Commit graph

14652 commits

Author SHA1 Message Date
Claire
fdf5030d85 Bump version to 3.4.6 2022-02-03 12:12:27 +01:00
Claire
eee2c187ee Fix response_to_recipient? CTE 2022-02-02 19:55:57 +01:00
Claire
77cc434f2b Fix compacted JSON-LD possibly causing compatibility issues on forwarding 2022-02-02 19:55:57 +01:00
Puck Meerburg
9d92e9204f Compact JSON-LD signed incoming activities 2022-02-02 16:13:11 +01:00
Claire
46b9ab8b81 Merge pull request #1675 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-02-01 21:41:58 +01:00
Claire
2341754c70 Merge branch 'main' into glitch-soc/merge-upstream 2022-02-01 20:59:28 +01:00
Alexandra Catalina
a8aba8a526 Update tootsuite/mastodon Docker tag to v3.4.5 (#17417)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-01 20:57:50 +01:00
Claire
2657ca3b5e Fix requiring an extra restart after recent post-deployment migrations (#17422)
Follow-up to #16409
2022-02-01 20:57:39 +01:00
Rohan Sharma
e96b704def Fixed prototype pollution bug and only allow trusted origin (#17420) 2022-02-01 17:34:48 +01:00
Claire
c7083702fa Bump version to 3.4.5 (#17402) 2022-01-31 21:27:40 +01:00
Claire
caca95dc85 Merge pull request #1674 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-01-31 10:51:11 +01:00
Claire
e56e9d5e03 Merge branch 'main' into glitch-soc/merge-upstream 2022-01-31 10:42:17 +01:00
Daniel Jakots
646789f51e Bump NODE_VER to 16.13.2, to solve security issues (#17399)
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
2022-01-31 00:32:03 +01:00
Claire
7389378eed Add more advanced migration tests (#17393)
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
2022-01-30 23:50:08 +01:00
Claire
507cb23dc3 Change index corruption warning to be a little less scary (#17395) 2022-01-30 23:49:52 +01:00
Claire
f768251346 Merge pull request #1673 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-01-30 22:51:32 +01:00
Claire
71862291aa Fix edge case in migration helpers that caused crash because of PostgreSQL quirks (#17398) 2022-01-30 22:34:54 +01:00
Claire
a2bc2e14c6 Merge branch 'main' into glitch-soc/merge-upstream 2022-01-30 22:33:30 +01:00
Claire
c3e77d07d2 Fix some old migration scripts (#17394)
* Fix some old migration scripts

* Fix edge case in two-step migration from older releases
2022-01-30 21:38:54 +01:00
Claire
8919f6cf63 Change public profile pages to be disabled for unconfirmed users (#17385)
Fixes #17382

Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
2022-01-28 14:24:37 +01:00
Claire
482ba7ced5 Merge pull request #1668 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
2022-01-28 09:38:44 +01:00
Claire
de596a03c0 Fix Sidekiq warning when pushing DMs to direct timeline 2022-01-28 09:07:56 +01:00
Claire
daab277c0e Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `Gemfile.lock`:
  Upstream-updated lib textually too close to glitch-soc-only dep.
  Updated like upstream.
2022-01-28 08:58:32 +01:00
Claire
1f07ab014d Refactor and improve tests (#17386)
* Change account and user fabricators to simplify and improve tests

- `Fabricate(:account)` implicitly fabricates an associated `user` if
  no `domain` attribute is given (an account with `domain: nil` is
  considered a local account, but no user record was created), unless
  `user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
  but is discouraged.

* Fix and refactor tests

- avoid passing unneeded attributes to `Fabricate(:user)` or
  `Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
  way around
- prefer `Fabricate(:user, account_attributes: …)` to
  `Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
  not representative of production code.
2022-01-28 00:46:42 +01:00
Claire
33ea1c9008 Fix Sidekiq warnings about JSON serialization (#17381)
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
2022-01-28 00:43:56 +01:00
Claire
1d846bd6fb Fix some old database migrations (#17379) 2022-01-27 18:13:41 +01:00
dependabot[bot]
5801e6d7ef Bump pg from 1.2.3 to 1.3.0 (#17349)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.3...v1.3.0)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27 20:26:40 +09:00
dependabot[bot]
f5401e89f3 Bump axios from 0.24.0 to 0.25.0 (#17354)
Bumps [axios](https://github.com/axios/axios) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27 20:26:18 +09:00
dependabot[bot]
b7de46786d Bump rdf-normalize from 0.4.0 to 0.5.0 (#17226)
Bumps [rdf-normalize](https://github.com/ruby-rdf/rdf-normalize) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/ruby-rdf/rdf-normalize/releases)
- [Commits](https://github.com/ruby-rdf/rdf-normalize/compare/0.4.0...0.5.0)

---
updated-dependencies:
- dependency-name: rdf-normalize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27 20:25:18 +09:00
Claire
56a49e9334 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `config/environments/production.rb`:
  Upstream changed a header but we had different default headers.
  Applied the same change, and also dropped HSTS headers redundant with
  Rails'.
2022-01-26 22:32:21 +01:00
Claire
6e8d231e27 Fix local distribution of edited statuses (#17380)
Because `FanOutOnWriteService#update?` was broken, edits were considered as new
toots and a regular `update` payload was sent.
2022-01-26 20:53:50 +01:00
Su Yang
43b5489c0f Add healthcheck for sidekiq (#17365) 2022-01-26 18:08:49 +01:00
Eugen Rochko
b6364cf1ad Fix poll updates being saved as status edits (#17373)
Fix #17344
2022-01-26 18:05:39 +01:00
Claire
f6d9fac166 Merge pull request #1667 from ClearlyClaire/glitch-soc/fixes/hcaptcha-text
Improve explanations around the hCaptcha feature
2022-01-26 14:24:10 +01:00
Claire
25d4ff98e7 Add link to /about/more to the CAPTCHA verification page 2022-01-26 14:09:11 +01:00
Claire
599b27788a Add some explanation text on the CAPTCHA confirmation page 2022-01-26 13:24:51 +01:00
Claire
77ea23decf Add mention of accessibility issues to hCaptcha option in admin page 2022-01-26 11:39:47 +01:00
Claire
7c94eaf269 Merge pull request #1665 from ClearlyClaire/glitch-soc/features/hcaptcha
Add optional hCaptcha support
2022-01-26 00:13:24 +01:00
Claire
ea32eb89e1 Change CAPTCHA handling to be only on email verification
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
2022-01-25 23:56:57 +01:00
Claire
6988e6ecc3 Add ability to set hCaptcha either on registration form or on e-mail validation
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
2022-01-25 23:09:48 +01:00
Claire
a9faba63f1 Disable registrations flag in /api/v1/instance when CAPTCHA is enabled
This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
2022-01-25 13:58:24 +01:00
dependabot[bot]
73e36415e8 Bump sass from 1.48.0 to 1.49.0 (#17352)
Bumps [sass](https://github.com/sass/dart-sass) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.48.0...1.49.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 21:25:26 +09:00
dependabot[bot]
cb80dc6c35 Bump json-ld-preloaded from 3.1.6 to 3.2.0 (#17353)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.6 to 3.2.0.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.6...3.2.0)

---
updated-dependencies:
- dependency-name: json-ld-preloaded
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 21:23:42 +09:00
dependabot[bot]
e2e7aad5e8 Bump fabrication from 2.23.1 to 2.24.0 (#17356)
Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.23.1 to 2.24.0.
- [Release notes](https://github.com/paulelliott/fabrication/releases)
- [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown)
- [Commits](https://github.com/paulelliott/fabrication/commits)

---
updated-dependencies:
- dependency-name: fabrication
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 21:22:51 +09:00
dependabot[bot]
5a3db0d7b9 Bump sidekiq from 6.3.1 to 6.4.0 (#17350)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.3.1 to 6.4.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.3.1...v6.4.0)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 21:22:10 +09:00
dependabot[bot]
7b20b2a4e8 Bump @babel/plugin-transform-runtime from 7.16.8 to 7.16.10 (#17361)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.16.8 to 7.16.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.16.10/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:52:40 +09:00
dependabot[bot]
67ce5d774c Bump cld3 from 3.4.3 to 3.4.4 (#17357)
Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.4.3 to 3.4.4.
- [Release notes](https://github.com/akihikodaki/cld3-ruby/releases)
- [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.4.3...v3.4.4)

---
updated-dependencies:
- dependency-name: cld3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:48:05 +09:00
dependabot[bot]
a6360a47d5 Bump aws-sdk-s3 from 1.111.1 to 1.111.3 (#17368)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.111.1 to 1.111.3.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:46:52 +09:00
dependabot[bot]
e23ac7533c Bump bootsnap from 1.10.1 to 1.10.2 (#17367)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.10.1...v1.10.2)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:45:45 +09:00
dependabot[bot]
7a153d7e73 Bump node-fetch from 2.6.1 to 2.6.7 (#17366)
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:44:01 +09:00