Automatic merge of gitlab-org/gitlab-ce master

65f27045 · GitLab Bot · 61f3e097 · 89008cc2 · 65f27045 · 65f27045
Commit 65f27045 authored Jun 18, 2019 by GitLab Bot
8 changed files
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-1.46.0
+1.47.0
--- a/changelogs/unreleased/dz-remove-deprecated-group-routes.yml
+++ b/changelogs/unreleased/dz-remove-deprecated-group-routes.yml
+---
+title: Remove deprecated group routes
+merge_request: 29351
+author:
+type: removed
--- a/changelogs/unreleased/gitaly-version-v1.47.0.yml
+++ b/changelogs/unreleased/gitaly-version-v1.47.0.yml
+---
+title: Upgrade to Gitaly v1.47.0
+merge_request: 29789
+author:
+type: changed
--- a/config/routes/group.rb
+++ b/config/routes/group.rb
@@ -88,12 +88,4 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
    put '/', action: :update
    delete '/', action: :destroy
  end
-
-  # Legacy paths should be defined last, so they would be ignored if routes with
-  # one of the previously reserved words exist.
-  scope(path: 'groups/*group_id') do
-    Gitlab::Routing.redirect_legacy_paths(self, :labels, :milestones, :group_members,
-                                          :edit, :issues, :merge_requests, :projects,
-                                          :activity)
-  end
 end
--- a/doc/development/README.md
+++ b/doc/development/README.md
@@ -16,7 +16,7 @@ description: 'Learn how to contribute to GitLab.'

 - [GitLab core team & GitLab Inc. contribution process](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/PROCESS.md)
 - [Generate a changelog entry with `bin/changelog`](changelog.md)
- [Code review guidelines](code_review.md) for reviewing code and having code reviewed.
+- [Code review guidelines](code_review.md) for reviewing code and having code reviewed
 - [Automatic CE->EE merge](automatic_ce_ee_merge.md)
 - [Guidelines for implementing Enterprise Edition features](ee_features.md)
 - [Security process for developers](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#security-releases-critical-non-critical-as-a-developer)
@@ -33,7 +33,7 @@ description: 'Learn how to contribute to GitLab.'
 - [GitLab utilities](utilities.md)
 - [Logging](logging.md)
 - [API styleguide](api_styleguide.md) Use this styleguide if you are
-  contributing to the API.
+  contributing to the API
 - [GraphQL API styleguide](api_graphql_styleguide.md) Use this
  styleguide if you are contributing to the [GraphQL API](../api/graphql/index.md)
 - [Sidekiq guidelines](sidekiq_style_guide.md) for working with Sidekiq workers

--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -218,7 +218,7 @@ dependency_scanning:
 CAUTION: **Caution:**
 The JSON report artifacts are not a public API of Dependency Scanning and their format may change in future.

-The Dependency Scanning tool emits a JSON report file. Here is an example of a structure for a report will all important parts of
+The Dependency Scanning tool emits a JSON report file. Here is an example of the report structure with all important parts of
 it highlighted:

 ```json-doc
@@ -343,10 +343,10 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].severity`                         | How much the vulnerability impacts the software. Possible values: `Undefined` (an analyzer has not provided this info), `Info`, `Unknown`, `Low`, `Medium`, `High`, `Critical`. |
 | `vulnerabilities[].confidence`                       | How reliable the vulnerability's assessment is. Possible values: `Undefined` (an analyzer has not provided this info), `Ignore`, `Unknown`, `Experimental`, `Low`, `Medium`, `High`, `Confirmed`. |
 | `vulnerabilities[].solution`                         | Explanation of how to fix the vulnerability. Optional. |
-| `vulnerabilities[].scanner`                          | A node that describes the analyzer used find this vulnerability. |
+| `vulnerabilities[].scanner`                          | A node that describes the analyzer used to find this vulnerability. |
 | `vulnerabilities[].scanner.id`                       | Id of the scanner as a snake_case string. |
 | `vulnerabilities[].scanner.name`                     | Name of the scanner, for display purposes. |
-| `vulnerabilities[].location`                         | A node that tells which class and/or method is affected by the vulnerability. | 
+| `vulnerabilities[].location`                         | A node that tells where the vulnerability is located. | 
 | `vulnerabilities[].location.file`                    | Path to the dependencies file (e.g., `yarn.lock`). Optional. |
 | `vulnerabilities[].location.dependency`              | A node that describes the dependency of a project where the vulnerability is located. |
 | `vulnerabilities[].location.dependency.package`      | A node that provides the information on the package where the vulnerability is located. |
@@ -360,7 +360,7 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].links`                            | An array of references to external documentation pieces or articles that describe the vulnerability further. Optional. |
 | `vulnerabilities[].links[].name`                     | Name of the vulnerability details link. Optional. |
 | `vulnerabilities[].links[].url`                      | URL of the vulnerability details document. Optional. |
-| `remediations`                                       | An array of objects containing information on cured vulnerabilities along with patch diffs to apply. |
+| `remediations`                                       | An array of objects containing information on cured vulnerabilities along with patch diffs to apply. Empty if no remediations provided by an underlying analyzer. |
 | `remediations[].fixes`                               | An array of strings that represent references to vulnerabilities fixed by this particular remediation. |
 | `remediations[].fixes[].cve`                         | A string value that describes a fixed vulnerability occurrence in the same format as `vulnerabilities[].cve`. |
 | `remediations[].summary`                             | Overview of how the vulnerabilities have been fixed. |

--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -226,7 +226,7 @@ sast:
 CAUTION: **Caution:**
 The JSON report artifacts are not a public API of SAST and their format may change in the future.

-The SAST tool emits a JSON report report file. Here is an example of a structure for a report will all important parts of
+The SAST tool emits a JSON report report file. Here is an example of the report structure with all important parts of
 it highlighted:

 ```json-doc
@@ -272,7 +272,6 @@ it highlighted:
    },   
    {
      "category": "sast",
-      // "name" may be omitted because it could be not reported by a particular analyzer
      "message": "Probable insecure usage of temp file/directory.",
      "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
      "severity": "Medium",
@@ -318,10 +317,10 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].severity`            | How much the vulnerability impacts the software. Possible values: `Undefined` (an analyzer has not provided this info), `Info`, `Unknown`, `Low`, `Medium`, `High`, `Critical`. |
 | `vulnerabilities[].confidence`          | How reliable the vulnerability's assessment is. Possible values: `Undefined` (an analyzer has not provided this info), `Ignore`, `Unknown`, `Experimental`, `Low`, `Medium`, `High`, `Confirmed`. |
 | `vulnerabilities[].solution`            | Explanation of how to fix the vulnerability. Optional. |
-| `vulnerabilities[].scanner`             | A node that describes the analyzer used find this vulnerability. |
+| `vulnerabilities[].scanner`             | A node that describes the analyzer used to find this vulnerability. |
 | `vulnerabilities[].scanner.id`          | Id of the scanner as a snake_case string. |
 | `vulnerabilities[].scanner.name`        | Name of the scanner, for display purposes. |
-| `vulnerabilities[].location`            | A node that tells which class and/or method is affected by the vulnerability. | 
+| `vulnerabilities[].location`            | A node that tells where the vulnerability is located. | 
 | `vulnerabilities[].location.file`       | Path to the file where the vulnerability is located. Optional. |
 | `vulnerabilities[].location.start_line` | The first line of the code affected by the vulnerability. Optional. |
 | `vulnerabilities[].location.end_line`   | The last line of the code affected by the vulnerability. Optional. |

--- a/spec/routing/group_routing_spec.rb
+++ b/spec/routing/group_routing_spec.rb
@@ -41,111 +41,16 @@ describe "Groups", "routing" do
    expect(get("/groups/#{group_path}/-/milestones")).to route_to('groups/milestones#index', group_id: group_path)
  end

-  describe 'legacy redirection' do
-    describe 'labels' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/labels", "/groups/complex.group-namegit/-/labels" do
-        let(:resource) { create(:group, parent: group, path: 'labels') }
-      end
-
-      context 'when requesting JSON' do
-        it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/labels.json", "/groups/complex.group-namegit/-/labels.json" do
-          let(:resource) { create(:group, parent: group, path: 'labels') }
-        end
-      end
-    end
-
-    describe 'group_members' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/group_members", "/groups/complex.group-namegit/-/group_members" do
-        let(:resource) { create(:group, parent: group, path: 'group_members') }
-      end
-    end
-
-    describe 'avatar' do
-      it 'routes to the avatars controller' do
-        expect(delete("/groups/#{group_path}/-/avatar"))
-          .to route_to(group_id: group_path,
-                       controller: 'groups/avatars',
-                       action: 'destroy')
-      end
-    end
-
-    describe 'milestones' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/milestones", "/groups/complex.group-namegit/-/milestones" do
-        let(:resource) { create(:group, parent: group, path: 'milestones') }
-      end
-
-      context 'nested routes' do
-        include RSpec::Rails::RequestExampleGroup
-
-        let(:milestone) { create(:milestone, group: group) }
-
-        it 'redirects the nested routes' do
-          request = get("/groups/#{group_path}/milestones/#{milestone.id}/merge_requests")
-          expect(request).to redirect_to("/groups/#{group_path}/-/milestones/#{milestone.id}/merge_requests")
-        end
-      end
-
-      context 'with a query string' do
-        it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/milestones?hello=world", "/groups/complex.group-namegit/-/milestones?hello=world" do
-          let(:resource) { create(:group, parent: group, path: 'milestones') }
-        end
-
-        it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/milestones?milestones=/milestones", "/groups/complex.group-namegit/-/milestones?milestones=/milestones" do
-          let(:resource) { create(:group, parent: group, path: 'milestones') }
-        end
-      end
-    end
-
-    describe 'edit' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/edit", "/groups/complex.group-namegit/-/edit" do
-        let(:resource) do
-          pending('still rejected because of the wildcard reserved word')
-          create(:group, parent: group, path: 'edit')
-        end
-      end
-    end
-
-    describe 'issues' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/issues", "/groups/complex.group-namegit/-/issues" do
-        let(:resource) { create(:group, parent: group, path: 'issues') }
-      end
-    end
-
-    describe 'merge_requests' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/merge_requests", "/groups/complex.group-namegit/-/merge_requests" do
-        let(:resource) { create(:group, parent: group, path: 'merge_requests') }
-      end
-    end
-
-    describe 'projects' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/projects", "/groups/complex.group-namegit/-/projects" do
-        let(:resource) { create(:group, parent: group, path: 'projects') }
-      end
-    end
-
-    describe 'activity' do
-      it_behaves_like 'redirecting a legacy path', "/groups/complex.group-namegit/activity", "/groups/complex.group-namegit/-/activity" do
-        let(:resource) { create(:group, parent: group, path: 'activity') }
-      end
-
-      it_behaves_like 'redirecting a legacy path', "/groups/activity/activity", "/groups/activity/-/activity" do
-        let!(:parent) { create(:group, path: 'activity') }
-        let(:resource) { create(:group, parent: parent, path: 'activity') }
-      end
-    end
-
-    describe 'subgroup "boards"' do
-      it 'shows group show page' do
-        allow(Group).to receive(:find_by_full_path).with('gitlabhq/boards', any_args).and_return(true)
-
-        expect(get('/groups/gitlabhq/boards')).to route_to('groups#show', id: 'gitlabhq/boards')
-      end
+  it 'routes to the avatars controller' do
+    expect(delete("/groups/#{group_path}/-/avatar"))
+      .to route_to(group_id: group_path,
+                   controller: 'groups/avatars',
+                   action: 'destroy')
+  end

-      it 'shows boards index page' do
-        allow(Group).to receive(:find_by_full_path).with('gitlabhq', any_args).and_return(true)
+  it 'routes to the boards controller' do
+    allow(Group).to receive(:find_by_full_path).with('gitlabhq', any_args).and_return(true)

-        expect(get('/groups/gitlabhq/-/boards')).to route_to('groups/boards#index', group_id: 'gitlabhq')
-      end
-    end
+    expect(get('/groups/gitlabhq/-/boards')).to route_to('groups/boards#index', group_id: 'gitlabhq')
  end
 end