Merge branch 'security-fix-cr-edit-17-2' into '17-2-stable-ee'

See merge request gitlab-org/security/gitlab!4426

Changelog: security

Update google-cloud-core and google-cloud-env gems

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162466



Merged-by: Ahmad Tolba <atolba@gitlab.com>
Approved-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

[merge-train skip]

[ci skip]

[ci skip]

Always build assets image when tagging

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4386



Merged-by: Ahmad Tolba <atolba@gitlab.com>
Approved-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>

Merge branch '17-2-always-run-build-assets-image-when-tagging' into '17-2-stable-ee'

See merge request gitlab-org/security/gitlab!4386

Changelog: security

Backport "Disable allow_failure for release-environments pipeline"

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/163189



Merged-by: Mawreen Dela Cruz <mdelacruz@gitlab.com>
Approved-by: Nao Hashizume <nhashizume@gitlab.com>
Approved-by: Mawreen Dela Cruz <mdelacruz@gitlab.com>
Co-authored-by: Jenny Kim <yjeankim@gitlab.com>

[merge-train skip]

[ci skip]

[ci skip]

Merge branch 'security-prevent-vulnerability-resolution-prompt-injection-attacks-17-2' into '17-2-stable-ee'

Do not run pipelines when resolving vulnerability

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4307



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Nicolas Dular <ndular@gitlab.com>
Co-authored-by: Alex Buijs <abuijs@gitlab.com>

Merge branch 'security-prevent-vulnerability-resolution-prompt-injection-attacks-17-2' into '17-2-stable-ee'

See merge request gitlab-org/security/gitlab!4307

Changelog: security

Add Octokit::ResponseValidation middleware

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4376



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: James Nutt <jnutt@gitlab.com>
Co-authored-by: Keeyan Nejad <knejad@gitlab.com>

Merge branch 'security-octokit-dos-protection-17-2' into '17-2-stable-ee'

See merge request gitlab-org/security/gitlab!4376

Changelog: security

IP restriction to prevent all group permissions

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4340



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Bob Van Landuyt <bob@gitlab.com>
Co-authored-by: Imre Farkas <ifarkas@gitlab.com>

Merge branch 'security-ip_restriction_to_prevent_all_group_permissions-17-2' into '17-2-stable-ee'

See merge request gitlab-org/security/gitlab!4340

Changelog: security

Destroy associated releases when removing a tag via Git CLI

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4366



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Sincheol (David) Kim <dkim@gitlab.com>
Co-authored-by: Tiger <twatson@gitlab.com>

Merge branch 'security-destroy-releases-when-tag-is-deleted-via-cli-17-2' into '17-2-stable-ee'

See merge request gitlab-org/security/gitlab!4366

Changelog: security

Disable allow_failure for release-environments pipeline

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148524



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Nao Hashizume <nhashizume@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Jenny Kim <yjeankim@gitlab.com>

(cherry picked from commit 7b5b756c

)

d696707e Disable allow_failure for the security downstream pipeline

Co-authored-by: Mayra Cabrera <mcabrera@gitlab.com>

17.2 backport for: Resolve "Background migrations removed in 17.1 cause upgrade issues"

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162868



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Dylan Griffith <dyl.griffith@gmail.com>
Approved-by: Adam Hegyi <ahegyi@gitlab.com>
Co-authored-by: Ryan Wells <rwells@gitlab.com>

Update code_suggestions_spec to have tokens_consumption_metadata

Closes #476203 and #476205

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161409



Merged-by: Andrejs Cunskis <acunskis@gitlab.com>
Approved-by: Andrejs Cunskis <acunskis@gitlab.com>
Co-authored-by: Jay McCure <jmccure@gitlab.com>

Changelog: fixed

Merge branch 'handle-empty-ff-merge-in-from-train-ref-strategy-backport-17-2' into '17-2-stable-ee' 

Backport 17-2: handle empty repository.ff_merge

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162544



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Max Fan <mfan@gitlab.com>
Co-authored-by: Hordur Freyr Yngvason <hfyngvason@gitlab.com>

Changelog: changed
EE: true

Fix upgrading to versions > 17.0 without upgrading to 17.0 first

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162551



Merged-by: Dylan Griffith <dyl.griffith@gmail.com>
Approved-by: Adam Hegyi <ahegyi@gitlab.com>
Approved-by: Dylan Griffith <dyl.griffith@gmail.com>
Co-authored-by: Michał Zając <mzajac@gitlab.com>

(cherry picked from commit 9da12fdd)

8ee4d0a6

 Fix upgrading to versions > 17.0 without upgrading to 17.0 first

Co-authored-by: Dylan Griffith <dyl.griffith@gmail.com>

Fix empty dependency list page

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162523



Merged-by: Brian Williams <bwilliams@gitlab.com>
Approved-by: Brian Williams <bwilliams@gitlab.com>
Co-authored-by: atiwari71 <atiwari@gitlab.com>

Prevent deletion of occurrence when container_scanning_for_registry report is ingested.

Changelog: fixed
EE: true

The Gitaly API returns an empty response instead of an error if the ref
update portion of the fast-forward merge fails due to a race with
another ref upate. This could cause a merge request to incorrectly
appear merged if the target branch got updated while merge train was
performing a fast-forward merge.

EE: true
Changelog: fixed

Merge branch 'jennykim/remove-release-environment-canonical-pipeline' into 'master'

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162491



Merged-by: Jennifer Li <jli@gitlab.com>
Approved-by: Jennifer Li <jli@gitlab.com>

Check if columns exist before running credit card hashing background migration

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161773



Merged-by: Krasimir Angelov <kangelov@gitlab.com>
Approved-by: Harsha Muralidhar <hmuralidhar@gitlab.com>
Approved-by: Krasimir Angelov <kangelov@gitlab.com>
Co-authored-by: Hinam Mehra <hmehra@gitlab.com>

Remove release-environment downstream pipeline from canonical

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162342



Merged-by: Jennifer Li <jli@gitlab.com>
Approved-by: Dat Tang <dattang@gitlab.com>
Approved-by: Jennifer Li <jli@gitlab.com>
Co-authored-by: Jenny Kim <yjeankim@gitlab.com>

google-cloud-env has this noteable change:

- Much more robust retry policy and detection mechanisms for the
  metadata server

google-cloud-core Changelog:
https://github.com/googleapis/google-cloud-ruby/blob/main/google-cloud-core/CHANGELOG.md

google-cloud-env Changelog:
https://github.com/googleapis/ruby-cloud-env/blob/main/CHANGELOG.md

Changelog: changed

Remove stong_memoization for cloud connector services

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162311



Merged-by: Roy Zwambag <rzwambag@gitlab.com>
Approved-by: Roy Zwambag <rzwambag@gitlab.com>
Co-authored-by: Nikola Milojevic <nmilojevic@gitlab.com>

Backport 17.2 - Do not run release-environments on tagging

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162292



Merged-by: Dat Tang <dattang@gitlab.com>
Approved-by: Jennifer Li <jli@gitlab.com>