Add latest changes from gitlab-org/gitlab@master

11 files changed, 68 insertions, 8 deletions

diff --git a/app/models/namespace/package_setting.rb b/app/models/namespace/package_setting.rb
index a2064e020b3..ce0b736e9a5 100644
--- a/app/models/namespace/package_setting.rb
+++ b/app/models/namespace/package_setting.rb
@@ -22,7 +22,7 @@ class Namespace::PackageSetting < ApplicationRecord
       duplicates_allowed = package.package_settings["#{package.package_type}_duplicates_allowed"]
       regex = ::Gitlab::UntrustedRegexp.new("\\A#{package.package_settings["#{package.package_type}_duplicate_exception_regex"]}\\z")
 
-      duplicates_allowed || regex.match?(package.name)
+      duplicates_allowed || regex.match?(package.name) || regex.match?(package.version)
     end
   end
 end
diff --git a/changelogs/unreleased/321772-version-dupe-check.yml b/changelogs/unreleased/321772-version-dupe-check.yml
new file mode 100644
index 00000000000..b444671fcf2
--- /dev/null
+++ b/changelogs/unreleased/321772-version-dupe-check.yml
@@ -0,0 +1,5 @@
+---
+title: Check duplicate package regex against version as well as name
+merge_request: 60760
+author:
+type: fixed
diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md
index d85b4d6cc3a..e53878e59f7 100644
--- a/doc/administration/gitaly/praefect.md
+++ b/doc/administration/gitaly/praefect.md
@@ -874,6 +874,27 @@ Particular attention should be shown to:
    repository that viewed. If the project is created, and you can see the
    README file, it works!
 
+#### Use TCP for existing GitLab instances
+
+When adding Gitaly Cluster to an existing Gitaly instance, the existing Gitaly storage
+must use a TCP address. If `gitaly_address` is not specified, then a Unix socket is used,
+which will prevent the communication with the cluster.
+
+For example:
+
+```ruby
+git_data_dirs({
+  'default' => { 'gitaly_address' => 'tcp://old-gitaly.internal:8075' },
+  'cluster' => {
+    'gitaly_address' => 'tcp://<load_balancer_server_address>:2305',
+    'gitaly_token' => '<praefect_external_token>'
+  }
+})
+```
+
+See [Mixed Configuration](configure_gitaly.md#mixed-configuration) for further information on
+running multiple Gitaly storages.
+
 ### Grafana
 
 Grafana is included with GitLab, and can be used to monitor your Praefect
diff --git a/doc/security/token_overview.md b/doc/security/token_overview.md
index 0ca1e07bf54..f9655210329 100644
--- a/doc/security/token_overview.md
+++ b/doc/security/token_overview.md
@@ -106,3 +106,15 @@ This table shows available scopes per token. Scopes can be limited further on to
 1. Limited to the one project.
 1. Runner registration and authentication token don't provide direct access to repositories, but can be used to register and authenticate a new runner that may execute jobs which do have access to the repository
 1. Limited to certain [endpoints](../api/README.md#gitlab-cicd-job-token).
+
+## Security considerations
+
+Access tokens should be treated like passwords and kept secure.
+
+Adding them to URLs is a security risk. This is especially true when cloning or adding a remote, as Git then writes the URL to its `.git/config` file in plain text. URLs are also generally logged by proxies and application servers, which makes those credentials visible to system administrators.
+
+Instead, API calls can be passed an access token using headers, like [the `Private-Token` header](../api/README.md#personalproject-access-tokens).
+
+Tokens can also be stored using a [Git credential storage](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage).
+
+When creating a scoped token, consider using the most limited scope possible to reduce the impact of accidentally leaking the token.
diff --git a/doc/user/application_security/dependency_list/index.md b/doc/user/application_security/dependency_list/index.md
index 25b7615a8ae..fcefba943ad 100644
--- a/doc/user/application_security/dependency_list/index.md
+++ b/doc/user/application_security/dependency_list/index.md
@@ -10,10 +10,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10075) in GitLab Ultimate 12.0.
 
 Use the dependency list to review your project's dependencies and key
-details about those dependencies, including their known vulnerabilities. To see the dependency list,
-in your project, go to **Security & Compliance > Dependency List**.
+details about those dependencies, including their known vulnerabilities. It is a collection of dependencies in your project, including existing and new findings. To see the dependency list, go to your project and select **Security & Compliance > Dependency List**.
 This information is sometimes referred to as a Software Bill of Materials or SBoM / BOM.
 
+The dependency list only shows the results of the last successful pipeline to run on the default branch. This is why we recommend not changing the default behavior of allowing the secure jobs to fail. 
+
 ## Prerequisites
 
 To view your project's dependencies, ensure you meet the following requirements:
diff --git a/doc/user/packages/maven_repository/index.md b/doc/user/packages/maven_repository/index.md
index d4dc9f0ae78..ba7b55dc47d 100644
--- a/doc/user/packages/maven_repository/index.md
+++ b/doc/user/packages/maven_repository/index.md
@@ -625,7 +625,7 @@ In the UI:
 1. For your group, go to **Settings > Packages & Registries**.
 1. Expand the **Package Registry** section.
 1. Turn on the **Reject duplicates** toggle.
-1. Optional. To allow some duplicate packages, in the **Exceptions** box, enter a regex pattern that matches the names of packages you want to allow.
+1. Optional. To allow some duplicate packages, in the **Exceptions** box, enter a regex pattern that matches the names and/or versions of packages you want to allow.
 
 Your changes are automatically saved.
 
diff --git a/lib/banzai/filter/references/merge_request_reference_filter.rb b/lib/banzai/filter/references/merge_request_reference_filter.rb
index a86f29267b5..6c5ad83d9ae 100644
--- a/lib/banzai/filter/references/merge_request_reference_filter.rb
+++ b/lib/banzai/filter/references/merge_request_reference_filter.rb
@@ -58,7 +58,7 @@ module Banzai
         end
 
         def data_attributes_for(text, parent, object, **data)
-          super.merge(project_path: current_parent_path, iid: object.iid, mr_title: object.title)
+          super.merge(project_path: parent.full_path, iid: object.iid, mr_title: object.title)
         end
 
         private
diff --git a/lib/gitlab/markdown_cache.rb b/lib/gitlab/markdown_cache.rb
index 3ec5f2339b5..acd6242b886 100644
--- a/lib/gitlab/markdown_cache.rb
+++ b/lib/gitlab/markdown_cache.rb
@@ -3,7 +3,7 @@
 module Gitlab
   module MarkdownCache
     # Increment this number every time the renderer changes its output
-    CACHE_COMMONMARK_VERSION        = 27
+    CACHE_COMMONMARK_VERSION        = 28
     CACHE_COMMONMARK_VERSION_START  = 10
 
     BaseError = Class.new(StandardError)
diff --git a/spec/lib/banzai/filter/references/merge_request_reference_filter_spec.rb b/spec/lib/banzai/filter/references/merge_request_reference_filter_spec.rb
index 7a634b0b513..ee2ce967a47 100644
--- a/spec/lib/banzai/filter/references/merge_request_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/merge_request_reference_filter_spec.rb
@@ -142,6 +142,17 @@ RSpec.describe Banzai::Filter::References::MergeRequestReferenceFilter do
       expect(doc.text).to eq("Merge (#{reference}.)")
     end
 
+    it 'has correct data attributes' do
+      doc = reference_filter("Merge (#{reference}.)")
+
+      link = doc.css('a').first
+
+      expect(link.attr('data-project')).to eq project2.id.to_s
+      expect(link.attr('data-project-path')).to eq project2.full_path
+      expect(link.attr('data-iid')).to eq merge.iid.to_s
+      expect(link.attr('data-mr-title')).to eq merge.title
+    end
+
     it 'ignores invalid merge IDs on the referenced project' do
       exp = act = "Merge #{invalidate_reference(reference)}"
 
diff --git a/spec/models/namespace/package_setting_spec.rb b/spec/models/namespace/package_setting_spec.rb
index 097cef8ef3b..a6dcb316796 100644
--- a/spec/models/namespace/package_setting_spec.rb
+++ b/spec/models/namespace/package_setting_spec.rb
@@ -42,7 +42,7 @@ RSpec.describe Namespace::PackageSetting do
     context 'package types with package_settings' do
       # As more package types gain settings they will be added to this list
       [:maven_package].each do |format|
-        let_it_be(:package) { create(format) } # rubocop:disable Rails/SaveBang
+        let_it_be(:package) { create(format, name: 'foo', version: 'beta') } # rubocop:disable Rails/SaveBang
         let_it_be(:package_type) { package.package_type }
         let_it_be(:package_setting) { package.project.namespace.package_settings }
 
@@ -50,6 +50,8 @@ RSpec.describe Namespace::PackageSetting do
           true  | ''   | true
           false | ''   | false
           false | '.*' | true
+          false | 'fo.*' | true
+          false | 'be.*' | true
         end
 
         with_them do
diff --git a/spec/services/packages/maven/find_or_create_package_service_spec.rb b/spec/services/packages/maven/find_or_create_package_service_spec.rb
index 2543ab0c669..803371af4bf 100644
--- a/spec/services/packages/maven/find_or_create_package_service_spec.rb
+++ b/spec/services/packages/maven/find_or_create_package_service_spec.rb
@@ -130,7 +130,15 @@ RSpec.describe Packages::Maven::FindOrCreatePackageService do
 
       context 'when the package name matches the exception regex' do
         before do
-          package_settings.update!(maven_duplicate_exception_regex: '.*')
+          package_settings.update!(maven_duplicate_exception_regex: existing_package.name)
+        end
+
+        it_behaves_like 'reuse existing package'
+      end
+
+      context 'when the package version matches the exception regex' do
+        before do
+          package_settings.update!(maven_duplicate_exception_regex: existing_package.version)
         end
 
         it_behaves_like 'reuse existing package'