gitlab-exporter 11.19.0 → 12.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 386af9238448d41f015fd10a4ae29d4e6b42913078cb0d86cbb862909bc2b7e0
4
- data.tar.gz: 98e064fe309955646d3879528743528646b1bb57122a5237660b7be772cac359
3
+ metadata.gz: ca354fcfa5a8bde34e45a37610546ed70135c1a9208e92f2986c1811ddf9bf26
4
+ data.tar.gz: fc584b756b3032c31d758271d603df84104821be727b4fce50b23f7cf5488185
5
5
  SHA512:
6
- metadata.gz: 415c5e84efdc17ebd72e7bc870fba4bb0f0052992390737c8d6cc64e397185f92f4deb3ffd6809700ea308719ad00061cafd44bd7c30f224144b4a5eec0926df
7
- data.tar.gz: 740a3e32681f861ad5503b7605f2de60cef9a99d8fa64b2530c0aa5599462dce67fddbb1b4312fbd316881915d207d762e1d88215cbdf7f20d7cc7d20aa56897
6
+ metadata.gz: 4f199b0d85a71d607023bb39e2d16d8aec6fff0506ea151b5358c1ce374d34e0ae91ad1eb70079da22ca8ba726b3f4d758517623a00bfa5bef8b72e97b5c2f2d
7
+ data.tar.gz: 76bcce5399be29898662aa0cb067d1285bf41c1a2286380b835924aeac0b8d3577b874ad943f080c6a93076715e1e32a7172d28e8c06e7b929766faf561cd7d6
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-exporter (11.19.0)
4
+ gitlab-exporter (12.0.0)
5
5
  connection_pool (= 2.2.5)
6
6
  faraday (~> 1.8.0)
7
7
  pg (= 1.2.3)
@@ -125,9 +125,10 @@ module GitLab
125
125
  archived: {}
126
126
  }
127
127
  },
128
- groups: {
128
+ namespaces: {
129
129
  select: :namespaces,
130
130
  fields: {
131
+ type: {},
131
132
  visibility_level: {},
132
133
  root: { definition: "(parent_id IS NULL)" }
133
134
  }
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ if Gem.loaded_specs["rack"].version >= Gem::Version.new("3.0.0")
4
+ fail <<~ERR
5
+ This patch is unnecessary in Rack versions 3.0.0 or newer.
6
+ Please remove this file and the associated spec.
7
+
8
+ See https://github.com/rack/rack/blob/main/CHANGELOG.md#security (issue #1733)
9
+ ERR
10
+ end
11
+
12
+ # Patches a cache poisoning attack vector in Rack by not allowing semicolons
13
+ # to delimit query parameters.
14
+ # See https://github.com/rack/rack/issues/1732.
15
+ #
16
+ # Solution is taken from the same issue.
17
+ #
18
+ # The actual patch is due for release in Rack 3.0.0.
19
+ module Rack
20
+ class Request # rubocop:disable Style/Documentation
21
+ Helpers.module_eval do
22
+ # rubocop: disable Naming/MethodName
23
+ def GET
24
+ if get_header(RACK_REQUEST_QUERY_STRING) == query_string
25
+ get_header(RACK_REQUEST_QUERY_HASH)
26
+ else
27
+ query_hash = parse_query(query_string, "&") # only allow ampersand here
28
+ set_header(RACK_REQUEST_QUERY_STRING, query_string)
29
+ set_header(RACK_REQUEST_QUERY_HASH, query_hash)
30
+ end
31
+ end
32
+ # rubocop: enable Naming/MethodName
33
+ end
34
+ end
35
+ end
@@ -1,5 +1,5 @@
1
1
  module GitLab
2
2
  module Exporter
3
- VERSION = "11.19.0".freeze
3
+ VERSION = "12.0.0".freeze
4
4
  end
5
5
  end
@@ -2,6 +2,7 @@ require "sinatra/base"
2
2
  require "English"
3
3
  require "cgi"
4
4
 
5
+ require_relative "rack_vulndb_255039_patch"
5
6
  require_relative "tls_helper"
6
7
 
7
8
  module GitLab
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-exporter
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.19.0
4
+ version: 12.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pablo Carranza
@@ -202,6 +202,7 @@ files:
202
202
  - lib/gitlab_exporter/prober.rb
203
203
  - lib/gitlab_exporter/process.rb
204
204
  - lib/gitlab_exporter/prometheus.rb
205
+ - lib/gitlab_exporter/rack_vulndb_255039_patch.rb
205
206
  - lib/gitlab_exporter/ruby.rb
206
207
  - lib/gitlab_exporter/sidekiq.rb
207
208
  - lib/gitlab_exporter/tls_helper.rb