From 468b5ccaf7a622e55549599ceb5b18220b5bf0aa Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 3 Feb 2022 11:37:53 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@14-7-stable-ee --- app/views/devise/confirmations/new.html.haml | 2 +- app/views/devise/passwords/new.html.haml | 2 +- .../groups/_import_group_from_another_instance_panel.html.haml | 1 + doc/api/graphql/reference/index.md | 2 +- lib/banzai/filter/blockquote_fence_filter.rb | 2 +- package.json | 2 +- spec/lib/banzai/filter/blockquote_fence_filter_spec.rb | 10 ++++++++++ yarn.lock | 8 ++++---- 8 files changed, 20 insertions(+), 9 deletions(-) diff --git a/app/views/devise/confirmations/new.html.haml b/app/views/devise/confirmations/new.html.haml index eee223ff63c..2ae950f3b0d 100644 --- a/app/views/devise/confirmations/new.html.haml +++ b/app/views/devise/confirmations/new.html.haml @@ -6,7 +6,7 @@ = render "devise/shared/error_messages", resource: resource .form-group = f.label :email - = f.email_field :email, class: "form-control gl-form-input", required: true, title: _('Please provide a valid email address.'), value: nil + = f.email_field :email, class: "form-control gl-form-input", required: true, autocomplete: 'off', title: _('Please provide a valid email address.'), value: nil %div - if recaptcha_enabled? diff --git a/app/views/devise/passwords/new.html.haml b/app/views/devise/passwords/new.html.haml index 7bbde4a39c7..d5372862128 100644 --- a/app/views/devise/passwords/new.html.haml +++ b/app/views/devise/passwords/new.html.haml @@ -5,7 +5,7 @@ = render "devise/shared/error_messages", resource: resource .form-group = f.label :email - = f.email_field :email, class: "form-control gl-form-input", required: true, value: params[:user_email], autofocus: true, title: _('Please provide a valid email address.') + = f.email_field :email, class: "form-control gl-form-input", required: true, autocomplete: 'off', value: params[:user_email], autofocus: true, title: _('Please provide a valid email address.') .form-text.text-muted = _('Requires your primary GitLab email address.') diff --git a/app/views/groups/_import_group_from_another_instance_panel.html.haml b/app/views/groups/_import_group_from_another_instance_panel.html.haml index 06a86c2465f..3b079ea00b7 100644 --- a/app/views/groups/_import_group_from_another_instance_panel.html.haml +++ b/app/views/groups/_import_group_from_another_instance_panel.html.haml @@ -26,6 +26,7 @@ = s_('GroupsNew|Navigate to user settings to find your %{link_start}personal access token%{link_end}.').html_safe % { link_start: pat_link_start, link_end: ''.html_safe } = f.text_field :bulk_import_gitlab_access_token, placeholder: s_('GroupsNew|e.g. h8d3f016698e...'), class: 'gl-form-input gl-mt-3 col-xs-12 col-sm-8', required: true, + autocomplete: 'off', title: s_('GroupsNew|Please fill in your personal access token.'), id: 'import_gitlab_token', data: { qa_selector: 'import_gitlab_token' } diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index d7bf89c67ce..4ca40d1fa11 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -16022,7 +16022,7 @@ Represents an issue link of a vulnerability. | Name | Type | Description | | ---- | ---- | ----------- | | `id` | [`ID!`](#id) | GraphQL ID of the vulnerability. | -| `issue` | [`Issue!`](#issue) | Issue attached to issue link. | +| `issue` | [`Issue`](#issue) | Issue attached to issue link. | | `linkType` | [`VulnerabilityIssueLinkType!`](#vulnerabilityissuelinktype) | Type of the issue link. | ### `VulnerabilityLink` diff --git a/lib/banzai/filter/blockquote_fence_filter.rb b/lib/banzai/filter/blockquote_fence_filter.rb index 8f5ad9981e5..e07cbfe8d85 100644 --- a/lib/banzai/filter/blockquote_fence_filter.rb +++ b/lib/banzai/filter/blockquote_fence_filter.rb @@ -6,7 +6,7 @@ module Banzai REGEX = %r{ #{::Gitlab::Regex.markdown_code_or_html_blocks} | - (?: + (?=^>>>\ *\n.*\n>>>\ *$)(?: # Blockquote: # >>> # Anything, including code and HTML blocks diff --git a/package.json b/package.json index 94221488036..d1630b6a64d 100644 --- a/package.json +++ b/package.json @@ -151,7 +151,7 @@ "lowlight": "^1.20.0", "marked": "^0.3.12", "mathjax": "3", - "mermaid": "^8.13.8", + "mermaid": "^8.13.10", "minimatch": "^3.0.4", "monaco-editor": "^0.25.2", "monaco-editor-webpack-plugin": "^4.0.0", diff --git a/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb b/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb index e736943914b..2d326bd77a6 100644 --- a/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb +++ b/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb @@ -17,4 +17,14 @@ RSpec.describe Banzai::Filter::BlockquoteFenceFilter do it 'allows trailing whitespace on blockquote fence lines' do expect(filter(">>> \ntest\n>>> ")).to eq("\n> test\n") end + + context 'when incomplete blockquote fences with multiple blocks are present' do + it 'does not raise timeout error' do + test_string = ">>>#{"\n```\nfoo\n```" * 20}" + + expect do + Timeout.timeout(2.seconds) { filter(test_string) } + end.not_to raise_error + end + end end diff --git a/yarn.lock b/yarn.lock index 0917c1690b6..51cc427e10f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8464,10 +8464,10 @@ merge2@^1.3.0: resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== -mermaid@^8.13.8: - version "8.13.8" - resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-8.13.8.tgz#fc137e2a59df34a3e053712033833ffbbc8d84a9" - integrity sha512-Z5v31rvo8P7BPTiGicdJl9BbzyUe9s5sXILK8sM1g7ijkagpfFjPtXZVsq5P1WlN8m/fUp2PPNXVF9SqeTM91w== +mermaid@^8.13.10: + version "8.13.10" + resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-8.13.10.tgz#b9d733b178bbf7416b9b46e39d566c7c28b75688" + integrity sha512-2ANep359uML87+wiYaWSu83eg9Qc0xCLnNJdCh100m4v0orS3fp8SScsZLcDSElRGHi+1zuVJsEEVEWH05+COQ== dependencies: "@braintree/sanitize-url" "^3.1.0" d3 "^7.0.0" -- cgit v1.2.3