Commits · 158bcb0a14b6d3c0e8419d7027080c7e04a76a06 · nexedi / gitlab-ce

21 Jan, 2020 40 commits
- Make cross-repository comparisons happen in the source repository · 158bcb0a
  Nick Thomas authored Jan 09, 2020
```
Prior to this commit, if we wanted to compare changes between two
branches in different repositories - for instance, creating an MR from
a fork child to a fork parent - the commits for the fork child end up
in the fork parent's repository. Even if no MR is created, the commits
remain accessible until a garbage collection run is completed.

Since GitLab acts as a SHA oracle, these commits can be found by anyone
with access to the target project, which has a security impact.

Forks are not allowed to be more visible than their parents, but they
are allowed to be less visible, so putting their commits into the fork
parent is a bad idea.

Instead, we can do the comparison in the fork child's repository; the
commit for the target branch can be fetched with the same mechanism we
use for child -> parent fetches at the moment. This prevents disclosure
in the most common case.

This should also have a positive performance impact - a fork child will
already have the commit from the fork parent far more often than the
fork parent, so we'll need to do fetches less often.

Even though this is a security fix, I pulled the code for the affected
method out into a separate class to make the changes clearer. Roughly
the same number of lines are removed or altered; a few more are added,
but I think the increased clarity is worthwhile in this case.
```
  158bcb0a
- Merge branch 'update-software-license-policy' into 'master' · 0d2550b0
  Andreas Brandl authored Jan 21, 2020
```
Update timestamp values for software license policies

See merge request gitlab-org/gitlab!23197
```
  0d2550b0
- Merge branch 'service-desk-spam-email-warning' into 'master' · b9cfc2f6
  Marcia Ramos authored Jan 21, 2020
```
Soften warning about spam email to remove mention of service disruption

See merge request gitlab-org/gitlab!23404
```
  b9cfc2f6
- Soften warning about spam email to remove mention of service disruption · c3f5a730
  Mark Wood authored Jan 21, 2020
  
  c3f5a730
- Merge branch 'revert-85a7bf7a' into 'master' · fdd4a846
  Nick Thomas authored Jan 21, 2020
```
Revert short acme order expiration time

See merge request gitlab-org/gitlab!23399
```
  fdd4a846
- Merge branch 'cablett-spam-tidy-mark-method' into 'master' · 5c79d79d
  Jan Provaznik authored Jan 21, 2020
```
Refactor `spammable_owner_id` method

See merge request gitlab-org/gitlab!23224
```
  5c79d79d
- Merge branch 'fix/disable-admin-mode-link-in-dashboard' into 'master' · 27f42a1b
  Imre Farkas authored Jan 21, 2020
```
Fix POST method in dashboard link for disabling admin mode

See merge request gitlab-org/gitlab!23363
```
  27f42a1b
- Fix method in dashboard link for disabling admin mode · 42831148
  Diego Louzán authored Jan 21, 2020
```
The link for bigger screen sizes has incorrectly GET as method
```
  42831148
- Merge branch 'astoicescu/fix-typo-in-auto-devops-message' into 'master' · 28cfea36
  Achilleas Pipinellis authored Jan 21, 2020
```
Fix typo in warning related to Auto DevOps

See merge request gitlab-org/gitlab!23354
```
  28cfea36
- Update timestamp values for software license policies · 93e72d5d
  celdem authored Jan 16, 2020
  
  93e72d5d
- Merge branch 'sethgitlab-updatereportdownload' into 'master' · f74fa6b1
  Achilleas Pipinellis authored Jan 21, 2020
```
Update doc/ci/yaml/README.md

See merge request gitlab-org/gitlab!20233
```
  f74fa6b1
- Clarify that artifacts:reports cannot be downloaded via the UI · a0f5c10f
  Seth Berger authored Jan 21, 2020
  
  a0f5c10f
- Merge branch '33604-tasks-by-type-chart-filters' into 'master' · 7fdfd9c1
  Natalia Tepluhina authored Jan 21, 2020
```
Cycle Analytics 'Tasks by Type' Chart Filters

See merge request gitlab-org/gitlab!22936
```
  7fdfd9c1
- Added tasks_by_type_chart filters · b7d9582c
  Ezekiel Kigbo authored Jan 21, 2020
```
Moves the subject filter into the
new charts filter component and also adds
a label filter

Ensure the menu drops down to the right
```
  b7d9582c
- Merge branch '29984-asynchronous-mr-mergeability-check' into 'master' · f0e5d1fc
  Nick Thomas authored Jan 21, 2020
```
Check mergeability of MR asynchronously

See merge request gitlab-org/gitlab!21026
```
  f0e5d1fc
- Check mergeability of MR asynchronously · 8c01b8e7
  Patrick Bajao authored Jan 21, 2020
```
Executing `MergeRequests::MergeabilityCheckService#execute` can be
time consuming and can likely cause a request to timeout.

Moving its execution asynchronously via `#async_execute` will help
in ensuring page and API requests that needs it can load faster.
```
  8c01b8e7
- Merge branch 'issue_39453' into 'master' · 226b13b3
  Douglas Barbosa Alexandre authored Jan 21, 2020
```
Add milestone issues display limit

See merge request gitlab-org/gitlab!23102
```
  226b13b3
- Merge branch 'fix-broken-qa-test-due-to-enabled-feature-flag' into 'master' · 3bbbf60a
  Rémy Coutable authored Jan 21, 2020
```
Fix broken QA test

Closes #197486

See merge request gitlab-org/gitlab!23328
```
  3bbbf60a
- Merge branch 'docs-previous-blame-review' into 'master' · 36e9d10a
  Marcia Ramos authored Jan 21, 2020
```
Docs: review previous blame doc

See merge request gitlab-org/gitlab!23357
```
  36e9d10a
- Docs: review previous blame doc · 992bc347
  Marcia Ramos authored Jan 21, 2020
  
  992bc347
- Merge branch 'cablett-lduncalfe-add-aggregate-failures-flaky-test' into 'master' · 4b02b3cd
  Peter Leitzen authored Jan 21, 2020
```
Add Aggregate Failures block

See merge request gitlab-org/gitlab!23303
```
  4b02b3cd
- Merge branch 'lucyfox/gitlab-lucyfox-master-patch-31701' into 'master' · f8b6b786
  Mark Florian authored Jan 21, 2020
```
Rename whilst to while

See merge request gitlab-org/gitlab!23287
```
  f8b6b786
- Merge branch 'ph/commitTitleCallsGitaly' into 'master' · 6b0e5224
  Nick Thomas authored Jan 21, 2020
```
Adds calls_gitaly to the commit type in GraphQL

See merge request gitlab-org/gitlab!23322
```
  6b0e5224
- Merge branch '10io-seed-container-images' into 'master' · 1aa1181d
  Sean McGivern authored Jan 21, 2020
```
Add seed file for container images

See merge request gitlab-org/gitlab!23330
```
  1aa1181d
- Merge branch 'id-fix-api-for-mr-approval-rules' into 'master' · fd49ef88
  Bob Van Landuyt authored Jan 21, 2020
```
Fix create/delete API calls for approval rules

See merge request gitlab-org/gitlab!23107
```
  fd49ef88
- Merge branch 'id-validate-any-approval-rule-uniqueness' into 'master' · 60787452
  Heinrich Lee Yu authored Jan 21, 2020
```
Add app validation for any-approver rule uniqueness

See merge request gitlab-org/gitlab!23241
```
  60787452
- Merge branch... · d6d5132d
  Natalia Tepluhina authored Jan 21, 2020
```
Merge branch '118862-change-dashboard_spec-js-queryselector-based-specs-to-use-find-instead' into 'master'

Use find instead of querySelector in dashboard_spec.js

Closes #118862

See merge request gitlab-org/gitlab!23314
```
  d6d5132d
- Add seed file for container images · 9182d0d2
  David Fernandez authored Jan 20, 2020
  
  9182d0d2
- Revert "Merge branch 'acme-order-short-expiration' into 'master'" · 03be372c
  Vladimir Shushlin authored Jan 21, 2020
```
This reverts merge request !22878
```
  03be372c
- Merge branch '39825-close-issue-after-error-resolve' into 'master' · 342d5ff4
  Dmytro Zaporozhets authored Jan 21, 2020
```
Close related issue after error resolve

See merge request gitlab-org/gitlab!22744
```
  342d5ff4
- Add app validation for any-approver rule uniqueness · 5c3c4ba6
  Igor Drozdov authored Jan 17, 2020
```
This would save us from 500 error raised by database
```
  5c3c4ba6
- Merge branch 'sub-for-etc' into 'master' · 7467e0ae
  Evan Read authored Jan 21, 2020
```
Expand options for e.g.

See merge request gitlab-org/gitlab!23207
```
  7467e0ae
- Merge branch 'eread/edit-new-error-details-content' into 'master' · e3bee019
  Russell Dickenson authored Jan 21, 2020
```
Add version text for new error content

See merge request gitlab-org/gitlab!23386
```
  e3bee019
- Add version text for new error content · 3de4f6d7
  Evan Read authored Jan 21, 2020
  
  3de4f6d7
- Merge branch 'add-median-line-to-cycle-analytics-docs' into 'master' · fb5e0ce4
  Evan Read authored Jan 21, 2020
```
Add days to completion chart median line to cycle analytics docs

See merge request gitlab-org/gitlab!23062
```
  fb5e0ce4
- Add days to completion chart median line to cycle analytics docs · 9e8038f3
  Brandon Labuschagne authored Jan 21, 2020
  
  9e8038f3
- Merge branch 'eread/edit-new-keys-api-content' into 'master' · 26e0c09c
  Russell Dickenson authored Jan 21, 2020
```
Edit new content for keys API

Closes #197990

See merge request gitlab-org/gitlab!23384
```
  26e0c09c
- Merge branch 'docs-20200116-fix-fenced-blocks' into 'master' · 9fb1d560
  Marcel Amirault authored Jan 21, 2020
```
Add language tags to code blocks

See merge request gitlab-org/gitlab!23208
```
  9fb1d560
- Add language tags to code blocks · 6295bd7c
  Amy Qualls authored Jan 21, 2020
```
Code blocks should specify the language the code is in, so we
can enforce a markdownlint rule.
```
  6295bd7c
- Merge branch 'docs/job-activity-limit' into 'master' · 68c953c8
  Marcel Amirault authored Jan 21, 2020
```
Document CI job activity limit

See merge request gitlab-org/gitlab!23246
```
  68c953c8