Bump version to 3.4.4

Fix "bundle exec rails mastodon:setup" crashing in some circumstances (#16976 )
Fix regression from #16896
2021-11-26 01:32:31 +01:00 · 2021-11-26 01:31:28 +01:00 · 2021-11-26 01:22:33 +01:00 · 2021-11-26 01:22:27 +01:00 · 2021-11-26 01:22:10 +01:00 · 2021-11-26 01:21:57 +01:00
2709 changed files with 72152 additions and 177417 deletions
--- a/.browserslistrc
+++ b/.browserslistrc
@ -1,7 +0,0 @@
 [production]
 defaults
 not IE 11
 not dead
 [development]
 supports es6-module
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -0,0 +1,255 @@
 version: 2
 aliases:
  - &defaults
    docker:
      - image: circleci/ruby:2.7-buster-node
        environment: &ruby_environment
          BUNDLE_JOBS: 3
          BUNDLE_RETRY: 3
          BUNDLE_APP_CONFIG: ./.bundle/
          BUNDLE_PATH: ./vendor/bundle/
          DB_HOST: localhost
          DB_USER: root
          RAILS_ENV: test
          ALLOW_NOPAM: true
          CONTINUOUS_INTEGRATION: true
          DISABLE_SIMPLECOV: true
          PAM_ENABLED: true
          PAM_DEFAULT_SERVICE: pam_test
          PAM_CONTROLLED_SERVICE: pam_test_controlled
    working_directory: ~/projects/mastodon/
  - &attach_workspace
    attach_workspace:
      at: ~/projects/
  - &persist_to_workspace
    persist_to_workspace:
      root: ~/projects/
      paths:
        - ./mastodon/
  - &restore_ruby_dependencies
    restore_cache:
      keys:
        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
        - v3-ruby-dependencies-
  - &install_steps
    steps:
      - checkout
      - *attach_workspace
      - restore_cache:
          keys:
            - v2-node-dependencies-{{ checksum "yarn.lock" }}
            - v2-node-dependencies-
      - run:
          name: Install yarn dependencies
          command: yarn install --frozen-lockfile
      - save_cache:
          key: v2-node-dependencies-{{ checksum "yarn.lock" }}
          paths:
            - ./node_modules/
      - *persist_to_workspace
  - &install_system_dependencies
      run:
        name: Install system dependencies
        command: |
          sudo apt-get update
          sudo apt-get install -y libicu-dev libidn11-dev libprotobuf-dev protobuf-compiler
  - &install_ruby_dependencies
      steps:
        - *attach_workspace
        - *install_system_dependencies
        - run:
            name: Set Ruby version
            command: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
        - *restore_ruby_dependencies
        - run:
            name: Set bundler settings
            command: |
              bundle config --local clean 'true'
              bundle config --local deployment 'true'
              bundle config --local with 'pam_authentication'
              bundle config --local without 'development production'
              bundle config --local frozen 'true'
              bundle config --local path $BUNDLE_PATH
        - run:
            name: Install bundler dependencies
            command: bundle check || (bundle install && bundle clean)
        - save_cache:
            key: v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
            paths:
              - ./.bundle/
              - ./vendor/bundle/
        - persist_to_workspace:
            root: ~/projects/
            paths:
                - ./mastodon/.bundle/
                - ./mastodon/vendor/bundle/
  - &test_steps
      parallelism: 4
      steps:
        - *attach_workspace
        - *install_system_dependencies
        - run:
            name: Install FFMPEG
            command: sudo apt-get install -y ffmpeg
        - run:
            name: Load database schema
            command: ./bin/rails db:create db:schema:load db:seed
        - run:
            name: Run rspec in parallel
            command: |
              bundle exec rspec --profile 10 \
                                --format RspecJunitFormatter \
                                --out test_results/rspec.xml \
                                --format progress \
                                $(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
        - store_test_results:
            path: test_results
 jobs:
  install:
    <<: *defaults
    <<: *install_steps
  install-ruby2.7:
    <<: *defaults
    <<: *install_ruby_dependencies
  install-ruby2.6:
    <<: *defaults
    docker:
      - image: circleci/ruby:2.6-buster-node
        environment: *ruby_environment
    <<: *install_ruby_dependencies
  install-ruby3.0:
    <<: *defaults
    docker:
      - image: circleci/ruby:3.0-buster-node
        environment: *ruby_environment
    <<: *install_ruby_dependencies
  build:
    <<: *defaults
    steps:
      - *attach_workspace
      - *install_system_dependencies
      - run:
          name: Precompile assets
          command: ./bin/rails assets:precompile
      - persist_to_workspace:
          root: ~/projects/
          paths:
              - ./mastodon/public/assets
              - ./mastodon/public/packs-test/
  test-migrations:
    <<: *defaults
    docker:
      - image: circleci/ruby:2.7-buster-node
        environment: *ruby_environment
      - image: circleci/postgres:12.2
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
      - image: circleci/redis:5-alpine
    steps:
      - *attach_workspace
      - *install_system_dependencies
      - run:
          name: Create database
          command: ./bin/rails db:create
      - run:
          name: Run migrations
          command: ./bin/rails db:migrate
  test-ruby2.7:
    <<: *defaults
    docker:
      - image: circleci/ruby:2.7-buster-node
        environment: *ruby_environment
      - image: circleci/postgres:12.2
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
      - image: circleci/redis:5-alpine
    <<: *test_steps
  test-ruby2.6:
    <<: *defaults
    docker:
      - image: circleci/ruby:2.6-buster-node
        environment: *ruby_environment
      - image: circleci/postgres:12.2
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
      - image: circleci/redis:5-alpine
    <<: *test_steps
  test-ruby3.0:
    <<: *defaults
    docker:
      - image: circleci/ruby:3.0-buster-node
        environment: *ruby_environment
      - image: circleci/postgres:12.2
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
      - image: circleci/redis:5-alpine
    <<: *test_steps
  test-webui:
    <<: *defaults
    docker:
      - image: circleci/node:12-buster
    steps:
      - *attach_workspace
      - run:
          name: Run jest
          command: yarn test:jest
 workflows:
  version: 2
  build-and-test:
    jobs:
      - install
      - install-ruby2.7:
          requires:
            - install
      - install-ruby2.6:
          requires:
            - install
            - install-ruby2.7
      - install-ruby3.0:
          requires:
            - install
            - install-ruby2.7
      - build:
          requires:
            - install-ruby2.7
      - test-migrations:
          requires:
            - install-ruby2.7
      - test-ruby2.7:
          requires:
            - install-ruby2.7
            - build
      - test-ruby2.6:
          requires:
            - install-ruby2.6
            - build
      - test-ruby3.0:
          requires:
            - install-ruby3.0
            - build
      - test-webui:
          requires:
            - install
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@ -1,4 +1,4 @@
-version: '2'
+version: "2"
 checks:
  argument-count:
    enabled: false
@ -26,14 +26,13 @@ plugins:
  bundler-audit:
    enabled: true
  eslint:
-    enabled: false
+    enabled: true
    channel: eslint-7
  rubocop:
-    enabled: false
+    enabled: true
    channel: rubocop-1-9-1
  sass-lint:
-    enabled: false
+    enabled: true
 exclude_patterns:
-  - spec/
+- spec/
-  - vendor/asset/
+- vendor/asset
  - app/javascript/mastodon/locales/**/*.json
  - config/locales/**/*.yml
--- a/.deepsource.toml
+++ b/.deepsource.toml
@ -0,0 +1,23 @@
 version = 1
 test_patterns = ["app/javascript/mastodon/**/__tests__/**"]
 exclude_patterns = [
    "db/migrate/**",
    "db/post_migrate/**"
 ]
 [[analyzers]]
 name = "ruby"
 enabled = true
 [[analyzers]]
 name = "javascript"
 enabled = true
  [analyzers.meta]
  environment = [
    "browser",
    "jest",
    "nodejs"
  ]
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -1,24 +0,0 @@
 # [Choice] Ruby version (use -bullseye variants on local arm64/Apple Silicon): 3, 3.1, 3.0, 2, 2.7, 2.6, 3-bullseye, 3.1-bullseye, 3.0-bullseye, 2-bullseye, 2.7-bullseye, 2.6-bullseye, 3-buster, 3.1-buster, 3.0-buster, 2-buster, 2.7-buster, 2.6-buster
 ARG VARIANT=3.1-bullseye
 FROM mcr.microsoft.com/vscode/devcontainers/ruby:${VARIANT}
 # Install Rails
 # RUN gem install rails webdrivers
 # Default value to allow debug server to serve content over GitHub Codespace's port forwarding service
 # The value is a comma-separated list of allowed domains
 ENV RAILS_DEVELOPMENT_HOSTS=".githubpreview.dev"
 # [Choice] Node.js version: lts/*, 18, 16, 14
 ARG NODE_VERSION="lts/*"
 RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
 # [Optional] Uncomment this section to install additional OS packages.
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libpam-dev
 # [Optional] Uncomment this line to install additional gems.
 RUN gem install foreman
 # [Optional] Uncomment this line to install global node packages.
 RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,33 +0,0 @@
 {
  "name": "Mastodon",
  "dockerComposeFile": "docker-compose.yml",
  "service": "app",
  "workspaceFolder": "/mastodon",
  // Set *default* container specific settings.json values on container create.
  "settings": {},
  // Add the IDs of extensions you want installed when the container is created.
  "extensions": [
    "EditorConfig.EditorConfig",
    "dbaeumer.vscode-eslint",
    "rebornix.Ruby",
    "webben.browserslist"
  ],
  "features": {
    "ghcr.io/devcontainers/features/sshd:1": {
      "version": "latest"
    }
  },
  // Use 'forwardPorts' to make a list of ports inside the container available locally.
  // This can be used to network with other containers or the host.
  "forwardPorts": [3000, 4000],
  // Use 'postCreateCommand' to run commands after the container is created.
  "postCreateCommand": ".devcontainer/post-create.sh",
  // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
  "remoteUser": "vscode"
 }
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@ -1,90 +0,0 @@
 version: '3'
 services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        # Update 'VARIANT' to pick a version of Ruby: 3, 3.1, 3.0, 2, 2.7, 2.6
        # Append -bullseye or -buster to pin to an OS version.
        # Use -bullseye variants on local arm64/Apple Silicon.
        VARIANT: '3.0-bullseye'
        # Optional Node.js version to install
        NODE_VERSION: '16'
    volumes:
      - ..:/mastodon:cached
    environment:
      RAILS_ENV: development
      NODE_ENV: development
      REDIS_HOST: redis
      REDIS_PORT: '6379'
      DB_HOST: db
      DB_USER: postgres
      DB_PASS: postgres
      DB_PORT: '5432'
      ES_ENABLED: 'true'
      ES_HOST: es
      ES_PORT: '9200'
      LIBRE_TRANSLATE_ENDPOINT: http://libretranslate:5000
    # Overrides default command so things don't shut down after the process ends.
    command: sleep infinity
    networks:
      - external_network
      - internal_network
    user: vscode
  db:
    image: postgres:14-alpine
    restart: unless-stopped
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: postgres
      POSTGRES_DB: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_HOST_AUTH_METHOD: trust
    networks:
      - internal_network
  redis:
    image: redis:6-alpine
    restart: unless-stopped
    volumes:
      - redis-data:/data
    networks:
      - internal_network
  es:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    restart: unless-stopped
    environment:
      ES_JAVA_OPTS: -Xms512m -Xmx512m
      cluster.name: es-mastodon
      discovery.type: single-node
      bootstrap.memory_lock: 'true'
    volumes:
      - es-data:/usr/share/elasticsearch/data
    networks:
      - internal_network
    ulimits:
      memlock:
        soft: -1
        hard: -1
  libretranslate:
    image: libretranslate/libretranslate:v1.2.9
    restart: unless-stopped
    networks:
      - internal_network
 volumes:
  postgres-data:
  redis-data:
  es-data:
 networks:
  external_network:
  internal_network:
    internal: true
--- a/.devcontainer/post-create.sh
+++ b/.devcontainer/post-create.sh
@ -1,21 +0,0 @@
 #!/bin/bash
 set -e # Fail the whole script on first error
 # Fetch Ruby gem dependencies
 bundle install --path vendor/bundle --with='development test'
 # Fetch Javascript dependencies
 yarn install
 # Make Gemfile.lock pristine again
 git checkout -- Gemfile.lock
 # [re]create, migrate, and seed the test database
 RAILS_ENV=test ./bin/rails db:setup
 # Precompile assets for development
 RAILS_ENV=development ./bin/rails assets:precompile
 # Precompile assets for test
 RAILS_ENV=test NODE_ENV=tests ./bin/rails assets:precompile
--- a/.dockerignore
+++ b/.dockerignore
@ -15,7 +15,6 @@ vendor/bundle
 *.swp
 *~
 postgres
 postgres14
 redis
 elasticsearch
 chart
--- a/.env.nanobox
+++ b/.env.nanobox
@ -0,0 +1,257 @@
 # Service dependencies
 # You may set REDIS_URL instead for more advanced options
 REDIS_HOST=$DATA_REDIS_HOST
 REDIS_PORT=6379
 # REDIS_DB=0
 # You may set DATABASE_URL instead for more advanced options
 DB_HOST=$DATA_DB_HOST
 DB_USER=$DATA_DB_USER
 DB_NAME=gonano
 DB_PASS=$DATA_DB_PASS
 DB_PORT=5432
 # DATABASE_URL=postgresql://$DATA_DB_USER:$DATA_DB_PASS@$DATA_DB_HOST/gonano
 # Optional ElasticSearch configuration
 ES_ENABLED=true
 ES_HOST=$DATA_ELASTIC_HOST
 ES_PORT=9200
 BIND=0.0.0.0
 # Federation
 # Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
 # LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
 LOCAL_DOMAIN=${APP_NAME}.nanoapp.io
 # Changing LOCAL_HTTPS in production is no longer supported. (Mastodon will always serve https:// links)
 # Use this only if you need to run mastodon on a different domain than the one used for federation.
 # You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md
 # DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
 # WEB_DOMAIN=mastodon.example.com
 # Use this if you want to have several aliases handler@example1.com
 # handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
 # be added. Comma separated values
 # ALTERNATE_DOMAINS=example1.com,example2.com
 # Application secrets
 # Generate each with the `rake secret` task (`nanobox run bundle exec rake secret`)
 SECRET_KEY_BASE=$SECRET_KEY_BASE
 OTP_SECRET=$OTP_SECRET
 # VAPID keys (used for push notifications)
 # You can generate the keys using the following command (first is the private key, second is the public one)
 # You should only generate this once per instance. If you later decide to change it, all push subscription will
 # be invalidated, requiring the users to access the website again to resubscribe.
 #
 # Generate with `rake mastodon:webpush:generate_vapid_key` task (`nanobox run bundle exec rake mastodon:webpush:generate_vapid_key`)
 #
 # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
 VAPID_PRIVATE_KEY=$VAPID_PRIVATE_KEY
 VAPID_PUBLIC_KEY=$VAPID_PUBLIC_KEY
 # Registrations
 # Single user mode will disable registrations and redirect frontpage to the first profile
 # SINGLE_USER_MODE=true
 # Prevent registrations with following e-mail domains
 # EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
 # Only allow registrations with the following e-mail domains
 # EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc
 # Optionally change default language
 # DEFAULT_LOCALE=de
 # E-mail configuration
 # Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
 # If you want to use an SMTP server without authentication (e.g local Postfix relay)
 # then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
 # *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
 SMTP_SERVER=$SMTP_SERVER
 SMTP_PORT=587
 SMTP_LOGIN=$SMTP_LOGIN
 SMTP_PASSWORD=$SMTP_PASSWORD
 SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 #SMTP_REPLY_TO=
 #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
 #SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
 #SMTP_AUTH_METHOD=plain
 #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
 #SMTP_OPENSSL_VERIFY_MODE=peer
 #SMTP_ENABLE_STARTTLS_AUTO=true
 #SMTP_TLS=true
 # Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
 # PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
 # PAPERCLIP_ROOT_URL=/system
 # Optional asset host for multi-server setups
 # The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
 # if WEB_DOMAIN is not set. For example, the server may have the
 # following header field:
 # Access-Control-Allow-Origin: https://example.com/
 # CDN_HOST=https://assets.example.com
 # S3 (optional)
 # The attachment host must allow cross origin request from WEB_DOMAIN or
 # LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
 # following header field:
 # Access-Control-Allow-Origin: https://192.168.1.123:9000/
 # S3_ENABLED=true
 # S3_BUCKET=
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
 # S3_REGION=
 # S3_PROTOCOL=http
 # S3_HOSTNAME=192.168.1.123:9000
 # S3 (Minio Config (optional) Please check Minio instance for details)
 # The attachment host must allow cross origin request - see the description
 # above.
 # S3_ENABLED=true
 # S3_BUCKET=
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
 # S3_REGION=
 # S3_PROTOCOL=https
 # S3_HOSTNAME=
 # S3_ENDPOINT=
 # S3_SIGNATURE_VERSION=
 # Google Cloud Storage (optional)
 # Use S3 compatible API. Since GCS does not support Multipart Upload,
 # increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
 # The attachment host must allow cross origin request - see the description
 # above.
 # S3_ENABLED=true
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
 # S3_REGION=
 # S3_PROTOCOL=https
 # S3_HOSTNAME=storage.googleapis.com
 # S3_ENDPOINT=https://storage.googleapis.com
 # S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes
 # Swift (optional)
 # The attachment host must allow cross origin request - see the description
 # above.
 # SWIFT_ENABLED=true
 # SWIFT_USERNAME=
 # For Keystone V3, the value for SWIFT_TENANT should be the project name
 # SWIFT_TENANT=
 # SWIFT_PASSWORD=
 # Some OpenStack V3 providers require PROJECT_ID (optional)
 # SWIFT_PROJECT_ID=
 # Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
 # issues with token rate-limiting during high load.
 # SWIFT_AUTH_URL=
 # SWIFT_CONTAINER=
 # SWIFT_OBJECT_URL=
 # SWIFT_REGION=
 # Defaults to 'default'
 # SWIFT_DOMAIN_NAME=
 # Defaults to 60 seconds. Set to 0 to disable
 # SWIFT_CACHE_TTL=
 # Optional alias for S3 (e.g. to serve files on a custom domain, possibly using Cloudfront or Cloudflare)
 # S3_ALIAS_HOST=
 # Streaming API integration
 # STREAMING_API_BASE_URL=
 # Advanced settings
 # If you need to use pgBouncer, you need to disable prepared statements:
 # PREPARED_STATEMENTS=false
 # Cluster number setting for streaming API server.
 # If you comment out following line, cluster number will be `numOfCpuCores - 1`.
 # STREAMING_CLUSTER_NUM=1
 # Docker mastodon user
 # If you use Docker, you may want to assign UID/GID manually.
 # UID=1000
 # GID=1000
 # LDAP authentication (optional)
 # LDAP_ENABLED=true
 # LDAP_HOST=localhost
 # LDAP_PORT=389
 # LDAP_METHOD=simple_tls
 # LDAP_BASE=
 # LDAP_BIND_DN=
 # LDAP_PASSWORD=
 # LDAP_UID=cn
 # LDAP_MAIL=mail
 # LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
 # LDAP_UID_CONVERSION_ENABLED=true
 # LDAP_UID_CONVERSION_SEARCH=., -
 # LDAP_UID_CONVERSION_REPLACE=_
 # PAM authentication (optional)
 # PAM authentication uses for the email generation the "email" pam variable
 # and optional as fallback PAM_DEFAULT_SUFFIX
 # The pam environment variable "email" is provided by:
 # https://github.com/devkral/pam_email_extractor
 # PAM_ENABLED=true
 # Fallback email domain for email address generation (LOCAL_DOMAIN by default)
 # PAM_EMAIL_DOMAIN=example.com
 # Name of the pam service (pam "auth" section is evaluated)
 # PAM_DEFAULT_SERVICE=rpam
 # Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
 # PAM_CONTROLLED_SERVICE=rpam
 # Global OAuth settings (optional) :
 # If you have only one strategy, you may want to enable this
 # OAUTH_REDIRECT_AT_SIGN_IN=true
 # Optional CAS authentication (cf. omniauth-cas) :
 # CAS_ENABLED=true
 # CAS_URL=https://sso.myserver.com/
 # CAS_HOST=sso.myserver.com/
 # CAS_PORT=443
 # CAS_SSL=true
 # CAS_VALIDATE_URL=
 # CAS_CALLBACK_URL=
 # CAS_LOGOUT_URL=
 # CAS_LOGIN_URL=
 # CAS_UID_FIELD='user'
 # CAS_CA_PATH=
 # CAS_DISABLE_SSL_VERIFICATION=false
 # CAS_UID_KEY='user'
 # CAS_NAME_KEY='name'
 # CAS_EMAIL_KEY='email'
 # CAS_NICKNAME_KEY='nickname'
 # CAS_FIRST_NAME_KEY='firstname'
 # CAS_LAST_NAME_KEY='lastname'
 # CAS_LOCATION_KEY='location'
 # CAS_IMAGE_KEY='image'
 # CAS_PHONE_KEY='phone'
 # Optional SAML authentication (cf. omniauth-saml)
 # SAML_ENABLED=true
 # SAML_ACS_URL=http://localhost:3000/auth/auth/saml/callback
 # SAML_ISSUER=https://example.com
 # SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
 # SAML_IDP_CERT=
 # SAML_IDP_CERT_FINGERPRINT=
 # SAML_NAME_IDENTIFIER_FORMAT=
 # SAML_CERT=
 # SAML_PRIVATE_KEY=
 # SAML_SECURITY_WANT_ASSERTION_SIGNED=true
 # SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
 # SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
 # SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
 # SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
 # SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
 # SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
 # SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
 # SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
 # Use HTTP proxy for outgoing request (optional)
 # http_proxy=http://gateway.local:8118
 # Access control for hidden service.
 # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
--- a/.env.production.sample
+++ b/.env.production.sample
@ -29,14 +29,11 @@ DB_NAME=mastodon_production
 DB_PASS=
 DB_PORT=5432
-# Elasticsearch (optional)
+# ElasticSearch (optional)
 # ------------------------
 ES_ENABLED=true
 ES_HOST=localhost
 ES_PORT=9200
 # Authentication for ES (optional)
 ES_USER=elastic
 ES_PASS=password
 # Secrets
 # -------
@ -54,11 +51,11 @@ VAPID_PUBLIC_KEY=
 # Sending mail
 # ------------
-SMTP_SERVER=
+SMTP_SERVER=smtp.mailgun.org
 SMTP_PORT=587
 SMTP_LOGIN=
 SMTP_PASSWORD=
-SMTP_FROM_ADDRESS=notifications@example.com
+SMTP_FROM_ADDRESS=notificatons@example.com
 # File storage (optional)
 # -----------------------
@ -67,11 +64,3 @@ S3_BUCKET=files.example.com
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 S3_ALIAS_HOST=files.example.com
 # IP and session retention
 # -----------------------
 # Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
 # to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
 # -----------------------
 IP_RETENTION_PERIOD=31556952
 SESSION_RETENTION_PERIOD=31556952
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -1,12 +1,6 @@
 module.exports = {
  root: true,
  extends: [
    'eslint:recommended',
    'plugin:react/recommended',
    'plugin:jsx-a11y/recommended',
  ],
  env: {
    browser: true,
    node: true,
@ -18,7 +12,7 @@ module.exports = {
    ATTACHMENT_HOST: false,
  },
-  parser: '@babel/eslint-parser',
+  parser: 'babel-eslint',
  plugins: [
    'react',
@ -33,7 +27,7 @@ module.exports = {
      experimentalObjectRestSpread: true,
      jsx: true,
    },
-    ecmaVersion: 2021,
+    ecmaVersion: 2018,
  },
  settings: {
@ -70,8 +64,8 @@ module.exports = {
    eqeqeq: 'error',
    indent: ['warn', 2],
    'jsx-quotes': ['error', 'prefer-single'],
    'no-case-declarations': 'off',
    'no-catch-shadow': 'error',
    'no-cond-assign': 'error',
    'no-console': [
      'warn',
      {
@ -81,14 +75,13 @@ module.exports = {
        ],
      },
    ],
-    'no-empty': 'off',
+    'no-fallthrough': 'error',
-    'no-restricted-properties': [
+    'no-irregular-whitespace': 'error',
-      'error',
+    'no-mixed-spaces-and-tabs': 'warn',
-      { property: 'substring', message: 'Use .slice instead of .substring.' },
+    'no-nested-ternary': 'warn',
      { property: 'substr', message: 'Use .slice instead of .substr.' },
    ],
    'no-self-assign': 'off',
    'no-trailing-spaces': 'warn',
    'no-undef': 'error',
    'no-unreachable': 'error',
    'no-unused-expressions': 'error',
    'no-unused-vars': [
      'error',
@ -98,7 +91,6 @@ module.exports = {
        ignoreRestSiblings: true,
      },
    ],
    'no-useless-escape': 'off',
    'object-curly-spacing': ['error', 'always'],
    'padded-blocks': [
      'error',
@ -108,47 +100,61 @@ module.exports = {
    ],
    quotes: ['error', 'single'],
    semi: 'error',
    strict: 'off',
    'valid-typeof': 'error',
    'react/jsx-boolean-value': 'error',
    'react/jsx-closing-bracket-location': ['error', 'line-aligned'],
    'react/jsx-curly-spacing': 'error',
    'react/display-name': 'off',
    'react/jsx-equals-spacing': 'error',
    'react/jsx-first-prop-new-line': ['error', 'multiline-multiprop'],
    'react/jsx-indent': ['error', 2],
    'react/jsx-no-bind': 'error',
-    'react/jsx-no-target-blank': 'off',
+    'react/jsx-no-duplicate-props': 'error',
    'react/jsx-no-undef': 'error',
    'react/jsx-tag-spacing': 'error',
    'react/jsx-uses-react': 'error',
    'react/jsx-uses-vars': 'error',
    'react/jsx-wrap-multilines': 'error',
-    'react/no-deprecated': 'off',
+    'react/no-multi-comp': 'off',
-    'react/no-unknown-property': 'off',
+    'react/no-string-refs': 'error',
    'react/prop-types': 'error',
    'react/self-closing-comp': 'error',
    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/src/index.js
    'jsx-a11y/accessible-emoji': 'warn',
-    'jsx-a11y/click-events-have-key-events': 'off',
+    'jsx-a11y/alt-text': 'warn',
-    'jsx-a11y/label-has-associated-control': 'off',
+    'jsx-a11y/anchor-has-content': 'warn',
-    'jsx-a11y/media-has-caption': 'off',
+    'jsx-a11y/anchor-is-valid': [
-    'jsx-a11y/no-autofocus': 'off',
+      'warn',
-    // recommended rule is:
+      {
-    // 'jsx-a11y/no-interactive-element-to-noninteractive-role': [
+        components: [
-    //   'error',
+          'Link',
-    //   {
+          'NavLink',
-    //     tr: ['none', 'presentation'],
+        ],
-    //     canvas: ['img'],
+        specialLink: [
-    //   },
+          'to',
-    // ],
+        ],
-    'jsx-a11y/no-interactive-element-to-noninteractive-role': 'off',
+        aspect: [
-    // recommended rule is:
+          'noHref',
-    // 'jsx-a11y/no-noninteractive-element-interactions': [
+          'invalidHref',
-    //   'error',
+          'preferButton',
-    //   {
+        ],
-    //     body: ['onError', 'onLoad'],
+      },
-    //     iframe: ['onError', 'onLoad'],
+    ],
-    //     img: ['onError', 'onLoad'],
+    'jsx-a11y/aria-activedescendant-has-tabindex': 'warn',
-    //   },
+    'jsx-a11y/aria-props': 'warn',
-    // ],
+    'jsx-a11y/aria-proptypes': 'warn',
    'jsx-a11y/aria-role': 'warn',
    'jsx-a11y/aria-unsupported-elements': 'warn',
    'jsx-a11y/heading-has-content': 'warn',
    'jsx-a11y/html-has-lang': 'warn',
    'jsx-a11y/iframe-has-title': 'warn',
    'jsx-a11y/img-redundant-alt': 'warn',
    'jsx-a11y/interactive-supports-focus': 'warn',
    'jsx-a11y/label-has-for': 'off',
    'jsx-a11y/mouse-events-have-key-events': 'warn',
    'jsx-a11y/no-access-key': 'warn',
    'jsx-a11y/no-distracting-elements': 'warn',
    'jsx-a11y/no-noninteractive-element-interactions': [
      'warn',
      {
@ -157,18 +163,8 @@ module.exports = {
        ],
      },
    ],
    // recommended rule is:
    // 'jsx-a11y/no-noninteractive-tabindex': [
    //   'error',
    //   {
    //     tags: [],
    //     roles: ['tabpanel'],
    //     allowExpressionValues: true,
    //   },
    // ],
    'jsx-a11y/no-noninteractive-tabindex': 'off',
    'jsx-a11y/no-onchange': 'warn',
-    // recommended is full 'error'
+    'jsx-a11y/no-redundant-roles': 'warn',
    'jsx-a11y/no-static-element-interactions': [
      'warn',
      {
@ -177,6 +173,10 @@ module.exports = {
        ],
      },
    ],
    'jsx-a11y/role-has-required-aria-props': 'warn',
    'jsx-a11y/role-supports-aria-props': 'off',
    'jsx-a11y/scope': 'warn',
    'jsx-a11y/tabindex-no-positive': 'warn',
    'import/extensions': [
      'error',
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -0,0 +1,32 @@
 # CODEOWNERS for mastodon/mastodon
 # Translators
 # To add translator, copy these lines, replace `fr` with appropriate language code and replace `@żelipapą` with user's GitHub nickname preceded by `@` sign or e-mail address.
 # /app/javascript/mastodon/locales/fr.json @żelipapą
 # /app/views/user_mailer/*.fr.html.erb @żelipapą
 # /app/views/user_mailer/*.fr.text.erb @żelipapą
 # /config/locales/*.fr.yml @żelipapą
 # /config/locales/fr.yml @żelipapą
 # Polish
 /app/javascript/mastodon/locales/pl.json @m4sk1n
 /app/views/user_mailer/*.pl.html.erb @m4sk1n
 /app/views/user_mailer/*.pl.text.erb @m4sk1n
 /config/locales/*.pl.yml @m4sk1n
 /config/locales/pl.yml @m4sk1n
 # French
 /app/javascript/mastodon/locales/fr.json @aldarone
 /app/javascript/mastodon/locales/whitelist_fr.json @aldarone
 /app/views/user_mailer/*.fr.html.erb @aldarone
 /app/views/user_mailer/*.fr.text.erb @aldarone
 /config/locales/*.fr.yml @aldarone
 /config/locales/fr.yml @aldarone
 # Dutch
 /app/javascript/mastodon/locales/nl.json @jeroenpraat
 /app/javascript/mastodon/locales/whitelist_nl.json @jeroenpraat
 /app/views/user_mailer/*.nl.html.erb @jeroenpraat
 /app/views/user_mailer/*.nl.text.erb @jeroenpraat
 /config/locales/*.nl.yml @jeroenpraat
 /config/locales/nl.yml @jeroenpraat
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,3 +1,3 @@
 patreon: mastodon
 open_collective: mastodon
-custom: https://sponsor.joinmastodon.org
+github: [Gargron]
--- a/.github/ISSUE_TEMPLATE/1.bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1.bug_report.yml
@ -1,56 +0,0 @@
 name: Bug Report
 description: If something isn't working as expected
 labels: [bug]
 body:
  - type: markdown
    attributes:
      value: |
        Make sure that you are submitting a new bug that was not previously reported or already fixed.
        Please use a concise and distinct title for the issue.
  - type: textarea
    attributes:
      label: Steps to reproduce the problem
      description: What were you trying to do?
      value: |
        1.
        2.
        3.
        ...
    validations:
      required: true
  - type: input
    attributes:
      label: Expected behaviour
      description: What should have happened?
    validations:
      required: true
  - type: input
    attributes:
      label: Actual behaviour
      description: What happened?
    validations:
      required: true
  - type: textarea
    attributes:
      label: Detailed description
    validations:
      required: false
  - type: textarea
    attributes:
      label: Specifications
      description: |
        What version or commit hash of Mastodon did you find this bug in?
        If a front-end issue, what browser and operating systems were you using?
      placeholder: |
        Mastodon 3.5.3 (or Edge)
        Ruby 2.7.6 (or v3.1.2)
        Node.js 16.18.0
        Google Chrome 106.0.5249.119
        Firefox 105.0.3
        etc...
    validations:
      required: true
--- a/.github/ISSUE_TEMPLATE/2.feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/2.feature_request.yml
@ -1,22 +0,0 @@
 name: Feature Request
 description: I have a suggestion
 labels: [suggestion]
 body:
  - type: markdown
    attributes:
      value: |
        Please use a concise and distinct title for the issue.
        Consider: Could it be implemented as a 3rd party app using the REST API instead?
  - type: textarea
    attributes:
      label: Pitch
      description: Describe your idea for a feature. Make sure it has not already been suggested/implemented/turned down before.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Motivation
      description: Why do you think this feature is needed? Who would benefit from it?
    validations:
      required: true
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,27 @@
 ---
 name: Bug Report
 about: If something isn't working as expected
 labels: bug
 ---
 <!-- Make sure that you are submitting a new bug that was not previously reported or already fixed -->
 <!-- Please use a concise and distinct title for the issue -->
 ### Expected behaviour
 <!-- What should have happened? -->
 ### Actual behaviour
 <!-- What happened? -->
 ### Steps to reproduce the problem
 <!-- What were you trying to do? -->
 ### Specifications
 <!-- What version or commit hash of Mastodon did you find this bug in? -->
 <!-- If a front-end issue, what browser and operating systems were you using? -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,5 +1,5 @@
 blank_issues_enabled: false
 contact_links:
-  - name: GitHub Discussions
+  - name: Mastodon Meta Discussion Board
-    url: https://github.com/mastodon/mastodon/discussions
+    url: https://discourse.joinmastodon.org/
    about: Please ask and answer questions here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,16 @@
 ---
 name: Feature Request
 about: I have a suggestion
 ---
 <!-- Please use a concise and distinct title for the issue -->
 <!-- Consider: Could it be implemented as a 3rd party app using the REST API instead? -->
 ### Pitch
 <!-- Describe your idea for a feature. Make sure it has not already been suggested/implemented/turned down before -->
 ### Motivation
 <!-- Why do you think this feature is needed? Who would benefit from it? -->
--- a/.github/ISSUE_TEMPLATE/support.md
+++ b/.github/ISSUE_TEMPLATE/support.md
@ -0,0 +1,10 @@
 ---
 name: Support
 about: Ask for help with your deployment
 ---
 We primarily use GitHub as a bug and feature tracker. For usage questions, troubleshooting of deployments and other individual technical assistance, please use one of the resources below:
 - https://discourse.joinmastodon.org
 - #mastodon on irc.freenode.net
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,22 @@
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 version: 2
 updates:
  - package-ecosystem: npm
    directory: "/"
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct
  - package-ecosystem: bundler
    directory: "/"
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct
--- a/.github/stylelint-matcher.json
+++ b/.github/stylelint-matcher.json
@ -1,21 +0,0 @@
 {
  "problemMatcher": [
    {
      "owner": "stylelint",
      "pattern": [
        {
          "regexp": "^([^\\s].*)$",
          "file": 1
        },
        {
          "regexp": "^\\s+((\\d+):(\\d+))?\\s+(✖|×)\\s+(.*)\\s{2,}(.*)$",
          "line": 2,
          "column": 3,
          "message": 5,
          "code": 6,
          "loop": true
        }
      ]
    }
  ]
 }
--- a/.github/workflows/build-container-image.yml
+++ b/.github/workflows/build-container-image.yml
@ -1,92 +0,0 @@
 on:
  workflow_call:
    inputs:
      platforms:
        required: true
        type: string
      cache:
        type: boolean
        default: true
      use_native_arm64_builder:
        type: boolean
      push_to_images:
        type: string
      flavor:
        type: string
      tags:
        type: string
      labels:
        type: string
 jobs:
  build-image:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-qemu-action@v2
        if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder
      - uses: docker/setup-buildx-action@v2
        id: buildx
        if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }}
      - name: Start a local Docker Builder
        if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
        run: |
          docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234
      - uses: docker/setup-buildx-action@v2
        id: buildx-native
        if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
        with:
          driver: remote
          endpoint: tcp://localhost:1234
          platforms: linux/amd64
          append: |
            - endpoint: tcp://${{ vars.DOCKER_BUILDER_HETZNER_ARM64_01_HOST }}:13865
              platforms: linux/arm64
              name: mastodon-docker-builder-arm64-01
              driver-opts:
                - servername=mastodon-docker-builder-arm64-01
        env:
          BUILDER_NODE_1_AUTH_TLS_CACERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CACERT }}
          BUILDER_NODE_1_AUTH_TLS_CERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CERT }}
          BUILDER_NODE_1_AUTH_TLS_KEY: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_KEY }}
      - name: Log in to Docker Hub
        if: contains(inputs.push_to_images, 'tootsuite')
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to the Github Container registry
        if: contains(inputs.push_to_images, 'ghcr.io')
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/metadata-action@v4
        id: meta
        if: ${{ inputs.push_to_images != '' }}
        with:
          images: ${{ inputs.push_to_images }}
          flavor: ${{ inputs.flavor }}
          tags: ${{ inputs.tags }}
          labels: ${{ inputs.labels }}
      - uses: docker/build-push-action@v4
        with:
          context: .
          platforms: ${{ inputs.platforms }}
          provenance: false
          builder: ${{ steps.buildx.outputs.name || steps.buildx-native.outputs.name }}
          push: ${{ inputs.push_to_images != '' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: ${{ inputs.cache && 'type=gha' || '' }}
          cache-to: ${{ inputs.cache && 'type=gha,mode=max' || '' }}
--- a/.github/workflows/build-releases.yml
+++ b/.github/workflows/build-releases.yml
@ -1,27 +0,0 @@
 name: Build container release images
 on:
  push:
    tags:
      - '*'
 permissions:
  contents: read
  packages: write
 jobs:
  build-image:
    uses: ./.github/workflows/build-container-image.yml
    with:
      platforms: linux/amd64,linux/arm64
      use_native_arm64_builder: true
      push_to_images: |
        tootsuite/mastodon
        ghcr.io/mastodon/mastodon
      # Do not use cache when building releases, so apt update is always ran and the release always contain the latest packages
      cache: false
      flavor: |
        latest=false
      tags: |
        type=pep440,pattern={{raw}}
        type=pep440,pattern=v{{major}}.{{minor}}
    secrets: inherit
--- a/.github/workflows/check-i18n.yml
+++ b/.github/workflows/check-i18n.yml
@ -2,36 +2,33 @@ name: Check i18n
 on:
  push:
-    branches: [main]
+    branches: [ main ]
  pull_request:
-    branches: [main]
+    branches: [ main ]
 env:
  RAILS_ENV: test
 permissions:
  contents: read
 jobs:
  check-i18n:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+    - uses: actions/checkout@v2
-      - name: Install system dependencies
+    - name: Install system dependencies
-        run: |
+      run: |
-          sudo apt-get update
+        sudo apt-get update
-          sudo apt-get install -y libicu-dev libidn11-dev
+        sudo apt-get install -y libicu-dev libidn11-dev libprotobuf-dev protobuf-compiler
-      - name: Set up Ruby
+    - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
-        with:
+      with:
-          ruby-version: .ruby-version
+        ruby-version: '2.7'
-          bundler-cache: true
+        bundler-cache: true
-      - name: Check locale file normalization
+    - name: Check locale file normalization
-        run: bundle exec i18n-tasks check-normalized
+      run: bundle exec i18n-tasks check-normalized
-      - name: Check for unused strings
+    - name: Check for unused strings
-        run: bundle exec i18n-tasks unused
+      run: bundle exec i18n-tasks unused -l en
-      - name: Check for wrong string interpolations
+    - name: Check for wrong string interpolations
-        run: bundle exec i18n-tasks check-consistent-interpolations
+      run: bundle exec i18n-tasks check-consistent-interpolations
-      - name: Check that all required locale files exist
+    - name: Check that all required locale files exist
-        run: bundle exec rake repo:check_locales_files
+      run: bundle exec rake repo:check_locales_files
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -1,62 +0,0 @@
 name: 'CodeQL'
 on:
  push:
    branches: ['main']
  pull_request:
    # The branches below must be a subset of the branches above
    branches: ['main']
  schedule:
    - cron: '22 6 * * 1'
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: ['javascript', 'ruby']
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v2
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
          # By default, queries listed here will override any specified in a config file.
          # Prefix the list here with "+" to use these queries and those in the config file.
          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
          # queries: security-extended,security-and-quality
      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
        uses: github/codeql-action/autobuild@v2
      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
      #   If the Autobuild fails above, remove it and uncomment the following three lines.
      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
      # - run: |
      #   echo "Run, Build Application using script"
      #   ./location_of_script_within_repo/buildscript.sh
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v2
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/lint-css.yml
+++ b/.github/workflows/lint-css.yml
@ -1,48 +0,0 @@
 name: CSS Linting
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - 'stylelint.config.js'
      - '**/*.css'
      - '**/*.scss'
      - '.github/workflows/lint-css.yml'
      - '.github/stylelint-matcher.json'
  pull_request:
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - 'stylelint.config.js'
      - '**/*.css'
      - '**/*.scss'
      - '.github/workflows/lint-css.yml'
      - '.github/stylelint-matcher.json'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v3
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          cache: yarn
      - name: Install all yarn packages
        run: yarn --frozen-lockfile
      - uses: xt0rted/stylelint-problem-matcher@v1
      - run: echo "::add-matcher::.github/stylelint-matcher.json"
      - name: Stylelint
        run: yarn test:lint:sass
--- a/.github/workflows/lint-js.yml
+++ b/.github/workflows/lint-js.yml
@ -1,40 +0,0 @@
 name: JavaScript Linting
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - '.eslint*'
      - '**/*.js'
      - '.github/workflows/lint-js.yml'
  pull_request:
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - '.eslint*'
      - '**/*.js'
      - '.github/workflows/lint-js.yml'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v3
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          cache: yarn
      - name: Install all yarn packages
        run: yarn --frozen-lockfile
      - name: ESLint
        run: yarn test:lint:js
--- a/.github/workflows/lint-json.yml
+++ b/.github/workflows/lint-json.yml
@ -1,40 +0,0 @@
 name: JSON Linting
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - '**/*.json'
      - '.github/workflows/lint-json.yml'
      - '!app/javascript/mastodon/locales/*.json'
  pull_request:
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - '**/*.json'
      - '.github/workflows/lint-json.yml'
      - '!app/javascript/mastodon/locales/*.json'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v3
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          cache: yarn
      - name: Install all yarn packages
        run: yarn --frozen-lockfile
      - name: Prettier
        run: yarn prettier --check "**/*.json"
--- a/.github/workflows/lint-yml.yml
+++ b/.github/workflows/lint-yml.yml
@ -1,42 +0,0 @@
 name: YML Linting
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - '**/*.yaml'
      - '**/*.yml'
      - '.github/workflows/lint-yml.yml'
      - '!config/locales/*.yml'
  pull_request:
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.prettier*'
      - '**/*.yaml'
      - '**/*.yml'
      - '.github/workflows/lint-yml.yml'
      - '!config/locales/*.yml'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v3
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          cache: yarn
      - name: Install all yarn packages
        run: yarn --frozen-lockfile
      - name: Prettier
        run: yarn prettier --check "**/*.{yml,yaml}"
--- a/.github/workflows/rebase-needed.yml
+++ b/.github/workflows/rebase-needed.yml
@ -1,17 +0,0 @@
 name: PR Needs Rebase
 on:
  push:
  pull_request_target:
    types: [synchronize]
 jobs:
  label-rebase-needed:
    runs-on: ubuntu-latest
    steps:
      - name: Check for merge conflicts
        uses: eps1lon/actions-label-merge-conflict@releases/2.x
        with:
          dirtyLabel: 'rebase needed :construction:'
          repoToken: '${{ secrets.GITHUB_TOKEN }}'
          commentOnDirty: This pull request has merge conflicts that must be resolved before it can be merged.
--- a/.github/workflows/test-image-build.yml
+++ b/.github/workflows/test-image-build.yml
@ -1,15 +0,0 @@
 name: Test container image build
 on:
  pull_request:
 permissions:
  contents: read
 jobs:
  build-image:
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    uses: ./.github/workflows/build-container-image.yml
    with:
      platforms: linux/amd64 # Testing only on native platform so it is performant
--- a/.github/workflows/test-ruby.yml
+++ b/.github/workflows/test-ruby.yml
@ -1,153 +0,0 @@
 name: Ruby Testing
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
      - 'renovate/**'
  pull_request:
 env:
  BUNDLE_CLEAN: true
  BUNDLE_FROZEN: true
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: true
      matrix:
        mode:
          - production
          - test
    env:
      RAILS_ENV: ${{ matrix.mode }}
      BUNDLE_WITH: ${{ matrix.mode }}
      OTP_SECRET: precompile_placeholder
      SECRET_KEY_BASE: precompile_placeholder
    steps:
      - uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          cache: yarn
          node-version-file: '.nvmrc'
      - name: Install native Ruby dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y libicu-dev libidn11-dev
      - name: Set up bundler cache
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true
      - run: yarn --frozen-lockfile --production
      - name: Precompile assets
        # Previously had set this, but it's not supported
        # export NODE_OPTIONS=--openssl-legacy-provider
        run: |-
          ./bin/rails assets:precompile
      - uses: actions/upload-artifact@v3
        if: matrix.mode == 'test'
        with:
          path: |-
            ./public/assets
            ./public/packs-test
          name: ${{ github.sha }}
          retention-days: 0
  test:
    runs-on: ubuntu-latest
    needs:
      - build
    services:
      postgres:
        image: postgres:14-alpine
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432
      redis:
        image: redis:7-alpine
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 6379:6379
    env:
      DB_HOST: localhost
      DB_USER: postgres
      DB_PASS: postgres
      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      ALLOW_NOPAM: true
      PAM_ENABLED: true
      PAM_DEFAULT_SERVICE: pam_test
      PAM_CONTROLLED_SERVICE: pam_test_controlled
      OIDC_ENABLED: true
      OIDC_SCOPE: read
      SAML_ENABLED: true
      CAS_ENABLED: true
      BUNDLE_WITH: 'pam_authentication test'
      CI_JOBS: ${{ matrix.ci_job }}/4
    strategy:
      fail-fast: false
      matrix:
        ruby-version:
          - '.ruby-version'
        ci_job:
          - 1
          - 2
          - 3
          - 4
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v3
        with:
          path: './public'
          name: ${{ github.sha }}
      - name: Update package index
        run: sudo apt-get update
      - name: Install native Ruby dependencies
        run: sudo apt-get install -y libicu-dev libidn11-dev
      - name: Install additional system dependencies
        run: sudo apt-get install -y ffmpeg imagemagick libpam-dev
      - name: Set up bundler cache
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ matrix.ruby-version}}
          bundler-cache: true
      - name: Load database schema
        run: './bin/rails db:create db:schema:load db:seed'
      - run: bin/rspec
--- a/.gitignore
+++ b/.gitignore
@ -40,10 +40,12 @@
 # Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
 /postgres
 /postgres14
 /redis
 /elasticsearch
 # ignore Helm dependency charts
 /chart/charts/*.tgz
 # Ignore Apple files
 .DS_Store
--- a/.nvmrc
+++ b/.nvmrc
@ -1 +1 @@
-16
+12
--- a/.prettierignore
+++ b/.prettierignore
@ -1,72 +0,0 @@
 # See https://help.github.com/articles/ignoring-files for more about ignoring files.
 #
 # If you find yourself ignoring temporary files generated by your text editor
 # or operating system, you probably want to add a global ignore instead:
 #   git config --global core.excludesfile '~/.gitignore_global'
 # Ignore bundler config and downloaded libraries.
 /.bundle
 /vendor/bundle
 # Ignore the default SQLite database.
 /db/*.sqlite3
 /db/*.sqlite3-journal
 # Ignore all logfiles and tempfiles.
 .eslintcache
 /log/*
 !/log/.keep
 /tmp
 /coverage
 /public/system
 /public/assets
 /public/packs
 /public/packs-test
 .env
 .env.production
 .env.development
 /node_modules/
 /build/
 # Ignore Vagrant files
 .vagrant/
 # Ignore Capistrano customizations
 /config/deploy/*
 # Ignore IDE files
 .vscode/
 .idea/
 # Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
 /postgres
 /postgres14
 /redis
 /elasticsearch
 # Ignore Apple files
 .DS_Store
 # Ignore vim files
 *~
 *.swp
 # Ignore npm debug log
 npm-debug.log
 # Ignore yarn log files
 yarn-error.log
 yarn-debug.log
 # Ignore vagrant log files
 *-cloudimg-console.log
 # Ignore Docker option files
 docker-compose.override.yml
 # Ignore emoji map file
 /app/javascript/mastodon/features/emoji/emoji_map.json
 # Ignore locale files
 /app/javascript/mastodon/locales
 /config/locales
--- a/.prettierrc.js
+++ b/.prettierrc.js
@ -1,3 +0,0 @@
 module.exports = {
  singleQuote: true
 }
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -1,27 +1,21 @@
 require:
  - rubocop-rails
  - rubocop-rspec
  - rubocop-performance
 AllCops:
-  TargetRubyVersion: 2.7
+  TargetRubyVersion: 2.5
-  DisplayCopNames: true
+  NewCops: disable
  DisplayStyleGuide: true
  ExtraDetails: true
  UseCache: true
  CacheRootDirectory: tmp
  NewCops: enable
  Exclude:
-    - db/schema.rb
+  - 'spec/**/*'
-    - 'app/views/**/*'
+  - 'db/**/*'
-    - 'config/**/*'
+  - 'app/views/**/*'
-    - 'bin/*'
+  - 'config/**/*'
-    - 'Rakefile'
+  - 'bin/*'
-    - 'node_modules/**/*'
+  - 'Rakefile'
-    - 'Vagrantfile'
+  - 'node_modules/**/*'
-    - 'vendor/**/*'
+  - 'Vagrantfile'
-    - 'lib/json_ld/*'
+  - 'vendor/**/*'
-    - 'lib/templates/**/*'
+  - 'lib/json_ld/*'
  - 'lib/templates/**/*'
 Bundler/OrderedGems:
  Enabled: false
@ -35,17 +29,13 @@ Layout/EmptyLineAfterMagicComment:
 Layout/EmptyLineAfterGuardClause:
  Enabled: false
 Layout/EmptyLineBetweenDefs:
  AllowAdjacentOneLineDefs: true
 Layout/EmptyLinesAroundAttributeAccessor:
  Enabled: true
 Layout/FirstHashElementIndentation:
  EnforcedStyle: consistent
 Layout/HashAlignment:
  Enabled: false
  # EnforcedHashRocketStyle: table
  # EnforcedColonStyle: table
 Layout/SpaceAroundMethodCallOperator:
  Enabled: true
@ -73,57 +63,15 @@ Lint/UselessAccessModifier:
    - class_methods
 Metrics/AbcSize:
-  Max: 34 # RuboCop default 17
+  Max: 100
  Exclude:
-    - 'lib/**/*cli*.rb'
+    - 'lib/mastodon/*_cli.rb'
    - db/*migrate/**/*
    - lib/paperclip/color_extractor.rb
    - app/workers/scheduler/follow_recommendations_scheduler.rb
    - app/services/activitypub/fetch*_service.rb
    - lib/paperclip/**/*
  CountRepeatedAttributes: false
  AllowedMethods:
    - update_media_attachments!
    - account_link_to
    - attempt_oembed
    - build_crutches
    - calculate_scores
    - cc
    - dump_actor!
    - filter_from_home?
    - hydrate
    - import_bookmarks!
    - import_relationships!
    - initialize
    - link_to_mention
    - log_target
    - matches_time_window?
    - parse_metadata
    - perform_statuses_search!
    - privatize_media_attachments!
    - process_update
    - publish_media_attachments!
    - remotable_attachment
    - render_initial_state
    - render_with_cache
    - searchable_by
    - self.cached_filters_for
    - set_fetchable_attributes!
    - signed_request_actor
    - statuses_to_delete
    - update_poll!
 Metrics/BlockLength:
  Max: 55
  Exclude:
    - 'lib/tasks/**/*'
    - 'lib/mastodon/*_cli.rb'
  CountComments: false
  CountAsOne: [array, heredoc]
  AllowedMethods:
    - task
    - namespace
    - class_methods
    - included
 Metrics/BlockNesting:
  Max: 3
@ -132,145 +80,35 @@ Metrics/BlockNesting:
 Metrics/ClassLength:
  CountComments: false
-  Max: 500
+  Max: 400
  CountAsOne: [array, heredoc]
  Exclude:
    - 'lib/mastodon/*_cli.rb'
 Metrics/CyclomaticComplexity:
-  Max: 12
+  Max: 25
  Exclude:
-    - lib/mastodon/*cli*.rb
+    - 'lib/mastodon/*_cli.rb'
    - db/*migrate/**/*
  AllowedMethods:
    - attempt_oembed
    - blocked?
    - build_crutches
    - calculate_scores
    - cc
    - discover_endpoint!
    - filter_from_home?
    - hydrate
    - klass
    - link_to_mention
    - log_target
    - matches_time_window?
    - patch_for_forwarding!
    - preprocess_attributes!
    - process_update
    - remotable_attachment
    - scan_text!
    - self.cached_filters_for
    - set_fetchable_attributes!
    - setup_redis_env_url
    - update_media_attachments!
 Layout/LineLength:
  Max: 140 # RuboCop default 120
  AllowHeredoc: true
  AllowURI: true
-  IgnoreCopDirectives: true
+  Enabled: false
  AllowedPatterns:
    # Allow comments to be long lines
    - !ruby/regexp / \# .*$/
    - !ruby/regexp /^\# .*$/
  Exclude:
    - lib/**/*cli*.rb
    - db/*migrate/**/*
    - db/seeds/**/*
 Metrics/MethodLength:
  CountComments: false
-  CountAsOne: [array, heredoc]
+  Max: 65
  Max: 25 # RuboCop default 10
  Exclude:
    - 'lib/mastodon/*_cli.rb'
  AllowedMethods:
    - account_link_to
    - attempt_oembed
    - body_with_limit
    - build_crutches
    - cached_filters_for
    - calculate_scores
    - check_webfinger!
    - clean_feeds!
    - collection_items
    - collection_presenter
    - copy_account_notes!
    - deduplicate_accounts!
    - deduplicate_conversations!
    - deduplicate_local_accounts!
    - deduplicate_statuses!
    - deduplicate_tags!
    - deduplicate_users!
    - discover_endpoint!
    - extract_extra_uris_with_indices
    - extract_hashtags_with_indices
    - extract_mentions_or_lists_with_indices
    - filter_from_home?
    - from_elasticsearch
    - handle_explicit_update!
    - handle_mark_as_sensitive!
    - hsl_to_rgb
    - import_bookmarks!
    - import_domain_blocks!
    - import_relationships!
    - ldap_options
    - matches_time_window?
    - outbox_presenter
    - pam_get_user
    - parallelize_with_progress
    - parse_and_transform
    - patch_for_forwarding!
    - populate_home
    - post_process_style
    - preload_cache_collection_target_statuses
    - privatize_media_attachments!
    - provides_callback_for
    - publish_media_attachments!
    - relevant_account_timestamp
    - remotable_attachment
    - rgb_to_hsl
    - rss_status_content_format
    - set_fetchable_attributes!
    - setup_redis_env_url
    - signed_request_actor
    - to_preview_card_attributes
    - upgrade_storage_filesystem
    - upgrade_storage_s3
    - user_settings_params
    - hydrate
    - cc
    - self_destruct
 Metrics/ModuleLength:
  CountComments: false
  Max: 200
  CountAsOne: [array, heredoc]
 Metrics/ParameterLists:
-  Max: 5 # RuboCop default 5
+  Max: 5
-  CountKeywordArgs: true # RuboCop default true
+  CountKeywordArgs: true
  MaxOptionalParameters: 3 # RuboCop default 3
  Exclude:
    - app/models/concerns/account_interactions.rb
    - app/services/activitypub/fetch_remote_account_service.rb
    - app/services/activitypub/fetch_remote_actor_service.rb
 Metrics/PerceivedComplexity:
-  Max: 16 # RuboCop default 8
+  Max: 25
  AllowedMethods:
    - attempt_oembed
    - build_crutches
    - calculate_scores
    - deduplicate_users!
    - discover_endpoint!
    - filter_from_home?
    - hydrate
    - patch_for_forwarding!
    - process_update
    - remove_orphans
    - update_media_attachments!
 Naming/MemoizedInstanceVariableName:
  Enabled: false
@ -401,10 +239,6 @@ Style/HashTransformKeys:
 Style/HashTransformValues:
  Enabled: false
 Style/HashSyntax:
  Enabled: true
  EnforcedStyle: ruby19_no_mixed_keys
 Style/IfUnlessModifier:
  Enabled: false
@ -425,6 +259,9 @@ Style/PercentLiteralDelimiters:
 Style/PerlBackrefs:
  AutoCorrect: false
 Style/RedundantAssignment:
  Enabled: false
 Style/RedundantFetchBlock:
  Enabled: true
@ -440,14 +277,11 @@ Style/RedundantRegexpEscape:
 Style/RedundantReturn:
  Enabled: true
 Style/RedundantBegin:
  Enabled: false
 Style/RegexpLiteral:
  Enabled: false
 Style/RescueStandardError:
-  Enabled: true
+  Enabled: false
 Style/SignalException:
  Enabled: false
@ -466,14 +300,3 @@ Style/TrailingCommaInHashLiteral:
 Style/UnpackFirst:
  Enabled: false
 RSpec/ScatteredSetup:
  Enabled: false
 RSpec/ImplicitExpect:
  Enabled: false
 RSpec/NamedSubject:
  Enabled: false
 RSpec/DescribeClass:
  Enabled: false
 RSpec/LetSetup:
  Enabled: false
--- a/.ruby-gemset
+++ b/.ruby-gemset
@ -1 +0,0 @@
 mastodon
--- a/.ruby-version
+++ b/.ruby-version
@ -1 +1 @@
-3.0.6
+2.7.2
--- a/.sass-lint.yml
+++ b/.sass-lint.yml
@ -0,0 +1,37 @@
 # Linter Documentation:
 # https://github.com/sasstools/sass-lint/tree/v1.13.1/docs/options
 files:
  include: app/javascript/styles/**/*.scss
  ignore:
    - app/javascript/styles/mastodon/reset.scss
 rules:
  # Disallows
  no-color-literals: 0
  no-css-comments: 0
  no-duplicate-properties: 0
  no-ids: 0
  no-important: 0
  no-mergeable-selectors: 0
  no-misspelled-properties: 0
  no-qualifying-elements: 0
  no-transition-all: 0
  no-vendor-prefixes: 0
  # Nesting
  force-element-nesting: 0
  force-attribute-nesting: 0
  force-pseudo-nesting: 0
  # Name Formats
  class-name-format: 0
  leading-zero: 0
  # Style Guide
  attribute-quotes: 0
  hex-length: 0
  indentation: 0
  nesting-depth: 0
  property-sort-order: 0
  quotes: 0
--- a/AUTHORS.md
+++ b/AUTHORS.md
--- a/24
+++ b/24
@ -1,4 +1,28 @@
 ffmpeg
 libicu[0-9][0-9]
 libicu-dev
 libidn11
 libidn11-dev
 libpq-dev
 libprotobuf-dev
 libxdamage1
 libxfixes3
 protobuf-compiler
 zlib1g-dev
 libcairo2
 libcroco3
 libdatrie1
 libgdk-pixbuf2.0-0
 libgraphite2-3
 libharfbuzz0b
 libpango-1.0-0
 libpangocairo-1.0-0
 libpangoft2-1.0-0
 libpixman-1-0
 librsvg2-2
 libthai-data
 libthai0
 libvpx[5-9]
 libxcb-render0
 libxcb-shm0
 libxrender1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -40,7 +40,7 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai
 ## Attribution
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [https://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
-[homepage]: https://contributor-covenant.org
+[homepage]: http://contributor-covenant.org
-[version]: https://contributor-covenant.org/version/1/4/
+[version]: http://contributor-covenant.org/version/1/4/
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -42,8 +42,6 @@ It is not always possible to phrase every change in such a manner, but it is des
 - Code style rules (rubocop, eslint)
 - Normalization of locale files (i18n-tasks)
 **Note**: You may need to log in and authorise the GitHub account your fork of this repository belongs to with CircleCI to enable some of the automated checks to run.
 ## Documentation
 The [Mastodon documentation](https://docs.joinmastodon.org) is a statically generated site. You can [submit merge requests to mastodon/documentation](https://github.com/mastodon/documentation).
--- a/165
+++ b/165
@ -1,100 +1,117 @@
-# syntax=docker/dockerfile:1.4
+FROM ubuntu:20.04 as build-dep
 # This needs to be bullseye-slim because the Ruby image is built on bullseye-slim
 ARG NODE_VERSION="16.18.1-bullseye-slim"
-FROM ghcr.io/moritzheiber/ruby-jemalloc:3.0.6-slim as ruby
+# Use bash for the shell
-FROM node:${NODE_VERSION} as build
+SHELL ["/bin/bash", "-c"]
-COPY --link --from=ruby /opt/ruby /opt/ruby
+# Install Node v12 (LTS)
 ENV NODE_VER="12.21.0"
 RUN ARCH= && \
    dpkgArch="$(dpkg --print-architecture)" && \
  case "${dpkgArch##*-}" in \
    amd64) ARCH='x64';; \
    ppc64el) ARCH='ppc64le';; \
    s390x) ARCH='s390x';; \
    arm64) ARCH='arm64';; \
    armhf) ARCH='armv7l';; \
    i386) ARCH='x86';; \
    *) echo "unsupported architecture"; exit 1 ;; \
  esac && \
    echo "Etc/UTC" > /etc/localtime && \
 	apt-get update && \
 	apt-get install -y --no-install-recommends ca-certificates wget python && \
 	cd ~ && \
 	wget -q https://nodejs.org/download/release/v$NODE_VER/node-v$NODE_VER-linux-$ARCH.tar.gz && \
 	tar xf node-v$NODE_VER-linux-$ARCH.tar.gz && \
 	rm node-v$NODE_VER-linux-$ARCH.tar.gz && \
 	mv node-v$NODE_VER-linux-$ARCH /opt/node
-ENV DEBIAN_FRONTEND="noninteractive" \
+# Install Ruby
-    PATH="${PATH}:/opt/ruby/bin"
+ENV RUBY_VER="2.7.2"
 RUN apt-get update && \
  apt-get install -y --no-install-recommends build-essential \
    bison libyaml-dev libgdbm-dev libreadline-dev libjemalloc-dev \
 		libncurses5-dev libffi-dev zlib1g-dev libssl-dev && \
 	cd ~ && \
 	wget https://cache.ruby-lang.org/pub/ruby/${RUBY_VER%.*}/ruby-$RUBY_VER.tar.gz && \
 	tar xf ruby-$RUBY_VER.tar.gz && \
 	cd ruby-$RUBY_VER && \
 	./configure --prefix=/opt/ruby \
 	  --with-jemalloc \
 	  --with-shared \
 	  --disable-install-doc && \
 	make -j"$(nproc)" > /dev/null && \
 	make install && \
 	rm -rf ../ruby-$RUBY_VER.tar.gz ../ruby-$RUBY_VER
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin"
 RUN npm install -g yarn && \
 	gem install bundler && \
 	apt-get update && \
 	apt-get install -y --no-install-recommends git libicu-dev libidn11-dev \
 	libpq-dev libprotobuf-dev protobuf-compiler shared-mime-info
 WORKDIR /opt/mastodon
 COPY Gemfile* package.json yarn.lock /opt/mastodon/
-# hadolint ignore=DL3008
+RUN cd /opt/mastodon && \
-RUN apt-get update && \
+  bundle config set deployment 'true' && \
-    apt-get -yq dist-upgrade && \
+  bundle config set without 'development test' && \
-    apt-get install -y --no-install-recommends build-essential \
+	bundle install -j"$(nproc)" && \
-        ca-certificates \
+	yarn install --pure-lockfile
        git \
        libicu-dev \
        libidn11-dev \
        libpq-dev \
        libjemalloc-dev \
        zlib1g-dev \
        libgdbm-dev \
        libgmp-dev \
        libssl-dev \
        libyaml-0-2 \
        ca-certificates \
        libreadline8 \
        python3 \
        shared-mime-info && \
    bundle config set --local deployment 'true' && \
    bundle config set --local without 'development test' && \
    bundle config set silence_root_warning true && \
    bundle install -j"$(nproc)" && \
    yarn install --pure-lockfile --network-timeout 600000
-FROM node:${NODE_VERSION}
+FROM ubuntu:20.04
-ARG UID="991"
+# Copy over all the langs needed for runtime
-ARG GID="991"
+COPY --from=build-dep /opt/node /opt/node
 COPY --from=build-dep /opt/ruby /opt/ruby
-COPY --link --from=ruby /opt/ruby /opt/ruby
+# Add more PATHs to the PATH
 ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin:/opt/mastodon/bin"
 # Create the mastodon user
 ARG UID=991
 ARG GID=991
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 ENV DEBIAN_FRONTEND="noninteractive" \
    PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin"
 # Ignoreing these here since we don't want to pin any versions and the Debian image removes apt-get content after use
 # hadolint ignore=DL3008,DL3009
 RUN apt-get update && \
-    echo "Etc/UTC" > /etc/localtime && \
+	echo "Etc/UTC" > /etc/localtime && \
-    groupadd -g "${GID}" mastodon && \
+	apt-get install -y --no-install-recommends whois wget && \
-    useradd -l -u "$UID" -g "${GID}" -m -d /opt/mastodon mastodon && \
+	addgroup --gid $GID mastodon && \
-    apt-get -y --no-install-recommends install whois \
+	useradd -m -u $UID -g $GID -d /opt/mastodon mastodon && \
-        wget \
+	echo "mastodon:$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256)" | chpasswd && \
-        procps \
+	rm -rf /var/lib/apt/lists/*
        libssl1.1 \
        libpq5 \
        imagemagick \
        ffmpeg \
        libjemalloc2 \
        libicu67 \
        libidn11 \
        libyaml-0-2 \
        file \
        ca-certificates \
        tzdata \
        libreadline8 \
        tini && \
    ln -s /opt/mastodon /mastodon
-# Note: no, cleaning here since Debian does this automatically
+# Install mastodon runtime deps
-# See the file /etc/apt/apt.conf.d/docker-clean within the Docker image's filesystem
+RUN apt-get update && \
  apt-get -y --no-install-recommends install \
 	  libssl1.1 libpq5 imagemagick ffmpeg libjemalloc2 \
 	  libicu66 libprotobuf17 libidn11 libyaml-0-2 \
 	  file ca-certificates tzdata libreadline8 gcc tini && \
 	ln -s /opt/mastodon /mastodon && \
 	gem install bundler && \
 	rm -rf /var/cache && \
 	rm -rf /var/lib/apt/lists/*
 # Copy over mastodon source, and dependencies from building, and set permissions
 COPY --chown=mastodon:mastodon . /opt/mastodon
-COPY --chown=mastodon:mastodon --from=build /opt/mastodon /opt/mastodon
+COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon
-ENV RAILS_ENV="production" \
+# Run mastodon services in prod mode
-    NODE_ENV="production" \
+ENV RAILS_ENV="production"
-    RAILS_SERVE_STATIC_FILES="true" \
+ENV NODE_ENV="production"
-    BIND="0.0.0.0"
+
 # Tell rails to serve static files
 ENV RAILS_SERVE_STATIC_FILES="true"
 ENV BIND="0.0.0.0"
 # Set the run user
 USER mastodon
 WORKDIR /opt/mastodon
 # Precompile assets
-RUN OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \
+RUN cd ~ && \
-    yarn cache clean
+	OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \
 	yarn cache clean
 # Set the work dir and the container entry point
 WORKDIR /opt/mastodon
 ENTRYPOINT ["/usr/bin/tini", "--"]
 EXPOSE 3000 4000
--- a/FEDERATION.md
+++ b/FEDERATION.md
@ -1,30 +0,0 @@
 ## ActivityPub federation in Mastodon
 Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
 Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/
 ### Required extensions
 #### Webfinger
 In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
 This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
 As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.
 More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/
 #### HTTP Signatures
 In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).
 Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
 More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
 ### Optional extensions
 - Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
 - Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
 - Followers collection synchronization: https://git.activitypub.dev/ActivityPubDev/Fediverse-Enhancement-Proposals/src/branch/main/feps/fep-8fcf.md
--- a/140
+++ b/140
@ -1,35 +1,36 @@
 # frozen_string_literal: true
 source 'https://rubygems.org'
-ruby '>= 2.7.0', '< 3.1.0'
+ruby '>= 2.5.0', '< 3.1.0'
-gem 'pkg-config', '~> 1.5'
+gem 'pkg-config', '~> 1.4'
 gem 'rexml', '~> 3.2'
-gem 'puma', '~> 5.6'
+gem 'puma', '~> 5.3'
-gem 'rails', '~> 6.1.7'
+gem 'rails', '~> 6.1.3'
 gem 'sprockets', '~> 3.7.2'
-gem 'thor', '~> 1.2'
+gem 'thor', '~> 1.1'
-gem 'rack', '~> 2.2.6'
+gem 'rack', '~> 2.2.3'
 gem 'hamlit-rails', '~> 0.2'
-gem 'pg', '~> 1.4'
+gem 'pg', '~> 1.2'
 gem 'makara', '~> 0.5'
-gem 'pghero'
+gem 'pghero', '~> 2.8'
-gem 'dotenv-rails', '~> 2.8'
+gem 'dotenv-rails', '~> 2.7'
-gem 'aws-sdk-s3', '~> 1.119', require: false
+gem 'aws-sdk-s3', '~> 1.95', require: false
-gem 'fog-core', '<= 2.4.0'
+gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
-gem 'kt-paperclip', '~> 7.1'
+gem 'paperclip', '~> 6.0'
 gem 'blurhash', '~> 0.1'
 gem 'active_model_serializers', '~> 0.10'
-gem 'addressable', '~> 2.8'
+gem 'addressable', '~> 2.7'
-gem 'bootsnap', '~> 1.16.0', require: false
+gem 'bootsnap', '~> 1.6.0', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
-gem 'chewy', '~> 7.2'
+gem 'iso-639'
 gem 'chewy', '~> 5.2'
 gem 'cld3', '~> 3.4.2'
 gem 'devise', '~> 4.8'
 gem 'devise-two-factor', '~> 4.0'
@ -40,77 +41,71 @@ end
 gem 'net-ldap', '~> 0.17'
 gem 'omniauth-cas', '~> 2.0'
 gem 'omniauth-saml', '~> 1.10'
 gem 'gitlab-omniauth-openid-connect', '~>0.10.1', require: 'omniauth_openid_connect'
 gem 'omniauth', '~> 1.9'
 gem 'omniauth-rails_csrf_protection', '~> 0.1'
 gem 'color_diff', '~> 0.1'
 gem 'discard', '~> 1.2'
-gem 'doorkeeper', '~> 5.6'
+gem 'doorkeeper', '~> 5.5'
-gem 'ed25519', '~> 1.3'
+gem 'ed25519', '~> 1.2'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'hiredis', '~> 0.6'
-gem 'redis-namespace', '~> 1.10'
+gem 'redis-namespace', '~> 1.8'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 5.1'
+gem 'http', '~> 4.4'
 gem 'http_accept_language', '~> 2.1'
-gem 'httplog', '~> 1.6.2'
+gem 'httplog', '~> 1.5.0'
 gem 'idn-ruby', require: 'idn'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
-gem 'mime-types', '~> 3.4.1', require: 'mime/types/columnar'
+gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar'
-gem 'nokogiri', '~> 1.14'
+gem 'nokogiri', '~> 1.11'
 gem 'nsa', '~> 0.2'
-gem 'oj', '~> 3.13'
+gem 'oj', '~> 3.11'
 gem 'ox', '~> 2.14'
 gem 'parslet'
 gem 'parallel', '~> 1.20'
 gem 'posix-spawn'
-gem 'public_suffix', '~> 5.0'
+gem 'pundit', '~> 2.1'
 gem 'pundit', '~> 2.3'
 gem 'premailer-rails'
-gem 'rack-attack', '~> 6.6'
+gem 'rack-attack', '~> 6.5'
 gem 'rack-cors', '~> 1.1', require: 'rack/cors'
 gem 'rails-i18n', '~> 6.0'
 gem 'rails-settings-cached', '~> 0.6'
-gem 'redcarpet', '~> 3.6'
+gem 'redis', '~> 4.2', require: ['redis', 'redis/connection/hiredis']
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'rqrcode', '~> 2.1'
+gem 'rqrcode', '~> 2.0'
 gem 'ruby-progressbar', '~> 1.11'
-gem 'sanitize', '~> 6.0'
+gem 'sanitize', '~> 5.2'
-gem 'scenic', '~> 1.7'
+gem 'scenic', '~> 1.5'
-gem 'sidekiq', '~> 6.5'
+gem 'sidekiq', '~> 6.2'
-gem 'sidekiq-scheduler', '~> 4.0'
+gem 'sidekiq-scheduler', '~> 3.0'
-gem 'sidekiq-unique-jobs', '~> 7.1'
+gem 'sidekiq-unique-jobs', '~> 7.0'
-gem 'sidekiq-bulk', '~> 0.2.0'
+gem 'sidekiq-bulk', '~>0.2.0'
-gem 'simple-navigation', '~> 4.4'
+gem 'simple-navigation', '~> 4.3'
-gem 'simple_form', '~> 5.2'
+gem 'simple_form', '~> 5.1'
-gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
+gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
-gem 'stoplight', '~> 3.0.1'
+gem 'stoplight', '~> 2.2.1'
 gem 'strong_migrations', '~> 0.7'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
-gem 'tzinfo-data', '~> 1.2022'
+gem 'tzinfo-data', '~> 1.2021'
 gem 'webpacker', '~> 5.4'
-gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
+gem 'webpush', '~> 0.3'
-gem 'webauthn', '~> 2.5'
+gem 'webauthn', '~> 3.0.0.alpha1'
 gem 'json-ld'
-gem 'json-ld-preloaded', '~> 3.2'
+gem 'json-ld-preloaded', '~> 3.1'
-gem 'rdf-normalize', '~> 0.5'
+gem 'rdf-normalize', '~> 0.4'
 group :development, :test do
-  gem 'fabrication', '~> 2.30'
+  gem 'fabrication', '~> 2.22'
  gem 'fuubar', '~> 2.5'
-  gem 'i18n-tasks', '~> 1.0', require: false
+  gem 'i18n-tasks', '~> 0.9', require: false
-  gem 'pry-byebug', '~> 3.10'
+  gem 'pry-byebug', '~> 3.9'
  gem 'pry-rails', '~> 0.3'
-  gem 'rspec-rails', '~> 5.1'
+  gem 'rspec-rails', '~> 5.0'
  gem 'rubocop-performance', require: false
  gem 'rubocop-rails', require: false
  gem 'rubocop-rspec', require: false
  gem 'rubocop', require: false
 end
 group :production, :test do
@ -118,31 +113,33 @@ group :production, :test do
 end
 group :test do
-  gem 'capybara', '~> 3.38'
+  gem 'capybara', '~> 3.35'
  gem 'climate_control', '~> 0.2'
-  gem 'faker', '~> 3.1'
+  gem 'faker', '~> 2.18'
-  gem 'json-schema', '~> 3.0'
+  gem 'microformats', '~> 4.2'
  gem 'rack-test', '~> 2.0'  
  gem 'rails-controller-testing', '~> 1.0'
  gem 'rspec_junit_formatter', '~> 0.6'
  gem 'rspec-sidekiq', '~> 3.1'
-  gem 'simplecov', '~> 0.22', require: false
+  gem 'simplecov', '~> 0.21', require: false
-  gem 'webmock', '~> 3.18'
+  gem 'webmock', '~> 3.13'
  gem 'parallel_tests', '~> 3.7'
  gem 'rspec_junit_formatter', '~> 0.4'
 end
 group :development do
  gem 'active_record_query_trace', '~> 1.8'
-  gem 'annotate', '~> 3.2'
+  gem 'annotate', '~> 3.1'
  gem 'better_errors', '~> 2.9'
  gem 'binding_of_caller', '~> 1.0'
-  gem 'bullet', '~> 7.0'
+  gem 'bullet', '~> 6.1'
-  gem 'letter_opener', '~> 1.8'
+  gem 'letter_opener', '~> 1.7'
-  gem 'letter_opener_web', '~> 2.0'
+  gem 'letter_opener_web', '~> 1.4'
  gem 'memory_profiler'
-  gem 'brakeman', '~> 5.4', require: false
+  gem 'rubocop', '~> 1.15', require: false
-  gem 'bundler-audit', '~> 0.9', require: false
+  gem 'rubocop-rails', '~> 2.10', require: false
  gem 'brakeman', '~> 5.0', require: false
  gem 'bundler-audit', '~> 0.8', require: false
-  gem 'capistrano', '~> 3.17'
+  gem 'capistrano', '~> 3.16'
  gem 'capistrano-rails', '~> 1.6'
  gem 'capistrano-rbenv', '~> 2.2'
  gem 'capistrano-yarn', '~> 2.0'
@ -151,11 +148,12 @@ group :development do
 end
 group :production do
-  gem 'lograge', '~> 0.12'
+  gem 'lograge', '~> 0.11'
 end
 gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'
-gem 'cocoon', '~> 1.2'
+
-gem 'mail', '~> 2.8'
+gem 'resolv', '~> 0.1.0'
--- a/Gemfile.lock
+++ b/Gemfile.lock
--- a/README.md
+++ b/README.md
@ -1,20 +1,19 @@
-<h1><picture>
+![Mastodon](https://i.imgur.com/NhZc40l.png)
-  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
+========
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
 </picture></h1>
 [![GitHub release](https://img.shields.io/github/release/mastodon/mastodon.svg)][releases]
 [![Build Status](https://img.shields.io/circleci/project/github/mastodon/mastodon.svg)][circleci]
-[![Code Climate](https://img.shields.io/codeclimate/maintainability/mastodon/mastodon.svg)][code_climate]
+[![Code Climate](https://img.shields.io/codeclimate/maintainability/tootsuite/mastodon.svg)][code_climate]
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)][crowdin]
 [![Docker Pulls](https://img.shields.io/docker/pulls/tootsuite/mastodon.svg)][docker]
 [releases]: https://github.com/mastodon/mastodon/releases
 [circleci]: https://circleci.com/gh/mastodon/mastodon
-[code_climate]: https://codeclimate.com/github/mastodon/mastodon
+[code_climate]: https://codeclimate.com/github/tootsuite/mastodon
 [crowdin]: https://crowdin.com/project/mastodon
 [docker]: https://hub.docker.com/r/tootsuite/mastodon/
-Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub!)
+Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub)!
 Click below to **learn more** in a video:
@ -29,72 +28,65 @@ Click below to **learn more** in a video:
 - [View sponsors](https://joinmastodon.org/sponsors)
 - [Blog](https://blog.joinmastodon.org)
 - [Documentation](https://docs.joinmastodon.org)
- [Official Docker image](https://github.com/mastodon/mastodon/pkgs/container/mastodon)
+- [Browse Mastodon servers](https://joinmastodon.org/#getting-started)
 - [Browse Mastodon servers](https://joinmastodon.org/communities)
 - [Browse Mastodon apps](https://joinmastodon.org/apps)
 [patreon]: https://www.patreon.com/mastodon
 ## Features
-<img src="/app/javascript/images/elephant_ui_working.svg?raw=true" align="right" width="30%" />
+<img src="https://docs.joinmastodon.org/elephant.svg" align="right" width="30%" />
-### No vendor lock-in: Fully interoperable with any conforming platform
+**No vendor lock-in: Fully interoperable with any conforming platform**
-It doesn't have to be Mastodon; whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)
+It doesn't have to be Mastodon, whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)
-### Real-time, chronological timeline updates
+**Real-time, chronological timeline updates**
-Updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!
+See the updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!
-### Media attachments like images and short videos
+**Media attachments like images and short videos**
-Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos loop continuously!
+Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos are looped - like vines!
-### Safety and moderation tools
+**Safety and moderation tools**
-Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
+Private posts, locked accounts, phrase filtering, muting, blocking and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
-### OAuth2 and a straightforward REST API
+**OAuth2 and a straightforward REST API**
-Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Streaming APIs. This results in a rich app ecosystem with a lot of choices!
+Mastodon acts as an OAuth2 provider so 3rd party apps can use the REST and Streaming APIs, resulting in a rich app ecosystem with a lot of choices!
 ## Deployment
-### Tech stack:
+**Tech stack:**
 - **Ruby on Rails** powers the REST API and other web pages
 - **React.js** and Redux are used for the dynamic parts of the interface
 - **Node.js** powers the streaming API
-### Requirements:
+**Requirements:**
 - **PostgreSQL** 9.5+
 - **Redis** 4+
- **Ruby** 2.7+
+- **Ruby** 2.5+
- **Node.js** 14+
+- **Node.js** 12+
-The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
+The repository includes deployment configurations for **Docker and docker-compose**, but also a few specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. The [**stand-alone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
-A **Vagrant** configuration is included for development purposes. To use it, complete following steps:
+A **Vagrant** configuration is included for development purposes.
 - Install Vagrant and Virtualbox
 - Install the `vagrant-hostsupdater` plugin: `vagrant plugin install vagrant-hostsupdater`
 - Run `vagrant up`
 - Run `vagrant ssh -c "cd /vagrant && foreman start"`
 - Open `http://mastodon.local` in your browser
 ## Contributing
 Mastodon is **free, open-source software** licensed under **AGPLv3**.
-You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
+You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository, or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
 **IRC channel**: #mastodon on irc.libera.chat
 ## License
-Copyright (C) 2016-2022 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
+Copyright (C) 2016-2021 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
 This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,17 +1,13 @@
 # Security Policy
 If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can reach us at <security@joinmastodon.org>.
 You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
 ## Scope
 A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us.
 ## Supported Versions
-| Version | Supported        |
+| Version | Supported          |
-| ------- | ---------------- |
+| ------- | ------------------ |
-| 4.2.x   | Yes              |
+| 3.4.x   | :white_check_mark: |
-| 4.1.x   | Yes              |
+| 3.3.x   | :white_check_mark: |
-| < 4.1   | No               |
+| < 3.3   | :x:                |
 ## Reporting a Vulnerability
 hello@joinmastodon.org
--- a/79
+++ b/79
@ -3,14 +3,16 @@
 ENV["PORT"] ||= "3000"
-$provisionA = <<SCRIPT
+$provision = <<SCRIPT
 cd /vagrant # This is where the host folder/repo is mounted
 # Add the yarn repo + yarn repo keys
 curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 sudo apt-add-repository 'deb https://dl.yarnpkg.com/debian/ stable main'
 # Add repo for NodeJS
-curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
+curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -
 # Add firewall rule to redirect 80 to PORT and save
 sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port #{ENV["PORT"]}
@ -31,56 +33,42 @@ sudo apt-get install \
  redis-tools \
  postgresql \
  postgresql-contrib \
  protobuf-compiler \
  yarn \
  libicu-dev \
  libidn11-dev \
  libreadline6-dev \
  autoconf \
  bison \
  build-essential \
  ffmpeg \
  file \
  gcc \
  libffi-dev \
  libgdbm-dev \
  libjemalloc-dev \
  libncurses5-dev \
  libprotobuf-dev \
-  libssl-dev \
+  libreadline-dev \
-  libyaml-dev \
+  libpam0g-dev \
  pkg-config \
  protobuf-compiler \
  zlib1g-dev \
  -y
 # Install rvm
-sudo apt-add-repository -y ppa:rael-gc/rvm
+read RUBY_VERSION < .ruby-version
 sudo apt-get install rvm -y
-sudo usermod -a -G rvm $USER
+gpg_command="gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB"
 $($gpg_command)
 if [ $? -ne 0 ];then
  echo "GPG command failed, This prevented RVM from installing."
  echo "Retrying once..." && $($gpg_command)
  if [ $? -ne 0 ];then
    echo "GPG failed for the second time, please ensure network connectivity."
    echo "Exiting..." && exit 1
  fi
 fi
-SCRIPT
+curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer | bash -s stable --ruby=$RUBY_VERSION
-
+source /home/vagrant/.rvm/scripts/rvm
 $provisionB = <<SCRIPT
 source "/etc/profile.d/rvm.sh"
 # Install Ruby
-read RUBY_VERSION < /vagrant/.ruby-version
+rvm reinstall ruby-$RUBY_VERSION --disable-binary
 rvm install ruby-$RUBY_VERSION --disable-binary
 # Configure database
 sudo -u postgres createuser -U postgres vagrant -s
 sudo -u postgres createdb -U postgres mastodon_development
-cd /vagrant # This is where the host folder/repo is mounted
+# Install gems and node modules
 # Install gems
 gem install bundler foreman
 bundle install
 # Install node modules
 sudo corepack enable
 yarn set version classic
 yarn install
 # Build Mastodon
@ -94,11 +82,18 @@ echo 'export $(cat "/vagrant/.env.vagrant" | xargs)' >> ~/.bash_profile
 SCRIPT
 $start = <<SCRIPT
 echo 'To start server'
 echo '  $ vagrant ssh -c "cd /vagrant && foreman start"'
 SCRIPT
 VAGRANTFILE_API_VERSION = "2"
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "ubuntu/focal64"
+  config.vm.box = "ubuntu/bionic64"
  config.vm.provider :virtualbox do |vb|
    vb.name = "mastodon"
@ -115,6 +110,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
    # Use "virtio" network interfaces for better performance.
    vb.customize ["modifyvm", :id, "--nictype1", "virtio"]
    vb.customize ["modifyvm", :id, "--nictype2", "virtio"]
  end
  # This uses the vagrant-hostsupdater plugin, and lets you
@ -132,7 +128,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  end
  if config.vm.networks.any? { |type, options| type == :private_network }
-    config.vm.synced_folder ".", "/vagrant", type: "nfs", mount_options: ['rw', 'actimeo=1']
+    config.vm.synced_folder ".", "/vagrant", type: "nfs", mount_options: ['rw', 'vers=3', 'tcp', 'actimeo=1']
  else
    config.vm.synced_folder ".", "/vagrant"
  end
@ -143,12 +139,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.network :forwarded_port, guest: 8080, host: 8080
  # Full provisioning script, only runs on first 'vagrant up' or with 'vagrant provision'
-  config.vm.provision :shell, inline: $provisionA, privileged: false, reset: true
+  config.vm.provision :shell, inline: $provision, privileged: false
  config.vm.provision :shell, inline: $provisionB, privileged: false
-  config.vm.post_up_message = <<MESSAGE
+  # Start up script, runs on every 'vagrant up'
-To start server
+  config.vm.provision :shell, inline: $start, run: 'always', privileged: false
  $ vagrant ssh -c "cd /vagrant && foreman start"
 MESSAGE
 end
--- a/app.json
+++ b/app.json
@ -79,13 +79,8 @@
      "description": "SMTP server certificate verification mode. Defaults is 'peer'.",
      "required": false
    },
    "SMTP_ENABLE_STARTTLS": {
      "description": "Enable STARTTLS? Default is 'auto'.",
      "value": "auto",
      "required": false
    },
    "SMTP_ENABLE_STARTTLS_AUTO": {
-      "description": "Enable STARTTLS if SMTP server supports it? Deprecated by SMTP_ENABLE_STARTTLS.",
+      "description": "Enable STARTTLS if SMTP server supports it? Default is true.",
      "required": false
    }
  },
@ -100,5 +95,8 @@
  "scripts": {
    "postdeploy": "bundle exec rails db:migrate && bundle exec rails db:seed"
  },
-  "addons": ["heroku-postgresql", "heroku-redis"]
+  "addons": [
    "heroku-postgresql",
    "heroku-redis"
  ]
 }
--- a/app/chewy/accounts_index.rb
+++ b/app/chewy/accounts_index.rb
@ -1,9 +1,7 @@
 # frozen_string_literal: true
 class AccountsIndex < Chewy::Index
-  include DatetimeClampingConcern
+  settings index: { refresh_interval: '5m' }, analysis: {
  settings index: { refresh_interval: '30s' }, analysis: {
    analyzer: {
      content: {
        tokenizer: 'whitespace',
@ -25,21 +23,21 @@ class AccountsIndex < Chewy::Index
    },
  }
-  index_scope ::Account.searchable.includes(:account_stat)
+  define_type ::Account.searchable.includes(:account_stat), delete_if: ->(account) { account.destroyed? || !account.searchable? } do
    root date_detection: false do
      field :id, type: 'long'
-  root date_detection: false do
+      field :display_name, type: 'text', analyzer: 'content' do
-    field :id, type: 'long'
+        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
      end
-    field :display_name, type: 'text', analyzer: 'content' do
+      field :acct, type: 'text', analyzer: 'content', value: ->(account) { [account.username, account.domain].compact.join('@') } do
-      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
+        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
      end
      field :following_count, type: 'long', value: ->(account) { account.following.local.count }
      field :followers_count, type: 'long', value: ->(account) { account.followers.local.count }
      field :last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at }
    end
    field :acct, type: 'text', analyzer: 'content', value: ->(account) { [account.username, account.domain].compact.join('@') } do
      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
    end
    field :following_count, type: 'long', value: ->(account) { account.following_count }
    field :followers_count, type: 'long', value: ->(account) { account.followers_count }
    field :last_status_at, type: 'date', value: ->(account) { clamp_date(account.last_status_at || account.created_at) }
  end
 end
--- a/app/chewy/concerns/datetime_clamping_concern.rb
+++ b/app/chewy/concerns/datetime_clamping_concern.rb
@ -1,14 +0,0 @@
 # frozen_string_literal: true
 module DatetimeClampingConcern
  extend ActiveSupport::Concern
  MIN_ISO8601_DATETIME = '0000-01-01T00:00:00Z'.to_datetime.freeze
  MAX_ISO8601_DATETIME = '9999-12-31T23:59:59Z'.to_datetime.freeze
  class_methods do
    def clamp_date(datetime)
      datetime.clamp(MIN_ISO8601_DATETIME, MAX_ISO8601_DATETIME)
    end
  end
 end
--- a/app/chewy/statuses_index.rb
+++ b/app/chewy/statuses_index.rb
@ -1,9 +1,7 @@
 # frozen_string_literal: true
 class StatusesIndex < Chewy::Index
-  include FormattingHelper
+  settings index: { refresh_interval: '15m' }, analysis: {
  settings index: { refresh_interval: '30s' }, analysis: {
    filter: {
      english_stop: {
        type: 'stop',
@ -33,43 +31,36 @@ class StatusesIndex < Chewy::Index
    },
  }
-  # We do not use delete_if option here because it would call a method that we
+  define_type ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preloadable_poll) do
-  # expect to be called with crutches without crutches, causing n+1 queries
+    crutch :mentions do |collection|
-  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preloadable_poll)
+      data = ::Mention.where(status_id: collection.map(&:id)).where(account: Account.local, silent: false).pluck(:status_id, :account_id)
-
+      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  crutch :mentions do |collection|
    data = ::Mention.where(status_id: collection.map(&:id)).where(account: Account.local, silent: false).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :favourites do |collection|
    data = ::Favourite.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :reblogs do |collection|
    data = ::Status.where(reblog_of_id: collection.map(&:id)).where(account: Account.local).pluck(:reblog_of_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :bookmarks do |collection|
    data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :votes do |collection|
    data = ::PollVote.joins(:poll).where(poll: { status_id: collection.map(&:id) }).where(account: Account.local).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  root date_detection: false do
    field :id, type: 'long'
    field :account_id, type: 'long'
    field :text, type: 'text', value: ->(status) { status.searchable_text } do
      field :stemmed, type: 'text', analyzer: 'content'
    end
-    field :searchable_by, type: 'long', value: ->(status, crutches) { status.searchable_by(crutches) }
+    crutch :favourites do |collection|
      data = ::Favourite.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
    end
    crutch :reblogs do |collection|
      data = ::Status.where(reblog_of_id: collection.map(&:id)).where(account: Account.local).pluck(:reblog_of_id, :account_id)
      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
    end
    crutch :bookmarks do |collection|
      data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
    end
    root date_detection: false do
      field :id, type: 'long'
      field :account_id, type: 'long'
      field :text, type: 'text', value: ->(status) { [status.spoiler_text, Formatter.instance.plaintext(status)].concat(status.media_attachments.map(&:description)).concat(status.preloadable_poll ? status.preloadable_poll.options : []).join("\n\n") } do
        field :stemmed, type: 'text', analyzer: 'content'
      end
      field :searchable_by, type: 'long', value: ->(status, crutches) { status.searchable_by(crutches) }
    end
  end
 end
--- a/app/chewy/tags_index.rb
+++ b/app/chewy/tags_index.rb
@ -1,9 +1,7 @@
 # frozen_string_literal: true
 class TagsIndex < Chewy::Index
-  include DatetimeClampingConcern
+  settings index: { refresh_interval: '15m' }, analysis: {
  settings index: { refresh_interval: '30s' }, analysis: {
    analyzer: {
      content: {
        tokenizer: 'keyword',
@ -25,19 +23,15 @@ class TagsIndex < Chewy::Index
    },
  }
-  index_scope ::Tag.listable
+  define_type ::Tag.listable, delete_if: ->(tag) { tag.destroyed? || !tag.listable? } do
    root date_detection: false do
      field :name, type: 'text', analyzer: 'content' do
        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
      end
-  crutch :time_period do
+      field :reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? }
-    7.days.ago.to_date..0.days.ago.to_date
+      field :usage, type: 'long', value: ->(tag) { tag.history.reduce(0) { |total, day| total + day[:accounts].to_i } }
-  end
+      field :last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at }
  root date_detection: false do
    field :name, type: 'text', analyzer: 'content' do
      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
    end
    field :reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? }
    field :usage, type: 'long', value: ->(tag, crutches) { tag.history.aggregate(crutches.time_period).accounts }
    field :last_status_at, type: 'date', value: ->(tag) { clamp_date(tag.last_status_at || tag.created_at) }
  end
 end
--- a/app/controllers/about_controller.rb
+++ b/app/controllers/about_controller.rb
@ -1,19 +1,68 @@
 # frozen_string_literal: true
 class AboutController < ApplicationController
-  include WebAppControllerConcern
+  include RegistrationSpamConcern
-  skip_before_action :require_functional!
+  layout 'public'
  before_action :require_open_federation!, only: [:show, :more]
  before_action :set_body_classes, only: :show
  before_action :set_instance_presenter
  before_action :set_expires_in, only: [:more, :terms]
  before_action :set_registration_form_time, only: :show
-  def show
+  skip_before_action :require_functional!, only: [:more, :terms]
-    expires_in 0, public: true unless user_signed_in?
+
  def show; end
  def more
    flash.now[:notice] = I18n.t('about.instance_actor_flash') if params[:instance_actor]
    toc_generator = TOCGenerator.new(@instance_presenter.site_extended_description)
    @rules             = Rule.ordered
    @contents          = toc_generator.html
    @table_of_contents = toc_generator.toc
    @blocks            = DomainBlock.with_user_facing_limitations.by_severity if display_blocks?
  end
  def terms; end
  helper_method :display_blocks?
  helper_method :display_blocks_rationale?
  helper_method :public_fetch_mode?
  helper_method :new_user
  private
  def require_open_federation!
    not_found if whitelist_mode?
  end
  def display_blocks?
    Setting.show_domain_blocks == 'all' || (Setting.show_domain_blocks == 'users' && user_signed_in?)
  end
  def display_blocks_rationale?
    Setting.show_domain_blocks_rationale == 'all' || (Setting.show_domain_blocks_rationale == 'users' && user_signed_in?)
  end
  def new_user
    User.new.tap do |user|
      user.build_account
      user.build_invite_request
    end
  end
  def set_instance_presenter
    @instance_presenter = InstancePresenter.new
  end
  def set_body_classes
    @hide_navbar = true
  end
  def set_expires_in
    expires_in 0, public: true
  end
 end
--- a/app/controllers/account_follow_controller.rb
+++ b/app/controllers/account_follow_controller.rb
@ -0,0 +1,12 @@
 # frozen_string_literal: true
 class AccountFollowController < ApplicationController
  include AccountControllerConcern
  before_action :authenticate_user!
  def create
    FollowService.new.call(current_user.account, @account, with_rate_limit: true)
    redirect_to account_path(@account)
  end
 end
--- a/app/controllers/account_unfollow_controller.rb
+++ b/app/controllers/account_unfollow_controller.rb
@ -0,0 +1,12 @@
 # frozen_string_literal: true
 class AccountUnfollowController < ApplicationController
  include AccountControllerConcern
  before_action :authenticate_user!
  def create
    UnfollowService.new.call(current_user.account, @account)
    redirect_to account_path(@account)
  end
 end
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -7,8 +7,9 @@ class AccountsController < ApplicationController
  include AccountControllerConcern
  include SignatureAuthentication
-  before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
+  before_action :require_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
  before_action :set_cache_headers
  before_action :set_body_classes
  skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
  skip_before_action :require_functional!, unless: :whitelist_mode?
@ -18,7 +19,23 @@ class AccountsController < ApplicationController
      format.html do
        expires_in 0, public: true unless user_signed_in?
-        @rss_url = rss_url
+        @pinned_statuses   = []
        @endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
        @featured_hashtags = @account.featured_tags.order(statuses_count: :desc)
        if current_account && @account.blocking?(current_account)
          @statuses = []
          return
        end
        @pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses?
        @statuses        = cached_filtered_status_page
        @rss_url         = rss_url
        unless @statuses.empty?
          @older_url = older_url if @statuses.last.id > filtered_statuses.last.id
          @newer_url = newer_url if @statuses.first.id < filtered_statuses.first.id
        end
      end
      format.rss do
@ -27,6 +44,7 @@ class AccountsController < ApplicationController
        limit     = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
        @statuses = filtered_statuses.without_reblogs.limit(limit)
        @statuses = cache_collection(@statuses, Status)
        render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
      end
      format.json do
@ -38,6 +56,14 @@ class AccountsController < ApplicationController
  private
  def set_body_classes
    @body_classes = 'with-modals'
  end
  def show_pinned_statuses?
    [replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
  end
  def filtered_statuses
    default_statuses.tap do |statuses|
      statuses.merge!(hashtag_scope)    if tag_requested?
@ -84,6 +110,26 @@ class AccountsController < ApplicationController
    end
  end
  def older_url
    pagination_url(max_id: @statuses.last.id)
  end
  def newer_url
    pagination_url(min_id: @statuses.first.id)
  end
  def pagination_url(max_id: nil, min_id: nil)
    if tag_requested?
      short_account_tag_url(@account, params[:tag], max_id: max_id, min_id: min_id)
    elsif media_requested?
      short_account_media_url(@account, max_id: max_id, min_id: min_id)
    elsif replies_requested?
      short_account_with_replies_url(@account, max_id: max_id, min_id: min_id)
    else
      short_account_url(@account, max_id: max_id, min_id: min_id)
    end
  end
  def media_requested?
    request.path.split('.').first.end_with?('/media') && !tag_requested?
  end
--- a/app/controllers/activitypub/base_controller.rb
+++ b/app/controllers/activitypub/base_controller.rb
@ -2,8 +2,6 @@
 class ActivityPub::BaseController < Api::BaseController
  skip_before_action :require_authenticated_user!
  skip_before_action :require_not_suspended!
  skip_around_action :set_locale
  private
--- a/app/controllers/activitypub/claims_controller.rb
+++ b/app/controllers/activitypub/claims_controller.rb
@ -6,7 +6,7 @@ class ActivityPub::ClaimsController < ActivityPub::BaseController
  skip_before_action :authenticate_user!
-  before_action :require_account_signature!
+  before_action :require_signature!
  before_action :set_claim_result
  def create
--- a/app/controllers/activitypub/collections_controller.rb
+++ b/app/controllers/activitypub/collections_controller.rb
@ -4,7 +4,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
  include SignatureVerification
  include AccountOwnedConcern
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
+  before_action :require_signature!, if: :authorized_fetch_mode?
  before_action :set_items
  before_action :set_size
  before_action :set_type
@ -21,7 +21,6 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
    case params[:id]
    when 'featured'
      @items = for_signed_account { cache_collection(@account.pinned_statuses, Status) }
      @items = @items.map { |item| item.distributable? ? item : ActivityPub::TagManager.instance.uri_for(item) }
    when 'tags'
      @items = for_signed_account { @account.featured_tags }
    when 'devices'
--- a/app/controllers/activitypub/followers_synchronizations_controller.rb
+++ b/app/controllers/activitypub/followers_synchronizations_controller.rb
@ -4,7 +4,7 @@ class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseContro
  include SignatureVerification
  include AccountOwnedConcern
-  before_action :require_account_signature!
+  before_action :require_signature!
  before_action :set_items
  before_action :set_cache_headers
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@ -6,7 +6,7 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
  include AccountOwnedConcern
  before_action :skip_unknown_actor_activity
-  before_action :require_actor_signature!
+  before_action :require_signature!
  skip_before_action :authenticate_user!
  def create
@ -49,17 +49,17 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
  end
  def upgrade_account
-    if signed_request_account&.ostatus?
+    if signed_request_account.ostatus?
      signed_request_account.update(last_webfingered_at: nil)
      ResolveAccountWorker.perform_async(signed_request_account.acct)
    end
-    DeliveryFailureTracker.reset!(signed_request_actor.inbox_url)
+    DeliveryFailureTracker.reset!(signed_request_account.inbox_url)
  end
  def process_collection_synchronization
    raw_params = request.headers['Collection-Synchronization']
-    return if raw_params.blank? || ENV['DISABLE_FOLLOWERS_SYNCHRONIZATION'] == 'true' || signed_request_account.nil?
+    return if raw_params.blank? || ENV['DISABLE_FOLLOWERS_SYNCHRONIZATION'] == 'true'
    # Re-using the syntax for signature parameters
    tree   = SignatureParamsParser.new.parse(raw_params)
@ -71,6 +71,6 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
  end
  def process_payload
-    ActivityPub::ProcessingWorker.perform_async(signed_request_actor.id, body, @account&.id, signed_request_actor.class.name)
+    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
  end
 end
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@ -6,7 +6,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
  include SignatureVerification
  include AccountOwnedConcern
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
+  before_action :require_signature!, if: :authorized_fetch_mode?
  before_action :set_statuses
  before_action :set_cache_headers
@ -62,7 +62,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
    return unless page_requested?
    @statuses = cache_collection_paginated_by_id(
-      AccountStatusesFilter.new(@account, signed_request_account).results,
+      @account.statuses.permitted_for(@account, signed_request_account),
      Status,
      LIMIT,
      params_slice(:max_id, :min_id, :since_id)
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@ -7,7 +7,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  DESCENDANTS_LIMIT = 60
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
+  before_action :require_signature!, if: :authorized_fetch_mode?
  before_action :set_status
  before_action :set_cache_headers
  before_action :set_replies
@ -63,29 +63,15 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  end
  def next_page
-    if only_other_accounts?
+    only_other_accounts = !(@replies&.last&.account_id == @account.id && @replies.size == DESCENDANTS_LIMIT)
      # Only consider remote accounts
      return nil if @replies.size < DESCENDANTS_LIMIT
-      account_status_replies_url(
+    account_status_replies_url(
-        @account,
+      @account,
-        @status,
+      @status,
-        page: true,
+      page: true,
-        min_id: @replies&.last&.id,
+      min_id: only_other_accounts && !only_other_accounts? ? nil : @replies&.last&.id,
-        only_other_accounts: true
+      only_other_accounts: only_other_accounts
-      )
+    )
    else
      # For now, we're serving only self-replies, but next page might be other accounts
      next_only_other_accounts = @replies&.last&.account_id != @account.id || @replies.size < DESCENDANTS_LIMIT
      account_status_replies_url(
        @account,
        @status,
        page: true,
        min_id: next_only_other_accounts ? nil : @replies&.last&.id,
        only_other_accounts: next_only_other_accounts
      )
    end
  end
  def page_params
--- a/app/controllers/admin/account_actions_controller.rb
+++ b/app/controllers/admin/account_actions_controller.rb
@ -5,15 +5,11 @@ module Admin
    before_action :set_account
    def new
      authorize @account, :show?
      @account_action  = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true, include_statuses: true)
      @warning_presets = AccountWarningPreset.all
    end
    def create
      authorize @account, :show?
      account_action                 = Admin::AccountAction.new(resource_params)
      account_action.target_account  = @account
      account_action.current_account = current_account
@ -21,7 +17,7 @@ module Admin
      account_action.save!
      if account_action.with_report?
-        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: resource_params[:report_id])
+        redirect_to admin_reports_path
      else
        redirect_to admin_account_path(@account.id)
      end
--- a/app/controllers/admin/account_moderation_notes_controller.rb
+++ b/app/controllers/admin/account_moderation_notes_controller.rb
@ -14,7 +14,7 @@ module Admin
      else
        @account          = @account_moderation_note.target_account
        @moderation_notes = @account.targeted_moderation_notes.latest
-        @warnings         = @account.strikes.custom.latest
+        @warnings         = @account.targeted_account_warnings.latest.custom
        render template: 'admin/accounts/show'
      end
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@ -2,30 +2,13 @@
 module Admin
  class AccountsController < BaseController
-    before_action :set_account, except: [:index, :batch]
+    before_action :set_account, except: [:index]
    before_action :require_remote_account!, only: [:redownload]
    before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]
    def index
      authorize :account, :index?
      @accounts = filtered_accounts.page(params[:page])
      @form     = Form::AccountBatch.new
    end
    def batch
      authorize :account, :index?
      @form = Form::AccountBatch.new(form_account_batch_params)
      @form.current_account = current_account
      @form.action = action_from_button
      @form.select_all_matching = params[:select_all_matching]
      @form.query = filtered_accounts
      @form.save
    rescue ActionController::ParameterMissing
      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
    ensure
      redirect_to admin_accounts_path(filter_params)
    end
    def show
@ -34,7 +17,7 @@ module Admin
      @deletion_request        = @account.deletion_request
      @account_moderation_note = current_account.account_moderation_notes.new(target_account: @account)
      @moderation_notes        = @account.targeted_moderation_notes.latest
-      @warnings                = @account.strikes.includes(:target_account, :account, :appeal).latest
+      @warnings                = @account.targeted_account_warnings.latest.custom
      @domain_block            = DomainBlock.rule_for(@account.domain)
    end
@ -55,15 +38,13 @@ module Admin
    def approve
      authorize @account.user, :approve?
      @account.user.approve!
-      log_action :approve, @account.user
+      redirect_to admin_pending_accounts_path, notice: I18n.t('admin.accounts.approved_msg', username: @account.acct)
      redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.approved_msg', username: @account.acct)
    end
    def reject
      authorize @account.user, :reject?
      DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
-      log_action :reject, @account.user
+      redirect_to admin_pending_accounts_path, notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct)
      redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct)
    end
    def destroy
@ -125,16 +106,6 @@ module Admin
      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.removed_header_msg', username: @account.acct)
    end
    def unblock_email
      authorize @account, :unblock_email?
      CanonicalEmailBlock.where(reference_account: @account).delete_all
      log_action :unblock_email, @account
      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.unblocked_email_msg', username: @account.acct)
    end
    private
    def set_account
@ -150,25 +121,11 @@ module Admin
    end
    def filtered_accounts
-      AccountFilter.new(filter_params.with_defaults(order: 'recent')).results
+      AccountFilter.new(filter_params).results
    end
    def filter_params
-      params.slice(:page, *AccountFilter::KEYS).permit(:page, *AccountFilter::KEYS)
+      params.slice(*AccountFilter::KEYS).permit(*AccountFilter::KEYS)
    end
    def form_account_batch_params
      params.require(:form_account_batch).permit(:action, account_ids: [])
    end
    def action_from_button
      if params[:suspend]
        'suspend'
      elsif params[:approve]
        'approve'
      elsif params[:reject]
        'reject'
      end
    end
  end
 end
--- a/app/controllers/admin/action_logs_controller.rb
+++ b/app/controllers/admin/action_logs_controller.rb
@ -4,10 +4,7 @@ module Admin
  class ActionLogsController < BaseController
    before_action :set_action_logs
-    def index
+    def index; end
      authorize :audit_log, :index?
      @auditable_accounts = Account.where(id: Admin::ActionLog.reorder(nil).select('distinct account_id')).select(:id, :username)
    end
    private
--- a/app/controllers/admin/base_controller.rb
+++ b/app/controllers/admin/base_controller.rb
@ -7,8 +7,8 @@ module Admin
    layout 'admin'
    before_action :require_staff!
    before_action :set_body_classes
    after_action :verify_authorized
    private
--- a/app/controllers/admin/confirmations_controller.rb
+++ b/app/controllers/admin/confirmations_controller.rb
@ -17,7 +17,7 @@ module Admin
      @user.resend_confirmation_instructions
-      log_action :resend, @user
+      log_action :confirm, @user
      flash[:notice] = I18n.t('admin.accounts.resend_confirmation.success')
      redirect_to admin_accounts_path
--- a/app/controllers/admin/custom_emojis_controller.rb
+++ b/app/controllers/admin/custom_emojis_controller.rb
@ -29,12 +29,10 @@ module Admin
    end
    def batch
      authorize :custom_emoji, :index?
      @form = Form::CustomEmojiBatch.new(form_custom_emoji_batch_params.merge(current_account: current_account, action: action_from_button))
      @form.save
    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.custom_emojis.no_emoji_selected')
+      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
    rescue Mastodon::NotPermittedError
      flash[:alert] = I18n.t('admin.custom_emojis.not_permitted')
    ensure
--- a/app/controllers/admin/dashboard_controller.rb
+++ b/app/controllers/admin/dashboard_controller.rb
@ -1,28 +1,55 @@
 # frozen_string_literal: true
 require 'sidekiq/api'
 module Admin
  class DashboardController < BaseController
    include Redisable
    def index
-      authorize :dashboard, :index?
+      @system_checks         = Admin::SystemCheck.perform
-
+      @users_count           = User.count
      @system_checks         = Admin::SystemCheck.perform(current_user)
      @time_period           = (29.days.ago.to_date...Time.now.utc.to_date)
      @pending_users_count   = User.pending.count
-      @pending_reports_count = Report.unresolved.count
+      @registrations_week    = Redis.current.get("activity:accounts:local:#{current_week}") || 0
      @logins_week           = Redis.current.pfcount("activity:logins:#{current_week}")
      @interactions_week     = Redis.current.get("activity:interactions:#{current_week}") || 0
      @relay_enabled         = Relay.enabled.exists?
      @single_user_mode      = Rails.configuration.x.single_user_mode
      @registrations_enabled = Setting.registrations_mode != 'none'
      @deletions_enabled     = Setting.open_deletion
      @invites_enabled       = Setting.min_invite_role == 'user'
      @search_enabled        = Chewy.enabled?
      @version               = Mastodon::Version.to_s
      @database_version      = ActiveRecord::Base.connection.execute('SELECT VERSION()').first['version'].match(/\A(?:PostgreSQL |)([^\s]+).*\z/)[1]
      @redis_version         = redis_info['redis_version']
      @reports_count         = Report.unresolved.count
      @queue_backlog         = Sidekiq::Stats.new.enqueued
      @recent_users          = User.confirmed.recent.includes(:account).limit(8)
      @database_size         = ActiveRecord::Base.connection.execute('SELECT pg_database_size(current_database())').first['pg_database_size']
      @redis_size            = redis_info['used_memory']
      @ldap_enabled          = ENV['LDAP_ENABLED'] == 'true'
      @cas_enabled           = ENV['CAS_ENABLED'] == 'true'
      @saml_enabled          = ENV['SAML_ENABLED'] == 'true'
      @pam_enabled           = ENV['PAM_ENABLED'] == 'true'
      @hidden_service        = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
      @trending_hashtags     = TrendingTags.get(10, filtered: false)
      @pending_tags_count    = Tag.pending_review.count
-      @pending_appeals_count = Appeal.pending.count
+      @authorized_fetch      = authorized_fetch_mode?
      @whitelist_enabled     = whitelist_mode?
      @profile_directory     = Setting.profile_directory
      @timeline_preview      = Setting.timeline_preview
      @trends_enabled        = Setting.trends
    end
    private
    def current_week
      @current_week ||= Time.now.utc.to_date.cweek
    end
    def redis_info
      @redis_info ||= begin
-        if redis.is_a?(Redis::Namespace)
+        if Redis.current.is_a?(Redis::Namespace)
-          redis.redis.info
+          Redis.current.redis.info
        else
-          redis.info
+          Redis.current.info
        end
      end
    end
--- a/app/controllers/admin/disputes/appeals_controller.rb
+++ b/app/controllers/admin/disputes/appeals_controller.rb
@ -1,40 +0,0 @@
 # frozen_string_literal: true
 class Admin::Disputes::AppealsController < Admin::BaseController
  before_action :set_appeal, except: :index
  def index
    authorize :appeal, :index?
    @appeals = filtered_appeals.page(params[:page])
  end
  def approve
    authorize @appeal, :approve?
    log_action :approve, @appeal
    ApproveAppealService.new.call(@appeal, current_account)
    redirect_to disputes_strike_path(@appeal.strike)
  end
  def reject
    authorize @appeal, :approve?
    log_action :reject, @appeal
    @appeal.reject!(current_account)
    UserMailer.appeal_rejected(@appeal.account.user, @appeal)
    redirect_to disputes_strike_path(@appeal.strike)
  end
  private
  def filtered_appeals
    Admin::AppealFilter.new(filter_params.with_defaults(status: 'pending')).results.includes(strike: :account)
  end
  def filter_params
    params.slice(:page, *Admin::AppealFilter::KEYS).permit(:page, *Admin::AppealFilter::KEYS)
  end
  def set_appeal
    @appeal = Appeal.find(params[:id])
  end
 end
--- a/app/controllers/admin/domain_allows_controller.rb
+++ b/app/controllers/admin/domain_allows_controller.rb
@ -25,8 +25,6 @@ class Admin::DomainAllowsController < Admin::BaseController
  def destroy
    authorize @domain_allow, :destroy?
    UnallowDomainService.new.call(@domain_allow)
    log_action :destroy, @domain_allow
    redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
  end
--- a/app/controllers/admin/domain_blocks_controller.rb
+++ b/app/controllers/admin/domain_blocks_controller.rb
@ -4,18 +4,6 @@ module Admin
  class DomainBlocksController < BaseController
    before_action :set_domain_block, only: [:show, :destroy, :edit, :update]
    def batch
      authorize :domain_block, :create?
      @form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
      @form.save
    rescue ActionController::ParameterMissing
      flash[:alert] = I18n.t('admin.domain_blocks.no_domain_block_selected')
    rescue Mastodon::NotPermittedError
      flash[:alert] = I18n.t('admin.domain_blocks.not_permitted')
    else
      redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
    end
    def new
      authorize :domain_block, :create?
      @domain_block = DomainBlock.new(domain: params[:_domain])
@ -37,7 +25,7 @@ module Admin
        @domain_block.errors.delete(:domain)
        render :new
      else
-        if existing_domain_block.present? && existing_domain_block.domain == TagManager.instance.normalize_domain(@domain_block.domain.strip)
+        if existing_domain_block.present?
          @domain_block = existing_domain_block
          @domain_block.update(resource_params)
        end
@ -55,8 +43,12 @@ module Admin
    def update
      authorize :domain_block, :update?
-      if @domain_block.update(update_params)
+      @domain_block.update(update_params)
-        DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?)
+
      severity_changed = @domain_block.severity_changed?
      if @domain_block.save
        DomainBlockWorker.perform_async(@domain_block.id, severity_changed)
        log_action :update, @domain_block
        redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
      else
@ -64,6 +56,10 @@ module Admin
      end
    end
    def show
      authorize @domain_block, :show?
    end
    def destroy
      authorize @domain_block, :destroy?
      UnblockDomainService.new.call(@domain_block)
@ -84,15 +80,5 @@ module Admin
    def resource_params
      params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
    end
    def form_domain_block_batch_params
      params.require(:form_domain_block_batch).permit(domain_blocks_attributes: [:enabled, :domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate])
    end
    def action_from_button
      if params[:save]
        'save'
      end
    end
  end
 end
--- a/app/controllers/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/admin/email_domain_blocks_controller.rb
@ -6,22 +6,7 @@ module Admin
    def index
      authorize :email_domain_block, :index?
      @email_domain_blocks = EmailDomainBlock.where(parent_id: nil).includes(:children).order(id: :desc).page(params[:page])
      @form                = Form::EmailDomainBlockBatch.new
    end
    def batch
      authorize :email_domain_block, :index?
      @form = Form::EmailDomainBlockBatch.new(form_email_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
      @form.save
    rescue ActionController::ParameterMissing
      flash[:alert] = I18n.t('admin.email_domain_blocks.no_email_domain_block_selected')
    rescue Mastodon::NotPermittedError
      flash[:alert] = I18n.t('admin.email_domain_blocks.not_permitted')
    ensure
      redirect_to admin_email_domain_blocks_path
    end
    def new
@ -34,27 +19,41 @@ module Admin
      @email_domain_block = EmailDomainBlock.new(resource_params)
-      if action_from_button == 'save'
+      if @email_domain_block.save
-        EmailDomainBlock.transaction do
+        log_action :create, @email_domain_block
          @email_domain_block.save!
          log_action :create, @email_domain_block
-          (@email_domain_block.other_domains || []).uniq.each do |domain|
+        if @email_domain_block.with_dns_records?
-            next if EmailDomainBlock.where(domain: domain).exists?
+          hostnames = []
          ips       = []
-            other_email_domain_block = EmailDomainBlock.create!(domain: domain, parent: @email_domain_block)
+          Resolv::DNS.open do |dns|
-            log_action :create, other_email_domain_block
+            dns.timeouts = 5
            hostnames = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
            ([@email_domain_block.domain] + hostnames).uniq.each do |hostname|
              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::A).to_a.map { |e| e.address.to_s })
              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::AAAA).to_a.map { |e| e.address.to_s })
            end
          end
          (hostnames + ips).each do |hostname|
            another_email_domain_block = EmailDomainBlock.new(domain: hostname, parent: @email_domain_block)
            log_action :create, another_email_domain_block if another_email_domain_block.save
          end
        end
        redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg')
      else
        set_resolved_records
        render :new
      end
-    rescue ActiveRecord::RecordInvalid
+    end
-      set_resolved_records
+
-      render :new
+    def destroy
      authorize @email_domain_block, :destroy?
      @email_domain_block.destroy!
      log_action :destroy, @email_domain_block
      redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.destroyed_msg')
    end
    private
@ -63,27 +62,8 @@ module Admin
      @email_domain_block = EmailDomainBlock.find(params[:id])
    end
    def set_resolved_records
      Resolv::DNS.open do |dns|
        dns.timeouts = 5
        @resolved_records = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a
      end
    end
    def resource_params
-      params.require(:email_domain_block).permit(:domain, other_domains: [])
+      params.require(:email_domain_block).permit(:domain, :with_dns_records)
    end
    def form_email_domain_block_batch_params
      params.require(:form_email_domain_block_batch).permit(email_domain_block_ids: [])
    end
    def action_from_button
      if params[:delete]
        'delete'
      elsif params[:save]
        'save'
      end
    end
  end
 end
--- a/app/controllers/admin/export_domain_allows_controller.rb
+++ b/app/controllers/admin/export_domain_allows_controller.rb
@ -1,58 +0,0 @@
 # frozen_string_literal: true
 require 'csv'
 module Admin
  class ExportDomainAllowsController < BaseController
    include AdminExportControllerConcern
    before_action :set_dummy_import!, only: [:new]
    def new
      authorize :domain_allow, :create?
    end
    def export
      authorize :instance, :index?
      send_export_file
    end
    def import
      authorize :domain_allow, :create?
      begin
        @import = Admin::Import.new(import_params)
        return render :new unless @import.validate
        @import.csv_rows.each do |row|
          domain = row['#domain'].strip
          next if DomainAllow.allowed?(domain)
          domain_allow = DomainAllow.new(domain: domain)
          log_action :create, domain_allow if domain_allow.save
        end
        flash[:notice] = I18n.t('admin.domain_allows.created_msg')
      rescue ActionController::ParameterMissing
        flash[:error] = I18n.t('admin.export_domain_allows.no_file')
      end
      redirect_to admin_instances_path
    end
    private
    def export_filename
      'domain_allows.csv'
    end
    def export_headers
      %w(#domain)
    end
    def export_data
      CSV.generate(headers: export_headers, write_headers: true) do |content|
        DomainAllow.allowed_domains.each do |instance|
          content << [instance.domain]
        end
      end
    end
  end
 end
--- a/app/controllers/admin/export_domain_blocks_controller.rb
+++ b/app/controllers/admin/export_domain_blocks_controller.rb
@ -1,77 +0,0 @@
 # frozen_string_literal: true
 require 'csv'
 module Admin
  class ExportDomainBlocksController < BaseController
    include AdminExportControllerConcern
    before_action :set_dummy_import!, only: [:new]
    def new
      authorize :domain_block, :create?
    end
    def export
      authorize :instance, :index?
      send_export_file
    end
    def import
      authorize :domain_block, :create?
      @import = Admin::Import.new(import_params)
      return render :new unless @import.validate
      @global_private_comment = I18n.t('admin.export_domain_blocks.import.private_comment_template', source: @import.data_file_name, date: I18n.l(Time.now.utc))
      @form = Form::DomainBlockBatch.new
      @domain_blocks = @import.csv_rows.filter_map do |row|
        domain = row['#domain'].strip
        next if DomainBlock.rule_for(domain).present?
        domain_block = DomainBlock.new(domain: domain,
                                       severity: row.fetch('#severity', :suspend),
                                       reject_media: row.fetch('#reject_media', false),
                                       reject_reports: row.fetch('#reject_reports', false),
                                       private_comment: @global_private_comment,
                                       public_comment: row['#public_comment'],
                                       obfuscate: row.fetch('#obfuscate', false))
        if domain_block.invalid?
          flash.now[:alert] = I18n.t('admin.export_domain_blocks.invalid_domain_block', error: domain_block.errors.full_messages.join(', '))
          next
        end
        domain_block
      rescue ArgumentError => e
        flash.now[:alert] = I18n.t('admin.export_domain_blocks.invalid_domain_block', error: e.message)
        next
      end
      @warning_domains = Instance.where(domain: @domain_blocks.map(&:domain)).where('EXISTS (SELECT 1 FROM follows JOIN accounts ON follows.account_id = accounts.id OR follows.target_account_id = accounts.id WHERE accounts.domain = instances.domain)').pluck(:domain)
    rescue ActionController::ParameterMissing
      flash.now[:alert] = I18n.t('admin.export_domain_blocks.no_file')
      set_dummy_import!
      render :new
    end
    private
    def export_filename
      'domain_blocks.csv'
    end
    def export_headers
      %w(#domain #severity #reject_media #reject_reports #public_comment #obfuscate)
    end
    def export_data
      CSV.generate(headers: export_headers, write_headers: true) do |content|
        DomainBlock.with_limitations.each do |instance|
          content << [instance.domain, instance.severity, instance.reject_media, instance.reject_reports, instance.public_comment, instance.obfuscate]
        end
      end
    end
  end
 end
--- a/app/controllers/admin/follow_recommendations_controller.rb
+++ b/app/controllers/admin/follow_recommendations_controller.rb
@ -12,8 +12,6 @@ module Admin
    end
    def update
      authorize :follow_recommendation, :show?
      @form = Form::AccountBatch.new(form_account_batch_params.merge(current_account: current_account, action: action_from_button))
      @form.save
    rescue ActionController::ParameterMissing
--- a/app/controllers/admin/instances_controller.rb
+++ b/app/controllers/admin/instances_controller.rb
@ -4,26 +4,19 @@ module Admin
  class InstancesController < BaseController
    before_action :set_instances, only: :index
    before_action :set_instance, except: :index
    before_action :set_exhausted_deliveries_days, only: :show
    def index
      authorize :instance, :index?
      preload_delivery_failures!
    end
    def show
      authorize :instance, :show?
      @time_period = (6.days.ago.to_date...Time.now.utc.to_date)
    end
    def destroy
      authorize :instance, :destroy?
      Admin::DomainPurgeWorker.perform_async(@instance.domain)
      log_action :destroy, @instance
      redirect_to admin_instances_path, notice: I18n.t('admin.instances.destroyed_msg', domain: @instance.domain)
    end
    def clear_delivery_errors
      authorize :delivery, :clear_delivery_errors?
      @instance.delivery_failure_tracker.clear_failures!
      redirect_to admin_instance_path(@instance.domain)
    end
@ -31,9 +24,11 @@ module Admin
    def restart_delivery
      authorize :delivery, :restart_delivery?
-      if @instance.unavailable?
+      last_unavailable_domain = unavailable_domain
      if last_unavailable_domain.present?
        @instance.delivery_failure_tracker.track_success!
-        log_action :destroy, @instance.unavailable_domain
+        log_action :destroy, last_unavailable_domain
      end
      redirect_to admin_instance_path(@instance.domain)
@ -41,7 +36,8 @@ module Admin
    def stop_delivery
      authorize :delivery, :stop_delivery?
-      unavailable_domain = UnavailableDomain.create!(domain: @instance.domain)
+
      UnavailableDomain.create(domain: @instance.domain)
      log_action :create, unavailable_domain
      redirect_to admin_instance_path(@instance.domain)
    end
@ -49,21 +45,26 @@ module Admin
    private
    def set_instance
-      @instance = Instance.find(TagManager.instance.normalize_domain(params[:id]&.strip))
+      @instance = Instance.find(params[:id])
    end
    def set_exhausted_deliveries_days
      @exhausted_deliveries_days = @instance.delivery_failure_tracker.exhausted_deliveries_days
    end
    def set_instances
      @instances = filtered_instances.page(params[:page])
-    end
+      warning_domains_map = DeliveryFailureTracker.warning_domains_map
    def preload_delivery_failures!
      warning_domains_map = DeliveryFailureTracker.warning_domains_map(@instances.map(&:domain))
      @instances.each do |instance|
        instance.failure_days = warning_domains_map[instance.domain]
      end
    end
    def unavailable_domain
      UnavailableDomain.find_by(domain: @instance.domain)
    end
    def filtered_instances
      InstanceFilter.new(whitelist_mode? ? { allowed: true } : filter_params).results
    end
--- a/app/controllers/admin/ip_blocks_controller.rb
+++ b/app/controllers/admin/ip_blocks_controller.rb
@ -5,7 +5,7 @@ module Admin
    def index
      authorize :ip_block, :index?
-      @ip_blocks = IpBlock.order(ip: :asc).page(params[:page])
+      @ip_blocks = IpBlock.page(params[:page])
      @form      = Form::IpBlockBatch.new
    end
@ -29,8 +29,6 @@ module Admin
    end
    def batch
      authorize :ip_block, :index?
      @form = Form::IpBlockBatch.new(form_ip_block_batch_params.merge(current_account: current_account, action: action_from_button))
      @form.save
    rescue ActionController::ParameterMissing
--- a/app/controllers/admin/pending_accounts_controller.rb
+++ b/app/controllers/admin/pending_accounts_controller.rb
@ -0,0 +1,52 @@
 # frozen_string_literal: true
 module Admin
  class PendingAccountsController < BaseController
    before_action :set_accounts, only: :index
    def index
      @form = Form::AccountBatch.new
    end
    def batch
      @form = Form::AccountBatch.new(form_account_batch_params.merge(current_account: current_account, action: action_from_button))
      @form.save
    rescue ActionController::ParameterMissing
      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
    ensure
      redirect_to admin_pending_accounts_path(current_params)
    end
    def approve_all
      Form::AccountBatch.new(current_account: current_account, account_ids: User.pending.pluck(:account_id), action: 'approve').save
      redirect_to admin_pending_accounts_path(current_params)
    end
    def reject_all
      Form::AccountBatch.new(current_account: current_account, account_ids: User.pending.pluck(:account_id), action: 'reject').save
      redirect_to admin_pending_accounts_path(current_params)
    end
    private
    def set_accounts
      @accounts = Account.joins(:user).merge(User.pending.recent).includes(user: :invite_request).page(params[:page])
    end
    def form_account_batch_params
      params.require(:form_account_batch).permit(:action, account_ids: [])
    end
    def action_from_button
      if params[:approve]
        'approve'
      elsif params[:reject]
        'reject'
      end
    end
    def current_params
      params.slice(:page).permit(:page)
    end
  end
 end
--- a/app/controllers/admin/relationships_controller.rb
+++ b/app/controllers/admin/relationships_controller.rb
@ -7,10 +7,9 @@ module Admin
    PER_PAGE = 40
    def index
-      authorize @account, :show?
+      authorize :account, :index?
-      @accounts = RelationshipFilter.new(@account, filter_params).results.includes(:account_stat, user: [:ips, :invite_request]).page(params[:page]).per(PER_PAGE)
+      @accounts = RelationshipFilter.new(@account, filter_params).results.page(params[:page]).per(PER_PAGE)
      @form     = Form::AccountBatch.new
    end
    private
--- a/app/controllers/admin/relays_controller.rb
+++ b/app/controllers/admin/relays_controller.rb
@ -3,7 +3,7 @@
 module Admin
  class RelaysController < BaseController
    before_action :set_relay, except: [:index, :new, :create]
-    before_action :warn_signatures_not_enabled!, only: [:new, :create, :enable]
+    before_action :require_signatures_enabled!, only: [:new, :create, :enable]
    def index
      authorize :relay, :update?
@ -56,8 +56,8 @@ module Admin
      params.require(:relay).permit(:inbox_url)
    end
-    def warn_signatures_not_enabled!
+    def require_signatures_enabled!
-      flash.now[:error] = I18n.t('admin.relays.signatures_not_enabled') if authorized_fetch_mode?
+      redirect_to admin_relays_path, alert: I18n.t('admin.relays.signatures_not_enabled') if authorized_fetch_mode?
    end
  end
 end
--- a/app/controllers/admin/report_notes_controller.rb
+++ b/app/controllers/admin/report_notes_controller.rb
@ -14,17 +14,20 @@ module Admin
        if params[:create_and_resolve]
          @report.resolve!(current_account)
          log_action :resolve, @report
-        elsif params[:create_and_unresolve]
+
          redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg')
          return
        end
        if params[:create_and_unresolve]
          @report.unresolve!
          log_action :reopen, @report
        end
-        redirect_to after_create_redirect_path, notice: I18n.t('admin.report_notes.created_msg')
+        redirect_to admin_report_path(@report), notice: I18n.t('admin.report_notes.created_msg')
      else
-        @report_notes = @report.notes.includes(:account).order(id: :desc)
+        @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at)
-        @action_logs  = @report.history.includes(:target)
+        @form         = Form::StatusBatch.new
        @form         = Admin::StatusBatchAction.new
        @statuses     = @report.statuses.with_includes
        render template: 'admin/reports/show'
      end
@ -38,14 +41,6 @@ module Admin
    private
    def after_create_redirect_path
      if params[:create_and_resolve]
        admin_reports_path
      else
        admin_report_path(@report)
      end
    end
    def resource_params
      params.require(:report_note).permit(
        :content,
--- a/app/controllers/admin/reported_statuses_controller.rb
+++ b/app/controllers/admin/reported_statuses_controller.rb
@ -0,0 +1,44 @@
 # frozen_string_literal: true
 module Admin
  class ReportedStatusesController < BaseController
    before_action :set_report
    def create
      authorize :status, :update?
      @form         = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account, action: action_from_button))
      flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save
      redirect_to admin_report_path(@report)
    rescue ActionController::ParameterMissing
      flash[:alert] = I18n.t('admin.statuses.no_status_selected')
      redirect_to admin_report_path(@report)
    end
    private
    def status_params
      params.require(:status).permit(:sensitive)
    end
    def form_status_batch_params
      params.require(:form_status_batch).permit(status_ids: [])
    end
    def action_from_button
      if params[:nsfw_on]
        'nsfw_on'
      elsif params[:nsfw_off]
        'nsfw_off'
      elsif params[:delete]
        'delete'
      end
    end
    def set_report
      @report = Report.find(params[:report_id])
    end
  end
 end
--- a/app/controllers/admin/reports/actions_controller.rb
+++ b/app/controllers/admin/reports/actions_controller.rb
@ -1,63 +0,0 @@
 # frozen_string_literal: true
 class Admin::Reports::ActionsController < Admin::BaseController
  before_action :set_report
  def preview
    authorize @report, :show?
    @moderation_action = action_from_button
  end
  def create
    authorize @report, :show?
    case action_from_button
    when 'delete', 'mark_as_sensitive'
      status_batch_action = Admin::StatusBatchAction.new(
        type: action_from_button,
        status_ids: @report.status_ids,
        current_account: current_account,
        report_id: @report.id,
        send_email_notification: !@report.spam?,
        text: params[:text]
      )
      status_batch_action.save!
    when 'silence', 'suspend'
      account_action = Admin::AccountAction.new(
        type: action_from_button,
        report_id: @report.id,
        target_account: @report.target_account,
        current_account: current_account,
        send_email_notification: !@report.spam?,
        text: params[:text]
      )
      account_action.save!
    else
      return redirect_to admin_report_path(@report), alert: I18n.t('admin.reports.unknown_action_msg', action: action_from_button)
    end
    redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: @report.id)
  end
  private
  def set_report
    @report = Report.find(params[:report_id])
  end
  def action_from_button
    if params[:delete]
      'delete'
    elsif params[:mark_as_sensitive]
      'mark_as_sensitive'
    elsif params[:silence]
      'silence'
    elsif params[:suspend]
      'suspend'
    elsif params[:moderation_action]
      params[:moderation_action]
    end
  end
 end
--- a/app/controllers/admin/reports_controller.rb
+++ b/app/controllers/admin/reports_controller.rb
@ -13,10 +13,8 @@ module Admin
      authorize @report, :show?
      @report_note  = @report.notes.new
-      @report_notes = @report.notes.includes(:account).order(id: :desc)
+      @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at)
-      @action_logs  = @report.history.includes(:target)
+      @form         = Form::StatusBatch.new
      @form         = Admin::StatusBatchAction.new
      @statuses     = @report.statuses.with_includes
    end
    def assign_to_self
--- a/app/controllers/admin/resets_controller.rb
+++ b/app/controllers/admin/resets_controller.rb
@ -6,9 +6,9 @@ module Admin
    def create
      authorize @user, :reset_password?
-      @user.reset_password!
+      @user.send_reset_password_instructions
      log_action :reset_password, @user
-      redirect_to admin_account_path(@user.account_id)
+      redirect_to admin_accounts_path
    end
  end
 end
--- a/app/controllers/admin/roles_controller.rb
+++ b/app/controllers/admin/roles_controller.rb
@ -2,66 +2,20 @@
 module Admin
  class RolesController < BaseController
-    before_action :set_role, except: [:index, :new, :create]
+    before_action :set_user
-    def index
+    def promote
-      authorize :user_role, :index?
+      authorize @user, :promote?
-
+      @user.promote!
-      @roles = UserRole.order(position: :desc).page(params[:page])
+      log_action :promote, @user
      redirect_to admin_account_path(@user.account_id)
    end
-    def new
+    def demote
-      authorize :user_role, :create?
+      authorize @user, :demote?
-
+      @user.demote!
-      @role = UserRole.new
+      log_action :demote, @user
-    end
+      redirect_to admin_account_path(@user.account_id)
    def create
      authorize :user_role, :create?
      @role = UserRole.new(resource_params)
      @role.current_account = current_account
      if @role.save
        log_action :create, @role
        redirect_to admin_roles_path
      else
        render :new
      end
    end
    def edit
      authorize @role, :update?
    end
    def update
      authorize @role, :update?
      @role.current_account = current_account
      if @role.update(resource_params)
        log_action :update, @role
        redirect_to admin_roles_path
      else
        render :edit
      end
    end
    def destroy
      authorize @role, :destroy?
      @role.destroy!
      log_action :destroy, @role
      redirect_to admin_roles_path
    end
    private
    def set_role
      @role = UserRole.find(params[:id])
    end
    def resource_params
      params.require(:user_role).permit(:name, :color, :highlighted, :position, permissions_as_keys: [])
    end
  end
 end
--- a/app/controllers/admin/settings/about_controller.rb
+++ b/app/controllers/admin/settings/about_controller.rb
@ -1,9 +0,0 @@
 # frozen_string_literal: true
 class Admin::Settings::AboutController < Admin::SettingsController
  private
  def after_update_redirect_path
    admin_settings_about_path
  end
 end
--- a/app/controllers/admin/settings/appearance_controller.rb
+++ b/app/controllers/admin/settings/appearance_controller.rb
@ -1,9 +0,0 @@
 # frozen_string_literal: true
 class Admin::Settings::AppearanceController < Admin::SettingsController
  private
  def after_update_redirect_path
    admin_settings_appearance_path
  end
 end
--- a/app/controllers/admin/settings/branding_controller.rb
+++ b/app/controllers/admin/settings/branding_controller.rb
@ -1,9 +0,0 @@
 # frozen_string_literal: true
 class Admin::Settings::BrandingController < Admin::SettingsController
  private
  def after_update_redirect_path
    admin_settings_branding_path
  end
 end
--- a/app/controllers/admin/settings/content_retention_controller.rb
+++ b/app/controllers/admin/settings/content_retention_controller.rb
@ -1,9 +0,0 @@
 # frozen_string_literal: true
 class Admin::Settings::ContentRetentionController < Admin::SettingsController
  private
  def after_update_redirect_path
    admin_settings_content_retention_path
  end
 end
--- a/app/controllers/admin/settings/discovery_controller.rb
+++ b/app/controllers/admin/settings/discovery_controller.rb
@ -1,9 +0,0 @@
 # frozen_string_literal: true
 class Admin::Settings::DiscoveryController < Admin::SettingsController
  private
  def after_update_redirect_path
    admin_settings_discovery_path
  end
 end
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Eugen Rochko	fd868f8ca0	Bump version to 3.4.4	2021-11-26 01:32:31 +01:00
Claire	4cd33a2c71	Fix "bundle exec rails mastodon:setup" crashing in some circumstances (#16976 ) Fix regression from #16896	2021-11-26 01:31:28 +01:00
Claire	f264cca1d2	Fix filtering DMs from non-followed users (#17042 )	2021-11-26 01:22:33 +01:00
Claire	5e4b04de88	Fix handling of recursive toots in WebUI (#17041 )	2021-11-26 01:22:27 +01:00
Claire	3c18311d86	Fix error when suspending user with an already-existing canonical email block (#17036 ) * Fix error when suspending user with an already-existing canonical email block Fixes #17033 While attempting to create a `CanonicalEmailBlock` with an existing hash would raise an `ActiveRecord::RecordNotUnique` error, this being done within a transaction would cancel the whole transaction. For this reason, checking for uniqueness in Rails would query the database within the transaction and avoid invalidating the whole transaction for this reason. A race condition is still possible, where multiple accounts sharing a canonical email would be blocked in concurrent transactions, in which only one would succeed, but that is way less likely to happen that the current issue, and can always be retried after the first failure, unlike the current situation. * Add tests	2021-11-26 01:22:10 +01:00
Claire	e5113a8cad	Fix overflow of long profile fields in admin view (#17010 )	2021-11-26 01:21:57 +01:00
Claire	22cd1e6ab5	Fix confusing error when webfinger request returns empty document (#16986 ) For some reason, some misconfigured servers return an empty document when queried over webfinger. Since an empty document does not lead to a parse error, the error is not caught properly and triggers uncaught exceptions later on. This PR fixes that by immediately erroring out with `Webfinger::Error` on getting an empty response.	2021-11-26 01:21:50 +01:00
Claire	e65ede1ac5	Fix upload of remote media with OpenStack Swift sometimes failing (#16998 ) Under certain conditions, files fetched from remotes trigger an error when being uploaded using OpenStack Swift. This is because in some cases, the remote server will not return a content-length, so our ResponseWithLimitAdapter will hold a `nil` value for `#size`, which will lead to an invalid value for the Content-Length header of the Swift API call. This commit fixes that by taking the size from the actually-downloaded file size rather than the upstream-provided Content-Length header value.	2021-11-26 01:21:43 +01:00
Takeshi Umeda	1bcb3daf7e	Fix logout link not working in safari (#16574 )	2021-11-26 01:21:37 +01:00
Claire	9c610ca0a4	Fix “open” link of media modal not closing modal (#16524 )	2021-11-26 01:21:29 +01:00
Claire	77d0297313	Fix replying from modal (#16516 ) Fixes #16515 Not using a router object somehow made `this.history` lag behind the real browser history whenever pushing a new history item in `replyCompose`. Not using the context-provided router in this case was an oversight made when porting glitch-soc changes in #16499.	2021-11-26 01:21:21 +01:00
Eugen Rochko	4b6668868e	Bump version to 3.4.3	2021-11-06 05:19:38 +01:00
Eugen Rochko	5c47a18c8d	Fix login being broken due to inaccurately applied backport fix in 3.4.2 See #16943	2021-11-06 05:17:39 +01:00
Eugen Rochko	8a74d851d2	Bump version to 3.4.2	2021-11-06 00:24:30 +01:00
Claire	76c2028859	Fix AccountNote not having a maximum length (#16942 )	2021-11-06 00:17:05 +01:00
Claire	3251b8eead	Fix reviving revoked sessions and invalidating login (#16943 ) Up until now, we have used Devise's Rememberable mechanism to re-log users after the end of their browser sessions. This mechanism relies on a signed cookie containing a token. That token was stored on the user's record, meaning it was shared across all logged in browsers, meaning truly revoking a browser's ability to auto-log-in involves revoking the token itself, and revoking access from all logged-in browsers. We had a session mechanism that dynamically checks whether a user's session has been disabled, and would log out the user if so. However, this would only clear a session being actively used, and a new one could be respawned with the `remember_user_token` cookie. In practice, this caused two issues: - sessions could be revived after being closed from /auth/edit (security issue) - auto-log-in would be disabled for all browsers after logging out from one of them This PR removes the `remember_token` mechanism and treats the `_session_id` cookie/token as a browser-specific `remember_token`, fixing both issues.	2021-11-06 00:17:05 +01:00
Claire	f60bb0784f	Fix handling announcements with links (#16941 ) Broken since #15827	2021-11-06 00:07:17 +01:00
Claire	c3a6f7b941	Fix user email address being banned on self-deletion (#16503 ) * Add tests * Fix user email address being banned on self-deletion Fixes #16498	2021-11-05 23:46:24 +01:00
Claire	986397b3a2	Improve modal flow and back button handling (#16499 ) * Refactor shouldUpdateScroll passing So far, shouldUpdateScroll has been manually passed down from the very top of the React component hierarchy even though it is a static function common to all ScrollContainer instances, so replaced that with a custom class extending ScrollContainer. * Generalize “press back to close modal” to any modal and to public pages * Fix boost confirmation modal closing media modal	2021-11-05 23:46:24 +01:00
Claire	c79d4711e9	Change references to tootsuite/mastodon to mastodon/mastodon (#16491 ) * Change references to tootsuite/mastodon to mastodon/mastodon * Remove obsolete test fixture * Replace occurrences of tootsuite/mastodon with mastodon/mastodon in CHANGELOG And a few other places	2021-11-05 23:46:24 +01:00
Claire	be56033715	Change number_to_human calls to always use 3-digits precision (#16469 ) Fixes #16435	2021-11-05 23:46:24 +01:00
Claire	8815e98aa2	Fix pop-in player display when poster has long username or handle (#16468 )	2021-11-05 23:46:24 +01:00
Claire	4bc1fde105	Fix anonymous access to outbox not being cached by the reverse proxy (#16458 ) * Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes	2021-11-05 23:46:24 +01:00
Claire	34ab4111a7	Fix WebUI crash when a toot with a playing video gets deleted (#16384 ) * Fix WebUI crash when a toot with a playing video gets deleted * Fix pop-up player not closing the moment a status is deleted	2021-11-05 23:46:24 +01:00
Claire	aebcb722aa	Fix serialization of followers/following counts when user hides their network (#16418 ) * Add tests * Fix serialization of followers/following counts when user hides their network Fixes #16382 Signed-off-by: Claire <claire.github-309c@sitedethib.com>	2021-11-05 23:46:24 +01:00
Claire	9a468c895b	Fix inefficiencies in auto-linking code (#16506 ) The auto-linking code basically rewrote the whole string escaping non-ascii characters in an inefficient way, and building a full character offset map between the unescaped and escaped texts before sending the contents to TwitterText's extractor. Instead of doing that, this commit changes the TwitterText regexps to include valid IRI characters in addition to valid URI characters.	2021-11-05 23:46:24 +01:00
Claire	a1e5ff04e3	Fix tootctl self-destruct not sending Delete activities for recently-suspended accounts (#16688 ) * Do not block existing users' emails on self-destruct That is wasteful and unintuitive * Do not close registrations when running tootctl self-destruct with --dry-run * Close registrations on self-destruct regardless of known remote accounts * Fix tootctl self-destruct not sending Deletes for recently-suspended accounts * Suspend local users even if no remote account is known * Do not show scary confirmation text if ran with --dry-run	2021-11-05 23:46:24 +01:00
Claire	e40d5414cc	Fix crashes with Microsoft Translate on Microsoft Edge (#16525 ) Fixes #16509 Microsoft Edge with translation enabled rewrites the DOM in ways that confuse react and prevent it from working properly. Wrapping the offending parts in a span avoids this issue.	2021-11-05 23:46:24 +01:00
Claire	40eaa8706b	Fix suspicious sign-in mail text being out of date (#16690 ) Fixes #16687	2021-11-05 23:46:24 +01:00
Claire	4cc7efcb08	Fix some Rails frameworks being unnecessarily loaded (#16725 ) Saves about 10MiB of memory usage at boot	2021-11-05 23:46:23 +01:00
Claire	9b34647c9b	Fix followers synchronization mechanism not working when URI has empty path (#16744 ) Follow-up to #16510, forgot the controller exposing the actual followers…	2021-11-05 23:46:23 +01:00
Eugen Rochko	6b98fd0b4f	Fix not being able to suspend accounts that already have a canonical e-mail block (#16455 )	2021-11-05 20:34:12 +01:00
Claire	c7f534ab95	Fix missing on_delete: :cascade for canonical_email_blocks foreign key (#16448 )	2021-11-05 20:31:51 +01:00
Eugen Rochko	d5a50e9dfb	Add `configuration` attribute to `GET /api/v1/instance` (#16485 ) List various values like file size limits and supported mime types	2021-11-05 20:30:02 +01:00
Jeong Arm	e1cf8d4d37	Fix statuses order in account's statuses admin page (#16937 )	2021-11-05 20:29:22 +01:00
Jeong Arm	f366a23a23	Skip blocked domains media on tootctl media refresh (#16914 )	2021-11-05 20:29:14 +01:00
Claire	aa828aea02	Fix mastodon:setup to take dotenv/docker-compose differences into account (#16896 ) In order to work around https://github.com/mastodon/mastodon/issues/16895, add a warning to .env.production.sample, and change the mastodon:setup rake task to: - output a warning if a variable will be interpreted differently by dotenv and docker-compose - ensure the printed config is compatible with docker-compose	2021-11-05 20:29:06 +01:00
Claire	123a88b6b5	Fix some link previews being incorrectly generated from other prior links (#16885 ) * Add tests * Fix some link previews being incorrectly generated from different prior links PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can be guessed from the URL. This caching mechanism is not perfectly correct as there is no guarantee that all pages from a given domain share the same OEmbed provider endpoint. This PR prevents the FetchOEmbedService from caching OEmbed endpoint that cannot be generalized by replacing a fully-qualified URL from the endpoint's parameters, greatly reducing the number of incorrect cached generalizations.	2021-11-05 20:28:59 +01:00
Claire	e63370db19	Fix scheduled statuses decreasing statuses counts (#16791 ) * Add tests * Fix scheduled statuses decreasing statuses counts Fixes #16774	2021-11-05 20:28:41 +01:00
Claire	2396c9061a	Fix webauthn secure key authentication (#16792 ) * Add tests * Fix webauthn secure key authentication Fixes #16769	2021-11-05 20:28:33 +01:00
Holger	663b58aaae	use relative path for `scope` (#16714 ) Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.	2021-11-05 20:28:27 +01:00
Claire	75441ac63d	Fix addressing of remote groups' followers (#16700 ) Fixes #16699	2021-11-05 20:28:20 +01:00
Claire	5899fe70b6	Fix processing mentions to domains with non-ascii TLDs (#16689 ) Fixes #16602	2021-11-05 20:28:11 +01:00
Claire	2688f18d06	Fix authentication failures after going halfway through a sign-in attempt (#16607 ) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious	2021-11-05 20:27:07 +01:00
Claire	f51c6cba1f	Fix remotely-suspended accounts' toots being merged back into timelines (#16628 ) * Fix remotely-suspended accounts' toots being merged back into timelines * Mark remotely-deleted accounts as remotely suspended	2021-11-05 20:26:59 +01:00
Claire	4f852448e1	Fix crash when encountering invalid account fields (#16598 ) * Add test * Fix crash when encountering invalid account fields	2021-11-05 20:26:51 +01:00
Takeshi Umeda	c02d6c46e3	Fix invalid blurhash handling in Create activity (#16583 )	2021-11-05 20:26:44 +01:00
Takeshi Umeda	987f945930	Fix when MoveWorker cannot get locale from remote account (#16576 )	2021-11-05 20:26:36 +01:00
Claire	e62f488be5	Fix newlines in accout notes added by the Move handler (#16415 ) * Fix newlines in account notes added by the move handler * Make MoveWorker more robust	2021-11-05 20:25:04 +01:00