gitlab-exporter 11.17.1 → 11.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.gitlab-ci.yml +2 -1
  4. data/Gemfile.lock +9 -9
  5. data/gitlab-exporter.gemspec +1 -1
  6. data/lib/gitlab_exporter/database/row_count.rb +3 -3
  7. data/lib/gitlab_exporter/rack_vulndb_255039_patch.rb +35 -0
  8. data/lib/gitlab_exporter/version.rb +1 -1
  9. data/lib/gitlab_exporter/web_exporter.rb +1 -0
  10. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c6ccef6882054ab76a7ae363221460936a3183ed9055b3b0df775373eac4865f
4
- data.tar.gz: e940486956e6d8a32f6c10f696d7baebf27c16d7654e43446325a647e8281143
3
+ metadata.gz: 5bb85649c03d72472315136401ebb234618c2350a5e75e5f426619aed2c97286
4
+ data.tar.gz: f0f0f46b1cbfea992e7b171ed7a1877af7c232a5e0e1a549666d5086d8e72087
5
5
  SHA512:
6
- metadata.gz: d9c4f7f435a0460cf5e068ee1d2840500ef12f3324e779aebcd04fe2cd42e98df18602851d25caedf0c49a91956fd7cb9a62a635eb6269a80d7fdf4b93e2010d
7
- data.tar.gz: dc5e84fd8acd9568c924a5e51a753df3ad85b2efdea1b6e626fa8ed4e604fb5e05c040ec5700e3e85accf52734aa4cd34c37d3bd2549c35cb2e25808a337b04d
6
+ metadata.gz: ed4f5b1dfa84d713c4c2246fa3e77ca604fe49d616d11f0ddc6cf80d1a5d87bc79f62115e4abec9e7d18ef1f50b5f6a654a329d9477464c83f3884cbb06d960f
7
+ data.tar.gz: c10bb0f6452deff8a9f7615a8d7379d30e1c9cc428b50b8092f5f007db87b97ac12c6567b8db75f321a0c749686329931b6fa49ab2e1e63ae335b85341b5ee7b
data/.gitignore CHANGED
@@ -1,2 +1,3 @@
1
1
  .bundle
2
+ vendor
2
3
  config/gitlab-exporter*.yml
data/.gitlab-ci.yml CHANGED
@@ -25,7 +25,8 @@ default:
25
25
  .before_scripts: &before_scripts
26
26
  - git config --global user.email "bot@gitlab.com"
27
27
  - git config --global user.name "Bot User"
28
- - bundle install -j $(nproc) --path vendor
28
+ - bundle config set --local deployment true
29
+ - bundle install -j $(nproc)
29
30
 
30
31
  workflow:
31
32
  rules: &workflow_rules
data/Gemfile.lock CHANGED
@@ -1,11 +1,11 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-exporter (11.17.1)
4
+ gitlab-exporter (11.18.2)
5
5
  connection_pool (= 2.2.5)
6
6
  faraday (~> 1.8.0)
7
7
  pg (= 1.2.3)
8
- puma (= 5.6.2)
8
+ puma (= 5.6.5)
9
9
  quantile (= 0.2.1)
10
10
  redis (= 4.4.0)
11
11
  redis-namespace (= 1.6.0)
@@ -38,18 +38,18 @@ GEM
38
38
  faraday-patron (1.0.0)
39
39
  faraday-rack (1.0.0)
40
40
  multipart-post (2.2.3)
41
- mustermann (1.1.1)
41
+ mustermann (2.0.2)
42
42
  ruby2_keywords (~> 0.0.1)
43
43
  nio4r (2.5.8)
44
44
  parallel (1.20.1)
45
45
  parser (3.0.0.0)
46
46
  ast (~> 2.4.1)
47
47
  pg (1.2.3)
48
- puma (5.6.2)
48
+ puma (5.6.5)
49
49
  nio4r (~> 2.0)
50
50
  quantile (0.2.1)
51
51
  rack (2.2.4)
52
- rack-protection (2.2.0)
52
+ rack-protection (2.2.2)
53
53
  rack
54
54
  rainbow (3.0.0)
55
55
  redis (4.4.0)
@@ -87,12 +87,12 @@ GEM
87
87
  connection_pool (>= 2.2.2)
88
88
  rack (~> 2.0)
89
89
  redis (>= 4.2.0)
90
- sinatra (2.2.0)
91
- mustermann (~> 1.0)
90
+ sinatra (2.2.2)
91
+ mustermann (~> 2.0)
92
92
  rack (~> 2.2)
93
- rack-protection (= 2.2.0)
93
+ rack-protection (= 2.2.2)
94
94
  tilt (~> 2.0)
95
- tilt (2.0.10)
95
+ tilt (2.0.11)
96
96
  unicode-display_width (1.7.0)
97
97
  webrick (1.7.0)
98
98
 
data/gitlab-exporter.gemspec CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
23
23
  s.add_runtime_dependency "connection_pool", "2.2.5"
24
24
  s.add_runtime_dependency "faraday", "~> 1.8.0"
25
25
  s.add_runtime_dependency "pg", "1.2.3"
26
- s.add_runtime_dependency "puma", "5.6.2"
26
+ s.add_runtime_dependency "puma", "5.6.5"
27
27
  s.add_runtime_dependency "quantile", "0.2.1"
28
28
  s.add_runtime_dependency "redis", "4.4.0"
29
29
  s.add_runtime_dependency "redis-namespace", "1.6.0"
data/lib/gitlab_exporter/database/row_count.rb CHANGED
@@ -136,7 +136,7 @@ module GitLab
136
136
  select: :container_repositories,
137
137
  where: <<~SQL
138
138
  migration_state <> 'import_done'
139
- AND created_at < '2022-01-23 00:00:00'
139
+ AND created_at < '2022-08-17 00:00:00'
140
140
  SQL
141
141
  },
142
142
  container_repositories_pre_importing: {
@@ -174,7 +174,7 @@ module GitLab
174
174
  select: :container_repositories,
175
175
  where: <<~SQL
176
176
  migration_state <> 'import_done'
177
- AND created_at < '2022-01-23 00:00:00'
177
+ AND created_at < '2022-08-17 00:00:00'
178
178
  AND (migration_plan IN ('free', 'early_adopter')
179
179
  OR migration_plan IS NULL)
180
180
  SQL
@@ -182,7 +182,7 @@ module GitLab
182
182
  container_repositories_import_done_free: {
183
183
  select: :container_repositories,
184
184
  where: <<~SQL
185
- (migration_state = 'import_done' OR created_at >= '2022-01-23 00:00:00')
185
+ (migration_state = 'import_done' OR created_at >= '2022-08-17 00:00:00')
186
186
  AND (migration_plan IN ('free', 'early_adopter')
187
187
  OR migration_plan IS NULL)
188
188
  SQL
data/lib/gitlab_exporter/rack_vulndb_255039_patch.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ if Gem.loaded_specs["rack"].version >= Gem::Version.new("3.0.0")
4
+ fail <<~ERR
5
+ This patch is unnecessary in Rack versions 3.0.0 or newer.
6
+ Please remove this file and the associated spec.
7
+
8
+ See https://github.com/rack/rack/blob/main/CHANGELOG.md#security (issue #1733)
9
+ ERR
10
+ end
11
+
12
+ # Patches a cache poisoning attack vector in Rack by not allowing semicolons
13
+ # to delimit query parameters.
14
+ # See https://github.com/rack/rack/issues/1732.
15
+ #
16
+ # Solution is taken from the same issue.
17
+ #
18
+ # The actual patch is due for release in Rack 3.0.0.
19
+ module Rack
20
+ class Request # rubocop:disable Style/Documentation
21
+ Helpers.module_eval do
22
+ # rubocop: disable Naming/MethodName
23
+ def GET
24
+ if get_header(RACK_REQUEST_QUERY_STRING) == query_string
25
+ get_header(RACK_REQUEST_QUERY_HASH)
26
+ else
27
+ query_hash = parse_query(query_string, "&") # only allow ampersand here
28
+ set_header(RACK_REQUEST_QUERY_STRING, query_string)
29
+ set_header(RACK_REQUEST_QUERY_HASH, query_hash)
30
+ end
31
+ end
32
+ # rubocop: enable Naming/MethodName
33
+ end
34
+ end
35
+ end
data/lib/gitlab_exporter/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module GitLab
2
2
  module Exporter
3
- VERSION = "11.17.1".freeze
3
+ VERSION = "11.18.2".freeze
4
4
  end
5
5
  end
data/lib/gitlab_exporter/web_exporter.rb CHANGED
@@ -2,6 +2,7 @@ require "sinatra/base"
2
2
  require "English"
3
3
  require "cgi"
4
4
 
5
+ require_relative "rack_vulndb_255039_patch"
5
6
  require_relative "tls_helper"
6
7
 
7
8
  module GitLab
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-exporter
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.17.1
4
+ version: 11.18.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pablo Carranza
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - '='
60
60
  - !ruby/object:Gem::Version
61
- version: 5.6.2
61
+ version: 5.6.5
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - '='
67
67
  - !ruby/object:Gem::Version
68
- version: 5.6.2
68
+ version: 5.6.5
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: quantile
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -202,6 +202,7 @@ files:
202
202
  - lib/gitlab_exporter/prober.rb
203
203
  - lib/gitlab_exporter/process.rb
204
204
  - lib/gitlab_exporter/prometheus.rb
205
+ - lib/gitlab_exporter/rack_vulndb_255039_patch.rb
205
206
  - lib/gitlab_exporter/ruby.rb
206
207
  - lib/gitlab_exporter/sidekiq.rb
207
208
  - lib/gitlab_exporter/tls_helper.rb