summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-07-07 03:08:47 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-07-07 03:08:47 +0000
commit0dce207848e4dd4425c116fb91a5cd2b41a8ec59 (patch)
tree72b4ad1a34cae6a4a0d552416528d42167d1a39f
parent3462d7613fb761a4cbf2904c6980fd39b6f8bd5f (diff)
downloadgitlab-ce-0dce207848e4dd4425c116fb91a5cd2b41a8ec59.tar.gz
Add latest changes from gitlab-org/gitlab@master
-rw-r--r--.browserslistrc20
-rw-r--r--.gitlab/ci/global.gitlab-ci.yml2
-rw-r--r--.gitlab/ci/rules.gitlab-ci.yml2
-rw-r--r--app/assets/stylesheets/startup/startup-dark.scss12
-rw-r--r--app/assets/stylesheets/startup/startup-general.scss9
-rw-r--r--app/assets/stylesheets/startup/startup-signin.scss20
-rw-r--r--app/graphql/mutations/release_asset_links/create.rb4
-rw-r--r--app/policies/project_policy.rb8
-rw-r--r--app/policies/release_policy.rb12
-rw-r--r--app/policies/releases/link_policy.rb2
-rw-r--r--app/services/releases/create_service.rb8
-rw-r--r--config/webpack.config.js20
-rw-r--r--doc/api/plan_limits.md7
-rw-r--r--doc/api/releases/index.md2
-rw-r--r--doc/user/permissions.md12
-rw-r--r--doc/user/project/releases/index.md66
-rw-r--r--lib/api/admin/plan_limits.rb1
-rw-r--r--lib/api/entities/plan_limit.rb1
-rw-r--r--spec/graphql/mutations/release_asset_links/create_spec.rb18
-rw-r--r--spec/graphql/mutations/release_asset_links/delete_spec.rb25
-rw-r--r--spec/graphql/mutations/release_asset_links/update_spec.rb20
-rw-r--r--spec/graphql/mutations/releases/create_spec.rb22
-rw-r--r--spec/graphql/mutations/releases/delete_spec.rb30
-rw-r--r--spec/graphql/mutations/releases/update_spec.rb22
-rw-r--r--spec/lib/api/entities/plan_limit_spec.rb3
-rw-r--r--spec/requests/api/admin/plan_limits_spec.rb12
-rw-r--r--spec/requests/api/graphql/mutations/releases/delete_spec.rb8
-rw-r--r--spec/requests/api/release/links_spec.rb68
-rw-r--r--spec/requests/api/releases_spec.rb66
-rw-r--r--spec/support/shared_contexts/policies/project_policy_shared_context.rb4
-rw-r--r--tooling/danger/project_helper.rb1
-rw-r--r--yarn.lock48
32 files changed, 431 insertions, 124 deletions
diff --git a/.browserslistrc b/.browserslistrc
index 3ae7766c325..7c2e6fb4b75 100644
--- a/.browserslistrc
+++ b/.browserslistrc
@@ -1,16 +1,16 @@
#
-# This list of browsers is a conservative first definition, based on
+# This list of browsers is a conservative definition, based on
# https://docs.gitlab.com/ee/install/requirements.html#supported-web-browsers
# with the following reasoning:
#
-# - Edge: Pick the last two major version before the Chrome switch
-# - Rest: We should support the latest ESR of Firefox: 68, because it used quite a lot.
-# For the rest, pick browser versions that have a similar age to Firefox 68.
+# - We should support the latest ESR of Firefox: 78, because it used quite a lot.
+# - We use Edge/Chrome >= 84 because 83 had an annoying bug which would mean we
+# need to polyfill Array.reduce: https://bugs.chromium.org/p/chromium/issues/detail?id=1049982
+# - Safari 13 because it is the second latest major version of Safari
#
-# See also this follow-up epic:
-# https://gitlab.com/groups/gitlab-org/-/epics/3957
+# See also this epic: https://gitlab.com/groups/gitlab-org/-/epics/3957
#
-chrome >= 73
-edge >= 17
-firefox >= 68
-safari >= 12
+chrome >= 84
+edge >= 84
+firefox >= 78
+safari >= 13.0.4
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index fbe147bd39e..6b9783b83f2 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -75,7 +75,7 @@
policy: push # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
.assets-cache: &assets-cache
- key: "assets-${NODE_ENV}-v1"
+ key: "assets-${NODE_ENV}-v2"
paths:
- assets-hash.txt
- public/assets/webpack/
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 5910fb86356..da9a32389fa 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -162,6 +162,7 @@
.frontend-build-patterns: &frontend-build-patterns
- "{package.json,yarn.lock}"
+ - ".browserslistrc"
- "babel.config.js"
- "config/webpack.config.js"
- "config/**/*.js"
@@ -170,6 +171,7 @@
.frontend-patterns: &frontend-patterns
- "{package.json,yarn.lock}"
+ - ".browserslistrc"
- "babel.config.js"
- "jest.config.{base,integration,unit}.js"
- ".csscomb.json"
diff --git a/app/assets/stylesheets/startup/startup-dark.scss b/app/assets/stylesheets/startup/startup-dark.scss
index d0189a72311..c9fd9eef0b8 100644
--- a/app/assets/stylesheets/startup/startup-dark.scss
+++ b/app/assets/stylesheets/startup/startup-dark.scss
@@ -149,10 +149,6 @@ h1 {
color: transparent;
text-shadow: 0 0 0 #fafafa;
}
-.form-control::-ms-input-placeholder {
- color: #bfbfbf;
- opacity: 1;
-}
.form-control::placeholder {
color: #bfbfbf;
opacity: 1;
@@ -179,7 +175,6 @@ h1 {
color: #fafafa;
text-align: center;
vertical-align: middle;
- -moz-user-select: none;
user-select: none;
background-color: transparent;
border: 1px solid transparent;
@@ -630,9 +625,6 @@ input {
border-radius: 4px;
padding: 6px 10px;
}
-.form-control::-ms-input-placeholder {
- color: #868686;
-}
.form-control::placeholder {
color: #868686;
}
@@ -1474,7 +1466,6 @@ svg.s16 {
top: 4px;
}
.search .search-input-wrap .search-icon {
- -moz-user-select: none;
user-select: none;
}
.search .search-input-wrap .clear-icon {
@@ -1688,9 +1679,6 @@ body.gl-dark
body.gl-dark .search form {
background-color: rgba(250, 250, 250, 0.2);
}
-body.gl-dark .search .search-input::-ms-input-placeholder {
- color: rgba(250, 250, 250, 0.8);
-}
body.gl-dark .search .search-input::placeholder {
color: rgba(250, 250, 250, 0.8);
}
diff --git a/app/assets/stylesheets/startup/startup-general.scss b/app/assets/stylesheets/startup/startup-general.scss
index ca8e4db31f8..b3545c53836 100644
--- a/app/assets/stylesheets/startup/startup-general.scss
+++ b/app/assets/stylesheets/startup/startup-general.scss
@@ -130,10 +130,6 @@ h1 {
color: transparent;
text-shadow: 0 0 0 #303030;
}
-.form-control::-ms-input-placeholder {
- color: #5e5e5e;
- opacity: 1;
-}
.form-control::placeholder {
color: #5e5e5e;
opacity: 1;
@@ -160,7 +156,6 @@ h1 {
color: #303030;
text-align: center;
vertical-align: middle;
- -moz-user-select: none;
user-select: none;
background-color: transparent;
border: 1px solid transparent;
@@ -611,9 +606,6 @@ input {
border-radius: 4px;
padding: 6px 10px;
}
-.form-control::-ms-input-placeholder {
- color: #868686;
-}
.form-control::placeholder {
color: #868686;
}
@@ -1455,7 +1447,6 @@ svg.s16 {
top: 4px;
}
.search .search-input-wrap .search-icon {
- -moz-user-select: none;
user-select: none;
}
.search .search-input-wrap .clear-icon {
diff --git a/app/assets/stylesheets/startup/startup-signin.scss b/app/assets/stylesheets/startup/startup-signin.scss
index 34f1a7d26e4..070ab36e0b3 100644
--- a/app/assets/stylesheets/startup/startup-signin.scss
+++ b/app/assets/stylesheets/startup/startup-signin.scss
@@ -198,10 +198,6 @@ hr {
color: transparent;
text-shadow: 0 0 0 #303030;
}
-.form-control::-ms-input-placeholder {
- color: #5e5e5e;
- opacity: 1;
-}
.form-control::placeholder {
color: #5e5e5e;
opacity: 1;
@@ -229,7 +225,6 @@ hr {
color: #303030;
text-align: center;
vertical-align: middle;
- -moz-user-select: none;
user-select: none;
background-color: transparent;
border: 1px solid transparent;
@@ -319,13 +314,6 @@ fieldset:disabled a.btn {
appearance: none;
-moz-appearance: none;
}
-.gl-form-input:not(.form-control-plaintext):-moz-read-only,
-.gl-form-input.form-control:not(.form-control-plaintext):-moz-read-only {
- background-color: #fafafa;
- color: #868686;
- box-shadow: inset 0 0 0 1px #dbdbdb;
- cursor: not-allowed;
-}
.gl-form-input:disabled,
.gl-form-input:not(.form-control-plaintext):read-only,
.gl-form-input.form-control:disabled,
@@ -335,10 +323,6 @@ fieldset:disabled a.btn {
box-shadow: inset 0 0 0 1px #dbdbdb;
cursor: not-allowed;
}
-.gl-form-input::-ms-input-placeholder,
-.gl-form-input.form-control::-ms-input-placeholder {
- color: #868686;
-}
.gl-form-input::placeholder,
.gl-form-input.form-control::placeholder {
color: #868686;
@@ -495,7 +479,6 @@ hr {
z-index: 1;
}
.flash-container.sticky {
- position: -webkit-sticky;
position: sticky;
top: 48px;
z-index: 251;
@@ -521,9 +504,6 @@ label.label-bold {
border-radius: 4px;
padding: 6px 10px;
}
-.form-control::-ms-input-placeholder {
- color: #868686;
-}
.form-control::placeholder {
color: #868686;
}
diff --git a/app/graphql/mutations/release_asset_links/create.rb b/app/graphql/mutations/release_asset_links/create.rb
index 02704efb47c..ff9d98d2c0f 100644
--- a/app/graphql/mutations/release_asset_links/create.rb
+++ b/app/graphql/mutations/release_asset_links/create.rb
@@ -33,6 +33,10 @@ module Mutations
return { link: nil, errors: [message] }
end
+ unless Ability.allowed?(current_user, :update_release, release)
+ raise_resource_not_available_error!
+ end
+
new_link = release.links.create(link_attrs)
unless new_link.persisted?
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 3cb4644a60d..81131c7157c 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -158,6 +158,10 @@ class ProjectPolicy < BasePolicy
::Feature.enabled?(:build_service_proxy, @subject)
end
+ condition(:respect_protected_tag_for_release_permissions) do
+ ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject, default_enabled: :yaml)
+ end
+
condition(:user_defined_variables_allowed) do
!@subject.restrict_user_defined_variables?
end
@@ -649,6 +653,10 @@ class ProjectPolicy < BasePolicy
rule { build_service_proxy_enabled }.enable :build_service_proxy_enabled
+ rule { respect_protected_tag_for_release_permissions & can?(:developer_access) }.policy do
+ enable :destroy_release
+ end
+
rule { can?(:download_code) }.policy do
enable :read_repository_graphs
end
diff --git a/app/policies/release_policy.rb b/app/policies/release_policy.rb
index 6f99eb34bb3..bff80d83bef 100644
--- a/app/policies/release_policy.rb
+++ b/app/policies/release_policy.rb
@@ -13,21 +13,9 @@ class ReleasePolicy < BasePolicy
::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject.project, default_enabled: :yaml)
end
- condition(:project_developer) do
- can?(:developer_access, @subject.project)
- end
-
rule { respect_protected_tag & protected_tag }.policy do
prevent :create_release
prevent :update_release
prevent :destroy_release
end
-
- # NOTE: Developer role (or above) can create, update and destroy release entries.
- # When we remove the `evalute_protected_tag_for_release_permissions` feature flag,
- # we should move `enable :destroy_release` to ProjectPolicy alongside with .
- # See https://gitlab.com/gitlab-org/gitlab/-/issues/327505 for more information.
- rule { respect_protected_tag & project_developer }.policy do
- enable :destroy_release
- end
end
diff --git a/app/policies/releases/link_policy.rb b/app/policies/releases/link_policy.rb
index 4a662fafb2f..67a94733c7d 100644
--- a/app/policies/releases/link_policy.rb
+++ b/app/policies/releases/link_policy.rb
@@ -2,6 +2,6 @@
module Releases
class LinkPolicy < BasePolicy
- delegate { @subject.release.project }
+ delegate { @subject.release }
end
end
diff --git a/app/services/releases/create_service.rb b/app/services/releases/create_service.rb
index 52d95872414..2aac5644b84 100644
--- a/app/services/releases/create_service.rb
+++ b/app/services/releases/create_service.rb
@@ -44,7 +44,13 @@ module Releases
end
def allowed?
- Ability.allowed?(current_user, :create_release, project)
+ Ability.allowed?(current_user, :create_release, project) && can_create_tag?
+ end
+
+ def can_create_tag?
+ return true unless ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, project, default_enabled: :yaml)
+
+ ::Gitlab::UserAccess.new(current_user, container: project).can_create_tag?(tag_name)
end
def create_release(tag, evidence_pipeline)
diff --git a/config/webpack.config.js b/config/webpack.config.js
index f4324ffafc7..118aeac0ee1 100644
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -1,14 +1,18 @@
+const crypto = require('crypto');
const fs = require('fs');
const path = require('path');
+const BABEL_VERSION = require('@babel/core/package.json').version;
const SOURCEGRAPH_VERSION = require('@sourcegraph/code-host-integration/package.json').version;
+const BABEL_LOADER_VERSION = require('babel-loader/package.json').version;
const CompressionPlugin = require('compression-webpack-plugin');
const CopyWebpackPlugin = require('copy-webpack-plugin');
const glob = require('glob');
const VueLoaderPlugin = require('vue-loader/lib/plugin');
const VUE_LOADER_VERSION = require('vue-loader/package.json').version;
const VUE_VERSION = require('vue/package.json').version;
+
const webpack = require('webpack');
const { BundleAnalyzerPlugin } = require('webpack-bundle-analyzer');
const { StatsWriterPlugin } = require('webpack-stats-plugin');
@@ -21,6 +25,12 @@ const vendorDllHash = require('./helpers/vendor_dll_hash');
const MonacoWebpackPlugin = require('./plugins/monaco_webpack');
const ROOT_PATH = path.resolve(__dirname, '..');
+const SUPPORTED_BROWSERS = fs.readFileSync(path.join(ROOT_PATH, '.browserslistrc'), 'utf-8');
+const SUPPORTED_BROWSERS_HASH = crypto
+ .createHash('sha256')
+ .update(SUPPORTED_BROWSERS)
+ .digest('hex');
+
const VENDOR_DLL = process.env.WEBPACK_VENDOR_DLL && process.env.WEBPACK_VENDOR_DLL !== 'false';
const CACHE_PATH = process.env.WEBPACK_CACHE_PATH || path.join(ROOT_PATH, 'tmp/cache');
const IS_PRODUCTION = process.env.NODE_ENV === 'production';
@@ -217,6 +227,16 @@ module.exports = {
loader: 'babel-loader',
options: {
cacheDirectory: path.join(CACHE_PATH, 'babel-loader'),
+ cacheIdentifier: [
+ process.env.BABEL_ENV || process.env.NODE_ENV || 'development',
+ webpack.version,
+ BABEL_VERSION,
+ BABEL_LOADER_VERSION,
+ // Ensure that changing supported browsers will refresh the cache
+ // in order to not pull in outdated files that import core-js
+ SUPPORTED_BROWSERS_HASH,
+ ].join('|'),
+ cacheCompression: false,
},
},
{
diff --git a/doc/api/plan_limits.md b/doc/api/plan_limits.md
index 105cf13f9de..14c1c3f6f47 100644
--- a/doc/api/plan_limits.md
+++ b/doc/api/plan_limits.md
@@ -41,7 +41,8 @@ Example response:
"maven_max_file_size": 3221225472,
"npm_max_file_size": 524288000,
"nuget_max_file_size": 524288000,
- "pypi_max_file_size": 3221225472
+ "pypi_max_file_size": 3221225472,
+ "terraform_module_max_file_size": 1073741824
}
```
@@ -62,6 +63,7 @@ PUT /application/plan_limits
| `npm_max_file_size` | integer | no | Maximum NPM package file size in bytes. |
| `nuget_max_file_size` | integer | no | Maximum NuGet package file size in bytes. |
| `pypi_max_file_size` | integer | no | Maximum PyPI package file size in bytes. |
+| `terraform_module_max_file_size` | integer | no | Maximum Terraform Module package file size in bytes. |
```shell
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/application/plan_limits?plan_name=default&conan_max_file_size=3221225472"
@@ -76,6 +78,7 @@ Example response:
"maven_max_file_size": 3221225472,
"npm_max_file_size": 524288000,
"nuget_max_file_size": 524288000,
- "pypi_max_file_size": 3221225472
+ "pypi_max_file_size": 3221225472,
+ "terraform_module_max_file_size": 1073741824
}
```
diff --git a/doc/api/releases/index.md b/doc/api/releases/index.md
index 09ba878e2c5..cb688b81336 100644
--- a/doc/api/releases/index.md
+++ b/doc/api/releases/index.md
@@ -12,6 +12,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> - Release Evidences were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/26019) in GitLab 12.5.
> - `description_html` became an opt-in field [with GitLab 13.12 for performance reasons](https://gitlab.com/gitlab-org/gitlab/-/issues/299447).
Please pass the `include_html_description` query string parameter if you need it.
+> - [The permission model for create, update and delete actions was fixed](https://gitlab.com/gitlab-org/gitlab/-/issues/327505) in GitLab 14.1.
+ See [Release permissions](../../user/project/releases/index.md#release-permissions) for more information.
## List Releases
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 36bd12c3b49..93d63c136c5 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -105,8 +105,7 @@ The following table lists project permissions available for each role:
| Publish [packages](packages/index.md) | | | ✓ | ✓ | ✓ |
| Create/edit/delete a Cleanup policy | | | ✓ | ✓ | ✓ |
| Upload [Design Management](project/issues/design_management.md) files | | | ✓ | ✓ | ✓ |
-| Create/edit [releases](project/releases/index.md)| | | ✓ | ✓ | ✓ |
-| Delete [releases](project/releases/index.md)| | | | ✓ | ✓ |
+| Create/edit/delete [releases](project/releases/index.md)| | | ✓ (*13*) | ✓ (*13*) | ✓ (*13*) |
| Manage merge approval rules (project settings) | | | | ✓ | ✓ |
| Create new merge request | | | ✓ | ✓ | ✓ |
| Create new branches | | | ✓ | ✓ | ✓ |
@@ -205,6 +204,7 @@ The following table lists project permissions available for each role:
1. Users can only view events based on their individual actions.
1. Project access tokens are supported for self-managed instances on Free and above. They are also
supported on GitLab SaaS Premium and above (excluding [trial licenses](https://about.gitlab.com/free-trial/)).
+1. If the [tag is protected](#release-permissions-with-protected-tags), this depends on the access Developers and Maintainers are given.
## Project features permissions
@@ -521,6 +521,14 @@ run CI/CD pipelines and execute actions on jobs that are related to those branch
See [Security on protected branches](../ci/pipelines/index.md#pipeline-security-on-protected-branches)
for details about the pipelines security model.
+## Release permissions with protected tags
+
+[The permission to create tags](project/protected_tags.md) is used to define if a user can
+create, edit, and delete [Releases](project/releases/index.md).
+
+See [Release permissions](project/releases/index.md#release-permissions)
+for more information.
+
## LDAP users permissions
In GitLab 8.15 and later, LDAP user permissions can now be manually overridden by an admin user.
diff --git a/doc/user/project/releases/index.md b/doc/user/project/releases/index.md
index 728608e557f..bd97694e706 100644
--- a/doc/user/project/releases/index.md
+++ b/doc/user/project/releases/index.md
@@ -63,7 +63,7 @@ We recommend using the API to create releases as one of the last steps in your
CI/CD pipeline.
Only users with Developer permissions or higher can create releases.
-Read more about [Release permissions](../../../user/permissions.md#project-members-permissions).
+Read more about [Release permissions](#release-permissions).
To create a new release through the GitLab UI:
@@ -103,7 +103,7 @@ release tag. When the `released_at` date and time has passed, the badge is autom
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/26016) in GitLab 12.6. Asset link editing was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9427) in GitLab 12.10.
Only users with Developer permissions or higher can edit releases.
-Read more about [Release permissions](../../../user/permissions.md#project-members-permissions).
+Read more about [Release permissions](#release-permissions).
To edit the details of a release:
@@ -245,7 +245,7 @@ but are _not_ allowed to view details about the Git repository (in particular,
tag names). Because of this, release titles are replaced with a generic
title like "Release-1234" for Guest users to avoid leaking tag name information.
-See the [Permissions](../../permissions.md#project-members-permissions) page for
+See the [Release permissions](#release-permissions) section for
more information about permissions.
### Tag name
@@ -565,6 +565,49 @@ In the API:
- If you do not specify a `released_at` date, release evidence is collected on the
date the release is created.
+## Release permissions
+
+> [The permission model for create, update and delete actions was fixed](https://gitlab.com/gitlab-org/gitlab/-/issues/327505) in GitLab 14.1.
+
+### View a release and download assets
+
+- Users with [Reporter role or above](../../../user/permissions.md#project-members-permissions)
+ have read and download access to the project releases.
+- Users with [Guest role](../../../user/permissions.md#project-members-permissions)
+ have read and download access to the project releases, however,
+ repository-related information are redacted (for example the Git tag name).
+
+### Create, update, and delete a release and its assets
+
+- Users with [Developer role or above](../../../user/permissions.md#project-members-permissions)
+ have write access to the project releases and assets.
+- If a release is associated with a [protected tag](../protected_tags.md),
+ the user must be [allowed to create the protected tag](../protected_tags.md#configuring-protected-tags) too.
+
+As an example of release permission control, you can allow only
+[Maintainer role or above](../../../user/permissions.md#project-members-permissions)
+to create, update, and delete releases by protecting the tag with a wildcard (`*`),
+and set **Maintainer** in the **Allowed to create** column.
+
+#### Enable or disable protected tag evaluation on releases **(FREE SELF)**
+
+Protected tag evaluation on release permissions is under development and not ready for production use.
+It is deployed behind a feature flag that is **disabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
+can enable it.
+
+To enable it:
+
+```ruby
+Feature.enable(:evalute_protected_tag_for_release_permissions)
+```
+
+To disable it:
+
+```ruby
+Feature.disable(:evalute_protected_tag_for_release_permissions)
+```
+
## Release Command Line
> [Introduced](https://gitlab.com/gitlab-org/release-cli/-/merge_requests/6) in GitLab 12.10.
@@ -588,14 +631,13 @@ These metrics include:
- Total number of releases in the group
- Percentage of projects in the group that have at least one release
-<!-- ## Troubleshooting
+## Troubleshooting
+
+### Getting `403 Forbidden` or `Something went wrong while creating a new release` errors when creating, updating or deleting releases and their assets
-Include any troubleshooting steps that you can foresee. If you know beforehand what issues
-one might have when setting this up, or when something is changed, or on upgrading, it's
-important to describe those, too. Think of things that may go wrong and include them here.
-This is important to minimize requests for support, and to avoid doc comments with
-questions that you know someone might ask.
+If the release is associted with a [protected tag](../protected_tags.md),
+the UI/API request might result in an authorization failure.
+Make sure that the user or a service/bot account is allowed to
+[create the protected tag](../protected_tags.md#configuring-protected-tags) too.
-Each scenario can be a third-level heading, e.g. `### Getting error message X`.
-If you have none to add when creating a doc, leave this section in place
-but commented out to help encourage others to add to it in the future. -->
+See [the release permissions](#release-permissions) for more information.
diff --git a/lib/api/admin/plan_limits.rb b/lib/api/admin/plan_limits.rb
index 92f7d3dce0d..ab6a4e4a04a 100644
--- a/lib/api/admin/plan_limits.rb
+++ b/lib/api/admin/plan_limits.rb
@@ -41,6 +41,7 @@ module API
optional :npm_max_file_size, type: Integer, desc: 'Maximum NPM package file size in bytes'
optional :nuget_max_file_size, type: Integer, desc: 'Maximum NuGet package file size in bytes'
optional :pypi_max_file_size, type: Integer, desc: 'Maximum PyPI package file size in bytes'
+ optional :terraform_module_max_file_size, type: Integer, desc: 'Maximum Terraform Module package file size in bytes'
end
put "application/plan_limits" do
params = declared_params(include_missing: false)
diff --git a/lib/api/entities/plan_limit.rb b/lib/api/entities/plan_limit.rb
index 40e8b348c18..04ec44b5167 100644
--- a/lib/api/entities/plan_limit.rb
+++ b/lib/api/entities/plan_limit.rb
@@ -9,6 +9,7 @@ module API
expose :npm_max_file_size
expose :nuget_max_file_size
expose :pypi_max_file_size
+ expose :terraform_module_max_file_size
end
end
end
diff --git a/spec/graphql/mutations/release_asset_links/create_spec.rb b/spec/graphql/mutations/release_asset_links/create_spec.rb
index 089bc3d3276..eb7cbb4b789 100644
--- a/spec/graphql/mutations/release_asset_links/create_spec.rb
+++ b/spec/graphql/mutations/release_asset_links/create_spec.rb
@@ -50,6 +50,24 @@ RSpec.describe Mutations::ReleaseAssetLinks::Create do
end
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'does not have errors' do
+ expect(subject).to include(errors: [])
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'has an access error' do
+ expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+ end
+ end
+ end
+
context "when the user doesn't have access to the project" do
let(:current_user) { reporter }
diff --git a/spec/graphql/mutations/release_asset_links/delete_spec.rb b/spec/graphql/mutations/release_asset_links/delete_spec.rb
index 15d320b58ee..cda292f2ffa 100644
--- a/spec/graphql/mutations/release_asset_links/delete_spec.rb
+++ b/spec/graphql/mutations/release_asset_links/delete_spec.rb
@@ -7,6 +7,7 @@ RSpec.describe Mutations::ReleaseAssetLinks::Delete do
let_it_be(:project) { create(:project, :private, :repository) }
let_it_be_with_reload(:release) { create(:release, project: project) }
+ let_it_be(:reporter) { create(:user).tap { |u| project.add_reporter(u) } }
let_it_be(:developer) { create(:user).tap { |u| project.add_developer(u) } }
let_it_be(:maintainer) { create(:user).tap { |u| project.add_maintainer(u) } }
let_it_be_with_reload(:release_link) { create(:release_link, release: release) }
@@ -22,7 +23,7 @@ RSpec.describe Mutations::ReleaseAssetLinks::Delete do
let(:deleted_link) { subject[:link] }
context 'when the current user has access to delete the link' do
- let(:current_user) { maintainer }
+ let(:current_user) { developer }
it 'deletes the link and returns it', :aggregate_failures do
expect(deleted_link).to eq(release_link)
@@ -30,6 +31,26 @@ RSpec.describe Mutations::ReleaseAssetLinks::Delete do
expect(release.links).to be_empty
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'does not have errors' do
+ subject
+
+ expect(resolve).to include(errors: [])
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'raises a resource access error' do
+ expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+ end
+ end
+ end
+
context "when the link doesn't exist" do
let(:mutation_arguments) { super().merge(id: "gid://gitlab/Releases::Link/#{non_existing_record_id}") }
@@ -48,7 +69,7 @@ RSpec.describe Mutations::ReleaseAssetLinks::Delete do
end
context 'when the current user does not have access to delete the link' do
- let(:current_user) { developer }
+ let(:current_user) { reporter }
it 'raises an error' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
diff --git a/spec/graphql/mutations/release_asset_links/update_spec.rb b/spec/graphql/mutations/release_asset_links/update_spec.rb
index 20c1c8b581c..64648687336 100644
--- a/spec/graphql/mutations/release_asset_links/update_spec.rb
+++ b/spec/graphql/mutations/release_asset_links/update_spec.rb
@@ -87,6 +87,26 @@ RSpec.describe Mutations::ReleaseAssetLinks::Update do
end
it_behaves_like 'no changes to the link except for the', :name
+
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'does not have errors' do
+ subject
+
+ expect(resolve).to include(errors: [])
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'raises a resource access error' do
+ expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+ end
+ end
+ end
end
context 'when nil is provided' do
diff --git a/spec/graphql/mutations/releases/create_spec.rb b/spec/graphql/mutations/releases/create_spec.rb
index 7776f968346..1f2c3ed537f 100644
--- a/spec/graphql/mutations/releases/create_spec.rb
+++ b/spec/graphql/mutations/releases/create_spec.rb
@@ -117,6 +117,28 @@ RSpec.describe Mutations::Releases::Create do
expect(new_link.filepath).to eq(expected_link[:filepath])
end
end
+
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'does not have errors' do
+ subject
+
+ expect(resolve).to include(errors: [])
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'has an access error' do
+ subject
+
+ expect(resolve).to include(errors: ['Access Denied'])
+ end
+ end
+ end
end
context "when the current user doesn't have access to create releases" do
diff --git a/spec/graphql/mutations/releases/delete_spec.rb b/spec/graphql/mutations/releases/delete_spec.rb
index bedb72b002c..d97f839ce87 100644
--- a/spec/graphql/mutations/releases/delete_spec.rb
+++ b/spec/graphql/mutations/releases/delete_spec.rb
@@ -5,6 +5,7 @@ require 'spec_helper'
RSpec.describe Mutations::Releases::Delete do
let_it_be(:project) { create(:project, :public, :repository) }
let_it_be(:non_project_member) { create(:user) }
+ let_it_be(:reporter) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:tag) { 'v1.1.0'}
@@ -20,6 +21,7 @@ RSpec.describe Mutations::Releases::Delete do
end
before do
+ project.add_reporter(reporter)
project.add_developer(developer)
project.add_maintainer(maintainer)
end
@@ -36,7 +38,7 @@ RSpec.describe Mutations::Releases::Delete do
end
context 'when the current user has access to create releases' do
- let(:current_user) { maintainer }
+ let(:current_user) { developer }
it 'deletes the release' do
expect { subject }.to change { Release.count }.by(-1)
@@ -54,6 +56,28 @@ RSpec.describe Mutations::Releases::Delete do
expect(subject[:errors]).to eq([])
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'does not have errors' do
+ subject
+
+ expect(resolve).to include(errors: [])
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'has an access error' do
+ subject
+
+ expect(resolve).to include(errors: ['Access Denied'])
+ end
+ end
+ end
+
context 'validation' do
context 'when the release does not exist' do
let(:mutation_arguments) { super().merge(tag: 'not-a-real-release') }
@@ -76,8 +100,8 @@ RSpec.describe Mutations::Releases::Delete do
end
context "when the current user doesn't have access to update releases" do
- context 'when the user is a developer' do
- let(:current_user) { developer }
+ context 'when the user is a reporter' do
+ let(:current_user) { reporter }
it_behaves_like 'unauthorized or not found error'
end
diff --git a/spec/graphql/mutations/releases/update_spec.rb b/spec/graphql/mutations/releases/update_spec.rb
index c541afd53a1..5ee63ac4dc2 100644
--- a/spec/graphql/mutations/releases/update_spec.rb
+++ b/spec/graphql/mutations/releases/update_spec.rb
@@ -107,6 +107,28 @@ RSpec.describe Mutations::Releases::Update do
end
it_behaves_like 'no changes to the release except for the', :name
+
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'does not have errors' do
+ subject
+
+ expect(resolve).to include(errors: [])
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'has an access error' do
+ subject
+
+ expect(resolve).to include(errors: ['Access Denied'])
+ end
+ end
+ end
end
context 'when nil is provided' do
diff --git a/spec/lib/api/entities/plan_limit_spec.rb b/spec/lib/api/entities/plan_limit_spec.rb
index ee42c67f9b6..75e39e4f074 100644
--- a/spec/lib/api/entities/plan_limit_spec.rb
+++ b/spec/lib/api/entities/plan_limit_spec.rb
@@ -14,7 +14,8 @@ RSpec.describe API::Entities::PlanLimit do
:maven_max_file_size,
:npm_max_file_size,
:nuget_max_file_size,
- :pypi_max_file_size
+ :pypi_max_file_size,
+ :terraform_module_max_file_size
)
end
diff --git a/spec/requests/api/admin/plan_limits_spec.rb b/spec/requests/api/admin/plan_limits_spec.rb
index 6bc133f67c0..f497227789a 100644
--- a/spec/requests/api/admin/plan_limits_spec.rb
+++ b/spec/requests/api/admin/plan_limits_spec.rb
@@ -29,6 +29,7 @@ RSpec.describe API::Admin::PlanLimits, 'PlanLimits' do
expect(json_response['npm_max_file_size']).to eq(Plan.default.actual_limits.npm_max_file_size)
expect(json_response['nuget_max_file_size']).to eq(Plan.default.actual_limits.nuget_max_file_size)
expect(json_response['pypi_max_file_size']).to eq(Plan.default.actual_limits.pypi_max_file_size)
+ expect(json_response['terraform_module_max_file_size']).to eq(Plan.default.actual_limits.terraform_module_max_file_size)
end
end
@@ -48,6 +49,7 @@ RSpec.describe API::Admin::PlanLimits, 'PlanLimits' do
expect(json_response['npm_max_file_size']).to eq(Plan.default.actual_limits.npm_max_file_size)
expect(json_response['nuget_max_file_size']).to eq(Plan.default.actual_limits.nuget_max_file_size)
expect(json_response['pypi_max_file_size']).to eq(Plan.default.actual_limits.pypi_max_file_size)
+ expect(json_response['terraform_module_max_file_size']).to eq(Plan.default.actual_limits.terraform_module_max_file_size)
end
end
@@ -85,7 +87,8 @@ RSpec.describe API::Admin::PlanLimits, 'PlanLimits' do
'maven_max_file_size': 30,
'npm_max_file_size': 40,
'nuget_max_file_size': 50,
- 'pypi_max_file_size': 60
+ 'pypi_max_file_size': 60,
+ 'terraform_module_max_file_size': 70
}
expect(response).to have_gitlab_http_status(:ok)
@@ -96,6 +99,7 @@ RSpec.describe API::Admin::PlanLimits, 'PlanLimits' do
expect(json_response['npm_max_file_size']).to eq(40)
expect(json_response['nuget_max_file_size']).to eq(50)
expect(json_response['pypi_max_file_size']).to eq(60)
+ expect(json_response['terraform_module_max_file_size']).to eq(70)
end
it 'updates single plan limits' do
@@ -128,7 +132,8 @@ RSpec.describe API::Admin::PlanLimits, 'PlanLimits' do
'maven_max_file_size': 'c',
'npm_max_file_size': 'd',
'nuget_max_file_size': 'e',
- 'pypi_max_file_size': 'f'
+ 'pypi_max_file_size': 'f',
+ 'terraform_module_max_file_size': 'g'
}
expect(response).to have_gitlab_http_status(:bad_request)
@@ -139,7 +144,8 @@ RSpec.describe API::Admin::PlanLimits, 'PlanLimits' do
'generic_packages_max_file_size is invalid',
'npm_max_file_size is invalid',
'nuget_max_file_size is invalid',
- 'pypi_max_file_size is invalid'
+ 'pypi_max_file_size is invalid',
+ 'terraform_module_max_file_size is invalid'
)
end
end
diff --git a/spec/requests/api/graphql/mutations/releases/delete_spec.rb b/spec/requests/api/graphql/mutations/releases/delete_spec.rb
index 3710f118bf4..40063156609 100644
--- a/spec/requests/api/graphql/mutations/releases/delete_spec.rb
+++ b/spec/requests/api/graphql/mutations/releases/delete_spec.rb
@@ -55,7 +55,7 @@ RSpec.describe 'Deleting a release' do
end
context 'when the current user has access to update releases' do
- let(:current_user) { maintainer }
+ let(:current_user) { developer }
it 'deletes the release' do
expect { delete_release }.to change { Release.count }.by(-1)
@@ -105,12 +105,6 @@ RSpec.describe 'Deleting a release' do
end
context "when the current user doesn't have access to update releases" do
- context 'when the current user is a Developer' do
- let(:current_user) { developer }
-
- it_behaves_like 'unauthorized or not found error'
- end
-
context 'when the current user is a Reporter' do
let(:current_user) { reporter }
diff --git a/spec/requests/api/release/links_spec.rb b/spec/requests/api/release/links_spec.rb
index c03dd0331cf..00326426af5 100644
--- a/spec/requests/api/release/links_spec.rb
+++ b/spec/requests/api/release/links_spec.rb
@@ -5,6 +5,7 @@ require 'spec_helper'
RSpec.describe API::Release::Links do
let(:project) { create(:project, :repository, :private) }
let(:maintainer) { create(:user) }
+ let(:developer) { create(:user) }
let(:reporter) { create(:user) }
let(:non_project_member) { create(:user) }
let(:commit) { create(:commit, project: project) }
@@ -18,6 +19,7 @@ RSpec.describe API::Release::Links do
before do
project.add_maintainer(maintainer)
+ project.add_developer(developer)
project.add_reporter(reporter)
project.repository.add_tag(maintainer, 'v0.1', commit.id)
@@ -196,6 +198,28 @@ RSpec.describe API::Release::Links do
expect(response).to match_response_schema('release/link')
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'accepts the request' do
+ post api("/projects/#{project.id}/releases/v0.1/assets/links", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:created)
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'forbids the request' do
+ post api("/projects/#{project.id}/releases/v0.1/assets/links", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+
context 'when name is empty' do
let(:params) do
{
@@ -290,6 +314,28 @@ RSpec.describe API::Release::Links do
expect(response).to match_response_schema('release/link')
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'accepts the request' do
+ put api("/projects/#{project.id}/releases/v0.1/assets/links/#{release_link.id}", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'forbids the request' do
+ put api("/projects/#{project.id}/releases/v0.1/assets/links/#{release_link.id}", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+
context 'when params is empty' do
let(:params) { {} }
@@ -365,6 +411,28 @@ RSpec.describe API::Release::Links do
expect(response).to match_response_schema('release/link')
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'accepts the request' do
+ delete api("/projects/#{project.id}/releases/v0.1/assets/links/#{release_link.id}", developer)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'forbids the request' do
+ delete api("/projects/#{project.id}/releases/v0.1/assets/links/#{release_link.id}", developer)
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+
context 'when there are no corresponding release link' do
let!(:release_link) { }
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb
index 8aec18c9c1b..03e0954e5ab 100644
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -676,6 +676,28 @@ RSpec.describe API::Releases do
end.not_to change { Project.find_by_id(project.id).repository.tag_count }
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'accepts the request' do
+ post api("/projects/#{project.id}/releases", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:created)
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'forbids the request' do
+ post api("/projects/#{project.id}/releases", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+
context 'when user is a reporter' do
it 'forbids the request' do
post api("/projects/#{project.id}/releases", reporter), params: params
@@ -1014,6 +1036,28 @@ RSpec.describe API::Releases do
expect(project.releases.last.released_at).to eq('2015-10-10T05:00:00Z')
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'accepts the request' do
+ put api("/projects/#{project.id}/releases/v0.1", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'forbids the request' do
+ put api("/projects/#{project.id}/releases/v0.1", developer), params: params
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+
context 'when user tries to update sha' do
let(:params) { { sha: 'xxx' } }
@@ -1194,6 +1238,28 @@ RSpec.describe API::Releases do
expect(response).to match_response_schema('public_api/v4/release')
end
+ context 'with protected tag' do
+ context 'when user has access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) }
+
+ it 'accepts the request' do
+ delete api("/projects/#{project.id}/releases/v0.1", developer)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ context 'when user does not have access to the protected tag' do
+ let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) }
+
+ it 'forbids the request' do
+ delete api("/projects/#{project.id}/releases/v0.1", developer)
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+
context 'when there are no corresponding releases' do
let!(:release) { }
diff --git a/spec/support/shared_contexts/policies/project_policy_shared_context.rb b/spec/support/shared_contexts/policies/project_policy_shared_context.rb
index d638ffcf8fa..de1b46c65ad 100644
--- a/spec/support/shared_contexts/policies/project_policy_shared_context.rb
+++ b/spec/support/shared_contexts/policies/project_policy_shared_context.rb
@@ -48,7 +48,7 @@ RSpec.shared_context 'ProjectPolicy context' do
destroy_container_image push_code read_pod_logs read_terraform_state
resolve_note update_build update_commit_status update_container_image
update_deployment update_environment update_merge_request
- update_metrics_dashboard_annotation update_pipeline update_release
+ update_metrics_dashboard_annotation update_pipeline update_release destroy_release
]
end
@@ -57,7 +57,7 @@ RSpec.shared_context 'ProjectPolicy context' do
add_cluster admin_build admin_commit_status admin_container_image
admin_deployment admin_environment admin_note admin_pipeline
admin_project admin_project_member admin_snippet admin_terraform_state
- admin_wiki create_deploy_token destroy_deploy_token destroy_release
+ admin_wiki create_deploy_token destroy_deploy_token
push_to_delete_protected_branch read_deploy_token update_snippet
]
end
diff --git a/tooling/danger/project_helper.rb b/tooling/danger/project_helper.rb
index 146decfa6db..5e2970169f6 100644
--- a/tooling/danger/project_helper.rb
+++ b/tooling/danger/project_helper.rb
@@ -54,6 +54,7 @@ module Tooling
%r{\A(ee/)?scripts/frontend/} => :frontend,
%r{(\A|/)(
\.babelrc |
+ \.browserslistrc |
\.eslintignore |
\.eslintrc(\.yml)? |
\.nvmrc |
diff --git a/yarn.lock b/yarn.lock
index be0d9afd4f8..c897c7db119 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2883,16 +2883,16 @@ browserify-zlib@^0.2.0:
dependencies:
pako "~1.0.5"
-browserslist@^4.12.0, browserslist@^4.8.3:
- version "4.16.1"
- resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.1.tgz#bf757a2da376b3447b800a16f0f1c96358138766"
- integrity sha512-UXhDrwqsNcpTYJBTZsbGATDxZbiVDsx6UjpmRUmtnP10pr8wAYr5LgFoEFw9ixriQH2mv/NX2SfGzE/o8GndLA==
+browserslist@^4.12.0, browserslist@^4.16.6:
+ version "4.16.6"
+ resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.6.tgz#d7901277a5a88e554ed305b183ec9b0c08f66fa2"
+ integrity sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ==
dependencies:
- caniuse-lite "^1.0.30001173"
- colorette "^1.2.1"
- electron-to-chromium "^1.3.634"
+ caniuse-lite "^1.0.30001219"
+ colorette "^1.2.2"
+ electron-to-chromium "^1.3.723"
escalade "^3.1.1"
- node-releases "^1.1.69"
+ node-releases "^1.1.71"
bser@2.1.1:
version "2.1.1"
@@ -3079,10 +3079,10 @@ camelcase@^6.0.0:
resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.0.0.tgz#5259f7c30e35e278f1bdc2a4d91230b37cad981e"
integrity sha512-8KMDF1Vz2gzOq54ONPJS65IvTUaB1cHJ2DMM7MbPmLZljDH1qpzzLsWdiN9pHh6qvkRVDTi/07+eNGch/oLU4w==
-caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001173:
- version "1.0.30001185"
- resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001185.tgz#3482a407d261da04393e2f0d61eefbc53be43b95"
- integrity sha512-Fpi4kVNtNvJ15H0F6vwmXtb3tukv3Zg3qhKkOGUq7KJ1J6b9kf4dnNgtEAFXhRsJo0gNj9W60+wBvn0JcTvdTg==
+caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001219:
+ version "1.0.30001241"
+ resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001241.tgz#cd3fae47eb3d7691692b406568d7a3e5b23c7598"
+ integrity sha512-1uoSZ1Pq1VpH0WerIMqwptXHNNGfdl7d1cJUFs80CwQ/lVzdhTvsFZCeNFslze7AjsQnb4C85tzclPa1VShbeQ==
capture-exit@^2.0.0:
version "2.0.0"
@@ -3631,11 +3631,11 @@ copy-webpack-plugin@^6.4.1:
webpack-sources "^1.4.3"
core-js-compat@^3.6.2:
- version "3.6.4"
- resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.6.4.tgz#938476569ebb6cda80d339bcf199fae4f16fff17"
- integrity sha512-zAa3IZPvsJ0slViBQ2z+vgyyTuhd3MFn1rBQjZSKVEgB0UMYhUkCj9jJUVPgGTGqWvsBVmfnruXgTcNyTlEiSA==
+ version "3.15.2"
+ resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.15.2.tgz#47272fbb479880de14b4e6081f71f3492f5bd3cb"
+ integrity sha512-Wp+BJVvwopjI+A1EFqm2dwUmWYXrvucmtIB2LgXn/Rb+gWPKYxtmb4GKHGKG/KGF1eK9jfjzT38DITbTOCX/SQ==
dependencies:
- browserslist "^4.8.3"
+ browserslist "^4.16.6"
semver "7.0.0"
core-js-pure@^3.0.0:
@@ -4613,10 +4613,10 @@ ee-first@1.1.1:
resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d"
integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=
-electron-to-chromium@^1.3.634:
- version "1.3.642"
- resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.642.tgz#8b884f50296c2ae2a9997f024d0e3e57facc2b94"
- integrity sha512-cev+jOrz/Zm1i+Yh334Hed6lQVOkkemk2wRozfMF4MtTR7pxf3r3L5Rbd7uX1zMcEqVJ7alJBnJL7+JffkC6FQ==
+electron-to-chromium@^1.3.723:
+ version "1.3.762"
+ resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.762.tgz#3fa4e3bcbda539b50e3aa23041627063a5cffe61"
+ integrity sha512-LehWjRpfPcK8F1Lf/NZoAwWLWnjJVo0SZeQ9j/tvnBWYcT99qDqgo4raAfS2oTKZjPrR/jxruh85DGgDUmywEA==
elliptic@^6.0.0:
version "6.5.4"
@@ -8744,10 +8744,10 @@ node-notifier@^8.0.0:
uuid "^8.3.0"
which "^2.0.2"
-node-releases@^1.1.69:
- version "1.1.70"
- resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.70.tgz#66e0ed0273aa65666d7fe78febe7634875426a08"
- integrity sha512-Slf2s69+2/uAD79pVVQo8uSiC34+g8GWY8UH2Qtqv34ZfhYrxpYpfzs9Js9d6O0mbDmALuxaTlplnBTnSELcrw==
+node-releases@^1.1.71:
+ version "1.1.73"
+ resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.73.tgz#dd4e81ddd5277ff846b80b52bb40c49edf7a7b20"
+ integrity sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg==
nodemon@^2.0.4:
version "2.0.4"