about summary refs log tree commit diff
AgeCommit message (Collapse)Author
2020-09-14Do not serve account actors at all in limited federation mode (#14800)ThibG
* Do not serve account actors at all in limited federation mode When an account is fetched without a signature from an allowed instance, return an error. This isn't really an improvement in security, as the only information that was previously returned was required protocol-level info, and the only personal bit was the existence of the account. The existence of the account can still be checked by issuing a webfinger query, as those are accepted without signatures. However, this change makes it so that unallowed instances won't create account records on their end when they find a reference to an unknown account. The previous behavior of rendering a limited list of fields, instead of not rendering the actor at all, was in order to prevent situations in which two instances in Authorized Fetch mode or Limited Federation mode would fail to reach each other because resolving an account would require a signed query… from an account which can only be fetched with a signed query itself. However, this should now be fine as fetching accounts is done by signing on behalf of the special instance actor, which does not require any kind of valid signature to be fetched. * Fix tests
2020-09-13Fix reported statuses not being included in warning e-mail (#14778)Eugen Rochko
2020-09-12allow pagination by min_id and max_id (#14776)tateisu
* allow pagination by min_id and max_id * also AccountConversation allows min_id,max_id pair * also home,list TL allows min_id,max_id pair
2020-09-11Refactor settings controllers (#14767)Eugen Rochko
- Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
2020-09-11Change REST API to return empty data for suspended accounts (#14765)Eugen Rochko
2020-09-11Bump node-fetch from 2.6.0 to 2.6.1 (#14772)dependabot[bot]
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-10Add border around 🕺 emoji (#14769)ThibG
Fixes #14768
2020-09-10Change web UI to show empty profile for suspended accounts (#14766)Eugen Rochko
2020-09-08Refactor feed manager (#14761)Eugen Rochko
2020-09-08Bump browserslist from 4.14.0 to 4.14.1 (#14753)dependabot[bot]
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.14.0 to 4.14.1. - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/master/CHANGELOG.md) - [Commits](https://github.com/browserslist/browserslist/compare/4.14.0...4.14.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump puma from 4.3.5 to 4.3.6 (#14750)dependabot[bot]
Bumps [puma](https://github.com/puma/puma) from 4.3.5 to 4.3.6. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v4.3.5...v4.3.6) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump rubocop from 0.88.0 to 0.90.0 (#14747)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.88.0 to 0.90.0. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.88.0...v0.90.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump caniuse-lite from 1.0.30001120 to 1.0.30001124 (#14756)dependabot[bot]
Bumps [caniuse-lite](https://github.com/ben-eb/caniuse-lite) from 1.0.30001120 to 1.0.30001124. - [Release notes](https://github.com/ben-eb/caniuse-lite/releases) - [Changelog](https://github.com/ben-eb/caniuse-lite/blob/master/CHANGELOG.md) - [Commits](https://github.com/ben-eb/caniuse-lite/compare/v1.0.30001120...v1.0.30001124) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump ox from 2.13.2 to 2.13.3 (#14751)dependabot[bot]
Bumps [ox](https://github.com/ohler55/ox) from 2.13.2 to 2.13.3. - [Release notes](https://github.com/ohler55/ox/releases) - [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md) - [Commits](https://github.com/ohler55/ox/compare/v2.13.2...v2.13.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump oj from 3.10.13 to 3.10.14 (#14749)dependabot[bot]
Bumps [oj](https://github.com/ohler55/oj) from 3.10.13 to 3.10.14. - [Release notes](https://github.com/ohler55/oj/releases) - [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md) - [Commits](https://github.com/ohler55/oj/compare/v3.10.13...v3.10.14) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump sass-loader from 9.0.3 to 10.0.2 (#14741)dependabot[bot]
Bumps [sass-loader](https://github.com/webpack-contrib/sass-loader) from 9.0.3 to 10.0.2. - [Release notes](https://github.com/webpack-contrib/sass-loader/releases) - [Changelog](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack-contrib/sass-loader/compare/v9.0.3...v10.0.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump aws-partitions from 1.363.0 to 1.365.0 (#14748)dependabot[bot]
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.363.0 to 1.365.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-partitions/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump esrecurse from 4.2.1 to 4.3.0 (#14746)dependabot[bot]
Bumps [esrecurse](https://github.com/estools/esrecurse) from 4.2.1 to 4.3.0. - [Release notes](https://github.com/estools/esrecurse/releases) - [Commits](https://github.com/estools/esrecurse/compare/v4.2.1...v4.3.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump postgres-date from 1.0.6 to 1.0.7 (#14745)dependabot[bot]
Bumps [postgres-date](https://github.com/bendrucker/postgres-date) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/bendrucker/postgres-date/releases) - [Commits](https://github.com/bendrucker/postgres-date/compare/v1.0.6...v1.0.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump postcss-calc from 7.0.3 to 7.0.4 (#14752)dependabot[bot]
Bumps [postcss-calc](https://github.com/postcss/postcss-calc) from 7.0.3 to 7.0.4. - [Release notes](https://github.com/postcss/postcss-calc/releases) - [Changelog](https://github.com/postcss/postcss-calc/blob/master/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss-calc/compare/v7.0.3...v7.0.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump @babel/plugin-transform-runtime from 7.11.0 to 7.11.5 (#14754)dependabot[bot]
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.11.0 to 7.11.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.11.5/packages/babel-plugin-transform-runtime) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump public_suffix from 4.0.5 to 4.0.6 (#14743)dependabot[bot]
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby) from 4.0.5 to 4.0.6. - [Release notes](https://github.com/weppos/publicsuffix-ruby/releases) - [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/master/CHANGELOG.md) - [Commits](https://github.com/weppos/publicsuffix-ruby/compare/v4.0.5...v4.0.6) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump @babel/core from 7.11.1 to 7.11.6 (#14755)dependabot[bot]
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.11.1 to 7.11.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.11.6/packages/babel-core) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump eventemitter3 from 4.0.5 to 4.0.7 (#14742)dependabot[bot]
Bumps [eventemitter3](https://github.com/primus/eventemitter3) from 4.0.5 to 4.0.7. - [Release notes](https://github.com/primus/eventemitter3/releases) - [Commits](https://github.com/primus/eventemitter3/compare/4.0.5...4.0.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump bcrypt from 3.1.15 to 3.1.16 (#14739)dependabot[bot]
Bumps [bcrypt](https://github.com/codahale/bcrypt-ruby) from 3.1.15 to 3.1.16. - [Release notes](https://github.com/codahale/bcrypt-ruby/releases) - [Changelog](https://github.com/codahale/bcrypt-ruby/blob/master/CHANGELOG) - [Commits](https://github.com/codahale/bcrypt-ruby/compare/v3.1.15...v3.1.16) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump warden from 1.2.8 to 1.2.9 (#14738)dependabot[bot]
Bumps [warden](https://github.com/hassox/warden) from 1.2.8 to 1.2.9. - [Release notes](https://github.com/hassox/warden/releases) - [Changelog](https://github.com/wardencommunity/warden/blob/master/CHANGELOG.md) - [Commits](https://github.com/hassox/warden/compare/v1.2.8...v1.2.9) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump brakeman from 4.9.0 to 4.9.1 (#14737)dependabot[bot]
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.9.0 to 4.9.1. - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/compare/v4.9.0...v4.9.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump electron-to-chromium from 1.3.545 to 1.3.562 (#14757)dependabot[bot]
Bumps [electron-to-chromium](https://github.com/kilian/electron-to-chromium) from 1.3.545 to 1.3.562. - [Release notes](https://github.com/kilian/electron-to-chromium/releases) - [Changelog](https://github.com/Kilian/electron-to-chromium/blob/master/CHANGELOG.md) - [Commits](https://github.com/kilian/electron-to-chromium/compare/v1.3.545...v1.3.562) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump rdf from 3.1.5 to 3.1.6 (#14736)dependabot[bot]
Bumps [rdf](https://github.com/ruby-rdf/rdf) from 3.1.5 to 3.1.6. - [Release notes](https://github.com/ruby-rdf/rdf/releases) - [Changelog](https://github.com/ruby-rdf/rdf/blob/develop/CHANGES.md) - [Commits](https://github.com/ruby-rdf/rdf/compare/3.1.5...3.1.6) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump rubocop-rails from 2.6.0 to 2.8.0 (#14734)dependabot[bot]
Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.6.0 to 2.8.0. - [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases) - [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.6.0...v2.8.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump sidekiq-unique-jobs from 6.0.22 to 6.0.23 (#14735)dependabot[bot]
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.22 to 6.0.23. - [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases) - [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md) - [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v6.0.22...v6.0.23) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-08Bump tar from 6.0.2 to 6.0.5 (#14758)dependabot[bot]
Bumps [tar](https://github.com/npm/node-tar) from 6.0.2 to 6.0.5. - [Release notes](https://github.com/npm/node-tar/releases) - [Changelog](https://github.com/npm/node-tar/blob/master/CHANGELOG.md) - [Commits](https://github.com/npm/node-tar/compare/v6.0.2...v6.0.5) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07Fix multiple boosts of a same toot erroneously appearing in TL (#14759)ThibG
* Check for and record reblog info atomically Instead of using ZREVRANK to determine whether a reblog is a new reblog or not, use ZADD's NX option to perform the check/addition option atomically. * Replace ZREVRANK call with ZSCORE key which is more efficient * Make tests a bit stricter * Fix off-by-one
2020-09-07Changed tag most_used to recently_used (#14760)abcang
2020-09-07Refactor how public and tag timelines are queried (#14728)Eugen Rochko
2020-09-04Remove obsolete IndexedDB operations from web UI (#14730)Eugen Rochko
Storing objects in IndexedDB was disabled in #7932, but we were still trying to read objects from it before making an API call
2020-09-04Fix various warnings in rspec (#14729)Eugen Rochko
2020-09-04Fix direct visibility style for light theme (#14727)Takeshi Umeda
2020-09-02Add outbox attribute to instance actor (#14721)ThibG
It's not useful for now, but it's required by ActivityPub
2020-09-02Added account featured tags API (#11817)Takeshi Umeda
2020-09-02Add featured hashtags as an ActivityPub collection (#11595)Eugen Rochko
2020-09-02Change S3 ACL in "tootctl media remove-orphans --fix-permissions" from fixed ↵Y.Yamashiro
value to environment file's value. (#14715)
2020-09-01Add configuration option to filter replies in lists (#9205)ThibG
* Add database support for list show-reply preferences * Add backend support to read and update list-specific show_replies settings * Add basic UI to set list replies setting * Add specs for list replies policy * Switch "cycling" reply policy link to a set of radio inputs * Capitalize replies_policy strings * Change radio button design to be consistent with that of the directory explorer
2020-09-01Change own direct-visibility statuses to be in the home feed again (#14711)Eugen Rochko
And remove highlighting in web UI Full circle from #8940
2020-09-01Bump uri-js from 4.2.2 to 4.4.0 (#14706)dependabot[bot]
Bumps [uri-js](https://github.com/garycourt/uri-js) from 4.2.2 to 4.4.0. - [Release notes](https://github.com/garycourt/uri-js/releases) - [Commits](https://github.com/garycourt/uri-js/compare/4.2.2...4.4.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-01Bump mini-css-extract-plugin from 0.9.0 to 0.11.0 (#14690)dependabot[bot]
Bumps [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) from 0.9.0 to 0.11.0. - [Release notes](https://github.com/webpack-contrib/mini-css-extract-plugin/releases) - [Changelog](https://github.com/webpack-contrib/mini-css-extract-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack-contrib/mini-css-extract-plugin/compare/v0.9.0...v0.11.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-01Add `--fix-permissions` option to `tootctl media remove-orphans` (#14383)Eugen Rochko
2020-09-01Bump whatwg-url from 8.1.0 to 8.2.1 (#14688)dependabot[bot]
Bumps [whatwg-url](https://github.com/jsdom/whatwg-url) from 8.1.0 to 8.2.1. - [Release notes](https://github.com/jsdom/whatwg-url/releases) - [Commits](https://github.com/jsdom/whatwg-url/compare/v8.1.0...v8.2.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-01Bump loglevel from 1.6.8 to 1.7.0 (#14692)dependabot[bot]
Bumps [loglevel](https://github.com/pimterry/loglevel) from 1.6.8 to 1.7.0. - [Release notes](https://github.com/pimterry/loglevel/releases) - [Commits](https://github.com/pimterry/loglevel/compare/v1.6.8...v1.7.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-01Bump caniuse-lite from 1.0.30001117 to 1.0.30001120 (#14695)dependabot[bot]
Bumps [caniuse-lite](https://github.com/ben-eb/caniuse-lite) from 1.0.30001117 to 1.0.30001120. - [Release notes](https://github.com/ben-eb/caniuse-lite/releases) - [Changelog](https://github.com/ben-eb/caniuse-lite/blob/master/CHANGELOG.md) - [Commits](https://github.com/ben-eb/caniuse-lite/compare/v1.0.30001117...v1.0.30001120) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>