- 28 Apr, 2021 40 commits
-
-
GitLab Release Tools Bot authored
[ci skip]
-
David Fernandez authored
Any objects other than `User` (such as `DeployToken`) are not allowed Changelog: security
-
Alex Kalderimis authored
Verify that read_api tokens cannot run mutations. Also: adds tests use of OAuth tokens for GraphQL We make some changes to the sessionless_authentication module in order to capture the request_authenticator, so that we can access the token scopes, without making any extra queries. We ensure we always authorize the mutation, which, like all resolvers, needs to opt in to the check. Unlike resolvers, mutations should always raise. So `BaseMutation.authorized?` raises on failure. Logic for handling scopes is pushed down to the `ObjectAuthorization` class, and encapsulated in the `ScopeValidator`, which limits the methods that can be called by resolvers.
-
Alexandru Croitor authored
When an issue is created or updated though API for import purposes we allow providing created_at and updated_at params these would then be reflected also in system notes. Only admins and project owners should be able to set these dates.
-
Mike Kozono authored
-
Nick Thomas authored
It seems that with this feature flag enabled, pagination doesn't work correctly in conjunction with a search. The FF is already disabled on GitLab.com, but disabling it in the YAML file means that self-managed instances will also be protected from the security issue (unless they explicitly opt-in to some beta code, of course). Changelog: security
-
Vasilii Iakliushin authored
Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/230864 * Remove password value from the pull mirror form * Hide username from mirror url
-
Savas Vedova authored
Subscription Activation: Success Banner See merge request gitlab-org/gitlab!60389
-
Marcia Ramos authored
Docs: Remove create_default examples with freeze See merge request gitlab-org/gitlab!60379
-
Marcia Ramos authored
Document all the configuration options See merge request gitlab-org/gitlab!59562
-
Viktor Nagy authored
-
Marcia Ramos authored
Document order-dependent flaky tests See merge request gitlab-org/gitlab!59369
-
Albert Salim authored
-
Matthias Käppler authored
ImportExport: Validate URL before downloading See merge request gitlab-org/gitlab!60388
-
Rémy Coutable authored
ci: Streamline our usage of 'needs' after latest improvements See merge request gitlab-org/gitlab!60030
-
David O'Regan authored
Change success variant for primary button in upload file modal to confirm See merge request gitlab-org/gitlab!59463
-
Yogi authored
-
Dmytro Zaporozhets (DZ) authored
Merge branch '21033-controller-groups-groupmemberscontroller-index-executes-more-than-100-sql-queries-p80-108-5' into 'master' Resolve admin_group_member group policy n+1 See merge request gitlab-org/gitlab!58948
-
Doug Stull authored
-
Kamil Trzciński authored
Link change management for feature flag rollout in issue template See merge request gitlab-org/gitlab!60470
-
Arturo Herrero authored
Update Usage Ping Metrics Definitions for group::release See merge request gitlab-org/gitlab!60377
-
Marcia Ramos authored
Correct load balancer typo in database load balancing doc See merge request gitlab-org/gitlab!60156
-
Sean McGivern authored
Remove optimized_timebox_queries feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!60326
-
Markus Koller authored
Revert '323357-mlunoe-subscription-plans-service' See merge request gitlab-org/gitlab!59371
-
Michael Lunøe authored
This reverts commit 636c36aa, reversing changes made to ce6ed97f.
-
Dmytro Zaporozhets (DZ) authored
Refresh cache on user for assigned open issues count after cache invalidation [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!59961
-
charlie ablett authored
Refresh cache on user for assigned open issues count after cache invalidation [RUN ALL RSPEC] [RUN AS-IF-FOSS]
-
Rémy Coutable authored
Add `static-analysis as-if-foss` job See merge request gitlab-org/gitlab!60363
-
Bob Van Landuyt authored
Fix tier for instance and group DevOps Adoption See merge request gitlab-org/gitlab!60032
-
Mikołaj Wawrzyniak authored
Add Metrics definition JSON schema for histogram metric See merge request gitlab-org/gitlab!58056
-
Alex Kalderimis authored
Add ConfigureSecretDetection graphql mutation See merge request gitlab-org/gitlab!58230
-
Daniel Paul Searles authored
-
Alper Akgun authored
Update Usage Ping Metrics Definitions for 5 min app metrics See merge request gitlab-org/gitlab!60364
-
Alper Akgun authored
Update Usage Ping Metrics Definitions instance auto devops enabled See merge request gitlab-org/gitlab!60374
-
Alina Mihaila authored
-
Alper Akgun authored
Generate Snowplow event dictionary See merge request gitlab-org/gitlab!59484
-
Alishan Ladhani authored
-
Kassio Borges authored
Ensure to validate the URL of an File before downloading it.
-
Arturo Herrero authored
Define and describe metrics retiring process See merge request gitlab-org/gitlab!59000
-
Rémy Coutable authored
Enable invite members modal tests [RUN ALL RSPEC] See merge request gitlab-org/gitlab!60178
-