gitlab-exporter 11.17.1 → 11.18.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.gitlab-ci.yml +2 -1
  4. data/Gemfile.lock +9 -9
  5. data/gitlab-exporter.gemspec +1 -1
  6. data/lib/gitlab_exporter/database/row_count.rb +3 -3
  7. data/lib/gitlab_exporter/rack_vulndb_255039_patch.rb +35 -0
  8. data/lib/gitlab_exporter/version.rb +1 -1
  9. data/lib/gitlab_exporter/web_exporter.rb +1 -0
  10. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c6ccef6882054ab76a7ae363221460936a3183ed9055b3b0df775373eac4865f
4
- data.tar.gz: e940486956e6d8a32f6c10f696d7baebf27c16d7654e43446325a647e8281143
3
+ metadata.gz: 5bb85649c03d72472315136401ebb234618c2350a5e75e5f426619aed2c97286
4
+ data.tar.gz: f0f0f46b1cbfea992e7b171ed7a1877af7c232a5e0e1a549666d5086d8e72087
5
5
  SHA512:
6
- metadata.gz: d9c4f7f435a0460cf5e068ee1d2840500ef12f3324e779aebcd04fe2cd42e98df18602851d25caedf0c49a91956fd7cb9a62a635eb6269a80d7fdf4b93e2010d
7
- data.tar.gz: dc5e84fd8acd9568c924a5e51a753df3ad85b2efdea1b6e626fa8ed4e604fb5e05c040ec5700e3e85accf52734aa4cd34c37d3bd2549c35cb2e25808a337b04d
6
+ metadata.gz: ed4f5b1dfa84d713c4c2246fa3e77ca604fe49d616d11f0ddc6cf80d1a5d87bc79f62115e4abec9e7d18ef1f50b5f6a654a329d9477464c83f3884cbb06d960f
7
+ data.tar.gz: c10bb0f6452deff8a9f7615a8d7379d30e1c9cc428b50b8092f5f007db87b97ac12c6567b8db75f321a0c749686329931b6fa49ab2e1e63ae335b85341b5ee7b
data/.gitignore CHANGED
@@ -1,2 +1,3 @@
1
1
  .bundle
2
+ vendor
2
3
  config/gitlab-exporter*.yml
data/.gitlab-ci.yml CHANGED
@@ -25,7 +25,8 @@ default:
25
25
  .before_scripts: &before_scripts
26
26
  - git config --global user.email "bot@gitlab.com"
27
27
  - git config --global user.name "Bot User"
28
- - bundle install -j $(nproc) --path vendor
28
+ - bundle config set --local deployment true
29
+ - bundle install -j $(nproc)
29
30
 
30
31
  workflow:
31
32
  rules: &workflow_rules
data/Gemfile.lock CHANGED
@@ -1,11 +1,11 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-exporter (11.17.1)
4
+ gitlab-exporter (11.18.2)
5
5
  connection_pool (= 2.2.5)
6
6
  faraday (~> 1.8.0)
7
7
  pg (= 1.2.3)
8
- puma (= 5.6.2)
8
+ puma (= 5.6.5)
9
9
  quantile (= 0.2.1)
10
10
  redis (= 4.4.0)
11
11
  redis-namespace (= 1.6.0)
@@ -38,18 +38,18 @@ GEM
38
38
  faraday-patron (1.0.0)
39
39
  faraday-rack (1.0.0)
40
40
  multipart-post (2.2.3)
41
- mustermann (1.1.1)
41
+ mustermann (2.0.2)
42
42
  ruby2_keywords (~> 0.0.1)
43
43
  nio4r (2.5.8)
44
44
  parallel (1.20.1)
45
45
  parser (3.0.0.0)
46
46
  ast (~> 2.4.1)
47
47
  pg (1.2.3)
48
- puma (5.6.2)
48
+ puma (5.6.5)
49
49
  nio4r (~> 2.0)
50
50
  quantile (0.2.1)
51
51
  rack (2.2.4)
52
- rack-protection (2.2.0)
52
+ rack-protection (2.2.2)
53
53
  rack
54
54
  rainbow (3.0.0)
55
55
  redis (4.4.0)
@@ -87,12 +87,12 @@ GEM
87
87
  connection_pool (>= 2.2.2)
88
88
  rack (~> 2.0)
89
89
  redis (>= 4.2.0)
90
- sinatra (2.2.0)
91
- mustermann (~> 1.0)
90
+ sinatra (2.2.2)
91
+ mustermann (~> 2.0)
92
92
  rack (~> 2.2)
93
- rack-protection (= 2.2.0)
93
+ rack-protection (= 2.2.2)
94
94
  tilt (~> 2.0)
95
- tilt (2.0.10)
95
+ tilt (2.0.11)
96
96
  unicode-display_width (1.7.0)
97
97
  webrick (1.7.0)
98
98
 
data/gitlab-exporter.gemspec CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
23
23
  s.add_runtime_dependency "connection_pool", "2.2.5"
24
24
  s.add_runtime_dependency "faraday", "~> 1.8.0"
25
25
  s.add_runtime_dependency "pg", "1.2.3"
26
- s.add_runtime_dependency "puma", "5.6.2"
26
+ s.add_runtime_dependency "puma", "5.6.5"
27
27
  s.add_runtime_dependency "quantile", "0.2.1"
28
28
  s.add_runtime_dependency "redis", "4.4.0"
29
29
  s.add_runtime_dependency "redis-namespace", "1.6.0"
data/lib/gitlab_exporter/database/row_count.rb CHANGED
@@ -136,7 +136,7 @@ module GitLab
136
136
  select: :container_repositories,
137
137
  where: <<~SQL
138
138
  migration_state <> 'import_done'
139
- AND created_at < '2022-01-23 00:00:00'
139
+ AND created_at < '2022-08-17 00:00:00'
140
140
  SQL
141
141
  },
142
142
  container_repositories_pre_importing: {
@@ -174,7 +174,7 @@ module GitLab
174
174
  select: :container_repositories,
175
175
  where: <<~SQL
176
176
  migration_state <> 'import_done'
177
- AND created_at < '2022-01-23 00:00:00'
177
+ AND created_at < '2022-08-17 00:00:00'
178
178
  AND (migration_plan IN ('free', 'early_adopter')
179
179
  OR migration_plan IS NULL)
180
180
  SQL
@@ -182,7 +182,7 @@ module GitLab
182
182
  container_repositories_import_done_free: {
183
183
  select: :container_repositories,
184
184
  where: <<~SQL
185
- (migration_state = 'import_done' OR created_at >= '2022-01-23 00:00:00')
185
+ (migration_state = 'import_done' OR created_at >= '2022-08-17 00:00:00')
186
186
  AND (migration_plan IN ('free', 'early_adopter')
187
187
  OR migration_plan IS NULL)
188
188
  SQL
data/lib/gitlab_exporter/rack_vulndb_255039_patch.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ if Gem.loaded_specs["rack"].version >= Gem::Version.new("3.0.0")
4
+ fail <<~ERR
5
+ This patch is unnecessary in Rack versions 3.0.0 or newer.
6
+ Please remove this file and the associated spec.
7
+
8
+ See https://github.com/rack/rack/blob/main/CHANGELOG.md#security (issue #1733)
9
+ ERR
10
+ end
11
+
12
+ # Patches a cache poisoning attack vector in Rack by not allowing semicolons
13
+ # to delimit query parameters.
14
+ # See https://github.com/rack/rack/issues/1732.
15
+ #
16
+ # Solution is taken from the same issue.
17
+ #
18
+ # The actual patch is due for release in Rack 3.0.0.
19
+ module Rack
20
+ class Request # rubocop:disable Style/Documentation
21
+ Helpers.module_eval do
22
+ # rubocop: disable Naming/MethodName
23
+ def GET
24
+ if get_header(RACK_REQUEST_QUERY_STRING) == query_string
25
+ get_header(RACK_REQUEST_QUERY_HASH)
26
+ else
27
+ query_hash = parse_query(query_string, "&") # only allow ampersand here
28
+ set_header(RACK_REQUEST_QUERY_STRING, query_string)
29
+ set_header(RACK_REQUEST_QUERY_HASH, query_hash)
30
+ end
31
+ end
32
+ # rubocop: enable Naming/MethodName
33
+ end
34
+ end
35
+ end
data/lib/gitlab_exporter/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module GitLab
2
2
  module Exporter
3
- VERSION = "11.17.1".freeze
3
+ VERSION = "11.18.2".freeze
4
4
  end
5
5
  end
data/lib/gitlab_exporter/web_exporter.rb CHANGED
@@ -2,6 +2,7 @@ require "sinatra/base"
2
2
  require "English"
3
3
  require "cgi"
4
4
 
5
+ require_relative "rack_vulndb_255039_patch"
5
6
  require_relative "tls_helper"
6
7
 
7
8
  module GitLab
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-exporter
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.17.1
4
+ version: 11.18.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pablo Carranza
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - '='
60
60
  - !ruby/object:Gem::Version
61
- version: 5.6.2
61
+ version: 5.6.5
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - '='
67
67
  - !ruby/object:Gem::Version
68
- version: 5.6.2
68
+ version: 5.6.5
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: quantile
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -202,6 +202,7 @@ files:
202
202
  - lib/gitlab_exporter/prober.rb
203
203
  - lib/gitlab_exporter/process.rb
204
204
  - lib/gitlab_exporter/prometheus.rb
205
+ - lib/gitlab_exporter/rack_vulndb_255039_patch.rb
205
206
  - lib/gitlab_exporter/ruby.rb
206
207
  - lib/gitlab_exporter/sidekiq.rb
207
208
  - lib/gitlab_exporter/tls_helper.rb