[ci skip]

[10.2] Fix bug in security release with deploy keys migration

See merge request gitlab-org/gitlab-ce!16529

[ci skip]

Prepare 10.2.6 Security Release

See merge request gitlab/gitlabhq!2290

Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2223

(cherry picked from commit 43b6135f2226625b5e50d9aa2149a0ea74bb1336)

a4bb4a5b Prevents login with disabled OAuth providers

Sanitizes IPython notebook output

See merge request gitlab/gitlabhq!2237

(cherry picked from commit db98d764c4112dd24bc5ae9ed2bfc01052820309)

8908edbf Sanitizes iPython notebook output
90286ceb fixed karma specs

Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-2' into 'security-10-2'

[10.2] Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2287

(cherry picked from commit 1e19734413d46346dd46177d056d9c7165602197)

b7664b12 Don't allow line breaks on HTTP headers

[10.2] Fix RCE via project import mechanism

See merge request gitlab/gitlabhq!2293

(cherry picked from commit 836918b04ed739fe07b239d0e4eab58296218c8c)

cec9a6ae Fix RCE via project import mechanism

[10.2] Migrate `can_push` column from `keys` to `deploy_keys_project`

See merge request gitlab/gitlabhq!2275

(cherry picked from commit b07115bbf3a6f2340e88213f51f699302e6af1d9)

5382c682 Backport to 10.2

[10.2] backport - check project access on MR create

See merge request gitlab/gitlabhq!2279

(cherry picked from commit dd1654b7830948347a23521058a1386a8ba97b69)

8b1e50e4 check project access on MR create

[10.2] Fix path traversal in gitlab-ci.yml cache:key

See merge request gitlab/gitlabhq!2271

(cherry picked from commit 9184cd7968665137a18c4823ece239a4a1ca0e46)

1050945a Fix path traversal in gitlab-ci.yml cache:key

Validate project path in Gitlab import - 10.2 port

See merge request gitlab/gitlabhq!2267

(cherry picked from commit faea8488456aed31915ca9dd6cb2a7d3090294ec)

036fc6c9 Validate project path in Gitlab import

Remove order param from the MilestoneFinder - 10.2 port

See merge request gitlab/gitlabhq!2264

(cherry picked from commit 54c82aee8d97a7a82fff49197d023e2ebd3247e8)

bca5ca97 Remove order param from the MilestoneFinder

[10.2] Fix XSS in issue label dropdown

See merge request gitlab/gitlabhq!2251

(cherry picked from commit df15b14521c46aaad5805ae90aa04739d78eec63)

6d693d09 Fix XSS in issue label dropdown

[10.2] Fix XSS vulnerability in Pipeline job trace - backport 10 2

See merge request gitlab/gitlabhq!2260

(cherry picked from commit 4ba826b5df561e85f6fdfc86c20779b1a91b598b)

b890d809 Fix XSS vulnerability in Pipeline job trace

Merge branch 'security-10-2-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-2'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2282

(cherry picked from commit 66b1677940084505123cd519d0894c89dcc60da2)

8b3dcc2a Filter out sensitive fields from the project services API

[ci skip]

Prepare 10.2.5 release

See merge request gitlab-org/gitlab-ce!15925

Optimize API /groups/:id/projects by preloading assocations (10.2 port)

See merge request gitlab-org/gitlab-ce!15926

Create fork networks for deleted source projects (10.2 port)

See merge request gitlab-org/gitlab-ce!15927

Merge branch 'pawel/update-prometheus_gem_to_highly_optimized_version-10-2' into '10-2-stable-patch-5'

Update prometheus-client-mmap gem to highly optimized version (10.2 port)

See merge request gitlab-org/gitlab-ce!15928

Create fork networks for deleted source projects

Closes #40072

See merge request gitlab-org/gitlab-ce!15595

(cherry picked from commit 552c9089)

Conflicts:
	lib/gitlab/background_migration/populate_fork_networks_range.rb

Update prometheus-client-mmap gem to highly optimized version

See merge request gitlab-org/gitlab-ce!15796

(cherry picked from commit aa24f7e1)

Conflicts:
	config/initializers/7_prometheus_metrics.rb

Optimize API /groups/:id/projects by preloading assocations

Closes #40308

See merge request gitlab-org/gitlab-ce!15475

(cherry picked from commit 65b7a7a0)

Conflicts:
	lib/api/groups.rb

Upgrade codeclimate image to latest

Closes #40255

See merge request gitlab-org/gitlab-ce!15461

(cherry picked from commit c26d7089)

586d878d Upgrade codeclimate image to 0.70.1
18231881 Use latest codeclimate image again

Properly bump prometheus-client-mmap gem versions

See merge request gitlab-org/gitlab-ce!15825

(cherry picked from commit a2d16480)

Conflicts:
	Gemfile
	Gemfile.lock

Resolve "Prometheus loading screen no longer seems to appear"

Closes #40285

See merge request gitlab-org/gitlab-ce!15889

(cherry picked from commit a8b98528)

d072c0cd fix broken empty state assets for environment monitoring page
9864720a add CHANGELOG.md entry for !15889

Fix gitlab:import:repos Rake task moving repositories into the wrong location

Closes #40765

See merge request gitlab-org/gitlab-ce!15823

(cherry picked from commit 7694ae88)

78f7c3c8 Fix gitlab:import:repos Rake task moving repositories into the wrong location
e8cced80 Fix failing importer test case on MySQL due to missing trailing slash in root path
917a112e Simplify normalizing of paths
86661a3a Use build instead of create in importer spec
f1eaab7b Remove the need for destroy and add a comment in the spec

Bump redis-rails to 5.0.2 to get redis-store security updates

Closes #40889

See merge request gitlab-org/gitlab-ce!15773

(cherry picked from commit 6808d11b)

f76aaa21 Bump redis-rails to 5.0.2 to get redis-store security updates