d856b8f239
Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
567021abeb
Explicitly set userVerification to discoraged ( #16545 )
3 years ago
84566f17de
Fix authentication failures after going halfway through a sign-in attempt ( #16607 )
...
* Add tests
* Add security-related tests
My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.
* Fix authentication failures after going halfway through a sign-in attempt
* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
3 years ago
8632cc7dc5
New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED ( #16655 )
...
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.
We need a new environment variable like for SAML to assume the email
from CAS is verified.
* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.
3 years ago
fc9f57c442
Bump rails from 6.1.4 to 6.1.4.1 ( #16650 )
...
Bumps [rails](https://github.com/rails/rails ) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases )
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1 )
---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
28796d1342
Fix follow request count to dynamically update ( #16652 )
3 years ago
eb30899df2
Fix undefined variable for Auth::OmniauthCallbacksController ( #16654 )
...
The addition of authentication history broke the omniauth login with
the following error:
method=GET path=/auth/auth/cas/callback format=html
controller=Auth::OmniauthCallbacksController action=cas status=500
error='NameError: undefined local variable or method `user' for
#<Auth::OmniauthCallbacksController:0x00000000036290>
Did you mean? @user' duration=435.93 view=0.00 db=36.19
* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
name to `@user`
3 years ago
9c6cecb7a9
Bump eslint-plugin-import from 2.24.0 to 2.24.1 ( #16635 )
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
3f2ddcda8a
Bump ws from 8.1.0 to 8.2.0 ( #16636 )
...
Bumps [ws](https://github.com/websockets/ws ) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0 )
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
4cfa969d71
Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 ( #16590 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
28d475cb1d
Merge pull request #1589 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
09d48e5d40
Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
8965ccd208
Fix “discoverable” account setting being tied to profile directory ( #16637 )
3 years ago
032fa39093
Merge pull request #1588 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
a47b6d409c
[Glitch] Fix crash if a notification contains an unprocessed media attachment
...
Port 35a4765381
3 years ago
fbf7974e1c
[Glitch] Fix download button color in audio player
...
Port 52e891ceaf
3 years ago
9957c6e8cb
Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
4f1a4dbd74
Make sure nginx always send HSTS header ( #16633 )
...
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308
As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.
Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
3 years ago
b48cd23cf3
Add tests for SuspendAccountService and UnsuspendAccountService ( #16627 )
...
* Add tests for SuspendAccountService
* Add tests for UnsuspendAccountService
3 years ago
39076399f9
Bump rspec-rails from 5.0.1 to 5.0.2 ( #16622 )
...
Bumps [rspec-rails](https://github.com/rspec/rspec-rails ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/rspec/rspec-rails/releases )
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md )
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.1...v5.0.2 )
---
updated-dependencies:
- dependency-name: rspec-rails
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
e4055a1f10
Bump sass from 1.37.0 to 1.38.0 ( #16623 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.37.0...1.38.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
c3c31b38ac
Bump fast_blank from 1.0.0 to 1.0.1 ( #16621 )
...
Bumps [fast_blank](https://github.com/SamSaffron/fast_blank ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/SamSaffron/fast_blank/releases )
- [Commits](https://github.com/SamSaffron/fast_blank/compare/1.0.0...v1.0.1 )
---
updated-dependencies:
- dependency-name: fast_blank
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
5afd70a728
Disable nginx ssl_session_tickets for better security ( #16632 )
...
It's default turned on, but it's better to turn it off for security reason.
Reference:
- https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
- https://github.com/mozilla/server-side-tls/issues/135
3 years ago
a9364a4773
Fix remotely-suspended accounts' toots being merged back into timelines ( #16628 )
...
* Fix remotely-suspended accounts' toots being merged back into timelines
* Mark remotely-deleted accounts as remotely suspended
3 years ago
56839ac64f
Fix #16603 ( #16605 )
...
Fix issue #16603 undefined method `serialize_payload' for Unsuspend Account Service error.
It seems that this service forgot to `include Payloadable` so that `serialize_payload` could not be found in this service.
3 years ago
8821406960
Bump oj from 3.12.2 to 3.13.2 ( #16620 )
...
Bumps [oj](https://github.com/ohler55/oj ) from 3.12.2 to 3.13.2.
- [Release notes](https://github.com/ohler55/oj/releases )
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/ohler55/oj/compare/v3.12.2...v3.13.2 )
---
updated-dependencies:
- dependency-name: oj
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
f2433f29b8
Bump eslint-plugin-import from 2.23.4 to 2.24.0 ( #16592 )
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.23.4 to 2.24.0.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.23.4...v2.24.0 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
bc0cb8e652
Bump yargs from 17.0.1 to 17.1.1 ( #16614 )
...
Bumps [yargs](https://github.com/yargs/yargs ) from 17.0.1 to 17.1.1.
- [Release notes](https://github.com/yargs/yargs/releases )
- [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/yargs/compare/v17.0.1...v17.1.1 )
---
updated-dependencies:
- dependency-name: yargs
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
c72729cba1
Bump ws from 8.0.0 to 8.1.0 ( #16616 )
...
Bumps [ws](https://github.com/websockets/ws ) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/8.0.0...8.1.0 )
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
c6c80f95b2
Bump bullet from 6.1.4 to 6.1.5 ( #16617 )
...
Bumps [bullet](https://github.com/flyerhzm/bullet ) from 6.1.4 to 6.1.5.
- [Release notes](https://github.com/flyerhzm/bullet/releases )
- [Changelog](https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md )
- [Commits](https://github.com/flyerhzm/bullet/compare/6.1.4...6.1.5 )
---
updated-dependencies:
- dependency-name: bullet
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
b1bf87cedd
Bump fastimage from 2.2.4 to 2.2.5 ( #16609 )
...
Bumps [fastimage](https://github.com/sdsykes/fastimage ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/sdsykes/fastimage/releases )
- [Changelog](https://github.com/sdsykes/fastimage/blob/master/CHANGELOG )
- [Commits](https://github.com/sdsykes/fastimage/compare/v2.2.4...v2.2.5 )
---
updated-dependencies:
- dependency-name: fastimage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
9c4597a18e
Bump nokogiri from 1.12.2 to 1.12.3 ( #16610 )
...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.12.2 to 1.12.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases )
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.2...v1.12.3 )
---
updated-dependencies:
- dependency-name: nokogiri
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
eb06514636
Bump blurhash from 1.1.3 to 1.1.4 ( #16613 )
...
Bumps [blurhash](https://github.com/woltapp/blurhash ) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/woltapp/blurhash/releases )
- [Commits](https://github.com/woltapp/blurhash/commits )
---
updated-dependencies:
- dependency-name: blurhash
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
64f0e788f2
Bump pundit from 2.1.0 to 2.1.1 ( #16615 )
...
Bumps [pundit](https://github.com/varvet/pundit ) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/varvet/pundit/releases )
- [Changelog](https://github.com/varvet/pundit/blob/master/CHANGELOG.md )
- [Commits](https://github.com/varvet/pundit/compare/v2.1.0...v2.1.1 )
---
updated-dependencies:
- dependency-name: pundit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
670f07c190
Bump path-parse from 1.0.6 to 1.0.7 ( #16597 )
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
b9cbc23f7c
Bump parallel_tests from 3.7.0 to 3.7.1 ( #16612 )
...
Bumps [parallel_tests](https://github.com/grosser/parallel_tests ) from 3.7.0 to 3.7.1.
- [Release notes](https://github.com/grosser/parallel_tests/releases )
- [Changelog](https://github.com/grosser/parallel_tests/blob/master/CHANGELOG.md )
- [Commits](https://github.com/grosser/parallel_tests/compare/v3.7.0...v3.7.1 )
---
updated-dependencies:
- dependency-name: parallel_tests
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
b2c63cbfb2
Bump aws-sdk-s3 from 1.98.0 to 1.99.0 ( #16611 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.98.0 to 1.99.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
4ee62e47d2
Bump webmock from 3.13.0 to 3.14.0 ( #16587 )
...
Bumps [webmock](https://github.com/bblimke/webmock ) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/bblimke/webmock/releases )
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md )
- [Commits](https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0 )
---
updated-dependencies:
- dependency-name: webmock
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
bb7cf216d1
Bump redux from 4.1.0 to 4.1.1 ( #16586 )
...
Bumps [redux](https://github.com/reduxjs/redux ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/reduxjs/redux/releases )
- [Changelog](https://github.com/reduxjs/redux/blob/master/CHANGELOG.md )
- [Commits](https://github.com/reduxjs/redux/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: redux
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
e82fdd74cf
Bump rubocop from 1.18.4 to 1.19.0 ( #16618 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.18.4 to 1.19.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.18.4...v1.19.0 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
cd9e05ee86
Bump strong_migrations from 0.7.7 to 0.7.8 ( #16584 )
...
Bumps [strong_migrations](https://github.com/ankane/strong_migrations ) from 0.7.7 to 0.7.8.
- [Release notes](https://github.com/ankane/strong_migrations/releases )
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.7.7...v0.7.8 )
---
updated-dependencies:
- dependency-name: strong_migrations
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
87aa7d1db1
Bump @babel/runtime from 7.14.8 to 7.15.3 ( #16619 )
...
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime ) from 7.14.8 to 7.15.3.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.3/packages/babel-runtime )
---
updated-dependencies:
- dependency-name: "@babel/runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
8e4cb1dd25
Bump @babel/core from 7.14.8 to 7.15.0 ( #16588 )
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.14.8 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-core )
---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
ee8623ad07
Bump @testing-library/react from 11.2.7 to 12.0.0 ( #16440 )
...
Bumps [@testing-library/react](https://github.com/testing-library/react-testing-library ) from 11.2.7 to 12.0.0.
- [Release notes](https://github.com/testing-library/react-testing-library/releases )
- [Changelog](https://github.com/testing-library/react-testing-library/blob/main/CHANGELOG.md )
- [Commits](https://github.com/testing-library/react-testing-library/compare/v11.2.7...v12.0.0 )
---
updated-dependencies:
- dependency-name: "@testing-library/react"
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
35a4765381
Fix crash if a notification contains an unprocessed media attachment ( #16573 )
...
* Refactor AttachmentList
* Do not crash if a notification contains an unprocessed media attachment
Fixes #16530
* Fix spacing in compact form
3 years ago
52e891ceaf
Fix download button color in audio player ( #16572 )
...
Fixes #16571
3 years ago
1692e0b381
Fix followers synchronization mechanism not working when URI has empty path ( #16510 )
...
* Fix followers synchronization mechanism not working when URI has empty path
To my knowledge, there is no current implementation on the fediverse
that can use bare domains (e.g., actor is at https://example.org instead of
something like https://example.org/actor ) that also plans to support the
followers synchronization mechanism. However, Mastodon's current implementation
would exclude such accounts from followers list.
Also adds tests and rename them to reflect the proper method names.
* Move url prefix regexp to its own constant
3 years ago
627f81a470
Merge pull request #1585 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
3 years ago
4381817f2a
Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
acf7595157
Fix crash when encountering invalid account fields ( #16598 )
...
* Add test
* Fix crash when encountering invalid account fields
3 years ago
Claire
Truong Nguyen
Daniel
dependabot[bot]
matildepark
Peter Dave Hello
Holger