Merge branch '2802-security-add-public-internal-groups-as-members-to-your-project-idor' into 'master'

Add public/internal groups as members to your Project(IDOR)

See merge request gitlab/gitlabhq!2898

Block local URLs for Kubernetes integration

See merge request gitlab/gitlabhq!2901

Validate session key when authorizing with GCP to create a cluster

Closes #2805

See merge request gitlab/gitlabhq!2902

Check snippet attached file to be moved is within designated directory

Closes #2806

See merge request gitlab/gitlabhq!2903

Fix blind SSRF in Prometheus Integration

See merge request gitlab/gitlabhq!2907

Check validity before querying so that if the dns entry for the api_url
has been changed to something invalid after the model was saved and
checked for validity, it will not query. This is to solve a toctou
(time of check to time of use) issue.

[master] Remove link after issue move when no permissions

See merge request gitlab/gitlabhq!2921

Stop linking to unrecognized package sources

See merge request gitlab/gitlabhq!2933

Fix git clone revealing private repo's presence

See merge request gitlab/gitlabhq!2937

Arbitrary file read via MergeRequestDiff

Closes #2814

See merge request gitlab/gitlabhq!2947

Limit number of characters allowed in mermaidjs

See merge request gitlab/gitlabhq!2964

[master] Prevent disclosing project milestone titles

Closes #2794

See merge request gitlab/gitlabhq!2965

Filter impersonated sessions from active sessions and remove ability to revoke session

See merge request gitlab/gitlabhq!2968

Ensure request to link GroupSAML acount was GitLab initiated

See merge request gitlab/gitlabhq!2976

[ci skip]

Session ID is used as a parameter for the revoke session endpoint but it
should never be included in the HTML as an attacker could obtain it via
XSS.

Persist source sha and target sha for merge pipelines

See merge request gitlab-org/gitlab-ce!25417

Quarantine failing push_mirroring_over_http_spec

See merge request gitlab-org/gitlab-ce!25590

source_sha and target_sha are used for merge request pipelines

Added permissions section to issue template [CE]

See merge request gitlab-org/gitlab-ce!25576

Update operations settings breadcrumb trail

Closes #56387

See merge request gitlab-org/gitlab-ce!25539

Elaborate on POSTGRES_VERSION Auto DevOps setting

See merge request gitlab-org/gitlab-ce!25579

Add documentation on upgrading GitLab HA nodes

Closes #58121

See merge request gitlab-org/gitlab-ce!25574

API: Promote project milestone to a group milestone

Closes #53861

See merge request gitlab-org/gitlab-ce!25203

Added: Specs for the API action

As mentioned in
https://gitlab.com/gitlab-org/gitlab-ce/issues/58121#note_145299901, it
wasn't obvious that upgrading an GitLab HA cluster required special
care. Link to the Omnibus documentation for upgrade instructions.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58121

Remove N+1 query for tags in /admin/runners page

See merge request gitlab-org/gitlab-ce!25572

As discussed in https://github.com/mbleigh/acts-as-taggable-on/issues/91,
we can avoid N+1 queries if we use `tags` instead of `tag_list`.

Seen while reviewing
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/19740.

update persona links issue template

See merge request gitlab-org/gitlab-ce!25560

Add name_without_type to environments.json

See merge request gitlab-org/gitlab-ce!25492

It's needed to show shorter names in environments "folders"

Revert "Merge branch '56726-fix-n+1-in-issues-and-merge-requests-api' into 'master'"

See merge request gitlab-org/gitlab-ce!25570

Fix ETag caching not being used for AJAX requests

Closes #57905

See merge request gitlab-org/gitlab-ce!25400