summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-02-03 11:37:53 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2022-02-03 11:37:53 +0000
commit468b5ccaf7a622e55549599ceb5b18220b5bf0aa (patch)
tree1f2e3e598938ee2398aa4968fc21717c1c93816c
parenteb25ac12499d70f7ebd59b64857e6901a5c32972 (diff)
downloadgitlab-ce-468b5ccaf7a622e55549599ceb5b18220b5bf0aa.tar.gz
Add latest changes from gitlab-org/security/gitlab@14-7-stable-ee
-rw-r--r--app/views/devise/confirmations/new.html.haml2
-rw-r--r--app/views/devise/passwords/new.html.haml2
-rw-r--r--app/views/groups/_import_group_from_another_instance_panel.html.haml1
-rw-r--r--doc/api/graphql/reference/index.md2
-rw-r--r--lib/banzai/filter/blockquote_fence_filter.rb2
-rw-r--r--package.json2
-rw-r--r--spec/lib/banzai/filter/blockquote_fence_filter_spec.rb10
-rw-r--r--yarn.lock8
8 files changed, 20 insertions, 9 deletions
diff --git a/app/views/devise/confirmations/new.html.haml b/app/views/devise/confirmations/new.html.haml
index eee223ff63c..2ae950f3b0d 100644
--- a/app/views/devise/confirmations/new.html.haml
+++ b/app/views/devise/confirmations/new.html.haml
@@ -6,7 +6,7 @@
= render "devise/shared/error_messages", resource: resource
.form-group
= f.label :email
- = f.email_field :email, class: "form-control gl-form-input", required: true, title: _('Please provide a valid email address.'), value: nil
+ = f.email_field :email, class: "form-control gl-form-input", required: true, autocomplete: 'off', title: _('Please provide a valid email address.'), value: nil
%div
- if recaptcha_enabled?
diff --git a/app/views/devise/passwords/new.html.haml b/app/views/devise/passwords/new.html.haml
index 7bbde4a39c7..d5372862128 100644
--- a/app/views/devise/passwords/new.html.haml
+++ b/app/views/devise/passwords/new.html.haml
@@ -5,7 +5,7 @@
= render "devise/shared/error_messages", resource: resource
.form-group
= f.label :email
- = f.email_field :email, class: "form-control gl-form-input", required: true, value: params[:user_email], autofocus: true, title: _('Please provide a valid email address.')
+ = f.email_field :email, class: "form-control gl-form-input", required: true, autocomplete: 'off', value: params[:user_email], autofocus: true, title: _('Please provide a valid email address.')
.form-text.text-muted
= _('Requires your primary GitLab email address.')
diff --git a/app/views/groups/_import_group_from_another_instance_panel.html.haml b/app/views/groups/_import_group_from_another_instance_panel.html.haml
index 06a86c2465f..3b079ea00b7 100644
--- a/app/views/groups/_import_group_from_another_instance_panel.html.haml
+++ b/app/views/groups/_import_group_from_another_instance_panel.html.haml
@@ -26,6 +26,7 @@
= s_('GroupsNew|Navigate to user settings to find your %{link_start}personal access token%{link_end}.').html_safe % { link_start: pat_link_start, link_end: '</a>'.html_safe }
= f.text_field :bulk_import_gitlab_access_token, placeholder: s_('GroupsNew|e.g. h8d3f016698e...'), class: 'gl-form-input gl-mt-3 col-xs-12 col-sm-8',
required: true,
+ autocomplete: 'off',
title: s_('GroupsNew|Please fill in your personal access token.'),
id: 'import_gitlab_token',
data: { qa_selector: 'import_gitlab_token' }
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index d7bf89c67ce..4ca40d1fa11 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -16022,7 +16022,7 @@ Represents an issue link of a vulnerability.
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="vulnerabilityissuelinkid"></a>`id` | [`ID!`](#id) | GraphQL ID of the vulnerability. |
-| <a id="vulnerabilityissuelinkissue"></a>`issue` | [`Issue!`](#issue) | Issue attached to issue link. |
+| <a id="vulnerabilityissuelinkissue"></a>`issue` | [`Issue`](#issue) | Issue attached to issue link. |
| <a id="vulnerabilityissuelinklinktype"></a>`linkType` | [`VulnerabilityIssueLinkType!`](#vulnerabilityissuelinktype) | Type of the issue link. |
### `VulnerabilityLink`
diff --git a/lib/banzai/filter/blockquote_fence_filter.rb b/lib/banzai/filter/blockquote_fence_filter.rb
index 8f5ad9981e5..e07cbfe8d85 100644
--- a/lib/banzai/filter/blockquote_fence_filter.rb
+++ b/lib/banzai/filter/blockquote_fence_filter.rb
@@ -6,7 +6,7 @@ module Banzai
REGEX = %r{
#{::Gitlab::Regex.markdown_code_or_html_blocks}
|
- (?:
+ (?=^>>>\ *\n.*\n>>>\ *$)(?:
# Blockquote:
# >>>
# Anything, including code and HTML blocks
diff --git a/package.json b/package.json
index 94221488036..d1630b6a64d 100644
--- a/package.json
+++ b/package.json
@@ -151,7 +151,7 @@
"lowlight": "^1.20.0",
"marked": "^0.3.12",
"mathjax": "3",
- "mermaid": "^8.13.8",
+ "mermaid": "^8.13.10",
"minimatch": "^3.0.4",
"monaco-editor": "^0.25.2",
"monaco-editor-webpack-plugin": "^4.0.0",
diff --git a/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb b/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb
index e736943914b..2d326bd77a6 100644
--- a/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb
+++ b/spec/lib/banzai/filter/blockquote_fence_filter_spec.rb
@@ -17,4 +17,14 @@ RSpec.describe Banzai::Filter::BlockquoteFenceFilter do
it 'allows trailing whitespace on blockquote fence lines' do
expect(filter(">>> \ntest\n>>> ")).to eq("\n> test\n")
end
+
+ context 'when incomplete blockquote fences with multiple blocks are present' do
+ it 'does not raise timeout error' do
+ test_string = ">>>#{"\n```\nfoo\n```" * 20}"
+
+ expect do
+ Timeout.timeout(2.seconds) { filter(test_string) }
+ end.not_to raise_error
+ end
+ end
end
diff --git a/yarn.lock b/yarn.lock
index 0917c1690b6..51cc427e10f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8464,10 +8464,10 @@ merge2@^1.3.0:
resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae"
integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
-mermaid@^8.13.8:
- version "8.13.8"
- resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-8.13.8.tgz#fc137e2a59df34a3e053712033833ffbbc8d84a9"
- integrity sha512-Z5v31rvo8P7BPTiGicdJl9BbzyUe9s5sXILK8sM1g7ijkagpfFjPtXZVsq5P1WlN8m/fUp2PPNXVF9SqeTM91w==
+mermaid@^8.13.10:
+ version "8.13.10"
+ resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-8.13.10.tgz#b9d733b178bbf7416b9b46e39d566c7c28b75688"
+ integrity sha512-2ANep359uML87+wiYaWSu83eg9Qc0xCLnNJdCh100m4v0orS3fp8SScsZLcDSElRGHi+1zuVJsEEVEWH05+COQ==
dependencies:
"@braintree/sanitize-url" "^3.1.0"
d3 "^7.0.0"