gitlab: 15.4.4 -> 15.6.0

https://about.gitlab.com/releases/2022/11/22/gitlab-15-6-released/

1 files changed, 85 insertions, 60 deletions

diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile
index 0426bd84020..57d7e83750f 100644
--- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile
@@ -2,30 +2,48 @@
 
 source 'https://rubygems.org'
 
+if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still experimental
+  $LOAD_PATH.unshift(File.expand_path("vendor/gems/bundler-checksum/lib", __dir__))
+  require 'bundler-checksum'
+  Bundler::Checksum.patch!
+end
+
 gem 'bundler-checksum', '~> 0.1.0', path: 'bundler-checksum', require: false
 
+# NOTE: When incrementing the major or minor version here, also increment activerecord_version
+# in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve
+# https://gitlab.com/gitlab-org/gitlab/-/issues/375713
 gem 'rails', '~> 6.1.6.1'
 
 gem 'bootsnap', '~> 1.13.0', require: false
 
+# Pin openssl to match the version bundled with our supported Rubies.
+# See https://stdgems.org/openssl/#gem-version.
+gem 'openssl', '2.2.1'
+# This gem was originally bundled with Ruby 2.7, but is unbundled as of Ruby 3.
+# Since the latest version caused problems with GitLab, we pin this to an older
+# version for now.
+# See https://gitlab.com/gitlab-org/gitlab/-/issues/376417
+gem 'ipaddr', '1.2.2'
+
 # Responders respond_to and respond_with
 gem 'responders', '~> 3.0'
 
 gem 'sprockets', '~> 3.7.0'
 
-gem 'view_component', '~> 2.71.0'
+gem 'view_component', '~> 2.74.1'
 
 # Default values for AR models
 gem 'default_value_for', '~> 3.4.0'
 
 # Supported DBs
-gem 'pg', '~> 1.4.0'
+gem 'pg', '~> 1.4.3'
 
 gem 'rugged', '~> 1.2'
 gem 'grape-path-helpers', '~> 1.7.1'
 
 gem 'faraday', '~> 1.0'
-gem 'marginalia', '~> 1.10.0'
+gem 'marginalia', '~> 1.11.1'
 
 # Authorization
 gem 'declarative_policy', '~> 1.1.0'
@@ -38,18 +56,17 @@ gem 'doorkeeper', '~> 5.5.0.rc2'
 gem 'doorkeeper-openid_connect', '~> 1.7.5'
 gem 'rexml', '~> 3.2.5'
 gem 'ruby-saml', '~> 1.13.0'
-gem 'omniauth-rails_csrf_protection'
 gem 'omniauth', '~> 2.1.0'
 gem 'omniauth-auth0', '~> 2.0.0'
-gem 'omniauth-azure-activedirectory-v2', '~> 1.0'
+gem 'omniauth-azure-activedirectory-v2', '~> 2.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'omniauth-azure-oauth2' # See gem README.md
 gem 'omniauth-cas3', '~> 1.1.4', path: 'omniauth-cas3' # See vendor/gems/omniauth-cas3/README.md
 gem 'omniauth-dingtalk-oauth2', '~> 1.0'
-gem 'omniauth-alicloud', '~> 1.0.1'
+gem 'omniauth-alicloud', '~> 2.0.0'
 gem 'omniauth-facebook', '~> 4.0.0'
-gem 'omniauth-github', '2.0.0'
+gem 'omniauth-github', '2.0.1'
 gem 'omniauth-gitlab', '~> 4.0.0', path: 'omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md
-gem 'omniauth-google-oauth2', '~> 1.0.1', path: 'omniauth-google-oauth2' # See gem README.md
+gem 'omniauth-google-oauth2', '~> 1.1'
 gem 'omniauth-oauth2-generic', '~> 0.2.2'
 gem 'omniauth-saml', '~> 2.0.0'
 gem 'omniauth-shibboleth', '~> 1.3.0'
@@ -59,7 +76,7 @@ gem 'omniauth-authentiq', '~> 0.3.3'
 gem 'gitlab-omniauth-openid-connect', '~> 0.10.0', require: 'omniauth_openid_connect'
 gem 'omniauth-salesforce', '~> 1.0.5', path: 'omniauth-salesforce' # See gem README.md
 gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
-gem 'rack-oauth2', '~> 1.21.2'
+gem 'rack-oauth2', '~> 1.21.3'
 gem 'jwt', '~> 2.1.0'
 
 # Kerberos authentication. EE-only
@@ -69,12 +86,12 @@ gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos
 # Spam and anti-bot protection
 gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails'
 gem 'akismet', '~> 3.0'
-gem 'invisible_captcha', '~> 1.1.0'
+gem 'invisible_captcha', '~> 2.0.0'
 
 # Two-factor authentication
 gem 'devise-two-factor', '~> 4.0.2'
 gem 'rqrcode-rails3', '~> 0.1.7'
-gem 'attr_encrypted', '~> 3.1.0'
+gem 'attr_encrypted', '~> 3.2.4', path: 'attr_encrypted'
 gem 'u2f', '~> 0.2.1'
 
 # GitLab Pages
@@ -84,7 +101,7 @@ gem 'rubyzip', '~> 2.3.2', require: 'zip'
 gem 'acme-client', '~> 2.0'
 
 # Browser detection
-gem 'browser', '~> 4.2'
+gem 'browser', '~> 5.3.1'
 
 # OS detection for usage ping
 gem 'ohai', '~> 16.10'
@@ -101,7 +118,9 @@ gem 'net-ldap', '~> 0.16.3'
 # API
 gem 'grape', '~> 1.5.2'
 gem 'grape-entity', '~> 0.10.0'
-gem 'rack-cors', '~> 1.1.0', require: 'rack/cors'
+gem 'rack-cors', '~> 1.1.1', require: 'rack/cors'
+gem 'grape-swagger', '~>1.5.0', group: [:development, :test]
+gem 'grape-swagger-entity', '~> 0.5.1', group: [:development, :test]
 
 # GraphQL API
 gem 'graphql', '~> 1.13.12'
@@ -110,12 +129,10 @@ gem 'apollo_upload_server', '~> 2.1.0'
 gem 'graphql-docs', '~> 2.1.0', group: [:development, :test]
 gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import)
 
-gem 'hashie'
-# Disable strong_params so that Mash does not respond to :permitted?
-gem 'hashie-forbidden_attributes'
+gem 'hashie', '~> 5.0.0'
 
 # Pagination
-gem 'kaminari', '~> 1.0'
+gem 'kaminari', '~> 1.2.2'
 
 # HAML
 gem 'hamlit', '~> 2.15.0'
@@ -125,16 +142,16 @@ gem 'carrierwave', '~> 1.3'
 gem 'mini_magick', '~> 4.10.1'
 
 # for backups
-gem 'fog-aws', '~> 3.14'
+gem 'fog-aws', '~> 3.15'
 # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
 # Also see config/initializers/fog_core_patch.rb.
 gem 'fog-core', '= 2.1.0'
-gem 'fog-google', '~> 1.15', require: 'fog/google'
-gem 'fog-local', '~> 0.6'
+gem 'fog-google', '~> 1.19', require: 'fog/google'
+gem 'fog-local', '~> 0.8'
 gem 'fog-openstack', '~> 1.0'
 gem 'fog-rackspace', '~> 0.1.1'
 gem 'fog-aliyun', '~> 0.3'
-gem 'gitlab-fog-azure-rm', '~> 1.3.0', require: 'fog/azurerm'
+gem 'gitlab-fog-azure-rm', '~> 1.4.0', require: 'fog/azurerm'
 
 # for Google storage
 gem 'google-api-client', '~> 0.33'
@@ -149,18 +166,17 @@ gem 'seed-fu', '~> 2.3.7'
 gem 'elasticsearch-model', '~> 7.2'
 gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation'
 gem 'elasticsearch-api',   '7.13.3'
-gem 'aws-sdk-core', '~> 3.131.0'
+gem 'aws-sdk-core', '~> 3.167.0'
 gem 'aws-sdk-cloudformation', '~> 1'
-gem 'aws-sdk-s3', '~> 1.114.0'
+gem 'aws-sdk-s3', '~> 1.117.1'
 gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
 gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections
 
 # Markdown and HTML processing
-gem 'html-pipeline', '~> 2.13.2'
-gem 'deckar01-task_list', '2.3.1'
-gem 'gitlab-markup', '~> 1.8.0'
-gem 'github-markup', '~> 1.7.0', require: 'github/markup'
-gem 'commonmarker', '~> 0.23.4'
+gem 'html-pipeline', '~> 2.14.3'
+gem 'deckar01-task_list', '2.3.2'
+gem 'gitlab-markup', '~> 1.8.0', require: 'github/markup'
+gem 'commonmarker', '~> 0.23.6'
 gem 'kramdown', '~> 2.3.1'
 gem 'RedCloth', '~> 4.3.2'
 gem 'rdoc', '~> 6.3.2'
@@ -170,12 +186,11 @@ gem 'wikicloth', '0.8.1'
 gem 'asciidoctor', '~> 2.0.17'
 gem 'asciidoctor-include-ext', '~> 0.4.0', require: false
 gem 'asciidoctor-plantuml', '~> 0.0.16'
-gem 'asciidoctor-kroki', '~> 0.5.0', require: false
+gem 'asciidoctor-kroki', '~> 0.7.0', require: false
 gem 'rouge', '~> 3.30.0'
 gem 'truncato', '~> 0.7.12'
 gem 'bootstrap_form', '~> 4.2.0'
-gem 'nokogiri', '~> 1.13.8'
-gem 'escape_utils', '~> 1.1'
+gem 'nokogiri', '~> 1.13.9'
 
 # Calendar rendering
 gem 'icalendar'
@@ -187,7 +202,7 @@ gem 'diff_match_patch', '~> 0.1.0'
 # Application server
 gem 'rack', '~> 2.2.4'
 # https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually
-gem 'rack-timeout', '~> 0.6.0', require: 'rack/timeout/base'
+gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base'
 
 group :puma do
   gem 'puma', '~> 5.6.5', require: false
@@ -202,16 +217,16 @@ gem 'state_machines-activerecord', '~> 0.8.0'
 gem 'acts-as-taggable-on', '~> 9.0'
 
 # Background jobs
-gem 'sidekiq', '~> 6.4.0'
-gem 'sidekiq-cron', '~> 1.4.0'
-gem 'redis-namespace', '~> 1.8.1'
-gem 'gitlab-sidekiq-fetcher', '0.8.0', require: 'sidekiq-reliable-fetch'
+gem 'sidekiq', '~> 6.5.7'
+gem 'sidekiq-cron', '~> 1.8.0'
+gem 'redis-namespace', '~> 1.9.0'
+gem 'gitlab-sidekiq-fetcher', '0.9.0', require: 'sidekiq-reliable-fetch'
 
 # Cron Parser
 gem 'fugit', '~> 1.2.1'
 
 # HTTP requests
-gem 'httparty', '~> 0.16.4'
+gem 'httparty', '~> 0.20.0'
 
 # Colored output to console
 gem 'rainbow', '~> 3.0'
@@ -223,20 +238,20 @@ gem 'ruby-progressbar', '~> 1.10'
 gem 'settingslogic', '~> 2.0.9'
 
 # Linear-time regex library for untrusted regular expressions
-gem 're2', '~> 1.4.0'
+gem 're2', '~> 1.6.0'
 
 # Misc
 
 gem 'version_sorter', '~> 2.2.4'
 
 # Export Ruby Regex to Javascript
-gem 'js_regex', '~> 3.7'
+gem 'js_regex', '~> 3.8'
 
 # User agent parsing
 gem 'device_detector'
 
 # Redis
-gem 'redis', '~> 4.7.0'
+gem 'redis', '~> 4.8.0'
 gem 'connection_pool', '~> 2.0'
 
 # Redis session store
@@ -262,7 +277,7 @@ gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat'
 gem 'asana', '~> 0.10.13'
 
 # FogBugz integration
-gem 'ruby-fogbugz', '~> 0.2.1'
+gem 'ruby-fogbugz', '~> 0.3.0'
 
 # Kubernetes integration
 gem 'kubeclient', '~> 4.9.3'
@@ -272,7 +287,7 @@ gem 'sanitize', '~> 6.0'
 gem 'babosa', '~> 1.0.4'
 
 # Sanitizes SVG input
-gem 'loofah', '~> 2.18.0'
+gem 'loofah', '~> 2.19.0'
 
 # Working with license
 # Detects the open source license the repository includes
@@ -292,7 +307,7 @@ gem 'fast_blank'
 gem 'gitlab-chronic', '~> 0.10.5'
 gem 'gitlab_chronic_duration', '~> 0.10.6.2'
 
-gem 'rack-proxy', '~> 0.7.2'
+gem 'rack-proxy', '~> 0.7.4'
 
 gem 'sassc-rails', '~> 2.1.0'
 gem 'autoprefixer-rails', '10.2.5.1'
@@ -301,13 +316,13 @@ gem 'terser', '1.0.2'
 gem 'addressable', '~> 2.8'
 gem 'tanuki_emoji', '~> 0.6'
 gem 'gon', '~> 6.4.0'
-gem 'request_store', '~> 1.5'
+gem 'request_store', '~> 1.5.1'
 gem 'base32', '~> 0.3.0'
 
 gem 'gitlab-license', '~> 2.2.1'
 
 # Protect against bruteforcing
-gem 'rack-attack', '~> 6.6.0'
+gem 'rack-attack', '~> 6.6.1'
 
 # Sentry integration
 gem 'sentry-raven', '~> 3.1'
@@ -317,12 +332,12 @@ gem 'sentry-sidekiq', '~> 5.1.1'
 
 # PostgreSQL query parsing
 #
-gem 'pg_query', '~> 2.1.0'
+gem 'pg_query', '~> 2.2'
 
 gem 'premailer-rails', '~> 1.10.3'
 
 # LabKit: Tracing and Correlation
-gem 'gitlab-labkit', '~> 0.24.0'
+gem 'gitlab-labkit', '~> 0.28.0'
 gem 'thrift', '>= 0.16.0'
 
 # I18n
@@ -347,12 +362,12 @@ gem 'prometheus-client-mmap', '~> 0.16', require: 'prometheus/client'
 gem 'warning', '~> 1.3.0'
 
 group :development do
-  gem 'lefthook', '~> 1.1.1', require: false
+  gem 'lefthook', '~> 1.2.0', require: false
   gem 'rubocop'
-  gem 'solargraph', '~> 0.46.0', require: false
+  gem 'solargraph', '~> 0.47.2', require: false
 
   gem 'letter_opener_web', '~> 2.0.0'
-  gem 'lookbook', '~> 1.0'
+  gem 'lookbook', '~> 1.2', '>= 1.2.1'
 
   # Better errors handler
   gem 'better_errors', '~> 2.9.1'
@@ -382,7 +397,7 @@ group :development, :test do
   gem 'spring', '~> 2.1.0'
   gem 'spring-commands-rspec', '~> 1.0.4'
 
-  gem 'gitlab-styles', '~> 8.0.0', require: false
+  gem 'gitlab-styles', '~> 9.0.0', require: false
 
   gem 'haml_lint', '~> 0.40.0', require: false
   gem 'bundler-audit', '~> 0.7.0.1', require: false
@@ -406,11 +421,11 @@ group :development, :test do
 
   gem 'sigdump', '~> 0.2.4', require: 'sigdump/setup'
 
-  gem 'pact', '~> 1.12'
+  gem 'pact', '~> 1.63'
 end
 
 group :development, :test, :danger do
-  gem 'gitlab-dangerfiles', '~> 3.5.2', require: false
+  gem 'gitlab-dangerfiles', '~> 3.6.2', require: false
 end
 
 group :development, :test, :coverage do
@@ -460,10 +475,9 @@ gem 'gitlab-mail_room', '~> 0.0.9', require: 'mail_room'
 gem 'email_reply_trimmer', '~> 0.1'
 gem 'html2text'
 
-gem 'ruby-prof', '~> 1.3.0'
 gem 'stackprof', '~> 0.2.21', require: false
 gem 'rbtrace', '~> 0.4', require: false
-gem 'memory_profiler', '~> 0.9', require: false
+gem 'memory_profiler', '~> 1.0', require: false
 gem 'activerecord-explain-analyze', '~> 0.1', require: false
 
 # OAuth
@@ -486,16 +500,16 @@ gem 'ssh_data', '~> 1.3'
 gem 'spamcheck', '~> 1.0.0'
 
 # Gitaly GRPC protocol definitions
-gem 'gitaly', '~> 15.4.0-rc2'
+gem 'gitaly', '~> 15.5.0'
 
 # KAS GRPC protocol definitions
 gem 'kas-grpc', '~> 0.0.2'
 
 gem 'grpc', '~> 1.42.0'
 
-gem 'google-protobuf', '~> 3.21'
+gem 'google-protobuf', '~> 3.21', '>= 3.21.9'
 
-gem 'toml-rb', '~> 2.0'
+gem 'toml-rb', '~> 2.2.0'
 
 # Feature toggles
 gem 'flipper', '~> 0.25.0'
@@ -519,8 +533,6 @@ gem 'retriable', '~> 3.1.2'
 # LRU cache
 gem 'lru_redux'
 
-gem 'erubi', '~> 1.9.0'
-
 # Locked as long as quoted-printable encoding issues are not resolved
 # Monkey-patched in `config/initializers/mail_encoding_patch.rb`
 # See https://gitlab.com/gitlab-org/gitlab/issues/197386
@@ -539,6 +551,7 @@ gem 'valid_email', '~> 0.1'
 gem 'json', '~> 2.5.1'
 gem 'json_schemer', '~> 0.2.18'
 gem 'oj', '~> 3.13.21'
+gem 'oj-introspect', '~> 0.7'
 gem 'multi_json', '~> 1.14.1'
 gem 'yajl-ruby', '~> 1.4.3', require: 'yajl'
 
@@ -556,3 +569,15 @@ gem 'ed25519', '~> 1.3.0'
 # Error Tracking OpenAPI client
 # See https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/rake_tasks.md#update-openapi-client-for-error-tracking-feature
 gem 'error_tracking_open_api', path: 'error_tracking_open_api'
+
+# Vulnerability advisories
+gem 'cvss-suite', '~> 3.0.1', require: 'cvss_suite'
+
+# Work with RPM packages
+gem 'arr-pm', '~> 0.0.12'
+
+# Apple plist parsing
+gem 'CFPropertyList'
+
+# For phone verification
+gem 'telesignenterprise', '~> 2.2'