Commit graph

38492 commits

Author SHA1 Message Date
Claire
9541605024 Fix ActiveRecord monkey-patching migration hack 2021-03-24 10:55:02 +01:00
Claire
d10b08ea1f Merge branch 'main' into glitch-soc/merge-upstream 2021-03-24 10:53:50 +01:00
Claire
f60c99a8fb Merge branch 'main' into glitch-soc/merge-upstream 2021-03-24 10:53:50 +01:00
dependabot[bot]
5119cd8a0b Bump brakeman from 4.10.1 to 5.0.0 (#15656)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.10.1 to 5.0.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.10.1...v5.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-24 10:53:23 +01:00
dependabot[bot]
88d69d3261
Bump brakeman from 4.10.1 to 5.0.0 (#15656)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.10.1 to 5.0.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.10.1...v5.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-24 10:53:23 +01:00
Yurii Izorkin
d38973427f templates/systemd/mastodon: enable sandbox mode (#15937) 2021-03-24 10:46:13 +01:00
Yurii Izorkin
297a3cf904
templates/systemd/mastodon: enable sandbox mode (#15937) 2021-03-24 10:46:13 +01:00
Claire
b2a89bf38e Update Mastodon to Rails 6.1 (#15910)
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
2021-03-24 10:44:31 +01:00
Claire
cbd0ee1d07
Update Mastodon to Rails 6.1 (#15910)
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
2021-03-24 10:44:31 +01:00
Claire
edc41c6e17 Change mastodon:setup to not call assets:precompile in docker (#13942)
It appears assets are built during image build, and they shouldn't need
to be rebuilt, since we now have reproducible builds.
2021-03-24 10:37:24 +01:00
Claire
82556834cf
Change mastodon:setup to not call assets:precompile in docker (#13942)
It appears assets are built during image build, and they shouldn't need
to be rebuilt, since we now have reproducible builds.
2021-03-24 10:37:24 +01:00
Claire
f0e6f3a1d7 Fix Mastodon not understanding as:Public and Public (#15948)
Fixes #5551
2021-03-24 10:19:40 +01:00
Claire
1c4dee4554
Fix Mastodon not understanding as:Public and Public (#15948)
Fixes #5551
2021-03-24 10:19:40 +01:00
Claire
c9a92dd35a Fix compose form behavior in mobile view (#15555)
* Fix ComposeForm being mounted twice in mobile view

Fixes #13094

* Fix compose form focus and pre-selection behavior in mobile view

* Split _updateFocusAndSelection out of componentDidUpdate
2021-03-24 10:19:07 +01:00
Claire
034f37b85a
Fix compose form behavior in mobile view (#15555)
* Fix ComposeForm being mounted twice in mobile view

Fixes #13094

* Fix compose form focus and pre-selection behavior in mobile view

* Split _updateFocusAndSelection out of componentDidUpdate
2021-03-24 10:19:07 +01:00
Claire
4d596eeade Merge pull request #1515 from ClearlyClaire/glitch-soc/features/notifications-design
Change notification settings UI to be more compact
2021-03-24 10:14:42 +01:00
Claire
d7c1c41859
Merge pull request #1515 from ClearlyClaire/glitch-soc/features/notifications-design
Change notification settings UI to be more compact
2021-03-24 10:14:42 +01:00
Claire
90cd93f49a Switch from deprecated ClusterWS/cws to ws package (#15932)
* Switch from deprecated ClusterWS/cws to ws package

Fixes #15184

Co-authored-by: Edho Arief <me@nanaya.pro>

* Make bufferutil and utf-8-validate optional dependencies

Co-authored-by: Edho Arief <me@nanaya.pro>
2021-03-24 09:37:41 +01:00
Claire
49814d5799
Switch from deprecated ClusterWS/cws to ws package (#15932)
* Switch from deprecated ClusterWS/cws to ws package

Fixes #15184

Co-authored-by: Edho Arief <me@nanaya.pro>

* Make bufferutil and utf-8-validate optional dependencies

Co-authored-by: Edho Arief <me@nanaya.pro>
2021-03-24 09:37:41 +01:00
dependabot[bot]
c8908a35b7 Bump react-select from 3.2.0 to 4.0.2 (#15624)
* Bump react-select from 3.2.0 to 4.0.2

Bumps [react-select](https://github.com/JedWatson/react-select) from 3.2.0 to 4.0.2.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.2.0...react-select@4.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

* Add cacheKey to NonceProvider for react-select

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-03-22 15:41:47 +09:00
dependabot[bot]
c3aef491d6
Bump react-select from 3.2.0 to 4.0.2 (#15624)
* Bump react-select from 3.2.0 to 4.0.2

Bumps [react-select](https://github.com/JedWatson/react-select) from 3.2.0 to 4.0.2.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.2.0...react-select@4.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

* Add cacheKey to NonceProvider for react-select

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-03-22 15:41:47 +09:00
dependabot[bot]
22763902bf Bump aws-sdk-s3 from 1.91.0 to 1.92.0 (#15938)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.91.0 to 1.92.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:39:39 +01:00
dependabot[bot]
1b3ebcfe53
Bump aws-sdk-s3 from 1.91.0 to 1.92.0 (#15938)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.91.0 to 1.92.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:39:39 +01:00
dependabot[bot]
50a56ad8c3 Bump css-loader from 5.1.2 to 5.1.3 (#15940)
Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 5.1.2 to 5.1.3.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v5.1.2...v5.1.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:39:19 +01:00
dependabot[bot]
6b5cda6ec3
Bump css-loader from 5.1.2 to 5.1.3 (#15940)
Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 5.1.2 to 5.1.3.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v5.1.2...v5.1.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:39:19 +01:00
dependabot[bot]
e02c954ed2 Bump rspec-rails from 5.0.0 to 5.0.1 (#15939)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.0...v5.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:38:54 +01:00
dependabot[bot]
229968bdff
Bump rspec-rails from 5.0.0 to 5.0.1 (#15939)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.0...v5.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:38:54 +01:00
dependabot[bot]
f2916a3098 Bump ox from 2.14.3 to 2.14.4 (#15941)
Bumps [ox](https://github.com/ohler55/ox) from 2.14.3 to 2.14.4.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.14.3...v2.14.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:38:23 +01:00
dependabot[bot]
b5288798a8
Bump ox from 2.14.3 to 2.14.4 (#15941)
Bumps [ox](https://github.com/ohler55/ox) from 2.14.3 to 2.14.4.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.14.3...v2.14.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:38:23 +01:00
dependabot[bot]
96e3599dbb Bump sidekiq from 6.1.3 to 6.2.0 (#15943)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.1.3 to 6.2.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.1.3...v6.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:37:51 +01:00
dependabot[bot]
64942fa31d
Bump sidekiq from 6.1.3 to 6.2.0 (#15943)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.1.3 to 6.2.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.1.3...v6.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:37:51 +01:00
dependabot[bot]
a97c88abc5 Bump blurhash from 0.1.4 to 0.1.5 (#15942)
Bumps [blurhash](https://github.com/Gargron/blurhash) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/Gargron/blurhash/releases)
- [Commits](https://github.com/Gargron/blurhash/commits/v0.1.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:36:13 +01:00
dependabot[bot]
472d5005c0
Bump blurhash from 0.1.4 to 0.1.5 (#15942)
Bumps [blurhash](https://github.com/Gargron/blurhash) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/Gargron/blurhash/releases)
- [Commits](https://github.com/Gargron/blurhash/commits/v0.1.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:36:13 +01:00
dependabot[bot]
ee0c66df1e Bump sidekiq-unique-jobs from 7.0.4 to 7.0.7 (#15944)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 7.0.4 to 7.0.7.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v7.0.4...v7.0.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:35:46 +01:00
dependabot[bot]
829a598f1d
Bump sidekiq-unique-jobs from 7.0.4 to 7.0.7 (#15944)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 7.0.4 to 7.0.7.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v7.0.4...v7.0.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 07:35:46 +01:00
Sandro
bc5683f1b4 Docker: Use precompiled jemalloc, format, apply hadolint suggestions (#10823)
* Format, apply hadolint suggestions, little nitpicks

* Use pre compiled jemalloc

* Use tini from package repository
2021-03-20 21:21:57 +01:00
Sandro
46d3d3169e
Docker: Use precompiled jemalloc, format, apply hadolint suggestions (#10823)
* Format, apply hadolint suggestions, little nitpicks

* Use pre compiled jemalloc

* Use tini from package repository
2021-03-20 21:21:57 +01:00
Claire
d27331e99a Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire
876840e9ef
Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.

This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
2021-03-19 23:48:59 +01:00
Claire
ebe08f4335 Bypass MX validation for explicitly allowed domains (#15930)
* Bypass MX validation for explicitly allowed domains

This spares some lookups and prevent issues in some edge cases with
local domains.

* Add tests

* Fix test
2021-03-19 23:48:47 +01:00
Claire
051efed5ed
Bypass MX validation for explicitly allowed domains (#15930)
* Bypass MX validation for explicitly allowed domains

This spares some lookups and prevent issues in some edge cases with
local domains.

* Add tests

* Fix test
2021-03-19 23:48:47 +01:00
Claire
bb510a1454 Fix push notification title for polls (#15931) 2021-03-19 23:47:31 +01:00
Claire
d023eefbcc
Fix push notification title for polls (#15931) 2021-03-19 23:47:31 +01:00
Claire
1516b46bfa Fixing the hero widget (#15926)
* Removing last-child padding conflicts with light theme in hero widget

* Add missing background color to widget

* Reset widget.scss to default

* Hope this works

Co-authored-by: koyu <me@koyu.space>
2021-03-19 20:23:32 +01:00
Claire
5d48402be1
Fixing the hero widget (#15926)
* Removing last-child padding conflicts with light theme in hero widget

* Add missing background color to widget

* Reset widget.scss to default

* Hope this works

Co-authored-by: koyu <me@koyu.space>
2021-03-19 20:23:32 +01:00
Claire
eee8cedfd4 Fix custom CSS when CDN_HOST is set (#15927) 2021-03-19 20:23:08 +01:00
Claire
39a490c70e
Fix custom CSS when CDN_HOST is set (#15927) 2021-03-19 20:23:08 +01:00
Claire
4c9e572798 Add missing push notification title for polls (#15929) 2021-03-19 20:22:49 +01:00
Claire
0ff4264c3e
Add missing push notification title for polls (#15929) 2021-03-19 20:22:49 +01:00
Marcin Mikołajczak
4be836871a Add missing en.notification_mailer.status.subject (#15564)
* Add missing `en.notification_mailer.status.subject`

* Update en.yml
2021-03-19 17:15:59 +01:00