about summary refs log tree commit diff
AgeCommit message (Collapse)Author
2021-09-08Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-08Merge pull request #1594 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2021-09-04Fix suspicious sign-in mail text being out of date (#16690)Claire
Fixes #16687
2021-09-02Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-09-01Fix processing mentions to domains with non-ascii TLDs (#16689)Claire
Fixes #16602
2021-09-01Bump eslint-plugin-react from 7.24.0 to 7.25.1 (#16680)dependabot[bot]
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.24.0 to 7.25.1. - [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases) - [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md) - [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.24.0...v7.25.1) --- updated-dependencies: - dependency-name: eslint-plugin-react dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-01Bump tar from 6.1.3 to 6.1.11 (#16685)dependabot[bot]
Bumps [tar](https://github.com/npm/node-tar) from 6.1.3 to 6.1.11. - [Release notes](https://github.com/npm/node-tar/releases) - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-tar/compare/v6.1.3...v6.1.11) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump rqrcode from 2.0.0 to 2.1.0 (#16678)dependabot[bot]
Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/whomwah/rqrcode/releases) - [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md) - [Commits](https://github.com/whomwah/rqrcode/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: rqrcode dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump rubocop from 1.19.1 to 1.20.0 (#16674)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.1 to 1.20.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.19.1...v1.20.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump nokogiri from 1.12.3 to 1.12.4 (#16675)dependabot[bot]
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.3 to 1.12.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.3...v1.12.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump aws-sdk-s3 from 1.99.0 to 1.100.0 (#16676)dependabot[bot]
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.99.0 to 1.100.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump ws from 8.2.0 to 8.2.1 (#16679)dependabot[bot]
Bumps [ws](https://github.com/websockets/ws) from 8.2.0 to 8.2.1. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/8.2.0...8.2.1) --- updated-dependencies: - dependency-name: ws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29Bump sass from 1.38.0 to 1.38.2 (#16671)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.38.0 to 1.38.2. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.38.0...1.38.2) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29Bump eslint-plugin-import from 2.24.1 to 2.24.2 (#16668)dependabot[bot]
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.1 to 2.24.2. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.1...v2.24.2) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump url-parse from 1.5.1 to 1.5.3 (#16666)dependabot[bot]
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.1 to 1.5.3. - [Release notes](https://github.com/unshiftio/url-parse/releases) - [Commits](https://github.com/unshiftio/url-parse/compare/1.5.1...1.5.3) --- updated-dependencies: - dependency-name: url-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump color-string from 1.5.3 to 1.6.0 (#16665)dependabot[bot]
Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0. - [Release notes](https://github.com/Qix-/color-string/releases) - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md) - [Commits](https://github.com/Qix-/color-string/commits/1.6.0) --- updated-dependencies: - dependency-name: color-string dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump http from 4.4.1 to 5.0.1 (#16438)dependabot[bot]
Bumps [http](https://github.com/httprb/http) from 4.4.1 to 5.0.1. - [Release notes](https://github.com/httprb/http/releases) - [Changelog](https://github.com/httprb/http/blob/master/CHANGES.md) - [Commits](https://github.com/httprb/http/compare/v4.4.1...v5.0.1) --- updated-dependencies: - dependency-name: http dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump y18n from 4.0.0 to 4.0.3 (#16664)dependabot[bot]
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3) --- updated-dependencies: - dependency-name: y18n dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump jest from 26.6.3 to 27.1.0 (#16376)dependabot[bot]
* Bump jest from 26.6.3 to 27.0.4 Bumps [jest](https://github.com/facebook/jest) from 26.6.3 to 27.0.4. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/compare/v26.6.3...v27.0.4) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Set test environment for jest * Remove unnecessary ext * Bump jest from 27.0.4 to 27.1.0 * Remove --coverage option Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-08-28Bump sidekiq from 6.2.1 to 6.2.2 (#16647)dependabot[bot]
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27Merge pull request #1591 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2021-08-27Bump webpacker from 5.4.0 to 5.4.2 (#16648)dependabot[bot]
Bumps [webpacker](https://github.com/rails/webpacker) from 5.4.0 to 5.4.2. - [Release notes](https://github.com/rails/webpacker/releases) - [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2) --- updated-dependencies: - dependency-name: webpacker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27Bump faker from 2.18.0 to 2.19.0 (#16646)dependabot[bot]
Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27Bump rubocop from 1.19.0 to 1.19.1 (#16649)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27[Glitch] Fix follow request count to dynamically updatematildepark
Port 79341d0f5f3eb2d90f5ea954f4037120f7189cec to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-27Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-26Explicitly set userVerification to discoraged (#16545)Truong Nguyen
2021-08-25Fix authentication failures after going halfway through a sign-in attempt ↵Claire
(#16607) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED (#16655)Daniel
When using a CAS server, the users only have a temporary email `change@me-foo-cas.com` which can't be changed but by an administrator. We need a new environment variable like for SAML to assume the email from CAS is verified. * config/initializers/omniauth.rb: define CAS option for assuming email are always verified. * .env.nanobox: add new variable as an example.
2021-08-26Bump rails from 6.1.4 to 6.1.4.1 (#16650)dependabot[bot]
Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1. - [Release notes](https://github.com/rails/rails/releases) - [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-25Fix follow request count to dynamically update (#16652)matildepark
2021-08-25Fix undefined variable for Auth::OmniauthCallbacksController (#16654)Daniel
The addition of authentication history broke the omniauth login with the following error: method=GET path=/auth/auth/cas/callback format=html controller=Auth::OmniauthCallbacksController action=cas status=500 error='NameError: undefined local variable or method `user' for #<Auth::OmniauthCallbacksController:0x00000000036290> Did you mean? @user' duration=435.93 view=0.00 db=36.19 * app/controllers/auth/omniauth_callbacks_controller.rb: fix variable name to `@user`
2021-08-23Bump eslint-plugin-import from 2.24.0 to 2.24.1 (#16635)dependabot[bot]
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23Bump ws from 8.1.0 to 8.2.0 (#16636)dependabot[bot]
Bumps [ws](https://github.com/websockets/ws) from 8.1.0 to 8.2.0. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0) --- updated-dependencies: - dependency-name: ws dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 (#16590)dependabot[bot]
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.14.5 to 7.15.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20Merge pull request #1589 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2021-08-20Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-20Fix “discoverable” account setting being tied to profile directory (#16637)Claire
2021-08-20Merge pull request #1588 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2021-08-20[Glitch] Fix crash if a notification contains an unprocessed media attachmentClaire
Port 0c24c865b785a557f43125c976090e271247a2b1 to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20[Glitch] Fix download button color in audio playerClaire
Port aaf24d3093d565461b0051d2238d8b74db63a041 to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-08-20Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-08-20Make sure nginx always send HSTS header (#16633)Peter Dave Hello
By default, it'll only send those headers when the response code is one of the following: - 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308 As all the traffics should be https, the http protocol only exists to do 301 redirect, and always send the HSTS header is almost one of the best practices, we should set nginx to do so. Reference: - https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header - https://ssl-config.mozilla.org/
2021-08-20Add tests for SuspendAccountService and UnsuspendAccountService (#16627)Claire
* Add tests for SuspendAccountService * Add tests for UnsuspendAccountService
2021-08-20Bump rspec-rails from 5.0.1 to 5.0.2 (#16622)dependabot[bot]
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/rspec/rspec-rails/releases) - [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md) - [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.1...v5.0.2) --- updated-dependencies: - dependency-name: rspec-rails dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20Bump sass from 1.37.0 to 1.38.0 (#16623)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.37.0 to 1.38.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.37.0...1.38.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20Bump fast_blank from 1.0.0 to 1.0.1 (#16621)dependabot[bot]
Bumps [fast_blank](https://github.com/SamSaffron/fast_blank) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/SamSaffron/fast_blank/releases) - [Commits](https://github.com/SamSaffron/fast_blank/compare/1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: fast_blank dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20Disable nginx ssl_session_tickets for better security (#16632)Peter Dave Hello
It's default turned on, but it's better to turn it off for security reason. Reference: - https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets - https://github.com/mozilla/server-side-tls/issues/135
2021-08-20Fix remotely-suspended accounts' toots being merged back into timelines (#16628)Claire
* Fix remotely-suspended accounts' toots being merged back into timelines * Mark remotely-deleted accounts as remotely suspended
2021-08-20Fix #16603 (#16605)Holger
Fix issue #16603 undefined method `serialize_payload' for Unsuspend Account Service error. It seems that this service forgot to `include Payloadable` so that `serialize_payload` could not be found in this service.