[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583

[master]Fixed ability to comment on and edit/delete comments on locked or confidential issues

See merge request gitlab/gitlabhq!2612

[master] XSS in markdown following unrecognized HTML element

Closes #2732

See merge request gitlab/gitlabhq!2599

[master] Fix XSS in mermaid diagrams

See merge request gitlab/gitlabhq!2597

[master] Don't expose confidential information in commit message list

See merge request gitlab/gitlabhq!2626

[master] Resolve: Promoting a milestone is missing an authorization check

See merge request gitlab/gitlabhq!2598

[master] Do not follow redirects in prometheus service

See merge request gitlab/gitlabhq!2617

[master] Stored XSS for Environments

Closes #2727

See merge request gitlab/gitlabhq!2594

[master] Fixed read private group names

See merge request gitlab/gitlabhq!2589

Resolve "Bug - Web Based IDE - The "Merge" Requests Selection displays Merge Requests from other projects"

Caches repository.path into Repository#readme_path

Or otherwise do not try to write repo config.

And run in intervals.

In https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/16027 it was
added to write `gitlab.fullpath` in the git config of all
repositories. But this only writes them on move or migrate to hashed
storage.

This adds a migration that writes the fullpath to all the
repositories.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/41776

If the EncryptColumns background migration runs in a sidekiq with a
stale view of the database schema, or when the purported destination
columns don't actually exist, data loss can result. Attempt to work
around these issues by reloading schema information before running
the migration, and raising errors if the model reports that any of its
source or destination columns are missing.

This suggests possibly related issues when the user types a title.

This uses GraphQL to allow the frontend to request the exact
data that is requires. We also get free caching through the Vue Apollo
plugin.

With this we can include the ability to import .graphql files in JS
and Vue files.
Also we now have the Vue test utils library to make testing
Vue components easier.

Closes #22071

Clears the import related columns and code from the Project
model over to the ProjectImportState model

To separate the different kinds of repositories we have at GitLab this
table will be renamed to pool_repositories. A project can, for now at
least, be member of none, or one of these. The table will get additional
columns in a later merge request where more logic is implemented for the
model.

Further included is a small refactor of logic around hashing ids for the
disk_path, mainly to ensure a previous implementation is reusable.

The disk_path for the pool_repositories table no longer has a NOT NULL
constraint, but given the hashing of the ID requires the DB to assign
the record an ID, an after_create hook is used to update the value.

A related MR is:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23143, adding
tables for 'normal' repositories and wiki_repositories.

We want to keep failed install pods around so that it is easier to debug
why a failure occured. With this change we also need to ensure that we
remove a previous pod with the same name before installing so that
re-install does not fail.

Another change here is that we no longer need to catch errors from
delete_pod! in CheckInstallationProgressService as we now catch the
ResourceNotFoundError in Helm::Api. The catch statement in
CheckInstallationProgressService was also probably too broad before and
should have been narrowed down simply to ResourceNotFoundError.

Improve the renderign of new and existing discussions
by reducing the number of watchers on each object & array.
Previously every discussion change would trigger an update for every
discussion component.

Also tidied up some components to get them closer to our docs.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/51506

It might happen you want to make the reference column have a unique
value, or you want to create partial indexes. So instead of only
accepting a `true` value, also accept a hash of options.

This approach caused many different problems as we tightened
the query execution timeout.

Addressable::URI interprets the `#` in a URI as a URI fragment
and does not escape it, but Rails has special helpers that treats
these as bona-fide characters that need to be escaped.

Closes https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23368

`Rugged::Reference.valid_name?` used in
`Gitlab::GitRefValidator.validate` fails on strings containing null
bytes because it uses `StringValueCStr()`. Per
https://silverhammermba.github.io/emberb/c/:

Ruby’s String kinda corresponds to C’s char*. The simplest macro is
StringValueCStr() which returns a null-terminated char* for a
String. The problem here is that a Ruby String might contain nulls - in
which case StringValueCStr() will raise an ArgumentError!

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54466

A feature spec to test this simple behavior takes about 2 minutes to run
in CI. Everything it's testing is conditionals and `href` attributes,
which can easily be done in a view spec that runs in about 8 seconds.