Commit graph

14678 commits

Author SHA1 Message Date
Claire
692963d43b Merge branch 'main' into glitch-soc/merge-upstream 2022-02-08 18:23:53 +01:00
Eugen Rochko
b6d7726ecb
Remove language detection through cld3 ()
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Eugen Rochko
85b86fe28c
Add global locale param ()
- Remove the session-based locale stickyness
2022-02-08 02:34:56 +01:00
Eugen Rochko
35850f8195
Fix localization of cold-start follow recommendations () 2022-02-08 01:53:49 +01:00
Claire
52c1b86964
Fix Ruby 2.5 incompatibility () 2022-02-07 19:57:06 +01:00
Eugen Rochko
f1f6ddd536
Fix structured data parsing from links choking on bad data ()
* Fix structured data parsing from links choking on bad data

- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag

* Remove unnecessary slash escapes from CDATA regex pattern
2022-02-07 18:16:31 +01:00
Claire
73a782391c
Fix replies collection incorrectly looping ()
* Refactor tests

* Add tests

* Fix replies collection incorrectly looping
2022-02-07 17:06:43 +01:00
Claire
0d2cf3cd4a
Fix errors when multiple Delete are received for a given actor () 2022-02-07 13:14:48 +01:00
Claire
b1983623ae
Merge pull request from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-02-06 16:23:57 +01:00
Claire
aa832d623a Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `CHANGELOG.md`:
  Upstream added newlines.
  Conflicts are because the CHANGELOG was independently merged from 3.4.6 on
  last security update.
  Took upstream's version.
- `app/helpers/context_helper.rb`:
  Conflicts because of extra vocabulary in glitch-soc. The conflicts were
  actually handled in last security merge.
  Kept our version.
2022-02-06 15:34:42 +01:00
Claire
92658f0fb0
Fix instance actor not being dereferenceable ()
* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
2022-02-06 15:31:03 +01:00
potpro
097c4903f1
Update build-image.yml () 2022-02-05 17:29:54 +01:00
Claire
24d1ddcc24
Merge pull request from ClearlyClaire/glitch-soc/fixes/robust-theme-fallback
Make theme-selection fall back to default ones if configured is not found
2022-02-05 13:24:05 +01:00
Claire
08f44d1953 Move glitch-soc-specific theming methods to ThemingConcern 2022-02-05 10:58:51 +01:00
Claire
5f48ec9e42 Make theme-selection fall back to default ones if configured is not found 2022-02-05 10:29:27 +01:00
Eugen Rochko
e03e7ac290
Fix error on account relationships page in admin UI () 2022-02-05 05:06:34 +01:00
dependabot[bot]
6a649e9131
Bump brakeman from 5.2.0 to 5.2.1 ()
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:03:12 +09:00
dependabot[bot]
bfe5ad5fee
Bump redis from 4.0.2 to 4.0.3 ()
Bumps [redis](https://github.com/redis/node-redis) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:03:06 +09:00
dependabot[bot]
e001e116da
Bump sidekiq-scheduler from 3.1.0 to 3.1.1 ()
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: sidekiq-scheduler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:02:57 +09:00
dependabot[bot]
e0263c7369
Bump http-link-header from 1.0.3 to 1.0.4 ()
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases)
- [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: http-link-header
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:02:42 +09:00
Alexandra Catalina
50ab3f3dcb
Update tootsuite/mastodon Docker tag to v3.4.6 ()
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-03 21:29:20 +01:00
Eugen Rochko
3413f1c44b
Forward-port version bump to 3.4.6 () 2022-02-03 14:21:38 +01:00
Claire
73b730e649
Merge pull request from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-02-03 14:09:19 +01:00
Claire
c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding () 2022-02-03 14:09:04 +01:00
Claire
948235592a
Fix response_to_recipient? CTE () 2022-02-03 14:07:43 +01:00
Claire
d1ecc323e7
Compact JSON-LD signed incoming activities ()
Co-authored-by: Puck Meerburg <puck@puck.moe>
2022-02-03 14:07:29 +01:00
Claire
2beb0a7af5 Bump version to 3.4.6 2022-02-03 12:12:27 +01:00
Claire
a3e0dacf5c Fix response_to_recipient? CTE 2022-02-02 19:55:57 +01:00
Claire
7b969436a0 Fix compacted JSON-LD possibly causing compatibility issues on forwarding 2022-02-02 19:55:57 +01:00
Puck Meerburg
63da32468c Compact JSON-LD signed incoming activities 2022-02-02 16:13:11 +01:00
Claire
20a4b8081f
Merge pull request from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-02-01 21:41:58 +01:00
Claire
098f2bc1e1 Merge branch 'main' into glitch-soc/merge-upstream 2022-02-01 20:59:28 +01:00
Alexandra Catalina
d0d15bf49c
Update tootsuite/mastodon Docker tag to v3.4.5 ()
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-01 20:57:50 +01:00
Claire
987d88ea56
Fix requiring an extra restart after recent post-deployment migrations ()
Follow-up to 
2022-02-01 20:57:39 +01:00
Rohan Sharma
4d6d4b43c6
Fixed prototype pollution bug and only allow trusted origin () 2022-02-01 17:34:48 +01:00
Claire
54581d43e7
Bump version to 3.4.5 () 2022-01-31 21:27:40 +01:00
Claire
d6f3261c6c
Merge pull request from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-01-31 10:51:11 +01:00
Claire
2fcf652fff Merge branch 'main' into glitch-soc/merge-upstream 2022-01-31 10:42:17 +01:00
Daniel Jakots
aa45404578
Bump NODE_VER to 16.13.2, to solve security issues ()
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
2022-01-31 00:32:03 +01:00
Claire
a0e06c3c3e
Add more advanced migration tests ()
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
2022-01-30 23:50:08 +01:00
Claire
c6b291afc3
Change index corruption warning to be a little less scary () 2022-01-30 23:49:52 +01:00
Claire
b54e263712
Merge pull request from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-01-30 22:51:32 +01:00
Claire
a99adeaad3
Fix edge case in migration helpers that caused crash because of PostgreSQL quirks () 2022-01-30 22:34:54 +01:00
Claire
7679ddcd5e Merge branch 'main' into glitch-soc/merge-upstream 2022-01-30 22:33:30 +01:00
Claire
ac583fce21
Fix some old migration scripts ()
* Fix some old migration scripts

* Fix edge case in two-step migration from older releases
2022-01-30 21:38:54 +01:00
Claire
f5639e1cbe
Change public profile pages to be disabled for unconfirmed users ()
Fixes 

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
2022-01-28 14:24:37 +01:00
Claire
2ba6267f16
Merge pull request from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-01-28 09:38:44 +01:00
Claire
94a39f6b68 Fix Sidekiq warning when pushing DMs to direct timeline 2022-01-28 09:07:56 +01:00
Claire
b2915613fb Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile.lock`:
  Upstream-updated lib textually too close to glitch-soc-only dep.
  Updated like upstream.
2022-01-28 08:58:32 +01:00
Claire
e38fc319dc
Refactor and improve tests ()
* Change account and user fabricators to simplify and improve tests

- `Fabricate(:account)` implicitly fabricates an associated `user` if
  no `domain` attribute is given (an account with `domain: nil` is
  considered a local account, but no user record was created), unless
  `user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
  but is discouraged.

* Fix and refactor tests

- avoid passing unneeded attributes to `Fabricate(:user)` or
  `Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
  way around
- prefer `Fabricate(:user, account_attributes: …)` to
  `Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
  not representative of production code.
2022-01-28 00:46:42 +01:00