Linjie Zhang authored 2 years ago and Vasilii Iakliushin committed 2 years ago

Stream audit event for mergre request create action.

Changelog: added
EE: true

Fix issue with MR Labels not passed correctly to script

See merge request !91671

Removes noisy lines from transformed notebook

See merge request !91579

Apply rate limiting for paid plan customer hooks

See merge request !90868

Luke Duncalfe authored 2 years ago and Heinrich Lee Yu committed 2 years ago

This change enables rate limit of webhooks of paid plan customers.

Customers on the free plan have had their webhooks subject to rate
limiting since
!61151.

In #337228 logs were
collected when a hook would be rate-limited.

We now apply the rate limit instead of logging.

#365605

Changelog: changed
EE: true

Improve documentation wording

See merge request !91503

Use auditor when auditing using audit changes

See merge request !91461

Harsimar Sandhu authored 2 years ago and Alexandru Croitor committed 2 years ago

EE: true
Changelog: changed

Replace deprecated createFlash, add loading icon and add tabs query param to group audit events

See merge request !90798

Add ignore rule for migrated_to_new_structure column

See merge request !91381

Vendor new gem to support PBKDF2+SHA512 password hashing

See merge request !90629

Use dangers to remind user to check migrations

See merge request !91439

Remove footer from DAST profiles editing mode

See merge request !91492

Artur Fedorov authored 2 years ago and Phil Hughes committed 2 years ago

This MR removes sticky footer from sidebar
in editing mode. Sticky footer must be only
visible in reading mode.

Changelog: fixed
EE: true

Omit MD5 fingerprints in deploy key API response

See merge request !91302

Stan Hu authored 2 years ago and Alexandru Croitor committed 2 years ago

In FIPS mode, MD5 fingerprints are not generated, but the SHA256
versions are available. Adjust the API entity to export the SHA256
fingerprint and schema to ensure that the SHA256 value is available.

Update deploy keys API docs to reflect this. Include `fingerprint` and
`fingerprint_sha256` where the fields were missing before. Add a note
about FIPS behavior.

Relates to #364562

Changelog: changed

Add "paths" to rules:changes

See merge request !90171

Furkan Ayhan authored 2 years ago and Marius Bobin committed 2 years ago

This is the second step of improving the "rules:changes" CI config.
This will add an alias syntax for "rules:changes": "rules:changes:paths"

Fix status box styling on Jira issue details page

See merge request !91567

Fix flaky feature specs for "user awards emoji"

See merge request !91630

workhorse: Update module github.com/gorilla/websocket to v1.5.0

See merge request !91613

workhorse: Update module github.com/FZambia/sentinel to v1.1.0

See merge request !91232

Correct check of epic_color_highlight FF in Epic mutations

See merge request !91389

Andrew Smith authored 2 years ago and Matthias Käppler committed 2 years ago

The validation for the Epic `color` attribute was attempting to check
the feature flag status without passing in the group object to check the
feature flag against causing the attribute to always be removed unless
the feature flag was enabled globally.

The removal of the `color` attribute also happened at the wrong time.
The `color` attribute should be removed if the flag isn't enabled before
checking `args.empty?`.

Signed-off-by: Andrew Smith <espadav8@gmail.com>

Refine content about access token expiration

See merge request !91648

- Replaced createFlash with createAlert on events app when the streams
fail to load at all
- Replaced createFlash with createAlert on streaming item when the
tream fails to delete
- Replaced createFlash with GlAlert on the streams app when saving fails
- Added query param controls to audit event tabs
- Add loading icon
- Update specs

Changelog: changed
EE: true
MR: !90798

Allow job tokens to access internal packages

See merge request !91545

Steve Abrams authored 2 years ago and Bob Van Landuyt committed 2 years ago

Packages are tied to the project visibility. If a project
is public, so is the package. If a project is internal, so
is the package. This updates permissions needed to pull
packages in those cases using the CI Job Token so that the
permissions match the behavior that already exists with
personal access tokens.

Related: #333444
EE: true
Changelog: fixed

Show pre-enforcement storage banner on project page

See merge request !90811

Rename `AuditLogFinder` to `AuditEventFinder`

See merge request !91484

Fix 33_triage_ops database seed

See merge request !91556

Fix FIPS tests for dependency scanning tests

See merge request !91619

Update Gitaly version

See merge request !91655

Improve detail on expect_import_finished custom error msg

See merge request !91637

Container registry: stop appending Root image

See merge request !90590

Drew Blessing authored 2 years ago and Imre Farkas committed 2 years ago

New gem based on devise-encryptable that supports PBKDF2+SHA512.
In the future this gem may be released individually, or contributed
upstream to devise-encryptable.

workhorse: Update module github.com/rafaeljusto/redigomock to v3

See merge request !91240

Add note for SaaS clients using PlantUML integration

See merge request !91639