Age | Commit message (Collapse) | Author |
|
* Do not serve account actors at all in limited federation mode
When an account is fetched without a signature from an allowed instance,
return an error.
This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.
However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.
The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.
* Fix tests
|
|
|
|
* allow pagination by min_id and max_id
* also AccountConversation allows min_id,max_id pair
* also home,list TL allows min_id,max_id pair
|
|
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
|
|
|
|
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Fixes #14768
|
|
|
|
|
|
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.14.0 to 4.14.1.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/master/CHANGELOG.md)
- [Commits](https://github.com/browserslist/browserslist/compare/4.14.0...4.14.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [puma](https://github.com/puma/puma) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.5...v4.3.6)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.88.0 to 0.90.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.88.0...v0.90.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [caniuse-lite](https://github.com/ben-eb/caniuse-lite) from 1.0.30001120 to 1.0.30001124.
- [Release notes](https://github.com/ben-eb/caniuse-lite/releases)
- [Changelog](https://github.com/ben-eb/caniuse-lite/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ben-eb/caniuse-lite/compare/v1.0.30001120...v1.0.30001124)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [ox](https://github.com/ohler55/ox) from 2.13.2 to 2.13.3.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.13.2...v2.13.3)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [oj](https://github.com/ohler55/oj) from 3.10.13 to 3.10.14.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.13...v3.10.14)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [sass-loader](https://github.com/webpack-contrib/sass-loader) from 9.0.3 to 10.0.2.
- [Release notes](https://github.com/webpack-contrib/sass-loader/releases)
- [Changelog](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/sass-loader/compare/v9.0.3...v10.0.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.363.0 to 1.365.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-partitions/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [esrecurse](https://github.com/estools/esrecurse) from 4.2.1 to 4.3.0.
- [Release notes](https://github.com/estools/esrecurse/releases)
- [Commits](https://github.com/estools/esrecurse/compare/v4.2.1...v4.3.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [postgres-date](https://github.com/bendrucker/postgres-date) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/bendrucker/postgres-date/releases)
- [Commits](https://github.com/bendrucker/postgres-date/compare/v1.0.6...v1.0.7)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [postcss-calc](https://github.com/postcss/postcss-calc) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/postcss/postcss-calc/releases)
- [Changelog](https://github.com/postcss/postcss-calc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss-calc/compare/v7.0.3...v7.0.4)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.11.0 to 7.11.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.11.5/packages/babel-plugin-transform-runtime)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby) from 4.0.5 to 4.0.6.
- [Release notes](https://github.com/weppos/publicsuffix-ruby/releases)
- [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-ruby/compare/v4.0.5...v4.0.6)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.11.1 to 7.11.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.11.6/packages/babel-core)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [eventemitter3](https://github.com/primus/eventemitter3) from 4.0.5 to 4.0.7.
- [Release notes](https://github.com/primus/eventemitter3/releases)
- [Commits](https://github.com/primus/eventemitter3/compare/4.0.5...4.0.7)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [bcrypt](https://github.com/codahale/bcrypt-ruby) from 3.1.15 to 3.1.16.
- [Release notes](https://github.com/codahale/bcrypt-ruby/releases)
- [Changelog](https://github.com/codahale/bcrypt-ruby/blob/master/CHANGELOG)
- [Commits](https://github.com/codahale/bcrypt-ruby/compare/v3.1.15...v3.1.16)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [warden](https://github.com/hassox/warden) from 1.2.8 to 1.2.9.
- [Release notes](https://github.com/hassox/warden/releases)
- [Changelog](https://github.com/wardencommunity/warden/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hassox/warden/compare/v1.2.8...v1.2.9)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.9.0 to 4.9.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.9.0...v4.9.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [electron-to-chromium](https://github.com/kilian/electron-to-chromium) from 1.3.545 to 1.3.562.
- [Release notes](https://github.com/kilian/electron-to-chromium/releases)
- [Changelog](https://github.com/Kilian/electron-to-chromium/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kilian/electron-to-chromium/compare/v1.3.545...v1.3.562)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [rdf](https://github.com/ruby-rdf/rdf) from 3.1.5 to 3.1.6.
- [Release notes](https://github.com/ruby-rdf/rdf/releases)
- [Changelog](https://github.com/ruby-rdf/rdf/blob/develop/CHANGES.md)
- [Commits](https://github.com/ruby-rdf/rdf/compare/3.1.5...3.1.6)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.6.0...v2.8.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.22 to 6.0.23.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v6.0.22...v6.0.23)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [tar](https://github.com/npm/node-tar) from 6.0.2 to 6.0.5.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/master/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v6.0.2...v6.0.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* Check for and record reblog info atomically
Instead of using ZREVRANK to determine whether a reblog is a new reblog or not,
use ZADD's NX option to perform the check/addition option atomically.
* Replace ZREVRANK call with ZSCORE key which is more efficient
* Make tests a bit stricter
* Fix off-by-one
|
|
|
|
|
|
Storing objects in IndexedDB was disabled in #7932, but we were
still trying to read objects from it before making an API call
|
|
|
|
|
|
It's not useful for now, but it's required by ActivityPub
|
|
|
|
|
|
value to environment file's value. (#14715)
|
|
* Add database support for list show-reply preferences
* Add backend support to read and update list-specific show_replies settings
* Add basic UI to set list replies setting
* Add specs for list replies policy
* Switch "cycling" reply policy link to a set of radio inputs
* Capitalize replies_policy strings
* Change radio button design to be consistent with that of the directory explorer
|
|
And remove highlighting in web UI
Full circle from #8940
|
|
Bumps [uri-js](https://github.com/garycourt/uri-js) from 4.2.2 to 4.4.0.
- [Release notes](https://github.com/garycourt/uri-js/releases)
- [Commits](https://github.com/garycourt/uri-js/compare/4.2.2...4.4.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) from 0.9.0 to 0.11.0.
- [Release notes](https://github.com/webpack-contrib/mini-css-extract-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/mini-css-extract-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/mini-css-extract-plugin/compare/v0.9.0...v0.11.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
Bumps [whatwg-url](https://github.com/jsdom/whatwg-url) from 8.1.0 to 8.2.1.
- [Release notes](https://github.com/jsdom/whatwg-url/releases)
- [Commits](https://github.com/jsdom/whatwg-url/compare/v8.1.0...v8.2.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [loglevel](https://github.com/pimterry/loglevel) from 1.6.8 to 1.7.0.
- [Release notes](https://github.com/pimterry/loglevel/releases)
- [Commits](https://github.com/pimterry/loglevel/compare/v1.6.8...v1.7.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [caniuse-lite](https://github.com/ben-eb/caniuse-lite) from 1.0.30001117 to 1.0.30001120.
- [Release notes](https://github.com/ben-eb/caniuse-lite/releases)
- [Changelog](https://github.com/ben-eb/caniuse-lite/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ben-eb/caniuse-lite/compare/v1.0.30001117...v1.0.30001120)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|