From ce567e98da6118031576d9084d3e05473746e4c6 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 11 May 2023 06:08:35 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- .rubocop_todo/layout/argument_alignment.yml | 7 ------- CHANGELOG.md | 21 +++++++++++++++++++++ GITALY_SERVER_VERSION | 2 +- .../markdown/comment_templates_dropdown.vue | 2 ++ .../16_0/16-0-dast-api-variable-removal.yml | 13 +++++++++++++ doc/update/removals.md | 12 ++++++++++++ ...backfill_integrations_enable_ssl_verification.rb | 14 +++++++------- ...source_license_for_no_issues_no_repo_projects.rb | 5 +++-- ...ource_license_for_one_member_no_repo_projects.rb | 5 +++-- .../encrypt_integration_properties.rb | 16 ++++++++-------- ...ncoherent_packages_size_on_project_statistics.rb | 4 ++-- ...elines_and_duplicate_vulnerabilities_findings.rb | 2 +- .../reset_status_on_container_repositories.rb | 10 +++++----- qa/qa/resource/runner_base.rb | 7 ++++++- .../types/project_member_relation_enum_spec.rb | 3 ++- 15 files changed, 86 insertions(+), 37 deletions(-) create mode 100644 data/removals/16_0/16-0-dast-api-variable-removal.yml diff --git a/.rubocop_todo/layout/argument_alignment.yml b/.rubocop_todo/layout/argument_alignment.yml index 20d2b04b359..944771fb3cc 100644 --- a/.rubocop_todo/layout/argument_alignment.yml +++ b/.rubocop_todo/layout/argument_alignment.yml @@ -1592,13 +1592,6 @@ Layout/ArgumentAlignment: - 'lib/gitlab/alert_management/payload/managed_prometheus.rb' - 'lib/gitlab/alert_management/payload/prometheus.rb' - 'lib/gitlab/auth/ldap/adapter.rb' - - 'lib/gitlab/background_migration/backfill_integrations_enable_ssl_verification.rb' - - 'lib/gitlab/background_migration/disable_legacy_open_source_license_for_no_issues_no_repo_projects.rb' - - 'lib/gitlab/background_migration/disable_legacy_open_source_license_for_one_member_no_repo_projects.rb' - - 'lib/gitlab/background_migration/encrypt_integration_properties.rb' - - 'lib/gitlab/background_migration/fix_incoherent_packages_size_on_project_statistics.rb' - - 'lib/gitlab/background_migration/remove_occurrence_pipelines_and_duplicate_vulnerabilities_findings.rb' - - 'lib/gitlab/background_migration/reset_status_on_container_repositories.rb' - 'lib/gitlab/bitbucket_server_import/importer.rb' - 'lib/gitlab/chat/command.rb' - 'lib/gitlab/ci/ansi2json/line.rb' diff --git a/CHANGELOG.md b/CHANGELOG.md index b246240e7e9..e63412615a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 15.11.3 (2023-05-10) + +### Fixed (2 changes) + +- [Fix issue description keeping autosave after save](gitlab-org/security/gitlab@9a2d98b24c1ed9416ef672635aae27997b99a8b6) +- [Backport MR 119319 changes to 15-11-stable-ee](gitlab-org/security/gitlab@7f54f28a839efeebdea9030ae41975c9059a5f4e) + +### Changed (1 change) + +- [Restrict cleanup migrations only for GitLab.com](gitlab-org/security/gitlab@d6d1c3a650277a0f4acb777f0b123cc0b9c57ea4) + ## 15.11.2 (2023-05-03) ### Security (2 changes) @@ -843,6 +854,12 @@ entry. - [Update header section](gitlab-org/gitlab@cf4ab283267d84fa1c0dc90fefb1b6ddd2617b5c) ([merge request](gitlab-org/gitlab!114102)) **GitLab Enterprise Edition** - [Swap merge_request_user_mentions.note_id to bigint](gitlab-org/gitlab@96baed47326db4f0cc9f60b2e74215211effd814) ([merge request](gitlab-org/gitlab!113928)) +## 15.10.7 (2023-05-10) + +### Fixed (1 change) + +- [Backport MR 119319 changes to 15-10-stable-ee](gitlab-org/security/gitlab@6c9e1f2f706b0151b1caa3d5199aa312b23c683a) **GitLab Enterprise Edition** + ## 15.10.6 (2023-05-03) ### Security (1 change) @@ -1642,6 +1659,10 @@ entry. - [Update submit buttons to use Pajamas component](gitlab-org/gitlab@4ffb92755e6be3268c78f02e471f5c2a21f437be) ([merge request](gitlab-org/gitlab!114246)) +## 15.9.8 (2023-05-10) + +No changes. + ## 15.9.7 (2023-05-03) ### Security (1 change) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 3cc5d640565..7befd5a0d5b 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -91b69d050acf344c09a9238f24a75c4938001113 +cf82dc98409a959201de728d2024e80418ea4c2a diff --git a/app/assets/javascripts/vue_shared/components/markdown/comment_templates_dropdown.vue b/app/assets/javascripts/vue_shared/components/markdown/comment_templates_dropdown.vue index 1377a40fcf0..897ca2f84d2 100644 --- a/app/assets/javascripts/vue_shared/components/markdown/comment_templates_dropdown.vue +++ b/app/assets/javascripts/vue_shared/components/markdown/comment_templates_dropdown.vue @@ -71,6 +71,7 @@ export default { } }, }, + popperOptions: { strategy: 'fixed' }, }; @@ -88,6 +89,7 @@ export default { searchable size="small" class="comment-template-dropdown" + :popper-options="$options.popperOptions" :searching="$apollo.queries.savedReplies.loading" @shown="fetchCommentTemplates" @search="setCommentTemplateSearch" diff --git a/data/removals/16_0/16-0-dast-api-variable-removal.yml b/data/removals/16_0/16-0-dast-api-variable-removal.yml new file mode 100644 index 00000000000..15dd4c6d781 --- /dev/null +++ b/data/removals/16_0/16-0-dast-api-variable-removal.yml @@ -0,0 +1,13 @@ +- title: "Two DAST API variables have been removed" # (required) Clearly explain the change. For example, "The `confidential` field for a `Note` is removed" or "CI/CD job names are limited to 250 characters." + announcement_milestone: "15.7" # (required) The milestone when this feature was deprecated. + removal_milestone: "16.0" # (required) The milestone when this feature is being removed. + breaking_change: true # (required) Change to false if this is not a breaking change. + reporter: derekferguson # (required) GitLab username of the person reporting the removal + stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/383467 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + The variables `DAST_API_HOST_OVERRIDE` and `DAST_API_SPECIFICATION` have been removed from use for DAST API scans. + + `DAST_API_HOST_OVERRIDE` has been removed in favor of using the `DAST_API_TARGET_URL` to automatically override the host in the OpenAPI specification. + + `DAST_API_SPECIFICATION` has been removed in favor of `DAST_API_OPENAPI`. To continue using an OpenAPI specification to guide the test, users must replace the `DAST_API_SPECIFICATION` variable with the `DAST_API_OPENAPI` variable. The value can remain the same, but the variable name must be replaced. diff --git a/doc/update/removals.md b/doc/update/removals.md index 5c877062fb2..957790733c3 100644 --- a/doc/update/removals.md +++ b/doc/update/removals.md @@ -235,6 +235,18 @@ From GitLab 15.9, all Release links are external. The `external` field in the Re As of GitLab 16.0, GitLab Runner images based on Windows Server 2004 and 20H2 will not be provided as these operating systems are end-of-life. +### Two DAST API variables have been removed + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +The variables `DAST_API_HOST_OVERRIDE` and `DAST_API_SPECIFICATION` have been removed from use for DAST API scans. + +`DAST_API_HOST_OVERRIDE` has been removed in favor of using the `DAST_API_TARGET_URL` to automatically override the host in the OpenAPI specification. + +`DAST_API_SPECIFICATION` has been removed in favor of `DAST_API_OPENAPI`. To continue using an OpenAPI specification to guide the test, users must replace the `DAST_API_SPECIFICATION` variable with the `DAST_API_OPENAPI` variable. The value can remain the same, but the variable name must be replaced. + ### Use of `id` field in vulnerabilityFindingDismiss mutation WARNING: diff --git a/lib/gitlab/background_migration/backfill_integrations_enable_ssl_verification.rb b/lib/gitlab/background_migration/backfill_integrations_enable_ssl_verification.rb index de52629522b..878f89a8b3d 100644 --- a/lib/gitlab/background_migration/backfill_integrations_enable_ssl_verification.rb +++ b/lib/gitlab/background_migration/backfill_integrations_enable_ssl_verification.rb @@ -40,13 +40,13 @@ module Gitlab scope :affected, -> { where(type_new: INTEGRATIONS.keys).where.not(encrypted_properties: nil) } attr_encrypted :properties, - mode: :per_attribute_iv, - key: Settings.attr_encrypted_db_key_base_32, - algorithm: 'aes-256-gcm', - marshal: true, - marshaler: ::Gitlab::Json, - encode: false, - encode_iv: false + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_32, + algorithm: 'aes-256-gcm', + marshal: true, + marshaler: ::Gitlab::Json, + encode: false, + encode_iv: false # Handle assignment of props with symbol keys. # To do this correctly, we need to call the method generated by attr_encrypted. diff --git a/lib/gitlab/background_migration/disable_legacy_open_source_license_for_no_issues_no_repo_projects.rb b/lib/gitlab/background_migration/disable_legacy_open_source_license_for_no_issues_no_repo_projects.rb index 2eb7c5230ba..276c7a1c6fa 100644 --- a/lib/gitlab/background_migration/disable_legacy_open_source_license_for_no_issues_no_repo_projects.rb +++ b/lib/gitlab/background_migration/disable_legacy_open_source_license_for_no_issues_no_repo_projects.rb @@ -23,8 +23,9 @@ module Gitlab .joins('LEFT OUTER JOIN project_statistics ON project_statistics.project_id = projects.id') .joins('LEFT OUTER JOIN project_settings ON project_settings.project_id = projects.id') .joins('LEFT OUTER JOIN issues ON issues.project_id = projects.id') - .where('project_statistics.repository_size' => 0, - 'project_settings.legacy_open_source_license_available' => true) + .where( + 'project_statistics.repository_size' => 0, + 'project_settings.legacy_open_source_license_available' => true) .group('projects.id') .having('COUNT(issues.id) = 0') diff --git a/lib/gitlab/background_migration/disable_legacy_open_source_license_for_one_member_no_repo_projects.rb b/lib/gitlab/background_migration/disable_legacy_open_source_license_for_one_member_no_repo_projects.rb index 8953836c705..7661ae4b5ad 100644 --- a/lib/gitlab/background_migration/disable_legacy_open_source_license_for_one_member_no_repo_projects.rb +++ b/lib/gitlab/background_migration/disable_legacy_open_source_license_for_one_member_no_repo_projects.rb @@ -23,8 +23,9 @@ module Gitlab .joins('LEFT OUTER JOIN project_statistics ON project_statistics.project_id = projects.id') .joins('LEFT OUTER JOIN project_settings ON project_settings.project_id = projects.id') .joins('LEFT OUTER JOIN project_authorizations ON project_authorizations.project_id = projects.id') - .where('project_statistics.repository_size' => 0, - 'project_settings.legacy_open_source_license_available' => true) + .where( + 'project_statistics.repository_size' => 0, + 'project_settings.legacy_open_source_license_available' => true) .group('projects.id') .having('COUNT(project_authorizations.user_id) = 1') diff --git a/lib/gitlab/background_migration/encrypt_integration_properties.rb b/lib/gitlab/background_migration/encrypt_integration_properties.rb index c9582da2a51..28c28ae48eb 100644 --- a/lib/gitlab/background_migration/encrypt_integration_properties.rb +++ b/lib/gitlab/background_migration/encrypt_integration_properties.rb @@ -18,14 +18,14 @@ module Gitlab scope :for_batch, ->(range) { where(id: range) } attr_encrypted :encrypted_properties_tmp, - attribute: :encrypted_properties, - mode: :per_attribute_iv, - key: ::Settings.attr_encrypted_db_key_base_32, - algorithm: ALGORITHM, - marshal: true, - marshaler: ::Gitlab::Json, - encode: false, - encode_iv: false + attribute: :encrypted_properties, + mode: :per_attribute_iv, + key: ::Settings.attr_encrypted_db_key_base_32, + algorithm: ALGORITHM, + marshal: true, + marshaler: ::Gitlab::Json, + encode: false, + encode_iv: false # See 'Integration#reencrypt_properties' def encrypt_properties diff --git a/lib/gitlab/background_migration/fix_incoherent_packages_size_on_project_statistics.rb b/lib/gitlab/background_migration/fix_incoherent_packages_size_on_project_statistics.rb index 4b6bb12c91b..afd5e18ed7d 100644 --- a/lib/gitlab/background_migration/fix_incoherent_packages_size_on_project_statistics.rb +++ b/lib/gitlab/background_migration/fix_incoherent_packages_size_on_project_statistics.rb @@ -69,14 +69,14 @@ module Gitlab self.table_name = 'packages_packages' has_many :package_files, - class_name: '::Gitlab::BackgroundMigration::FixIncoherentPackagesSizeOnProjectStatistics::PackageFile' # rubocop:disable Layout/LineLength + class_name: '::Gitlab::BackgroundMigration::FixIncoherentPackagesSizeOnProjectStatistics::PackageFile' end class PackageFile < ::ApplicationRecord self.table_name = 'packages_package_files' belongs_to :package, - class_name: '::Gitlab::BackgroundMigration::FixIncoherentPackagesSizeOnProjectStatistics::Package' # rubocop:disable Layout/LineLength + class_name: '::Gitlab::BackgroundMigration::FixIncoherentPackagesSizeOnProjectStatistics::Package' def self.sum_query packages = FixIncoherentPackagesSizeOnProjectStatistics::Package.arel_table diff --git a/lib/gitlab/background_migration/remove_occurrence_pipelines_and_duplicate_vulnerabilities_findings.rb b/lib/gitlab/background_migration/remove_occurrence_pipelines_and_duplicate_vulnerabilities_findings.rb index 7fe5a427d10..f4f54e2b2eb 100644 --- a/lib/gitlab/background_migration/remove_occurrence_pipelines_and_duplicate_vulnerabilities_findings.rb +++ b/lib/gitlab/background_migration/remove_occurrence_pipelines_and_duplicate_vulnerabilities_findings.rb @@ -53,7 +53,7 @@ class Gitlab::BackgroundMigration::RemoveOccurrencePipelinesAndDuplicateVulnerab def mark_job_as_succeeded(*arguments) Gitlab::Database::BackgroundMigrationJob.mark_all_as_succeeded( self.class.name.demodulize, - arguments + arguments ) end end diff --git a/lib/gitlab/background_migration/reset_status_on_container_repositories.rb b/lib/gitlab/background_migration/reset_status_on_container_repositories.rb index 0dbe2781327..56506814dc0 100644 --- a/lib/gitlab/background_migration/reset_status_on_container_repositories.rb +++ b/lib/gitlab/background_migration/reset_status_on_container_repositories.rb @@ -36,8 +36,8 @@ module Gitlab included do has_one :route, - as: :source, - class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Route' + as: :source, + class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Route' end def full_path @@ -67,7 +67,7 @@ module Gitlab self.inheritance_column = :_type_disabled belongs_to :parent, - class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Namespace' + class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Namespace' def self.polymorphic_name 'Namespace' @@ -80,7 +80,7 @@ module Gitlab self.table_name = 'projects' belongs_to :namespace, - class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Namespace' + class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Namespace' alias_method :parent, :namespace alias_attribute :parent_id, :namespace_id @@ -92,7 +92,7 @@ module Gitlab self.table_name = 'container_repositories' belongs_to :project, - class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Project' + class_name: '::Gitlab::BackgroundMigration::ResetStatusOnContainerRepositories::Project' def tags? result = ContainerRegistry.tags_for(path).any? diff --git a/qa/qa/resource/runner_base.rb b/qa/qa/resource/runner_base.rb index 5d514b8977b..1a977affec8 100644 --- a/qa/qa/resource/runner_base.rb +++ b/qa/qa/resource/runner_base.rb @@ -55,7 +55,12 @@ module QA # Start container on initial fabrication and populate all attributes once id is known # see: https://docs.gitlab.com/ee/api/runners.html#get-runners-details start_container_and_register - api_get + # Temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/409089 + Support::Retrier.retry_on_exception(max_attempts: 6, sleep_interval: 10, + message: "Retrying GET for runners/:id" + ) do + api_get + end end def remove_via_api! diff --git a/spec/graphql/types/project_member_relation_enum_spec.rb b/spec/graphql/types/project_member_relation_enum_spec.rb index 3c947bf8406..a486844a687 100644 --- a/spec/graphql/types/project_member_relation_enum_spec.rb +++ b/spec/graphql/types/project_member_relation_enum_spec.rb @@ -6,6 +6,7 @@ RSpec.describe Types::ProjectMemberRelationEnum do specify { expect(described_class.graphql_name).to eq('ProjectMemberRelation') } it 'exposes all the existing project member relation type values' do - expect(described_class.values.keys).to contain_exactly('DIRECT', 'INHERITED', 'DESCENDANTS', 'INVITED_GROUPS') + relation_types = %w[DIRECT INHERITED DESCENDANTS INVITED_GROUPS SHARED_INTO_ANCESTORS] + expect(described_class.values.keys).to contain_exactly(*relation_types) end end -- cgit v1.2.3