Fix the package-and-qa and review-build-cng jobs

See merge request gitlab-org/gitlab-ce!24861

Add an E2E test of push with the file size limit set

See merge request gitlab-org/gitlab-ce!24431

API: Support username with dots

Closes #51913

See merge request gitlab-org/gitlab-ce!24395

By changing the `review-build-cng` job to be a `single-script-job`, the
repository content wasn't there, including the `*_VERSION` files, thus
leading to missing variables for components in the triggered pipeline.
Signed-off-by: Rémy Coutable <remy@rymai.me>

Fix cluster installation processing spinner (reopened)

Closes #56398

See merge request gitlab-org/gitlab-ce!24814

Add CSS helper classes for positioning

See merge request gitlab-org/gitlab-ce!24821

Add e2e QA test for logging in using Github OAuth

See merge request gitlab-org/gitlab-ce!24817

Remove d3 metrics graph

See merge request gitlab-org/gitlab-ce!24647

Adds the test itself and the vendor page object model for GitHub
login pages.

The GitLab Pages IP address for GitLab.com changed from 52.167.214.135 to...

See merge request gitlab-org/gitlab-ce!24797

Docs serverless tmcli update

See merge request gitlab-org/gitlab-ce!24689

Fix rubocop violations

See merge request gitlab-org/gitlab-ce!24837

fix(settings): Adjusted vertical alignment of visibility icons

Closes #39759

See merge request gitlab-org/gitlab-ce!24511

Fix flaky wiki create test

Closes gitlab-org/quality/nightly#24

See merge request gitlab-org/gitlab-ce!24778

This got merged up somewhere in the process of merging dev.gitlab.org
and GitLab.com back together.

[ci skip]

In commit 6fa5fd85 the `require: false`
was removed to ensure the Gem was loaded at run time. Unfortunately, the
`require` necessary for the rubyzip Gem is "zip" and not "rubyzip". As a
result, Bundler would not require the Gem. This meant that we would
still run into constant errors when referring to `Zip::File`.

[ci skip]

pages:deploy step was failing with the following error:

```
unitialized constant SafeZip::Extract::Zip
```

Since license_finder already pulls in rubyzip, we can make it
a required gem. We also use the scope operator to make the reference to
Zip::File explicit.

[ci skip]

[ci skip]

Fix a JS race in a spec

Closes #56860

See merge request gitlab-org/gitlab-ce!24684

When a user is a guest user, and the "Public Pipeline" is set to false
inside of "Settings > CI/CD > General" the commit status in the project
dashboard should not be shown.

When moving a project, it's possible that some users who had
access to the project in old path can not access the project
in the new path.

Because `project_authorizations` records are updated asynchronously,
when we send the notification about moved project the list of project
team members contains old project members, we want to notify all these
members except the old users who can not access the new location.

To prevent an OAuth2 covert redirect vulnerability, this commit adds and
uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
following paths:

GitHub: /users/auth/-/import/github
Bitbucket: /users/auth/-/import/bitbucket

This allows admins to put a more restrictive callback URL in the OAuth2
configuration settings. Instead of https://example.com, admins can now use:

https://example.com/users/auth

It's possible but not trivial to change Devise and OmniAuth to use a
different prefix for callback URLs instead of /users/auth. For now,
aliasing the import URLs under the /users/auth namespace should suffice.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663