Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

Update spring to 1.7.2 to fix hanging rails console

## What does this MR do?
Update spring to 1.7.2.

## Why was this MR needed?
This fixes hanging rails console issue.

## Related
Fixes https://gitlab.com/gitlab-org/gitlab-development-kit/issues/127

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5066

More descriptive message for git hooks and file locks

## What does this MR do?
Most of the benefits will be in GitLab EE because we have git hooks there (push rules) and file lock features.
Instead of showing "Git operation was rejected by #{hook_name} hook" the actual problem description will be shown.
Also you will see a clear message when you edit locked file.

## Why was this MR needed?

Because we don't want to confuse our users

## What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ee/issues/713


See merge request !5067

Don't garbage collect commits that have related DB records like comments

Closes #13524

Also needed for https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4101.

See merge request !5062

Downgrade to Redis 3.2.2 due to massive memory leak with Sidekiq

This affects GitLab 8.8 and 8.9. See:
    
* https://github.com/mperham/sidekiq/blob/master/Changes.md#413
* https://gitlab.com/gitlab-org/gitlab-ce/issues/19441

See merge request !5056

Update RedCloth to 4.3.2 for CVE-2012-6684

## What does this MR do?

To fix XSS (CVE-2012-6684), upgrade RedCloth to 4.3.2.

## Are there points in the code the reviewer needs to double check?

No.

## Why was this MR needed?

Security vulnerability in RedCloth (CVE-2012-6684) should be fixed to provide GitLab as a secure software.

## What are the relevant issue numbers?

Closes #19169 

cf. !2037, !2071

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [n/a] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [n/a] API support added
- Tests
  - [n/a] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !4929

Merge branch '19448-merge-requests-api-has-incorrect-documentation-regarding-merge_when_build_succeeds' into 'master'

Fix typo in Merge Requests API documentation

Closes #19448

See merge request !5057

See:

https://github.com/mperham/sidekiq/blob/master/Changes.md#413
https://gitlab.com/gitlab-org/gitlab-ce/issues/19441

Groundwork for Kerberos SPNEGO (EE feature)

Refactor Projecst::GitHttpController to allow Kerberos integration in GitLab EE.

Companion to https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/509

See merge request !5037

Exclude requesters from Project#members, Group#members and User#members

## What does this MR do?

It excludes requesters from the `Project#members`, `Group#members` and `User#members` associations, and adds new `Project#requesters` and `Group#requesters` associations.

## Are there points in the code the reviewer needs to double check?

No.

## Why was this MR needed?

Without this, if you call `project.members`, requesters are included in the results! This is at best misleading, and at worst can lead to security issues. By excluding requesters from the `#members` associations, we avoid introducing security inadvertently since you have to call the `#requesters` association explicitly to get requesters.

## What are the relevant issue numbers?

This is something I realized while fixing the security issue #19102.

## Does this MR meet the acceptance criteria?

- [x] I don't think this needs a CHANGELOG since this is an internal change
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !4946

Upgrade Sidekiq from 4.1.2 to 4.1.4.

Adds a dependency on Sinatra and allows Sinatra 2 for eventual support of Rack 2.

Changelog: https://github.com/mperham/sidekiq/blob/master/Changes.md#414

Working toward #14286. 

See merge request !5044

Upgrade seed-fu from 2.3.5 to 2.3.6

Adds Rails 5 support. Working toward #14286.

Changelog: https://github.com/mbleigh/seed-fu/blob/master/CHANGELOG.md#version-236

See merge request !5042

Upgrade sass-rails

## What does this MR do?

Upgrades sass-rails from 5.0.4 to 5.0.5. Includes support for Rails 5.

Changelog: https://github.com/rails/sass-rails/releases

Working toward #14286 

See merge request !5030

Enable Style/EmptyLines Rubocop cop

#17478

See merge request !5013

Renable import button when import process fail due to the namespace already been taken

Closes #19435 

## Screenshots (if relevant)

Before:

![1](/uploads/e8de1b326e0751891f667630a7685f6a/1.png)<br/><br/>

After:

![2](/uploads/566f1fd5442c28232350689fce8eae76/2.png)

See merge request !5053

Fix snippets comments not displayed

## What does this MR do?

Fix an issue where comments body were not displayed for project snippets anymore (see commit for details).

## Are there points in the code the reviewer needs to double check?

No.

## Why was this MR needed?

Because of #19388.

## What are the relevant issue numbers?

Fixes #19388.

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5045

adding link to .gitlab-ci.yml templates

closes #18998

## What does this MR do?

Add link to CI templates

## Are there points in the code the reviewer needs to double check?

No

## Why was this MR needed?

Asked by Sid - see #18998 

## What are the relevant issue numbers?

up 

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5033

Fix emoji paths in relative root configurations

## What does this MR do?

If a site specifies a relative URL root, emoji files would omit the path from the URL, leading to lots of 404s.

## Are there points in the code the reviewer needs to double check?

At first, I tried to use `ActionView::Helpers::AssetUrlHelper.asset_url` since this is what it's intended to do. But this helper function is extremely slow, and it took minutes to generate the URLs for the hundreds of links needed for each emoji.

## Why was this MR needed?

Because emojis were broken in relative URL installations

## What are the relevant issue numbers?

#15642

## Does this MR meet the acceptance criteria?

- [X] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [X] Added for this feature/bug
  - [x] All builds are passing
- [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [X] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5027

The issue was that @notes were not passed to Banzai::NoteRenderer.render
in Projects::SnippetsController#show. This was forgotten in d470f3d1.
Signed-off-by: Rémy Coutable <remy@rymai.me>

Upgrade Thin from 1.6.1 to 1.7.0.

Includes support for Rack 2. Working toward #14286.

Changelog: https://github.com/macournoyer/thin/blob/master/CHANGELOG

See merge request !5047

If a site specifies a relative URL root, emoji files would omit the path from
the URL, leading to lots of 404s.

Closes #15642

And create new Project#requesters, Group#requesters scopes.
Signed-off-by: Rémy Coutable <remy@rymai.me>

Add Todos API

* Closes #14068
* Closes #14675 

- [x] Implementation
- [x]  Tests
- [x] Documentation
- [x] Changelog

See merge request !3188

Fixing problems with events for import/export

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19202

A couple of issues related to target being missing in exported `Events` (as being polymorphic and not have `ActiveRecord` relationships is a bit more tricky than normal models) plus as the export was in JSON, the import retrieves hashed fields as stringified hashes and not symbolized - so fixed that as well, which was the cause of https://gitlab.com/gitlab-org/gitlab-ce/issues/19202

Also fixed / refactored tests
:simpl
Import/Export Version has been bumped to 0.1.1 as theses changes to events won't work very well with old exports - forcing users to generate a new export in the new version.

See merge request !4987

Upgrade sprockets and sprockets rails, remove quiet_assets

## What does this MR do?

Upgrade Sprockets from 3.6.0 to 3.6.2.

Changelog: https://github.com/rails/sprockets/blob/3.x/CHANGELOG.md

Upgrade Sprockets Rails from 3.0.4 to 3.1.1.

Changelog: https://github.com/rails/sprockets-rails/compare/v3.0.4...v3.1.1

quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in!

The config was added in this PR: https://github.com/rails/sprockets-rails/pull/355

Working towards #14286.

See merge request !5029

Includes support for Rack 2.

Changelog: https://github.com/macournoyer/thin/blob/master/CHANGELOG

Ensure that branch and tag names are given in API

## What does this MR do?

It ensures that the tag or branch name is given. @rymai We talked in an earlier MR about this.

See merge request !5012

Cache autocomplete results

## What does this MR do?

Caches the results of the autocomplete AJAX call to stop new GFM inputs on the page from requesting new data. The cache is then cleared on each new page so that it doesn't stay around per project.

See merge request !5043