Fix invalid visibility string comparison in project import

Closes #61692

See merge request gitlab-org/gitlab-ce!28612

(cherry picked from commit add00b69)

5c8cd42b Fix invalid visibility string comparison in project import

Docs: Update documentation with CI variable types usage example

See merge request gitlab-org/gitlab-ce!28515

(cherry picked from commit 0702d4b6)

706dfdb7 Add CI variable types usage example
7b9a52c0 Update screenshot to match latest CI variables UI
83cd1a76 Fix typo in CI variables docs
3e5b4ce8 Apply suggestion to doc/ci/variables/README.md
b7d820a4 Apply suggestion to doc/ci/variables/README.md
9d2bef55 Apply suggestion to doc/ci/variables/README.md
cb637cc9 Apply suggestion to doc/ci/variables/README.md
c13648a8 Apply suggestion to doc/ci/variables/README.md
121917cb Apply suggestion to doc/ci/variables/README.md
cf95e5ec Apply suggestion to doc/ci/variables/README.md
556d5ebf Apply suggestion to doc/ci/variables/README.md

Update Docs for Chat Notifications

Closes #61867

See merge request gitlab-org/gitlab-ce!28510

(cherry picked from commit f66aa212)

2770302d Update documentation for chat notifications on deployment events

Update Gitaly to 1.42.4

See merge request gitlab-org/gitlab-ce!29310

This patch of Gitaly includes a fix of the stderr logger writer to fix a
panic that occured during an edge case.

[ci skip]

Prepare 11.11.2 release

See merge request gitlab-org/gitlab-ce!28679

Fix project settings not being able to update

Closes #62708

See merge request gitlab-org/gitlab-ce!29097

Fix migration failure when groups are missing route

Closes #58714

See merge request gitlab-org/gitlab-ce!29022

(cherry picked from commit 0488c26e)

a52cbf6b Fix migration failure when groups are missing route

Stop two-step rebase from hanging when errors occur

See merge request gitlab-org/gitlab-ce!29060

This change makes sure Gitaly includes a fix to make rebase work again
properly.

Part of: https://gitlab.com/gitlab-org/gitlab-ce/issues/62353

Disable two_step_rebase feature flag

See merge request gitlab-org/gitlab-ce!28778

(cherry picked from commit 715d1057)

8104eef0 Disable two_step_rebase feature flag
dd1fa0c2 Apply suggestion to changelogs/unreleased/dm-disable-two-step-rebase.yml

Use source ref in pipeline webhook

Closes #61553

See merge request gitlab-org/gitlab-ce!28772

(cherry picked from commit 2714f85c)

7e05f3b7 Use source ref for pipeline webhook

Fix OmniAuth OAuth2Generic strategy not loading

Closes #62216

See merge request gitlab-org/gitlab-ce!28680

(cherry picked from commit 7b5cc7b4)

bf8f4c13 Fix OmniAuth OAuth2Generic strategy not loading

Fix display of promote to group label

Closes #62200

See merge request gitlab-org/gitlab-ce!28637

(cherry picked from commit 9c2d0d87)

f9a55f93 Fix display of promote to group label
52764ec5 Apply suggestion to spec/helpers/labels_helper_spec.rb
58dc21e7 Apply suggestion to spec/features/projects/labels/user_promotes_label_spec.rb

Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL

Closes #62179

See merge request gitlab-org/gitlab-ce!28607

(cherry picked from commit 2ae642f8)

31e181f8 Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL

Fix height of input groups

Closes #61304, #61303, #59254, and #60778

See merge request gitlab-org/gitlab-ce!28495

(cherry picked from commit 52758b92)

360646ea Fix height of input groups

[ci skip]

Add DNS rebinding protection settings

See merge request gitlab/gitlabhq!3130

Fix the overriding of EE import params

See merge request gitlab/gitlabhq!3129

Reject slug+uri concat if slug is deemed unsafe

See merge request gitlab/gitlabhq!3105

Persistent XSS in note objects

See merge request gitlab/gitlabhq!3127

Fix url redaction for issue links

See merge request gitlab/gitlabhq!3092

Disallow invalid MR branch name

See merge request gitlab/gitlabhq!3095

Hide issue title on unsubscribe for anonymous users

See merge request gitlab/gitlabhq!3099

Fix confidential issue label disclosure on milestone view

See merge request gitlab/gitlabhq!3102

Handling password on import by url page

See merge request gitlab/gitlabhq!3109

Resolve: Milestones leaked via search API

See merge request gitlab/gitlabhq!3110

Protect Gitlab::HTTP against DNS rebinding attack

See merge request gitlab/gitlabhq!3113

Update Gitaly to fix GetArchive vulnerability

See merge request gitlab/gitlabhq!3118

Prevent password sign in restriction bypass

See merge request gitlab/gitlabhq!3121

First reported:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/60143

When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.