See:

https://github.com/mperham/sidekiq/blob/master/Changes.md#413
https://gitlab.com/gitlab-org/gitlab-ce/issues/19441

Includes support for Rack 2.

Changelog: https://github.com/macournoyer/thin/blob/master/CHANGELOG

Adds a dependency on Sinatra and allows Sinatra 2 for eventual support of Rack 2.

Changelog: https://github.com/mperham/sidekiq/blob/master/Changes.md#414

Adds Rails 5 support.

Changelog: https://github.com/mbleigh/seed-fu/blob/master/CHANGELOG.md#version-236

Upgrade sass-rails from 5.0.4 to 5.0.5. Includes support for Rails 5.

Changelog: https://github.com/rails/sass-rails/releases

quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in!

From this PR: https://github.com/rails/sprockets-rails/pull/355

Upgrade Sprockets from 3.6.0 to 3.6.2.

Changelog: https://github.com/rails/sprockets/blob/3.x/CHANGELOG.md

Upgrade Sprockets Rails from 3.0.4 to 3.1.1.

Changelog: https://github.com/rails/sprockets-rails/compare/v3.0.4...v3.1.1

Changelog: https://github.com/getsentry/raven-ruby/releases

Closes #18690

Hamlit is a library that's faster than Haml while implementing most of its features: https://github.com/k0kubun/hamlit

Not sure if this breaks anything, but as far as I can tell most things work the same. No obvious regressions that I've been able to find.

Which includes the fix from:
https://github.com/tpitale/mail_room/pull/73

Fixes https://github.com/fnando/browser/issues/241

This reverts commit 13e37a3e.

This allows it to be used on Ruby 2.3 without it crashing all the time.

Removes a few dependencies.

Changelog: https://github.com/presidentbeef/brakeman/blob/master/CHANGES

Here was the problem:

1. When determining whether a given blob is viewable text, gitlab_git reads the first 1024 bytes and checks with Linguist whether it is a text or binary file.
2. If the blob is text, GitLab will attempt to display it.
3. However, if the text has binary characters after the first 1024 bytes, then GitLab will attempt to load the entire contents, but the encoding will be ASCII-8BIT since there are binary characters.
4. The Error 500 results when GitLab attempts to display a mix UTF-8 and ASCII-8BIT.

To fix this, we load as much data as we are willing to display so that the detection will work properly. Requires
an update to gitlab_git: gitlab-org/gitlab_git!86

Closes #13826

Replace raphael-rails with raphael.js so it can be split from the rest of the JavaScript. The gem isn't maintained anymore anyway. Added a network folder with an application.js including raphael components, since that's the only page using it currently.

Closes #18210

Number of important security and bug fixes. See:
https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md#168--2016-06-06

Add gems and licenses that were previously missing. Approve a number of licenses after a bunch of research today.

In order to rehost all our gems in our own gem host, we need to have the legal rights to do so for every gem should they be taken down from RubyGems. License Finder automates checking of gems to ensure that we're in the clear legally.

Approved the MIT License because it essentially allows us to do "whatever" with those gems.

I am not a lawyer.

https://github.com/pivotal/LicenseFinder

- Need the `mobile?` detection (that the new version provides) for the
  U2F registration/ authentication flow

- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
  `otp_required_for_login` column on `users`.
- This commit changes things a bit:
    - `User#two_factor_enabled` is not a method anymore
    - `User#two_factor_enabled?` checks both the
      `otp_required_for_login` column, as well as `U2fRegistration`s
    - Change all instances of `User#two_factor_enabled` to
      `User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
  model level.