New upstream version 12.3.9
This commit is contained in:
parent
e25a15efeb
commit
317968c865
29 changed files with 213 additions and 40 deletions
|
@ -1,5 +1,21 @@
|
|||
Please view this file on the master branch, on stable branches it's out of date.
|
||||
|
||||
## 12.3.8
|
||||
|
||||
- No changes.
|
||||
|
||||
## 12.3.7
|
||||
|
||||
### Security (6 changes)
|
||||
|
||||
- Protect Jira integration endpoints from guest users.
|
||||
- Fix private comment Elasticsearch leak on project search scope.
|
||||
- Filter snippet search results by feature visibility.
|
||||
- Hide AWS secret on Admin Integration page.
|
||||
- Fail pull mirror when mirror user is blocked.
|
||||
- Prevent IDOR when adding users to protected environments.
|
||||
|
||||
|
||||
## 12.3.6
|
||||
|
||||
### Security (4 changes)
|
||||
|
|
13
CHANGELOG.md
13
CHANGELOG.md
|
@ -2,23 +2,30 @@
|
|||
documentation](doc/development/changelog.md) for instructions on adding your own
|
||||
entry.
|
||||
|
||||
## 12.3.9
|
||||
|
||||
- No changes.
|
||||
|
||||
## 12.3.8
|
||||
|
||||
- No changes.
|
||||
|
||||
## 12.3.7
|
||||
|
||||
### Security (9 changes)
|
||||
### Security (12 changes)
|
||||
|
||||
- Check permissions before showing a forked project's source.
|
||||
- Do not create todos for approvers without access. !1442
|
||||
- Limit potential for DNS rebind SSRF in chat notifications.
|
||||
- Encrypt application setting tokens.
|
||||
- Update Workhorse and Gitaly to fix a security issue.
|
||||
- Add maven file_name regex validation on incoming files.
|
||||
- Hide commit counts from guest users in Cycle Analytics.
|
||||
- Limit potential for DNS rebind SSRF in chat notifications.
|
||||
- Check permissions before showing a forked project's source.
|
||||
- Fix 500 error caused by invalid byte sequences in links.
|
||||
- Ensure are cleaned by ImportExport::AttributeCleaner.
|
||||
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
|
||||
- Escape namespace in label references to prevent XSS.
|
||||
- Add authorization to using filter vulnerable in Dependency List.
|
||||
|
||||
|
||||
## 12.3.6
|
||||
|
|
2
VERSION
2
VERSION
|
@ -1 +1 @@
|
|||
12.3.8
|
||||
12.3.9
|
||||
|
|
|
@ -38,9 +38,15 @@ module Groups
|
|||
ensure_ownership
|
||||
end
|
||||
|
||||
post_update_hooks(@updated_project_ids)
|
||||
|
||||
true
|
||||
end
|
||||
|
||||
# Overridden in EE
|
||||
def post_update_hooks(updated_project_ids)
|
||||
end
|
||||
|
||||
def ensure_allowed_transfer
|
||||
raise_transfer_error(:group_is_already_root) if group_is_already_root?
|
||||
raise_transfer_error(:same_parent_as_current) if same_parent?
|
||||
|
@ -90,9 +96,16 @@ module Groups
|
|||
.where(id: descendants.select(:id))
|
||||
.update_all(visibility_level: @new_parent_group.visibility_level)
|
||||
|
||||
@group
|
||||
projects_to_update = @group
|
||||
.all_projects
|
||||
.where("visibility_level > ?", @new_parent_group.visibility_level)
|
||||
|
||||
# Used in post_update_hooks in EE. Must use pluck (and not select)
|
||||
# here as after we perform the update below we won't be able to find
|
||||
# these records again.
|
||||
@updated_project_ids = projects_to_update.pluck(:id)
|
||||
|
||||
projects_to_update
|
||||
.update_all(visibility_level: @new_parent_group.visibility_level)
|
||||
end
|
||||
# rubocop: enable CodeReuse/ActiveRecord
|
||||
|
@ -109,3 +122,5 @@ module Groups
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
Groups::TransferService.prepend_if_ee('EE::Groups::TransferService')
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
var parent = require('../../es/object');
|
||||
require('../../modules/esnext.object.iterate-entries');
|
||||
require('../../modules/esnext.object.iterate-keys');
|
||||
require('../../modules/esnext.object.iterate-values');
|
||||
|
||||
module.exports = parent;
|
||||
|
|
4
core-js/features/object/iterate-entries.js
Normal file
4
core-js/features/object/iterate-entries.js
Normal file
|
@ -0,0 +1,4 @@
|
|||
require('../../modules/esnext.object.iterate-entries');
|
||||
var path = require('../../internals/path');
|
||||
|
||||
module.exports = path.Object.iterateEntries;
|
4
core-js/features/object/iterate-keys.js
Normal file
4
core-js/features/object/iterate-keys.js
Normal file
|
@ -0,0 +1,4 @@
|
|||
require('../../modules/esnext.object.iterate-keys');
|
||||
var path = require('../../internals/path');
|
||||
|
||||
module.exports = path.Object.iterateKeys;
|
4
core-js/features/object/iterate-values.js
Normal file
4
core-js/features/object/iterate-values.js
Normal file
|
@ -0,0 +1,4 @@
|
|||
require('../../modules/esnext.object.iterate-values');
|
||||
var path = require('../../internals/path');
|
||||
|
||||
module.exports = path.Object.iterateValues;
|
|
@ -1,7 +1,12 @@
|
|||
var shared = require('../internals/shared');
|
||||
var store = require('../internals/shared-store');
|
||||
|
||||
var functionToString = Function.toString;
|
||||
|
||||
module.exports = shared('inspectSource', function (it) {
|
||||
// this helper broken in `3.4.1-3.4.4`, so we can't use `shared` helper
|
||||
if (typeof store.inspectSource != 'function') {
|
||||
store.inspectSource = function (it) {
|
||||
return functionToString.call(it);
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
module.exports = store.inspectSource;
|
||||
|
|
37
core-js/internals/object-iterator.js
Normal file
37
core-js/internals/object-iterator.js
Normal file
|
@ -0,0 +1,37 @@
|
|||
'use strict';
|
||||
var InternalStateModule = require('../internals/internal-state');
|
||||
var createIteratorConstructor = require('../internals/create-iterator-constructor');
|
||||
var has = require('../internals/has');
|
||||
var objectKeys = require('../internals/object-keys');
|
||||
var toObject = require('../internals/to-object');
|
||||
|
||||
var OBJECT_ITERATOR = 'Object Iterator';
|
||||
var setInternalState = InternalStateModule.set;
|
||||
var getInternalState = InternalStateModule.getterFor(OBJECT_ITERATOR);
|
||||
|
||||
module.exports = createIteratorConstructor(function ObjectIterator(source, mode) {
|
||||
var object = toObject(source);
|
||||
setInternalState(this, {
|
||||
type: OBJECT_ITERATOR,
|
||||
mode: mode,
|
||||
object: object,
|
||||
keys: objectKeys(object),
|
||||
index: 0
|
||||
});
|
||||
}, 'Object', function next() {
|
||||
var state = getInternalState(this);
|
||||
var keys = state.keys;
|
||||
while (true) {
|
||||
if (keys === null || state.index >= keys.length) {
|
||||
state.object = state.keys = null;
|
||||
return { value: undefined, done: true };
|
||||
}
|
||||
var key = keys[state.index++];
|
||||
var object = state.object;
|
||||
if (!has(object, key)) continue;
|
||||
switch (state.mode) {
|
||||
case 'keys': return { value: key, done: false };
|
||||
case 'values': return { value: object[key], done: false };
|
||||
} /* entries */ return { value: [key, object[key]], done: false };
|
||||
}
|
||||
});
|
|
@ -4,7 +4,7 @@ var store = require('../internals/shared-store');
|
|||
(module.exports = function (key, value) {
|
||||
return store[key] || (store[key] = value !== undefined ? value : {});
|
||||
})('versions', []).push({
|
||||
version: '3.4.7',
|
||||
version: '3.5.0',
|
||||
mode: IS_PURE ? 'pure' : 'global',
|
||||
copyright: '© 2019 Denis Pushkarev (zloirock.ru)'
|
||||
});
|
||||
|
|
11
core-js/modules/esnext.object.iterate-entries.js
Normal file
11
core-js/modules/esnext.object.iterate-entries.js
Normal file
|
@ -0,0 +1,11 @@
|
|||
'use strict';
|
||||
var $ = require('../internals/export');
|
||||
var ObjectIterator = require('../internals/object-iterator');
|
||||
|
||||
// `Object.iterateEntries` method
|
||||
// https://github.com/tc39/proposal-object-iteration
|
||||
$({ target: 'Object', stat: true }, {
|
||||
iterateEntries: function iterateEntries(object) {
|
||||
return new ObjectIterator(object, 'entries');
|
||||
}
|
||||
});
|
11
core-js/modules/esnext.object.iterate-keys.js
Normal file
11
core-js/modules/esnext.object.iterate-keys.js
Normal file
|
@ -0,0 +1,11 @@
|
|||
'use strict';
|
||||
var $ = require('../internals/export');
|
||||
var ObjectIterator = require('../internals/object-iterator');
|
||||
|
||||
// `Object.iterateKeys` method
|
||||
// https://github.com/tc39/proposal-object-iteration
|
||||
$({ target: 'Object', stat: true }, {
|
||||
iterateKeys: function iterateKeys(object) {
|
||||
return new ObjectIterator(object, 'keys');
|
||||
}
|
||||
});
|
11
core-js/modules/esnext.object.iterate-values.js
Normal file
11
core-js/modules/esnext.object.iterate-values.js
Normal file
|
@ -0,0 +1,11 @@
|
|||
'use strict';
|
||||
var $ = require('../internals/export');
|
||||
var ObjectIterator = require('../internals/object-iterator');
|
||||
|
||||
// `Object.iterateValues` method
|
||||
// https://github.com/tc39/proposal-object-iteration
|
||||
$({ target: 'Object', stat: true }, {
|
||||
iterateValues: function iterateValues(object) {
|
||||
return new ObjectIterator(object, 'values');
|
||||
}
|
||||
});
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"name": "core-js",
|
||||
"description": "Standard library",
|
||||
"version": "3.4.7",
|
||||
"version": "3.5.0",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/zloirock/core-js.git"
|
||||
|
|
3
core-js/proposals/object-iteration.js
Normal file
3
core-js/proposals/object-iteration.js
Normal file
|
@ -0,0 +1,3 @@
|
|||
require('../modules/esnext.object.iterate-entries');
|
||||
require('../modules/esnext.object.iterate-keys');
|
||||
require('../modules/esnext.object.iterate-values');
|
|
@ -5,6 +5,7 @@ require('../proposals/keys-composition');
|
|||
require('../proposals/math-extensions');
|
||||
require('../proposals/math-signbit');
|
||||
require('../proposals/number-from-string');
|
||||
require('../proposals/object-iteration');
|
||||
require('../proposals/observable');
|
||||
require('../proposals/pattern-matching');
|
||||
require('../proposals/promise-try');
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
## master (unreleased)
|
||||
|
||||
## 1.4.3
|
||||
|
||||
- perf:library now uses median instead of average (https://github.com/schneems/derailed_benchmarks/pull/160)
|
||||
|
||||
## 1.4.2
|
||||
|
||||
- Fixed syntax error that resulted in ensure end error inside tasks.rb for older rubies (https://github.com/schneems/derailed_benchmarks/pull/155)
|
||||
|
|
|
@ -431,7 +431,7 @@ Use a comma to seperate your branch names with the `SHAS_TO_TEST` env var, or om
|
|||
|
||||
If you only include one SHA, then derailed will grab the latest commit and compare it to that SHA.
|
||||
|
||||
These tests might take a along time to run so the output is stored on disk incase you want to see them in the future, they're at `tmp/library_branches/<timestamp>` and labeled with the same names as your commits.
|
||||
These tests might take a along time to run so the output is stored on disk incase you want to see them in the future, they're at `tmp/compare_branches/<timestamp>` and labeled with the same names as your commits.
|
||||
|
||||
When the test is done it will output which commit "won" and by how much:
|
||||
|
||||
|
|
|
@ -66,15 +66,27 @@ module DerailedBenchmarks
|
|||
end
|
||||
|
||||
def x_faster
|
||||
FORMAT % (oldest.average/newest.average).to_f
|
||||
(oldest.median/newest.median).to_f
|
||||
end
|
||||
|
||||
def faster?
|
||||
newest.median < oldest.median
|
||||
end
|
||||
|
||||
def percent_faster
|
||||
FORMAT % (((oldest.average - newest.average) / oldest.average).to_f * 100)
|
||||
(((oldest.median - newest.median) / oldest.median).to_f * 100)
|
||||
end
|
||||
|
||||
def change_direction
|
||||
newest.average < oldest.average ? "FASTER" : "SLOWER"
|
||||
if faster?
|
||||
"FASTER 🚀🚀🚀"
|
||||
else
|
||||
"SLOWER 🐢🐢🐢"
|
||||
end
|
||||
end
|
||||
|
||||
def align
|
||||
" " * (("%i" % percent_faster).length - ("%i" % x_faster).length)
|
||||
end
|
||||
|
||||
def banner(io = Kernel)
|
||||
|
@ -85,11 +97,11 @@ module DerailedBenchmarks
|
|||
io.puts "👎👎👎(NOT Statistically Significant) 👎👎👎"
|
||||
end
|
||||
io.puts
|
||||
io.puts "[#{newest.name}] #{newest.desc.inspect} - (#{newest.average} seconds)"
|
||||
io.puts "[#{newest.name}] #{newest.desc.inspect} - (#{newest.median} seconds)"
|
||||
io.puts " #{change_direction} by:"
|
||||
io.puts " #{x_faster}x [older/newer]"
|
||||
io.puts " #{percent_faster}\% [(older - newer) / older * 100]"
|
||||
io.puts "[#{oldest.name}] #{oldest.desc.inspect} - (#{oldest.average} seconds)"
|
||||
io.puts " #{align}#{FORMAT % x_faster}x [older/newer]"
|
||||
io.puts " #{FORMAT % percent_faster}\% [(older - newer) / older * 100]"
|
||||
io.puts "[#{oldest.name}] #{oldest.desc.inspect} - (#{oldest.median} seconds)"
|
||||
io.puts
|
||||
io.puts "Iterations per sample: #{ENV["TEST_COUNT"]}"
|
||||
io.puts "Samples: #{newest.values.length}"
|
||||
|
|
|
@ -30,9 +30,14 @@ module DerailedBenchmarks
|
|||
def call
|
||||
load_file!
|
||||
|
||||
@median = (values[(values.length - 1) / 2] + values[values.length/ 2]) / 2.0
|
||||
@average = values.inject(:+) / values.length
|
||||
end
|
||||
|
||||
def median
|
||||
@median.to_f
|
||||
end
|
||||
|
||||
def average
|
||||
@average.to_f
|
||||
end
|
||||
|
@ -47,6 +52,8 @@ module DerailedBenchmarks
|
|||
raise e, "Problem with file #{@file.inspect}:\n#{@file.read}\n#{e.message}"
|
||||
end
|
||||
end
|
||||
|
||||
values.sort!
|
||||
values.freeze
|
||||
end
|
||||
end
|
||||
|
|
|
@ -39,7 +39,7 @@ namespace :perf do
|
|||
current_library_branch = ""
|
||||
Dir.chdir(library_dir) { current_library_branch = run!('git describe --contains --all HEAD').chomp }
|
||||
|
||||
out_dir = Pathname.new("tmp/library_branches/#{Time.now.strftime('%Y-%m-%d-%H-%M-%s-%N')}")
|
||||
out_dir = Pathname.new("tmp/compare_branches/#{Time.now.strftime('%Y-%m-%d-%H-%M-%s-%N')}")
|
||||
out_dir.mkpath
|
||||
|
||||
branches_to_test = branch_names.each_with_object({}) {|elem, hash| hash[elem] = out_dir + "#{elem.gsub('/', ':')}.bench.txt" }
|
||||
|
@ -93,10 +93,18 @@ namespace :perf do
|
|||
end
|
||||
end
|
||||
|
||||
stats.call.banner if stats
|
||||
end
|
||||
if stats
|
||||
stats.call.banner
|
||||
|
||||
result_file = out_dir + "results.txt"
|
||||
File.open(result_file, "w") do |f|
|
||||
stats.banner(f)
|
||||
end
|
||||
|
||||
puts "Output: #{result_file.to_s}"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
desc "hits the url TEST_COUNT times"
|
||||
task :test => [:setup] do
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module DerailedBenchmarks
|
||||
VERSION = "1.4.2"
|
||||
VERSION = "1.4.3"
|
||||
end
|
||||
|
|
|
@ -22,8 +22,11 @@ class StatsFromDirTest < ActiveSupport::TestCase
|
|||
assert_in_delta 0.1730818382602285, stats.d_critical, 0.00001
|
||||
assert_equal true, stats.significant?
|
||||
|
||||
assert_equal "1.0062", stats.x_faster
|
||||
assert_equal "0.6131", stats.percent_faster
|
||||
format = DerailedBenchmarks::StatsFromDir::FORMAT
|
||||
assert_equal "1.0062", format % stats.x_faster
|
||||
assert_equal "0.6147", format % stats.percent_faster
|
||||
|
||||
assert_equal "11.3844", format % newest.median
|
||||
end
|
||||
|
||||
test "banner faster" do
|
||||
|
@ -44,17 +47,17 @@ class StatsFromDirTest < ActiveSupport::TestCase
|
|||
"0.001"
|
||||
end
|
||||
|
||||
def newest.average
|
||||
def newest.median
|
||||
10.5
|
||||
end
|
||||
|
||||
def oldest.average
|
||||
def oldest.median
|
||||
11.0
|
||||
end
|
||||
|
||||
expected = <<-EOM
|
||||
expected = <<~EOM
|
||||
[winner] "I am the new commit" - (10.5 seconds)
|
||||
FASTER by:
|
||||
FASTER 🚀🚀🚀 by:
|
||||
1.0476x [older/newer]
|
||||
4.5455% [(older - newer) / older * 100]
|
||||
[loser] "Old commit" - (11.0 seconds)
|
||||
|
@ -75,17 +78,17 @@ EOM
|
|||
newest = stats.newest
|
||||
oldest = stats.oldest
|
||||
|
||||
def oldest.average
|
||||
def oldest.median
|
||||
10.5
|
||||
end
|
||||
|
||||
def newest.average
|
||||
def newest.median
|
||||
11.0
|
||||
end
|
||||
|
||||
expected = <<-EOM
|
||||
expected = <<~EOM
|
||||
[loser] "I am the new commit" - (11.0 seconds)
|
||||
SLOWER by:
|
||||
SLOWER 🐢🐢🐢 by:
|
||||
0.9545x [older/newer]
|
||||
-4.7619% [(older - newer) / older * 100]
|
||||
[winner] "Old commit" - (10.5 seconds)
|
||||
|
|
|
@ -666,6 +666,9 @@ msgstr ""
|
|||
msgid "API Token"
|
||||
msgstr ""
|
||||
|
||||
msgid "AWS Secret Access Key"
|
||||
msgstr ""
|
||||
|
||||
msgid "Abort"
|
||||
msgstr ""
|
||||
|
||||
|
@ -5653,6 +5656,9 @@ msgstr ""
|
|||
msgid "Enter merge request URLs"
|
||||
msgstr ""
|
||||
|
||||
msgid "Enter new AWS Secret Access Key"
|
||||
msgstr ""
|
||||
|
||||
msgid "Enter the issue description"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -7,8 +7,9 @@ describe 'Group Badges' do
|
|||
|
||||
let(:user) { create(:user) }
|
||||
let(:group) { create(:group) }
|
||||
let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
|
||||
let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
|
||||
let(:project) { create(:project, namespace: group) }
|
||||
let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
|
||||
let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
|
||||
let!(:badge_1) { create(:group_badge, group: group) }
|
||||
let!(:badge_2) { create(:group_badge, group: group) }
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ describe 'Project Badges' do
|
|||
let(:user) { create(:user) }
|
||||
let(:group) { create(:group) }
|
||||
let(:project) { create(:project, namespace: group) }
|
||||
let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
|
||||
let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
|
||||
let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
|
||||
let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
|
||||
let!(:project_badge) { create(:project_badge, project: project) }
|
||||
let!(:group_badge) { create(:group_badge, group: group) }
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@ shared_examples_for 'matches_cross_reference_regex? fails fast' do
|
|||
it 'fails fast for long strings' do
|
||||
# took well under 1 second in CI https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3267#note_172823
|
||||
expect do
|
||||
Timeout.timeout(3.seconds) { mentionable.matches_cross_reference_regex? }
|
||||
Timeout.timeout(6.seconds) { mentionable.matches_cross_reference_regex? }
|
||||
end.not_to raise_error
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue