Commits · 15e353dd31adc8b359c3ce8d9fe9fe073522c5eb · nexedi / gitlab-ce

29 Apr, 2021 1 commit
- Add more merging statuses to use randomly · 15e353dd
  Kushal Pandya authored Apr 28, 2021
```
Add merge active status messages and use one of
them randomly.
```
  15e353dd
28 Apr, 2021 39 commits
- Merge branch '300992-auditor-access-security-center' into 'master' · 66e1150d
  Heinrich Lee Yu authored Apr 28, 2021
```
Auditor can see and add projects in security center

See merge request gitlab-org/gitlab!58841
```
  66e1150d
- Merge branch 'justin_ho-update-button-variant-to-confirm-on-merge-request-page' into 'master' · 7193e42f
  David O'Regan authored Apr 28, 2021
```
Update button variants to btn-confirm on MR page

See merge request gitlab-org/gitlab!60254
```
  7193e42f
- Merge branch 'trans-levels-master-patch-26507' into 'master' · 90f218ad
  Alex Kalderimis authored Apr 28, 2021
```
Show translation levels in UI

See merge request gitlab-org/gitlab!59420
```
  90f218ad
- Merge branch 'gl-form-bitbucket-import' into 'master' · 5551b2c8
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in bitbucket import page

See merge request gitlab-org/gitlab!58309
```
  5551b2c8
- Add gl-form-input class for fields in bitbucket import page · 66656888
  Yogi authored Apr 28, 2021
  
  66656888
- Merge branch 'gl-form-fogbugz-import' into 'master' · 290073d1
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in fogbugz import page

See merge request gitlab-org/gitlab!58312
```
  290073d1
- Add gl-form-input class for fields in fogbugz import page · 193f6c50
  Yogi authored Apr 28, 2021
  
  193f6c50
- Merge branch 'gl-form-gitea-import' into 'master' · 7aee55b0
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in gitea import page

See merge request gitlab-org/gitlab!58313
```
  7aee55b0
- Add gl-form-input class for fields in gitea import page · b1daaac6
  Yogi authored Apr 28, 2021
  
  b1daaac6
- Merge branch 'mermaid-chaining' into 'master' · 126fe4c0
  Kushal Pandya authored Apr 28, 2021
```
Prevent DOS from Chaining in Mermaid

See merge request gitlab-org/gitlab!60382
```
  126fe4c0
- Merge branch 'gl-form-import' into 'master' · 5d89cb72
  Kushal Pandya authored Apr 28, 2021
```
Add gl-form-input class for fields in import page

See merge request gitlab-org/gitlab!58316
```
  5d89cb72
- Add gl-form-input class for fields in import page · 441a9938
  Yogi authored Apr 28, 2021
  
  441a9938
- Merge branch 'ph/327054/mrSettingsTracking' into 'master' · 80bd230e
  Kushal Pandya authored Apr 28, 2021
```
Added tracking to the different diff view settings [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!59979
```
  80bd230e
- Merge branch '299489-over-10-of-graphql-descriptions-are-missing-group-member-enum' into 'master' · 03c755cc
  Mayra Cabrera authored Apr 28, 2021
```
Add descriptions for GroupMemberRelationEnum

See merge request gitlab-org/gitlab!60158
```
  03c755cc
- Merge branch 'release-tools/update-gitaly' into 'master' · a5c6976c
  🤖 GitLab Bot 🤖 authored Apr 28, 2021
```
Update Gitaly version

See merge request gitlab-org/gitlab!60507
```
  a5c6976c
- Merge branch '325182_01_vuex_in_specs' into 'master' · 0052257c
  Frédéric Caplette authored Apr 28, 2021
```
Geo Node Status 2.0 - Vuex Spec Cleanup

See merge request gitlab-org/gitlab!60151
```
  0052257c
- Update gitaly to 34b2ac33494 · 4ba24e2e
  GitLab Release Tools Bot authored Apr 28, 2021
  
  4ba24e2e
- Merge branch '12524-vsa-enable-pagination-frontend' into 'master' · 065153e6
  Nicolò Maria Mezzopera authored Apr 28, 2021
```
[VSA] Enable pagination (frontend)

See merge request gitlab-org/gitlab!59650
```
  065153e6
- [VSA] Enable pagination (frontend) · 41ee917d
  Ezekiel Kigbo authored Apr 28, 2021
  
  41ee917d
- Prevent DOS from Chaining in Mermaid · 6bcf37a9
  Rajat Jain authored Apr 27, 2021
```
Don't allow chaining of links to be rendered directly
in the Mermaid diagram.

Changelog: security
```
  6bcf37a9
- Merge branch '326429-fj-add-merge_requests-menu' into 'master' · 9028f616
  Arturo Herrero authored Apr 28, 2021
```
Add Merge Requests and Requirements Menu

See merge request gitlab-org/gitlab!59374
```
  9028f616
- Left align buttons in design management · ecb99c84
  Justin Ho authored Apr 27, 2021
```
We need to use gl-w-auto! since there is width: 100%
coming in from styles in .note-form-actions. Ideally we
should refactor that and remove the utils used here.
```
  ecb99c84
- Update snapshots for design management · 26e0ec73
  Justin Ho authored Apr 27, 2021
  
  26e0ec73
- Update buttons on design management · 5ae7942c
  Justin Ho authored Apr 27, 2021
  
  5ae7942c
- Fix spacing between buttons · 74fed9df
  Justin Ho authored Apr 27, 2021
```
Fix spacing and alignment on xs / md breakpoints
```
  74fed9df
- Update specs with new btn-confirm · d0545d47
  Justin Ho authored Apr 26, 2021
  
  d0545d47
- Add changelog for btn-cofnirm update · af60e442
  Justin Ho authored Apr 26, 2021
  
  af60e442
- Update button variants to confirm on MR page · 1bf772da
  Justin Ho authored Apr 15, 2021
```
Also update badge variant and add some spacing
```
  1bf772da
- Merge branch 'master' of gitlab.com:gitlab-org/gitlab · 8ed012d0
  Yorick Peterse authored Apr 28, 2021
  
  8ed012d0
- Merge branch '284471-change-route-query-to-querystring' into 'master' · b1453948
  Savas Vedova authored Apr 28, 2021
```
Rename routeQuery to queryString in standard_filter.vue

See merge request gitlab-org/gitlab!60371
```
  b1453948
- Merge canonical master into security master · dc42afe9
  Yorick Peterse authored Apr 28, 2021
  
  dc42afe9
- Update CHANGELOG.md for 13.9.7-ee · 6ae690e6
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  6ae690e6
- Update CHANGELOG-EE.md for 13.9.7-ee · 84c163bd
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  84c163bd
- Update CHANGELOG.md for 13.10.4-ee · 8b9c8938
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  8b9c8938
- Update CHANGELOG-EE.md for 13.10.4-ee · f4834a3c
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  f4834a3c
- Update CHANGELOG.md for 13.11.2-ee · 32660c81
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  32660c81
- Update CHANGELOG-EE.md for 13.11.2-ee · 5735ea1b
  GitLab Release Tools Bot authored Apr 27, 2021
```
[ci skip]
```
  5735ea1b
- Restrict the dependency proxy auth service · 6a5b2117
  David Fernandez authored Apr 20, 2021
```
Any objects other than `User` (such as `DeployToken`) are not allowed

Changelog: security
```
  6a5b2117
- Require 'api' scope to execute mutations · 67c694c7
  Alex Kalderimis authored Apr 08, 2021
```
Verify that read_api tokens cannot run mutations.

Also: adds tests use of OAuth tokens for GraphQL

We make some changes to the sessionless_authentication module
in order to capture the request_authenticator, so that we can access
the token scopes, without making any extra queries.

We ensure we always authorize the mutation, which, like all resolvers,
needs to opt in to the check.

Unlike resolvers, mutations should always raise. So
`BaseMutation.authorized?` raises on failure.

Logic for handling scopes is pushed down to the `ObjectAuthorization`
class, and encapsulated in the `ScopeValidator`, which limits the
methods that can be called by resolvers.
```
  67c694c7