GitLab

Use a path for the related merge requests endpoint

Closes #61280

See merge request gitlab-org/gitlab-ce!28171

Use source ref in pipeline webhook

Closes #61553

See merge request gitlab-org/gitlab-ce!28772

(cherry picked from commit 2714f85c)

7e05f3b7 Use source ref for pipeline webhook

Fix height of input groups

Closes #61304, #61303, #59254, and #60778

See merge request gitlab-org/gitlab-ce!28495

(cherry picked from commit 52758b92)

360646ea Fix height of input groups

API: Fix recursive flag not working with Rugged get_tree_entries flag

Closes #61979

See merge request gitlab-org/gitlab-ce!28494

(cherry picked from commit d951f047)

c1827f1c API: Fix recursive flag not working with Rugged get_tree_entries flag

Fix project visibility level validation

Closes #59379

See merge request gitlab-org/gitlab-ce!28305

(cherry picked from commit 99637084)

b5540112 Fix project visibility level validation

Fix uploading of LFS tracked file through UI

Closes #61203

See merge request gitlab-org/gitlab-ce!28052

(cherry picked from commit 4d2d8124)

3f192e8a Fix Lfs::FileTransformer to work with file objects
48fcdf1f Add changelog entry

Allow a member to have an access level equal to parent group

Closes gitlab-ee#11323

See merge request gitlab-org/gitlab-ce!27913

(cherry picked from commit 2b3b0bb1)

32ddc3fe Allow a member to have an access level equal to parent group

[ci skip]

First reported:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/60143

When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.

Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.

Fix milestone titles being leaked using search API
when users cannot read milestones

Prevents refspec as branch name, which would bypass branch protection
when used in conjunction with rebase.

HEAD seems to be a special case with lots of occurrence,
so it is considered valid for now.

Another special case is `refs/head/*`, which can be imported.

This upgrades Gitaly to 1.34.2 for 11-10-stable.

[ci skip]

Fix pipelines for merge requests does not show pipeline page when source branch   is removed

Closes #60432

See merge request gitlab-org/gitlab-ce!27803

(cherry picked from commit a2543ee2)

96b28d83 Fix ref_text of merge request pipelines

`on_stop` is not automatically triggered with pipelines for merge requests

Closes #60885

See merge request gitlab-org/gitlab-ce!27618

(cherry picked from commit 2432a540)

daa8f784 Fix environment automatic on_stop trigger

[ci skip]

Make `CI_COMMIT_REF_NAME` and `SLUG` variable idempotent

Closes #60822

See merge request gitlab-org/gitlab-ce!27663

Fix slow performance with compiling HAML templates

Closes gitlab-ee#11198

See merge request gitlab-org/gitlab-ce!27782

(cherry picked from commit fe45f544)

b02458ef Fix slow performance with compiling HAML templates
fad99d93 Add Rubocop rule to ban include ActionView::Context

Prevent concurrent execution of PipelineScheduleWorker

Closes gitlab-com/gl-infra/production#805

See merge request gitlab-org/gitlab-ce!27781

(cherry picked from commit ca8e5ade)

28f78540 Prevent concurrent execution of PipelineScheduleWorker

Prevent text selection when dragging in issue boards

Closes #59378

See merge request gitlab-org/gitlab-ce!27724

(cherry picked from commit fd05b2c9)

21116346 Add vendor prefixes for user-select

Resolve "Deployment jobs broken as of 11.10.0"

Closes #60821

See merge request gitlab-org/gitlab-ce!27687

(cherry picked from commit 6885419a)

825d7596 Fix deployments for Kubernetes service templates

Use wiki partial in search results

Closes #60906

See merge request gitlab-org/gitlab-ce!27634

(cherry picked from commit f04f6909)

d60d50d6 Use wiki partial in search results

Fix bug when project export to remote url fails

Closes #60827

See merge request gitlab-org/gitlab-ce!27614

(cherry picked from commit 90ddfda6)

aa0345a4 Fix error info retrieval on web project export

Resolve "MR Popover is not attached in system notes"

Closes #60855

See merge request gitlab-org/gitlab-ce!27589

(cherry picked from commit 55767af4)

41ff0d1e Init MR Popovers onmount of system note

Fix Metrics environments dropdown

Closes #60687

See merge request gitlab-org/gitlab-ce!27586

(cherry picked from commit 0f863c68)

e4d1f5d3 Fix Metrics environments dropdown

Resolve "500 error on save of general pipeline settings timeout"

Closes gitlab-ee#11281

See merge request gitlab-org/gitlab-ce!27416

(cherry picked from commit 23e5d9ed)

163730f0 Redirect to settings page on invalid update
ef67a54a Add CHANGELOG entry

Resolve "Merge Request Popover is not working on the To Do page"

Closes #60540

See merge request gitlab-org/gitlab-ce!27382

(cherry picked from commit 6015b521)

5e38e42b Make sure to allow project information data tags on GFM
18885d50 Do not show MR Popover if all necessary data is not present

[ci skip]

Refactor api events class to use external helper

Move specs from old class

Add changelog and magic string

Refactor events class to be more explicit

Remove blank line