root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-10-10 21:11:59 +00:00
parent b6dd7408f5
commit 5f722a3563
11 changed files with 143 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab/issue_templates/Security developer workflow.md
View File

@ -83,4 +83,4 @@ After your merge request has been approved according to our [approval guidelines
[issue really needs to follow the security release workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#making-sure-the-issue-needs-to-follow-the-security-release-workflow
[breaking changes workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/far_reaching_impact_fixes_or_breaking_change_fixes.md
/label ~security ~"security-notifications
/label ~security ~"security-notifications"

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
5e3c8b379dcb1b415daef4e463b76df2c04ac10d
801a942f21de22cf8ca8f59cca00175deafe7654

2
doc/administration/dedicated/index.md
View File

@ -374,4 +374,4 @@ GitLab [application logs](../../administration/logs/index.md) are delivered to a
To gain read only access to this bucket:
1. Open a [support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650) with the title "Customer Log Access". In the body of the ticket, include a list of IAM Principal ARNs (users or roles) that are fetching the logs from S3.
1. GitLab then informs you of the name of the S3 bucket. Your nominated users/roles can then able to list and get all objects in the S3 bucket.
1. GitLab then informs you of the name of the S3 bucket. Your nominated users/roles are then able to list and get all objects in the S3 bucket.

26
doc/api/graphql/reference/index.md
View File

@ -8121,6 +8121,29 @@ The edge type for [`AlertManagementIntegration`](#alertmanagementintegration).
| <a id="alertmanagementintegrationedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
| <a id="alertmanagementintegrationedgenode"></a>`node` | [`AlertManagementIntegration`](#alertmanagementintegration) | The item at the end of the edge. |
#### `AmazonS3ConfigurationTypeConnection`
The connection type for [`AmazonS3ConfigurationType`](#amazons3configurationtype).
##### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="amazons3configurationtypeconnectionedges"></a>`edges` | [`[AmazonS3ConfigurationTypeEdge]`](#amazons3configurationtypeedge) | A list of edges. |
| <a id="amazons3configurationtypeconnectionnodes"></a>`nodes` | [`[AmazonS3ConfigurationType]`](#amazons3configurationtype) | A list of nodes. |
| <a id="amazons3configurationtypeconnectionpageinfo"></a>`pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
#### `AmazonS3ConfigurationTypeEdge`
The edge type for [`AmazonS3ConfigurationType`](#amazons3configurationtype).
##### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="amazons3configurationtypeedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
| <a id="amazons3configurationtypeedgenode"></a>`node` | [`AmazonS3ConfigurationType`](#amazons3configurationtype) | The item at the end of the edge. |
#### `ApprovalProjectRuleConnection`
The connection type for [`ApprovalProjectRule`](#approvalprojectrule).
@ -13387,7 +13410,7 @@ An endpoint and credentials used to accept Prometheus alerts for a project.
### `AmazonS3ConfigurationType`
Stores Amazon S3 configurations.
Stores Amazon S3 configurations for audit event streaming.
#### Fields
@ -17601,6 +17624,7 @@ GPG signature for a signed commit.
| <a id="groupactualsizelimit"></a>`actualSizeLimit` | [`Float`](#float) | The actual storage size limit (in bytes) based on the enforcement type of either repository or namespace. This limit is agnostic of enforcement type. |
| <a id="groupadditionalpurchasedstoragesize"></a>`additionalPurchasedStorageSize` | [`Float`](#float) | Additional storage purchased for the root namespace in bytes. |
| <a id="groupallowstalerunnerpruning"></a>`allowStaleRunnerPruning` | [`Boolean!`](#boolean) | Indicates whether to regularly prune stale group runners. Defaults to false. |
| <a id="groupamazons3configurations"></a>`amazonS3Configurations` | [`AmazonS3ConfigurationTypeConnection`](#amazons3configurationtypeconnection) | Amazon S3 configurations that receive audit events belonging to the group. (see [Connections](#connections)) |
| <a id="groupautodevopsenabled"></a>`autoDevopsEnabled` | [`Boolean`](#boolean) | Indicates whether Auto DevOps is enabled for all projects within this group. |
| <a id="groupavatarurl"></a>`avatarUrl` | [`String`](#string) | Avatar URL of the group. |
| <a id="groupcontainerrepositoriescount"></a>`containerRepositoriesCount` | [`Int!`](#int) | Number of container repositories in the group. |

7
doc/user/application_security/policies/scan-result-policies.md
View File

@ -101,15 +101,10 @@ On GitLab.com, this feature is not available.
## `scan_finding` rule type
> - The scan result policy field `vulnerability_attributes` was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123052) in GitLab 16.2 [with a flag](../../../administration/feature_flags.md) named `enforce_vulnerability_attributes_rules`. Disabled by default.
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/418784) in GitLab 16.3.
> - The scan result policy field `vulnerability_attributes` was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123052) in GitLab 16.2 [with a flag](../../../administration/feature_flags.md) named `enforce_vulnerability_attributes_rules`. [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/418784) in GitLab 16.3. Feature flag `enforce_vulnerability_attributes_rules` removed in GitLab 16.5.
> - The scan result policy field `vulnerability_age` was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123956) in GitLab 16.2.
> - The `branch_exceptions` field was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418741) in GitLab 16.3 [with a flag](../../../administration/feature_flags.md) named `security_policies_branch_exceptions`. Enabled by default.
FLAG:
On self-managed GitLab, by default the `vulnerability_attributes` field is available. To hide the feature, an administrator can [disable the feature flag](../../../administration/feature_flags.md) named `enforce_vulnerability_attributes_rules`.
On GitLab.com, this feature is available.
FLAG:
On self-managed GitLab, by default the `branch_exceptions` field is available. To hide the feature, an administrator can [disable the feature flag](../../../administration/feature_flags.md) named `security_policies_branch_exceptions`.
On GitLab.com, this feature is available.

38
lib/api/helpers/import_github_helpers.rb Normal file
View File

@ -0,0 +1,38 @@
# frozen_string_literal: true
module API
module Helpers
module ImportGithubHelpers
def client
@client ||= if Feature.enabled?(:remove_legacy_github_client)
Gitlab::GithubImport::Client.new(params[:personal_access_token], host: params[:github_hostname])
else
Gitlab::LegacyGithubImport::Client.new(params[:personal_access_token], **client_options)
end
end
def access_params
{
github_access_token: params[:personal_access_token],
additional_access_tokens: params[:additional_access_tokens]
}
end
def client_options
{ host: params[:github_hostname] }
end
def provider
:github
end
def provider_unauthorized
error!("Access denied to your #{Gitlab::ImportSources.title(provider.to_s)} account.", 401)
end
def too_many_requests
error!('Too Many Requests', 429)
end
end
end
end

33
lib/api/import_github.rb
View File

@ -10,38 +10,7 @@ module API
rescue_from Octokit::Unauthorized, with: :provider_unauthorized
rescue_from Gitlab::GithubImport::RateLimitError, with: :too_many_requests
helpers do
def client
@client ||= if Feature.enabled?(:remove_legacy_github_client)
Gitlab::GithubImport::Client.new(params[:personal_access_token], host: params[:github_hostname])
else
Gitlab::LegacyGithubImport::Client.new(params[:personal_access_token], **client_options)
end
end
def access_params
{
github_access_token: params[:personal_access_token],
additional_access_tokens: params[:additional_access_tokens]
}
end
def client_options
{ host: params[:github_hostname] }
end
def provider
:github
end
def provider_unauthorized
error!("Access denied to your #{Gitlab::ImportSources.title(provider.to_s)} account.", 401)
end
def too_many_requests
error!('Too Many Requests', 429)
end
end
helpers ::API::Helpers::ImportGithubHelpers
desc 'Import a GitHub project' do
detail 'This feature was introduced in GitLab 11.3.4.'

2
lib/gitlab/ci/templates/Docker.gitlab-ci.yml
View File

@ -11,7 +11,7 @@
docker-build:
# Use the official docker image.
image: docker:latest
image: docker:cli
stage: build
services:
- docker:dind

2
package.json
View File

@ -286,7 +286,7 @@
"prosemirror-test-builder": "^1.1.1",
"purgecss": "^4.0.3",
"purgecss-from-html": "^4.0.3",
"sass": "^1.49.9",
"sass": "^1.69.0",
"stylelint": "^15.10.2",
"swagger-cli": "^4.0.4",
"timezone-mock": "^1.0.8",

69
spec/lib/api/helpers/import_github_helpers_spec.rb Normal file
View File

@ -0,0 +1,69 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe API::Helpers::ImportGithubHelpers, feature_category: :importers do
subject do
helper = Class.new.include(described_class).new
def helper.params = {
personal_access_token: 'foo',
additional_access_tokens: 'bar',
github_hostname: 'github.example.com'
}
helper
end
describe '#client' do
context 'when remove_legacy_github_client is enabled' do
before do
stub_feature_flags(remove_legacy_github_client: true)
end
it 'returns the new github client' do
expect(subject.client).to be_a(Gitlab::GithubImport::Client)
end
end
context 'when remove_legacy_github_client is disabled' do
before do
stub_feature_flags(remove_legacy_github_client: false)
end
it 'returns the old github client' do
expect(subject.client).to be_a(Gitlab::LegacyGithubImport::Client)
end
end
end
describe '#access_params' do
it 'makes the passed in personal access token and extra tokens accessible' do
expect(subject.access_params).to eq({ github_access_token: 'foo', additional_access_tokens: 'bar' })
end
end
describe '#client_options' do
it 'makes the GitHub hostname accessible' do
expect(subject.client_options).to eq({ host: 'github.example.com' })
end
end
describe '#provider' do
it 'is GitHub' do
expect(subject.provider).to eq(:github)
end
end
describe '#provider_unauthorized' do
it 'raises an error' do
expect(subject).to receive(:error!).with('Access denied to your GitHub account.', 401)
subject.provider_unauthorized
end
end
describe '#too_many_requests' do
it 'raises an error' do
expect(subject).to receive(:error!).with('Too Many Requests', 429)
subject.too_many_requests
end
end
end

8
yarn.lock
View File

@ -11762,10 +11762,10 @@ safe-regex@^2.1.1:
resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
sass@^1.49.9:
version "1.49.9"
resolved "https://registry.yarnpkg.com/sass/-/sass-1.49.9.tgz#b15a189ecb0ca9e24634bae5d1ebc191809712f9"
integrity sha512-YlYWkkHP9fbwaFRZQRXgDi3mXZShslVmmo+FVK3kHLUELHHEYrCmL1x6IUjC7wLS6VuJSAFXRQS/DxdsC4xL1A==
sass@^1.69.0:
version "1.69.0"
resolved "https://registry.yarnpkg.com/sass/-/sass-1.69.0.tgz#5195075371c239ed556280cf2f5944d234f42679"
integrity sha512-l3bbFpfTOGgQZCLU/gvm1lbsQ5mC/WnLz3djL2v4WCJBDrWm58PO+jgngcGRNnKUh6wSsdm50YaovTqskZ0xDQ==
dependencies:
chokidar ">=3.0.0 <4.0.0"
immutable "^4.0.0"