about summary refs log tree commit diff
path: root/Gemfile.lock
AgeCommit message (Collapse)Author
2018-03-06Upgrade chewy to version 5.0.0 (#6649)Yamagishi Kazutoshi
2018-03-02Update omniauth-saml to 1.10 (#6587)Patrick Figel
Fixes CVE-2017-11428
2018-02-28Fix #942: Seamless LDAP login (#6556)Eugen Rochko
2018-02-26remove-uglifier (#6561)masarakki
2018-02-24Raise Mastodon::HostValidationError when host for HTTP request is private ↵Akihiko Odaki
(#6410)
2018-02-21Account archive download (#6460)Eugen Rochko
* Fix #201: Account archive download * Export actor and private key in the archive * Optimize BackupService - Add conversation to cached associations of status, because somehow it was forgotten and is source of N+1 queries - Explicitly call GC between batches of records being fetched (Model class allocations are the worst offender) - Stream media files into the tar in 1MB chunks (Do not allocate media file (up to 8MB) as string into memory) - Use #bytesize instead of #size to calculate file size for JSON (Fix FileOverflow error) - Segment media into subfolders by status ID because apparently GIF-to-MP4 media are all named "media.mp4" for some reason * Keep uniquely generated filename in Paperclip::GifTranscoder * Ensure dumped files do not overwrite each other by maintaing directory partitions * Give tar archives a good name * Add scheduler to remove week-old backups * Fix code style issue
2018-02-21Fix avatar and header issues by using custom geometry detector (#6515)Eugen Rochko
* Fix avatar and header issues by using custom geometry detector Revert a part of #6508. The file passed to dynamic styles method was not actually a file, but an instance of Paperclip::Attachment, which broke all styles by always returning {} from the method. One problem with GIF avatars was that Paperclip::GeometryDetector reported wrong dimensions for them, e.g. 120x120 GIF avatar would for some reason be detected as 120x53. By writing our own geometry parser, we can use FastImage, which also happens to be faster than ImageMagick, to detect image dimensions, which are also correct. Unfortunately, this PR does not implement skipping a `convert` entirely if the dimensions are already correct, as I found no easy way to write that behaviour into Paperclip without rewriting the Paperclip::Thumbnail class. * Only invoke convert if dimension or format needs to be changed
2018-02-16Save video metadata and improve video OpenGraph tags (#6481)Eugen Rochko
* Save metadata from video attachments, put correct dimensions into OG tags * Add twitter:player for videos * Fix code style and test
2018-02-11Interactive `rake mastodon:setup` task (#6451)Eugen Rochko
* Add better CLI prompt * Add rake mastodon:setup interactive wizard * Test db/redis/smtp configurations and add admin user at the end * Test database connection even when database does not exist yet
2018-02-09Full-text search for authorized statuses (#6423)Eugen Rochko
* Add full-text search for authorized statuses - Search API will return statuses that match the query - Only for logged in users - Only if you are author of the status, - Or you were mentioned in it - Or you favourited or reblogged it - Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX` - Run `rails chewy:deploy` to create & populate index Fix #5880 Fix #4293 Fix #1152 * Add commented out docker-compose configuration for ES container * Optimize index import, filter search results * Add basic normalization to the index * Add better stemming and normalization to the index * Skip webfinger request if search query includes both @ and a space * Fix code style * Visually separate search result sections * Fix code style issues
2018-02-04CAS + SAML authentication feature (#6425)Eugen Rochko
* Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
2018-02-02pam authentication (#5303)Alexander
* add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
2018-02-01Upgrade Paperclip > 5.2.1 (#6404)Rob Watson
Mitigation for CVE-2017-0889. https://www.cvedetails.com/cve/CVE-2017-0889/ https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8
2018-01-23Update goldfinger, ostatus2 and http.rb versions (#6337)Eugen Rochko
2018-01-21Redirect to 2FA creation page when otp_secret is not available (#6314)Aboobacker MK
2018-01-19Add support Ruby v2.5.0 (#6097)Yamagishi Kazutoshi
2018-01-16HTML e-mails for UserMailer (#6256)Eugen Rochko
- premailer gem to turn CSS into inline styles automatically - rework UserMailer templates - reword UserMailer templates
2018-01-04Fix OpenSSL dependency in ostatus2 (#6174)Eugen Rochko
2018-01-02Add confirmation step for email changes (#6071)Patrick Figel
* Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes
2017-12-26add ruby-progressbar to gemfile (fixes #6110) (#6111)beatrix
2017-12-09Revert fog-aws (ref #5604) (#5934)Yamagishi Kazutoshi
2017-12-06Remove rabl dependency (#5894)Eugen Rochko
* Remove rabl dependency * Replicate old Oj configuration
2017-12-03Update dependencies for Ruby (2017-12-03) (#5878)Yamagishi Kazutoshi
* Update active_model_serializers to version 0.10.7 * Update capistrano-rails to version 1.3.1 * Update capistrano-rbenv to version 2.1.3 * Update capybara to version 2.16.1 * Update devise-two-factor to version 3.0.2 * Update i18n-tasks to version 0.8.19 * Update ox to version 2.8.2 * Update parallel_tests to version 2.19.0 * Update puma to version 3.11.0 * Update redis-namespace to version 1.6.0 * Update rspec-rails to version 3.7.2 * Update scss_lint to version 0.56.0 * Update webmock to version 3.1.1 * Update webpush to version 0.3.3 * bundle update
2017-11-07Unify file upload to using fog (#5604)Yamagishi Kazutoshi
2017-11-01Revert ruby-jwt version (#5575)K.SHIRAKASHI
jwt 2.1.0 still does not work well. ref. https://github.com/zaru/webpush/issues/42
2017-10-31Update dependencies for Ruby (2017-10-30) (#5566)Yamagishi Kazutoshi
* Update better_errors to version 2.4.0 * Update binding_of_caller to version 0.7.3 * Update bootsnap to version 1.1.5 * Update browser to version 2.5.2 * Update capistrano to version 3.10.0 * Update capistrano-bundler to version 1.3.0 * Update capistrano-rbenv to version 2.1.2 * Update capybara to version 2.15.4 * Update cld3 to version 3.2.1 * Update fabrication to version 2.18.0 * Update fog-openstack to version 0.1.22 * Update kaminari to version 1.1.1 * Update lograge to version 0.7.1 * Update nokogiri to version 1.8.1 * Update oj to version 3.3.9 * Update ox to version 2.8.1 * Update parallel_tests to version 2.17.0 * Update pkg-config to version 1.2.8 * Update rspec-rails to version 3.7.1 * Update rubocop to version 0.51.0 * Update scss_lint to version 0.55.0 * Update sidekiq to version 5.0.5 * Update sidekiq-scheduler to version 2.1.10 * Update tzinfo-data to version 1.2017.3 * Update webpacker to version 3.0.2 * bundle update
2017-10-14Close connection when succeeded posting (#5390)abcang
* Close connection when succeeded posting * Update webmock
2017-09-29Replace self-rolled statsd instrumention with localshred/nsa (#5118)Eugen Rochko
2017-09-27Upgrade Webpacker to version 3.0.1 (#5122)Yamagishi Kazutoshi
2017-09-27Update brakeman to 3.0 and bundler-audit to 0.6 (#5117)Eugen Rochko
2017-09-25Add strong_migrations gem to warn when creating unsafe migrations (#5078)Eugen Rochko
2017-09-18Bump ruby version to 2.4.2 (#4958)Daigo 3 Dango
* Bump ruby version to 2.4.2 https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/ Gemfile.lock is also updated. TODO - [ ] Update Dockerfile with Alpine release of ruby-2.4.2 * Revert jwt version It seems that jwt 2.0.0 fails in some environment. ref. https://github.com/zaru/webpush/issues/42 * Bump Ruby version on docker image
2017-09-16Fix filterable_languages method of SettingsHelper (#4966)Akihiko Odaki
2017-09-11Bump puma from 3.9.1 to 3.10.0 (#4879)Grey Baker
Bumps [puma](https://github.com/puma/puma) from 3.9.1 to 3.10.0. - [Release notes](https://github.com/puma/puma/releases/tag/v3.10.0) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v3.9.1...v3.10.0)
2017-09-11Bump rails from 5.1.3 to 5.1.4 (#4875)Grey Baker
Bumps [rails](https://github.com/rails/rails) from 5.1.3 to 5.1.4. - [Commits](https://github.com/rails/rails/compare/v5.1.3...v5.1.4)
2017-09-08Fix language filter codes (#4841)Eugen Rochko
* Fix language filter codes CLD3 returns BCP-47 language identifier, filter settings expect identifiers in the ISO 639-1 format. Convert between formats, and exclude duplicate languages from filter choices (zh-CN->zh) * Fix zh name
2017-09-05swift-enable the paperclip! :paperclip: (#2322)Adam Thurlow
2017-08-30Update bundler-audit and brakeman (#4740)Eugen Rochko
2017-08-26Add handling of Linked Data Signatures in payloads (#4687)Eugen Rochko
* Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
2017-08-25Update addressable to version 2.5.2 (#4686)Yamagishi Kazutoshi
2017-08-17Update charlock_holmes to 0.7.5 (#4620)nullkal
2017-08-07Update dependencies for Ruby (#4543)Yamagishi Kazutoshi
* Update twitter-text to version 1.14.7 * Update tilt to version 2.0.8 * Update statsd-instrument to version 2.1.4 * Update sidekiq to version 5.0.4 * Update sidekiq-scheduler to version 2.1.8 * Update sidekiq-unique-jobs to version 5.0.9 * Update redis-activesupport to version 5.0.3 * Update rails-settings-cached to version v0.6.6 * Update pkg-config to version 1.2.4 * Update parallel_tests to version 2.14.2 * Update jsonapi-renderer to version 0.1.3 * Update i18n-tasks to version 0.9.16 * Update httplog to version 0.99.7 * Update fabrication to version 2.16.2 * Update bootsnap to version 1.1.2 * Update aws-sigv4 to version 1.0.1 * Update aws-sdk-core to version 2.10.21 * Update hashdiff to version 0.3.5 * Update rails to version 5.1.3
2017-08-05Update goldfinger to 2.0.1, see tootsuite/goldfinger#5 (#4527)Eugen Rochko
2017-07-21Run `bundle` (regression from #4284) (#4290)Yamagishi Kazutoshi
2017-07-21Update Goldfinger gem to 2.0 (#4286)Eugen Rochko
- No masking of HTTP::Error and OpenSSL::SSL::SSLError - No longer accepts non-HTTPS WebFinger endpoints
2017-07-19Refactor ResolveRemoteAccountService (#4258)Eugen Rochko
* Refactor ResolveRemoteAccountService * Remove trailing whitespace * Use redis locks around critical ResolveRemoteAccountService code * Add test for race condition of lock
2017-07-15Optimize uri normalization (#4212)ThibG
* Add dependency on idn-ruby to speed up URI normalization * Use normalized_host instead of normalize.host when applicable When we are only interested in the normalized host, calling normalized_host avoids normalizing the other components of the URI as well as creating a new object
2017-07-14Follow renaming of microformats2 gem (#4203)unarist
2017-07-14Fix #4149, fix #1199 - Store emojis as unicode (#4189)Eugen Rochko
- Use unicode when selecting emoji through picker - Convert shortcodes to unicode when storing text input server-side - Do not convert shortcodes in JS anymore
2017-07-13Web Push Notifications (#3243)Sorin Davidoi
* feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator