Add latest changes from gitlab-org/gitlab@12-8-stable-ee

.gitlab/ci/yaml.gitlab-ci.yml

@@ -4,10 +4,7 @@ lint-ci-gitlab:
   extends:
     - .default-tags
     - .default-retry
-    - .default-only
-  only:
-    changes:
-      - "**/*.yml"
+    - .yaml:rules
   image: sdesbure/yamllint:latest
   dependencies: []
   variables:

.gitlab/issue_templates/Coding style proposal.md

-## Description of the proposal
-
-<!--
-Please describe the proposal and add a link to the source (for example, http://www.betterspecs.org/).
--->
-
-- [ ] Mention the proposal in the next backend weekly call and the #backend channel to encourage contribution
-- [ ] Proceed with the proposal once 50% of the maintainers have weighed in, and 80% of their votes are :+1:
-- [ ] Once approved, mention it again in the next backend weekly call and the #backend channel
-
-
-/label ~"development guidelines"
-/label ~"Style decision"
-/label ~documentation
-
-/cc @gitlab-org/maintainers/rails-backend

.gitlab/issue_templates/Feature proposal.md

@@ -36,15 +36,24 @@ Personas are described at https://about.gitlab.com/handbook/marketing/product-ma
 Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
 If this feature requires changing permissions, this document https://docs.gitlab.com/ee/user/permissions.html must be updated accordingly. -->
-### Testing
-<!-- What risks does this change pose? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? See the test engineering process for further help: https://about.gitlab.com/handbook/engineering/quality/test-engineering/ -->
+### Availability & Testing
+<!-- This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier.
+
+ What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing?
+
+Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance.
+* Unit test changes
+* Integration test changes
+* End-to-end test change
+
+See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance: https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-planning -->
 ### What does success look like, and how can we measure that?
 <!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. -->
-### What is the type of buyer? 
+### What is the type of buyer?
 <!-- Which leads to: in which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers -->

.gitlab/issue_templates/QA failure.md

+<!---
+Before opening a new QA failure issue, make sure to first search for it in the
+QA failures board: https://gitlab.com/groups/gitlab-org/-/boards/1385578
+
+The issue should have the following:
+
+- The relative path of the failing spec file in the title, e.g. if the login
+  test fails, include `qa/specs/features/browser_ui/1_manage/login/log_in_spec.rb` in the title.
+  This is required so that existing issues can easily be found by searching for the spec file.
+- If the issue is about multiple test failures, include the path for each failing spec file in the description.
+- A link to the failing job.
+- The stack trace from the job's logs in the "Stack trace" section below.
+- A screenshot (if available), and HTML capture (if available), in the "Screenshot / HTML page" section below.
+--->
+
+### Summary
+
+
+
+### Stack trace
+
+```
+PUT STACK TRACE HERE
+```
+
+### Screenshot / HTML page
+
+<!--
+Attach the screenshot and HTML snapshot of the page from the job's artifacts:
+1. Download the job's artifacts and unarchive them.
+1. Open the `gitlab-qa-run-2020-*/gitlab-{ce,ee}-qa-*/{,ee}/{api,browser_ui}/<path to failed test>` folder.
+1. Select the `.png` and `.html` files that appears in the job logs (look for `HTML screenshot: /path/to/html/page.html` / `Image screenshot: `/path/to/html/page.png`).
+1. Drag and drop them here.
+-->
+
+### Possible fixes
+
+
+<!-- Default due date. -->
+/due in 2 weeks
+
+<!-- Base labels. -->
+/label ~Quality ~QA ~bug ~S1
+
+<!--
+Choose the stage that appears in the test path, e.g. ~"devops::create" for
+`qa/specs/features/browser_ui/3_create/web_ide/add_file_template_spec.rb`.
+-->
+/label ~devops::
+
+<!--
+Select a label for where the failure was found, e.g. if the failure occurred in
+a nightly pipeline, select ~"found:nightly".
+-->
+/label ~found:
+
+<!--
+https://about.gitlab.com/handbook/engineering/quality/guidelines/#priorities:
+- ~P1: Tests that are needed to verify fundamental GitLab functionality.
+- ~P2: Tests that deal with external integrations which may take a longer time to debug and fix.
+-->
+/label ~P
+
+<!-- Select the current milestone if ~P1 or the next milestone if ~P2. -->
+/milestone %

.gitlab/issue_templates/Security Release.md

@@ -16,37 +16,27 @@ Set the title to: `Security Release: 12.2.X, 12.1.X, and 12.0.X`
 * 12.1.X: {release task link}
 * 12.0.X: {release task link}
-## Security Issues:
-* {https://gitlab.com/gitlab-org/gitlab/issues link}
-
-## Security Issues in dev.gitlab.org:
-
-### CE
-
-- {https://dev.gitlab.org/gitlab/gitlabhq/issues link}
+## Issues in GitLab Security
+* {https://gitlab.com/gitlab-org/security/gitlab/issues/ link}
 | Version | MR |
 |---------|----|
-| 12.2 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
-| 12.1 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
-| 12.0 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
-| master | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
-
-### EE
-
-* {https://dev.gitlab.org/gitlab/gitlabhq/issues/ link}
-
+| 12.2 | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
+| 12.1 | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
+| 12.0 | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
+| master | {https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests link} |
+## Issues in Omnibus-GitLab
+* {https://gitlab.com/gitlab-org/security/gitlab/issues/ link}
 | Version | MR |
 |---------|----|
-| 12.2 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
-| 12.1 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
-| 12.0 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
-| master | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
-
+| 12.2 | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
+| 12.1 | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
+| 12.0 | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
+| master | {https://dev.gitlab.org/gitlab/omnibus-gitlab/merge_requests/ link} |
 ## QA
 {QA issue link}
@@ -54,7 +44,7 @@ Set the title to: `Security Release: 12.2.X, 12.1.X, and 12.0.X`
 ## Blog post
 Dev: {https://dev.gitlab.org/gitlab/www-gitlab-com/merge_requests/ link}<br/>
-gitlab.com: {https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/ link}
+GitLab.com: {https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/ link}
 ## Email notification
 {https://gitlab.com/gitlab-com/marketing/general/issues/ link}

.gitlab/merge_request_templates/New static analysis check.md

+## Description of the proposal
+
+<!--
+Please describe the proposal and add a link to the source (for example, http://www.betterspecs.org/).
+-->
+
+### Check-list
+
+- [ ] Make sure this MR enables a static analysis check rule for new usage but
+  ignores current offenses
+- [ ] Create a follow-up issue to fix the current offenses as a separate iteration: ISSUE_LINK
+- [ ] Mention this proposal in the relevant Slack channels (e.g. `#development`, `#backend`, `#frontend`)
+- [ ] If there is a choice to make between two potential styles, set up an emoji vote in the MR:
+  - CHOICE_A: :a:
+  - CHOICE_B: :b:
+  - Vote yourself for both choices so that people know these are the choices
+- [ ] The MR doesn't have significant objections, and is getting a majority of :+1: vs :-1: (remember that [we don't need to reach a consensus](https://about.gitlab.com/handbook/values/#collaboration-is-not-consensus))
+- [ ] (If applicable) One style is getting a majority of vote (compared to the other choice)
+- [ ] (If applicable) Update the MR with the chosen style
+- [ ] Follow the [review process](https://docs.gitlab.com/ee/development/code_review.html) as usual
+- [ ] Once approved and merged by a maintainer, mention it again:
+  - [ ] In the relevant Slack channels (e.g. `#development`, `#backend`, `#frontend`)
+  - [ ] (Optional depending on the impact of the change) In the Engineering Week in Review
+
+/label ~"Engineering Productivity" ~"Style decision" ~"development guidelines" ~"static analysis"
+
+/cc @gitlab-org/maintainers/rails-backend

.overcommit.yml.example

@@ -15,6 +15,13 @@
 #
 # Uncomment the following lines to make the configuration take effect.
+# Make sure to run `cd tooling/overcommit && make && cd -`
+gemfile: 'tooling/overcommit/gems.rb'
+
+PostCheckout:
+  BundleInstall:
+    enabled: true
+
 PreCommit:
   AuthorName:
     enabled: false
@@ -35,6 +42,19 @@ PreCommit:
 #    on_warn: fail # Treat all warnings as failures
   ScssLint:
     enabled: true
+
+CommitMsg:
+  TextWidth:
+    enabled: true
+    min_subject_width: 8 # three 2-letter words with 2 spaces
+    max_subject_width: 72
+    quiet: false
+
+  EmptyMessage:
+    enabled: true
+    required: true
+    description: 'Checking for empty commit message'
+
 #PostCheckout:
 #  ALL: # Special hook name that customizes all hooks of this type
 #    quiet: true # Change all post-checkout hooks to only display output on failure

.rubocop.yml

@@ -235,12 +235,6 @@ RSpec/FactoriesInMigrationSpecs:
     - 'spec/lib/ee/gitlab/background_migration/**/*.rb'
     - 'ee/spec/lib/ee/gitlab/background_migration/**/*.rb'
-Cop/IncludeActionViewContext:
-  Enabled: true
-  Exclude:
-    - 'spec/**/*'
-    - 'ee/spec/**/*'
-
 Cop/IncludeSidekiqWorker:
   Enabled: true
   Exclude:
@@ -301,30 +295,6 @@ RSpec/AnyInstanceOf:
   Enabled: false
 # Cops for upgrade to gitlab-styles 3.1.0
-Rails/SafeNavigationWithBlank:
-  Enabled: false
-
-Rails/ApplicationController:
-  Enabled: false
-
-Rails/ApplicationMailer:
-  Enabled: false
-
-Rails/RakeEnvironment:
-  Enabled: false
-
-Rails/HelperInstanceVariable:
-  Enabled: false
-
-Rails/EnumHash:
-  Enabled: false
-
-RSpec/ReceiveCounts:
-  Enabled: false
-
-RSpec/ContextMethod:
-  Enabled: false
-
 RSpec/ImplicitSubject:
   Enabled: false
@@ -361,8 +331,22 @@ RSpec/MissingExampleGroupArgument:
 RSpec/UnspecifiedException:
   Enabled: false
+# Work in progress. See https://gitlab.com/gitlab-org/gitlab/issues/196163
 RSpec/HaveGitlabHttpStatus:
-  Enabled: false
+  Enabled: true
+  Exclude:
+    - 'spec/support/matchers/have_gitlab_http_status.rb'
+  Include:
+    - 'spec/support/**/*'
+    - 'ee/spec/support/**/*'
+    - 'spec/features/**/*'
+    - 'ee/spec/features/**/*'
+    - 'spec/controllers/**/*'
+    - 'ee/spec/controllers/**/*'
+    - 'spec/requests/*.rb'
+    - 'ee/spec/requests/*.rb'
+    - 'spec/requests/api/*/**/*.rb'
+    - 'ee/spec/requests/api/*/**/*.rb'
 Style/MultilineWhenThen:
   Enabled: false

.vale.ini

+# Vale configuration file, taken from https://errata-ai.github.io/vale/config/
+
+# The relative path to the folder containing linting rules (styles)
+# -----------------------------------------------------------------
+StylesPath = doc/.linting/vale/styles
+
+# Minimum alert level
+# -------------------
+# The minimum alert level to display (suggestion, warning, or error).
+# If integrated into CI, builds fail by default on error-level alerts,
+# unless you execute Vale with the --no-exit flag
+MinAlertLevel = suggestion
+
+# Should Vale parse any file formats other than .md files as Markdown?
+# --------------------------------------------------------------------
+[formats]
+mdx = md
+
+# What file types should Vale test?
+# ----------------------------------
+[*.md]
+
+# Styles to load
+# --------------
+# What styles, located in the StylesPath folder, should Vale load?
+# Vale also currently includes write-good, proselint, joblint, and vale
+BasedOnStyles = gitlab
+
+# Enabling or disabling specific rules in a style
+# -----------------------------------------------
+# To disable a rule in an enabled style, use the following format:
+# {style}.{filename} = NO
+# To enable a single rule in a disabled style, use the following format:
+# vale.Editorializing = YES
+
+# Altering the severity of a rule in a style
+# ------------------------------------------
+# To change the reporting level (suggestion, warning, error) of a rule,
+# use the following format: {style}.{filename} = {level}
+# vale.Hedging = error

CHANGELOG-EE.md

 Please view this file on the master branch, on stable branches it's out of date.
-## 12.7.6
-
-- No changes.
-
 ## 12.7.5
 ### Fixed (1 change)
@@ -11,18 +7,10 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Fix DB connection pool size for Geo database. !24021
-## 12.7.4
-
-- No changes.
-
 ## 12.7.3
 - No changes.
-## 12.7.2
-
-- No changes.
-
 ## 12.7.1
 ### Fixed (1 change)
@@ -118,6 +106,18 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Remove "creations" in gitlab_subscription_histories on gitlab.com. !22278
+## 12.6.7
+
+- No changes.
+
+## 12.6.6
+
+- No changes.
+
+## 12.6.5
+
+- No changes.
+
 ## 12.6.4
 - No changes.
@@ -230,6 +230,10 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Update the alerts used in the Dependency List to follow GitLab design guidelines. !21760
+## 12.5.8
+
+- No changes.
+
 ## 12.5.5
 - No changes.

CHANGELOG.md

@@ -2,13 +2,6 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
-## 12.7.6
-
-### Security (1 change)
-
-- Fix ProjectAuthorization calculation for shared groups.
-
-
 ## 12.7.5
 ### Fixed (4 changes, 1 of them is from the community)
@@ -19,13 +12,6 @@ entry.
 - Remove invalid data from issue_tracker_data table.
-## 12.7.4
-
-### Security (1 change)
-
-- Update workhorse to v8.20.0.
-
-
 ## 12.7.3
 ### Security (17 changes, 1 of them is from the community)
@@ -49,10 +35,6 @@ entry.
 - Add workhorse request verification to package upload endpoints.
-## 12.7.2
-
-- No changes.
-
 ## 12.7.1
 ### Fixed (6 changes)
@@ -387,6 +369,45 @@ entry.
 - Update the Net-LDAP gem to 0.16.2.
+## 12.6.7
+
+### Security (1 change)
+
+- Fix ProjectAuthorization calculation for shared groups.
+
+
+## 12.6.6
+
+### Security (1 change)
+
+- Update workhorse to v8.20.0.
+
+
+## 12.6.5
+
+### Security (19 changes, 1 of them is from the community)
+
+- Update rack-cors to 1.0.6.
+- Update rdoc to 6.1.2.
+- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
+- Cleanup todos for users from a removed linked group.
+- Disable access to last_pipeline in commits API for users without read permissions.
+- Add constraint to group dependency proxy endpoint param.
+- Limit number of AsciiDoc includes per document.
+- Prevent API access for unconfirmed users.
+- Enforce permission check when counting activity events.
+- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
+- Fix xss on frequent groups dropdown.
+- Fix XSS vulnerability on custom project templates form.
+- Protect internal CI builds from external overrides.
+- ImportExport::ExportService to require admin_project permission.
+- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
+- Disable caching of repository/files/:file_path/raw API endpoint.
+- Make cross-repository comparisons happen in the source repository.
+- Update excon to 0.71.1 to fix CVE-2019-16779.
+- Add workhorse request verification to package upload endpoints.
+
+
 ## 12.6.4
 ### Security (1 change)
@@ -807,6 +828,35 @@ entry.
 - Replace Font Awesome bullhorn icon with GitLab bullhorn icon.
+## 12.5.8
+
+### Security (19 changes, 1 of them is from the community)
+
+- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
+- Update rdoc to 6.1.2.
+- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
+- Cleanup todos for users from a removed linked group.
+- Disable access to last_pipeline in commits API for users without read permissions.
+- Add constraint to group dependency proxy endpoint param.
+- Limit number of AsciiDoc includes per document.
+- Prevent API access for unconfirmed users.
+- Enforce permission check when counting activity events.
+- Update rack-cors to 1.0.6.
+- Fix xss on frequent groups dropdown.
+- Fix XSS vulnerability on custom project templates form.
+- Protect internal CI builds from external overrides.
+- ImportExport::ExportService to require admin_project permission.
+- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
+- Disable caching of repository/files/:file_path/raw API endpoint.
+- Make cross-repository comparisons happen in the source repository.
+- Update excon to 0.71.1 to fix CVE-2019-16779.
+- Add workhorse request verification to package upload endpoints.
+
+### Changed (1 change, 1 of them is from the community)
+
+- Add template repository usage to the usage ping. !20126 (minghuan lei)
+
+
 ## 12.5.5
 ### Security (1 change)

GITALY_SERVER_VERSION

-1.83.0
+263fd270787f96f22d431a8e77dd1f2f4d254d96

GITLAB_ELASTICSEARCH_INDEXER_VERSION

-2.0.0
+2.1.0

GITLAB_PAGES_VERSION

-1.12.0
+1.16.0

GITLAB_WORKHORSE_VERSION

-8.20.0
+8.21.0

Gemfile

 source 'https://rubygems.org'
-gem 'rails', '5.2.3'
+gem 'rails', '6.0.2'
 gem 'bootsnap', '~> 1.4'
@@ -26,14 +26,14 @@ gem 'marginalia', '~> 1.8.0'
 # Authentication libraries
 gem 'devise', '~> 4.6'
-gem 'doorkeeper', '~> 4.3'
-gem 'doorkeeper-openid_connect', '~> 1.5'
+gem 'doorkeeper', '~> 5.0.2'
+gem 'doorkeeper-openid_connect', '~> 1.6.3'
 gem 'omniauth', '~> 1.8'
 gem 'omniauth-auth0', '~> 2.0.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9'
 gem 'omniauth-cas3', '~> 1.1.4'
 gem 'omniauth-facebook', '~> 4.0.0'
-gem 'omniauth-github', '~> 1.3'
+gem 'omniauth-github', '~> 1.4'
 gem 'omniauth-gitlab', '~> 1.0.2'
 gem 'omniauth-google-oauth2', '~> 0.6.0'
 gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
@@ -67,7 +67,7 @@ gem 'u2f', '~> 0.2.1'
 gem 'validates_hostname', '~> 1.0.6'
 gem 'rubyzip', '~> 2.0.0', require: 'zip'
 # GitLab Pages letsencrypt support
-gem 'acme-client', '~> 2.0.2'
+gem 'acme-client', '~> 2.0.5'
 # Browser detection
 gem 'browser', '~> 2.5'
@@ -84,10 +84,10 @@ gem 'net-ldap'
 # API
 gem 'grape', '~> 1.1.0'
 gem 'grape-entity', '~> 0.7.1'
-gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
+gem 'rack-cors', '~> 1.0.6', require: 'rack/cors'
 # GraphQL API
-gem 'graphql', '~> 1.9.11'
+gem 'graphql', '~> 1.9.12'
 # NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab/issues/31771
 # TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
 # https://gitlab.com/gitlab-org/gitlab/issues/31747
@@ -149,7 +149,7 @@ gem 'wikicloth', '0.8.1'
 gem 'asciidoctor', '~> 2.0.10'
 gem 'asciidoctor-include-ext', '~> 0.3.1', require: false
 gem 'asciidoctor-plantuml', '0.0.10'
-gem 'rouge', '~> 3.11.0'
+gem 'rouge', '~> 3.15.0'
 gem 'truncato', '~> 0.7.11'
 gem 'bootstrap_form', '~> 4.2.0'
 gem 'nokogiri', '~> 1.10.5'
@@ -301,11 +301,11 @@ gem 'sentry-raven', '~> 2.9'
 gem 'premailer-rails', '~> 1.10.3'
 # LabKit: Tracing and Correlation
-gem 'gitlab-labkit', '0.8.0'
+gem 'gitlab-labkit', '0.9.1'
 # I18n
 gem 'ruby_parser', '~> 3.8', require: false
-gem 'rails-i18n', '~> 5.1'
+gem 'rails-i18n', '~> 6.0'
 gem 'gettext_i18n_rails', '~> 1.8.0'
 gem 'gettext_i18n_rails_js', '~> 1.3'
 gem 'gettext', '~> 3.2.2', require: false, group: :development
@@ -349,7 +349,7 @@ end
 group :development, :test do
   gem 'bullet', '~> 6.0.2', require: !!ENV['ENABLE_BULLET']
   gem 'pry-byebug', '~> 3.5.1', platform: :mri
-  gem 'pry-rails', '~> 0.3.4'
+  gem 'pry-rails', '~> 0.3.9'
   gem 'awesome_print', require: false
@@ -381,8 +381,6 @@ group :development, :test do
   gem 'knapsack', '~> 1.17'
-  gem 'stackprof', '~> 0.2.13', require: false
-
   gem 'simple_po_parser', '~> 1.1.2', require: false
   gem 'timecop', '~> 0.8.0'
@@ -427,6 +425,7 @@ gem 'email_reply_trimmer', '~> 0.1'
 gem 'html2text'
 gem 'ruby-prof', '~> 1.0.0'
+gem 'stackprof', '~> 0.2.15', require: false
 gem 'rbtrace', '~> 0.4', require: false
 gem 'memory_profiler', '~> 0.9', require: false
 gem 'benchmark-memory', '~> 0.1', require: false
@@ -456,7 +455,7 @@ group :ed25519 do
 end
 # Gitaly GRPC protocol definitions
-gem 'gitaly', '~> 1.81.0'
+gem 'gitaly', '~> 1.86.0'
 gem 'grpc', '~> 1.24.0'
@@ -486,3 +485,10 @@ gem 'liquid', '~> 4.0'
 # LRU cache
 gem 'lru_redux'
+
+gem 'erubi', '~> 1.9.0'
+
+# Locked as long as quoted-printable encoding issues are not resolved
+# Monkey-patched in `config/initializers/mail_encoding_patch.rb`
+# See https://gitlab.com/gitlab-org/gitlab/issues/197386
+gem 'mail', '= 2.7.1'

Gemfile.lock

@@ -4,52 +4,66 @@ GEM
     RedCloth (4.3.2)
     abstract_type (0.0.7)
     ace-rails-ap (4.1.2)
-    acme-client (2.0.2)
+    acme-client (2.0.5)
       faraday (~> 0.9, >= 0.9.1)
-    actioncable (5.2.3)
-      actionpack (= 5.2.3)
+    actioncable (6.0.2)
+      actionpack (= 6.0.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
+    actionmailbox (6.0.2)
+      actionpack (= 6.0.2)
+      activejob (= 6.0.2)
+      activerecord (= 6.0.2)
+      activestorage (= 6.0.2)
+      activesupport (= 6.0.2)
+      mail (>= 2.7.1)
+    actionmailer (6.0.2)
+      actionpack (= 6.0.2)
+      actionview (= 6.0.2)
+      activejob (= 6.0.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.3)
-      actionview (= 5.2.3)
-      activesupport (= 5.2.3)
+    actionpack (6.0.2)
+      actionview (= 6.0.2)
+      activesupport (= 6.0.2)
       rack (~> 2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.0.2)
+      actionpack (= 6.0.2)
+      activerecord (= 6.0.2)
+      activestorage (= 6.0.2)
+      activesupport (= 6.0.2)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.2)
+      activesupport (= 6.0.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.2)
+      activesupport (= 6.0.2)
       globalid (>= 0.3.6)
-    activemodel (5.2.3)
-      activesupport (= 5.2.3)
-    activerecord (5.2.3)
-      activemodel (= 5.2.3)
-      activesupport (= 5.2.3)
-      arel (>= 9.0)
+    activemodel (6.0.2)
+      activesupport (= 6.0.2)
+    activerecord (6.0.2)
+      activemodel (= 6.0.2)
+      activesupport (= 6.0.2)
     activerecord-explain-analyze (0.1.0)
       activerecord (>= 4)
       pg
-    activestorage (5.2.3)
-      actionpack (= 5.2.3)
-      activerecord (= 5.2.3)
+    activestorage (6.0.2)
+      actionpack (= 6.0.2)
+      activejob (= 6.0.2)
+      activerecord (= 6.0.2)
       marcel (~> 0.3.1)
-    activesupport (5.2.3)
+    activesupport (6.0.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+      zeitwerk (~> 2.2)
     acts-as-taggable-on (6.5.0)
       activerecord (>= 5.0, < 6.1)
     adamantium (0.2.0)
@@ -62,7 +76,6 @@ GEM
     apollo_upload_server (2.0.0.beta.3)
       graphql (>= 1.8)
       rails (>= 4.2)
-    arel (9.0.0)
     asana (0.9.3)
       faraday (~> 0.9)
       faraday_middleware (~> 0.9)
@@ -171,7 +184,7 @@ GEM
       unicode_utils (~> 1.4)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.5)
+    crass (1.0.6)
     creole (0.5.0)
     css_parser (1.7.0)
       addressable
@@ -198,13 +211,14 @@ GEM
     declarative-option (0.1.0)
     default_value_for (3.3.0)
       activerecord (>= 3.2.0, < 6.1)
-    derailed_benchmarks (1.3.5)
+    derailed_benchmarks (1.4.2)
       benchmark-ips (~> 2)
       get_process_mem (~> 0)
       heapy (~> 0)
       memory_profiler (~> 0)
       rack (>= 1)
-      rake (> 10, < 13)
+      rake (> 10, < 14)
+      ruby-statistics (>= 2.1)
       thor (~> 0.19)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
@@ -229,10 +243,10 @@ GEM
     docile (1.3.1)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (4.3.2)
+    doorkeeper (5.0.2)
       railties (>= 4.2)
-    doorkeeper-openid_connect (1.5.0)
-      doorkeeper (~> 4.3)
+    doorkeeper-openid_connect (1.6.3)
+      doorkeeper (>= 5.0, < 5.2)
       json-jwt (~> 1.6)
     ed25519 (1.2.4)
     elasticsearch (6.8.0)
@@ -348,7 +362,8 @@ GEM
     gemoji (3.0.1)
     gemojione (3.3.0)
       json
-    get_process_mem (0.2.3)
+    get_process_mem (0.2.5)
+      ffi (~> 1.0)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -360,12 +375,12 @@ GEM
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
     git (1.5.0)
-    gitaly (1.81.0)
+    gitaly (1.86.0)
       grpc (~> 1.0)
     github-markup (1.7.0)
     gitlab-chronic (0.10.5)
       numerizer (~> 0.2)
-    gitlab-labkit (0.8.0)
+    gitlab-labkit (0.9.1)
       actionpack (>= 5.0.0, < 6.1.0)
       activesupport (>= 5.0.0, < 6.1.0)
       grpc (~> 1.19)
@@ -434,12 +449,13 @@ GEM
       activesupport
       grape (~> 1.0)
       rake (~> 12)
-    grape_logging (1.7.0)
+    grape_logging (1.8.3)
       grape
+      rack
     graphiql-rails (1.4.10)
       railties
       sprockets-rails
-    graphql (1.9.11)
+    graphql (1.9.12)
     graphql-docs (1.6.0)
       commonmarker (~> 0.16)
       escape_utils (~> 1.2)
@@ -510,7 +526,7 @@ GEM
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     httpclient (2.8.3)
-    i18n (1.7.1)
+    i18n (1.8.2)
       concurrent-ruby (~> 1.0)
     i18n_data (0.8.0)
     icalendar (2.4.1)
@@ -609,12 +625,12 @@ GEM
     memoist (0.16.0)
     memoizable (0.4.2)
       thread_safe (~> 0.3, >= 0.3.1)
-    memory_profiler (0.9.13)
+    memory_profiler (0.9.14)
     method_source (0.9.2)
     mime-types (3.2.2)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.0331)
-    mimemagic (0.3.2)
+    mimemagic (0.3.3)
     mini_magick (4.9.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
@@ -672,7 +688,7 @@ GEM
       omniauth (~> 1.2)
     omniauth-facebook (4.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-github (1.3.0)
+    omniauth-github (1.4.0)
       omniauth (~> 1.5)
       omniauth-oauth2 (>= 1.4.0, < 2.0)
     omniauth-gitlab (1.0.3)
@@ -739,7 +755,7 @@ GEM
     parslet (1.8.2)
     peek (1.1.0)
       railties (>= 4.0.0)
-    pg (1.1.4)
+    pg (1.2.2)
     png_quantizator (0.2.1)
     po_to_json (1.0.1)
       json (>= 1.6.0)
@@ -762,7 +778,7 @@ GEM
     pry-byebug (3.5.1)
       byebug (~> 9.1)
       pry (~> 0.10)
-    pry-rails (0.3.6)
+    pry-rails (0.3.9)
       pry (>= 0.10.4)
     public_suffix (4.0.3)
     pyu-ruby-sasl (0.0.3.3)
@@ -787,18 +803,20 @@ GEM
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rack-timeout (0.5.1)
-    rails (5.2.3)
-      actioncable (= 5.2.3)
-      actionmailer (= 5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
-      activemodel (= 5.2.3)
-      activerecord (= 5.2.3)
-      activestorage (= 5.2.3)
-      activesupport (= 5.2.3)
+    rails (6.0.2)
+      actioncable (= 6.0.2)
+      actionmailbox (= 6.0.2)
+      actionmailer (= 6.0.2)
+      actionpack (= 6.0.2)
+      actiontext (= 6.0.2)
+      actionview (= 6.0.2)
+      activejob (= 6.0.2)
+      activemodel (= 6.0.2)
+      activerecord (= 6.0.2)
+      activestorage (= 6.0.2)
+      activesupport (= 6.0.2)
       bundler (>= 1.3.0)
-      railties (= 5.2.3)
+      railties (= 6.0.2)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -809,15 +827,15 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    rails-i18n (5.1.1)
+    rails-i18n (6.0.0)
       i18n (>= 0.7, < 2)
-      railties (>= 5.0, < 6)
-    railties (5.2.3)
-      actionpack (= 5.2.3)
-      activesupport (= 5.2.3)
+      railties (>= 6.0.0, < 7)
+    railties (6.0.2)
+      actionpack (= 6.0.2)
+      activesupport (= 6.0.2)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
+      thor (>= 0.20.3, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.0)
     rake (12.3.3)
@@ -871,7 +889,7 @@ GEM
     retriable (3.1.2)
     rinku (2.0.0)
     rotp (2.1.2)
-    rouge (3.11.0)
+    rouge (3.15.0)
     rqrcode (0.7.0)
       chunky_png
     rqrcode-rails3 (0.1.7)
@@ -937,6 +955,7 @@ GEM
     ruby-progressbar (1.10.1)
     ruby-saml (1.7.2)
       nokogiri (>= 1.5.10)
+    ruby-statistics (2.1.1)
     ruby_dep (1.5.0)
     ruby_parser (3.13.1)
       sexp_processor (~> 4.9)
@@ -1018,7 +1037,7 @@ GEM
       sprockets (>= 3.0.0)
     sqlite3 (1.3.13)
     sshkey (2.0.0)
-    stackprof (0.2.13)
+    stackprof (0.2.15)
     state_machines (0.5.0)
     state_machines-activemodel (0.7.1)
       activemodel (>= 4.1)
@@ -1111,9 +1130,9 @@ GEM
       hashdiff
     webpack-rails (0.9.11)
       railties (>= 3.2.0)
-    websocket-driver (0.7.0)
+    websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.4)
     wikicloth (0.8.1)
       builder
       expression_parser
@@ -1122,6 +1141,7 @@ GEM
     xml-simple (1.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
+    zeitwerk (2.2.2)
 PLATFORMS
   ruby
@@ -1129,7 +1149,7 @@ PLATFORMS
 DEPENDENCIES
   RedCloth (~> 4.3.2)
   ace-rails-ap (~> 4.1.0)
-  acme-client (~> 2.0.2)
+  acme-client (~> 2.0.5)
   activerecord-explain-analyze (~> 0.1)
   acts-as-taggable-on (~> 6.0)
   addressable (~> 2.7)
@@ -1177,14 +1197,15 @@ DEPENDENCIES
   diff_match_patch (~> 0.1.0)
   diffy (~> 3.1.0)
   discordrb-webhooks-blackst0ne (~> 3.3)
-  doorkeeper (~> 4.3)
-  doorkeeper-openid_connect (~> 1.5)
+  doorkeeper (~> 5.0.2)
+  doorkeeper-openid_connect (~> 1.6.3)
   ed25519 (~> 1.2)
   elasticsearch-api (~> 6.8)
   elasticsearch-model (~> 6.1)
   elasticsearch-rails (~> 6.1)
   email_reply_trimmer (~> 0.1)
   email_spec (~> 2.2.0)
+  erubi (~> 1.9.0)
   escape_utils (~> 1.1)
   factory_bot_rails (~> 5.1.0)
   faraday (~> 0.12)
@@ -1209,10 +1230,10 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.3)
-  gitaly (~> 1.81.0)
+  gitaly (~> 1.86.0)
   github-markup (~> 1.7.0)
   gitlab-chronic (~> 0.10.5)
-  gitlab-labkit (= 0.8.0)
+  gitlab-labkit (= 0.9.1)
   gitlab-license (~> 1.0)
   gitlab-markup (~> 1.7.0)
   gitlab-net-dns (~> 0.9.1)
@@ -1231,7 +1252,7 @@ DEPENDENCIES
   grape-path-helpers (~> 1.2)
   grape_logging (~> 1.7)
   graphiql-rails (~> 1.4.10)
-  graphql (~> 1.9.11)
+  graphql (~> 1.9.12)
   graphql-docs (~> 1.6.0)
   grpc (~> 1.24.0)
   gssapi
@@ -1262,6 +1283,7 @@ DEPENDENCIES
   lograge (~> 0.5)
   loofah (~> 2.2)
   lru_redux
+  mail (= 2.7.1)
   mail_room (~> 0.10.0)
   marginalia (~> 1.8.0)
   memory_profiler (~> 0.9)
@@ -1282,7 +1304,7 @@ DEPENDENCIES
   omniauth-azure-oauth2 (~> 0.0.9)
   omniauth-cas3 (~> 1.1.4)
   omniauth-facebook (~> 4.0.0)
-  omniauth-github (~> 1.3)
+  omniauth-github (~> 1.4)
   omniauth-gitlab (~> 1.0.2)
   omniauth-google-oauth2 (~> 0.6.0)
   omniauth-kerberos (~> 0.3.0)
@@ -1302,16 +1324,16 @@ DEPENDENCIES
   premailer-rails (~> 1.10.3)
   prometheus-client-mmap (~> 0.10.0)
   pry-byebug (~> 3.5.1)
-  pry-rails (~> 0.3.4)
+  pry-rails (~> 0.3.9)
   rack (~> 2.0.7)
   rack-attack (~> 6.2.0)
-  rack-cors (~> 1.0.0)
+  rack-cors (~> 1.0.6)
   rack-oauth2 (~> 1.9.3)
   rack-proxy (~> 0.6.0)
   rack-timeout
-  rails (= 5.2.3)
+  rails (= 6.0.2)
   rails-controller-testing
-  rails-i18n (~> 5.1)
+  rails-i18n (~> 6.0)
   rainbow (~> 3.0)
   raindrops (~> 0.18)
   rblineprof (~> 0.3.6)
@@ -1325,7 +1347,7 @@ DEPENDENCIES
   request_store (~> 1.3)
   responders (~> 3.0)
   retriable (~> 3.1.2)
-  rouge (~> 3.11.0)
+  rouge (~> 3.15.0)
   rqrcode-rails3 (~> 0.1.7)
   rspec-parameterized
   rspec-rails (~> 4.0.0.beta3)
@@ -1360,7 +1382,7 @@ DEPENDENCIES
   spring-commands-rspec (~> 1.0.4)
   sprockets (~> 3.7.0)
   sshkey (~> 2.0)
-  stackprof (~> 0.2.13)
+  stackprof (~> 0.2.15)
   state_machines-activerecord (~> 0.6.0)
   sys-filesystem (~> 1.1.6)
   test-prof (~> 0.10.0)

Guardfile

@@ -2,7 +2,7 @@
 # More info at https://github.com/guard/guard#readme
-cmd = ENV['SPRING'] ? 'spring rspec' : 'bundle exec rspec'
+cmd = ENV['GUARD_CMD'] || (ENV['SPRING'] ? 'spring rspec' : 'bundle exec rspec')
 guard :rspec, cmd: cmd do
   require "guard/rspec/dsl"

README.md

@@ -82,9 +82,9 @@ GitLab is a Ruby on Rails application that runs on the following software:
 - Ruby (MRI) 2.6.5
 - Git 2.8.4+
 - Redis 2.8+
-- PostgreSQL (preferred) or MySQL
-For more information please see the [architecture documentation](https://docs.gitlab.com/ce/development/architecture.html).
+- PostgreSQL 9.6+
+For more information please see the [architecture](https://docs.gitlab.com/ee/development/architecture.html) and [requirements](https://docs.gitlab.com/ee/install/requirements.html) documentation.
 ## UX design