about summary refs log tree commit diff
AgeCommit message (Collapse)Author
2021-09-19Bump @babel/preset-env from 7.15.4 to 7.15.6 (#16742)dependabot[bot]
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.15.4 to 7.15.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.6/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-19Bump bootsnap from 1.6.0 to 1.8.1 (#16677)dependabot[bot]
* Bump bootsnap from 1.6.0 to 1.8.1 Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.6.0 to 1.8.1. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md) - [Commits](https://github.com/Shopify/bootsnap/compare/v1.6.0...v1.8.1) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Remove deprecated bootsnap config options Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2021-09-15Fix followers synchronization mechanism not working when URI has empty path ↵Claire
(#16744) Follow-up to #16510, forgot the controller exposing the actual followers…
2021-09-14Bump rubocop-rails from 2.11.3 to 2.12.2 (#16734)dependabot[bot]
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.11.3 to 2.12.2. - [Release notes](https://github.com/rubocop/rubocop-rails/releases) - [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.11.3...v2.12.2) --- updated-dependencies: - dependency-name: rubocop-rails dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-14Bump rubocop from 1.20.0 to 1.21.0 (#16733)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.20.0 to 1.21.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.20.0...v1.21.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-14Bump http from 5.0.1 to 5.0.2 (#16732)dependabot[bot]
Bumps [http](https://github.com/httprb/http) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/httprb/http/releases) - [Changelog](https://github.com/httprb/http/blob/main/CHANGES.md) - [Commits](https://github.com/httprb/http/compare/v5.0.1...v5.0.2) --- updated-dependencies: - dependency-name: http dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-13Update Dockerfile (#16696)Shlee
2021-09-13Fix some Rails frameworks being unnecessarily loaded (#16725)Claire
Saves about 10MiB of memory usage at boot
2021-09-13Stop setting a shortcode to newly-created media attachments (#16730)Claire
* Stop setting a shortcode to newly-created media attachments The WebUI has stopped using the “short media URL” in ages. This isn't used anywhere except for mail notifications. Deprecating it would allow us to eventually get rid of at least a database column and corruption-prone index, as well as a controller. * Fix tests
2021-09-10Bump ruby-saml from 1.11.0 to 1.13.0 (#16723)Claire
Fixes #16720
2021-09-10Bump @babel/plugin-proposal-decorators from 7.14.5 to 7.15.4 (#16711)dependabot[bot]
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.14.5 to 7.15.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-plugin-proposal-decorators) --- updated-dependencies: - dependency-name: "@babel/plugin-proposal-decorators" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-10Bump @babel/preset-env from 7.15.0 to 7.15.4 (#16706)dependabot[bot]
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.15.0 to 7.15.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump devise-two-factor from 4.0.0 to 4.0.1 (#16705)dependabot[bot]
Bumps [devise-two-factor](https://github.com/tinfoil/devise-two-factor) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/tinfoil/devise-two-factor/releases) - [Changelog](https://github.com/tinfoil/devise-two-factor/blob/main/CHANGELOG.md) - [Commits](https://github.com/tinfoil/devise-two-factor/compare/v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: devise-two-factor dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump sass from 1.38.2 to 1.39.0 (#16707)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.38.2 to 1.39.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.38.2...1.39.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump axios from 0.21.1 to 0.21.4 (#16709)dependabot[bot]
Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.4. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.4) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump @babel/runtime from 7.15.3 to 7.15.4 (#16710)dependabot[bot]
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.15.3 to 7.15.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump react-redux from 7.2.4 to 7.2.5 (#16708)dependabot[bot]
Bumps [react-redux](https://github.com/reduxjs/react-redux) from 7.2.4 to 7.2.5. - [Release notes](https://github.com/reduxjs/react-redux/releases) - [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md) - [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.4...v7.2.5) --- updated-dependencies: - dependency-name: react-redux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump npmlog from 5.0.0 to 5.0.1 (#16704)dependabot[bot]
Bumps [npmlog](https://github.com/npm/npmlog) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/npm/npmlog/releases) - [Changelog](https://github.com/npm/npmlog/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/npmlog/compare/v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: npmlog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump oj from 3.13.2 to 3.13.4 (#16703)dependabot[bot]
Bumps [oj](https://github.com/ohler55/oj) from 3.13.2 to 3.13.4. - [Release notes](https://github.com/ohler55/oj/releases) - [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md) - [Commits](https://github.com/ohler55/oj/compare/v3.13.2...v3.13.4) --- updated-dependencies: - dependency-name: oj dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump aws-sdk-s3 from 1.100.0 to 1.102.0 (#16702)dependabot[bot]
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.100.0 to 1.102.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09Bump @babel/core from 7.15.0 to 7.15.5 (#16712)dependabot[bot]
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.15.0 to 7.15.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.5/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-08use relative path for `scope` (#16714)Holger
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
2021-09-08Fix addressing of remote groups' followers (#16700)Claire
Fixes #16699
2021-09-04Fix suspicious sign-in mail text being out of date (#16690)Claire
Fixes #16687
2021-09-01Fix processing mentions to domains with non-ascii TLDs (#16689)Claire
Fixes #16602
2021-09-01Bump eslint-plugin-react from 7.24.0 to 7.25.1 (#16680)dependabot[bot]
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.24.0 to 7.25.1. - [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases) - [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md) - [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.24.0...v7.25.1) --- updated-dependencies: - dependency-name: eslint-plugin-react dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-01Bump tar from 6.1.3 to 6.1.11 (#16685)dependabot[bot]
Bumps [tar](https://github.com/npm/node-tar) from 6.1.3 to 6.1.11. - [Release notes](https://github.com/npm/node-tar/releases) - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-tar/compare/v6.1.3...v6.1.11) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump rqrcode from 2.0.0 to 2.1.0 (#16678)dependabot[bot]
Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/whomwah/rqrcode/releases) - [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md) - [Commits](https://github.com/whomwah/rqrcode/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: rqrcode dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump rubocop from 1.19.1 to 1.20.0 (#16674)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.1 to 1.20.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.19.1...v1.20.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump nokogiri from 1.12.3 to 1.12.4 (#16675)dependabot[bot]
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.3 to 1.12.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.3...v1.12.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump aws-sdk-s3 from 1.99.0 to 1.100.0 (#16676)dependabot[bot]
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.99.0 to 1.100.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31Bump ws from 8.2.0 to 8.2.1 (#16679)dependabot[bot]
Bumps [ws](https://github.com/websockets/ws) from 8.2.0 to 8.2.1. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/8.2.0...8.2.1) --- updated-dependencies: - dependency-name: ws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29Bump sass from 1.38.0 to 1.38.2 (#16671)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.38.0 to 1.38.2. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.38.0...1.38.2) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29Bump eslint-plugin-import from 2.24.1 to 2.24.2 (#16668)dependabot[bot]
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.1 to 2.24.2. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.1...v2.24.2) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump url-parse from 1.5.1 to 1.5.3 (#16666)dependabot[bot]
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.1 to 1.5.3. - [Release notes](https://github.com/unshiftio/url-parse/releases) - [Commits](https://github.com/unshiftio/url-parse/compare/1.5.1...1.5.3) --- updated-dependencies: - dependency-name: url-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump color-string from 1.5.3 to 1.6.0 (#16665)dependabot[bot]
Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0. - [Release notes](https://github.com/Qix-/color-string/releases) - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md) - [Commits](https://github.com/Qix-/color-string/commits/1.6.0) --- updated-dependencies: - dependency-name: color-string dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump http from 4.4.1 to 5.0.1 (#16438)dependabot[bot]
Bumps [http](https://github.com/httprb/http) from 4.4.1 to 5.0.1. - [Release notes](https://github.com/httprb/http/releases) - [Changelog](https://github.com/httprb/http/blob/master/CHANGES.md) - [Commits](https://github.com/httprb/http/compare/v4.4.1...v5.0.1) --- updated-dependencies: - dependency-name: http dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump y18n from 4.0.0 to 4.0.3 (#16664)dependabot[bot]
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3) --- updated-dependencies: - dependency-name: y18n dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28Bump jest from 26.6.3 to 27.1.0 (#16376)dependabot[bot]
* Bump jest from 26.6.3 to 27.0.4 Bumps [jest](https://github.com/facebook/jest) from 26.6.3 to 27.0.4. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/compare/v26.6.3...v27.0.4) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Set test environment for jest * Remove unnecessary ext * Bump jest from 27.0.4 to 27.1.0 * Remove --coverage option Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-08-28Bump sidekiq from 6.2.1 to 6.2.2 (#16647)dependabot[bot]
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27Bump webpacker from 5.4.0 to 5.4.2 (#16648)dependabot[bot]
Bumps [webpacker](https://github.com/rails/webpacker) from 5.4.0 to 5.4.2. - [Release notes](https://github.com/rails/webpacker/releases) - [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2) --- updated-dependencies: - dependency-name: webpacker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27Bump faker from 2.18.0 to 2.19.0 (#16646)dependabot[bot]
Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27Bump rubocop from 1.19.0 to 1.19.1 (#16649)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-26Explicitly set userVerification to discoraged (#16545)Truong Nguyen
2021-08-25Fix authentication failures after going halfway through a sign-in attempt ↵Claire
(#16607) * Add tests * Add security-related tests My first (unpublished) attempt at fixing the issues introduced (extremely hard-to-exploit) security vulnerabilities, addressing them in a test. * Fix authentication failures after going halfway through a sign-in attempt * Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED (#16655)Daniel
When using a CAS server, the users only have a temporary email `change@me-foo-cas.com` which can't be changed but by an administrator. We need a new environment variable like for SAML to assume the email from CAS is verified. * config/initializers/omniauth.rb: define CAS option for assuming email are always verified. * .env.nanobox: add new variable as an example.
2021-08-26Bump rails from 6.1.4 to 6.1.4.1 (#16650)dependabot[bot]
Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1. - [Release notes](https://github.com/rails/rails/releases) - [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-25Fix follow request count to dynamically update (#16652)matildepark
2021-08-25Fix undefined variable for Auth::OmniauthCallbacksController (#16654)Daniel
The addition of authentication history broke the omniauth login with the following error: method=GET path=/auth/auth/cas/callback format=html controller=Auth::OmniauthCallbacksController action=cas status=500 error='NameError: undefined local variable or method `user' for #<Auth::OmniauthCallbacksController:0x00000000036290> Did you mean? @user' duration=435.93 view=0.00 db=36.19 * app/controllers/auth/omniauth_callbacks_controller.rb: fix variable name to `@user`
2021-08-23Bump eslint-plugin-import from 2.24.0 to 2.24.1 (#16635)dependabot[bot]
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>