Commits · 1d09e55449884678366a28a65a49ddf9d03c3e66 · nexedi / gitlab-ce

28 Apr, 2021 40 commits
- Update master to main · 1d09e554
  Jacques Erasmus authored Apr 22, 2021
```
Updated the default branch name
```
  1d09e554
- Merge branch 'gl-form-gitea-import' into 'master' · 7aee55b0
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in gitea import page

See merge request gitlab-org/gitlab!58313
```
  7aee55b0
- Add gl-form-input class for fields in gitea import page · b1daaac6
  Yogi authored Apr 28, 2021
  
  b1daaac6
- Merge branch 'mermaid-chaining' into 'master' · 126fe4c0
  Kushal Pandya authored Apr 28, 2021
```
Prevent DOS from Chaining in Mermaid

See merge request gitlab-org/gitlab!60382
```
  126fe4c0
- Merge branch 'gl-form-import' into 'master' · 5d89cb72
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in import page

See merge request gitlab-org/gitlab!58316
```
  5d89cb72
- Add gl-form-input class for fields in import page · 441a9938
  Yogi authored Apr 28, 2021
  
  441a9938
- Merge branch 'ph/327054/mrSettingsTracking' into 'master' · 80bd230e
  Kushal Pandya authored Apr 28, 2021
```
Added tracking to the different diff view settings [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!59979
```
  80bd230e
- Merge branch '299489-over-10-of-graphql-descriptions-are-missing-group-member-enum' into 'master' · 03c755cc
  Mayra Cabrera authored Apr 28, 2021
```
Add descriptions for GroupMemberRelationEnum

See merge request gitlab-org/gitlab!60158
```
  03c755cc
- Merge branch 'release-tools/update-gitaly' into 'master' · a5c6976c
  🤖 GitLab Bot 🤖 authored Apr 28, 2021
```
Update Gitaly version

See merge request gitlab-org/gitlab!60507
```
  a5c6976c
- Merge branch '325182_01_vuex_in_specs' into 'master' · 0052257c
  Frédéric Caplette authored Apr 28, 2021
```
Geo Node Status 2.0 - Vuex Spec Cleanup

See merge request gitlab-org/gitlab!60151
```
  0052257c
- Update gitaly to 34b2ac33494 · 4ba24e2e
  GitLab Release Tools Bot authored Apr 28, 2021
  
  4ba24e2e
- Merge branch '12524-vsa-enable-pagination-frontend' into 'master' · 065153e6
  Nicolò Maria Mezzopera authored Apr 28, 2021
```
[VSA] Enable pagination (frontend)

See merge request gitlab-org/gitlab!59650
```
  065153e6
- [VSA] Enable pagination (frontend) · 41ee917d
  Ezekiel Kigbo authored Apr 28, 2021
  
  41ee917d
- Prevent DOS from Chaining in Mermaid · 6bcf37a9
  Rajat Jain authored Apr 27, 2021
```
Don't allow chaining of links to be rendered directly
in the Mermaid diagram.

Changelog: security
```
  6bcf37a9
- Merge branch '326429-fj-add-merge_requests-menu' into 'master' · 9028f616
  Arturo Herrero authored Apr 28, 2021
```
Add Merge Requests and Requirements Menu

See merge request gitlab-org/gitlab!59374
```
  9028f616
- Merge branch 'master' of gitlab.com:gitlab-org/gitlab · 8ed012d0
  Yorick Peterse authored Apr 28, 2021
  
  8ed012d0
- Merge branch '284471-change-route-query-to-querystring' into 'master' · b1453948
  Savas Vedova authored Apr 28, 2021
```
Rename routeQuery to queryString in standard_filter.vue

See merge request gitlab-org/gitlab!60371
```
  b1453948
- Merge canonical master into security master · dc42afe9
  Yorick Peterse authored Apr 28, 2021
  
  dc42afe9
- Update CHANGELOG.md for 13.9.7-ee · 6ae690e6
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  6ae690e6
- Update CHANGELOG-EE.md for 13.9.7-ee · 84c163bd
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  84c163bd
- Update CHANGELOG.md for 13.10.4-ee · 8b9c8938
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  8b9c8938
- Update CHANGELOG-EE.md for 13.10.4-ee · f4834a3c
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  f4834a3c
- Update CHANGELOG.md for 13.11.2-ee · 32660c81
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  32660c81
- Update CHANGELOG-EE.md for 13.11.2-ee · 5735ea1b
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  5735ea1b
- Restrict the dependency proxy auth service · 6a5b2117
  David Fernandez authored Apr 20, 2021
```
Any objects other than `User` (such as `DeployToken`) are not allowed

Changelog: security
```
  6a5b2117
- Require 'api' scope to execute mutations · 67c694c7
  Alex Kalderimis authored Apr 08, 2021
```
Verify that read_api tokens cannot run mutations.

Also: adds tests use of OAuth tokens for GraphQL

We make some changes to the sessionless_authentication module
in order to capture the request_authenticator, so that we can access
the token scopes, without making any extra queries.

We ensure we always authorize the mutation, which, like all resolvers,
needs to opt in to the check.

Unlike resolvers, mutations should always raise. So
`BaseMutation.authorized?` raises on failure.

Logic for handling scopes is pushed down to the `ObjectAuthorization`
class, and encapsulated in the `ScopeValidator`, which limits the
methods that can be called by resolvers.
```
  67c694c7
- Prevent non-owners to set system_note_timestamp · daeb7d83
  Alexandru Croitor authored Feb 08, 2021
```
When an issue is created or updated though API for import
purposes we allow providing created_at and updated_at params
these would then be reflected also in system notes. Only admins
and project owners should be able to set these dates.
```
  daeb7d83
- Bump Carrierwave gem to v1.3.2 · 4d15b636
  Mike Kozono authored Apr 08, 2021
  
  4d15b636
- Disable keyset pagination for branches by default · 39b2b340
  Nick Thomas authored Apr 22, 2021
```
It seems that with this feature flag enabled, pagination doesn't work
correctly in conjunction with a search. The FF is already disabled on
GitLab.com, but disabling it in the YAML file means that self-managed
instances will also be protected from the security issue (unless they
explicitly opt-in to some beta code, of course).

Changelog: security
```
  39b2b340
- Do not expose pull mirror username and password · 56a23cce
  Vasilii Iakliushin authored Apr 15, 2021
```
Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/230864

* Remove password value from the pull mirror form
* Hide username from mirror url
```
  56a23cce
- Merge branch 'ag-success-activation-banner' into 'master' · 1b32041f
  Savas Vedova authored Apr 28, 2021
```
Subscription Activation: Success Banner

See merge request gitlab-org/gitlab!60389
```
  1b32041f
- Merge branch 'docs-remove-create-default-freeze' into 'master' · 4a61262a
  Marcia Ramos authored Apr 28, 2021
```
Docs: Remove create_default examples with freeze

See merge request gitlab-org/gitlab!60379
```
  4a61262a
- Merge branch 'nagyv-gitlab-master-patch-59131' into 'master' · ade2d3e8
  Marcia Ramos authored Apr 28, 2021
```
Document all the configuration options

See merge request gitlab-org/gitlab!59562
```
  ade2d3e8
- Document all the configuration options · 45e90bb6
  Viktor Nagy authored Apr 28, 2021
  
  45e90bb6
- Merge branch 'alberts-document-order-dependent-flaky-test' into 'master' · 4c15508b
  Marcia Ramos authored Apr 28, 2021
```
Document order-dependent flaky tests

See merge request gitlab-org/gitlab!59369
```
  4c15508b
- Document order-dependent flaky tests · 6775d035
  Albert Salim authored Apr 28, 2021
  
  6775d035
- Automatic merge of gitlab-org/gitlab master · 1843e310
  GitLab Bot authored Apr 28, 2021
  
  1843e310
- Merge branch 'kassio/import-validate-url-before-downloading' into 'master' · b9470d9e
  Matthias Käppler authored Apr 28, 2021
```
ImportExport: Validate URL before downloading

See merge request gitlab-org/gitlab!60388
```
  b9470d9e
- Merge branch 'ci-streamline-needs-usage' into 'master' · 3c69043c
  Rémy Coutable authored Apr 28, 2021
```
ci: Streamline our usage of 'needs' after latest improvements

See merge request gitlab-org/gitlab!60030
```
  3c69043c
- Merge branch 'remove-success-variant-upload-blob' into 'master' · b5f722e1
  David O'Regan authored Apr 28, 2021
```
Change success variant for primary button in upload file modal to confirm

See merge request gitlab-org/gitlab!59463
```
  b5f722e1