[10.2] Fix XSS vulnerability in Pipeline job trace - backport 10 2

See merge request gitlab/gitlabhq!2260

(cherry picked from commit 4ba826b5df561e85f6fdfc86c20779b1a91b598b)

b890d809 Fix XSS vulnerability in Pipeline job trace

Merge branch 'security-10-2-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-2'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2282

(cherry picked from commit 66b1677940084505123cd519d0894c89dcc60da2)

8b3dcc2a Filter out sensitive fields from the project services API

[ci skip]

Prepare 10.2.5 release

See merge request gitlab-org/gitlab-ce!15925

Optimize API /groups/:id/projects by preloading assocations (10.2 port)

See merge request gitlab-org/gitlab-ce!15926

Create fork networks for deleted source projects (10.2 port)

See merge request gitlab-org/gitlab-ce!15927

Merge branch 'pawel/update-prometheus_gem_to_highly_optimized_version-10-2' into '10-2-stable-patch-5'

Update prometheus-client-mmap gem to highly optimized version (10.2 port)

See merge request gitlab-org/gitlab-ce!15928

Create fork networks for deleted source projects

Closes #40072

See merge request gitlab-org/gitlab-ce!15595

(cherry picked from commit 552c9089)

Conflicts:
	lib/gitlab/background_migration/populate_fork_networks_range.rb

Update prometheus-client-mmap gem to highly optimized version

See merge request gitlab-org/gitlab-ce!15796

(cherry picked from commit aa24f7e1)

Conflicts:
	config/initializers/7_prometheus_metrics.rb

Optimize API /groups/:id/projects by preloading assocations

Closes #40308

See merge request gitlab-org/gitlab-ce!15475

(cherry picked from commit 65b7a7a0)

Conflicts:
	lib/api/groups.rb

Upgrade codeclimate image to latest

Closes #40255

See merge request gitlab-org/gitlab-ce!15461

(cherry picked from commit c26d7089)

586d878d Upgrade codeclimate image to 0.70.1
18231881 Use latest codeclimate image again

Properly bump prometheus-client-mmap gem versions

See merge request gitlab-org/gitlab-ce!15825

(cherry picked from commit a2d16480)

Conflicts:
	Gemfile
	Gemfile.lock

Resolve "Prometheus loading screen no longer seems to appear"

Closes #40285

See merge request gitlab-org/gitlab-ce!15889

(cherry picked from commit a8b98528)

d072c0cd fix broken empty state assets for environment monitoring page
9864720a add CHANGELOG.md entry for !15889

Fix gitlab:import:repos Rake task moving repositories into the wrong location

Closes #40765

See merge request gitlab-org/gitlab-ce!15823

(cherry picked from commit 7694ae88)

78f7c3c8 Fix gitlab:import:repos Rake task moving repositories into the wrong location
e8cced80 Fix failing importer test case on MySQL due to missing trailing slash in root path
917a112e Simplify normalizing of paths
86661a3a Use build instead of create in importer spec
f1eaab7b Remove the need for destroy and add a comment in the spec

Bump redis-rails to 5.0.2 to get redis-store security updates

Closes #40889

See merge request gitlab-org/gitlab-ce!15773

(cherry picked from commit 6808d11b)

f76aaa21 Bump redis-rails to 5.0.2 to get redis-store security updates

Backport board scope highlight

See merge request gitlab-org/gitlab-ce!15757

(cherry picked from commit 0803a0b3)

6f256386 backport board scope highlight

Replace absolute URLs on related branches/MRs with relative url to avoid hostname

Closes #40555

See merge request gitlab-org/gitlab-ce!15735

(cherry picked from commit 73a79f7e)

88f268b5 Replace absolute URLs on related branches/MRs with relative url to avoid hostname

Resolve "updateEndpoint undefined on Issue page"

Closes #40715

See merge request gitlab-org/gitlab-ce!15698

(cherry picked from commit be8ca260)

3e9e773c Remove unused updateUrl and updateEndpoint
0ce9215e Revert updateUrl and updateEndpoint removal and instead pass updateEndpoint…
15b2fc3b simplify props for issue_show app root
4d86f05a Add changelog entry

Resolve "Dropdown options are misaligned"

Closes #40592

See merge request gitlab-org/gitlab-ce!15693

(cherry picked from commit 2b07c2ee)

6a1052c1 remove top from dropdown-label-box that is child of filter-dropdown-item

Fix the fork project functionality for projects with hashed storage

Closes #40711

See merge request gitlab-org/gitlab-ce!15671

(cherry picked from commit 50eb1252)

327a9898 Fix the fork project functionality for projects with hashed storage

Redirect to an already forked project if it exists

See merge request gitlab-org/gitlab-ce!15653

(cherry picked from commit fbe8dfb3)

299c5439 Redirect to an already forked project if it exists

Generalize detail page headers (Issues, Merge Requests, Snippets)

Closes #40543

See merge request gitlab-org/gitlab-ce!15639

(cherry picked from commit 5d9585d1)

6d61b404 Generalize detail page headers

Only load branch names for protected branch checks

See merge request gitlab-org/gitlab-ce!15629

(cherry picked from commit 1aaa6095)

a0527ab8 Only load branch names for protected branch checks

Keep track of all storage keys in a set

See merge request gitlab-org/gitlab-ce!15613

(cherry picked from commit 02111f4d)

b72d2438 Keep track of all storage keys in a set

Backport !15678 to `10-2-stable`

See merge request gitlab-org/gitlab-ce!15680

[ci skip]

Prepare 10.2.4 security release

See merge request gitlab/gitlabhq!2241

prevent potential XSS when editing comment

See merge request gitlab/gitlabhq!2238

(cherry picked from commit 80ed6d25a46c0f70ec8baea78b5777118d63876c)

7480e462 prevent potential XSS when editing comment

Prevent creating issues through API without having permissions

See merge request gitlab/gitlabhq!2225

(cherry picked from commit c298bbaa88883343dc9cbbb6abec0808fb3b546c)

915b97c5 Prevent creating issues through API without having permissions

[10.2] Ensure we expose group projects using GroupProjectsFinder

See merge request gitlab/gitlabhq!2234

(cherry picked from commit 072f8f2fd6ec794645375a16ca4ddc1cbeb76d7a)

a2240338 Ensure we expose group projects using GroupProjectsFinder

(10.2) Avoid partial partial email adresses for matching

See merge request gitlab/gitlabhq!2232

(cherry picked from commit 081aa1e91a777c9acb31be4a1e76b3dd7032fa9a)

fa85a3fd Don't allow searching for partial user emails