New upstream version 12.3.9

This commit is contained in:
Pirate Praveen 2019-12-20 00:11:08 +05:30
parent e25a15efeb
commit 317968c865
29 changed files with 213 additions and 40 deletions

View file

@ -1,5 +1,21 @@
Please view this file on the master branch, on stable branches it's out of date.
## 12.3.8
- No changes.
## 12.3.7
### Security (6 changes)
- Protect Jira integration endpoints from guest users.
- Fix private comment Elasticsearch leak on project search scope.
- Filter snippet search results by feature visibility.
- Hide AWS secret on Admin Integration page.
- Fail pull mirror when mirror user is blocked.
- Prevent IDOR when adding users to protected environments.
## 12.3.6
### Security (4 changes)

View file

@ -2,23 +2,30 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 12.3.9
- No changes.
## 12.3.8
- No changes.
## 12.3.7
### Security (9 changes)
### Security (12 changes)
- Check permissions before showing a forked project's source.
- Do not create todos for approvers without access. !1442
- Limit potential for DNS rebind SSRF in chat notifications.
- Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue.
- Add maven file_name regex validation on incoming files.
- Hide commit counts from guest users in Cycle Analytics.
- Limit potential for DNS rebind SSRF in chat notifications.
- Check permissions before showing a forked project's source.
- Fix 500 error caused by invalid byte sequences in links.
- Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS.
- Add authorization to using filter vulnerable in Dependency List.
## 12.3.6

View file

@ -1 +1 @@
12.3.8
12.3.9

View file

@ -38,9 +38,15 @@ module Groups
ensure_ownership
end
post_update_hooks(@updated_project_ids)
true
end
# Overridden in EE
def post_update_hooks(updated_project_ids)
end
def ensure_allowed_transfer
raise_transfer_error(:group_is_already_root) if group_is_already_root?
raise_transfer_error(:same_parent_as_current) if same_parent?
@ -90,9 +96,16 @@ module Groups
.where(id: descendants.select(:id))
.update_all(visibility_level: @new_parent_group.visibility_level)
@group
projects_to_update = @group
.all_projects
.where("visibility_level > ?", @new_parent_group.visibility_level)
# Used in post_update_hooks in EE. Must use pluck (and not select)
# here as after we perform the update below we won't be able to find
# these records again.
@updated_project_ids = projects_to_update.pluck(:id)
projects_to_update
.update_all(visibility_level: @new_parent_group.visibility_level)
end
# rubocop: enable CodeReuse/ActiveRecord
@ -109,3 +122,5 @@ module Groups
end
end
end
Groups::TransferService.prepend_if_ee('EE::Groups::TransferService')

View file

@ -1,3 +1,6 @@
var parent = require('../../es/object');
require('../../modules/esnext.object.iterate-entries');
require('../../modules/esnext.object.iterate-keys');
require('../../modules/esnext.object.iterate-values');
module.exports = parent;

View file

@ -0,0 +1,4 @@
require('../../modules/esnext.object.iterate-entries');
var path = require('../../internals/path');
module.exports = path.Object.iterateEntries;

View file

@ -0,0 +1,4 @@
require('../../modules/esnext.object.iterate-keys');
var path = require('../../internals/path');
module.exports = path.Object.iterateKeys;

View file

@ -0,0 +1,4 @@
require('../../modules/esnext.object.iterate-values');
var path = require('../../internals/path');
module.exports = path.Object.iterateValues;

View file

@ -1,7 +1,12 @@
var shared = require('../internals/shared');
var store = require('../internals/shared-store');
var functionToString = Function.toString;
module.exports = shared('inspectSource', function (it) {
return functionToString.call(it);
});
// this helper broken in `3.4.1-3.4.4`, so we can't use `shared` helper
if (typeof store.inspectSource != 'function') {
store.inspectSource = function (it) {
return functionToString.call(it);
};
}
module.exports = store.inspectSource;

View file

@ -0,0 +1,37 @@
'use strict';
var InternalStateModule = require('../internals/internal-state');
var createIteratorConstructor = require('../internals/create-iterator-constructor');
var has = require('../internals/has');
var objectKeys = require('../internals/object-keys');
var toObject = require('../internals/to-object');
var OBJECT_ITERATOR = 'Object Iterator';
var setInternalState = InternalStateModule.set;
var getInternalState = InternalStateModule.getterFor(OBJECT_ITERATOR);
module.exports = createIteratorConstructor(function ObjectIterator(source, mode) {
var object = toObject(source);
setInternalState(this, {
type: OBJECT_ITERATOR,
mode: mode,
object: object,
keys: objectKeys(object),
index: 0
});
}, 'Object', function next() {
var state = getInternalState(this);
var keys = state.keys;
while (true) {
if (keys === null || state.index >= keys.length) {
state.object = state.keys = null;
return { value: undefined, done: true };
}
var key = keys[state.index++];
var object = state.object;
if (!has(object, key)) continue;
switch (state.mode) {
case 'keys': return { value: key, done: false };
case 'values': return { value: object[key], done: false };
} /* entries */ return { value: [key, object[key]], done: false };
}
});

View file

@ -4,7 +4,7 @@ var store = require('../internals/shared-store');
(module.exports = function (key, value) {
return store[key] || (store[key] = value !== undefined ? value : {});
})('versions', []).push({
version: '3.4.7',
version: '3.5.0',
mode: IS_PURE ? 'pure' : 'global',
copyright: '© 2019 Denis Pushkarev (zloirock.ru)'
});

View file

@ -0,0 +1,11 @@
'use strict';
var $ = require('../internals/export');
var ObjectIterator = require('../internals/object-iterator');
// `Object.iterateEntries` method
// https://github.com/tc39/proposal-object-iteration
$({ target: 'Object', stat: true }, {
iterateEntries: function iterateEntries(object) {
return new ObjectIterator(object, 'entries');
}
});

View file

@ -0,0 +1,11 @@
'use strict';
var $ = require('../internals/export');
var ObjectIterator = require('../internals/object-iterator');
// `Object.iterateKeys` method
// https://github.com/tc39/proposal-object-iteration
$({ target: 'Object', stat: true }, {
iterateKeys: function iterateKeys(object) {
return new ObjectIterator(object, 'keys');
}
});

View file

@ -0,0 +1,11 @@
'use strict';
var $ = require('../internals/export');
var ObjectIterator = require('../internals/object-iterator');
// `Object.iterateValues` method
// https://github.com/tc39/proposal-object-iteration
$({ target: 'Object', stat: true }, {
iterateValues: function iterateValues(object) {
return new ObjectIterator(object, 'values');
}
});

View file

@ -1,7 +1,7 @@
{
"name": "core-js",
"description": "Standard library",
"version": "3.4.7",
"version": "3.5.0",
"repository": {
"type": "git",
"url": "https://github.com/zloirock/core-js.git"

View file

@ -0,0 +1,3 @@
require('../modules/esnext.object.iterate-entries');
require('../modules/esnext.object.iterate-keys');
require('../modules/esnext.object.iterate-values');

View file

@ -5,6 +5,7 @@ require('../proposals/keys-composition');
require('../proposals/math-extensions');
require('../proposals/math-signbit');
require('../proposals/number-from-string');
require('../proposals/object-iteration');
require('../proposals/observable');
require('../proposals/pattern-matching');
require('../proposals/promise-try');

View file

@ -1,5 +1,9 @@
## master (unreleased)
## 1.4.3
- perf:library now uses median instead of average (https://github.com/schneems/derailed_benchmarks/pull/160)
## 1.4.2
- Fixed syntax error that resulted in ensure end error inside tasks.rb for older rubies (https://github.com/schneems/derailed_benchmarks/pull/155)

View file

@ -431,7 +431,7 @@ Use a comma to seperate your branch names with the `SHAS_TO_TEST` env var, or om
If you only include one SHA, then derailed will grab the latest commit and compare it to that SHA.
These tests might take a along time to run so the output is stored on disk incase you want to see them in the future, they're at `tmp/library_branches/<timestamp>` and labeled with the same names as your commits.
These tests might take a along time to run so the output is stored on disk incase you want to see them in the future, they're at `tmp/compare_branches/<timestamp>` and labeled with the same names as your commits.
When the test is done it will output which commit "won" and by how much:

View file

@ -66,15 +66,27 @@ module DerailedBenchmarks
end
def x_faster
FORMAT % (oldest.average/newest.average).to_f
(oldest.median/newest.median).to_f
end
def faster?
newest.median < oldest.median
end
def percent_faster
FORMAT % (((oldest.average - newest.average) / oldest.average).to_f * 100)
(((oldest.median - newest.median) / oldest.median).to_f * 100)
end
def change_direction
newest.average < oldest.average ? "FASTER" : "SLOWER"
if faster?
"FASTER 🚀🚀🚀"
else
"SLOWER 🐢🐢🐢"
end
end
def align
" " * (("%i" % percent_faster).length - ("%i" % x_faster).length)
end
def banner(io = Kernel)
@ -85,11 +97,11 @@ module DerailedBenchmarks
io.puts "👎👎👎(NOT Statistically Significant) 👎👎👎"
end
io.puts
io.puts "[#{newest.name}] #{newest.desc.inspect} - (#{newest.average} seconds)"
io.puts "[#{newest.name}] #{newest.desc.inspect} - (#{newest.median} seconds)"
io.puts " #{change_direction} by:"
io.puts " #{x_faster}x [older/newer]"
io.puts " #{percent_faster}\% [(older - newer) / older * 100]"
io.puts "[#{oldest.name}] #{oldest.desc.inspect} - (#{oldest.average} seconds)"
io.puts " #{align}#{FORMAT % x_faster}x [older/newer]"
io.puts " #{FORMAT % percent_faster}\% [(older - newer) / older * 100]"
io.puts "[#{oldest.name}] #{oldest.desc.inspect} - (#{oldest.median} seconds)"
io.puts
io.puts "Iterations per sample: #{ENV["TEST_COUNT"]}"
io.puts "Samples: #{newest.values.length}"

View file

@ -30,9 +30,14 @@ module DerailedBenchmarks
def call
load_file!
@median = (values[(values.length - 1) / 2] + values[values.length/ 2]) / 2.0
@average = values.inject(:+) / values.length
end
def median
@median.to_f
end
def average
@average.to_f
end
@ -47,6 +52,8 @@ module DerailedBenchmarks
raise e, "Problem with file #{@file.inspect}:\n#{@file.read}\n#{e.message}"
end
end
values.sort!
values.freeze
end
end

View file

@ -39,7 +39,7 @@ namespace :perf do
current_library_branch = ""
Dir.chdir(library_dir) { current_library_branch = run!('git describe --contains --all HEAD').chomp }
out_dir = Pathname.new("tmp/library_branches/#{Time.now.strftime('%Y-%m-%d-%H-%M-%s-%N')}")
out_dir = Pathname.new("tmp/compare_branches/#{Time.now.strftime('%Y-%m-%d-%H-%M-%s-%N')}")
out_dir.mkpath
branches_to_test = branch_names.each_with_object({}) {|elem, hash| hash[elem] = out_dir + "#{elem.gsub('/', ':')}.bench.txt" }
@ -93,10 +93,18 @@ namespace :perf do
end
end
stats.call.banner if stats
if stats
stats.call.banner
result_file = out_dir + "results.txt"
File.open(result_file, "w") do |f|
stats.banner(f)
end
puts "Output: #{result_file.to_s}"
end
end
end
end
desc "hits the url TEST_COUNT times"
task :test => [:setup] do

View file

@ -1,5 +1,5 @@
# frozen_string_literal: true
module DerailedBenchmarks
VERSION = "1.4.2"
VERSION = "1.4.3"
end

View file

@ -22,8 +22,11 @@ class StatsFromDirTest < ActiveSupport::TestCase
assert_in_delta 0.1730818382602285, stats.d_critical, 0.00001
assert_equal true, stats.significant?
assert_equal "1.0062", stats.x_faster
assert_equal "0.6131", stats.percent_faster
format = DerailedBenchmarks::StatsFromDir::FORMAT
assert_equal "1.0062", format % stats.x_faster
assert_equal "0.6147", format % stats.percent_faster
assert_equal "11.3844", format % newest.median
end
test "banner faster" do
@ -44,17 +47,17 @@ class StatsFromDirTest < ActiveSupport::TestCase
"0.001"
end
def newest.average
def newest.median
10.5
end
def oldest.average
def oldest.median
11.0
end
expected = <<-EOM
expected = <<~EOM
[winner] "I am the new commit" - (10.5 seconds)
FASTER by:
FASTER 🚀🚀🚀 by:
1.0476x [older/newer]
4.5455% [(older - newer) / older * 100]
[loser] "Old commit" - (11.0 seconds)
@ -75,18 +78,18 @@ EOM
newest = stats.newest
oldest = stats.oldest
def oldest.average
def oldest.median
10.5
end
def newest.average
def newest.median
11.0
end
expected = <<-EOM
expected = <<~EOM
[loser] "I am the new commit" - (11.0 seconds)
SLOWER by:
0.9545x [older/newer]
SLOWER 🐢🐢🐢 by:
0.9545x [older/newer]
-4.7619% [(older - newer) / older * 100]
[winner] "Old commit" - (10.5 seconds)
EOM

View file

@ -666,6 +666,9 @@ msgstr ""
msgid "API Token"
msgstr ""
msgid "AWS Secret Access Key"
msgstr ""
msgid "Abort"
msgstr ""
@ -5653,6 +5656,9 @@ msgstr ""
msgid "Enter merge request URLs"
msgstr ""
msgid "Enter new AWS Secret Access Key"
msgstr ""
msgid "Enter the issue description"
msgstr ""

View file

@ -7,8 +7,9 @@ describe 'Group Badges' do
let(:user) { create(:user) }
let(:group) { create(:group) }
let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
let(:project) { create(:project, namespace: group) }
let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
let!(:badge_1) { create(:group_badge, group: group) }
let!(:badge_2) { create(:group_badge, group: group) }

View file

@ -8,8 +8,8 @@ describe 'Project Badges' do
let(:user) { create(:user) }
let(:group) { create(:group) }
let(:project) { create(:project, namespace: group) }
let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
let!(:project_badge) { create(:project_badge, project: project) }
let!(:group_badge) { create(:group_badge, group: group) }

View file

@ -2,7 +2,7 @@ shared_examples_for 'matches_cross_reference_regex? fails fast' do
it 'fails fast for long strings' do
# took well under 1 second in CI https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3267#note_172823
expect do
Timeout.timeout(3.seconds) { mentionable.matches_cross_reference_regex? }
Timeout.timeout(6.seconds) { mentionable.matches_cross_reference_regex? }
end.not_to raise_error
end
end