| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| |
| |
| | |
Adjustments related to DiffNotes on diffs outside of a project's main repository
See merge request gitlab-org/gitlab-ce!29023
|
| | |
| |
| |
| |
| | |
This turns Notable::RESOLVABLE_TYPES into a
`Notable.resolvable_types`. That allows us to override it in EE.
|
| |\ \
| | |
| | |
| | |
| | | |
Update maven.gitlab-ci.yml for GitLab Package
See merge request gitlab-org/gitlab-ce!28796
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
In some cases (during worker start) it's possible that
Puma.stats returns an empty hash for worker's last status. In
that case we just skip sampling of the worker until these
stats are available.
|
| |\ \ \ |
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Reject slug+uri concat if slug is deemed unsafe
See merge request gitlab/gitlabhq!3108
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
First reported:
https://gitlab.com/gitlab-org/gitlab-ce/issues/60143
When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Persistent XSS in note objects CE
See merge request gitlab/gitlabhq!3075
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatically update MR merge-ref along merge status
Closes #58495
See merge request gitlab-org/gitlab-ce!28513
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This introduces payload to the ServiceResponse with
the merge ref HEAD commit data
|
| | | | | | | | |
|
| | | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This couples the code that transitions the `MergeRequest#merge_status`
and refs/merge-requests/:iid/merge ref update.
In general, instead of directly telling `MergeToRefService` to update
the merge ref, we should rely on `MergeabilityCheckService` to keep
both the merge status and merge ref synced. Now, if the merge_status is
`can_be_merged` it means the merge-ref is also updated to the latest.
We've also updated the logic to be more systematic and less user-based.
|
| |\ \ \ \ \ \
| | |/ / / /
| |/| | | | |
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Resolve: Milestones leaked via search API
Closes #2822
See merge request gitlab/gitlabhq!2997
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fix milestone titles being leaked using search API
when users cannot read milestones
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Disallow invalid MR branch name
See merge request gitlab/gitlabhq!3052
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Prevents refspec as branch name, which would bypass branch protection
when used in conjunction with rebase.
HEAD seems to be a special case with lots of occurrence,
so it is considered valid for now.
Another special case is `refs/head/*`, which can be imported.
|
| | |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Handling password on import by url page
See merge request gitlab/gitlabhq!3061
|
| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Protect Gitlab::HTTP against DNS rebinding attack
See merge request gitlab/gitlabhq!3071
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
|
| | |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Fix url redaction for issue links
See merge request gitlab/gitlabhq!3091
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Add changelog entry
Add missing href to all redactor specs and removed href assignment
Remove obsolete spec
If original_content is given, it should be used for link content
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Add Namespace and ProjectStatistics to GraphQL API
See merge request gitlab-org/gitlab-ce!28277
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
We can query namespaces, and nested projects.
Projects now exposes statistics
|
| |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Refactor and abstract Auto Merge Processes
See merge request gitlab-org/gitlab-ce!28595
|
| | | |_|_|_|_|_|/ / / /
| |/| | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
We have one auto merge strategy today - Merge When Pipeline
Succeeds.
In order to add more strategies for Merge Train feature,
we abstract the architecture to be more extensible.
Removed arguments
Fix spec
|
| |\ \ \ \ \ \ \ \ \ \ \
| |_|/ / / / / / / / /
|/| | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Fix port validations in .gitlab-webide.yml
See merge request gitlab-org/gitlab-ce!29016
|
| | |/ / / / / / / / / |
|
| |/ / / / / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Delta islands were implemented last released in:
https://gitlab.com/gitlab-org/gitaly/merge_requests/1110. It's been
enabled on production and works as expected.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Reset merge status from mergeable MRs
See merge request gitlab-org/gitlab-ce!28843
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Adds migrations to reset the merge_status of opened,
mergeable MRs. That's required by
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28513
so we're able to sync the status update along merge-ref,
without leaving MRs with a stale merge-ref.
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This extends POST#:id/repository/commits to allow the optional parameter
`:start_project`, which will allow targeting other projects besides the
one derived from `:id`.
Resolves https://gitlab.com/gitlab-org/gitlab-ce/issues/50850
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Upgrade Gitaly to v1.43.0
See merge request gitlab-org/gitlab-ce!28867
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
It used to be the case that GitLab created symlinks for each repository
to one copy of the Git hooks, so these ran when required. This changed
to set the hooks dynamically on Gitaly when invoking Git.
The side effect is that we didn't need all these symlinks anymore, which
Gitaly doesn't create anymore either. Now that means that the tests in
GitLab-Rails should test for it either.
Related: https://gitlab.com/gitlab-org/gitaly/issues/1392#note_175619926
|
