diff options
author | Yaya <mak@nyantec.com> | 2022-12-28 21:27:11 +0000 |
---|---|---|
committer | Winter <winter@winter.cafe> | 2023-01-11 22:17:09 -0500 |
commit | 649b2e240776c377258b471fb01ce0222f633aa3 (patch) | |
tree | 7050e086a3ed080191e90bde18dbc9c57784e52f | |
parent | 5b84b1e266fc5f9eed944e9cf1f87edf5390deed (diff) |
gitlab: 15.6.1 -> 15.7.2
https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/
Fixes CVE-2022-4037
Fixes CVE-2022-3613
Fixes CVE-2022-4365
Fixes CVE-2022-4342
Fixes CVE-2022-3573
Fixes CVE-2022-4167
Fixes CVE-2022-3870
Fixes CVE-2023-0042
Fixes CVE-2022-4131
Fixes CVE-2022-3514
(cherry picked from commit 4d41c371d47bc7f3d20403788bc43793d7c930a2)
12 files changed, 383 insertions, 384 deletions
diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json index fe0bed84b505..7547a779cfb4 100644 --- a/pkgs/applications/version-management/gitlab/data.json +++ b/pkgs/applications/version-management/gitlab/data.json @@ -1,28 +1,14 @@ { - "version": "15.6.1", - "repo_hash": "sha256-cdwfljmJvApU2q0pmWSmcMnHkQH4hfN7+cld5oP880g=", - "yarn_hash": "0lgl8rs9mlrwpzq75rywdbjbiib17wxvzlv1jibnx66iw1ym2rvh", + "version": "15.7.2", + "repo_hash": "sha256-XfGQkbJs9AyU+aljfcE1Di8d9zQ6CoTo9I1INE2+4/U=", + "yarn_hash": "086v3lr4hnz8z8pla1d3mi2smldidmx2z2cmffn830ianpqkk83l", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v15.6.1-ee", + "rev": "v15.7.2-ee", "passthru": { - "GITALY_SERVER_VERSION": "15.6.1", - "GITLAB_PAGES_VERSION": "1.63.0", - "GITLAB_SHELL_VERSION": "14.13.0", - "GITLAB_WORKHORSE_VERSION": "15.6.1" - }, - "vendored_gems": [ - "bundler-checksum", - "devise-pbkdf2-encryptable", - "omniauth-azure-oauth2", - "omniauth-cas3", - "omniauth-gitlab", - "omniauth_crowd", - "omniauth-salesforce", - "attr_encrypted", - "mail-smtp_pool", - "microsoft_graph_mailer", - "ipynbdiff", - "error_tracking_open_api" - ] + "GITALY_SERVER_VERSION": "15.7.2", + "GITLAB_PAGES_VERSION": "15.7.2", + "GITLAB_SHELL_VERSION": "14.14.0", + "GITLAB_WORKHORSE_VERSION": "15.7.2" + } } diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index 2ed65c59901b..e6cd605a51ea 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchurl, fetchpatch, fetchFromGitLab, bundlerEnv , ruby, tzdata, git, nettools, nixosTests, nodejs, openssl , gitlabEnterprise ? false, callPackage, yarn -, fixup_yarn_lock, replace, file, cacert, fetchYarnDeps, makeWrapper +, fixup_yarn_lock, replace, file, cacert, fetchYarnDeps, makeWrapper, pkg-config }: let @@ -20,8 +20,11 @@ let inherit ruby; gemdir = ./rubyEnv; gemset = - let x = import (gemdir + "/gemset.nix"); + let x = import (gemdir + "/gemset.nix") src; in x // { + gpgme = x.gpgme // { + nativeBuildInputs = [ pkg-config ]; + }; # the openssl needs the openssl include files openssl = x.openssl // { buildInputs = [ openssl ]; @@ -47,7 +50,7 @@ let # `console` executable. ignoreCollisions = true; - extraConfigPaths = lib.forEach data.vendored_gems (gem: "${src}/vendor/gems/${gem}"); + extraConfigPaths = [ "${src}/vendor" ]; }; assets = stdenv.mkDerivation { @@ -99,6 +102,7 @@ let yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive patchShebangs node_modules/ + patchShebangs scripts/frontend/ runHook postConfigure ''; diff --git a/pkgs/applications/version-management/gitlab/gitaly/Gemfile b/pkgs/applications/version-management/gitlab/gitaly/Gemfile index 5c9feca5cebc..9c561119f118 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/Gemfile +++ b/pkgs/applications/version-management/gitlab/gitaly/Gemfile @@ -1,7 +1,6 @@ source 'https://rubygems.org' gem 'rugged', '~> 1.2' -gem 'github-linguist', '~> 7.20.0', require: 'linguist' gem 'gitlab-markup', '~> 1.7.1' gem 'activesupport', '~> 6.1.6.1' gem 'grpc', '~> 1.42.0' # keep in lock-step with grpc-tools @@ -13,13 +12,13 @@ gem 'rbtrace', require: false gem 'gitaly', '~> 15.5.0' # Labkit provides observability functionality -gem 'gitlab-labkit', '~> 0.28' +gem 'gitlab-labkit', '~> 0.29' # Detects the open source license the repository includes # This version needs to be in sync with GitLab CE/EE gem 'licensee', '~> 9.15' -gem 'google-protobuf', '~> 3.21.9' +gem 'google-protobuf', '~> 3.21.12' # Rails is currently blocked on the upgrade to the new major version for Redis, # so we don't upgrade either until the issue is resolved. This is an indirect diff --git a/pkgs/applications/version-management/gitlab/gitaly/Gemfile.lock b/pkgs/applications/version-management/gitlab/gitaly/Gemfile.lock index 85f0f5c03d14..da95241d34c4 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/Gemfile.lock +++ b/pkgs/applications/version-management/gitlab/gitaly/Gemfile.lock @@ -29,7 +29,6 @@ GEM ast (2.4.2) binding_ninja (0.2.3) builder (3.2.4) - charlock_holmes (0.7.7) coderay (1.1.2) concord (0.1.5) adamantium (~> 0.2.0) @@ -40,7 +39,6 @@ GEM dotenv (2.7.6) equalizer (0.0.11) erubi (1.11.0) - escape_utils (1.2.2) factory_bot (5.0.2) activesupport (>= 4.2.0) faraday (1.0.1) @@ -48,12 +46,7 @@ GEM ffi (1.15.5) gitaly (15.5.0) grpc (~> 1.0) - github-linguist (7.20.0) - charlock_holmes (~> 0.7.7) - escape_utils (~> 1.2.0) - mini_mime (~> 1.0) - rugged (~> 1.0) - gitlab-labkit (0.28.0) + gitlab-labkit (0.29.0) actionpack (>= 5.0.0, < 8.0.0) activesupport (>= 5.0.0, < 8.0.0) grpc (>= 1.37) @@ -69,7 +62,7 @@ GEM with_env (= 1.1.0) xml-simple (~> 1.1.5) gitlab-markup (1.7.1) - google-protobuf (3.21.9) + google-protobuf (3.21.12) googleapis-common-protos-types (1.4.0) google-protobuf (~> 3.14) grpc (1.42.0) @@ -93,7 +86,6 @@ GEM memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) method_source (0.9.2) - mini_mime (1.1.2) mini_portile2 (2.8.0) minitest (5.16.3) msgpack (1.3.3) @@ -205,11 +197,10 @@ DEPENDENCIES activesupport (~> 6.1.6.1) factory_bot gitaly (~> 15.5.0) - github-linguist (~> 7.20.0) - gitlab-labkit (~> 0.28) + gitlab-labkit (~> 0.29) gitlab-license_finder gitlab-markup (~> 1.7.1) - google-protobuf (~> 3.21.9) + google-protobuf (~> 3.21.12) grpc (~> 1.42.0) licensee (~> 9.15) pry (~> 0.12.2) @@ -223,4 +214,4 @@ DEPENDENCIES timecop BUNDLED WITH - 2.3.24 + 2.3.26 diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix index 14e9344b1854..778c206dedf8 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/default.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix @@ -11,7 +11,7 @@ let gemdir = ./.; }; - version = "15.6.1"; + version = "15.7.2"; package_version = "v${lib.versions.major version}"; gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}"; @@ -22,10 +22,10 @@ let owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - sha256 = "sha256-mzX+6kMXqdrxqMaUwN2tG5kJgKSRv0/tNN8ibHqBbzU="; + sha256 = "sha256-IROyq3YVMFzykWluGl3et3hf7L0IfhGrn3zLR1j1hto="; }; - vendorSha256 = "sha256-SEPfso27PHHpvnQwdeMQYECw/CZIa/NdpMBSTRJEwIo="; + vendorSha256 = "sha256-UEEM0mv7d0gmDcsSKbeh4JcTnX4f5oogZnhRpqaNxwY="; ldflags = [ "-X ${gitaly_package}/internal/version.version=${version}" "-X ${gitaly_package}/internal/version.moduleVersion=${version}" ]; diff --git a/pkgs/applications/version-management/gitlab/gitaly/gemset.nix b/pkgs/applications/version-management/gitlab/gitaly/gemset.nix index a36e88e08668..f7471a12b008 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/gemset.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/gemset.nix @@ -90,16 +90,6 @@ }; version = "3.2.4"; }; - charlock_holmes = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0hybw8jw9ryvz5zrki3gc9r88jqy373m6v46ynxsdzv1ysiyr40p"; - type = "gem"; - }; - version = "0.7.7"; - }; coderay = { source = { remotes = ["https://rubygems.org"]; @@ -173,16 +163,6 @@ }; version = "1.11.0"; }; - escape_utils = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "182ha3nmsc6ny4384233pav58a5x2spjn838w9nciwb29lxah1x3"; - type = "gem"; - }; - version = "1.2.2"; - }; factory_bot = { dependencies = ["activesupport"]; groups = ["development" "test"]; @@ -226,27 +206,16 @@ }; version = "15.5.0"; }; - github-linguist = { - dependencies = ["charlock_holmes" "escape_utils" "mini_mime" "rugged"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "10biwhh50fdssqs3ai651qgv079bn6h06g5cv00jc5s73iszfns9"; - type = "gem"; - }; - version = "7.20.0"; - }; gitlab-labkit = { dependencies = ["actionpack" "activesupport" "grpc" "jaeger-client" "opentracing" "pg_query" "redis"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0m2n5lvnm5nxn7bc6bqm3ycwk47kck6nl1c0s83pcvsn6qizbsx7"; + sha256 = "09xlv72nbys9a5iqvhxfzdr7vy3s3m2a6ixqb9vq71k925faq6gb"; type = "gem"; }; - version = "0.28.0"; + version = "0.29.0"; }; gitlab-license_finder = { dependencies = ["rubyzip" "thor" "tomlrb" "with_env" "xml-simple"]; @@ -274,10 +243,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1p4aa5nnkkrdd3v3i57092vj2agj7ih3zavymw451j52k8anqras"; + sha256 = "1dcgkhjiaxha3yznyxxzm8a4n4jf61rk7kgbxy4sdkb865zbn2ab"; type = "gem"; }; - version = "3.21.9"; + version = "3.21.12"; }; googleapis-common-protos-types = { dependencies = ["google-protobuf"]; @@ -370,16 +339,6 @@ }; version = "0.9.2"; }; - mini_mime = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0lbim375gw2dk6383qirz13hgdmxlan0vc5da2l072j3qw6fqjm5"; - type = "gem"; - }; - version = "1.1.2"; - }; mini_portile2 = { groups = ["default"]; platforms = []; diff --git a/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix b/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix index 535d4faa13a9..74fd1ab320e0 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix @@ -2,19 +2,19 @@ buildGoModule rec { pname = "gitlab-shell"; - version = "14.13.0"; + version = "14.14.0"; src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-shell"; rev = "v${version}"; - sha256 = "sha256-KN1twfuamRsG5/jan4Frhd4LXOU9Bp5Htex+TsTc+Is="; + sha256 = "sha256-zXRLaEy2Q+mm1GLjLB1AxRtBxXAoLw6PA1YOJfvVhoc="; }; buildInputs = [ ruby ]; patches = [ ./remove-hardcoded-locations.patch ]; - vendorSha256 = "sha256-CAadjiZCopjGNxQTJbvs56THtAve92ewiFLjGTY2/9E="; + vendorSha256 = "sha256-mhmM33cXJbqVJ1jY82Mi/nWzz7HXdxxSsFNQknFkwpQ="; postInstall = '' cp -r "$NIX_BUILD_TOP/source"/bin/* $out/bin diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix index be226c94f43b..ef0dda83ddcc 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix @@ -5,7 +5,7 @@ in buildGoModule rec { pname = "gitlab-workhorse"; - version = "15.6.1"; + version = "15.7.2"; src = fetchFromGitLab { owner = data.owner; @@ -16,7 +16,7 @@ buildGoModule rec { sourceRoot = "source/workhorse"; - vendorSha256 = "sha256-VqJqyRRFmDugq0VG7gPBxllikVNv5et93jJHleSTS7M="; + vendorSha256 = "sha256-TrLc5L4kLAdu1CEM3ezw6hhF6Icy3rXkFyUaVTUQ6X4="; buildInputs = [ git ]; ldflags = [ "-X main.Version=${version}" ]; doCheck = false; diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile index cf08454a6496..c0d21ae4280d 100644 --- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile +++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile @@ -8,18 +8,18 @@ if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still expe Bundler::Checksum.patch! end -gem 'bundler-checksum', '~> 0.1.0', path: 'bundler-checksum', require: false +gem 'bundler-checksum', '~> 0.1.0', path: 'vendor/gems/bundler-checksum', require: false # NOTE: When incrementing the major or minor version here, also increment activerecord_version # in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve # https://gitlab.com/gitlab-org/gitlab/-/issues/375713 gem 'rails', '~> 6.1.6.1' -gem 'bootsnap', '~> 1.13.0', require: false +gem 'bootsnap', '~> 1.15.0', require: false # Pin openssl to match the version bundled with our supported Rubies. # See https://stdgems.org/openssl/#gem-version. -gem 'openssl', '2.2.1' +gem 'openssl', '2.2.2' # This gem was originally bundled with Ruby 2.7, but is unbundled as of Ruby 3. # Since the latest version caused problems with GitLab, we pin this to an older # version for now. @@ -50,31 +50,31 @@ gem 'declarative_policy', '~> 1.1.0' # Authentication libraries gem 'devise', '~> 4.8.1' -gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'devise-pbkdf2-encryptable' +gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable' gem 'bcrypt', '~> 3.1', '>= 3.1.14' -gem 'doorkeeper', '~> 5.5.0.rc2' -gem 'doorkeeper-openid_connect', '~> 1.7.5' +gem 'doorkeeper', '~> 5.5' +gem 'doorkeeper-openid_connect', '~> 1.8' gem 'rexml', '~> 3.2.5' gem 'ruby-saml', '~> 1.13.0' gem 'omniauth', '~> 2.1.0' gem 'omniauth-auth0', '~> 2.0.0' gem 'omniauth-azure-activedirectory-v2', '~> 2.0' -gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'omniauth-azure-oauth2' # See gem README.md -gem 'omniauth-cas3', '~> 1.1.4', path: 'omniauth-cas3' # See vendor/gems/omniauth-cas3/README.md +gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md +gem 'omniauth-cas3', '~> 1.1.4', path: 'vendor/gems/omniauth-cas3' # See vendor/gems/omniauth-cas3/README.md gem 'omniauth-dingtalk-oauth2', '~> 1.0' gem 'omniauth-alicloud', '~> 2.0.0' gem 'omniauth-facebook', '~> 4.0.0' gem 'omniauth-github', '2.0.1' -gem 'omniauth-gitlab', '~> 4.0.0', path: 'omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md +gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md gem 'omniauth-google-oauth2', '~> 1.1' gem 'omniauth-oauth2-generic', '~> 0.2.2' gem 'omniauth-saml', '~> 2.0.0' gem 'omniauth-shibboleth', '~> 1.3.0' gem 'omniauth-twitter', '~> 1.4' -gem 'omniauth_crowd', '~> 2.4.0', path: 'omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md +gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md gem 'omniauth-authentiq', '~> 0.3.3' gem 'gitlab-omniauth-openid-connect', '~> 0.10.0', require: 'omniauth_openid_connect' -gem 'omniauth-salesforce', '~> 1.0.5', path: 'omniauth-salesforce' # See gem README.md +gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md gem 'omniauth-atlassian-oauth2', '~> 0.2.0' gem 'rack-oauth2', '~> 1.21.3' gem 'jwt', '~> 2.1.0' @@ -91,7 +91,7 @@ gem 'invisible_captcha', '~> 2.0.0' # Two-factor authentication gem 'devise-two-factor', '~> 4.0.2' gem 'rqrcode-rails3', '~> 0.1.7' -gem 'attr_encrypted', '~> 3.2.4', path: 'attr_encrypted' +gem 'attr_encrypted', '~> 3.2.4', path: 'vendor/gems/attr_encrypted' gem 'u2f', '~> 0.2.1' # GitLab Pages @@ -107,7 +107,7 @@ gem 'browser', '~> 5.3.1' gem 'ohai', '~> 16.10' # GPG -gem 'gpgme', '~> 2.0.19' +gem 'gpgme', '~> 2.0.22' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes @@ -166,9 +166,9 @@ gem 'seed-fu', '~> 2.3.7' gem 'elasticsearch-model', '~> 7.2' gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation' gem 'elasticsearch-api', '7.13.3' -gem 'aws-sdk-core', '~> 3.167.0' +gem 'aws-sdk-core', '~> 3.168.4' gem 'aws-sdk-cloudformation', '~> 1' -gem 'aws-sdk-s3', '~> 1.117.1' +gem 'aws-sdk-s3', '~> 1.117.2' gem 'faraday_middleware-aws-sigv4', '~>0.3.0' gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections @@ -190,7 +190,7 @@ gem 'asciidoctor-kroki', '~> 0.7.0', require: false gem 'rouge', '~> 3.30.0' gem 'truncato', '~> 0.7.12' gem 'bootstrap_form', '~> 4.2.0' -gem 'nokogiri', '~> 1.13.9' +gem 'nokogiri', '~> 1.13.10' # Calendar rendering gem 'icalendar' @@ -242,7 +242,7 @@ gem 're2', '~> 1.6.0' # Misc -gem 'version_sorter', '~> 2.2.4' +gem 'version_sorter', '~> 2.3' # Export Ruby Regex to Javascript gem 'js_regex', '~> 3.8' @@ -264,9 +264,6 @@ gem 'discordrb-webhooks', '~> 3.4', require: false gem 'jira-ruby', '~> 2.1.4' gem 'atlassian-jwt', '~> 0.2.0' -# Flowdock integration -gem 'flowdock', '~> 0.7' - # Slack integration gem 'slack-messenger', '~> 2.3.4' @@ -280,14 +277,14 @@ gem 'asana', '~> 0.10.13' gem 'ruby-fogbugz', '~> 0.3.0' # Kubernetes integration -gem 'kubeclient', '~> 4.9.3' +gem 'kubeclient', '~> 4.9.3', path: 'vendor/gems/kubeclient' # Sanitize user input gem 'sanitize', '~> 6.0' gem 'babosa', '~> 1.0.4' # Sanitizes SVG input -gem 'loofah', '~> 2.19.0' +gem 'loofah', '~> 2.19.1' # Working with license # Detects the open source license the repository includes @@ -353,16 +350,16 @@ gem 'batch-loader', '~> 2.0.1' gem 'peek', '~> 1.1' # Snowplow events tracking -gem 'snowplow-tracker', '~> 0.6.1' +gem 'snowplow-tracker', '~> 0.8.0' # Metrics gem 'webrick', '~> 1.6.1', require: false -gem 'prometheus-client-mmap', '~> 0.16', require: 'prometheus/client' +gem 'prometheus-client-mmap', '~> 0.17', require: 'prometheus/client' gem 'warning', '~> 1.3.0' group :development do - gem 'lefthook', '~> 1.2.0', require: false + gem 'lefthook', '~> 1.2.6', require: false gem 'rubocop' gem 'solargraph', '~> 0.47.2', require: false @@ -373,6 +370,8 @@ group :development do gem 'better_errors', '~> 2.9.1' gem 'sprite-factory', '~> 1.7' + + gem "listen", "~> 3.7" end group :development, :test do @@ -394,10 +393,10 @@ group :development, :test do # Generate Fake data gem 'ffaker', '~> 2.10' - gem 'spring', '~> 2.1.0' + gem 'spring', '~> 4.1.0' gem 'spring-commands-rspec', '~> 1.0.4' - gem 'gitlab-styles', '~> 9.0.0', require: false + gem 'gitlab-styles', '~> 9.1.0', require: false gem 'haml_lint', '~> 0.40.0', require: false gem 'bundler-audit', '~> 0.7.0.1', require: false @@ -411,8 +410,6 @@ group :development, :test do gem 'simple_po_parser', '~> 1.1.6', require: false - gem 'timecop', '~> 0.9.1' - gem 'png_quantizator', '~> 0.2.1', require: false gem 'parallel', '~> 1.19', require: false @@ -425,7 +422,7 @@ group :development, :test do end group :development, :test, :danger do - gem 'gitlab-dangerfiles', '~> 3.6.2', require: false + gem 'gitlab-dangerfiles', '~> 3.6.4', require: false end group :development, :test, :coverage do @@ -507,7 +504,7 @@ gem 'kas-grpc', '~> 0.0.2' gem 'grpc', '~> 1.42.0' -gem 'google-protobuf', '~> 3.21', '>= 3.21.9' +gem 'google-protobuf', '~> 3.21', '>= 3.21.12' gem 'toml-rb', '~> 2.2.0' @@ -526,7 +523,7 @@ gem 'grape_logging', '~> 1.8' gem 'gitlab-net-dns', '~> 0.9.1' # Countries list -gem 'countries', '~> 3.0' +gem 'countries', '~> 4.0.0' gem 'retriable', '~> 3.1.2' @@ -537,9 +534,9 @@ gem 'lru_redux' # Monkey-patched in `config/initializers/mail_encoding_patch.rb` # See https://gitlab.com/gitlab-org/gitlab/issues/197386 gem 'mail', '= 2.7.1' -gem 'mail-smtp_pool', '~> 0.1.0', path: 'mail-smtp_pool', require: false +gem 'mail-smtp_pool', '~> 0.1.0', path: 'vendor/gems/mail-smtp_pool', require: false -gem 'microsoft_graph_mailer', '~> 0.1.0', path: 'microsoft_graph_mailer' +gem 'microsoft_graph_mailer', '~> 0.1.0', path: 'vendor/gems/microsoft_graph_mailer' # File encryption gem 'lockbox', '~> 0.6.2' @@ -562,13 +559,13 @@ gem 'ipaddress', '~> 0.8.3' gem 'parslet', '~> 1.8' -gem 'ipynbdiff', path: 'ipynbdiff' +gem 'ipynbdiff', path: 'vendor/gems/ipynbdiff' gem 'ed25519', '~> 1.3.0' # Error Tracking OpenAPI client # See https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/rake_tasks.md#update-openapi-client-for-error-tracking-feature -gem 'error_tracking_open_api', path: 'error_tracking_open_api' +gem 'error_tracking_open_api', path: 'vendor/gems/error_tracking_open_api' # Vulnerability advisories gem 'cvss-suite', '~> 3.0.1', require: 'cvss_suite' diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock index 2174cec05f8a..40e81460ea9f 100644 --- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock +++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock @@ -1,51 +1,60 @@ PATH - remote: attr_encrypted + remote: vendor/gems/attr_encrypted specs: attr_encrypted (3.2.4) encryptor (~> 3.0.0) PATH - remote: bundler-checksum + remote: vendor/gems/bundler-checksum specs: bundler-checksum (0.1.0) bundler PATH - remote: devise-pbkdf2-encryptable + remote: vendor/gems/devise-pbkdf2-encryptable specs: devise-pbkdf2-encryptable (0.0.0) devise (~> 4.0) devise-two-factor (~> 4.0) PATH - remote: error_tracking_open_api + remote: vendor/gems/error_tracking_open_api specs: error_tracking_open_api (1.0.0) typhoeus (~> 1.0, >= 1.0.1) PATH - remote: ipynbdiff + remote: vendor/gems/ipynbdiff specs: ipynbdiff (0.4.7) diffy (~> 3.4) oj (~> 3.13.16) PATH - remote: mail-smtp_pool + remote: vendor/gems/kubeclient + specs: + kubeclient (4.9.4.pre.gitlab1) + http (>= 3.0, < 6.0) + jsonpath (~> 1.0) + recursive-open-struct (~> 1.1, >= 1.1.1) + rest-client (~> 2.0) + +PATH + remote: vendor/gems/mail-smtp_pool specs: mail-smtp_pool (0.1.0) connection_pool (~> 2.0) mail (~> 2.7) PATH - remote: microsoft_graph_mailer + remote: vendor/gems/microsoft_graph_mailer specs: microsoft_graph_mailer (0.1.0) mail (~> 2.7) oauth2 (>= 1.4.4, < 3) PATH - remote: omniauth-azure-oauth2 + remote: vendor/gems/omniauth-azure-oauth2 specs: omniauth-azure-oauth2 (0.0.10) jwt (>= 1.0, < 3.0) @@ -53,7 +62,7 @@ PATH omniauth-oauth2 (~> 1.4) PATH - remote: omniauth-cas3 + remote: vendor/gems/omniauth-cas3 specs: omniauth-cas3 (1.1.4) addressable (~> 2.3) @@ -61,21 +70,21 @@ PATH omniauth (~> 2.0) PATH - remote: omniauth-gitlab + remote: vendor/gems/omniauth-gitlab specs: omniauth-gitlab (4.0.0) omniauth (~> 2.0) omniauth-oauth2 (~> 1.8) PATH - remote: omniauth-salesforce + remote: vendor/gems/omniauth-salesforce specs: omniauth-salesforce (1.0.5) omniauth (~> 2.0) omniauth-oauth2 (~> 1.0) PATH - remote: omniauth_crowd + remote: vendor/gems/omniauth_crowd specs: omniauth_crowd (2.4.0) activesupport @@ -185,19 +194,19 @@ GEM awesome_print (1.9.2) awrence (1.1.1) aws-eventstream (1.2.0) - aws-partitions (1.658.0) + aws-partitions (1.674.0) aws-sdk-cloudformation (1.41.0) aws-sdk-core (~> 3, >= 3.99.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.167.0) + aws-sdk-core (3.168.4) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.59.0) + aws-sdk-kms (1.61.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.117.1) + aws-sdk-s3 (1.117.2) aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) @@ -229,7 +238,7 @@ GEM rack (>= 0.9.0) bindata (2.4.11) binding_ninja (0.2.3) - bootsnap (1.13.0) + bootsnap (1.15.0) msgpack (~> 1.2) bootstrap_form (4.2.0) actionpack (>= 5.0) @@ -284,16 +293,14 @@ GEM commonmarker (0.23.6) concurrent-ruby (1.1.10) connection_pool (2.3.0) - contracts (0.11.0) cork (0.3.0) colored2 (~> 3.1) cose (1.0.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 0.4.0) - countries (3.0.0) - i18n_data (~> 0.8.0) + countries (4.0.1) + i18n_data (~> 0.13.0) sixarm_ruby_unaccent (~> 1.1) - unicode_utils (~> 1.4) crack (0.4.3) safe_yaml (~> 1.0.0) crass (1.0.6) @@ -363,11 +370,11 @@ GEM docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - doorkeeper (5.5.0.rc2) + doorkeeper (5.5.4) railties (>= 5) - doorkeeper-openid_connect (1.7.5) - doorkeeper (>= 5.2, < 5.5) - json-jwt (>= 1.11.0) + doorkeeper-openid_connect (1.8.3) + doorkeeper (>= 5.5, < 5.7) + json-jwt (>= 1.15.0) dotenv (2.7.6) dry-configurable (0.12.0) concurrent-ruby (~> 1.0) @@ -484,9 +491,6 @@ GEM flipper-active_support_cache_store (0.25.0) activesupport (>= 4.2, < 8) flipper (~> 0.25.0) - flowdock (0.7.1) - httparty (~> 0.7) - multi_json fog-aliyun (0.3.3) fog-core fog-json @@ -556,12 +560,12 @@ GEM rchardet (~> 1.8) gitaly (15.5.2) grpc (~> 1.0) - gitlab (4.16.1) - httparty (~> 0.14, >= 0.14.0) - terminal-table (~> 1.5, >= 1.5.1) + gitlab (4.19.0) + httparty (~> 0.20) + terminal-table (>= 1.5.1) gitlab-chronic (0.10.5) numerizer (~> 0.2) - gitlab-dangerfiles (3.6.2) + gitlab-dangerfiles (3.6.4) danger (>= 8.4.5) danger-gitlab (>= 8.0.0) rake @@ -594,13 +598,13 @@ GEM gitlab-sidekiq-fetcher (0.9.0) json (>= 2.5) sidekiq (~> 6.1) - gitlab-styles (9.0.0) - rubocop (~> 1.36.0) + gitlab-styles (9.1.0) + rubocop (~> 1.38.0) rubocop-gitlab-security (~> 0.1.1) rubocop-graphql (~> 0.14) rubocop-performance (~> 1.14) rubocop-rails (~> 2.15) - rubocop-rspec (~> 2.12) + rubocop-rspec (~> 2.15) gitlab_chronic_duration (0.10.6.2) numerizer (~> 0.2) gitlab_omniauth-ldap (2.2.0) @@ -651,7 +655,7 @@ GEM google-apis-core (>= 0.9.1, < 2.a) google-cloud-env (1.6.0) faraday (>= 0.17.3, < 3.0) - google-protobuf (3.21.9) + google-protobuf (3.21.12) googleapis-common-protos-types (1.3.0) google-protobuf (~> 3.14) googleauth (1.3.0) @@ -661,8 +665,8 @@ GEM multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (>= 0.16, < 2.a) - gpgme (2.0.20) - mini_portile2 (~> 2.3) + gpgme (2.0.22) + mini_portile2 (~> 2.7) grape (1.5.2) activesupport builder @@ -753,24 +757,22 @@ GEM nokogiri (~> 1.6) htmlbeautifier (1.4.2) htmlentities (4.3.4) - http (4.4.1) - addressable (~> 2.3) + http (5.1.0) + addressable (~> 2.8) http-cookie (~> 1.0) http-form_data (~> 2.2) - http-parser (~> 1.2.0) + llhttp-ffi (~> 0.4.0) http-accept (1.7.0) http-cookie (1.0.5) domain_name (~> 0.5) http-form_data (2.3.0) - http-parser (1.2.3) - ffi-compiler (>= 1.0, < 2.0) httparty (0.20.0) mime-types (~> 3.0) multi_xml (>= 0.5.2) httpclient (2.8.3) i18n (1.12.0) concurrent-ruby (~> 1.0) - i18n_data (0.8.0) + i18n_data (0.13.1) icalendar (2.8.0) ice_cube (~> 0.16) ice_cube (0.16.4) @@ -789,7 +791,7 @@ GEM atlassian-jwt multipart-post oauth (~> 0.5, >= 0.5.0) - jmespath (1.6.1) + jmespath (1.6.2) js_regex (3.8.0) |