Commit graph

10922 commits

Author SHA1 Message Date
Eugen Rochko
6c1d78b277 Fix error on trending hashtags/links pages in admin UI due to missing constant (#17044) 2021-11-26 01:12:39 +01:00
Claire
202862753a Fix handling of recursive toots in WebUI (#17041) 2021-11-25 23:46:39 +01:00
Claire
be1c45d252 Fix filtering DMs from non-followed users (#17042) 2021-11-25 23:46:30 +01:00
Eugen Rochko
ad73becf3e Add trending links (#16917)
* Add trending links

* Add overriding specific links trendability

* Add link type to preview cards and only trend articles

Change trends review notifications from being sent every 5 minutes to being sent every 2 hours

Change threshold from 5 unique accounts to 15 unique accounts

* Fix tests
2021-11-25 13:07:38 +01:00
zunda
56abe9b4d7 Upgrade Ruby to 3.0.3 (#17038)
https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
2021-11-24 20:29:05 +01:00
trwnh
82ae34881d Better ordering for bug report issue template (#17019)
Logically, it makes more sense to provide the steps leading up to the bug before asking what the bug is. This change moves "steps to reproduce" above "expected behavior" and "actual behavior" to enforce the above progression and logical flow.
2021-11-24 20:24:09 +01:00
Claire
5d2ed78074 Fix error when suspending user with an already-existing canonical email block (#17036)
* Fix error when suspending user with an already-existing canonical email block

Fixes #17033

While attempting to create a `CanonicalEmailBlock` with an existing hash would
raise an `ActiveRecord::RecordNotUnique` error, this being done within a
transaction would cancel the whole transaction. For this reason, checking for
uniqueness in Rails would query the database within the transaction and avoid
invalidating the whole transaction for this reason.

A race condition is still possible, where multiple accounts sharing a canonical
email would be blocked in concurrent transactions, in which only one would
succeed, but that is way less likely to happen that the current issue, and can
always be retried after the first failure, unlike the current situation.

* Add tests
2021-11-24 17:41:03 +01:00
Claire
ab775c6cd1 Add FEDERATION.md (#17029)
Some ActivityPub projects have a FEDERATION.md which is used to describe the
various extensions they use.

Everything here is also documented elsewhere, but it's a concise starting point
with links to that documentation.
2021-11-23 00:15:31 +01:00
Claire
199022cf9d Fix overflow of long profile fields in admin view (#17010) 2021-11-19 18:22:49 +01:00
Claire
3d8a884f06 Fix background-color of emoji-mart selector (#17011)
Reverts part of #16907 to fix hardcoded color
2021-11-19 18:21:37 +01:00
Takeshi Umeda
869faf5f87 Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) (#16915)
* Bump chewy from 5.2.0 to 7.2.2

* fix style (codeclimate)

* fix style

* fix style

* Bump chewy from 7.2.2 to 7.2.3
2021-11-18 22:02:08 +01:00
Mashiro
3cb518dcb4 Add lazy load to emoji-mart (#16907)
* perf: lazyload emoji-mart!

* Bump lazyload
2021-11-18 22:01:31 +01:00
Shlee
1b575f8aed Update Dockerfile (#16939) 2021-11-18 22:00:38 +01:00
Shlee
ef5eb1c89e [Docker-Compose] [Breaking] Postgres 9.6 is EOL (11th Nov 2021) - Migrate to 14 Stable (#16947)
* Update docker-compose.yml

* Update docker-compose.yml

* Update docker-compose.yml

* Update docker-compose.yml
2021-11-18 22:00:27 +01:00
Shlee
0e747afd34 Ruby 3.0.2 Upgrade (#16982)
* Update .ruby-version

* Update Gemfile

* Update Gemfile.lock

* Update Dockerfile

* Update check-i18n.yml

* Update config.yml

* Update config.yml
2021-11-18 21:59:57 +01:00
Shlee
6566ab621e [Dockerfile] Upgrade ElasticSearch-OSS 6.8.10 to 7.10.2 (#16956)
* Update docker-compose.yml

* Update docker-compose.yml

* Update docker-compose.yml
2021-11-18 21:59:34 +01:00
dependabot[bot]
ee5a645091 Bump aws-sdk-s3 from 1.105.1 to 1.106.0 (#17001)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.105.1 to 1.106.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:44:23 +09:00
dependabot[bot]
3ea9d6f0d1 Bump mime-types from 3.4.0 to 3.4.1 (#17002)
Bumps [mime-types](https://github.com/mime-types/ruby-mime-types) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/mime-types/ruby-mime-types/releases)
- [Changelog](https://github.com/mime-types/ruby-mime-types/blob/main/History.md)
- [Commits](https://github.com/mime-types/ruby-mime-types/compare/v3.4.0...v3.4.1)

---
updated-dependencies:
- dependency-name: mime-types
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:44:08 +09:00
dependabot[bot]
135d6235ec Bump eslint-plugin-jsx-a11y from 6.4.1 to 6.5.1 (#16993)
Bumps [eslint-plugin-jsx-a11y](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y) from 6.4.1 to 6.5.1.
- [Release notes](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/releases)
- [Changelog](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/compare/v6.4.1...v6.5.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jsx-a11y
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:42:12 +09:00
dependabot[bot]
99d33d0c03 Bump letter_opener_web from 1.4.1 to 2.0.0 (#16960)
Bumps [letter_opener_web](https://github.com/fgrehm/letter_opener_web) from 1.4.1 to 2.0.0.
- [Release notes](https://github.com/fgrehm/letter_opener_web/releases)
- [Changelog](https://github.com/fgrehm/letter_opener_web/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fgrehm/letter_opener_web/compare/v1.4.1...v2.0.0)

---
updated-dependencies:
- dependency-name: letter_opener_web
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:20:31 +09:00
dependabot[bot]
1b659a2545 Bump eslint-plugin-import from 2.25.2 to 2.25.3 (#16995)
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.25.2 to 2.25.3.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.25.2...v2.25.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:08:10 +09:00
dependabot[bot]
a6b42b9bcf Bump @babel/runtime from 7.16.0 to 7.16.3 (#16994)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.16.0 to 7.16.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.16.3/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:07:56 +09:00
dependabot[bot]
5d8ea35cde Bump eslint-plugin-react from 7.26.1 to 7.27.0 (#16992)
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.26.1 to 7.27.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.26.1...v7.27.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-react
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:07:15 +09:00
dependabot[bot]
828526c1d7 Bump mime-types from 3.3.1 to 3.4.0 (#16991)
Bumps [mime-types](https://github.com/mime-types/ruby-mime-types) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/mime-types/ruby-mime-types/releases)
- [Changelog](https://github.com/mime-types/ruby-mime-types/blob/main/History.md)
- [Commits](https://github.com/mime-types/ruby-mime-types/compare/v3.3.1...v3.4.0)

---
updated-dependencies:
- dependency-name: mime-types
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:06:58 +09:00
dependabot[bot]
1d4951d667 Bump sprockets-rails from 3.2.2 to 3.4.0 (#16990)
Bumps [sprockets-rails](https://github.com/rails/sprockets-rails) from 3.2.2 to 3.4.0.
- [Release notes](https://github.com/rails/sprockets-rails/releases)
- [Commits](https://github.com/rails/sprockets-rails/compare/v3.2.2...v3.4.0)

---
updated-dependencies:
- dependency-name: sprockets-rails
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:06:40 +09:00
dependabot[bot]
eedf774202 Bump rubocop from 1.22.3 to 1.23.0 (#16989)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.22.3 to 1.23.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.22.3...v1.23.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-18 09:06:26 +09:00
Shlee
2abb53ee23 [Dockerfile] [Security] Update NodeJS to V16 (LTS) on docker. (#16856)
* [Security] Update NodeJS on docker.

https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/

* Update Dockerfile

* Upgrade npm package

* Update Dockerfile
2021-11-17 07:57:01 +01:00
Eugen Rochko
c32e5f820d Add manual GitHub Actions runs (#17000) 2021-11-16 21:42:14 +01:00
Claire
ef730593f4 Fix upload of remote media with OpenStack Swift sometimes failing (#16998)
Under certain conditions, files fetched from remotes trigger an error when
being uploaded using OpenStack Swift. This is because in some cases, the
remote server will not return a content-length, so our ResponseWithLimitAdapter
will hold a `nil` value for `#size`, which will lead to an invalid value
for the Content-Length header of the Swift API call.

This commit fixes that by taking the size from the actually-downloaded file
size rather than the upstream-provided Content-Length header value.
2021-11-16 21:36:28 +01:00
Claire
701472d1fc Fix confusing error when webfinger request returns empty document (#16986)
For some reason, some misconfigured servers return an empty document when
queried over webfinger. Since an empty document does not lead to a parse
error, the error is not caught properly and triggers uncaught exceptions
later on.

This PR fixes that by immediately erroring out with `Webfinger::Error` on
getting an empty response.
2021-11-14 21:55:40 +01:00
Eugen Rochko
fc187cefdf Change workflow to push to Docker Hub (#16980) 2021-11-14 06:11:05 +01:00
Eugen Rochko
1bf6ec3325 Fix no link previews being generated for pages with invalid structured data (#16979)
Fix #16955
2021-11-13 23:07:13 +01:00
dependabot[bot]
4bfa20bd83 Bump react-select from 5.1.0 to 5.2.1 (#16967)
Bumps [react-select](https://github.com/JedWatson/react-select) from 5.1.0 to 5.2.1.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@5.1.0...react-select@5.2.1)

---
updated-dependencies:
- dependency-name: react-select
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:51:42 +09:00
dependabot[bot]
1b83dee0b7 Bump @testing-library/jest-dom from 5.14.1 to 5.15.0 (#16966)
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 5.14.1 to 5.15.0.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v5.14.1...v5.15.0)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:51:07 +09:00
dependabot[bot]
aa395541aa Bump reselect from 4.1.1 to 4.1.2 (#16963)
Bumps [reselect](https://github.com/reduxjs/reselect) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/reduxjs/reselect/releases)
- [Changelog](https://github.com/reduxjs/reselect/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/reselect/compare/v4.1.1...v4.1.2)

---
updated-dependencies:
- dependency-name: reselect
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:49:38 +09:00
dependabot[bot]
732064b0be Bump sidekiq from 6.2.2 to 6.3.1 (#16965)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.2 to 6.3.1.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.2...v6.3.1)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:48:34 +09:00
dependabot[bot]
0c80690efd Bump webpack-dev-server from 3.11.2 to 3.11.3 (#16964)
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 3.11.2 to 3.11.3.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/v3.11.3/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v3.11.2...v3.11.3)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:46:14 +09:00
dependabot[bot]
b68c8bf341 Bump aws-sdk-s3 from 1.104.0 to 1.105.1 (#16962)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.104.0 to 1.105.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:36:28 +09:00
dependabot[bot]
6f4d419f5e Bump ox from 2.14.5 to 2.14.6 (#16961)
Bumps [ox](https://github.com/ohler55/ox) from 2.14.5 to 2.14.6.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.14.5...v2.14.6)

---
updated-dependencies:
- dependency-name: ox
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:35:52 +09:00
dependabot[bot]
8a1f69b3d8 Bump i18n-tasks from 0.9.34 to 0.9.35 (#16959)
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.34 to 0.9.35.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/main/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.34...v0.9.35)

---
updated-dependencies:
- dependency-name: i18n-tasks
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:34:28 +09:00
dependabot[bot]
0f994bac51 Bump idn-ruby from 0.1.2 to 0.1.4 (#16958)
Bumps [idn-ruby](https://github.com/deepfryed/idn-ruby) from 0.1.2 to 0.1.4.
- [Release notes](https://github.com/deepfryed/idn-ruby/releases)
- [Changelog](https://github.com/deepfryed/idn-ruby/blob/master/CHANGES)
- [Commits](https://github.com/deepfryed/idn-ruby/compare/v0.1.2...v0.1.4)

---
updated-dependencies:
- dependency-name: idn-ruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-13 18:34:00 +09:00
Claire
fdfcc4fcb7 Fix OpenGraph/LinkedData embeds having incorrectly-generated iframes (#16978) 2021-11-13 03:30:27 +01:00
Yusuke Nakamura
786e5e634c Build container image by GitHub Actions (#16973)
* Build container image by GitHub Actions

* Trigger docker build only pushed to main branch

* Tweak tagging imgae

- "edge" is the main branch
- "latest" is the tagged latest release
2021-11-12 05:18:29 +01:00
Claire
65a727c888 Fix "bundle exec rails mastodon:setup" crashing in some circumstances (#16976)
Fix regression from #16896
2021-11-11 14:00:30 +01:00
Shlee
15ac5f2a2f [CircleCI] Test using Postgres 14 (#16948)
* Update config.yml

* Update config.yml
2021-11-06 17:13:51 +01:00
Eugen Rochko
8925737d2c Forward port version bumps to 3.4.2 and 3.4.3 (#16945)
* Bump version to 3.4.2

* Bump version to 3.4.3
2021-11-06 05:32:14 +01:00
Claire
9e122d774d Fix reviving revoked sessions and invalidating login (#16943)
Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
2021-11-06 00:13:58 +01:00
Claire
925adbf7af Fix AccountNote not having a maximum length (#16942) 2021-11-06 00:12:25 +01:00
Eugen Rochko
4dc87ffc06 Add support for structured data and more OpenGraph tags to link cards (#16938)
Save preview cards under their canonical URL

Increase max redirects to follow from 2 to 3
2021-11-05 23:23:05 +01:00
Claire
91bd8b921b Fix handling announcements with links (#16941)
Broken since #15827
2021-11-05 21:14:35 +01:00