Refresh patches
This commit is contained in:
parent
0de7cdbb9c
commit
e261f2f0ba
20 changed files with 74 additions and 419 deletions
77
debian/patches/0050-relax-stable-libs.patch
vendored
77
debian/patches/0050-relax-stable-libs.patch
vendored
|
@ -49,9 +49,9 @@ gitlab Gemfile
|
||||||
+gem 'rack-oauth2', '~> 1.9', '>= 1.9.3'
|
+gem 'rack-oauth2', '~> 1.9', '>= 1.9.3'
|
||||||
+gem 'jwt', '~> 2.1'
|
+gem 'jwt', '~> 2.1'
|
||||||
|
|
||||||
# Spam and anti-bot protection
|
# Kerberos authentication. EE-only
|
||||||
gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails'
|
gem 'gssapi', group: :kerberos
|
||||||
@@ -54,38 +54,38 @@
|
@@ -57,41 +57,41 @@
|
||||||
gem 'invisible_captcha', '~> 0.12.1'
|
gem 'invisible_captcha', '~> 0.12.1'
|
||||||
|
|
||||||
# Two-factor authentication
|
# Two-factor authentication
|
||||||
|
@ -93,16 +93,19 @@ gitlab Gemfile
|
||||||
+gem 'rack-cors', '~> 1.0', require: 'rack/cors'
|
+gem 'rack-cors', '~> 1.0', require: 'rack/cors'
|
||||||
|
|
||||||
# GraphQL API
|
# GraphQL API
|
||||||
-gem 'graphql', '~> 1.8.0'
|
-gem 'graphql', '~> 1.9.11'
|
||||||
|
+gem 'graphql', '~> 1.9', '>= 1.9.11'
|
||||||
|
# NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab-ce/issues/67293
|
||||||
|
# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
|
||||||
|
# https://gitlab.com/gitlab-org/gitlab-ce/issues/67263
|
||||||
-gem 'graphiql-rails', '~> 1.4.10'
|
-gem 'graphiql-rails', '~> 1.4.10'
|
||||||
-gem 'apollo_upload_server', '~> 2.0.0.beta3'
|
-gem 'apollo_upload_server', '~> 2.0.0.beta3'
|
||||||
+gem 'graphql', '~> 1.8'
|
|
||||||
+gem 'graphiql-rails', '~> 1.4', '>= 1.4.10'
|
+gem 'graphiql-rails', '~> 1.4', '>= 1.4.10'
|
||||||
+gem 'apollo_upload_server', '>= 2.0.0.beta3'
|
+gem 'apollo_upload_server', '>= 2.0.0.beta3'
|
||||||
gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
|
gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
|
||||||
|
|
||||||
# Disable strong_params so that Mash does not respond to :permitted?
|
# Disable strong_params so that Mash does not respond to :permitted?
|
||||||
@@ -95,7 +95,7 @@
|
@@ -101,7 +101,7 @@
|
||||||
gem 'kaminari', '~> 1.0'
|
gem 'kaminari', '~> 1.0'
|
||||||
|
|
||||||
# HAML
|
# HAML
|
||||||
|
@ -111,22 +114,26 @@ gitlab Gemfile
|
||||||
|
|
||||||
# Files attachments
|
# Files attachments
|
||||||
gem 'carrierwave', '~> 1.3'
|
gem 'carrierwave', '~> 1.3'
|
||||||
@@ -105,7 +105,7 @@
|
@@ -111,7 +111,7 @@
|
||||||
gem 'fog-aws', '~> 3.5'
|
gem 'fog-aws', '~> 3.5'
|
||||||
# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
|
# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
|
||||||
# Also see config/initializers/fog_core_patch.rb.
|
# Also see config/initializers/fog_core_patch.rb.
|
||||||
-gem 'fog-core', '= 2.1.0'
|
-gem 'fog-core', '= 2.1.0'
|
||||||
+gem 'fog-core', '= 2.1'
|
+gem 'fog-core', '= 2.1'
|
||||||
gem 'fog-google', '~> 1.8'
|
gem 'fog-google', '~> 1.9'
|
||||||
gem 'fog-local', '~> 0.6'
|
gem 'fog-local', '~> 0.6'
|
||||||
gem 'fog-openstack', '~> 1.0'
|
gem 'fog-openstack', '~> 1.0'
|
||||||
@@ -119,39 +119,39 @@
|
@@ -125,7 +125,7 @@
|
||||||
gem 'unf', '~> 0.1.4'
|
gem 'unf', '~> 0.1.4'
|
||||||
|
|
||||||
# Seed data
|
# Seed data
|
||||||
-gem 'seed-fu', '~> 2.3.7'
|
-gem 'seed-fu', '~> 2.3.7'
|
||||||
+gem 'seed-fu', '~> 2.3', '>= 2.3.7'
|
+gem 'seed-fu', '~> 2.3', '>= 2.3.7'
|
||||||
|
|
||||||
|
# Search
|
||||||
|
gem 'elasticsearch-model', '~> 0.1.9'
|
||||||
|
@@ -136,35 +136,35 @@
|
||||||
|
|
||||||
# Markdown and HTML processing
|
# Markdown and HTML processing
|
||||||
gem 'html-pipeline', '~> 2.8'
|
gem 'html-pipeline', '~> 2.8'
|
||||||
-gem 'deckar01-task_list', '2.2.0'
|
-gem 'deckar01-task_list', '2.2.0'
|
||||||
|
@ -171,7 +178,7 @@ gitlab Gemfile
|
||||||
gem 'unicorn-worker-killer', '~> 0.4.4'
|
gem 'unicorn-worker-killer', '~> 0.4.4'
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -168,13 +168,13 @@
|
@@ -181,13 +181,13 @@
|
||||||
gem 'acts-as-taggable-on', '~> 6.0'
|
gem 'acts-as-taggable-on', '~> 6.0'
|
||||||
|
|
||||||
# Background jobs
|
# Background jobs
|
||||||
|
@ -180,7 +187,7 @@ gitlab Gemfile
|
||||||
gem 'sidekiq-cron', '~> 1.0'
|
gem 'sidekiq-cron', '~> 1.0'
|
||||||
-gem 'redis-namespace', '~> 1.6.0'
|
-gem 'redis-namespace', '~> 1.6.0'
|
||||||
+gem 'redis-namespace', '~> 1.6'
|
+gem 'redis-namespace', '~> 1.6'
|
||||||
gem 'gitlab-sidekiq-fetcher', '0.5.1', require: 'sidekiq-reliable-fetch'
|
gem 'gitlab-sidekiq-fetcher', '0.5.2', require: 'sidekiq-reliable-fetch'
|
||||||
|
|
||||||
# Cron Parser
|
# Cron Parser
|
||||||
-gem 'fugit', '~> 1.2.1'
|
-gem 'fugit', '~> 1.2.1'
|
||||||
|
@ -188,7 +195,7 @@ gitlab Gemfile
|
||||||
|
|
||||||
# HTTP requests
|
# HTTP requests
|
||||||
gem 'httparty', '~> 0.16.4'
|
gem 'httparty', '~> 0.16.4'
|
||||||
@@ -186,14 +186,14 @@
|
@@ -199,14 +199,14 @@
|
||||||
gem 'ruby-progressbar'
|
gem 'ruby-progressbar'
|
||||||
|
|
||||||
# GitLab settings
|
# GitLab settings
|
||||||
|
@ -206,7 +213,7 @@ gitlab Gemfile
|
||||||
|
|
||||||
# Export Ruby Regex to Javascript
|
# Export Ruby Regex to Javascript
|
||||||
gem 'js_regex', '~> 3.1'
|
gem 'js_regex', '~> 3.1'
|
||||||
@@ -206,13 +206,13 @@
|
@@ -219,13 +219,13 @@
|
||||||
gem 'connection_pool', '~> 2.0'
|
gem 'connection_pool', '~> 2.0'
|
||||||
|
|
||||||
# Redis session store
|
# Redis session store
|
||||||
|
@ -221,8 +228,8 @@ gitlab Gemfile
|
||||||
+gem 'hipchat', '~> 1.5'
|
+gem 'hipchat', '~> 1.5'
|
||||||
|
|
||||||
# Jira integration
|
# Jira integration
|
||||||
gem 'jira-ruby', '~> 1.4'
|
gem 'jira-ruby', '~> 1.7'
|
||||||
@@ -221,7 +221,7 @@
|
@@ -235,7 +235,7 @@
|
||||||
gem 'flowdock', '~> 0.7'
|
gem 'flowdock', '~> 0.7'
|
||||||
|
|
||||||
# Slack integration
|
# Slack integration
|
||||||
|
@ -231,12 +238,12 @@ gitlab Gemfile
|
||||||
|
|
||||||
# Hangouts Chat integration
|
# Hangouts Chat integration
|
||||||
gem 'hangouts-chat', '~> 0.0.5'
|
gem 'hangouts-chat', '~> 0.0.5'
|
||||||
@@ -233,11 +233,11 @@
|
@@ -247,11 +247,11 @@
|
||||||
gem 'ruby-fogbugz', '~> 0.2.1'
|
gem 'ruby-fogbugz', '~> 0.2.1'
|
||||||
|
|
||||||
# Kubernetes integration
|
# Kubernetes integration
|
||||||
-gem 'kubeclient', '~> 4.2.2'
|
-gem 'kubeclient', '~> 4.4.0'
|
||||||
+gem 'kubeclient', '~> 4.2', '>= 4.2.2'
|
+gem 'kubeclient', '~> 4.4'
|
||||||
|
|
||||||
# Sanitize user input
|
# Sanitize user input
|
||||||
gem 'sanitize', '~> 4.6'
|
gem 'sanitize', '~> 4.6'
|
||||||
|
@ -245,7 +252,7 @@ gitlab Gemfile
|
||||||
|
|
||||||
# Sanitizes SVG input
|
# Sanitizes SVG input
|
||||||
gem 'loofah', '~> 2.2'
|
gem 'loofah', '~> 2.2'
|
||||||
@@ -246,10 +246,10 @@
|
@@ -260,10 +260,10 @@
|
||||||
gem 'licensee', '~> 8.9'
|
gem 'licensee', '~> 8.9'
|
||||||
|
|
||||||
# Protect against bruteforcing
|
# Protect against bruteforcing
|
||||||
|
@ -258,7 +265,7 @@ gitlab Gemfile
|
||||||
|
|
||||||
# Detect and convert string character encoding
|
# Detect and convert string character encoding
|
||||||
gem 'charlock_holmes', '~> 0.7.5'
|
gem 'charlock_holmes', '~> 0.7.5'
|
||||||
@@ -267,21 +267,21 @@
|
@@ -281,10 +281,10 @@
|
||||||
gem 'webpack-rails', '~> 0.9.10'
|
gem 'webpack-rails', '~> 0.9.10'
|
||||||
gem 'rack-proxy', '~> 0.6.0'
|
gem 'rack-proxy', '~> 0.6.0'
|
||||||
|
|
||||||
|
@ -272,11 +279,7 @@ gitlab Gemfile
|
||||||
gem 'font-awesome-rails', '~> 4.7'
|
gem 'font-awesome-rails', '~> 4.7'
|
||||||
gem 'gemojione', '~> 3.3'
|
gem 'gemojione', '~> 3.3'
|
||||||
gem 'gon', '~> 6.2'
|
gem 'gon', '~> 6.2'
|
||||||
gem 'request_store', '~> 1.3'
|
@@ -296,7 +296,7 @@
|
||||||
-gem 'virtus', '~> 1.0.1'
|
|
||||||
+gem 'virtus', '~> 1.0', '>=1.0.1'
|
|
||||||
gem 'base32', '~> 0.3.0'
|
|
||||||
|
|
||||||
# Sentry integration
|
# Sentry integration
|
||||||
gem 'sentry-raven', '~> 2.9'
|
gem 'sentry-raven', '~> 2.9'
|
||||||
|
|
||||||
|
@ -284,8 +287,8 @@ gitlab Gemfile
|
||||||
+gem 'premailer-rails', '~> 1.9', '>=1.9.7'
|
+gem 'premailer-rails', '~> 1.9', '>=1.9.7'
|
||||||
|
|
||||||
# LabKit: Tracing and Correlation
|
# LabKit: Tracing and Correlation
|
||||||
gem 'gitlab-labkit', '~> 0.4.2'
|
gem 'gitlab-labkit', '~> 0.5'
|
||||||
@@ -289,14 +289,14 @@
|
@@ -304,11 +304,11 @@
|
||||||
# I18n
|
# I18n
|
||||||
gem 'ruby_parser', '~> 3.8', require: false
|
gem 'ruby_parser', '~> 3.8', require: false
|
||||||
gem 'rails-i18n', '~> 5.1'
|
gem 'rails-i18n', '~> 5.1'
|
||||||
|
@ -299,12 +302,8 @@ gitlab Gemfile
|
||||||
+gem 'batch-loader', '~> 1.4'
|
+gem 'batch-loader', '~> 1.4'
|
||||||
|
|
||||||
# Perf bar
|
# Perf bar
|
||||||
-gem 'peek', '~> 1.0.1'
|
# https://gitlab.com/gitlab-org/gitlab-ee/issues/13996
|
||||||
+gem 'peek', '~> 1.0', '>= 1.0.1'
|
@@ -347,62 +347,62 @@
|
||||||
|
|
||||||
# Snowplow events tracking
|
|
||||||
gem 'snowplow-tracker', '~> 0.6.1'
|
|
||||||
@@ -330,39 +330,39 @@
|
|
||||||
end
|
end
|
||||||
|
|
||||||
group :development, :test do
|
group :development, :test do
|
||||||
|
@ -357,16 +356,14 @@ gitlab Gemfile
|
||||||
|
|
||||||
gem 'scss_lint', '~> 0.56.0', require: false
|
gem 'scss_lint', '~> 0.56.0', require: false
|
||||||
gem 'haml_lint', '~> 0.31.0', require: false
|
gem 'haml_lint', '~> 0.31.0', require: false
|
||||||
@@ -370,7 +370,7 @@
|
gem 'simplecov', '~> 0.16.1', require: false
|
||||||
gem 'bundler-audit', '~> 0.5.0', require: false
|
gem 'bundler-audit', '~> 0.5.0', require: false
|
||||||
gem 'mdl', '~> 0.5.0', require: false
|
|
||||||
|
|
||||||
- gem 'benchmark-ips', '~> 2.3.0', require: false
|
- gem 'benchmark-ips', '~> 2.3.0', require: false
|
||||||
+ gem 'benchmark-ips', '~> 2.3', require: false
|
+ gem 'benchmark-ips', '~> 2.3', require: false
|
||||||
|
|
||||||
gem 'license_finder', '~> 5.4', require: false
|
gem 'license_finder', '~> 5.4', require: false
|
||||||
gem 'knapsack', '~> 1.17'
|
gem 'knapsack', '~> 1.17'
|
||||||
@@ -379,16 +379,16 @@
|
|
||||||
|
|
||||||
gem 'stackprof', '~> 0.2.10', require: false
|
gem 'stackprof', '~> 0.2.10', require: false
|
||||||
|
|
||||||
|
@ -388,7 +385,7 @@ gitlab Gemfile
|
||||||
gem 'rails-controller-testing'
|
gem 'rails-controller-testing'
|
||||||
gem 'concurrent-ruby', '~> 1.1'
|
gem 'concurrent-ruby', '~> 1.1'
|
||||||
gem 'test-prof', '~> 0.2.5'
|
gem 'test-prof', '~> 0.2.5'
|
||||||
@@ -412,11 +412,11 @@
|
@@ -426,11 +426,11 @@
|
||||||
gem 'oauth2', '~> 1.4'
|
gem 'oauth2', '~> 1.4'
|
||||||
|
|
||||||
# Health check
|
# Health check
|
||||||
|
@ -401,9 +398,9 @@ gitlab Gemfile
|
||||||
+gem 'vmstat', '~> 2.3'
|
+gem 'vmstat', '~> 2.3'
|
||||||
+gem 'sys-filesystem', '~> 1.1', '>= 1.1.6'
|
+gem 'sys-filesystem', '~> 1.1', '>= 1.1.6'
|
||||||
|
|
||||||
# SSH host key support
|
# NTP client
|
||||||
gem 'net-ssh', '~> 5.2'
|
gem 'net-ntp'
|
||||||
@@ -429,13 +429,13 @@
|
@@ -446,13 +446,13 @@
|
||||||
end
|
end
|
||||||
|
|
||||||
# Gitaly GRPC protocol definitions
|
# Gitaly GRPC protocol definitions
|
||||||
|
|
|
@ -2,15 +2,15 @@ Bundler will fail when it can't find these locally
|
||||||
|
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -86,7 +86,6 @@
|
@@ -92,7 +92,6 @@
|
||||||
gem 'graphql', '~> 1.8'
|
# https://gitlab.com/gitlab-org/gitlab-ce/issues/67263
|
||||||
gem 'graphiql-rails', '~> 1.4', '>= 1.4.10'
|
gem 'graphiql-rails', '~> 1.4', '>= 1.4.10'
|
||||||
gem 'apollo_upload_server', '>= 2.0.0.beta3'
|
gem 'apollo_upload_server', '>= 2.0.0.beta3'
|
||||||
-gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
|
-gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
|
||||||
|
|
||||||
# Disable strong_params so that Mash does not respond to :permitted?
|
# Disable strong_params so that Mash does not respond to :permitted?
|
||||||
gem 'hashie-forbidden_attributes'
|
gem 'hashie-forbidden_attributes'
|
||||||
@@ -291,7 +290,6 @@
|
@@ -306,7 +305,6 @@
|
||||||
gem 'rails-i18n', '~> 5.1'
|
gem 'rails-i18n', '~> 5.1'
|
||||||
gem 'gettext_i18n_rails', '~> 1.8'
|
gem 'gettext_i18n_rails', '~> 1.8'
|
||||||
gem 'gettext_i18n_rails_js', '~> 1.3'
|
gem 'gettext_i18n_rails_js', '~> 1.3'
|
||||||
|
@ -18,13 +18,14 @@ Bundler will fail when it can't find these locally
|
||||||
|
|
||||||
gem 'batch-loader', '~> 1.4'
|
gem 'batch-loader', '~> 1.4'
|
||||||
|
|
||||||
@@ -314,21 +312,6 @@
|
@@ -330,22 +328,6 @@
|
||||||
gem 'raindrops', '~> 0.18'
|
gem 'raindrops', '~> 0.18'
|
||||||
end
|
end
|
||||||
|
|
||||||
-group :development do
|
-group :development do
|
||||||
- gem 'foreman', '~> 0.84.0'
|
- gem 'foreman', '~> 0.84.0'
|
||||||
- gem 'brakeman', '~> 4.2', require: false
|
- gem 'brakeman', '~> 4.2', require: false
|
||||||
|
- gem 'danger', '~> 6.0', require: false
|
||||||
-
|
-
|
||||||
- gem 'letter_opener_web', '~> 1.3.4'
|
- gem 'letter_opener_web', '~> 1.3.4'
|
||||||
- gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false
|
- gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -312,7 +312,7 @@
|
@@ -328,7 +328,7 @@
|
||||||
gem 'raindrops', '~> 0.18'
|
gem 'raindrops', '~> 0.18'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
gem 'bullet', '~> 5.5', require: !!ENV['ENABLE_BULLET']
|
gem 'bullet', '~> 5.5', require: !!ENV['ENABLE_BULLET']
|
||||||
gem 'pry-byebug', '~> 3.5', '>= 3.5.1', platform: :mri
|
gem 'pry-byebug', '~> 3.5', '>= 3.5.1', platform: :mri
|
||||||
gem 'pry-rails', '~> 0.3.4'
|
gem 'pry-rails', '~> 0.3.4'
|
||||||
@@ -365,9 +365,7 @@
|
@@ -378,9 +378,7 @@
|
||||||
gem 'simple_po_parser', '~> 1.1', '>= 1.1.2', require: false
|
gem 'simple_po_parser', '~> 1.1', '>= 1.1.2', require: false
|
||||||
|
|
||||||
gem 'timecop', '~> 0.8.0'
|
gem 'timecop', '~> 0.8.0'
|
||||||
|
|
2
debian/patches/0340-relax-httparty.patch
vendored
2
debian/patches/0340-relax-httparty.patch
vendored
|
@ -1,6 +1,6 @@
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -176,7 +176,7 @@
|
@@ -189,7 +189,7 @@
|
||||||
gem 'fugit', '~> 1.2', '>= 1.2.1'
|
gem 'fugit', '~> 1.2', '>= 1.2.1'
|
||||||
|
|
||||||
# HTTP requests
|
# HTTP requests
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -123,7 +123,6 @@
|
@@ -136,7 +136,6 @@
|
||||||
# Markdown and HTML processing
|
# Markdown and HTML processing
|
||||||
gem 'html-pipeline', '~> 2.8'
|
gem 'html-pipeline', '~> 2.8'
|
||||||
gem 'deckar01-task_list', '2.2'
|
gem 'deckar01-task_list', '2.2'
|
||||||
|
|
2
debian/patches/0440-remove-puma.patch
vendored
2
debian/patches/0440-remove-puma.patch
vendored
|
@ -1,6 +1,6 @@
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -153,12 +153,6 @@
|
@@ -166,12 +166,6 @@
|
||||||
gem 'unicorn-worker-killer', '~> 0.4.4'
|
gem 'unicorn-worker-killer', '~> 0.4.4'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
2
debian/patches/0450-remove-bullet.patch
vendored
2
debian/patches/0450-remove-bullet.patch
vendored
|
@ -1,6 +1,6 @@
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -306,7 +306,6 @@
|
@@ -322,7 +322,6 @@
|
||||||
end
|
end
|
||||||
|
|
||||||
if ENV["INCLUDE_TEST_DEPENDS"] == "true"
|
if ENV["INCLUDE_TEST_DEPENDS"] == "true"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -293,7 +293,8 @@
|
@@ -309,7 +309,8 @@
|
||||||
gem 'snowplow-tracker', '~> 0.6.1'
|
gem 'snowplow-tracker', '~> 0.6.1'
|
||||||
|
|
||||||
# Memory benchmarks
|
# Memory benchmarks
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -290,7 +290,7 @@
|
@@ -306,7 +306,7 @@
|
||||||
gem 'peek', '~> 1.0', '>= 1.0.1'
|
gem 'gitlab-peek', '~> 0.0.1', require: 'peek'
|
||||||
|
|
||||||
# Snowplow events tracking
|
# Snowplow events tracking
|
||||||
-gem 'snowplow-tracker', '~> 0.6.1'
|
-gem 'snowplow-tracker', '~> 0.6.1'
|
||||||
|
|
11
debian/patches/0482-relax-gitlab-labkit.patch
vendored
11
debian/patches/0482-relax-gitlab-labkit.patch
vendored
|
@ -1,11 +0,0 @@
|
||||||
--- a/Gemfile
|
|
||||||
+++ b/Gemfile
|
|
||||||
@@ -276,7 +276,7 @@
|
|
||||||
gem 'premailer-rails', '~> 1.9', '>=1.9.7'
|
|
||||||
|
|
||||||
# LabKit: Tracing and Correlation
|
|
||||||
-gem 'gitlab-labkit', '~> 0.4.2'
|
|
||||||
+gem 'gitlab-labkit', '~> 0.5'
|
|
||||||
|
|
||||||
# I18n
|
|
||||||
gem 'ruby_parser', '~> 3.8', require: false
|
|
|
@ -1,10 +1,10 @@
|
||||||
--- a/package.json
|
--- a/package.json
|
||||||
+++ b/package.json
|
+++ b/package.json
|
||||||
@@ -145,60 +145,6 @@
|
@@ -147,62 +147,7 @@
|
||||||
"xterm": "^3.5.0"
|
"xterm": "^3.5.0"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
- "@babel/plugin-transform-modules-commonjs": "^7.2.0",
|
- "@babel/plugin-transform-modules-commonjs": "^7.5.0",
|
||||||
- "@gitlab/eslint-config": "^1.6.0",
|
- "@gitlab/eslint-config": "^1.6.0",
|
||||||
- "@gitlab/eslint-plugin-i18n": "^1.1.0",
|
- "@gitlab/eslint-plugin-i18n": "^1.1.0",
|
||||||
- "@gitlab/eslint-plugin-vue-i18n": "^1.2.0",
|
- "@gitlab/eslint-plugin-vue-i18n": "^1.2.0",
|
||||||
|
@ -21,7 +21,6 @@
|
||||||
- "eslint": "~5.9.0",
|
- "eslint": "~5.9.0",
|
||||||
- "eslint-import-resolver-jest": "^2.1.1",
|
- "eslint-import-resolver-jest": "^2.1.1",
|
||||||
- "eslint-import-resolver-webpack": "^0.10.1",
|
- "eslint-import-resolver-webpack": "^0.10.1",
|
||||||
- "eslint-plugin-html": "5.0.0",
|
|
||||||
- "eslint-plugin-import": "^2.14.0",
|
- "eslint-plugin-import": "^2.14.0",
|
||||||
- "eslint-plugin-jasmine": "^2.10.1",
|
- "eslint-plugin-jasmine": "^2.10.1",
|
||||||
- "eslint-plugin-jest": "^22.3.0",
|
- "eslint-plugin-jest": "^22.3.0",
|
||||||
|
@ -45,6 +44,7 @@
|
||||||
- "karma-mocha-reporter": "^2.2.5",
|
- "karma-mocha-reporter": "^2.2.5",
|
||||||
- "karma-sourcemap-loader": "^0.3.7",
|
- "karma-sourcemap-loader": "^0.3.7",
|
||||||
- "karma-webpack": "^4.0.2",
|
- "karma-webpack": "^4.0.2",
|
||||||
|
- "markdownlint-cli": "0.18.0",
|
||||||
- "md5": "^2.2.1",
|
- "md5": "^2.2.1",
|
||||||
- "node-sass": "^4.12.0",
|
- "node-sass": "^4.12.0",
|
||||||
- "nodemon": "^1.18.9",
|
- "nodemon": "^1.18.9",
|
||||||
|
@ -55,9 +55,12 @@
|
||||||
- "stylelint": "^10.1.0",
|
- "stylelint": "^10.1.0",
|
||||||
- "stylelint-config-recommended": "^2.2.0",
|
- "stylelint-config-recommended": "^2.2.0",
|
||||||
- "stylelint-scss": "^3.9.2",
|
- "stylelint-scss": "^3.9.2",
|
||||||
|
- "timezone-mock": "^1.0.8",
|
||||||
- "vue-jest": "^4.0.0-beta.2",
|
- "vue-jest": "^4.0.0-beta.2",
|
||||||
- "webpack-dev-server": "^3.1.14",
|
- "webpack-dev-server": "^3.1.14",
|
||||||
- "yarn-deduplicate": "^1.1.1"
|
- "yarn-deduplicate": "^1.1.1"
|
||||||
},
|
- },
|
||||||
|
+ },
|
||||||
"resolutions": {
|
"resolutions": {
|
||||||
"vue-jest/ts-jest": "24.0.0"
|
"vue-jest/ts-jest": "24.0.0"
|
||||||
|
},
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
--- a/config/webpack.config.js
|
--- a/config/webpack.config.js
|
||||||
+++ b/config/webpack.config.js
|
+++ b/config/webpack.config.js
|
||||||
@@ -126,9 +126,14 @@
|
@@ -127,9 +127,14 @@
|
||||||
|
|
||||||
resolve: {
|
resolve: {
|
||||||
extensions: ['.js', '.gql', '.graphql'],
|
extensions: ['.js', '.gql', '.graphql'],
|
||||||
|
|
|
@ -3,7 +3,7 @@ Author: Utkarsh Gupta <guptautkarsh2102@gmail.com>
|
||||||
|
|
||||||
--- a/package.json
|
--- a/package.json
|
||||||
+++ b/package.json
|
+++ b/package.json
|
||||||
@@ -85,6 +85,7 @@
|
@@ -86,6 +86,7 @@
|
||||||
"fuzzaldrin-plus": "^0.5.0",
|
"fuzzaldrin-plus": "^0.5.0",
|
||||||
"glob": "^7.1.2",
|
"glob": "^7.1.2",
|
||||||
"graphql": "^14.0.2",
|
"graphql": "^14.0.2",
|
||||||
|
|
11
debian/patches/0740-use-packaged-modules.patch
vendored
11
debian/patches/0740-use-packaged-modules.patch
vendored
|
@ -1,12 +1,12 @@
|
||||||
--- a/package.json
|
--- a/package.json
|
||||||
+++ b/package.json
|
+++ b/package.json
|
||||||
@@ -121,28 +121,17 @@
|
@@ -122,29 +122,19 @@
|
||||||
"style-loader": "^0.23.1",
|
"style-loader": "^0.23.1",
|
||||||
"svg4everybody": "2.1.9",
|
"svg4everybody": "2.1.9",
|
||||||
"three": "^0.84.0",
|
"three": "^0.84.0",
|
||||||
- "three-orbit-controls": "^82.1.0",
|
- "three-orbit-controls": "^82.1.0",
|
||||||
- "three-stl-loader": "^1.0.4",
|
- "three-stl-loader": "^1.0.4",
|
||||||
- "timeago.js": "^3.0.2",
|
"timeago.js": "^3.0.2",
|
||||||
"tiptap": "^1.8.0",
|
"tiptap": "^1.8.0",
|
||||||
"tiptap-commands": "^1.4.0",
|
"tiptap-commands": "^1.4.0",
|
||||||
"tiptap-extensions": "^1.8.0",
|
"tiptap-extensions": "^1.8.0",
|
||||||
|
@ -20,6 +20,7 @@
|
||||||
"vue-router": "^3.0.2",
|
"vue-router": "^3.0.2",
|
||||||
"vue-template-compiler": "^2.6.10",
|
"vue-template-compiler": "^2.6.10",
|
||||||
"vue-virtual-scroll-list": "^1.3.1",
|
"vue-virtual-scroll-list": "^1.3.1",
|
||||||
|
"vuedraggable": "^2.23.0",
|
||||||
"vuex": "^3.1.0",
|
"vuex": "^3.1.0",
|
||||||
- "webpack": "^4.29.0",
|
- "webpack": "^4.29.0",
|
||||||
- "webpack-bundle-analyzer": "^3.3.2",
|
- "webpack-bundle-analyzer": "^3.3.2",
|
||||||
|
@ -39,7 +40,7 @@
|
||||||
const CopyWebpackPlugin = require('copy-webpack-plugin');
|
const CopyWebpackPlugin = require('copy-webpack-plugin');
|
||||||
|
|
||||||
const ROOT_PATH = '/usr/share/gitlab';
|
const ROOT_PATH = '/usr/share/gitlab';
|
||||||
@@ -126,12 +125,12 @@
|
@@ -127,12 +126,12 @@
|
||||||
|
|
||||||
resolve: {
|
resolve: {
|
||||||
extensions: ['.js', '.gql', '.graphql'],
|
extensions: ['.js', '.gql', '.graphql'],
|
||||||
|
@ -54,7 +55,7 @@
|
||||||
},
|
},
|
||||||
|
|
||||||
module: {
|
module: {
|
||||||
@@ -338,16 +337,6 @@
|
@@ -370,16 +369,6 @@
|
||||||
// enable HMR only in webpack-dev-server
|
// enable HMR only in webpack-dev-server
|
||||||
DEV_SERVER_LIVERELOAD && new webpack.HotModuleReplacementPlugin(),
|
DEV_SERVER_LIVERELOAD && new webpack.HotModuleReplacementPlugin(),
|
||||||
|
|
||||||
|
@ -71,7 +72,7 @@
|
||||||
new webpack.DefinePlugin({
|
new webpack.DefinePlugin({
|
||||||
// This one is used to define window.gon.ee and other things properly in tests:
|
// This one is used to define window.gon.ee and other things properly in tests:
|
||||||
'process.env.IS_GITLAB_EE': JSON.stringify(IS_EE),
|
'process.env.IS_GITLAB_EE': JSON.stringify(IS_EE),
|
||||||
@@ -373,6 +362,7 @@
|
@@ -405,6 +394,7 @@
|
||||||
|
|
||||||
node: {
|
node: {
|
||||||
fs: 'empty', // sqljs requires fs
|
fs: 'empty', // sqljs requires fs
|
||||||
|
|
4
debian/patches/0750-fix-relative-paths.patch
vendored
4
debian/patches/0750-fix-relative-paths.patch
vendored
|
@ -1,10 +1,12 @@
|
||||||
--- a/config/initializers/1_settings.rb
|
--- a/config/initializers/1_settings.rb
|
||||||
+++ b/config/initializers/1_settings.rb
|
+++ b/config/initializers/1_settings.rb
|
||||||
@@ -1,5 +1,5 @@
|
@@ -1,6 +1,6 @@
|
||||||
-require_relative '../settings'
|
-require_relative '../settings'
|
||||||
-require_relative '../object_store_settings'
|
-require_relative '../object_store_settings'
|
||||||
|
-require_relative '../smime_signature_settings'
|
||||||
+require '/usr/share/gitlab/config/settings'
|
+require '/usr/share/gitlab/config/settings'
|
||||||
+require '/usr/share/gitlab/config/object_store_settings'
|
+require '/usr/share/gitlab/config/object_store_settings'
|
||||||
|
+require '/usr/share/gitlab/config/smime_signature_settings'
|
||||||
|
|
||||||
# Default settings
|
# Default settings
|
||||||
Settings['ldap'] ||= Settingslogic.new({})
|
Settings['ldap'] ||= Settingslogic.new({})
|
||||||
|
|
8
debian/patches/0760-bump-rubyzip.patch
vendored
8
debian/patches/0760-bump-rubyzip.patch
vendored
|
@ -5,7 +5,7 @@ Last-Update: 2019-11-19
|
||||||
|
|
||||||
--- a/Gemfile
|
--- a/Gemfile
|
||||||
+++ b/Gemfile
|
+++ b/Gemfile
|
||||||
@@ -61,7 +61,7 @@
|
@@ -64,7 +64,7 @@
|
||||||
|
|
||||||
# GitLab Pages
|
# GitLab Pages
|
||||||
gem 'validates_hostname', '~> 1.0', '>= 1.0.6'
|
gem 'validates_hostname', '~> 1.0', '>= 1.0.6'
|
||||||
|
@ -16,7 +16,7 @@ Last-Update: 2019-11-19
|
||||||
|
|
||||||
--- a/Gemfile.lock
|
--- a/Gemfile.lock
|
||||||
+++ b/Gemfile.lock
|
+++ b/Gemfile.lock
|
||||||
@@ -845,7 +845,7 @@
|
@@ -901,7 +901,7 @@
|
||||||
sexp_processor (~> 4.9)
|
sexp_processor (~> 4.9)
|
||||||
rubyntlm (0.6.2)
|
rubyntlm (0.6.2)
|
||||||
rubypants (0.2.0)
|
rubypants (0.2.0)
|
||||||
|
@ -25,8 +25,8 @@ Last-Update: 2019-11-19
|
||||||
rugged (0.28.3.1)
|
rugged (0.28.3.1)
|
||||||
safe_yaml (1.0.4)
|
safe_yaml (1.0.4)
|
||||||
sanitize (4.6.6)
|
sanitize (4.6.6)
|
||||||
@@ -1220,7 +1220,7 @@
|
@@ -1291,7 +1291,7 @@
|
||||||
ruby-prof (~> 0.17.0)
|
ruby-prof (~> 1.0.0)
|
||||||
ruby-progressbar
|
ruby-progressbar
|
||||||
ruby_parser (~> 3.8)
|
ruby_parser (~> 3.8)
|
||||||
- rubyzip (~> 1.2.2)
|
- rubyzip (~> 1.2.2)
|
||||||
|
|
2
debian/patches/0770-bump-node-d3.patch
vendored
2
debian/patches/0770-bump-node-d3.patch
vendored
|
@ -10,7 +10,7 @@ Subject: [PATCH 1/2] Update d3 node module 4.13 -> 5.12
|
||||||
|
|
||||||
--- a/package.json
|
--- a/package.json
|
||||||
+++ b/package.json
|
+++ b/package.json
|
||||||
@@ -61,7 +61,7 @@
|
@@ -62,7 +62,7 @@
|
||||||
"core-js": "^3.1.3",
|
"core-js": "^3.1.3",
|
||||||
"cropper": "^2.3.0",
|
"cropper": "^2.3.0",
|
||||||
"css-loader": "^1.0.0",
|
"css-loader": "^1.0.0",
|
||||||
|
|
154
debian/patches/CVE-2019-19254.patch
vendored
154
debian/patches/CVE-2019-19254.patch
vendored
|
@ -1,154 +0,0 @@
|
||||||
From 5bdfcaa1c268aa475a11480a0ae33691f73a1a96 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Brandon Labuschagne <blabuschagne@gitlab.com>
|
|
||||||
Date: Fri, 15 Nov 2019 14:39:29 +0000
|
|
||||||
Subject: [PATCH 1/2] Ensure that summary items remain aligned
|
|
||||||
|
|
||||||
Default number of items is 3. If this is not the case,
|
|
||||||
then increase the column width of the summary items
|
|
||||||
to cater for 2 items plus the date filter.
|
|
||||||
---
|
|
||||||
.../javascripts/cycle_analytics/cycle_analytics_bundle.js | 6 ++++++
|
|
||||||
app/views/projects/cycle_analytics/show.html.haml | 4 ++--
|
|
||||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
--- a/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
|
|
||||||
+++ b/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
|
|
||||||
@@ -56,10 +56,16 @@
|
|
||||||
service: this.createCycleAnalyticsService(cycleAnalyticsEl.dataset.requestPath),
|
|
||||||
};
|
|
||||||
},
|
|
||||||
+ defaultNumberOfSummaryItems: 3,
|
|
||||||
computed: {
|
|
||||||
currentStage() {
|
|
||||||
return this.store.currentActiveStage();
|
|
||||||
},
|
|
||||||
+ summaryTableColumnClass() {
|
|
||||||
+ return this.state.summary.length === this.$options.defaultNumberOfSummaryItems
|
|
||||||
+ ? 'col-sm-3'
|
|
||||||
+ : 'col-sm-4';
|
|
||||||
+ },
|
|
||||||
},
|
|
||||||
created() {
|
|
||||||
// Conditional check placed here to prevent this method from being called on the
|
|
||||||
--- a/app/views/projects/cycle_analytics/show.html.haml
|
|
||||||
+++ b/app/views/projects/cycle_analytics/show.html.haml
|
|
||||||
@@ -14,10 +14,10 @@
|
|
||||||
.content-block
|
|
||||||
.container-fluid
|
|
||||||
.row
|
|
||||||
- .col-sm-3.col-12.column{ "v-for" => "item in state.summary" }
|
|
||||||
+ .col-12.column{ "v-for" => "item in state.summary", ":class" => "summaryTableColumnClass" }
|
|
||||||
%h3.header {{ item.value }}
|
|
||||||
%p.text {{ item.title }}
|
|
||||||
- .col-sm-3.col-12.column
|
|
||||||
+ .col-12.column{ ":class" => "summaryTableColumnClass" }
|
|
||||||
.dropdown.inline.js-ca-dropdown
|
|
||||||
%button.dropdown-menu-toggle{ "data-toggle" => "dropdown", :type => "button" }
|
|
||||||
%span.dropdown-label {{ n__('Last %d day', 'Last %d days', 30) }}
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
|
|
||||||
@@ -0,0 +1,5 @@
|
|
||||||
+---
|
|
||||||
+title: Hide commit counts from guest users in Cycle Analytics.
|
|
||||||
+merge_request:
|
|
||||||
+author:
|
|
||||||
+type: security
|
|
||||||
--- a/lib/gitlab/cycle_analytics/stage_summary.rb
|
|
||||||
+++ b/lib/gitlab/cycle_analytics/stage_summary.rb
|
|
||||||
@@ -10,13 +10,29 @@
|
|
||||||
end
|
|
||||||
|
|
||||||
def data
|
|
||||||
- [serialize(Summary::Issue.new(project: @project, from: @from, current_user: @current_user)),
|
|
||||||
- serialize(Summary::Commit.new(project: @project, from: @from)),
|
|
||||||
- serialize(Summary::Deploy.new(project: @project, from: @from))]
|
|
||||||
+ summary = [issue_stats]
|
|
||||||
+ summary << commit_stats if user_has_sufficient_access?
|
|
||||||
+ summary << deploy_stats
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
+ def issue_stats
|
|
||||||
+ serialize(Summary::Issue.new(project: @project, from: @from, current_user: @current_user))
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ def commit_stats
|
|
||||||
+ serialize(Summary::Commit.new(project: @project, from: @from))
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ def deploy_stats
|
|
||||||
+ serialize(Summary::Deploy.new(project: @project, from: @from))
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ def user_has_sufficient_access?
|
|
||||||
+ @project.team.member?(@current_user, Gitlab::Access::REPORTER)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
def serialize(summary_object)
|
|
||||||
AnalyticsSummarySerializer.new.represent(summary_object)
|
|
||||||
end
|
|
||||||
--- a/spec/features/cycle_analytics_spec.rb
|
|
||||||
+++ b/spec/features/cycle_analytics_spec.rb
|
|
||||||
@@ -108,6 +108,10 @@
|
|
||||||
wait_for_requests
|
|
||||||
end
|
|
||||||
|
|
||||||
+ it 'does not show the commit stats' do
|
|
||||||
+ expect(page).to have_no_selector(:xpath, commits_counter_selector)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
it 'needs permissions to see restricted stages' do
|
|
||||||
expect(find('.stage-events')).to have_content(issue.title)
|
|
||||||
|
|
||||||
@@ -123,8 +127,12 @@
|
|
||||||
find(:xpath, "//p[contains(text(),'New Issue')]/preceding-sibling::h3")
|
|
||||||
end
|
|
||||||
|
|
||||||
+ def commits_counter_selector
|
|
||||||
+ "//p[contains(text(),'Commits')]/preceding-sibling::h3"
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
def commits_counter
|
|
||||||
- find(:xpath, "//p[contains(text(),'Commits')]/preceding-sibling::h3")
|
|
||||||
+ find(:xpath, commits_counter_selector)
|
|
||||||
end
|
|
||||||
|
|
||||||
def deploys_counter
|
|
||||||
--- a/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
|
|
||||||
+++ b/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb
|
|
||||||
@@ -8,6 +8,10 @@
|
|
||||||
let(:user) { create(:user, :admin) }
|
|
||||||
subject { described_class.new(project, from: Time.now, current_user: user).data }
|
|
||||||
|
|
||||||
+ before do
|
|
||||||
+ project.add_maintainer(user)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
describe "#new_issues" do
|
|
||||||
it "finds the number of issues created after the 'from date'" do
|
|
||||||
Timecop.freeze(5.days.ago) { create(:issue, project: project) }
|
|
||||||
@@ -42,6 +46,23 @@
|
|
||||||
|
|
||||||
expect(subject.second[:value]).to eq(100)
|
|
||||||
end
|
|
||||||
+
|
|
||||||
+ context 'when a guest user is signed in' do
|
|
||||||
+ let(:guest_user) { create(:user) }
|
|
||||||
+
|
|
||||||
+ before do
|
|
||||||
+ project.add_guest(guest_user)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ it 'does not include commit stats' do
|
|
||||||
+ data = described_class.new(project, from: from, current_user: guest_user).data
|
|
||||||
+ expect(includes_commits?(data)).to be_falsy
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ def includes_commits?(data)
|
|
||||||
+ data.any? { |h| h["title"] == 'Commits' }
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "#deploys" do
|
|
181
debian/patches/CVE-2019-19257.patch
vendored
181
debian/patches/CVE-2019-19257.patch
vendored
|
@ -1,181 +0,0 @@
|
||||||
From debb36496b4805beae28262fbb24a692018178e2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kerri Miller <kerrizor@kerrizor.com>
|
|
||||||
Date: Fri, 25 Oct 2019 07:46:40 -0500
|
|
||||||
Subject: [PATCH] Restrict branches visible to guests in Issue feed
|
|
||||||
|
|
||||||
Notes related to branch creation should not be shown in an issue's
|
|
||||||
activity feed when the user doesn't have access to :download_code.
|
|
||||||
---
|
|
||||||
app/models/note.rb | 15 ++++-
|
|
||||||
...er-related-branches-from-activity-feed.yml | 6 ++
|
|
||||||
.../projects/issues_controller_spec.rb | 37 +++++++++++
|
|
||||||
spec/models/note_spec.rb | 64 +++++++++++++++++++
|
|
||||||
4 files changed, 121 insertions(+), 1 deletion(-)
|
|
||||||
create mode 100644 changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml
|
|
||||||
|
|
||||||
--- a/app/models/note.rb
|
|
||||||
+++ b/app/models/note.rb
|
|
||||||
@@ -40,6 +40,10 @@
|
|
||||||
|
|
||||||
redact_field :note
|
|
||||||
|
|
||||||
+ TYPES_RESTRICTED_BY_ABILITY = {
|
|
||||||
+ branch: :download_code
|
|
||||||
+ }.freeze
|
|
||||||
+
|
|
||||||
# Aliases to make application_helper#edited_time_ago_with_tooltip helper work properly with notes.
|
|
||||||
# See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10392/diffs#note_28719102
|
|
||||||
alias_attribute :last_edited_at, :updated_at
|
|
||||||
@@ -333,7 +337,7 @@
|
|
||||||
end
|
|
||||||
|
|
||||||
def visible_for?(user)
|
|
||||||
- !cross_reference_not_visible_for?(user)
|
|
||||||
+ !cross_reference_not_visible_for?(user) && system_note_viewable_by?(user)
|
|
||||||
end
|
|
||||||
|
|
||||||
def award_emoji?
|
|
||||||
@@ -485,6 +489,15 @@
|
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
+ def system_note_viewable_by?(user)
|
|
||||||
+ return true unless system_note_metadata
|
|
||||||
+
|
|
||||||
+ restriction = TYPES_RESTRICTED_BY_ABILITY[system_note_metadata.action.to_sym]
|
|
||||||
+ return Ability.allowed?(user, restriction, project) if restriction
|
|
||||||
+
|
|
||||||
+ true
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
def keep_around_commit
|
|
||||||
project.repository.keep_around(self.commit_id)
|
|
||||||
end
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml
|
|
||||||
@@ -0,0 +1,6 @@
|
|
||||||
+---
|
|
||||||
+title: Remove notes regarding Related Branches from Issue activity feeds for guest
|
|
||||||
+ users
|
|
||||||
+merge_request:
|
|
||||||
+author:
|
|
||||||
+type: security
|
|
||||||
--- a/spec/controllers/projects/issues_controller_spec.rb
|
|
||||||
+++ b/spec/controllers/projects/issues_controller_spec.rb
|
|
||||||
@@ -1343,6 +1343,43 @@
|
|
||||||
expect { get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid } }.not_to exceed_query_limit(control_count)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
+
|
|
||||||
+ context 'private project' do
|
|
||||||
+ let!(:branch_note) { create(:discussion_note_on_issue, :system, noteable: issue, project: project) }
|
|
||||||
+ let!(:commit_note) { create(:discussion_note_on_issue, :system, noteable: issue, project: project) }
|
|
||||||
+ let!(:branch_note_meta) { create(:system_note_metadata, note: branch_note, action: "branch") }
|
|
||||||
+ let!(:commit_note_meta) { create(:system_note_metadata, note: commit_note, action: "commit") }
|
|
||||||
+
|
|
||||||
+ context 'user is allowed access' do
|
|
||||||
+ before do
|
|
||||||
+ project.add_user(user, :maintainer)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ it 'displays all available notes' do
|
|
||||||
+ get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid }
|
|
||||||
+
|
|
||||||
+ expect(json_response.length).to eq(3)
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ context 'user is a guest' do
|
|
||||||
+ let(:json_response_note_ids) do
|
|
||||||
+ json_response.collect { |discussion| discussion["notes"] }.flatten
|
|
||||||
+ .collect { |note| note["id"].to_i }
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ before do
|
|
||||||
+ project.add_guest(user)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ it 'does not display notes w/type listed in TYPES_RESTRICTED_BY_ACCESS_LEVEL' do
|
|
||||||
+ get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid }
|
|
||||||
+
|
|
||||||
+ expect(json_response.length).to eq(2)
|
|
||||||
+ expect(json_response_note_ids).not_to include(branch_note.id)
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
--- a/spec/models/note_spec.rb
|
|
||||||
+++ b/spec/models/note_spec.rb
|
|
||||||
@@ -246,6 +246,70 @@
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
+ describe "#visible_for?" do
|
|
||||||
+ using RSpec::Parameterized::TableSyntax
|
|
||||||
+
|
|
||||||
+ let(:note) { create(:note) }
|
|
||||||
+ let(:user) { create(:user) }
|
|
||||||
+
|
|
||||||
+ where(:cross_reference_visible, :system_note_viewable, :result) do
|
|
||||||
+ true | true | false
|
|
||||||
+ false | true | true
|
|
||||||
+ false | false | false
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ with_them do
|
|
||||||
+ it "returns expected result" do
|
|
||||||
+ expect(note).to receive(:cross_reference_not_visible_for?).and_return(cross_reference_visible)
|
|
||||||
+
|
|
||||||
+ unless cross_reference_visible
|
|
||||||
+ expect(note).to receive(:system_note_viewable_by?)
|
|
||||||
+ .with(user).and_return(system_note_viewable)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ expect(note.visible_for?(user)).to eq result
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ describe "#system_note_viewable_by?(user)" do
|
|
||||||
+ let(:note) { create(:note) }
|
|
||||||
+ let(:user) { create(:user) }
|
|
||||||
+ let!(:metadata) { create(:system_note_metadata, note: note, action: "branch") }
|
|
||||||
+
|
|
||||||
+ context "when system_note_metadata is not present" do
|
|
||||||
+ it "returns true" do
|
|
||||||
+ expect(note).to receive(:system_note_metadata).and_return(nil)
|
|
||||||
+
|
|
||||||
+ expect(note.send(:system_note_viewable_by?, user)).to be_truthy
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ context "system_note_metadata isn't of type 'branch'" do
|
|
||||||
+ before do
|
|
||||||
+ metadata.action = "not_a_branch"
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ it "returns true" do
|
|
||||||
+ expect(note.send(:system_note_viewable_by?, user)).to be_truthy
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ context "user doesn't have :download_code ability" do
|
|
||||||
+ it "returns false" do
|
|
||||||
+ expect(note.send(:system_note_viewable_by?, user)).to be_falsey
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ context "user has the :download_code ability" do
|
|
||||||
+ it "returns true" do
|
|
||||||
+ expect(Ability).to receive(:allowed?).with(user, :download_code, note.project).and_return(true)
|
|
||||||
+
|
|
||||||
+ expect(note.send(:system_note_viewable_by?, user)).to be_truthy
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
describe "cross_reference_not_visible_for?" do
|
|
||||||
let(:private_user) { create(:user) }
|
|
||||||
let(:private_project) { create(:project, namespace: private_user.namespace) { |p| p.add_maintainer(private_user) } }
|
|
3
debian/patches/series
vendored
3
debian/patches/series
vendored
|
@ -10,7 +10,6 @@
|
||||||
0470-relax-bootsnap.patch
|
0470-relax-bootsnap.patch
|
||||||
0480-embed-snowplow-tracker.patch
|
0480-embed-snowplow-tracker.patch
|
||||||
0481-relax-contracts-dependency-of-snowplow.patch
|
0481-relax-contracts-dependency-of-snowplow.patch
|
||||||
0482-relax-gitlab-labkit.patch
|
|
||||||
0500-set-webpack-root.patch
|
0500-set-webpack-root.patch
|
||||||
0510-remove-dev-dependencies.patch
|
0510-remove-dev-dependencies.patch
|
||||||
0520-add-system-lib-path-for-webpack.patch
|
0520-add-system-lib-path-for-webpack.patch
|
||||||
|
@ -28,5 +27,3 @@
|
||||||
0750-fix-relative-paths.patch
|
0750-fix-relative-paths.patch
|
||||||
0760-bump-rubyzip.patch
|
0760-bump-rubyzip.patch
|
||||||
0770-bump-node-d3.patch
|
0770-bump-node-d3.patch
|
||||||
CVE-2019-19254.patch
|
|
||||||
CVE-2019-19257.patch
|
|
||||||
|
|
Loading…
Reference in a new issue