about summary refs log tree commit diff
AgeCommit message (Collapse)Author
2019-07-15Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (#11302)Eugen Rochko
2019-07-15Disable LDSigning when AUTHORIZED_FETCH is set to true (#11295)ThibG
2019-07-15Fix leaking private statuses the admin account follows (#11300)ThibG
Now that the request is signed, it can return private toots. Do not leak them.
2019-07-15Merge pull request #1161 from ThibG/glitch-soc/cherry-pick-upstreamThibG
Cherry pick changes from upstream
2019-07-15Bump handlebars from 4.1.0 to 4.1.2 (#11293)PatOnTheBack
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.0 to 4.1.2. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.0...v4.1.2) Signed-off-by: dependabot[bot] <support@github.com>
2019-07-15Bump rubocop-rails from 2.0.1 to 2.2.0 (#11257)dependabot-preview[bot]
Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.0.1 to 2.2.0. - [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases) - [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.0.1...v2.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Change the retry limit in error of web push notification (#11292)han@highemelry
- Change the maximum count of retry for web push notification (Default -> 5). - In case of high load of subscribe server, the retries will be repeated many times. - Because the retries occupy the default queue, maximum retry count should be reduced.
2019-07-15Fix BlockService trying to reject incorrect follow request (#11288)ThibG
Fixes #11148
2019-07-15[Security] Bump lodash from 4.17.11 to 4.17.13 (#11287)dependabot-preview[bot]
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. **This update includes security fixes.** - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.13) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Fix Status.remote scope matching *all* statuses (#11265)ThibG
2019-07-15Bump faker from 1.9.3 to 1.9.6 (#11259)dependabot-preview[bot]
Bumps [faker](https://github.com/stympy/faker) from 1.9.3 to 1.9.6. - [Release notes](https://github.com/stympy/faker/releases) - [Changelog](https://github.com/stympy/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/stympy/faker/compare/v1.9.3...1.9.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump simplecov from 0.16.1 to 0.17.0 (#11260)dependabot-preview[bot]
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/colszowka/simplecov/releases) - [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md) - [Commits](https://github.com/colszowka/simplecov/compare/v0.16.1...v0.17.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump aws-sdk-s3 from 1.43.0 to 1.45.0 (#11262)dependabot-preview[bot]
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.43.0 to 1.45.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.43.0...v1.45.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump tzinfo-data from 1.2019.1 to 1.2019.2 (#11258)dependabot-preview[bot]
Bumps [tzinfo-data](https://github.com/tzinfo/tzinfo-data) from 1.2019.1 to 1.2019.2. - [Release notes](https://github.com/tzinfo/tzinfo-data/releases) - [Commits](https://github.com/tzinfo/tzinfo-data/compare/v1.2019.1...v1.2019.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump eslint-plugin-react from 7.12.1 to 7.14.2 (#11253)dependabot-preview[bot]
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.12.1 to 7.14.2. - [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases) - [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md) - [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.12.1...v7.14.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump @babel/plugin-proposal-class-properties from 7.4.4 to 7.5.0 (#11254)dependabot-preview[bot]
Bumps [@babel/plugin-proposal-class-properties](https://github.com/babel/babel) from 7.4.4 to 7.5.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md) - [Commits](https://github.com/babel/babel/compare/v7.4.4...v7.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump compression-webpack-plugin from 2.0.0 to 3.0.0 (#11224)dependabot-preview[bot]
Bumps [compression-webpack-plugin](https://github.com/webpack-contrib/compression-webpack-plugin) from 2.0.0 to 3.0.0. - [Release notes](https://github.com/webpack-contrib/compression-webpack-plugin/releases) - [Changelog](https://github.com/webpack-contrib/compression-webpack-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack-contrib/compression-webpack-plugin/compare/v2.0.0...v3.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump intl-relativeformat from 2.2.0 to 6.4.2 (#11255)dependabot-preview[bot]
Bumps [intl-relativeformat](https://github.com/formatjs/formatjs) from 2.2.0 to 6.4.2. - [Release notes](https://github.com/formatjs/formatjs/releases) - [Commits](https://github.com/formatjs/formatjs/compare/intl-relativeformat@2.2.0...intl-relativeformat@6.4.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Bump react-redux from 6.0.1 to 7.1.0 (#11256)dependabot-preview[bot]
Bumps [react-redux](https://github.com/reduxjs/react-redux) from 6.0.1 to 7.1.0. - [Release notes](https://github.com/reduxjs/react-redux/releases) - [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md) - [Commits](https://github.com/reduxjs/react-redux/compare/v6.0.1...v7.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-15Fix BackupService crashing when an attachment is missing (#11241)ThibG
* Fix BackupService crashing when an attachment is missing For various reasons such as admin error or out-of-sync media and database backups, it might be possible for local attachments to be lost. This commit allows the BackupService to continue its work even if some media file is missing. * Change error message
2019-07-15Update fuubar dependency to 2.4.1 (#11248)Georg Gadinger
See also: thekompanee/fuubar#111
2019-07-15Add link to edit each listed filterThibaut Girka
2019-07-15Make some strings translatableThibaut Girka
2019-07-15Minor refactoringThibaut Girka
2019-07-15Move the “Show why” button inlineThibaut Girka
2019-07-15Implement feature to add filtered phrases to content warningsThibaut Girka
2019-07-15Implement option to completely hide filtered tootsThibaut Girka
2019-07-15Add options to configure filtering behaviorThibaut Girka
2019-07-15Add a way to know why a status has been filtered, and show it anywayThibaut Girka
2019-07-15Do not keep polls pre-filled in thread modeThibaut Girka
2019-07-15Fix error boundary CSSThibaut Girka
2019-07-14Bump handlebars from 4.1.0 to 4.1.2 (#11293)PatOnTheBack
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.0 to 4.1.2. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.0...v4.1.2) Signed-off-by: dependabot[bot] <support@github.com>
2019-07-13Bump rubocop-rails from 2.0.1 to 2.2.0 (#11257)dependabot-preview[bot]
Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.0.1 to 2.2.0. - [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases) - [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.0.1...v2.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-13Add a spam check (#11217)Eugen Rochko
* Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
2019-07-12Change the retry limit in error of web push notification (#11292)han@highemelry
- Change the maximum count of retry for web push notification (Default -> 5). - In case of high load of subscribe server, the retries will be repeated many times. - Because the retries occupy the default queue, maximum retry count should be reduced.
2019-07-11Add ActivityPub secure mode (#11269)Eugen Rochko
* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
2019-07-11Fix BlockService trying to reject incorrect follow request (#11288)ThibG
Fixes #11148
2019-07-11Add HTTP signatures to all outgoing ActivityPub GET requests (#11284)Eugen Rochko
2019-07-11[Security] Bump lodash from 4.17.11 to 4.17.13 (#11287)dependabot-preview[bot]
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. **This update includes security fixes.** - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.13) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-10Fix report dialog crashing when a toot gets deletedThibaut Girka
Fixes #1155
2019-07-10Refactor fetching of remote resources (#11251)Eugen Rochko
2019-07-10Drop magic-public-key from webfinger replies as it's only used for OStatus ↵ThibG
(#11280)
2019-07-10Fix handling of webfinger redirects in ResolveAccountService (#11279)ThibG
2019-07-10Fix old migration script depending on the StreamEntry model (#11278)ThibG
2019-07-10Fix activity being rendered within activity due to caching (#11271)Eugen Rochko
Fix #11270
2019-07-09Refactor domain block checks (#11268)Eugen Rochko
2019-07-08Fix Status.remote scope matching *all* statuses (#11265)ThibG
2019-07-08Remove unused remote unfollow controller (#11250)Eugen Rochko
2019-07-08Refactor controllers for statuses, accounts, and more (#11249)Eugen Rochko
2019-07-08Bump faker from 1.9.3 to 1.9.6 (#11259)dependabot-preview[bot]
Bumps [faker](https://github.com/stympy/faker) from 1.9.3 to 1.9.6. - [Release notes](https://github.com/stympy/faker/releases) - [Changelog](https://github.com/stympy/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/stympy/faker/compare/v1.9.3...1.9.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>