Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2023-10-31 17:30:35 +0300
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2023-10-31 17:30:35 +0300
commitec770ec0d801782fb39cf52c01710bf347d70e3a (patch)
treee3be576199894d84efe9e0598e82633712c19c91
parent9de3f08bc2d59576d74162ebfd16543f7b40c696 (diff)
parentabc892a30ec014fc8b13d0280aa2bdb15ac93d9d (diff)
Merge remote-tracking branch 'dev/16-3-stable' into 16-3-stable
Diffstat
-rw-r--r--CHANGELOG.md14
-rw-r--r--GITALY_SERVER_VERSION2
-rw-r--r--GITLAB_PAGES_VERSION2
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.checksum2
-rw-r--r--Gemfile.lock4
-rw-r--r--VERSION2
-rw-r--r--app/helpers/version_check_helper.rb4
-rw-r--r--app/mailers/emails/service_desk.rb6
-rw-r--r--config/session_store.yml3
-rw-r--r--doc/ci/examples/authenticating-with-hashicorp-vault/index.md52
-rw-r--r--doc/ci/secrets/id_token_authentication.md52
-rw-r--r--lib/gitlab/ci/components/instance_path.rb9
-rw-r--r--lib/gitlab/ci/jwt.rb3
-rw-r--r--lib/gitlab/import_export/command_line_util.rb2
-rw-r--r--lib/gitlab/import_export/project/relation_factory.rb2
-rw-r--r--lib/gitlab/search/abuse_detection.rb32
-rw-r--r--lib/gitlab/search/params.rb2
-rw-r--r--package.json2
-rw-r--r--spec/helpers/version_check_helper_spec.rb52
-rw-r--r--spec/lib/gitlab/ci/components/instance_path_spec.rb14
-rw-r--r--spec/lib/gitlab/ci/jwt_spec.rb19
-rw-r--r--spec/lib/gitlab/import_export/command_line_util_spec.rb16
-rw-r--r--spec/lib/gitlab/search/abuse_detection_spec.rb28
-rw-r--r--spec/lib/gitlab/search/params_spec.rb18
-rw-r--r--spec/mailers/emails/service_desk_spec.rb22
-rw-r--r--yarn.lock95
27 files changed, 307 insertions, 154 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1606737720c..fa30d3aa058 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,20 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 16.3.6 (2023-10-30)
+
+### Security (9 changes)
+
+- [Fix infinite loop when finding component project](gitlab-org/security/gitlab@a1c1255f8f767f1b9a26aee1008ef6a286988a1d) ([merge request](gitlab-org/security/gitlab!3667))
+- [Update gitlab-chronic-duration to 0.12](gitlab-org/security/gitlab@89ed5a67a26c362d197eae4f3228755a5e3a1c03) ([merge request](gitlab-org/security/gitlab!3630))
+- [Guard gitlab_version_check helper](gitlab-org/security/gitlab@b8f490fc3cfe465d46666380b17c065669c216e1) ([merge request](gitlab-org/security/gitlab!3654))
+- [Add the environment action to the CI JWT token fields](gitlab-org/security/gitlab@0563e1a02c2b6886cc21c4dfbedd975c102f0fbb) ([merge request](gitlab-org/security/gitlab!3615))
+- [Remove FIFO files from tarball extract](gitlab-org/security/gitlab@d794f0c972e2e081c0ed78ed5001bdd111688641) ([merge request](gitlab-org/security/gitlab!3634))
+- [Backport add abuse detection for pipes](gitlab-org/security/gitlab@84a3debec3ce0473598d4681850ccca74a892b30) ([merge request](gitlab-org/security/gitlab!3619))
+- [Prevent unprivileged user assignment in templated projects](gitlab-org/security/gitlab@b4ba31c793317dee41382f7a41af4637f38cddaa) ([merge request](gitlab-org/security/gitlab!3637))
+- [Fixes Service Desk email template issue description privileges](gitlab-org/security/gitlab@223765ae04031afda38f10e8487a3785ab53032b) ([merge request](gitlab-org/security/gitlab!3639))
+- [Update mermaid version for DOS fixes](gitlab-org/security/gitlab@602b89ced4ccad048819fc1603d6e978fd58c882) ([merge request](gitlab-org/security/gitlab!3627))
+
## 16.3.5 (2023-09-28)
### Security (16 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 56aa836cd5f..1c3555c354c 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-16.3.5 \ No newline at end of file
+16.3.6 \ No newline at end of file
diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION
index 56aa836cd5f..1c3555c354c 100644
--- a/GITLAB_PAGES_VERSION
+++ b/GITLAB_PAGES_VERSION
@@ -1 +1 @@
-16.3.5 \ No newline at end of file
+16.3.6 \ No newline at end of file
diff --git a/Gemfile b/Gemfile
index 11c4e3a8037..ca29f606abe 100644
--- a/Gemfile
+++ b/Gemfile
@@ -324,7 +324,7 @@ gem 'fast_blank'
# Parse time & duration
gem 'gitlab-chronic', '~> 0.10.5'
-gem 'gitlab_chronic_duration', '~> 0.10.6.2'
+gem 'gitlab_chronic_duration', '~> 0.12'
gem 'rack-proxy', '~> 0.7.6'
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 12001e1583a..298b48f81d4 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -215,7 +215,7 @@
{"name":"gitlab-markup","version":"1.9.0","platform":"ruby","checksum":"7eda045a08ec2d110084252fa13a8c9eac8bdac0e302035ca7db4b82bcbd7ed4"},
{"name":"gitlab-net-dns","version":"0.9.2","platform":"ruby","checksum":"f726d978479d43810819f12a45c0906d775a07e34df111bbe693fffbbef3059d"},
{"name":"gitlab-styles","version":"10.1.0","platform":"ruby","checksum":"f42745f5397d042fe24cf2d0eb56c995b37f9f43d8fb79b834d197a1cafdc84a"},
-{"name":"gitlab_chronic_duration","version":"0.10.6.2","platform":"ruby","checksum":"6dda4cfe7dca9b958f163ac8835c3d9cc70cf8df8cbb89bb2fbf9ba4375105fb"},
+{"name":"gitlab_chronic_duration","version":"0.12.0","platform":"ruby","checksum":"0d766944d415b5c831f176871ee8625783fc0c5bfbef2d79a3a616f207ffc16d"},
{"name":"gitlab_omniauth-ldap","version":"2.2.0","platform":"ruby","checksum":"bb4d20acb3b123ed654a8f6a47d3fac673ece7ed0b6992edb92dca14bad2838c"},
{"name":"gitlab_quality-test_tooling","version":"0.9.3","platform":"ruby","checksum":"9751f3504b717499588bd0fa5517de9b6756e8b9548777ea0283b889694580f0"},
{"name":"globalid","version":"1.1.0","platform":"ruby","checksum":"b337e1746f0c8cb0a6c918234b03a1ddeb4966206ce288fbb57779f59b2d154f"},
diff --git a/Gemfile.lock b/Gemfile.lock
index d593779d52f..3eda52b5e94 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -675,7 +675,7 @@ GEM
rubocop-performance (~> 1.15)
rubocop-rails (~> 2.17)
rubocop-rspec (~> 2.22)
- gitlab_chronic_duration (0.10.6.2)
+ gitlab_chronic_duration (0.12.0)
numerizer (~> 0.2)
gitlab_omniauth-ldap (2.2.0)
net-ldap (~> 0.16)
@@ -1825,7 +1825,7 @@ DEPENDENCIES
gitlab-sidekiq-fetcher!
gitlab-styles (~> 10.1.0)
gitlab-utils!
- gitlab_chronic_duration (~> 0.10.6.2)
+ gitlab_chronic_duration (~> 0.12)
gitlab_omniauth-ldap (~> 2.2.0)
gitlab_quality-test_tooling (~> 0.9.3)
gon (~> 6.4.0)
diff --git a/VERSION b/VERSION
index 56aa836cd5f..1c3555c354c 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-16.3.5 \ No newline at end of file
+16.3.6 \ No newline at end of file
diff --git a/app/helpers/version_check_helper.rb b/app/helpers/version_check_helper.rb
index dc8ef4e44be..7128bd28c51 100644
--- a/app/helpers/version_check_helper.rb
+++ b/app/helpers/version_check_helper.rb
@@ -11,12 +11,14 @@ module VersionCheckHelper
end
def gitlab_version_check
+ return unless show_version_check?
+
VersionCheck.new.response
end
strong_memoize_attr :gitlab_version_check
def show_security_patch_upgrade_alert?
- return false unless show_version_check? && gitlab_version_check
+ return false unless gitlab_version_check
Gitlab::Utils.to_boolean(gitlab_version_check['critical_vulnerability'])
end
diff --git a/app/mailers/emails/service_desk.rb b/app/mailers/emails/service_desk.rb
index f609c9318da..e250f2bb809 100644
--- a/app/mailers/emails/service_desk.rb
+++ b/app/mailers/emails/service_desk.rb
@@ -195,7 +195,11 @@ module Emails
end
def issue_description
- @issue.description_html.to_s
+ return '' if @issue.description_html.blank?
+
+ # Remove references etc. from description HTML because external participants
+ # are no regular users and don't have permission to access them.
+ ::Banzai::Renderer.post_process(@issue.description_html, {})
end
def subject_base
diff --git a/config/session_store.yml b/config/session_store.yml
new file mode 100644
index 00000000000..7914b3ac766
--- /dev/null
+++ b/config/session_store.yml
@@ -0,0 +1,3 @@
+development:
+ unique_cookie_key_postfix: true
+ cookie_key: "_gitlab_session"
diff --git a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
index 737c95cf747..80074360f43 100644
--- a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
+++ b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
@@ -33,31 +33,32 @@ ID tokens are JSON Web Tokens (JWTs) used for OIDC authentication with third-par
The following fields are included in the JWT:
-| Field | When | Description |
-|-------------------------|------------------------------|-------------|
-| `jti` | Always | Unique identifier for this token |
-| `iss` | Always | Issuer, the domain of your GitLab instance |
-| `iat` | Always | Issued at |
-| `nbf` | Always | Not valid before |
-| `exp` | Always | Expires at |
-| `sub` | Always | Subject (job ID) |
-| `namespace_id` | Always | Use this to scope to group or user level namespace by ID |
-| `namespace_path` | Always | Use this to scope to group or user level namespace by path |
-| `project_id` | Always | Use this to scope to project by ID |
-| `project_path` | Always | Use this to scope to project by path |
-| `user_id` | Always | ID of the user executing the job |
-| `user_login` | Always | Username of the user executing the job |
-| `user_email` | Always | Email of the user executing the job |
-| `pipeline_id` | Always | ID of this pipeline |
-| `pipeline_source` | Always | [Pipeline source](../../jobs/job_control.md#common-if-clauses-for-rules) |
-| `job_id` | Always | ID of this job |
-| `ref` | Always | Git ref for this job |
-| `ref_type` | Always | Git ref type, either `branch` or `tag` |
-| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
-| `ref_protected` | Always | `true` if this Git ref is protected, `false` otherwise |
-| `environment` | Job specifies an environment | Environment this job specifies ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
-| `environment_protected` | Job specifies an environment | `true` if specified environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
+| Field | When | Description |
+|-------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `jti` | Always | Unique identifier for this token |
+| `iss` | Always | Issuer, the domain of your GitLab instance |
+| `iat` | Always | Issued at |
+| `nbf` | Always | Not valid before |
+| `exp` | Always | Expires at |
+| `sub` | Always | Subject (job ID) |
+| `namespace_id` | Always | Use this to scope to group or user level namespace by ID |
+| `namespace_path` | Always | Use this to scope to group or user level namespace by path |
+| `project_id` | Always | Use this to scope to project by ID |
+| `project_path` | Always | Use this to scope to project by path |
+| `user_id` | Always | ID of the user executing the job |
+| `user_login` | Always | Username of the user executing the job |
+| `user_email` | Always | Email of the user executing the job |
+| `pipeline_id` | Always | ID of this pipeline |
+| `pipeline_source` | Always | [Pipeline source](../../jobs/job_control.md#common-if-clauses-for-rules) |
+| `job_id` | Always | ID of this job |
+| `ref` | Always | Git ref for this job |
+| `ref_type` | Always | Git ref type, either `branch` or `tag` |
+| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
+| `ref_protected` | Always | `true` if this Git ref is protected, `false` otherwise |
+| `environment` | Job specifies an environment | Environment this job specifies ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
+| `environment_protected` | Job specifies an environment | `true` if specified environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
| `deployment_tier` | Job specifies an environment | [Deployment tier](../../environments/index.md#deployment-tier-of-environments) of environment this job specifies ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/363590) in GitLab 15.2) |
+| `environment_action` | Job specifies an environment | [Environment action (`environment:action`)](../../environments/index.md) specified in the job. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/) in GitLab 16.5) |
Example JWT payload:
@@ -84,7 +85,8 @@ Example JWT payload:
"ref_path": "refs/heads/auto-deploy-2020-04-01",
"ref_protected": "true",
"environment": "production",
- "environment_protected": "true"
+ "environment_protected": "true",
+ "environment_action": "start"
}
```
diff --git a/doc/ci/secrets/id_token_authentication.md b/doc/ci/secrets/id_token_authentication.md
index 22a260e4bb6..24c0ca8f58e 100644
--- a/doc/ci/secrets/id_token_authentication.md
+++ b/doc/ci/secrets/id_token_authentication.md
@@ -51,32 +51,33 @@ The following standard claims are included in each ID token:
The token also includes custom claims provided by GitLab:
-| Field | When | Description |
-|-------------------------|------------------------------|-------------|
-| `namespace_id` | Always | Use this to scope to group or user level namespace by ID. |
-| `namespace_path` | Always | Use this to scope to group or user level namespace by path. |
-| `project_id` | Always | Use this to scope to project by ID. |
-| `project_path` | Always | Use this to scope to project by path. |
-| `user_id` | Always | ID of the user executing the job. |
-| `user_login` | Always | Username of the user executing the job. |
-| `user_email` | Always | Email of the user executing the job. |
-| `user_identities` | User Preference setting | List of the user's external identities ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387537) in GitLab 16.0). |
-| `pipeline_id` | Always | ID of the pipeline. |
-| `pipeline_source` | Always | [Pipeline source](../jobs/job_control.md#common-if-clauses-for-rules). |
-| `job_id` | Always | ID of the job. |
-| `ref` | Always | Git ref for the job. |
-| `ref_type` | Always | Git ref type, either `branch` or `tag`. |
-| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
-| `ref_protected` | Always | `true` if the Git ref is protected, `false` otherwise. |
-| `environment` | Job specifies an environment | Environment this job deploys to ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
-| `environment_protected` | Job specifies an environment | `true` if deployed environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
-| `deployment_tier` | Job specifies an environment | [Deployment tier](../environments/index.md#deployment-tier-of-environments) of the environment the job specifies. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/363590) in GitLab 15.2. |
-| `runner_id` | Always | ID of the runner executing the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
-| `runner_environment` | Always | The type of runner used by the job. Can be either `gitlab-hosted` or `self-hosted`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
-| `sha` | Always | The commit SHA for the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
+| Field | When | Description |
+|-------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `namespace_id` | Always | Use this to scope to group or user level namespace by ID. |
+| `namespace_path` | Always | Use this to scope to group or user level namespace by path. |
+| `project_id` | Always | Use this to scope to project by ID. |
+| `project_path` | Always | Use this to scope to project by path. |
+| `user_id` | Always | ID of the user executing the job. |
+| `user_login` | Always | Username of the user executing the job. |
+| `user_email` | Always | Email of the user executing the job. |
+| `user_identities` | User Preference setting | List of the user's external identities ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387537) in GitLab 16.0). |
+| `pipeline_id` | Always | ID of the pipeline. |
+| `pipeline_source` | Always | [Pipeline source](../jobs/job_control.md#common-if-clauses-for-rules). |
+| `job_id` | Always | ID of the job. |
+| `ref` | Always | Git ref for the job. |
+| `ref_type` | Always | Git ref type, either `branch` or `tag`. |
+| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
+| `ref_protected` | Always | `true` if the Git ref is protected, `false` otherwise. |
+| `environment` | Job specifies an environment | Environment this job deploys to ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
+| `environment_protected` | Job specifies an environment | `true` if deployed environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
+| `deployment_tier` | Job specifies an environment | [Deployment tier](../environments/index.md#deployment-tier-of-environments) of the environment the job specifies. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/363590) in GitLab 15.2. |
+| `environment_action` | Job specifies an environment | [Environment action (`environment:action`)](../environments/index.md) specified in the job. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/) in GitLab 16.5) |
+| `runner_id` | Always | ID of the runner executing the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
+| `runner_environment` | Always | The type of runner used by the job. Can be either `gitlab-hosted` or `self-hosted`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
+| `sha` | Always | The commit SHA for the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
| `ci_config_ref_uri` | Always | The ref path to the top-level pipeline definition, for example, `gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.2. This claim is `null` unless the pipeline definition is located in the same project. |
-| `ci_config_sha` | Always | Git commit SHA for the `ci_config_ref_uri`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.2. This claim is `null` unless the pipeline definition is located in the same project. |
-| `project_visibility` | Always | The [visibility](../../user/public_access.md) of the project where the pipeline is running. Can be `internal`, `private`, or `public`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418810) in GitLab 16.3. |
+| `ci_config_sha` | Always | Git commit SHA for the `ci_config_ref_uri`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.2. This claim is `null` unless the pipeline definition is located in the same project. |
+| `project_visibility` | Always | The [visibility](../../user/public_access.md) of the project where the pipeline is running. Can be `internal`, `private`, or `public`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418810) in GitLab 16.3. |
```json
{
@@ -101,6 +102,7 @@ The token also includes custom claims provided by GitLab:
"environment": "test-environment2",
"environment_protected": "false",
"deployment_tier": "testing",
+ "environment_action": "start",
"runner_id": 1,
"runner_environment": "self-hosted",
"sha": "714a629c0b401fdce83e847fc9589983fc6f46bc",
diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb
index e0ef598da1b..2b1b9c38af4 100644
--- a/lib/gitlab/ci/components/instance_path.rb
+++ b/lib/gitlab/ci/components/instance_path.rb
@@ -5,6 +5,7 @@ module Gitlab
module Components
class InstancePath
include Gitlab::Utils::StrongMemoize
+ include ::Gitlab::LoopHelpers
LATEST_VERSION_KEYWORD = '~latest'
@@ -60,9 +61,15 @@ module Gitlab
# Given a path like "my-org/sub-group/the-project/path/to/component"
# find the project "my-org/sub-group/the-project" by looking at all possible paths.
def find_project_by_component_path(path)
+ return if path.start_with?('/') # exit early if path starts with `/` or it will loop forever.
+
possible_paths = [path]
+ index = nil
+
+ loop_until(limit: 20) do
+ index = path.rindex('/') # find index of last `/` in a path
+ break unless index
- while index = path.rindex('/') # find index of last `/` in a path
possible_paths << (path = path[0..index - 1])
end
diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb
index 4ba7b4cc6e1..3d63ec6dfb7 100644
--- a/lib/gitlab/ci/jwt.rb
+++ b/lib/gitlab/ci/jwt.rb
@@ -71,7 +71,8 @@ module Gitlab
fields.merge!(
environment: environment.name,
environment_protected: environment_protected?.to_s,
- deployment_tier: build.environment_tier
+ deployment_tier: build.environment_tier,
+ environment_action: build.environment_action
)
end
diff --git a/lib/gitlab/import_export/command_line_util.rb b/lib/gitlab/import_export/command_line_util.rb
index 924ca4e83ea..ee594777170 100644
--- a/lib/gitlab/import_export/command_line_util.rb
+++ b/lib/gitlab/import_export/command_line_util.rb
@@ -139,7 +139,7 @@ module Gitlab
raise HardLinkError, 'File shares hard link' if Gitlab::Utils::FileInfo.shares_hard_link?(filepath)
- FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath)
+ FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath) || File.pipe?(filepath)
end
true
diff --git a/lib/gitlab/import_export/project/relation_factory.rb b/lib/gitlab/import_export/project/relation_factory.rb
index 895b6394673..0653f0e665d 100644
--- a/lib/gitlab/import_export/project/relation_factory.rb
+++ b/lib/gitlab/import_export/project/relation_factory.rb
@@ -82,6 +82,8 @@ module Gitlab
private
+ attr_reader :relation_hash, :user
+
def invalid_relation?
# Do not create relation if it is a legacy trigger
legacy_trigger?
diff --git a/lib/gitlab/search/abuse_detection.rb b/lib/gitlab/search/abuse_detection.rb
index 8711d078ea9..75346e26b84 100644
--- a/lib/gitlab/search/abuse_detection.rb
+++ b/lib/gitlab/search/abuse_detection.rb
@@ -6,6 +6,7 @@ module Gitlab
include ActiveModel::Validations
include AbuseValidators
+ MAX_PIPE_SYNTAX_FILTERS = 5
ABUSIVE_TERM_SIZE = 100
ALLOWED_CHARS_REGEX = %r{\A[[:alnum:]_\-\/\.!]+\z}.freeze
@@ -57,10 +58,18 @@ module Gitlab
validates :query_string, :repository_ref, :project_ref, no_abusive_coercion_from_string: true
- attr_reader(*READABLE_PARAMS)
+ validate :no_abusive_pipes, if: :detect_abusive_pipes
- def initialize(params)
- READABLE_PARAMS.each { |p| instance_variable_set("@#{p}", params[p]) }
+ attr_reader(*READABLE_PARAMS)
+ attr_reader :raw_params, :detect_abusive_pipes
+
+ def initialize(params, detect_abusive_pipes: true)
+ @raw_params = {}
+ READABLE_PARAMS.each do |p|
+ instance_variable_set("@#{p}", params[p])
+ @raw_params[p] = params[p]
+ end
+ @detect_abusive_pipes = detect_abusive_pipes
end
private
@@ -76,6 +85,23 @@ module Gitlab
def stop_word_search?
STOP_WORDS.include? query_string
end
+
+ def no_abusive_pipes
+ pipes = query_string.to_s.split('|')
+ errors.add(:query_string, 'too many pipe syntax filters') if pipes.length > MAX_PIPE_SYNTAX_FILTERS
+
+ pipes.each do |q|
+ self.class.new(raw_params.merge(query_string: q), detect_abusive_pipes: false).tap do |p|
+ p.validate
+
+ p.errors.messages_for(:query_string).each do |msg|
+ next if errors.added?(:query_string, msg)
+
+ errors.add(:query_string, msg)
+ end
+ end
+ end
+ end
end
end
end
diff --git a/lib/gitlab/search/params.rb b/lib/gitlab/search/params.rb
index 6eb24a92be6..a7896b7d80d 100644
--- a/lib/gitlab/search/params.rb
+++ b/lib/gitlab/search/params.rb
@@ -81,7 +81,7 @@ module Gitlab
end
def search_terms
- @search_terms ||= query_string.split.select { |word| word.length >= MIN_TERM_LENGTH }
+ @search_terms ||= query_string.split
end
def not_too_many_terms
diff --git a/package.json b/package.json
index 4f71c67a734..d472364dbc4 100644
--- a/package.json
+++ b/package.json
@@ -165,7 +165,7 @@
"marked-bidi": "^1.0.3",
"mathjax": "3",
"mdurl": "^1.0.1",
- "mermaid": "10.1.0",
+ "mermaid": "10.5.0",
"micromatch": "^4.0.5",
"minimatch": "^3.0.4",
"monaco-editor": "^0.30.1",
diff --git a/spec/helpers/version_check_helper_spec.rb b/spec/helpers/version_check_helper_spec.rb
index ce5aade2b1c..9c697dbe21e 100644
--- a/spec/helpers/version_check_helper_spec.rb
+++ b/spec/helpers/version_check_helper_spec.rb
@@ -38,43 +38,49 @@ RSpec.describe VersionCheckHelper do
end
describe '#gitlab_version_check' do
+ let(:show_version_check) { false }
+
before do
- allow_next_instance_of(VersionCheck) do |instance|
- allow(instance).to receive(:response).and_return({ "severity" => "success" })
- end
+ allow(helper).to receive(:show_version_check?).and_return(show_version_check)
end
- it 'returns an instance of the VersionCheck class' do
- expect(helper.gitlab_version_check).to eq({ "severity" => "success" })
+ it 'when show_version_check? is false it returns nil' do
+ expect(helper.gitlab_version_check).to be nil
+ end
+
+ context 'when show_version_check? is true' do
+ let(:show_version_check) { true }
+
+ before do
+ allow_next_instance_of(VersionCheck) do |instance|
+ allow(instance).to receive(:response).and_return({ "severity" => "success" })
+ end
+ end
+
+ it 'returns an instance of the VersionCheck class if the user has access' do
+ expect(helper.gitlab_version_check).to eq({ "severity" => "success" })
+ end
end
end
describe '#show_security_patch_upgrade_alert?' do
describe 'return conditions' do
- where(:show_version_check, :gitlab_version_check, :result) do
+ where(:gitlab_version_check, :result) do
[
- [false, nil, false],
- [false, { "severity" => "success" }, false],
- [false, { "severity" => "danger" }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => 'some text' }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => false }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => 'true' }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => true }, false],
- [true, nil, false],
- [true, { "severity" => "success" }, nil],
- [true, { "severity" => "danger" }, nil],
- [true, { "severity" => "danger", "critical_vulnerability" => 'some text' }, nil],
- [true, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
- [true, { "severity" => "danger", "critical_vulnerability" => false }, false],
- [true, { "severity" => "danger", "critical_vulnerability" => 'true' }, true],
- [true, { "severity" => "danger", "critical_vulnerability" => true }, true]
+ [nil, false],
+ [{}, nil],
+ [{ "severity" => "success" }, nil],
+ [{ "severity" => "danger" }, nil],
+ [{ "severity" => "danger", "critical_vulnerability" => 'some text' }, nil],
+ [{ "severity" => "danger", "critical_vulnerability" => 'false' }, false],
+ [{ "severity" => "danger", "critical_vulnerability" => false }, false],
+ [{ "severity" => "danger", "critical_vulnerability" => 'true' }, true],
+ [{ "severity" => "danger", "critical_vulnerability" => true }, true]
]
end
with_them do
before do
- allow(helper).to receive(:show_version_check?).and_return(show_version_check)
allow(helper).to receive(:gitlab_version_check).and_return(gitlab_version_check)
end
diff --git a/spec/lib/gitlab/ci/components/instance_path_spec.rb b/spec/lib/gitlab/ci/components/instance_path_spec.rb
index f4bc706f9b4..751450fa802 100644
--- a/spec/lib/gitlab/ci/components/instance_path_spec.rb
+++ b/spec/lib/gitlab/ci/components/instance_path_spec.rb
@@ -48,6 +48,20 @@ RSpec.describe Gitlab::Ci::Components::InstancePath, feature_category: :pipeline
it 'fetches the content' do
expect(path.fetch_content!(current_user: user)).to eq(content)
end
+
+ shared_examples 'prevents infinite loop' do |prefix|
+ context "when the project path starts with '#{prefix}'" do
+ let(:project_path) { "#{prefix}#{existing_project.full_path}" }
+
+ it 'returns nil' do
+ result = path.fetch_content!(current_user: user)
+ expect(result).to be_nil
+ end
+ end
+ end
+
+ it_behaves_like 'prevents infinite loop', '/'
+ it_behaves_like 'prevents infinite loop', '//'
end
context 'when user does not have permissions to download code' do
diff --git a/spec/lib/gitlab/ci/jwt_spec.rb b/spec/lib/gitlab/ci/jwt_spec.rb
index a6de5b9879c..f0b203961b4 100644
--- a/spec/lib/gitlab/ci/jwt_spec.rb
+++ b/spec/lib/gitlab/ci/jwt_spec.rb
@@ -49,6 +49,7 @@ RSpec.describe Gitlab::Ci::Jwt do
expect(payload[:environment]).to be_nil
expect(payload[:environment_protected]).to be_nil
expect(payload[:deployment_tier]).to be_nil
+ expect(payload[:environment_action]).to be_nil
end
end
@@ -109,7 +110,10 @@ RSpec.describe Gitlab::Ci::Jwt do
project: project,
user: user,
pipeline: pipeline,
- environment: environment.name
+ environment: {
+ name: environment.name,
+ action: 'start'
+ }
)
end
@@ -121,6 +125,7 @@ RSpec.describe Gitlab::Ci::Jwt do
expect(payload[:environment]).to eq('production')
expect(payload[:environment_protected]).to eq('false')
expect(payload[:deployment_tier]).to eq('production')
+ expect(payload[:environment_action]).to eq('start')
end
describe 'deployment_tier' do
@@ -134,6 +139,18 @@ RSpec.describe Gitlab::Ci::Jwt do
end
end
end
+
+ describe 'environment_action' do
+ context 'when build options specifies a different environment_action' do
+ before do
+ build.options[:environment] = { name: environment.name, action: 'prepare' }
+ end
+
+ it 'uses environment_action from build options' do
+ expect(payload[:environment_action]).to eq('prepare')
+ end
+ end
+ end
end
end
diff --git a/spec/lib/gitlab/import_export/command_line_util_spec.rb b/spec/lib/gitlab/import_export/command_line_util_spec.rb
index 8ed3a60d7fc..b709a2dbedb 100644
--- a/spec/lib/gitlab/import_export/command_line_util_spec.rb
+++ b/spec/lib/gitlab/import_export/command_line_util_spec.rb
@@ -84,6 +84,20 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil, feature_category: :importe
end
end
+ shared_examples 'deletes pipes' do |compression, decompression|
+ it 'deletes the pipes', :aggregate_failures do
+ FileUtils.touch("#{source_dir}/file.txt")
+ File.mkfifo("#{source_dir}/pipe")
+
+ archive_file = File.join(archive_dir, 'file_with_pipes.tar.gz')
+ subject.public_send(compression, archive: archive_file, dir: source_dir)
+ subject.public_send(decompression, archive: archive_file, dir: target_dir)
+
+ expect(File).to exist("#{target_dir}/file.txt")
+ expect(File).not_to exist("#{target_dir}/pipe")
+ end
+ end
+
describe '#download_or_copy_upload' do
let(:upload) { instance_double(Upload, local?: local) }
let(:uploader) { instance_double(ImportExportUploader, path: :path, url: :url, upload: upload) }
@@ -302,6 +316,7 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil, feature_category: :importe
it_behaves_like 'deletes symlinks', :tar_czf, :untar_zxf
it_behaves_like 'handles shared hard links', :tar_czf, :untar_zxf
+ it_behaves_like 'deletes pipes', :tar_czf, :untar_zxf
it 'has the right mask for project.json' do
subject.untar_zxf(archive: tar_archive_fixture, dir: target_dir)
@@ -321,6 +336,7 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil, feature_category: :importe
it_behaves_like 'deletes symlinks', :tar_cf, :untar_xf
it_behaves_like 'handles shared hard links', :tar_cf, :untar_xf
+ it_behaves_like 'deletes pipes', :tar_czf, :untar_zxf
it 'extracts archive without decompression' do
filename = 'archive.tar.gz'
diff --git a/spec/lib/gitlab/search/abuse_detection_spec.rb b/spec/lib/gitlab/search/abuse_detection_spec.rb
index f9a1d0211b9..cbf20614ba5 100644
--- a/spec/lib/gitlab/search/abuse_detection_spec.rb
+++ b/spec/lib/gitlab/search/abuse_detection_spec.rb
@@ -10,12 +10,12 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
describe 'abusive scopes validation' do
it 'allows only approved scopes' do
described_class::ALLOWED_SCOPES.each do |scope|
- expect(described_class.new(scope: scope)).to be_valid
+ expect(described_class.new({ scope: scope })).to be_valid
end
end
it 'disallows anything not approved' do
- expect(described_class.new(scope: 'nope')).not_to be_valid
+ expect(described_class.new({ scope: 'nope' })).not_to be_valid
end
end
@@ -55,14 +55,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
it 'considers non Integers to be invalid' do
[:project_id, :group_id].each do |param|
[[1, 2, 3], 'xyz', 3.14, { foo: :bar }].each do |dtype|
- expect(described_class.new(param => dtype)).not_to be_valid
+ expect(described_class.new({ param => dtype })).not_to be_valid
end
end
end
it 'considers Integers to be valid' do
[:project_id, :group_id].each do |param|
- expect(described_class.new(param => 123)).to be_valid
+ expect(described_class.new({ param => 123 })).to be_valid
end
end
end
@@ -70,7 +70,7 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
describe 'query_string validation' do
using ::RSpec::Parameterized::TableSyntax
- subject { described_class.new(query_string: search) }
+ subject { described_class.new({ query_string: search }) }
let(:validation_errors) do
subject.validate
@@ -82,11 +82,15 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
word | { query_string: ['stopword only abusive search detected'] }
end
- 'x' | { query_string: ['abusive tiny search detected'] }
- ('x' * described_class::ABUSIVE_TERM_SIZE) | { query_string: ['abusive term length detected'] }
- '' | {}
- '*' | {}
- 'ruby' | {}
+ (['apples'] * (described_class::MAX_PIPE_SYNTAX_FILTERS + 1)).join('|') | { query_string: ['too many pipe syntax filters'] } # rubocop:disable Layout/LineLength
+ (['apples'] * described_class::MAX_PIPE_SYNTAX_FILTERS).join('|') | {}
+ 'x' | { query_string: ['abusive tiny search detected'] }
+ 'apples|x' | { query_string: ['abusive tiny search detected'] }
+ ('x' * described_class::ABUSIVE_TERM_SIZE) | { query_string: ['abusive term length detected'] }
+ "apples|#{'x' * described_class::ABUSIVE_TERM_SIZE}" | { query_string: ['abusive term length detected'] }
+ '' | {}
+ '*' | {}
+ 'ruby' | {}
end
with_them do
@@ -100,14 +104,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
it 'considers anything not a String invalid' do
[:query_string, :scope, :repository_ref, :project_ref].each do |param|
[[1, 2, 3], 123, 3.14, { foo: :bar }].each do |dtype|
- expect(described_class.new(param => dtype)).not_to be_valid
+ expect(described_class.new({ param => dtype })).not_to be_valid
end
end
end
it 'considers Strings to be valid' do
[:query_string, :repository_ref, :project_ref].each do |param|
- expect(described_class.new(param => "foo")).to be_valid
+ expect(described_class.new({ param => "foo" })).to be_valid
end
end
end
diff --git a/spec/lib/gitlab/search/params_spec.rb b/spec/lib/gitlab/search/params_spec.rb
index 3235a0b2126..3c64082aeeb 100644
--- a/spec/lib/gitlab/search/params_spec.rb
+++ b/spec/lib/gitlab/search/params_spec.rb
@@ -17,7 +17,7 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
end
it 'uses AbuseDetection by default' do
- expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+ expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
described_class.new(params)
end
end
@@ -73,9 +73,21 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
end
it 'validates AbuseDetector on validation' do
- expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+ expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
subject.validate
end
+
+ context 'when query has too many terms' do
+ let(:search) { Array.new((::Gitlab::Search::Params::SEARCH_TERM_LIMIT + 1), 'a').join(' ') }
+
+ it { is_expected.not_to be_valid }
+ end
+
+ context 'when query is too long' do
+ let(:search) { 'a' * (::Gitlab::Search::Params::SEARCH_CHAR_LIMIT + 1) }
+
+ it { is_expected.not_to be_valid }
+ end
end
describe '#valid?' do
@@ -89,7 +101,7 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
end
it 'validates AbuseDetector on validation' do
- expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+ expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
subject.valid?
end
end
diff --git a/spec/mailers/emails/service_desk_spec.rb b/spec/mailers/emails/service_desk_spec.rb
index 8c0efe3f480..068ca08150a 100644
--- a/spec/mailers/emails/service_desk_spec.rb
+++ b/spec/mailers/emails/service_desk_spec.rb
@@ -210,6 +210,28 @@ RSpec.describe Emails::ServiceDesk, feature_category: :service_desk do
let(:expected_template_html) { "<p dir=\"auto\">thank you, your new issue has been created. </p>#{issue.description_html}" }
it_behaves_like 'a service desk notification email with template content', 'thank_you'
+
+ context 'when GitLab-specific-reference is in description' do
+ let(:full_issue_reference) { "#{issue.project.full_path}#{issue.to_reference}" }
+ let(:other_issue) { create(:issue, project: project, description: full_issue_reference) }
+
+ let(:template_content) { '%{ISSUE_DESCRIPTION}' }
+ let(:expected_template_html) { "<p data-sourcepos=\"1:1-1:22\" dir=\"auto\">#{full_issue_reference}</p>" }
+
+ subject { ServiceEmailClass.service_desk_thank_you_email(other_issue.id) }
+
+ before do
+ expect(Gitlab::Template::ServiceDeskTemplate).to receive(:find)
+ .with('thank_you', other_issue.project)
+ .and_return(template)
+
+ other_issue.issue_email_participants.create!(email: email)
+ end
+
+ it 'does not render GitLab-specific-reference links with title attribute' do
+ is_expected.to have_body_text(expected_template_html)
+ end
+ end
end
context 'when issue url placeholder is used' do
diff --git a/yarn.lock b/yarn.lock
index e295609732f..d37ff087e7f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1000,10 +1000,10 @@
resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
-"@braintree/sanitize-url@^6.0.0":
- version "6.0.0"
- resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
- integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
+"@braintree/sanitize-url@^6.0.1":
+ version "6.0.4"
+ resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.4.tgz#923ca57e173c6b232bbbb07347b1be982f03e783"
+ integrity sha512-s3jaWicZd0pkP0jf5ysyHUI/RE7MHos6qlToFcGWXVp+ykHOy77OUMrfbgJ9it2C5bow7OIQwYYaHjk9XlBQ2A==
"@csstools/selector-specificity@^2.0.1":
version "2.0.1"
@@ -1625,13 +1625,6 @@
resolved "https://registry.yarnpkg.com/@jsdevtools/ono/-/ono-7.1.3.tgz#9df03bbd7c696a5c58885c34aa06da41c8543796"
integrity sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==
-"@khanacademy/simple-markdown@^0.8.6":
- version "0.8.6"
- resolved "https://registry.yarnpkg.com/@khanacademy/simple-markdown/-/simple-markdown-0.8.6.tgz#9c9aef1f5ce2ce60292d13849165965a57c26f25"
- integrity sha512-mAUlR9lchzfqunR89pFvNI51jQKsMpJeWYsYWw0DQcUXczn/T/V6510utgvm7X0N3zN87j1SvuKk8cMbl9IAFw==
- dependencies:
- "@types/react" ">=16.0.0"
-
"@leichtgewicht/ip-codec@^2.0.1":
version "2.0.3"
resolved "https://registry.yarnpkg.com/@leichtgewicht/ip-codec/-/ip-codec-2.0.3.tgz#0300943770e04231041a51bd39f0439b5c7ab4f0"
@@ -2217,6 +2210,23 @@
dependencies:
"@types/node" "*"
+"@types/d3-scale-chromatic@^3.0.0":
+ version "3.0.0"
+ resolved "https://registry.yarnpkg.com/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.0.0.tgz#103124777e8cdec85b20b51fd3397c682ee1e954"
+ integrity sha512-dsoJGEIShosKVRBZB0Vo3C8nqSDqVGujJU6tPznsBJxNJNwMF8utmS83nvCBKQYPpjCzaaHcrf66iTRpZosLPw==
+
+"@types/d3-scale@^4.0.3":
+ version "4.0.5"
+ resolved "https://registry.yarnpkg.com/@types/d3-scale/-/d3-scale-4.0.5.tgz#daa4faa5438315a37a1f5eb1bcdc5aeb3d3e5a2d"
+ integrity sha512-w/C++3W394MHzcLKO2kdsIn5KKNTOqeQVzyPSGPLzQbkPw/jpeaGtSRlakcKevGgGsjJxGsbqS0fPrVFDbHrDA==
+ dependencies:
+ "@types/d3-time" "*"
+
+"@types/d3-time@*":
+ version "3.0.1"
+ resolved "https://registry.yarnpkg.com/@types/d3-time/-/d3-time-3.0.1.tgz#f0c8f9037632cc4511ae55e7e1459dcb95fb3619"
+ integrity sha512-5j/AnefKAhCw4HpITmLDTPlf4vhi8o/dES+zbegfPb7LaGfNyqkLxBR6E+4yvTAgnJLmhe80EXFMzUs38fw4oA==
+
"@types/debug@^4.0.0":
version "4.1.7"
resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.7.tgz#7cc0ea761509124709b8b2d1090d8f6c17aadb82"
@@ -2401,11 +2411,6 @@
resolved "https://registry.yarnpkg.com/@types/prettier/-/prettier-2.6.1.tgz#76e72d8a775eef7ce649c63c8acae1a0824bbaed"
integrity sha512-XFjFHmaLVifrAKaZ+EKghFHtHSUonyw8P2Qmy2/+osBnrKbH9UYtlK10zg8/kCt47MFilll/DEDKy3DHfJ0URw==
-"@types/prop-types@*":
- version "15.7.5"
- resolved "https://registry.yarnpkg.com/@types/prop-types/-/prop-types-15.7.5.tgz#5f19d2b85a98e9558036f6a3cacc8819420f05cf"
- integrity sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w==
-
"@types/qs@*":
version "6.9.7"
resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.7.tgz#63bb7d067db107cc1e457c303bc25d511febf6cb"
@@ -2416,25 +2421,11 @@
resolved "https://registry.yarnpkg.com/@types/range-parser/-/range-parser-1.2.4.tgz#cd667bcfdd025213aafb7ca5915a932590acdcdc"
integrity sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw==
-"@types/react@>=16.0.0":
- version "18.0.33"
- resolved "https://registry.yarnpkg.com/@types/react/-/react-18.0.33.tgz#a1575160cb4376787c2f5fe0312302f824baa61e"
- integrity sha512-sHxzVxeanvQyQ1lr8NSHaj0kDzcNiGpILEVt69g9S31/7PfMvNCKLKcsHw4lYKjs3cGNJjXSP4mYzX43QlnjNA==
- dependencies:
- "@types/prop-types" "*"
- "@types/scheduler" "*"
- csstype "^3.0.2"
-
"@types/retry@^0.12.0":
version "0.12.1"
resolved "https://registry.yarnpkg.com/@types/retry/-/retry-0.12.1.tgz#d8f1c0d0dc23afad6dc16a9e993a0865774b4065"
integrity sha512-xoDlM2S4ortawSWORYqsdU+2rxdh4LRW9ytc3zmT37RIKQh6IHyKwwtKhKis9ah8ol07DCkZxPt8BBvPjC6v4g==
-"@types/scheduler@*":
- version "0.16.3"
- resolved "https://registry.yarnpkg.com/@types/scheduler/-/scheduler-0.16.3.tgz#cef09e3ec9af1d63d2a6cc5b383a737e24e6dcf5"
- integrity sha512-5cJ8CB4yAx7BH1oMvdU0Jh9lrEXyPkar6F9G/ERswkCuvP4KQZfZkSjcMbAICCpQTN4OuZn8tz0HiKv9TGZgrQ==
-
"@types/serve-index@^1.9.1":
version "1.9.1"
resolved "https://registry.yarnpkg.com/@types/serve-index/-/serve-index-1.9.1.tgz#1b5e85370a192c01ec6cec4735cf2917337a6278"
@@ -4562,7 +4553,7 @@ cssstyle@^2.3.0:
dependencies:
cssom "~0.3.6"
-csstype@^3.0.2, csstype@^3.1.0:
+csstype@^3.1.0:
version "3.1.2"
resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.2.tgz#1d4bf9d572f11c14031f0436e1c10bc1f571f50b"
integrity sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==
@@ -5446,11 +5437,16 @@ dommatrix@^1.0.3:
resolved "https://registry.yarnpkg.com/dommatrix/-/dommatrix-1.0.3.tgz#e7c18e8d6f3abdd1fef3dd4aa74c4d2e620a0525"
integrity sha512-l32Xp/TLgWb8ReqbVJAFIvXmY7go4nTxxlWiAFyhoQw9RKEOHBZNnyGvJWqDVSPmq3Y9HlM4npqF/T6VMOXhww==
-dompurify@2.4.5, dompurify@^2.4.5:
+dompurify@^2.4.5:
version "2.4.5"
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.4.5.tgz#0e89a27601f0bad978f9a924e7a05d5d2cccdd87"
integrity sha512-jggCCd+8Iqp4Tsz0nIvpcb22InKEBrGz5dw3EQJMs8HPJDsKbFIO3STYtAvCfDx26Muevn1MHVI0XxjgFfmiSA==
+dompurify@^3.0.5:
+ version "3.0.6"
+ resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.6.tgz#925ebd576d54a9531b5d76f0a5bef32548351dae"
+ integrity sha512-ilkD8YEnnGh1zJ240uJsW7AzE+2qpbOUYjacomn3AvJ6J4JhKGSZ2nh4wUIXPZrEPppaCLx5jFe8T89Rk8tQ7w==
+
domutils@^2.5.2, domutils@^2.6.0:
version "2.6.0"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.6.0.tgz#2e15c04185d43fb16ae7057cb76433c6edb938b7"
@@ -8841,10 +8837,10 @@ mdast-util-find-and-replace@^2.0.0:
unist-util-is "^5.0.0"
unist-util-visit-parents "^4.0.0"
-mdast-util-from-markdown@^1.0.0:
- version "1.2.0"
- resolved "https://registry.yarnpkg.com/mdast-util-from-markdown/-/mdast-util-from-markdown-1.2.0.tgz#84df2924ccc6c995dec1e2368b2b208ad0a76268"
- integrity sha512-iZJyyvKD1+K7QX1b5jXdE7Sc5dtoTry1vzV28UZZe8Z1xVnB/czKntJ7ZAkG0tANqRnBF6p3p7GpU1y19DTf2Q==
+mdast-util-from-markdown@^1.0.0, mdast-util-from-markdown@^1.3.0:
+ version "1.3.1"
+ resolved "https://registry.yarnpkg.com/mdast-util-from-markdown/-/mdast-util-from-markdown-1.3.1.tgz#9421a5a247f10d31d2faed2a30df5ec89ceafcf0"
+ integrity sha512-4xTO/M8c82qBcnQc1tgpNtubGUW/Y1tBQ1B0i5CtSoelOLKFYlElIr3bvgREYYO5iRqbMY1YuqZng0GVOI8Qww==
dependencies:
"@types/mdast" "^3.0.0"
"@types/unist" "^2.0.0"
@@ -9040,25 +9036,28 @@ merge2@^1.3.0, merge2@^1.4.1:
resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae"
integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
-mermaid@10.1.0:
- version "10.1.0"
- resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-10.1.0.tgz#6e40d5250174f4750ca6548e4ee00f6ae210855a"
- integrity sha512-LYekSMNJygI1VnMizAPUddY95hZxOjwZxr7pODczILInO0dhQKuhXeu4sargtnuTwCilSuLS7Uiq/Qn7HTVrmA==
+mermaid@10.5.0:
+ version "10.5.0"
+ resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-10.5.0.tgz#e90512a65b5c6e29bd86cd04ce45aa31da2be76d"
+ integrity sha512-9l0o1uUod78D3/FVYPGSsgV+Z0tSnzLBDiC9rVzvelPxuO80HbN1oDr9ofpPETQy9XpypPQa26fr09VzEPfvWA==
dependencies:
- "@braintree/sanitize-url" "^6.0.0"
- "@khanacademy/simple-markdown" "^0.8.6"
+ "@braintree/sanitize-url" "^6.0.1"
+ "@types/d3-scale" "^4.0.3"
+ "@types/d3-scale-chromatic" "^3.0.0"
cytoscape "^3.23.0"
cytoscape-cose-bilkent "^4.1.0"
cytoscape-fcose "^2.1.0"
d3 "^7.4.0"
+ d3-sankey "^0.12.3"
dagre-d3-es "7.0.10"
dayjs "^1.11.7"
- dompurify "2.4.5"
+ dompurify "^3.0.5"
elkjs "^0.8.2"
khroma "^2.0.0"
lodash-es "^4.17.21"
+ mdast-util-from-markdown "^1.3.0"
non-layered-tidy-tree-layout "^2.0.2"
- stylis "^4.1.2"
+ stylis "^4.1.3"
ts-dedent "^2.2.0"
uuid "^9.0.0"
web-worker "^1.2.0"
@@ -12067,10 +12066,10 @@ stylelint@^14.9.1:
v8-compile-cache "^2.3.0"
write-file-atomic "^4.0.1"
-stylis@^4.1.2:
- version "4.1.3"
- resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.1.3.tgz#fd2fbe79f5fed17c55269e16ed8da14c84d069f7"
- integrity sha512-GP6WDNWf+o403jrEp9c5jibKavrtLW+/qYGhFxFrG8maXhwTBI7gLLhiBb0o7uFccWN+EOS9aMO6cGHWAO07OA==
+stylis@^4.1.3:
+ version "4.3.0"
+ resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.3.0.tgz#abe305a669fc3d8777e10eefcfc73ad861c5588c"
+ integrity sha512-E87pIogpwUsUwXw7dNyU4QDjdgVMy52m+XEOPEKUn161cCzWjjhPSQhByfd1CcNvrOLnXQ6OnnZDwnJrz/Z4YQ==
subscriptions-transport-ws@^0.11.0:
version "0.11.0"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 17:36:52 +0300