Add latest changes from gitlab-org/gitlab@12-6-stable-ee

.eslintrc.yml

 extends:
   - '@gitlab'
   - plugin:promise/recommended
+  - plugin:no-jquery/slim
+  - plugin:no-jquery/deprecated-3.4
 globals:
   __webpack_public_path__: true
   gl: false
@@ -30,7 +32,13 @@ rules:
   no-else-return:
     - error
     - allowElseIf: true
+  import/no-unresolved:
+    - error
+    - ignore:
+        # https://gitlab.com/gitlab-org/gitlab/issues/38226
+        - '^ee_component/'
   import/no-useless-path-segments: off
+  import/order: off
   lines-between-class-members: off
   # Disabled for now, to make the plugin-vue 4.5 -> 5.0 update smoother
   vue/no-confusing-v-for-v-if: error
@@ -38,11 +46,13 @@ rules:
   vue/no-use-v-if-with-v-for: off
   vue/no-v-html: off
   vue/use-v-on-exact: off
-  no-jquery/no-ajax: error
-  no-jquery/no-ajax-events: error
-  no-jquery/no-load: error
-  no-jquery/no-load-shorthand: error
+  no-jquery/no-animate: off
+  # all offenses of no-jquery/no-animate-toggle are false positives ( $toast.show() )
+  no-jquery/no-animate-toggle: off
+  no-jquery/no-event-shorthand: off
+  no-jquery/no-fade: off
   no-jquery/no-serialize: error
+  no-jquery/no-sizzle: off
   promise/always-return: off
   promise/no-callback-in-promise: off
 overrides:

.gitattributes

 VERSION merge=ours
 Dangerfile gitlab-language=ruby
+*.pdf filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -66,7 +66,7 @@ eslint-report.html
 /vendor/gitaly-ruby
 /builds*
 /.gitlab_workhorse_secret
-/.gitlab_pages_shared_secret
+/.gitlab_pages_secret
 /webpack-report/
 /knapsack/
 /rspec_flaky/
@@ -84,3 +84,4 @@ jsdoc/
 .overcommit.yml
 .projections.json
 /qa/.rakeTasks
+webpack-dev-server.json

.gitlab-ci.yml

-image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33"
+image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33"
 stages:
   - sync
   - prepare
   - quick-test
   - test
+  - post-test
   - review-prepare
   - review
   - qa
-  - post-test
+  - post-qa
+  - notification
   - pages
 variables:
   RAILS_ENV: "test"
   NODE_ENV: "test"
   SIMPLECOV: "true"
-  GIT_DEPTH: "50"
+  GIT_DEPTH: "20"
   GIT_SUBMODULE_STRATEGY: "none"
   GET_SOURCES_ATTEMPTS: "3"
   KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
   FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json
   BUILD_ASSETS_IMAGE: "false"
   ES_JAVA_OPTS: "-Xms256m -Xmx256m"
-  ELASTIC_URL: "http://elastic:changeme@docker.elastic.co-elasticsearch-elasticsearch:9200"
+  ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
 after_script:
   - date
 include:
+  - local: .gitlab/ci/cache-repo.gitlab-ci.yml
   - local: .gitlab/ci/cng.gitlab-ci.yml
   - local: .gitlab/ci/docs.gitlab-ci.yml
   - local: .gitlab/ci/frontend.gitlab-ci.yml
   - local: .gitlab/ci/global.gitlab-ci.yml
   - local: .gitlab/ci/memory.gitlab-ci.yml
+  - local: .gitlab/ci/notifications.gitlab-ci.yml
   - local: .gitlab/ci/pages.gitlab-ci.yml
   - local: .gitlab/ci/qa.gitlab-ci.yml
   - local: .gitlab/ci/reports.gitlab-ci.yml

.gitlab/ci/cache-repo.gitlab-ci.yml

+# Builds a cached .tar.gz of the master branch with full history and
+# uploads it to Google Cloud Storage. This archive is downloaded by a
+# script defined by a CI/CD variable named CI_PRE_CLONE_SCRIPT. This has
+# two benefits:
+#
+# 1. It speeds up builds. A 800 MB download only takes seconds.
+# 2. It significantly reduces load on the file server. Smaller deltas
+#    means less time spent in git pack-objects.
+#
+# Since the destination directory of the archive depends on the project
+# ID, this is only run on GitLab.com.
+#
+# CI_REPO_CACHE_CREDENTIALS contains the Google Cloud service account
+# JSON for uploading to the gitlab-ci-git-repo-cache bucket. These
+# credentials are stored in the Production vault.
+#
+# Note that this bucket should be located in the same continent as the
+# runner, or network egress charges will apply:
+# https://cloud.google.com/storage/pricing
+cache-repo:
+  extends:
+    - .only:variables_refs-canonical-dot-com-schedules
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  stage: sync
+  allow_failure: true
+  variables:
+    GIT_DEPTH: 0
+    TAR_FILENAME: /tmp/gitlab-master.tar
+  script:
+    - gcloud auth activate-service-account --key-file=$CI_REPO_CACHE_CREDENTIALS
+    - tar cf $TAR_FILENAME .
+    - gzip $TAR_FILENAME
+    - gsutil cp $TAR_FILENAME.gz gs://gitlab-ci-git-repo-cache/project-$CI_PROJECT_ID/gitlab-master.tar.gz

.gitlab/ci/docs.gitlab-ci.yml

@@ -24,7 +24,8 @@
     - apk add --update openssl
     - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/trigger-build-docs
     - chmod 755 trigger-build-docs
-    - gem install gitlab --no-document
+    - gem install httparty --no-document --version 0.17.3
+    - gem install gitlab --no-document --version 4.13.0
 # Always trigger a docs build in gitlab-docs only on docs-only branches.
 # Useful to preview the docs changes live.

.gitlab/ci/frontend.gitlab-ci.yml

@@ -13,7 +13,7 @@
     - .default-before_script
     - .assets-compile-cache
     - .only:changes-code-backstage-qa
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-git-2.22-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-18.06.1
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-19.03.1
   stage: test
   dependencies: ["setup-test-env"]
   needs: ["setup-test-env"]
@@ -74,7 +74,6 @@ gitlab:assets:compile pull-cache:
     - .default-before_script
     - .assets-compile-cache
     - .only:changes-code-backstage-qa
-    - .use-pg9
   stage: prepare
   script:
     - node --version
@@ -83,6 +82,7 @@ gitlab:assets:compile pull-cache:
     - retry bundle exec rake gitlab:assets:compile
     - scripts/clean-old-cached-assets
   variables:
+    SETUP_DB: "false"
     # we override the max_old_space_size to prevent OOM errors
     NODE_OPTIONS: --max_old_space_size=3584
   cache:
@@ -244,6 +244,12 @@ webpack-dev-server:
   dependencies: ["setup-test-env", "compile-assets pull-cache"]
   variables:
     WEBPACK_MEMORY_TEST: "true"
+    WEBPACK_VENDOR_DLL: "true"
   script:
-    - node --version
+    - yarn webpack-vendor
     - node --expose-gc node_modules/.bin/webpack-dev-server --config config/webpack.config.js
+  artifacts:
+    name: webpack-dev-server
+    expire_in: 31d
+    paths:
+      - webpack-dev-server.json

.gitlab/ci/global.gitlab-ci.yml

@@ -93,7 +93,7 @@
   - "config.ru"
   - "{package.json,yarn.lock}"
   - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
-  - "doc/api/graphql/**/*"
+  - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
 .backstage-patterns: &backstage-patterns
   - "Dangerfile"
@@ -139,7 +139,7 @@
       - "config.ru"
       - "{package.json,yarn.lock}"
       - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
-      - "doc/api/graphql/**/*"
+      - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
       # Backstage changes
       - "Dangerfile"
       - "danger/**/*"
@@ -163,7 +163,7 @@
       - "config.ru"
       - "{package.json,yarn.lock}"
       - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
-      - "doc/api/graphql/**/*"
+      - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
       # QA changes
       - ".dockerignore"
       - "qa/**/*"
@@ -183,7 +183,7 @@
       - "config.ru"
       - "{package.json,yarn.lock}"
       - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
-      - "doc/api/graphql/**/*"
+      - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
       # Backstage changes
       - "Dangerfile"
       - "danger/**/*"
@@ -202,7 +202,7 @@
     - name: redis:alpine
 .use-pg10:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
   services:
     - name: postgres:10.9
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -213,15 +213,15 @@
     - name: postgres:9.6
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
     - name: redis:alpine
-    - name: docker.elastic.co/elasticsearch/elasticsearch:5.6.12
+    - name: elasticsearch:5.6.12
 .use-pg10-ee:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
   services:
     - name: postgres:10.9
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
     - name: redis:alpine
-    - name: docker.elastic.co/elasticsearch/elasticsearch:5.6.12
+    - name: elasticsearch:5.6.12
 .only-ee:
   only:

.gitlab/ci/notifications.gitlab-ci.yml

+.notify:
+  image: ruby:2.6-alpine
+  stage: notification
+  dependencies: []
+  cache: {}
+  before_script:
+    - apk update && apk add git curl bash
+    - source scripts/utils.sh
+    - source scripts/notifications.sh
+    - install_gitlab_gem
+  variables:
+    COMMIT_NOTES_URL: "https://${CI_SERVER_HOST}/${CI_PROJECT_PATH}/commit/${CI_COMMIT_SHA}#notes-list"
+
+schedule:package-and-qa:notify-failure:
+  extends:
+    - .only:variables_refs-canonical-dot-com-schedules
+    - .notify
+  script:
+    - 'export NOTIFICATION_MESSAGE=":skull_and_crossbones: Scheduled QA against master failed! :skull_and_crossbones: See ${CI_PIPELINE_URL}. For downstream pipelines, see ${COMMIT_NOTES_URL}"'
+    - 'notify_on_job_failure schedule:package-and-qa qa-master "${NOTIFICATION_MESSAGE}" ci_failing'
+  needs: ["schedule:package-and-qa"]
+  allow_failure: true
+  when: always

.gitlab/ci/releases.gitlab-ci.yml

 ---
-# Syncs any changes pushed to a stable branch to the corresponding CE stable
-# branch. We run this prior to any tests so that random failures don't prevent a
-# sync.
-sync-stable-branch:
+# Syncs any changes pushed to a stable branch to the corresponding
+# gitlab-foss/CE stable branch. We run this prior to any tests so that random
+# failures don't prevent a sync.
+.merge-train-sync:
   # We don't need/want any global before/after commands, so we overwrite these
   # settings.
   image: alpine:edge
   stage: sync
-  # This job should only run on EE stable branches on the canonical GitLab.com
-  # repository.
-  only:
-    variables:
-      - $CI_SERVER_HOST == "gitlab.com"
-    refs:
-      - /^[\d-]+-stable-ee$/@gitlab-org/gitlab
   before_script:
     - apk add --no-cache --update curl bash
   after_script: []
   script:
     - bash scripts/sync-stable-branch.sh
+  only:
+    variables:
+      - $CI_SERVER_HOST == "gitlab.com"
+
+sync-stable-branch:
+  extends: .merge-train-sync
+  variables:
+    SOURCE_PROJECT: gitlab-org/gitlab
+    TARGET_PROJECT: gitlab-org/gitlab-foss
+  only:
+    refs:
+      - /^[\d-]+-stable-ee$/@gitlab-org/gitlab
+
+sync-security-branch:
+  extends: .merge-train-sync
+  variables:
+    SOURCE_PROJECT: gitlab-org/security/gitlab
+    TARGET_PROJECT: gitlab-org/security/gitlab-foss
+  only:
+    refs:
+      - /^[\d-]+-stable-ee$/@gitlab-org/security/gitlab

.gitlab/ci/reports.gitlab-ci.yml

@@ -20,6 +20,7 @@ code_quality:
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
+    CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/security-products/codequality:12-5-stable"
   script:
     - |
       if ! docker info &>/dev/null; then
@@ -27,14 +28,17 @@ code_quality:
           export DOCKER_HOST='tcp://localhost:2375'
         fi
       fi
+    - docker pull --quiet "$CODE_QUALITY_IMAGE"
     - docker run
         --env SOURCE_CODE="$PWD"
         --volume "$PWD":/code
         --volume /var/run/docker.sock:/var/run/docker.sock
-        "registry.gitlab.com/gitlab-org/security-products/codequality:12-0-stable" /code
+        "$CODE_QUALITY_IMAGE" /code
   artifacts:
     reports:
       codequality: gl-code-quality-report.json
+    paths:
+      - gl-code-quality-report.json
     expire_in: 1 week
   dependencies: []
   except:
@@ -165,7 +169,6 @@ dependency_scanning:
           DS_ANALYZER_IMAGE_TAG \
           DS_DEFAULT_ANALYZERS \
           DS_EXCLUDED_PATHS \
-          DEP_SCAN_DISABLE_REMOTE_CHECKS \
           DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
           DS_PULL_ANALYZER_IMAGE_TIMEOUT \
           DS_RUN_ANALYZER_TIMEOUT \
@@ -231,9 +234,3 @@ dast:
       - gl-dast-report.json
     reports:
       dast: gl-dast-report.json
-  only:
-    variables:
-      - $GITLAB_FEATURES =~ /\bdast\b/
-  except:
-    variables:
-      - $DAST_DISABLED

.gitlab/ci/review.gitlab-ci.yml

@@ -23,8 +23,10 @@ build-qa-image:
   stage: prepare
   script:
     - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"'
+    - export QA_MASTER_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:master"
     - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}"
-    - time docker build --cache-from gitlab/gitlab-${GITLAB_EDITION}-qa:nightly --tag ${QA_IMAGE} --file ./qa/Dockerfile ./
+    - time docker pull "${QA_MASTER_IMAGE}"
+    - time docker build --cache-from "${QA_MASTER_IMAGE}" --tag ${QA_IMAGE} --file ./qa/Dockerfile ./
     - echo "${CI_JOB_TOKEN}" | docker login --username gitlab-ci-token --password-stdin ${CI_REGISTRY}
     - time docker push ${QA_IMAGE}
@@ -94,10 +96,7 @@ schedule:review-build-cng:
   variables:
     HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
     DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
-    # v2.4.4 + two improvements:
-    # - Allow to pass an EE license when installing the chart: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests/1008
-    # - Allow to customize the livenessProbe for `gitlab-shell`: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests/1021
-    GITLAB_HELM_CHART_REF: "6c655ed77e60f1f7f533afb97bef8c9cb7dc61eb"
+    GITLAB_HELM_CHART_REF: "v2.5.1"
     GITLAB_EDITION: "ce"
   environment:
     name: review/${CI_COMMIT_REF_NAME}
@@ -135,13 +134,11 @@ review-deploy:
     - .review-deploy-base
     - .only-review
     - .only:changes-code-qa
-  needs: ["review-build-cng"]
 schedule:review-deploy:
   extends:
     - .review-deploy-base
     - .only-review-schedules
-  needs: ["schedule:review-build-cng"]
 .base-review-stop:
   extends:
@@ -280,7 +277,7 @@ parallel-spec-reports:
     - .only-review
     - .only:changes-code-qa
   image: ruby:2.6-alpine
-  stage: post-test
+  stage: post-qa
   dependencies: ["review-qa-all"]
   variables:
     NEW_PARALLEL_SPECS_REPORT: qa/report-new.html

.gitlab/issue_templates/Productivity Improvement.md

+## What is the productivity problem to solve?
+
+<!--
+Please describe the productivity problem that needs to be solved backed by charts from
+https://about.gitlab.com/handbook/engineering/quality/engineering-productivity-team/#engineering-productivity-team-metrics.
+-->
+
+### Problem identification checklist
+
+- [ ] The root cause of the problem is identified.
+- [ ] The surface of the problem is as small as possible.
+
+## What are the potential solutions?
+
+<!--
+Please provide potential solutions here. Example solutions could be:
+
+- Dogfood a feature.
+- Refactor/improve some workflow code.
+- Throw more money at the problem.
+
+Please provide pros/cons and a weight estimate for each solution.
+-->
+
+- [ ] All potential solutions are listed.
+- [ ] A solution has been chosen for the first iteration: `PUT THE CHOSEN SOLUTION HERE`
+
+## Who and when will the solution be implemented?
+
+<!--
+For history reason, please list the person that will implement the solution and
+the planned milestone/date.
+-->
+
+## Verify that the solution has improved the situation
+
+<!--
+Ideally, looking at the charts from the first part, we should see an improvement
+after the implementation is merged/deployed/released.
+-->
+
+- [ ] The solution improved the situation.
+  - If yes, check this box and close the issue. Well done! :tada:
+  - Otherwise, create a new "Productivity Improvement" issue. You can re-use the description from this issue, but obviously another solution should be chosen this time.
+
+/label ~"Engineering Productivity" ~meta
+/cc @gl-quality/eng-prod

.haml-lint_todo.yml

@@ -411,6 +411,7 @@ linters:
       - 'app/views/shared/snippets/_snippet.html.haml'
       - 'app/views/shared/tokens/_scopes_list.html.haml'
       - 'app/views/shared/web_hooks/_form.html.haml'
+      - 'app/views/shared/web_hooks/_hook.html.haml'
       - 'app/views/shared/web_hooks/_test_button.html.haml'
       - 'app/views/u2f/_authenticate.html.haml'
       - 'app/views/u2f/_register.html.haml'
@@ -442,7 +443,7 @@ linters:
       - 'ee/app/views/groups/epics/_epic.html.haml'
       - 'ee/app/views/groups/group_members/_ldap_sync.html.haml'
       - 'ee/app/views/groups/group_members/_sync_button.html.haml'
-      - 'ee/app/views/groups/hooks/_project_hook.html.haml'
+      - 'ee/app/views/groups/hooks/edit.html.haml'
       - 'ee/app/views/groups/hooks/index.html.haml'
       - 'ee/app/views/groups/ldap_group_links/index.html.haml'
       - 'ee/app/views/groups/pipeline_quota/index.html.haml'

.markdownlint.json

@@ -26,5 +26,102 @@
   "first-line-h1": false,
   "code-block-style": {
     "style": "fenced"
+  },
+  "proper-names": {
+    "names": [
+      "Akismet",
+      "Alertmanager",
+      "API",
+      "Asana",
+      "Auth0",
+      "Authentiq",
+      "Azure",
+      "Bamboo",
+      "Bitbucket",
+      "Bugzilla",
+      "CAS",
+      "CentOS",
+      "Consul",
+      "Debian",
+      "Elasticsearch",
+      "Facebook",
+      "Git LFS",
+      "git-annex",
+      "Git",
+      "Gitaly",
+      "GitHub",
+      "GitLab Geo",
+      "GitLab Monitor",
+      "GitLab Operator",
+      "GitLab Pages",
+      "GitLab Rails",
+      "GitLab Runner",
+      "GitLab Shell",
+      "GitLab Workhorse",
+      "GitLab",
+      "Gmail",
+      "Google",
+      "Grafana",
+      "Helm",
+      "HipChat",
+      "Ingress",
+      "jasmine-jquery",
+      "JavaScript",
+      "Jaeger",
+      "Jenkins",
+      "Jira",
+      "Jira Cloud",
+      "Jira Server",
+      "jQuery",
+      "JupyterHub",
+      "Karma",
+      "Kerberos",
+      "Knative",
+      "Kubernetes",
+      "LDAP",
+      "Let's Encrypt",
+      "Markdown",
+      "markdownlint",
+      "Mattermost",
+      "Microsoft",
+      "MinIO",
+      "NGINX Ingress",
+      "NGINX",
+      "OAuth",
+      "OAuth 2",
+      "OmniAuth",
+      "Omnibus GitLab",
+      "OpenID",
+      "OpenShift",
+      "PgBouncer",
+      "PostgreSQL",
+      "Prometheus",
+      "Puma",
+      "Python",
+      "Redis",
+      "Redmine",
+      "reCAPTCHA",
+      "runit",
+      "Salesforce",
+      "SAML",
+      "Sentry",
+      "Sidekiq",
+      "Shibboleth",
+      "Slack",
+      "SMTP",
+      "SSH",
+      "Tiller",
+      "Trello",
+      "Trello Power-Ups",
+      "TypeScript",
+      "Twitter",
+      "Ubuntu",
+      "Ultra Auth",
+      "Unicorn",
+      "unicorn-worker-killer",
+      "WebdriverIO",
+      "YouTrack"
+    ],
+    "code_blocks": false
   }
 }

.nvmrc

-12.4.0
+12.10.0

.rubocop.yml

@@ -56,7 +56,6 @@ Style/FrozenStringLiteralComment:
     - 'qa/**/*'
     - 'rubocop/**/*'
     - 'scripts/**/*'
-    - 'spec/lib/gitlab/**/*'
 RSpec/FilePath:
   Exclude:

CHANGELOG-EE.md

@@ -22,10 +22,6 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Geo - Does not schedule duplicated jobs while backfilling uploads, LFS objects and job artifacts. !20324
-## 12.5.2
-
-- No changes.
-
 ## 12.5.1
 ### Security (6 changes)
@@ -124,6 +120,18 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Remove IIFEs from jira_connect.js file. !19248 (nuwe1)
+## 12.4.5
+
+- No changes.
+
+## 12.4.3
+
+### Fixed (2 changes)
+
+- Fix admin welcome image not found. !19676
+- Revert ES support for public/internal project snippets. !19715
+
+
 ## 12.4.2
 ### Fixed (1 change)
@@ -254,6 +262,25 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Docs for protected branch code owner approval API. !17132
+## 12.3.9
+
+### Security (1 change)
+
+- Fix stale Elasticsearch permissions when moving group from public group to private parent group.
+
+
+## 12.3.7
+
+### Security (6 changes)
+
+- Protect Jira integration endpoints from guest users.
+- Fix private comment Elasticsearch leak on project search scope.
+- Filter snippet search results by feature visibility.
+- Hide AWS secret on Admin Integration page.
+- Fail pull mirror when mirror user is blocked.
+- Prevent IDOR when adding users to protected environments.
+
+
 ## 12.3.4
 ### Fixed (2 changes)
@@ -457,6 +484,13 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Fixes style-lint errors and warnings for EE builds.scss file.
+## 12.2.11
+
+### Fixed (1 change)
+
+- Backport the new reliable fetcher. !21198
+
+
 ## 12.2.8
 ### Fixed (1 change)
@@ -805,6 +839,21 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Don't send CI usage email notifications for self-hosted instances. !14809
+## 12.0.12
+
+### Fixed (1 change)
+
+- Backport the new reliable fetcher to 12.0.9. !20532
+
+
+## 12.0.10
+
+- No changes.
+### Fixed (1 change)
+
+- Backport the new reliable fetcher to 12.0.9. !20532
+
+
 ## 12.0.7
 ### Security (3 changes)

CHANGELOG.md

@@ -4,7 +4,6 @@ entry.
 ## 12.5.5
-- No changes.
 ### Security (1 change)
 - Upgrade Akismet gem to v3.0.0. !21786
@@ -36,13 +35,6 @@ entry.
 - Flatten exception details in API and controller logs. !20434
-## 12.5.2
-
-### Security (1 change)
-
-- Fix 500 error caused by invalid byte sequences in links.
-
-
 ## 12.5.1
 ### Security (11 changes)
@@ -411,6 +403,18 @@ entry.
 - Change selects from default browser style to custom style.
+## 12.4.5
+
+- No changes.
+
+## 12.4.3
+
+### Fixed (2 changes)
+
+- Only enable protected paths for POST requests. !19184
+- Fix Bitbucket Cloud importer pull request state. !19734
+
+
 ## 12.4.2
 ### Fixed (10 changes)
@@ -771,6 +775,31 @@ entry.
 - Remove Postgresql specific setup tasks and move to schema.rb.
+## 12.3.9
+
+### Security (1 change)
+
+- Update maven_file_name_regex for full string match.
+
+
+## 12.3.7
+
+### Security (12 changes)
+
+- Do not create todos for approvers without access. !1442
+- Limit potential for DNS rebind SSRF in chat notifications.
+- Encrypt application setting tokens.
+- Update Workhorse and Gitaly to fix a security issue.
+- Add maven file_name regex validation on incoming files.
+- Hide commit counts from guest users in Cycle Analytics.
+- Check permissions before showing a forked project's source.
+- Fix 500 error caused by invalid byte sequences in links.
+- Ensure are cleaned by ImportExport::AttributeCleaner.
+- Remove notes regarding Related Branches from Issue activity feeds for guest users.
+- Escape namespace in label references to prevent XSS.
+- Add authorization to using filter vulnerable in Dependency List.
+
+
 ## 12.3.4
 ### Fixed (2 changes)
@@ -1076,6 +1105,10 @@ entry.
 - Updates tooltip of 'detached' label/state.
+## 12.2.11
+
+- No changes.
+
 ## 12.2.8
 ### Security (1 change)
@@ -1790,6 +1823,15 @@ entry.
 - Removes EE differences for app/views/admin/users/show.html.haml.
+## 12.0.12
+
+- No changes.
+
+## 12.0.10
+
+- No changes.
+- No changes.
+
 ## 12.0.7
 ### Security (22 changes)

Dangerfile

@@ -5,6 +5,7 @@ require_relative 'lib/gitlab/danger/request_helper'
 danger.import_plugin('danger/plugins/helper.rb')
 danger.import_plugin('danger/plugins/roulette.rb')
+danger.import_plugin('danger/plugins/changelog.rb')
 unless helper.release_automation?
   GitlabDanger.new(helper.gitlab_helper).rule_names.each do |file|