GitLab

This is needed to upgrade beyond addressable > 2.6 for the latest
CarrierWave update. In addition, a number of the updates fix Ruby 2.7
deprecation warnings.

octokit changes: https://github.com/octokit/octokit.rb/releases

addressable changes:
https://github.com/sporkmonger/addressable/blob/master/CHANGELOG.md

public_suffix:
https://github.com/weppos/publicsuffix-ruby/blob/master/CHANGELOG.md

Previously if the underlying filesystem ran of space, reads and writes
to mmap() regions would throw an ugly SIGBUS error and crash.

With prometheus-client-mmap v0.10.0,
`Prometheus::Client.reinitialize_on_pid_change` will now throw an
IOError if initialization fails for some reason. If this happens, we
disable internal Prometheus metrics to ensure the system stays up.

Closes https://gitlab.com/gitlab-org/gitlab/issues/24425

These were very out of date. We update to v6 versions as we are
targetting v6 compatibility for now. This hopefully helps get us closer
to supporting v7 as well.

* support for `limit_bytes` parameter to `get_pod_log` implemented in
  https://github.com/abonas/kubeclient/pull/426

The Gemfile specified version `~> 1.17.0` was mismatched with the
Gemfile.lock version `1.19.1`.

This seems have possibly occurred due to an issue with 2 different merge
requests changing this at the same time and being merged without
rebasing on each other:

- https://gitlab.com/gitlab-org/gitlab/merge_requests/20738
- https://gitlab.com/gitlab-org/gitlab/merge_requests/21886

This commit adds two rake tasks: pngquant:compress and pngquant:lint.

These tasks automate the compression of our documentation images using
pngquant.

This provides context to all requests made to Rails controllers or
grape endpoints.

Doing this starts a new `Labkit::Context`, to which we can provide a
namespace, project and user.

We're currently setting the following values:

- Web requests: In the ApplicationController we wrap the entire
  request in a `with_context`.
  - user: based on the `auth_user` if there is one
  - project: We try to read the @project instance variable of the
    controller.
  - namespace: We try to read the @group instance variable of the
    controller. If there was none, but the project was set, we'll use
    that path to set the namespace

- API requests: The application context is pushed in a before block
  setting the following values:
  - user: to `current_user` if there is one
  - project: to `@project`
  - namespace: to `@group`

- Internal API requests: the application context is pushed in a before
  block:
  - user: When to the user set in `Api::Support::GitAccessActor`
  - project: to @project if it was available

The 3 supported attributes for a context are read lazily when
required.

This also replaces the existing correlation middlewares with the new
Labkit::Context middlewares.

The rack middleware wraps each rack request in an overarching context
that adds the correlation id. The context is cleaned up after the
request, so we're sure all child contexts are cleaned up as well.

The sidekiq client middleware will write the context into the job that
 goes into redis when a job is scheduled.

The sidekiq server middleware will then re-instantiate this context so
the job gets executed with the same context that was alive when it was
scheduled. This means that any new job scheduled from sidekiq would
also have this context.

that supports using sourcepos

This updates gitlab-styles to 3.1.0 and disables any new cops introduced
in this upgrade. These new cops will be re-enabled in subsequent
changes. This also disables the existing RSpec/DescribedClass cop as
this upgrade has caused it to break specs.

Use the liquid template engine since it is designed to be securely used
by users to modify template files themselves.

Add a render_score_limit so that a user cannot take up all server
resources by writing a template that requires a lot of resources to
render.

- add config option for `log_path`
- add default config option to example yml

This upgrade enables SSL by default.

Closes https://gitlab.com/gitlab-org/gitlab/issues/30484

This makes us to switch to use Puma from:
- https://gitlab.com/gitlab-org/gitlab-puma
- https://gitlab.com/gitlab-org/gitlab-puma_worker_killer

This is needed to test a latest latency improvements
for Puma to improve, Puma scheduling mechanism.

This is meant to be temporary as part of effort to upstream
the https://github.com/puma/puma/pull/2079

Asana deprecated support for integer task IDs and moved to string
IDs. We need to update the ruby-asana gem and modify the regexp to match
strings. Users attempting to use the current implementation would see:

```
task: Not a Long:
```

Closes https://gitlab.com/gitlab-org/gitlab/issues/38083

We are having a problem with the Bullet gem:

An error occurred while loading ./spec/requests/api/users_spec.rb.
Failure/Error: require File.expand_path('../config/environment',
__dir__)

Bundler::GemRequireError: There was an error while trying to load the
gem 'bullet'.  Gem Load Error is: Bullet does not support active_record
ActiveRecord::VERSION yet

This update also adds support for Rails 5.2 and Rails 6.0

See the changelog:
https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md

The complete changes between versions:
https://github.com/flyerhzm/bullet/compare/5.5.0..6.0.2

This reverts merge request !19759

Peek 1.1.0 contains the change that we had in our gitlab-peek gem, as
well as only saving when the request ID is present.

This adds support for generating `d3` flamegraphs

This is the changeset:
https://github.com/puma/puma/compare/v3.12.0..v4.3.0

Replace chronic with gitlab-chronic v0.10.5 to bring in the fix for
Daylight Savings parsing:
https://gitlab.com/gitlab-org/gitlab-chronic/merge_requests/3.

Also upgrade gitlab_chronic_duration to v0.10.6.2 to fix numerizer
dependency.

Closes https://gitlab.com/gitlab-org/gitlab/issues/37014

This reverts merge request !20546

This fixes some build issues on MacOS:
https://github.com/brianmario/charlock_holmes/compare/0.7.6..v0.7.7

We need to upgrade these to support Rails 6

Loading RSpec when running the console causes a warning:
irb: warn: can't alias context from irb_context

This is because RSpec defines a global `context` which IRB also
does

We need this to support Rails 6

This adds guard to automatically run relevant tests on file save. It can
be run with `bundle exec guard`.

v1.2.2 (present now) has security issues which are fixed in v1.3.0.