Commit 1f367191 authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents c9ef9a8a 28cffb9f
source 'https://rubygems.org' source 'https://rubygems.org'
gem 'rails', '5.0.7' gem 'rails', '5.0.7.1'
gem 'rails-deprecated_sanitizer', '~> 1.0.3' gem 'rails-deprecated_sanitizer', '~> 1.0.3'
# Improves copy-on-write performance for MRI # Improves copy-on-write performance for MRI
......
...@@ -4,41 +4,41 @@ GEM ...@@ -4,41 +4,41 @@ GEM
RedCloth (4.3.2) RedCloth (4.3.2)
abstract_type (0.0.7) abstract_type (0.0.7)
ace-rails-ap (4.1.2) ace-rails-ap (4.1.2)
actioncable (5.0.7) actioncable (5.0.7.1)
actionpack (= 5.0.7) actionpack (= 5.0.7.1)
nio4r (>= 1.2, < 3.0) nio4r (>= 1.2, < 3.0)
websocket-driver (~> 0.6.1) websocket-driver (~> 0.6.1)
actionmailer (5.0.7) actionmailer (5.0.7.1)
actionpack (= 5.0.7) actionpack (= 5.0.7.1)
actionview (= 5.0.7) actionview (= 5.0.7.1)
activejob (= 5.0.7) activejob (= 5.0.7.1)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
actionpack (5.0.7) actionpack (5.0.7.1)
actionview (= 5.0.7) actionview (= 5.0.7.1)
activesupport (= 5.0.7) activesupport (= 5.0.7.1)
rack (~> 2.0) rack (~> 2.0)
rack-test (~> 0.6.3) rack-test (~> 0.6.3)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.0.7) actionview (5.0.7.1)
activesupport (= 5.0.7) activesupport (= 5.0.7.1)
builder (~> 3.1) builder (~> 3.1)
erubis (~> 2.7.0) erubis (~> 2.7.0)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3) rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.0.7) activejob (5.0.7.1)
activesupport (= 5.0.7) activesupport (= 5.0.7.1)
globalid (>= 0.3.6) globalid (>= 0.3.6)
activemodel (5.0.7) activemodel (5.0.7.1)
activesupport (= 5.0.7) activesupport (= 5.0.7.1)
activerecord (5.0.7) activerecord (5.0.7.1)
activemodel (= 5.0.7) activemodel (= 5.0.7.1)
activesupport (= 5.0.7) activesupport (= 5.0.7.1)
arel (~> 7.0) arel (~> 7.0)
activerecord_sane_schema_dumper (1.0) activerecord_sane_schema_dumper (1.0)
rails (>= 5, < 6) rails (>= 5, < 6)
activesupport (5.0.7) activesupport (5.0.7.1)
concurrent-ruby (~> 1.0, >= 1.0.2) concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2) i18n (>= 0.7, < 2)
minitest (~> 5.1) minitest (~> 5.1)
...@@ -408,7 +408,7 @@ GEM ...@@ -408,7 +408,7 @@ GEM
json (~> 1.8) json (~> 1.8)
multi_xml (>= 0.5.2) multi_xml (>= 0.5.2)
httpclient (2.8.3) httpclient (2.8.3)
i18n (1.1.1) i18n (1.2.0)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
icalendar (2.4.1) icalendar (2.4.1)
ice_nine (0.11.2) ice_nine (0.11.2)
...@@ -477,7 +477,7 @@ GEM ...@@ -477,7 +477,7 @@ GEM
loofah (2.2.3) loofah (2.2.3)
crass (~> 1.0.2) crass (~> 1.0.2)
nokogiri (>= 1.5.9) nokogiri (>= 1.5.9)
mail (2.7.0) mail (2.7.1)
mini_mime (>= 0.1.1) mini_mime (>= 0.1.1)
mail_room (0.9.1) mail_room (0.9.1)
memoist (0.16.0) memoist (0.16.0)
...@@ -653,17 +653,17 @@ GEM ...@@ -653,17 +653,17 @@ GEM
rack rack
rack-test (0.6.3) rack-test (0.6.3)
rack (>= 1.0) rack (>= 1.0)
rails (5.0.7) rails (5.0.7.1)
actioncable (= 5.0.7) actioncable (= 5.0.7.1)
actionmailer (= 5.0.7) actionmailer (= 5.0.7.1)
actionpack (= 5.0.7) actionpack (= 5.0.7.1)
actionview (= 5.0.7) actionview (= 5.0.7.1)
activejob (= 5.0.7) activejob (= 5.0.7.1)
activemodel (= 5.0.7) activemodel (= 5.0.7.1)
activerecord (= 5.0.7) activerecord (= 5.0.7.1)
activesupport (= 5.0.7) activesupport (= 5.0.7.1)
bundler (>= 1.3.0) bundler (>= 1.3.0)
railties (= 5.0.7) railties (= 5.0.7.1)
sprockets-rails (>= 2.0.0) sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.2) rails-controller-testing (1.0.2)
actionpack (~> 5.x, >= 5.0.1) actionpack (~> 5.x, >= 5.0.1)
...@@ -679,15 +679,15 @@ GEM ...@@ -679,15 +679,15 @@ GEM
rails-i18n (5.1.1) rails-i18n (5.1.1)
i18n (>= 0.7, < 2) i18n (>= 0.7, < 2)
railties (>= 5.0, < 6) railties (>= 5.0, < 6)
railties (5.0.7) railties (5.0.7.1)
actionpack (= 5.0.7) actionpack (= 5.0.7.1)
activesupport (= 5.0.7) activesupport (= 5.0.7.1)
method_source method_source
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0) thor (>= 0.18.1, < 2.0)
rainbow (3.0.0) rainbow (3.0.0)
raindrops (0.18.0) raindrops (0.18.0)
rake (12.3.1) rake (12.3.2)
rb-fsevent (0.10.2) rb-fsevent (0.10.2)
rb-inotify (0.9.10) rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2) ffi (>= 0.5.0, < 2)
...@@ -1133,7 +1133,7 @@ DEPENDENCIES ...@@ -1133,7 +1133,7 @@ DEPENDENCIES
rack-cors (~> 1.0.0) rack-cors (~> 1.0.0)
rack-oauth2 (~> 1.2.1) rack-oauth2 (~> 1.2.1)
rack-proxy (~> 0.6.0) rack-proxy (~> 0.6.0)
rails (= 5.0.7) rails (= 5.0.7.1)
rails-controller-testing rails-controller-testing
rails-deprecated_sanitizer (~> 1.0.3) rails-deprecated_sanitizer (~> 1.0.3)
rails-i18n (~> 5.1) rails-i18n (~> 5.1)
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
module Clusters module Clusters
module Applications module Applications
class Runner < ActiveRecord::Base class Runner < ActiveRecord::Base
VERSION = '0.1.39'.freeze VERSION = '0.1.43'.freeze
self.table_name = 'clusters_applications_runners' self.table_name = 'clusters_applications_runners'
......
...@@ -48,11 +48,13 @@ module MergeRequests ...@@ -48,11 +48,13 @@ module MergeRequests
end end
if merge_request.previous_changes.include?('assignee_id') if merge_request.previous_changes.include?('assignee_id')
reassigned_merge_request_args = [merge_request, current_user]
old_assignee_id = merge_request.previous_changes['assignee_id'].first old_assignee_id = merge_request.previous_changes['assignee_id'].first
old_assignee = User.find(old_assignee_id) if old_assignee_id reassigned_merge_request_args << User.find(old_assignee_id) if old_assignee_id
create_assignee_note(merge_request) create_assignee_note(merge_request)
notification_service.async.reassigned_merge_request(merge_request, current_user, old_assignee) notification_service.async.reassigned_merge_request(*reassigned_merge_request_args)
todo_service.reassigned_merge_request(merge_request, current_user) todo_service.reassigned_merge_request(merge_request, current_user)
end end
......
...@@ -188,7 +188,7 @@ class NotificationService ...@@ -188,7 +188,7 @@ class NotificationService
# * merge_request assignee if their notification level is not Disabled # * merge_request assignee if their notification level is not Disabled
# * users with custom level checked with "reassign merge request" # * users with custom level checked with "reassign merge request"
# #
def reassigned_merge_request(merge_request, current_user, previous_assignee) def reassigned_merge_request(merge_request, current_user, previous_assignee = nil)
recipients = NotificationRecipientService.build_recipients( recipients = NotificationRecipientService.build_recipients(
merge_request, merge_request,
current_user, current_user,
......
...@@ -8,14 +8,35 @@ module MailScheduler ...@@ -8,14 +8,35 @@ module MailScheduler
include MailSchedulerQueue include MailSchedulerQueue
def perform(meth, *args) def perform(meth, *args)
deserialized_args = ActiveJob::Arguments.deserialize(args) check_arguments!(args)
deserialized_args = ActiveJob::Arguments.deserialize(args)
notification_service.public_send(meth, *deserialized_args) # rubocop:disable GitlabSecurity/PublicSend notification_service.public_send(meth, *deserialized_args) # rubocop:disable GitlabSecurity/PublicSend
rescue ActiveJob::DeserializationError rescue ActiveJob::DeserializationError
# No-op.
# This exception gets raised when an argument
# is correct (deserializeable), but it still cannot be deserialized.
# This can happen when an object has been deleted after
# rails passes this job to sidekiq, but before
# sidekiq gets it for execution.
# In this case just do nothing.
end end
def self.perform_async(*args) def self.perform_async(*args)
super(*ActiveJob::Arguments.serialize(args)) super(*ActiveJob::Arguments.serialize(args))
end end
private
# If an argument is in the ActiveJob::Arguments::TYPE_WHITELIST list,
# it means the argument cannot be deserialized.
# Which means there's something wrong with our code.
def check_arguments!(args)
args.each do |arg|
if arg.class.in?(ActiveJob::Arguments::TYPE_WHITELIST)
raise(ArgumentError, "Argument `#{arg}` cannot be deserialized because of its type")
end
end
end
end end
end end
---
title: Bump Ruby on Rails to 5.0.7.1
merge_request: 23396
author: "@blackst0ne"
type: security
---
title: Update GitLab Runner Helm Chart to 0.1.43
merge_request: 24083
author:
type: other
...@@ -18,7 +18,7 @@ describe Clusters::Applications::Runner do ...@@ -18,7 +18,7 @@ describe Clusters::Applications::Runner do
let(:application) { create(:clusters_applications_runner, :scheduled, version: '0.1.30') } let(:application) { create(:clusters_applications_runner, :scheduled, version: '0.1.30') }
it 'updates the application version' do it 'updates the application version' do
expect(application.reload.version).to eq('0.1.39') expect(application.reload.version).to eq('0.1.43')
end end
end end
end end
...@@ -46,7 +46,7 @@ describe Clusters::Applications::Runner do ...@@ -46,7 +46,7 @@ describe Clusters::Applications::Runner do
it 'should be initialized with 4 arguments' do it 'should be initialized with 4 arguments' do
expect(subject.name).to eq('runner') expect(subject.name).to eq('runner')
expect(subject.chart).to eq('runner/gitlab-runner') expect(subject.chart).to eq('runner/gitlab-runner')
expect(subject.version).to eq('0.1.39') expect(subject.version).to eq('0.1.43')
expect(subject).not_to be_rbac expect(subject).not_to be_rbac
expect(subject.repository).to eq('https://charts.gitlab.io') expect(subject.repository).to eq('https://charts.gitlab.io')
expect(subject.files).to eq(gitlab_runner.files) expect(subject.files).to eq(gitlab_runner.files)
...@@ -64,7 +64,7 @@ describe Clusters::Applications::Runner do ...@@ -64,7 +64,7 @@ describe Clusters::Applications::Runner do
let(:gitlab_runner) { create(:clusters_applications_runner, :errored, runner: ci_runner, version: '0.1.13') } let(:gitlab_runner) { create(:clusters_applications_runner, :errored, runner: ci_runner, version: '0.1.13') }
it 'should be initialized with the locked version' do it 'should be initialized with the locked version' do
expect(subject.version).to eq('0.1.39') expect(subject.version).to eq('0.1.43')
end end
end end
end end
......
...@@ -17,10 +17,21 @@ describe MailScheduler::NotificationServiceWorker do ...@@ -17,10 +17,21 @@ describe MailScheduler::NotificationServiceWorker do
end end
context 'when the arguments cannot be deserialized' do context 'when the arguments cannot be deserialized' do
it 'does nothing' do context 'when the arguments are not deserializeable' do
it 'raises exception' do
expect(worker.notification_service).not_to receive(method) expect(worker.notification_service).not_to receive(method)
expect { worker.perform(method, key.to_global_id.to_s.succ) }.to raise_exception(ArgumentError)
end
end
worker.perform(method, key.to_global_id.to_s.succ) context 'when the arguments are deserializeable' do
it 'does nothing' do
serialized_arguments = *serialize(key)
key.destroy!
expect(worker.notification_service).not_to receive(method)
expect { worker.perform(method, serialized_arguments) }.not_to raise_exception
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment