about summary refs log tree commit diff
AgeCommit message (Collapse)Author
2021-11-11Fix "bundle exec rails mastodon:setup" crashing in some circumstances (#16976)Claire
Fix regression from #16896
2021-11-06[CircleCI] Test using Postgres 14 (#16948)Shlee
* Update config.yml * Update config.yml
2021-11-06Forward port version bumps to 3.4.2 and 3.4.3 (#16945)Eugen Rochko
* Bump version to 3.4.2 * Bump version to 3.4.3
2021-11-06Merge pull request #1628 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2021-11-06Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-11-06Fix reviving revoked sessions and invalidating login (#16943)Claire
Up until now, we have used Devise's Rememberable mechanism to re-log users after the end of their browser sessions. This mechanism relies on a signed cookie containing a token. That token was stored on the user's record, meaning it was shared across all logged in browsers, meaning truly revoking a browser's ability to auto-log-in involves revoking the token itself, and revoking access from *all* logged-in browsers. We had a session mechanism that dynamically checks whether a user's session has been disabled, and would log out the user if so. However, this would only clear a session being actively used, and a new one could be respawned with the `remember_user_token` cookie. In practice, this caused two issues: - sessions could be revived after being closed from /auth/edit (security issue) - auto-log-in would be disabled for *all* browsers after logging out from one of them This PR removes the `remember_token` mechanism and treats the `_session_id` cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06Fix AccountNote not having a maximum length (#16942)Claire
2021-11-05Add support for structured data and more OpenGraph tags to link cards (#16938)Eugen Rochko
Save preview cards under their canonical URL Increase max redirects to follow from 2 to 3
2021-11-05Fix handling announcements with links (#16941)Claire
Broken since #15827
2021-11-04Fix statuses order in account's statuses admin page (#16937)Jeong Arm
2021-11-02Bump @babel/preset-env from 7.15.8 to 7.16.0 (#16923)dependabot[bot]
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.15.8 to 7.16.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.0/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump @babel/preset-react from 7.14.5 to 7.16.0 (#16926)dependabot[bot]
Bumps [@babel/preset-react](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-react) from 7.14.5 to 7.16.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.0/packages/babel-preset-react) --- updated-dependencies: - dependency-name: "@babel/preset-react" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump @babel/plugin-proposal-decorators from 7.15.8 to 7.16.0 (#16924)dependabot[bot]
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.15.8 to 7.16.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.0/packages/babel-plugin-proposal-decorators) --- updated-dependencies: - dependency-name: "@babel/plugin-proposal-decorators" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump @babel/plugin-transform-runtime from 7.15.8 to 7.16.0 (#16927)dependabot[bot]
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.15.8 to 7.16.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.0/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump reselect from 4.0.0 to 4.1.1 (#16931)dependabot[bot]
Bumps [reselect](https://github.com/reduxjs/reselect) from 4.0.0 to 4.1.1. - [Release notes](https://github.com/reduxjs/reselect/releases) - [Changelog](https://github.com/reduxjs/reselect/blob/master/CHANGELOG.md) - [Commits](https://github.com/reduxjs/reselect/compare/v4.0.0...v4.1.1) --- updated-dependencies: - dependency-name: reselect dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump sass from 1.43.3 to 1.43.4 (#16922)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.43.3 to 1.43.4. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.43.3...1.43.4) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump redux-thunk from 2.3.0 to 2.4.0 (#16932)dependabot[bot]
Bumps [redux-thunk](https://github.com/reduxjs/redux-thunk) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/reduxjs/redux-thunk/releases) - [Commits](https://github.com/reduxjs/redux-thunk/compare/v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: redux-thunk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump redux from 4.1.1 to 4.1.2 (#16928)dependabot[bot]
Bumps [redux](https://github.com/reduxjs/redux) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/reduxjs/redux/releases) - [Changelog](https://github.com/reduxjs/redux/blob/master/CHANGELOG.md) - [Commits](https://github.com/reduxjs/redux/compare/v4.1.1...v4.1.2) --- updated-dependencies: - dependency-name: redux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump brakeman from 5.1.1 to 5.1.2 (#16920)dependabot[bot]
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/compare/v5.1.1...v5.1.2) --- updated-dependencies: - dependency-name: brakeman dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump @babel/runtime from 7.15.4 to 7.16.0 (#16930)dependabot[bot]
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.15.4 to 7.16.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.0/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump @babel/plugin-transform-react-inline-elements from 7.14.5 to 7.16.0 ↵dependabot[bot]
(#16929) Bumps [@babel/plugin-transform-react-inline-elements](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-react-inline-elements) from 7.14.5 to 7.16.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.0/packages/babel-plugin-transform-react-inline-elements) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-react-inline-elements" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-02Bump @babel/core from 7.15.8 to 7.16.0 (#16925)dependabot[bot]
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.15.8 to 7.16.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.0/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Skip blocked domains media on tootctl media refresh (#16914)Jeong Arm
2021-10-28ran `yarn manage:translations en` (#16912)mayaeh
2021-10-28Bump rubocop from 1.22.1 to 1.22.3 (#16913)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.22.1 to 1.22.3. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.22.1...v1.22.3) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump babel-loader from 8.2.2 to 8.2.3 (#16906)dependabot[bot]
Bumps [babel-loader](https://github.com/babel/babel-loader) from 8.2.2 to 8.2.3. - [Release notes](https://github.com/babel/babel-loader/releases) - [Changelog](https://github.com/babel/babel-loader/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel-loader/compare/v8.2.2...v8.2.3) --- updated-dependencies: - dependency-name: babel-loader dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump react-redux from 7.2.5 to 7.2.6 (#16904)dependabot[bot]
Bumps [react-redux](https://github.com/reduxjs/react-redux) from 7.2.5 to 7.2.6. - [Release notes](https://github.com/reduxjs/react-redux/releases) - [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md) - [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.5...v7.2.6) --- updated-dependencies: - dependency-name: react-redux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump eslint-plugin-promise from 5.1.0 to 5.1.1 (#16905)dependabot[bot]
Bumps [eslint-plugin-promise](https://github.com/xjamundx/eslint-plugin-promise) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/xjamundx/eslint-plugin-promise/releases) - [Changelog](https://github.com/xjamundx/eslint-plugin-promise/blob/development/CHANGELOG.md) - [Commits](https://github.com/xjamundx/eslint-plugin-promise/commits) --- updated-dependencies: - dependency-name: eslint-plugin-promise dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump tzinfo-data from 1.2021.4 to 1.2021.5 (#16903)dependabot[bot]
Bumps [tzinfo-data](https://github.com/tzinfo/tzinfo-data) from 1.2021.4 to 1.2021.5. - [Release notes](https://github.com/tzinfo/tzinfo-data/releases) - [Commits](https://github.com/tzinfo/tzinfo-data/compare/v1.2021.4...v1.2021.5) --- updated-dependencies: - dependency-name: tzinfo-data dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump sass from 1.43.2 to 1.43.3 (#16902)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.43.2 to 1.43.3. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.43.2...1.43.3) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump axios from 0.23.0 to 0.24.0 (#16901)dependabot[bot]
Bumps [axios](https://github.com/axios/axios) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump rubocop from 1.22.1 to 1.22.2 (#16900)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.22.1 to 1.22.2. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.22.1...v1.22.2) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump aws-sdk-s3 from 1.103.0 to 1.104.0 (#16899)dependabot[bot]
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.103.0 to 1.104.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-28Bump capybara from 3.35.3 to 3.36.0 (#16898)dependabot[bot]
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.35.3 to 3.36.0. - [Release notes](https://github.com/teamcapybara/capybara/releases) - [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md) - [Commits](https://github.com/teamcapybara/capybara/compare/3.35.3...3.36.0) --- updated-dependencies: - dependency-name: capybara dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-25Merge pull request #1625 from ClearlyClaire/glitch-soc/merge-upstreamClaire
Merge upstream changes
2021-10-25[Glitch] Split context for filter bar and unread markersSasha Sorokin
Port 11d4f9eefc7b40df84baceff9b2e0747887b23ec to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-10-25[Glitch] Enhance dashboard stylesMashiro
Port b58d32cfe259d95ef28a61cbd863336350f2a3d9 to glitch-soc Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2021-10-25Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `.env.production.sample`: Upstream added new configuration options, uncommented by default. Commented them. - `Gemfile.lock`: Upstream updated dependencies textually close to glitch-soc-specific dependencies. Updated those upstream dependencies.
2021-10-25Merge pull request #1624 from atsu1125/glitch-translateClaire
translation glitch's web interface [ja]
2021-10-25Fix mastodon:setup to take dotenv/docker-compose differences into account ↵Claire
(#16896) In order to work around https://github.com/mastodon/mastodon/issues/16895, add a warning to .env.production.sample, and change the mastodon:setup rake task to: - output a warning if a variable will be interpreted differently by dotenv and docker-compose - ensure the printed config is compatible with docker-compose
2021-10-25Split context for filter bar and unread markers (#16865)Sasha Sorokin
On notifications page, in settings, "Show" for quick filter bar and unread notifications markers use the same string, while being placed in the separate contexts - under different settings categories. This commit splits the contexts, creating new strings: - "Show filter bar" in place of "Show" for filter bar; - "Highlight unread notifications" in place of "Show" for unread notification markers, which are now simply called "Highlighting"; - There's also "Unread notifications" in place of "Unread notification markers" string to accompany the changes to "Show" string under that category. All new strings have new IDs, which will cause previous strings to invalidate on the next translation update and new strings to be created. This will help Mastodon translators to know that there are changes and improve translation in accordance to the source string update.
2021-10-25templates/systemd/mastodon: update sandbox mode (#16235)Yurii Izorkin
* templates/systemd/mastodon: add new sandboxing options * templates/systemd/mastodon: add '@privileged' and remove duplicates SystemCallFilters * templates/systemd/mastodon: add '@ipc' SystemCallFilter * templates/systemd/mastodon: add '@memlock' SystemCallFilter * templates/systemd/mastodon: allow '@resources' filter to mastodon-web service
2021-10-24Support authentication for ElasticSearch (#16890)Jeong Arm
* Support authentication for ElasticSearch * Fix chewy auth settings
2021-10-24translation glitch's web interface [ja]atsu1125
Squashed commit of the following: commit f8c339b4dafd7347c5e824191dbf28d770d6583d Author: atsuchan <83960488+atsu1125@users.noreply.github.com> Date: Sat Oct 23 20:24:28 2021 +0900 translation glitch's web interface [ja] commit a9520d5c5fb21490fa66c51bf1063f1edb9150ff Author: atsu1125 <mastodon@atsuchan.page> Date: Sat Oct 23 15:21:55 2021 +0900 translation glitch's web interface [ja] commit 699848f2abff24be149c4a1c623df8b920ef2ed9 Author: atsu1125 <mastodon@atsuchan.page> Date: Sat Oct 23 13:23:39 2021 +0900 translation glitch's web interface [ja]
2021-10-21Fix some link previews being incorrectly generated from other prior links ↵Claire
(#16885) * Add tests * Fix some link previews being incorrectly generated from different prior links PR #12403 added a cache to avoid redundant queries when the OEmbed endpoint can be guessed from the URL. This caching mechanism is not perfectly correct as there is no guarantee that all pages from a given domain share the same OEmbed provider endpoint. This PR prevents the FetchOEmbedService from caching OEmbed endpoint that cannot be generalized by replacing a fully-qualified URL from the endpoint's parameters, greatly reducing the number of incorrect cached generalizations.
2021-10-21Enhance dashboard styles (#16884)Mashiro
* Display sparkline graph on Chrome * Heatmap auto overflow * Change grid columns number on small screen * Please codeclimate bot * Remove graph height
2021-10-21Add support for fetching Create and Announce activities by URI (#16383)Claire
* Add support for fetching Create and Announce activities by URI This should improve compatibility with ZAP and offer a way to fetch boosts, which is currently not possible. * Add tests
2021-10-20Merge pull request #1623 from atsu1125/glitch-translateClaire
Translation glitch's interface [ja]
2021-10-20translation glitch's preferences [ja]atsu1125
2021-10-20translation glitch's client setting interface [ja]atsu1125