Commits · 15a176eee4f695e39260734fe3093a8365c7fb39 · nexedi / gitlab-ce

03 May, 2021 1 commit
- Allow trial plans to behave paid plan · 15a176ee
  Shreyas Agarwal authored May 03, 2021
  
  15a176ee
28 Apr, 2021 39 commits
- Merge branch 'trans-levels-master-patch-26507' into 'master' · 90f218ad
  Alex Kalderimis authored Apr 28, 2021
```
Show translation levels in UI

See merge request gitlab-org/gitlab!59420
```
  90f218ad
- Merge branch 'gl-form-bitbucket-import' into 'master' · 5551b2c8
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in bitbucket import page

See merge request gitlab-org/gitlab!58309
```
  5551b2c8
- Add gl-form-input class for fields in bitbucket import page · 66656888
  Yogi authored Apr 28, 2021
  
  66656888
- Merge branch 'gl-form-fogbugz-import' into 'master' · 290073d1
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in fogbugz import page

See merge request gitlab-org/gitlab!58312
```
  290073d1
- Add gl-form-input class for fields in fogbugz import page · 193f6c50
  Yogi authored Apr 28, 2021
  
  193f6c50
- Merge branch 'gl-form-gitea-import' into 'master' · 7aee55b0
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in gitea import page

See merge request gitlab-org/gitlab!58313
```
  7aee55b0
- Add gl-form-input class for fields in gitea import page · b1daaac6
  Yogi authored Apr 28, 2021
  
  b1daaac6
- Merge branch 'mermaid-chaining' into 'master' · 126fe4c0
  Kushal Pandya authored Apr 28, 2021
```
Prevent DOS from Chaining in Mermaid

See merge request gitlab-org/gitlab!60382
```
  126fe4c0
- Merge branch 'gl-form-import' into 'master' · 5d89cb72
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in import page

See merge request gitlab-org/gitlab!58316
```
  5d89cb72
- Add gl-form-input class for fields in import page · 441a9938
  Yogi authored Apr 28, 2021
  
  441a9938
- Merge branch 'ph/327054/mrSettingsTracking' into 'master' · 80bd230e
  Kushal Pandya authored Apr 28, 2021
```
Added tracking to the different diff view settings [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!59979
```
  80bd230e
- Merge branch '299489-over-10-of-graphql-descriptions-are-missing-group-member-enum' into 'master' · 03c755cc
  Mayra Cabrera authored Apr 28, 2021
```
Add descriptions for GroupMemberRelationEnum

See merge request gitlab-org/gitlab!60158
```
  03c755cc
- Merge branch 'release-tools/update-gitaly' into 'master' · a5c6976c
  🤖 GitLab Bot 🤖 authored Apr 28, 2021
```
Update Gitaly version

See merge request gitlab-org/gitlab!60507
```
  a5c6976c
- Merge branch '325182_01_vuex_in_specs' into 'master' · 0052257c
  Frédéric Caplette authored Apr 28, 2021
```
Geo Node Status 2.0 - Vuex Spec Cleanup

See merge request gitlab-org/gitlab!60151
```
  0052257c
- Update gitaly to 34b2ac33494 · 4ba24e2e
  GitLab Release Tools Bot authored Apr 28, 2021
  
  4ba24e2e
- Merge branch '12524-vsa-enable-pagination-frontend' into 'master' · 065153e6
  Nicolò Maria Mezzopera authored Apr 28, 2021
```
[VSA] Enable pagination (frontend)

See merge request gitlab-org/gitlab!59650
```
  065153e6
- [VSA] Enable pagination (frontend) · 41ee917d
  Ezekiel Kigbo authored Apr 28, 2021
  
  41ee917d
- Prevent DOS from Chaining in Mermaid · 6bcf37a9
  Rajat Jain authored Apr 27, 2021
```
Don't allow chaining of links to be rendered directly
in the Mermaid diagram.

Changelog: security
```
  6bcf37a9
- Merge branch '326429-fj-add-merge_requests-menu' into 'master' · 9028f616
  Arturo Herrero authored Apr 28, 2021
```
Add Merge Requests and Requirements Menu

See merge request gitlab-org/gitlab!59374
```
  9028f616
- Merge branch 'master' of gitlab.com:gitlab-org/gitlab · 8ed012d0
  Yorick Peterse authored Apr 28, 2021
  
  8ed012d0
- Merge branch '284471-change-route-query-to-querystring' into 'master' · b1453948
  Savas Vedova authored Apr 28, 2021
```
Rename routeQuery to queryString in standard_filter.vue

See merge request gitlab-org/gitlab!60371
```
  b1453948
- Merge canonical master into security master · dc42afe9
  Yorick Peterse authored Apr 28, 2021
  
  dc42afe9
- Update CHANGELOG.md for 13.9.7-ee · 6ae690e6
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  6ae690e6
- Update CHANGELOG-EE.md for 13.9.7-ee · 84c163bd
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  84c163bd
- Update CHANGELOG.md for 13.10.4-ee · 8b9c8938
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  8b9c8938
- Update CHANGELOG-EE.md for 13.10.4-ee · f4834a3c
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  f4834a3c
- Update CHANGELOG.md for 13.11.2-ee · 32660c81
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  32660c81
- Update CHANGELOG-EE.md for 13.11.2-ee · 5735ea1b
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  5735ea1b
- Restrict the dependency proxy auth service · 6a5b2117
  David Fernandez authored Apr 20, 2021
```
Any objects other than `User` (such as `DeployToken`) are not allowed

Changelog: security
```
  6a5b2117
- Require 'api' scope to execute mutations · 67c694c7
  Alex Kalderimis authored Apr 08, 2021
```
Verify that read_api tokens cannot run mutations.

Also: adds tests use of OAuth tokens for GraphQL

We make some changes to the sessionless_authentication module
in order to capture the request_authenticator, so that we can access
the token scopes, without making any extra queries.

We ensure we always authorize the mutation, which, like all resolvers,
needs to opt in to the check.

Unlike resolvers, mutations should always raise. So
`BaseMutation.authorized?` raises on failure.

Logic for handling scopes is pushed down to the `ObjectAuthorization`
class, and encapsulated in the `ScopeValidator`, which limits the
methods that can be called by resolvers.
```
  67c694c7
- Prevent non-owners to set system_note_timestamp · daeb7d83
  Alexandru Croitor authored Feb 08, 2021
```
When an issue is created or updated though API for import
purposes we allow providing created_at and updated_at params
these would then be reflected also in system notes. Only admins
and project owners should be able to set these dates.
```
  daeb7d83
- Bump Carrierwave gem to v1.3.2 · 4d15b636
  Mike Kozono authored Apr 08, 2021
  
  4d15b636
- Disable keyset pagination for branches by default · 39b2b340
  Nick Thomas authored Apr 22, 2021
```
It seems that with this feature flag enabled, pagination doesn't work
correctly in conjunction with a search. The FF is already disabled on
GitLab.com, but disabling it in the YAML file means that self-managed
instances will also be protected from the security issue (unless they
explicitly opt-in to some beta code, of course).

Changelog: security
```
  39b2b340
- Do not expose pull mirror username and password · 56a23cce
  Vasilii Iakliushin authored Apr 15, 2021
```
Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/230864

* Remove password value from the pull mirror form
* Hide username from mirror url
```
  56a23cce
- Merge branch 'ag-success-activation-banner' into 'master' · 1b32041f
  Savas Vedova authored Apr 28, 2021
```
Subscription Activation: Success Banner

See merge request gitlab-org/gitlab!60389
```
  1b32041f
- Merge branch 'docs-remove-create-default-freeze' into 'master' · 4a61262a
  Marcia Ramos authored Apr 28, 2021
```
Docs: Remove create_default examples with freeze

See merge request gitlab-org/gitlab!60379
```
  4a61262a
- Merge branch 'nagyv-gitlab-master-patch-59131' into 'master' · ade2d3e8
  Marcia Ramos authored Apr 28, 2021
```
Document all the configuration options

See merge request gitlab-org/gitlab!59562
```
  ade2d3e8
- Document all the configuration options · 45e90bb6
  Viktor Nagy authored Apr 28, 2021
  
  45e90bb6
- Merge branch 'alberts-document-order-dependent-flaky-test' into 'master' · 4c15508b
  Marcia Ramos authored Apr 28, 2021
```
Document order-dependent flaky tests

See merge request gitlab-org/gitlab!59369
```
  4c15508b