Commit graph

20625 commits

Author SHA1 Message Date
Claire
6c1b6194f7 Merge pull request from GHSA-jhrq-qvrm-qr36
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
2024-02-16 12:17:15 +01:00
renovate[bot]
63080e10a9 Update dependency pg to v1.5.5 (#29230)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-16 10:06:25 +01:00
Claire
e7ca82762d Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 23:12:59 +01:00
Claire
486e4bc7d3 Fix OmniAuth tests (#29201) 2024-02-14 16:07:28 +01:00
Claire
40439399c6 Bump version to v4.3.0-alpha.2 (#29200) 2024-02-14 15:26:18 +01:00
Claire
53b73ed6a2 Merge pull request from GHSA-vm39-j3vx-pch3
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:25:15 +01:00
Emelia Smith
436419cc2f Merge pull request from GHSA-7w3c-p9j8-mq3x
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-02-14 15:25:15 +01:00
Claire
3c3ef8b9d3 Add sidekiq_unique_jobs:delete_all_locks task and disable sidekiq-unique-jobs UI by default (#29199) 2024-02-14 13:42:15 +01:00
Emelia Smith
eae436c5a8 Disable administrative doorkeeper routes (#29187) 2024-02-13 20:03:00 +01:00
Emelia Smith
b83076647e Ignore legacy moderator and admin columns on User model (#29188) 2024-02-13 20:03:00 +01:00
renovate[bot]
7100106f3f Update dependency sidekiq-unique-jobs to v7.1.33 (#29175)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-13 20:03:00 +01:00
renovate[bot]
04da8f887b Update dependency pghero to v3.4.1 (#29144)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-13 20:03:00 +01:00
renovate[bot]
d9d0a6ef33 Update dependency irb to v1.11.2 (#29135)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-13 20:03:00 +01:00
renovate[bot]
93b365bfc0 Update dependency webmock to v3.20.0 (#29120)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-13 20:03:00 +01:00
Claire
e3c4e90646
Fix new list button being blank (#2616) 2024-02-13 12:48:01 +01:00
Claire
084d051e6c
Merge pull request #2608 from ClearlyClaire/glitch-soc/refactor/monolithic-components-css
Merge SCSS in a single `components.scss` file
2024-02-12 22:18:55 +01:00
Claire
c249c10f74 Fix account suggestion size inconsistency with upstream 2024-02-11 21:55:36 +01:00
Claire
d391e01b59 Revert notification bar color for now 2024-02-08 21:12:57 +01:00
Claire
3f89cec3c9 Further reduce differences with upstream 2024-02-08 19:52:03 +01:00
Claire
f6f62002c7 Remove leftovers from glitch-soc's layout option 2024-02-08 19:21:35 +01:00
Claire
189b70cd6a Merge SCSS in a single components.scss file 2024-02-08 18:50:38 +01:00
Claire
8c76a208ed
Merge pull request #2607 from ClearlyClaire/glitch-soc/cherry-pick-upstream
Cherry-pick upstream changes
2024-02-06 21:56:01 +01:00
Eugen Rochko
65eb943b9d Fix confirmation e-mails when signing up through an app (#29064) 2024-02-06 21:00:33 +01:00
Claire
19f1ffe287 Fix self-destruct schedule not actually replacing initial schedule (#29049) 2024-02-06 21:00:09 +01:00
renovate[bot]
5ea36a3606 Update dependency brakeman to v6.1.2 (#29062)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 20:59:51 +01:00
renovate[bot]
b27cad27c2 Update dependency bootsnap to '~> 1.18.0' (#29019)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 20:59:51 +01:00
renovate[bot]
63f1f1465a Update dependency tzinfo-data to v1.2024.1 (#29052)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 20:59:51 +01:00
Matt Jankowski
4cd00c0dd9 Update nsa gem to version 0.3.0 (#29065) 2024-02-06 20:59:51 +01:00
renovate[bot]
c6f7e3a1fb Update dependency haml_lint to v0.56.0 (#29082)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 20:59:51 +01:00
renovate[bot]
93aa783aa1 Update dependency nokogiri to v1.16.2 [SECURITY] (#29106)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 20:59:51 +01:00
renovate[bot]
868333c86f Update dependency capybara to v3.40.0 (#28966)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 20:59:51 +01:00
renovate[bot]
ac49514bd6 Update dependency chewy to v7.5.1 (#29018)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 20:59:51 +01:00
github-actions[bot]
a2611d782c
New Crowdin Translations (automated) (#2588)
* New Crowdin translations

* Fix bogus translation files

---------

Co-authored-by: GitHub Actions <noreply@github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-02-06 20:45:07 +01:00
JS Moore
541cbdd963
Add env variable support for number of followable hashtags in feed column (#2500)
* Add env variable support for number of followable hashtags in feed column.

* Add a note about performance concerns for higher values.

See discussion in https://github.com/glitch-soc/mastodon/pull/2500

* Update .devcontainer/docker-compose.yml

---------

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-02-06 20:23:36 +01:00
Essem
08e511cecb
Fix doodle modal icons (#2597) 2024-02-06 20:22:42 +01:00
Claire
5bc39b3196 Fix build-security docker tags 2024-02-01 20:30:35 +01:00
Claire
c3936cbbe3 Temporary hack to correctly tag the security docker image… 2024-02-01 18:40:40 +01:00
Aaron Brady
970320d73c
Restore -streaming suffix for security builds (#2602) 2024-02-01 17:20:08 +01:00
Claire
63d7a30503 Fix build-security workflow for glitch-soc 2024-02-01 16:09:51 +01:00
Claire
ff58ec0103 Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
2024-02-01 15:57:08 +01:00
Claire
3866597e24
Merge pull request #2601 from ClearlyClaire/glitch-soc/fixes/security-builds-latest
Fix security builds not being tagged latest
2024-02-01 11:48:45 +01:00
Claire
a7b16003e1 Fix security builds not being marked latest 2024-02-01 11:31:29 +01:00
Claire
626ff320cf
Merge pull request #2600 from ClearlyClaire/glitch-soc/fixes/failures
Configure selenium to use Chrome version 120 (#29038)
2024-02-01 11:30:34 +01:00
Matt Jankowski
f4416e6b3a Configure selenium to use Chrome version 120 (#29038) 2024-02-01 11:15:23 +01:00
Claire
7bb5f6efbc
Merge pull request #2599 from ClearlyClaire/glitch-soc/build-action
Add github action workflow for manual security builds
2024-02-01 11:14:40 +01:00
Claire
883f589653 Fix missing workflow_dispatch trigger for build-security (#29041) 2024-02-01 10:58:10 +01:00
Claire
85bdd145dc Adapt workflow to glitch-soc 2024-02-01 10:40:04 +01:00
Claire
a48447a6b2 Add github action workflow for manual security builds (#29040) 2024-02-01 10:39:23 +01:00
Claire
8b87673f5e
Remove obsolete locale file (#2596) 2024-01-30 23:21:35 +01:00
Claire
3ede233146
Fix crash in private mention conversations in glitch-soc flavor (#2595) 2024-01-30 22:42:22 +01:00