Prevent claiming associated model IDs via import

On the import side, we should be careful not to use any IDs as part of the JSON file that could have been manipulated.

Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/20821


Things we already do (__before__ this fix):

1. Remove all primary keys
1. **Always** reassign some of the foreign keys, such as ALL project IDs and user IDs (so it would be difficult to impersonate or try to gain access to another project)
1. Ignore/reject attributes that do not exist in the model
1. If someone reassigns a foreign key `submodel_id`, and that object has another json as the submodel, the new submodel will reassign the `submodel_id` to the newly created submodel ID.

Things we should do:

1. Remove/nullify any other foreign keys that we don't reassign (checked this, and there aren't many, fortunately. In fact, I don't think much harm can be done at all - at the moment).

See merge request !1985

[ci skip]
Signed-off-by: Rémy Coutable <remy@rymai.me>

Fix broken repo errors in the UI

This should prevent repo errors (or 404s) in the UI, together with https://gitlab.com/gitlab-org/gitlab_git/merge_requests/124

The `exists?` cache is now expired if the repo gets broken. 

Related MR: https://gitlab.com/gitlab-org/gitlab_git/merge_requests/124

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/20501

See merge request !6491

Fix grammar and typos in Runners pages

_Originally opened at !1791 by @axil._

- - -

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !6547

Fixes long commit messages overflow viewport in file tree

## What does this MR do?
Fixes long commit messages breaking the table.
It adds back a max-width in `pixels` instead of `%`.

## Are there points in the code the reviewer needs to double check?
No.
## Why was this MR needed?
To fix the overflow of the commit message

## Screenshots (if relevant)
![max_width](/uploads/73af2ffbab29bf6e9bbd9287e9e142a0/max_width.png)

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

Fixes #22544

See merge request !6573

Fix double CHANGELOG header for 8.13

[ci skip]

See merge request !6593

Expose project share expiration_date field on API

closes #22382

See merge request !6484

Remove instances of HTML5 input type="color" due to inconsistent browser support

## What does this MR do?

`<input type="color" />` renders differently across browsers.  Reverting to `type="text"` where necessary.

## Screenshots (if relevant)

Safari (top) vs Chrome (bottom)
![Screen_Shot_2016-09-28_at_11.53.02_AM](/uploads/f967ed988320cbd2e4357cdfcfe7a813/Screen_Shot_2016-09-28_at_11.53.02_AM.png)

See merge request !6576

Upgrade Devise from 4.1.1 to 4.2.0.

This fixes an issue with Rails 5 and brings us up-to-date with the latest Devise release. It also deprecates `Devise::TestHelpers` in favor of `Devise::Test::ControllerHelpers`.

Changelog: https://github.com/plataformatec/devise/blob/v4.2.0/CHANGELOG.md#420---2016-07-01

Working toward #14286, as always.

See merge request !6461

Use a ConnectionPool for Rails.cache on Sidekiq servers

## What does this MR do?

On Sidekiq server we'll use a connection pool to connect to the redis store used for Rails cache. But now we're sure we're not modifying the configuration used on the lazy create Redis connection inside the connection pools. I've create a PR on [redis-activesupport](https://github.com/pacoguzman/redis-activesupport) too. @jacobvosmaer-gitlab make this easier updating the Gitlab::Redis class !6472

Closes #22364

See merge request !6468

Resolve "Resolved comments permanently hidden in Side-by-Side diff view"

## What does this MR do? / Why was this MR needed?

Ensures resolved discussions are made visible when clicking "toggle comments" on Side-by-Side view diff pages.

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

Closes #21535

See merge request !6575

Remove duplicate VersionInfo class

This was brought over during the CI merge and already exists at
`lib/gitlab/version_info.rb`.

See merge request !6586

Add '.well-known' to the list of reserved namespaces

See https://gitlab.com/gitlab-org/gitlab-ce/issues/22759

See merge request !6585

This was brought over during the CI merge and already exists at
`lib/gitlab/version_info.rb`.

Expose pipeline data in builds API

Exposes pipeline data in builds API, as suggested by #22367.
The fields exposed were 'id', 'status', 'ref', and 'sha'.

Closes #22367

See merge request !6502

See https://gitlab.com/gitlab-org/gitlab-ce/issues/22759

Remove Flog

This MR removes the flog gem and its associated rake task as we use the ABC Metrics Rubocop to accomplish the same thing. There's not really any reason to have it anymore.

The rest of this MR is kept for posterity and is no longer relevant.

-------

After a few months of flog/flay failing silently - and now a week of them failing loudly - I think it's safe to say we don't care enough about flog/flay for them to be worth keeping.

If you'd like to keep them around, speak now or forever hold your peace :)

See also #17858.

See merge request !6554

Update warn message for MySQL fix

ZD: https://gitlab.zendesk.com/agent/tickets/39529

The current warn message is ambiguous. We should mention MySQL.

See merge request !6582

add pipeline ref, sha, and status to the build API response

add tests of build API (pipeline data)

change API documentation for builds API

log change to builds API in CHANGELOG

CHANGELOG: add reference to pull request and contributor's name

Revert "Merge branch '18297-i-would-like-text-to-wrap-when-in-edit-mode-on-web-app' into 'master'"

## What does this MR do?

## Are there points in the code the reviewer needs to double check?

## Why was this MR needed?

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

See merge request !6583

This reverts merge request !6188

Merge branch '22352-cannot-install-gitlab-shell-on-ubuntu-server-with-no-previous-gitlab-install' into 'master'

Correct gitlab-shell installation instructions in docs

## Why was this MR needed?

With the introduction of repository storages validations it becomes necessary to add the flag `SKIP_STORAGE_VALIDATION` to the gitlab-shell install command, since that command will create the storage paths

## What are the relevant issue numbers?

Closes #22352

[ci skip]

See merge request !6579

With the introduction of repository storages validations it becomes
necessary to add the flag `SKIP_STORAGE_VALIDATION` to the gitlab-shell
install command, since that command will create the storage paths

Add Pipelines for Commit

## What does this MR do?
This adds a Pipelines for Commit.

I used existing view that we use to show pipelines. However, this is completely ugly with a lot of redundancy.

## Are there points in the code the reviewer needs to double check?

## Why was this MR needed?

## Screenshots (if relevant)
![Screen_Shot_2016-09-13_at_13.43.38](/uploads/0ac6e7d4825e32dba7ff7ab051da837c/Screen_Shot_2016-09-13_at_13.43.38.png)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?
Resolves https://gitlab.com/gitlab-org/gitlab-ce/issues/18937

See merge request !6322

Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called

## What does this MR do?

 Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present.

This was causing a lot of 401s, leading to 403s, as state in #22527

As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error.

Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. 

With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues.

## What are the relevant issue numbers?

Fixes #22527

cc @SeanPackham @jacobvosmaer-gitlab

See merge request !6551

Reset expiry time of token, if token is retrieved again before it expires.

Merge branch '22592-can-set-due-date-through-slash-commands-even-though-i-m-not-authorized-to' into 'master'

Fix permission for setting an issue's due date

## What does this MR do?

This merge request ensure the current user can `:admin_issue` in order to change the issue's `due_date`, in `BaseIssuableService` and in `SlashCommands::InterpretService`.

Closes #22592 

## Are there points in the code the reviewer needs to double check?

No.

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !6539

Fix typo `CSFR` -> `CSRF` in the OAuth2 doc



See merge request !6538

Added soft wrap option to editor

## What does this MR do?

Adds a `Soft wrap` button to the editor, when clicked, it wraps the text in the editor and changes to `No wrap`, then when clicked, it unwraps the text in the editor.

This will also detect files with no extension, `.txt` or `.md` and proactively set the soft wrap. **Unless**, you explicitly toggle the soft wrap, then it will stop checking the file path and will stay with the users explicit preference.

## Are there points in the code the reviewer needs to double check?

We should talk about the `.txt` and `.md` thing, [I'm not sure if its a good approach](https://gitlab.com/gitlab-org/gitlab-ce/issues/18297#note_14918218).

## Why was this MR needed?

## Screenshots (if relevant)

https://youtu.be/8LW5nQsraSM

#### No wrap

![Screen_Shot_2016-09-02_at_19.54.54](/uploads/97f2d1b2d415d03fe1b0be0640ab12e0/Screen_Shot_2016-09-02_at_19.54.54.png)

#### Soft wrap

![Screen_Shot_2016-09-02_at_19.54.45](/uploads/5af425587ce7198e015cce58440971b9/Screen_Shot_2016-09-02_at_19.54.45.png)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

Closes #18297

See merge request !6188