Merge branch '11-7-stable-prepare-rc5' into '11-7-stable'

Prepare 11.7 RC5 release See merge request gitlab-org/gitlab-ce!24308

Merge branch '11-7-stable-prepare-rc5' into '11-7-stable'
ece6a455 · Yorick Peterse · 4ea7d0af · 47cb9c59 · ece6a455 · ece6a455
Commit ece6a455 authored 6 years ago by Yorick Peterse
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -7194,7 +7194,7 @@ msgstr ""
 msgid "To move or copy an entire GitLab project from another GitLab installation to this one, navigate to the original project's settings page, generate an export file, and upload it here."
 msgstr ""
  
-msgid "To preserve performance only <strong>%{display_size} of ${real_size}</strong> files are displayed."
+msgid "To preserve performance only <strong>%{display_size} of %{real_size}</strong> files are displayed."
 msgstr ""
  
 msgid "To start serving your jobs you can add Runners to your group"

--- a/qa/qa/page/component/note.rb
+++ b/qa/qa/page/component/note.rb
@@ -32,9 +32,13 @@ module QA
          click_element :comment_button
        end
  
-        def reply_to_discussion(reply_text)
+        def type_reply_to_discussion(reply_text)
          all_elements(:discussion_reply).last.click
          fill_element :reply_input, reply_text
+        end
+
+        def reply_to_discussion(reply_text)
+          type_reply_to_discussion(reply_text)
          click_element :reply_comment_button
        end
  

--- a/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
+++ b/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
@@ -98,6 +98,17 @@ module QA
              resource.value = 'You can see this application secret'
            end
  
+            # Our current Auto DevOps implementation won't update the production
+            # app if we only update a CI variable with no code change.
+            #
+            # Workaround: push new code and use the resultant pipeline.
+            Resource::Repository::ProjectPush.fabricate! do |push|
+              push.project = @project
+              push.commit_message = 'Force a Deployment change by pushing new code'
+              push.file_name = 'new_file.txt'
+              push.file_content = 'new file contents'
+            end
+
            @project.visit!
            Page::Project::Menu.act { click_ci_cd_pipelines }
            Page::Project::Pipeline::Index.act { go_to_latest_pipeline }

--- a/spec/controllers/admin/requests_profiles_controller_spec.rb
+++ b/spec/controllers/admin/requests_profiles_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Admin::RequestsProfilesController do
+  set(:admin) { create(:admin) }
+
+  before do
+    sign_in(admin)
+  end
+
+  describe '#show' do
+    let(:basename) { "profile_#{Time.now.to_i}.html" }
+    let(:tmpdir) { Dir.mktmpdir('profiler-test') }
+    let(:test_file) { File.join(tmpdir, basename) }
+    let(:profile) { Gitlab::RequestProfiler::Profile.new(basename) }
+    let(:sample_data) do
+      <<~HTML
+        <!DOCTYPE html>
+        <html>
+        <body>
+        <h1>My First Heading</h1>
+        <p>My first paragraph.</p>
+        </body>
+        </html>
+      HTML
+    end
+
+    before do
+      stub_const('Gitlab::RequestProfiler::PROFILES_DIR', tmpdir)
+      output = File.open(test_file, 'w')
+      output.write(sample_data)
+      output.close
+    end
+
+    after do
+      File.unlink(test_file)
+    end
+
+    it 'loads an HTML profile' do
+      get :show, params: { name: basename }
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(response.body).to eq(sample_data)
+    end
+  end
+end
--- a/spec/features/projects/compare_spec.rb
+++ b/spec/features/projects/compare_spec.rb
@@ -87,6 +87,21 @@ describe "Compare", :js do
  
      expect(find(".js-compare-from-dropdown .dropdown-content")).to have_selector("li", count: 3)
    end
+
+    context 'when commit has overflow', :js do
+      it 'displays warning' do
+        visit project_compare_index_path(project, from: "feature", to: "master")
+
+        allow(Commit).to receive(:max_diff_options).and_return(max_files: 3)
+        allow_any_instance_of(DiffHelper).to receive(:render_overflow_warning?).and_return(true)
+
+        click_button('Compare')
+
+        page.within('.alert') do
+          expect(page).to have_text("Too many changes to show. To preserve performance only 3 of 3+ files are displayed.")
+        end
+      end
+    end
  end
  
  describe "tags" do

--- a/spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json
+++ b/spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json
 {
-    "image": "registry.gitlab.com/bikebilly/auto-devops-10-6/feature-branch:e7315ba964febb11bac8f5cd6ec433db8a3a1583",
-    "unapproved": [
-        "CVE-2017-15650"
-    ],
-    "vulnerabilities": [
-        {
-            "featurename": "musl",
-            "featureversion": "1.1.14-r15",
-            "vulnerability": "CVE-2017-15650",
-            "namespace": "alpine:v3.4",
-            "description": "",
-            "link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650",
-            "severity": "Medium",
-            "fixedby": "1.1.14-r16"
-        }
-    ]
+  "image": "registry.gitlab.com/bikebilly/auto-devops-10-6/feature-branch:e7315ba964febb11bac8f5cd6ec433db8a3a1583",
+  "unapproved": ["CVE-2017-15650"],
+  "vulnerabilities": [
+    {
+      "featurename": "musl",
+      "featureversion": "1.1.14-r15",
+      "vulnerability": "CVE-2017-15650",
+      "namespace": "alpine:v3.4",
+      "description": "",
+      "link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650",
+      "severity": "Medium",
+      "fixedby": "1.1.14-r16"
+    }
+  ]
 }
--- a/spec/fixtures/security-reports/master/gl-container-scanning-report.json
+++ b/spec/fixtures/security-reports/master/gl-container-scanning-report.json
 {
-    "image": "registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff",
-    "unapproved": [
-        "CVE-2017-18018",
-        "CVE-2016-2781",
-        "CVE-2017-12424",
-        "CVE-2007-5686",
-        "CVE-2013-4235"
-    ],
-    "vulnerabilities": [
-        {
-            "featurename": "glibc",
-            "featureversion": "2.24-11+deb9u3",
-            "vulnerability": "CVE-2017-18269",
-            "namespace": "debian:9",
-            "description": "SSE2-optimized memmove implementation problem.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2017-18269",
-            "severity": "Defcon1",
-            "fixedby": "2.24-11+deb9u4"
-        },
-        {
-            "featurename": "glibc",
-            "featureversion": "2.24-11+deb9u3",
-            "vulnerability": "CVE-2017-16997",
-            "namespace": "debian:9",
-            "description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2017-16997",
-            "severity": "Critical",
-            "fixedby": ""
-        },
-        {
-            "featurename": "glibc",
-            "featureversion": "2.24-11+deb9u3",
-            "vulnerability": "CVE-2018-1000001",
-            "namespace": "debian:9",
-            "description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2018-1000001",
-            "severity": "High",
-            "fixedby": ""
-        },
-        {
-            "featurename": "glibc",
-            "featureversion": "2.24-11+deb9u3",
-            "vulnerability": "CVE-2016-10228",
-            "namespace": "debian:9",
-            "description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2016-10228",
-            "severity": "Medium",
-            "fixedby": ""
-        },
-        {
-            "featurename": "elfutils",
-            "featureversion": "0.168-1",
-            "vulnerability": "CVE-2018-18520",
-            "namespace": "debian:9",
-            "description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2018-18520",
-            "severity": "Low",
-            "fixedby": ""
-        },
-        {
-            "featurename": "glibc",
-            "featureversion": "2.24-11+deb9u3",
-            "vulnerability": "CVE-2010-4052",
-            "namespace": "debian:9",
-            "description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2010-4052",
-            "severity": "Negligible",
-            "fixedby": ""
-        },
-        {
-            "featurename": "nettle",
-            "featureversion": "3.3-1",
-            "vulnerability": "CVE-2018-16869",
-            "namespace": "debian:9",
-            "description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2018-16869",
-            "severity": "Unknown",
-            "fixedby": ""
-        },
-        {
-            "featurename": "perl",
-            "featureversion": "5.24.1-3+deb9u4",
-            "vulnerability": "CVE-2018-18311",
-            "namespace": "debian:9",
-            "description": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",
-            "link": "https://security-tracker.debian.org/tracker/CVE-2018-18311",
-            "severity": "Unknown",
-            "fixedby": "5.24.1-3+deb9u5"
-        }
-    ]
-}
\ No newline at end of file
+  "image": "registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff",
+  "unapproved": [
+    "CVE-2017-18018",
+    "CVE-2016-2781",
+    "CVE-2017-12424",
+    "CVE-2007-5686",
+    "CVE-2013-4235"
+  ],
+  "vulnerabilities": [
+    {
+      "featurename": "glibc",
+      "featureversion": "2.24-11+deb9u3",
+      "vulnerability": "CVE-2017-18269",
+      "namespace": "debian:9",
+      "description": "SSE2-optimized memmove implementation problem.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2017-18269",
+      "severity": "Defcon1",
+      "fixedby": "2.24-11+deb9u4"
+    },
+    {
+      "featurename": "glibc",
+      "featureversion": "2.24-11+deb9u3",
+      "vulnerability": "CVE-2017-16997",
+      "namespace": "debian:9",
+      "description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2017-16997",
+      "severity": "Critical",
+      "fixedby": ""
+    },
+    {
+      "featurename": "glibc",
+      "featureversion": "2.24-11+deb9u3",
+      "vulnerability": "CVE-2018-1000001",
+      "namespace": "debian:9",
+      "description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2018-1000001",
+      "severity": "High",
+      "fixedby": ""
+    },
+    {
+      "featurename": "glibc",
+      "featureversion": "2.24-11+deb9u3",
+      "vulnerability": "CVE-2016-10228",
+      "namespace": "debian:9",
+      "description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2016-10228",
+      "severity": "Medium",
+      "fixedby": ""
+    },
+    {
+      "featurename": "elfutils",
+      "featureversion": "0.168-1",
+      "vulnerability": "CVE-2018-18520",
+      "namespace": "debian:9",
+      "description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2018-18520",
+      "severity": "Low",
+      "fixedby": ""
+    },
+    {
+      "featurename": "glibc",
+      "featureversion": "2.24-11+deb9u3",
+      "vulnerability": "CVE-2010-4052",
+      "namespace": "debian:9",
+      "description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2010-4052",
+      "severity": "Negligible",
+      "fixedby": ""
+    },
+    {
+      "featurename": "nettle",
+      "featureversion": "3.3-1",
+      "vulnerability": "CVE-2018-16869",
+      "namespace": "debian:9",
+      "description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2018-16869",
+      "severity": "Unknown",
+      "fixedby": ""
+    },
+    {
+      "featurename": "perl",
+      "featureversion": "5.24.1-3+deb9u4",
+      "vulnerability": "CVE-2018-18311",
+      "namespace": "debian:9",
+      "description": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",
+      "link": "https://security-tracker.debian.org/tracker/CVE-2018-18311",
+      "severity": "Unknown",
+      "fixedby": "5.24.1-3+deb9u5"
+    }
+  ]
+}
--- a/spec/javascripts/vue_shared/components/markdown/suggestion_diff_spec.js
+++ b/spec/javascripts/vue_shared/components/markdown/suggestion_diff_spec.js
@@ -34,8 +34,8 @@ describe('Suggestion Diff component', () => {
      expect(vm.$el.querySelector('.qa-suggestion-diff-header')).not.toBeNull();
    });
  
-    it('renders a diff table', () => {
-      expect(vm.$el.querySelector('table.md-suggestion-diff')).not.toBeNull();
+    it('renders a diff table with syntax highlighting', () => {
+      expect(vm.$el.querySelector('.md-suggestion-diff.js-syntax-highlight.code')).not.toBeNull();
    });
  
    it('renders the oldLineNumber', () => {

--- a/spec/lib/gitlab/background_migration/backfill_legacy_project_repositories_spec.rb
+++ b/spec/lib/gitlab/background_migration/backfill_legacy_project_repositories_spec.rb
@@ -2,6 +2,6 @@
  
 require 'spec_helper'
  
-describe Gitlab::BackgroundMigration::BackfillLegacyProjectRepositories, :migration, schema: 20181218192239 do
+describe Gitlab::BackgroundMigration::BackfillLegacyProjectRepositories, :migration, schema: 20181212171634 do
  it_behaves_like 'backfill migration for project repositories', :legacy
 end