about summary refs log tree commit diff
AgeCommit message (Collapse)Author
2022-02-032021-02-03 security fixesStarfall
Merge remote-tracking branch 'glitch/main'
2022-02-03Merge pull request #1676 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2022-02-03Bump version to 3.4.6Claire
2022-02-02Fix response_to_recipient? CTEClaire
2022-02-02Fix compacted JSON-LD possibly causing compatibility issues on forwardingClaire
2022-02-02Compact JSON-LD signed incoming activitiesPuck Meerburg
2022-02-01Merge pull request #1675 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2022-02-01Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-02-01Update tootsuite/mastodon Docker tag to v3.4.5 (#17417)Alexandra Catalina
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-01Fix requiring an extra restart after recent post-deployment migrations (#17422)Claire
Follow-up to #16409
2022-02-01Merge remote-tracking branch 'vanilla-gh/main'Starfall
2022-02-01Fixed prototype pollution bug and only allow trusted origin (#17420)Rohan Sharma
2022-01-31Bump version to 3.4.5 (#17402)Claire
2022-01-31fix missing commaStarfall
2022-01-31Merge branch 'glitchsoc'Starfall
2022-01-31Merge pull request #1674 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2022-01-31Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-31Bump NODE_VER to 16.13.2, to solve security issues (#17399)Daniel Jakots
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824. See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
2022-01-30Add more advanced migration tests (#17393)Claire
- populate the database with some data when testing migrations - try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
2022-01-30Change index corruption warning to be a little less scary (#17395)Claire
2022-01-30Merge pull request #1673 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2022-01-30Fix edge case in migration helpers that caused crash because of PostgreSQL ↵Claire
quirks (#17398)
2022-01-30Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-01-30Fix some old migration scripts (#17394)Claire
* Fix some old migration scripts * Fix edge case in two-step migration from older releases
2022-01-28Change public profile pages to be disabled for unconfirmed users (#17385)Claire
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
2022-01-28Merge pull request #1668 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2022-01-28Fix Sidekiq warning when pushing DMs to direct timelineClaire
2022-01-28Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `Gemfile.lock`: Upstream-updated lib textually too close to glitch-soc-only dep. Updated like upstream.
2022-01-28Refactor and improve tests (#17386)Claire
* Change account and user fabricators to simplify and improve tests - `Fabricate(:account)` implicitly fabricates an associated `user` if no `domain` attribute is given (an account with `domain: nil` is considered a local account, but no user record was created), unless `user: nil` is passed - `Fabricate(:account, user: Fabricate(:user))` should still be possible but is discouraged. * Fix and refactor tests - avoid passing unneeded attributes to `Fabricate(:user)` or `Fabricate(:account)` - avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other way around - prefer `Fabricate(:user, account_attributes: …)` to `Fabricate(:user, account: Fabricate(:account, …)` - also, some tests were using remote accounts with local user records, which is not representative of production code.
2022-01-28Fix Sidekiq warnings about JSON serialization (#17381)Claire
* Fix Sidekiq warnings about JSON serialization This occurs on every symbol argument we pass, and every symbol key in hashes, because Sidekiq expects strings instead. See https://github.com/mperham/sidekiq/pull/5071 We do not need to change how workers parse their arguments because this has not changed and we were already converting to symbols adequately or using `with_indifferent_access`. * Set Sidekiq to raise on unsafe arguments in test mode In order to more easily catch issues that would produce warnings in production code.
2022-01-27Fix some old database migrations (#17379)Claire
2022-01-27Bump pg from 1.2.3 to 1.3.0 (#17349)dependabot[bot]
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.3 to 1.3.0. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](https://github.com/ged/ruby-pg/compare/v1.2.3...v1.3.0) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27Bump axios from 0.24.0 to 0.25.0 (#17354)dependabot[bot]
Bumps [axios](https://github.com/axios/axios) from 0.24.0 to 0.25.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27Bump rdf-normalize from 0.4.0 to 0.5.0 (#17226)dependabot[bot]
Bumps [rdf-normalize](https://github.com/ruby-rdf/rdf-normalize) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/ruby-rdf/rdf-normalize/releases) - [Commits](https://github.com/ruby-rdf/rdf-normalize/compare/0.4.0...0.5.0) --- updated-dependencies: - dependency-name: rdf-normalize dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-26Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `config/environments/production.rb`: Upstream changed a header but we had different default headers. Applied the same change, and also dropped HSTS headers redundant with Rails'.
2022-01-26Fix local distribution of edited statuses (#17380)Claire
Because `FanOutOnWriteService#update?` was broken, edits were considered as new toots and a regular `update` payload was sent.
2022-01-26Add healthcheck for sidekiq (#17365)Su Yang
2022-01-26Fix poll updates being saved as status edits (#17373)Eugen Rochko
Fix #17344
2022-01-26Merge pull request #1667 from ClearlyClaire/glitch-soc/fixes/hcaptcha-textClaire
Improve explanations around the hCaptcha feature
2022-01-26Add link to /about/more to the CAPTCHA verification pageClaire
2022-01-26Add some explanation text on the CAPTCHA confirmation pageClaire
2022-01-26Add mention of accessibility issues to hCaptcha option in admin pageClaire
2022-01-26Merge pull request #1665 from ClearlyClaire/glitch-soc/features/hcaptchaClaire
Add optional hCaptcha support
2022-01-25Change CAPTCHA handling to be only on email verificationClaire
This simplifies the implementation considerably, and while not providing ideal UX, it's the most flexible approach.
2022-01-25Add ability to set hCaptcha either on registration form or on e-mail validationClaire
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band registration API.
2022-01-25Disable `registrations` flag in /api/v1/instance when CAPTCHA is enabledClaire
This is to avoid apps trying and failing at using the registrations API, which does not let us require a CAPTCHA and cannot be clearly signaled as unavailable.
2022-01-25Bump sass from 1.48.0 to 1.49.0 (#17352)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.48.0...1.49.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump json-ld-preloaded from 3.1.6 to 3.2.0 (#17353)dependabot[bot]
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.6 to 3.2.0. - [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases) - [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.6...3.2.0) --- updated-dependencies: - dependency-name: json-ld-preloaded dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump fabrication from 2.23.1 to 2.24.0 (#17356)dependabot[bot]
Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.23.1 to 2.24.0. - [Release notes](https://github.com/paulelliott/fabrication/releases) - [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown) - [Commits](https://github.com/paulelliott/fabrication/commits) --- updated-dependencies: - dependency-name: fabrication dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump sidekiq from 6.3.1 to 6.4.0 (#17350)dependabot[bot]
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.3.1 to 6.4.0. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.3.1...v6.4.0) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>