| Age | Commit message (Collapse) | Author |
|---|
|
Bumps [use-latest](https://github.com/Andarist/use-latest) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/Andarist/use-latest/releases)
- [Commits](https://github.com/Andarist/use-latest/compare/v1.0.0...v1.1.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.75.0 to 1.76.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.8.2 to 4.9.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.8.2...v4.9.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) from 1.1.6 to 1.1.7.
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.6...v1.1.7)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.10.5 to 7.11.1.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.11.1/packages/babel-core)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
It seems that years ago, the “http” gem dependend on the “http_parser.rb” gem
(it now depends on the “http-parser” gem), and, still years ago, we pulled
it from git in order to benefit from a bugfix that wasn't released yet (#7467).
|
|
|
|
Fixes #1406
|
|
|
|
Port 7dc4c742650ac69ec9a4459b656e172283511e4c to glitch-soc
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
|
|
Port d70c3ab4c39e642d41138ab693af77dd6c258e8c to glitch-soc
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
|
|
|
|
* Increase DNS timeout from 1 second to 5 seconds for MX check
1 seconds is rather short when using a recursive DNS resolver which
hasn't got a cached result already available. Use 5 seconds instead,
which is the timeout value we use for outgoing HTTP queries.
* Add more precise error messages for invalid e-mail addresses
|
|
* Fix client-side username validation at registration
It used the Account::USERNAME_RE regexp which is for *remote* users,
local user validation is stricter. Also take into account max username length.
* Add client-side form validation for password change
* Add client-side form validation to dedicated registration form
Previous changes only applied to the /about page, not the dedicated form on
/auth
|
|
* Add HTML-level validation of username in sign-up form
* Make required fields with incorrect values more visible
* Enable HTML form validation for the registration form
* Mark agreement checkbox as required client-side
* Add minimum length to password
* Add client-side password confirmation validation
|
|
|
|
Bumps [jest](https://github.com/facebook/jest) from 26.4.0 to 26.4.2.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/compare/v26.4.0...v26.4.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@clusterws/cws](https://github.com/ClusterWS/cWS) from 2.0.0 to 3.0.0.
- [Release notes](https://github.com/ClusterWS/cWS/releases)
- [Changelog](https://github.com/ClusterWS/cWS/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ClusterWS/cWS/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.13.0 to 4.14.0.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/master/CHANGELOG.md)
- [Commits](https://github.com/browserslist/browserslist/compare/4.13.0...4.14.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [create-ecdh](https://github.com/crypto-browserify/createECDH) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/crypto-browserify/createECDH/releases)
- [Commits](https://github.com/crypto-browserify/createECDH/compare/v4.0.3...v4.0.4)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 3.6.0 to 4.2.2.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v3.6.0...v4.2.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [compression-webpack-plugin](https://github.com/webpack-contrib/compression-webpack-plugin) from 4.0.0 to 5.0.1.
- [Release notes](https://github.com/webpack-contrib/compression-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/compression-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/compression-webpack-plugin/compare/v4.0.0...v5.0.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* Bump imports-loader from 0.8.0 to 1.1.0
Bumps [imports-loader](https://github.com/webpack-contrib/imports-loader) from 0.8.0 to 1.1.0.
- [Release notes](https://github.com/webpack-contrib/imports-loader/releases)
- [Changelog](https://github.com/webpack-contrib/imports-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/imports-loader/compare/v0.8.0...v1.1.0)
Signed-off-by: dependabot[bot] <support@github.com>
* Migrate new syntax
* Add semicolon
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
Bumps [sass-loader](https://github.com/webpack-contrib/sass-loader) from 8.0.2 to 9.0.3.
- [Release notes](https://github.com/webpack-contrib/sass-loader/releases)
- [Changelog](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/sass-loader/compare/v8.0.2...v9.0.3)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [aggregate-error](https://github.com/sindresorhus/aggregate-error) from 3.0.1 to 3.1.0.
- [Release notes](https://github.com/sindresorhus/aggregate-error/releases)
- [Commits](https://github.com/sindresorhus/aggregate-error/compare/v3.0.1...v3.1.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [js-base64](https://github.com/dankogai/js-base64) from 2.6.2 to 2.6.4.
- [Release notes](https://github.com/dankogai/js-base64/releases)
- [Commits](https://github.com/dankogai/js-base64/compare/2.6.2...2.6.4)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [eventemitter3](https://github.com/primus/eventemitter3) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/primus/eventemitter3/releases)
- [Commits](https://github.com/primus/eventemitter3/compare/4.0.4...4.0.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [postgres-date](https://github.com/bendrucker/postgres-date) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/bendrucker/postgres-date/releases)
- [Commits](https://github.com/bendrucker/postgres-date/compare/v1.0.5...v1.0.6)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.8.5 to 9.8.6.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.8.5...9.8.6)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.10.5 to 7.11.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.11.2/packages/babel-runtime)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.10.5 to 7.11.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.11.0/packages/babel-plugin-transform-runtime)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [browserify-sign](https://github.com/crypto-browserify/browserify-sign) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/crypto-browserify/browserify-sign/releases)
- [Commits](https://github.com/crypto-browserify/browserify-sign/compare/v4.2.0...v4.2.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 26.1.0 to 26.3.0.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v26.3.0/packages/babel-jest)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [copy-webpack-plugin](https://github.com/webpack-contrib/copy-webpack-plugin) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/webpack-contrib/copy-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/copy-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/copy-webpack-plugin/compare/v6.0.2...v6.0.3)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [minizlib](https://github.com/isaacs/minizlib) from 2.1.0 to 2.1.2.
- [Release notes](https://github.com/isaacs/minizlib/releases)
- [Commits](https://github.com/isaacs/minizlib/compare/v2.1.0...v2.1.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [webpack](https://github.com/webpack/webpack) from 4.44.0 to 4.44.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.44.0...v4.44.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [net-ldap](https://github.com/ruby-ldap/ruby-net-ldap) from 0.16.2 to 0.16.3.
- [Release notes](https://github.com/ruby-ldap/ruby-net-ldap/releases)
- [Changelog](https://github.com/ruby-ldap/ruby-net-ldap/blob/master/History.rdoc)
- [Commits](https://github.com/ruby-ldap/ruby-net-ldap/compare/v0.16.2...v0.16.3)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [elasticsearch](https://github.com/elastic/elasticsearch-ruby) from 7.8.1 to 7.9.0.
- [Release notes](https://github.com/elastic/elasticsearch-ruby/releases)
- [Changelog](https://github.com/elastic/elasticsearch-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/elastic/elasticsearch-ruby/compare/v7.8.1...v7.9.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [elasticsearch-transport](https://github.com/elastic/elasticsearch-ruby) from 7.8.1 to 7.9.0.
- [Release notes](https://github.com/elastic/elasticsearch-ruby/releases)
- [Changelog](https://github.com/elastic/elasticsearch-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/elastic/elasticsearch-ruby/compare/v7.8.1...v7.9.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/resque/redis-namespace/releases)
- [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/redis-namespace/compare/v1.7.0...v1.8.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/jwt/ruby-jwt/releases)
- [Changelog](https://github.com/jwt/ruby-jwt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.2.1...v2.2.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [webpacker](https://github.com/rails/webpacker) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v5.2.0...v5.2.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [oj](https://github.com/ohler55/oj) from 3.10.8 to 3.10.12.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.8...v3.10.12)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) from 3.104.3 to 3.104.4.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-core/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
DISTINCT clause removes duplicated records according to all the selected
attributes. In reality, it can remove duplicated records only looking at
statuses.id, but the clause confuses the query planner and yields
insufficient performance.
The behavior is also problematic if the scope produced by HashQueryService
is used to query columns without id (using pluck method, for example). The
scope is expected to contain unique statuses, but the uniquness will be
evaluated with some arbitrary columns other than id.
GROUP BY clause resolves those problem by explicitly specifying the
column to take into account for the record distinction.
A workaround for the problem of DISTINCT clause in
Api::V1::Timelines::TagController is no longer necessary and removed.
|
|
This is a leftover for the work done in #14466.
|
|
libssl-dev is provided with the stack image in build time and
conflicts in building openssl Gem for webauthn Gem added with #14466.
|
|
And bring the whole thing closer to upstream's code.
|
|
* Add support for latest HTTP Signatures spec draft
https://www.ietf.org/id/draft-ietf-httpbis-message-signatures-00.html
- add support for the “hs2019” signature algorithm (assumed to be equivalent
to RSA-SHA256, since we do not have a mechanism to specify the algorithm
within the key metadata yet)
- add support for (created) and (expires) pseudo-headers and related
signature parameters, when using the hs2019 signature algorithm
- adjust default “headers” parameter while being backwards-compatible with
previous implementation
- change the acceptable time window logic from 12 hours surrounding the “date”
header to accepting signatures created up to 1 hour in the future and
expiring up to 1 hour in the past (but only allowing expiration dates up to
12 hours after the creation date)
This doesn't conform with the current draft, as it doesn't permit accounting
for clock skew.
This, however, should be addressed in a next version of the draft:
https://github.com/httpwg/http-extensions/pull/1235
* Add additional signature requirements
* Rewrite signature params parsing using Parslet
* Make apparent which signature algorithm Mastodon on verification failure
Mastodon uses RSASSA-PKCS1-v1_5, which is not recommended for new applications,
and new implementers may thus unknowingly use RSASSA-PSS.
* Add workaround for PeerTube's invalid signature header
The previous parser allowed incorrect Signature headers, such as
those produced by old versions of the `http-signature` node.js package,
and seemingly used by PeerTube.
This commit adds a workaround for that.
* Fix `signature_key_id` raising an exception
Previously, parsing failures would result in `signature_key_id` being nil,
but the parser changes made that result in an exception.
This commit changes the `signature_key_id` method to return `nil` in case
of parsing failures.
* Move extra HTTP signature helper methods to private methods
* Relax (request-target) requirement to (request-target) || digest
This lets requests from Plume work without lowering security significantly.
|
|
|
