about summary refs log tree commit diff
path: root/Gemfile
AgeCommit message (Collapse)Author
2023-01-22fix(pghero): update because CVE-2023-22626 (#23190)Kaspar V
There is a vulnerability [CVE-2023-22626](https://github.com/advisories/GHSA-vf99-xw26-86g5) ``` Name: pghero Version: 2.8.3 CVE: CVE-2023-22626 GHSA: GHSA-vf99-xw26-86g5 Criticality: High URL: https://github.com/ankane/pghero/issues/439 Title: Information Disclosure Through EXPLAIN Feature Solution: upgrade to '>= 3.1.0' ```
2023-01-18Bump rack from 2.2.5 to 2.2.6.2 (#23142)dependabot[bot]
Bumps [rack](https://github.com/rack/rack) from 2.2.5 to 2.2.6.2. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/v2.2.5...v2.2.6.2) --- updated-dependencies: - dependency-name: rack dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18Bump nokogiri from 1.13.10 to 1.14.0 (#23128)dependabot[bot]
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.0. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.14.0) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04Remove microformats gem dependency (#22923)Aaron Patterson
Looks like this gem was introduced as a dependency in 89707ad0ac for testing Miroformat output. The last test using the Microformats gem was removed in 62782babd08bc2385a604e275bf88af925d137c1, so I think it is safe to remove this dependency. For context, you [can't install the microformats gem with Ruby 3.2](https://github.com/microformats/microformats-ruby/pull/131), so we can't currently bundle Mastodon with Ruby 3.2. But since we don't really need this gem, we can just remove it and unblock Ruby 3.2
2022-12-27Bump redis-namespace from 1.9.0 to 1.10.0 (#22765)dependabot[bot]
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/resque/redis-namespace/releases) - [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md) - [Commits](https://github.com/resque/redis-namespace/compare/v1.9...v1.10.0) --- updated-dependencies: - dependency-name: redis-namespace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27Bump rack from 2.2.4 to 2.2.5 (#22777)dependabot[bot]
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.5. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/2.2.4...v2.2.5) --- updated-dependencies: - dependency-name: rack dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27Bump simplecov from 0.21.2 to 0.22.0 (#22773)dependabot[bot]
Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 0.21.2 to 0.22.0. - [Release notes](https://github.com/simplecov-ruby/simplecov/releases) - [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md) - [Commits](https://github.com/simplecov-ruby/simplecov/compare/v0.21.2...v0.22.0) --- updated-dependencies: - dependency-name: simplecov dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27Bump faker from 3.0.0 to 3.1.0 (#22762)dependabot[bot]
Bumps [faker](https://github.com/faker-ruby/faker) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v3.0.0...v3.1.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20Bump scenic from 1.6.0 to 1.7.0 (#22258)dependabot[bot]
Bumps [scenic](https://github.com/scenic-views/scenic) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/scenic-views/scenic/releases) - [Changelog](https://github.com/scenic-views/scenic/blob/main/CHANGELOG.md) - [Commits](https://github.com/scenic-views/scenic/compare/v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: scenic dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20Bump pundit from 2.2.0 to 2.3.0 (#22516)dependabot[bot]
Bumps [pundit](https://github.com/varvet/pundit) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/varvet/pundit/releases) - [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md) - [Commits](https://github.com/varvet/pundit/commits) --- updated-dependencies: - dependency-name: pundit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20Bump fog-core from 2.1.0 to 2.3.0 (#22521)dependabot[bot]
Bumps [fog-core](https://github.com/fog/fog-core) from 2.1.0 to 2.3.0. - [Release notes](https://github.com/fog/fog-core/releases) - [Changelog](https://github.com/fog/fog-core/blob/master/changelog.md) - [Commits](https://github.com/fog/fog-core/compare/v2.1.0...v2.3.0) --- updated-dependencies: - dependency-name: fog-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-15linting: RuboCop update, config fixes (#20574)Kaspar V
* fix(rubocop): update gems and add performance and rspec fix(rubocop): update gems and add performance and rspec - update present rubocop gems - add rubocop-rspec and rubocop-performance gems - move rubocop gems to gem group :development, :test in order to make linting in a github action that runs with RAILS_ENV=test possible * feat(rubocop): disable some annoyance RSpec cops To mee these prooved to be more annoying than helpful. If not agreed, they can be enabled any time. * fix(rubocop): do not ignore spec/**/* Because rubocop-rspec should lint the specs as well, and they deserve to be readable in general. It is relevant code, after all. * fix(rubocop): change ignore db/**/* to db/schema.rb because rails cops do some lints for migrations. E.g. reversable migrations linting and more. * fix(rubocop): tune rules configs Bunch of commits squashed: fix(rubocop): enable Layout/LineLength cop Because this project has code with line lenghts > 500 chars. This is not good practice at all, so I strongly suggest to change the practice in the future. But allow heredoc, URI and comments to still be long lines and make the default Max: 120 explicit, by repeating it in the config. To me this max length seems reasonable. Perhaps a bit more could be ok for some. But > 500 chars in one line Seems to be way too long IMHO. fix(rubocop): Metrics/CyclomaticComplexity Max to 12 The default is 7, perhaps quite strict. But 25 is too loose, the rule becomes pointless like that. fix(rubocop): AllCops ruby version, cacheing and more info - fix the target ruby version from 2.5 to 3.0 - have the cop error messages to be more informative and helpful - enable cacheing in /tmp fix(rubocop): Metrics/AbcSize to 34 from 115 Rubocops default is 17. If the rule is at 115 is becomes pointless. fix(rubocop): Metrics/BlockLength improvements - instead of ignoring tasks completely, ignore only the long blocks that are specific to tasks (task, namespace) - ignore also concern specific block methods (included, class_methods) fix(rubocop): Metrics/ClassLength count heredoc array as one line fix(rubocop): Metrics/MethodLength Max to 25 - the default is 10, but 65 is too loose, so perhaps 25? fix(rubocop): Metrics/ModuleLength array and heredoc count as one fix(rubocop): Metrics/PerceivedComplexity to 16 from 25 Rubocops default is 8, so how about only doubling that, instead of > than tripple it? fix(rubocop): enable Style/RedundantAssignment Because I think that this rule would never really hurt, but improve code quality and readability. fix(rubocop): enable Style/RescueStandardError I think everyone that ever had to debug what this can bring will hopefully agree that this rule totally makes sense. In the super rare exeptions where this is totally needed, it can be excluded by disabling comment in that place. fix(rubocop): Metrics/ParameterLists add explicit defaults and some excludes
2022-12-15Validate nodeinfo response by schema (#21395)Meisam
* add json-schema to :test in Gemfile * Create node_info_2.0_schema.json * test match_response_schema * Create match_response_schema.rb * Update nodeinfo_controller_spec.rb * Rename spec/support/node_info_2.0_schema.json to spec/support/schema/node_info_2.0_schema.json * Update match_response_schema.rb * cleanup * additionally validate the json schema itself disable throwing errors test the schema matcher * rename nodeinfo schema to nodeinfo_2.0 * use Rails.root.join to construct the path * prettify json * sync Gemfile.lock
2022-12-07Fix unbounded recursion in account discovery (#22025)Claire
* Fix trying to fetch posts from other users when fetching featured posts * Rate-limit discovery of new subdomains * Put a limit on recursively discovering new accounts
2022-12-03Bump faker from 2.23.0 to 3.0.0 (#20039)dependabot[bot]
Bumps [faker](https://github.com/faker-ruby/faker) from 2.23.0 to 3.0.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.23.0...v3.0.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02Bump stoplight from 3.0.0 to 3.0.1 (#21953)dependabot[bot]
Bumps [stoplight](https://github.com/orgsync/stoplight) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/orgsync/stoplight/releases) - [Changelog](https://github.com/bolshakov/stoplight/blob/master/CHANGELOG.md) - [Commits](https://github.com/orgsync/stoplight/commits) --- updated-dependencies: - dependency-name: stoplight dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02Bump pkg-config from 1.4.9 to 1.5.1 (#21820)dependabot[bot]
Bumps [pkg-config](https://github.com/ruby-gnome/pkg-config) from 1.4.9 to 1.5.1. - [Release notes](https://github.com/ruby-gnome/pkg-config/releases) - [Changelog](https://github.com/ruby-gnome/pkg-config/blob/master/NEWS) - [Commits](https://github.com/ruby-gnome/pkg-config/compare/1.4.9...1.5.1) --- updated-dependencies: - dependency-name: pkg-config dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02Bump bootsnap from 1.14.0 to 1.15.0 (#21810)dependabot[bot]
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.14.0 to 1.15.0. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md) - [Commits](https://github.com/Shopify/bootsnap/compare/v1.14.0...v1.15.0) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02Bump aws-sdk-s3 from 1.114.0 to 1.117.1 (#20043)dependabot[bot]
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.114.0 to 1.117.1. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-27Remove support for Ruby 2.6 (#21477)Claire
As pointed out by https://github.com/mastodon/mastodon/pull/21297#discussion_r1028372193 at least one of our dependencies already dropped support for Ruby 2.6, and we had removed Ruby 2.6 tests from the CI over a year ago (#16861). So stop advertising Ruby 2.6 support, bump targeted version, and drop some compatibility code.
2022-11-26Bump capybara from 3.37.1 to 3.38.0 (#20036)dependabot[bot]
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.37.1 to 3.38.0. - [Release notes](https://github.com/teamcapybara/capybara/releases) - [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md) - [Commits](https://github.com/teamcapybara/capybara/compare/3.37.1...3.38.0) --- updated-dependencies: - dependency-name: capybara dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-26Bump brakeman from 5.3.1 to 5.4.0 (#21351)dependabot[bot]
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.3.1 to 5.4.0. - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/compare/v5.3.1...v5.4.0) --- updated-dependencies: - dependency-name: brakeman dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-26Bump bootsnap from 1.13.0 to 1.14.0 (#21344)dependabot[bot]
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md) - [Commits](https://github.com/Shopify/bootsnap/compare/v1.13.0...v1.14.0) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-22Bump httplog from 1.6.0 to 1.6.2 (#21345)dependabot[bot]
Bumps [httplog](https://github.com/trusche/httplog) from 1.6.0 to 1.6.2. - [Release notes](https://github.com/trusche/httplog/releases) - [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md) - [Commits](https://github.com/trusche/httplog/compare/v1.6.0...v1.6.2) --- updated-dependencies: - dependency-name: httplog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-14Fix rate limiting for paths with formats (#20675)Eugen Rochko
2022-11-13Clean up GitHub sourced gem entry (#20542)Nicholas La Roux
2022-10-08Change privacy policy to be rendered in web UI, add REST API (#19310)Eugen Rochko
Source string no longer localized, Markdown instead of raw HTML
2022-10-04Bump rspec_junit_formatter from 0.5.1 to 0.6.0 (#19286)dependabot[bot]
Bumps [rspec_junit_formatter](https://github.com/sj26/rspec_junit_formatter) from 0.5.1 to 0.6.0. - [Release notes](https://github.com/sj26/rspec_junit_formatter/releases) - [Changelog](https://github.com/sj26/rspec_junit_formatter/blob/main/CHANGELOG.md) - [Commits](https://github.com/sj26/rspec_junit_formatter/compare/v0.5.1...v0.6.0) --- updated-dependencies: - dependency-name: rspec_junit_formatter dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-24Bump httplog from 1.5.0 to 1.6.0 (#19192)dependabot[bot]
Bumps [httplog](https://github.com/trusche/httplog) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/trusche/httplog/releases) - [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md) - [Commits](https://github.com/trusche/httplog/commits) --- updated-dependencies: - dependency-name: httplog dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11Bump rails from 6.1.6.1 to 6.1.7 (#19164)dependabot[bot]
Bumps [rails](https://github.com/rails/rails) from 6.1.6.1 to 6.1.7. - [Release notes](https://github.com/rails/rails/releases) - [Commits](https://github.com/rails/rails/compare/v6.1.6.1...v6.1.7) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11Bump doorkeeper from 5.5.4 to 5.6.0 (#19163)dependabot[bot]
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.5.4 to 5.6.0. - [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases) - [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md) - [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.5.4...v5.6.0) --- updated-dependencies: - dependency-name: doorkeeper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11Bump faker from 2.22.0 to 2.23.0 (#19123)dependabot[bot]
Bumps [faker](https://github.com/faker-ruby/faker) from 2.22.0 to 2.23.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.22.0...v2.23.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19Bump webmock from 3.17.0 to 3.18.1 (#19007)dependabot[bot]
Bumps [webmock](https://github.com/bblimke/webmock) from 3.17.0 to 3.18.1. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.17.0...v3.18.1) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19Bump redis-namespace from 1.8.2 to 1.9.0 (#18987)dependabot[bot]
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.8.2 to 1.9.0. - [Release notes](https://github.com/resque/redis-namespace/releases) - [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md) - [Commits](https://github.com/resque/redis-namespace/compare/v1.8.2...v1.9) --- updated-dependencies: - dependency-name: redis-namespace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19Bump pry-byebug from 3.9.0 to 3.10.1 (#19002)dependabot[bot]
Bumps [pry-byebug](https://github.com/deivid-rodriguez/pry-byebug) from 3.9.0 to 3.10.1. - [Release notes](https://github.com/deivid-rodriguez/pry-byebug/releases) - [Changelog](https://github.com/deivid-rodriguez/pry-byebug/blob/master/CHANGELOG.md) - [Commits](https://github.com/deivid-rodriguez/pry-byebug/compare/v3.9.0...v3.10.1) --- updated-dependencies: - dependency-name: pry-byebug dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19Bump brakeman from 5.2.3 to 5.3.1 (#18985)dependabot[bot]
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.3 to 5.3.1. - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/commits) --- updated-dependencies: - dependency-name: brakeman dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-17Fix backend compatibility with OpenSSL 3.0 (#18449)Claire
* Update webpush to fork with OpenSSL 3 compatibility * Fix tests with OpenSSL 3.0 * Update webauthn gem to latest release and update dependencies
2022-08-06Bump webmock from 3.14.0 to 3.17.0 (#18935)dependabot[bot]
Bumps [webmock](https://github.com/bblimke/webmock) from 3.14.0 to 3.17.0. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.14.0...v3.17.0) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30Bump dotenv-rails from 2.7.6 to 2.8.1 (#18898)dependabot[bot]
Bumps [dotenv-rails](https://github.com/bkeepers/dotenv) from 2.7.6 to 2.8.1. - [Release notes](https://github.com/bkeepers/dotenv/releases) - [Changelog](https://github.com/bkeepers/dotenv/blob/master/Changelog.md) - [Commits](https://github.com/bkeepers/dotenv/compare/v2.7.6...v2.8.1) --- updated-dependencies: - dependency-name: dotenv-rails dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30Bump bootsnap from 1.12.0 to 1.13.0 (#18902)dependabot[bot]
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.12.0 to 1.13.0. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md) - [Commits](https://github.com/Shopify/bootsnap/compare/v1.12.0...v1.13.0) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30Bump fabrication from 2.29.0 to 2.30.0 (#18901)dependabot[bot]
Bumps [fabrication](https://gitlab.com/fabrication-gem/fabrication/) from 2.29.0 to 2.30.0. - [Release notes](https://gitlab.com/fabrication-gem/fabrication//tags) - [Commits](https://gitlab.com/fabrication-gem/fabrication//compare/2.29.0...2.30.0) --- updated-dependencies: - dependency-name: fabrication dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30Bump faker from 2.21.0 to 2.22.0 (#18899)dependabot[bot]
Bumps [faker](https://github.com/faker-ruby/faker) from 2.21.0 to 2.22.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.21.0...v2.22.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-06Bump rack from 2.2.3.1 to 2.2.4 (#18768)dependabot[bot]
Bumps [rack](https://github.com/rack/rack) from 2.2.3.1 to 2.2.4. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/2.2.3.1...2.2.4) --- updated-dependencies: - dependency-name: rack dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-06Bump gitlab-omniauth-openid-connect from 0.9.1 to 0.10.0 (#18574)dependabot[bot]
Bumps [gitlab-omniauth-openid-connect](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect) from 0.9.1 to 0.10.0. - [Release notes](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/tags) - [Changelog](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/compare/v0.9.1...v0.10.0) --- updated-dependencies: - dependency-name: gitlab-omniauth-openid-connect dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-06Bump sidekiq from 6.4.2 to 6.5.1 (#18672)dependabot[bot]
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.2 to 6.5.1. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.4.2...v6.5.1) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-30Bump fabrication from 2.28.0 to 2.29.0 (#18726)dependabot[bot]
Bumps [fabrication](https://gitlab.com/fabrication-gem/fabrication) from 2.28.0 to 2.29.0. - [Release notes](https://gitlab.com/fabrication-gem/fabrication/tags) - [Changelog](https://gitlab.com/fabrication-gem/fabrication/blob/master/Changelog.markdown) - [Commits](https://gitlab.com/fabrication-gem/fabrication/compare/2.28.0...2.29.0) --- updated-dependencies: - dependency-name: fabrication dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-28Revamp post filtering system (#18058)Claire
* Add model for custom filter keywords * Use CustomFilterKeyword internally Does not change the API * Fix /filters/edit and /filters/new * Add migration tests * Remove whole_word column from custom_filters (covered by custom_filter_keywords) * Redesign /filters Instead of a list, present a card that displays more information and handles multiple keywords per filter. * Redesign /filters/new and /filters/edit to add and remove keywords This adds a new gem dependency: cocoon, as well as a npm dependency: cocoon-js-vanilla. Those are used to easily populate and remove form fields from the user interface when manipulating multiple keyword filters at once. * Add /api/v2/filters to edit filter with multiple keywords Entities: - `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context` `keywords` - `FilterKeyword`: `id`, `keyword`, `whole_word` API endpoits: - `GET /api/v2/filters` to list filters (including keywords) - `POST /api/v2/filters` to create a new filter `keywords_attributes` can also be passed to create keywords in one request - `GET /api/v2/filters/:id` to read a particular filter - `PUT /api/v2/filters/:id` to update a new filter `keywords_attributes` can also be passed to edit, delete or add keywords in one request - `DELETE /api/v2/filters/:id` to delete a particular filter - `GET /api/v2/filters/:id/keywords` to list keywords for a filter - `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a filter - `GET /api/v2/filter_keywords/:id` to read a particular keyword - `PUT /api/v2/filter_keywords/:id` to edit a particular keyword - `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword * Change from `irreversible` boolean to `action` enum * Remove irrelevent `irreversible_must_be_within_context` check * Fix /filters/new and /filters/edit with update for filter_action * Fix Rubocop/Codeclimate complaining about task names * Refactor FeedManager#phrase_filtered? This moves regexp building and filter caching to the `CustomFilter` class. This does not change the functional behavior yet, but this changes how the cache is built, doing per-custom_filter regexps so that filters can be matched independently, while still offering caching. * Perform server-side filtering and output result in REST API * Fix numerous filters_changed events being sent when editing multiple keywords at once * Add some tests * Use the new API in the WebUI - use client-side logic for filters we have fetched rules for. This is so that filter changes can be retroactively applied without reloading the UI. - use server-side logic for filters we haven't fetched rules for yet (e.g. network error, or initial timeline loading) * Minor optimizations and refactoring * Perform server-side filtering on the streaming server * Change the wording of filter action labels * Fix issues pointed out by linter * Change design of “Show anyway” link in accordence to review comments * Drop “irreversible” filtering behavior * Move /api/v2/filter_keywords to /api/v1/filters/keywords * Rename `filter_results` attribute to `filtered` * Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer * Fix systemChannelId value in streaming server * Simplify code by removing client-side filtering code The simplifcation comes at a cost though: filters aren't retroactively applied anymore.
2022-06-27Bump pg from 1.3.5 to 1.4.0 (#18695)dependabot[bot]
Bumps [pg](https://github.com/ged/ruby-pg) from 1.3.5 to 1.4.0. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](https://github.com/ged/ruby-pg/compare/v1.3.5...v1.4.0) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-27Bump http from 5.0.4 to 5.1.0 (#18696)dependabot[bot]
Bumps [http](https://github.com/httprb/http) from 5.0.4 to 5.1.0. - [Release notes](https://github.com/httprb/http/releases) - [Changelog](https://github.com/httprb/http/blob/main/CHANGES.md) - [Commits](https://github.com/httprb/http/compare/v5.0.4...v5.1.0) --- updated-dependencies: - dependency-name: http dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-19Bump rubocop-rails from 2.14.2 to 2.15.0 (#18681)dependabot[bot]
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.14.2 to 2.15.0. - [Release notes](https://github.com/rubocop/rubocop-rails/releases) - [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.14.2...v2.15.0) --- updated-dependencies: - dependency-name: rubocop-rails dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>