Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.rubocop_todo/lint/unused_method_argument.yml

@@ -254,7 +254,6 @@ Lint/UnusedMethodArgument:
     - 'ee/lib/ee/gitlab/geo_git_access.rb'
     - 'ee/lib/elastic/as_json.rb'
     - 'ee/lib/elastic/latest/issue_instance_proxy.rb'
-    - 'ee/lib/elastic/latest/merge_request_instance_proxy.rb'
     - 'ee/lib/elastic/latest/milestone_instance_proxy.rb'
     - 'ee/lib/elastic/latest/note_class_proxy.rb'
     - 'ee/lib/elastic/latest/note_instance_proxy.rb'

.rubocop_todo/rspec/factory_bot/avoid_create.yml

@@ -265,7 +265,6 @@ RSpec/FactoryBot/AvoidCreate:
     - 'spec/helpers/gitlab_routing_helper_spec.rb'
     - 'spec/helpers/graph_helper_spec.rb'
     - 'spec/helpers/groups/group_members_helper_spec.rb'
-    - 'spec/helpers/groups/settings_helper_spec.rb'
     - 'spec/helpers/groups_helper_spec.rb'
     - 'spec/helpers/ide_helper_spec.rb'
     - 'spec/helpers/import_helper_spec.rb'

.rubocop_todo/rspec/feature_category.yml

@@ -1947,7 +1947,6 @@ RSpec/FeatureCategory:
     - 'spec/helpers/gitlab_script_tag_helper_spec.rb'
     - 'spec/helpers/graph_helper_spec.rb'
     - 'spec/helpers/groups/group_members_helper_spec.rb'
-    - 'spec/helpers/groups/settings_helper_spec.rb'
     - 'spec/helpers/hooks_helper_spec.rb'
     - 'spec/helpers/icons_helper_spec.rb'
     - 'spec/helpers/import_helper_spec.rb'

.rubocop_todo/style/inline_disable_annotation.yml

@@ -1707,7 +1707,6 @@ Style/InlineDisableAnnotation:
     - 'ee/lib/elastic/instance_proxy_util.rb'
     - 'ee/lib/elastic/latest/git_class_proxy.rb'
     - 'ee/lib/elastic/latest/issue_class_proxy.rb'
-    - 'ee/lib/elastic/latest/merge_request_class_proxy.rb'
     - 'ee/lib/elastic/latest/note_class_proxy.rb'
     - 'ee/lib/elastic/latest/project_class_proxy.rb'
     - 'ee/lib/elastic/latest/user_class_proxy.rb'

GITALY_SERVER_VERSION

@@ -1 +1 @@
-8274bcec3ce5fd5059d83e724a4671bc3dcd2d68
+940db3886e3b8096f8d7dfcb9eacb2576ed2b9c9

app/assets/javascripts/init_confirm_danger.js

@@ -4,49 +4,52 @@ import { parseBoolean } from './lib/utils/common_utils';
 import ConfirmDanger from './vue_shared/components/confirm_danger/confirm_danger.vue';
 
 export default () => {
-  const el = document.querySelector('.js-confirm-danger');
-  if (!el) return null;
+  const elements = document.querySelectorAll('.js-confirm-danger');
 
-  const {
-    removeFormId = null,
-    phrase,
-    buttonText,
-    buttonClass = '',
-    buttonTestid,
-    buttonVariant,
-    confirmDangerMessage,
-    confirmButtonText = null,
-    disabled,
-    additionalInformation,
-    htmlConfirmationMessage,
-  } = el.dataset;
+  if (!elements.length) return;
 
-  return new Vue({
-    el,
-    provide: pickBy(
-      {
-        htmlConfirmationMessage,
-        confirmDangerMessage,
-        additionalInformation,
-        confirmButtonText,
-      },
-      (v) => Boolean(v),
-    ),
-    render: (createElement) =>
-      createElement(ConfirmDanger, {
-        props: {
-          phrase,
-          buttonText,
-          buttonClass,
-          buttonVariant,
-          buttonTestid,
-          disabled: parseBoolean(disabled),
+  elements.forEach((element) => {
+    const {
+      removeFormId = null,
+      phrase,
+      buttonText,
+      buttonClass = '',
+      buttonTestid,
+      buttonVariant,
+      confirmDangerMessage,
+      confirmButtonText = null,
+      disabled,
+      additionalInformation,
+      htmlConfirmationMessage,
+    } = element.dataset;
+
+    return new Vue({
+      el: element,
+      provide: pickBy(
+        {
+          htmlConfirmationMessage,
+          confirmDangerMessage,
+          additionalInformation,
+          confirmButtonText,
         },
-        on: {
-          confirm: () => {
-            if (removeFormId) document.getElementById(removeFormId)?.submit();
+        (v) => Boolean(v),
+      ),
+      render: (createElement) =>
+        createElement(ConfirmDanger, {
+          props: {
+            phrase,
+            buttonText,
+            buttonClass,
+            buttonVariant,
+            buttonTestid,
+            disabled: parseBoolean(disabled),
           },
-        },
-      }),
+          on: {
+            confirm: () => {
+              if (removeFormId) document.getElementById(removeFormId)?.submit();
+            },
+          },
+        }),
+    });
   });
 };

app/assets/javascripts/pages/admin/groups/index/index.js

@@ -0,0 +1,3 @@
+import initConfirmDanger from '~/init_confirm_danger';
+
+initConfirmDanger();

app/helpers/groups/settings_helper.rb

@@ -98,8 +98,20 @@ def group_lfs_status(group)
     end
   end
 
+  def group_confirm_modal_data(group:, remove_form_id: nil, permanently_remove: false, button_text: nil)
+    {
+      remove_form_id: remove_form_id,
+      button_text: button_text.nil? ? _('Delete group') : button_text,
+      button_testid: 'remove-group-button',
+      disabled: group.prevent_delete?.to_s,
+      confirm_danger_message: remove_group_message(group, permanently_remove),
+      phrase: group.full_path,
+      html_confirmation_message: 'true'
+    }
+  end
+
   # Overridden in EE
-  def remove_group_message(group)
+  def remove_group_message(group, permanently_remove)
     content_tag :div do
       content = ''.html_safe
       content << content_tag(:span, _("You are about to delete the group %{group_name}.") % { group_name: group.name })

app/helpers/groups_helper.rb

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 
 class UserPreference < MainClusterwide::ApplicationRecord
+  include IgnorableColumns
+
+  ignore_column :use_web_ide_extension_marketplace, remove_with: '17.4', remove_after: '2024-08-15'
+
   # We could use enums, but Rails 4 doesn't support multiple
   # enum options with same name for multiple fields, also it creates
   # extra methods that aren't really needed here.

app/models/user_preference.rb

@@ -1,4 +1,5 @@
 - group = local_assigns.fetch(:group)
+- remove_form_id = "js-remove-group-#{group.id}-form"
 
 %li.group-row.gl-py-3.gl-align-items-center{ class: 'gl-display-flex!', data: { testid: 'group-row-content' } }
   = render Pajamas::AvatarComponent.new(group, size: 32, alt: '')
@@ -29,8 +30,9 @@
     %span.gl-ml-5.visibility-icon.has-tooltip{ data: { container: 'body', placement: 'left' }, title: visibility_icon_description(group) }
       = visibility_level_icon(group.visibility_level)
 
-  .controls.gl-flex-shrink-0.gl-ml-5
+  .controls.gl-flex.gl-flex-shrink-0.gl-ml-5
     = render Pajamas::ButtonComponent.new(href: admin_group_edit_path(group), button_options: { id: "edit_#{dom_id(group)}" }) do
       = _('Edit')
-    = render Pajamas::ButtonComponent.new(href: [:admin, group], variant: :danger, button_options: { data: { confirm: _("Are you sure you want to delete %{group_name}?") % { group_name: group.name }, confirm_btn_variant: 'danger', method: :delete } }) do
-      = _('Delete')
+
+    = form_tag([:admin, group], method: :delete, id: remove_form_id) do
+      .js-confirm-danger{ data: group_confirm_modal_data(group: group, remove_form_id: remove_form_id, permanently_remove: true, button_text: _('Delete')) }

app/views/admin/groups/_group.html.haml

@@ -6,4 +6,4 @@
     - c.with_body do
       = html_escape(_("This group can't be removed because it is linked to a subscription. To remove this group, %{linkStart}link the subscription%{linkEnd} with a different group.")) % { linkStart: "<a href=\"#{help_page_path('subscriptions/gitlab_com/index', anchor: 'change-the-linked-namespace')}\">".html_safe, linkEnd: '</a>'.html_safe }
 
-.js-confirm-danger{ data: group_settings_confirm_modal_data(group, remove_form_id, button_text) }
+.js-confirm-danger{ data: group_confirm_modal_data(group: group, remove_form_id: remove_form_id, button_text: button_text) }

app/views/groups/settings/_remove_button.html.haml

@@ -7,5 +7,4 @@ feature_categories:
 description: Store commit user information for merge request diffs
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63669
 milestone: '14.1'
-gitlab_schema: gitlab_main_cell
-sharding_key_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/444232
+gitlab_schema: gitlab_main_clusterwide

db/docs/merge_request_diff_commit_users.yml

@@ -96,7 +96,7 @@ Alternatively, you might want to [install the GitLab for Jira Cloud app manually
 - The instance must be publicly available.
 - The instance must be on GitLab version 15.7 or later.
 - You must set up [OAuth authentication](#set-up-oauth-authentication).
-- If your instance uses HTTPS, your GitLab certificate must be publicly trusted or contain the full chain certificate.
+- Your GitLab instance must use HTTPS _and_ your GitLab certificate must be publicly trusted or contain the full chain certificate.
 - Your network must allow inbound and outbound connections between your self-managed instance,
   Jira, and GitLab.com. For self-managed instances that are behind a
   firewall and cannot be directly accessed from the internet, you must:

doc/administration/settings/jira_cloud_app.md

@@ -55,7 +55,7 @@ coverage in the tool's output:
 | Name         | Language     | Command      | Example      |
 |--------------|--------------|--------------|--------------|
 | Simplecov | Ruby | None | `/\(\d+.\d+\%\) covered/` |
-| pytest-cov | Python | None | `/TOTAL.*? (100(?:\.0+)?\%\|[1-9]?\d(?:\.\d+)?\%)$/` |
+| pytest-cov | Python | None | `/TOTAL.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/` |
 | Scoverage | Scala | None | `/(?i)total.*? (100(?:\.0+)?\%\|[1-9]?\d(?:\.\d+)?\%)$/` |
 | pest | PHP | `pest --coverage --colors=never` | `/Statement coverage[A-Za-z\.*]\s*:\s*([^%]+)/` |
 | phpunit | PHP | `phpunit --coverage-text --colors=never` | `/^\s*Lines:\s*\d+.\d+\%/` |

doc/ci/testing/code_coverage.md

@@ -10,13 +10,23 @@ DETAILS:
 **Tier:** Free, Premium, Ultimate
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated
 
-People sometimes accidentally commit secrets like keys or API tokens to Git repositories. After a
-sensitive value is pushed to a remote repository, anyone with access to the repository can
-impersonate the authorized user of the secret for malicious purposes. Most organizations require
-exposed secrets to be revoked and replaced to address this risk.
+Your application might use external resources, including a CI/CD
+service, a database, or external storage. Access to these resources
+requires authentication, usually using static methods like private
+keys and tokens. These methods are called "secrets" because they're
+not meant to be shared with anyone else.
 
-Secret Detection scans your repository to help prevent your secrets from being exposed. Secret
-Detection scanning works on all text files, regardless of the language or framework used.
+People sometimes accidentally commit secrets to Git
+repositories. After a sensitive value is pushed to a remote
+repository, anyone with access to the repository can use the secret to
+impersonate the authorized user for malicious purposes. To address
+this risk, you should store your secrets outside your remote
+repositories. If a secret is exposed, you should revoke and replace it
+as soon as possible.
+
+Secret Detection scans your repository to help prevent your secrets
+from being exposed. Secret Detection scanning works on all text files,
+regardless of the language or framework used.
 
 GitLab has two methods for detecting secrets which can be used simultaneously:
 

doc/user/application_security/secret_detection/index.md

@@ -89,11 +89,11 @@ The following data is shared with third-party AI APIs:
 ## Vulnerability resolution
 
 DETAILS:
-**Tier:** Ultimate with [GitLab Duo Enterprise](../../../subscriptions/subscription-add-ons.md)
-**Offering:** GitLab.com, Self-managed, GitLab Dedicated
+**Tier:** For a limited time, Ultimate. In the future, [GitLab Duo Enterprise](../../../subscriptions/subscription-add-ons.md).
+**Offering:** GitLab.com
+**Status:** Experiment
 
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/10779) in GitLab 16.7 as an [experiment](../../../policy/experiment-beta-support.md#experiment) on GitLab.com.
-> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/10783) in GitLab 17.2.
 
 Use GitLab Duo Vulnerability resolution to automatically create a merge request that
 resolves the vulnerability. By default, it is powered by Anthropic's [`claude-3-haiku`](https://docs.anthropic.com/en/docs/about-claude/models#claude-3-a-new-generation-of-ai)
@@ -104,7 +104,7 @@ explanation with caution.
 
 Prerequisites:
 
-- You must have the GitLab Ultimate subscription tier and GitLab Duo Enterprise.
+- You must have the GitLab Ultimate subscription tier.
 - You must be a member of the project.
 - The vulnerability must be a SAST finding.
 

doc/user/application_security/vulnerabilities/index.md

@@ -118,16 +118,6 @@ DETAILS:
 - LLM: Anthropic's [`claude-3-haiku`](https://docs.anthropic.com/en/docs/about-claude/models#claude-3-a-new-generation-of-ai).
 - [View documentation](../application_security/vulnerabilities/index.md#explaining-a-vulnerability).
 
-### Vulnerability resolution
-
-DETAILS:
-**Tier:** Ultimate with [GitLab Duo Enterprise](../../subscriptions/subscription-add-ons.md) add-on
-**Offering:** GitLab.com, Self-managed, GitLab Dedicated
-
-- Help resolve a vulnerability by generating a merge request that addresses it.
-- LLM: Anthropic's [`claude-3-haiku`](https://docs.anthropic.com/en/docs/about-claude/models#claude-3-a-new-generation-of-ai).
-- [View documentation](../application_security/vulnerabilities/index.md#vulnerability-resolution).
-
 ## Beta features
 
 ### Merge request template population
@@ -213,6 +203,16 @@ DETAILS:
 - LLM: Vertex AI Codey [`text-bison`](https://console.cloud.google.com/vertex-ai/publishers/google/model-garden/text-bison)
 - [View documentation](experiments.md#troubleshoot-failed-cicd-jobs-with-root-cause-analysis).
 
+### Vulnerability resolution
+
+**Tier:** For a limited time, Ultimate. In the future, [GitLab Duo Enterprise](../../subscriptions/subscription-add-ons.md).
+**Offering:** GitLab.com
+**Status:** Experiment
+
+- Help resolve a vulnerability by generating a merge request that addresses it.
+- LLM: Anthropic's [`claude-3-haiku`](https://docs.anthropic.com/en/docs/about-claude/models#claude-3-a-new-generation-of-ai).
+- [View documentation](../application_security/vulnerabilities/index.md#vulnerability-resolution).
+
 ### Product Analytics
 
 DETAILS:

doc/user/gitlab_duo/index.md

@@ -72,6 +72,10 @@ def customize_allowlist(allowlist)
 
       private
 
+      def render_timeout
+        SANITIZATION_RENDER_TIMEOUT
+      end
+
       # If sanitization times out, we can not return partial un-sanitized results.
       # It's ok to allow any following filters to run since this is safe HTML.
       def returned_timeout_value

lib/banzai/filter/base_sanitization_filter.rb

@@ -17,6 +17,14 @@ module TimeoutFilterHandler
         extend ActiveSupport::Concern
 
         RENDER_TIMEOUT = 2.seconds
+
+        # [TODO] Seeing several complaints about rendering being too complex.
+        # https://gitlab.com/gitlab-org/gitlab/-/issues/469683
+        # The default 2 seconds seems to be too aggressive at the moment.
+        # It can also depend in the hardware that we're running on.
+        # So let's make it 5. Currently the overall pipeline timeout
+        # (pipeline_timing_check.rb) is set to 5.
+        SANITIZATION_RENDER_TIMEOUT = 5.seconds
         COMPLEX_MARKDOWN_MESSAGE =
           <<~HTML
             <p>Rendering aborted due to complexity issues. If this is valid markdown, please feel free to open an issue

lib/banzai/filter/concerns/timeout_filter_handler.rb

@@ -38,6 +38,10 @@ def call_with_timeout
 
       private
 
+      def render_timeout
+        SANITIZATION_RENDER_TIMEOUT
+      end
+
       # Since this filter does a level of sanitization, we can not return
       # partial un-sanitized results.
       # It's ok to allow any following filters to run since this is safe HTML.

lib/banzai/filter/external_link_filter.rb

@@ -6964,9 +6964,6 @@ msgstr ""
 msgid "Are you sure you want to continue?"
 msgstr ""
 
-msgid "Are you sure you want to delete %{group_name}?"
-msgstr ""
-
 msgid "Are you sure you want to delete %{name}?"
 msgstr ""
 
@@ -46835,7 +46832,7 @@ msgstr ""
 msgid "ScanResultPolicy|Remove all approvals with new commit"
 msgstr ""
 
-msgid "ScanResultPolicy|Require the user's password to approve"
+msgid "ScanResultPolicy|Require user re-authentication (password or SAML) to approve"
 msgstr ""
 
 msgid "ScanResultPolicy|Required number of approvals became higher than available, valid approvers."