Age | Commit message (Collapse) | Author |
|
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2)
---
updated-dependencies:
- dependency-name: sidekiq
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [webpacker](https://github.com/rails/webpacker) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2)
---
updated-dependencies:
- dependency-name: webpacker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0)
---
updated-dependencies:
- dependency-name: faker
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1)
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
(#16607)
* Add tests
* Add security-related tests
My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.
* Fix authentication failures after going halfway through a sign-in attempt
* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
|
|
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.
We need a new environment variable like for SAML to assume the email
from CAS is verified.
* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.
|
|
Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1)
---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
The addition of authentication history broke the omniauth login with
the following error:
method=GET path=/auth/auth/cas/callback format=html
controller=Auth::OmniauthCallbacksController action=cas status=500
error='NameError: undefined local variable or method `user' for
#<Auth::OmniauthCallbacksController:0x00000000036290>
Did you mean? @user' duration=435.93 view=0.00 db=36.19
* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
name to `@user`
|
|
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1)
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [ws](https://github.com/websockets/ws) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0)
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime)
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308
As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.
Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
|
|
* Add tests for SuspendAccountService
* Add tests for UnsuspendAccountService
|
|
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.1...v5.0.2)
---
updated-dependencies:
- dependency-name: rspec-rails
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [sass](https://github.com/sass/dart-sass) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.37.0...1.38.0)
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [fast_blank](https://github.com/SamSaffron/fast_blank) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/SamSaffron/fast_blank/releases)
- [Commits](https://github.com/SamSaffron/fast_blank/compare/1.0.0...v1.0.1)
---
updated-dependencies:
- dependency-name: fast_blank
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
It's default turned on, but it's better to turn it off for security reason.
Reference:
- https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
- https://github.com/mozilla/server-side-tls/issues/135
|
|
* Fix remotely-suspended accounts' toots being merged back into timelines
* Mark remotely-deleted accounts as remotely suspended
|
|
Fix issue #16603 undefined method `serialize_payload' for Unsuspend Account Service error.
It seems that this service forgot to `include Payloadable` so that `serialize_payload` could not be found in this service.
|
|
Bumps [oj](https://github.com/ohler55/oj) from 3.12.2 to 3.13.2.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.12.2...v3.13.2)
---
updated-dependencies:
- dependency-name: oj
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.23.4 to 2.24.0.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.23.4...v2.24.0)
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [yargs](https://github.com/yargs/yargs) from 17.0.1 to 17.1.1.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v17.0.1...v17.1.1)
---
updated-dependencies:
- dependency-name: yargs
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [ws](https://github.com/websockets/ws) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.0.0...8.1.0)
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [bullet](https://github.com/flyerhzm/bullet) from 6.1.4 to 6.1.5.
- [Release notes](https://github.com/flyerhzm/bullet/releases)
- [Changelog](https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flyerhzm/bullet/compare/6.1.4...6.1.5)
---
updated-dependencies:
- dependency-name: bullet
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [fastimage](https://github.com/sdsykes/fastimage) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/sdsykes/fastimage/releases)
- [Changelog](https://github.com/sdsykes/fastimage/blob/master/CHANGELOG)
- [Commits](https://github.com/sdsykes/fastimage/compare/v2.2.4...v2.2.5)
---
updated-dependencies:
- dependency-name: fastimage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.2 to 1.12.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.2...v1.12.3)
---
updated-dependencies:
- dependency-name: nokogiri
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [blurhash](https://github.com/woltapp/blurhash) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/woltapp/blurhash/releases)
- [Commits](https://github.com/woltapp/blurhash/commits)
---
updated-dependencies:
- dependency-name: blurhash
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [pundit](https://github.com/varvet/pundit) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/varvet/pundit/releases)
- [Changelog](https://github.com/varvet/pundit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/varvet/pundit/compare/v2.1.0...v2.1.1)
---
updated-dependencies:
- dependency-name: pundit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 3.7.0 to 3.7.1.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Changelog](https://github.com/grosser/parallel_tests/blob/master/CHANGELOG.md)
- [Commits](https://github.com/grosser/parallel_tests/compare/v3.7.0...v3.7.1)
---
updated-dependencies:
- dependency-name: parallel_tests
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.98.0 to 1.99.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [webmock](https://github.com/bblimke/webmock) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0)
---
updated-dependencies:
- dependency-name: webmock
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [redux](https://github.com/reduxjs/redux) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/reduxjs/redux/releases)
- [Changelog](https://github.com/reduxjs/redux/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/redux/compare/v4.1.0...v4.1.1)
---
updated-dependencies:
- dependency-name: redux
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.18.4 to 1.19.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.18.4...v1.19.0)
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.7.7 to 0.7.8.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.7.7...v0.7.8)
---
updated-dependencies:
- dependency-name: strong_migrations
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.14.8 to 7.15.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.3/packages/babel-runtime)
---
updated-dependencies:
- dependency-name: "@babel/runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.14.8 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-core)
---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@testing-library/react](https://github.com/testing-library/react-testing-library) from 11.2.7 to 12.0.0.
- [Release notes](https://github.com/testing-library/react-testing-library/releases)
- [Changelog](https://github.com/testing-library/react-testing-library/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/react-testing-library/compare/v11.2.7...v12.0.0)
---
updated-dependencies:
- dependency-name: "@testing-library/react"
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* Refactor AttachmentList
* Do not crash if a notification contains an unprocessed media attachment
Fixes #16530
* Fix spacing in compact form
|
|
Fixes #16571
|
|
(#16510)
* Fix followers synchronization mechanism not working when URI has empty path
To my knowledge, there is no current implementation on the fediverse
that can use bare domains (e.g., actor is at https://example.org instead of
something like https://example.org/actor) that also plans to support the
followers synchronization mechanism. However, Mastodon's current implementation
would exclude such accounts from followers list.
Also adds tests and rename them to reflect the proper method names.
* Move url prefix regexp to its own constant
|
|
* Add test
* Fix crash when encountering invalid account fields
|
|
* Update config.yml
* Update Dockerfile
* Update .nvmrc
* Update Dockerfile
* NodeJS 10 is EOL.
* Update package.json
* Update README.md
* Update Vagrantfile
* Update Dockerfile
* Update Dockerfile
|
|
* Add account statuses cleanup policy model
* Record last inspected toot to delete to speed up successive calls to statuses_to_delete
* Add service to cleanup a given account's statuses within a budget
* Add worker to go through account policies and delete old toots
* Fix last inspected status id logic
All existing statuses older or equal to last inspected status id must be
kept by the current policy. This is an invariant that must be kept so that
resuming deletion from the last inspected status remains sound.
* Add tests
* Refactor scheduler and add tests
* Add user interface
* Add support for discriminating based on boosts/favs
* Add UI support for min_reblogs and min_favs, rework UI
* Address first round of review comments
* Replace Snowflake#id_at_start with with_random parameter
* Add tests
* Add tests for StatusesCleanupController
* Rework settings page
* Adjust load-avoiding mechanisms
* Please CodeClimate
|
|
Fixes nokogumbo/nokogiri conflicts by dropping the nokogumbo gem, as it has
been merged in the nokogiri gem.
|
|
|
|
|