luna/mastodon
0
0
Fork 0
mirror of https://github.com/lunaisnotaboy/mastodon.git synced 2024-11-04 14:04:39 +00:00
Code Issues Projects Releases Wiki Activity
14973 commits 1 branch 0 tags 248 MiB
Commit graph

14973 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eugen Rochko f1f6ddd536
Fix structured data parsing from links choking on bad data (#17403) 
* Fix structured data parsing from links choking on bad data

- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag

* Remove unnecessary slash escapes from CDATA regex pattern
 2022-02-07 18:16:31 +01:00
Claire 73a782391c
Fix replies collection incorrectly looping (#17462) 
* Refactor tests

* Add tests

* Fix replies collection incorrectly looping
 2022-02-07 17:06:43 +01:00
Claire 0d2cf3cd4a
Fix errors when multiple Delete are received for a given actor (#17460) 2022-02-07 13:14:48 +01:00
Claire b1983623ae
Merge pull request #1679 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes
 2022-02-06 16:23:57 +01:00
Claire aa832d623a Merge branch 'main' into glitch-soc/merge-upstream 
Conflicts:
- `CHANGELOG.md`:
  Upstream added newlines.
  Conflicts are because the CHANGELOG was independently merged from 3.4.6 on
  last security update.
  Took upstream's version.
- `app/helpers/context_helper.rb`:
  Conflicts because of extra vocabulary in glitch-soc. The conflicts were
  actually handled in last security merge.
  Kept our version.
 2022-02-06 15:34:42 +01:00
Claire 92658f0fb0
Fix instance actor not being dereferenceable (#17457) 
* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
 2022-02-06 15:31:03 +01:00
potpro 097c4903f1
Update build-image.yml (#17454) 2022-02-05 17:29:54 +01:00
Claire 24d1ddcc24
Merge pull request #1678 from ClearlyClaire/glitch-soc/fixes/robust-theme-fallback 
Make theme-selection fall back to default ones if configured is not found
 2022-02-05 13:24:05 +01:00
Claire 08f44d1953 Move glitch-soc-specific theming methods to ThemingConcern 2022-02-05 10:58:51 +01:00
Claire 5f48ec9e42 Make theme-selection fall back to default ones if configured is not found 2022-02-05 10:29:27 +01:00
Eugen Rochko e03e7ac290
Fix error on account relationships page in admin UI (#17444) 2022-02-05 05:06:34 +01:00
dependabot[bot] 6a649e9131
Bump brakeman from 5.2.0 to 5.2.1 (#17410) 
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:03:12 +09:00
dependabot[bot] bfe5ad5fee
Bump redis from 4.0.2 to 4.0.3 (#17412) 
Bumps [redis](https://github.com/redis/node-redis) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:03:06 +09:00
dependabot[bot] e001e116da
Bump sidekiq-scheduler from 3.1.0 to 3.1.1 (#17407) 
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: sidekiq-scheduler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:02:57 +09:00
dependabot[bot] e0263c7369
Bump http-link-header from 1.0.3 to 1.0.4 (#17414) 
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases)
- [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: http-link-header
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:02:42 +09:00
Alexandra Catalina 50ab3f3dcb
Update tootsuite/mastodon Docker tag to v3.4.6 (#17436) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-02-03 21:29:20 +01:00
Eugen Rochko 3413f1c44b
Forward-port version bump to 3.4.6 (#17434) 2022-02-03 14:21:38 +01:00
Claire 73b730e649
Merge pull request #1676 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes
 2022-02-03 14:09:19 +01:00
Claire c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428) 2022-02-03 14:09:04 +01:00
Claire 948235592a
Fix response_to_recipient? CTE (#17427) 2022-02-03 14:07:43 +01:00
Claire d1ecc323e7
Compact JSON-LD signed incoming activities (#17426) 
Co-authored-by: Puck Meerburg <puck@puck.moe>
 2022-02-03 14:07:29 +01:00
Claire 2beb0a7af5 Bump version to 3.4.6 2022-02-03 12:12:27 +01:00
Claire a3e0dacf5c Fix response_to_recipient? CTE 2022-02-02 19:55:57 +01:00
Claire 7b969436a0 Fix compacted JSON-LD possibly causing compatibility issues on forwarding 2022-02-02 19:55:57 +01:00
Puck Meerburg 63da32468c Compact JSON-LD signed incoming activities 2022-02-02 16:13:11 +01:00
Claire 20a4b8081f
Merge pull request #1675 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes
 2022-02-01 21:41:58 +01:00
Claire 098f2bc1e1 Merge branch 'main' into glitch-soc/merge-upstream 2022-02-01 20:59:28 +01:00
Alexandra Catalina d0d15bf49c
Update tootsuite/mastodon Docker tag to v3.4.5 (#17417) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-02-01 20:57:50 +01:00
Claire 987d88ea56
Fix requiring an extra restart after recent post-deployment migrations (#17422) 
Follow-up to #16409
 2022-02-01 20:57:39 +01:00
Rohan Sharma 4d6d4b43c6
Fixed prototype pollution bug and only allow trusted origin (#17420) 2022-02-01 17:34:48 +01:00
Claire 54581d43e7
Bump version to 3.4.5 (#17402) 2022-01-31 21:27:40 +01:00
Claire d6f3261c6c
Merge pull request #1674 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes
 2022-01-31 10:51:11 +01:00
Claire 2fcf652fff Merge branch 'main' into glitch-soc/merge-upstream 2022-01-31 10:42:17 +01:00
Daniel Jakots aa45404578
Bump NODE_VER to 16.13.2, to solve security issues (#17399) 
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
 2022-01-31 00:32:03 +01:00
Claire a0e06c3c3e
Add more advanced migration tests (#17393) 
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
 2022-01-30 23:50:08 +01:00
Claire c6b291afc3
Change index corruption warning to be a little less scary (#17395) 2022-01-30 23:49:52 +01:00
Claire b54e263712
Merge pull request #1673 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes
 2022-01-30 22:51:32 +01:00
Claire a99adeaad3
Fix edge case in migration helpers that caused crash because of PostgreSQL quirks (#17398) 2022-01-30 22:34:54 +01:00
Claire 7679ddcd5e Merge branch 'main' into glitch-soc/merge-upstream 2022-01-30 22:33:30 +01:00
Claire ac583fce21
Fix some old migration scripts (#17394) 
* Fix some old migration scripts

* Fix edge case in two-step migration from older releases
 2022-01-30 21:38:54 +01:00
Claire f5639e1cbe
Change public profile pages to be disabled for unconfirmed users (#17385) 
Fixes #17382

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
 2022-01-28 14:24:37 +01:00
Claire 2ba6267f16
Merge pull request #1668 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes
 2022-01-28 09:38:44 +01:00
Claire 94a39f6b68 Fix Sidekiq warning when pushing DMs to direct timeline 2022-01-28 09:07:56 +01:00
Claire b2915613fb Merge branch 'main' into glitch-soc/merge-upstream 
Conflicts:
- `Gemfile.lock`:
  Upstream-updated lib textually too close to glitch-soc-only dep.
  Updated like upstream.
 2022-01-28 08:58:32 +01:00
Claire e38fc319dc
Refactor and improve tests (#17386) 
* Change account and user fabricators to simplify and improve tests

- `Fabricate(:account)` implicitly fabricates an associated `user` if
  no `domain` attribute is given (an account with `domain: nil` is
  considered a local account, but no user record was created), unless
  `user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
  but is discouraged.

* Fix and refactor tests

- avoid passing unneeded attributes to `Fabricate(:user)` or
  `Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
  way around
- prefer `Fabricate(:user, account_attributes: …)` to
  `Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
  not representative of production code.
 2022-01-28 00:46:42 +01:00
Claire 03d59340da
Fix Sidekiq warnings about JSON serialization (#17381) 
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
 2022-01-28 00:43:56 +01:00
Claire 14c69a535b
Fix some old database migrations (#17379) 2022-01-27 18:13:41 +01:00
dependabot[bot] 4942a7ce86
Bump pg from 1.2.3 to 1.3.0 (#17349) 
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.3...v1.3.0)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-27 20:26:40 +09:00
dependabot[bot] 497b8eedda
Bump axios from 0.24.0 to 0.25.0 (#17354) 
Bumps [axios](https://github.com/axios/axios) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-27 20:26:18 +09:00
dependabot[bot] df78d83e95
Bump rdf-normalize from 0.4.0 to 0.5.0 (#17226) 
Bumps [rdf-normalize](https://github.com/ruby-rdf/rdf-normalize) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/ruby-rdf/rdf-normalize/releases)
- [Commits](https://github.com/ruby-rdf/rdf-normalize/compare/0.4.0...0.5.0)

---
updated-dependencies:
- dependency-name: rdf-normalize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-27 20:25:18 +09:00