yarn upgrade @vue/test-utils-vue3@npm:@vue/test-utils@^2.4.6
yarn add @vue/server-renderer@^3.5.13 --dev
yarn-deduplicate --strategy fewer yarn.lock
yarn

- Update Vue Test Utils 2 setup files
- Remove unnecessary transition stubs
- Fix or quarantine failing tests

This applies a patch that's the equivalent of
https://github.com/vuejs/core/pull/12654 to `@vue/compat`. As a result,
it fixes a few specs.

As the comment in the patch says, this patch can be removed once the fix
lands upstream and we update to a version that includes it.

- This upgrade allows us to remove the security patch from the main repo
- The main repo's test for `web_ide_assets_spec` still covers us
- https://gitlab.com/gitlab-org/gitlab-web-ide/-/merge_requests/401
- https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177628

yarn upgrade @vue/compat@^3.5.13 @vue/compiler-sfc@^3.5.13
yarn-deduplicate --strategy fewer yarn.lock
yarn

Upgrades the autosize library to 6.0.1.
This also adds a patch to fix a bug in webkit where if the browser is zoomed
out the page will scroll up slightly on each key stroke.
Updates the save draft on keydown event to be debounced to help with
some performance bottlenecks.

https://gitlab.com/gitlab-org/gitlab/-/issues/31082

This update fixes CVE-2024-54133. We are not vulnerable to it
at the moment but this prevents a regression in the future.

Changelog: security

Upgrades ESLint from v8 to v9.13.0. Among other things, this requires
monkey-patching the `@graphql-eslint/eslint-plugin` package which does
not support ESLint 9 in v3, and we can't upgrade to v4 just yet.

- Updates built-in GitLab Workflow Extension version
  from 5.4.0 to 5.10.0 See changes:
- https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/compare/v5.4.0...v5.10.0?from_project_id=5261717&straight=false
- Also adds message for disabled marketplace in enterprise users
- Also fixes E2E tests based on loading state changing

Changelog: changed

This reverts merge request !163597

- Updates built-in GitLab Workflow Extension version
  from 5.4.0 to 5.10.0 See changes:
- https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/compare/v5.4.0...v5.10.0?from_project_id=5261717&straight=false
- Also adds message for disabled marketplace in enterprise users

Changelog: changed

- https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157320

Changelog: fixed

- Reinstate changes in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161328
- Update oauth_domain_mismatch_error to check based on expected
  callback URL
- Update getOAuthConfig to take into account relative_url_root
  when building callbackUrl
- https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162889

- Underlying webview html files changed which
  caused a change to the security patch. These
  changes are not relevant since we're removing
  these files anyways.
- We need to remove the `startRemote` stuff since
  this has been removed in this version of gitlab/web-ide
- See [this epic][1]

[1]: https://gitlab.com/groups/gitlab-org/-/epics/14327

As docs pages get moved around or deleted, docs links that we display in
the product might become outdated without us noticing.
This adds an ESLint rule that ensures `helpPagePath` always points to
files and anchors that still exist.
In future iterations, we should add a similar rule to check usages of
the `HelpPageLink` Vue component, and a Rubocop rule for the backend
`help_page_path` helper.

- This will help us use workerIdleMemoryLimit
- https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150196#note_1873162716
- Update snapshots with `yarn jest -u`
- Patch jest-mock to fix issues introduced with
  [this change][1]. See also [this note][2].
- We have to unset prettierPath because jest29
  doesn't work with prettier 3. This should be fixed
  in jest30. See [this relevant issue][3].
- We have to fix nwsapi because there's a bug that
  fails on certain query selectors. See
  [this upstream issue][4].
- We have to fix problematic `expect.objectContaining(null)`
  references which now throws an error.
- We're running into some overflow issues with recursive
  objects in `toMatchObject`. We need to update
  these references to `toEqual`. This looks like a
  known [Jest issue][5].
- Run dedupe on yarn.lock

[1]: https://github.com/jestjs/jest/pull/13503
[2]: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151046#note_1986543058
[3]: https://jestjs.io/docs/configuration/#prettierpath-string
[4]: https://github.com/dperini/nwsapi/issues/114
[5]: https://github.com/jestjs/jest/issues/14734

Changelog: changed

Upgrades the gitlab-vscode-extension from v4.9.0 to v4.14.1

Changelog: changed

This reverts commit 0ca136e8, reversing
changes made to 243e40a5.

- See GitLab Workflow Extension CHANGELOG from v4.9.0 to v4.13.0
- https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/blob/main/CHANGELOG.md

Changelog: fix

Merge branch 'security-patch-web-ide-xss' into 'master'

See merge request gitlab-org/security/gitlab!4052

Changelog: security

Merge branch 'security-patch-web-ide-xss' into 'master'

See merge request gitlab-org/security/gitlab!4052

Changelog: security

Apparently we hit a very unlikely case that lead to our builds to be
unstable:

1. The `@vue/compiler` uses a small LRU cache with the latest 100 vue
   files it parsed.
2. It uses a `hash(filename + source + constant)` for the key of the
   cache. The hashing function has 2^32 different outcomes

With our code base we have a pure chance of a hash collision of 1.3 per
thousand. This collision happens with the two files at this commit:
850d6792

- app/assets/javascripts/work_items/components/work_item_state_badge.vue
- app/assets/javascripts/profile/components/user_achievements.vue

Now two more conditions needed to be fulfilled for it to become
problematic:

1. The two files needed to be parsed within a short period, otherwise
   the collision in the LRU cache would have been avoided. This explains
   why not every job was failing.
2. In order for the jobs to fail, the colliding files needed to use
   relative imports. If `work_item_state_badge.vue` accidentally loaded
   the content of `user_achievements.vue`, the relative import
   `./graphql/get_user_achievements.query.graphql` didn't exist. Vice
   versa if `user_achievements.vue` loaded the wrong contents, the
   relative import `../constants` didn't exist.

If neither of the colliding files would had relative imports, the
components might have been swapped silently, leading to potentially
undetected runtime errors.

We mitigate this issue by patching the hashing of the key to be:
`hash(a) + hash(b) + hash(c) + hash(d)` rather than `hash(a+b+c)`. This
decreases the likelyhood of collisions from `1.3 * 10^-3` to
`2.3 * 10^-9`, making it 570000 times less likely to hit a collision.

We probably should follow this up with an upstream contribution, so that
other large vue projects are not hit by this.

The updated version of the package actually abstracted things nicely,
but I don't think we should import `vue/compiler-sfc` given that we also
patch `@vue/compiler-sfc` ourselves.

Changelog: changed

This partially reverts merge request
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131712 which
upgraded vue-apollo. The upgrade of vue-apollo was causing GraphQL
subscriptions to automatically restart which is causing increased Puma
CPU saturation as well as increased log messages. We do keep a fix of
vue-apollo that allows using props directly in vue provide by adding
a patch.

Changelog: fixed

This fixes a warning from patch-package about an old patch version.

This is a follow up to
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132044.

* multiple minor fixes

* properly gather props/model from mixins
* mimic stub tag naming from @vue/test-utils v1
* replace function props with "[Function]"

* @vue/compat does not pass slots in $scopedSlots

Updates Rails to the latest version

This avoids a spurious warning from `patch-package` about an out of date
patch successfully applying to `@rails/ujs`.

It seems that
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124694 correctly
added a new patch for the new version 7.0.5-1, but did not delete the
patch for the old version, 7.0.5.

Updates Rails to the latest version

Changelog: other

Changelog: other