- 28 Apr, 2021 40 commits
-
-
Kushal Pandya authored
Prevent DOS from Chaining in Mermaid See merge request gitlab-org/gitlab!60382
-
Kushal Pandya authored
Add gl-form-input class for fields in import page See merge request gitlab-org/gitlab!58316
-
Yogi authored
-
Kushal Pandya authored
Added tracking to the different diff view settings [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!59979
-
Mayra Cabrera authored
Add descriptions for GroupMemberRelationEnum See merge request gitlab-org/gitlab!60158
-
🤖 GitLab Bot 🤖 authored
Update Gitaly version See merge request gitlab-org/gitlab!60507
-
Frédéric Caplette authored
Geo Node Status 2.0 - Vuex Spec Cleanup See merge request gitlab-org/gitlab!60151
-
GitLab Release Tools Bot authored
-
Nicolò Maria Mezzopera authored
[VSA] Enable pagination (frontend) See merge request gitlab-org/gitlab!59650
-
Ezekiel Kigbo authored
-
Rajat Jain authored
Don't allow chaining of links to be rendered directly in the Mermaid diagram. Changelog: security
-
Arturo Herrero authored
Add Merge Requests and Requirements Menu See merge request gitlab-org/gitlab!59374
-
Yorick Peterse authored
-
Savas Vedova authored
Rename routeQuery to queryString in standard_filter.vue See merge request gitlab-org/gitlab!60371
-
Yorick Peterse authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
David Fernandez authored
Any objects other than `User` (such as `DeployToken`) are not allowed Changelog: security
-
Alex Kalderimis authored
Verify that read_api tokens cannot run mutations. Also: adds tests use of OAuth tokens for GraphQL We make some changes to the sessionless_authentication module in order to capture the request_authenticator, so that we can access the token scopes, without making any extra queries. We ensure we always authorize the mutation, which, like all resolvers, needs to opt in to the check. Unlike resolvers, mutations should always raise. So `BaseMutation.authorized?` raises on failure. Logic for handling scopes is pushed down to the `ObjectAuthorization` class, and encapsulated in the `ScopeValidator`, which limits the methods that can be called by resolvers.
-
Alexandru Croitor authored
When an issue is created or updated though API for import purposes we allow providing created_at and updated_at params these would then be reflected also in system notes. Only admins and project owners should be able to set these dates.
-
Mike Kozono authored
-
Nick Thomas authored
It seems that with this feature flag enabled, pagination doesn't work correctly in conjunction with a search. The FF is already disabled on GitLab.com, but disabling it in the YAML file means that self-managed instances will also be protected from the security issue (unless they explicitly opt-in to some beta code, of course). Changelog: security
-
Vasilii Iakliushin authored
Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/230864 * Remove password value from the pull mirror form * Hide username from mirror url
-
Savas Vedova authored
Subscription Activation: Success Banner See merge request gitlab-org/gitlab!60389
-
Marcia Ramos authored
Docs: Remove create_default examples with freeze See merge request gitlab-org/gitlab!60379
-
Marcia Ramos authored
Document all the configuration options See merge request gitlab-org/gitlab!59562
-
Viktor Nagy authored
-
Marcia Ramos authored
Document order-dependent flaky tests See merge request gitlab-org/gitlab!59369
-
Albert Salim authored
-
GitLab Bot authored
-
Matthias Käppler authored
ImportExport: Validate URL before downloading See merge request gitlab-org/gitlab!60388
-
Rémy Coutable authored
ci: Streamline our usage of 'needs' after latest improvements See merge request gitlab-org/gitlab!60030
-
David O'Regan authored
Change success variant for primary button in upload file modal to confirm See merge request gitlab-org/gitlab!59463
-
Yogi authored
-
GitLab Release Tools Bot authored
-
Dmytro Zaporozhets (DZ) authored
Merge branch '21033-controller-groups-groupmemberscontroller-index-executes-more-than-100-sql-queries-p80-108-5' into 'master' Resolve admin_group_member group policy n+1 See merge request gitlab-org/gitlab!58948
-