Commit 1d287b31 authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@13-12-stable-ee

parent fdcb3d47
...@@ -48,9 +48,12 @@ module IntegrationsActions ...@@ -48,9 +48,12 @@ module IntegrationsActions
private private
# rubocop: disable Gitlab/ModuleWithInstanceVariables
def integration def integration
@integration ||= find_or_initialize_non_project_specific_integration(params[:id]) @integration ||= find_or_initialize_non_project_specific_integration(params[:id])
@service ||= @integration # TODO: remove references to @service https://gitlab.com/gitlab-org/gitlab/-/issues/329759
end end
# rubocop: enable Gitlab/ModuleWithInstanceVariables
def success_message def success_message
if integration.active? if integration.active?
......
This diff is collapsed.
...@@ -722,18 +722,21 @@ Example response: ...@@ -722,18 +722,21 @@ Example response:
} }
``` ```
### Disabling the results limit ### Disable the results limit **(FREE SELF)**
The 100 results limit can be disabled if it breaks integrations developed using GitLab The 100 results limit can break integrations developed using GitLab 12.4 and earlier.
12.4 and earlier.
To disable the limit while migrating to using the [list a group's projects](#list-a-groups-projects) endpoint, ask a GitLab administrator For GitLab 12.5 to GitLab 13.12, the limit can be disabled while migrating to using the
with Rails console access to run the following command: [list a group's projects](#list-a-groups-projects) endpoint.
Ask a GitLab administrator with Rails console access to run the following command:
```ruby ```ruby
Feature.disable(:limit_projects_in_groups_api) Feature.disable(:limit_projects_in_groups_api)
``` ```
For GitLab 14.0 and later, the [limit cannot be disabled](https://gitlab.com/gitlab-org/gitlab/-/issues/257829).
## New group ## New group
Creates a new project group. Available only for users who can create groups. Creates a new project group. Available only for users who can create groups.
...@@ -918,19 +921,21 @@ Example response: ...@@ -918,19 +921,21 @@ Example response:
} }
``` ```
### Disabling the results limit ### Disable the results limit **(FREE SELF)**
The 100 results limit can be disabled if it breaks integrations developed using GitLab The 100 results limit can break integrations developed using GitLab 12.4 and earlier.
12.4 and earlier.
To disable the limit while migrating to using the For GitLab 12.5 to GitLab 13.12, the limit can be disabled while migrating to using the
[list a group's projects](#list-a-groups-projects) endpoint, ask a GitLab administrator [list a group's projects](#list-a-groups-projects) endpoint.
with Rails console access to run the following command:
Ask a GitLab administrator with Rails console access to run the following command:
```ruby ```ruby
Feature.disable(:limit_projects_in_groups_api) Feature.disable(:limit_projects_in_groups_api)
``` ```
For GitLab 14.0 and later, the [limit cannot be disabled](https://gitlab.com/gitlab-org/gitlab/-/issues/257829).
### Options for `shared_runners_setting` ### Options for `shared_runners_setting`
The `shared_runners_setting` attribute determines whether shared runners are enabled for a group's subgroups and projects. The `shared_runners_setting` attribute determines whether shared runners are enabled for a group's subgroups and projects.
......
...@@ -194,8 +194,10 @@ NOTE: ...@@ -194,8 +194,10 @@ NOTE:
For a detailed flow diagram, see the [RFC specification](https://tools.ietf.org/html/rfc6749#section-4.2). For a detailed flow diagram, see the [RFC specification](https://tools.ietf.org/html/rfc6749#section-4.2).
WARNING: WARNING:
The Implicit grant flow is inherently insecure. The IETF plans to remove it in Implicit grant flow is inherently insecure and the IETF has removed it in [OAuth 2.1](https://oauth.net/2.1/).
[OAuth 2.1](https://oauth.net/2.1/). For this reason, [support for it is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/288516).
In GitLab 14.0, new applications can't be created using it. In GitLab 14.4, support for it is
scheduled to be removed for existing applications.
We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
`application id` (or `client_id`) associated with the access token before granting `application id` (or `client_id`) associated with the access token before granting
......
---
stage: none
group: unassigned
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Federated Learning of Cohorts (FLoC) **(FREE SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60933) in GitLab Free 13.12.
Federated Learning of Conhorts (FLoC) is a feature that the Chrome browser has
rolled out, where users are categorized into different cohorts, so that
advertisers can use this data to uniquely target and track users. For more
information, visit the [FLoC repository](https://github.com/WICG/floc).
To avoid users being tracked and categorized in any GitLab instance, FLoC is
disabled by default by sending the following header:
```plaintext
Permissions-Policy: interest-cohort=()
```
To enable it:
1. Go to the Admin Area (**{admin}**) and select **Settings > General**.
1. Expand **Federated Learning of Cohorts**.
1. Check the box.
1. Click **Save changes**.
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues
one might have when setting this up, or when something is changed, or on upgrading, it's
important to describe those, too. Think of things that may go wrong and include them here.
This is important to minimize requests for support, and to avoid doc comments with
questions that you know someone might ask.
Each scenario can be a third-level heading, e.g. `### Getting error message X`.
If you have none to add when creating a doc, leave this section in place
but commented out to help encourage others to add to it in the future. -->
...@@ -28,6 +28,7 @@ Access the default page for admin area settings by navigating to **Admin Area > ...@@ -28,6 +28,7 @@ Access the default page for admin area settings by navigating to **Admin Area >
| [External Authentication](external_authorization.md#configuration) | External Classification Policy Authorization | | [External Authentication](external_authorization.md#configuration) | External Classification Policy Authorization |
| [Web terminal](../../../administration/integration/terminal.md#limiting-websocket-connection-time) | Set max session time for web terminal. | | [Web terminal](../../../administration/integration/terminal.md#limiting-websocket-connection-time) | Set max session time for web terminal. |
| [Web IDE](../../project/web_ide/index.md#enabling-live-preview) | Manage Web IDE Features. | | [Web IDE](../../project/web_ide/index.md#enabling-live-preview) | Manage Web IDE Features. |
| [FLoC](floc.md) | Enable or disable [Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) tracking. |
## Integrations ## Integrations
......
...@@ -45,11 +45,11 @@ From the Vulnerability Report you can: ...@@ -45,11 +45,11 @@ From the Vulnerability Report you can:
You can filter the vulnerabilities table by: You can filter the vulnerabilities table by:
| Filter | Available options | | Filter | Available options |
|:---------|:------------------| |:---------|:------------------|
| Status | Detected, Confirmed, Dismissed, Resolved. | | Status | Detected, Confirmed, Dismissed, Resolved. |
| Severity | Critical, High, Medium, Low, Info, Unknown. | | Severity | Critical, High, Medium, Low, Info, Unknown. |
| Scanner | [Available scanners](../index.md#security-scanning-tools). | | Scanner | For more details, see [Scanner filter](#scanner-filter). |
| Project | For more details, see [Project filter](#project-filter). | | Project | For more details, see [Project filter](#project-filter). |
| Activity | For more details, see [Activity filter](#activity-filter). | | Activity | For more details, see [Activity filter](#activity-filter). |
...@@ -61,12 +61,27 @@ To filter the list of vulnerabilities: ...@@ -61,12 +61,27 @@ To filter the list of vulnerabilities:
1. Select values from the dropdown. 1. Select values from the dropdown.
1. Repeat the above steps for each desired filter. 1. Repeat the above steps for each desired filter.
The vulnerability table is applied immediately. The vulnerability severity totals are also updated. After each filter is selected:
- The list of matching vulnerabilities is updated.
- The vulnerability severity totals are updated.
The filters' criteria are combined to show only vulnerabilities matching all criteria. The filters' criteria are combined to show only vulnerabilities matching all criteria.
An exception to this behavior is the Activity filter. For more details about how it works, see An exception to this behavior is the Activity filter. For more details about how it works, see
[Activity filter](#activity-filter). [Activity filter](#activity-filter).
## Scanner filter
The scanner filter allows you to focus on vulnerabilities detected by selected scanners.
When using the scanner filter, you can choose:
- **All scanners** (default).
- Individual GitLab-provided scanners.
- Any integrated 3rd-party scanner. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/229661) in GitLab 13.12.
For details of each of the available scanners, see [Security scanning tools](../index.md#security-scanning-tools).
### Project filter ### Project filter
The content of the Project filter depends on the current level: The content of the Project filter depends on the current level:
...@@ -89,8 +104,8 @@ Selection behavior when using the Activity filter: ...@@ -89,8 +104,8 @@ Selection behavior when using the Activity filter:
| Activity selection | Results displayed | | Activity selection | Results displayed |
|:------------------------------------|:------------------| |:------------------------------------|:------------------|
| All | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this will deselect any other Activity filter options. | | All | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this deselects any other Activity filter options. |
| No activity | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this will deselect any other Activity filter options. | | No activity | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this deselects any other Activity filter options. |
| With issues | Only vulnerabilities with one or more associated issues. Does not include vulnerabilities that also are no longer detected. | | With issues | Only vulnerabilities with one or more associated issues. Does not include vulnerabilities that also are no longer detected. |
| No longer detected | Only vulnerabilities that are no longer detected in the latest pipeline scan of the `default` branch. Does not include vulnerabilities with one or more associated issues. | | No longer detected | Only vulnerabilities that are no longer detected in the latest pipeline scan of the `default` branch. Does not include vulnerabilities with one or more associated issues. |
| With issues and No longer detected | Only vulnerabilities that have one or more associated issues and also are no longer detected in the latest pipeline scan of the `default` branch. | | With issues and No longer detected | Only vulnerabilities that have one or more associated issues and also are no longer detected in the latest pipeline scan of the `default` branch. |
......
...@@ -40,7 +40,7 @@ module Gitlab ...@@ -40,7 +40,7 @@ module Gitlab
def filter_signature_attachments(message) def filter_signature_attachments(message)
attachments = message.attachments attachments = message.attachments
content_type = normalize_mime(message.content_type) content_type = normalize_mime(message.content_type)
protocol = normalize_mime(message.content_type_parameters[:protocol]) protocol = normalize_mime(message.content_type_parameters&.fetch(:protocol, nil))
if content_type == 'multipart/signed' && protocol if content_type == 'multipart/signed' && protocol
attachments.delete_if { |attachment| protocol == normalize_mime(attachment.content_type) } attachments.delete_if { |attachment| protocol == normalize_mime(attachment.content_type) }
......
...@@ -13,6 +13,10 @@ module GoogleApi ...@@ -13,6 +13,10 @@ module GoogleApi
LEAST_TOKEN_LIFE_TIME = 10.minutes LEAST_TOKEN_LIFE_TIME = 10.minutes
CLUSTER_MASTER_AUTH_USERNAME = 'admin' CLUSTER_MASTER_AUTH_USERNAME = 'admin'
CLUSTER_IPV4_CIDR_BLOCK = '/16' CLUSTER_IPV4_CIDR_BLOCK = '/16'
# Don't upgrade to > 1.18 before we move away from Basic Auth
# See issue: https://gitlab.com/gitlab-org/gitlab/-/issues/331582
# Possible solution: https://gitlab.com/groups/gitlab-org/-/epics/6049
GKE_VERSION = '1.18'
CLUSTER_OAUTH_SCOPES = [ CLUSTER_OAUTH_SCOPES = [
"https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/logging.write",
...@@ -90,6 +94,7 @@ module GoogleApi ...@@ -90,6 +94,7 @@ module GoogleApi
cluster: { cluster: {
name: cluster_name, name: cluster_name,
initial_node_count: cluster_size, initial_node_count: cluster_size,
initial_cluster_version: GKE_VERSION,
node_config: { node_config: {
machine_type: machine_type, machine_type: machine_type,
oauth_scopes: CLUSTER_OAUTH_SCOPES oauth_scopes: CLUSTER_OAUTH_SCOPES
......
...@@ -278,8 +278,9 @@ RSpec.describe 'Merge request > User creates image diff notes', :js do ...@@ -278,8 +278,9 @@ RSpec.describe 'Merge request > User creates image diff notes', :js do
end end
def create_image_diff_note def create_image_diff_note
expand_text = 'Click to expand it.' wait_for_all_requests
page.all('a', text: expand_text, wait: false).each do |element|
page.all('a', text: 'Click to expand it.', wait: false).each do |element|
element.click element.click
end end
......
Return-path: <frank@example.org>
Envelope-to: gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black
Delivery-date: Sun, 23 May 2021 10:28:57 +0100
Received: from example.plus.com ([212.159.19.195] helo=nut.example.org)
by se.example.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from <frank@example.org>)
id 1lkkPp-009OFG-9z
for gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black; Sun, 23 May 2021 10:28:57 +0100
Received: ***REMOVED***
To: <gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black>
X-Mailer: mail (GNU Mailutils 3.10)
Message-Id: <E1lkkPn-00DuvG-Rf@set>
From: Frank C Example <frank@example.org>
Date: Sun, 23 May 2021 10:28:55 +0100
Subject: Testing Service Desk E-Mail
Test.
...@@ -46,5 +46,15 @@ RSpec.describe Gitlab::Email::AttachmentUploader do ...@@ -46,5 +46,15 @@ RSpec.describe Gitlab::Email::AttachmentUploader do
expect(image_link[:url]).to include('gitlab_logo.png') expect(image_link[:url]).to include('gitlab_logo.png')
end end
end end
context 'with a message with no content type' do
let(:message_raw) { fixture_file("emails/no_content_type.eml") }
it 'uploads all attachments except the signature' do
links = described_class.new(message).execute(upload_parent: project, uploader_class: FileUploader)
expect(links).to eq([])
end
end
end end
end end
...@@ -91,6 +91,7 @@ RSpec.describe GoogleApi::CloudPlatform::Client do ...@@ -91,6 +91,7 @@ RSpec.describe GoogleApi::CloudPlatform::Client do
cluster: { cluster: {
name: cluster_name, name: cluster_name,
initial_node_count: cluster_size, initial_node_count: cluster_size,
initial_cluster_version: '1.18',
node_config: { node_config: {
machine_type: machine_type, machine_type: machine_type,
oauth_scopes: [ oauth_scopes: [
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment