[ci skip]

[ci skip]

Backport !21510 12-2

See merge request gitlab-org/gitlab!21679

This reverts commit 29a46495.

This reverts commit 351c9172.

This reverts commit d038b45d.

[ci skip]

[ci skip]

Backport the new reliable fetcher to 12.2

See merge request gitlab-org/gitlab!21198

Backport of https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/32565

Fix 12-2-stable-ee pipelines

See merge request gitlab-org/gitlab!21319

We've been seeing increased flaky failures due to the timeout
exceeding 3 seconds. With the additional regexp in
e38e2adc, we see that performance has
gotten worse:

```
1.376477   0.005843   1.382320 (  1.423449)
```

Previously it was:

```
0.566795 0.000933 0.567728 ( 0.569076)
```

Closes https://gitlab.com/gitlab-org/gitlab/issues/35269

Don't make external requests

Closes #38045

See merge request gitlab-org/gitlab!21161

Merge branch 'fix-tests-that-rely-on-the-number-of-tags-or-their-ordering-in-gitlab-test-12-4' into '12-4-stable-ee'

Fix tests that rely on a specific tags list

See merge request gitlab-org/gitlab!20557

(cherry picked from commit 66e946ed)

c2feb8a5 Fix tests that rely on a specific tags list

[ci skip]

[ci skip]

GroupPackageFinder to filter private repos

See merge request gitlab/gitlab-ee!1364

Filter out packages who the user doesnt have permission
to see (:read_package)

Return 404 on LFS request if project doesn't exist

See merge request gitlab/gitlab-ee!1289

Pass all wiki markup formats through our Banzai pipeline filters

See merge request gitlab/gitlab-ee!1387

Return 404 on LFS request if project doesn't exist

See merge request gitlab/gitlabhq!3508

Only assign merge params when allowed

See merge request gitlab/gitlab-ee!1350

Only assign merge params when allowed

See merge request gitlab/gitlabhq!3460

Nested GraphQL query with circular relationship can cause Denial of Service

See merge request gitlab/gitlab-ee!1240

Merge branch 'security-377-private-subgroup-path-visible-in-epic-timeline-when-child-epic-is-added-12-2-ee' into '12-2-stable-ee'

Private subgroup path visible in epic timeline when child epic is added.

See merge request gitlab/gitlab-ee!1252

Merge branch 'security-65756-ex-admin-attacker-can-comment-in-internal-12-2-ee' into '12-2-stable-ee'

Improper access control allows the attacker to comment in internal commit after they are no longer admin

See merge request gitlab/gitlab-ee!1255

Improper access control allows the attacker to comment in internal commit after they are no longer admin

Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-2-ee' into '12-2-stable-ee'

Labels visible despite no access to issues & repositories

See merge request gitlab/gitlab-ee!1313

Project path reveals labels from Private project if the issue is moved to public project

See merge request gitlab/gitlab-ee!1332

Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete-12-2-ee' into '12-2-stable-ee'

Hide private members in project member autocomplete

See merge request gitlab/gitlab-ee!1334

Private/internal repository enumeration via bruteforce on a vulnerable URL

See merge request gitlab/gitlab-ee!1347

Merge branch 'security-remove-deploy-access-levels-on-project-group-link-deletion-12-2' into '12-2-stable-ee'

Remove deploy access level when project/group link is deleted

See merge request gitlab/gitlab-ee!1358