab-org/gitlab` issue that describes the security vulnerability.
- [ ] Next to **Security Release tracking issue**, add a link to the security release issue that will include this security issue.
 
## Development
 
Loading
Loading
@@ -29,7 +30,8 @@ After your merge request has being approved according to our [approval guideline
* You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
- [ ] Create each MR targeting the stable branch `X-Y-stable`, using the [Security Release merge request template].
* Every merge request will have its own set of TODOs, so make sure to complete those.
- [ ] Make sure all MRs are linked in the [Links section](#links)
- [ ] On the "Related merge requests" section, ensure all MRs are linked to this issue.
* This section should only list the merge requests created for this issue: One targeting `master` and the 3 backports.
 
## Documentation and final details
 
Loading
Loading
@@ -46,8 +48,8 @@ After your merge request has being approved according to our [approval guideline
 
| Description | Link |
| -------- | -------- |
| Original issue | #TODO |
| Security release issue | #TODO |
| Issue on [GitLab](https://gitlab.com/gitlab-org/gitlab/issues) | #TODO |
| Security Release tracking issue | #TODO |
| `master` MR | !TODO |
| `Backport X.Y` MR | !TODO |
| `Backport X.Y` MR | !TODO |
Loading
Loading
@@ -68,5 +70,6 @@ After your merge request has being approved according to our [approval guideline
[security Release merge request template]: https://gitlab.com/gitlab-org/security/gitlab/blob/master/.gitlab/merge_request_templates/Security%20Release.md
[code review process]: https://docs.gitlab.com/ee/development/code_review.html
[approval guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
[issue as related]: https://docs.gitlab.com/ee/user/project/issues/related_issues.html#adding-a-related-issue
 
/label ~security
Loading
Loading
@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
gem 'rails', '6.0.2'
 
gem 'bootsnap', '~> 1.4'
gem 'bootsnap', '~> 1.4.6'
 
# Improves copy-on-write performance for MRI
gem 'nakayoshi_fork', '~> 0.0.4'
Loading
Loading
Loading
Loading
@@ -123,7 +123,7 @@ GEM
binding_ninja (0.2.3)
binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1)
bootsnap (1.4.5)
bootsnap (1.4.6)
msgpack (~> 1.0)
bootstrap_form (4.2.0)
actionpack (>= 5.0)
Loading
Loading
@@ -1171,7 +1171,7 @@ DEPENDENCIES
benchmark-memory (~> 0.1)
better_errors (~> 2.5.0)
binding_of_caller (~> 0.8.0)
bootsnap (~> 1.4)
bootsnap (~> 1.4.6)
bootstrap_form (~> 4.2.0)
brakeman (~> 4.2)
browser (~> 2.5)
Loading
Loading
<script>
import { GlLoadingIcon } from '@gitlab/ui';
export default {
components: {
GlLoadingIcon,
},
props: {
canEdit: {
type: Boolean,
Loading
Loading
@@ -13,7 +18,7 @@ export default {
<div class="title hide-collapsed append-bottom-10">
{{ __('Labels') }}
<template v-if="canEdit">
<i aria-hidden="true" class="fa fa-spinner fa-spin block-loading" data-hidden="true"> </i>
<gl-loading-icon inline class="align-text-top block-loading" />
<button
type="button"
class="edit-link btn btn-blank float-right js-sidebar-dropdown-toggle"
Loading
Loading
Loading
Loading
@@ -6,8 +6,11 @@ module Releases
 
belongs_to :release
 
FILEPATH_REGEX = /\A\/([\-\.\w]+\/?)*[\da-zA-Z]+\z/.freeze
validates :url, presence: true, addressable_url: { schemes: %w(http https ftp) }, uniqueness: { scope: :release }
validates :name, presence: true, uniqueness: { scope: :release }
validates :filepath, uniqueness: { scope: :release }, format: { with: FILEPATH_REGEX }, allow_blank: true, length: { maximum: 128 }
 
scope :sorted, -> { order(created_at: :desc) }
 
Loading
Loading
Loading
Loading
@@ -31,7 +31,7 @@ class ProjectSnippetPolicy < BasePolicy
~can?(:read_all_resources))
end.prevent :read_snippet
 
rule { internal_snippet & ~is_author & ~admin }.policy do
rule { internal_snippet & ~is_author & ~admin & ~project.maintainer }.policy do
prevent :update_snippet
prevent :admin_snippet
end
Loading
Loading
@@ -42,7 +42,7 @@ class ProjectSnippetPolicy < BasePolicy
prevent :admin_snippet
end
 
rule { is_author | admin }.policy do
rule { is_author | admin | project.maintainer }.policy do
enable :read_snippet
enable :update_snippet
enable :admin_snippet
Loading
Loading
Loading
Loading
@@ -3,7 +3,7 @@
= runner_status_icon(runner)
 
- if @project_runners.include?(runner)
= link_to runner.short_sha, project_runner_path(@project, runner), class: 'commit-sha'
= link_to runner.short_sha.concat("..."), project_runner_path(@project, runner), class: 'commit-sha has-tooltip', title: _("Partial token for reference only")
 
- if runner.locked?
= icon('lock', class: 'has-tooltip', title: _('Locked to current projects'))
Loading
Loading
---
title: Add filepath to ReleaseLink
merge_request: 25512
author:
type: added
---
title: Improvement in token reference
merge_request:
author:
type: other
---
title: Add API pagination for deployed merge requests
merge_request: 25733
author:
type: performance
---
title: Fix bug deleting internal project snippets by project maintainer
merge_request: 25792
author:
type: fixed
---
title: Migrated the sidebar label select dropdown title component spinner to utilize GlLoadingIcon
merge_request: 24914
author: Raihan Kabir
type: changed
---
title: Clean stale background migration jobs
merge_request: 25707
author:
type: fixed
---
title: Upgrade to Bootsnap 1.4.6
merge_request: 25844
author:
type: performance
---
title: Add support for alert-based metric embeds in GFM
merge_request: 25075
author:
type: added
# frozen_string_literal: true
class AddFilepathToReleaseLinks < ActiveRecord::Migration[6.0]
DOWNTIME = false
def change
add_column :release_links, :filepath, :string, limit: 128
end
end
# frozen_string_literal: true
class DropActivatePrometheusServicesBackgroundJobs < ActiveRecord::Migration[6.0]
DOWNTIME = false
DROPPED_JOB_CLASS = 'ActivatePrometheusServicesForSharedClusterApplications'.freeze
QUEUE = 'background_migration'.freeze
def up
sidekiq_queues.each do |queue|
queue.each do |job|
klass, project_id, *should_be_empty = job.args
next unless klass == DROPPED_JOB_CLASS && project_id.is_a?(Integer) && should_be_empty.empty?
job.delete
end
end
end
def down
# no-op
end
def sidekiq_queues
[Sidekiq::ScheduledSet.new, Sidekiq::RetrySet.new, Sidekiq::Queue.new(QUEUE)]
end
end
Loading
Loading
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
 
ActiveRecord::Schema.define(version: 2020_02_21_105436) do
ActiveRecord::Schema.define(version: 2020_02_21_144534) do
 
# These are extensions that must be enabled in order to support this database
enable_extension "pg_trgm"
Loading
Loading
@@ -3648,6 +3648,7 @@ ActiveRecord::Schema.define(version: 2020_02_21_105436) do
t.string "name", null: false
t.datetime_with_timezone "created_at", null: false
t.datetime_with_timezone "updated_at", null: false
t.string "filepath", limit: 128
t.index ["release_id", "name"], name: "index_release_links_on_release_id_and_name", unique: true
t.index ["release_id", "url"], name: "index_release_links_on_release_id_and_url", unique: true
end
Loading
Loading
Loading
Loading
@@ -143,6 +143,7 @@ module API
success Entities::MergeRequestBasic
end
params do
use :pagination
requires :deployment_id, type: Integer, desc: 'The deployment ID'
use :merge_requests_base_params
end
Loading
Loading
@@ -153,7 +154,7 @@ module API
mr_params = declared_params.merge(deployment_id: params[:deployment_id])
merge_requests = MergeRequestsFinder.new(current_user, mr_params).execute
 
present merge_requests, { with: Entities::MergeRequestBasic, current_user: current_user }
present paginate(merge_requests), { with: Entities::MergeRequestBasic, current_user: current_user }
end
end
end
Loading
Loading
Loading
Loading
@@ -143,3 +143,5 @@ module Banzai
end
end
end
Banzai::Filter::InlineMetricsRedactorFilter.prepend_if_ee('EE::Banzai::Filter::InlineMetricsRedactorFilter')
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment