Gitlab -- Multiple Vulnerabilities

SO-AND-SO reports:

XSS in Markdown Preview Using Mermaid
Bypass Email Verification using Salesforce Authentication
Account Takeover using SAML
Uncontrolled Resource Consumption in Markdown using Mermaid
Disclosure of Private Project Path and Labels
Disclosure of Assignees via Milestones
Disclosure of Project Path via Unsubscribe Link
Disclosure of Project Milestones via Groups
Disclosure of Private System Notes via GraphQL
GIT Command Injection via API
Bypass User Blocking via CI/CD token
IDOR Adding Groups to Protected Environments
Disclosure of Group Membership via Merge Request Approval Rules
Disclosure of Head Pipeline via Blocking Merge Request Feature
Grafana update