about summary refs log tree commit diff
AgeCommit message (Collapse)Author
2022-02-07Fix Ruby 2.5 incompatibility (#17465)Claire
2022-02-07Fix structured data parsing from links choking on bad data (#17403)Eugen Rochko
* Fix structured data parsing from links choking on bad data - Fix og:url meta tag being prioritized over canonical link tag - Fix structured data parsing choking on commented-out CDATA declarations - Fix HTML entities in title, description, provider_name, author_name - Change structured data parsing to attempt every JSON-LD script tag * Remove unnecessary slash escapes from CDATA regex pattern
2022-02-07Fix replies collection incorrectly looping (#17462)Claire
* Refactor tests * Add tests * Fix replies collection incorrectly looping
2022-02-07Fix errors when multiple Delete are received for a given actor (#17460)Claire
2022-02-06Fix instance actor not being dereferenceable (#17457)Claire
* Add tests * Fix instance actor not being dereferenceable * Fix tests * Fix tests for real
2022-02-05Update build-image.yml (#17454)potpro
2022-02-05Fix error on account relationships page in admin UI (#17444)Eugen Rochko
2022-02-05Bump brakeman from 5.2.0 to 5.2.1 (#17410)dependabot[bot]
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.0 to 5.2.1. - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1) --- updated-dependencies: - dependency-name: brakeman dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05Bump redis from 4.0.2 to 4.0.3 (#17412)dependabot[bot]
Bumps [redis](https://github.com/redis/node-redis) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/redis/node-redis/releases) - [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05Bump sidekiq-scheduler from 3.1.0 to 3.1.1 (#17407)dependabot[bot]
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases) - [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: sidekiq-scheduler dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05Bump http-link-header from 1.0.3 to 1.0.4 (#17414)dependabot[bot]
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header) from 1.0.3 to 1.0.4. - [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases) - [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md) - [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4) --- updated-dependencies: - dependency-name: http-link-header dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03Update tootsuite/mastodon Docker tag to v3.4.6 (#17436)Alexandra Catalina
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-03Forward-port version bump to 3.4.6 (#17434)Eugen Rochko
2022-02-03Fix compacted JSON-LD possibly causing compatibility issues on forwarding ↵Claire
(#17428)
2022-02-03Fix response_to_recipient? CTE (#17427)Claire
2022-02-03Compact JSON-LD signed incoming activities (#17426)Claire
Co-authored-by: Puck Meerburg <puck@puck.moe>
2022-02-01Update tootsuite/mastodon Docker tag to v3.4.5 (#17417)Alexandra Catalina
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-01Fix requiring an extra restart after recent post-deployment migrations (#17422)Claire
Follow-up to #16409
2022-02-01Fixed prototype pollution bug and only allow trusted origin (#17420)Rohan Sharma
2022-01-31Bump version to 3.4.5 (#17402)Claire
2022-01-31Bump NODE_VER to 16.13.2, to solve security issues (#17399)Daniel Jakots
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824. See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
2022-01-30Add more advanced migration tests (#17393)Claire
- populate the database with some data when testing migrations - try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
2022-01-30Change index corruption warning to be a little less scary (#17395)Claire
2022-01-30Fix edge case in migration helpers that caused crash because of PostgreSQL ↵Claire
quirks (#17398)
2022-01-30Fix some old migration scripts (#17394)Claire
* Fix some old migration scripts * Fix edge case in two-step migration from older releases
2022-01-28Change public profile pages to be disabled for unconfirmed users (#17385)Claire
Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API.
2022-01-28Refactor and improve tests (#17386)Claire
* Change account and user fabricators to simplify and improve tests - `Fabricate(:account)` implicitly fabricates an associated `user` if no `domain` attribute is given (an account with `domain: nil` is considered a local account, but no user record was created), unless `user: nil` is passed - `Fabricate(:account, user: Fabricate(:user))` should still be possible but is discouraged. * Fix and refactor tests - avoid passing unneeded attributes to `Fabricate(:user)` or `Fabricate(:account)` - avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other way around - prefer `Fabricate(:user, account_attributes: …)` to `Fabricate(:user, account: Fabricate(:account, …)` - also, some tests were using remote accounts with local user records, which is not representative of production code.
2022-01-28Fix Sidekiq warnings about JSON serialization (#17381)Claire
* Fix Sidekiq warnings about JSON serialization This occurs on every symbol argument we pass, and every symbol key in hashes, because Sidekiq expects strings instead. See https://github.com/mperham/sidekiq/pull/5071 We do not need to change how workers parse their arguments because this has not changed and we were already converting to symbols adequately or using `with_indifferent_access`. * Set Sidekiq to raise on unsafe arguments in test mode In order to more easily catch issues that would produce warnings in production code.
2022-01-27Fix some old database migrations (#17379)Claire
2022-01-27Bump pg from 1.2.3 to 1.3.0 (#17349)dependabot[bot]
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.3 to 1.3.0. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](https://github.com/ged/ruby-pg/compare/v1.2.3...v1.3.0) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27Bump axios from 0.24.0 to 0.25.0 (#17354)dependabot[bot]
Bumps [axios](https://github.com/axios/axios) from 0.24.0 to 0.25.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27Bump rdf-normalize from 0.4.0 to 0.5.0 (#17226)dependabot[bot]
Bumps [rdf-normalize](https://github.com/ruby-rdf/rdf-normalize) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/ruby-rdf/rdf-normalize/releases) - [Commits](https://github.com/ruby-rdf/rdf-normalize/compare/0.4.0...0.5.0) --- updated-dependencies: - dependency-name: rdf-normalize dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-26Fix local distribution of edited statuses (#17380)Claire
Because `FanOutOnWriteService#update?` was broken, edits were considered as new toots and a regular `update` payload was sent.
2022-01-26Add healthcheck for sidekiq (#17365)Su Yang
2022-01-26Fix poll updates being saved as status edits (#17373)Eugen Rochko
Fix #17344
2022-01-25Bump sass from 1.48.0 to 1.49.0 (#17352)dependabot[bot]
Bumps [sass](https://github.com/sass/dart-sass) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.48.0...1.49.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump json-ld-preloaded from 3.1.6 to 3.2.0 (#17353)dependabot[bot]
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.6 to 3.2.0. - [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases) - [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.6...3.2.0) --- updated-dependencies: - dependency-name: json-ld-preloaded dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump fabrication from 2.23.1 to 2.24.0 (#17356)dependabot[bot]
Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.23.1 to 2.24.0. - [Release notes](https://github.com/paulelliott/fabrication/releases) - [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown) - [Commits](https://github.com/paulelliott/fabrication/commits) --- updated-dependencies: - dependency-name: fabrication dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump sidekiq from 6.3.1 to 6.4.0 (#17350)dependabot[bot]
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.3.1 to 6.4.0. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.3.1...v6.4.0) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump @babel/plugin-transform-runtime from 7.16.8 to 7.16.10 (#17361)dependabot[bot]
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.16.8 to 7.16.10. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.10/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump cld3 from 3.4.3 to 3.4.4 (#17357)dependabot[bot]
Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.4.3 to 3.4.4. - [Release notes](https://github.com/akihikodaki/cld3-ruby/releases) - [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.4.3...v3.4.4) --- updated-dependencies: - dependency-name: cld3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump aws-sdk-s3 from 1.111.1 to 1.111.3 (#17368)dependabot[bot]
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.111.1 to 1.111.3. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump bootsnap from 1.10.1 to 1.10.2 (#17367)dependabot[bot]
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.10.1 to 1.10.2. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md) - [Commits](https://github.com/Shopify/bootsnap/compare/v1.10.1...v1.10.2) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump node-fetch from 2.6.1 to 2.6.7 (#17366)dependabot[bot]
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump nanoid from 3.1.23 to 3.2.0 (#17342)dependabot[bot]
Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.23 to 3.2.0. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](https://github.com/ai/nanoid/compare/3.1.23...3.2.0) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump @babel/preset-env from 7.16.8 to 7.16.11 (#17358)dependabot[bot]
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.16.8 to 7.16.11. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.11/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump rubocop from 1.24.1 to 1.25.0 (#17322)dependabot[bot]
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.24.1 to 1.25.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.24.1...v1.25.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump @babel/core from 7.16.7 to 7.16.12 (#17360)dependabot[bot]
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.16.7 to 7.16.12. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.12/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25Bump rails from 6.1.4.1 to 6.1.4.4 (#17159)dependabot[bot]
* Bump rails from 6.1.4.1 to 6.1.4.4 Bumps [rails](https://github.com/rails/rails) from 6.1.4.1 to 6.1.4.4. - [Release notes](https://github.com/rails/rails/releases) - [Commits](https://github.com/rails/rails/compare/v6.1.4.1...v6.1.4.4) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Revert marcel to 1.0.1 Avoid some regression that need to be investigated Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-01-24disable legacy XSS filtering (#17289)Wonderfall
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.