Commit graph

1162 commits

Author SHA1 Message Date
dependabot[bot]
69c0672fc4 Bump rack-test from 2.0.2 to 2.1.0 (#24112)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-16 10:33:26 +09:00
Claire
f39d9ab256 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream switched to pushing to both DockerHub and GitHub Container
  Repository, while glitch-soc was already pushing to the latter only.
  Updated our configuration to be slightly more consistent with upstream's
  naming and styling, but kept our behavior.
- `Gemfile.lock`:
  Updated dependencies textually too close to glitch-soc only hcaptcha
  dependency.
  Updated dependencies as upstream did.
- `README.md`:
  Upstream updated its README, but we have a completely different one.
  Kept our README, though it probably should be reworked at some point.
- `app/views/auth/sessions/two_factor.html.haml`:
  Minor style fix upstream that's on a line glitch-soc removed because
  of its different theming system.
  Kept our file as is.
- `spec/controllers/health_controller_spec.rb`:
  This file apparently did not exist upstream, upstream created it with
  different contents but it is functionally the same.
  Switched to upstream's version of the file.
- `spec/presenters/instance_presenter_spec.rb`:
  Upstream changed the specs around `GITHUB_REPOSITORY`, while glitch-soc
  had its own code because it's a fork and does not have the same default
  source URL.
  Took upstream's change, but with glitch-soc's repo as the default case.
- `yarn.lock`:
  Upstream dependencies textually too close to a glitch-soc only one.
  Updated dependencies as upstream did.
2023-03-15 09:16:10 +01:00
Nick Schonning
30328759da Setup haml-lint CI with todo config (#23524) 2023-03-15 04:15:36 +01:00
Matt Jankowski
76950ce2bc Explicitly set github repo in instance presenter spec (#24036) 2023-03-09 14:27:48 +01:00
dependabot[bot]
e0ab946c12 Bump omniauth_openid_connect from 0.6.0 to 0.6.1 (#23991)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-08 11:44:23 +01:00
Nick Schonning
88aa9e012d Convert CircleCI to GitHub Actions (#23608) 2023-03-07 04:49:43 +01:00
Nick Schonning
1f82971d12 Remove pinned rexml (#23964) 2023-03-06 15:43:21 +01:00
Claire
a6363c3a2a Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Upstream README has been changed, but we have a completely different one.
  Kept our `README.md`.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for more incoming HTML tags (a large subset of what
  glitch-soc accepts).
  Change the code style to match upstream's but otherwise do not change our
  code.
- `spec/lib/sanitize_config_spec.rb`:
  Upstream added support for more incoming HTML tags (a large subset of what
  glitch-soc accepts).
  Kept our version, since the tests are mostly glitch-soc's, except for cases
  which are purposefuly different.
2023-03-05 20:46:56 +01:00
Nick Schonning
5f8438c42c Remove pry gems (#23884) 2023-03-03 22:53:08 +01:00
Nick Schonning
03e192ae38 Remove climate_control gem (#23886) 2023-03-03 22:48:48 +01:00
Claire
a95dc48e01 Merge branch 'main' into glitch-soc/merge-upstream 2023-03-02 17:32:38 +01:00
Matt Jankowski
0d409f9fd7 Update rspec-rails to version 6.0.1 (#23908) 2023-03-02 15:55:37 +01:00
Shlee
8ed5fc7252 [Dependashlee] Update to Puma 6.1.0 (#23795) 2023-02-28 13:30:28 +01:00
Claire
f15ded319f Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.prettierignore`:
  Upstream added a line at the end of the file, while glitch-soc had its own
  extra lines.
  Took upstream's change.
- `CONTRIBUTING.md`:
  We have our custom CONTRIBUTING.md quoting upstream. Upstream made changes.
  Ported upstream changes.
- `app/controllers/application_controller.rb`:
  Upstream made code style changes in a method that is entirely replaced
  in glitch-soc.
  Ignored the change.
- `app/models/account.rb`:
  Code style changes textually close to glitch-soc-specific changes.
  Ported upstream changes.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream code style changes.
  Ignored them.
2023-02-25 14:00:40 +01:00
dependabot[bot]
185e7aa9ea Bump devise from 4.8.1 to 4.9.0 (#23691)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-21 10:41:28 +01:00
Claire
63992c6900 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  Upstream made changes while we have dropped this file.
  Keep the file deleted.
- `.prettierignore`:
  Upstream made changes at the end of the file, where we
  had our extra lines.
  Just moved our extra lines back at the end.
- `app/serializers/initial_state_serializer.rb`:
  Upstream code style changes.
  Applied them.
- `app/services/backup_service.rb`:
  Upstream code style changes.
  Applied them.
2023-02-19 10:42:55 +01:00
dependabot[bot]
b8dc16c819 Bump oj from 3.13.23 to 3.14.2 (#23560)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-18 14:21:10 +09:00
dependabot[bot]
b683ba772e Bump webauthn from 2.5.2 to 3.0.0 (#23659)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 10:06:24 +01:00
Aaron Patterson
edc6f486bf Upgrade to Ruby 3.2 (#22928)
Co-authored-by: Matthew Ford <matt@bitzesty.com>
2023-02-15 08:30:27 +01:00
Claire
92d1e05c3e Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.prettierignore`:
  Upstream added a line at the end, glitch-soc had extra entries at the end.
  Added upstream's new line before glitch-soc's.
- `Gemfile.lock`:
  Upstream updated dependencies while glitch-soc has an extra one (hcaptcha).
  Updated dependencies like upstream did.
- `app/controllers/api/v1/statuses_controller.rb`:
  Not a real conflict, upstream added a parameter (`allowed_mentions`) where
  glitch-soc already had an extra one (`content_type`).
  Added upstream's new parameter.
- `app/javascript/styles/fonts/roboto-mono.scss`:
  A lot of lines were changed upstream due to code style changes, and a lot
  of those lines had path changes to accomodate glitch-soc's theming system.
  Applied upstream's style changes.
- `app/javascript/styles/fonts/roboto.scss`:
  A lot of lines were changed upstream due to code style changes, and a lot
  of those lines had path changes to accomodate glitch-soc's theming system.
  Applied upstream's style changes.
2023-02-13 19:35:35 +01:00
Stan Hu
7ab1306c20 Switch OpenID Connect gems (#23223)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-02-13 15:47:50 +01:00
Claire
9a70c0de00 Add dependency on net-http (#23571) 2023-02-13 14:36:07 +01:00
dependabot[bot]
d9fdce121c Bump sidekiq-scheduler from 4.0.3 to 5.0.0 (#23212)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-02-13 13:31:42 +01:00
Nick Schonning
acf0bbcab8 Replace hamlit-rails with haml-rails (#23542) 2023-02-13 04:59:30 +01:00
Claire
5f26e6e7ca Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Minor upstream change, our README is completely different.
  Kept ours.
- `lib/tasks/assets.rake`:
  glitch-soc has extra code to deal with its theming system,
  upstream changed a line that exists in glitch-soc.
  Applied upstream changes.
2023-02-09 12:46:12 +01:00
dependabot[bot]
be3006e888 Bump bootsnap from 1.15.0 to 1.16.0 (#23340)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-04 15:55:07 +09:00
Claire
91f66ece5a Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream updated `docker/build-push-action`, and we a different config
  for `docker/metadata-action` so the lines directly above were different,
  but it's not a real conflict.
  Upgraded `docker/build-push-action` as upstream did.
- `app/javascript/mastodon/features/compose/components/compose_form.js`:
  Upstream changed the codestyle near a line we had modified to accommodate
  configurable character count.
  Kept our change.
2023-02-03 19:23:27 +01:00
dependabot[bot]
bc290e9a2a Bump redcarpet from 3.5.1 to 3.6.0 (#23339)
Bumps [redcarpet](https://github.com/vmg/redcarpet) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/vmg/redcarpet/releases)
- [Changelog](https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vmg/redcarpet/compare/v3.5.1...v3.6.0)

---
updated-dependencies:
- dependency-name: redcarpet
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:19:30 +01:00
dependabot[bot]
8eec28e802 Bump aws-sdk-s3 from 1.118.0 to 1.119.0 (#23341)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.118.0 to 1.119.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:16:38 +01:00
dependabot[bot]
2b107ab81f Bump simple_form from 5.1.0 to 5.2.0 (#23328)
Bumps [simple_form](https://github.com/heartcombo/simple_form) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/heartcombo/simple_form/releases)
- [Changelog](https://github.com/heartcombo/simple_form/blob/main/CHANGELOG.md)
- [Commits](https://github.com/heartcombo/simple_form/compare/v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: simple_form
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:07:16 +01:00
dependabot[bot]
0758811df2 Bump gitlab-omniauth-openid-connect from 0.10.0 to 0.10.1 (#23241)
Bumps [gitlab-omniauth-openid-connect](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect) from 0.10.0 to 0.10.1.
- [Release notes](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/tags)
- [Commits](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/compare/v0.10.0...v0.10.1)

---
updated-dependencies:
- dependency-name: gitlab-omniauth-openid-connect
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-31 00:46:27 +09:00
dependabot[bot]
6b0624261b Bump aws-sdk-s3 from 1.117.2 to 1.118.0 (#23202)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.117.2 to 1.118.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 10:57:59 +09:00
Claire
8134672631 Merge branch 'main' into glitch-soc/merge-upstream 2023-01-24 20:32:31 +01:00
Kaspar V
930de8db1f fix(pghero): update because CVE-2023-22626 (#23190)
There is a vulnerability
[CVE-2023-22626](https://github.com/advisories/GHSA-vf99-xw26-86g5)

```
Name: pghero
Version: 2.8.3
CVE: CVE-2023-22626
GHSA: GHSA-vf99-xw26-86g5
Criticality: High
URL: https://github.com/ankane/pghero/issues/439
Title: Information Disclosure Through EXPLAIN Feature
Solution: upgrade to '>= 3.1.0'
```
2023-01-22 23:09:02 +01:00
Claire
84c2d30b71 Merge branch 'main' into glitch-soc/merge 2023-01-18 11:57:01 +01:00
dependabot[bot]
17cc4e39e6 Bump rack from 2.2.5 to 2.2.6.2 (#23142)
Bumps [rack](https://github.com/rack/rack) from 2.2.5 to 2.2.6.2.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.5...v2.2.6.2)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 11:31:39 +01:00
dependabot[bot]
170a2a28be Bump nokogiri from 1.13.10 to 1.14.0 (#23128)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.0.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.14.0)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 10:54:19 +01:00
Claire
341b653578 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Upstream updated its README, while we have a completely different one.
  Kept our README.
- `app/controllers/concerns/web_app_controller_concern.rb`:
  Conflict because of glitch-soc's theming system.
  Additionally, glitch-soc has different behavior regarding moved accounts.
  Ported some of the changes, but kept our overall behavior.
- `app/javascript/packs/admin.js`:
  Code changes actually applied to `app/javascript/core/admin.js`
2023-01-05 14:16:25 +01:00
Aaron Patterson
eb135d1c58 Remove microformats gem dependency (#22923)
Looks like this gem was introduced as a dependency in 90aa720d2e for
testing Miroformat output.  The last test using the Microformats gem was
removed in 8ad51fba6c, so I think it is
safe to remove this dependency.

For context, you [can't install the microformats gem with Ruby 3.2](https://github.com/microformats/microformats-ruby/pull/131),
so we can't currently bundle Mastodon with Ruby 3.2.  But since we don't
really need this gem, we can just remove it and unblock Ruby 3.2
2023-01-04 01:45:16 +01:00
Claire
2e8c2f49e5 Merge branch 'main' into glitch-soc/merge 2023-01-02 17:29:59 +01:00
dependabot[bot]
640210c251 Bump redis-namespace from 1.9.0 to 1.10.0 (#22765)
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/resque/redis-namespace/releases)
- [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/redis-namespace/compare/v1.9...v1.10.0)

---
updated-dependencies:
- dependency-name: redis-namespace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:52:15 +09:00
dependabot[bot]
b018009726 Bump rack from 2.2.4 to 2.2.5 (#22777)
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.2.4...v2.2.5)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:51:39 +09:00
dependabot[bot]
1d9fa295f5 Bump simplecov from 0.21.2 to 0.22.0 (#22773)
Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 0.21.2 to 0.22.0.
- [Release notes](https://github.com/simplecov-ruby/simplecov/releases)
- [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md)
- [Commits](https://github.com/simplecov-ruby/simplecov/compare/v0.21.2...v0.22.0)

---
updated-dependencies:
- dependency-name: simplecov
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:37:19 +09:00
dependabot[bot]
572ae35d31 Bump faker from 3.0.0 to 3.1.0 (#22762)
Bumps [faker](https://github.com/faker-ruby/faker) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:35:54 +09:00
Claire
54920be04d Merge branch 'main' into glitch-soc/merge-upstream 2022-12-21 15:59:39 +01:00
dependabot[bot]
ab1b4adedf Bump scenic from 1.6.0 to 1.7.0 (#22258)
Bumps [scenic](https://github.com/scenic-views/scenic) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/scenic-views/scenic/releases)
- [Changelog](https://github.com/scenic-views/scenic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/scenic-views/scenic/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: scenic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:10:09 +09:00
dependabot[bot]
20253b71f3 Bump pundit from 2.2.0 to 2.3.0 (#22516)
Bumps [pundit](https://github.com/varvet/pundit) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/varvet/pundit/releases)
- [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/varvet/pundit/commits)

---
updated-dependencies:
- dependency-name: pundit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:08:53 +09:00
dependabot[bot]
3f8f8982ce Bump fog-core from 2.1.0 to 2.3.0 (#22521)
Bumps [fog-core](https://github.com/fog/fog-core) from 2.1.0 to 2.3.0.
- [Release notes](https://github.com/fog/fog-core/releases)
- [Changelog](https://github.com/fog/fog-core/blob/master/changelog.md)
- [Commits](https://github.com/fog/fog-core/compare/v2.1.0...v2.3.0)

---
updated-dependencies:
- dependency-name: fog-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:08:22 +09:00
Claire
f23d971cd8 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Discarded upstream changes: we have our own README
- `app/controllers/follower_accounts_controller.rb`:
  Port upstream's minor refactoring
2022-12-15 20:25:25 +01:00
Kaspar V
d0fb555876 linting: RuboCop update, config fixes (#20574)
* fix(rubocop): update gems and add performance and rspec

fix(rubocop): update gems and add performance and rspec

- update present rubocop gems
- add rubocop-rspec and rubocop-performance gems
- move rubocop gems to gem group :development, :test in order to
  make linting in a github action that runs with RAILS_ENV=test possible

* feat(rubocop): disable some annoyance RSpec cops

To mee these prooved to be more annoying than helpful.
If not agreed, they can be enabled any time.

* fix(rubocop): do not ignore spec/**/*

Because rubocop-rspec should lint the specs as well, and they
deserve to be readable in general. It is relevant code, after all.

* fix(rubocop): change ignore db/**/* to db/schema.rb

because rails cops do some lints for migrations.
E.g. reversable migrations linting and more.

* fix(rubocop): tune rules configs

Bunch of commits squashed:

fix(rubocop): enable Layout/LineLength cop

Because this project has code with line lenghts > 500 chars.
This is not good practice at all, so I strongly suggest to
change the practice in the future.

But allow heredoc, URI and comments to still be long lines
and make the default Max: 120 explicit, by repeating it in the
config. To me this max length seems reasonable. Perhaps
a bit more could be ok for some. But > 500 chars in one line
Seems to be way too long IMHO.

fix(rubocop): Metrics/CyclomaticComplexity Max to 12

The default is 7, perhaps quite strict. But 25 is too loose,
the rule becomes pointless like that.

fix(rubocop): AllCops ruby version, cacheing and more info

- fix the target ruby version from 2.5 to 3.0
- have the cop error messages to be more informative and helpful
- enable cacheing in /tmp

fix(rubocop): Metrics/AbcSize to 34 from 115

Rubocops default is 17. If the rule is at 115 is becomes
pointless.

fix(rubocop): Metrics/BlockLength improvements

- instead of ignoring tasks completely, ignore only the
  long blocks that are specific to tasks (task, namespace)
- ignore also concern specific block methods (included, class_methods)

fix(rubocop): Metrics/ClassLength count heredoc array as one line

fix(rubocop): Metrics/MethodLength Max to 25

- the default is 10, but 65 is too loose, so perhaps 25?

fix(rubocop): Metrics/ModuleLength array and heredoc count as one

fix(rubocop): Metrics/PerceivedComplexity to 16 from 25

Rubocops default is 8, so how about only doubling that, instead
of > than tripple it?

fix(rubocop): enable Style/RedundantAssignment

Because I think that this rule would never really hurt,
but improve code quality and readability.

fix(rubocop): enable Style/RescueStandardError

I think everyone that ever had to debug what this can bring
will hopefully agree that this rule totally makes sense.
In the super rare exeptions where this is totally needed,
it can be excluded by disabling comment in that place.

fix(rubocop): Metrics/ParameterLists add explicit defaults and some excludes
2022-12-15 16:39:59 +01:00
Meisam
ad2610c413 Validate nodeinfo response by schema (#21395)
* add json-schema to :test in Gemfile

* Create node_info_2.0_schema.json

* test match_response_schema

* Create match_response_schema.rb

* Update nodeinfo_controller_spec.rb

* Rename spec/support/node_info_2.0_schema.json to spec/support/schema/node_info_2.0_schema.json

* Update match_response_schema.rb

* cleanup

* additionally validate the json schema itself

disable throwing errors

test the schema matcher

* rename nodeinfo schema to nodeinfo_2.0

* use Rails.root.join to construct the path

* prettify json

* sync Gemfile.lock
2022-12-15 15:43:05 +01:00
Claire
aec7de494f Fix unbounded recursion in account discovery (#22025)
* Fix trying to fetch posts from other users when fetching featured posts

* Rate-limit discovery of new subdomains

* Put a limit on recursively discovering new accounts
2022-12-07 00:15:24 +01:00
Claire
afa828e3d4 Fix unbounded recursion in account discovery (#1994)
* Fix trying to fetch posts from other users when fetching featured posts

* Rate-limit discovery of new subdomains

* Put a limit on recursively discovering new accounts
2022-12-04 21:23:19 +01:00
Claire
0acb29fe9c Merge branch 'main' into glitch-soc/merge-upstream 2022-12-04 17:22:57 +01:00
dependabot[bot]
76daaafd20 Bump faker from 2.23.0 to 3.0.0 (#20039)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.23.0 to 3.0.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.23.0...v3.0.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-03 01:06:41 +09:00
dependabot[bot]
aa15e817ce Bump stoplight from 3.0.0 to 3.0.1 (#21953)
Bumps [stoplight](https://github.com/orgsync/stoplight) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/orgsync/stoplight/releases)
- [Changelog](https://github.com/bolshakov/stoplight/blob/master/CHANGELOG.md)
- [Commits](https://github.com/orgsync/stoplight/commits)

---
updated-dependencies:
- dependency-name: stoplight
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 23:39:41 +09:00
dependabot[bot]
ed213280df Bump pkg-config from 1.4.9 to 1.5.1 (#21820)
Bumps [pkg-config](https://github.com/ruby-gnome/pkg-config) from 1.4.9 to 1.5.1.
- [Release notes](https://github.com/ruby-gnome/pkg-config/releases)
- [Changelog](https://github.com/ruby-gnome/pkg-config/blob/master/NEWS)
- [Commits](https://github.com/ruby-gnome/pkg-config/compare/1.4.9...1.5.1)

---
updated-dependencies:
- dependency-name: pkg-config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 23:31:29 +09:00
dependabot[bot]
e572738f0f Bump bootsnap from 1.14.0 to 1.15.0 (#21810)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 23:11:07 +09:00
dependabot[bot]
b7a970a5ba Bump aws-sdk-s3 from 1.114.0 to 1.117.1 (#20043)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.114.0 to 1.117.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 23:07:28 +09:00
Claire
02992b262a Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `README.md`:
  Our README is completely different.
  Discarded upstream changes.
2022-11-28 11:33:34 +01:00
Claire
daf52f6c69 Remove support for Ruby 2.6 (#21477)
As pointed out by https://github.com/mastodon/mastodon/pull/21297#discussion_r1028372193
at least one of our dependencies already dropped support for Ruby 2.6, and we
had removed Ruby 2.6 tests from the CI over a year ago (#16861).

So stop advertising Ruby 2.6 support, bump targeted version, and drop some
compatibility code.
2022-11-27 20:41:39 +01:00
dependabot[bot]
3689be5127 Bump capybara from 3.37.1 to 3.38.0 (#20036)
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.37.1 to 3.38.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/3.37.1...3.38.0)

---
updated-dependencies:
- dependency-name: capybara
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-26 13:51:53 +09:00
dependabot[bot]
d777c4bf31 Bump brakeman from 5.3.1 to 5.4.0 (#21351)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.3.1 to 5.4.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v5.3.1...v5.4.0)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-26 13:34:19 +09:00
dependabot[bot]
21f24c878c Bump bootsnap from 1.13.0 to 1.14.0 (#21344)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-26 13:25:53 +09:00
dependabot[bot]
62fd757156 Bump httplog from 1.6.0 to 1.6.2 (#21345)
Bumps [httplog](https://github.com/trusche/httplog) from 1.6.0 to 1.6.2.
- [Release notes](https://github.com/trusche/httplog/releases)
- [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md)
- [Commits](https://github.com/trusche/httplog/compare/v1.6.0...v1.6.2)

---
updated-dependencies:
- dependency-name: httplog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-22 23:08:20 +09:00
Claire
699db5f2af Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile`:
  Upstream removed blank lines.
2022-11-14 20:27:31 +01:00
Eugen Rochko
e18c8537e6 Fix rate limiting for paths with formats (#20675) 2022-11-14 20:26:31 +01:00
Claire
997553a99e Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/views/admin/announcements/edit.html.haml`:
  Upstream change too close to theming-related glitch-soc change.
  Ported upstream changes.
- `app/views/admin/announcements/new.html.haml`
  Upstream change too close to theming-related glitch-soc change.
  Ported upstream changes.
2022-11-14 08:35:55 +01:00
Nicholas La Roux
8c812d40ba Clean up GitHub sourced gem entry (#20542) 2022-11-13 21:00:38 +01:00
Claire
0060eb5dcf Merge branch 'main' into glitch-soc/merge-upstream 2022-10-28 19:23:58 +02:00
Claire
71b32561e9 Merge branch 'main' into glitch-soc/merge-upstream 2022-10-08 15:49:40 +02:00
Eugen Rochko
378e00b59c Change privacy policy to be rendered in web UI, add REST API (#19310)
Source string no longer localized, Markdown instead of raw HTML
2022-10-08 06:01:11 +02:00
dependabot[bot]
f208809615 Bump rspec_junit_formatter from 0.5.1 to 0.6.0 (#19286)
Bumps [rspec_junit_formatter](https://github.com/sj26/rspec_junit_formatter) from 0.5.1 to 0.6.0.
- [Release notes](https://github.com/sj26/rspec_junit_formatter/releases)
- [Changelog](https://github.com/sj26/rspec_junit_formatter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sj26/rspec_junit_formatter/compare/v0.5.1...v0.6.0)

---
updated-dependencies:
- dependency-name: rspec_junit_formatter
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-04 20:57:31 +09:00
Claire
a4fc7ac922 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/home_controller.rb`:
  Upstream made it so `/web` is available to non-logged-in users
  and `/` redirects to `/web` instead of `/about`.
  Kept our version since glitch-soc's WebUI doesn't have what's
  needed yet and I think /about is still a much better landing
  page anyway.
- `app/models/form/admin_settings.rb`:
  Upstream added new settings, and glitch-soc had an extra setting.
  Not really a conflict.
  Added upstream's new settings.
- `app/serializers/initial_state_serializer.rb`:
  Upstream added a new `server` initial state object.
  Not really a conflict.
  Merged upstream's changes.
- `app/views/admin/settings/edit.html.haml`:
  Upstream added new settings.
  Not really a conflict.
  Merged upstream's changes.
- `app/workers/scheduler/feed_cleanup_scheduler.rb`:
  Upstream refactored that part and removed the file.
  Ported our relevant changes into `app/lib/vacuum/feeds_vacuum.rb`
- `config/settings.yml`:
  Upstream added new settings.
  Not a real conflict.
  Added upstream's new settings.
2022-10-02 18:46:22 +02:00
dependabot[bot]
7da3074578 Bump httplog from 1.5.0 to 1.6.0 (#19192)
Bumps [httplog](https://github.com/trusche/httplog) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/trusche/httplog/releases)
- [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md)
- [Commits](https://github.com/trusche/httplog/commits)

---
updated-dependencies:
- dependency-name: httplog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-24 19:38:46 +09:00
dependabot[bot]
cecc816e93 Bump rails from 6.1.6.1 to 6.1.7 (#19164)
Bumps [rails](https://github.com/rails/rails) from 6.1.6.1 to 6.1.7.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.6.1...v6.1.7)

---
updated-dependencies:
- dependency-name: rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11 23:12:25 +09:00
dependabot[bot]
921ca48c9c Bump doorkeeper from 5.5.4 to 5.6.0 (#19163)
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.5.4 to 5.6.0.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.5.4...v5.6.0)

---
updated-dependencies:
- dependency-name: doorkeeper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11 22:23:56 +09:00
dependabot[bot]
1dc27c2867 Bump faker from 2.22.0 to 2.23.0 (#19123)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.22.0 to 2.23.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.22.0...v2.23.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11 21:53:33 +09:00
Claire
6574050b4b Merge branch 'main' into glitch-soc/merge-upstream 2022-08-21 14:39:25 +02:00
dependabot[bot]
99c93abe12 Bump webmock from 3.17.0 to 3.18.1 (#19007)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.17.0 to 3.18.1.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.17.0...v3.18.1)

---
updated-dependencies:
- dependency-name: webmock
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19 09:27:53 +09:00
dependabot[bot]
a2662afdf0 Bump redis-namespace from 1.8.2 to 1.9.0 (#18987)
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.8.2 to 1.9.0.
- [Release notes](https://github.com/resque/redis-namespace/releases)
- [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/redis-namespace/compare/v1.8.2...v1.9)

---
updated-dependencies:
- dependency-name: redis-namespace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19 09:06:07 +09:00
dependabot[bot]
3149686441 Bump pry-byebug from 3.9.0 to 3.10.1 (#19002)
Bumps [pry-byebug](https://github.com/deivid-rodriguez/pry-byebug) from 3.9.0 to 3.10.1.
- [Release notes](https://github.com/deivid-rodriguez/pry-byebug/releases)
- [Changelog](https://github.com/deivid-rodriguez/pry-byebug/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deivid-rodriguez/pry-byebug/compare/v3.9.0...v3.10.1)

---
updated-dependencies:
- dependency-name: pry-byebug
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19 08:58:16 +09:00
dependabot[bot]
965c66af78 Bump brakeman from 5.2.3 to 5.3.1 (#18985)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.3 to 5.3.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/commits)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-19 08:55:18 +09:00
Claire
3b21b1e7bc Fix backend compatibility with OpenSSL 3.0 (#18449)
* Update webpush to fork with OpenSSL 3 compatibility

* Fix tests with OpenSSL 3.0

* Update webauthn gem to latest release and update dependencies
2022-08-17 22:06:48 +01:00
Claire
fd0c34e13f Merge branch 'main' into glitch-soc/merge-upstream 2022-08-15 14:33:05 +02:00
dependabot[bot]
8676a508f1 Bump webmock from 3.14.0 to 3.17.0 (#18935)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.14.0 to 3.17.0.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.14.0...v3.17.0)

---
updated-dependencies:
- dependency-name: webmock
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-06 16:28:09 +09:00
Claire
2b414f4d73 Merge branch 'main' into glitch-soc/merge-upstream 2022-08-01 17:47:02 +02:00
dependabot[bot]
889b766841 Bump dotenv-rails from 2.7.6 to 2.8.1 (#18898)
Bumps [dotenv-rails](https://github.com/bkeepers/dotenv) from 2.7.6 to 2.8.1.
- [Release notes](https://github.com/bkeepers/dotenv/releases)
- [Changelog](https://github.com/bkeepers/dotenv/blob/master/Changelog.md)
- [Commits](https://github.com/bkeepers/dotenv/compare/v2.7.6...v2.8.1)

---
updated-dependencies:
- dependency-name: dotenv-rails
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30 01:39:38 +09:00
dependabot[bot]
835bf60648 Bump bootsnap from 1.12.0 to 1.13.0 (#18902)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30 01:29:43 +09:00
dependabot[bot]
4278ac2245 Bump fabrication from 2.29.0 to 2.30.0 (#18901)
Bumps [fabrication](https://gitlab.com/fabrication-gem/fabrication/) from 2.29.0 to 2.30.0.
- [Release notes](https://gitlab.com/fabrication-gem/fabrication//tags)
- [Commits](https://gitlab.com/fabrication-gem/fabrication//compare/2.29.0...2.30.0)

---
updated-dependencies:
- dependency-name: fabrication
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30 01:27:12 +09:00
dependabot[bot]
68c81337e8 Bump faker from 2.21.0 to 2.22.0 (#18899)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.21.0 to 2.22.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.21.0...v2.22.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-30 01:16:28 +09:00
Claire
b50ab06371 Merge branch 'main' into glitch-soc/merge-upstream
- `.env.production.sample`:
  Our sample config file is very different from upstream since it is much more
  complete. Upstream added documentation for a few env variables.
  Copied the new variables/documentation from upstream.
- `app/lib/feed_manager.rb`:
  Upstream added a timeline type (hashtags), while glitch-soc already had an
  extra one (direct messages). Not really a conflict but textually close
  changes.
  Ported upstream's changes.
- `app/models/custom_emoji.rb`:
  Upstream upped the custom emoji size limit, while glitch-soc had configurable
  limits.
  Upped the default limits accordingly.
- `streaming/index.js`:
  Upstream reworked how hastags were normalized. Minor conflict due to
  glitch-soc's handling of instance-local posts.
  Ported upstream's changes.
2022-07-17 22:07:20 +02:00
dependabot[bot]
68d2465a7a Bump rack from 2.2.3.1 to 2.2.4 (#18768)
Bumps [rack](https://github.com/rack/rack) from 2.2.3.1 to 2.2.4.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.2.3.1...2.2.4)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-06 09:54:41 +09:00
dependabot[bot]
5832900427 Bump gitlab-omniauth-openid-connect from 0.9.1 to 0.10.0 (#18574)
Bumps [gitlab-omniauth-openid-connect](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect) from 0.9.1 to 0.10.0.
- [Release notes](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/tags)
- [Changelog](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/compare/v0.9.1...v0.10.0)

---
updated-dependencies:
- dependency-name: gitlab-omniauth-openid-connect
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-06 09:44:02 +09:00
dependabot[bot]
8bcebafef8 Bump sidekiq from 6.4.2 to 6.5.1 (#18672)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.2 to 6.5.1.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.4.2...v6.5.1)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-06 09:11:00 +09:00
Claire
301299d036 Merge branch 'main' into glitch-soc/merge-upstream 2022-07-03 21:36:15 +02:00
dependabot[bot]
7bc4328233 Bump fabrication from 2.28.0 to 2.29.0 (#18726)
Bumps [fabrication](https://gitlab.com/fabrication-gem/fabrication) from 2.28.0 to 2.29.0.
- [Release notes](https://gitlab.com/fabrication-gem/fabrication/tags)
- [Changelog](https://gitlab.com/fabrication-gem/fabrication/blob/master/Changelog.markdown)
- [Commits](https://gitlab.com/fabrication-gem/fabrication/compare/2.28.0...2.29.0)

---
updated-dependencies:
- dependency-name: fabrication
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-30 02:31:10 +09:00
Claire
490417762f Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Fix erroneous deletion in a previous merge.
- `Gemfile`:
  Conflict caused by glitch-soc-only hCaptcha dependency
- `app/controllers/auth/sessions_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
- `app/controllers/filters_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
- `app/serializers/rest/status_serializer.rb`:
  Minor conflict due to glitch-soc having an extra `local_only` property
2022-06-28 11:11:18 +02:00
Claire
90e5a9bd98 Revamp post filtering system (#18058)
* Add model for custom filter keywords

* Use CustomFilterKeyword internally

Does not change the API

* Fix /filters/edit and /filters/new

* Add migration tests

* Remove whole_word column from custom_filters (covered by custom_filter_keywords)

* Redesign /filters

Instead of a list, present a card that displays more information and handles
multiple keywords per filter.

* Redesign /filters/new and /filters/edit to add and remove keywords

This adds a new gem dependency: cocoon, as well as a npm dependency:
cocoon-js-vanilla. Those are used to easily populate and remove form fields
from the user interface when manipulating multiple keyword filters at once.

* Add /api/v2/filters to edit filter with multiple keywords

Entities:
- `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context`
  `keywords`
- `FilterKeyword`: `id`, `keyword`, `whole_word`

API endpoits:
- `GET /api/v2/filters` to list filters (including keywords)
- `POST /api/v2/filters` to create a new filter
  `keywords_attributes` can also be passed to create keywords in one request
- `GET /api/v2/filters/:id` to read a particular filter
- `PUT /api/v2/filters/:id` to update a new filter
  `keywords_attributes` can also be passed to edit, delete or add keywords in
   one request
- `DELETE /api/v2/filters/:id` to delete a particular filter
- `GET /api/v2/filters/:id/keywords` to list keywords for a filter
- `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a
   filter
- `GET /api/v2/filter_keywords/:id` to read a particular keyword
- `PUT /api/v2/filter_keywords/:id` to edit a particular keyword
- `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword

* Change from `irreversible` boolean to `action` enum

* Remove irrelevent `irreversible_must_be_within_context` check

* Fix /filters/new and /filters/edit with update for filter_action

* Fix Rubocop/Codeclimate complaining about task names

* Refactor FeedManager#phrase_filtered?

This moves regexp building and filter caching to the `CustomFilter` class.

This does not change the functional behavior yet, but this changes how the
cache is built, doing per-custom_filter regexps so that filters can be matched
independently, while still offering caching.

* Perform server-side filtering and output result in REST API

* Fix numerous filters_changed events being sent when editing multiple keywords at once

* Add some tests

* Use the new API in the WebUI

- use client-side logic for filters we have fetched rules for.
  This is so that filter changes can be retroactively applied without
  reloading the UI.
- use server-side logic for filters we haven't fetched rules for yet
  (e.g. network error, or initial timeline loading)

* Minor optimizations and refactoring

* Perform server-side filtering on the streaming server

* Change the wording of filter action labels

* Fix issues pointed out by linter

* Change design of “Show anyway” link in accordence to review comments

* Drop “irreversible” filtering behavior

* Move /api/v2/filter_keywords to /api/v1/filters/keywords

* Rename `filter_results` attribute to `filtered`

* Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer

* Fix systemChannelId value in streaming server

* Simplify code by removing client-side filtering code

The simplifcation comes at a cost though: filters aren't retroactively
applied anymore.
2022-06-28 09:42:13 +02:00
dependabot[bot]
0c87562143 Bump pg from 1.3.5 to 1.4.0 (#18695)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.3.5 to 1.4.0.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.3.5...v1.4.0)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-27 20:55:18 +09:00