Add latest changes from gitlab-org/gitlab@14-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-23 12:27:44 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-23 12:27:44 +0000
commit: dc28f8ca357c733561121acd70cb19d26880f3c2 (patch)
tree: 039b02b54cad14ac17b4d1fdfdd6b8489dfa1574
parent: d678b7c987f082e0e15083fe7b7dbed3ed004e0c (diff)
download: gitlab-ce-dc28f8ca357c733561121acd70cb19d26880f3c2.tar.gz
8 files changed, 75 insertions, 19 deletions
diff --git a/app/assets/javascripts/ide/components/repo_editor.vue b/app/assets/javascripts/ide/components/repo_editor.vue
index bf5ec849bc5..2f990280367 100644
--- a/app/assets/javascripts/ide/components/repo_editor.vue
+++ b/app/assets/javascripts/ide/components/repo_editor.vue
@@ -3,6 +3,7 @@ import { debounce } from 'lodash';
 import { mapState, mapGetters, mapActions } from 'vuex';
 import {
   EDITOR_TYPE_DIFF,
+  EDITOR_TYPE_CODE,
   EDITOR_CODE_INSTANCE_FN,
   EDITOR_DIFF_INSTANCE_FN,
 } from '~/editor/constants';
@@ -311,7 +312,10 @@ export default {
           }),
         );
 
-        if (this.fileType === MARKDOWN_FILE_TYPE) {
+        if (
+          this.fileType === MARKDOWN_FILE_TYPE &&
+          this.editor?.getEditorType() === EDITOR_TYPE_CODE
+        ) {
           import('~/editor/extensions/source_editor_markdown_ext')
             .then(({ EditorMarkdownExtension: MarkdownExtension } = {}) => {
               this.editor.use(
diff --git a/db/ci_migrate b/db/ci_migrate
deleted file mode 120000
index 1f0710ccbe7..00000000000
--- a/db/ci_migrate
+++ /dev/null
@@ -1 +0,0 @@
-migrate
-\ No newline at end of file
diff --git a/doc/update/index.md b/doc/update/index.md
index 1289614c181..4b7e63a8277 100644
--- a/doc/update/index.md
+++ b/doc/update/index.md
@@ -358,6 +358,36 @@ NOTE:
 Specific information that follow related to Ruby and Git versions do not apply to [Omnibus installations](https://docs.gitlab.com/omnibus/)
 and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with appropriate Ruby and Git versions and are not using system binaries for Ruby and Git. There is no need to install Ruby or Git when utilizing these two approaches.
 
+### 14.2.0
+
+- Due to an issue where `BatchedBackgroundMigrationWorkers` were
+  [not working](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2785#note_614738345)
+  for self-managed instances, a [fix was created](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65106)
+  and a [14.0.Z](#1400) version was released. If you haven't updated to 14.0.Z, you need
+  to update to at least 14.1.0 that contains the same fix before you update to
+  to 14.2.
+- GitLab 14.2.0 contains background migrations to [address Primary Key overflow risk for tables with an integer PK](https://gitlab.com/groups/gitlab-org/-/epics/4785) for the tables listed below:
+
+  - [`ci_build_needs`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65216)
+  - [`ci_build_trace_chunks`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66123)
+  - [`ci_builds_runner_session`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66433)
+  - [`deployments`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67341)
+  - [`geo_job_artifact_deleted_events`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66763)
+  - [`push_event_payloads`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67299)
+  - `ci_job_artifacts`:
+    - [Finalize job_id conversion to `bigint` for `ci_job_artifacts`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67774)
+    - [Finalize `ci_job_artifacts` conversion to `bigint`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65601)
+
+  If the migrations are executed as part of a no-downtime deployment, there's a risk of failure due to lock conflicts with the application logic, resulting in lock timeout or deadlocks. In each case, these migrations are safe to re-run until successful:
+
+  ```shell
+  # For Omnibus GitLab
+  sudo gitlab-rake db:migrate
+
+  # For source installations
+  sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
+  ```
+
 ### 14.1.0
 
 - Due to an issue where `BatchedBackgroundMigrationWorkers` were
diff --git a/doc/user/application_security/img/vulnerability-check_v13_4.png b/doc/user/application_security/img/vulnerability-check_v13_4.png
deleted file mode 100644
index 3e38f6eebe7..00000000000
--- a/doc/user/application_security/img/vulnerability-check_v13_4.png
+++ /dev/null
diff --git a/doc/user/application_security/img/vulnerability-check_v14_2.png b/doc/user/application_security/img/vulnerability-check_v14_2.png
new file mode 100644
index 00000000000..655e43221c7
--- /dev/null
+++ b/doc/user/application_security/img/vulnerability-check_v14_2.png
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index 3b0725021ef..50fd727b892 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -194,14 +194,19 @@ merge request would introduce one of the following security issues:
 When the Vulnerability-Check merge request rule is enabled, additional merge request approval
 is required when the latest security report in a merge request:
 
-- Contains a vulnerability of `high`, `critical`, or `unknown` severity that is not present in the
+- Contains vulnerabilities that are not present in the
   target branch. Note that approval is still required for dismissed vulnerabilities.
+- Contains vulnerabilities with severity levels (for example, `high`, `critical`, or `unknown`)
+  matching the rule's severity levels.
+- Contains a vulnerability count higher than the rule allows.
 - Is not generated during pipeline execution.
 
 An approval is optional when the security report:
 
 - Contains no new vulnerabilities when compared to the target branch.
-- Contains only new vulnerabilities of `low` or `medium` severity.
+- Contains only vulnerabilities with severity levels (for example, `low`, `medium`) **NOT** matching
+  the rule's severity levels.
+- Contains a vulnerability count equal to or less than what the rule allows.
 
 When the License-Check merge request rule is enabled, additional approval is required if a merge
 request contains a denied license. For more details, see [Enabling license approvals within a project](../compliance/license_compliance/index.md#enabling-license-approvals-within-a-project).
@@ -219,16 +224,19 @@ Follow these steps to enable `Vulnerability-Check`:
 1. Go to your project and select **Settings > General**.
 1. Expand **Merge request approvals**.
 1. Select **Enable** or **Edit**.
-1. Add or change the **Rule name** to `Vulnerability-Check` (case sensitive).
-1. Set the **No. of approvals required** to greater than zero.
+1. Set the **Security scanners** that the rule applies to.
 1. Select the **Target branch**.
+1. Set the **Vulnerabilities allowed** to the number of vulnerabilities allowed before the rule is
+   triggered.
+1. Set the **Severity levels** to the severity levels that the rule applies to.
+1. Set the **Approvals required** to the number of approvals that the rule requires.
 1. Select the users or groups to provide approval.
 1. Select **Add approval rule**.
 
 Once this group is added to your project, the approval rule is enabled for all merge requests.
 Any code changes cause the approvals required to reset.
 
-![Vulnerability Check Approver Rule](img/vulnerability-check_v13_4.png)
+![Vulnerability Check Approver Rule](img/vulnerability-check_v14_2.png)
 
 ## Using private Maven repositories
 
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 7f3ee036c07..5c0a345e534 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -29439,7 +29439,7 @@ msgstr ""
 msgid "Security report is out of date. Run %{newPipelineLinkStart}a new pipeline%{newPipelineLinkEnd} for the target branch (%{targetBranchName})"
 msgstr ""
 
-msgid "SecurityApprovals|A merge request approval is required when a security report contains a new vulnerability of high, critical, or unknown severity."
+msgid "SecurityApprovals|A merge request approval is required when a security report contains a new vulnerability."
 msgstr ""
 
 msgid "SecurityApprovals|A merge request approval is required when test coverage declines."
@@ -29475,7 +29475,7 @@ msgstr ""
 msgid "SecurityApprovals|Requires approval for decreases in test coverage. %{linkStart}More information%{linkEnd}"
 msgstr ""
 
-msgid "SecurityApprovals|Requires approval for vulnerabilities of Critical, High, or Unknown severity. %{linkStart}Learn more.%{linkEnd}"
+msgid "SecurityApprovals|Requires approval for vulnerabilities. %{linkStart}Learn more.%{linkEnd}"
 msgstr ""
 
 msgid "SecurityApprovals|Test coverage must be enabled. %{linkStart}Learn more%{linkEnd}."
diff --git a/spec/frontend/ide/components/repo_editor_spec.js b/spec/frontend/ide/components/repo_editor_spec.js
index 3f722c24dbb..b2254de706c 100644
--- a/spec/frontend/ide/components/repo_editor_spec.js
+++ b/spec/frontend/ide/components/repo_editor_spec.js
@@ -166,11 +166,6 @@ describe('RepoEditor', () => {
       expect(tabs).toHaveLength(1);
       expect(tabs.at(0).text()).toBe('Edit');
     });
-
-    it('does not get markdown extension by default', async () => {
-      await createComponent();
-      expect(vm.editor.projectPath).toBeUndefined();
-    });
   });
 
   describe('when file is markdown', () => {
@@ -218,11 +213,6 @@ describe('RepoEditor', () => {
       });
       expect(findTabs()).toHaveLength(0);
     });
-
-    it('uses the markdown extension and sets it up correctly', async () => {
-      await createComponent({ activeFile });
-      expect(vm.editor.projectPath).toBe(vm.currentProjectId);
-    });
   });
 
   describe('when file is binary and not raw', () => {
@@ -271,6 +261,31 @@ describe('RepoEditor', () => {
           expect(vm.editor[fn]).toBe(EditorWebIdeExtension.prototype[fn]);
         });
     });
+
+    it.each`
+      prefix          | activeFile            | viewer              | shouldHaveMarkdownExtension
+      ${'Should not'} | ${createActiveFile()} | ${viewerTypes.edit} | ${false}
+      ${'Should'}     | ${dummyFile.markdown} | ${viewerTypes.edit} | ${true}
+      ${'Should not'} | ${dummyFile.empty}    | ${viewerTypes.edit} | ${false}
+      ${'Should not'} | ${createActiveFile()} | ${viewerTypes.diff} | ${false}
+      ${'Should not'} | ${dummyFile.markdown} | ${viewerTypes.diff} | ${false}
+      ${'Should not'} | ${dummyFile.empty}    | ${viewerTypes.diff} | ${false}
+      ${'Should not'} | ${createActiveFile()} | ${viewerTypes.mr}   | ${false}
+      ${'Should not'} | ${dummyFile.markdown} | ${viewerTypes.mr}   | ${false}
+      ${'Should not'} | ${dummyFile.empty}    | ${viewerTypes.mr}   | ${false}
+    `(
+      '$prefix install markdown extension for $activeFile.name in $viewer viewer',
+      async ({ activeFile, viewer, shouldHaveMarkdownExtension } = {}) => {
+        await createComponent({ state: { viewer }, activeFile });
+        if (shouldHaveMarkdownExtension) {
+          expect(vm.editor.projectPath).toBe(vm.currentProjectId);
+          expect(vm.editor.togglePreview).toBeDefined();
+        } else {
+          expect(vm.editor.projectPath).toBeUndefined();
+          expect(vm.editor.togglePreview).toBeUndefined();
+        }
+      },
+    );
   });
 
   describe('setupEditor', () => {
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-23 12:27:44 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-23 12:27:44 +0000
commit	dc28f8ca357c733561121acd70cb19d26880f3c2 (patch)
tree	039b02b54cad14ac17b4d1fdfdd6b8489dfa1574
parent	d678b7c987f082e0e15083fe7b7dbed3ed004e0c (diff)
download	gitlab-ce-dc28f8ca357c733561121acd70cb19d26880f3c2.tar.gz