From 5ef26a52ce5bef2e01b4f90a1563c662238017d1 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 18 Mar 2024 03:10:07 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- doc/ci/testing/code_quality.md | 2 +- doc/user/application_security/policies/index.md | 5 +---- qa/Gemfile | 2 +- qa/Gemfile.lock | 4 ++-- 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/doc/ci/testing/code_quality.md b/doc/ci/testing/code_quality.md index d953699dbee..f8e18199c23 100644 --- a/doc/ci/testing/code_quality.md +++ b/doc/ci/testing/code_quality.md @@ -239,7 +239,7 @@ To use a rootless private runner: --token "" \ --non-interactive \ --builds-dir "/tmp/builds" \ - --env "DOCKER_HOST=unix:///run/user//docker.sock" + --env "DOCKER_HOST=unix:///run/user//docker.sock" \ --docker-host "unix:///run/user//docker.sock" ``` diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md index e993c164935..fd5e5ca0b2d 100644 --- a/doc/user/application_security/policies/index.md +++ b/doc/user/application_security/policies/index.md @@ -348,9 +348,6 @@ The workaround is to amend your group or instance push rules to allow branches f - When creating a Scan Result Policy, neither the array `severity_levels` nor the array `vulnerability_states` in the [`scan_finding` rule](../policies/scan-result-policies.md#scan_finding-rule-type) can be left empty. For a working rule, at least one entry must exist. -- When configuring pipeline and merge request approval policies, it's important to remember that security scans - performed in manual jobs are not verified to determine whether MR approval is required. When you - run a manual job with security scans, it does not ensure approval even if vulnerabilities are - introduced. +- When merge request approval policies are enforced on projects containing manual jobs in their pipeline, policies evaluate the completed pipeline jobs and ignore the manual jobs. When the manual jobs are run, the policy re-evaluates the MR. If you are still experiencing issues, you can [view recent reported bugs](https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=popularity&state=opened&label_name%5B%5D=group%3A%3Asecurity%20policies&label_name%5B%5D=type%3A%3Abug&first_page_size=20) and raise new unreported issues. diff --git a/qa/Gemfile b/qa/Gemfile index 1862d1551f0..10b61076282 100644 --- a/qa/Gemfile +++ b/qa/Gemfile @@ -37,7 +37,7 @@ gem 'chemlab', '~> 0.11', '>= 0.11.1' gem 'chemlab-library-www-gitlab-com', '~> 0.1', '>= 0.1.1' # dependencies for jenkins client -gem 'nokogiri', '~> 1.16', '>= 1.16.2' +gem 'nokogiri', '~> 1.16', '>= 1.16.3' gem 'deprecation_toolkit', '~> 2.2.0', require: false diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index b363dcb1e9a..04b05f04483 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -214,7 +214,7 @@ GEM multi_json (1.15.0) multi_xml (0.6.0) netrc (0.11.0) - nokogiri (1.16.2) + nokogiri (1.16.3) mini_portile2 (~> 2.8.2) racc (~> 1.4) octokit (8.1.0) @@ -365,7 +365,7 @@ DEPENDENCIES gitlab_quality-test_tooling (~> 1.19.1) influxdb-client (~> 3.1) knapsack (~> 4.0) - nokogiri (~> 1.16, >= 1.16.2) + nokogiri (~> 1.16, >= 1.16.3) octokit (~> 8.1.0) parallel (~> 1.24) parallel_tests (~> 4.4)