Claire
abc63d5610
Fix some Rails frameworks being unnecessarily loaded ( #16725 )
...
Saves about 10MiB of memory usage at boot
3 years ago
Claire
4080a8ec33
Stop setting a shortcode to newly-created media attachments ( #16730 )
...
* Stop setting a shortcode to newly-created media attachments
The WebUI has stopped using the “short media URL” in ages. This isn't used
anywhere except for mail notifications.
Deprecating it would allow us to eventually get rid of at least a database
column and corruption-prone index, as well as a controller.
* Fix tests
3 years ago
Claire
7f0b3eaaca
Bump ruby-saml from 1.11.0 to 1.13.0 ( #16723 )
...
Fixes #16720
3 years ago
dependabot[bot]
5a6bae832e
Bump @babel/plugin-proposal-decorators from 7.14.5 to 7.15.4 ( #16711 )
...
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators ) from 7.14.5 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-plugin-proposal-decorators )
---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
3030fa64ef
Bump @babel/preset-env from 7.15.0 to 7.15.4 ( #16706 )
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.15.0 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
ac09e14d7f
Bump devise-two-factor from 4.0.0 to 4.0.1 ( #16705 )
...
Bumps [devise-two-factor](https://github.com/tinfoil/devise-two-factor ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/tinfoil/devise-two-factor/releases )
- [Changelog](https://github.com/tinfoil/devise-two-factor/blob/main/CHANGELOG.md )
- [Commits](https://github.com/tinfoil/devise-two-factor/compare/v4.0.0...v4.0.1 )
---
updated-dependencies:
- dependency-name: devise-two-factor
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
6740c86fb4
Bump sass from 1.38.2 to 1.39.0 ( #16707 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.38.2...1.39.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
1c4f5b4a8c
Bump axios from 0.21.1 to 0.21.4 ( #16709 )
...
Bumps [axios](https://github.com/axios/axios ) from 0.21.1 to 0.21.4.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.4 )
---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
aa2665c570
Bump @babel/runtime from 7.15.3 to 7.15.4 ( #16710 )
...
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime ) from 7.15.3 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-runtime )
---
updated-dependencies:
- dependency-name: "@babel/runtime"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
ee5eddeb52
Bump react-redux from 7.2.4 to 7.2.5 ( #16708 )
...
Bumps [react-redux](https://github.com/reduxjs/react-redux ) from 7.2.4 to 7.2.5.
- [Release notes](https://github.com/reduxjs/react-redux/releases )
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md )
- [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.4...v7.2.5 )
---
updated-dependencies:
- dependency-name: react-redux
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
065eb6f9aa
Bump npmlog from 5.0.0 to 5.0.1 ( #16704 )
...
Bumps [npmlog](https://github.com/npm/npmlog ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/npm/npmlog/releases )
- [Changelog](https://github.com/npm/npmlog/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/npmlog/compare/v5.0.0...v5.0.1 )
---
updated-dependencies:
- dependency-name: npmlog
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
0c413253c7
Bump oj from 3.13.2 to 3.13.4 ( #16703 )
...
Bumps [oj](https://github.com/ohler55/oj ) from 3.13.2 to 3.13.4.
- [Release notes](https://github.com/ohler55/oj/releases )
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/ohler55/oj/compare/v3.13.2...v3.13.4 )
---
updated-dependencies:
- dependency-name: oj
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
6fb6fcf0c2
Bump aws-sdk-s3 from 1.100.0 to 1.102.0 ( #16702 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.100.0 to 1.102.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
47b1649962
Bump @babel/core from 7.15.0 to 7.15.5 ( #16712 )
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.15.0 to 7.15.5.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.5/packages/babel-core )
---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
Holger
8c688e3626
use relative path for `scope` ( #16714 )
...
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
3 years ago
Claire
067d10d664
Fix addressing of remote groups' followers ( #16700 )
...
Fixes #16699
3 years ago
Claire
4893216634
Fix suspicious sign-in mail text being out of date ( #16690 )
...
Fixes #16687
3 years ago
Claire
a20cb503ec
Fix processing mentions to domains with non-ascii TLDs ( #16689 )
...
Fixes #16602
3 years ago
dependabot[bot]
295e5846ca
Bump eslint-plugin-react from 7.24.0 to 7.25.1 ( #16680 )
...
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react ) from 7.24.0 to 7.25.1.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases )
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.24.0...v7.25.1 )
---
updated-dependencies:
- dependency-name: eslint-plugin-react
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
d95e09dbe2
Bump tar from 6.1.3 to 6.1.11 ( #16685 )
...
Bumps [tar](https://github.com/npm/node-tar ) from 6.1.3 to 6.1.11.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-tar/compare/v6.1.3...v6.1.11 )
---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
00ed4bc743
Bump rqrcode from 2.0.0 to 2.1.0 ( #16678 )
...
Bumps [rqrcode](https://github.com/whomwah/rqrcode ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/whomwah/rqrcode/releases )
- [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md )
- [Commits](https://github.com/whomwah/rqrcode/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: rqrcode
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
443c806900
Bump rubocop from 1.19.1 to 1.20.0 ( #16674 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.19.1 to 1.20.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.1...v1.20.0 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
31d98ce24d
Bump nokogiri from 1.12.3 to 1.12.4 ( #16675 )
...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.12.3 to 1.12.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases )
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.3...v1.12.4 )
---
updated-dependencies:
- dependency-name: nokogiri
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
7d63710348
Bump aws-sdk-s3 from 1.99.0 to 1.100.0 ( #16676 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.99.0 to 1.100.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
76adb47a91
Bump ws from 8.2.0 to 8.2.1 ( #16679 )
...
Bumps [ws](https://github.com/websockets/ws ) from 8.2.0 to 8.2.1.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/8.2.0...8.2.1 )
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
ec1cb262a0
Bump sass from 1.38.0 to 1.38.2 ( #16671 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.38.0 to 1.38.2.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.38.0...1.38.2 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
29cc9b7f3c
Bump eslint-plugin-import from 2.24.1 to 2.24.2 ( #16668 )
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.24.1 to 2.24.2.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.1...v2.24.2 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
36b6572f15
Bump url-parse from 1.5.1 to 1.5.3 ( #16666 )
...
Bumps [url-parse](https://github.com/unshiftio/url-parse ) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/unshiftio/url-parse/releases )
- [Commits](https://github.com/unshiftio/url-parse/compare/1.5.1...1.5.3 )
---
updated-dependencies:
- dependency-name: url-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
e07cd410cf
Bump color-string from 1.5.3 to 1.6.0 ( #16665 )
...
Bumps [color-string](https://github.com/Qix-/color-string ) from 1.5.3 to 1.6.0.
- [Release notes](https://github.com/Qix-/color-string/releases )
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Qix-/color-string/commits/1.6.0 )
---
updated-dependencies:
- dependency-name: color-string
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
61d8996cda
Bump http from 4.4.1 to 5.0.1 ( #16438 )
...
Bumps [http](https://github.com/httprb/http ) from 4.4.1 to 5.0.1.
- [Release notes](https://github.com/httprb/http/releases )
- [Changelog](https://github.com/httprb/http/blob/master/CHANGES.md )
- [Commits](https://github.com/httprb/http/compare/v4.4.1...v5.0.1 )
---
updated-dependencies:
- dependency-name: http
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
26536c2401
Bump y18n from 4.0.0 to 4.0.3 ( #16664 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3 )
---
updated-dependencies:
- dependency-name: y18n
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
96edc26165
Bump jest from 26.6.3 to 27.1.0 ( #16376 )
...
* Bump jest from 26.6.3 to 27.0.4
Bumps [jest](https://github.com/facebook/jest ) from 26.6.3 to 27.0.4.
- [Release notes](https://github.com/facebook/jest/releases )
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md )
- [Commits](https://github.com/facebook/jest/compare/v26.6.3...v27.0.4 )
---
updated-dependencies:
- dependency-name: jest
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Set test environment for jest
* Remove unnecessary ext
* Bump jest from 27.0.4 to 27.1.0
* Remove --coverage option
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
3 years ago
dependabot[bot]
516c97b6e5
Bump sidekiq from 6.2.1 to 6.2.2 ( #16647 )
...
Bumps [sidekiq](https://github.com/mperham/sidekiq ) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases )
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md )
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2 )
---
updated-dependencies:
- dependency-name: sidekiq
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
58ce453c86
Bump webpacker from 5.4.0 to 5.4.2 ( #16648 )
...
Bumps [webpacker](https://github.com/rails/webpacker ) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/rails/webpacker/releases )
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2 )
---
updated-dependencies:
- dependency-name: webpacker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
8a40b1b40a
Bump faker from 2.18.0 to 2.19.0 ( #16646 )
...
Bumps [faker](https://github.com/faker-ruby/faker ) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases )
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md )
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0 )
---
updated-dependencies:
- dependency-name: faker
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
3e6c085559
Bump rubocop from 1.19.0 to 1.19.1 ( #16649 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
Truong Nguyen
567021abeb
Explicitly set userVerification to discoraged ( #16545 )
3 years ago
Claire
84566f17de
Fix authentication failures after going halfway through a sign-in attempt ( #16607 )
...
* Add tests
* Add security-related tests
My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.
* Fix authentication failures after going halfway through a sign-in attempt
* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
3 years ago
Daniel
8632cc7dc5
New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED ( #16655 )
...
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.
We need a new environment variable like for SAML to assume the email
from CAS is verified.
* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.
3 years ago
dependabot[bot]
fc9f57c442
Bump rails from 6.1.4 to 6.1.4.1 ( #16650 )
...
Bumps [rails](https://github.com/rails/rails ) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases )
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1 )
---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
matildepark
28796d1342
Fix follow request count to dynamically update ( #16652 )
3 years ago
Daniel
eb30899df2
Fix undefined variable for Auth::OmniauthCallbacksController ( #16654 )
...
The addition of authentication history broke the omniauth login with
the following error:
method=GET path=/auth/auth/cas/callback format=html
controller=Auth::OmniauthCallbacksController action=cas status=500
error='NameError: undefined local variable or method `user' for
#<Auth::OmniauthCallbacksController:0x00000000036290>
Did you mean? @user' duration=435.93 view=0.00 db=36.19
* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
name to `@user`
3 years ago
dependabot[bot]
9c6cecb7a9
Bump eslint-plugin-import from 2.24.0 to 2.24.1 ( #16635 )
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
3f2ddcda8a
Bump ws from 8.1.0 to 8.2.0 ( #16636 )
...
Bumps [ws](https://github.com/websockets/ws ) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0 )
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
4cfa969d71
Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 ( #16590 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
Claire
8965ccd208
Fix “discoverable” account setting being tied to profile directory ( #16637 )
3 years ago
Peter Dave Hello
4f1a4dbd74
Make sure nginx always send HSTS header ( #16633 )
...
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308
As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.
Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
3 years ago
Claire
b48cd23cf3
Add tests for SuspendAccountService and UnsuspendAccountService ( #16627 )
...
* Add tests for SuspendAccountService
* Add tests for UnsuspendAccountService
3 years ago
dependabot[bot]
39076399f9
Bump rspec-rails from 5.0.1 to 5.0.2 ( #16622 )
...
Bumps [rspec-rails](https://github.com/rspec/rspec-rails ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/rspec/rspec-rails/releases )
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md )
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.1...v5.0.2 )
---
updated-dependencies:
- dependency-name: rspec-rails
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
e4055a1f10
Bump sass from 1.37.0 to 1.38.0 ( #16623 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.37.0...1.38.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago