Commit graph

1036 commits

Author SHA1 Message Date
Essem
e8ba9a39d7
Merge remote-tracking branch 'upstream/main' 2023-08-15 17:18:04 -05:00
Claire
92df185be7 Merge commit '496eb6f7a4fa7de54f26da9642a76e6884648102' into glitch-soc/merge-upstream 2023-08-13 19:23:22 +02:00
Claire
6530f9709c Merge commit '121443c0fca383268b8022c048dd137994785aff' into glitch-soc/main
Conflicts:
- `.rubocop_todo.yml`:
  Upstream regenerated this file, glitch-soc had a specific ignore.
2023-08-13 18:47:15 +02:00
Jeong Arm
496eb6f7a4
Add missing instances option to tootctl search deploy (#26461) 2023-08-13 02:06:04 +02:00
Essem
1ec905149e
Merge remote-tracking branch 'upstream/main' 2023-08-12 16:44:23 -05:00
Claire
ea8802a05a Merge commit '3a4d3e9d4b573c400eec1743471d54cdccae50a5' into glitch-soc/merge-upstream 2023-08-12 09:36:38 +02:00
Claire
44a5f1b64a Merge commit '425d77f8124a50fc033e8fb3bdf7b89a6a25f4fa' into glitch-soc/merge-upstream
Conflicts:
- `.rubocop_todo.yml`:
  Upstream regenerated this file, glitch-soc had a specific ignore.
- `README.md`:
  Upstream updated its README, but glitch-soc has a completely different one.
  Kept glitch-soc's README
2023-08-11 22:15:41 +02:00
Claire
dab54ccbba
Prepare v4.2.0-beta1 (#26339) 2023-08-08 16:12:12 +02:00
Eugen Rochko
0e2a4d3897
Fix adding column with default value taking longer on Postgres >= 11 (#26375) 2023-08-08 09:09:58 +02:00
Claire
6b896b20cc
Add primary key to preview_cards_statuses join table (includes deduplication migration) (#25243) 2023-08-03 11:12:52 +02:00
Claire
425d77f812
Fix crash in tootctl status remove and some old migrations (#26210) 2023-08-02 20:54:56 +02:00
Christian Schmidt
f2257069b2
Fix AVIF attachments (#26264) 2023-08-01 19:34:11 +02:00
Claire
51768de16e
Bump version to v4.1.6 (#26272) 2023-07-31 21:11:25 +02:00
Essem
d9ea6abec0
Merge remote-tracking branch 'upstream/main' 2023-07-31 12:24:48 -05:00
Claire
92fa9d34b0 Merge commit '3554c527954441fd924586a49c7d99a89101ac7e' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/authorize_interactions_controller.rb`:
  Small conflict due to our theming system.
- `streaming/index.js`:
  Upstream refactored part of the streaming server.
  We had some extra logic for handling local-only posts.
  Applied the refactor.
2023-07-30 16:11:55 +02:00
Claire
b2515feb29 Merge commit 'cfd50f30bb5dda4dd90e1ad01f3e62c99135c36f' into glitch-soc/merge-upstream 2023-07-30 14:33:28 +02:00
Claire
7635c67450 Merge commit '144a406d332b034caa812ade2629df03ed4898d7' into glitch-soc/merge-upstream
Conflicts:
- `app/views/layouts/application.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
- `app/views/layouts/embedded.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
2023-07-30 13:42:06 +02:00
Christian Schmidt
d76f79f647
Remove obsolete backport from Rails 7 (#26254) 2023-07-29 22:28:05 +02:00
Matt Jankowski
30f5ec7303
Rubocop fix: Perfomance/UnfreezeString (#26217) 2023-07-28 23:11:05 +02:00
Renaud Chaput
4d1b67f664
Add end-to-end (system) tests (#25461) 2023-07-28 23:09:49 +02:00
Misty De Méo
12a6cf569e
Storage: add :azure to remaining callers (#26080) 2023-07-27 16:13:45 +02:00
Claire
b4e739ff0f
Change interaction modal in web UI (#26075)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-27 16:11:17 +02:00
Claire
f2c683336b
Bump version to v4.1.5 (#26108) 2023-07-21 21:23:14 +02:00
Renaud Chaput
42698b4c5c
Fix the crossorigin attribute (#26096) 2023-07-21 11:14:26 +02:00
Essem
e036958642
Point to Chuckya repo URL by default 2023-07-17 10:26:33 -05:00
Essem
e64c00ec84
Merge remote-tracking branch 'upstream/main' 2023-07-17 10:24:20 -05:00
Claire
9ae60f8738 Merge commit '82e477b184b5666fff7fb55933dce22ca2925db8' into glitch-soc/merge-upstream
Conflicts:
- `db/migrate/20180831171112_create_bookmarks.rb`:
  Upstream ran a lint fix on this file, but this file is different in
  glitch-soc because the feature was added much earlier.
  Ran the lint fix on our own version of the file.
2023-07-12 16:03:05 +02:00
Matt Jankowski
f831452037
Refactor Snowflake to avoid brakeman sql injection warnings (#25879) 2023-07-12 10:44:58 +02:00
Matt Jankowski
b8b2470cf8
Fix Style/SlicingWithRange cop (#25923) 2023-07-12 10:03:06 +02:00
Nick Schonning
1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Essem
d05e10f121
Merge remote-tracking branch 'upstream/main' 2023-07-08 22:20:11 -05:00
Claire
b9aa228c54 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream attempted something with tags.
  Kept our version.
2023-07-07 19:59:43 +02:00
Claire
0051128387
Bump version to v4.1.4 (#25805) 2023-07-07 19:42:03 +02:00
Claire
71d44949bf
Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 18:10:00 +02:00
Essem
d0b25fb9a8
Merge remote-tracking branch 'upstream/main' 2023-07-06 08:45:06 -05:00
Claire
ff7aae3037 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-06 15:16:34 +02:00
Claire
5e1752ce3f
Bump version to v4.1.3 (#25757) 2023-07-06 15:14:42 +02:00
Claire
dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
6d8e0fae3e
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire
fed9cbfd2b
Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:31:37 +02:00
Essem
f426885fa2
Merge remote-tracking branch 'upstream/main' 2023-07-01 19:45:24 -05:00
Claire
178e151019 Merge commit '55e7c08a83547424024bac311d5459cb82cf6dae' into glitch-soc/merge-upstream
Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
2023-06-25 14:27:38 +02:00
Claire
c78280a8ce
Add translate="no" to outgoing mentions and links (#25524) 2023-06-20 18:10:19 +02:00
Plastikmensch
eba3411bfa
Re-allow title attribute in <abbr> (#2254)
* Re-allow title attribute in <abbr>

This was accidentally removed in 7623e18124

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
2023-06-19 18:01:35 +02:00
Claire
65cbcce997 Merge commit '39110d1d0af5e3d9cf452ae47496a52797249fd0' into glitch-soc/merge-upstream 2023-06-18 10:36:14 +02:00
Essem
bda3bbf777
Merge remote-tracking branch 'upstream/main' 2023-06-14 19:34:26 -05:00
Matt Jankowski
b5675e265e
Add coverage for CLI::Feeds command (#25319) 2023-06-10 18:37:36 +02:00
Matt Jankowski
07933db788
Add coverage for CLI::Cache command (#25238) 2023-06-10 18:36:09 +02:00
Claire
c48ec9cb8c Merge commit 'b85c387c5c0527b0ad31c27031a09d361826c5fc' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/content_security_policy.rb`:
  Kept our version, it was not affected by upstream's bug.
2023-06-10 16:48:01 +02:00
Claire
d8b0a732aa Merge commit '1483a3ddfe74e4fb81d87447a1781943eab86c60' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/simple_form.rb`:
  Upstream added a new simple_form component, where we had an extra one.
  Kept both components.
2023-06-10 16:22:14 +02:00