root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2025-02-19 06:07:13 +00:00
parent ff55a582e7
commit fdb3eaf75c
110 changed files with 1628 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1081
CHANGELOG.md
View File

File diff suppressed because it is too large Load Diff

113
app/assets/javascripts/token_access/components/autopopulate_allowlist_modal.vue
View File

@ -1,20 +1,30 @@
<script>
import { GlAlert, GlModal, GlSprintf } from '@gitlab/ui';
import { __, s__ } from '~/locale';
import { GlAlert, GlLink, GlModal, GlSprintf } from '@gitlab/ui';
import { __, s__, sprintf } from '~/locale';
import autopopulateAllowlistMutation from '../graphql/mutations/autopopulate_allowlist.mutation.graphql';
export default {
name: 'AutopopulateAllowlistModal',
components: {
GlAlert,
GlLink,
GlModal,
GlSprintf,
},
inject: ['fullPath'],
props: {
authLogExceedsLimit: {
type: Boolean,
required: true,
},
projectAllowlistLimit: {
type: Number,
required: true,
},
projectName: {
type: String,
required: true,
required: false,
default: '',
},
showModal: {
type: Boolean,
@ -29,6 +39,16 @@ export default {
};
},
computed: {
authLogExceedsLimitMessage() {
return sprintf(
s__(
'CICD|The allowlist can contain a maximum of %{projectAllowlistLimit} groups and projects.',
),
{
projectAllowlistLimit: this.projectAllowlistLimit,
},
);
},
modalOptions() {
return {
actionPrimary: {
@ -47,6 +67,13 @@ export default {
},
};
},
modalTitle() {
if (this.authLogExceedsLimit) {
return s__('CICD|Add log entries and compact the allowlist');
}
return s__('CICD|Add all authentication log entries to the allowlist');
},
},
methods: {
async autopopulateAllowlist() {
@ -95,7 +122,7 @@ export default {
<template>
<gl-modal
:visible="showModal"
:title="s__('CICD|Add all authentication log entries to the allowlist')"
:title="modalTitle"
:action-primary="modalOptions.actionPrimary"
:action-secondary="modalOptions.actionSecondary"
modal-id="autopopulate-allowlist-modal"
@ -103,37 +130,57 @@ export default {
@secondary="hideModal"
@canceled="hideModal"
>
<gl-alert v-if="errorMessage" variant="danger" class="gl-mb-3 gl-pb-0" :dismissible="false">
<p>
{{ errorMessage }}
</p>
<gl-alert v-if="errorMessage" variant="danger" class="gl-mb-3" :dismissible="false">
{{ errorMessage }}
</gl-alert>
<p>
<gl-sprintf
:message="
<div v-if="authLogExceedsLimit">
<gl-alert variant="warning" class="gl-mb-3" :dismissible="false">
{{ authLogExceedsLimitMessage }}
</gl-alert>
<p data-testid="modal-description">
<!-- TODO: Update documentation link -->
<!-- See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/181294 -->
<gl-sprintf
:message="
s__(
'CICD|Adding all entries from the authentication log would exceed this limit. GitLab can compact the allowlist with common groups until the entries are within the limit. %{linkStart}What is the compaction algorithm?%{linkEnd}',
)
"
>
<template #link="{ content }">
<gl-link href="/" target="_blank">{{ content }}</gl-link>
</template>
</gl-sprintf>
</p>
</div>
<div v-else data-testid="modal-description">
<p>
<gl-sprintf
:message="
s__(
`CICD|You're about to add all entries from the authentication log to the allowlist for %{projectName}. Duplicate entries will be ignored.`,
)
"
>
<template #projectName>
<b>{{ projectName }}</b>
</template>
</gl-sprintf>
</p>
<p>
{{
s__(
`CICD|You're about to add all entries from the authentication log to the allowlist for %{projectName}. Duplicate entries will be ignored.`,
'CICD|Groups and projects on the allowlist are authorized to use a CI/CD job token to authenticate requests to this project. Entries added from the authentication log can be removed later if needed.',
)
"
>
<template #projectName>
<b>{{ projectName }}</b>
</template>
</gl-sprintf>
</p>
<p>
{{
s__(
'CICD|Groups and projects on the allowlist are authorized to use a CI/CD job token to authenticate requests to this project. Entries added from the authentication log can be removed later if needed.',
)
}}
</p>
<p>
{{
s__(
'CICD|The process to add entries could take a moment to complete with large logs or allowlists.',
)
}}
</p>
}}
</p>
<p>
{{
s__(
'CICD|The process to add entries could take a moment to complete with large logs or allowlists.',
)
}}
</p>
</div>
</gl-modal>
</template>

25
app/assets/javascripts/token_access/components/inbound_token_access.vue
View File

@ -23,6 +23,7 @@ import inboundUpdateCIJobTokenScopeMutation from '../graphql/mutations/inbound_u
import inboundGetCIJobTokenScopeQuery from '../graphql/queries/inbound_get_ci_job_token_scope.query.graphql';
import inboundGetGroupsAndProjectsWithCIJobTokenScopeQuery from '../graphql/queries/inbound_get_groups_and_projects_with_ci_job_token_scope.query.graphql';
import getCiJobTokenScopeAllowlistQuery from '../graphql/queries/get_ci_job_token_scope_allowlist.query.graphql';
import getAuthLogCountQuery from '../graphql/queries/get_auth_log_count.query.graphql';
import {
JOB_TOKEN_FORM_ADD_GROUP_OR_PROJECT,
JOB_TOKEN_FORM_AUTOPOPULATE_AUTH_LOG,
@ -94,8 +95,24 @@ export default {
GlTooltip: GlTooltipDirective,
},
mixins: [glFeatureFlagsMixin()],
inject: ['enforceAllowlist', 'fullPath'],
inject: ['enforceAllowlist', 'fullPath', 'projectAllowlistLimit'],
apollo: {
authLogCount: {
query: getAuthLogCountQuery,
variables() {
return {
fullPath: this.fullPath,
};
},
update({ project }) {
return project.ciJobTokenAuthLogs?.count;
},
error() {
createAlert({
message: s__('CICD|There was a problem fetching authorization logs count.'),
});
},
},
inboundJobTokenScopeEnabled: {
query: inboundGetCIJobTokenScopeQuery,
variables() {
@ -152,6 +169,7 @@ export default {
},
data() {
return {
authLogCount: 0,
inboundJobTokenScopeEnabled: null,
isUpdating: false,
groupsAndProjectsWithAccess: { groups: [], projects: [] },
@ -162,6 +180,9 @@ export default {
};
},
computed: {
authLogExceedsLimit() {
return this.projectCount + this.groupCount + this.authLogCount > this.projectAllowlistLimit;
},
isJobTokenPoliciesEnabled() {
return this.glFeatures.addPoliciesToCiJobToken;
},
@ -300,6 +321,8 @@ export default {
<template>
<div class="gl-mt-5">
<autopopulate-allowlist-modal
:auth-log-exceeds-limit="authLogExceedsLimit"
:project-allowlist-limit="projectAllowlistLimit"
:project-name="projectName"
:show-modal="showAutopopulateModal"
@hide="hideSelectedAction"

8
app/assets/javascripts/token_access/graphql/queries/get_auth_log_count.query.graphql Normal file
View File

@ -0,0 +1,8 @@
query getAuthLogCount($fullPath: ID!) {
project(fullPath: $fullPath) {
id
ciJobTokenAuthLogs {
count
}
}
}

6
app/assets/javascripts/token_access/index.js
View File

@ -19,16 +19,18 @@ export const initTokenAccess = (containerId = 'js-ci-token-access-app') => {
return false;
}
const { fullPath, csvDownloadPath, enforceAllowlist } = containerEl.dataset;
const { csvDownloadPath, enforceAllowlist, fullPath, projectAllowlistLimit } =
containerEl.dataset;
return new Vue({
el: containerEl,
name: 'TokenAccessAppsRoot',
apolloProvider,
provide: {
csvDownloadPath,
enforceAllowlist: JSON.parse(enforceAllowlist),
fullPath,
csvDownloadPath,
projectAllowlistLimit: Number(projectAllowlistLimit),
},
render(createElement) {
return createElement(TokenAccessApp);

8
app/graphql/mutations/concerns/mutations/work_items/widgetable.rb
View File

@ -16,9 +16,11 @@ module Mutations
"Following widget keys are not supported by #{work_item_type.name} type: #{not_supported_keys}"
end
# Cannot use prepare to use `.to_h` on each input due to
# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87472#note_945199865
widget_params.transform_values(&:to_h)
# TODO: Refactor to use `#prepare` on the input types
# https://gitlab.com/gitlab-org/gitlab/-/issues/519801
widget_params.transform_values do |input|
input.is_a?(Array) ? input.map(&:to_h) : input.to_h
end
end
end
end

9
app/views/ci/token_access/_index.html.haml
View File

@ -1 +1,8 @@
#js-ci-token-access-app{ data: { full_path: @project.full_path, csv_download_path: export_job_token_authorizations_namespace_project_settings_ci_cd_path(@project.namespace, @project), enforce_allowlist: Gitlab::CurrentSettings.enforce_ci_inbound_job_token_scope_enabled?.to_s } }
#js-ci-token-access-app{
data: {
full_path: @project.full_path,
csv_download_path: export_job_token_authorizations_namespace_project_settings_ci_cd_path(@project.namespace, @project),
enforce_allowlist: Gitlab::CurrentSettings.enforce_ci_inbound_job_token_scope_enabled?.to_s,
project_allowlist_limit: Ci::JobToken::ProjectScopeLink::PROJECT_LINK_DIRECTIONAL_LIMIT,
}
}

48
data/deprecations/18-0-runner-switch-ff-git-urls-without-tokens-default.yml Normal file
View File

@ -0,0 +1,48 @@
- title: "Default GitLab Runner's `FF_GIT_URLS_WITHOUT_TOKENS` feature flag to `true`"
removal_milestone: "18.0"
announcement_milestone: "17.9"
breaking_change: true
# window: # Can be 1, 2, or 3 - The window when the breaking change will be deployed on GitLab.com
reporter: hoegaarden
stage: stage
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/518709
# Use the impact calculator https://gitlab-com.gitlab.io/gl-infra/breaking-change-impact-calculator/?
impact: medium # Can be one of: [critical, high, medium, low]
# scope: # Can be one or a combination of: [instance, group, project]
resolution_role: Owner # Can be one of: [Admin, Owner, Maintainer, Developer]
manual_task: false # Can be true or false. Use this to denote whether a resolution action must be performed manually (true), or if it can be automated by using the API or other automation (false).
body: |
In GitLab Runner 18.0, to limit the potential for token leakage, the
default value for the `FF_GIT_URLS_WITHOUT_TOKENS` feature flag changes
to `true`.
This change affects users who:
- Use executors that share Git credential state across jobs (for example, shell executor).
- Have a caching Git credential helper installed (for example,
[gitforwindows](https://gitforwindows.org/) installs
[Git credential manager (GCM)](https://github.com/git-ecosystem/git-credential-manager)
system-wide by default).
- Run builds in parallel.
To prevent issues, ensure that you don't use any caching Git credential
helper with GitLab Runner, use an executor which runs jobs in isolated
environments, or run job serially only.
# # ==============================
# # OPTIONAL END-OF-SUPPORT FIELDS
# # ==============================
# #
# # If an End of Support period applies:
# # 1) Share this announcement in the `#spt_managers` Support channel in Slack
# # 2) Mention `@gitlab-com/support` in this merge request.
# #
# # When support for this feature ends, in XX.YY milestone format.
# end_of_support_milestone:
# # Array of tiers the feature is currently available to,
# # like [Free, Silver, Gold, Core, Premium, Ultimate]
# tiers:
# # Links to documentation and thumbnail image
# documentation_url:
# image_url:
# # Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
# video_url:

2
doc/administration/analytics/dev_ops_reports.md
View File

@ -75,4 +75,4 @@ To remove a group from the DevOps Reports:
- From the **Add or remove groups** dropdown list, clear the group you want to remove.
- From the **Adoption by group** table, in the row of the group you want to remove, select
**Remove Group from the table** ({{< icon name="remove" >}}).
**Remove Group from the table** ({{< icon name="remove" >}}).

2
doc/administration/auth/jwt.md
View File

@ -73,7 +73,7 @@ JWT provides you with a secret key for you to use.
{{< alert type="note" >}}
For more information on each configuration option refer to
For more information on each configuration option refer to
the [OmniAuth JWT usage documentation](https://github.com/mbleigh/omniauth-jwt#usage).
{{< /alert >}}

2
doc/administration/auth/ldap/google_secure_ldap.md
View File

@ -41,7 +41,7 @@ Secure LDAP is only available on specific Google Workspace editions. For more in
{{< alert type="note" >}}
If you plan to use GitLab [LDAP Group Sync](ldap_synchronization.md#group-sync)
If you plan to use GitLab [LDAP Group Sync](ldap_synchronization.md#group-sync)
, turn on `Read group information`.
{{< /alert >}}

4
doc/administration/auth/oidc.md
View File

@ -112,7 +112,7 @@ The OpenID Connect provider provides you with a client's details and secret for
{{< alert type="note" >}}
For more information on using multiple identity providers with OIDC, see [issue 5992](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5992).
For more information on using multiple identity providers with OIDC, see [issue 5992](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5992).
{{< /alert >}}
@ -143,7 +143,7 @@ For more information on using multiple identity providers with OIDC, see [issue
{{< alert type="note" >}}
For more information on each configuration option, refer to the [OmniAuth OpenID Connect usage documentation](https://github.com/omniauth/omniauth_openid_connect#usage) and [OpenID Connect Core 1.0 specification](https://openid.net/specs/openid-connect-core-1_0.html).
For more information on each configuration option, refer to the [OmniAuth OpenID Connect usage documentation](https://github.com/omniauth/omniauth_openid_connect#usage) and [OpenID Connect Core 1.0 specification](https://openid.net/specs/openid-connect-core-1_0.html).
{{< /alert >}}

4
doc/administration/auth/smartcard.md
View File

@ -185,7 +185,7 @@ For Linux package installations:
{{< alert type="note" >}}
Assign a value to at least one of the following variables:
Assign a value to at least one of the following variables:
`gitlab_rails['smartcard_client_certificate_required_host']` or
`gitlab_rails['smartcard_client_certificate_required_port']`.
@ -282,7 +282,7 @@ For self-compiled installations:
{{< alert type="note" >}}
Assign a value to at least one of the following variables:
Assign a value to at least one of the following variables:
`client_certificate_required_host` or `client_certificate_required_port`.
{{< /alert >}}

4
doc/administration/cicd/job_artifacts.md
View File

@ -231,7 +231,7 @@ processing is done in a background worker and requires **no downtime**.
sudo -u git -H bundle exec rake gitlab:artifacts:migrate RAILS_ENV=production
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -307,7 +307,7 @@ processing is done in a background worker and requires **no downtime**.
sudo find /home/git/gitlab/shared/artifacts -type f | grep -v tmp | wc -l
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/administration/cicd/job_artifacts_troubleshooting.md
View File

@ -109,7 +109,7 @@ You can check the database to confirm if your instance has artifacts with the `u
sudo -u git -H psql -d gitlabhq_production
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/administration/dedicated/configure_instance/network_security.md
View File

@ -132,7 +132,7 @@ Prerequisites:
{{< alert type="note" >}}
If you set **Acceptance required** to **Yes**, Switchboard cannot accurately determine when the link is accepted. After you manually accept the link, the status shows as **Pending** instead of **Active** until next scheduled maintenance. After maintenance, the link status refreshes and shows as connected.
If you set **Acceptance required** to **Yes**, Switchboard cannot accurately determine when the link is accepted. After you manually accept the link, the status shows as **Pending** instead of **Active** until next scheduled maintenance. After maintenance, the link status refreshes and shows as connected.
{{< /alert >}}

2
doc/administration/dedicated/create_instance.md
View File

@ -209,7 +209,7 @@ To access and configure your GitLab Dedicated instance:
{{< alert type="note" >}}
For security, you can retrieve the temporary root credentials from Switchboard only once. Be sure to store these credentials securely (for example, in a password manager) before leaving Switchboard.
For security, you can retrieve the temporary root credentials from Switchboard only once. Be sure to store these credentials securely (for example, in a password manager) before leaving Switchboard.
{{< /alert >}}

2
doc/administration/dedicated/monitor.md
View File

@ -19,7 +19,7 @@ To gain read only access to the S3 bucket with your application logs:
{{< alert type="note" >}}
Specify the full ARN path without wildcards (`*`). Wildcard characters are not supported. GitLab team members can read more about the proposed feature to add wildcard support in this confidential issue: [7010](https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/7010).
Specify the full ARN path without wildcards (`*`). Wildcard characters are not supported. GitLab team members can read more about the proposed feature to add wildcard support in this confidential issue: [7010](https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/7010).
{{< /alert >}}

2
doc/administration/geo/disaster_recovery/_index.md
View File

@ -284,7 +284,7 @@ changing Git remotes and API URLs.
{{< alert type="note" >}}
Changing `external_url` does not prevent access through the old secondary URL, as
Changing `external_url` does not prevent access through the old secondary URL, as
long as the secondary DNS records are still intact.
{{< /alert >}}

5
doc/administration/geo/disaster_recovery/bring_primary_back.md
View File

@ -52,7 +52,7 @@ To bring the former **primary** site up to date:
{{< alert type="note" >}}
If you [disabled the **primary** site permanently](_index.md#step-2-permanently-disable-the-primary-site),
If you [disabled the **primary** site permanently](_index.md#step-2-permanently-disable-the-primary-site),
you need to undo those steps now. For distributions with systemd, such as Debian/Ubuntu/CentOS7+, you must run
`sudo systemctl enable gitlab-runsvdir`. For distributions without systemd, such as CentOS 6, you need to install
the GitLab instance from scratch and set it up as a **secondary** site by
@ -62,10 +62,11 @@ If you [disabled the **primary** site permanently](_index.md#step-2-permanently-
{{< alert type="note" >}}
If you [changed the DNS records](_index.md#step-4-optional-updating-the-primary-domain-dns-record)
If you [changed the DNS records](_index.md#step-4-optional-updating-the-primary-domain-dns-record)
for this site during disaster recovery procedure you may need to
[block all the writes to this site](planned_failover.md#prevent-updates-to-the-primary-site)
during this procedure.
{{< /alert >}}
1. [Set up Geo](../setup/_index.md). In this case, the **secondary** site

2
doc/administration/geo/replication/configuration.md
View File

@ -181,7 +181,7 @@ In the following steps, replace `<ssh_host_key_path>` with the one you're using:
{{< alert type="note" >}}
The output for private keys and public keys command should generate the same fingerprint.
The output for private keys and public keys command should generate the same fingerprint.
{{< /alert >}}

5
doc/administration/geo/replication/container_registry.md
View File

@ -106,7 +106,7 @@ To be able to replicate new container images, the container registry must send n
{{< alert type="note" >}}
Replace `<example.com>` with the `external_url` defined in your primary site's `/etc/gitlab/gitlab.rb` file, and
Replace `<example.com>` with the `external_url` defined in your primary site's `/etc/gitlab/gitlab.rb` file, and
replace `<replace_with_a_secret_token>` with a case sensitive alphanumeric string
that starts with a letter. You can generate one with `< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c 32 | sed "s/^[0-9]*//"; echo`
@ -114,9 +114,10 @@ Replace `<example.com>` with the `external_url` defined in your primary site's `
{{< alert type="note" >}}
If you use an external Registry (not the one integrated with GitLab), you only need to specify
If you use an external Registry (not the one integrated with GitLab), you only need to specify
the notification secret (`registry['notification_secret']`) in the
`/etc/gitlab/gitlab.rb` file.
{{< /alert >}}
1. For GitLab HA only. Edit `/etc/gitlab/gitlab.rb` on every web node:

4
doc/administration/geo/replication/remove_geo_site.md
View File

@ -32,7 +32,7 @@ stop and uninstall this site. For each node on your secondary Geo site:
{{< alert type="note" >}}
If GitLab data has to be cleaned from the instance as well, see how to [uninstall the Linux package and all its data](https://docs.gitlab.com/omnibus/installation/#uninstall-the-linux-package-omnibus).
If GitLab data has to be cleaned from the instance as well, see how to [uninstall the Linux package and all its data](https://docs.gitlab.com/omnibus/installation/#uninstall-the-linux-package-omnibus).
{{< /alert >}}
@ -57,7 +57,7 @@ When GitLab has been uninstalled from each node on the **secondary** site, the r
{{< alert type="note" >}}
Using `gitlab-rails dbconsole` does not work, because managing replication slots requires superuser permissions.
Using `gitlab-rails dbconsole` does not work, because managing replication slots requires superuser permissions.
{{< /alert >}}

2
doc/administration/geo/replication/troubleshooting/postgresql_replication.md
View File

@ -30,7 +30,7 @@ If the secondary site is not able to reconnect, use the following steps to remov
{{< alert type="note" >}}
Using `gitlab-rails dbconsole` does not work, because managing replication slots requires superuser permissions.
Using `gitlab-rails dbconsole` does not work, because managing replication slots requires superuser permissions.
{{< /alert >}}

4
doc/administration/geo/replication/troubleshooting/synchronization_verification.md
View File

@ -844,13 +844,13 @@ to start again from scratch, there are a few steps that can help you:
1. Optional. If you disabled it, reactivate the Praefect internal load balancer.
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
{{< alert type="note" >}}
You may want to remove the `/var/opt/gitlab/git-data/repositories.old` in the future
You may want to remove the `/var/opt/gitlab/git-data/repositories.old` in the future
as soon as you confirmed that you don't need it anymore, to save disk space.
{{< /alert >}}

6
doc/administration/geo/setup/_index.md
View File

@ -18,11 +18,11 @@ title: Setting up Geo
- One GitLab site serves as the Geo **primary** site. Use the [GitLab reference architectures documentation](../../reference_architectures/_index.md) to set this up. You can use different reference architecture sizes for each Geo site. If you already have a working GitLab instance that is in-use, it can be used as a **primary** site.
- The second GitLab site serves as the Geo **secondary** site. Use the [GitLab reference architectures documentation](../../reference_architectures/_index.md) to set this up. It's a good idea to sign in and test it. However, be aware that **all of the data on the secondary are lost** as part of the process of replicating from the **primary** site.
{{< alert type="note" >}}
{{< alert type="note" >}}
Geo supports multiple secondaries. You can follow the same steps and make any changes accordingly.
Geo supports multiple secondaries. You can follow the same steps and make any changes accordingly.
{{< /alert >}}
{{< /alert >}}
- Ensure the **primary** site has a [GitLab Premium or Ultimate](https://about.gitlab.com/pricing/) subscription to unlock Geo. You only need one license for all the sites.
- Confirm the [requirements for running Geo](../_index.md#requirements-for-running-geo) are met by all sites. For example, sites must use the same GitLab version, and sites must be able to communicate with each other over certain ports.

10
doc/administration/geo/setup/database.md
View File

@ -179,7 +179,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
{{< alert type="note" >}}
For external PostgreSQL instances, see [additional instructions](external_database.md).
For external PostgreSQL instances, see [additional instructions](external_database.md).
{{< /alert >}}
@ -219,7 +219,7 @@ For external PostgreSQL instances, see [additional instructions](external_databa
{{< alert type="note" >}}
If you need to use `0.0.0.0` or `*` as the `listen_address`, you also must add
If you need to use `0.0.0.0` or `*` as the `listen_address`, you also must add
`127.0.0.1/32` to the `postgresql['md5_auth_cidr_addresses']` setting, to allow Rails to connect through
`127.0.0.1`. For more information, see [issue 5258](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5258).
@ -357,7 +357,7 @@ If you need to use `0.0.0.0` or `*` as the `listen_address`, you also must add
{{< alert type="note" >}}
This step is important so you don't try to execute anything before the site is fully configured.
This step is important so you don't try to execute anything before the site is fully configured.
{{< /alert >}}
@ -369,7 +369,7 @@ This step is important so you don't try to execute anything before the site is f
{{< alert type="note" >}}
If this step fails, you may be using the wrong IP address, or a firewall may
If this step fails, you may be using the wrong IP address, or a firewall may
be preventing access to the site. Check the IP address, paying close
attention to the difference between public and private addresses. Ensure
that, if a firewall is present, the **secondary** site is permitted to connect to the
@ -415,7 +415,7 @@ If this step fails, you may be using the wrong IP address, or a firewall may
{{< alert type="note" >}}
If you are using manually generated certificates and want to use
If you are using manually generated certificates and want to use
`sslmode=verify-full` to benefit from the full hostname verification,
replace `verify-ca` with `verify-full` when
running the command.

2
doc/administration/gitaly/praefect.md
View File

@ -668,7 +668,7 @@ Updates to example must be made at:
{{< alert type="note" >}}
When adding additional Gitaly nodes to a virtual storage, all storage names
When adding additional Gitaly nodes to a virtual storage, all storage names
in that virtual storage must be unique. Additionally, all Gitaly node
addresses referenced in the Praefect configuration must be unique.

10
doc/administration/gitaly/tls_support.md
View File

@ -138,13 +138,13 @@ The process for configuring TLS support depends on your installation type.
path: /some/local/path
```
{{< alert type="note" >}}
{{< alert type="note" >}}
`/some/local/path` should be set to a local folder that exists, however no data is stored
in this folder. This requirement is scheduled to be removed when
[Gitaly issue #1282](https://gitlab.com/gitlab-org/gitaly/-/issues/1282) is resolved.
`/some/local/path` should be set to a local folder that exists, however no data is stored
in this folder. This requirement is scheduled to be removed when
[Gitaly issue #1282](https://gitlab.com/gitlab-org/gitaly/-/issues/1282) is resolved.
{{< /alert >}}
{{< /alert >}}
1. Save the file and [restart GitLab](../restart_gitlab.md#self-compiled-installations).
1. On the Gitaly servers, create or edit `/etc/default/gitlab` and add:

2
doc/administration/incoming_email.md
View File

@ -225,7 +225,7 @@ Reply by email should now be working.
{{< alert type="note" >}}
This step is necessary to avoid thread deadlocks and to support the latest MailRoom features. See
This step is necessary to avoid thread deadlocks and to support the latest MailRoom features. See
[this explanation](../development/emails.md#mailroom-gem-updates) for more details.
{{< /alert >}}

4
doc/administration/lfs/_index.md
View File

@ -212,7 +212,7 @@ processing is done in the background and requires **no downtime**.
sudo -u git -H bundle exec rake gitlab:lfs:migrate RAILS_ENV=production
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -288,7 +288,7 @@ processing is done in the background and requires **no downtime**.
sudo find /home/git/gitlab/shared/lfs-objects -type f | grep -v tmp | wc -l
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/administration/operations/puma.md
View File

@ -163,7 +163,7 @@ steps below:
{{< alert type="note" >}}
If using a self-signed certificate from a custom Certificate Authority (CA),
If using a self-signed certificate from a custom Certificate Authority (CA),
follow [the documentation](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates)
to make them trusted by other GitLab components.

6
doc/administration/packages/_index.md
View File

@ -260,7 +260,7 @@ The processing is done in a background worker and requires **no downtime**.
RAILS_ENV=production sudo -u git -H bundle exec rake gitlab:packages:migrate
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -291,7 +291,7 @@ The processing is done in a background worker and requires **no downtime**.
RAILS_ENV=production sudo -u git -H psql -d gitlabhq_production
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -324,6 +324,6 @@ The processing is done in a background worker and requires **no downtime**.
sudo -u git find /home/git/gitlab/shared/packages -type f | grep -v tmp | wc -l
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/administration/packages/container_registry.md
View File

@ -652,7 +652,7 @@ you can pull from the container registry, but you cannot push.
{{< alert type="note" >}}
If you have a lot of data, you may be able to improve performance by
If you have a lot of data, you may be able to improve performance by
[running parallel sync operations](https://repost.aws/knowledge-center/s3-improve-transfer-sync-command).
{{< /alert >}}

2
doc/administration/postgresql/moving.md
View File

@ -44,7 +44,7 @@ To move databases from one instance to another:
{{< alert type="note" >}}
In rare occasions, you might notice database performance issues after you perform
In rare occasions, you might notice database performance issues after you perform
a `pg_dump` and restore. This can happen because `pg_dump` does not contain the statistics
[used by the optimizer to make query planning decisions](https://www.postgresql.org/docs/14/app-pgdump.html).
If performance degrades after a restore, fix the problem by finding the problematic query,

2
doc/administration/postgresql/pgbouncer.md
View File

@ -50,7 +50,7 @@ This content has been moved to a [new location](replication_and_failover.md#conf
{{< alert type="note" >}}
If the database was already running, it needs to be restarted after reconfigure by running `gitlab-ctl restart postgresql`.
If the database was already running, it needs to be restarted after reconfigure by running `gitlab-ctl restart postgresql`.
{{< /alert >}}

4
doc/administration/postgresql/replication_and_failover.md
View File

@ -1006,7 +1006,7 @@ Considering these, you should carefully plan your PostgreSQL upgrade:
{{< alert type="note" >}}
On a Geo secondary site, the Patroni leader node is called `standby leader`.
On a Geo secondary site, the Patroni leader node is called `standby leader`.
{{< /alert >}}
@ -1031,7 +1031,7 @@ On a Geo secondary site, the Patroni leader node is called `standby leader`.
{{< alert type="note" >}}
`gitlab-ctl pg-upgrade` tries to detect the role of the node. If for any reason the auto-detection
`gitlab-ctl pg-upgrade` tries to detect the role of the node. If for any reason the auto-detection
does not work or you believe it did not detect the role correctly, you can use the `--leader` or
`--replica` arguments to manually override it. Use `gitlab-ctl pg-upgrade --help` for more details on available options.

2
doc/administration/raketasks/tokens/_index.md
View File

@ -144,7 +144,7 @@ Run the following Rake task to extend or remove expiration dates from tokens in
sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:tokens:edit
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/administration/reference_architectures/10k_users.md
View File

@ -1419,7 +1419,7 @@ To configure the Praefect nodes, on each one:
{{< alert type="note" >}}
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
{{< /alert >}}

2
doc/administration/reference_architectures/25k_users.md
View File

@ -1425,7 +1425,7 @@ To configure the Praefect nodes, on each one:
{{< alert type="note" >}}
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
{{< /alert >}}

2
doc/administration/reference_architectures/2k_users.md
View File

@ -482,7 +482,7 @@ To configure the Gitaly server, on the server node you want to use for Gitaly:
{{< alert type="note" >}}
You can't remove the `default` entry from `gitaly['configuration'][:storage]` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
You can't remove the `default` entry from `gitaly['configuration'][:storage]` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
{{< /alert >}}

2
doc/administration/reference_architectures/3k_users.md
View File

@ -1252,7 +1252,7 @@ To configure the Praefect nodes, on each one:
{{< alert type="note" >}}
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
{{< /alert >}}

2
doc/administration/reference_architectures/50k_users.md
View File

@ -1432,7 +1432,7 @@ To configure the Praefect nodes, on each one:
{{< alert type="note" >}}
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
{{< /alert >}}

2
doc/administration/reference_architectures/5k_users.md
View File

@ -1256,7 +1256,7 @@ To configure the Praefect nodes, on each one:
{{< alert type="note" >}}
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
You can't remove the `default` entry from `virtual_storages` because [GitLab requires it](../gitaly/configure_gitaly.md#gitlab-requires-a-default-repository-storage).
{{< /alert >}}

2
doc/administration/reply_by_email_postfix_setup.md
View File

@ -99,7 +99,7 @@ The instructions make the assumption that you are using the email address `incom
{{< alert type="note" >}}
The `.` is a literal period on its own line.
The `.` is a literal period on its own line.
{{< /alert >}}

2
doc/administration/settings/jira_cloud_app.md
View File

@ -56,7 +56,7 @@ To create an OAuth application on your GitLab Self-Managed instance:
{{< alert type="note" >}}
You must clear these checkboxes to avoid [errors](jira_cloud_app_troubleshooting.md#error-failed-to-sign-in-to-gitlab).
You must clear these checkboxes to avoid [errors](jira_cloud_app_troubleshooting.md#error-failed-to-sign-in-to-gitlab).
{{< /alert >}}

2
doc/administration/settings/scim_setup.md
View File

@ -151,7 +151,7 @@ Under the **Mappings** section, first provision the groups:
{{< alert type="note" >}}
Even when **Provision Microsoft Entra ID Groups** is disabled, the mappings section may display "Enabled: Yes". This behavior is a display bug that you can safely ignore.
Even when **Provision Microsoft Entra ID Groups** is disabled, the mappings section may display "Enabled: Yes". This behavior is a display bug that you can safely ignore.
{{< /alert >}}

6
doc/administration/whats-new.md
View File

@ -21,12 +21,12 @@ All users can see the feature list, but the entries might differ depending on th
- Features only available on GitLab.com are not shown on GitLab Self-Managed instances.
- Features only available to GitLab Self-Managed instances are not shown on GitLab.com.
{{< alert type="note" >}}
{{< alert type="note" >}}
For GitLab Self-Managed, the updated **What's new** is included
in the first patch release after a new version, such as `13.10.1`.
in the first patch release after a new version, such as `13.10.1`.
{{< /alert >}}
{{< /alert >}}
## Access What's new

13
doc/api/graphql/reference/_index.md
View File

@ -12233,6 +12233,7 @@ Input type: `WorkItemCreateInput`
| <a id="mutationworkitemcreateconfidential"></a>`confidential` | [`Boolean`](#boolean) | Sets the work item confidentiality. |
| <a id="mutationworkitemcreatecreatedat"></a>`createdAt` | [`Time`](#time) | Timestamp when the work item was created. Available only for admins and project owners. |
| <a id="mutationworkitemcreatecrmcontactswidget"></a>`crmContactsWidget` | [`WorkItemWidgetCrmContactsCreateInput`](#workitemwidgetcrmcontactscreateinput) | Input for CRM contacts widget. |
| <a id="mutationworkitemcreatecustomfieldswidget"></a>`customFieldsWidget` {{< icon name="warning-solid" >}} | [`[WorkItemWidgetCustomFieldValueInputType!]`](#workitemwidgetcustomfieldvalueinputtype) | **Deprecated:** **Status**: Experiment. Introduced in GitLab 17.10. |
| <a id="mutationworkitemcreatedescription"></a>`description` {{< icon name="warning-solid" >}} | [`String`](#string) | **Deprecated:** use description widget instead. Deprecated in GitLab 16.9. |
| <a id="mutationworkitemcreatedescriptionwidget"></a>`descriptionWidget` | [`WorkItemWidgetDescriptionInput`](#workitemwidgetdescriptioninput) | Input for description widget. |
| <a id="mutationworkitemcreatediscussionstoresolve"></a>`discussionsToResolve` | [`WorkItemResolveDiscussionsInput`](#workitemresolvediscussionsinput) | Information required to resolve discussions in a noteable, when the work item is created. |
@ -12437,6 +12438,7 @@ Input type: `WorkItemUpdateInput`
| <a id="mutationworkitemupdateconfidential"></a>`confidential` | [`Boolean`](#boolean) | Sets the work item confidentiality. |
| <a id="mutationworkitemupdatecrmcontactswidget"></a>`crmContactsWidget` | [`WorkItemWidgetCrmContactsUpdateInput`](#workitemwidgetcrmcontactsupdateinput) | Input for CRM contacts widget. |
| <a id="mutationworkitemupdatecurrentusertodoswidget"></a>`currentUserTodosWidget` | [`WorkItemWidgetCurrentUserTodosInput`](#workitemwidgetcurrentusertodosinput) | Input for to-dos widget. |
| <a id="mutationworkitemupdatecustomfieldswidget"></a>`customFieldsWidget` {{< icon name="warning-solid" >}} | [`[WorkItemWidgetCustomFieldValueInputType!]`](#workitemwidgetcustomfieldvalueinputtype) | **Deprecated:** **Status**: Experiment. Introduced in GitLab 17.10. |
| <a id="mutationworkitemupdatedescriptionwidget"></a>`descriptionWidget` | [`WorkItemWidgetDescriptionInput`](#workitemwidgetdescriptioninput) | Input for description widget. |
| <a id="mutationworkitemupdatehealthstatuswidget"></a>`healthStatusWidget` | [`WorkItemWidgetHealthStatusInput`](#workitemwidgethealthstatusinput) | Input for health status widget. |
| <a id="mutationworkitemupdatehierarchywidget"></a>`hierarchyWidget` | [`WorkItemWidgetHierarchyUpdateInput`](#workitemwidgethierarchyupdateinput) | Input for hierarchy widget. |
@ -47197,6 +47199,17 @@ Attributes for value stream stage.
| <a id="workitemwidgetcurrentusertodosinputaction"></a>`action` | [`WorkItemTodoUpdateAction!`](#workitemtodoupdateaction) | Action for the update. |
| <a id="workitemwidgetcurrentusertodosinputtodoid"></a>`todoId` | [`TodoID`](#todoid) | Global ID of the to-do. If not present, all to-dos of the work item will be updated. |
### `WorkItemWidgetCustomFieldValueInputType`
#### Arguments
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="workitemwidgetcustomfieldvalueinputtypecustomfieldid"></a>`customFieldId` | [`IssuablesCustomFieldID!`](#issuablescustomfieldid) | Global ID of the custom field. |
| <a id="workitemwidgetcustomfieldvalueinputtypenumbervalue"></a>`numberValue` | [`Float`](#float) | Value for custom fields with number type. |
| <a id="workitemwidgetcustomfieldvalueinputtypeselectedoptionids"></a>`selectedOptionIds` | [`[IssuablesCustomFieldSelectOptionID!]`](#issuablescustomfieldselectoptionid) | Global IDs of the selected options for custom fields with select type. |
| <a id="workitemwidgetcustomfieldvalueinputtypetextvalue"></a>`textValue` | [`String`](#string) | Value for custom fields with text type. |
### `WorkItemWidgetDescriptionInput`
#### Arguments

2
doc/ci/docker/using_docker_images.md
View File

@ -309,7 +309,7 @@ Use one of the following methods to determine the value for `DOCKER_AUTH_CONFIG`
{{< alert type="note" >}}
If your username includes special characters like `@`, you must escape them with a backslash (<code>&#92;</code>) to prevent authentication problems.
If your username includes special characters like `@`, you must escape them with a backslash (<code>&#92;</code>) to prevent authentication problems.
{{< /alert >}}

2
doc/ci/migration/jenkins.md
View File

@ -736,7 +736,7 @@ Before doing any migration work, you should first:
{{< alert type="note" >}}
The JenkinsFile Wrapper is not packaged with GitLab and falls outside of the scope of support.
The JenkinsFile Wrapper is not packaged with GitLab and falls outside of the scope of support.
For more information, see the [Statement of Support](https://about.gitlab.com/support/statement-of-support/).
{{< /alert >}}

2
doc/ci/secrets/_index.md
View File

@ -129,7 +129,7 @@ To configure your Vault server:
{{< alert type="note" >}}
Support for providing these values in the user interface [is tracked in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/218677).
Support for providing these values in the user interface [is tracked in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/218677).
{{< /alert >}}

2
doc/ci/services/mysql.md
View File

@ -80,7 +80,7 @@ GitLab Runner with the Shell executor.
{{< alert type="note" >}}
As a security measure, you can run `mysql_secure_installation` to
As a security measure, you can run `mysql_secure_installation` to
remove anonymous users, drop the test database, and disable remote logins by
the root user.

4
doc/development/audit_event_guide/_index.md
View File

@ -148,10 +148,10 @@ participant "Audit::EventQueue" as B #LightBlue
participant "Interacted Class" as C
participant "AuditEvent" as D
A->A1: audit <b>{ block }
A->A1: audit <b>{ block }</b>
activate A1
A1->B: begin!
A1->C: <b>block.call
A1->C: <b>block.call</b>
activate A1 #FFBBBB
activate C
C-->B: push [ message ]

2
doc/development/bulk_imports/contributing.md
View File

@ -71,7 +71,7 @@ associations that require them. For example, documents must be imported before m
{{< alert type="note" >}}
If your association is relates to an Enterprise Edition-only feature, add it to the `ee.tree.project` tree at the end of the file so that it is only exported
If your association is relates to an Enterprise Edition-only feature, add it to the `ee.tree.project` tree at the end of the file so that it is only exported
and imported in Enterprise Edition instances of GitLab.
{{< /alert >}}

2
doc/development/contributing/first_contribution/configure-dev-env-gdk.md
View File

@ -61,7 +61,7 @@ To install the GDK:
{{< alert type="note" >}}
If you're using another version manager for those dependencies, refer to the [troubleshooting section](#error-no-version-is-set-for-command) to avoid conflicts.
If you're using another version manager for those dependencies, refer to the [troubleshooting section](#error-no-version-is-set-for-command) to avoid conflicts.
{{< /alert >}}

8
doc/development/database/batched_background_migrations.md
View File

@ -586,7 +586,7 @@ as the batching strategy.
{{< alert type="note" >}}
For EE migrations that define `scope_to`, ensure the module extends `ActiveSupport::Concern`.
For EE migrations that define `scope_to`, ensure the module extends `ActiveSupport::Concern`.
Otherwise, records are processed without taking the scope into consideration.
{{< /alert >}}
@ -1240,7 +1240,7 @@ background migration.
{{< alert type="note" >}}
Job classes inherit from `BatchedMigrationJob` to ensure they are
Job classes inherit from `BatchedMigrationJob` to ensure they are
correctly handled by the batched migration framework. Any subclass of
`BatchedMigrationJob` is initialized with the necessary arguments to
execute the batch, and a connection to the tracking database.
@ -1320,7 +1320,7 @@ Job classes inherit from `BatchedMigrationJob` to ensure they are
{{< alert type="note" >}}
When queuing a batched background migration, you need to restrict
When queuing a batched background migration, you need to restrict
the schema to the database where you make the actual changes.
In this case, we are updating `routes` records, so we set
`restrict_gitlab_migration gitlab_schema: :gitlab_main`. If, however,
@ -1373,7 +1373,7 @@ When queuing a batched background migration, you need to restrict
{{< alert type="note" >}}
If the batched background migration is not finished, the system will
If the batched background migration is not finished, the system will
execute the batched background migration inline. If you don't want
to see this behavior, you need to pass `finalize: false`.

14
doc/development/fe_guide/storybook.md
View File

@ -47,15 +47,15 @@ To add a story:
For instructions on how to write stories, refer to the [official Storybook instructions](https://storybook.js.org/docs/writing-stories/)
{{< alert type="note" >}}
{{< alert type="note" >}}
Specify the `title` field of the story as the component's file path from the `javascripts/` directory, without the `/components` part.
For example, if the component is located at `app/assets/javascripts/vue_shared/components/sidebar/todo_toggle/todo_button.vue`,
specify the story `title` as `vue_shared/sidebar/todo_toggle/todo_button`.
If the component is located in the `ee/` directory, make sure to prefix the story's title with `ee/` as well.
This will ensure the Storybook navigation maps closely to our internal directory structure.
For example, if the component is located at `app/assets/javascripts/vue_shared/components/sidebar/todo_toggle/todo_button.vue`,
specify the story `title` as `vue_shared/sidebar/todo_toggle/todo_button`.
If the component is located in the `ee/` directory, make sure to prefix the story's title with `ee/` as well.
This will ensure the Storybook navigation maps closely to our internal directory structure.
{{< /alert >}}
{{< /alert >}}
## Using GitLab REST and GraphQL APIs
@ -70,7 +70,7 @@ To add a story with API access:
{{< alert type="note" >}}
If you test against `gitlab.com`, make sure to use a token with `read_api` if possible and to make the token short-lived.
If you test against `gitlab.com`, make sure to use a token with `read_api` if possible and to make the token short-lived.
{{< /alert >}}

2
doc/development/gitlab_shell/process.md
View File

@ -29,7 +29,7 @@ Rails application:
{{< alert type="note" >}}
This can be done as a separate merge request, or in a merge request
This can be done as a separate merge request, or in a merge request
that uses the latest GitLab Shell changes.
{{< /alert >}}

8
doc/development/go_guide/go_upgrade.md
View File

@ -90,7 +90,7 @@ if you need help finding the correct person or labels:
{{< alert type="note" >}}
Some overlap exists between project dependencies. When creating an issue for a
Some overlap exists between project dependencies. When creating an issue for a
dependency that is part of a larger product, note the relationship in the issue
body. For example: Projects built in the context of Omnibus GitLab have their
runtime Go version managed by Omnibus, but "support" and compatibility should
@ -101,7 +101,7 @@ Some overlap exists between project dependencies. When creating an issue for a
{{< alert type="note" >}}
The upgrade issues must include [upgrade validation items](#upgrade-validation)
The upgrade issues must include [upgrade validation items](#upgrade-validation)
in their definition of done. Creating a second [performance testing issue](#upgrade-validation)
titled `Validate operation and performance at scale with Go <VERSION_NUMBER>`
is strongly recommended to help with scheduling tasks and managing workloads.
@ -117,7 +117,7 @@ The upgrade issues must include [upgrade validation items](#upgrade-validation)
{{< alert type="note" >}}
Updates to these Security analyzers should not block upgrades to Charts or Omnibus since
Updates to these Security analyzers should not block upgrades to Charts or Omnibus since
the analyzers are built independently as separate container images.
{{< /alert >}}
@ -145,7 +145,7 @@ Updates to these Security analyzers should not block upgrades to Charts or Omnib
{{< alert type="note" >}}
If the component is not automatically upgraded for [Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues)
If the component is not automatically upgraded for [Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues)
and [Cloud Native GitLab](https://gitlab.com/gitlab-org/charts/gitlab/-/issues),
issues should be opened in their respective trackers titled `Updated bundled version of COMPONENT_NAME`
and set as blocked by the component's upgrade issue.

4
doc/development/sec/analyzer_development_guide.md
View File

@ -254,7 +254,7 @@ The `GITLAB_TOKEN` for the [@gl-service-dev-secure-analyzers-automation](https:/
{{< alert type="note" >}}
It's crucial to [mask and hide](../../ci/variables/_index.md#hide-a-cicd-variable) the following variables.
It's crucial to [mask and hide](../../ci/variables/_index.md#hide-a-cicd-variable) the following variables.
{{< /alert >}}
@ -439,7 +439,7 @@ In order to push images to this location:
{{< alert type="note" >}}
It's crucial to [mask and hide](../../ci/variables/_index.md#hide-a-cicd-variable) the `SEC_REGISTRY_PASSWORD` variable.
It's crucial to [mask and hide](../../ci/variables/_index.md#hide-a-cicd-variable) the `SEC_REGISTRY_PASSWORD` variable.
{{< /alert >}}

54
doc/development/secure_coding_guidelines.md
View File

@ -31,6 +31,7 @@ For each of the vulnerabilities listed in this document, AppSec aims to have a S
| [Archive operations](#working-with-archive-files) (Go) | [1](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/go/go_insecure_archive_operations.yml) | ✅ |
| [URL spoofing](#url-spoofing) | [1](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby/ruby_url_spoofing.yml) | ✅ |
| [Request Parameter Typing](#request-parameter-typing) | `StrongParams` RuboCop | ✅ |
| [Paid tiers for vulnerability mitigation](#paid-tiers-for-vulnerability-mitigation) | N/A <!-- This cannot be validated programmatically //--> | |
## Process for creating new guidelines and accompanying rules
@ -1941,6 +1942,59 @@ This class of issue applies to more than just email; other examples might includ
The video covers what happened, how it worked, and what you need to know for the future.
- Rails documentation for [ActionController::StrongParameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) and [ActionController::Parameters](https://api.rubyonrails.org/classes/ActionController/Parameters.html)
## Paid tiers for vulnerability mitigation
Secure code must not rely on subscription tiers (Premium/Ultimate) or
separate SKUs as a control to mitigate security vulnerabilities.
While requiring paid tiers can create friction for potential attackers,
it does not provide meaningful security protection since adversaries
can bypass licensing restrictions through various means like free
trials or fraudulent payment.
Requiring payment is a valid strategy for anti-abuse when the cost to
the attacker exceeds the cost to GitLab. An example is limiting the
abuse of CI minutes. Here, the important thing to note is that use of
CI itself is not a security vulnerability.
### Impact
Relying on licensing tiers as a security control can:
- Lead to patches which can be bypassed by attackers with the ability to
pay.
- Create a false sense of security, leading to new vulnerabilities being
introduced.
### Examples
The following example shows an insecure implementation that relies on
licensing tiers. The service reads files from disk and attempts to use
the Ultimate subscription tier to prevent unauthorized access:
```ruby
class InsecureFileReadService
def execute
return unless License.feature_available?(:insecure_file_read_service)
return File.read(params[:unsafe_user_path])
end
end
```
If the above code made it to production, an attacker could create a free
trial, or pay for one with a stolen credit card. The resulting
vulnerability would be a critical (severity 1) incident.
### Mitigations
- Instead of relying on licensing tiers, resolve the vulnerability in
all tiers.
- Follow secure coding best practices specific to the feature's
functionality.
- If licensing tiers are used as part of a defense-in-depth strategy,
combine it with other effective security controls.
## Who to contact if you have questions
For general guidance, contact the

2
doc/development/spam_protection_and_captcha/graphql_api.md
View File

@ -28,7 +28,7 @@ The main steps are:
{{< alert type="note" >}}
If you use the standard ApolloLink or Axios interceptor CAPTCHA support described
If you use the standard ApolloLink or Axios interceptor CAPTCHA support described
above, you can ignore the field details, because they are handled
automatically. They become relevant if you attempt to use the GraphQL API directly to
process a failed check for potential spam, and resubmit the request with a solved

2
doc/development/spam_protection_and_captcha/rest_api.md
View File

@ -35,7 +35,7 @@ The main steps are:
{{< alert type="note" >}}
If you use the standard ApolloLink or Axios interceptor CAPTCHA support described
If you use the standard ApolloLink or Axios interceptor CAPTCHA support described
above, you can ignore the field details, because they are handled
automatically. They become relevant if you attempt to use the GraphQL API directly to
process a failed check for potential spam, and resubmit the request with a solved

8
doc/development/testing_guide/end_to_end/running_tests/_index.md
View File

@ -68,11 +68,11 @@ See the section above for situations that might require adjustment to the comman
gitlab/gitlab-ee:nightly
```
{{< alert type="note" >}}
{{< alert type="note" >}}
If you are on a Mac with [Apple Silicon](https://support.apple.com/en-us/HT211814), you will also need to add: `--platform=linux/amd64`
If you are on a Mac with [Apple Silicon](https://support.apple.com/en-us/HT211814), you will also need to add: `--platform=linux/amd64`
{{< /alert >}}
{{< /alert >}}
1. Once GitLab is up and accessible on `http://127.0.0.1`, in another shell tab, navigate to the `qa` directory of the checkout of the GitLab repository on your computer and run the following commands.
@ -100,7 +100,7 @@ If you are on a Mac with [Apple Silicon](https://support.apple.com/en-us/HT21181
{{< alert type="note" >}}
Be aware that [Docker Desktop must be set to use Linux containers](https://learn.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-10-linux#run-your-first-linux-container).
Be aware that [Docker Desktop must be set to use Linux containers](https://learn.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-10-linux#run-your-first-linux-container).
{{< /alert >}}

4
doc/install/azure/_index.md
View File

@ -191,7 +191,7 @@ To set up the GitLab external URL:
{{< alert type="note" >}}
If you need to reset your credentials, read
If you need to reset your credentials, read
[how to reset SSH credentials for a user on an Azure VM](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection#reset-ssh-credentials-for-a-user).
{{< /alert >}}
@ -283,7 +283,7 @@ To update GitLab to the latest version:
{{< alert type="note" >}}
If you get an error like
If you get an error like
`E: The repository 'https://packages.gitlab.com/gitlab/gitlab-ee/debian buster InRelease' is not signed.`,
see the [troubleshooting section](#update-the-gpg-key-for-the-gitlab-repositories).

2
doc/install/docker/configuration.md
View File

@ -140,7 +140,7 @@ port `2424`:
{{< alert type="note" >}}
The format to publish ports is `hostPort:containerPort`. Read more in the
The format to publish ports is `hostPort:containerPort`. Read more in the
Docker documentation about
[exposing incoming ports](https://docs.docker.com/network/#published-ports).

2
doc/install/docker/installation.md
View File

@ -171,7 +171,7 @@ install, and upgrade your Docker-based GitLab installation:
{{< alert type="note" >}}
Read the [Pre-configure Docker container](configuration.md#pre-configure-docker-container) section
Read the [Pre-configure Docker container](configuration.md#pre-configure-docker-container) section
to see how the `GITLAB_OMNIBUS_CONFIG` variable works.
{{< /alert >}}

2
doc/install/relative_url.md
View File

@ -122,7 +122,7 @@ Make sure to follow all steps below:
{{< alert type="note" >}}
If you are using a custom init script, make sure to edit the above
If you are using a custom init script, make sure to edit the above
GitLab Workhorse setting as needed.
{{< /alert >}}

4
doc/integration/advanced_search/elasticsearch.md
View File

@ -1079,7 +1079,7 @@ due to large volumes of data being indexed:
{{< alert type="note" >}}
This step is optional but may help significantly speed up large indexing operations.
This step is optional but may help significantly speed up large indexing operations.
{{< /alert >}}
@ -1132,7 +1132,7 @@ This step is optional but may help significantly speed up large indexing operati
{{< alert type="note" >}}
Sometimes the project indexing jobs queued by `gitlab:elastic:index_projects`
Sometimes the project indexing jobs queued by `gitlab:elastic:index_projects`
can get interrupted. This may happen for many reasons, but it's always safe
to run the indexing task again.

2
doc/integration/diffblue_cover.md
View File

@ -67,7 +67,7 @@ Here we'll create a merge request pipeline for the project that will download th
{{< alert type="note" >}}
When using the Diffblue Cover pipeline template with your own project and existing pipeline file, add the Diffblue template content to your file and modify as needed.
When using the Diffblue Cover pipeline template with your own project and existing pipeline file, add the Diffblue template content to your file and modify as needed.
For more information, see [Cover Pipeline for GitLab](https://docs.diffblue.com/features/cover-pipeline/cover-pipeline-for-gitlab) in the Diffblue documentation.
{{< /alert >}}

2
doc/integration/gitlab.md
View File

@ -112,7 +112,7 @@ GitLab.com generates an application ID and secret key for you to use.
{{< alert type="note" >}}
In GitLab 15.1 and earlier, the `site` parameter requires an `/api/v4` suffix.
In GitLab 15.1 and earlier, the `site` parameter requires an `/api/v4` suffix.
We recommend you drop this suffix after you upgrade to GitLab 15.2 or later.
{{< /alert >}}

2
doc/integration/jira/connect-app.md
View File

@ -112,7 +112,7 @@ To configure the GitLab for Jira Cloud app:
{{< alert type="note" >}}
[Enterprise users](../../user/enterprise_user/_index.md) with [disabled password authentication for their group](../../user/group/saml_sso/_index.md#disable-password-authentication-for-enterprise-users)
[Enterprise users](../../user/enterprise_user/_index.md) with [disabled password authentication for their group](../../user/group/saml_sso/_index.md#disable-password-authentication-for-enterprise-users)
must first sign in to GitLab with their group's single sign-on URL.
{{< /alert >}}

2
doc/integration/oauth2_generic.md
View File

@ -219,7 +219,7 @@ To configure the provider:
sudo service gitlab restart
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

4
doc/integration/saml.md
View File

@ -1767,7 +1767,7 @@ list.
sudo service gitlab restart
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -3403,7 +3403,7 @@ To implement signing:
sudo service gitlab restart
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/solutions/integrations/aws_googlecloud_ollama.md
View File

@ -213,7 +213,7 @@ During the initial setup and testing phase, you can set AIGW_AUTH__BYPASS_EXTERN
{{< alert type="note" >}}
Replace the IP address with your actual server's internal IP address.
Replace the IP address with your actual server's internal IP address.
{{< /alert >}}

8
doc/topics/git/file_management.md
View File

@ -118,7 +118,7 @@ To add a large file into your Git repository and track it with Git LFS:
{{< alert type="note" >}}
Ensure the files you're changing are not listed in a `.gitignore` file.
Ensure the files you're changing are not listed in a `.gitignore` file.
If they are, Git commits the change locally but doesn't push it to your upstream repository.
{{< /alert >}}
@ -237,11 +237,11 @@ To configure file locks for a specific file type:
1. Push the `.gitattributes` file to the remote repository for the changes to take effect.
{{< alert type="note" >}}
{{< alert type="note" >}}
After a file type is registered as lockable, it is automatically marked as read-only.
{{< /alert >}}
{{< /alert >}}
#### Configure file locks without LFS
@ -294,7 +294,7 @@ To lock or unlock a file with exclusive file locking:
git lfs unlock --id=123 --force
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/topics/git/repository.md
View File

@ -133,7 +133,7 @@ a copy of your repository, and download it.
{{< alert type="note" >}}
This step fails for [protected branches](../../user/project/repository/branches/protected.md) and
This step fails for [protected branches](../../user/project/repository/branches/protected.md) and
[protected tags](../../user/project/protected_tags.md). To proceed, temporarily remove protections.
{{< /alert >}}

2
doc/tutorials/automate_runner_creation/_index.md
View File

@ -181,7 +181,7 @@ REST endpoint to create a runner:
--header "PRIVATE-TOKEN: <personal_access_token>"
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/tutorials/create_gitlab_pipeline_push_to_google_artifact_registry/_index.md
View File

@ -18,7 +18,7 @@ Learn how to connect GitLab to Google Cloud and create a GitLab pipeline using r
{{< alert type="note" >}}
If you don't plan to keep the resources that you create in this procedure, then create a new Google Cloud project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.
If you don't plan to keep the resources that you create in this procedure, then create a new Google Cloud project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.
{{< /alert >}}

2
doc/tutorials/install_gitlab_single_node/_index.md
View File

@ -160,7 +160,7 @@ they add an extra layer of security.
{{< alert type="note" >}}
The naming and source directory decide the order of processing, which is
The naming and source directory decide the order of processing, which is
important because the last parameter processed might override earlier ones.
{{< /alert >}}

31
doc/update/deprecations.md
View File

@ -629,6 +629,37 @@ In most cases, the 45-second value was higher than the timeout value of many sca
<div class="deprecation breaking-change" data-milestone="18.0">
### Default GitLab Runner's `FF_GIT_URLS_WITHOUT_TOKENS` feature flag to `true`
<div class="deprecation-notes">
- Announced in GitLab <span class="milestone">17.9</span>
- Removal in GitLab <span class="milestone">18.0</span> ([breaking change](https://docs.gitlab.com/update/terminology/#breaking-change))
- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/518709).
</div>
In GitLab Runner 18.0, to limit the potential for token leakage, the
default value for the `FF_GIT_URLS_WITHOUT_TOKENS` feature flag changes
to `true`.
This change affects users who:
- Use executors that share Git credential state across jobs (for example, shell executor).
- Have a caching Git credential helper installed (for example,
[gitforwindows](https://gitforwindows.org/) installs
[Git credential manager (GCM)](https://github.com/git-ecosystem/git-credential-manager)
system-wide by default).
- Run builds in parallel.
To prevent issues, ensure that you don't use any caching Git credential
helper with GitLab Runner, use an executor which runs jobs in isolated
environments, or run job serially only.
</div>
<div class="deprecation breaking-change" data-milestone="18.0">
### Dependency Proxy token scope enforcement
<div class="deprecation-notes">

8
doc/update/package/convert_to_ee.md
View File

@ -53,7 +53,7 @@ To convert a Linux package CE instance to EE:
Note down the returned version.
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -77,7 +77,7 @@ To convert a Linux package CE instance to EE:
curl --silent "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh" | sudo bash
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -113,7 +113,7 @@ To convert a Linux package CE instance to EE:
sudo gitlab-ctl reconfigure
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}
@ -136,7 +136,7 @@ To convert a Linux package CE instance to EE:
sudo rm /etc/yum.repos.d/gitlab_gitlab-ce.repo
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/update/versions/gitlab_15_changes.md
View File

@ -1076,7 +1076,7 @@ A [license caching issue](https://gitlab.com/gitlab-org/gitlab/-/issues/376706)
{{< alert type="note" >}}
It is mandatory to restart PostgreSQL when underlying version changes, to avoid
It is mandatory to restart PostgreSQL when underlying version changes, to avoid
errors like the [one related to loading necessary libraries](https://docs.gitlab.com/omnibus/settings/database.html#could-not-load-library-plpgsqlso)
that can cause downtime. So, if you skip the automatic restarts using the above
method, ensure that you restart the services manually before upgrading to GitLab

4
doc/user/application_security/iac_scanning/_index.md
View File

@ -70,7 +70,7 @@ Supported configuration formats:
{{< alert type="note" >}}
IaC scanning can analyze Azure Resource Manager templates in JSON format.
IaC scanning can analyze Azure Resource Manager templates in JSON format.
If you write templates in [Bicep](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview),
you must use the [Bicep CLI](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-cli) to
convert your Bicep files into JSON before IaC scanning can analyze them.
@ -85,7 +85,7 @@ IaC scanning can analyze Azure Resource Manager templates in JSON format.
{{< alert type="note" >}}
Terraform modules in a custom registry are not scanned for vulnerabilities.
Terraform modules in a custom registry are not scanned for vulnerabilities.
For more information about the proposed feature, see [issue 357004](https://gitlab.com/gitlab-org/gitlab/-/issues/357004).
{{< /alert >}}

4
doc/user/gitlab_duo/setup.md
View File

@ -19,11 +19,11 @@ To use GitLab Duo on a self-managed instance, you can do either of the following
- [Use LLMs from the supported list and self-host the AI gateway and LLMs](../../administration/gitlab_duo_self_hosted/_index.md).
This option provides full control over your data and security.
{{< alert type="note" >}}
{{< alert type="note" >}}
You must have an Ultimate license with GitLab Duo Enterprise add-on to use GitLab Duo Self-Hosted.
{{< /alert >}}
{{< /alert >}}
This page focuses on how to configure a self-managed instance if you're using the default, GitLab-hosted option.

2
doc/user/gitlab_duo/troubleshooting.md
View File

@ -61,7 +61,7 @@ you can also do the following:
--skip [CHECK] Skip specific check (options: access_data, token, license, host, features, end_to_end)
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/user/group/saml_sso/scim_setup.md
View File

@ -103,7 +103,7 @@ Under the **Mappings** section, first provision the groups:
{{< alert type="note" >}}
Even when **Provision Microsoft Entra ID Groups** is disabled, the mappings section may display "Enabled: Yes". This behavior is a display bug that you can safely ignore.
Even when **Provision Microsoft Entra ID Groups** is disabled, the mappings section may display "Enabled: Yes". This behavior is a display bug that you can safely ignore.
{{< /alert >}}

5
doc/user/group/saml_sso/troubleshooting_scim.md
View File

@ -88,11 +88,12 @@ To change the identifier values to match, you can do one of the following:
{{< alert type="warning" >}}
This resets all users' roles in the top-level group and subgroups to the [configured default membership role](_index.md#configure-gitlab).
- Use the [SAML API](../../../api/saml.md) or [SCIM API](../../../api/scim.md) to manually correct the `extern_uid` stored for users to match the SAML
`NameId` or SCIM `externalId`.
{{< /alert >}}
- Use the [SAML API](../../../api/saml.md) or [SCIM API](../../../api/scim.md) to manually correct the `extern_uid` stored for users to match the SAML
`NameId` or SCIM `externalId`.
You must not:
- Update these to incorrect values because this causes users to be unable to sign in.

2
doc/user/infrastructure/clusters/connect/new_gke_cluster.md
View File

@ -97,7 +97,7 @@ To set up your project to communicate to GCP and the GitLab API:
base64 /path/to/sa-key.json | tr -d \\n
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/user/infrastructure/iac/mr_integration.md
View File

@ -70,7 +70,7 @@ To manually configure a GitLab OpenTofu Report artifact:
{{< alert type="note" >}}
In distributions that use Bash (for example, Ubuntu), `alias` statements are not
In distributions that use Bash (for example, Ubuntu), `alias` statements are not
expanded in non-interactive mode. If your pipelines fail with the error
`convert_report: command not found`, alias expansion can be activated explicitly
by adding a `shopt` command to your script:

2
doc/user/packages/composer_repository/_index.md
View File

@ -293,7 +293,7 @@ To install a package:
{{< alert type="note" >}}
On GitLab.com, Composer uses the GitLab token from `auth.json` as a private token by default.
On GitLab.com, Composer uses the GitLab token from `auth.json` as a private token by default.
Without the `gitlab-domains` definition in `composer.json`, Composer uses the GitLab token
as basic-auth, with the token as a username and a blank password. This results in a 401 error.

2
doc/user/packages/conan_repository/_index.md
View File

@ -307,7 +307,7 @@ There are two ways to remove a Conan package from the GitLab package registry.
{{< alert type="note" >}}
This command removes all recipe and binary package files from the
This command removes all recipe and binary package files from the
package registry.
{{< /alert >}}

4
doc/user/packages/container_registry/reduce_container_registry_storage.md
View File

@ -216,7 +216,7 @@ To create a cleanup policy in the UI:
{{< alert type="note" >}}
Both keep and remove regex patterns are automatically surrounded with `\A` and `\Z` anchors, so you do not need to include them. However, make sure to take this into account when choosing and testing your regex patterns.
Both keep and remove regex patterns are automatically surrounded with `\A` and `\Z` anchors, so you do not need to include them. However, make sure to take this into account when choosing and testing your regex patterns.
{{< /alert >}}
@ -456,7 +456,7 @@ the tags. To create the list and delete the tags:
sed -i .bak '/_v3$/d' list_o_tags.out
```
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/user/packages/container_registry/troubleshoot_container_registry.md
View File

@ -78,7 +78,7 @@ The following procedure uses these sample project names:
{{< alert type="note" >}}
Use either a [personal access token](../../profile/personal_access_tokens.md) or a
Use either a [personal access token](../../profile/personal_access_tokens.md) or a
[deploy token](../../project/deploy_tokens/_index.md) to authenticate your user account.
{{< /alert >}}

2
doc/user/packages/workflows/build_packages.md
View File

@ -114,7 +114,7 @@ To build a package:
{{< alert type="note" >}}
If you use an [instance remote](../conan_repository/_index.md#add-a-remote-for-your-instance), you must
If you use an [instance remote](../conan_repository/_index.md#add-a-remote-for-your-instance), you must
follow a specific [naming convention](../conan_repository/_index.md#package-recipe-naming-convention-for-instance-remotes).
{{< /alert >}}

2
doc/user/profile/account/delete_account.md
View File

@ -44,7 +44,7 @@ On GitLab.com, it takes seven days from when you delete your own account to when
{{< alert type="note" >}}
After the seven day time period is finished, any user can create a user account with that previously used username. Therefore, you should not assume that you will be able to create a new account with that username after the seven days, because it might be taken.
After the seven day time period is finished, any user can create a user account with that previously used username. Therefore, you should not assume that you will be able to create a new account with that username after the seven days, because it might be taken.
{{< /alert >}}

2
doc/user/project/deploy_boards.md
View File

@ -98,7 +98,7 @@ To display the deploy boards for a specific [environment](../../ci/environments/
{{< alert type="note" >}}
If you're using OpenShift, ensure that you're using the `Deployment` resource
If you're using OpenShift, ensure that you're using the `Deployment` resource
instead of `DeploymentConfiguration`. Otherwise, the deploy boards don't render
correctly. For more information, read the
[OpenShift docs](https://docs.openshift.com/container-platform/3.7/dev_guide/deployments/kubernetes_deployments.html#kubernetes-deployments-vs-deployment-configurations)

2
doc/user/project/merge_requests/changes.md
View File

@ -238,7 +238,7 @@ To change how a merge request shows changed lines:
![side-by-side changes](img/changes-sidebyside_v14_8.png)
{{< /tab >}}
{{< /tab >}}
{{< /tabs >}}

2
doc/user/project/merge_requests/creating_merge_requests.md
View File

@ -211,7 +211,7 @@ You can create a merge request from your fork to contribute back to the main pro
{{< alert type="note" >}}
If your fork's visibility is more restricted than the parent repository, the target branch defaults
If your fork's visibility is more restricted than the parent repository, the target branch defaults
to your fork's default branch. This prevents potential exposure of private information in your fork.
{{< /alert >}}

Some files were not shown because too many files have changed in this diff Show More