Age | Commit message (Collapse) | Author |
|
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.
We introduce the following additional checks
to extract routines:
1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
like `public/`,
4. The symlink source needs to exist ahead of time.
|
|
This reduces duplication caused by gitlab-monitor already shipping
Sidekiq 5.2.5. The only changes appear to be minor:
https://github.com/mperham/sidekiq/blob/master/Changes.md
|
|
http_max_redirects was introduced in 4.2.2, so upgrade kubeclient.
The monkey-patch was global so we will have to check that all instances
of Kubeclient::Client are handled.
Spec all methods of KubeClient
This should provide better confidence that we are indeed disallowing
redirection in all cases
|
|
This change renames a dependency and fixes a minor bug, but this upgrade
is happening because Gitaly will be receiving rbtrace as a dependency.
|
|
Markdown footnotes not working
Closes #26375
See merge request gitlab-org/gitlab-ce!24168
|
|
|
|
This change will instantiate an OpenTracing tracer and configure it
as the global tracer when the GITLAB_TRACING environment variable is
configured. GITLAB_TRACING takes a "connection string"-like value,
encapsulating the driver (eg jaeger, etc) and options for the driver.
Since each service, whether it's written in Ruby or Golang, uses the
same connection-string, it should be very easy to configure all
services in a cluster, or even a single development machine to be
setup to use tracing.
Note that this change does not include instrumentation or propagation
changes as this is a way of breaking a previous larger change into
components. The instrumentation and propagation changes will follow
in separate changes.
|
|
|
|
|
|
|
|
|
|
This avoids an extra HEAD request when making request for auth URL.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56096
|
|
and truncato to 0.7.11
|
|
Update pg 0.18.4 -> 1.0
See merge request gitlab-org/gitlab-ce!17829
|
|
Bump minitest to 5.11.3 to match Gitaly version
See merge request gitlab-org/gitlab-ce!24070
|
|
This will allow developers to run `bundle install` on both directories
and avoid additional calls to RubyGems for local development. Also sets
up the possibility of improved caching as mentioned in
https://gitlab.com/gitlab-org/gitlab-ce/issues/55843.
|
|
Bump Ruby on Rails to 5.0.7.1
See merge request gitlab-org/gitlab-ce!23396
|
|
Upgrade Omniauth and JWT gems to switch away from Google+ API
Closes #55668
See merge request gitlab-org/gitlab-ce!24068
|
|
Bump database_cleaner version
Closes #55539
See merge request gitlab-org/gitlab-ce!23985
|
|
This prevents us from shipping duplicate versions of this gem.
|
|
* omniauth-google-oauth2: Google will be deprecating its support for the
Google+ API, which currently omniauth-google-oauth2 uses to retrieve
user info. The bump in omniauth-google-oauth2 requires an upgrade to
ruby-jwt v2+ to support the verification of multiple issue providers
(https://github.com/zquestz/omniauth-google-oauth2/pull/345).
* jwt: This has the most number of changes that need to be
reviewed: https://github.com/jwt/ruby-jwt/blob/master/CHANGELOG.md
* oauth2: Needed to support ruby-jwt v2+:
https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md
* omniauth-azure-oauth2 needs a version bump to support ruby-jwt v2+.
* omniauth: This version bump only involves backstage improvements:
https://github.com/omniauth/omniauth/releases
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55668
|
|
|
|
Full list of changes:
https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md
|
|
should fix issue with:
undefined method `schema_migrations_table_name'
for ActiveRecord::Migrator:Class
https://gitlab.com/gitlab-org/gitlab-ee/-/jobs/135978879
|
|
Fix the CVE-2018-16476 vulnerability.
|
|
Fixes: ActionView::Template::Error (undefined method `add_class' for #<Nokogiri::XML::Element:0x0055dbff5252e8>
|
|
|
|
Leave object pools when destroying projects
Closes gitaly#1415
See merge request gitlab-org/gitlab-ce!23869
|
|
This action doesn't lean on reduplication, so a short call can me made
to the Gitaly server to have the object pool remove its remote to the
project pending deletion.
https://gitlab.com/gitlab-org/gitaly/blob/f6cd55357/internal/git/objectpool/link.go#L58
When an object pool doesn't have members, this would invalidate the need
for a pool. So when a project leaves the pool, the pool will be
destroyed on the background.
Fixes: https://gitlab.com/gitlab-org/gitaly/issues/1415
|
|
Fix deprecation: alias_method_chain is deprecated. Please, use Module#prepend instead
See merge request gitlab-org/gitlab-ce!23887
|
|
|
|
Module#prepend instead
|
|
|
|
Contains only minor fixes from 2.7.2:
https://github.com/getsentry/raven-ruby/releases
|
|
|
|
|
|
rspec-parameterized 0.4.0 fails spectacularly with Ruby 2.5.3 with the
following error:
```
RuntimeError:
No such frame, gone beyond end of stack!
```
This happens because of a Ruby bug in
https://bugs.ruby-lang.org/issues/15105. The binding_of_caller gem
induces this failure. This upgrade switches to the binding_of_ninja gem,
which does not have the same problem.
|
|
|
|
|
|
|
|
Commits API: Preserve file content in move operations if unspecified
Closes #52974 et #51083
See merge request gitlab-org/gitlab-ce!23387
|
|
Rack with Unicorn is unable to handle chunked requests due to private `eof?` method.
This exposes `eof?` not changing `rack` behavior.
Issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/8539
|
|
|
|
Upgrade kubeclient to 4.0.0
See merge request gitlab-org/gitlab-ce!23261
|
|
Don't use rugged write-ref anymore
See merge request gitlab-org/gitlab-ce!23286
|
|
Bumps kubeclient and its dependencies from 3.1.0 to 4.0.0.
|
|
|
|
This gem is only used for development, and the latest version has been
tested with Rails 5/Ruby 2.5.
Changes: https://github.com/BetterErrors/better_errors/releases
|
|
This matches the version shipped in gitaly-ruby.
The main changes between 1.1.1 and 1.2.1 are CI-related
improvements:
https://github.com/brianmario/escape_utils/compare/1.1.1...1.2.1
|
|
Bump nokogiri, loofah, and rack gems for security updates
See merge request gitlab-org/gitlab-ce!23204
|