diff --git a/.eslintrc.yml b/.eslintrc.yml
index d268d73e6a6..22dae35187e 100644
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -174,3 +174,6 @@ overrides:
'@graphql-eslint/no-anonymous-operations': error
'@graphql-eslint/unique-operation-name': error
'@graphql-eslint/require-id-when-available': error
+ '@graphql-eslint/no-unused-variables': error
+ '@graphql-eslint/no-unused-fragments': error
+ '@graphql-eslint/no-duplicate-fields': error
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0c06df88b3f..0ff1c6951c7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -114,6 +114,7 @@ variables:
DOCS_REVIEW_APPS_DOMAIN: "35.193.151.162.nip.io"
DOCS_GITLAB_REPO_SUFFIX: "ee"
+ REVIEW_APPS_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ruby-3.0:gcloud-383-kubectl-1.23-helm-3.5"
REVIEW_APPS_DOMAIN: "gitlab-review.app"
REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps"
REVIEW_APPS_GCP_REGION: "us-central1"
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 777c5c54ea5..8bfa77a4557 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -934,7 +934,6 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/config/feature_flags/development/forti_token_cloud.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/groups_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/omniauth_login_minimal_scopes.yml @gitlab-org/manage/authentication-and-authorization
-/config/feature_flags/development/personal_access_tokens_scoped_to_projects.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/projects_tokens_optional_encryption.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/refresh_authorizations_via_affected_projects_on_group_membership.yml @gitlab-org/manage/authentication-and-authorization
/config/feature_flags/development/skip_group_share_unlink_auth_refresh.yml @gitlab-org/manage/authentication-and-authorization
diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml
index 7f3ae70da8c..a01c6327cda 100644
--- a/.gitlab/ci/review-apps/main.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml
@@ -14,7 +14,7 @@ include:
.base-before_script: &base-before_script
- source ./scripts/utils.sh
- source ./scripts/review_apps/review-apps.sh
- - install_api_client_dependencies_with_apk
+ - apt-get update && apt-get install -y jq
review-build-cng-env:
extends:
@@ -72,7 +72,7 @@ review-build-cng:
.review-workflow-base:
extends:
- .default-retry
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17
+ image: ${REVIEW_APPS_IMAGE}
resource_group: "review/${CI_COMMIT_REF_NAME}"
variables:
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml
index b2cd9d61fd8..ef4b37aff4d 100644
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -5,7 +5,7 @@ review-cleanup:
extends:
- .default-retry
- .review:rules:review-cleanup
- image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ruby-3.0:gcloud-383-kubectl-1.23-helm-3.5
+ image: ${REVIEW_APPS_IMAGE}
stage: prepare
environment:
name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e9c671cb99f..56913441b25 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,684 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 15.2.0 (2022-07-21)
+
+### Added (171 changes)
+
+- [Add user id to profile page](gitlab-org/gitlab@b91b90f623b1f1b71f3348bd624c518fddd262ae) by @TrueKalix ([merge request](gitlab-org/gitlab!92212))
+- [[API] Get endpoint for latest TF module version](gitlab-org/gitlab@ba125b4692d966ae7c8d04a19f1b367238127731) by @renehernandez ([merge request](gitlab-org/gitlab!92450))
+- [Adds package cleanup policy project settings](gitlab-org/gitlab@4c9ffd9067248b5eba1d0a2b043804c815ba166b) ([merge request](gitlab-org/gitlab!90783)) **GitLab Enterprise Edition**
+- [Display users that have been banned in a namespace](gitlab-org/gitlab@855aae5300cb939bf490088a3a2518566c21edd3) ([merge request](gitlab-org/gitlab!91465)) **GitLab Enterprise Edition**
+- [Introduce :gitlab_geo schema for Geo tracking DB](gitlab-org/gitlab@b5525d97a7308d32ac64892549d2e79a4f1a0ea8) ([merge request](gitlab-org/gitlab!85842)) **GitLab Enterprise Edition**
+- [Add request-URL to vulnerability details](gitlab-org/gitlab@ba2648db8318cdcad4f6db15921469fc238f676c) ([merge request](gitlab-org/gitlab!91342)) **GitLab Enterprise Edition**
+- [Add link to change failure rate chart from tile](gitlab-org/gitlab@39e800f40efbcc30b726d97ec6ac85828316eb3e) ([merge request](gitlab-org/gitlab!92529))
+- [Add watchdog to observe memory fragmentation](gitlab-org/gitlab@e4d58c89189909dc1eb042bba77d3767056f4699) ([merge request](gitlab-org/gitlab!91910))
+- [Add background jobs for cleanup policies for packages](gitlab-org/gitlab@ba99ba6a2902ae33fd9ef8302bb892e204314b17) ([merge request](gitlab-org/gitlab!89055))
+- [Adds sidekiq_jobs_interrupted counter](gitlab-org/gitlab@e2c9d2ed52054e737b54095e8b20bb90106f1238) ([merge request](gitlab-org/gitlab!92560))
+- [Add timeline feature to incidents](gitlab-org/gitlab@bd4714317073b74b4e831eb69440cb4be562f826) ([merge request](gitlab-org/gitlab!92345))
+- [Respect parent namespace for gitlab migration](gitlab-org/gitlab@ae56020be41e092c355b07af7f5351cce3904397) ([merge request](gitlab-org/gitlab!90899))
+- [Allow users to delete releases from edit page](gitlab-org/gitlab@112e8a88022d096e61da08133cf41b789ea262f4) ([merge request](gitlab-org/gitlab!91929))
+- [Add verification token to audit events streams list](gitlab-org/gitlab@b8b3cb5bd6f6d75dd2d88e53af020f0ca1a8d095) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90799)) **GitLab Enterprise Edition**
+- [Add index on security_findings(uuid id DESC)](gitlab-org/gitlab@d8fb8e55899b21a4ca7dc4f4136c313b867db295) ([merge request](gitlab-org/gitlab!91885))
+- [Add `environment_scope` to `VariableType`](gitlab-org/gitlab@9766d47115af34ef6a21a7bb3e3fd9d71b2700b9) ([merge request](gitlab-org/gitlab!91913))
+- [Add `manual_variables` field to `JobType`](gitlab-org/gitlab@6085719b4d127d456c97d4c319519746a738983f) ([merge request](gitlab-org/gitlab!91819))
+- [Work Items - Tasks First Time Experience](gitlab-org/gitlab@fb80a08fdf4c2e2313655a29ae5ccad3a4a7ea55) ([merge request](gitlab-org/gitlab!91866))
+- [Add unique contraint for parent link work_item_id](gitlab-org/gitlab@c6e4c29a126ad84278cd09801f9701cb34f15329) ([merge request](gitlab-org/gitlab!92523))
+- [Upgrade GitLab Pages to 1.61.0](gitlab-org/gitlab@898f22481d790dddcecf040d838866e37933fe94) ([merge request](gitlab-org/gitlab!92543))
+- [Event type information in approval rule audit event streaming](gitlab-org/gitlab@5a0223ae11ac4eeae516319bdea32ae601121468) ([merge request](gitlab-org/gitlab!89939)) **GitLab Enterprise Edition**
+- [Include epic color widget on epic board sidebar](gitlab-org/gitlab@6a62171386d7a9a4a4ecca8fa4ff3817588847e4) by @espadav8 ([merge request](gitlab-org/gitlab!91879)) **GitLab Enterprise Edition**
+- [Hash passwords with PBKDF2+SHA512](gitlab-org/gitlab@4ee628f7179e07b19718f6c768d2af162656da6c) ([merge request](gitlab-org/gitlab!91622))
+- [Add upgrade status filter to runners](gitlab-org/gitlab@9c9ed344c538ec4a7f6bf9aff9877544858e910f) ([merge request](gitlab-org/gitlab!91689)) **GitLab Enterprise Edition**
+- [Preview free user cap only for specific namespaces](gitlab-org/gitlab@9cda29ff2d5cfc688104762f147e8fa7d35ef46d) ([merge request](gitlab-org/gitlab!92223))
+- [Add frontend form password complexity validation](gitlab-org/gitlab@5304dbcfc89d2ee9a26d923cecbed4ca5c5bde19) ([merge request](gitlab-org/gitlab!90956)) **GitLab Enterprise Edition**
+- [Pipeline Performance insights](gitlab-org/gitlab@0163ccfafc6e304f7607c662e2306fb8ba9fb5ee) ([merge request](gitlab-org/gitlab!91823))
+- [Add `partition_number` and related indices to `security_findings` table](gitlab-org/gitlab@7712894bbdbc51867c6a656acdeef1cd47d1f309) ([merge request](gitlab-org/gitlab!91683))
+- [Enable the `use_unnested_queries` by removing the FF globally](gitlab-org/gitlab@3103dd78016c93c4133156012a7fb68a99884569) ([merge request](gitlab-org/gitlab!92433)) **GitLab Enterprise Edition**
+- [Allow passing arrays of labels in Epic GraphQL mutations](gitlab-org/gitlab@22bce9c81246d6c551127482c687829990bde786) by @espadav8 ([merge request](gitlab-org/gitlab!91888)) **GitLab Enterprise Edition**
+- [Add GraphQL support for removing namespace bans](gitlab-org/gitlab@004b5da49eff7cee50f43a63f20d3ca5f30711ec) ([merge request](gitlab-org/gitlab!92020)) **GitLab Enterprise Edition**
+- [Copy failed spec names to clipboard from MR widget](gitlab-org/gitlab@b6180dd3503daf1d883b5a60e1960ba52d1f58f3) ([merge request](gitlab-org/gitlab!91552))
+- [Add 3 dot menu in work item link](gitlab-org/gitlab@5dedf44a7e43dc5764f215e4e5bd7ac6b0308d72) ([merge request](gitlab-org/gitlab!91564))
+- [Add frontend form password complexity validation](gitlab-org/gitlab@58decbc3ff1c607dafc6438e9cfee1ccb1da426a) ([merge request](gitlab-org/gitlab!85765)) **GitLab Enterprise Edition**
+- [Event type information for ci variable audit event](gitlab-org/gitlab@a72299162f608c88c00323bdce64c4e1077817f3) ([merge request](gitlab-org/gitlab!91983)) **GitLab Enterprise Edition**
+- [Limit number of project and group CI variables](gitlab-org/gitlab@6e11c4dab7871aa19a1f0394597a3e1a738ce43b) ([merge request](gitlab-org/gitlab!88940))
+- [Adding search bar to group MR search with no results](gitlab-org/gitlab@a77c587923131fde5556e900147109cd64a2327a) ([merge request](gitlab-org/gitlab!92272))
+- [Expose CI_MERGE_REQUEST_TARGET_BRANCH_PROTECTED as CI Variable](gitlab-org/gitlab@f741b9785c146b2f4bca6bc6553f2eaac60f5f86) by @Taucher2003 ([merge request](gitlab-org/gitlab!91617))
+- [Add Members page link to Project settings](gitlab-org/gitlab@0b0d6a03c4f2e91e92fc8f73fcdf61fa2bf80fbd) ([merge request](gitlab-org/gitlab!91700))
+- [Add the packages execute cleanup policy service](gitlab-org/gitlab@905a38235fe7969196a0df765d18831acf9f9852) ([merge request](gitlab-org/gitlab!90395))
+- [Consume new id format for security training](gitlab-org/gitlab@6a97457697e84291aa4a5145bc617a51dafa0ef8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92050)) **GitLab Enterprise Edition**
+- [Generate package.json links](gitlab-org/gitlab@8401d39616386ece2e8a4ca73f833ffd2ab98e23) ([merge request](gitlab-org/gitlab!91886))
+- [Introduce new jobs table](gitlab-org/gitlab@bddcdd54f318763215892c41e73f57a6a73da196) ([merge request](gitlab-org/gitlab!92239))
+- [Event type information in streaming access token audit events](gitlab-org/gitlab@39e368d37b399e9458abee4786821b47c76eaa0e) ([merge request](gitlab-org/gitlab!92225)) **GitLab Enterprise Edition**
+- [Enable use_keyset_aware_user_search_query FF](gitlab-org/gitlab@2123dc4630b385f2136a0ad31c07b062f21b2a5b) ([merge request](gitlab-org/gitlab!92321))
+- [Add Vulnerabilities::MergeRequestLink model](gitlab-org/gitlab@5a49d5426780e3ec1d2a1310740cac484f8611a4) ([merge request](gitlab-org/gitlab!92096))
+- [Add vulnerability_merge_request_links table](gitlab-org/gitlab@7c87d65681d61aad81f6d1698cd035429e722270) ([merge request](gitlab-org/gitlab!92096))
+- [Add group audit event keyset pagination](gitlab-org/gitlab@87ef7a9a58746c271312abf28e486c8ef94d1e05) ([merge request](gitlab-org/gitlab!91869)) **GitLab Enterprise Edition**
+- [Event type information in protected branch audit event stream](gitlab-org/gitlab@a1f6bd7789ec93e59a512645788b3cb3e107ba26) ([merge request](gitlab-org/gitlab!92074)) **GitLab Enterprise Edition**
+- [Ensure namespace_id is set when issue is saved](gitlab-org/gitlab@e02866fe5fe6ee75a84fe3372840a0a540f59ddf) ([merge request](gitlab-org/gitlab!91387))
+- [Upgrade GitLab Pages to 1.60.0](gitlab-org/gitlab@65f51b3865258329d0ada53da9289ed52ad48b2b) ([merge request](gitlab-org/gitlab!92312))
+- [Add evidence fields to Vulnerability Issue template](gitlab-org/gitlab@9154cdd754a78e6ae625192656a35e6076dfdcd1) ([merge request](gitlab-org/gitlab!81268)) **GitLab Enterprise Edition**
+- [Add error_tracking_access_token to application settings](gitlab-org/gitlab@8587ac65fa180372cfd6c2b1c7d44800563b3707) ([merge request](gitlab-org/gitlab!91928))
+- [Include commit message templates when forking project](gitlab-org/gitlab@823568d2a0793b1d745bdc79d073bf6d68d001ef) by @nejc ([merge request](gitlab-org/gitlab!92281))
+- [Create new rake task with Advanced Search integration details](gitlab-org/gitlab@704d49747f6d2ae1d54acaab52165778dd82fc66) ([merge request](gitlab-org/gitlab!91243)) **GitLab Enterprise Edition**
+- [Periodically reconcile ci_runner_versions](gitlab-org/gitlab@ce05e28041dba1afbd2cb82f85bf65a63e0e95ad) ([merge request](gitlab-org/gitlab!91554))
+- [Cleanup BackfillDraftStatusOnMergeRequests migration](gitlab-org/gitlab@9dc0026c34bbf1e227e7bdd5508859536f937bc8) ([merge request](gitlab-org/gitlab!92119))
+- [Implement granular access for Protected Tags API](gitlab-org/gitlab@63a69499b07a96ccc3aff8c3241f26e5ed7a3cdb) ([merge request](gitlab-org/gitlab!92116)) **GitLab Enterprise Edition**
+- [[issue-354239] Import github 'renamed' issue events](gitlab-org/gitlab@1d571cad9452ad262a66b765232eff7cd033e014) ([merge request](gitlab-org/gitlab!89851))
+- [Format multiple quick actions with
-
-
- {{
- __('Set access permissions for this token.')
- }}
- {{
- __('All projects')
- }}
- {{
- __('Selected projects')
- }}
-
-
diff --git a/app/assets/javascripts/access_tokens/components/projects_token_selector.vue b/app/assets/javascripts/access_tokens/components/projects_token_selector.vue
deleted file mode 100644
index 4843c52fcbb..00000000000
--- a/app/assets/javascripts/access_tokens/components/projects_token_selector.vue
+++ /dev/null
@@ -1,156 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/app/assets/javascripts/access_tokens/index.js b/app/assets/javascripts/access_tokens/index.js
index a7a03523e7f..9801aa08e28 100644
--- a/app/assets/javascripts/access_tokens/index.js
+++ b/app/assets/javascripts/access_tokens/index.js
@@ -1,6 +1,5 @@
import Vue from 'vue';
-import createFlash from '~/flash';
import { convertObjectPropsToCamelCase } from '~/lib/utils/common_utils';
import { parseRailsFormFields } from '~/lib/utils/forms';
import { __, sprintf } from '~/locale';
@@ -99,62 +98,6 @@ export const initNewAccessTokenApp = () => {
});
};
-export const initProjectsField = () => {
- const el = document.querySelector('.js-access-tokens-projects');
-
- if (!el) {
- return null;
- }
-
- const { projects: inputAttrs } = parseRailsFormFields(el);
-
- if (window.gon.features.personalAccessTokensScopedToProjects) {
- return new Promise((resolve) => {
- Promise.all([
- import('./components/projects_field.vue'),
- import('vue-apollo'),
- import('~/lib/graphql'),
- ])
- .then(
- ([
- { default: ProjectsField },
- { default: VueApollo },
- { default: createDefaultClient },
- ]) => {
- const apolloProvider = new VueApollo({
- defaultClient: createDefaultClient(),
- });
-
- Vue.use(VueApollo);
-
- resolve(
- new Vue({
- el,
- apolloProvider,
- render(h) {
- return h(ProjectsField, {
- props: {
- inputAttrs,
- },
- });
- },
- }),
- );
- },
- )
- .catch(() => {
- createFlash({
- message: __(
- 'An error occurred while loading the access tokens form, please try again.',
- ),
- });
- });
- });
- }
-
- return null;
-};
-
export const initTokensApp = () => {
const el = document.getElementById('js-tokens-app');
diff --git a/app/assets/javascripts/editor/graphql/typedefs.graphql b/app/assets/javascripts/editor/graphql/typedefs.graphql
index 2433ebf6c66..49beae033f1 100644
--- a/app/assets/javascripts/editor/graphql/typedefs.graphql
+++ b/app/assets/javascripts/editor/graphql/typedefs.graphql
@@ -12,12 +12,22 @@ type Items {
nodes: [Item]!
}
+input ItemInput {
+ id: ID!
+ label: String!
+ icon: String
+ selected: Boolean
+ group: Int!
+ category: String
+ selectedLabel: String
+}
+
extend type Query {
items: Items
}
extend type Mutation {
- updateToolbarItem(id: ID!, propsToUpdate: Item!): LocalErrors
+ updateToolbarItem(id: ID!, propsToUpdate: ItemInput!): LocalErrors
removeToolbarItems(ids: [ID!]): LocalErrors
- addToolbarItems(items: [Item]): LocalErrors
+ addToolbarItems(items: [ItemInput]): LocalErrors
}
diff --git a/app/assets/javascripts/environments/graphql/queries/environment_app.query.graphql b/app/assets/javascripts/environments/graphql/queries/environment_app.query.graphql
index 2c17c42dd6d..c3ab9cf7fca 100644
--- a/app/assets/javascripts/environments/graphql/queries/environment_app.query.graphql
+++ b/app/assets/javascripts/environments/graphql/queries/environment_app.query.graphql
@@ -4,6 +4,5 @@ query getEnvironmentApp($page: Int, $scope: String) {
stoppedCount
environments
reviewApp
- stoppedCount
}
}
diff --git a/app/assets/javascripts/graphql_shared/fragments/blobviewer.fragment.graphql b/app/assets/javascripts/graphql_shared/fragments/blobviewer.fragment.graphql
deleted file mode 100644
index b202ed12f80..00000000000
--- a/app/assets/javascripts/graphql_shared/fragments/blobviewer.fragment.graphql
+++ /dev/null
@@ -1,7 +0,0 @@
-fragment BlobViewer on SnippetBlobViewer {
- collapsed
- renderError
- tooLarge
- type
- fileType
-}
diff --git a/app/assets/javascripts/graphql_shared/fragments/iteration.fragment.graphql b/app/assets/javascripts/graphql_shared/fragments/iteration.fragment.graphql
deleted file mode 100644
index 78a368089a8..00000000000
--- a/app/assets/javascripts/graphql_shared/fragments/iteration.fragment.graphql
+++ /dev/null
@@ -1,4 +0,0 @@
-fragment Iteration on Iteration {
- id
- title
-}
diff --git a/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js b/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js
index 3fae9809e51..c520042c172 100644
--- a/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js
+++ b/app/assets/javascripts/pages/profiles/personal_access_tokens/index.js
@@ -2,12 +2,10 @@ import {
initAccessTokenTableApp,
initExpiresAtField,
initNewAccessTokenApp,
- initProjectsField,
initTokensApp,
} from '~/access_tokens';
initAccessTokenTableApp();
initExpiresAtField();
initNewAccessTokenApp();
-initProjectsField();
initTokensApp();
diff --git a/app/assets/javascripts/pipeline_editor/graphql/mutations/client/lint_ci.mutation.graphql b/app/assets/javascripts/pipeline_editor/graphql/mutations/client/lint_ci.mutation.graphql
index 5091d63111f..2d42ebb6ac3 100644
--- a/app/assets/javascripts/pipeline_editor/graphql/mutations/client/lint_ci.mutation.graphql
+++ b/app/assets/javascripts/pipeline_editor/graphql/mutations/client/lint_ci.mutation.graphql
@@ -13,7 +13,6 @@ mutation lintCI($endpoint: String, $content: String, $dry: Boolean) {
only {
refs
}
- afterScript
stage
tags
when
diff --git a/app/assets/javascripts/snippets/fragments/snippet_base.fragment.graphql b/app/assets/javascripts/snippets/fragments/snippet_base.fragment.graphql
deleted file mode 100644
index d75b4011d1c..00000000000
--- a/app/assets/javascripts/snippets/fragments/snippet_base.fragment.graphql
+++ /dev/null
@@ -1,35 +0,0 @@
-#import '~/graphql_shared/fragments/blobviewer.fragment.graphql'
-
-fragment SnippetBase on Snippet {
- id
- title
- description
- descriptionHtml
- createdAt
- updatedAt
- visibilityLevel
- webUrl
- httpUrlToRepo
- sshUrlToRepo
- blobs {
- nodes {
- binary
- name
- path
- rawPath
- size
- externalStorage
- renderedAsText
- simpleViewer {
- ...BlobViewer
- }
- richViewer {
- ...BlobViewer
- }
- }
- }
- userPermissions {
- adminSnippet
- updateSnippet
- }
-}
diff --git a/app/assets/javascripts/work_items/graphql/typedefs.graphql b/app/assets/javascripts/work_items/graphql/typedefs.graphql
index 44a2999a72e..36ffba8a540 100644
--- a/app/assets/javascripts/work_items/graphql/typedefs.graphql
+++ b/app/assets/javascripts/work_items/graphql/typedefs.graphql
@@ -22,10 +22,25 @@ extend type WorkItem {
mockWidgets: [LocalWorkItemWidget]
}
+input LocalUserInput {
+ id: ID!
+ name: String
+ username: String
+ webUrl: String
+ avatarUrl: String
+}
+
+input LocalLabelInput {
+ id: ID!
+ title: String!
+ color: String
+ description: String
+}
+
input LocalUpdateWorkItemInput {
id: WorkItemID!
- assignees: [UserCore!]
- labels: [Label]
+ assignees: [LocalUserInput!]
+ labels: [LocalLabelInput]
}
type LocalWorkItemPayload {
diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb
index bf573d45852..a53e832329f 100644
--- a/app/controllers/admin/broadcast_messages_controller.rb
+++ b/app/controllers/admin/broadcast_messages_controller.rb
@@ -58,7 +58,6 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
def broadcast_message_params
params.require(:broadcast_message).permit(%i(
- color
theme
ends_at
message
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb
index 1a8908e8571..a8d8e1e38a3 100644
--- a/app/controllers/profiles/personal_access_tokens_controller.rb
+++ b/app/controllers/profiles/personal_access_tokens_controller.rb
@@ -3,10 +3,6 @@
class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
feature_category :authentication_and_authorization
- before_action do
- push_frontend_feature_flag(:personal_access_tokens_scoped_to_projects, current_user)
- end
-
def index
set_index_vars
scopes = params[:scopes].split(',').map(&:squish).select(&:present?).map(&:to_sym) unless params[:scopes].nil?
diff --git a/app/services/issues/clone_service.rb b/app/services/issues/clone_service.rb
index d054cf7827d..07dd9a98f89 100644
--- a/app/services/issues/clone_service.rb
+++ b/app/services/issues/clone_service.rb
@@ -41,7 +41,6 @@ module Issues
def update_new_entity
# we don't call `super` because we want to be able to decide whether or not to copy all comments over.
update_new_entity_description
- copy_award_emoji
if with_notes
copy_notes
diff --git a/app/services/work_items/widgets/hierarchy_service/base_service.rb b/app/services/work_items/widgets/hierarchy_service/base_service.rb
index 085d6c6b0e7..05625cb5240 100644
--- a/app/services/work_items/widgets/hierarchy_service/base_service.rb
+++ b/app/services/work_items/widgets/hierarchy_service/base_service.rb
@@ -15,7 +15,7 @@ module WorkItems
elsif params.key?(:children)
update_work_item_children(params.delete(:children))
else
- invalid_args_error
+ invalid_args_error(params)
end
end
@@ -64,7 +64,7 @@ module WorkItems
error(_('A Work Item can be a parent or a child, but not both.'))
end
- def invalid_args_error
+ def invalid_args_error(params)
error(_("One or more arguments are invalid: %{args}." % { args: params.keys.to_sentence } ))
end
diff --git a/app/views/shared/access_tokens/_form.html.haml b/app/views/shared/access_tokens/_form.html.haml
index 0f6fc860883..3c39c1d6b74 100644
--- a/app/views/shared/access_tokens/_form.html.haml
+++ b/app/views/shared/access_tokens/_form.html.haml
@@ -45,9 +45,5 @@
= link_to _("Learn more."), help_path, target: '_blank', rel: 'noopener noreferrer'
= render 'shared/tokens/scopes_form', prefix: prefix, token: token, scopes: scopes, f: f
- - if prefix == :personal_access_token && Feature.enabled?(:personal_access_tokens_scoped_to_projects, current_user)
- .js-access-tokens-projects
- %input{ type: 'hidden', name: 'personal_access_token[projects]', id: 'personal_access_token_projects', data: { js_name: 'projects' } }
-
.gl-mt-3
= f.submit _('Create %{type}') % { type: type }, class: 'gl-button btn btn-confirm', data: { qa_selector: 'create_token_button' }
diff --git a/config/feature_flags/development/personal_access_tokens_scoped_to_projects.yml b/config/feature_flags/development/personal_access_tokens_scoped_to_projects.yml
deleted file mode 100644
index 9188b0dbab4..00000000000
--- a/config/feature_flags/development/personal_access_tokens_scoped_to_projects.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: personal_access_tokens_scoped_to_projects
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54617
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/322187
-milestone: '13.10'
-type: development
-group: group::access
-default_enabled: false
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index c543f62f135..be95c5e5c81 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -525,12 +525,9 @@ To upgrade a Gitaly Cluster, follow the documentation for
### Downgrade Gitaly Cluster to a previous version
-If you need to roll back a Gitaly Cluster to an earlier version, some Praefect database migrations may need to be reverted. In a cluster with:
+If you need to roll back a Gitaly Cluster to an earlier version, some Praefect database migrations may need to be reverted.
-- A single Praefect node, this happens when GitLab itself is downgraded.
-- Multiple Praefect nodes, additional steps are required.
-
-To downgrade a Gitaly Cluster with multiple Praefect nodes:
+To downgrade a Gitaly Cluster (assuming multiple Praefect nodes):
1. Stop the Praefect service on all Praefect nodes:
diff --git a/doc/api/integrations.md b/doc/api/integrations.md
index fca1d02161b..28f1629c938 100644
--- a/doc/api/integrations.md
+++ b/doc/api/integrations.md
@@ -967,7 +967,6 @@ Parameters:
| Parameter | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `token` | string | yes | The Mattermost token |
-| `username` | string | no | The username to use to post the message |
### Disable Mattermost Slash Command integration
diff --git a/doc/security/user_file_uploads.md b/doc/security/user_file_uploads.md
index dcdd18a9f0b..2e2dbdaa765 100644
--- a/doc/security/user_file_uploads.md
+++ b/doc/security/user_file_uploads.md
@@ -5,21 +5,49 @@ group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
-# User File Uploads **(FREE)**
+# User file uploads **(FREE)**
-Images that are attached to issues, merge requests, or comments
-do not require authentication to be viewed if they are accessed directly by URL.
-This direct URL contains a random 32-character ID that prevents unauthorized
-people from guessing the URL for an image, thus there is some protection if an
-image contains sensitive information.
+> - Enforced authorization checks [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80117) in GitLab 14.8 [with a flag](../administration/feature_flags.md) named `enforce_auth_checks_on_uploads`. Disabled by default.
+> - Project settings in the user interface [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88567) in GitLab 15.3.
-Authentication is not enabled because images must be visible in the body of
-notification emails, which are often read from email clients that are not
-authenticated with GitLab, such as Outlook, Apple Mail, or the Mail app on your
-mobile device.
+FLAG:
+On self-managed GitLab, by default this feature is unavailable. To make it available per project or for your entire instance,
+ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `enforce_auth_checks_on_uploads`.
+On GitLab.com, this feature is not available.
-NOTE:
-Non-image attachments do require authentication to be viewed.
+In private or internal projects, GitLab restricts access to uploaded files (such as PDFs)
+to authenticated users only. By default, image files are not subject to the same
+restriction, and unauthenticated users can use the URL to view the
+file. If you enable authorization checks for all media files, images
+receive the same protection and are viewable only by authenticated users.
+
+Users can upload files to issues, merge requests, or comments in a project. Direct URLs
+to these images in GitLab contain a random 32-character ID to help prevent
+unauthorized users from guessing image URLs. This randomization provides some protection
+if an image contains sensitive information.
+
+Authentication checks for images can cause display issues in the body of notification emails.
+Emails are frequently read from clients (such as Outlook, Apple Mail, or your mobile device)
+not authenticated with GitLab. Images in emails appear broken and unavailable if
+the client is not authorized to GitLab.
+
+## Enable authorization checks for all media files
+
+Non-image attachments (including PDFs) always require authentication to be viewed.
+You can use this setting to extend this protection to image files.
+
+Prerequisite:
+
+- You must have the Maintainer or Owner role for the project.
+- Your project visibility settings must be **Private** or **Internal**.
+
+To configure authentication settings for all media files:
+
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Settings > General**.
+1. Expand **Visibility, project features, permissions**.
+1. Scroll to **Project visibility** and select **Require authentication to view media files**.
+ You cannot select this option for projects with **Public** visibility.