Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options`
method so that Rails doesn't escape our markup.

Also add `<span>` to the sanitization whitelist to avoid breaking syntax
highlighting in code blocks.

Merge updated CHANGELOG entries

Improve header with avatar for group and user pages

Nice looking and aligned headers for user and group pages

See merge request !412

Location field in user profile

Twitter allows you to set string with location information.
I find it very useful in work to know where user from. It allows to communicate with knowing time difference and cultural things.

See merge request !411

Change the name of the key used for bitbucket importer.

See merge request !1733

Link to CI with ref

gitlab/gitlab-ci#162

!!! Should be merged simultaneously with https://dev.gitlab.org/gitlab/gitlab-ci/merge_requests/129

See merge request !1638

Fix commits routing for branches with slash

Fixes https://github.com/gitlabhq/gitlabhq/issues/8990

See merge request !408

Make issue and merge request sidebar more compact

* move votes block to participants
* make smaller font in sidebar
* remove js for upvoting since it differs from logic on backend and does not work correctly

Fixes #1253

Tested on different screens: HD, 1366x768, 1024x600

See merge request !410

Update merge_status state to allow more transitions

Previously you could only transition from the unchecked state to one of the others. This meant that the mark_as_unmerged call in AutoMergeService would rarily be able to actually transition the state. As it would usually have already been set to can_be_merged before it hit that service.

Spec and Spinach tests have been run locally and all pass.

See merge request !405

* move votes block to participants
* make smaller font in sidebar

[security] gems update

[doorkeeper] added filtering of sensitive information (like secret key) from production.log

[gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix.

Nothing critical!!!

related to #2143

See merge request !1732

This reverts commit 00607d4f, reversing
changes made to edfc7d0d.

New branch

See merge request !406

Add error message when have error on profile screen

Use the `SanitizationFilter` class from the html-pipeline gem for inline
HTML instead of calling the Rails `sanitize` method.

Revert "Increase timeout for Git-over-HTTP requests."

This reverts commit 516bcabb.

For #2164

cc @marin @douwe

See merge request !1730

This reverts commit d70126c1.

This reverts commit 516bcabb.

Conflicts:
	Gemfile

Remove mention of branch to commit to when new file is added through UI

See merge request !1731