This also changes BlocksUnsafeSerialization to allow serialization
if the `only` / `unsafe: true` options are given

Changelog: changed

In MR https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14863 we
changed various prepend/include/extend lines to use the new X_if_ee
methods for injecting EE modules. Unfortunately, we forgot to take care
of a variety of lines due to the use of inaccurate patterns to find
these lines.

This commit takes care of moving over the remaining lines, except for
any prepend lines in the ee/ directory as the changes are not needed
there (since this directory is only available in EE).

This backports changes made in
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9134.

This disables InjectEnterpriseEditionModule for all existing offenses.

The automatic merging code used `--strategy=ours`, which turned out to
be incorrect; instead we wanted `--strategy=recursive
--strategy-option=ours`. This small difference results in merging
throwing away _all_ EE changes in favour of CE changes, instead of only
doing this for conflicts.

This commit ensures that EE has all the appropriate changes. The diff
was generated by cherry picking all merge commits made since two days
ago, picking them with `--strategy=recursive --strategy-option=ours`.

In https://gitlab.com/gitlab-org/release/framework/issues/28 we found
that this method was changed a lot over the years: 43 times if our
calculations were correct. Looking at the method, it had quite a few
branches going on:

    def create_or_update_import_data(data: nil, credentials: nil)
      return if data.nil? && credentials.nil?

      project_import_data = import_data || build_import_data

      if data
        project_import_data.data ||= {}
        project_import_data.data = project_import_data.data.merge(data)
      end

      if credentials
        project_import_data.credentials ||= {}
        project_import_data.credentials =
          project_import_data.credentials.merge(credentials)
      end

      project_import_data
    end

If we turn the || and ||= operators into regular if statements, we can
see a bit more clearly that this method has quite a lot of branches in
it:

    def create_or_update_import_data(data: nil, credentials: nil)
      if data.nil? && credentials.nil?
        return
      else
        project_import_data =
          if import_data
            import_data
          else
            build_import_data
          end

        if data
          if project_import_data.data
            # nothing
          else
            project_import_data.data = {}
          end

          project_import_data.data =
            project_import_data.data.merge(data)
        end

        if credentials
          if project_import_data.credentials
            # nothing
          else
            project_import_data.credentials = {}
          end

          project_import_data.credentials =
            project_import_data.credentials.merge(credentials)
        end

        project_import_data
      end
    end

The number of if statements and branches here makes it easy to make
mistakes. To resolve this, we refactor this code in such a way that we
can get rid of all but the first `if data.nil? && credentials.nil?`
statement. We can do this by simply sending `to_h` to `nil` in the right
places, which removes the need for statements such as `if data`.

Since this data gets written to a database, in ProjectImportData we do
make sure to not write empty Hash values. This requires an `unless`
(which is really a `if !`), but the resulting code is still very easy to
read.

Partially addresses #47424.

Partially addresses #47424.

* A change in Ruby (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1)
requires passing in the exact required length for OpenSSL keys and IVs.

* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.

* Reading an invalid OpenSSL::PKey causes OpenSSL to throw OpenSSL::PKey::PKeyError
instead of ArgumentError (https://github.com/ruby/openssl/blob/master/History.md).

Fixes that make this work:

* A change in Ruby (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1)
requires passing in the exact required length for OpenSSL keys and IVs.

* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.

This cop has been renamed to ActiveRecordSerialize to match the way
"ActiveRecord" is usually written.

This cop has been renamed to ActiveRecordSerialize to match the way
"ActiveRecord" is usually written.

This Cop blacklists the use of ActiveRecord's "serialize" method, except
for cases where we already use this.

This reverts commit 3e991230.

# Conflicts:
#	app/models/project.rb

attr_encrypted (1.3.4 => 3.0.1) Changelog:
https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m
d

attr_encrypted 2.x included a vulnerability, so that major version is
skipped. 3.x requires that the algorithm and mode used by each
encrypted attribute is specified explicitly.

`nil` is no longer a valid value for the encrypted_value_iv field, so
it’s changed to a randomly generated string.

In 8278b763 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.

Fixes: #17382

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Signed-off-by: Rémy Coutable <remy@rymai.me>