At present, the TodoService uses the `:read_project` ability to decide
whether a user can read a note on a commit. However, commits can have a
visibility level that is more restricted than the project, so this is a
security issue.

This commit changes the code to use the `:read_commit` ability in this
case instead, which ensures TODOs are only generated for commit notes
if the users can see the commit.

Optimise UpdateBuildQueueService

Closes #66438

See merge request gitlab-org/gitlab-ce!32095

Update documentation screenshot

See merge request gitlab-org/gitlab-ce!31995

Add version 12 upgrade recommendations

Closes #63907

See merge request gitlab-org/gitlab-ce!30201

Updates doc/policy/maintenance.md, adds upgrade path from 11 -> 12

Update capitalization in /administration, /api, others

See merge request gitlab-org/gitlab-ce!32136

Update capitalization in /administration, /api, /ci
and /customization

Exempt `jwt/auth` for user `gitlab-ci-token` from rate limiting

Closes #49392

See merge request gitlab-org/gitlab-ce!31909

Resolve "Failure in qa/specs/features/browser_ui/3_create/repository/user_views_commit_diff_patch_spec.rb"

Closes gitlab-org/quality/staging#69

See merge request gitlab-org/gitlab-ce!32087

Add logic for respecting browser DNT setting

See merge request gitlab-org/gitlab-ce!32030

Resolve "WebIDE Default Commit options"

Closes #51470

See merge request gitlab-org/gitlab-ce!31449

One exception: there is an existing MR for the current branch and the
branch is non-default and non-protected.

Extended mock_data for ide/stores to have different types of branches:
default, protected and regular

Cleaned new MR checkbox view

Resolve "Mirroring for external CI/CD repositories should not store OAuth token"

See merge request gitlab-org/gitlab-ce!31488

Oauth2 tokens are causing issues with mirroring
repos, because it effectively limits the number
of repos you can mirror. Personal Access
Tokens do not have this problem.

This change removes the OAuth2 option from
the import page for CI/CD only, and only
provides the personal access token form.

Update QA readme to note that Chrome/Chromium is required

See merge request gitlab-org/gitlab-ce!32035

Fix "ERR value is not an integer or out of range" errors

Closes #66449

See merge request gitlab-org/gitlab-ce!32126

Expose namespace storage statistics with GraphQL

See merge request gitlab-org/gitlab-ce!32012

Root namespaces have storage statistics.
This commit allows namespace owners to get those stats via GraphQL
queries like the following one

{
  namespace(fullPath: "a_namespace_path") {
    rootStorageStatistics {
      storageSize
      repositorySize
      lfsObjectsSize
      buildArtifactsSize
      packagesSize
      wikiSize
    }
  }
}

[CE] Enable CSP in dev and CI

See merge request gitlab-org/gitlab-ce!31800

`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
https://github.com/kickstarter/rack-attack/issues/281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.

Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
https://github.com/kickstarter/rack-attack/pull/350.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449

This enables CSP in dev and CI

Fix typo in Content Security Policy example

See merge request gitlab-org/gitlab-ce!32103

Add core badges to admin_area docs

See merge request gitlab-org/gitlab-ce!31746

Some admin_area docs were missing the Core Only badge

Document Gitaly CLI connection troubleshooting

See merge request gitlab-org/gitlab-ce!32079

Provide documentation around possible reasons and solutions to CLI tools
not being able to connect to Gitaly nodes.

CE: Archiving a project should create an audit event

See merge request gitlab-org/gitlab-ce!32039

Make it clear that it's ok to ignore Danger's 'no changelog' warning

See merge request gitlab-org/gitlab-ce!32088

Add `searchBy` helper & `SidebarItemEpicsSelect` placeholder component

See merge request gitlab-org/gitlab-ce!31859

CE Port: Support restricting group access by multiple IP subnets

See merge request gitlab-org/gitlab-ce!31959

Add missing content from debug's kubectl cheat sheet

See merge request gitlab-org/gitlab-ce!31971

Backport of EE MR

See merge request gitlab-org/gitlab-ce!31903

Issue #39099: Add links for latest pipelines

Closes #50499

See merge request gitlab-org/gitlab-ce!20865

Make it clear that the artifacts count as uncompressed

See merge request gitlab-org/gitlab-ce!32045