diff --git a/CHANGELOG.md b/CHANGELOG.md index aa8b386d8b..fb0ee1674c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.1.3 (2020-07-06) + +- No changes. + ## 13.1.2 (2020-07-01) ### Security (18 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 3837381805..5a21446fc6 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -13.1.2 +13.1.3 diff --git a/VERSION b/VERSION index 3837381805..5a21446fc6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -13.1.2 +13.1.3 diff --git a/debian/changelog b/debian/changelog index 157e36fee2..8c8d4abc02 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +gitlab (13.1.3-1) experimental; urgency=medium + + * Use packaged versions of d3 and d3-sankey node modules + * Use packaged version of codemirror + * New upstream version 13.1.3 (Fixes: CVE-2020-15525) + + -- Pirate Praveen Thu, 09 Jul 2020 12:54:05 +0530 + gitlab (13.1.2-1+fto10+1) buster-fasttrack; urgency=medium * Rebuild for buster-fasttrack. diff --git a/debian/control b/debian/control index cf30be6367..a9292e2130 100644 --- a/debian/control +++ b/debian/control @@ -354,9 +354,12 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, node-cache-loader (>= 4.1~), node-chart.js (>= 2.7.2~), node-clipboard, + node-codemirror, node-compression-webpack-plugin (>= 3.0.1~), node-core-js (>= 3.2.1~), node-css-loader (>= 2.1.1~), +# node-d3 includes d3-sankey + node-d3 (>= 5.16~), node-d3-scale (>= 1.0.7~), node-d3-selection (>= 1.2~), node-dateformat, diff --git a/debian/patches/0740-use-packaged-modules.patch b/debian/patches/0740-use-packaged-modules.patch index a54b4491f4..b43a438306 100644 --- a/debian/patches/0740-use-packaged-modules.patch +++ b/debian/patches/0740-use-packaged-modules.patch @@ -89,7 +89,7 @@ Use debian packaged node modules when available "@gitlab/at.js": "1.5.5", "@gitlab/svgs": "1.140.0", "@gitlab/ui": "17.0.1", -@@ -53,54 +47,31 @@ +@@ -53,54 +47,28 @@ "apollo-link": "^1.2.11", "apollo-link-batch-http": "^1.2.11", "apollo-upload-client": "^10.0.0", @@ -103,15 +103,15 @@ Use debian packaged node modules when available - "cache-loader": "^4.1.0", "classlist-polyfill": "^1.2.0", - "clipboard": "^1.7.1", - "codemirror": "^5.48.4", +- "codemirror": "^5.48.4", "codesandbox-api": "0.0.23", - "compression-webpack-plugin": "^3.0.1", "copy-webpack-plugin": "^5.0.5", - "core-js": "^3.6.4", "cropper": "^2.3.0", - "css-loader": "^2.1.1", - "d3": "^5.16.0", - "d3-sankey": "^0.12.3", +- "d3": "^5.16.0", +- "d3-sankey": "^0.12.3", - "d3-scale": "^2.2.2", - "d3-selection": "^1.2.0", - "dateformat": "^3.0.3", @@ -144,7 +144,7 @@ Use debian packaged node modules when available "marked": "^0.3.12", "mermaid": "^8.5.2", "mersenne-twister": "1.1.0", -@@ -108,13 +79,9 @@ +@@ -108,13 +76,9 @@ "mitt": "^1.2.0", "monaco-editor": "^0.18.1", "monaco-editor-webpack-plugin": "^1.7.0", @@ -158,7 +158,7 @@ Use debian packaged node modules when available "raphael": "^2.2.7", "raw-loader": "^4.0.0", "sanitize-html": "^1.22.0", -@@ -128,31 +95,21 @@ +@@ -128,31 +92,21 @@ "svg4everybody": "2.1.9", "swagger-ui-dist": "^3.26.2", "three": "^0.84.0", diff --git a/debian/patches/0741-add-graphql-tag.patch b/debian/patches/0741-add-graphql-tag.patch index f69eb335ec..963fc6a932 100644 --- a/debian/patches/0741-add-graphql-tag.patch +++ b/debian/patches/0741-add-graphql-tag.patch @@ -2,7 +2,7 @@ yarn fails to install graphql-tag --- a/package.json +++ b/package.json -@@ -67,6 +67,7 @@ +@@ -64,6 +64,7 @@ "formdata-polyfill": "^3.0.19", "fuzzaldrin-plus": "^0.6.0", "graphql": "^14.0.2",