Replace regular expression parser for changelogs with a Parslet parser
In gitlab-org/gitlab#300224 (closed) we found a security issue with the template compiler we use for changelog templates. While this one we can fix, I said to myself we'd switch to a better parsing approach if we would run into a security issue. Now that we did, I want to look into using http://kschiess.github.io/parslet/ for the parser/compiler. This adds some complexity, but I think we can keep it at a reasonable level.
The benefit of this approach is that it would be impossible to ever execute Ruby code, and we don't depend on ERB semantics.
Edited by Yorick Peterse