When browsing project -> repository -> graph it shows a gravatar icon and not uploaded avatar pictures we have on our profiles. This started when upgrading to 15.11.2, now 15.11.3 and the problem remains.
This issue was automatically tagged with the label groupsource code by TanukiStan, a machine learning classification model, with a probability of 1.
If this label is incorrect, please tag this issue with the correct group label as well as automation:ml wrong to help TanukiStan learn from its mistakes.
To set expectations, GitLab product managers or team members can't make any promise if they will proceed with this.
However, we believe everyone can contribute,
and welcome you to work on this proposed change, feature or bug fix.
There is a bias for action,
so you don't need to wait. Try and spin up that merge request yourself.
If you need help doing so, we're always open to mentor you
to drive this change.
To summarise for people experiencing this: we had a reported vulnerability related to avatar loading in some areas of the application, and unfortunately the network graph is negatively affected by it - the change was made so that when looking up avatars by email address (as is done on the network graph) that it would only match users' "public" email address, as specified in their profile. Usually these lookups by email address are only from user-submitted content, like commit messages, but the network graph works in a similar way due to how it's constructed.
I think we'll need to tweak how the network graph looks up the avatars to allow it to bypass that restriction. If I get a chance today I'll put together an MR for it as I'm both the author of the security fix and familiar with the network graph
This issue is labeled regression, but doesn't specify which milestone introduced it. We assume it was introduced in the current version (16.0.0-pre) and have labeled it regression:16.0:
If this version number is wrong, please correct it.
Keep the regression label. It helps us search for regressions across all versions.