[ci skip]

[11.6] Backport Rugged implementations for Git access

See merge request gitlab-org/gitlab-ce!27536

Bring back Rugged implementation of ListCommitsByOid

See merge request gitlab-org/gitlab-ce!27441

Avoid excessive recursive calls with Rugged TreeEntries

Closes #59759

See merge request gitlab-org/gitlab-ce!26813

Bring back Rugged implementation of commit_tree_entry

See merge request gitlab-org/gitlab-ce!25896

Bring back Rugged implementation of GetTreeEntries

See merge request gitlab-org/gitlab-ce!25674

Bring back Rugged implementation of TreeEntry

See merge request gitlab-org/gitlab-ce!25706

Bring back Rugged implementation of CommitIsAncestor

See merge request gitlab-org/gitlab-ce!25702

Bring back Rugged implementation of find_commit

See merge request gitlab-org/gitlab-ce!25477

Fix XSS in resolve conflicts form

See merge request gitlab/gitlabhq!2989

The issue arose when the branch name contained Vue template
JavaScript. The fix is to use `v-pre` which disables Vue
compilation in a template.

Sharing a public project with a private group makes the group page publicly accessible

See merge request gitlab/gitlabhq!2984

[ci skip]

Display only information visible to current user on Milestone detail

See merge request gitlab/gitlabhq!2919

Display only labels and assignees of issues
visible by the currently logged user
Display only issues visible to user in the burndown chart

Display the correct number of MRs a user has access to

See merge request gitlab/gitlabhq!2927

Filter impersonated sessions from active sessions and remove ability to revoke session

See merge request gitlab/gitlabhq!2983

Forbid creating discussions for users with restricted access

See merge request gitlab/gitlabhq!2889

Check issue milestone availability

See merge request gitlab/gitlabhq!2906

Disable issue board policies when issues are disabled

See merge request gitlab/gitlabhq!2912

Show only MRs visible to user on milestone detail

See merge request gitlab/gitlabhq!2925

Don't allow non-members to see private related MRs

See merge request gitlab/gitlabhq!2932

Validate session key when authorizing with GCP to create a cluster

See merge request gitlab/gitlabhq!2936

Fix git clone revealing private repo's presence

See merge request gitlab/gitlabhq!2940

Check snippet attached file to be moved is within designated directory

See merge request gitlab/gitlabhq!2943

Fix blind SSRF in Prometheus Integration

See merge request gitlab/gitlabhq!2946

Check validity before querying so that if the dns entry for the api_url
has been changed to something invalid after the model was saved and
checked for validity, it will not query. This is to solve a toctou
(time of check to time of use) issue.

Fix leaking private repository information in API

See merge request gitlab/gitlabhq!2950

Arbitrary file read via MergeRequestDiff

See merge request gitlab/gitlabhq!2953

Remove link after issue move when no permissions

See merge request gitlab/gitlabhq!2957

Merge branch 'security-add-public-internal-groups-as-members-to-your-project-idor-11-6' into '11-6-stable'

Add public/internal groups as members to your Project(IDOR)

See merge request gitlab/gitlabhq!2958

Block local URLs for Kubernetes integration

See merge request gitlab/gitlabhq!2961

Catch possible Addressable::URI::InvalidURIError

See merge request gitlab/gitlabhq!2966

Stop linking to unrecognized package sources

See merge request gitlab/gitlabhq!2971