| Age | Commit message (Collapse) | Author |
|---|
|
Conflicts:
- `CHANGELOG.md`:
Upstream added newlines.
Conflicts are because the CHANGELOG was independently merged from 3.4.6 on
last security update.
Took upstream's version.
- `app/helpers/context_helper.rb`:
Conflicts because of extra vocabulary in glitch-soc. The conflicts were
actually handled in last security merge.
Kept our version.
|
|
* Add tests
* Fix instance actor not being dereferenceable
* Fix tests
* Fix tests for real
|
|
|
|
ClearlyClaire/glitch-soc/fixes/robust-theme-fallback
Make theme-selection fall back to default ones if configured is not found
|
|
|
|
|
|
|
|
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1)
---
updated-dependencies:
- dependency-name: brakeman
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [redis](https://github.com/redis/node-redis) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3)
---
updated-dependencies:
- dependency-name: redis
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1)
---
updated-dependencies:
- dependency-name: sidekiq-scheduler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases)
- [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4)
---
updated-dependencies:
- dependency-name: http-link-header
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Co-authored-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
Merge upstream changes
|
|
(#17428)
|
|
|
|
Co-authored-by: Puck Meerburg <puck@puck.moe>
|
|
|
|
|
|
|
|
|
|
Merge upstream changes
|
|
|
|
Co-authored-by: Renovate Bot <bot@renovateapp.com>
|
|
Follow-up to #16409
|
|
|
|
|
|
Merge upstream changes
|
|
|
|
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
|
|
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
|
|
|
|
Merge upstream changes
|
|
quirks (#17398)
|
|
|
|
* Fix some old migration scripts
* Fix edge case in two-step migration from older releases
|
|
Fixes #17382
Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
|
|
Merge upstream changes
|
|
|
|
Conflicts:
- `Gemfile.lock`:
Upstream-updated lib textually too close to glitch-soc-only dep.
Updated like upstream.
|
|
* Change account and user fabricators to simplify and improve tests
- `Fabricate(:account)` implicitly fabricates an associated `user` if
no `domain` attribute is given (an account with `domain: nil` is
considered a local account, but no user record was created), unless
`user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
but is discouraged.
* Fix and refactor tests
- avoid passing unneeded attributes to `Fabricate(:user)` or
`Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
way around
- prefer `Fabricate(:user, account_attributes: …)` to
`Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
not representative of production code.
|
|
* Fix Sidekiq warnings about JSON serialization
This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.
See https://github.com/mperham/sidekiq/pull/5071
We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.
* Set Sidekiq to raise on unsafe arguments in test mode
In order to more easily catch issues that would produce warnings in production
code.
|
|
|
|
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.3...v1.3.0)
---
updated-dependencies:
- dependency-name: pg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [axios](https://github.com/axios/axios) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.24.0...v0.25.0)
---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [rdf-normalize](https://github.com/ruby-rdf/rdf-normalize) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/ruby-rdf/rdf-normalize/releases)
- [Commits](https://github.com/ruby-rdf/rdf-normalize/compare/0.4.0...0.5.0)
---
updated-dependencies:
- dependency-name: rdf-normalize
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Conflicts:
- `config/environments/production.rb`:
Upstream changed a header but we had different default headers.
Applied the same change, and also dropped HSTS headers redundant with
Rails'.
|
|
Because `FanOutOnWriteService#update?` was broken, edits were considered as new
toots and a regular `update` payload was sent.
|
|
|
|
Fix #17344
|
