- Only maintainers of projects should be able to assign runners to them (gitlab-org/security/gitlab@c52abfffad2c06c2a49788e3db473f14923c3926), merge request (gitlab-org/security/gitlab!3234)
- Authorize access to vulnerabilitiesCountByDay resolver (gitlab-org/security/gitlab@8e78aecb9a6c248099a043f181de3c8f6d4417ce)
this can be solved on the file system layer below.
on my laptop with btrfs this requires no special effort: simply copying the files and renaming them suffices. nautilus (gnome file manager) uses copy on write, and coreutils "cp" also defaults to "reflink" these days.
- Only maintainers of projects should be able to assign runners to them (gitlab-org/security/gitlab@c52abfffad2c06c2a49788e3db473f14923c3926), merge request (gitlab-org/security/gitlab!3234)
- Authorize access to vulnerabilitiesCountByDay resolver (gitlab-org/security/gitlab@8e78aecb9a6c248099a043f181de3c8f6d4417ce)
and a bit of further digging shows the commit for the first issue mentioned above, adding a permission check: https://gitlab.com/gitlab-org/gitlab/-/commit/c52abfffad2c06...