Remove sudo runner registration instructions macos

See merge request gitlab-org/gitlab!86455

Enhance merge request widget extension subtext handling

See merge request gitlab-org/gitlab!86679

Fix hover on item on welcome screen to be dark

See merge request gitlab-org/gitlab!86874

Dries Degreef authored 2 years ago and Simon Knox committed 2 years ago

This reverts commit 3f4272a86f25e1756cc8ba3ca32b380f5f723c4d

Update controller specs for vue_issues_list

See merge request gitlab-org/gitlab!86238

Migrate "Create incident" button in alert details

See merge request gitlab-org/gitlab!86869

Remove threat_monitoring from GraphQL enum for alerts

See merge request gitlab-org/gitlab!86755

Move ReportNotConfigured components into specific folders

See merge request gitlab-org/gitlab!86846

Migration with access_token for approval project rules

See merge request gitlab-org/gitlab!82855

Zamir Martins Filho authored 2 years ago and Etienne Baqué committed 2 years ago

rules.

EE: true
Changelog: changed

Add policy data to Groups::Security::PoliciesController#edit

See merge request gitlab-org/gitlab!85278

Alan (Maciej) Paruszewski authored 2 years ago and Tetiana Chupryna committed 2 years ago

This change adds usage of updated SecurityOrchestationHelper both to
policies controller scoped to Projects and Namespaces.

Keep fragment identifier when performing an OAuth redirect

See merge request gitlab-org/gitlab!86562

Update Gitaly version

See merge request gitlab-org/gitlab!87201

Remove dynamic check for feature flag

See merge request gitlab-org/gitlab!86913

Fix error with initializiation of protected environments feature

See merge request gitlab-org/gitlab!86560

Update removal MR template

See merge request gitlab-org/gitlab!87204

Dismiss the file tree popover if it block access o the branch selector

See merge request gitlab-org/gitlab!87068

Reduce frequently visited projects/groups timeout

See merge request gitlab-org/gitlab!87004

Fix removed CI template metric definitions

See merge request gitlab-org/gitlab!87195

Resolve "issues number tab in epic list not update after filtered"

See merge request gitlab-org/gitlab!87118

Fixes list in IP Address restriction section

See merge request gitlab-org/gitlab!87185

Add missing detail about introduction check subcommand

See merge request gitlab-org/gitlab!86898

Bump Gitlab Shell to 14.1.1

See merge request gitlab-org/gitlab!87198

Miguel Rincon authored 2 years ago and Matthias Käppler committed 2 years ago

This change removes sudo from the runner registration step on macos.

The two blocks of instructions don't match each other, as the
installation does not use `sudo`, while the runner registration does.

Changelog: changed

Fix cache key for mr_title partial

See merge request gitlab-org/gitlab!87082

Redesign DAST profile summary with Drawer

See merge request gitlab-org/gitlab!86683

This change is currently behind a feature flag
which will be rolled out along with other design
changes

Sean McGivern authored 2 years ago and Mark Chao committed 2 years ago

When we request a GitLab Pages page with access control enabled,
something like this happens:

1. 302 to Pages's `/auth` endpoint.
2. 302 to GitLab's `/oauth/authorize` endpoint, where GitLab is an
   OAuth provider.
3. 200 with JS redirection code to redirect back to Pages's `/auth`
   endpoint.
4. 302 to Pages's `/auth` endpoint again, but this time on the specific
   Pages domain in question.
5. 200 on the originally-requested page.

There can be intermediate steps here - particularly if the user is not
signed in to GitLab already - but that's the gist. This broke fragment
identifiers (the part of the URL after the `#`). The server doesn't
receive these, but most browsers preserve them on a server-side
redirect: https://stackoverflow.com/a/5283739

Our 200 in step 3 was breaking that, however, because it's not a 3XX
redirect. Instead we return a minimal HTML page with some JavaScript to
perform the redirect, and a link if the user doesn't have JavaScript
enabled. This is to work around a previous security issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/300308

This commit changes the JS redirection code to include the fragment
identifier, if present, and so avoid breaking things in the common case.
This doesn't just apply to Pages, but to any other use of GitLab as an
OAuth provider. It does not attempt to fix the HTML link as the only way
the client can access the fragment programatically is through JS, and
the link is only useful if JS is disabled.

Out of an abundance of caution, we only include the fragment if it
is comprised of word characters, dashes, and underscores. All other
characters are, for now, excluded.

Changelog: fixed

Move Style/HashEachMethods into separate TODO file

See merge request gitlab-org/gitlab!86963

Bring Container Scanning to Free

See merge request gitlab-org/gitlab!86783

Add 2 last DORA metric to VSA summary block

See merge request gitlab-org/gitlab!86245

Migrate cluster buttons to confirm variant

See merge request gitlab-org/gitlab!86818

v14.1.1

- Log the error that happens on sconn.Wait()

v14.1.0

- Make PROXY policy configurable
- Exclude authentication errors from apdex
- Fix check_ip argument when gitlab-sshd used with PROXY protocol
- Use labkit for FIPS check

Changelog: added

[graphql] Some updates to specs for interpreter upgrade

See merge request gitlab-org/gitlab!87031

Brett Walker authored 2 years ago and Luke Duncalfe committed 2 years ago

https://gitlab.com/gitlab-org/gitlab/-/issues/210556