[ci skip]

[ci skip]

[master] Fix requiring the rubyzip Gem

See merge request gitlab/gitlabhq!2876

In commit 6fa5fd85 the `require: false`
was removed to ensure the Gem was loaded at run time. Unfortunately, the
`require` necessary for the rubyzip Gem is "zip" and not "rubyzip". As a
result, Bundler would not require the Gem. This meant that we would
still run into constant errors when referring to `Zip::File`.

[master] Fix uninitialized constant with GitLab Pages deploy

See merge request gitlab/gitlabhq!2875

[ci skip]

pages:deploy step was failing with the following error:

```
unitialized constant SafeZip::Extract::Zip
```

Since license_finder already pulls in rubyzip, we can make it
a required gem. We also use the scope operator to make the reference to
Zip::File explicit.

[ci skip]

[ci skip]

Fix a JS race in a spec

Closes #56860

See merge request gitlab-org/gitlab-ce!24684

[master] Pipelines section is available to unauthorized users

See merge request gitlab/gitlabhq!2480

[master] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed"

See merge request gitlab/gitlabhq!2629

[master] Fix error disclosure on Project Import

See merge request gitlab/gitlabhq!2675

[master] Group Guests are no longer able to see merge requests

See merge request gitlab/gitlabhq!2694

[master] Fix Imported Project Retains Prior Visibility Setting

See merge request gitlab/gitlabhq!2734

[master] Fix contributed projects info is still visible even user enable private profile

See merge request gitlab/gitlabhq!2743

[master] Don't process MR refs for guests in the notes

See merge request gitlab/gitlabhq!2771

[master] Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs

See merge request gitlab/gitlabhq!2793

[master] Alias GitHub and Bitbucket OAuth2 callback URLs

See merge request gitlab/gitlabhq!2840

[master] Check access rights when creating/updating ProtectedRefs

See merge request gitlab/gitlabhq!2799

[master] Disable git v2 protocol temporarily

Closes #2780

See merge request gitlab/gitlabhq!2827

[master] Use sanitized user status message in user popover

Closes #2786

See merge request gitlab/gitlabhq!2848

[master] Verify that LFS upload requests are genuine

Closes #2767

See merge request gitlab/gitlabhq!2767

[master] Send notification only to authorized users when moving a project

Closes #2777

See merge request gitlab/gitlabhq!2791

[master] User email is visible in hook logs if they triggers tag push events

Closes #2775

See merge request gitlab/gitlabhq!2789

[master] Resolve "[Security] Stored XSS via KaTeX"

Closes #2760

See merge request gitlab/gitlabhq!2718

Extract pages with rubyzip

See merge request gitlab/gitlabhq!2758

[master] Stop showing ci for guest users on private pipeline

See merge request gitlab/gitlabhq!2830

[master] LFS object forgery in project import

Closes #2784

See merge request gitlab/gitlabhq!2719

[master] Do not expose trigger token when user should not see it

See merge request gitlab/gitlabhq!2735

[master] Fix DoS in reference extraction regexes

Closes #2766

See merge request gitlab/gitlabhq!2768

[master] Fix access to internal wiki when external wiki is enabled

Closes #2783

See merge request gitlab/gitlabhq!2769

[master] GitLab vulnerable to IDN homograph attacks and RTLO attacks

See merge request gitlab/gitlabhq!2770

[master] Use common error for not logged in users when creating issues

Closes #2772

See merge request gitlab/gitlabhq!2787

[master] Revoke award_emoji permissions for confidential issues

Closes #2776

See merge request gitlab/gitlabhq!2790

[master] Fix discussion replies permissions check

Closes #2779

See merge request gitlab/gitlabhq!2794