"sign-in from new location" emails contain IP address
GitLab sends email with the subject "gitlab.torproject.org sign-in from new location" with "A sign-in to your account has been made from the following IP address: ".
I think this is bad behaviour, exposing users IP addresses in (unencrypted) email messages and that Tor Project should stop doing it in order to protect that information in transit and at rest in the users mailbox.
Related, it seems likely that the logic behind this functionality requires users IP addresses to be stored by the GitLab service. This too should be avoided, for better data minimisation.