Adds a full log viewer for completed logs to the job details page.

Changelog: added

This is not shown at the moment as the backend is not providing
any data.

Changelog: changed

When a previously detected Secret moves within the file, this commit
ensures to reuse the existing Secret Detection(SD) vulnerabilities from
the database instead of creating newly detected duplicate findings. This
is done with the help of tracking signature of the vulnerability generated
using 'rule_value' algorithm.

Refer: https://gitlab.com/gitlab-org/gitlab/-/issues/434096

Changelog: added
EE: true

This change allows non-admins to modify the group setting
that enables groups to continue using the runner registration token.

Changelog: fixed

Instead of modifiying a project created with `let_it_be` create a new
one.

Migrates deprecated GlDropdown to GlCollapsibleListbox.

Changelog: fixed

Do not update position immediately

Added to issue_header and sticky_header.

Since `isImported` now defaults to `false`, we will not show the
badge for now (while waiting for backend data).

Changelog: changed

Changelog: fixed
EE: true

When adding GitLab to the homescreen on an Apple device the default
icon apple-touch-icon.png is used. This is hardcoded and therfore
on self-hosted instances the GitLab logo is shown.
As the pwa icon fullfills the same purpose in an standardized way,
we can use it as apple-touch-icon if defined.

Further references regarding "apple-touch-icon":
- https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html

Closes: https://gitlab.com/gitlab-org/gitlab/-/issues/358124

Changelog: added

Changelog: changed

Changelog: changed

Changelog: changed

Changelog: added

In the future, we might make a change to how we handle user request
parameters in a way that has unexpected and undesired consequence;
specifically mass assignment vulnerabilities. (There are currently
none known). These additional unit tests and/or explicit type-casts are
intended to defend against that future scenario.

For example: attempting to brute force a password by sending many
passwords in a single request for a single user should never work. Nor
should sending multiple OTP codes. The reason they _might_
inadvertently work is because Ruby / Rails often doesn't mind if you
send a string or an array of strings. For example:

```ruby
# POST /vulnerable?email=fake@attacker.com
> User.find_by(email: params[:email])
# User Load (3.4ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'fake@attacker.com' LIMIT 1
=> nil

# We expect email to be a string, but what if it's not?
# POST /vulnerable?email[]=fake@attacker.com&email[]=admin@example.com
> User.find_by(email: params[:email])
# User Load (1.6ms)  SELECT "users".* FROM "users" WHERE "users"."email" IN ('fake@attacker.com', 'admin@example.com')
=> #<User id:1 @root>
```

This work resolves https://gitlab.com/gitlab-org/gitlab/-/issues/442831+

The methodology was to look at authentication & authorization-related
controllers, and down into any Helpers/Services/etc that are called
or included.

Added new placeholder user_type, added Imports::SourceUser, and service
to create them from imported user attributes.

- Rename `Gitlab::Pages::DeploymentUpdate` to `Gitlab::Pages::DeploymentValidations`
- Use `with_option` to avoid duplication
- Remove some rubocop Todos
- Refactor specs for clarity

The monospace font needs to be defined via a plugin so that we can
disable ligatures. This in turn requires that we slightly adjust the
CSS-in-Js generator so that it takes this plugin into account when
creating and purging the config.

Gitaly passes the repository's relative path to Rails when it calls
the internal API. The relative path passed is the transaction's
snapshot repository's relative path. Without it Gitaly will not be
able to apply the repository's quarantine correctly as the quarantine
paths are relative to the snapshot repository.

While the relative path is passed in production code, tests haven't
been updated to pass the relative to Gitaly. This leads to test
failures when transactions are enabled in Gitaly.

Pass the relative path of the repository in the tests to ensure its
present when transactions are enabled. The relative path passed in
tests is the same as the actual relative path of the repository. In
reality the two paths would be different. As Gitaly is stubbed out
in the tests, it doesn't start a transaction and rewrite the relative
path so we use the original one.

The message is the entire multi-line commit message, which doesn't
truncate well. Instead, show the title, which should be a good headline
for the commmit.

Changelog: changed

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/452117

**Problem**

We don't provide an ID of the modified deploy key. Because of that
backend tries to create a deploy key, but fails due to uniqueness check.

**Solution**

Return id for deploy key elements

Changelog: fixed

This task was deprecated since 16.6.

Changelog: removed

Co-authored-by: James Nutt <jnutt@gitlab.com>

This change allows ingesting epoch millis (like from JIRA) and store
them as the ended_at time.

Changelog: added

Update description field component as per the
new UX

Changelog: changed

Change the URL from /infrastructure_registry to
/terraform_module_registry for group and projects
on the Terraform module registry pages

Related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/440531

Changelog: changed

Changelog: changed

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147227
EE: false

MR: gitlab.com/gitlab-org/gitlab/-/merge_requests/149942

In **Admin area > Users**, replaced tab navigation by a filtered search.

Closes: https://gitlab.com/gitlab-org/gitlab/-/issues/238183

Closes: https://gitlab.com/gitlab-org/gitlab/-/issues/448885



Co-authored-by: Ivan Shtyrliaiev <ee923925@gmail.com>

When managing external participants in an issue
we add system notes to display which email
was added or removed. On public issues or for
guest users this information should not be visible.

Adds obfuscation to issue email participant
system notes, so no email addresses are disclosed
if the user does not have the needed role.

Changelog: added