Escape special chars in Sentry error header

See merge request gitlab-org/security/gitlab!146

Update ProjectAuthorization when deleting or updating GroupGroupLink

Closes #55

See merge request gitlab-org/security/gitlab!165

Update user 2fa when accepting group invite

See merge request gitlab-org/security/gitlab!169

Fix Service Side Request Forgery in JenkinsDeprecatedService

See merge request gitlab-org/security/gitlab!179

Expire account confirmation token

See merge request gitlab-org/security/gitlab!180

Fix for XSS in branch names

Closes #49

See merge request gitlab-org/security/gitlab!184

Remove OID filtering during LFS imports

See merge request gitlab-org/security/gitlab!188

Respect member access level for group shares

Closes #56

See merge request gitlab-org/security/gitlab!192

Previously, we only considered the access level set for the
GroupGroupLink when calculated ProjectAuthorization or
Group#max_member_access_for_user for the shared group. We need to
consider access level in the shared with group as well, which might be
lower than the one set for GroupGroupLink.

Check merge requests read permissions before showing them in the pipeline widget

Closes #60

See merge request gitlab-org/security/gitlab!207

Forbid trigger pipeline requests with Gitlab-Event header

Closes #61

See merge request gitlab-org/security/gitlab!216

Prevent XSS in admin grafana url setting

Closes #25

See merge request gitlab-org/security/gitlab!218

Run badge images through asset proxy

Closes #33

See merge request gitlab-org/security/gitlab!232

This allows us to proxy URLs without going through
the HTML filter

Recalculate ProjectAuthorizations

Closes #75

See merge request gitlab-org/security/gitlab!272

* Validate the grafana URL setting to ensure it is a valid URL and does
not contain javascript.
* Add a rel='noopener noreferrer' attribute to the link on the frontend
so that when the link is opened in a new tab, it will not be able to
control the tab from which it was opened.
* Use the system_hook_validator for grafana_url since it is an admin
setting.
* Add migration to remove any javascript URLs from
application_settings.grafana_url.
* Add a blocked_message option to addressable_url_validator. The option
allows a custom error message to be added if the URL is blocked.
* Add a parse_url method to Gitlab::Util which returns an
Addressable::URI object.
* Add changelog entry.

Fix fixtures for Error Tracking Web UI

See merge request gitlab-org/security/gitlab!293

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>

Move interest in contributing an app to the end of the app list

See merge request gitlab-org/gitlab!26180

Update GitLab Packages

See merge request gitlab-org/gitlab!26175

199134 - Update severity badges

See merge request gitlab-org/gitlab!25489

https://gitlab.com/gitlab-org/gitlab/issues/199134

Disable ci variables ff

See merge request gitlab-org/gitlab!26020

Add skeleton loaders to container registry

See merge request gitlab-org/gitlab!25994

- skeleton loader
- adjust tests

Ported existing spec from karma to jest

See merge request gitlab-org/gitlab!25934

https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25934

Create a vulnerability-list component

See merge request gitlab-org/gitlab!25927

- Adds the dumb component for the vulnerability table
- Adds a smart wrapper around the above component
- Removes the haml table and replaces it with a loading state
- Adds pagination to the vue table
- Adds the alert component error state
- Hooks up the HAML data to the app

Group Deploy Tokens interface

See merge request gitlab-org/gitlab!24102

Added model and rspecs.
Updated DeployToken model associations.

Remove Puma notices from AdminArea banner

See merge request gitlab-org/gitlab!26137

Allow chart descriptions for Insights

Closes #11221

See merge request gitlab-org/gitlab!25686

Remove un accessible links from embded dashboards context menu

Closes #207184

See merge request gitlab-org/gitlab!25892

Update a11y testing docs to reflect current behavior

See merge request gitlab-org/gitlab!25906