- Only maintainers of projects should be able to assign runners to them (gitlab-org/security/gitlab@c52abfffad2c06c2a49788e3db473f14923c3926), merge request (gitlab-org/security/gitlab!3234)
- Authorize access to vulnerabilitiesCountByDay resolver (gitlab-org/security/gitlab@8e78aecb9a6c248099a043f181de3c8f6d4417ce)
- Only maintainers of projects should be able to assign runners to them (gitlab-org/security/gitlab@c52abfffad2c06c2a49788e3db473f14923c3926), merge request (gitlab-org/security/gitlab!3234)
- Authorize access to vulnerabilitiesCountByDay resolver (gitlab-org/security/gitlab@8e78aecb9a6c248099a043f181de3c8f6d4417ce)
and a bit of further digging shows the commit for the first issue mentioned above, adding a permission check: https://gitlab.com/gitlab-org/gitlab/-/commit/c52abfffad2c06...