mstdn.y-zu.org/mastodon
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,712 Commits 12 Branches 127 Tags 124 MiB
632a567387
Commit Graph

11712 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
4ff04e2343
Bump aws-sdk-s3 from 1.111.3 to 1.112.0 (#17452) 
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.111.3 to 1.112.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-10 15:12:09 +01:00
dependabot[bot]
d53ce60560
Bump bootsnap from 1.10.2 to 1.10.3 (#17466) 
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-10 15:11:41 +01:00
dependabot[bot]
fbe4192c03
Bump ox from 2.14.6 to 2.14.7 (#17453) 
Bumps [ox](https://github.com/ohler55/ox) from 2.14.6 to 2.14.7.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.14.6...v2.14.7)

---
updated-dependencies:
- dependency-name: ox
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-10 15:11:16 +01:00
dependabot[bot]
a50c752726
Bump pg from 1.3.0 to 1.3.1 (#17450) 
Bumps [pg](https://github.com/ged/ruby-pg) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-10 15:10:47 +01:00
dependabot[bot]
2c1e453d0c
Bump puma from 5.5.2 to 5.6.1 (#17411) 
Bumps [puma](https://github.com/puma/puma) from 5.5.2 to 5.6.1.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v5.5.2...v5.6.1)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-10 15:09:06 +01:00
dependabot[bot]
ae59818335
Bump sidekiq from 6.4.0 to 6.4.1 (#17480) 
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.4.0...v6.4.1)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-10 15:07:06 +01:00
Claire
da91b18a8b
Fix NoMethodError in StatusUpdateDistributionWorker (#17499) 
* Add tests

* Fix NoMethodError in StatusUpdateDistributionWorker

* Fix tests
 2022-02-10 14:57:10 +01:00
Claire
63854bee6c
Fix poll votes not being properly reset on poll change (#17498) 
* Fix poll votes not being properly reset on poll change

* Fix and add tests

* Fix poll update handling when the number of options changes
 2022-02-10 14:26:54 +01:00
Eugen Rochko
1bfcb75105
Fix outdated iso-639 reference in update status service (#17496) 2022-02-10 03:09:44 +01:00
Eugen Rochko
63002cde03
Add editing for published statuses (#17320) 
* Add editing for published statuses

* Fix change of multiple-choice boolean in poll not resetting votes

* Remove the ability to update existing media attachments for now
 2022-02-10 00:15:30 +01:00
Eugen Rochko
20a3564ab2
Chore: Update browserslist (#17493) 2022-02-10 00:10:27 +01:00
Eugen Rochko
2f8159baad
Add category and rule_ids params to POST /api/v1/reports (#17492) 2022-02-10 00:10:16 +01:00
Takuya Yoshida
5533fa28b6
Add support >= 1.22 (#17490) 2022-02-09 12:30:00 +01:00
Eugen Rochko
3aebe711fd
Change languages to be listed under standard instead of native name in admin UI (#17485) 2022-02-09 04:15:38 +01:00
Eugen Rochko
fd3a45e348
Add edit history to web UI (#17390) 
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
 2022-02-09 01:17:07 +01:00
Eugen Rochko
2adcad04ff
Fix error in suggestions API due to typo (#17486) 
Regression from #17479
 2022-02-08 22:23:04 +01:00
Eugen Rochko
b6d7726ecb
Remove language detection through cld3 (#17478) 
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
 2022-02-08 02:41:17 +01:00
Eugen Rochko
85b86fe28c
Add global locale param (#17464) 
- Remove the session-based locale stickyness
 2022-02-08 02:34:56 +01:00
Eugen Rochko
35850f8195
Fix localization of cold-start follow recommendations (#17479) 2022-02-08 01:53:49 +01:00
Claire
52c1b86964
Fix Ruby 2.5 incompatibility (#17465) 2022-02-07 19:57:06 +01:00
Eugen Rochko
f1f6ddd536
Fix structured data parsing from links choking on bad data (#17403) 
* Fix structured data parsing from links choking on bad data

- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag

* Remove unnecessary slash escapes from CDATA regex pattern
 2022-02-07 18:16:31 +01:00
Claire
73a782391c
Fix replies collection incorrectly looping (#17462) 
* Refactor tests

* Add tests

* Fix replies collection incorrectly looping
 2022-02-07 17:06:43 +01:00
Claire
0d2cf3cd4a
Fix errors when multiple Delete are received for a given actor (#17460) 2022-02-07 13:14:48 +01:00
Claire
92658f0fb0
Fix instance actor not being dereferenceable (#17457) 
* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
 2022-02-06 15:31:03 +01:00
potpro
097c4903f1
Update build-image.yml (#17454) 2022-02-05 17:29:54 +01:00
Eugen Rochko
e03e7ac290
Fix error on account relationships page in admin UI (#17444) 2022-02-05 05:06:34 +01:00
dependabot[bot]
6a649e9131
Bump brakeman from 5.2.0 to 5.2.1 (#17410) 
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:03:12 +09:00
dependabot[bot]
bfe5ad5fee
Bump redis from 4.0.2 to 4.0.3 (#17412) 
Bumps [redis](https://github.com/redis/node-redis) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:03:06 +09:00
dependabot[bot]
e001e116da
Bump sidekiq-scheduler from 3.1.0 to 3.1.1 (#17407) 
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: sidekiq-scheduler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:02:57 +09:00
dependabot[bot]
e0263c7369
Bump http-link-header from 1.0.3 to 1.0.4 (#17414) 
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases)
- [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: http-link-header
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:02:42 +09:00
Alexandra Catalina
50ab3f3dcb
Update tootsuite/mastodon Docker tag to v3.4.6 (#17436) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-02-03 21:29:20 +01:00
Eugen Rochko
3413f1c44b
Forward-port version bump to 3.4.6 (#17434) 2022-02-03 14:21:38 +01:00
YorimiMochida
fbea796138
Merge pull request #465 from YoheiZuho/3.4.6 
3.4.6
 2022-02-03 22:21:06 +09:00
YorimiMochida
f93789c578
add quote 2022-02-03 22:20:43 +09:00
YorimiMochida
6412d8be75
Merge branch 'features/3.4.3' into 3.4.6 2022-02-03 22:19:32 +09:00
Claire
c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428) 2022-02-03 14:09:04 +01:00
Claire
93a6c143af
Fix insufficient sanitization of report comments (#17430) 2022-02-03 14:08:24 +01:00
Claire
948235592a
Fix response_to_recipient? CTE (#17427) 2022-02-03 14:07:43 +01:00
Claire
d1ecc323e7
Compact JSON-LD signed incoming activities (#17426) 
Co-authored-by: Puck Meerburg <puck@puck.moe>
 2022-02-03 14:07:29 +01:00
Claire
bb7b2868a0 Bump version to 3.4.6 2022-02-02 23:48:38 +01:00
Wonderfall
a06dda41d0 disable legacy XSS filtering (#17289) 
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
 2022-02-02 23:30:15 +01:00
Claire
bf005edd30 Change mastodon:webpush:generate_vapid_key task to not require functional env (#17338) 
Fixes #17297
 2022-02-02 23:30:15 +01:00
Claire
df68d2eab8 Fix response_to_recipient? CTE 2022-02-02 23:30:15 +01:00
Claire
b27f50da5a Fix insufficient sanitization of report comments 2022-02-02 23:30:15 +01:00
Claire
e2009ced3a Fix compacted JSON-LD possibly causing compatibility issues on forwarding 2022-02-02 23:30:15 +01:00
Puck Meerburg
fe0210074f Compact JSON-LD signed incoming activities 2022-02-02 23:30:15 +01:00
Claire
c8dbbd60eb Fix error-prone SQL queries (#15828) 
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
 2022-02-02 23:30:15 +01:00
Claire
6d831fe274
Fix spurious errors when receiving an Add activity for a private post (#17425) 2022-02-02 22:59:34 +01:00
YorimiMochida
102d7fb07d
Merge pull request #464 from YoheiZuho/v3.4.5 
V3.4.5
 2022-02-02 18:29:53 +09:00
Alexandra Catalina
d0d15bf49c
Update tootsuite/mastodon Docker tag to v3.4.5 (#17417) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-02-01 20:57:50 +01:00