Rails 5.0 requires to explicitly permit attributes when building a URL
using current `params` object.
The `safe_params` helper allows developers to just call `safe_params.merge(...)`
instead of manually adding `permit` to every call.
https://github.com/rails/rails/pull/20868
* master: (177 commits)
Add changelog
Bump gitlab-shell version to 5.8.0 to fix Git for Windows 2.14
Make contextual sidebar collapsible
Fixed sidebar context header hover colors
Use correct `Environment`-class within `Gitlab` namespace
Remove gl.Activities from Commits page
Move `let` calls inside the `describe` block using them
Add `/assign me` alias support for assigning issuables to oneself
GRPC::Unavailable (< GRPC::BadStatus) is wrapped in a CommandError
Use `broken_storage` in the fs_shards_spec.
Eager load project creators for project dashboards
Memoize a user's personal projects count
Remove redundant query from User#recent_push
Improve checking if projects would be returned
Change spelling of gitlab-shell
Remove unused #tree-holder
Add custom linter for inline JavaScript to haml_lint
Rename user_can_admin? because it's more accurate
Synchronous zanata community contribution translation
Add Korean translation to i18n
...
This makes navigating through diff files quickly. Currently we just
toggle a list, which could be pretty big. This moves it into a dropdown
to make it much easier.
Also includes a filter bar to quickly search for certain
files/extensions.
Closes#29778
When you change the diff view (inline / side-by-side), we set a cookie based on
that new view. When you add a comment, we choose the style to use in the
response based on that cookie.
However, when you have just changed diff style, the request cookie will contain
the old value, so we should use the view param instead.
Don't accidentally mark unsafe diff lines as HTML safe
Fixes potential XSS issue when a legacy diff note is created on a merge
request whose diff contained HTML
See https://gitlab.com/gitlab-org/gitlab-ce/issues/25249
See merge request !2040
Enable Rubocop cops that check access modifiers
## What does this MR do?
This MR enables Rubocop cops that detect methods that should be restricted but are the part of public API because of access modifiers used improperly.
This also fixes existing offenses.
## Why was this MR needed?
Some method in our codebase are public instead of being private because it is sometimes difficult to get it right without static analysis.
## What are the relevant issue numbers?
See #17478Closes#17372
See merge request !5014
1. Move render method to a concern, not a helper.
2. Let DiffHelper#diff_options automatically add the path option.
3. Move more instance var definitions to before filters.
gfyoung
blackst0ne
Filipa Lacerda
Phil Hughes
Douwe Maan
Rémy Coutable
Jacopo
Mike Greiling
Luke "Jared" Bennett
Sean McGivern
Dmitriy Zaporozhets
Sean McGivern
Valery Sizov
Felipe Artur
Robert Speicher
Hiroyuki Sato
Paco Guzman
Tim Masliuchenko
Grzegorz Bizon
Jacob Schatz