Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/CODEOWNERS

@@ -2,7 +2,7 @@
 # project here: https://gitlab.com/gitlab-org/gitlab/-/project_members
 # As described in https://docs.gitlab.com/ee/user/project/code_owners.html
 
-* @gitlab-org/maintainers/rails-backend @gitlab-org/maintainers/frontend @gitlab-org/maintainers/database @gl-quality/qe-maintainers @gl-quality/tooling-maintainers @gitlab-org/delivery @gitlab-org/maintainers/cicd-templates @nolith @gitlab-org/tw-leadership @gitlab-org/maintainers/kas-version-maintainers
+* @gitlab-org/maintainers/rails-backend @gitlab-org/maintainers/frontend @gitlab-org/maintainers/database @gl-quality/qe-maintainers @gl-quality/tooling-maintainers @gitlab-org/delivery @gitlab-org/maintainers/cicd-templates @gitlab-org/tw-leadership @gitlab-org/maintainers/kas-version-maintainers
 
 .gitlab/CODEOWNERS @gitlab-org/development-leaders @gitlab-org/tw-leadership
 

.rubocop_todo/gitlab/service_response.yml

@@ -37,7 +37,6 @@ Gitlab/ServiceResponse:
     - 'app/services/timelogs/base_service.rb'
     - 'app/services/work_items/create_and_link_service.rb'
     - 'app/services/work_items/create_from_task_service.rb'
-    - 'app/services/work_items/delete_task_service.rb'
     - 'ee/app/services/analytics/cycle_analytics/value_streams/create_service.rb'
     - 'ee/app/services/app_sec/dast/profiles/destroy_service.rb'
     - 'ee/app/services/app_sec/dast/scanner_profiles/destroy_service.rb'

.rubocop_todo/layout/argument_alignment.yml

@@ -146,7 +146,6 @@ Layout/ArgumentAlignment:
     - 'app/graphql/mutations/work_items/create.rb'
     - 'app/graphql/mutations/work_items/create_from_task.rb'
     - 'app/graphql/mutations/work_items/delete.rb'
-    - 'app/graphql/mutations/work_items/delete_task.rb'
     - 'app/graphql/mutations/work_items/update.rb'
     - 'app/graphql/mutations/work_items/update_task.rb'
     - 'app/graphql/resolvers/admin/analytics/usage_trends/measurements_resolver.rb'
@@ -475,7 +474,6 @@ Layout/ArgumentAlignment:
     - 'app/graphql/types/users/namespace_commit_email_type.rb'
     - 'app/graphql/types/work_item_type.rb'
     - 'app/graphql/types/work_items/convert_task_input_type.rb'
-    - 'app/graphql/types/work_items/deleted_task_input_type.rb'
     - 'app/graphql/types/work_items/type_type.rb'
     - 'app/graphql/types/work_items/widgets/description_input_type.rb'
     - 'app/graphql/types/work_items/widgets/description_type.rb'

.rubocop_todo/rspec/context_wording.yml

@@ -2306,7 +2306,6 @@ RSpec/ContextWording:
     - 'spec/requests/api/graphql/mutations/todos/create_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/create_from_task_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/create_spec.rb'
-    - 'spec/requests/api/graphql/mutations/work_items/delete_task_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/update_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/update_task_spec.rb'
     - 'spec/requests/api/graphql/namespace_query_spec.rb'

.rubocop_todo/rspec/expect_change.yml

@@ -287,7 +287,6 @@ RSpec/ExpectChange:
     - 'spec/requests/api/graphql/mutations/work_items/create_from_task_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/create_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/delete_spec.rb'
-    - 'spec/requests/api/graphql/mutations/work_items/delete_task_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/update_spec.rb'
     - 'spec/requests/api/graphql/mutations/work_items/update_task_spec.rb'
     - 'spec/requests/api/groups_spec.rb'
@@ -387,10 +386,8 @@ RSpec/ExpectChange:
     - 'spec/services/work_items/create_and_link_service_spec.rb'
     - 'spec/services/work_items/create_from_task_service_spec.rb'
     - 'spec/services/work_items/create_service_spec.rb'
-    - 'spec/services/work_items/delete_task_service_spec.rb'
     - 'spec/services/work_items/parent_links/create_service_spec.rb'
     - 'spec/services/work_items/parent_links/destroy_service_spec.rb'
-    - 'spec/services/work_items/task_list_reference_removal_service_spec.rb'
     - 'spec/services/work_items/task_list_reference_replacement_service_spec.rb'
     - 'spec/services/work_items/update_service_spec.rb'
     - 'spec/services/work_items/widgets/hierarchy_service/update_service_spec.rb'

.rubocop_todo/rspec/scattered_let.yml

@@ -196,7 +196,6 @@ RSpec/ScatteredLet:
     - 'spec/requests/api/graphql/group/work_item_types_spec.rb'
     - 'spec/requests/api/graphql/milestone_spec.rb'
     - 'spec/requests/api/graphql/mutations/boards/create_spec.rb'
-    - 'spec/requests/api/graphql/mutations/work_items/delete_task_spec.rb'
     - 'spec/requests/api/graphql/namespace/projects_spec.rb'
     - 'spec/requests/api/graphql/project/deployment_spec.rb'
     - 'spec/requests/api/graphql/project/environments_spec.rb'

.rubocop_todo/style/if_unless_modifier.yml

@@ -319,7 +319,6 @@ Style/IfUnlessModifier:
     - 'app/services/users/build_service.rb'
     - 'app/services/users/respond_to_terms_service.rb'
     - 'app/services/wikis/create_attachment_service.rb'
-    - 'app/services/work_items/task_list_reference_removal_service.rb'
     - 'app/services/work_items/task_list_reference_replacement_service.rb'
     - 'app/uploaders/file_mover.rb'
     - 'app/uploaders/object_storage.rb'

CHANGELOG.md

@@ -2,6 +2,23 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 16.6.2 (2023-12-13)
+
+### Fixed (1 change)
+
+- [Fix adding confidential child tasks](gitlab-org/security/gitlab@1e67ddffca37e733aee2c3b118c2f9510fc094c0)
+
+### Security (8 changes)
+
+- [Prevent tag names starting with SHA-1 and SHA-256 values](gitlab-org/security/gitlab@d942166b879e8986d9deb45ab1732fa563e715c2) ([merge request](gitlab-org/security/gitlab!3746))
+- [Pass encoded file paths to router](gitlab-org/security/gitlab@1e414bb90ec85c818955bb241934bd43137adb4d) ([merge request](gitlab-org/security/gitlab!3735))
+- [Validate access level of user while rotating token](gitlab-org/security/gitlab@a8267a4facee6ba922897fa2a1f358636d24fb09) ([merge request](gitlab-org/security/gitlab!3750))
+- [Fix large time_spent value causing GraphQL error `Integer out of bounds`](gitlab-org/security/gitlab@6a48b4b8d58daf75a1d1da192b69c790435427bc) ([merge request](gitlab-org/security/gitlab!3745))
+- [Restrict Protected branch access via group to direct members](gitlab-org/security/gitlab@dde50268150c2ef4653c7024eb8357321042ec94) ([merge request](gitlab-org/security/gitlab!3726))
+- [Remove the ability to fork and create MR for auditors](gitlab-org/security/gitlab@c1a532527ee764c32f9c0779fa787a31b6d481f4) ([merge request](gitlab-org/security/gitlab!3738))
+- [Restrict passing variables on the pipeline schedule API](gitlab-org/security/gitlab@0f12c83c9be495e37a04594c678a500643deb410) ([merge request](gitlab-org/security/gitlab!3723))
+- [Smartcard auth: encrypt client cert in params](gitlab-org/security/gitlab@180374e354da080d90c70500aef9e574cc371e9e) ([merge request](gitlab-org/security/gitlab!3729))
+
 ## 16.6.1 (2023-11-30)
 
 ### Fixed (3 changes)
@@ -570,6 +587,23 @@ entry.
 - [Remove pubsub migration helper for actioncable](gitlab-org/gitlab@763ca1305db6f1c9cf6700b8497494a81926d742) ([merge request](gitlab-org/gitlab!133066))
 - [Use partitioned table for CommitStatus](gitlab-org/gitlab@063826e042778995fae13928a2fb5de2c8855b45) ([merge request](gitlab-org/gitlab!134489))
 
+## 16.5.4 (2023-12-13)
+
+### Fixed (1 change)
+
+- [Truncate verification failure message to 255](gitlab-org/security/gitlab@640f8fa1b9ac91767b25992be646b8369fe41e09) **GitLab Enterprise Edition**
+
+### Security (8 changes)
+
+- [Prevent tag names starting with SHA-1 and SHA-256 values](gitlab-org/security/gitlab@2a67d2efe432eeb1264ffe3dd5e0625c364d3d4b) ([merge request](gitlab-org/security/gitlab!3747))
+- [Pass encoded file paths to router](gitlab-org/security/gitlab@7299f46a651db01f451694bf7b801ae8af672592) ([merge request](gitlab-org/security/gitlab!3736))
+- [Validate access level of user while rotating token](gitlab-org/security/gitlab@4a1ca1e3f95d858966ef1f985925c57f70923e17) ([merge request](gitlab-org/security/gitlab!3751))
+- [Fix large time_spent value causing GraphQL error `Integer out of bounds`](gitlab-org/security/gitlab@a87f5d04de526fbed7ecbf6ed8d44db356076826) ([merge request](gitlab-org/security/gitlab!3744))
+- [Restrict Protected branch access via group to direct members](gitlab-org/security/gitlab@22fd1a0d19f49c761fb20f80c326fa8658c962f7) ([merge request](gitlab-org/security/gitlab!3727))
+- [Remove the ability to fork and create MR for auditors](gitlab-org/security/gitlab@1a9d9490b3cf0e91321a90333d3f79ed275df4c0) ([merge request](gitlab-org/security/gitlab!3739))
+- [Restrict passing variables on the pipeline schedule API](gitlab-org/security/gitlab@eeb86c57a3b09b04659cb3d1300e396bdd51db58) ([merge request](gitlab-org/security/gitlab!3724))
+- [Smartcard auth: encrypt client cert in params](gitlab-org/security/gitlab@4ca907081651de95bcb392ee2ca2626dd7679f36) ([merge request](gitlab-org/security/gitlab!3730))
+
 ## 16.5.3 (2023-11-30)
 
 ### Security (11 changes)
@@ -1281,6 +1315,19 @@ entry.
 - [Alias read_namespace to access_namespace and move usages to new ability](gitlab-org/gitlab@61cdb4127143162a9bf9182f9c3c2d8421ee447f) by @Taucher2003 ([merge request](gitlab-org/gitlab!126625))
 - [Remove `custom_roles_on_groups` feature flag](gitlab-org/gitlab@ddb4b4399b8bb82793410005c5778a002ae409b9) ([merge request](gitlab-org/gitlab!132187)) **GitLab Enterprise Edition**
 
+## 16.4.4 (2023-12-13)
+
+### Security (8 changes)
+
+- [Prevent tag names starting with SHA-1 and SHA-256 values](gitlab-org/security/gitlab@dea535057d372f313db2f3afb7928a65a3acfcf7) ([merge request](gitlab-org/security/gitlab!3748))
+- [Pass encoded file paths to router](gitlab-org/security/gitlab@435d14da6592134edc1b051be9e53a5756f37eff) ([merge request](gitlab-org/security/gitlab!3737))
+- [Validate access level of user while rotating token](gitlab-org/security/gitlab@d4e74025a0910966e4c92a117a5d1721c1d69854) ([merge request](gitlab-org/security/gitlab!3752))
+- [Fix large time_spent value causing GraphQL error `Integer out of bounds`](gitlab-org/security/gitlab@532192423ae25061c7454a47956b0d9f9ff07ffa) ([merge request](gitlab-org/security/gitlab!3753))
+- [Restrict Protected branch access via group to direct members](gitlab-org/security/gitlab@267933e624d8988ace9948804476f1c5d14fc228) ([merge request](gitlab-org/security/gitlab!3728))
+- [Remove the ability to fork and create MR for auditors](gitlab-org/security/gitlab@720c977c36a1ec349b38897b61b7fcb62e6bd1eb) ([merge request](gitlab-org/security/gitlab!3740))
+- [Restrict passing variables on the pipeline schedule API](gitlab-org/security/gitlab@ed1141076ffef659886753830b201e68c9bacf32) ([merge request](gitlab-org/security/gitlab!3725))
+- [Smartcard auth: encrypt client cert in params](gitlab-org/security/gitlab@3c1d11225878573e9de0803f0484e17764bce8ee) ([merge request](gitlab-org/security/gitlab!3731))
+
 ## 16.4.3 (2023-11-30)
 
 ### Fixed (1 change)

Gemfile

@@ -434,7 +434,7 @@ group :development, :test do
 
   gem 'gitlab-styles', '~> 11.0.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
 
-  gem 'haml_lint', '~> 0.51', require: false # rubocop:todo Gemfile/MissingFeatureCategory
+  gem 'haml_lint', '~> 0.52', require: false # rubocop:todo Gemfile/MissingFeatureCategory
   gem 'bundler-audit', '~> 0.9.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory
 
   # Benchmarking & profiling

Gemfile.checksum

@@ -282,7 +282,7 @@
 {"name":"guard-compat","version":"1.2.1","platform":"ruby","checksum":"3ad21ab0070107f92edfd82610b5cdc2fb8e368851e72362ada9703443d646fe"},
 {"name":"guard-rspec","version":"4.7.3","platform":"ruby","checksum":"a47ba03cbd1e3c71e6ae8645cea97e203098a248aede507461a43e906e2f75ca"},
 {"name":"haml","version":"5.2.2","platform":"ruby","checksum":"6e759246556145642ef832d670fc06f9bd8539159a0e600847a00291dd7aae0c"},
-{"name":"haml_lint","version":"0.51.0","platform":"ruby","checksum":"6c5e73b979dcd806ddf0043971bfc2076f832c24722314503ebb1087c361a8e7"},
+{"name":"haml_lint","version":"0.52.0","platform":"ruby","checksum":"76326b0f1a412558303bca983bd1bbb6e46555386589174502d263b9918114ea"},
 {"name":"hamlit","version":"2.15.0","platform":"java","checksum":"fda165464e59337ab7cda6304a66bfdb607bb7155f25566da19c9ee7b98e03d1"},
 {"name":"hamlit","version":"2.15.0","platform":"ruby","checksum":"d2e8505362338945fa309c68b2b8be07ebdc181200ec6021223567bf66dac38e"},
 {"name":"hana","version":"1.3.7","platform":"ruby","checksum":"5425db42d651fea08859811c29d20446f16af196308162894db208cac5ce9b0d"},

Gemfile.lock

@@ -872,7 +872,7 @@ GEM
     haml (5.2.2)
       temple (>= 0.8.0)
       tilt
-    haml_lint (0.51.0)
+    haml_lint (0.52.0)
       haml (>= 4.0)
       parallel (~> 1.10)
       rainbow
@@ -1923,7 +1923,7 @@ DEPENDENCIES
   grpc (~> 1.58.0)
   gssapi (~> 1.3.1)
   guard-rspec
-  haml_lint (~> 0.51)
+  haml_lint (~> 0.52)
   hamlit (~> 2.15.0)
   hashie (~> 5.0.0)
   health_check (~> 3.0)

app/assets/javascripts/emoji/components/category.vue

@@ -52,7 +52,7 @@ export default {
         :key="index"
         :emojis="emojiGroup"
         :render-group="renderGroup"
-        @emoji-click="onClick"
+        :click-emoji="(emoji) => onClick(emoji)"
       />
     </template>
     <p v-else>

app/assets/javascripts/emoji/components/emoji_group.vue

@@ -1,10 +1,10 @@
 <script>
-import { GlButton } from '@gitlab/ui';
+import { compatFunctionalMixin } from '~/lib/utils/vue3compat/compat_functional_mixin';
 
 export default {
-  components: {
-    GlButton,
-  },
+  // Temporary mixin for migration from Vue.js 2 to @vue/compat
+  mixins: [compatFunctionalMixin],
+
   props: {
     emojis: {
       type: Array,
@@ -14,33 +14,28 @@ export default {
       type: Boolean,
       required: true,
     },
-  },
-  methods: {
-    clickEmoji(emoji) {
-      this.$emit('emoji-click', emoji);
+    clickEmoji: {
+      type: Function,
+      required: true,
     },
   },
 };
 </script>
 
-<template>
+<!-- eslint-disable-next-line vue/no-deprecated-functional-template -->
+<template functional>
   <div class="gl-display-flex gl-flex-wrap gl-mb-2">
-    <template v-if="renderGroup">
-      <gl-button
-        v-for="emoji in emojis"
+    <template v-if="props.renderGroup">
+      <button
+        v-for="emoji in props.emojis"
         :key="emoji"
         type="button"
-        category="tertiary"
-        class="emoji-picker-emoji"
-        :aria-label="emoji"
+        class="gl-border-0 gl-bg-transparent gl-px-0 gl-py-2 gl-text-center emoji-picker-emoji"
         data-testid="emoji-button"
-        button-text-classes="gl-display-none!"
-        @click="clickEmoji(emoji)"
+        @click="props.clickEmoji(emoji)"
       >
-        <template #emoji>
-          <gl-emoji :data-name="emoji" class="gl-mr-0!" />
-        </template>
-      </gl-button>
+        <gl-emoji :data-name="emoji" />
+      </button>
     </template>
   </div>
 </template>

app/assets/javascripts/repository/components/table/row.vue

@@ -120,13 +120,13 @@ export default {
     routerLinkTo() {
       if (this.isBlob) {
         return buildURLwithRefType({
-          path: joinPaths('/-/blob', this.escapedRef, this.path),
+          path: joinPaths('/-/blob', this.escapedRef, encodeURI(this.path)),
           refType: this.refType,
         });
       }
       if (this.isFolder) {
         return buildURLwithRefType({
-          path: joinPaths('/-/tree', this.escapedRef, this.path),
+          path: joinPaths('/-/tree', this.escapedRef, encodeURI(this.path)),
           refType: this.refType,
         });
       }

app/assets/stylesheets/framework/emojis.scss

@@ -41,16 +41,6 @@ gl-emoji {
   &:focus {
     transform: scale(1.3);
   }
-
-  &:focus {
-    @include gl-z-index-2;
-    mix-blend-mode: normal !important;
-  }
-
-  gl-emoji {
-    width: px-to-rem($gl-padding);
-    top: -1px;
-  }
 }
 
 .emoji-picker .gl-dropdown .dropdown-menu {

app/controllers/jwt_controller.rb

@@ -33,6 +33,7 @@ def authenticate_project_or_user
     @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_only_authentication_abilities)
 
     authenticate_with_http_basic do |login, password|
+      @raw_token = password
       @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, request: request)
 
       if @authentication_result.failed?
@@ -80,6 +81,7 @@ def auth_params
   def additional_params
     {
       scopes: scopes_param,
+      raw_token: @raw_token,
       deploy_token: @authentication_result.deploy_token,
       auth_type: @authentication_result.type
     }.compact

app/graphql/mutations/work_items/delete_task.rb

@@ -111,7 +111,7 @@ class IssueType < BaseObject
     field :time_estimate, GraphQL::Types::Int, null: false,
                                                description: 'Time estimate of the issue.'
     field :total_time_spent, GraphQL::Types::Int, null: false,
-                                                  description: 'Total time reported as spent on the issue.'
+                                                  description: 'Total time (in seconds) reported as spent on the issue.'
 
     field :closed_at, Types::TimeType, null: true,
                                        description: 'Timestamp of when the issue was closed.'

app/graphql/types/issue_type.rb

@@ -199,7 +199,7 @@ class MergeRequestType < BaseObject
     field :time_estimate, GraphQL::Types::Int, null: false,
                                                description: 'Time estimate of the merge request.'
     field :total_time_spent, GraphQL::Types::Int, null: false,
-                                                  description: 'Total time reported as spent on the merge request.'
+                                                  description: 'Total time (in seconds) reported as spent on the merge request.'
 
     field :approved, GraphQL::Types::Boolean,
           method: :approved?,

app/graphql/types/merge_request_type.rb

@@ -188,7 +188,6 @@ class MutationType < BaseObject
     mount_mutation Mutations::WorkItems::Create, alpha: { milestone: '15.1' }
     mount_mutation Mutations::WorkItems::CreateFromTask, alpha: { milestone: '15.1' }
     mount_mutation Mutations::WorkItems::Delete, alpha: { milestone: '15.1' }
-    mount_mutation Mutations::WorkItems::DeleteTask, alpha: { milestone: '15.1' }
     mount_mutation Mutations::WorkItems::Update, alpha: { milestone: '15.1' }
     mount_mutation Mutations::WorkItems::UpdateTask, alpha: { milestone: '15.1' }
     mount_mutation Mutations::WorkItems::Export, alpha: { milestone: '15.10' }