Change ordering so that confirm is removed from attrs before attempting to User.build_user

Possible fix gitlab-org/gitlab-ce#1296

See merge request !445

[doc] Groups can be browsable if they contain at least one public project.

See merge request !451

Notification on project moving

Moving of project should respect notification settings

https://dev.gitlab.org/gitlab/gitlabhq/issues/2091

See merge request !452

Prevent doubling AJAX request with each commit visit via Turbolink

Be careful with `document.ready` in views 😃

cc @vsizov @marin

See merge request !454

Faster merge request processing for large repository

Allow HTML tags in user Markdown input

More rubocop styles

See merge request !449

[ci skip]

* Reduces overhead of git checkout

Documentation - Markdown - added missing line-break info

as promised, I updated the Markdown documentation with the line-breaks info

See merge request !186

Fix GitLab shell setup spacing

Respond with full GitAccess error if user has project read access.

Should help with debugging #1236.

cc @marin

See merge request !437

Improve sticky headers in diffs

* disable sticky headers in discussion
* enable sticky header on mr page with you click changes tab

See merge request !450

* disable sticky headers in discussion
* enable sticky header on mr page with you click changes tab

Milestones and labels can be used even when issues are disabled.

When Issues are disabled for a project Milestones and Labels can still be used for Merge Requests.

See merge request !1739

Change merge request button color based on CI status

Green button looks confusing when CI fails

Screenshots:

![ci-warn](https://gitlab.com/gitlab-org/gitlab-ce/uploads/f8166c9acf35f9d886f37f52f975acfb/ci-warn.png)
![ci-can](https://gitlab.com/gitlab-org/gitlab-ce/uploads/d7319c4c567c42a47d79953191384f96/ci-can.png)

See merge request !448

Link note avatar to user.

See merge request !446

Clean up subscriptions when user is deleted.

cc @vsizov

See merge request !439

Update rugments to 1.0.0.beta6 to fix C# highlighting.

Fixes #1259.

See merge request !435

Unescape branch param to delete

Complete transition to using color_field for selecting colors

Reduce Rack Attack false positives causing 403 errors during HTTP authentication

### What does this MR do?

This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication.

A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour).

To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP.

In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable.

### Are there points in the code the reviewer needs to double check?

rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key.

Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk.

### Why was this MR needed?

It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure.

### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?

See Issue #1171

https://github.com/kickstarter/rack-attack/issues/113

See merge request !392

Make sure issue assignee is properly reset.

Previously, when the assignee was reset via the sidebar or bulk edit, `assignee_id` was set to `-1` rather than `null`, which caused the two issues shown below:

![Screen_Shot_2015-03-24_at_16.52.13](https://gitlab.com/gitlab-org/gitlab-ce/uploads/3c937795c45031c3c72c124ced866598/Screen_Shot_2015-03-24_at_16.52.13.png)

- A "(deleted)" participant
- An empty selectbox in the sidebar, instead of "Select assignee"

See merge request !443

Remove duplicate CHANGELOG items for v7.8.0

[ci skip]

See merge request !447

Fix nested task lists

When nesting task list items, the parent item is wrapped in a `<p>` tag.  Update the task list parser to handle these paragraph wrappers.

cc @sytse

See merge request !413

[ci skip]