Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2023-10-31 17:11:55 +0300
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2023-10-31 17:11:55 +0300
commit1f137c90e4bd1f863d8e373c11861c9aadf6cc39 (patch)
tree6855a3e188fade55e6c3cc359d09c7f01e11ea1d
parentaa7271815e0d1a2bc5ef0a8bda7e15d14a6b4f8b (diff)
parent67c88353b766ca51ff3d6e6d38f6e70e6d11a3c9 (diff)
Merge remote-tracking branch 'dev/16-4-stable' into 16-4-stable
Diffstat
-rw-r--r--CHANGELOG.md25
-rw-r--r--GITALY_SERVER_VERSION2
-rw-r--r--GITLAB_PAGES_VERSION2
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.checksum2
-rw-r--r--Gemfile.lock4
-rw-r--r--VERSION2
-rw-r--r--app/helpers/version_check_helper.rb4
-rw-r--r--app/mailers/emails/service_desk.rb6
-rw-r--r--app/models/ci/build.rb4
-rw-r--r--app/models/concerns/chronic_duration_attribute.rb2
-rw-r--r--app/models/container_expiration_policy.rb2
-rw-r--r--app/services/projects/container_repository/cleanup_tags_base_service.rb2
-rw-r--r--app/validators/duration_validator.rb2
-rw-r--r--doc/ci/examples/authenticating-with-hashicorp-vault/index.md52
-rw-r--r--doc/ci/secrets/id_token_authentication.md52
-rw-r--r--lib/gitlab/ci/build/duration_parser.rb2
-rw-r--r--lib/gitlab/ci/components/instance_path.rb9
-rw-r--r--lib/gitlab/ci/config/entry/job.rb2
-rw-r--r--lib/gitlab/ci/jwt.rb3
-rw-r--r--lib/gitlab/config/entry/legacy_validation_helpers.rb9
-rw-r--r--lib/gitlab/import_export/command_line_util.rb2
-rw-r--r--lib/gitlab/import_export/project/relation_factory.rb2
-rw-r--r--lib/gitlab/search/abuse_detection.rb32
-rw-r--r--lib/gitlab/search/params.rb2
-rw-r--r--lib/gitlab/time_tracking_formatter.rb6
-rw-r--r--package.json2
-rw-r--r--spec/helpers/version_check_helper_spec.rb52
-rw-r--r--spec/lib/gitlab/ci/build/duration_parser_spec.rb6
-rw-r--r--spec/lib/gitlab/ci/components/instance_path_spec.rb14
-rw-r--r--spec/lib/gitlab/ci/jwt_spec.rb19
-rw-r--r--spec/lib/gitlab/import_export/command_line_util_spec.rb16
-rw-r--r--spec/lib/gitlab/search/abuse_detection_spec.rb28
-rw-r--r--spec/lib/gitlab/search/params_spec.rb18
-rw-r--r--spec/mailers/emails/service_desk_spec.rb22
-rw-r--r--yarn.lock8
36 files changed, 287 insertions, 132 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 65a1df824a0..77e7f8813e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,31 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 16.4.2 (2023-10-30)
+
+### Fixed (4 changes)
+
+- [Fix pipeline schedules view when owner is nil](gitlab-org/security/gitlab@663b1328b6e05e472f60ebdcec9866220b88d066)
+- [Update dependency prometheus-client-mmap to '>= 0.28.1'](gitlab-org/security/gitlab@a478482f3616bfe205e10fcca997b0e6f133d692)
+- [Fix failing migration when commit_message_negative_regex is missing](gitlab-org/security/gitlab@1488c3ed6568d44aa7c8b7d0551fa8160b59c1dc)
+- [Backport fix flaky epic tests](gitlab-org/security/gitlab@155cb51939d5b3c1f4b847219a5cb62c9f2ae1b0) **GitLab Enterprise Edition**
+
+### Security (9 changes)
+
+- [Fix infinite loop when finding component project](gitlab-org/security/gitlab@b38efc987c1081fcd092c96e69c7ebb539324679) ([merge request](gitlab-org/security/gitlab!3666))
+- [Update gitlab-chronic-duration to 0.12](gitlab-org/security/gitlab@1c8dd2e890c1121b1c1ad947f701a39ec6ac5310) ([merge request](gitlab-org/security/gitlab!3628))
+- [Guard gitlab_version_check helper](gitlab-org/security/gitlab@e6c833ee0da8a801f08d5d7411b4ff683d0cde31) ([merge request](gitlab-org/security/gitlab!3653))
+- [Add the environment action to the CI JWT token fields](gitlab-org/security/gitlab@10fe34349f2e1d8230b805316f559b2dde8e6240) ([merge request](gitlab-org/security/gitlab!3616))
+- [Remove FIFO files from tarball extract](gitlab-org/security/gitlab@5d5acf918d68ffcf193a7c477c637788aadd882e) ([merge request](gitlab-org/security/gitlab!3633))
+- [Backport add abuse detection for pipes](gitlab-org/security/gitlab@2ccde2dbbcc647c8fc34ebb71c5472e2b70560ab) ([merge request](gitlab-org/security/gitlab!3618))
+- [Prevent unprivileged user assignment in templated projects](gitlab-org/security/gitlab@977371d7af40caa2a9b8fb18fe093be12d2e8443) ([merge request](gitlab-org/security/gitlab!3636))
+- [Fixes Service Desk email template issue description privileges](gitlab-org/security/gitlab@6e8e58e222937232397502828fa0985dee1bf786) ([merge request](gitlab-org/security/gitlab!3640))
+- [Update mermaid version for DOS fixes](gitlab-org/security/gitlab@5047299db60c7ab27fb521812d04dee7e70e319b) ([merge request](gitlab-org/security/gitlab!3626))
+
+### Other (1 change)
+
+- [Create Geo event when project is created](gitlab-org/security/gitlab@1f743fba3af02ab30e65c03da7f088610880a90a) **GitLab Enterprise Edition**
+
## 16.4.1 (2023-09-28)
### Security (15 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 4b8dba5f3e3..189aba114d8 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-16.4.1 \ No newline at end of file
+16.4.2 \ No newline at end of file
diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION
index 4b8dba5f3e3..189aba114d8 100644
--- a/GITLAB_PAGES_VERSION
+++ b/GITLAB_PAGES_VERSION
@@ -1 +1 @@
-16.4.1 \ No newline at end of file
+16.4.2 \ No newline at end of file
diff --git a/Gemfile b/Gemfile
index 6d29d94f176..83a2a3de135 100644
--- a/Gemfile
+++ b/Gemfile
@@ -321,7 +321,7 @@ gem 'fast_blank', '~> 1.0.1'
# Parse time & duration
gem 'gitlab-chronic', '~> 0.10.5'
-gem 'gitlab_chronic_duration', '~> 0.11'
+gem 'gitlab_chronic_duration', '~> 0.12'
gem 'rack-proxy', '~> 0.7.7'
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 80297361467..8d8c3079792 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -217,7 +217,7 @@
{"name":"gitlab-markup","version":"1.9.0","platform":"ruby","checksum":"7eda045a08ec2d110084252fa13a8c9eac8bdac0e302035ca7db4b82bcbd7ed4"},
{"name":"gitlab-net-dns","version":"0.9.2","platform":"ruby","checksum":"f726d978479d43810819f12a45c0906d775a07e34df111bbe693fffbbef3059d"},
{"name":"gitlab-styles","version":"10.1.0","platform":"ruby","checksum":"f42745f5397d042fe24cf2d0eb56c995b37f9f43d8fb79b834d197a1cafdc84a"},
-{"name":"gitlab_chronic_duration","version":"0.11.0","platform":"ruby","checksum":"c2fd201724a9031ff0af23d07a30231cebefbf83c3e682daae452cda5f514ba6"},
+{"name":"gitlab_chronic_duration","version":"0.12.0","platform":"ruby","checksum":"0d766944d415b5c831f176871ee8625783fc0c5bfbef2d79a3a616f207ffc16d"},
{"name":"gitlab_omniauth-ldap","version":"2.2.0","platform":"ruby","checksum":"bb4d20acb3b123ed654a8f6a47d3fac673ece7ed0b6992edb92dca14bad2838c"},
{"name":"gitlab_quality-test_tooling","version":"1.0.0","platform":"ruby","checksum":"b030be168a6a0eb3c47202beb6c64a4fbe36f5547d189c3f64cad29cfcc331db"},
{"name":"globalid","version":"1.1.0","platform":"ruby","checksum":"b337e1746f0c8cb0a6c918234b03a1ddeb4966206ce288fbb57779f59b2d154f"},
diff --git a/Gemfile.lock b/Gemfile.lock
index d3efc95fb13..0b87a23f2f1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -678,7 +678,7 @@ GEM
rubocop-performance (~> 1.15)
rubocop-rails (~> 2.17)
rubocop-rspec (~> 2.22)
- gitlab_chronic_duration (0.11.0)
+ gitlab_chronic_duration (0.12.0)
numerizer (~> 0.2)
gitlab_omniauth-ldap (2.2.0)
net-ldap (~> 0.16)
@@ -1832,7 +1832,7 @@ DEPENDENCIES
gitlab-sidekiq-fetcher!
gitlab-styles (~> 10.1.0)
gitlab-utils!
- gitlab_chronic_duration (~> 0.11)
+ gitlab_chronic_duration (~> 0.12)
gitlab_omniauth-ldap (~> 2.2.0)
gitlab_quality-test_tooling (~> 1.0.0)
gon (~> 6.4.0)
diff --git a/VERSION b/VERSION
index 4b8dba5f3e3..189aba114d8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-16.4.1 \ No newline at end of file
+16.4.2 \ No newline at end of file
diff --git a/app/helpers/version_check_helper.rb b/app/helpers/version_check_helper.rb
index 45a4b292eb5..895155e00d1 100644
--- a/app/helpers/version_check_helper.rb
+++ b/app/helpers/version_check_helper.rb
@@ -10,12 +10,14 @@ module VersionCheckHelper
end
def gitlab_version_check
+ return unless show_version_check?
+
VersionCheck.new.response
end
strong_memoize_attr :gitlab_version_check
def show_security_patch_upgrade_alert?
- return false unless show_version_check? && gitlab_version_check
+ return false unless gitlab_version_check
Gitlab::Utils.to_boolean(gitlab_version_check['critical_vulnerability'])
end
diff --git a/app/mailers/emails/service_desk.rb b/app/mailers/emails/service_desk.rb
index 9f3611df2cc..f6595a91bee 100644
--- a/app/mailers/emails/service_desk.rb
+++ b/app/mailers/emails/service_desk.rb
@@ -211,7 +211,11 @@ module Emails
end
def issue_description
- @issue.description_html.to_s
+ return '' if @issue.description_html.blank?
+
+ # Remove references etc. from description HTML because external participants
+ # are no regular users and don't have permission to access them.
+ ::Banzai::Renderer.post_process(@issue.description_html, {})
end
def subject_base
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 2abb8e4be48..750c318819c 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -414,7 +414,7 @@ module Ci
end
def options_scheduled_at
- ChronicDuration.parse(options[:start_in], use_complete_matcher: true)&.seconds&.from_now
+ ChronicDuration.parse(options[:start_in])&.seconds&.from_now
end
def action?
@@ -738,7 +738,7 @@ module Ci
def artifacts_expire_in=(value)
self.artifacts_expire_at =
if value
- ChronicDuration.parse(value, use_complete_matcher: true)&.seconds&.from_now
+ ChronicDuration.parse(value)&.seconds&.from_now
end
end
diff --git a/app/models/concerns/chronic_duration_attribute.rb b/app/models/concerns/chronic_duration_attribute.rb
index 7b7b61fdf06..44b34cf9b2f 100644
--- a/app/models/concerns/chronic_duration_attribute.rb
+++ b/app/models/concerns/chronic_duration_attribute.rb
@@ -18,7 +18,7 @@ module ChronicDurationAttribute
begin
new_value = if value.present?
- ChronicDuration.parse(value, use_complete_matcher: true).to_i
+ ChronicDuration.parse(value).to_i
else
parameters[:default].presence
end
diff --git a/app/models/container_expiration_policy.rb b/app/models/container_expiration_policy.rb
index f643fa7730b..a7ed5e28695 100644
--- a/app/models/container_expiration_policy.rb
+++ b/app/models/container_expiration_policy.rb
@@ -80,7 +80,7 @@ class ContainerExpirationPolicy < ApplicationRecord
end
def set_next_run_at
- cadence_seconds = ChronicDuration.parse(cadence, use_complete_matcher: true).seconds
+ cadence_seconds = ChronicDuration.parse(cadence).seconds
self.next_run_at = Time.zone.now + cadence_seconds
end
diff --git a/app/services/projects/container_repository/cleanup_tags_base_service.rb b/app/services/projects/container_repository/cleanup_tags_base_service.rb
index 61b09de1643..45557d03502 100644
--- a/app/services/projects/container_repository/cleanup_tags_base_service.rb
+++ b/app/services/projects/container_repository/cleanup_tags_base_service.rb
@@ -100,7 +100,7 @@ module Projects
def older_than_in_seconds
strong_memoize(:older_than_in_seconds) do
- ChronicDuration.parse(older_than, use_complete_matcher: true).seconds
+ ChronicDuration.parse(older_than).seconds
end
end
end
diff --git a/app/validators/duration_validator.rb b/app/validators/duration_validator.rb
index bcdcf665cba..defd28d7d3b 100644
--- a/app/validators/duration_validator.rb
+++ b/app/validators/duration_validator.rb
@@ -12,7 +12,7 @@
#
class DurationValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
- ChronicDuration.parse(value, use_complete_matcher: true)
+ ChronicDuration.parse(value)
rescue ChronicDuration::DurationParseError
if options[:message]
record.errors.add(:base, options[:message])
diff --git a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
index 647669385d8..97bac397f6f 100644
--- a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
+++ b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
@@ -33,31 +33,32 @@ ID tokens are JSON Web Tokens (JWTs) used for OIDC authentication with third-par
The following fields are included in the JWT:
-| Field | When | Description |
-|-------------------------|------------------------------|-------------|
-| `jti` | Always | Unique identifier for this token |
-| `iss` | Always | Issuer, the domain of your GitLab instance |
-| `iat` | Always | Issued at |
-| `nbf` | Always | Not valid before |
-| `exp` | Always | Expires at |
-| `sub` | Always | Subject (job ID) |
-| `namespace_id` | Always | Use this to scope to group or user level namespace by ID |
-| `namespace_path` | Always | Use this to scope to group or user level namespace by path |
-| `project_id` | Always | Use this to scope to project by ID |
-| `project_path` | Always | Use this to scope to project by path |
-| `user_id` | Always | ID of the user executing the job |
-| `user_login` | Always | Username of the user executing the job |
-| `user_email` | Always | Email of the user executing the job |
-| `pipeline_id` | Always | ID of this pipeline |
-| `pipeline_source` | Always | [Pipeline source](../../jobs/job_control.md#common-if-clauses-for-rules) |
-| `job_id` | Always | ID of this job |
-| `ref` | Always | Git ref for this job |
-| `ref_type` | Always | Git ref type, either `branch` or `tag` |
-| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
-| `ref_protected` | Always | `true` if this Git ref is protected, `false` otherwise |
-| `environment` | Job specifies an environment | Environment this job specifies ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
-| `environment_protected` | Job specifies an environment | `true` if specified environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
+| Field | When | Description |
+|-------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `jti` | Always | Unique identifier for this token |
+| `iss` | Always | Issuer, the domain of your GitLab instance |
+| `iat` | Always | Issued at |
+| `nbf` | Always | Not valid before |
+| `exp` | Always | Expires at |
+| `sub` | Always | Subject (job ID) |
+| `namespace_id` | Always | Use this to scope to group or user level namespace by ID |
+| `namespace_path` | Always | Use this to scope to group or user level namespace by path |
+| `project_id` | Always | Use this to scope to project by ID |
+| `project_path` | Always | Use this to scope to project by path |
+| `user_id` | Always | ID of the user executing the job |
+| `user_login` | Always | Username of the user executing the job |
+| `user_email` | Always | Email of the user executing the job |
+| `pipeline_id` | Always | ID of this pipeline |
+| `pipeline_source` | Always | [Pipeline source](../../jobs/job_control.md#common-if-clauses-for-rules) |
+| `job_id` | Always | ID of this job |
+| `ref` | Always | Git ref for this job |
+| `ref_type` | Always | Git ref type, either `branch` or `tag` |
+| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
+| `ref_protected` | Always | `true` if this Git ref is protected, `false` otherwise |
+| `environment` | Job specifies an environment | Environment this job specifies ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
+| `environment_protected` | Job specifies an environment | `true` if specified environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9) |
| `deployment_tier` | Job specifies an environment | [Deployment tier](../../environments/index.md#deployment-tier-of-environments) of environment this job specifies ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/363590) in GitLab 15.2) |
+| `environment_action` | Job specifies an environment | [Environment action (`environment:action`)](../../environments/index.md) specified in the job. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/) in GitLab 16.5) |
Example JWT payload:
@@ -84,7 +85,8 @@ Example JWT payload:
"ref_path": "refs/heads/auto-deploy-2020-04-01",
"ref_protected": "true",
"environment": "production",
- "environment_protected": "true"
+ "environment_protected": "true",
+ "environment_action": "start"
}
```
diff --git a/doc/ci/secrets/id_token_authentication.md b/doc/ci/secrets/id_token_authentication.md
index 697346474f8..9cf4b35b00d 100644
--- a/doc/ci/secrets/id_token_authentication.md
+++ b/doc/ci/secrets/id_token_authentication.md
@@ -51,32 +51,33 @@ The following standard claims are included in each ID token:
The token also includes custom claims provided by GitLab:
-| Field | When | Description |
-|-------------------------|------------------------------|-------------|
-| `namespace_id` | Always | Use this to scope to group or user level namespace by ID. |
-| `namespace_path` | Always | Use this to scope to group or user level namespace by path. |
-| `project_id` | Always | Use this to scope to project by ID. |
-| `project_path` | Always | Use this to scope to project by path. |
-| `user_id` | Always | ID of the user executing the job. |
-| `user_login` | Always | Username of the user executing the job. |
-| `user_email` | Always | Email of the user executing the job. |
-| `user_identities` | User Preference setting | List of the user's external identities ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387537) in GitLab 16.0). |
-| `pipeline_id` | Always | ID of the pipeline. |
-| `pipeline_source` | Always | [Pipeline source](../jobs/job_control.md#common-if-clauses-for-rules). |
-| `job_id` | Always | ID of the job. |
-| `ref` | Always | Git ref for the job. |
-| `ref_type` | Always | Git ref type, either `branch` or `tag`. |
-| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
-| `ref_protected` | Always | `true` if the Git ref is protected, `false` otherwise. |
-| `environment` | Job specifies an environment | Environment this job deploys to ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
-| `environment_protected` | Job specifies an environment | `true` if deployed environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
-| `deployment_tier` | Job specifies an environment | [Deployment tier](../environments/index.md#deployment-tier-of-environments) of the environment the job specifies. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/363590) in GitLab 15.2. |
-| `runner_id` | Always | ID of the runner executing the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
-| `runner_environment` | Always | The type of runner used by the job. Can be either `gitlab-hosted` or `self-hosted`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
-| `sha` | Always | The commit SHA for the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
+| Field | When | Description |
+|-------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `namespace_id` | Always | Use this to scope to group or user level namespace by ID. |
+| `namespace_path` | Always | Use this to scope to group or user level namespace by path. |
+| `project_id` | Always | Use this to scope to project by ID. |
+| `project_path` | Always | Use this to scope to project by path. |
+| `user_id` | Always | ID of the user executing the job. |
+| `user_login` | Always | Username of the user executing the job. |
+| `user_email` | Always | Email of the user executing the job. |
+| `user_identities` | User Preference setting | List of the user's external identities ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387537) in GitLab 16.0). |
+| `pipeline_id` | Always | ID of the pipeline. |
+| `pipeline_source` | Always | [Pipeline source](../jobs/job_control.md#common-if-clauses-for-rules). |
+| `job_id` | Always | ID of the job. |
+| `ref` | Always | Git ref for the job. |
+| `ref_type` | Always | Git ref type, either `branch` or `tag`. |
+| `ref_path` | Always | Fully qualified ref for the job. For example, `refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/119075) in GitLab 16.0. |
+| `ref_protected` | Always | `true` if the Git ref is protected, `false` otherwise. |
+| `environment` | Job specifies an environment | Environment this job deploys to ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
+| `environment_protected` | Job specifies an environment | `true` if deployed environment is protected, `false` otherwise ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/294440) in GitLab 13.9). |
+| `deployment_tier` | Job specifies an environment | [Deployment tier](../environments/index.md#deployment-tier-of-environments) of the environment the job specifies. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/363590) in GitLab 15.2. |
+| `environment_action` | Job specifies an environment | [Environment action (`environment:action`)](../environments/index.md) specified in the job. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/) in GitLab 16.5) |
+| `runner_id` | Always | ID of the runner executing the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
+| `runner_environment` | Always | The type of runner used by the job. Can be either `gitlab-hosted` or `self-hosted`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
+| `sha` | Always | The commit SHA for the job. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.0. |
| `ci_config_ref_uri` | Always | The ref path to the top-level pipeline definition, for example, `gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.2. This claim is `null` unless the pipeline definition is located in the same project. |
-| `ci_config_sha` | Always | Git commit SHA for the `ci_config_ref_uri`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.2. This claim is `null` unless the pipeline definition is located in the same project. |
-| `project_visibility` | Always | The [visibility](../../user/public_access.md) of the project where the pipeline is running. Can be `internal`, `private`, or `public`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418810) in GitLab 16.3. |
+| `ci_config_sha` | Always | Git commit SHA for the `ci_config_ref_uri`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404722) in GitLab 16.2. This claim is `null` unless the pipeline definition is located in the same project. |
+| `project_visibility` | Always | The [visibility](../../user/public_access.md) of the project where the pipeline is running. Can be `internal`, `private`, or `public`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418810) in GitLab 16.3. |
```json
{
@@ -101,6 +102,7 @@ The token also includes custom claims provided by GitLab:
"environment": "test-environment2",
"environment_protected": "false",
"deployment_tier": "testing",
+ "environment_action": "start",
"runner_id": 1,
"runner_environment": "self-hosted",
"sha": "714a629c0b401fdce83e847fc9589983fc6f46bc",
diff --git a/lib/gitlab/ci/build/duration_parser.rb b/lib/gitlab/ci/build/duration_parser.rb
index 97049a4f876..9385dccd5f3 100644
--- a/lib/gitlab/ci/build/duration_parser.rb
+++ b/lib/gitlab/ci/build/duration_parser.rb
@@ -41,7 +41,7 @@ module Gitlab
def parse
return if never?
- ChronicDuration.parse(value, use_complete_matcher: true)
+ ChronicDuration.parse(value)
end
def validation_cache
diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb
index 17c784c4d54..648a4e06475 100644
--- a/lib/gitlab/ci/components/instance_path.rb
+++ b/lib/gitlab/ci/components/instance_path.rb
@@ -5,6 +5,7 @@ module Gitlab
module Components
class InstancePath
include Gitlab::Utils::StrongMemoize
+ include ::Gitlab::LoopHelpers
LATEST_VERSION_KEYWORD = '~latest'
TEMPLATES_DIR = 'templates'
@@ -60,9 +61,15 @@ module Gitlab
# Given a path like "my-org/sub-group/the-project/path/to/component"
# find the project "my-org/sub-group/the-project" by looking at all possible paths.
def find_project_by_component_path(path)
+ return if path.start_with?('/') # exit early if path starts with `/` or it will loop forever.
+
possible_paths = [path]
+ index = nil
+
+ loop_until(limit: 20) do
+ index = path.rindex('/') # find index of last `/` in a path
+ break unless index
- while index = path.rindex('/') # find index of last `/` in a path
possible_paths << (path = path[0..index - 1])
end
diff --git a/lib/gitlab/ci/config/entry/job.rb b/lib/gitlab/ci/config/entry/job.rb
index c40d665f320..bf8a99ef45e 100644
--- a/lib/gitlab/ci/config/entry/job.rb
+++ b/lib/gitlab/ci/config/entry/job.rb
@@ -177,7 +177,7 @@ module Gitlab
def parsed_timeout
return unless has_timeout?
- ChronicDuration.parse(timeout.to_s, use_complete_matcher: true)
+ ChronicDuration.parse(timeout.to_s)
end
def ignored?
diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb
index 4ba7b4cc6e1..3d63ec6dfb7 100644
--- a/lib/gitlab/ci/jwt.rb
+++ b/lib/gitlab/ci/jwt.rb
@@ -71,7 +71,8 @@ module Gitlab
fields.merge!(
environment: environment.name,
environment_protected: environment_protected?.to_s,
- deployment_tier: build.environment_tier
+ deployment_tier: build.environment_tier,
+ environment_action: build.environment_action
)
end
diff --git a/lib/gitlab/config/entry/legacy_validation_helpers.rb b/lib/gitlab/config/entry/legacy_validation_helpers.rb
index ec67d65c526..1f70afbfb75 100644
--- a/lib/gitlab/config/entry/legacy_validation_helpers.rb
+++ b/lib/gitlab/config/entry/legacy_validation_helpers.rb
@@ -12,7 +12,7 @@ module Gitlab
if parser && parser.respond_to?(:validate_duration)
parser.validate_duration(value)
else
- ChronicDuration.parse(value, use_complete_matcher: true)
+ ChronicDuration.parse(value)
end
rescue ChronicDuration::DurationParseError
false
@@ -24,12 +24,7 @@ module Gitlab
if parser && parser.respond_to?(:validate_duration_limit)
parser.validate_duration_limit(value, limit)
else
- ChronicDuration.parse(
- value, use_complete_matcher: true
- ).second.from_now <
- ChronicDuration.parse(
- limit, use_complete_matcher: true
- ).second.from_now
+ ChronicDuration.parse(value).second.from_now < ChronicDuration.parse(limit).second.from_now
end
rescue ChronicDuration::DurationParseError
false
diff --git a/lib/gitlab/import_export/command_line_util.rb b/lib/gitlab/import_export/command_line_util.rb
index dfe0815f0a0..ea91b01afdb 100644
--- a/lib/gitlab/import_export/command_line_util.rb
+++ b/lib/gitlab/import_export/command_line_util.rb
@@ -141,7 +141,7 @@ module Gitlab
raise HardLinkError, 'File shares hard link' if Gitlab::Utils::FileInfo.shares_hard_link?(filepath)
- FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath)
+ FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath) || File.pipe?(filepath)
end
true
diff --git a/lib/gitlab/import_export/project/relation_factory.rb b/lib/gitlab/import_export/project/relation_factory.rb
index 78d0735bbb5..7fb747fb5e3 100644
--- a/lib/gitlab/import_export/project/relation_factory.rb
+++ b/lib/gitlab/import_export/project/relation_factory.rb
@@ -81,6 +81,8 @@ module Gitlab
private
+ attr_reader :relation_hash, :user
+
def invalid_relation?
# Do not create relation if it is a legacy trigger
legacy_trigger?
diff --git a/lib/gitlab/search/abuse_detection.rb b/lib/gitlab/search/abuse_detection.rb
index 1e4169f3fd7..1fd7c6cfe8d 100644
--- a/lib/gitlab/search/abuse_detection.rb
+++ b/lib/gitlab/search/abuse_detection.rb
@@ -6,6 +6,7 @@ module Gitlab
include ActiveModel::Validations
include AbuseValidators
+ MAX_PIPE_SYNTAX_FILTERS = 5
ABUSIVE_TERM_SIZE = 100
ALLOWED_CHARS_REGEX = %r{\A[[:alnum:]_\-\/\.!]+\z}
@@ -57,10 +58,18 @@ module Gitlab
validates :query_string, :repository_ref, :project_ref, no_abusive_coercion_from_string: true
- attr_reader(*READABLE_PARAMS)
+ validate :no_abusive_pipes, if: :detect_abusive_pipes
- def initialize(params)
- READABLE_PARAMS.each { |p| instance_variable_set("@#{p}", params[p]) }
+ attr_reader(*READABLE_PARAMS)
+ attr_reader :raw_params, :detect_abusive_pipes
+
+ def initialize(params, detect_abusive_pipes: true)
+ @raw_params = {}
+ READABLE_PARAMS.each do |p|
+ instance_variable_set("@#{p}", params[p])
+ @raw_params[p] = params[p]
+ end
+ @detect_abusive_pipes = detect_abusive_pipes
end
private
@@ -76,6 +85,23 @@ module Gitlab
def stop_word_search?
STOP_WORDS.include? query_string
end
+
+ def no_abusive_pipes
+ pipes = query_string.to_s.split('|')
+ errors.add(:query_string, 'too many pipe syntax filters') if pipes.length > MAX_PIPE_SYNTAX_FILTERS
+
+ pipes.each do |q|
+ self.class.new(raw_params.merge(query_string: q), detect_abusive_pipes: false).tap do |p|
+ p.validate
+
+ p.errors.messages_for(:query_string).each do |msg|
+ next if errors.added?(:query_string, msg)
+
+ errors.add(:query_string, msg)
+ end
+ end
+ end
+ end
end
end
end
diff --git a/lib/gitlab/search/params.rb b/lib/gitlab/search/params.rb
index 6eb24a92be6..a7896b7d80d 100644
--- a/lib/gitlab/search/params.rb
+++ b/lib/gitlab/search/params.rb
@@ -81,7 +81,7 @@ module Gitlab
end
def search_terms
- @search_terms ||= query_string.split.select { |word| word.length >= MIN_TERM_LENGTH }
+ @search_terms ||= query_string.split
end
def not_too_many_terms
diff --git a/lib/gitlab/time_tracking_formatter.rb b/lib/gitlab/time_tracking_formatter.rb
index 26efb3b918d..647d7860ba3 100644
--- a/lib/gitlab/time_tracking_formatter.rb
+++ b/lib/gitlab/time_tracking_formatter.rb
@@ -17,10 +17,8 @@ module Gitlab
begin
ChronicDuration.parse(
string,
- CUSTOM_DAY_AND_MONTH_LENGTH.merge(
- default_unit: 'hours', keep_zero: keep_zero,
- use_complete_matcher: true
- ))
+ CUSTOM_DAY_AND_MONTH_LENGTH.merge(default_unit: 'hours', keep_zero: keep_zero)
+ )
rescue StandardError
nil
end
diff --git a/package.json b/package.json
index e9e20d439e6..0893f6a6dde 100644
--- a/package.json
+++ b/package.json
@@ -167,7 +167,7 @@
"marked-bidi": "^1.0.3",
"mathjax": "3",
"mdurl": "^1.0.1",
- "mermaid": "10.3.1",
+ "mermaid": "10.5.0",
"micromatch": "^4.0.5",
"minimatch": "^3.0.4",
"monaco-editor": "^0.30.1",
diff --git a/spec/helpers/version_check_helper_spec.rb b/spec/helpers/version_check_helper_spec.rb
index ce5aade2b1c..9c697dbe21e 100644
--- a/spec/helpers/version_check_helper_spec.rb
+++ b/spec/helpers/version_check_helper_spec.rb
@@ -38,43 +38,49 @@ RSpec.describe VersionCheckHelper do
end
describe '#gitlab_version_check' do
+ let(:show_version_check) { false }
+
before do
- allow_next_instance_of(VersionCheck) do |instance|
- allow(instance).to receive(:response).and_return({ "severity" => "success" })
- end
+ allow(helper).to receive(:show_version_check?).and_return(show_version_check)
end
- it 'returns an instance of the VersionCheck class' do
- expect(helper.gitlab_version_check).to eq({ "severity" => "success" })
+ it 'when show_version_check? is false it returns nil' do
+ expect(helper.gitlab_version_check).to be nil
+ end
+
+ context 'when show_version_check? is true' do
+ let(:show_version_check) { true }
+
+ before do
+ allow_next_instance_of(VersionCheck) do |instance|
+ allow(instance).to receive(:response).and_return({ "severity" => "success" })
+ end
+ end
+
+ it 'returns an instance of the VersionCheck class if the user has access' do
+ expect(helper.gitlab_version_check).to eq({ "severity" => "success" })
+ end
end
end
describe '#show_security_patch_upgrade_alert?' do
describe 'return conditions' do
- where(:show_version_check, :gitlab_version_check, :result) do
+ where(:gitlab_version_check, :result) do
[
- [false, nil, false],
- [false, { "severity" => "success" }, false],
- [false, { "severity" => "danger" }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => 'some text' }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => false }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => 'true' }, false],
- [false, { "severity" => "danger", "critical_vulnerability" => true }, false],
- [true, nil, false],
- [true, { "severity" => "success" }, nil],
- [true, { "severity" => "danger" }, nil],
- [true, { "severity" => "danger", "critical_vulnerability" => 'some text' }, nil],
- [true, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
- [true, { "severity" => "danger", "critical_vulnerability" => false }, false],
- [true, { "severity" => "danger", "critical_vulnerability" => 'true' }, true],
- [true, { "severity" => "danger", "critical_vulnerability" => true }, true]
+ [nil, false],
+ [{}, nil],
+ [{ "severity" => "success" }, nil],
+ [{ "severity" => "danger" }, nil],
+ [{ "severity" => "danger", "critical_vulnerability" => 'some text' }, nil],
+ [{ "severity" => "danger", "critical_vulnerability" => 'false' }, false],
+ [{ "severity" => "danger", "critical_vulnerability" => false }, false],
+ [{ "severity" => "danger", "critical_vulnerability" => 'true' }, true],
+ [{ "severity" => "danger", "critical_vulnerability" => true }, true]
]
end
with_them do
before do
- allow(helper).to receive(:show_version_check?).and_return(show_version_check)
allow(helper).to receive(:gitlab_version_check).and_return(gitlab_version_check)
end
diff --git a/spec/lib/gitlab/ci/build/duration_parser_spec.rb b/spec/lib/gitlab/ci/build/duration_parser_spec.rb
index bc905aa0a35..7f5ff1eb0ee 100644
--- a/spec/lib/gitlab/ci/build/duration_parser_spec.rb
+++ b/spec/lib/gitlab/ci/build/duration_parser_spec.rb
@@ -25,8 +25,8 @@ RSpec.describe Gitlab::Ci::Build::DurationParser do
it { is_expected.to be_truthy }
it 'caches data' do
- expect(ChronicDuration).to receive(:parse).with(value, use_complete_matcher: true).once.and_call_original
- expect(ChronicDuration).to receive(:parse).with(other_value, use_complete_matcher: true).once.and_call_original
+ expect(ChronicDuration).to receive(:parse).with(value).once.and_call_original
+ expect(ChronicDuration).to receive(:parse).with(other_value).once.and_call_original
2.times do
expect(described_class.validate_duration(value)).to eq(86400)
@@ -41,7 +41,7 @@ RSpec.describe Gitlab::Ci::Build::DurationParser do
it { is_expected.to be_falsy }
it 'caches data' do
- expect(ChronicDuration).to receive(:parse).with(value, use_complete_matcher: true).once.and_call_original
+ expect(ChronicDuration).to receive(:parse).with(value).once.and_call_original
2.times do
expect(described_class.validate_duration(value)).to be_falsey
diff --git a/spec/lib/gitlab/ci/components/instance_path_spec.rb b/spec/lib/gitlab/ci/components/instance_path_spec.rb
index 97843781891..c6938761c6e 100644
--- a/spec/lib/gitlab/ci/components/instance_path_spec.rb
+++ b/spec/lib/gitlab/ci/components/instance_path_spec.rb
@@ -80,6 +80,20 @@ RSpec.describe Gitlab::Ci::Components::InstancePath, feature_category: :pipeline
end
end
+ shared_examples 'prevents infinite loop' do |prefix|
+ context "when the project path starts with '#{prefix}'" do
+ let(:project_path) { "#{prefix}#{project.full_path}" }
+
+ it 'returns nil' do
+ result = path.fetch_content!(current_user: user)
+ expect(result).to be_nil
+ end
+ end
+ end
+
+ it_behaves_like 'prevents infinite loop', '/'
+ it_behaves_like 'prevents infinite loop', '//'
+
context 'when fetching the latest version of a component' do
let_it_be(:project) do
create(
diff --git a/spec/lib/gitlab/ci/jwt_spec.rb b/spec/lib/gitlab/ci/jwt_spec.rb
index a6de5b9879c..f0b203961b4 100644
--- a/spec/lib/gitlab/ci/jwt_spec.rb
+++ b/spec/lib/gitlab/ci/jwt_spec.rb
@@ -49,6 +49,7 @@ RSpec.describe Gitlab::Ci::Jwt do
expect(payload[:environment]).to be_nil
expect(payload[:environment_protected]).to be_nil
expect(payload[:deployment_tier]).to be_nil
+ expect(payload[:environment_action]).to be_nil
end
end
@@ -109,7 +110,10 @@ RSpec.describe Gitlab::Ci::Jwt do
project: project,
user: user,
pipeline: pipeline,
- environment: environment.name
+ environment: {
+ name: environment.name,
+ action: 'start'
+ }
)
end
@@ -121,6 +125,7 @@ RSpec.describe Gitlab::Ci::Jwt do
expect(payload[:environment]).to eq('production')
expect(payload[:environment_protected]).to eq('false')
expect(payload[:deployment_tier]).to eq('production')
+ expect(payload[:environment_action]).to eq('start')
end
describe 'deployment_tier' do
@@ -134,6 +139,18 @@ RSpec.describe Gitlab::Ci::Jwt do
end
end
end
+
+ describe 'environment_action' do
+ context 'when build options specifies a different environment_action' do
+ before do
+ build.options[:environment] = { name: environment.name, action: 'prepare' }
+ end
+
+ it 'uses environment_action from build options' do
+ expect(payload[:environment_action]).to eq('prepare')
+ end
+ end
+ end
end
end
diff --git a/spec/lib/gitlab/import_export/command_line_util_spec.rb b/spec/lib/gitlab/import_export/command_line_util_spec.rb
index 76a35d07c7f..42c3b170e4d 100644
--- a/spec/lib/gitlab/import_export/command_line_util_spec.rb
+++ b/spec/lib/gitlab/import_export/command_line_util_spec.rb
@@ -84,6 +84,20 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil, feature_category: :importe
end
end
+ shared_examples 'deletes pipes' do |compression, decompression|
+ it 'deletes the pipes', :aggregate_failures do
+ FileUtils.touch("#{source_dir}/file.txt")
+ File.mkfifo("#{source_dir}/pipe")
+
+ archive_file = File.join(archive_dir, 'file_with_pipes.tar.gz')
+ subject.public_send(compression, archive: archive_file, dir: source_dir)
+ subject.public_send(decompression, archive: archive_file, dir: target_dir)
+
+ expect(File).to exist("#{target_dir}/file.txt")
+ expect(File).not_to exist("#{target_dir}/pipe")
+ end
+ end
+
describe '#download_or_copy_upload' do
let(:upload) { instance_double(Upload, local?: local) }
let(:uploader) { instance_double(ImportExportUploader, path: :path, url: :url, upload: upload) }
@@ -302,6 +316,7 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil, feature_category: :importe
it_behaves_like 'deletes symlinks', :tar_czf, :untar_zxf
it_behaves_like 'handles shared hard links', :tar_czf, :untar_zxf
+ it_behaves_like 'deletes pipes', :tar_czf, :untar_zxf
it 'has the right mask for project.json' do
subject.untar_zxf(archive: tar_archive_fixture, dir: target_dir)
@@ -321,6 +336,7 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil, feature_category: :importe
it_behaves_like 'deletes symlinks', :tar_cf, :untar_xf
it_behaves_like 'handles shared hard links', :tar_cf, :untar_xf
+ it_behaves_like 'deletes pipes', :tar_czf, :untar_zxf
it 'extracts archive without decompression' do
filename = 'archive.tar.gz'
diff --git a/spec/lib/gitlab/search/abuse_detection_spec.rb b/spec/lib/gitlab/search/abuse_detection_spec.rb
index f9a1d0211b9..cbf20614ba5 100644
--- a/spec/lib/gitlab/search/abuse_detection_spec.rb
+++ b/spec/lib/gitlab/search/abuse_detection_spec.rb
@@ -10,12 +10,12 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
describe 'abusive scopes validation' do
it 'allows only approved scopes' do
described_class::ALLOWED_SCOPES.each do |scope|
- expect(described_class.new(scope: scope)).to be_valid
+ expect(described_class.new({ scope: scope })).to be_valid
end
end
it 'disallows anything not approved' do
- expect(described_class.new(scope: 'nope')).not_to be_valid
+ expect(described_class.new({ scope: 'nope' })).not_to be_valid
end
end
@@ -55,14 +55,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
it 'considers non Integers to be invalid' do
[:project_id, :group_id].each do |param|
[[1, 2, 3], 'xyz', 3.14, { foo: :bar }].each do |dtype|
- expect(described_class.new(param => dtype)).not_to be_valid
+ expect(described_class.new({ param => dtype })).not_to be_valid
end
end
end
it 'considers Integers to be valid' do
[:project_id, :group_id].each do |param|
- expect(described_class.new(param => 123)).to be_valid
+ expect(described_class.new({ param => 123 })).to be_valid
end
end
end
@@ -70,7 +70,7 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
describe 'query_string validation' do
using ::RSpec::Parameterized::TableSyntax
- subject { described_class.new(query_string: search) }
+ subject { described_class.new({ query_string: search }) }
let(:validation_errors) do
subject.validate
@@ -82,11 +82,15 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
word | { query_string: ['stopword only abusive search detected'] }
end
- 'x' | { query_string: ['abusive tiny search detected'] }
- ('x' * described_class::ABUSIVE_TERM_SIZE) | { query_string: ['abusive term length detected'] }
- '' | {}
- '*' | {}
- 'ruby' | {}
+ (['apples'] * (described_class::MAX_PIPE_SYNTAX_FILTERS + 1)).join('|') | { query_string: ['too many pipe syntax filters'] } # rubocop:disable Layout/LineLength
+ (['apples'] * described_class::MAX_PIPE_SYNTAX_FILTERS).join('|') | {}
+ 'x' | { query_string: ['abusive tiny search detected'] }
+ 'apples|x' | { query_string: ['abusive tiny search detected'] }
+ ('x' * described_class::ABUSIVE_TERM_SIZE) | { query_string: ['abusive term length detected'] }
+ "apples|#{'x' * described_class::ABUSIVE_TERM_SIZE}" | { query_string: ['abusive term length detected'] }
+ '' | {}
+ '*' | {}
+ 'ruby' | {}
end
with_them do
@@ -100,14 +104,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
it 'considers anything not a String invalid' do
[:query_string, :scope, :repository_ref, :project_ref].each do |param|
[[1, 2, 3], 123, 3.14, { foo: :bar }].each do |dtype|
- expect(described_class.new(param => dtype)).not_to be_valid
+ expect(described_class.new({ param => dtype })).not_to be_valid
end
end
end
it 'considers Strings to be valid' do
[:query_string, :repository_ref, :project_ref].each do |param|
- expect(described_class.new(param => "foo")).to be_valid
+ expect(described_class.new({ param => "foo" })).to be_valid
end
end
end
diff --git a/spec/lib/gitlab/search/params_spec.rb b/spec/lib/gitlab/search/params_spec.rb
index 3235a0b2126..3c64082aeeb 100644
--- a/spec/lib/gitlab/search/params_spec.rb
+++ b/spec/lib/gitlab/search/params_spec.rb
@@ -17,7 +17,7 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
end
it 'uses AbuseDetection by default' do
- expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+ expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
described_class.new(params)
end
end
@@ -73,9 +73,21 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
end
it 'validates AbuseDetector on validation' do
- expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+ expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
subject.validate
end
+
+ context 'when query has too many terms' do
+ let(:search) { Array.new((::Gitlab::Search::Params::SEARCH_TERM_LIMIT + 1), 'a').join(' ') }
+
+ it { is_expected.not_to be_valid }
+ end
+
+ context 'when query is too long' do
+ let(:search) { 'a' * (::Gitlab::Search::Params::SEARCH_CHAR_LIMIT + 1) }
+
+ it { is_expected.not_to be_valid }
+ end
end
describe '#valid?' do
@@ -89,7 +101,7 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
end
it 'validates AbuseDetector on validation' do
- expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+ expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
subject.valid?
end
end
diff --git a/spec/mailers/emails/service_desk_spec.rb b/spec/mailers/emails/service_desk_spec.rb
index e3fe36237df..b700819ed2c 100644
--- a/spec/mailers/emails/service_desk_spec.rb
+++ b/spec/mailers/emails/service_desk_spec.rb
@@ -263,6 +263,28 @@ RSpec.describe Emails::ServiceDesk, feature_category: :service_desk do
let(:expected_template_html) { "<p dir=\"auto\">thank you, your new issue has been created. </p>#{issue.description_html}" }
it_behaves_like 'a service desk notification email with template content', 'thank_you'
+
+ context 'when GitLab-specific-reference is in description' do
+ let(:full_issue_reference) { "#{issue.project.full_path}#{issue.to_reference}" }
+ let(:other_issue) { create(:issue, project: project, description: full_issue_reference) }
+
+ let(:template_content) { '%{ISSUE_DESCRIPTION}' }
+ let(:expected_template_html) { "<p data-sourcepos=\"1:1-1:22\" dir=\"auto\">#{full_issue_reference}</p>" }
+
+ subject { ServiceEmailClass.service_desk_thank_you_email(other_issue.id) }
+
+ before do
+ expect(Gitlab::Template::ServiceDeskTemplate).to receive(:find)
+ .with('thank_you', other_issue.project)
+ .and_return(template)
+
+ other_issue.issue_email_participants.create!(email: email)
+ end
+
+ it 'does not render GitLab-specific-reference links with title attribute' do
+ is_expected.to have_body_text(expected_template_html)
+ end
+ end
end
context 'when issue url placeholder is used' do
diff --git a/yarn.lock b/yarn.lock
index ef68193fbf0..0e6fc9ea1ee 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -9450,10 +9450,10 @@ merge2@^1.3.0, merge2@^1.4.1:
resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae"
integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
-mermaid@10.3.1:
- version "10.3.1"
- resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-10.3.1.tgz#2f3c7e9f6bd7a8da2bef71cce2a542c8eba2a62e"
- integrity sha512-hkenh7WkuRWPcob3oJtrN3W+yzrrIYuWF1OIfk/d0xGE8UWlvDhfexaHmDwwe8DKQgqMLI8DWEPwGprxkumjuw==
+mermaid@10.5.0:
+ version "10.5.0"
+ resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-10.5.0.tgz#e90512a65b5c6e29bd86cd04ce45aa31da2be76d"
+ integrity sha512-9l0o1uUod78D3/FVYPGSsgV+Z0tSnzLBDiC9rVzvelPxuO80HbN1oDr9ofpPETQy9XpypPQa26fr09VzEPfvWA==
dependencies:
"@braintree/sanitize-url" "^6.0.1"
"@types/d3-scale" "^4.0.3"
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-06 02:33:29 +0300