Fix javascript errors with invalid json because of commas

fixes #15390 

See merge request !3827

Define constants only if not defined yet and freeze them

Fixes #15139.

See merge request !3810

Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/12785
Merge Request: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3514

In doing this I'm breaking my own rules of not merging master into a
stable branch during the feature freeze. I'm breaking this rule for two
reasons:

1. Somewhere down the line I messed up picking commits into the stable
   branch and as a result I basically can't merge anything anymore
   without resolving 9000 merge conflicts.

2. All merge requests merged into master had the "Pick into Stable"
   label anyway except for one commit that bumps the version. As such
   merging master into this branch is not really different from picking
   things manually.

Sanitize branch names for confidential issues

- When creating new branches for confidential issues, prefer a branch name like `issue-15` to `some-sensitive-issue-title-15`.
- The behaviour for non-confidential issues stays the same.

Closes #14566

See merge request !3671

Configuring of points per UDP packet

Related to https://gitlab.com/gitlab-com/operations/issues/195. This option would allow us to experiment with finding a good balance between points-per-packet and the UDP packet size.

cc @pcarranza 

See merge request !3816

Bump version to 8.8.0-pre

See merge request !3809

"git lfs init" is deprecated, use "git lfs install" instead.

Recent releases of git-lfs warn that "init" is a deprecated command and that "install" should be used.


See merge request !3779

Remove persistent XSS vulnerability in `commit_person_link` helper

Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.

Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126

See merge request !1948

Removed aside toggle on profile pages

Closes #13943

See merge request !3796

Trigger filtering after ajax is complete in dropdown

![filter](/uploads/1c361d968769eb3fe5cdd05dee497aa6/filter.gif)

Closes #15186

See merge request !3813

This allows users to configure the number of points stored in a single
UDP packet. This in turn can be used to reduce the number of UDP packets
being sent at the cost of these packets being somewhat larger.

The default setting is 1 point per packet so nothing changes for
existing users.

API: Present an array of Gitlab::Git::Tag instead of array of rugged tags

The annotated message was always `null` because the wrong array was presented. 

The entity requires an array of `Gitlab::Git::Tags` instead an array of raw rugged tags was presented. Since a rugged tag does not respond to `message` to get the annotated message, this was always `null`. 

See merge request !3764

Add notice about GitLab Runner to requirements docs

This is related to #14589, and problems that may stem from running
GitLab Runner on same machine user installed GitLab web app on.

See merge request !3518

Add configurable shared runners text

cc @axil @rspeicher @grzesiek 

See merge request !3750

* 'master' of dev.gitlab.org:gitlab/gitlabhq:
  Add Changelog entry for group link permissions fix
  Use guard clause to check ability to share project
  Refactor method that shares project with a group
  Check permissions when sharing project with group

Check permissions when sharing project with group

## Summary

Unprivileged user was able to share project with group he didn't have access to, and therefore gain partial access to that group, which opened possibilities for further actions like listing private projects in that group.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/15330

## Fix

This change introduces additional check for group read access.

## Further work

We can think about preventing such problems in the future (this is quite common problem) by moving permissions checks to another layer of abstraction (TBD).

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15330

See merge request !1949

Make before_script and after_script overridable

This is makes it possible to overwrite the before_script and after_script at job level.

This is continuation of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3771


See merge request !3772

Implement after_script which allows to do cleanups as part of the build process

This implements `after_script` in global context.

The `after_script` will be executed always after the job, even if the job were canceled.

This requires changes on Runner side that will be implemented in 1.2.

cc @tmaczukin @grzesiek 


See merge request !3771

Allow enable/disable push events for system hooks in UI

Improvement for !3744 

Fixes #15284 

See merge request !3812

Closes #15330

Fix prepare build execution in docker environment

In newest versions of docker the `/.dockerinit` file doesn't exists any more (https://github.com/docker/docker/pull/19490). And oo our builds are failing, because the `./scripts/prepare_build.sh` script isn't installing required dependencies.

This MR fixes the problem with backward compatibility for oldest docker environments. 

/cc @grzegorz @douwe 

See merge request !1950

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Added System Hooks for push and tag_push

Implements `push` and `tag_push` events for System Hooks.

They are based on Webhooks Events but without any deprecated item. We don't send commits too.
We are implementing this, to be used by Geo repository syncing (gitlab-org/gitlab-ee#76).

These hook events will be sent only when the respective configuration flags are set to true.
UI changes to admin screen will be made in another MR.

See merge request !3744

Closes #15186

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>