Merge branch 'gem/sm/bump-google-api-client-gem-from-0-8-6-to-0-13-6' into 'master'

Bump google-api-client Gem from 0.8.6 to 0.13.6 Closes #38286 See merge request gitlab-org/gitlab-ce!14495

Merge branch 'gem/sm/bump-google-api-client-gem-from-0-8-6-to-0-13-6' into 'master'
Bump google-api-client Gem from 0.8.6 to 0.13.6 Closes #38286 See merge request gitlab-org/gitlab-ce!14495
69fd4f94 · Douwe Maan · 23e6b17b · 0a6925c1 · 69fd4f94 · 69fd4f94
Commit 69fd4f94 authored Oct 03, 2017 by Douwe Maan
6 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -105,7 +105,7 @@ gem 'fog-rackspace', '~> 0.1.1'
 gem 'fog-aliyun', '~> 0.1.0'
 # for Google storage
-gem 'google-api-client', '~> 0.8.6'
+gem 'google-api-client', '~> 0.13.6'
 # for aws storage
 gem 'unf', '~> 0.1.4'
@@ -239,7 +239,7 @@ gem 'rack-proxy', '~> 0.6.0'
 gem 'sass-rails', '~> 5.0.6'
 gem 'uglifier', '~> 2.7.2'
-gem 'addressable', '~> 2.3.8'
+gem 'addressable', '~> 2.5.2'
 gem 'bootstrap-sass', '~> 3.3.0'
 gem 'font-awesome-rails', '~> 4.7'
 gem 'gemojione', '~> 3.3'
@@ -356,7 +356,7 @@ end
 group :test do
  gem 'shoulda-matchers', '~> 3.1.2', require: false
  gem 'email_spec', '~> 1.6.0'
-  gem 'json-schema', '~> 2.6.2'
+  gem 'json-schema', '~> 2.8.0'
  gem 'webmock', '~> 2.3.2'
  gem 'test_after_commit', '~> 1.1'
  gem 'sham_rack', '~> 1.3.6'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -45,7 +45,8 @@ GEM
    adamantium (0.2.0)
      ice_nine (~> 0.11.0)
      memoizable (~> 0.4.0)
-    addressable (2.3.8)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
    akismet (2.0.0)
    allocations (1.0.5)
    arel (6.0.4)
@@ -62,10 +63,6 @@ GEM
    attr_encrypted (3.0.3)
      encryptor (~> 3.0.0)
    attr_required (1.0.0)
-    autoparse (0.3.3)
-      addressable (>= 2.3.1)
-      extlib (>= 0.9.15)
-      multi_json (>= 1.0.0)
    autoprefixer-rails (6.2.3)
      execjs
      json
@@ -146,6 +143,8 @@ GEM
    debugger-ruby_core_source (1.3.8)
    deckar01-task_list (2.0.0)
      html-pipeline
+    declarative (0.0.10)
+    declarative-option (0.1.0)
    default_value_for (3.0.2)
      activerecord (>= 3.2.0, < 5.1)
    descendants_tracker (0.0.4)
@@ -188,7 +187,6 @@ GEM
    excon (0.57.1)
    execjs (2.6.0)
    expression_parser (0.9.0)
-    extlib (0.9.16)
    factory_girl (4.7.0)
      activesupport (>= 3.0.0)
    factory_girl_rails (4.7.0)
@@ -288,10 +286,10 @@ GEM
      flowdock (~> 0.7)
      gitlab-grit (>= 2.4.1)
      multi_json
-    gitlab-grit (2.8.1)
+    gitlab-grit (2.8.2)
      charlock_holmes (~> 0.6)
      diff-lcs (~> 1.1)
-      mime-types (>= 1.16, < 3)
+      mime-types (>= 1.16)
      posix-spawn (~> 0.3)
    gitlab-markup (1.6.2)
    gitlab_omniauth-ldap (2.0.4)
@@ -319,20 +317,16 @@ GEM
      json
      multi_json
      request_store (>= 1.0)
-    google-api-client (0.8.7)
+    google-api-client (0.13.6)
-      activesupport (>= 3.2, < 5.0)
+      addressable (~> 2.5, >= 2.5.1)
-      addressable (~> 2.3)
+      googleauth (~> 0.5)
-      autoparse (~> 0.3)
+      httpclient (>= 2.8.1, < 3.0)
-      extlib (~> 0.9)
+      mime-types (~> 3.0)
-      faraday (~> 0.9)
+      representable (~> 3.0)
-      googleauth (~> 0.3)
+      retriable (>= 2.0, < 4.0)
-      launchy (~> 2.4)
-      multi_json (~> 1.10)
-      retriable (~> 1.4)
-      signet (~> 0.6)
    google-protobuf (3.4.0.2)
-    googleauth (0.5.1)
+    googleauth (0.5.3)
-      faraday (~> 0.9)
+      faraday (~> 0.12)
      jwt (~> 1.4)
      logging (~> 2.0)
      memoist (~> 0.12)
@@ -422,8 +416,8 @@ GEM
      multi_json (>= 1.3)
      securecompare
      url_safe_base64
-    json-schema (2.6.2)
+    json-schema (2.8.0)
-      addressable (~> 2.3.8)
+      addressable (>= 2.4)
    jwt (1.5.6)
    kaminari (1.0.1)
      activesupport (>= 4.1.0)
@@ -475,18 +469,20 @@ GEM
    mail (2.6.6)
      mime-types (>= 1.16, < 4)
    mail_room (0.9.1)
-    memoist (0.15.0)
+    memoist (0.16.0)
    memoizable (0.4.2)
      thread_safe (~> 0.3, >= 0.3.1)
    method_source (0.8.2)
-    mime-types (2.99.3)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
    mimemagic (0.3.0)
    mini_mime (0.1.4)
    mini_portile2 (2.3.0)
    minitest (5.7.0)
    mmap2 (2.2.7)
    mousetrap-rails (1.4.6)
-    multi_json (1.12.1)
+    multi_json (1.12.2)
    multi_xml (0.6.0)
    multipart-post (2.0.0)
    mustermann (1.0.0)
@@ -635,6 +631,7 @@ GEM
      pry (~> 0.10)
    pry-rails (0.3.5)
      pry (>= 0.9.10)
+    public_suffix (3.0.0)
    pyu-ruby-sasl (0.0.3.3)
    rack (1.6.8)
    rack-accept (0.4.5)
@@ -717,6 +714,10 @@ GEM
      redis-store (~> 1.2.0)
    redis-store (1.2.0)
      redis (>= 2.2)
+    representable (3.0.4)
+      declarative (< 0.1.0)
+      declarative-option (< 0.2.0)
+      uber (< 0.2.0)
    request_store (1.3.1)
    responders (2.3.0)
      railties (>= 4.2.0, < 5.1)
@@ -724,7 +725,7 @@ GEM
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 4.0)
      netrc (~> 0.8)
-    retriable (1.4.1)
+    retriable (3.1.1)
    rinku (2.0.0)
    rotp (2.1.2)
    rouge (2.2.1)
@@ -903,6 +904,7 @@ GEM
    tzinfo (1.2.3)
      thread_safe (~> 0.1)
    u2f (0.2.1)
+    uber (0.1.0)
    uglifier (2.7.2)
      execjs (>= 0.3.0)
      json (>= 1.8.0)
@@ -963,7 +965,7 @@ DEPENDENCIES
  ace-rails-ap (~> 4.1.0)
  activerecord_sane_schema_dumper (= 0.2)
  acts-as-taggable-on (~> 4.0)
-  addressable (~> 2.3.8)
+  addressable (~> 2.5.2)
  akismet (~> 2.0)
  allocations (~> 1.0)
  asana (~> 0.6.0)
@@ -1033,7 +1035,7 @@ DEPENDENCIES
  gollum-lib (~> 4.2)
  gollum-rugged_adapter (~> 0.4.4)
  gon (~> 6.1.0)
-  google-api-client (~> 0.8.6)
+  google-api-client (~> 0.13.6)
  gpgme
  grape (~> 1.0)
  grape-entity (~> 0.6.0)
@@ -1051,7 +1053,7 @@ DEPENDENCIES
  jira-ruby (~> 1.4)
  jquery-atwho-rails (~> 1.3.2)
  jquery-rails (~> 4.1.0)
-  json-schema (~> 2.6.2)
+  json-schema (~> 2.8.0)
  jwt (~> 1.5.6)
  kaminari (~> 1.0)
  knapsack (~> 1.11.0)

--- a/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml
+++ b/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml
+---
+title: Bump google-api-client Gem from 0.8.6 to 0.13.6
+merge_request: 
+author:
+type: other
--- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb
@@ -73,8 +73,9 @@ module Banzai
            return unless node.has_attribute?('href')
            begin
+              node['href'] = node['href'].strip
              uri = Addressable::URI.parse(node['href'])
-              uri.scheme = uri.scheme.strip.downcase if uri.scheme
+              uri.scheme = uri.scheme.downcase if uri.scheme
              node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme)
            rescue Addressable::URI::InvalidURIError

--- a/lib/gitlab/url_sanitizer.rb
+++ b/lib/gitlab/url_sanitizer.rb
 module Gitlab
  class UrlSanitizer
+    ALLOWED_SCHEMES = %w[http https ssh git].freeze
    def self.sanitize(content)
-      regexp = URI::Parser.new.make_regexp(%w(http https ssh git))
+      regexp = URI::Parser.new.make_regexp(ALLOWED_SCHEMES)
      content.gsub(regexp) { |url| new(url).masked_url }
    rescue Addressable::URI::InvalidURIError
@@ -11,9 +13,9 @@ module Gitlab
    def self.valid?(url)
      return false unless url.present?
-      Addressable::URI.parse(url.strip)
+      uri = Addressable::URI.parse(url.strip)
-      true
+      ALLOWED_SCHEMES.include?(uri.scheme)
    rescue Addressable::URI::InvalidURIError
      false
    end

--- a/spec/lib/gitlab/url_sanitizer_spec.rb
+++ b/spec/lib/gitlab/url_sanitizer_spec.rb
@@ -39,7 +39,8 @@ describe Gitlab::UrlSanitizer do
      false | nil
      false | ''
      false | '123://invalid:url'
-      true  | 'valid@project:url.git'
+      false | 'valid@project:url.git'
+      false | 'valid:pass@project:url.git'
      true  | 'ssh://example.com'
      true  | 'ssh://:@example.com'
      true  | 'ssh://foo@example.com'
@@ -81,24 +82,6 @@ describe Gitlab::UrlSanitizer do
  describe '#credentials' do
    context 'credentials in hash' do
-      where(:input, :output) do
-        { user: 'foo', password: 'bar' } | { user: 'foo', password: 'bar' }
-        { user: 'foo', password: ''    } | { user: 'foo', password: nil }
-        { user: 'foo', password: nil   } | { user: 'foo', password: nil }
-        { user: '',    password: 'bar' } | { user: nil,   password: 'bar' }
-        { user: '',    password: ''    } | { user: nil,   password: nil }
-        { user: '',    password: nil   } | { user: nil,   password: nil }
-        { user: nil,   password: 'bar' } | { user: nil,   password: 'bar' }
-        { user: nil,   password: ''    } | { user: nil,   password: nil }
-        { user: nil,   password: nil   } | { user: nil,   password: nil }
-      end
-      with_them do
-        subject { described_class.new('user@example.com:path.git', credentials: input).credentials }
-        it { is_expected.to eq(output) }
-      end
      it 'overrides URL-provided credentials' do
        sanitizer = described_class.new('http://a:b@example.com', credentials: { user: 'c', password: 'd' })
@@ -116,10 +99,6 @@ describe Gitlab::UrlSanitizer do
        'http://@example.com'        | { user: nil,   password: nil }
        'http://example.com'         | { user: nil,   password: nil }
-        # Credentials from SCP-style URLs are not supported at present
-        'foo@example.com:path'     | { user: nil, password: nil }
-        'foo:bar@example.com:path' | { user: nil, password: nil }
        # Other invalid URLs
        nil  | { user: nil, password: nil }
        ''   | { user: nil, password: nil }