* Fixed picture in picture compatibility error in WebUI when status is deleted
* Revert "Fixed picture in picture compatibility error in WebUI when status is deleted"
This reverts commit f003b7d9d88688e9504f7dfae1545d7522fcfd98.
* Close the modal display of the image when status is deleted
* Fixed the case statement before the default statement
* Removed unnecessary parts
* Fix URI of repeat follow requests not being recorded
In case we receive a “repeat” or “duplicate” follow request, we automatically
fast-forward the accept with the latest received Activity `id`, but we don't
record it.
In general, a “repeat” or “duplicate” follow request may happen if for some
reason (e.g. inconsistent handling of Block or Undo Accept activities, an
instance being brought back up from the dead, etc.) the local instance thought
the remote actor were following them while the remote actor thought otherwise.
In those cases, the remote instance does not know about the older Follow
activity `id`, so keeping that record serves no purpose, but knowing the most
recent one is useful if the remote implementation at some point refers to it
by `id` without inlining it.
* Add tests
* Slightly reorder three dots menu on toots to make it more intuitive
- Make “Pin to profile” always appear at the same place
- Add separator to group “Bookmark” and “Pin to profile”
- Fix separator being the first item in some cases
* Fix missing semicolon and keep status_action_bar.js and action_bar.js in sync
* Various dropdown code quality fixes
* Prepare support for privacy selection in boost modal
* Add dropdown for boost privacy in boost confirmation modal
An uncommon but somewhat difficult to digagnose issue is dealing with
improperly-seeded databases. In such cases, instance-signed fetches will
fail with a ActiveRecord::RecordNotFound error, usually caught and handled
as generic 404, leading people to think the remote resource itself has not
been found, while it's the local instance actor that does not exist.
This commit changes the code so that failure to find the instance actor
automatically creates a new one, so that improperly-seeded databases do
not cause any issue.
* Add “translate” class to other user strings
Follow-up to #15610.
Allow Google Translate to work on more user content:
- poll options
- reply indicator (contents of the status being replied to)
- directory account cards
- account note in follow requests list
* Fix incorrect styling of account bio
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Unlike locally-issued blocks, they weren't clearing follow
relationships in both directions, follow requests or notifications.
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
This also skips fetching the actor completely.
This will be useful if we end up distributing Update activities linked to
account suspensions more widely (they are currently only delivered to
the suspended account's followers), as currently, instances not knowing
about the suspended account would fetch it to then process the suspension.
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* disable NewCops
* update TargetRubyVersion
* Fix Lint/MissingSuper for ActiveModelSerializers::Model
* Fix Lint/MissingSuper for feed
* Fix Lint/FloatComparison
* Do not use instance variables
* Fix being able to import more than allowed number of follows
Without this commit, if someone tries importing a second list of accounts to
follow before the first one has been processed, this will queue imports for
the two whole lists, even if they exceed the account's allowed number of
outgoing follows.
This commit changes it so the individual queued imports aren't exempt from
the follow limit check (they remain exempt from the rate-limiting check
though).
* Catch validation errors to not re-queue failed follows
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Fixes#15374
When the pop-out player was introduced, it had tweaks for the mobile
view, but it's now disabled in mobile mode and the styling was reused
for modals, causing the footer to be hidden on mobile without a good
reason.
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
As a regression from the recent optimizations, mentions were left untouched
until `account.destroy`, which would then delete them individually,
and executing queries to find and delete associated notifications, resulting
in a massive slowdown.
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Delete status records by batches of 50
* Do not precompute values that are only used once
* Do not generate redis events for removal of public toots older than two weeks
* Filter reported toots a priori for polls and status deletion
* Do not process reblogs when cleaning up public timelines
As in Mastodon proper, reblogs don't appear in public TLs
* Clean the deleted account's own feed in one go
* Refactor Account#clean_feed_manager and List#clean_feed_manager
* Delete instead of destroy a few more associations
* Fix preloading
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix external user creation failing when invite request text is required
Also fixes tootctl-based user creation.
* Add test about invites when invite request text is otherwise required
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix deleting polls not deleting notifications
* Fix fav notification deletion when deleting a toot
* Refactor DeleteAccountService spec
* Add DeleteAccountService tests for other associations and notifications
* Add favourite handling spec in status removal
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix account deletion workers being queued multiple times for a single account
* Fix poll votes being unnecessarily instantiated on poll deletion
* Fix favourites being unnecessarily instantiated on status deletion
* Remove inaccurate comments
* Delete polls instead of destroying them
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix ResolveAccountService accepting mismatching acct: URI
* Set attributes that should be updated regardless of suspension
* Fix key fetching
* Automatically merge remote accounts with duplicate `uri`
* Add tests
* Add "tootctl accounts fix-duplicates"
Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and
merge them under the canonical `acct:` URI.
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Improve searching for private toots from URL
Most of the time, when sharing toots, people use the toot URL rather than
the toot URI, which makes sense since it is the user-facing URL.
In Mastodon's case, the URL and URI are different, and Mastodon does not
have an index on URL, which means searching a private toot by URL is done
with a slow query that will only succeed for very recent toots.
This change gets rid of the slow query, and attempts to guess the URI from
URL instead, as Mastodon's are predictable.
* Add tests
* Only return status with guessed uri if url matches
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Change notification permission handling
- allow changing individual alert settings even if permission is not explicitly
enabled (asks for permission on toggle)
- persist permission request banner dismissal across sessions through settings
* Add additional, more discrete message to grant permissions
* Change permission granting button design according to reviews
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix admin being able to suspend their own instance account
* Add text about the instance's own actor in admin view
* Change instance actor notice from flash message to template
* Do not list local instance actor in account moderation list
* Add indication to admin UI of whether a report has been forwarded
* Rework how forwarded status is displayed
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
From the start, swiping columns was highly unreliable because the logic
could change `ReactSwipeableViews`'s `animateTransitions` property
mid-swipe.
PR #11200 partially fixed this, but at the unintended cost of disabling the
swipe animation altogether.
This PR changes the logic behind `shouldAnimate` to only disable the swiping
animation at the end of a column change not initiated by `ReactSwipeableViews`.
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Extract logic for determining ActivityPub inboxes to send deletes
to to its own class and explicitly include the person the status
replied to (even if not mentioned), people who favourited it, and
people who replied to it (though that one is still not recursive)
- Change overlay background to match color of viewed image
- Add interactive reply/boost/favourite buttons to footer of modal
- Change ugly "View context" link to button among the action bar
* Fix webfinger redirect handling in ResolveAccountService
ResolveAccountService#process_webfinger! handled a one-step webfinger
redirection, but only accepting the result if it matched the exact URI passed
as input, defeating the point of a redirection check.
Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`,
updating the resulting `acct:` URI with the result of the first webfinger
query.
* Add tests
Nginx can be configured to bypass proxy cache when a special header
is in the request. If the response is cacheable, it will replace
the cache for that request. Proxy caching of media files is
desirable when using object storage as a way of minimizing bandwidth
costs, but has the drawback of leaving deleted media files for
a configured amount of cache time. A cache buster can make those
media files immediately unavailable. This especially makes sense
when suspending and unsuspending an account.
Fixes#15178
PR #11499 introduced a way to deal with all-white canvas, but newer
Firefox versions set random data instead.
This PR detects whether canvas operations are reliable by comparing
the results on a hardcoded 2×2 pixels image, and memoizing the result.
This should be both more reliable and faster than the previous check.
If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
Do not downcase the queried tag before passing it to postgres when searching:
- tags are not downcased on creation
- `arel_table[:name].lower.matches(pattern)` generates an ILIKE anyway
- if Postgres and Rails happen to use different case-folding rules,
downcasing before query but not before insertion may mean that some
tags with some casings are not searchable
When failing to fetch the target account, the ProcessingWorker fails
as expected, but since it hasn't cleared the `move_in_progress` flag,
the next attempt at processing skips the `Move` activity altogether.
This commit changes it to clear the flag when encountering any
unexpected error on fetching the target account. This is likely to
occur because, of, e.g., a timeout, when many instances query the
same actor at the same time.
* Fix crash in SuspendAccountWorker
`follows` is an array thanks to `to_a`
* Fix code style issue
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
* Add more specific error message when request body digest is invalid
This may help other implementors debug their implementation.
* Relax Host parameter requirement to GET requests
The only POST requests processed by Mastodon need objects/actors (including
their host) to be explicitly mentioned in the request's body, so replaying
a legitimate request to another host should not be a security issue.
* Support Digest headers using multiple algorithms or lowercase alogirthm names
- Makes permalink to a toot more easily clickable
- Fix clicking between icon and time in fact clicking the display name
- Fix clicking slightly under time in fact clicking the display name
e.g. if someone on an instance that previously had followers gets mentioned
in a private toot, before this PR, they would not receive a
Collection-Synchronization header and may show the toot to the former followers
in addition to the mentioned person.
* Add support for followers synchronization on the receiving end
Check the `collectionSynchronization` attribute on `Create` and `Announce`
activities and synchronize followers from provided collection if possible.
* Add tests for followers synchronization on the receiving end
* Add support for follower synchronization on the sender's end
* Add tests for the sending end
* Switch from AS attributes to HTTP header
Replace the custom `collectionSynchronization` ActivityStreams attribute by
an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as
the `Signature` header and the following fields:
- `collectionId` to specify which collection to synchronize
- `digest` for the SHA256 hex-digest of the list of followers known on the
receiving instance (where “receiving instance” is determined by accounts
sharing the same host name for their ActivityPub actor `id`)
- `url` of a collection that should be fetched by the instance actor
Internally, move away from the webfinger-based `domain` attribute and use
account `uri` prefix to group accounts.
* Add environment variable to disable followers synchronization
Since the whole mechanism relies on some new preconditions that, in some
extremely rare cases, might not be met, add an environment variable
(DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and
avoid followers being incorrectly removed.
The current conditions are:
1. all managed accounts' actor `id` and inbox URL have the same URI scheme and
netloc.
2. all accounts whose actor `id` or inbox URL share the same URI scheme and
netloc as a managed account must be managed by the same Mastodon instance
as well.
As far as Mastodon is concerned, breaking those preconditions require extensive
configuration changes in the reverse proxy and might also cause other issues.
Therefore, this environment variable provides a way out for people with highly
unusual configurations, and can be safely ignored for the overwhelming majority
of Mastodon administrators.
* Only set follower synchronization header on non-public statuses
This is to avoid unnecessary computations and allow Follow-related
activities to be handled by the usual codepath instead of going through
the synchronization mechanism (otherwise, any Follow/Undo/Accept activity
would trigger the synchronization mechanism even if processing the activity
itself would be enough to re-introduce synchronization)
* Change how ActivityPub::SynchronizeFollowersService handles follow requests
If the remote lists a local follower which we only know has sent a follow
request, consider the follow request as accepted instead of sending an Undo.
* Integrate review feeback
- rename X-AS-Collection-Synchronization to Collection-Synchronization
- various minor refactoring and code style changes
* Only select required fields when computing followers_hash
* Use actor URI rather than webfinger domain in synchronization endpoint
* Change hash computation to be a XOR of individual hashes
Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues.
* Marginally improve followers_hash computation speed
* Further improve hash computation performances by using pluck_each
* Add support for latest HTTP Signatures spec draft
https://www.ietf.org/id/draft-ietf-httpbis-message-signatures-00.html
- add support for the “hs2019” signature algorithm (assumed to be equivalent
to RSA-SHA256, since we do not have a mechanism to specify the algorithm
within the key metadata yet)
- add support for (created) and (expires) pseudo-headers and related
signature parameters, when using the hs2019 signature algorithm
- adjust default “headers” parameter while being backwards-compatible with
previous implementation
- change the acceptable time window logic from 12 hours surrounding the “date”
header to accepting signatures created up to 1 hour in the future and
expiring up to 1 hour in the past (but only allowing expiration dates up to
12 hours after the creation date)
This doesn't conform with the current draft, as it doesn't permit accounting
for clock skew.
This, however, should be addressed in a next version of the draft:
https://github.com/httpwg/http-extensions/pull/1235
* Add additional signature requirements
* Rewrite signature params parsing using Parslet
* Make apparent which signature algorithm Mastodon on verification failure
Mastodon uses RSASSA-PKCS1-v1_5, which is not recommended for new applications,
and new implementers may thus unknowingly use RSASSA-PSS.
* Add workaround for PeerTube's invalid signature header
The previous parser allowed incorrect Signature headers, such as
those produced by old versions of the `http-signature` node.js package,
and seemingly used by PeerTube.
This commit adds a workaround for that.
* Fix `signature_key_id` raising an exception
Previously, parsing failures would result in `signature_key_id` being nil,
but the parser changes made that result in an exception.
This commit changes the `signature_key_id` method to return `nil` in case
of parsing failures.
* Move extra HTTP signature helper methods to private methods
* Relax (request-target) requirement to (request-target) || digest
This lets requests from Plume work without lowering security significantly.
Follow-up to #14359
In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
There are edge cases where requests to certain hosts timeout when
using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now
that we no longer need to support OStatus servers, webfinger logic
is so simple that there is no point encapsulating it in a gem, so
we can just use our own Request class. With that, we benefit from
more robust timeout code and IPv4/IPv6 resolution.
Fix#14091
* Do not serve account actors at all in limited federation mode
When an account is fetched without a signature from an allowed instance,
return an error.
This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.
However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.
The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.
* Fix tests
* Change how CDN_HOST is passed down to make assets build reproducible
* Change webpacker/webpack configuration to dynamically load publicPath based on meta header
* Fix embedded layout missing the cdn-host meta header
* Add notification permission handling code
* Request notification permission when enabling any notification setting
* Add badge to notification settings when permissions insufficient
* Disable alerts by default, requesting permission and enable them on onboarding
There are edge cases where requests to certain hosts timeout when
using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now
that we no longer need to support OStatus servers, webfinger logic
is so simple that there is no point encapsulating it in a gem, so
we can just use our own Request class. With that, we benefit from
more robust timeout code and IPv4/IPv6 resolution.
Fix#14091
Fixes#14862
This used to be the case until #13987, which introduced a hotkey to toggle
the Content Warning field.
Unfortunately, MacOS relies on the “alt” key for many things, including
composing text (see #14862), therefore, even if that makes the CW toggle
hotkey significantly less useful, it makes sense to not interfere with
composing toots.
* Add bell button
Fix#4890
* Remove duplicate type from post-deployment migration
* Fix legacy class type mappings
* Improve query performance with better index
* Fix validation
* Remove redundant index from notifications
* Add paragraph about browser add-ons when encountering some errors
When a crash is caused by a NotFoundError exception, add a paragraph
to the error page mentioning browser add-ons.
Indeed, crashes with NotFoundError are often caused by browser extensions
messing with the DOM in ways React.JS can't recover from (e.g. issues #13325
and #14731).
* Reword error messages
* Do not serve account actors at all in limited federation mode
When an account is fetched without a signature from an allowed instance,
return an error.
This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.
However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.
The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.
* Fix tests
* Check for and record reblog info atomically
Instead of using ZREVRANK to determine whether a reblog is a new reblog or not,
use ZADD's NX option to perform the check/addition option atomically.
* Replace ZREVRANK call with ZSCORE key which is more efficient
* Make tests a bit stricter
* Fix off-by-one
* Add database support for list show-reply preferences
* Add backend support to read and update list-specific show_replies settings
* Add basic UI to set list replies setting
* Add specs for list replies policy
* Switch "cycling" reply policy link to a set of radio inputs
* Capitalize replies_policy strings
* Change radio button design to be consistent with that of the directory explorer
* [WiP] Update Tesseract.js
- Update Tesseract.js to 2.2.1
- Use versioned file names
- differentiate two progression states: preparing OCR and detecting picture
* Get rid of copy-webpack-plugin
* Add back "Home" link to "Getting started" when Home column isn't mounted
* Fix keys in getting_started
It should not matter much in practice as the list of items will only
change extremely rarely, but having a `key` that corresponds to the actual
item makes much more sense than having it be the index of the item within
the list.
* Make Array-creation behavior of Paginable more predictable
Paginable.paginate_by_id usually returns ActiveRecord::Relation, but it
returns an Array if min_id option is present. The behavior caused problems
fixed with the following commits:
- 552e886b64
- b63ede5005
- 64ef37b89d
To prevent from recurring similar problems, this commit introduces two
changes:
- The scope now always returns an Array whether min_id option is present
or not.
- The scope is renamed to to_a_paginated_by_id to clarify it returns an
Array.
* Transform Paginable.to_a_paginated_by_id from a scope to a class method
https://api.rubyonrails.org/classes/ActiveRecord/Scoping/Named/ClassMethods.html#method-i-scope
> The method is intended to return an ActiveRecord::Relation object, which
> is composable with other scopes.
Paginable.to_a_paginated_by_id returns an Array and is not appropriate
as a scope.
* Replace incorrect use of distinct with group
Some uses of ActiveRecord::QueryMethods#distinct pass field names but they
are incorrect for the current version of Rails.
ActiveRecord::QueryMethods#group provides the expected behavior and
benefits performance. See commit 6da24aad4cafdef8d8a2c92bac2002a5fc2fe9c8.
* Introduce ApplicationController#cache_collection_paginated_by_id
ApplicationController#cache_collection_paginated_by_id fuses
ApplicationController#cache_collection and Paginable.paginate_by_id.
An advantage of this method is that it prevents from modifying scope which
Paginable.paginate_by_id may provide.
ApplicationController#cache_collection always return an array and there
is no possibility of the scope modification. It is also clear for a
programmer, considering the implication of "cache".
This method can also emit more efficient queries by using
Cacheable.cache_ids before calling Paginable.paginate_by_id.
Some uses of ActiveRecord::QueryMethods#distinct pass field names but they
are incorrect for the current version of Rails.
ActiveRecord::QueryMethods#group provides the expected behavior and
benefits performance. See commit 6da24aad4cafdef8d8a2c92bac2002a5fc2fe9c8.
The old implementation had two queries:
1. The query constructed in Api::V1::FavouritesController#results
2. The query constructed in #cached_favourites, which is merged with 1.
Both of them are issued againt PostgreSQL. The combination of the two
queries caused the following problems:
- The small window between the two queries involves race conditions.
- Minor performance inefficiency.
Moreover, the construction of query 2, which involves merging with query
1 has a bug. Query 1 is finalized with paginate_by_id, but paginate_by_id
returns an array when min_id parameter is specified. The behavior prevents
from merging the query, and in the real world, ActiveRecord simply ignores
the merge (!), which results in querying the entire scan of statuses and
favourites table.
This change fixes these issues by simply letting query 1 get all the works
done.
DISTINCT clause removes duplicated records according to all the selected
attributes. In reality, it can remove duplicated records only looking at
statuses.id, but the clause confuses the query planner and yields
insufficient performance.
The behavior is also problematic if the scope produced by HashQueryService
is used to query columns without id (using pluck method, for example). The
scope is expected to contain unique statuses, but the uniquness will be
evaluated with some arbitrary columns other than id.
GROUP BY clause resolves those problem by explicitly specifying the
column to take into account for the record distinction.
A workaround for the problem of DISTINCT clause in
Api::V1::Timelines::TagController is no longer necessary and removed.
* Add support for latest HTTP Signatures spec draft
https://www.ietf.org/id/draft-ietf-httpbis-message-signatures-00.html
- add support for the “hs2019” signature algorithm (assumed to be equivalent
to RSA-SHA256, since we do not have a mechanism to specify the algorithm
within the key metadata yet)
- add support for (created) and (expires) pseudo-headers and related
signature parameters, when using the hs2019 signature algorithm
- adjust default “headers” parameter while being backwards-compatible with
previous implementation
- change the acceptable time window logic from 12 hours surrounding the “date”
header to accepting signatures created up to 1 hour in the future and
expiring up to 1 hour in the past (but only allowing expiration dates up to
12 hours after the creation date)
This doesn't conform with the current draft, as it doesn't permit accounting
for clock skew.
This, however, should be addressed in a next version of the draft:
https://github.com/httpwg/http-extensions/pull/1235
* Add additional signature requirements
* Rewrite signature params parsing using Parslet
* Make apparent which signature algorithm Mastodon on verification failure
Mastodon uses RSASSA-PKCS1-v1_5, which is not recommended for new applications,
and new implementers may thus unknowingly use RSASSA-PSS.
* Add workaround for PeerTube's invalid signature header
The previous parser allowed incorrect Signature headers, such as
those produced by old versions of the `http-signature` node.js package,
and seemingly used by PeerTube.
This commit adds a workaround for that.
* Fix `signature_key_id` raising an exception
Previously, parsing failures would result in `signature_key_id` being nil,
but the parser changes made that result in an exception.
This commit changes the `signature_key_id` method to return `nil` in case
of parsing failures.
* Move extra HTTP signature helper methods to private methods
* Relax (request-target) requirement to (request-target) || digest
This lets requests from Plume work without lowering security significantly.
Follow-up to #14359
In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
* feat: add possibility of adding WebAuthn security keys to use as 2FA
This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add request for WebAuthn as second factor at login if enabled
This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: add possibility of deleting WebAuthn Credentials
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: disable WebAuthn when an Admin disables 2FA for a user
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA
Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.
* We had to change a little the flow for setting up TOTP, given that now
it's possible to setting up again if you already had TOTP, in order to
let users modify their authenticator app – given that now it's not
possible for them to disable TOTP and set it up again with another
authenticator app.
So, basically, now instead of storing the new `otp_secret` in the
user, we store it in the session until the process of set up is
finished.
This was because, as it was before, when users clicked on 'Edit' in
the new two-factor methods lists page, but then went back without
finishing the flow, their `otp_secret` had been changed therefore
invalidating their previous authenticator app, making them unable to
log in again using TOTP.
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
* refactor: fix eslint errors
The PR build was failing given that linting returning some errors.
This commit attempts to fix them.
* refactor: normalize i18n translations
The build was failing given that i18n translations files were not
normalized.
This commits fixes that.
* refactor: avoid having the webauthn gem locked to a specific version
* refactor: use symbols for routes without '/'
* refactor: avoid sending webauthn disabled email when 2FA is disabled
When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.
* refactor: avoid creating new env variable for webauthn_origin config
* refactor: improve flash error messages for webauthn pages
Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
Before this change:
- unsubscribe() was not called for a disconnection
- It seems that WebSocketClient calls connected() and reconnected().
subscriptionCounters were incremented twice for a single reconnection,
first from connected() and second from reconnected()
This might be a an additional change to
https://github.com/tootsuite/mastodon/pull/14579
to recover subscriptions after a reconnect.
* Increase DNS timeout from 1 second to 5 seconds for MX check
1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.
* Add more precise error messages for invalid e-mail addresses
* Fix client-side username validation at registration
It used the Account::USERNAME_RE regexp which is for *remote* users,
local user validation is stricter. Also take into account max username length.
* Add client-side form validation for password change
* Add client-side form validation to dedicated registration form
Previous changes only applied to the /about page, not the dedicated form on
/auth
* Add HTML-level validation of username in sign-up form
* Make required fields with incorrect values more visible
* Enable HTML form validation for the registration form
* Mark agreement checkbox as required client-side
* Add minimum length to password
* Add client-side password confirmation validation
* Fix not handling Undo on some activity types when they aren't inlined
When receiving an Undo for a non-inlined activity, try looking it up in
database using the URI. The queries are ad-hoc because we don't have a global
index of object URIs, and not all activity types are stored in database with
an index on their URI.
Announces are just statuses, and have an index on URIs, so this check can
be done efficiently.
Accepts cannot be handled at all because we don't record their URI at any
point.
Follows don't have an index on URI, but they have an index on the issuing
account, which should make such queries largely manageable.
Likes don't have an index on URI, they have an index on the issuing account,
but the number of favs per account may be very high, so I decided not to
handle that.
Blocks don't have an index on URI, but they have an index on the issuing
account, which should make such queries largely manageable.
In all cases, if an Undo could not be handled properly, we call `delete_later!`
because that does not require us to know more than the URI of the undone
property.
* Add tests
* Make newer blocks overwrite older ones
Allows re-synchronizing block info by re-blocking and un-blocking again
when the original Undo Block has been lost.
* Add tests for some cachable responses
This only covers responses that we should have managed to make cachable
so far. It's not the case of all responses that should be cachable in
the end.
* Fix RSS feeds not being cachable
* Add toot send by current user at local state after send a new toot
Related to #14021
* Decrement toot counter at profile when remove a toot
Related to #14021
* Remove semicolon at end of line
That should've worked just fine, but unfortunately, Crowdin wasn't able
to pick up on our non-existent "one" category, thus appending empty
translation block to people's translations. Empty block WILL BE used by
any ICU FormatMessage library, thus resulting in an empty translation
for "one" category, and that requires immediate fix.
This commit duplicates contents of the "other" plural category.
Fixes#14337
The new audio player sets the background and foreground colors automatically
based on the thumbnail of the audio file, but the mastodon-light theme
overrides the controls' colors with a hardcoded color, which sometimes make
them unreadable.
* Fix the local group's followers collection
* Fix to accept followed relayed_through_account
* Add local delivery to the group's followers
* Fix code style
* Revert "Add local delivery to the group's followers"
This reverts commit 3237effc199772e4c4d30f19082cbc5633f56196.
Since #14145, the `set_type_and_extension` has been moved from
`before_post_process` to `before_file_post_process`, but while the former
runs before all validations performed by Paperclip, the latter is dependent
on the order validations and hooks are defined.
In our case, this meant video files could be checked against the generic 10MB
limit, causing validation failures, which, internally, make Paperclip skip
post-processing, and thus, transcoding of the video file.
The actual validation would then happen after the type is correctly set, so
the large file would pass validation, but without being transcoded first.
This commit moves the hook definition so that it is run before checking for
the file size.
* Fix audio and video items in account gallery in web UI
- Fix audio items not using thumbnails
- Fix video items not using custom thumbnails
- Fix video items autoplaying like GIFs
* Change audio and video items in account gallery to autoplay when opened in web UI
* Fix code style issue
* Fix audio player ticks position
* Split visualizer code into own file to comply with license
* Change top-left corner of visualizer always showing peaks, clean up code
There was a missed empty hash check. As well as rendering is now wrapped
in try/catch block, so app won't crash if any Blurhash component fails
to render its contents as it's not that critical.
This commit replaces all unnecessarily repeated code for decoding and
embedding blurhash canvases with separate component - <Blurhash>.
Under the hood Blurhash component will use effect dependent on its
props. This gives a few benefits: it will only be re-rendered whenever
the hash or width/height/dummy props update, and will not render if
canvas won't get to the final DOM, because then effect won't fire,
which prevents weird bugs like #14257.
While OAuth tokens were immediately revoked, accessing the home
controller immediately generated new OAuth tokens and "revived"
the session due to a combination of using remember_me tokens and
overwriting the `authenticate_user!` method
While OAuth tokens were immediately revoked, accessing the home
controller immediately generated new OAuth tokens and "revived"
the session due to a combination of using remember_me tokens and
overwriting the `authenticate_user!` method
This commit introduces new utility component - ShortNumber. It should
work almost the same way as original shortNumberFormat function,
though it also localizes units and accepts one more prop - renderer.
Renderer is a function that takes rendered short formatted number
and also ready-to-pluralize number to format display result accordingly.
Ready-to-pluralize number allows to correctly select plural for
compactly notated numbers, respecting thousands and other units.
Issue #12451 accurately describes the issue with using raw numbers
when replacing counter with short version. In short, it doesn't work
with languages such as Russian, that require different plurals,
according to the unit number was compacted to.
All previous usages of shortNumberFormat were replaced with new
function, and as it became unused, it was removed to avoid misleading.
* Change move handler to carry blocks and mutes over
When user A blocks user B and B moves to a new account C, make A block C
accordingly.
Note that it only works if A's instance is aware of the Move, that is,
if B is on A's instance or has followers there.
* Also notify instances with known people blocking you when moving
* Add automatic account notes when blocking/muting an account that had no note
* Add UserNote model
* Add UI for user notes
* Put comment in relationships entity
* Add API to create user notes
* Copy user notes to new account when receiving a Move activity
* Address some of the review remarks
* Replace modal by inline edition
* Please CodeClimate
* Button design changes
* Change design again
* Cancel note edition when pressing Escape
* Fixes
* Tweak design again
* Move “Add note” item, and allow users to add notes to themselves
* Rename UserNote into AccountNote, rename “comment” Relationship attribute to “note”
- Change audio files to not be stripped of metadata
- Automatically extract cover art from audio if it exists
- Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id`
- Add `icon` to represent it in attachments in ActivityPub
- Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null
- Fix duration of audio not being displayed on public pages until the file is loaded
* Fix header button changing header size in settings pages
* Make form buttons look more like a part of the form in settings pages
- Put buttons closer, using same distance as between inputs
- Make buton font size a bit smaller to blend a bit more
- Add the class button to button tags for consisent styling
Thai does not separate words by spaces, so I figured out it should be
in 'reliable characters regexp' that denotes languages that do the same.
Related #13891.
* Fix design issues with sensitive preview cards
* Center “sensitive” label on preview image for interactive cards
* Add “button” role to sensitive preview card text
- Fix audio attachments not being represented in OpenGraph tags
- Fix audio being represented as "1 image" in OpenGraph descriptions
- Fix video metadata being overwritten by paperclip-av-transcoder
- Fix embedded player not using Mastodon's UI
- Fix audio/video progress bars not moving smoothly
- Fix audio/video buffered bars not displaying correctly
* Fix audio download button not starting download in web UI
* Fix volume controls on audio and video players in web UI
* Remove download button from video player in web UI
* Fixed emoji detection problem to append border
* Add tests
* Add missing semicolon
* Fixed wrong result when includes different variation selector
* Add missing semicolon
* Remove grapheme-splitter and Change emoji list to array from string
* Update comment
* Remove spaces
Co-authored-by: ThibG <thib@sitedethib.com>
* Split media cleanup from reject-media domain blocks to its own service
* Slightly improve ClearDomainMediaService error handling
* Lower DomainClearMediaWorker to lowest-priority queue
* Do not catch ActiveRecord::RecordNotFound in domain block workers
* Fix DomainBlockWorker spec labels
* Add some specs
* Change domain blocks to immediately mark accounts as suspended
Rather than doing so sequentially, account after account, while cleaning
their data. This doesn't change much about the time the block takes to
complete, but it immediately prevents interaction with the blocked domain,
while up to now, it would only be guaranteed when the process ends.
* Refactor list of emoji requiring added outlines so that it can be theme-specific
* Split inaccessible emoji to emoji requiring an outline and ones that can be inverted
* Drop the “silouhettes” from black emoji as they seem to have changed color
* Add inaccessible emojis list for the light theme
* Use bordered emoji variant instead of unreliable CSS
* FIX: filters ignore media descriptions
* remove parentheses to make codeclimate happy
* combine the text and run the regular expression only once.
https://github.com/tootsuite/mastodon/pull/13837#discussion_r431752581
* Fix use of “filter” instead of “compact”, fix coding style issues
Co-authored-by: Thibaut Girka <thib@sitedethib.com>
* Display appropriate error when performing unpermitted operation on custom emoji
Fixes#13897
* Remove links to custom emoji actions not performable by moderators
* Fix admin page crashing when trying to block an invalid domain name
Fixes#13880
* Fix trailing and leading spaces not being properly stripped for domain blocks
Unfortunately, Firefox does not support the `keepalive` parameter
I used in the previous PR. However it supports the `navigator.sendBeacon`
API that allows that kind of things, but does not allow setting headers.
Therefore, this PR replaces it with a `sendBeacon` call that passes the
bearer token in the POST data.
Doorkeeper will then handle the auth token out of the box, as long as
it is passed as form data. Passing the query as JSON does not work.
* Periodically save timeline markers
This saves timeline markers immediately upon message arrival, but not more
than once every 5 minutes.
This does not change how the markers are saved on closing the window,
except that it avoids submitting them if there is no need for it.
* Use the Fetch API when possible instead of XHR on window unload
* Fix some account avatars on public pages having incorrect size
* Remove outdated and overridden width and height attributes
* Remove more hardcoded width/height attributes
When attempting to access the log-in page while already logged in,
Devise's `require_no_authentication` kicks in and sets a flash
message “You are already signed in.”
In almost all cases, this also causes a redirect to /web, which
does not display or clear flash messages, thus leaving the message
to a potentially much later date, like for instance, accessing
/preferences several minutes after being redirected to /web.
* Improve RSS entries for statuses
- Render polls in both accounts and tags serializers
- Refactor RSS serializers
- Change title preview to include ellipsis when truncated
- Change title preview to show CW instead of toot text
- Add tests
* Remove title from OEmbed serialization
Twitter doesn't serialize title either, and tihs allows us to move the
title formatting code to the RSS serializers.
Change `account_link_to` to use an image tag rather than some
inline CSS. Dropped the `size` parameter in the process, but it wasn't
used for anything except the default value of 36px.
Dropped CSS rules that were always overriden, and defaulted to 36px width
and height instead.
When deduplicating account usernames for OAuthable users, the routine did check if any account was known with that username, including remote accounts. This caused some unnecessary deduplication, and usernames ending with unexpected trailing _1.
This fixes#13580
* Move .back-button inline styles to CSS file
All occurrences of the back-button CSS class used the same inline
CSS rules, so moved them over to the CSS file
* Fix “Add new domain block” button using inline CSS
* Replace common pattern of inline-styled button boxes by a CSS class
In particular, switching from `float: left/right` to a flexbox with
`justify-content: space-between`. This implied changing the order of
a few HTML tags and adding an empty `div` in one case.
Also removed a `margin-bottom` rule that wasn't needed due to the
margins of surrounding elements.
* Move account admin view inline CSS to CSS file
Fixes#13573
For some reason (I suspect this may be related to focusing the item before it
got drown by the browser), Firefox scrolls to top when bringing up dropdown
menus with pre-selected items.
This commit uses the “preventScroll” option as, due to the placement behavior,
the menu should be visible anyway and not trigger scrolling.
* Move some inline styles to CSS files
* Move default_account_display_name span to fix useless tags with duplicate id
* Change handling of public pages spoiler text from inline CSS to dataset attribute
* Use the `dir` HTML attribute instead of inline CSS
* Move status action bar inline CSS to CSS file
* Hide logo resources from CSS file, not inline CSS
Fixes#11601
* Move translation prompt styling from inline CSS to CSS file
* Move “invited by” styling on registration form from inline to CSS file
* Use the progress tag to display poll results in JS fallback
* Fix poll results JS-less fallback when the user has voted for an option
* Change account public page “moved” notice to use img tags instead of inline CSS
* Move OTP hint inline CSS to SCSS file
* Hide JS-less fallback vote progressbars from accessibility tools
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Attempting to upload image files that the browser is unable to load results
in “Oops! An unexpected error occurred.”
This commit changes the error handling so that an unprocessable image results
in the file being sent anyway, which might cover a few corner cases, and
provide a slightly better error message.
Fixes#13536
- Expanding a paused video doesn't autoplay anymore
- Default volume level for the expanded video inherited from the original video
Position/playing state/volume are carried over from the original video player
to the modal, but they're not reported back to the modal as it would require
deeper changes.
This is achieved by sending a DELETE request to
/settings/profile/pictures/{avatar,header} via a link that is part of
the upload form's hint of the respective picture.
Some browsers (at least recent Chrome versions) automatically take
image metadata into account when drawing images into a canvas.
There seem to be no way to prevent that behavior, and the only
way to detect it seems to compare with a known image.
See: https://github.com/w3c/csswg-drafts/issues/4666
Solution adapted from: 1e4df70782
Follow-up to #13452, fixing broken `uri.nil?` test.
Also remove the separate check for `uri` presence, as that would result
in a “Please review 2 errors below” while only one would be listed.
* Fix “Email changed” notification sometimes having wrong e-mail
Fixes#6778
The root of the issue is that `send_devise_notification` was called before
the changes were properly commited to the database, causing the mailer to
pick previous values if running too early.
Devise's documentation provides guidance on how to handle that[1][2], however,
I have found it to not be working, as the following happens, in that order:
- `send_devise_notification` is called for the `email_changed` notification.
In that case, `changed?` is false and `saved_changes?` is true, so
if we use the former, we have the same issue.
- the `after_commit` hook is called
- `send_devise_notification` is called for the `confirmation_instructions`
notification.
In that case, `changed?` is still false, and `saved_changes?` still true,
so if we use the latter, that second notification email is simply not
going to be sent (as we would be queuing the notification *after*
executing the after_commit hook).
This is because it may be called from either an `after_update` or
`after_commit` hook, the difference not being a call to `save` but the
transaction actually being committed to the database. This may arguably
be a bug in Devise, or Devise's notification.
The proposed workaround is inspired by Devise's documentation but checks
whether a transaction is open to make the call whether to immediately
send the notification or defer it to the `after_commit` hook.
[1]: https://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:send_devise_notification
[2]: 406915cb78/lib/devise/models/authenticatable.rb (L133-L194)
* Fix cases when sending notifications without changing the model
* Defer sending if and only if in transaction including current record
* Features/mild master (#278)
* 3.1.3 (#275)
* Fix announcements with fully-qualified mention to local user crashing WebUI (#13164)
* [Security] Bump puma from 4.3.1 to 4.3.2 (#13167)
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix installation failing when Redis password contains special characters (#13156)
* Add support for special characters in Redis passwords
Fixes#13154
* Refactor
* Fix elasticsearch-api and faraday incompatibilities (#13166)
* Bump puma from 4.3.2 to 4.3.3 (#13177)
This fixes cookies and devise authentication being broken as a result of
upgrading to puma 4.3.2, see https://github.com/puma/puma/issues/2132
* Bump strong_migrations from 0.5.1 to 0.6.2 (#13071)
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.5.1 to 0.6.2.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.5.1...v0.6.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump oj from 3.10.1 to 3.10.3 (#13187)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.1...v3.10.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump json-ld-preloaded from 3.1.0 to 3.1.1 (#13143)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.0...3.1.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump @babel/core from 7.8.4 to 7.8.6 (#13185)
Bumps [@babel/core](https://github.com/babel/babel) from 7.8.4 to 7.8.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.4...v7.8.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump webpack-dev-server from 3.10.1 to 3.10.3 (#13184)
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v3.10.1...v3.10.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump @babel/runtime from 7.8.3 to 7.8.4 (#13183)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.8.3 to 7.8.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.8.4/packages/babel-runtime)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Add tooltips to audio/video player buttons (#13203)
* Fix "tootctl media remove-orphans" crashing when encountering invalid media (#13170)
Fixes#13168
* Change the string "Hide everything from …" to "Block domain …" in web UI (#13178)
Blocking a domain is closer to blocking all its users than to a mute
action.
* Remove useless `respond_to` calls (#13208)
* Change GIF label to be displayed even when autoplay is enabled in web UI (#13209)
* Fix too large announcements not being scrollable in web UI (#13211)
* Add specific rate limits for posting and following (#13172)
* Fix text area above/right of emoji picker being accidentally clickable in web UI (#13148)
* Add sorting by username, creation and last activity in moderation view (#13076)
* Add ability to order accounts in moderation view
* Display last status date in “Most recent activity” for remote users
* Fix error when searching for URLs that contain the mention syntax (#13151)
Fixes#13150
* Set BUNDLE_PATH in CircleCI (#13214)
* Change description of privacy levels to be more intuitive in web UI (#13197)
* Improve description of privacy levels in compose interface
* Change strings in defaultMessage and source as well as english
Co-authored-by: Thibaut Girka <thib@sitedethib.com>
* Add ability to delete files uploaded for settings in admin UI (#13192)
* Allow deleting site uploads
* Refactor and move links into hints
* Fix i18n tests
* Fix HTML output of site_upload_delete_hint
* Add `--skip-media-remove` option to `tootctl statuses remove` (#13080)
* Add skip_media_remove option to tootctl statuses remove
* Add skip_media_remove option to tootctl statuses remove
Co-authored-by: tateisu <tateisu@juggler.jp>
* Code style improvements in JavaScript (#13159)
* JS-linter: fix trailing comma's
* Configure eslinter to ignore this onchange error.
* Add submit button to the top of preferences pages (#13068)
* Move submit button to the top of the edit page
* Duplicate save button on long form
* Fix click submit on profile spec
* Update nginx.conf (#13066)
* Change wording of media display preferences to be more intuitive (#13198)
* Change the tooltip "Toggle visibility" to "Hide media" in web UI (#13199)
* Add support for links to statuses in announcements to be opened in web UI (#13212)
* Add support for links to public statuses in announcements to be opened in WebUI
* Please CodeClimate
* Fix public posts from silenced accounts not being changed to unlisted visibility (#13096)
* Bump doorkeeper from 5.2.3 to 5.3.1 (#13144)
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.2.3 to 5.3.1.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.2.3...v.5.3.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Change local media attachments to perform heavy processing asynchronously (#13210)
Fix#9106
* Add federation support for the "hide network" preference (#11673)
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
* Bump cld3 from 3.2.6 to 3.3.0 (#13107)
* Bump cld3 from 3.2.6 to 3.3.0
Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.2.6 to 3.3.0.
- [Release notes](https://github.com/akihikodaki/cld3-ruby/releases)
- [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.2.6...v3.3.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix compatibility with cld3 3.3.0
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
* Change video uploads to enforce certain limits (#13218)
- Dimensions at most 1920x1200
- Frame rate at most 60
* Change video uploads to always be converted to H264/MP4 (#13220)
Even if the container format is the same (.mp4), the codec could
be different and not playable in web browsers
* Change the string "hidden" to "blocked" in WebUI (#13221)
* Change the string "hidden" to "blocked" in WebUI.
* update
* Bump file-loader from 5.0.2 to 5.1.0 (#13225)
Bumps [file-loader](https://github.com/webpack-contrib/file-loader) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/webpack-contrib/file-loader/releases)
- [Changelog](https://github.com/webpack-contrib/file-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/file-loader/compare/v5.0.2...v5.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump wicg-inert from 3.0.0 to 3.0.2 (#13226)
Bumps [wicg-inert](https://github.com/WICG/inert) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/WICG/inert/releases)
- [Commits](https://github.com/WICG/inert/compare/v3.0.0...v3.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump cross-env from 6.0.3 to 7.0.2 (#13228)
Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 6.0.3 to 7.0.2.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/cross-env/compare/v6.0.3...v7.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump eslint-plugin-react from 7.17.0 to 7.19.0 (#13224)
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.17.0 to 7.19.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.17.0...v7.19.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix MP4 (H264 + AAC) video files being needlessly re-encoded (#13239)
* Fix videos with unsupported colorspace not being transcoded (#13242)
* Fix regression in “Edit media” modal in web UI (#13243)
* [Security] Bump Node.js from 12.14.0 to 12.16.1 in Docker (#13235)
* Update Dockerfile
* Update Dockerfile
* Fix detailed view of direct messages displaying a 0 boost count (#13244)
The boost count is already removed from private toots,
do the same with direct messages.
* Add titles to warning presets in admin UI (#13252)
* Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI
* Add option to blacklist resolved MX and IP records for e-mail domains
* Fix some timeouts when searching URLs by limiting some database queries (#13253)
Only look up private toots from database if the request failed because of 401,
403 or 404 errors, as those may indicate a private toot, rather than something
that isn't a toot or cannot be processed.
* Fix WebUI crash in single-column mode on prehistoric browsers (#13267)
Fixes#13266
* Bump react-immutable-proptypes from 2.1.0 to 2.2.0 (#13259)
Bumps [react-immutable-proptypes](https://github.com/HurricaneJames/react-immutable-proptypes) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/HurricaneJames/react-immutable-proptypes/releases)
- [Changelog](https://github.com/HurricaneJames/react-immutable-proptypes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/HurricaneJames/react-immutable-proptypes/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-jest from 24.9.0 to 25.1.0 (#12973)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 24.9.0 to 25.1.0.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.1.0/packages/babel-jest)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react-dom from 16.12.0 to 16.13.0 (#13181)
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-dom)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react-test-renderer from 16.12.0 to 16.13.0 (#13260)
Bumps [react-test-renderer](https://github.com/facebook/react/tree/HEAD/packages/react-test-renderer) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-test-renderer)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sass from 1.25.0 to 1.26.3 (#13263)
Bumps [sass](https://github.com/sass/dart-sass) from 1.25.0 to 1.26.3.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.25.0...1.26.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump mkdirp from 0.5.1 to 1.0.3 (#12979)
Bumps [mkdirp](https://github.com/isaacs/node-mkdirp) from 0.5.1 to 1.0.3.
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/commits/v1.0.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump redis from 2.8.0 to 3.0.2 (#13102)
Bumps [redis](https://github.com/NodeRedis/node-redis) from 2.8.0 to 3.0.2.
- [Release notes](https://github.com/NodeRedis/node-redis/releases)
- [Changelog](https://github.com/NodeRedis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NodeRedis/node-redis/compare/v.2.8.0...v3.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld from 3.1.0 to 3.1.1 (#13230)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.0...3.1.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump simple_form from 5.0.1 to 5.0.2 (#13231)
Bumps [simple_form](https://github.com/plataformatec/simple_form) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/plataformatec/simple_form/releases)
- [Changelog](https://github.com/heartcombo/simple_form/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/simple_form/compare/v5.0.1...v5.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sidekiq-scheduler from 3.0.0 to 3.0.1 (#13233)
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.0.0...v3.0.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webmock from 3.8.0 to 3.8.3 (#13265)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.8.0 to 3.8.3.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.8.0...v3.8.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump capistrano from 3.11.2 to 3.12.1 (#13264)
* Bump capistrano from 3.11.2 to 3.12.1
Bumps [capistrano](https://github.com/capistrano/capistrano) from 3.11.2 to 3.12.1.
- [Release notes](https://github.com/capistrano/capistrano/releases)
- [Commits](https://github.com/capistrano/capistrano/compare/v3.11.2...v3.12.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump capistrano from 3.11.2 to 3.12.1
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Fix reported accounts not being whitelisted when resolving a spamcheck report (#13289)
* Decommission support for Ruby 2.4 (#13287)
* Update Gemfile
* Update README.md
* Fix frontend crash when deleting announcements (#13283)
This two-line change fixes a crash in the front end that occurred
under the following circumstances:
* A server had more than one announcement,
* A user was displaying the announcements, and
* An announcement was deleted (or unpublished, which amounts to
the same thing.)
As might be expected, the bug was caused by attempting to access a
notification using an index value outside the bounds of the existing
announcements. Specifically, in two places. First,
`_markAnnouncementAsRead` attempts to modify announcements based on
the current index. This is what caused the front end crash. Second,
when rendering the `Announcements` component, the code paginates the
announcements and displays the current one. This did not cause a
crash, but caused the front end to confusingly display a blank
announcement (in situations that would have caused a crash) with no
way for the user to navigate back to previous announcements.
This commit fixes both issues by adding a check to ensure that the
code never attempts to access an announcement with an index greater
than or equal to the number of announcements present.
* Make bookmarks also searchable (#13271)
* Add link to bookmarks in web UI dropdown (#13273)
* Migrate Rails ujs as required for Rails 6 Upgrade. (#13280)
* Update yarn.lock
* Update package.json
* Update public.js
* Update admin.js
* Update log_out.js
* Update common.js
* [Security] Bump omniauth from 1.9.0 to 1.9.1 (#13229)
Bumps [omniauth](https://github.com/omniauth/omniauth) from 1.9.0 to 1.9.1. **This update includes a security fix.**
- [Release notes](https://github.com/omniauth/omniauth/releases)
- [Commits](https://github.com/omniauth/omniauth/compare/v1.9.0...v1.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sidekiq from 5.2.7 to 6.0.4 (#11727)
* Bump sidekiq from 5.2.7 to 6.0.0
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Sidekiq::Logger.logger -> Sidekiq.logger
* Drop support Ruby 2.4
* update
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Fix bookmarks also searchable (#13293)
* Bump sidekiq-unique-jobs from 6.0.18 to 6.0.20 (#13294)
* Change poll option hover/active styling to be less confusing (#13313)
* Fix frontend crash when deleting announcements (#13312)
Refactor and fix#13283, which only worked in some cases.
* Fix media not being marked sensitive when client sets a CW but no text (#13277)
Mastodon enforces the “sensitive” flag on media attachments whenever a toot
is posted with a Content Warning. However, it does so *after* potentially
converting the Content Warning to toot text (when there is no toot text),
which leads to inconsistent and surprising behavior for API clients.
This commit fixes this inconsistency.
* Bump browser from 3.0.3 to 4.0.0 (#13307)
Bumps [browser](https://github.com/fnando/browser) from 3.0.3 to 4.0.0.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v3.0.3...v4.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump i18n-tasks from 0.9.30 to 0.9.31 (#13304)
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.30 to 0.9.31.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.30...v0.9.31)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump simplecov from 0.18.2 to 0.18.5 (#13310)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.18.2 to 0.18.5.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.18.2...v0.18.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump rspec-rails from 3.9.0 to 3.9.1 (#13305)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.0...v3.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump discard from 1.1.0 to 1.2.0 (#13308)
Bumps [discard](https://github.com/jhawthorn/discard) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/jhawthorn/discard/releases)
- [Changelog](https://github.com/jhawthorn/discard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhawthorn/discard/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump aws-sdk-s3 from 1.60.1 to 1.61.1 (#13306)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.60.1 to 1.61.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* New Crowdin translations (#13064)
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Dutch)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.json (Greek)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations devise.en.yml (Icelandic)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Lithuanian)
[ci skip]
* New translations en.yml (Norwegian)
[ci skip]
* New translations en.yml (Norwegian Nynorsk)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Kazakh)
[ci skip]
* New translations en.yml (Occitan)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Slovenian)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations en.yml (Ukrainian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Serbian (Cyrillic))
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Albanian)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Czech)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Danish)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations en.yml (Vietnamese)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Swedish)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Arabic)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations devise.en.yml (Kabyle)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations simple_form.en.yml (Welsh)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Galician)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Hungarian)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations simple_form.en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (Asturian)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations devise.en.yml (Kabyle)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Occitan)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations simple_form.en.yml (Slovak)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations doorkeeper.en.yml (Slovak)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations activerecord.en.yml (Occitan)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations activerecord.en.yml (Kabyle)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations devise.en.yml (Breton)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations doorkeeper.en.yml (Breton)
[ci skip]
* New translations simple_form.en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations devise.en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* i18n-tasks normalize
* yarn manage:translations
* Bump babel-plugin-preval from 4.0.0 to 5.0.0 (#13297)
Bumps [babel-plugin-preval](https://github.com/kentcdodds/babel-plugin-preval) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/kentcdodds/babel-plugin-preval/releases)
- [Changelog](https://github.com/kentcdodds/babel-plugin-preval/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/babel-plugin-preval/compare/v4.0.0...v5.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/plugin-transform-react-inline-elements from 7.8.3 to 7.9.0 (#13298)
Bumps [@babel/plugin-transform-react-inline-elements](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/core from 7.8.6 to 7.9.0 (#13303)
Bumps [@babel/core](https://github.com/babel/babel) from 7.8.6 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.6...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webpack-bundle-analyzer from 3.6.0 to 3.6.1 (#13300)
Bumps [webpack-bundle-analyzer](https://github.com/webpack-contrib/webpack-bundle-analyzer) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/webpack-contrib/webpack-bundle-analyzer/releases)
- [Changelog](https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/webpack-bundle-analyzer/compare/v3.6.0...v3.6.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Change `tootctl media remove-orphans` to work for all classes (#13316)
Change `tootctl media lookup` to not use an interactive prompt
* Bump react-select from 3.0.8 to 3.1.0 (#13296)
Bumps [react-select](https://github.com/JedWatson/react-select) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/.sweet-changelogs.js)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.0.8...react-select@3.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/plugin-transform-runtime from 7.8.3 to 7.9.0 (#13301)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webpack from 4.41.5 to 4.42.1 (#13319)
Bumps [webpack](https://github.com/webpack/webpack) from 4.41.5 to 4.42.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.41.5...v4.42.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix Paperclip using deprecated URI.escape function (#13320)
Monkey-patch Paperclip to perform URL escaping in a slightly more
appropriate way, and get rid of runtime deprecation warnings.
* Bump brakeman from 4.7.2 to 4.8.0 (#13309)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.7.2 to 4.8.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/master/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.7.2...v4.8.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
Fixes#13321
* Fix 404 and 410 API errors being silently discarded in WebUI (#13279)
* Fix 404 and 410 API errors being silently discarded in WebUI
Fixes#13278
* Return more appropriate error when user replies to a deleted toot
* Please CodeClimate
* Fix 404/410 errors on fetching account timelines & identity proofs
* Refactor error handling
* Move error message string to statuses.errors
* Fix incorrect deletion of local accounts imported by overwriting (#13350)
* Fix wrong color for ellipsis in boost confirmation dialog in Web UI (#13355)
* Bump pg from 1.2.2 to 1.2.3 (#13344)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.2...v1.2.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump oj from 3.10.3 to 3.10.5 (#13345)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.3 to 3.10.5.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.3...v3.10.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump iso-639 from 0.2.8 to 0.3.5 (#13343)
Bumps [iso-639](https://github.com/xwmx/iso-639) from 0.2.8 to 0.3.5.
- [Release notes](https://github.com/xwmx/iso-639/releases)
- [Commits](https://github.com/xwmx/iso-639/compare/0.2.8...0.3.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump ox from 2.12.1 to 2.13.2 (#13342)
Bumps [ox](https://github.com/ohler55/ox) from 2.12.1 to 2.13.2.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.12.1...v2.13.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump better_errors from 2.5.1 to 2.6.0 (#13340)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.5.1...v2.6.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix ImportsController param to permit :mode (#13347)
* Bump parallel_tests from 2.30.1 to 2.32.0 (#13341)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.30.1 to 2.32.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.30.1...v2.32.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump uuid from 3.4.0 to 7.0.2 (#13295)
Bumps [uuid](https://github.com/uuidjs/uuid) from 3.4.0 to 7.0.2.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v3.4.0...v7.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix content warning being unnecessarily cleared when enabling/disabling CW (#13348)
* Bump concurrent-ruby from 1.1.5 to 1.1.6 (#13346)
Bumps [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.5...v1.1.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react from 16.12.0 to 16.13.1 (#13337)
Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) from 16.12.0 to 16.13.1.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.1/packages/react)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump stringz from 2.0.0 to 2.1.0 (#13331)
Bumps [stringz](https://github.com/sallar/stringz) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/sallar/stringz/releases)
- [Changelog](https://github.com/sallar/stringz/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sallar/stringz/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-jest from 25.1.0 to 25.2.4 (#13332)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 25.1.0 to 25.2.4.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.2.4/packages/babel-jest)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/preset-env from 7.8.3 to 7.9.0 (#13336)
Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump yargs from 15.1.0 to 15.3.1 (#13334)
Bumps [yargs](https://github.com/yargs/yargs) from 15.1.0 to 15.3.1.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v15.1.0...v15.3.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-loader from 8.0.6 to 8.1.0 (#13333)
Bumps [babel-loader](https://github.com/babel/babel-loader) from 8.0.6 to 8.1.0.
- [Release notes](https://github.com/babel/babel-loader/releases)
- [Changelog](https://github.com/babel/babel-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel-loader/compare/v8.0.6...v8.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/preset-react from 7.8.3 to 7.9.4 (#13335)
Bumps [@babel/preset-react](https://github.com/babel/babel) from 7.8.3 to 7.9.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.4)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump autoprefixer from 9.7.4 to 9.7.5 (#13338)
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.4 to 9.7.5.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.4...9.7.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix re-sending of e-mail confirmation not being rate limited (#13360)
Fix#13330
* Improve toot clicking areas (#13327)
* Make the area to the left “Show Thread” also expand the toot in Web UI
* Clicking the left part of a conversation with the avatars now opens it in Web UI
* Fix background jobs not using locks like they are supposed to (#13361)
Also:
- Fix locks not being removed when jobs go to the dead job queue
- Add UI for managing locks to the Sidekiq dashboard
- Remove unused Sidekiq workers
Fix#13349
* Bump sidekiq-unique-jobs from 6.0.20 to 6.0.21 (#13367)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.20 to 6.0.21.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v6.0.20...v6.0.21)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump faker from 2.10.1 to 2.11.0 (#13363)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/commits/v2.11.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump tty-prompt from 0.20.0 to 0.21.0 (#13366)
Bumps [tty-prompt](https://github.com/piotrmurach/tty-prompt) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/piotrmurach/tty-prompt/releases)
- [Changelog](https://github.com/piotrmurach/tty-prompt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/piotrmurach/tty-prompt/compare/v0.20.0...v0.21.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump bootsnap from 1.4.5 to 1.4.6 (#13369)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.4.5...v1.4.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld-preloaded from 3.1.1 to 3.1.2 (#13365)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.1...3.1.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld from 3.1.1 to 3.1.2 (#13368)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.1...3.1.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix pinning a column in web UI sometimes redirecting out of web UI (#13376)
Fix#13216
* Fix returning results when searching for URL with non-zero offset (#13377)
Fix#13083
* Fix `tootctl media remove-orphans` ignoring `PAPERCLIP_ROOT_PATH` (#13375)
Fix#13371
* Improve polls: option lengths & redesign (#13257)
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.
Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
* Bump rspec-rails from 3.9.1 to 4.0.0 (#13364)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.1 to 4.0.0.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.1...v4.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Add ability to filter audit log in admin UI (#13381)
* Update Vagrant box to Bionic (#13384)
* Update config.yml (#13379)
* Add explanation as to why unlocked accounts may have follow requests (#13385)
* Add explanation as to why unlocked accounts may have follow requests
* Change wording to avoid “silenced”
* Bump rails from 5.2.4.1 to 5.2.4.2 and kind-of from 6.0.2 to 6.0.3 (#13387)
* Bump rails from 5.2.4.1 to 5.2.4.2
* Bump kind-of from 6.0.2 to 6.0.3
* Bump version to 3.1.3 (#13389)
* Fix PostgreSQL load when linking in announcements (#13250)
* Fix PostgreSQL load when linking in announcements
Fixes#13245 by caching status lookups
Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.
Since it's only used by announcements so far, there won't
be much statuses to cache.
* Perform status lookup when saving announcements, not when rendering them
* Change EntityCache#status to fetch URLs instead of looking into the database
* Move announcement link lookup to publishing worker
* Address issues pointed out during review
* [Security] Update Dockerfile for Ruby 2.6.6 (#13393)
* Update .ruby-version (#13395)
* Fix “Show more” not switching to “Show less” on public pages (#13174)
* Fix “Show more” not switching to “Show less” on public pages
Fixes#13169
* Fix initial text of CW button on public pages when CW are unfolded by default
* Add rate limit for reporting (#13390)
* New Crowdin translations (#13317)
* New translations en.yml (Italian)
[ci skip]
* New translations doorkeeper.en.yml (Indonesian)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations devise.en.yml (Ido)
[ci skip]
* New translations doorkeeper.en.yml (Ido)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations activerecord.en.yml (Georgian)
[ci skip]
* New translations doorkeeper.en.yml (Georgian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations doorkeeper.en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations doorkeeper.en.yml (Greek)
[ci skip]
* New translations en.yml (Hebrew)
[ci skip]
* New translations simple_form.en.yml (Hebrew)
[ci skip]
* New translations activerecord.en.yml (Hebrew)
[ci skip]
* New translations devise.en.yml (Hebrew)
[ci skip]
* New translations doorkeeper.en.yml (Hebrew)
[ci skip]
* New translations en.yml (Hindi)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Esperanto)
[ci skip]
* New translations doorkeeper.en.yml (French)
[ci skip]
* New translations devise.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations doorkeeper.en.yml (Finnish)
[ci skip]
* New translations simple_form.en.yml (Finnish)
[ci skip]
* New translations en.yml (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations doorkeeper.en.yml (Estonian)
[ci skip]
* New translations simple_form.en.yml (Estonian)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations doorkeeper.en.yml (Welsh)
[ci skip]
* New translations activerecord.en.yml (Serbian (Latin))
[ci skip]
* New translations devise.en.yml (Serbian (Latin))
[ci skip]
* New translations devise.en.yml (Urdu (Pakistan))
[ci skip]
* New translations activerecord.en.yml (Vietnamese)
[ci skip]
* New translations devise.en.yml (Vietnamese)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations simple_form.en.yml (Tamil)
[ci skip]
* New translations simple_form.en.yml (Tamil)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations devise.en.yml (German)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Slovak)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.json (Slovak)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.yml (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.y…
* clean up old theme (#279)
fix override settings
Co-authored-by: ThibG <thib@sitedethib.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: koyu <me@koyu.space>
Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
Co-authored-by: David Cook <divergentdave@gmail.com>
Co-authored-by: tateisu <tateisu@gmail.com>
Co-authored-by: tateisu <tateisu@juggler.jp>
Co-authored-by: Bèr Kessels <ber@berk.es>
Co-authored-by: guigeekz <pattusg@gmail.com>
Co-authored-by: Shlee <github@shl.ee>
Co-authored-by: mayaeh <mayaeh@marimo-net.org>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Daniel Sockwell <dsockwell@gmail.com>
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
Co-authored-by: Takeshi Umeda <noel.yoshiba@gmail.com>
Co-authored-by: Sasha Sorokin <dafri.nochiterov8@gmail.com>
Co-authored-by: fuyu <54523771+mfmfuyu@users.noreply.github.com>
Co-authored-by: Rintan <rintanminecraft@gmail.com>
* Fix announcements with fully-qualified mention to local user crashing WebUI (#13164)
* [Security] Bump puma from 4.3.1 to 4.3.2 (#13167)
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix installation failing when Redis password contains special characters (#13156)
* Add support for special characters in Redis passwords
Fixes#13154
* Refactor
* Fix elasticsearch-api and faraday incompatibilities (#13166)
* Bump puma from 4.3.2 to 4.3.3 (#13177)
This fixes cookies and devise authentication being broken as a result of
upgrading to puma 4.3.2, see https://github.com/puma/puma/issues/2132
* Bump strong_migrations from 0.5.1 to 0.6.2 (#13071)
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.5.1 to 0.6.2.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.5.1...v0.6.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump oj from 3.10.1 to 3.10.3 (#13187)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.1...v3.10.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump json-ld-preloaded from 3.1.0 to 3.1.1 (#13143)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.0...3.1.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump @babel/core from 7.8.4 to 7.8.6 (#13185)
Bumps [@babel/core](https://github.com/babel/babel) from 7.8.4 to 7.8.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.4...v7.8.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump webpack-dev-server from 3.10.1 to 3.10.3 (#13184)
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v3.10.1...v3.10.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump @babel/runtime from 7.8.3 to 7.8.4 (#13183)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.8.3 to 7.8.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.8.4/packages/babel-runtime)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Add tooltips to audio/video player buttons (#13203)
* Fix "tootctl media remove-orphans" crashing when encountering invalid media (#13170)
Fixes#13168
* Change the string "Hide everything from …" to "Block domain …" in web UI (#13178)
Blocking a domain is closer to blocking all its users than to a mute
action.
* Remove useless `respond_to` calls (#13208)
* Change GIF label to be displayed even when autoplay is enabled in web UI (#13209)
* Fix too large announcements not being scrollable in web UI (#13211)
* Add specific rate limits for posting and following (#13172)
* Fix text area above/right of emoji picker being accidentally clickable in web UI (#13148)
* Add sorting by username, creation and last activity in moderation view (#13076)
* Add ability to order accounts in moderation view
* Display last status date in “Most recent activity” for remote users
* Fix error when searching for URLs that contain the mention syntax (#13151)
Fixes#13150
* Set BUNDLE_PATH in CircleCI (#13214)
* Change description of privacy levels to be more intuitive in web UI (#13197)
* Improve description of privacy levels in compose interface
* Change strings in defaultMessage and source as well as english
Co-authored-by: Thibaut Girka <thib@sitedethib.com>
* Add ability to delete files uploaded for settings in admin UI (#13192)
* Allow deleting site uploads
* Refactor and move links into hints
* Fix i18n tests
* Fix HTML output of site_upload_delete_hint
* Add `--skip-media-remove` option to `tootctl statuses remove` (#13080)
* Add skip_media_remove option to tootctl statuses remove
* Add skip_media_remove option to tootctl statuses remove
Co-authored-by: tateisu <tateisu@juggler.jp>
* Code style improvements in JavaScript (#13159)
* JS-linter: fix trailing comma's
* Configure eslinter to ignore this onchange error.
* Add submit button to the top of preferences pages (#13068)
* Move submit button to the top of the edit page
* Duplicate save button on long form
* Fix click submit on profile spec
* Update nginx.conf (#13066)
* Change wording of media display preferences to be more intuitive (#13198)
* Change the tooltip "Toggle visibility" to "Hide media" in web UI (#13199)
* Add support for links to statuses in announcements to be opened in web UI (#13212)
* Add support for links to public statuses in announcements to be opened in WebUI
* Please CodeClimate
* Fix public posts from silenced accounts not being changed to unlisted visibility (#13096)
* Bump doorkeeper from 5.2.3 to 5.3.1 (#13144)
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.2.3 to 5.3.1.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.2.3...v.5.3.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Change local media attachments to perform heavy processing asynchronously (#13210)
Fix#9106
* Add federation support for the "hide network" preference (#11673)
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
* Bump cld3 from 3.2.6 to 3.3.0 (#13107)
* Bump cld3 from 3.2.6 to 3.3.0
Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.2.6 to 3.3.0.
- [Release notes](https://github.com/akihikodaki/cld3-ruby/releases)
- [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.2.6...v3.3.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix compatibility with cld3 3.3.0
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
* Change video uploads to enforce certain limits (#13218)
- Dimensions at most 1920x1200
- Frame rate at most 60
* Change video uploads to always be converted to H264/MP4 (#13220)
Even if the container format is the same (.mp4), the codec could
be different and not playable in web browsers
* Change the string "hidden" to "blocked" in WebUI (#13221)
* Change the string "hidden" to "blocked" in WebUI.
* update
* Bump file-loader from 5.0.2 to 5.1.0 (#13225)
Bumps [file-loader](https://github.com/webpack-contrib/file-loader) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/webpack-contrib/file-loader/releases)
- [Changelog](https://github.com/webpack-contrib/file-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/file-loader/compare/v5.0.2...v5.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump wicg-inert from 3.0.0 to 3.0.2 (#13226)
Bumps [wicg-inert](https://github.com/WICG/inert) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/WICG/inert/releases)
- [Commits](https://github.com/WICG/inert/compare/v3.0.0...v3.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump cross-env from 6.0.3 to 7.0.2 (#13228)
Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 6.0.3 to 7.0.2.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/cross-env/compare/v6.0.3...v7.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump eslint-plugin-react from 7.17.0 to 7.19.0 (#13224)
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.17.0 to 7.19.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.17.0...v7.19.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix MP4 (H264 + AAC) video files being needlessly re-encoded (#13239)
* Fix videos with unsupported colorspace not being transcoded (#13242)
* Fix regression in “Edit media” modal in web UI (#13243)
* [Security] Bump Node.js from 12.14.0 to 12.16.1 in Docker (#13235)
* Update Dockerfile
* Update Dockerfile
* Fix detailed view of direct messages displaying a 0 boost count (#13244)
The boost count is already removed from private toots,
do the same with direct messages.
* Add titles to warning presets in admin UI (#13252)
* Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI
* Add option to blacklist resolved MX and IP records for e-mail domains
* Fix some timeouts when searching URLs by limiting some database queries (#13253)
Only look up private toots from database if the request failed because of 401,
403 or 404 errors, as those may indicate a private toot, rather than something
that isn't a toot or cannot be processed.
* Fix WebUI crash in single-column mode on prehistoric browsers (#13267)
Fixes#13266
* Bump react-immutable-proptypes from 2.1.0 to 2.2.0 (#13259)
Bumps [react-immutable-proptypes](https://github.com/HurricaneJames/react-immutable-proptypes) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/HurricaneJames/react-immutable-proptypes/releases)
- [Changelog](https://github.com/HurricaneJames/react-immutable-proptypes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/HurricaneJames/react-immutable-proptypes/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-jest from 24.9.0 to 25.1.0 (#12973)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 24.9.0 to 25.1.0.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.1.0/packages/babel-jest)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react-dom from 16.12.0 to 16.13.0 (#13181)
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-dom)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react-test-renderer from 16.12.0 to 16.13.0 (#13260)
Bumps [react-test-renderer](https://github.com/facebook/react/tree/HEAD/packages/react-test-renderer) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-test-renderer)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sass from 1.25.0 to 1.26.3 (#13263)
Bumps [sass](https://github.com/sass/dart-sass) from 1.25.0 to 1.26.3.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.25.0...1.26.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump mkdirp from 0.5.1 to 1.0.3 (#12979)
Bumps [mkdirp](https://github.com/isaacs/node-mkdirp) from 0.5.1 to 1.0.3.
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/commits/v1.0.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump redis from 2.8.0 to 3.0.2 (#13102)
Bumps [redis](https://github.com/NodeRedis/node-redis) from 2.8.0 to 3.0.2.
- [Release notes](https://github.com/NodeRedis/node-redis/releases)
- [Changelog](https://github.com/NodeRedis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NodeRedis/node-redis/compare/v.2.8.0...v3.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld from 3.1.0 to 3.1.1 (#13230)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.0...3.1.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump simple_form from 5.0.1 to 5.0.2 (#13231)
Bumps [simple_form](https://github.com/plataformatec/simple_form) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/plataformatec/simple_form/releases)
- [Changelog](https://github.com/heartcombo/simple_form/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/simple_form/compare/v5.0.1...v5.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sidekiq-scheduler from 3.0.0 to 3.0.1 (#13233)
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.0.0...v3.0.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webmock from 3.8.0 to 3.8.3 (#13265)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.8.0 to 3.8.3.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.8.0...v3.8.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump capistrano from 3.11.2 to 3.12.1 (#13264)
* Bump capistrano from 3.11.2 to 3.12.1
Bumps [capistrano](https://github.com/capistrano/capistrano) from 3.11.2 to 3.12.1.
- [Release notes](https://github.com/capistrano/capistrano/releases)
- [Commits](https://github.com/capistrano/capistrano/compare/v3.11.2...v3.12.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump capistrano from 3.11.2 to 3.12.1
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Fix reported accounts not being whitelisted when resolving a spamcheck report (#13289)
* Decommission support for Ruby 2.4 (#13287)
* Update Gemfile
* Update README.md
* Fix frontend crash when deleting announcements (#13283)
This two-line change fixes a crash in the front end that occurred
under the following circumstances:
* A server had more than one announcement,
* A user was displaying the announcements, and
* An announcement was deleted (or unpublished, which amounts to
the same thing.)
As might be expected, the bug was caused by attempting to access a
notification using an index value outside the bounds of the existing
announcements. Specifically, in two places. First,
`_markAnnouncementAsRead` attempts to modify announcements based on
the current index. This is what caused the front end crash. Second,
when rendering the `Announcements` component, the code paginates the
announcements and displays the current one. This did not cause a
crash, but caused the front end to confusingly display a blank
announcement (in situations that would have caused a crash) with no
way for the user to navigate back to previous announcements.
This commit fixes both issues by adding a check to ensure that the
code never attempts to access an announcement with an index greater
than or equal to the number of announcements present.
* Make bookmarks also searchable (#13271)
* Add link to bookmarks in web UI dropdown (#13273)
* Migrate Rails ujs as required for Rails 6 Upgrade. (#13280)
* Update yarn.lock
* Update package.json
* Update public.js
* Update admin.js
* Update log_out.js
* Update common.js
* [Security] Bump omniauth from 1.9.0 to 1.9.1 (#13229)
Bumps [omniauth](https://github.com/omniauth/omniauth) from 1.9.0 to 1.9.1. **This update includes a security fix.**
- [Release notes](https://github.com/omniauth/omniauth/releases)
- [Commits](https://github.com/omniauth/omniauth/compare/v1.9.0...v1.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sidekiq from 5.2.7 to 6.0.4 (#11727)
* Bump sidekiq from 5.2.7 to 6.0.0
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Sidekiq::Logger.logger -> Sidekiq.logger
* Drop support Ruby 2.4
* update
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Fix bookmarks also searchable (#13293)
* Bump sidekiq-unique-jobs from 6.0.18 to 6.0.20 (#13294)
* Change poll option hover/active styling to be less confusing (#13313)
* Fix frontend crash when deleting announcements (#13312)
Refactor and fix#13283, which only worked in some cases.
* Fix media not being marked sensitive when client sets a CW but no text (#13277)
Mastodon enforces the “sensitive” flag on media attachments whenever a toot
is posted with a Content Warning. However, it does so *after* potentially
converting the Content Warning to toot text (when there is no toot text),
which leads to inconsistent and surprising behavior for API clients.
This commit fixes this inconsistency.
* Bump browser from 3.0.3 to 4.0.0 (#13307)
Bumps [browser](https://github.com/fnando/browser) from 3.0.3 to 4.0.0.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v3.0.3...v4.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump i18n-tasks from 0.9.30 to 0.9.31 (#13304)
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.30 to 0.9.31.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.30...v0.9.31)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump simplecov from 0.18.2 to 0.18.5 (#13310)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.18.2 to 0.18.5.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.18.2...v0.18.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump rspec-rails from 3.9.0 to 3.9.1 (#13305)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.0...v3.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump discard from 1.1.0 to 1.2.0 (#13308)
Bumps [discard](https://github.com/jhawthorn/discard) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/jhawthorn/discard/releases)
- [Changelog](https://github.com/jhawthorn/discard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhawthorn/discard/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump aws-sdk-s3 from 1.60.1 to 1.61.1 (#13306)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.60.1 to 1.61.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* New Crowdin translations (#13064)
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Dutch)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.json (Greek)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations devise.en.yml (Icelandic)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Lithuanian)
[ci skip]
* New translations en.yml (Norwegian)
[ci skip]
* New translations en.yml (Norwegian Nynorsk)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Kazakh)
[ci skip]
* New translations en.yml (Occitan)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Slovenian)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations en.yml (Ukrainian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Serbian (Cyrillic))
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Albanian)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Czech)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Danish)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations en.yml (Vietnamese)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Swedish)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Arabic)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations devise.en.yml (Kabyle)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations simple_form.en.yml (Welsh)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Galician)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Hungarian)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations simple_form.en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (Asturian)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations devise.en.yml (Kabyle)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Occitan)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations simple_form.en.yml (Slovak)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations doorkeeper.en.yml (Slovak)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations activerecord.en.yml (Occitan)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations activerecord.en.yml (Kabyle)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations devise.en.yml (Breton)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations doorkeeper.en.yml (Breton)
[ci skip]
* New translations simple_form.en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations devise.en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* i18n-tasks normalize
* yarn manage:translations
* Bump babel-plugin-preval from 4.0.0 to 5.0.0 (#13297)
Bumps [babel-plugin-preval](https://github.com/kentcdodds/babel-plugin-preval) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/kentcdodds/babel-plugin-preval/releases)
- [Changelog](https://github.com/kentcdodds/babel-plugin-preval/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/babel-plugin-preval/compare/v4.0.0...v5.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/plugin-transform-react-inline-elements from 7.8.3 to 7.9.0 (#13298)
Bumps [@babel/plugin-transform-react-inline-elements](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/core from 7.8.6 to 7.9.0 (#13303)
Bumps [@babel/core](https://github.com/babel/babel) from 7.8.6 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.6...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webpack-bundle-analyzer from 3.6.0 to 3.6.1 (#13300)
Bumps [webpack-bundle-analyzer](https://github.com/webpack-contrib/webpack-bundle-analyzer) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/webpack-contrib/webpack-bundle-analyzer/releases)
- [Changelog](https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/webpack-bundle-analyzer/compare/v3.6.0...v3.6.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Change `tootctl media remove-orphans` to work for all classes (#13316)
Change `tootctl media lookup` to not use an interactive prompt
* Bump react-select from 3.0.8 to 3.1.0 (#13296)
Bumps [react-select](https://github.com/JedWatson/react-select) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/.sweet-changelogs.js)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.0.8...react-select@3.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/plugin-transform-runtime from 7.8.3 to 7.9.0 (#13301)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webpack from 4.41.5 to 4.42.1 (#13319)
Bumps [webpack](https://github.com/webpack/webpack) from 4.41.5 to 4.42.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.41.5...v4.42.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix Paperclip using deprecated URI.escape function (#13320)
Monkey-patch Paperclip to perform URL escaping in a slightly more
appropriate way, and get rid of runtime deprecation warnings.
* Bump brakeman from 4.7.2 to 4.8.0 (#13309)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.7.2 to 4.8.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/master/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.7.2...v4.8.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
Fixes#13321
* Fix 404 and 410 API errors being silently discarded in WebUI (#13279)
* Fix 404 and 410 API errors being silently discarded in WebUI
Fixes#13278
* Return more appropriate error when user replies to a deleted toot
* Please CodeClimate
* Fix 404/410 errors on fetching account timelines & identity proofs
* Refactor error handling
* Move error message string to statuses.errors
* Fix incorrect deletion of local accounts imported by overwriting (#13350)
* Fix wrong color for ellipsis in boost confirmation dialog in Web UI (#13355)
* Bump pg from 1.2.2 to 1.2.3 (#13344)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.2...v1.2.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump oj from 3.10.3 to 3.10.5 (#13345)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.3 to 3.10.5.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.3...v3.10.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump iso-639 from 0.2.8 to 0.3.5 (#13343)
Bumps [iso-639](https://github.com/xwmx/iso-639) from 0.2.8 to 0.3.5.
- [Release notes](https://github.com/xwmx/iso-639/releases)
- [Commits](https://github.com/xwmx/iso-639/compare/0.2.8...0.3.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump ox from 2.12.1 to 2.13.2 (#13342)
Bumps [ox](https://github.com/ohler55/ox) from 2.12.1 to 2.13.2.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.12.1...v2.13.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump better_errors from 2.5.1 to 2.6.0 (#13340)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.5.1...v2.6.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix ImportsController param to permit :mode (#13347)
* Bump parallel_tests from 2.30.1 to 2.32.0 (#13341)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.30.1 to 2.32.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.30.1...v2.32.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump uuid from 3.4.0 to 7.0.2 (#13295)
Bumps [uuid](https://github.com/uuidjs/uuid) from 3.4.0 to 7.0.2.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v3.4.0...v7.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix content warning being unnecessarily cleared when enabling/disabling CW (#13348)
* Bump concurrent-ruby from 1.1.5 to 1.1.6 (#13346)
Bumps [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.5...v1.1.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react from 16.12.0 to 16.13.1 (#13337)
Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) from 16.12.0 to 16.13.1.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.1/packages/react)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump stringz from 2.0.0 to 2.1.0 (#13331)
Bumps [stringz](https://github.com/sallar/stringz) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/sallar/stringz/releases)
- [Changelog](https://github.com/sallar/stringz/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sallar/stringz/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-jest from 25.1.0 to 25.2.4 (#13332)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 25.1.0 to 25.2.4.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.2.4/packages/babel-jest)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/preset-env from 7.8.3 to 7.9.0 (#13336)
Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump yargs from 15.1.0 to 15.3.1 (#13334)
Bumps [yargs](https://github.com/yargs/yargs) from 15.1.0 to 15.3.1.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v15.1.0...v15.3.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-loader from 8.0.6 to 8.1.0 (#13333)
Bumps [babel-loader](https://github.com/babel/babel-loader) from 8.0.6 to 8.1.0.
- [Release notes](https://github.com/babel/babel-loader/releases)
- [Changelog](https://github.com/babel/babel-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel-loader/compare/v8.0.6...v8.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/preset-react from 7.8.3 to 7.9.4 (#13335)
Bumps [@babel/preset-react](https://github.com/babel/babel) from 7.8.3 to 7.9.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.4)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump autoprefixer from 9.7.4 to 9.7.5 (#13338)
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.4 to 9.7.5.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.4...9.7.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix re-sending of e-mail confirmation not being rate limited (#13360)
Fix#13330
* Improve toot clicking areas (#13327)
* Make the area to the left “Show Thread” also expand the toot in Web UI
* Clicking the left part of a conversation with the avatars now opens it in Web UI
* Fix background jobs not using locks like they are supposed to (#13361)
Also:
- Fix locks not being removed when jobs go to the dead job queue
- Add UI for managing locks to the Sidekiq dashboard
- Remove unused Sidekiq workers
Fix#13349
* Bump sidekiq-unique-jobs from 6.0.20 to 6.0.21 (#13367)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.20 to 6.0.21.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v6.0.20...v6.0.21)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump faker from 2.10.1 to 2.11.0 (#13363)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/commits/v2.11.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump tty-prompt from 0.20.0 to 0.21.0 (#13366)
Bumps [tty-prompt](https://github.com/piotrmurach/tty-prompt) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/piotrmurach/tty-prompt/releases)
- [Changelog](https://github.com/piotrmurach/tty-prompt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/piotrmurach/tty-prompt/compare/v0.20.0...v0.21.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump bootsnap from 1.4.5 to 1.4.6 (#13369)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.4.5...v1.4.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld-preloaded from 3.1.1 to 3.1.2 (#13365)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.1...3.1.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld from 3.1.1 to 3.1.2 (#13368)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.1...3.1.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix pinning a column in web UI sometimes redirecting out of web UI (#13376)
Fix#13216
* Fix returning results when searching for URL with non-zero offset (#13377)
Fix#13083
* Fix `tootctl media remove-orphans` ignoring `PAPERCLIP_ROOT_PATH` (#13375)
Fix#13371
* Improve polls: option lengths & redesign (#13257)
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.
Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
* Bump rspec-rails from 3.9.1 to 4.0.0 (#13364)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.1 to 4.0.0.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.1...v4.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Add ability to filter audit log in admin UI (#13381)
* Update Vagrant box to Bionic (#13384)
* Update config.yml (#13379)
* Add explanation as to why unlocked accounts may have follow requests (#13385)
* Add explanation as to why unlocked accounts may have follow requests
* Change wording to avoid “silenced”
* Bump rails from 5.2.4.1 to 5.2.4.2 and kind-of from 6.0.2 to 6.0.3 (#13387)
* Bump rails from 5.2.4.1 to 5.2.4.2
* Bump kind-of from 6.0.2 to 6.0.3
* Bump version to 3.1.3 (#13389)
* Fix PostgreSQL load when linking in announcements (#13250)
* Fix PostgreSQL load when linking in announcements
Fixes#13245 by caching status lookups
Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.
Since it's only used by announcements so far, there won't
be much statuses to cache.
* Perform status lookup when saving announcements, not when rendering them
* Change EntityCache#status to fetch URLs instead of looking into the database
* Move announcement link lookup to publishing worker
* Address issues pointed out during review
* [Security] Update Dockerfile for Ruby 2.6.6 (#13393)
* Update .ruby-version (#13395)
* Fix “Show more” not switching to “Show less” on public pages (#13174)
* Fix “Show more” not switching to “Show less” on public pages
Fixes#13169
* Fix initial text of CW button on public pages when CW are unfolded by default
* Add rate limit for reporting (#13390)
* New Crowdin translations (#13317)
* New translations en.yml (Italian)
[ci skip]
* New translations doorkeeper.en.yml (Indonesian)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations devise.en.yml (Ido)
[ci skip]
* New translations doorkeeper.en.yml (Ido)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations activerecord.en.yml (Georgian)
[ci skip]
* New translations doorkeeper.en.yml (Georgian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations doorkeeper.en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations doorkeeper.en.yml (Greek)
[ci skip]
* New translations en.yml (Hebrew)
[ci skip]
* New translations simple_form.en.yml (Hebrew)
[ci skip]
* New translations activerecord.en.yml (Hebrew)
[ci skip]
* New translations devise.en.yml (Hebrew)
[ci skip]
* New translations doorkeeper.en.yml (Hebrew)
[ci skip]
* New translations en.yml (Hindi)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Esperanto)
[ci skip]
* New translations doorkeeper.en.yml (French)
[ci skip]
* New translations devise.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations doorkeeper.en.yml (Finnish)
[ci skip]
* New translations simple_form.en.yml (Finnish)
[ci skip]
* New translations en.yml (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations doorkeeper.en.yml (Estonian)
[ci skip]
* New translations simple_form.en.yml (Estonian)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations doorkeeper.en.yml (Welsh)
[ci skip]
* New translations activerecord.en.yml (Serbian (Latin))
[ci skip]
* New translations devise.en.yml (Serbian (Latin))
[ci skip]
* New translations devise.en.yml (Urdu (Pakistan))
[ci skip]
* New translations activerecord.en.yml (Vietnamese)
[ci skip]
* New translations devise.en.yml (Vietnamese)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations simple_form.en.yml (Tamil)
[ci skip]
* New translations simple_form.en.yml (Tamil)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations devise.en.yml (German)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Slovak)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.json (Slovak)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.yml (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New t…
Co-authored-by: ThibG <thib@sitedethib.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: koyu <me@koyu.space>
Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
Co-authored-by: David Cook <divergentdave@gmail.com>
Co-authored-by: tateisu <tateisu@gmail.com>
Co-authored-by: tateisu <tateisu@juggler.jp>
Co-authored-by: Bèr Kessels <ber@berk.es>
Co-authored-by: guigeekz <pattusg@gmail.com>
Co-authored-by: Shlee <github@shl.ee>
Co-authored-by: mayaeh <mayaeh@marimo-net.org>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Daniel Sockwell <dsockwell@gmail.com>
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
Co-authored-by: Takeshi Umeda <noel.yoshiba@gmail.com>
Co-authored-by: Sasha Sorokin <dafri.nochiterov8@gmail.com>
Co-authored-by: fuyu <54523771+mfmfuyu@users.noreply.github.com>
* Fix announcements with fully-qualified mention to local user crashing WebUI (#13164)
* [Security] Bump puma from 4.3.1 to 4.3.2 (#13167)
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix installation failing when Redis password contains special characters (#13156)
* Add support for special characters in Redis passwords
Fixes#13154
* Refactor
* Fix elasticsearch-api and faraday incompatibilities (#13166)
* Bump puma from 4.3.2 to 4.3.3 (#13177)
This fixes cookies and devise authentication being broken as a result of
upgrading to puma 4.3.2, see https://github.com/puma/puma/issues/2132
* Bump strong_migrations from 0.5.1 to 0.6.2 (#13071)
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.5.1 to 0.6.2.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.5.1...v0.6.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump oj from 3.10.1 to 3.10.3 (#13187)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.1...v3.10.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump json-ld-preloaded from 3.1.0 to 3.1.1 (#13143)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.0...3.1.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump @babel/core from 7.8.4 to 7.8.6 (#13185)
Bumps [@babel/core](https://github.com/babel/babel) from 7.8.4 to 7.8.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.4...v7.8.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump webpack-dev-server from 3.10.1 to 3.10.3 (#13184)
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v3.10.1...v3.10.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump @babel/runtime from 7.8.3 to 7.8.4 (#13183)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.8.3 to 7.8.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.8.4/packages/babel-runtime)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Add tooltips to audio/video player buttons (#13203)
* Fix "tootctl media remove-orphans" crashing when encountering invalid media (#13170)
Fixes#13168
* Change the string "Hide everything from …" to "Block domain …" in web UI (#13178)
Blocking a domain is closer to blocking all its users than to a mute
action.
* Remove useless `respond_to` calls (#13208)
* Change GIF label to be displayed even when autoplay is enabled in web UI (#13209)
* Fix too large announcements not being scrollable in web UI (#13211)
* Add specific rate limits for posting and following (#13172)
* Fix text area above/right of emoji picker being accidentally clickable in web UI (#13148)
* Add sorting by username, creation and last activity in moderation view (#13076)
* Add ability to order accounts in moderation view
* Display last status date in “Most recent activity” for remote users
* Fix error when searching for URLs that contain the mention syntax (#13151)
Fixes#13150
* Set BUNDLE_PATH in CircleCI (#13214)
* Change description of privacy levels to be more intuitive in web UI (#13197)
* Improve description of privacy levels in compose interface
* Change strings in defaultMessage and source as well as english
Co-authored-by: Thibaut Girka <thib@sitedethib.com>
* Add ability to delete files uploaded for settings in admin UI (#13192)
* Allow deleting site uploads
* Refactor and move links into hints
* Fix i18n tests
* Fix HTML output of site_upload_delete_hint
* Add `--skip-media-remove` option to `tootctl statuses remove` (#13080)
* Add skip_media_remove option to tootctl statuses remove
* Add skip_media_remove option to tootctl statuses remove
Co-authored-by: tateisu <tateisu@juggler.jp>
* Code style improvements in JavaScript (#13159)
* JS-linter: fix trailing comma's
* Configure eslinter to ignore this onchange error.
* Add submit button to the top of preferences pages (#13068)
* Move submit button to the top of the edit page
* Duplicate save button on long form
* Fix click submit on profile spec
* Update nginx.conf (#13066)
* Change wording of media display preferences to be more intuitive (#13198)
* Change the tooltip "Toggle visibility" to "Hide media" in web UI (#13199)
* Add support for links to statuses in announcements to be opened in web UI (#13212)
* Add support for links to public statuses in announcements to be opened in WebUI
* Please CodeClimate
* Fix public posts from silenced accounts not being changed to unlisted visibility (#13096)
* Bump doorkeeper from 5.2.3 to 5.3.1 (#13144)
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.2.3 to 5.3.1.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.2.3...v.5.3.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Change local media attachments to perform heavy processing asynchronously (#13210)
Fix#9106
* Add federation support for the "hide network" preference (#11673)
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
* Bump cld3 from 3.2.6 to 3.3.0 (#13107)
* Bump cld3 from 3.2.6 to 3.3.0
Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.2.6 to 3.3.0.
- [Release notes](https://github.com/akihikodaki/cld3-ruby/releases)
- [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.2.6...v3.3.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix compatibility with cld3 3.3.0
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
* Change video uploads to enforce certain limits (#13218)
- Dimensions at most 1920x1200
- Frame rate at most 60
* Change video uploads to always be converted to H264/MP4 (#13220)
Even if the container format is the same (.mp4), the codec could
be different and not playable in web browsers
* Change the string "hidden" to "blocked" in WebUI (#13221)
* Change the string "hidden" to "blocked" in WebUI.
* update
* Bump file-loader from 5.0.2 to 5.1.0 (#13225)
Bumps [file-loader](https://github.com/webpack-contrib/file-loader) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/webpack-contrib/file-loader/releases)
- [Changelog](https://github.com/webpack-contrib/file-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/file-loader/compare/v5.0.2...v5.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump wicg-inert from 3.0.0 to 3.0.2 (#13226)
Bumps [wicg-inert](https://github.com/WICG/inert) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/WICG/inert/releases)
- [Commits](https://github.com/WICG/inert/compare/v3.0.0...v3.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump cross-env from 6.0.3 to 7.0.2 (#13228)
Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 6.0.3 to 7.0.2.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/cross-env/compare/v6.0.3...v7.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump eslint-plugin-react from 7.17.0 to 7.19.0 (#13224)
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.17.0 to 7.19.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.17.0...v7.19.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix MP4 (H264 + AAC) video files being needlessly re-encoded (#13239)
* Fix videos with unsupported colorspace not being transcoded (#13242)
* Fix regression in “Edit media” modal in web UI (#13243)
* [Security] Bump Node.js from 12.14.0 to 12.16.1 in Docker (#13235)
* Update Dockerfile
* Update Dockerfile
* Fix detailed view of direct messages displaying a 0 boost count (#13244)
The boost count is already removed from private toots,
do the same with direct messages.
* Add titles to warning presets in admin UI (#13252)
* Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)
* Add shortcuts to blacklist a user's e-mail domain in admin UI
* Add option to blacklist resolved MX and IP records for e-mail domains
* Fix some timeouts when searching URLs by limiting some database queries (#13253)
Only look up private toots from database if the request failed because of 401,
403 or 404 errors, as those may indicate a private toot, rather than something
that isn't a toot or cannot be processed.
* Fix WebUI crash in single-column mode on prehistoric browsers (#13267)
Fixes#13266
* Bump react-immutable-proptypes from 2.1.0 to 2.2.0 (#13259)
Bumps [react-immutable-proptypes](https://github.com/HurricaneJames/react-immutable-proptypes) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/HurricaneJames/react-immutable-proptypes/releases)
- [Changelog](https://github.com/HurricaneJames/react-immutable-proptypes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/HurricaneJames/react-immutable-proptypes/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-jest from 24.9.0 to 25.1.0 (#12973)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 24.9.0 to 25.1.0.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.1.0/packages/babel-jest)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react-dom from 16.12.0 to 16.13.0 (#13181)
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-dom)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react-test-renderer from 16.12.0 to 16.13.0 (#13260)
Bumps [react-test-renderer](https://github.com/facebook/react/tree/HEAD/packages/react-test-renderer) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-test-renderer)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sass from 1.25.0 to 1.26.3 (#13263)
Bumps [sass](https://github.com/sass/dart-sass) from 1.25.0 to 1.26.3.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.25.0...1.26.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump mkdirp from 0.5.1 to 1.0.3 (#12979)
Bumps [mkdirp](https://github.com/isaacs/node-mkdirp) from 0.5.1 to 1.0.3.
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/commits/v1.0.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump redis from 2.8.0 to 3.0.2 (#13102)
Bumps [redis](https://github.com/NodeRedis/node-redis) from 2.8.0 to 3.0.2.
- [Release notes](https://github.com/NodeRedis/node-redis/releases)
- [Changelog](https://github.com/NodeRedis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NodeRedis/node-redis/compare/v.2.8.0...v3.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld from 3.1.0 to 3.1.1 (#13230)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.0...3.1.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump simple_form from 5.0.1 to 5.0.2 (#13231)
Bumps [simple_form](https://github.com/plataformatec/simple_form) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/plataformatec/simple_form/releases)
- [Changelog](https://github.com/heartcombo/simple_form/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/simple_form/compare/v5.0.1...v5.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sidekiq-scheduler from 3.0.0 to 3.0.1 (#13233)
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.0.0...v3.0.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webmock from 3.8.0 to 3.8.3 (#13265)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.8.0 to 3.8.3.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.8.0...v3.8.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump capistrano from 3.11.2 to 3.12.1 (#13264)
* Bump capistrano from 3.11.2 to 3.12.1
Bumps [capistrano](https://github.com/capistrano/capistrano) from 3.11.2 to 3.12.1.
- [Release notes](https://github.com/capistrano/capistrano/releases)
- [Commits](https://github.com/capistrano/capistrano/compare/v3.11.2...v3.12.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump capistrano from 3.11.2 to 3.12.1
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Fix reported accounts not being whitelisted when resolving a spamcheck report (#13289)
* Decommission support for Ruby 2.4 (#13287)
* Update Gemfile
* Update README.md
* Fix frontend crash when deleting announcements (#13283)
This two-line change fixes a crash in the front end that occurred
under the following circumstances:
* A server had more than one announcement,
* A user was displaying the announcements, and
* An announcement was deleted (or unpublished, which amounts to
the same thing.)
As might be expected, the bug was caused by attempting to access a
notification using an index value outside the bounds of the existing
announcements. Specifically, in two places. First,
`_markAnnouncementAsRead` attempts to modify announcements based on
the current index. This is what caused the front end crash. Second,
when rendering the `Announcements` component, the code paginates the
announcements and displays the current one. This did not cause a
crash, but caused the front end to confusingly display a blank
announcement (in situations that would have caused a crash) with no
way for the user to navigate back to previous announcements.
This commit fixes both issues by adding a check to ensure that the
code never attempts to access an announcement with an index greater
than or equal to the number of announcements present.
* Make bookmarks also searchable (#13271)
* Add link to bookmarks in web UI dropdown (#13273)
* Migrate Rails ujs as required for Rails 6 Upgrade. (#13280)
* Update yarn.lock
* Update package.json
* Update public.js
* Update admin.js
* Update log_out.js
* Update common.js
* [Security] Bump omniauth from 1.9.0 to 1.9.1 (#13229)
Bumps [omniauth](https://github.com/omniauth/omniauth) from 1.9.0 to 1.9.1. **This update includes a security fix.**
- [Release notes](https://github.com/omniauth/omniauth/releases)
- [Commits](https://github.com/omniauth/omniauth/compare/v1.9.0...v1.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump sidekiq from 5.2.7 to 6.0.4 (#11727)
* Bump sidekiq from 5.2.7 to 6.0.0
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Sidekiq::Logger.logger -> Sidekiq.logger
* Drop support Ruby 2.4
* update
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Fix bookmarks also searchable (#13293)
* Bump sidekiq-unique-jobs from 6.0.18 to 6.0.20 (#13294)
* Change poll option hover/active styling to be less confusing (#13313)
* Fix frontend crash when deleting announcements (#13312)
Refactor and fix#13283, which only worked in some cases.
* Fix media not being marked sensitive when client sets a CW but no text (#13277)
Mastodon enforces the “sensitive” flag on media attachments whenever a toot
is posted with a Content Warning. However, it does so *after* potentially
converting the Content Warning to toot text (when there is no toot text),
which leads to inconsistent and surprising behavior for API clients.
This commit fixes this inconsistency.
* Bump browser from 3.0.3 to 4.0.0 (#13307)
Bumps [browser](https://github.com/fnando/browser) from 3.0.3 to 4.0.0.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v3.0.3...v4.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump i18n-tasks from 0.9.30 to 0.9.31 (#13304)
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.30 to 0.9.31.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.30...v0.9.31)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump simplecov from 0.18.2 to 0.18.5 (#13310)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.18.2 to 0.18.5.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.18.2...v0.18.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump rspec-rails from 3.9.0 to 3.9.1 (#13305)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.0...v3.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump discard from 1.1.0 to 1.2.0 (#13308)
Bumps [discard](https://github.com/jhawthorn/discard) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/jhawthorn/discard/releases)
- [Changelog](https://github.com/jhawthorn/discard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhawthorn/discard/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump aws-sdk-s3 from 1.60.1 to 1.61.1 (#13306)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.60.1 to 1.61.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* New Crowdin translations (#13064)
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Dutch)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.json (Greek)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations devise.en.yml (Icelandic)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Lithuanian)
[ci skip]
* New translations en.yml (Norwegian)
[ci skip]
* New translations en.yml (Norwegian Nynorsk)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Kazakh)
[ci skip]
* New translations en.yml (Occitan)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Slovenian)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Turkish)
[ci skip]
* New translations en.yml (Ukrainian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Serbian (Cyrillic))
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Albanian)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Kabyle)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Czech)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Esperanto)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Dutch)
[ci skip]
* New translations en.yml (Danish)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations en.yml (Vietnamese)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Swedish)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Arabic)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations devise.en.yml (Kabyle)
[ci skip]
* New translations en.yml (Welsh)
[ci skip]
* New translations simple_form.en.yml (Welsh)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Catalan)
[ci skip]
* New translations simple_form.en.yml (Portuguese)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations simple_form.en.yml (Korean)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Galician)
[ci skip]
* New translations simple_form.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations simple_form.en.yml (Corsican)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Hungarian)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations simple_form.en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (Asturian)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations devise.en.yml (Kabyle)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Occitan)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations simple_form.en.yml (Slovak)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations simple_form.en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations doorkeeper.en.yml (Slovak)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations activerecord.en.yml (Occitan)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations activerecord.en.yml (Kabyle)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations devise.en.yml (Breton)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations doorkeeper.en.yml (Breton)
[ci skip]
* New translations simple_form.en.yml (Breton)
[ci skip]
* New translations en.yml (Breton)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations devise.en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Russian)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations simple_form.en.yml (Japanese)
[ci skip]
* i18n-tasks normalize
* yarn manage:translations
* Bump babel-plugin-preval from 4.0.0 to 5.0.0 (#13297)
Bumps [babel-plugin-preval](https://github.com/kentcdodds/babel-plugin-preval) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/kentcdodds/babel-plugin-preval/releases)
- [Changelog](https://github.com/kentcdodds/babel-plugin-preval/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/babel-plugin-preval/compare/v4.0.0...v5.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/plugin-transform-react-inline-elements from 7.8.3 to 7.9.0 (#13298)
Bumps [@babel/plugin-transform-react-inline-elements](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/core from 7.8.6 to 7.9.0 (#13303)
Bumps [@babel/core](https://github.com/babel/babel) from 7.8.6 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.6...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webpack-bundle-analyzer from 3.6.0 to 3.6.1 (#13300)
Bumps [webpack-bundle-analyzer](https://github.com/webpack-contrib/webpack-bundle-analyzer) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/webpack-contrib/webpack-bundle-analyzer/releases)
- [Changelog](https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/webpack-bundle-analyzer/compare/v3.6.0...v3.6.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Change `tootctl media remove-orphans` to work for all classes (#13316)
Change `tootctl media lookup` to not use an interactive prompt
* Bump react-select from 3.0.8 to 3.1.0 (#13296)
Bumps [react-select](https://github.com/JedWatson/react-select) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/.sweet-changelogs.js)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.0.8...react-select@3.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/plugin-transform-runtime from 7.8.3 to 7.9.0 (#13301)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump webpack from 4.41.5 to 4.42.1 (#13319)
Bumps [webpack](https://github.com/webpack/webpack) from 4.41.5 to 4.42.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.41.5...v4.42.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix Paperclip using deprecated URI.escape function (#13320)
Monkey-patch Paperclip to perform URL escaping in a slightly more
appropriate way, and get rid of runtime deprecation warnings.
* Bump brakeman from 4.7.2 to 4.8.0 (#13309)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.7.2 to 4.8.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/master/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.7.2...v4.8.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
Fixes#13321
* Fix 404 and 410 API errors being silently discarded in WebUI (#13279)
* Fix 404 and 410 API errors being silently discarded in WebUI
Fixes#13278
* Return more appropriate error when user replies to a deleted toot
* Please CodeClimate
* Fix 404/410 errors on fetching account timelines & identity proofs
* Refactor error handling
* Move error message string to statuses.errors
* Fix incorrect deletion of local accounts imported by overwriting (#13350)
* Fix wrong color for ellipsis in boost confirmation dialog in Web UI (#13355)
* Bump pg from 1.2.2 to 1.2.3 (#13344)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.2...v1.2.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump oj from 3.10.3 to 3.10.5 (#13345)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.3 to 3.10.5.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.3...v3.10.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump iso-639 from 0.2.8 to 0.3.5 (#13343)
Bumps [iso-639](https://github.com/xwmx/iso-639) from 0.2.8 to 0.3.5.
- [Release notes](https://github.com/xwmx/iso-639/releases)
- [Commits](https://github.com/xwmx/iso-639/compare/0.2.8...0.3.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump ox from 2.12.1 to 2.13.2 (#13342)
Bumps [ox](https://github.com/ohler55/ox) from 2.12.1 to 2.13.2.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.12.1...v2.13.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump better_errors from 2.5.1 to 2.6.0 (#13340)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.5.1...v2.6.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix ImportsController param to permit :mode (#13347)
* Bump parallel_tests from 2.30.1 to 2.32.0 (#13341)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.30.1 to 2.32.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.30.1...v2.32.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump uuid from 3.4.0 to 7.0.2 (#13295)
Bumps [uuid](https://github.com/uuidjs/uuid) from 3.4.0 to 7.0.2.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v3.4.0...v7.0.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix content warning being unnecessarily cleared when enabling/disabling CW (#13348)
* Bump concurrent-ruby from 1.1.5 to 1.1.6 (#13346)
Bumps [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.5...v1.1.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump react from 16.12.0 to 16.13.1 (#13337)
Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) from 16.12.0 to 16.13.1.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.1/packages/react)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump stringz from 2.0.0 to 2.1.0 (#13331)
Bumps [stringz](https://github.com/sallar/stringz) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/sallar/stringz/releases)
- [Changelog](https://github.com/sallar/stringz/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sallar/stringz/commits)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-jest from 25.1.0 to 25.2.4 (#13332)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 25.1.0 to 25.2.4.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.2.4/packages/babel-jest)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/preset-env from 7.8.3 to 7.9.0 (#13336)
Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump yargs from 15.1.0 to 15.3.1 (#13334)
Bumps [yargs](https://github.com/yargs/yargs) from 15.1.0 to 15.3.1.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v15.1.0...v15.3.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump babel-loader from 8.0.6 to 8.1.0 (#13333)
Bumps [babel-loader](https://github.com/babel/babel-loader) from 8.0.6 to 8.1.0.
- [Release notes](https://github.com/babel/babel-loader/releases)
- [Changelog](https://github.com/babel/babel-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel-loader/compare/v8.0.6...v8.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump @babel/preset-react from 7.8.3 to 7.9.4 (#13335)
Bumps [@babel/preset-react](https://github.com/babel/babel) from 7.8.3 to 7.9.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.4)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump autoprefixer from 9.7.4 to 9.7.5 (#13338)
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.4 to 9.7.5.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.4...9.7.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix re-sending of e-mail confirmation not being rate limited (#13360)
Fix#13330
* Improve toot clicking areas (#13327)
* Make the area to the left “Show Thread” also expand the toot in Web UI
* Clicking the left part of a conversation with the avatars now opens it in Web UI
* Fix background jobs not using locks like they are supposed to (#13361)
Also:
- Fix locks not being removed when jobs go to the dead job queue
- Add UI for managing locks to the Sidekiq dashboard
- Remove unused Sidekiq workers
Fix#13349
* Bump sidekiq-unique-jobs from 6.0.20 to 6.0.21 (#13367)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.20 to 6.0.21.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v6.0.20...v6.0.21)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump faker from 2.10.1 to 2.11.0 (#13363)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/commits/v2.11.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump tty-prompt from 0.20.0 to 0.21.0 (#13366)
Bumps [tty-prompt](https://github.com/piotrmurach/tty-prompt) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/piotrmurach/tty-prompt/releases)
- [Changelog](https://github.com/piotrmurach/tty-prompt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/piotrmurach/tty-prompt/compare/v0.20.0...v0.21.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump bootsnap from 1.4.5 to 1.4.6 (#13369)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.4.5...v1.4.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld-preloaded from 3.1.1 to 3.1.2 (#13365)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.1...3.1.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Bump json-ld from 3.1.1 to 3.1.2 (#13368)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.1...3.1.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Fix pinning a column in web UI sometimes redirecting out of web UI (#13376)
Fix#13216
* Fix returning results when searching for URL with non-zero offset (#13377)
Fix#13083
* Fix `tootctl media remove-orphans` ignoring `PAPERCLIP_ROOT_PATH` (#13375)
Fix#13371
* Improve polls: option lengths & redesign (#13257)
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.
Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
* Bump rspec-rails from 3.9.1 to 4.0.0 (#13364)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.1 to 4.0.0.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.1...v4.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* Add ability to filter audit log in admin UI (#13381)
* Update Vagrant box to Bionic (#13384)
* Update config.yml (#13379)
* Add explanation as to why unlocked accounts may have follow requests (#13385)
* Add explanation as to why unlocked accounts may have follow requests
* Change wording to avoid “silenced”
* Bump rails from 5.2.4.1 to 5.2.4.2 and kind-of from 6.0.2 to 6.0.3 (#13387)
* Bump rails from 5.2.4.1 to 5.2.4.2
* Bump kind-of from 6.0.2 to 6.0.3
* Bump version to 3.1.3 (#13389)
* Fix PostgreSQL load when linking in announcements (#13250)
* Fix PostgreSQL load when linking in announcements
Fixes#13245 by caching status lookups
Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.
Since it's only used by announcements so far, there won't
be much statuses to cache.
* Perform status lookup when saving announcements, not when rendering them
* Change EntityCache#status to fetch URLs instead of looking into the database
* Move announcement link lookup to publishing worker
* Address issues pointed out during review
* [Security] Update Dockerfile for Ruby 2.6.6 (#13393)
* Update .ruby-version (#13395)
* Fix “Show more” not switching to “Show less” on public pages (#13174)
* Fix “Show more” not switching to “Show less” on public pages
Fixes#13169
* Fix initial text of CW button on public pages when CW are unfolded by default
* Add rate limit for reporting (#13390)
* New Crowdin translations (#13317)
* New translations en.yml (Italian)
[ci skip]
* New translations doorkeeper.en.yml (Indonesian)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations devise.en.yml (Ido)
[ci skip]
* New translations doorkeeper.en.yml (Ido)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations activerecord.en.yml (Georgian)
[ci skip]
* New translations doorkeeper.en.yml (Georgian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations simple_form.en.yml (German)
[ci skip]
* New translations doorkeeper.en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations simple_form.en.yml (Greek)
[ci skip]
* New translations doorkeeper.en.yml (Greek)
[ci skip]
* New translations en.yml (Hebrew)
[ci skip]
* New translations simple_form.en.yml (Hebrew)
[ci skip]
* New translations activerecord.en.yml (Hebrew)
[ci skip]
* New translations devise.en.yml (Hebrew)
[ci skip]
* New translations doorkeeper.en.yml (Hebrew)
[ci skip]
* New translations en.yml (Hindi)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations doorkeeper.en.yml (Esperanto)
[ci skip]
* New translations doorkeeper.en.yml (French)
[ci skip]
* New translations devise.en.yml (French)
[ci skip]
* New translations simple_form.en.yml (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations doorkeeper.en.yml (Finnish)
[ci skip]
* New translations simple_form.en.yml (Finnish)
[ci skip]
* New translations en.yml (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations doorkeeper.en.yml (Estonian)
[ci skip]
* New translations simple_form.en.yml (Estonian)
[ci skip]
* New translations en.yml (Estonian)
[ci skip]
* New translations doorkeeper.en.yml (Welsh)
[ci skip]
* New translations activerecord.en.yml (Serbian (Latin))
[ci skip]
* New translations devise.en.yml (Serbian (Latin))
[ci skip]
* New translations devise.en.yml (Urdu (Pakistan))
[ci skip]
* New translations activerecord.en.yml (Vietnamese)
[ci skip]
* New translations devise.en.yml (Vietnamese)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations simple_form.en.yml (Tamil)
[ci skip]
* New translations simple_form.en.yml (Tamil)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Basque)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations simple_form.en.yml (Basque)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations devise.en.yml (German)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Swedish)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.yml (Chinese Traditional)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations simple_form.en.yml (Italian)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Tamil)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations simple_form.en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Indonesian)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations simple_form.en.yml (Slovak)
[ci skip]
* New translations en.yml (Slovak)
[ci skip]
* New translations en.json (Slovak)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Chinese Simplified)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations devise.en.yml (Galician)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.yml (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Catalan)
[ci skip]
* New translations en.yml (Arabic)
[ci skip]
* New translations simple_form.en.yml (Persian)
[ci skip]
* New translations en.yml (Persian)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Korean)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.yml (Hungarian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (French)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (Russian)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (German)
[ci skip]
* New translations en.yml (Greek)
[ci skip]
* New translations en.yml (Italian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Occitan)
[ci skip]
* New translations en.yml (Corsican)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Spanish, Argentina)
[ci skip]
* New translations en.json (Albanian)
[ci skip]
* New translations en.json (Indonesian)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations en.json (Ido)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.json (Kabyle)
[ci skip]
* New translations en.json (Kannada)
[ci skip]
* New translations en.json (Hebrew)
[ci skip]
* New translations en.json (Hindi)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.json (Icelandic)
[ci skip]
* New translations en.json (Greek)
[ci skip]
* New translations en.json (Malayalam)
[ci skip]
* New translations en.json (Marathi)
[ci skip]
* New translations en.json (Norwegian)
[ci skip]
* New translations en.json (Norwegian Nynorsk)
[ci skip]
* New translations en.json (Malay)
[ci skip]
* New translations en.json (Kazakh)
[ci skip]
* New translations en.json (Korean)
[ci skip]
* New translations en.json (Latvian)
[ci skip]
* New translations en.json (Lithuanian)
[ci skip]
* New translations en.json (Macedonian)
[ci skip]
* New translations en.json (Bulgarian)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Chinese Simplified)
[ci skip]
* New translations en.json (Chinese Traditional)
[ci skip]
* New translations en.json (Chinese Traditional, Hong Kong)
[ci skip]
* New translations en.json (Breton)
[ci skip]
* New translations en.json (Asturian)
[ci skip]
* New translations en.json (Armenian)
[ci skip]
* New translations en.json (Basque)
[ci skip]
* New translations en.json (Bengali)
[ci skip]
* New translations en.json (Arabic)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.json (Finnish)
[ci skip]
* New translations en.json (French)
[ci skip]
* New translations en.json (Estonian)
[ci skip]
* New translations en.json (Georgian)
[ci skip]
* New translations en.json (German)
[ci skip]
* New translations en.json (Croatian)
[ci skip]
* New translations en.json (Czech)
[ci skip]
* New translations en.json (Corsican)
[ci skip]
* New translations en.json (Esperanto)
[ci skip]
* New translations en.json (Dutch)
[ci skip]
* New translations en.json (Danish)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations en.json (Telugu)
[ci skip]
* New translations en.json (Turkish)
[ci skip]
* New translations en.json (Tamil)
[ci skip]
* New translations en.json (Swedish)
[ci skip]
* New translations en.json (Spanish, Argentina)
[ci skip]
* New translations en.json (Welsh)
[ci skip]
* New translations en.json (Vietnamese)
[ci skip]
* New translations en.json (Urdu (Pakistan))
[ci skip]
* New translations en.json (Ukrainian)
[ci skip]
* New translations en.json (Serbian (Latin))
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.json (Portuguese)
[ci skip]
* New translations en.json (Polish)
[ci skip]
* New translations en.json (Persian)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Occitan)
[ci skip]
* New translations en.json (Portuguese, Brazilian)
[ci skip]
* New translations en.json (Slovenian)
[ci skip]
* New translations en.json (Slovak)
[ci skip]
* New translations en.json (Romanian)
[ci skip]
* New translations en.json (Serbian (Cyrillic))
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.yml (Portuguese, Brazilian)
[ci skip]
* New translations en.yml (Portuguese)
[ci skip]
* New translations en.json (Russian)
[ci skip]
* New translations en.json (Swedish)
[ci skip]
* New translations en.json (Spanish, Argentina)
[ci skip]
* New translations en.json (Icelandic)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations activerecord.en.yml (Icelandic)
[ci skip]
* New translations en.yml (Icelandic)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (Catalan)
[ci skip]
* New translations en.json (Italian)
[ci skip]
* New translations en.json (German)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.json (Persian)
[ci skip]
* New translations en.json (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations simple_form.en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.json (Japanese)
[ci skip]
* New translations en.yml (Japanese)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.json (Hungarian)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.yml (Polish)
[ci skip]
* New translations en.json (Spanish)
[ci skip]
* New translations en.yml (Spanish)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations simple_form.en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* New translations en.json (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.yml (Galician)
[ci skip]
* New translations en.json (Thai)
[ci skip]
* New translations doorkeeper.en.yml (Thai)
[ci skip]
* New translations en.yml (Thai)
[ci skip]
* i18n-tasks normalize
* yarn manage:translations
* Update CHANGELOG.md (#13397)
Co-authored-by: ThibG <thib@sitedethib.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: koyu <me@koyu.space>
Co-authored-by: Mélanie Chauvel (ariasuni) <perso@hack-libre.org>
Co-authored-by: David Cook <divergentdave@gmail.com>
Co-authored-by: tateisu <tateisu@gmail.com>
Co-authored-by: tateisu <tateisu@juggler.jp>
Co-authored-by: Bèr Kessels <ber@berk.es>
Co-authored-by: guigeekz <pattusg@gmail.com>
Co-authored-by: Shlee <github@shl.ee>
Co-authored-by: mayaeh <mayaeh@marimo-net.org>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Daniel Sockwell <dsockwell@gmail.com>
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
Co-authored-by: Takeshi Umeda <noel.yoshiba@gmail.com>
Co-authored-by: Sasha Sorokin <dafri.nochiterov8@gmail.com>
Co-authored-by: fuyu <54523771+mfmfuyu@users.noreply.github.com>
* Fix “Show more” not switching to “Show less” on public pages
Fixes#13169
* Fix initial text of CW button on public pages when CW are unfolded by default
* Fix PostgreSQL load when linking in announcements
Fixes#13245 by caching status lookups
Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.
Since it's only used by announcements so far, there won't
be much statuses to cache.
* Perform status lookup when saving announcements, not when rendering them
* Change EntityCache#status to fetch URLs instead of looking into the database
* Move announcement link lookup to publishing worker
* Address issues pointed out during review
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.
Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
Also:
- Fix locks not being removed when jobs go to the dead job queue
- Add UI for managing locks to the Sidekiq dashboard
- Remove unused Sidekiq workers
Fix#13349
* Make the area to the left “Show Thread” also expand the toot in Web UI
* Clicking the left part of a conversation with the avatars now opens it in Web UI
* Fix 404 and 410 API errors being silently discarded in WebUI
Fixes#13278
* Return more appropriate error when user replies to a deleted toot
* Please CodeClimate
* Fix 404/410 errors on fetching account timelines & identity proofs
* Refactor error handling
* Move error message string to statuses.errors
Mastodon enforces the “sensitive” flag on media attachments whenever a toot
is posted with a Content Warning. However, it does so *after* potentially
converting the Content Warning to toot text (when there is no toot text),
which leads to inconsistent and surprising behavior for API clients.
This commit fixes this inconsistency.
This two-line change fixes a crash in the front end that occurred
under the following circumstances:
* A server had more than one announcement,
* A user was displaying the announcements, and
* An announcement was deleted (or unpublished, which amounts to
the same thing.)
As might be expected, the bug was caused by attempting to access a
notification using an index value outside the bounds of the existing
announcements. Specifically, in two places. First,
`_markAnnouncementAsRead` attempts to modify announcements based on
the current index. This is what caused the front end crash. Second,
when rendering the `Announcements` component, the code paginates the
announcements and displays the current one. This did not cause a
crash, but caused the front end to confusingly display a blank
announcement (in situations that would have caused a crash) with no
way for the user to navigate back to previous announcements.
This commit fixes both issues by adding a check to ensure that the
code never attempts to access an announcement with an index greater
than or equal to the number of announcements present.
Only look up private toots from database if the request failed because of 401,
403 or 404 errors, as those may indicate a private toot, rather than something
that isn't a toot or cannot be processed.
* Change ActivityPub follower/following collections to not link first page
* Add support for hiding followers and following of remote users
* Switch to using a single `hide_collections` column
* Address code style remarks
* Improve description of privacy levels in compose interface
* Change strings in defaultMessage and source as well as english
Co-authored-by: Thibaut Girka <thib@sitedethib.com>
Fixes#13136
When a user's canonical acct domain is different from its id's domain
(WEB_DOMAIN ≠ LOCAL_DOMAIN), two webfinger queries are required to find the
canonical domain from the URI. However, we skip webfinger queries when
updating only the key of a remote user, which led to the creation of a
duplicate account, using the URI's domain instead of the canonical acct: one.
`request.format` is not a symbol but a `Mime::Type`, so the condition actually
never matched, and a session was created even for those requests, preventing
caching.
If the “Why do you want to join?” textarea is left empty and the entered params
do not validate, the textarea isn't shown again, unlike other fields.
This commit fixes that by populating an empty `UserInviteRequest` when needed.
Instead of returning a signature verification error, pretend there
was no signature (i.e., this does not allow access to resources that
need a valid signature), so public resources can still be fetched
Fix#13011
* Change meaning of /api/v1/announcements/:id/dismiss to mark an announcement as read
* Change how unread announcements are counted in UI
* Add unread marker to announcements and mark announcements as unread as they are displayed
* Fixups
This adds "Show thread" button to the status view which is used in
profiles. The logic to display the button is mimicking logic in
web app available at app/javascript/mastodon/components/status.js#L439.
* The little change in components CSS required to remove enforced
underline for all links on public pages on our button.
This commit attempts to fix most of regressions caused by #12961
pull request which added even spread of space between tabs.
The following fixes were done:
- Don't hide overflow in tabs
As tabs use ::after and ::before pseudo-elements to create arrow on
the bottom of selected tab, "overflow: hidden" will cause this arrow
to look split from the bottom container.
For the future we probably should use slider element instead, which
would align according to currently selected tab, instead of relying
on pseudo-elements. Such method would also allow smooth transitions.
- Disallow wrapping tab text on insufficient space
This would fix some unwanted behavior[1] when on insufficient width,
renderer might attempt wrapping text to not overtake others' space.
[1]: https://mastodon.social/@Gargron/103546083813829165
* Return last_status_at as date, not datetime
* Fix relative timestamp for dates when delay is inferior to 1 day
* Also fix public directory
* Fix error when last_status_at isn't set
Change `all_day` to be a visual client-side cue only
Publish immediately if `scheduled_at` is in the past
Add `published_at` and `updated_at` to announcements JSON
* Move announcements above scroll container; add button to temporarily hide them
* Remove interface for dismissing announcements
* Display number of unread announcements
* Count unread announcements accurately
* Fix size of announcement box not fitting the currently displayed announcement
* Fix announcement box background color to match button color
* Send output on the server-sent events stream immediately so the client sees that it was successfully opened even if it doesn't have any messages.
Fix transparent SSE streaming for the public:local and hashtag:local stream types.
* Tell caches to never store server-sent events.
This commit fixes uneven spread of space between the tabs in profiles
or notifications (filters). The problem was that links and buttons
shown as blocks had their width determined according to the content
inside of them, so if one tab has more text content than another, it
is going to take over others space, which is uneven and results in
incorrectly aligned (?) tabs display.
By specifying the size of 100% for each tab, parent container will be
forced to divide available space by the number of elements and evenly
give each child fixed space, "text-align: center" then doing its best
job to keep tabs text centered in that space. This relatively fixes
the problem, but will introduce another one - when the block has more
content that its width allows to have, in this scenario the text should
be wrapped or will be displayed over the other elements, but I see this
more as translators' problem. Still, for this case "overflow: hidden"
is added and any unfitting text will be cut out.
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.
This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
* Add announcements
Fix#11006
* Add reactions to announcements
* Add admin UI for announcements
* Add unit tests
* Fix issues
- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"
* Fix scheduler unpublishing announcements before they are due
* Fix filter params not being passed to announcements filter
Allow browsing and filtering all relationships instead of just
followers, unify the codebase with the user-facing relationship
manager, add ability to see who the user invited
* Fix unused role routes being generated
* Remove unused JavaScript code
* Refactor filters code to be DRYer
* Fix `.count == 0` comparisons to `.empty?` in views
* Fix filters in views
Also:
- Fix Mastodon logo not showing up in status embeds
- Fix blurhash not being used in status embeds
- Fix blurhash not being used in admin UI
- Fix autoplay param not working correctly on status embeds
- update http gem to avoid errors
- update blurhash gem to avoid shared object loading error
- update goldfinger gem so the http gem could be updated
- update json gem to avoid warnings
* Fix invalid votes from the API being accepted
Fixes#12556
- Ensure `choice` is an integer instead of silently converting to 0
- Ensure `choice` corresponds to an actual choice of the poll
* Please CodeClimate
One user suggested that the loading indicator should not be written
ALL CAPS, at first it was thought this change is very minor, but then
a few other people asked agreed on the same thing - variant without
caps looks better. It may be related that it is harder to read or just
looks too "catchy". Moreover, I asked @rf@mastodonsocial.ru community
what they think of that and 82% of 22 people agreed on this change.
This commit removes all usage of text-transform: uppercase, where the
font size specified, it changes the value by one pixel larger, so we
still keeping the "designed" size of the labels but without using CAPS.
This commit changes margins of the page heading header, actions in
order to fix displaying with low screen size and long enough header.
It is working by giving heading and action buttons margin from top
and then negating it in parent element. Whenever flex item wrap, the
"negated" margin will be applied again, providing us nice space
between header and action buttons.
This commit also adds a margin to header, so it does not clamp with
the heading actions and they wrap a little earlier (15px ahead). As
well as the left margin is not anymore applied to the first action.
* Fix wrong grouping in Twitter valid_url regex
* Add support for xmpp URIs
Fixes#9776
The difficult part is autolinking, because Twitter-text's extractor does
some pretty ad-hoc stuff to find things that “look like” URLs, and XMPP
URIs do not really match the assumptions of that lib, so it doesn't sound
wise to try to shoehorn it into the existing regex.
This is why I used a specific regex (very close, although slightly more
permissive than the RFC), and a specific scan function (a simplified version
of the generalized one from Twitter).
* Remove leading “xmpp:” from auto-linked text
This commit:
- Refactors centered text blocks currently used for placeholders
for empty tables and puts styles for it in separate class -
.centered-text, simply aliasing text-align: center. Which is
furtherly used in this commit.
- Improves applications settings page to use heading actions, moving
"New application" button there, and displaying placeholder "You
have no applications" in place of empty table.
- Improves custom emoji settings page to use heading action
for "Upload" button, making it more easily accessible without
need to scroll through all of the emojis.
- Improves email domain blocks settings page, moving "Add new" to the
heading actions and using placeholder "No e-mail domains currently
blacklisted" instead of showing empty table.
Current name - page_heading_actions is long and hard to remember,
this commit shortens it to just heading_actions, which is way more
easier to remember and write, it's logical too.
Fixes#12795
It was already possible to create domain blocks for TLDs, but those
weren't enforced, nor editable. This commit changes it so that they
are enforced and editable.
When you have many filters, it may be hard for you to reach the button
to create yet another one. This commit moves creation button to the
heading, leaving the page just for the list.
On the other hand, when there are no filters, page looks kind of
strange with the empty table. So text stating obvious fact that user
has no filters was added in this commit too.
Closes#11020Closes#12790
* Revert "persist last-intersected status update and restore when ScrollableList is restored"
This reverts commit 07e26142ef6a8e74bd2ac5e9b461a5a1699bd4c8.
accidentally merged spurious code in https://github.com/tootsuite/mastodon/pull/12661. https://github.com/tootsuite/mastodon/pull/12735 removes the slowdown that this code was trying to solve; and other functionality successfully restores the view state of the list
* Revert "cache currently-viewing status id to avoid calling redux with identical value"
This reverts commit c93df2159fbd3888a5c48d8a8b8ae61dbbc54b89.
accidentally merged spurious code in https://github.com/tootsuite/mastodon/pull/12661. https://github.com/tootsuite/mastodon/pull/12735 removes the slowdown that this code was trying to solve; and other functionality successfully restores the view state of the list
This commit adds promotional notice on appearance settings about
translation project if any other locale than English is used. It
allows users to learn and contribute translations to Mastodon.
Step ahead, in this commit one unusual string is added - link to a
guide. By default it refers to Crowdin project itself, but if any of
Mastodon localization teams established their own guide, they can
refer it. Or, if Crowdin supports localized domain for language, it
can also be put there (e.g. https://fr.crowdin.com/...).
* Hide blocked, muted, and blocked-by users from toot favourite lists
* Hide blocked, muted, and blocked-by users from toot reblog lists
* Hide blocked, muted, and blocked-by users from followers/following (API)
* Fix tests
* Hide blocked, muted, and blocked-by users from followers/following on public pages
This changes the REST API to return unicode domains in the `acct`
attribute instead of punycode, and to render unicode instead of
punycode on public HTML pages as well.
Fix#7812, fix#12246
* Make BackupService resilient to read timeouts
If an attachment read times out, assume that the resources is
inaccessible and continue the backup without it. This fixes#12280.
* Both errors on one line
* Summary: fix slowness due to layout thrashing when reloading a large set of status updates
in order to limit the maximum size of a status in a list view (e.g. the home timeline), so as to avoid having to scroll all the way through an abnormally large status update (see https://github.com/tootsuite/mastodon/pull/8205), the following steps are taken:
•the element containing the status is rendered in the browser
•its height is calculated, to determine if it exceeds the maximum height threshold.
Unfortunately for performance, these steps are carried out in the componentDidMount(/Update) method, which also performs style modifications on the element. The combination of height request and style modification during javascript evaluation in the browser leads to layout-thrashing, where the elements are repeatedly re-laid-out (see https://developers.google.com/web/fundamentals/performance/rendering/avoid-large-complex-layouts-and-layout-thrashing & https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Performance_best_practices_for_Firefox_fe_engineers).
The solution implemented here is to memoize the collapsed state in Redux the first time the status is seen (e.g. when fetched as part of a small batch, to populate the home timeline) , so that on subsequent re-renders, the value can be queried, rather than recalculated. This strategy is derived from https://github.com/tootsuite/mastodon/pull/4439 & https://github.com/tootsuite/mastodon/pull/4909, and should resolve https://github.com/tootsuite/mastodon/issues/12455.
Andrew Lin (https://github.com/onethreeseven) is thanked for his assistance in root cause analysis and solution brainstorming
* remove getSnapshotBeforeUpdate from status
* remove componentWillUnmount from status
* persist last-intersected status update and restore when ScrollableList is restored
e.g. when navigating from home-timeline to a status conversational thread and <Back again
* cache currently-viewing status id to avoid calling redux with identical value
* refactor collapse toggle to pass explicit boolean
Currently the page re-uses strings from other contexts which doesn't fit
very well - strings incorrectly lowercase-d and pluralized, when they
don't need to be, because it's a table.
This commit changes page to re-use accounts.posts_tab_heading for toots,
and admin.accounts for "Following" and "Follows". This all should look
more aesthetically pleasing.
Fixes#12607
`will-change: transform` apparently makes manual scrolling impossible on
Firefox/Windows. While this should probably be considered a Firefox bug,
`will-change: transform` seem like a very aggressive performance hint that
may possibly make the browser consume more resources than needed, especially
in multiple-column mode.
This was originally added to improve scrolling performances on mobile, but
I think this isn't necessary anymore, because of the two following reasons:
- `contain: paint` (which is implied by `contain: strict`, which we apply
whenever the browser supports grids) should have similar effects
- in single-column mode, the scrolling container is the root element, which
I believe is optimized in at least Chromium
Keep in mind that I have not been able to make in-depth benchmarks, and
especially not been able to try on mobile, so performances should probably
be investigated further…
* Remove “protocol” argument and return value, as only ActivityPub is supported
* Remove FetchRemoteAccountService, only use ActivityPub::FetchRemoteAccountService
* Fix tests
* Revert "Fix ignoring whole status because of one invalid hashtag (#11621)"
This reverts commit dff46b260b.
* Fix statuses being rejected because of invalid hashtag names
* Add spec for invalid hashtag names in statuses
* Add test for featured tags controller
This adds support for Event AP type in Mastodon. Events are converted
into toots by taking their title (AS name) and their URL (AP ID). Event
picture is also brought in if available.
Testable by fetching event content from https://test.mobilizon.org
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Move resolved button to the heading
This is one of the commits on improving overall reports page structure.
It changes where resolved button is located, moving it to the heading,
right next to the "Report #n" header, so-called "hot-place" to look at.
To accomplish this we have to declare one more content variable, change
admin dashboard template to respect it and CSS files for minor styling,
so buttons are inlined and centrally aligned according to the heading.
* Move actions buttons below the report table
I believe that actions to react on report should not be located at the
top of the page, instead they should be either after the table or
reporter's comment. This is just a logical sign that you should not
react to the report without reading all the details first.
Pluralize function from Rails framework does not work with other
languages than English, moreover it does not even work properly with
English [1]. Not that the latest applies to this context, it's just
a sign that we best to avoid this function, especially when there are
more reliable ways.
This commit changes how reports pages generated in order to avoid usage
of pluralize function, replacing it with default translation function,
called with given counter. On top of that, we have to make strings
pluralizable, so have to change locale files.
[1]: https://medium.com/@anna7/b3927de2ca8e#6a60
This commit changes how doorkeeper.applications.help.native_redirect_uri
string is being formatted to use <code> tag for native_redirect_uri
placeholder. This makes the URI look more distinguishable.
* Show badge on group actor in WebUI
* Do not notify in case of by following group actor
* If you mention group actor, also mention group actor followers
* Relax characters that can be used in username (same as Application)
* Revert "Relax characters that can be used in username (same as Application)"
This reverts commit 7e10a137b878d0db1b5252c52106faef5e09ca4b.
* Delete display_name method
* Fix poll options not being selectable via keyboard
Fixes#12384
* Improve styling of poll option checkboxes/radio buttons
* Use more appropriate ARIA roles for poll options
* Allow switching between single and multiple choice from keyboard
* Coding style
* Avoid using .bind()
* Add follow_request notification type
The notification type already existed in the backend but was never pushed
to the front-end. This also means translation strings were also available
for the backend, from the notification mailer.
Unlike other notification types, these are off by default, to match what
I remember of Gargron's view on the topic: that follow requests should not
clutter notifications and should instead be reviewed at the user's own
leisure in the dedicated column.
Since follow requests have their own column, I've deemed it unnecessary to
add a specific tab for them in the notification quick filter.
* Show follow request link in single-column if there are pending requests, even if account isn't locked
* Push follow requests from notifications to the follow_requests list
* Offer to accept or reject follow request from the notification
* Redesign follow request notification
Before this patch, if remote poll options have leading or trailing spaces,
the information stored locally won't match them, causing federated voting to
fail.
Before this moment relationships managing page was using strings from
other context - from counters, but in order for translators to be able
to translate it relatively to the page, it must use separate strings.
I've split the strings for "Following" and "Followers" and put them to
"relationships" keyset in localization file. This should solve this
issue.
Fixes#10863
* Fix lost focus after modal closes
Regression caused by the use of the wicg-inert polyfill
* Fix regression introduced by wicg-inert
* Catch errors to please CodeClimate
Counter size is currently set to strict 33.3% width, but with it
counter may break in other languages than English. For example it is
already broken on Gargron's profile on mastodon.social using Russian
locale.
This commit changes "width" to "min-width", so counters still displayed
correctly, but if they need more width to fit text, they are now allowed
to take as many width as they need.
Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.
The arguments were passed to the wrong function… also, there is no
need to have a conditional decrementation: failure to upload means
we marked an upload as pending, in all cases.
If a poll contains empty options (which is apparently possible on Pleroma),
it is created without them. However, the poll update code doesn't filter
empty options, and thus:
1. Clear known votes, as it assumes the set of options has changed
2. Errors out because it tries adding empty options, which fails validation
This commit fixes that by filtering them out the same way they are filtered
out at poll creation time.
When suspending or silencing a domain, one probably wants the silence or
suspend parts to take effect as soon as possible. Deleting media files can
take a while (possibly days), so perform silencing as soon as possible, and
clean up media afterwards.
* add youtube oembed endpoint
* add check for oembed endpoint
* change unless for a more readable if
* clear blank lines
* endpoint via https
* Fix string literal in condition
* use cache for endpoints
* use cache for endpoints
* clean up and adding check
* clean up and remove redundant return
* add html check
* add false to return
* use double quotes
* use double quotes
* Clean up
* make it not return http 400 when passing and empty source argument
* create a spec for the empty source hash bug
* compact checks for nil, empty? parameters
* use nil.blank? instead checking for nil
* Add backend support for bookmarks
Bookmarks behave like favourites, except they aren't shared with other
users and do not have an associated counter.
* Add spec for bookmark endpoints
* Add front-end support for bookmarks
* Introduce OAuth scopes for bookmarks
* Add bookmarks to archive takeout
* Fix migration
* Coding style fixes
* Fix rebase issue
* Update bookmarked_statuses to latest UI changes
* Update bookmark actions to properly reflect status changes in state
* Add bookmarks item to single-column layout
* Make active bookmarks red
* Fix unread toot indicator not honoring onlyMedia in public and community timelines
* Fixup: `unread` already accounts for new content in pending items
* Fix already-known remote private toots not being searchable by URL
Whenever an URL search fails, and an account is provided, try getting a
private status matching that URL from database.
* Fix searching by `id` field instead of `uri`
* Fix being able to follow oneself by moving to an account that was following the old one
* Add specs
* Add spec to catch MoveWorker issue with local followers following both accounts
* Fix move worker breaking when a local account follows both source and target accounts
* Fix migration from remote to local account not sending Undo Follow
* Fix show_reblogs not being preserved for moved account's followers
* Add ability to add oneself to lists
* Change search results to include oneself when searching through followers
* Mark follow relation as optional in ListAccount
* return the new favourites_count
when unfavouriting a status
* Remove trailing whitespace
* revert changes to favourites_controller
* Decrease favourites_count through statuses reducer
* styling fix
* Fix missing trailing comma
On mobile, batch actions are hidden from the settings/admin interface,
but there are several places those actions can only be performed through
batch actions.
This may not look great, but at least it makes the actions available again.
Some ActivityPub servers refuse to embed remote objects into their own
output. This is because they are not the authoritative source for these
objects, and as such embedding them is always a waste of space. The
follow request and follow models contain a URI, so this can be used to
match them.
