Commit 69fd4f94 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'gem/sm/bump-google-api-client-gem-from-0-8-6-to-0-13-6' into 'master'

Bump google-api-client Gem from 0.8.6 to 0.13.6

Closes #38286

See merge request gitlab-org/gitlab-ce!14495
parents 23e6b17b 0a6925c1
...@@ -105,7 +105,7 @@ gem 'fog-rackspace', '~> 0.1.1' ...@@ -105,7 +105,7 @@ gem 'fog-rackspace', '~> 0.1.1'
gem 'fog-aliyun', '~> 0.1.0' gem 'fog-aliyun', '~> 0.1.0'
# for Google storage # for Google storage
gem 'google-api-client', '~> 0.8.6' gem 'google-api-client', '~> 0.13.6'
# for aws storage # for aws storage
gem 'unf', '~> 0.1.4' gem 'unf', '~> 0.1.4'
...@@ -239,7 +239,7 @@ gem 'rack-proxy', '~> 0.6.0' ...@@ -239,7 +239,7 @@ gem 'rack-proxy', '~> 0.6.0'
gem 'sass-rails', '~> 5.0.6' gem 'sass-rails', '~> 5.0.6'
gem 'uglifier', '~> 2.7.2' gem 'uglifier', '~> 2.7.2'
gem 'addressable', '~> 2.3.8' gem 'addressable', '~> 2.5.2'
gem 'bootstrap-sass', '~> 3.3.0' gem 'bootstrap-sass', '~> 3.3.0'
gem 'font-awesome-rails', '~> 4.7' gem 'font-awesome-rails', '~> 4.7'
gem 'gemojione', '~> 3.3' gem 'gemojione', '~> 3.3'
...@@ -356,7 +356,7 @@ end ...@@ -356,7 +356,7 @@ end
group :test do group :test do
gem 'shoulda-matchers', '~> 3.1.2', require: false gem 'shoulda-matchers', '~> 3.1.2', require: false
gem 'email_spec', '~> 1.6.0' gem 'email_spec', '~> 1.6.0'
gem 'json-schema', '~> 2.6.2' gem 'json-schema', '~> 2.8.0'
gem 'webmock', '~> 2.3.2' gem 'webmock', '~> 2.3.2'
gem 'test_after_commit', '~> 1.1' gem 'test_after_commit', '~> 1.1'
gem 'sham_rack', '~> 1.3.6' gem 'sham_rack', '~> 1.3.6'
......
...@@ -45,7 +45,8 @@ GEM ...@@ -45,7 +45,8 @@ GEM
adamantium (0.2.0) adamantium (0.2.0)
ice_nine (~> 0.11.0) ice_nine (~> 0.11.0)
memoizable (~> 0.4.0) memoizable (~> 0.4.0)
addressable (2.3.8) addressable (2.5.2)
public_suffix (>= 2.0.2, < 4.0)
akismet (2.0.0) akismet (2.0.0)
allocations (1.0.5) allocations (1.0.5)
arel (6.0.4) arel (6.0.4)
...@@ -62,10 +63,6 @@ GEM ...@@ -62,10 +63,6 @@ GEM
attr_encrypted (3.0.3) attr_encrypted (3.0.3)
encryptor (~> 3.0.0) encryptor (~> 3.0.0)
attr_required (1.0.0) attr_required (1.0.0)
autoparse (0.3.3)
addressable (>= 2.3.1)
extlib (>= 0.9.15)
multi_json (>= 1.0.0)
autoprefixer-rails (6.2.3) autoprefixer-rails (6.2.3)
execjs execjs
json json
...@@ -146,6 +143,8 @@ GEM ...@@ -146,6 +143,8 @@ GEM
debugger-ruby_core_source (1.3.8) debugger-ruby_core_source (1.3.8)
deckar01-task_list (2.0.0) deckar01-task_list (2.0.0)
html-pipeline html-pipeline
declarative (0.0.10)
declarative-option (0.1.0)
default_value_for (3.0.2) default_value_for (3.0.2)
activerecord (>= 3.2.0, < 5.1) activerecord (>= 3.2.0, < 5.1)
descendants_tracker (0.0.4) descendants_tracker (0.0.4)
...@@ -188,7 +187,6 @@ GEM ...@@ -188,7 +187,6 @@ GEM
excon (0.57.1) excon (0.57.1)
execjs (2.6.0) execjs (2.6.0)
expression_parser (0.9.0) expression_parser (0.9.0)
extlib (0.9.16)
factory_girl (4.7.0) factory_girl (4.7.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
factory_girl_rails (4.7.0) factory_girl_rails (4.7.0)
...@@ -288,10 +286,10 @@ GEM ...@@ -288,10 +286,10 @@ GEM
flowdock (~> 0.7) flowdock (~> 0.7)
gitlab-grit (>= 2.4.1) gitlab-grit (>= 2.4.1)
multi_json multi_json
gitlab-grit (2.8.1) gitlab-grit (2.8.2)
charlock_holmes (~> 0.6) charlock_holmes (~> 0.6)
diff-lcs (~> 1.1) diff-lcs (~> 1.1)
mime-types (>= 1.16, < 3) mime-types (>= 1.16)
posix-spawn (~> 0.3) posix-spawn (~> 0.3)
gitlab-markup (1.6.2) gitlab-markup (1.6.2)
gitlab_omniauth-ldap (2.0.4) gitlab_omniauth-ldap (2.0.4)
...@@ -319,20 +317,16 @@ GEM ...@@ -319,20 +317,16 @@ GEM
json json
multi_json multi_json
request_store (>= 1.0) request_store (>= 1.0)
google-api-client (0.8.7) google-api-client (0.13.6)
activesupport (>= 3.2, < 5.0) addressable (~> 2.5, >= 2.5.1)
addressable (~> 2.3) googleauth (~> 0.5)
autoparse (~> 0.3) httpclient (>= 2.8.1, < 3.0)
extlib (~> 0.9) mime-types (~> 3.0)
faraday (~> 0.9) representable (~> 3.0)
googleauth (~> 0.3) retriable (>= 2.0, < 4.0)
launchy (~> 2.4)
multi_json (~> 1.10)
retriable (~> 1.4)
signet (~> 0.6)
google-protobuf (3.4.0.2) google-protobuf (3.4.0.2)
googleauth (0.5.1) googleauth (0.5.3)
faraday (~> 0.9) faraday (~> 0.12)
jwt (~> 1.4) jwt (~> 1.4)
logging (~> 2.0) logging (~> 2.0)
memoist (~> 0.12) memoist (~> 0.12)
...@@ -422,8 +416,8 @@ GEM ...@@ -422,8 +416,8 @@ GEM
multi_json (>= 1.3) multi_json (>= 1.3)
securecompare securecompare
url_safe_base64 url_safe_base64
json-schema (2.6.2) json-schema (2.8.0)
addressable (~> 2.3.8) addressable (>= 2.4)
jwt (1.5.6) jwt (1.5.6)
kaminari (1.0.1) kaminari (1.0.1)
activesupport (>= 4.1.0) activesupport (>= 4.1.0)
...@@ -475,18 +469,20 @@ GEM ...@@ -475,18 +469,20 @@ GEM
mail (2.6.6) mail (2.6.6)
mime-types (>= 1.16, < 4) mime-types (>= 1.16, < 4)
mail_room (0.9.1) mail_room (0.9.1)
memoist (0.15.0) memoist (0.16.0)
memoizable (0.4.2) memoizable (0.4.2)
thread_safe (~> 0.3, >= 0.3.1) thread_safe (~> 0.3, >= 0.3.1)
method_source (0.8.2) method_source (0.8.2)
mime-types (2.99.3) mime-types (3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2016.0521)
mimemagic (0.3.0) mimemagic (0.3.0)
mini_mime (0.1.4) mini_mime (0.1.4)
mini_portile2 (2.3.0) mini_portile2 (2.3.0)
minitest (5.7.0) minitest (5.7.0)
mmap2 (2.2.7) mmap2 (2.2.7)
mousetrap-rails (1.4.6) mousetrap-rails (1.4.6)
multi_json (1.12.1) multi_json (1.12.2)
multi_xml (0.6.0) multi_xml (0.6.0)
multipart-post (2.0.0) multipart-post (2.0.0)
mustermann (1.0.0) mustermann (1.0.0)
...@@ -635,6 +631,7 @@ GEM ...@@ -635,6 +631,7 @@ GEM
pry (~> 0.10) pry (~> 0.10)
pry-rails (0.3.5) pry-rails (0.3.5)
pry (>= 0.9.10) pry (>= 0.9.10)
public_suffix (3.0.0)
pyu-ruby-sasl (0.0.3.3) pyu-ruby-sasl (0.0.3.3)
rack (1.6.8) rack (1.6.8)
rack-accept (0.4.5) rack-accept (0.4.5)
...@@ -717,6 +714,10 @@ GEM ...@@ -717,6 +714,10 @@ GEM
redis-store (~> 1.2.0) redis-store (~> 1.2.0)
redis-store (1.2.0) redis-store (1.2.0)
redis (>= 2.2) redis (>= 2.2)
representable (3.0.4)
declarative (< 0.1.0)
declarative-option (< 0.2.0)
uber (< 0.2.0)
request_store (1.3.1) request_store (1.3.1)
responders (2.3.0) responders (2.3.0)
railties (>= 4.2.0, < 5.1) railties (>= 4.2.0, < 5.1)
...@@ -724,7 +725,7 @@ GEM ...@@ -724,7 +725,7 @@ GEM
http-cookie (>= 1.0.2, < 2.0) http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0) mime-types (>= 1.16, < 4.0)
netrc (~> 0.8) netrc (~> 0.8)
retriable (1.4.1) retriable (3.1.1)
rinku (2.0.0) rinku (2.0.0)
rotp (2.1.2) rotp (2.1.2)
rouge (2.2.1) rouge (2.2.1)
...@@ -903,6 +904,7 @@ GEM ...@@ -903,6 +904,7 @@ GEM
tzinfo (1.2.3) tzinfo (1.2.3)
thread_safe (~> 0.1) thread_safe (~> 0.1)
u2f (0.2.1) u2f (0.2.1)
uber (0.1.0)
uglifier (2.7.2) uglifier (2.7.2)
execjs (>= 0.3.0) execjs (>= 0.3.0)
json (>= 1.8.0) json (>= 1.8.0)
...@@ -963,7 +965,7 @@ DEPENDENCIES ...@@ -963,7 +965,7 @@ DEPENDENCIES
ace-rails-ap (~> 4.1.0) ace-rails-ap (~> 4.1.0)
activerecord_sane_schema_dumper (= 0.2) activerecord_sane_schema_dumper (= 0.2)
acts-as-taggable-on (~> 4.0) acts-as-taggable-on (~> 4.0)
addressable (~> 2.3.8) addressable (~> 2.5.2)
akismet (~> 2.0) akismet (~> 2.0)
allocations (~> 1.0) allocations (~> 1.0)
asana (~> 0.6.0) asana (~> 0.6.0)
...@@ -1033,7 +1035,7 @@ DEPENDENCIES ...@@ -1033,7 +1035,7 @@ DEPENDENCIES
gollum-lib (~> 4.2) gollum-lib (~> 4.2)
gollum-rugged_adapter (~> 0.4.4) gollum-rugged_adapter (~> 0.4.4)
gon (~> 6.1.0) gon (~> 6.1.0)
google-api-client (~> 0.8.6) google-api-client (~> 0.13.6)
gpgme gpgme
grape (~> 1.0) grape (~> 1.0)
grape-entity (~> 0.6.0) grape-entity (~> 0.6.0)
...@@ -1051,7 +1053,7 @@ DEPENDENCIES ...@@ -1051,7 +1053,7 @@ DEPENDENCIES
jira-ruby (~> 1.4) jira-ruby (~> 1.4)
jquery-atwho-rails (~> 1.3.2) jquery-atwho-rails (~> 1.3.2)
jquery-rails (~> 4.1.0) jquery-rails (~> 4.1.0)
json-schema (~> 2.6.2) json-schema (~> 2.8.0)
jwt (~> 1.5.6) jwt (~> 1.5.6)
kaminari (~> 1.0) kaminari (~> 1.0)
knapsack (~> 1.11.0) knapsack (~> 1.11.0)
......
---
title: Bump google-api-client Gem from 0.8.6 to 0.13.6
merge_request:
author:
type: other
...@@ -73,8 +73,9 @@ module Banzai ...@@ -73,8 +73,9 @@ module Banzai
return unless node.has_attribute?('href') return unless node.has_attribute?('href')
begin begin
node['href'] = node['href'].strip
uri = Addressable::URI.parse(node['href']) uri = Addressable::URI.parse(node['href'])
uri.scheme = uri.scheme.strip.downcase if uri.scheme uri.scheme = uri.scheme.downcase if uri.scheme
node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme) node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme)
rescue Addressable::URI::InvalidURIError rescue Addressable::URI::InvalidURIError
......
module Gitlab module Gitlab
class UrlSanitizer class UrlSanitizer
ALLOWED_SCHEMES = %w[http https ssh git].freeze
def self.sanitize(content) def self.sanitize(content)
regexp = URI::Parser.new.make_regexp(%w(http https ssh git)) regexp = URI::Parser.new.make_regexp(ALLOWED_SCHEMES)
content.gsub(regexp) { |url| new(url).masked_url } content.gsub(regexp) { |url| new(url).masked_url }
rescue Addressable::URI::InvalidURIError rescue Addressable::URI::InvalidURIError
...@@ -11,9 +13,9 @@ module Gitlab ...@@ -11,9 +13,9 @@ module Gitlab
def self.valid?(url) def self.valid?(url)
return false unless url.present? return false unless url.present?
Addressable::URI.parse(url.strip) uri = Addressable::URI.parse(url.strip)
true ALLOWED_SCHEMES.include?(uri.scheme)
rescue Addressable::URI::InvalidURIError rescue Addressable::URI::InvalidURIError
false false
end end
......
...@@ -39,7 +39,8 @@ describe Gitlab::UrlSanitizer do ...@@ -39,7 +39,8 @@ describe Gitlab::UrlSanitizer do
false | nil false | nil
false | '' false | ''
false | '123://invalid:url' false | '123://invalid:url'
true | 'valid@project:url.git' false | 'valid@project:url.git'
false | 'valid:pass@project:url.git'
true | 'ssh://example.com' true | 'ssh://example.com'
true | 'ssh://:@example.com' true | 'ssh://:@example.com'
true | 'ssh://foo@example.com' true | 'ssh://foo@example.com'
...@@ -81,24 +82,6 @@ describe Gitlab::UrlSanitizer do ...@@ -81,24 +82,6 @@ describe Gitlab::UrlSanitizer do
describe '#credentials' do describe '#credentials' do
context 'credentials in hash' do context 'credentials in hash' do
where(:input, :output) do
{ user: 'foo', password: 'bar' } | { user: 'foo', password: 'bar' }
{ user: 'foo', password: '' } | { user: 'foo', password: nil }
{ user: 'foo', password: nil } | { user: 'foo', password: nil }
{ user: '', password: 'bar' } | { user: nil, password: 'bar' }
{ user: '', password: '' } | { user: nil, password: nil }
{ user: '', password: nil } | { user: nil, password: nil }
{ user: nil, password: 'bar' } | { user: nil, password: 'bar' }
{ user: nil, password: '' } | { user: nil, password: nil }
{ user: nil, password: nil } | { user: nil, password: nil }
end
with_them do
subject { described_class.new('user@example.com:path.git', credentials: input).credentials }
it { is_expected.to eq(output) }
end
it 'overrides URL-provided credentials' do it 'overrides URL-provided credentials' do
sanitizer = described_class.new('http://a:b@example.com', credentials: { user: 'c', password: 'd' }) sanitizer = described_class.new('http://a:b@example.com', credentials: { user: 'c', password: 'd' })
...@@ -116,10 +99,6 @@ describe Gitlab::UrlSanitizer do ...@@ -116,10 +99,6 @@ describe Gitlab::UrlSanitizer do
'http://@example.com' | { user: nil, password: nil } 'http://@example.com' | { user: nil, password: nil }
'http://example.com' | { user: nil, password: nil } 'http://example.com' | { user: nil, password: nil }
# Credentials from SCP-style URLs are not supported at present
'foo@example.com:path' | { user: nil, password: nil }
'foo:bar@example.com:path' | { user: nil, password: nil }
# Other invalid URLs # Other invalid URLs
nil | { user: nil, password: nil } nil | { user: nil, password: nil }
'' | { user: nil, password: nil } '' | { user: nil, password: nil }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment