Commits · e5fb204befceaad852aa4e3b9dbab1a940741929 · nexedi / gitlab-ce

24 Mar, 2020 40 commits
- Merge branch 'security-fogbugz-importer-deny-localhost-requests' into 'master' · e5fb204b
  GitLab Release Tools Bot authored Mar 24, 2020
```
Deny localhost requests on fogbugz importer

See merge request gitlab-org/security/gitlab!295
```
  e5fb204b
- Merge branch 'security-193100-ignore-duplicate-multipart-params' into 'master' · 111dc842
  GitLab Release Tools Bot authored Mar 24, 2020
```
Ignore empty remote_id params from Workhorse

See merge request gitlab-org/security/gitlab!314
```
  111dc842
- Ignore empty remote_id params from Workhorse · 666130a4
  Markus Koller authored Mar 24, 2020
```
In https://gitlab.com/gitlab-org/security/gitlab-workhorse/-/merge_requests/3
we're changing Workhorse to always send empty values for unused fields,
to avoid any injected client parameters overriding them.

This causes an error in Rails because we're not checking for empty
strings in `remote_id` and attempting to store a remote file:

```
  ObjectStorage::RemoteStoreError - Bad file path:
    app/uploaders/object_storage.rb:353:in `cache_remote_file!'
```
```
  666130a4
- Merge branch 'security-restrict-project-pipeline-metrics' into 'master' · 58ceb471
  GitLab Release Tools Bot authored Mar 24, 2020
```
Restrict access to project pipeline metrics reports

See merge request gitlab-org/security/gitlab!323
```
  58ceb471
- Merge branch 'security-mr-pipeline-status-permission-check' into 'master' · b714ce8f
  GitLab Release Tools Bot authored Mar 24, 2020
```
Add permission check for pipeline status of MR

See merge request gitlab-org/security/gitlab!336
```
  b714ce8f
- Merge branch 'security-ssrf-attachment-url' into 'master' · 5830fbfb
  GitLab Release Tools Bot authored Mar 24, 2020
```
Exclude carrierwave remote url methods from import

Closes #97

See merge request gitlab-org/security/gitlab!364
```
  5830fbfb
- Merge branch 'security-path-traversal-master' into 'master' · 5153fd8d
  GitLab Release Tools Bot authored Mar 24, 2020
```
UploadRewriter Path Traversal Security Fix

See merge request gitlab-org/security/gitlab!365
```
  5153fd8d
- Merge branch 'improve-discord-messages' into 'master' · 0eef93f9
  Sean McGivern authored Mar 24, 2020
```
Improve discord messages

See merge request gitlab-org/gitlab!27812
```
  0eef93f9
- Merge branch '196698-vsm-ensure-relative-position-is-set' into 'master' · 0c342a8c
  Peter Leitzen authored Mar 24, 2020
```
Ensure VSM stage has relative position

See merge request gitlab-org/gitlab!27801
```
  0c342a8c
- Merge branch 'nicolasdular/fix-broadcast-message-rendering' into 'master' · 38703248
  Sean McGivern authored Mar 24, 2020
```
Fix broadcast message rendering

See merge request gitlab-org/gitlab!27755
```
  38703248
- Merge branch 'has-parent-fix' into 'master' · 0ff9e429
  Sean McGivern authored Mar 24, 2020
```
Revert has_parent? optimization

Closes #36938

See merge request gitlab-org/gitlab!27668
```
  0ff9e429
- Merge branch 'refactoring-ee-entities-15' into 'master' · eb3f26fa
  Peter Leitzen authored Mar 24, 2020
```
Separate code review, design, group module into own module files

See merge request gitlab-org/gitlab!27860
```
  eb3f26fa
- Separate code review, design, group module into own module files · 40144ebf
  Rajendra Kadam authored Mar 24, 2020
  
  40144ebf
- Merge branch 'attribute-background-migrations-to-database-category' into 'master' · e6bf6145
  Sean McGivern authored Mar 24, 2020
```
Attribute background migrations to database category

See merge request gitlab-org/gitlab!27777
```
  e6bf6145
- Merge branch 'removed_state_ignoring_rule' into 'master' · 4a09d7b3
  Imre Farkas authored Mar 24, 2020
```
Remove state column ignore rule

See merge request gitlab-org/gitlab!27690
```
  4a09d7b3
- Merge branch 'fix-typos-in-vulnerabilities-specs' into 'master' · 7a58dd17
  Phil Hughes authored Mar 24, 2020
```
Migrate security-dashboard vulnerability mutations specs to Jest

See merge request gitlab-org/gitlab!27286
```
  7a58dd17
- Merge branch '30526-b-be-wiki-activity-Services' into 'master' · 0c30b235
  Dmytro Zaporozhets authored Mar 24, 2020
```
#30526 (B) [BE] Wiki Events (services)

See merge request gitlab-org/gitlab!26533
```
  0c30b235
- Merge branch '209854-cache-es-check' into 'master' · 1b06748a
  Sean McGivern authored Mar 24, 2020
```
Cache ES enabled namespaces and projects

See merge request gitlab-org/gitlab!27348
```
  1b06748a
- Cache ES enabled namespaces and projects · aa4f1cf4
  Dmitry Gruzd authored Mar 24, 2020
```
SELECT query involving `elasticsearch_indexed_projects` table
consumes a lot of resources. The query itself is not slow
(13.224 ms/call), but it happens almost 100 times per second.

This change implements caching of `elasticsearch_indexed_projects` and
`elasticsearch_indexed_namespaces`.
```
  aa4f1cf4
- Merge branch '211887-dedup-groups-controller-specs' into 'master' · e4fc7ca9
  Bob Van Landuyt authored Mar 24, 2020
```
De-duplicate groups_controller spec

See merge request gitlab-org/gitlab!27874
```
  e4fc7ca9
- Merge branch 'expose-created-at-in-groups-api' into 'master' · 855dbfcb
  Bob Van Landuyt authored Mar 24, 2020
```
Expose created_at property in Groups API

See merge request gitlab-org/gitlab!27824
```
  855dbfcb
- Merge branch 'sast_no_dotenv' into 'master' · 2a5f09fa
  Bob Van Landuyt authored Mar 24, 2020
```
Prevent creation of .env file

See merge request gitlab-org/gitlab!21174
```
  2a5f09fa
- Merge branch '205302-switch-ls-feature-in-tests' into 'master' · 2dc7917a
  Dmytro Zaporozhets authored Mar 24, 2020
```
Use `license_scanning` licensed feature in tests

See merge request gitlab-org/gitlab!27752
```
  2dc7917a
- Use `license_scanning` feature · 28e91aea
  Tetiana Chupryna authored Mar 24, 2020
```
All code related to `license_management` is scheduled
to be deprecated after 13.0 https://gitlab.com/gitlab-org/gitlab/-/issues/8912
```
  28e91aea
- Merge branch 'feat/add-toggle-all-discussions-button' into 'master' · 458a5d93
  Phil Hughes authored Mar 24, 2020
```
Add toggle all discussions button to MRs

Closes #15328

See merge request gitlab-org/gitlab!24670
```
  458a5d93
- feat: Add 'toggle all discussions' functionality · f6b20834
  Diego Louzán authored Mar 24, 2020
```
New button 'Toggle all discussions' next to 'Jump to next unresolved
thread', toggles expanded / not expanded state of all discussions
```
  f6b20834
- Merge branch '197227-graphql-group-milestones' into 'master' · 42594901
  Bob Van Landuyt authored Mar 24, 2020
```
Add issues to graphQL group endpoint

See merge request gitlab-org/gitlab!27789
```
  42594901
- Merge branch '199065-support-on-demand-release-evidence' into 'master' · fa582374
  Shinya Maeda authored Mar 24, 2020
```
Multiple Evidences for a Release

See merge request gitlab-org/gitlab!26509
```
  fa582374
- Support multiple Evidences for a Release · 7ce7df63
  Sean Carroll authored Mar 24, 2020
```
Part of https://gitlab.com/gitlab-org/gitlab/issues/199065

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/26509
```
  7ce7df63
- Merge branch 'notification-dot-on-user-dropdown-ui-components' into 'master' · 6b1c2eb3
  Phil Hughes authored Mar 24, 2020
```
Add notification dot on user avatar

See merge request gitlab-org/gitlab!27626
```
  6b1c2eb3
- Add notification dot on user avatar · cef0c04c
  Doug Stull authored Mar 24, 2020
```
- prepping for new experiment pipeline
```
  cef0c04c
- Merge branch 'rake-task-for-reindexing' into 'master' · 97b90bff
  Nick Thomas authored Mar 24, 2020
```
Add rake task for reindexing

See merge request gitlab-org/gitlab!27772
```
  97b90bff
- Exposing created_at property in Groups API · fb3ae25c
  Michael Leopard authored Mar 23, 2020
```
Updating Groups API unit tests and documentation
```
  fb3ae25c
- Merge branch 'refactor/spec-javascripts-locale-to-jest' into 'master' · 18fe0434
  Phil Hughes authored Mar 24, 2020
```
Migrate spec/javascripts/locale/ to Jest

Closes #194243

See merge request gitlab-org/gitlab!26737
```
  18fe0434
- Merge branch 'ff-v2-controller-get-post' into 'master' · e20d7531
  Shinya Maeda authored Mar 24, 2020
```
Support V2 Feature Flags GET and POST Controller Actions

See merge request gitlab-org/gitlab!27463
```
  e20d7531
- Support version 2 feature flags for controller get and post actions · d950b8b2
  Jason Goodman authored Mar 24, 2020
```
Hide behind feature flag
```
  d950b8b2
- Merge branch '197480-remove-ignore-package-file_type' into 'master' · 0be43dbe
  James Lopez authored Mar 24, 2020
```
Remove ignore_column from Package::PackageFile

Closes #197480

See merge request gitlab-org/gitlab!27809
```
  0be43dbe
- Add issues to graphQL group endpoint · 9218ed70
  Jarka Košanová authored Mar 23, 2020
```
- add issues to group enpoint
- change issues resolver to handle both groups and projects
```
  9218ed70
- Merge branch 'ci-docs-review-add-charts' into 'master' · c44d452a
  Rémy Coutable authored Mar 24, 2020
```
Add charts to the trigger-build-docs script

See merge request gitlab-org/gitlab!27821
```
  c44d452a
- De-duplicate groups_controller spec · 71c7b9be
  Dmitry Gruzd authored Mar 24, 2020
  
  71c7b9be