Skip to content
Snippets Groups Projects
Commit b539ac1d authored by GitLab Bot's avatar GitLab Bot
Browse files

Add latest changes from gitlab-org/gitlab@master

parent 4c016ad0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 189 additions and 145 deletions
app/assets/javascripts/lib/utils/forms.js
+ 5
1
View file @ b539ac1d
@@ -4,7 +4,11 @@ export const serializeFormEntries = entries =>
export const serializeForm = form => {
const fdata = new FormData(form);
const entries = Array.from(fdata.keys()).map(key => {
const val = fdata.getAll(key);
let val = fdata.getAll(key);
// Microsoft Edge has a bug in FormData.getAll() that returns an undefined
// value for each form element that does not match the given key:
// https://github.com/jimmywarting/FormData/issues/80
val = val.filter(n => n);
return { name: key, value: val.length === 1 ? val[0] : val };
});
 
app/controllers/boards/issues_controller.rb
+ 2
3
View file @ b539ac1d
@@ -13,7 +13,7 @@ module Boards
 
requires_cross_project_access if: -> { board&.group_board? }
 
before_action :whitelist_query_limiting, only: [:index, :update, :bulk_move]
before_action :whitelist_query_limiting, only: [:bulk_move]
before_action :authorize_read_issue, only: [:index]
before_action :authorize_create_issue, only: [:create]
before_action :authorize_update_issue, only: [:update]
@@ -130,8 +130,7 @@ module Boards
end
 
def whitelist_query_limiting
# Also see https://gitlab.com/gitlab-org/gitlab-foss/issues/42439
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42428')
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab/issues/35174')
end
 
def validate_id_list
app/serializers/issue_board_entity.rb
+ 0
1
View file @ b539ac1d
@@ -2,7 +2,6 @@
 
class IssueBoardEntity < Grape::Entity
include RequestAwareEntity
include TimeTrackableEntity
 
expose :id
expose :iid
app/views/projects/merge_requests/_how_to_merge.html.haml
+ 1
1
View file @ b539ac1d
@@ -12,8 +12,8 @@
= clipboard_button(target: "pre#merge-info-1", title: _("Copy commands"))
%pre.dark#merge-info-1
- if @merge_request.for_fork?
-# All repo/branch refs have been quoted to allow support for special characters (such as #my-branch)
:preserve
-# All repo/branch refs have been quoted to allow support for special characters (such as #my-branch)
git fetch "#{h default_url_to_repo(@merge_request.source_project)}" "#{h @merge_request.source_branch}"
git checkout -b "#{h @merge_request.source_project_path}-#{h @merge_request.source_branch}" FETCH_HEAD
- else
changelogs/unreleased/10242-move-old-vulns-api-to-vuln-findings.yml 0 → 100644
+ 5
0
View file @ b539ac1d
---
title: Rename Vulnerabilities API to Vulnerability Findings API
merge_request: 19029
author:
type: changed
changelogs/unreleased/33306-missing-field-discussions.yml 0 → 100644
+ 5
0
View file @ b539ac1d
---
title: Prevents console warning on design upload
merge_request: 19297
author:
type: fixed
changelogs/unreleased/34887-fix-prom-duplicate-metrics.yml 0 → 100644
+ 5
0
View file @ b539ac1d
---
title: Fix Prometheus duplicate metrics
merge_request: 19327
author:
type: fixed
changelogs/unreleased/sh-workaround-ms-edge-form-bug.yml 0 → 100644
+ 5
0
View file @ b539ac1d
---
title: Fix ref switcher not working on Microsoft Edge
merge_request: 19335
author:
type: fixed
config/initializers/7_prometheus_metrics.rb
+ 2
2
View file @ b539ac1d
@@ -70,8 +70,8 @@ if defined?(::Unicorn) || defined?(::Puma)
Gitlab::Metrics::Exporter::WebExporter.instance.start
end
 
Gitlab::Cluster::LifecycleEvents.on_before_phased_restart do
# We need to ensure that before we re-exec server
Gitlab::Cluster::LifecycleEvents.on_before_graceful_shutdown do
# We need to ensure that before we re-exec or shutdown server
# we do stop the exporter
Gitlab::Metrics::Exporter::WebExporter.instance.stop
end
config/initializers/validate_puma.rb 0 → 100644
+ 5
0
View file @ b539ac1d
# frozen_string_literal: true
if defined?(::Puma) && ::Puma.cli_config.options[:workers].to_i.zero?
raise 'Puma is only supported in Cluster-mode: workers > 0'
end
doc/api/api_resources.md
+ 2
1
View file @ b539ac1d
@@ -67,8 +67,9 @@ The following API resources are available in the project context:
| [Search](search.md) | `/projects/:id/search` (also available for groups and standalone) |
| [Services](services.md) | `/projects/:id/services` |
| [Tags](tags.md) | `/projects/:id/repository/tags` |
| [Visual Review discussions](visual_review_discussions.md) **(STARTER**) | `/projects/:id/merge_requests/:merge_request_id/visual_review_discussions` |
| [Vulnerabilities](vulnerabilities.md) **(ULTIMATE)** | `/projects/:id/vulnerabilities` |
| [Visual Review discussions](visual_review_discussions.md) **(STARTER**) | `/projects/:id/merge_requests/:merge_request_id/visual_review_discussions` |
| [Vulnerability Findings](vulnerability_findings.md) **(ULTIMATE)** | `/projects/:id/vulnerability_findings` |
| [Wikis](wikis.md) | `/projects/:id/wikis` |
 
## Group resources
doc/api/vulnerabilities.md
+ 1
113
View file @ b539ac1d
# Vulnerabilities API **(ULTIMATE)**
 
Every API call to vulnerabilities must be authenticated.
If a user is not a member of a project and the project is private, a `GET`
request on that project will result in a `404` status code.
CAUTION: **Caution:**
This API is in an alpha stage and considered unstable.
The response payload may be subject to change or breakage
across GitLab releases.
## Vulnerabilities pagination
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination](README.md#pagination).
## List project vulnerabilities
List all of a project's vulnerabilities.
```
GET /projects/:id/vulnerabilities
GET /projects/:id/vulnerabilities?report_type=sast
GET /projects/:id/vulnerabilities?report_type=container_scanning
GET /projects/:id/vulnerabilities?report_type=sast,dast
GET /projects/:id/vulnerabilities?scope=all
GET /projects/:id/vulnerabilities?scope=dismissed
GET /projects/:id/vulnerabilities?severity=high
GET /projects/:id/vulnerabilities?confidence=unknown,experimental
GET /projects/:id/vulnerabilities?pipeline_id=42
```
| Attribute | Type | Required | Description |
| ------------- | -------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. |
| `report_type` | string array | no | Returns vulnerabilities belonging to specified report type. Valid values: `sast`, `dast`, `dependency_scanning`, or `container_scanning`. |
| `scope` | string | no | Returns vulnerabilities for the given scope: `all` or `dismissed`. Defaults to `dismissed` |
| `severity` | string array | no | Returns vulnerabilities belonging to specified severity level: `undefined`, `info`, `unknown`, `low`, `medium`, `high`, or `critical`. Defaults to all' |
| `confidence` | string array | no | Returns vulnerabilities belonging to specified confidence level: `undefined`, `ignore`, `unknown`, `experimental`, `low`, `medium`, `high`, or `confirmed`. Defaults to all |
| `pipeline_id` | integer/string | no | Returns vulnerabilities belonging to specified pipeline. |
```bash
curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/vulnerabilities
```
Example response:
```json
[
{
"id": null,
"report_type": "dependency_scanning",
"name": "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js",
"severity": "unknown",
"confidence": "undefined",
"scanner": {
"external_id": "gemnasium",
"name": "Gemnasium"
},
"identifiers": [
{
"external_type": "gemnasium",
"external_id": "9952e574-7b5b-46fa-a270-aeb694198a98",
"name": "Gemnasium-9952e574-7b5b-46fa-a270-aeb694198a98",
"url": "https://deps.sec.gitlab.com/packages/npm/saml2-js/versions/1.5.0/advisories"
},
{
"external_type": "cve",
"external_id": "CVE-2017-11429",
"name": "CVE-2017-11429",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11429"
}
],
"project_fingerprint": "fa6f5b6c5d240b834ac5e901dc69f9484cef89ec",
"create_vulnerability_feedback_issue_path": "/tests/yarn-remediation-test/vulnerability_feedback",
"create_vulnerability_feedback_merge_request_path": "/tests/yarn-remediation-test/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "/tests/yarn-remediation-test/vulnerability_feedback",
"project": {
"id": 31,
"name": "yarn-remediation-test",
"full_path": "/tests/yarn-remediation-test",
"full_name": "tests / yarn-remediation-test"
},
"dismissal_feedback": null,
"issue_feedback": null,
"merge_request_feedback": null,
"description": "Some XML DOM traversal and canonicalization APIs may be inconsistent in handling of comments within XML nodes. Incorrect use of these APIs by some SAML libraries results in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior to cryptographically signing the SAML message. Text after the comment therefore has no impact on the signature on the SAML message.\r\n\r\nA remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.",
"links": [
{
"url": "https://github.com/Clever/saml2/commit/3546cb61fd541f219abda364c5b919633609ef3d#diff-af730f9f738de1c9ad87596df3f6de84R279"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445"
},
{
"url": "https://github.com/Clever/saml2/issues/127"
}
],
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "saml2-js"
},
"version": "1.5.0"
}
},
"solution": "Upgrade to fixed version.\r\n",
"blob_path": "/tests/yarn-remediation-test/blob/cc6c4a0778460455ae5d16ca7025ca9ca1ca75ac/yarn.lock"
}
]
```
This document was moved to [another location](vulnerability_findings.md).
doc/api/vulnerability_findings.md 0 → 100644
+ 128
0
View file @ b539ac1d
# Vulnerability Findings API **(ULTIMATE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/19029) in GitLab Ultimate 12.5.
NOTE: **Note:**
This API resource is renamed from Vulnerabilities to Vulnerability Findings because the Vulnerabilities are reserved
for serving the upcoming [Standalone Vulnerability objects](https://gitlab.com/gitlab-org/gitlab/issues/13561).
To fix any broken integrations with the former Vulnerabilities API, change the `vulnerabilities` URL part to be
`vulnerability_findings`.
Every API call to vulnerability findings must be [authenticated](README.md#authentication).
Vulnerability findings are project-bound entities. If a user is not
a member of a project and the project is private, a request on
that project will result in a `404` status code.
If a user is able to access the project but does not have permission to
[use the Project Security Dashboard](../user/permissions.md#project-members-permissions),
any request for vulnerability findings of this project will result in a `403` status code.
CAUTION: **Caution:**
This API is in an alpha stage and considered unstable.
The response payload may be subject to change or breakage
across GitLab releases.
## Vulnerability findings pagination
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination](README.md#pagination).
## List project vulnerability findings
List all of a project's vulnerability findings.
```
GET /projects/:id/vulnerability_findings
GET /projects/:id/vulnerability_findings?report_type=sast
GET /projects/:id/vulnerability_findings?report_type=container_scanning
GET /projects/:id/vulnerability_findings?report_type=sast,dast
GET /projects/:id/vulnerability_findings?scope=all
GET /projects/:id/vulnerability_findings?scope=dismissed
GET /projects/:id/vulnerability_findings?severity=high
GET /projects/:id/vulnerability_findings?confidence=unknown,experimental
GET /projects/:id/vulnerability_findings?pipeline_id=42
```
| Attribute | Type | Required | Description |
| ------------- | -------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) which the authenticated user is a member of. |
| `report_type` | string array | no | Returns vulnerability findings belonging to specified report type. Valid values: `sast`, `dast`, `dependency_scanning`, or `container_scanning`. Defaults to all. |
| `scope` | string | no | Returns vulnerability findings for the given scope: `all` or `dismissed`. Defaults to `dismissed`. |
| `severity` | string array | no | Returns vulnerability findings belonging to specified severity level: `undefined`, `info`, `unknown`, `low`, `medium`, `high`, or `critical`. Defaults to all. |
| `confidence` | string array | no | Returns vulnerability findings belonging to specified confidence level: `undefined`, `ignore`, `unknown`, `experimental`, `low`, `medium`, `high`, or `confirmed`. Defaults to all. |
| `pipeline_id` | integer/string | no | Returns vulnerability findings belonging to specified pipeline. |
```bash
curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/vulnerability_findings
```
Example response:
```json
[
{
"id": null,
"report_type": "dependency_scanning",
"name": "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js",
"severity": "unknown",
"confidence": "undefined",
"scanner": {
"external_id": "gemnasium",
"name": "Gemnasium"
},
"identifiers": [
{
"external_type": "gemnasium",
"external_id": "9952e574-7b5b-46fa-a270-aeb694198a98",
"name": "Gemnasium-9952e574-7b5b-46fa-a270-aeb694198a98",
"url": "https://deps.sec.gitlab.com/packages/npm/saml2-js/versions/1.5.0/advisories"
},
{
"external_type": "cve",
"external_id": "CVE-2017-11429",
"name": "CVE-2017-11429",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11429"
}
],
"project_fingerprint": "fa6f5b6c5d240b834ac5e901dc69f9484cef89ec",
"create_vulnerability_feedback_issue_path": "/tests/yarn-remediation-test/vulnerability_feedback",
"create_vulnerability_feedback_merge_request_path": "/tests/yarn-remediation-test/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "/tests/yarn-remediation-test/vulnerability_feedback",
"project": {
"id": 31,
"name": "yarn-remediation-test",
"full_path": "/tests/yarn-remediation-test",
"full_name": "tests / yarn-remediation-test"
},
"dismissal_feedback": null,
"issue_feedback": null,
"merge_request_feedback": null,
"description": "Some XML DOM traversal and canonicalization APIs may be inconsistent in handling of comments within XML nodes. Incorrect use of these APIs by some SAML libraries results in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior to cryptographically signing the SAML message. Text after the comment therefore has no impact on the signature on the SAML message.\r\n\r\nA remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.",
"links": [
{
"url": "https://github.com/Clever/saml2/commit/3546cb61fd541f219abda364c5b919633609ef3d#diff-af730f9f738de1c9ad87596df3f6de84R279"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445"
},
{
"url": "https://github.com/Clever/saml2/issues/127"
}
],
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "saml2-js"
},
"version": "1.5.0"
}
},
"solution": "Upgrade to fixed version.\r\n",
"blob_path": "/tests/yarn-remediation-test/blob/cc6c4a0778460455ae5d16ca7025ca9ca1ca75ac/yarn.lock"
}
]
```
lib/gitlab/ci/templates/Android-Fastlane.gitlab-ci.yml
+ 2
2
View file @ b539ac1d
@@ -113,9 +113,9 @@ promoteBeta:
promoteProduction:
extends: .promote_job
stage: production
# We only allow production promotion on the default branch because
# We only allow production promotion on `master` because
# it has its own production scoped secret variables
only:
- $CI_DEFAULT_BRANCH
- master
script:
- bundle exec fastlane promote_beta_to_production
lib/gitlab/ci/templates/Docker.gitlab-ci.yml
+ 2
2
View file @ b539ac1d
@@ -10,7 +10,7 @@ docker-build-master:
- docker build --pull -t "$CI_REGISTRY_IMAGE" .
- docker push "$CI_REGISTRY_IMAGE"
only:
- $CI_DEFAULT_BRANCH
- master
 
docker-build:
# Official docker image.
@@ -24,4 +24,4 @@ docker-build:
- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
except:
- $CI_DEFAULT_BRANCH
- master
lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
+ 9
9
View file @ b539ac1d
@@ -25,7 +25,7 @@ review:
kubernetes: active
except:
refs:
- $CI_DEFAULT_BRANCH
- master
variables:
- $REVIEW_DISABLED
 
@@ -49,7 +49,7 @@ stop_review:
kubernetes: active
except:
refs:
- $CI_DEFAULT_BRANCH
- master
variables:
- $REVIEW_DISABLED
 
@@ -74,7 +74,7 @@ staging:
url: http://$CI_PROJECT_PATH_SLUG-staging.$KUBE_INGRESS_BASE_DOMAIN
only:
refs:
- $CI_DEFAULT_BRANCH
- master
kubernetes: active
variables:
- $STAGING_ENABLED
@@ -99,7 +99,7 @@ canary:
when: manual
only:
refs:
- $CI_DEFAULT_BRANCH
- master
kubernetes: active
variables:
- $CANARY_ENABLED
@@ -127,7 +127,7 @@ production:
<<: *production_template
only:
refs:
- $CI_DEFAULT_BRANCH
- master
kubernetes: active
except:
variables:
@@ -142,7 +142,7 @@ production_manual:
allow_failure: false
only:
refs:
- $CI_DEFAULT_BRANCH
- master
kubernetes: active
variables:
- $STAGING_ENABLED
@@ -152,7 +152,7 @@ production_manual:
- $INCREMENTAL_ROLLOUT_ENABLED
- $INCREMENTAL_ROLLOUT_MODE
 
# This job implements incremental rollout for every push to the default branch.
# This job implements incremental rollout on for every push to `master`.
 
.rollout: &rollout_template
extends: .auto-deploy
@@ -179,7 +179,7 @@ production_manual:
# This selectors are backward compatible mode with $INCREMENTAL_ROLLOUT_ENABLED (before 11.4)
only:
refs:
- $CI_DEFAULT_BRANCH
- master
kubernetes: active
variables:
- $INCREMENTAL_ROLLOUT_MODE == "manual"
@@ -194,7 +194,7 @@ production_manual:
start_in: 5 minutes
only:
refs:
- $CI_DEFAULT_BRANCH
- master
kubernetes: active
variables:
- $INCREMENTAL_ROLLOUT_MODE == "timed"
lib/gitlab/ci/templates/Julia.gitlab-ci.yml
+ 1
1
View file @ b539ac1d
@@ -64,7 +64,7 @@ pages:
paths:
- public
only:
- $CI_DEFAULT_BRANCH
- master
 
# WARNING: This template is using the `julia` images from [Docker
# Hub][3]. One can use custom Julia images and/or the official ones found
lib/gitlab/ci/templates/Maven.gitlab-ci.yml
+ 4
4
View file @ b539ac1d
@@ -6,7 +6,7 @@
# This template will build and test your projects
# * Caches downloaded dependencies and plugins between invocation.
# * Verify but don't deploy merge requests.
# * Deploy built artifacts from the default branch only.
# * Deploy built artifacts from master branch only.
 
variables:
# This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
@@ -33,7 +33,7 @@ cache:
script:
- 'mvn $MAVEN_CLI_OPTS verify'
except:
- $CI_DEFAULT_BRANCH
- master
 
# Verify merge requests using JDK8
verify:jdk8:
@@ -42,7 +42,7 @@ verify:jdk8:
# To deploy packages from CI, create a ci_settings.xml file
# For deploying packages to GitLab's Maven Repository: See https://docs.gitlab.com/ee/user/project/packages/maven_repository.html#creating-maven-packages-with-gitlab-cicd for more details.
# Please note: The GitLab Maven Repository is currently only available in GitLab Premium / Ultimate.
# For the default branch run `mvn deploy` automatically.
# For `master` branch run `mvn deploy` automatically.
deploy:jdk8:
stage: deploy
script:
@@ -51,4 +51,4 @@ deploy:jdk8:
fi
- 'mvn $MAVEN_CLI_OPTS deploy -s ci_settings.xml'
only:
- $CI_DEFAULT_BRANCH
- master
lib/gitlab/ci/templates/Mono.gitlab-ci.yml
+ 1
1
View file @ b539ac1d
@@ -25,7 +25,7 @@ before_script:
release:
stage: deploy
only:
- $CI_DEFAULT_BRANCH
- master
artifacts:
paths:
- build/release/MyProject.exe
lib/gitlab/ci/templates/OpenShift.gitlab-ci.yml
+ 4
4
View file @ b539ac1d
@@ -49,7 +49,7 @@ review:
only:
- branches
except:
- $CI_DEFAULT_BRANCH
- master
 
stop-review:
<<: *deploy
@@ -66,7 +66,7 @@ stop-review:
only:
- branches
except:
- $CI_DEFAULT_BRANCH
- master
 
staging:
<<: *deploy
@@ -78,7 +78,7 @@ staging:
name: staging
url: http://$CI_PROJECT_NAME-staging.$OPENSHIFT_DOMAIN
only:
- $CI_DEFAULT_BRANCH
- master
 
production:
<<: *deploy
@@ -91,4 +91,4 @@ production:
name: production
url: http://$CI_PROJECT_NAME.$OPENSHIFT_DOMAIN
only:
- $CI_DEFAULT_BRANCH
- master
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment