Age | Commit message (Collapse) | Author |
|
Allow raw `tls_options` to be passed in LDAP configuration
Closes #46391
See merge request gitlab-org/gitlab-ce!20678
|
|
We've previously exposed ca_file and ssl_version but there are many
possible options that can be used inside tls_options. Instead of
exposing individual ones, simply expose the entire hash so it can
be passed in and we won't have to add things in the future.
|
|
1.4.1 contains a number of bug fixes and performance improvements:
https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md
|
|
|
|
Fixes issue with AWS V4 signatures not working with Ceph S3:
https://github.com/fog/fog-aws/issues/462
|
|
Adds the ground work for writing into
the merge ref refs/merge-requests/:iid/merge the
merge result between source and target branches of
a MR, without further side-effects such as
mailing, MR updates and target branch changes.
|
|
Bump version_sorter to version 2.2.4
See merge request gitlab-org/gitlab-ce!25487
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Webmock 3.5.0 brings Ruby 2.6 support.
|
|
Unicorn 5.3.1 fixes a GC issue that causes a crash, and Unicorn 5.4.1
quiets some warnings for Ruby 2.6. More details:
https://github.com/defunkt/unicorn/releases
|
|
This release fixes a bug in handling certain ed25519 keys. For more
details, see this GitHub issue:
https://github.com/bensie/sshkey/issues/34
|
|
|
|
Send project name with Gitaly repository requests
Closes gitaly#1394
See merge request gitlab-org/gitlab-ce!23373
|
|
Upgrade gitaly-proto to 1.10.0 to have this field.
|
|
update js_regex 2.2.1 -> 3.1
See merge request gitlab-org/gitlab-ce!24433
|
|
This engine was replaced with CommonMarker in 11.4, it was deprecated
since then.
|
|
'19745-forms-with-task-lists-can-be-overwritten-when-editing-simultaneously' into 'master'
Forms with task lists can be overwritten when editing simultaneously
See merge request gitlab-org/gitlab-ce!23938
|
|
In commit 6fa5fd8515e0f2d5a6341134560021f353d84362 the `require: false`
was removed to ensure the Gem was loaded at run time. Unfortunately, the
`require` necessary for the rubyzip Gem is "zip" and not "rubyzip". As a
result, Bundler would not require the Gem. This meant that we would
still run into constant errors when referring to `Zip::File`.
|
|
pages:deploy step was failing with the following error:
```
unitialized constant SafeZip::Extract::Zip
```
Since license_finder already pulls in rubyzip, we can make it
a required gem. We also use the scope operator to make the reference to
Zip::File explicit.
|
|
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.
We introduce the following additional checks
to extract routines:
1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
like `public/`,
4. The symlink source needs to exist ahead of time.
|
|
v2.1.0 was published wrongly by the package author.
|
|
|
|
|
|
http_max_redirects was introduced in 4.2.2, so upgrade kubeclient.
The monkey-patch was global so we will have to check that all instances
of Kubeclient::Client are handled.
Spec all methods of KubeClient
This should provide better confidence that we are indeed disallowing
redirection in all cases
|
|
Markdown footnotes not working
Closes #26375
See merge request gitlab-org/gitlab-ce!24168
|
|
|
|
This change will instantiate an OpenTracing tracer and configure it
as the global tracer when the GITLAB_TRACING environment variable is
configured. GITLAB_TRACING takes a "connection string"-like value,
encapsulating the driver (eg jaeger, etc) and options for the driver.
Since each service, whether it's written in Ruby or Golang, uses the
same connection-string, it should be very easy to configure all
services in a cluster, or even a single development machine to be
setup to use tracing.
Note that this change does not include instrumentation or propagation
changes as this is a way of breaking a previous larger change into
components. The instrumentation and propagation changes will follow
in separate changes.
|
|
|
|
|
|
|
|
and truncato to 0.7.11
|
|
Update pg 0.18.4 -> 1.0
See merge request gitlab-org/gitlab-ce!17829
|
|
Bump minitest to 5.11.3 to match Gitaly version
See merge request gitlab-org/gitlab-ce!24070
|
|
This will allow developers to run `bundle install` on both directories
and avoid additional calls to RubyGems for local development. Also sets
up the possibility of improved caching as mentioned in
https://gitlab.com/gitlab-org/gitlab-ce/issues/55843.
|
|
Bump Ruby on Rails to 5.0.7.1
See merge request gitlab-org/gitlab-ce!23396
|
|
Upgrade Omniauth and JWT gems to switch away from Google+ API
Closes #55668
See merge request gitlab-org/gitlab-ce!24068
|
|
Bump database_cleaner version
Closes #55539
See merge request gitlab-org/gitlab-ce!23985
|
|
This prevents us from shipping duplicate versions of this gem.
|
|
* omniauth-google-oauth2: Google will be deprecating its support for the
Google+ API, which currently omniauth-google-oauth2 uses to retrieve
user info. The bump in omniauth-google-oauth2 requires an upgrade to
ruby-jwt v2+ to support the verification of multiple issue providers
(https://github.com/zquestz/omniauth-google-oauth2/pull/345).
* jwt: This has the most number of changes that need to be
reviewed: https://github.com/jwt/ruby-jwt/blob/master/CHANGELOG.md
* oauth2: Needed to support ruby-jwt v2+:
https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md
* omniauth-azure-oauth2 needs a version bump to support ruby-jwt v2+.
* omniauth: This version bump only involves backstage improvements:
https://github.com/omniauth/omniauth/releases
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55668
|
|
|
|
Full list of changes:
https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md
|
|
should fix issue with:
undefined method `schema_migrations_table_name'
for ActiveRecord::Migrator:Class
https://gitlab.com/gitlab-org/gitlab-ee/-/jobs/135978879
|
|
Fix the CVE-2018-16476 vulnerability.
|
|
Fixes: ActionView::Template::Error (undefined method `add_class' for #<Nokogiri::XML::Element:0x0055dbff5252e8>
|
|
|
|
Leave object pools when destroying projects
Closes gitaly#1415
See merge request gitlab-org/gitlab-ce!23869
|
|
This action doesn't lean on reduplication, so a short call can me made
to the Gitaly server to have the object pool remove its remote to the
project pending deletion.
https://gitlab.com/gitlab-org/gitaly/blob/f6cd55357/internal/git/objectpool/link.go#L58
When an object pool doesn't have members, this would invalidate the need
for a pool. So when a project leaves the pool, the pool will be
destroyed on the background.
Fixes: https://gitlab.com/gitlab-org/gitaly/issues/1415
|
|
Fix deprecation: alias_method_chain is deprecated. Please, use Module#prepend instead
See merge request gitlab-org/gitlab-ce!23887
|
|
Fix object storage not working properly with Google S3 compatibility
Closes #53846
See merge request gitlab-org/gitlab-ce!23858
|
|
Even in AWS S3 compatibility mode, Google now appears to reject requests
that includes this header with this error:
```
Requests cannot specify both x-amz and x-goog headers
```
This has been submitted upstream via
https://github.com/carrierwaveuploader/carrierwave/pull/2356.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53846.
|