Add latest changes from gitlab-org/gitlab@master

changelogs/unreleased/remove_var_from_line_highlighter_js.yml

----
-title: Remove var from line_highlighter.js
-merge_request: 20108
-author: Lee Tickett
-type: other

changelogs/unreleased/remove_var_from_merge_request_tabs_spec_js.yml

----
-title: Remove var from merge_request_tabs_spec.js
-merge_request: 20087
-author: Lee Tickett
-type: other

changelogs/unreleased/remove_var_from_new_branch_Form_js.yml

----
-title: Remove var from new_branch_form.js
-merge_request: 20099
-author: Lee Tickett
-type: other

changelogs/unreleased/remove_var_from_new_commit_form_js.yml

----
-title: Remove var from new_commit_form.js
-merge_request: 20095
-author: Lee Tickett
-type: other

changelogs/unreleased/remove_var_from_preview_markdown_js.yml

----
-title: Remove var from preview_markdown.js
-merge_request: 20115
-author: Lee Tickett
-type: other

changelogs/unreleased/remove_var_from_project_select_js.yml

----
-title: Remove var from project_select.js
-merge_request: 20091
-author: Lee Tickett
-type: other

changelogs/unreleased/remove_var_from_syntax_highlight_spec_js.yml

----
-title: Remove var from syntax_highlight_spec.js
-merge_request: 20086
-author: Lee Tickett
-type: other

changelogs/unreleased/remove_var_from_tree_js.yml

----
-title: Remove var from tree.js
-merge_request: 20103
-author: Lee Tickett
-type: other

changelogs/unreleased/render-html-tags-in-job-log.yml

----
-title: Do not escape HTML tags in Ansi2json as they are escaped in the frontend
-merge_request: 19610
-author:
-type: fixed

changelogs/unreleased/retrigger-license-compliance.yml

----
-title: Triggers the correct endpoint on licence approval
-merge_request: 19078
-author:
-type: fixed

changelogs/unreleased/rs-change-service-failure-reasons.yml

----
-title: 'Add an `error_code` attribute to the API response when a cherry-pick or revert fails.'
-merge_request: 19518
-author:
-type: added

changelogs/unreleased/security-2914-labels-visible-despite-no-access-to-issues-repositories.yml

----
-title: Do not display project labels that are not visible for user accessing group labels
-merge_request:
-author:
-type: security

changelogs/unreleased/security-2920-fix-notes-with-label-cross-reference.yml

----
-title: Show cross-referenced label and milestones in issues' activities only to authorized users
-merge_request:
-author:
-type: security

changelogs/unreleased/security-64519-nested-graphql-query-can-cause-denial-of-service.yml

----
-title: Analyze incoming GraphQL queries and check for recursion
-merge_request:
-author:
-type: security

changelogs/unreleased/security-65756-ex-admin-attacker-can-comment-in-internal.yml

----
-title: Disallow unprivileged users from commenting on private repository commits
-merge_request:
-author:
-type: security

changelogs/unreleased/security-bvl-validate-force-remove-branch-on-mrs.yml

----
-title: Don't allow maintainers of a target project to delete the source branch of
-  a merge request from a fork
-merge_request:
-author:
-type: security

changelogs/unreleased/security-developer-transfer-project.yml

----
-title: Require Maintainer permission on group where project is transferred to
-merge_request:
-author:
-type: security

changelogs/unreleased/security-hide-private-members-in-project-member-autocomplete.yml

----
-title: "Don't leak private members in project member autocomplete suggestions"
-type: security

changelogs/unreleased/security-id-fix-disclosure-of-private-repo-names.yml

----
-title: Return 404 on LFS request if project doesn't exist
-merge_request:
-author:
-type: security

changelogs/unreleased/security-mask-sentry-token-ce.yml

----
-title: Mask sentry auth token in Error Tracking dashboard
-author:
-type: security