1. 22 Feb, 2019 1 commit
  2. 11 Feb, 2019 1 commit
  3. 08 Feb, 2019 1 commit
  4. 06 Feb, 2019 1 commit
  5. 04 Feb, 2019 1 commit
  6. 31 Jan, 2019 3 commits
    • Yorick Peterse's avatar
      Fix requiring the rubyzip Gem · b124fbf3
      Yorick Peterse authored
      In commit 6fa5fd85 the `require: false`
      was removed to ensure the Gem was loaded at run time. Unfortunately, the
      `require` necessary for the rubyzip Gem is "zip" and not "rubyzip". As a
      result, Bundler would not require the Gem. This meant that we would
      still run into constant errors when referring to `Zip::File`.
      b124fbf3
    • Stan Hu's avatar
      Fix uninitialized constant with GitLab Pages deploy · fc5ebc3c
      Stan Hu authored
      pages:deploy step was failing with the following error:
      
      ```
      unitialized constant SafeZip::Extract::Zip
      ```
      
      Since license_finder already pulls in rubyzip, we can make it
      a required gem. We also use the scope operator to make the reference to
      Zip::File explicit.
      fc5ebc3c
    • Kamil Trzciński's avatar
      Extract GitLab Pages using RubyZip · 66744469
      Kamil Trzciński authored
      RubyZip allows us to perform strong validation of
      expanded paths where we do extract file.
      
      We introduce the following additional checks
      to extract routines:
      
      1. None of path components can be symlinked,
      2. We drop privileges support for directories,
      3. Symlink source needs to point within the target directory,
         like `public/`,
      4. The symlink source needs to exist ahead of time.
      66744469
  7. 30 Jan, 2019 4 commits
  8. 29 Jan, 2019 1 commit
    • Stan Hu's avatar
      Fix uninitialized constant with GitLab Pages deploy · 6fa5fd85
      Stan Hu authored
      pages:deploy step was failing with the following error:
      
      ```
      unitialized constant SafeZip::Extract::Zip
      ```
      
      Since license_finder already pulls in rubyzip, we can make it
      a required gem. We also use the scope operator to make the reference to
      Zip::File explicit.
      6fa5fd85
  9. 25 Jan, 2019 1 commit
    • Thong Kuah's avatar
      Use http_max_redirects opt to replace monkeypatch · f234aef9
      Thong Kuah authored
      http_max_redirects was introduced in 4.2.2, so upgrade kubeclient.
      
      The monkey-patch was global so we will have to check that all instances
      of Kubeclient::Client are handled.
      
      Spec all methods of KubeClient
      
      This should provide better confidence that we are indeed disallowing
      redirection in all cases
      f234aef9
  10. 22 Jan, 2019 1 commit
    • Kamil Trzciński's avatar
      Extract GitLab Pages using RubyZip · 1a8100cf
      Kamil Trzciński authored
      RubyZip allows us to perform strong validation of
      expanded paths where we do extract file.
      
      We introduce the following additional checks
      to extract routines:
      
      1. None of path components can be symlinked,
      2. We drop privileges support for directories,
      3. Symlink source needs to point within the target directory,
         like `public/`,
      4. The symlink source needs to exist ahead of time.
      1a8100cf
  11. 17 Jan, 2019 2 commits
    • Brett Walker's avatar
      Update to nokogiri 1.10.1 · 800220bd
      Brett Walker authored
      800220bd
    • Andrew Newdigate's avatar
      Conditionally initialize the global opentracing tracer · 57a8859a
      Andrew Newdigate authored
      This change will instantiate an OpenTracing tracer and configure it
      as the global tracer when the GITLAB_TRACING environment variable is
      configured. GITLAB_TRACING takes a "connection string"-like value,
      encapsulating the driver (eg jaeger, etc) and options for the driver.
      
      Since each service, whether it's written in Ruby or Golang, uses the
      same connection-string, it should be very easy to configure all
      services in a cluster, or even a single development machine to be
      setup to use tracing.
      
      Note that this change does not include instrumentation or propagation
      changes as this is a way of breaking a previous larger change into
      components. The instrumentation and propagation changes will follow
      in separate changes.
      57a8859a
  12. 15 Jan, 2019 1 commit
  13. 14 Jan, 2019 1 commit
  14. 11 Jan, 2019 1 commit
  15. 08 Jan, 2019 1 commit
  16. 03 Jan, 2019 1 commit
  17. 30 Dec, 2018 1 commit
  18. 29 Dec, 2018 1 commit
  19. 27 Dec, 2018 1 commit
  20. 24 Dec, 2018 1 commit
  21. 21 Dec, 2018 3 commits
  22. 19 Dec, 2018 2 commits
  23. 17 Dec, 2018 3 commits
  24. 14 Dec, 2018 1 commit
  25. 12 Dec, 2018 1 commit
  26. 06 Dec, 2018 2 commits
  27. 04 Dec, 2018 1 commit
  28. 03 Dec, 2018 1 commit