Lucas Di Pentima [Thu, 30 Apr 2020 18:37:27 +0000 (15:37 -0300)]
Fixes documentation quotation usage. No issue #
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Tom Clegg [Wed, 29 Apr 2020 21:09:19 +0000 (17:09 -0400)]
Merge branch '16343-create-cr-with-logincluster-token'
fixes #16343
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Ward Vandewege [Mon, 27 Apr 2020 19:58:34 +0000 (15:58 -0400)]
Updated Arvados on Kubernetes documentation.
No issue #
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Peter Amstutz [Wed, 29 Apr 2020 17:12:10 +0000 (13:12 -0400)]
Merge branch '16263-fed-test-on-jenkins' refs #16263
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Tue, 28 Apr 2020 20:44:30 +0000 (16:44 -0400)]
16366: "InternalURLs" and "AccessViaHosts" are consistent in install
refs #16366
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Fri, 24 Apr 2020 21:24:33 +0000 (17:24 -0400)]
16263: Ensure arvbox in $PATH
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Fri, 24 Apr 2020 19:13:36 +0000 (15:13 -0400)]
16263: jenkin script to run whole fed-migrate test
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Fri, 24 Apr 2020 15:52:24 +0000 (11:52 -0400)]
16263: make the checker happy
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Fri, 24 Apr 2020 15:25:58 +0000 (11:25 -0400)]
16263: Fed tests can set arvbox mode (dev or localdemo)
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Fri, 24 Apr 2020 14:49:59 +0000 (10:49 -0400)]
16364: Fix arvbox websockets demo build
refs #16364
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Fri, 24 Apr 2020 13:52:51 +0000 (09:52 -0400)]
16364: Fix arvbox websockets startup
Also make controller run as root to migrate to PAM
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Lucas Di Pentima [Thu, 23 Apr 2020 01:37:29 +0000 (22:37 -0300)]
Merge branch '16356-arvboot-health-externalurl'
Closes #16356
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Wed, 22 Apr 2020 21:25:06 +0000 (18:25 -0300)]
16356: Adds missing Health service section.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Wed, 22 Apr 2020 21:09:43 +0000 (18:09 -0300)]
16356: Merge branch 'master' into 16356-arvboot-health-externalurl
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Wed, 22 Apr 2020 21:09:24 +0000 (18:09 -0300)]
16356: Makes health aggregator accessible from the outside on arvados boot.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Tom Clegg [Wed, 22 Apr 2020 20:50:06 +0000 (16:50 -0400)]
16343: Fix handling of local CR creation when LoginCluster is used.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 22 Apr 2020 20:33:27 +0000 (16:33 -0400)]
16343: Test container request creation with LoginCluster enabled.
Reveals bug when cluster does not list itself as a remote.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 22 Apr 2020 20:31:06 +0000 (16:31 -0400)]
16343: Add debug logs in token checking code.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Ward Vandewege [Wed, 22 Apr 2020 01:34:47 +0000 (21:34 -0400)]
Merge branch '16328-keep-proxy-uses-config.yaml-to-find-keepstores'
closes #16328
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Ward Vandewege [Wed, 22 Apr 2020 01:33:48 +0000 (21:33 -0400)]
16328: Merge branch 'master' into 16328-keep-proxy-uses-config.yaml-to-find-keepstores
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Ward Vandewege [Mon, 13 Apr 2020 21:57:03 +0000 (17:57 -0400)]
16328: If config.yml is available, use the keepstores defined there instead of
the legacy autodiscover mechanism via the API server.
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Tom Clegg [Tue, 21 Apr 2020 18:34:18 +0000 (14:34 -0400)]
Merge branch '16048-reload-config'
closes #16048
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Lucas Di Pentima [Tue, 21 Apr 2020 17:58:24 +0000 (14:58 -0300)]
Merge branch '16341-rack-security-upgrades'
Closes #16341
Lucas Di Pentima [Tue, 21 Apr 2020 16:55:10 +0000 (13:55 -0300)]
16341: Upgrades rack on API & Workbench.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Mon, 20 Apr 2020 16:46:51 +0000 (13:46 -0300)]
Merge branch 'dantetwc-master'. Closes #16340
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Dante Tsang [Mon, 20 Apr 2020 15:20:40 +0000 (23:20 +0800)]
Arvados-DCO-1.1-Signed-off-by: Dante Tsang <dante@dantetsang.com>
Updated AUTHORS file
Dante Tsang [Mon, 20 Apr 2020 10:23:56 +0000 (18:23 +0800)]
- Fixed FetchAll method for Container queue in order to make use of preemptible instance
Lucas Di Pentima [Fri, 17 Apr 2020 20:01:40 +0000 (17:01 -0300)]
Merge branch '16029-arvboot-listenhost-ssl-altname'
Refs #16029
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Fri, 17 Apr 2020 14:52:59 +0000 (11:52 -0300)]
16029: Creates SSL certificate with -listen-host as alternate name.
This allows to run arvados boot on a docker container and access it
from the outside without the browser complaining about invalid certs.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Tom Clegg [Thu, 16 Apr 2020 23:52:47 +0000 (19:52 -0400)]
Add example of scripting arvados-server boot.
No issue #
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Thu, 16 Apr 2020 19:40:28 +0000 (15:40 -0400)]
Remove "template=template0" from db connection params.
It's not a valid connection param. Only pass it to Rails in test mode
as a pseudo connection param.
No issue #
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Ward Vandewege [Mon, 13 Apr 2020 23:23:48 +0000 (19:23 -0400)]
Fix typo in error message.
No issue #
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Lucas Di Pentima [Mon, 13 Apr 2020 18:45:04 +0000 (15:45 -0300)]
Merge branch '16313-minimum-container-memory-limit'
Closes #16313
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Peter Amstutz [Mon, 13 Apr 2020 18:38:15 +0000 (14:38 -0400)]
Bump mithril for advisory https://npmjs.com/advisories/1094
no issue #
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Lucas Di Pentima [Mon, 13 Apr 2020 18:34:12 +0000 (15:34 -0300)]
16313: Updates minimum requestd ram on docker containers from 4 to 16 MB.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Peter Amstutz [Mon, 13 Apr 2020 18:00:32 +0000 (14:00 -0400)]
Pin jssha to 2.4.2
no issue #
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Mon, 13 Apr 2020 14:42:47 +0000 (10:42 -0400)]
Merge branch '16263-logincluster-user-list-fix' refs #16263
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Mon, 13 Apr 2020 14:25:11 +0000 (10:25 -0400)]
16263: Add test for BypassFederation
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Tom Clegg [Fri, 10 Apr 2020 19:44:14 +0000 (15:44 -0400)]
16048: arvados-server boot: restart everything when config changes.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Ward Vandewege [Fri, 10 Apr 2020 12:56:56 +0000 (08:56 -0400)]
Fix tests.
refs #16326
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Ward Vandewege [Thu, 9 Apr 2020 22:29:13 +0000 (18:29 -0400)]
Merge branch '16326-doc-and-keepstore-update'
refs #16326
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Ward Vandewege [Thu, 9 Apr 2020 21:53:31 +0000 (17:53 -0400)]
documentation: update descriptions for MaxKeepBlobBuffers and MaxConcurrentRequests
keepstore: MaxConcurrentRequests set to zero should mean no limit
refs #16326
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@jhvc.com>
Tom Clegg [Thu, 9 Apr 2020 20:58:36 +0000 (16:58 -0400)]
Warn if MaxKeepBlobBuffers > MaxConcurrentRequests.
No issue #
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 8 Apr 2020 14:11:23 +0000 (10:11 -0400)]
Merge branch '16212-pam-login'
refs #16212
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 7 Apr 2020 21:26:46 +0000 (17:26 -0400)]
16212: Populate all api_client_auth fields.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 7 Apr 2020 19:25:16 +0000 (15:25 -0400)]
Merge branch '16053-install-deps'
refs #16053
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 7 Apr 2020 14:32:48 +0000 (10:32 -0400)]
16053: Avoid using host's tmp/cache dir in railsapi.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Mon, 6 Apr 2020 19:54:34 +0000 (15:54 -0400)]
Merge branch '16217-ws-metrics'
refs #16217
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Lucas Di Pentima [Mon, 6 Apr 2020 14:01:18 +0000 (11:01 -0300)]
16263: Pulls from official git repo when running federation tests.
This is helpful to ask for specific branches that aren't published on github.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Tom Clegg [Thu, 2 Apr 2020 15:33:46 +0000 (11:33 -0400)]
Merge branch '16270-instance-type'
fixes #16270
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Peter Amstutz [Thu, 2 Apr 2020 14:52:44 +0000 (10:52 -0400)]
16263: User migration test also checks federated user behavior
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Tom Clegg [Wed, 1 Apr 2020 20:44:02 +0000 (16:44 -0400)]
16270: Fill in missing scratch fields on InstanceType entries.
Previously they were being filled in correctly when written as an
array in the config file, but not when written as a map.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 1 Apr 2020 17:42:43 +0000 (13:42 -0400)]
16217: Restore http.Hijacker capability to wrapped ResponseWriter.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 1 Apr 2020 17:42:08 +0000 (13:42 -0400)]
16217: Fix test (satisfy additional handler interface).
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 1 Apr 2020 15:59:06 +0000 (11:59 -0400)]
16217: Update startup scripts to run "arvados-server ws".
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 1 Apr 2020 15:50:03 +0000 (11:50 -0400)]
16212: Return error for users/authenticate endpoint in SSO mode.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Wed, 1 Apr 2020 15:49:16 +0000 (11:49 -0400)]
16212: Don't forward users/authenticate to Rails in legacy mode.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Peter Amstutz [Wed, 1 Apr 2020 01:03:42 +0000 (21:03 -0400)]
16263: Tweak federation tests, use CWL 1.1
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Tue, 31 Mar 2020 21:42:03 +0000 (17:42 -0400)]
16263: Add bypass_federation test
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Tue, 31 Mar 2020 21:16:57 +0000 (17:16 -0400)]
16263: Fix no_federation -> bypass_federation in boolParms
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Tue, 31 Mar 2020 21:12:31 +0000 (17:12 -0400)]
16263: Fix only_admin_can_bypass_federation
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Tom Clegg [Tue, 31 Mar 2020 20:55:16 +0000 (16:55 -0400)]
16217: Update boot command to run ws via arvados-server.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 20:51:35 +0000 (16:51 -0400)]
16217: Merge branch 'master'
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Peter Amstutz [Tue, 31 Mar 2020 20:45:49 +0000 (16:45 -0400)]
16263: Missed rename
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Tue, 31 Mar 2020 20:33:27 +0000 (16:33 -0400)]
16263: Rename no_federation -> bypass_federation
Enforce if bypass_federation is true that user is admin.
Update API revision and make federation migrate check for it.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Tue, 31 Mar 2020 18:42:46 +0000 (14:42 -0400)]
16263: Add no_federation to user update
We might agree on a different API but try this and see if it helps
pass the test.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Tom Clegg [Tue, 31 Mar 2020 17:52:23 +0000 (13:52 -0400)]
16053: Merge branch 'master'
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 17:51:31 +0000 (13:51 -0400)]
16053: Error out on unimplemented install in production mode.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 17:11:17 +0000 (13:11 -0400)]
16212: Merge branch 'master'
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 17:10:06 +0000 (13:10 -0400)]
16212: Upate generated default config.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 17:08:32 +0000 (13:08 -0400)]
16212: Fix propagation of logout redirect target.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 15:27:01 +0000 (11:27 -0400)]
16212: Add clues/details to authentication error messages.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 15:26:01 +0000 (11:26 -0400)]
16212: Make test timeout more predictable by pulling image first.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Tue, 31 Mar 2020 14:32:17 +0000 (10:32 -0400)]
16212: Ensure added user doesn't prevent subsequent database reset.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Peter Amstutz [Tue, 31 Mar 2020 02:30:10 +0000 (22:30 -0400)]
16263: local_user_list -> no_federation in boolParams
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Tue, 31 Mar 2020 02:14:23 +0000 (22:14 -0400)]
16263: Generalize "local_user_list" flag to "no_federation"
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Tom Clegg [Mon, 30 Mar 2020 21:26:40 +0000 (17:26 -0400)]
16212: Disallow overriding HTTP method on GET requests.
Removes an opportunity to circumvent CORS restrictions.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Mon, 30 Mar 2020 21:26:22 +0000 (17:26 -0400)]
16212: Fix wrong API endpoint for users/batch_update.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Tom Clegg [Mon, 30 Mar 2020 21:26:13 +0000 (17:26 -0400)]
16212: Move user/pass authentication to its own endpoint.
Overloading the /login endpoint turns out to be too awkward: method,
CORS permissions, and response type are all different.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Peter Amstutz [Mon, 30 Mar 2020 21:12:17 +0000 (17:12 -0400)]
16263: UserMerge shouldn't be federated
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Mon, 30 Mar 2020 18:50:06 +0000 (14:50 -0400)]
16263: Fix omitempty placement
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Mon, 30 Mar 2020 18:43:36 +0000 (14:43 -0400)]
16263: Add omitempty to GetOptions
Don't try to migrate if activate_remote_user fails.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Tom Clegg [Mon, 30 Mar 2020 16:44:53 +0000 (12:44 -0400)]
16212: Allow X-Http-Method-Override header in CORS requests.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Peter Amstutz [Sat, 28 Mar 2020 01:36:09 +0000 (21:36 -0400)]
16263: Add local_user_list to boolParams
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Peter Amstutz [Fri, 27 Mar 2020 21:08:48 +0000 (17:08 -0400)]
16263: Add local_user_list flag to bypass LoginCluster behavior
Required by federation migrate script.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Lucas Di Pentima [Fri, 27 Mar 2020 15:04:07 +0000 (12:04 -0300)]
Merge branch '16265-security-updates'
Closes #16265
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Fri, 27 Mar 2020 14:21:36 +0000 (11:21 -0300)]
Merge branch '16266-wb1-xss-fix'
Closes #16266
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Tom Clegg [Thu, 26 Mar 2020 18:31:18 +0000 (14:31 -0400)]
16212: Return 401 or 500 instead of 200 on authentication failure.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Lucas Di Pentima [Thu, 26 Mar 2020 17:02:40 +0000 (14:02 -0300)]
16265: Merge branch 'dependabot/bundler/services/api/nokogiri-1.10.8' into 16265-security-updates
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Thu, 26 Mar 2020 17:02:24 +0000 (14:02 -0300)]
Merge branch '16265-security-updates' into dependabot/bundler/services/api/nokogiri-1.10.8
Lucas Di Pentima [Thu, 26 Mar 2020 16:59:58 +0000 (13:59 -0300)]
16265: Merge branch 'dependabot/bundler/apps/workbench/loofah-2.3.1' into 16265-security-updates
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Thu, 26 Mar 2020 16:59:19 +0000 (13:59 -0300)]
Merge branch '16265-security-updates' into dependabot/bundler/apps/workbench/loofah-2.3.1
Lucas Di Pentima [Thu, 26 Mar 2020 16:56:37 +0000 (13:56 -0300)]
16265: Merge branch 'dependabot/bundler/apps/workbench/nokogiri-1.10.8' into 16265-security-updates
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Thu, 26 Mar 2020 16:56:18 +0000 (13:56 -0300)]
Merge branch '16265-security-updates' into dependabot/bundler/apps/workbench/nokogiri-1.10.8
Lucas Di Pentima [Thu, 26 Mar 2020 16:54:26 +0000 (13:54 -0300)]
16265: Merge branch 'dependabot/bundler/apps/workbench/rake-13.0.1' into 16265-security-updates
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Thu, 26 Mar 2020 16:54:07 +0000 (13:54 -0300)]
Merge branch '16265-security-updates' into dependabot/bundler/apps/workbench/rake-13.0.1
Lucas Di Pentima [Thu, 26 Mar 2020 16:46:52 +0000 (13:46 -0300)]
16265: Merge branch 'dependabot/bundler/services/api/rake-13.0.1' into 16265-security-updates
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Thu, 26 Mar 2020 16:45:27 +0000 (13:45 -0300)]
Merge branch '16265-security-updates' into dependabot/bundler/services/api/rake-13.0.1
Lucas Di Pentima [Mon, 23 Mar 2020 21:07:56 +0000 (18:07 -0300)]
16266: Applies monkeypatch to fix CVE-2020-5267 on workbench1.
As adviced on https://github.com/advisories/GHSA-65cv-r6x7-79hv
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
Lucas Di Pentima [Thu, 26 Mar 2020 16:29:40 +0000 (13:29 -0300)]
16266: Adds tests exposing potential XSS vulnerability on escape_javascript()
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>