dependabot[bot]
e001e116da
Bump sidekiq-scheduler from 3.1.0 to 3.1.1 ( #17407 )
...
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases )
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1 )
---
updated-dependencies:
- dependency-name: sidekiq-scheduler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
e0263c7369
Bump http-link-header from 1.0.3 to 1.0.4 ( #17414 )
...
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header ) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases )
- [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4 )
---
updated-dependencies:
- dependency-name: http-link-header
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
Alexandra Catalina
50ab3f3dcb
Update tootsuite/mastodon Docker tag to v3.4.6 ( #17436 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
3 years ago
Eugen Rochko
3413f1c44b
Forward-port version bump to 3.4.6 ( #17434 )
3 years ago
Claire
73b730e649
Merge pull request #1676 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
Claire
c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding ( #17428 )
3 years ago
Claire
948235592a
Fix response_to_recipient? CTE ( #17427 )
3 years ago
Claire
d1ecc323e7
Compact JSON-LD signed incoming activities ( #17426 )
...
Co-authored-by: Puck Meerburg <puck@puck.moe>
3 years ago
Claire
2beb0a7af5
Bump version to 3.4.6
3 years ago
Claire
a3e0dacf5c
Fix response_to_recipient? CTE
3 years ago
Claire
7b969436a0
Fix compacted JSON-LD possibly causing compatibility issues on forwarding
3 years ago
Puck Meerburg
63da32468c
Compact JSON-LD signed incoming activities
3 years ago
Claire
20a4b8081f
Merge pull request #1675 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
Claire
098f2bc1e1
Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
Alexandra Catalina
d0d15bf49c
Update tootsuite/mastodon Docker tag to v3.4.5 ( #17417 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
3 years ago
Claire
987d88ea56
Fix requiring an extra restart after recent post-deployment migrations ( #17422 )
...
Follow-up to #16409
3 years ago
Rohan Sharma
4d6d4b43c6
Fixed prototype pollution bug and only allow trusted origin ( #17420 )
3 years ago
Claire
54581d43e7
Bump version to 3.4.5 ( #17402 )
3 years ago
Claire
d6f3261c6c
Merge pull request #1674 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
Claire
2fcf652fff
Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
Daniel Jakots
aa45404578
Bump NODE_VER to 16.13.2, to solve security issues ( #17399 )
...
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
3 years ago
Claire
a0e06c3c3e
Add more advanced migration tests ( #17393 )
...
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
3 years ago
Claire
c6b291afc3
Change index corruption warning to be a little less scary ( #17395 )
3 years ago
Claire
b54e263712
Merge pull request #1673 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
Claire
a99adeaad3
Fix edge case in migration helpers that caused crash because of PostgreSQL quirks ( #17398 )
3 years ago
Claire
7679ddcd5e
Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
Claire
ac583fce21
Fix some old migration scripts ( #17394 )
...
* Fix some old migration scripts
* Fix edge case in two-step migration from older releases
3 years ago
Claire
f5639e1cbe
Change public profile pages to be disabled for unconfirmed users ( #17385 )
...
Fixes #17382
Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
3 years ago
Claire
2ba6267f16
Merge pull request #1668 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
Claire
94a39f6b68
Fix Sidekiq warning when pushing DMs to direct timeline
3 years ago
Claire
b2915613fb
Merge branch 'main' into glitch-soc/merge-upstream
...
Conflicts:
- `Gemfile.lock`:
Upstream-updated lib textually too close to glitch-soc-only dep.
Updated like upstream.
3 years ago
Claire
e38fc319dc
Refactor and improve tests ( #17386 )
...
* Change account and user fabricators to simplify and improve tests
- `Fabricate(:account)` implicitly fabricates an associated `user` if
no `domain` attribute is given (an account with `domain: nil` is
considered a local account, but no user record was created), unless
`user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
but is discouraged.
* Fix and refactor tests
- avoid passing unneeded attributes to `Fabricate(:user)` or
`Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
way around
- prefer `Fabricate(:user, account_attributes: …)` to
`Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
not representative of production code.
3 years ago
Claire
03d59340da
Fix Sidekiq warnings about JSON serialization ( #17381 )
...
* Fix Sidekiq warnings about JSON serialization
This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.
See https://github.com/mperham/sidekiq/pull/5071
We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.
* Set Sidekiq to raise on unsafe arguments in test mode
In order to more easily catch issues that would produce warnings in production
code.
3 years ago
Claire
14c69a535b
Fix some old database migrations ( #17379 )
3 years ago
dependabot[bot]
4942a7ce86
Bump pg from 1.2.3 to 1.3.0 ( #17349 )
...
Bumps [pg](https://github.com/ged/ruby-pg ) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/ged/ruby-pg/releases )
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc )
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.3...v1.3.0 )
---
updated-dependencies:
- dependency-name: pg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
497b8eedda
Bump axios from 0.24.0 to 0.25.0 ( #17354 )
...
Bumps [axios](https://github.com/axios/axios ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
df78d83e95
Bump rdf-normalize from 0.4.0 to 0.5.0 ( #17226 )
...
Bumps [rdf-normalize](https://github.com/ruby-rdf/rdf-normalize ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/ruby-rdf/rdf-normalize/releases )
- [Commits](https://github.com/ruby-rdf/rdf-normalize/compare/0.4.0...0.5.0 )
---
updated-dependencies:
- dependency-name: rdf-normalize
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
Claire
ad6ddb9bdd
Merge branch 'main' into glitch-soc/merge-upstream
...
Conflicts:
- `config/environments/production.rb`:
Upstream changed a header but we had different default headers.
Applied the same change, and also dropped HSTS headers redundant with
Rails'.
3 years ago
Claire
166cc5b89d
Fix local distribution of edited statuses ( #17380 )
...
Because `FanOutOnWriteService#update?` was broken, edits were considered as new
toots and a regular `update` payload was sent.
3 years ago
Su Yang
10188c7db7
Add healthcheck for sidekiq ( #17365 )
3 years ago
Eugen Rochko
6505b39e5d
Fix poll updates being saved as status edits ( #17373 )
...
Fix #17344
3 years ago
Claire
5893019937
Merge pull request #1667 from ClearlyClaire/glitch-soc/fixes/hcaptcha-text
...
Improve explanations around the hCaptcha feature
3 years ago
Claire
b768a4dea9
Add link to /about/more to the CAPTCHA verification page
3 years ago
Claire
7c2204314a
Add some explanation text on the CAPTCHA confirmation page
3 years ago
Claire
f997a5463b
Add mention of accessibility issues to hCaptcha option in admin page
3 years ago
Claire
129bc42979
Merge pull request #1665 from ClearlyClaire/glitch-soc/features/hcaptcha
...
Add optional hCaptcha support
3 years ago
Claire
b7cf3941b3
Change CAPTCHA handling to be only on email verification
...
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
3 years ago
Claire
0fb907441c
Add ability to set hCaptcha either on registration form or on e-mail validation
...
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
3 years ago
Claire
a9269f8786
Disable `registrations` flag in /api/v1/instance when CAPTCHA is enabled
...
This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
3 years ago
dependabot[bot]
bebf9bf33f
Bump sass from 1.48.0 to 1.49.0 ( #17352 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.48.0...1.49.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago