By default ssh-keygen uses an insecure password encryption method on the ssh key.
This change will add options to better protect the key.
See this page for more detail: https://latacora.singles/2018/08/03/the-default-openssh.html

Even if the user does not set a password, using the `-o` option needs to become
the new standard way to run `ssh-keygen`, since the default behavior is insecure.
Your help in establishing this option will be greatly appreciated and will help
improve overall security for your users and ssh users in general.

Originally submitted at
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6796.
Signed-off-by: Rémy Coutable <remy@rymai.me>

Originally submitted at
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6900.
Signed-off-by: Rémy Coutable <remy@rymai.me>

Move package-and-qa to the test phase

Closes #50718

See merge request gitlab-org/gitlab-ce!21400

Resolve "Consider reorganizing the QA scenarios"

Closes #49800

See merge request gitlab-org/gitlab-ce!20931

Resolve "Error getting performance bar results for <UUID>"

Closes #50801

See merge request gitlab-org/gitlab-ce!21411

This isn't interesting most of the time and is may go over other flash banners.

These don't have performance data saved as they use Grape.

Rails 5: replace removed silence_stream

See merge request gitlab-org/gitlab-ce!21387

[ci skip]

[ci skip]

Previously, this wasn't needed: text was normally set to the highlighted
contents anyway. Now, it is: we store different things in text and rich_text.

This caused https://gitlab.com/gitlab-com/production/issues/439.

[ci skip]

[ci skip]

[ci skip]

Closes https://gitlab.com/gitlab-com/migration/issues/766

When backend sends HTML it requires frontend to append it to the DOM causing
XSS vulnerabilities. By removing the `<br>` we avoid those vulnerabilities

Backport `Repository#keep_around` changes from EE to CE

See merge request gitlab-org/gitlab-ce!21290

[master] Resolve "Orphaned upload files are accessible via project exports"

Closes #2695

See merge request gitlab/gitlabhq!2453

[master] Fixed persistent XSS rendering/escaping of diff location lines

See merge request gitlab/gitlabhq!2463

Block link-local addresses in URLBlocker

See merge request gitlab/gitlabhq!2459

[master] Removes `<br>` sent from backend on tooltips in jobs

See merge request gitlab/gitlabhq!2455

[ci skip]

[ci skip]

[master] Include rich_text in diff cache keys

See merge request gitlab/gitlabhq!2481

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

Previously, this wasn't needed: text was normally set to the highlighted
contents anyway. Now, it is: we store different things in text and rich_text.

This caused https://gitlab.com/gitlab-com/production/issues/439.

Change large scale to production

See merge request gitlab-org/gitlab-ce!21331

Merge branch '50441-high-number-of-statement-timeouts-in-groupdestroyworker-due-to-sitestatistics' into 'master'

Resolve "High number of statement timeouts in GroupDestroyWorker due to SiteStatistics"

Closes #50441

See merge request gitlab-org/gitlab-ce!21366

Fix static analysis

See merge request gitlab-org/gitlab-ce!21402

Rails5: fix can't quote ActiveSupport::HashWithIndifferentAccess

See merge request gitlab-org/gitlab-ce!21397

Allow date parameters on Issues, Notes, and Discussions API for group owners

Closes #40059

See merge request gitlab-org/gitlab-ce!21342

The problem is this: when each phase starts, it checks if all jobs in earlier
phases are complete. package-and-qa is slow. As build is the first phase, if you
trigger package-and-qa before the prepare phase is finished, the entire test
phase will be blocked until package-and-qa completes, which isn't what we want.

But equally, if build came _after_ test, then package-and-qa couldn't be started
until the tests were finished. Putting it in the same stage as the tests means
we can have our cake and eat it.