Commit Graph

11591 Commits

Author SHA1 Message Date
Eugen Rochko
6e418bf346
Fix cookies secure flag being set when served over Tor (#17992) 2022-04-08 12:47:18 +02:00
dependabot[bot]
46633f1de1
Bump gitlab-omniauth-openid-connect from 0.5.0 to 0.9.1 (#17779)
Bumps [gitlab-omniauth-openid-connect](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect) from 0.5.0 to 0.9.1.
- [Release notes](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/tags)
- [Changelog](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/compare/v0.5.0...v0.9.1)

---
updated-dependencies:
- dependency-name: gitlab-omniauth-openid-connect
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 13:44:40 +09:00
dependabot[bot]
29264336d7
Bump fabrication from 2.27.0 to 2.28.0 (#17960)
Bumps [fabrication](https://gitlab.com/fabrication-gem/fabrication) from 2.27.0 to 2.28.0.
- [Release notes](https://gitlab.com/fabrication-gem/fabrication/tags)
- [Changelog](https://gitlab.com/fabrication-gem/fabrication/blob/master/Changelog.markdown)
- [Commits](https://gitlab.com/fabrication-gem/fabrication/compare/2.27.0...2.28.0)

---
updated-dependencies:
- dependency-name: fabrication
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 13:40:23 +09:00
dependabot[bot]
2afe479d01
Bump lograge from 0.11.2 to 0.12.0 (#17961)
Bumps [lograge](https://github.com/roidrage/lograge) from 0.11.2 to 0.12.0.
- [Release notes](https://github.com/roidrage/lograge/releases)
- [Changelog](https://github.com/roidrage/lograge/blob/master/CHANGELOG.md)
- [Commits](https://github.com/roidrage/lograge/compare/v0.11.2...v0.12.0)

---
updated-dependencies:
- dependency-name: lograge
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 13:40:05 +09:00
Claire
cb45c04d26
Fix migration error handling (#17991) 2022-04-07 20:46:30 +02:00
Claire
5f0fc639da
Fix error re-running some migrations if they get interrupted at the wrong moment (#17989) 2022-04-07 20:17:49 +02:00
Eugen Rochko
465ee7792f
Fix pagination header on empty trends responses in REST API (#17986) 2022-04-07 18:06:15 +02:00
Claire
ebe01ea194
Fix potentially missing statuses when reconnecting to websocket (#17981)
* Fix potentially missing statuses when reconnecting to websocket

* Add gap on reconnect rather than maintaining it constantly
2022-04-07 16:08:17 +02:00
Claire
ce9dcbea32
Fix failure when sending warning emails with custom text (#17983)
* Add tests

* Fix failure when sending warning emails with custom text
2022-04-07 14:47:30 +02:00
Eugen Rochko
8c03b45fff
Fix unset SMTP_RETURN_PATH environment variable causing e-mail not to send (#17982) 2022-04-07 13:32:12 +02:00
Claire
1b91359a45
Fix older items possibly disappearing on timeline updates (#17980)
In some rare cases, when receiving statuses out of order from the streaming
API then polling from the REST API, it was possible for the
`expandNormalizedTimeline` function to remove older items from the timeline.

This commit ensures that any item from the replaced slice that is older
than the oldest item retrieved from the API gets added back to the replaced
slice.
2022-04-07 11:27:35 +02:00
Eugen Rochko
f382192862
Add pagination for trending statuses in web UI (#17976) 2022-04-06 22:53:29 +02:00
Claire
dd4c156f33
Fix possible duplicate statuses in timelines in some edge cases (#17971)
In some rare cases, when receiving statuses out of order from the streaming
API then polling from the REST API, it was possible for the
`expandNormalizedTimeline` function to insert duplicates in the timeline,
which would then result in several bugs.

This commits ensures that there are no duplicates inserted in the
timeline.
2022-04-06 21:01:41 +02:00
Claire
8f91e304a5
Fix spurious edits and require incoming edits to be explicitly marked as such (#17918)
* Change post text edit to not be considered significant if it's identical after reformatting

* We don't need to clear previous change information anymore

* Require status edits to be explicit, except for poll tallies

* Fix tests

* Add some tests

* Add poll-related tests

* Add HTML-formatting related tests
2022-04-06 21:01:02 +02:00
Claire
454ef42aab
Fix error when encountering invalid pinned posts (#17964) 2022-04-06 20:58:23 +02:00
Eugen Rochko
6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 2022-04-06 20:58:12 +02:00
Claire
abb11778d7
Fix inconsistency in error handling when removing a status (#17974)
Not completely sure this could actually have any ill effect, but if
`RemoveStatusService` fails to acquire a lock in an
`ActivityPub::ProcessingWorker` job processing a `Delete`, the status
is currently discarded and causes a job failure but the next time the
job is attempted, it will skip deleting the status due to it being
discarded.

This commit makes the behavior of `RemoveStatusService` a bit more consistent
in case of failure to acquire the lock.
2022-04-06 20:57:52 +02:00
Claire
62c6e12fa5
Fix admin API unconditionally requiring CSRF token (#17975)
Fixes #17898

Since #17204, the admin API has only been available through the web
application because of the unconditional requirement to provide a valid CSRF
token.

This commit changes it back to `null_session`, which should make it work
both with session-based authentication (provided a CSRF token) and with a
bearer token.
2022-04-06 20:57:18 +02:00
Eugen Rochko
d116cb7733
Fix GET /api/v1/trends/tags missing offset param in REST API (#17973) 2022-04-06 20:56:57 +02:00
dependabot[bot]
04b4b541f8
Bump sass from 1.49.9 to 1.49.11 (#17959)
Bumps [sass](https://github.com/sass/dart-sass) from 1.49.9 to 1.49.11.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.49.9...1.49.11)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 03:03:45 +09:00
dependabot[bot]
5e49cb8f0f
Bump prettier from 2.6.1 to 2.6.2 (#17958)
Bumps [prettier](https://github.com/prettier/prettier) from 2.6.1 to 2.6.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.6.1...2.6.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 03:03:26 +09:00
dependabot[bot]
76f7759ecb
Bump redis from 4.0.4 to 4.0.6 (#17957)
Bumps [redis](https://github.com/redis/node-redis) from 4.0.4 to 4.0.6.
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.4...redis@4.0.6)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 03:03:13 +09:00
dependabot[bot]
c35ef5cb49
Bump sidekiq-unique-jobs from 7.1.15 to 7.1.16 (#17956)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 7.1.15 to 7.1.16.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v7.1.15...v7.1.16)

---
updated-dependencies:
- dependency-name: sidekiq-unique-jobs
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 03:02:51 +09:00
dependabot[bot]
bf29651fe3
Bump react-redux from 7.2.6 to 7.2.8 (#17955)
Bumps [react-redux](https://github.com/reduxjs/react-redux) from 7.2.6 to 7.2.8.
- [Release notes](https://github.com/reduxjs/react-redux/releases)
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.6...v7.2.8)

---
updated-dependencies:
- dependency-name: react-redux
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 03:02:35 +09:00
dependabot[bot]
b15b41cb2c
Bump ox from 2.14.10 to 2.14.11 (#17954)
Bumps [ox](https://github.com/ohler55/ox) from 2.14.10 to 2.14.11.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.14.10...v2.14.11)

---
updated-dependencies:
- dependency-name: ox
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 03:02:07 +09:00
dependabot[bot]
95256f26f5
Bump pg from 1.3.4 to 1.3.5 (#17953)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.3.4 to 1.3.5.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/commits)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 03:01:48 +09:00
rinsuki
275dad9702
fix: returns nil instead of empty URL on status.application.website (#17962) 2022-04-05 12:00:31 +02:00
CommanderRoot
0ec695e036
Replace deprecated String.prototype.substr() (#17949)
* Replace deprecated String.prototype.substr()

.substr() is deprecated so we replace it with .slice() which works similarily but isn't deprecated

* Change String.prototype.substring() to String.prototype.slice()

.substring() and .slice() work very similary but .slice() is a bit faster and stricter

* Add ESLint rule to forbid usage of .substr and .substring

.substr() is deprecated and .substring() is very similar to .slice() so better to use .slice() at all times

Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
2022-04-04 12:19:45 -04:00
Ondřej Pokorný
80ded02a4b
Update en.yml (#17942)
typo
2022-04-03 14:02:29 +02:00
Claire
0a8a0fb599
Fix unusual number formatting in some locales (#17929)
* Fix unusual number formatting in some locales

Fixes #17904

* Fix typo
2022-04-01 23:59:13 +02:00
Holger
39b489ba4c
fix: s3_force_single_request not parsed (#17922) 2022-04-01 23:56:23 +02:00
Claire
44b7be45f1
Fix assets failing to build with OpenSSL 3 because of deprecated hash algorithm (#17930)
Fixes #17924
2022-04-01 23:55:32 +02:00
dependabot[bot]
24d446adf2
Bump puma from 5.6.2 to 5.6.4 (#17914)
Bumps [puma](https://github.com/puma/puma) from 5.6.2 to 5.6.4.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v5.6.2...v5.6.4)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-31 19:10:40 +09:00
Holger
ea0cfd8e7e
fix: PWA web manifest not changed to new routes (#17921) 2022-03-31 11:20:26 +02:00
Claire
ef196c913c
Fix error MethodError in Chewy::Strategy::Sidekiq::Worker (#17912)
Also refactor a bit to reduce code duplication.
2022-03-31 00:49:24 +02:00
Eugen Rochko
8c7223f4ea
Bump version to 3.5.0 (#17911) 2022-03-30 14:52:37 +02:00
Eugen Rochko
bbc7afa2a2
Fix being able to post URLs longer than 4096 characters (#17908) 2022-03-30 14:46:03 +02:00
Eugen Rochko
5554ff2a1d
Fix being able to bypass e-mail restrictions (#17909) 2022-03-30 14:45:52 +02:00
Eugen Rochko
607ce67e05
Revert "Split build image actions (#17793)" (#17907)
This reverts commit 22eeaf2645.
2022-03-30 14:34:53 +02:00
Claire
2cc7ba2671
Refactor response_to_recipient? CTE (#17899)
* Optimize and clean up `response_to_recipient?` CTE

Marginally improve performances, and make the CTE much more readable

* Limit max depth in `response_to_recipient?` CTE
2022-03-30 10:26:51 +02:00
Claire
2de5128e66
Fix regression of status colors in actions modal in web UI (#17903)
Fixes #17900

Regression in #17844 (#17851 restored the code in the wrong place…)
2022-03-29 22:55:37 +02:00
Yurii Izorkin
cc9cd25d30
caniuse-lite: add hash sum (#17902) 2022-03-29 22:16:59 +02:00
dependabot[bot]
22c19eefb1
Bump rubocop from 1.26.0 to 1.26.1 (#17891)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.26.0 to 1.26.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.26.0...v1.26.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 18:58:28 +09:00
dependabot[bot]
5b83733d32
Bump capistrano from 3.16.0 to 3.17.0 (#17774)
* Bump capistrano from 3.16.0 to 3.17.0

Bumps [capistrano](https://github.com/capistrano/capistrano) from 3.16.0 to 3.17.0.
- [Release notes](https://github.com/capistrano/capistrano/releases)
- [Commits](https://github.com/capistrano/capistrano/compare/v3.16.0...v3.17.0)

---
updated-dependencies:
- dependency-name: capistrano
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* 3.17.0

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-03-29 18:49:00 +09:00
dependabot[bot]
64e087e0c3
Bump concurrent-ruby from 1.1.9 to 1.1.10 (#17889)
Bumps [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) from 1.1.9 to 1.1.10.
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.9...v1.1.10)

---
updated-dependencies:
- dependency-name: concurrent-ruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 17:53:21 +09:00
dependabot[bot]
560f2cc9e3
Bump babel-loader from 8.2.3 to 8.2.4 (#17894)
Bumps [babel-loader](https://github.com/babel/babel-loader) from 8.2.3 to 8.2.4.
- [Release notes](https://github.com/babel/babel-loader/releases)
- [Changelog](https://github.com/babel/babel-loader/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel-loader/compare/v8.2.3...v8.2.4)

---
updated-dependencies:
- dependency-name: babel-loader
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 17:52:52 +09:00
dependabot[bot]
8d7064faeb
Bump @testing-library/jest-dom from 5.16.2 to 5.16.3 (#17895)
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 5.16.2 to 5.16.3.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v5.16.2...v5.16.3)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 17:52:24 +09:00
dependabot[bot]
a2091f9daf
Bump prettier from 2.6.0 to 2.6.1 (#17893)
Bumps [prettier](https://github.com/prettier/prettier) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.6.0...2.6.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 17:51:55 +09:00
dependabot[bot]
c6302848b4
Bump devise-two-factor from 4.0.1 to 4.0.2 (#17892)
Bumps [devise-two-factor](https://github.com/tinfoil/devise-two-factor) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/tinfoil/devise-two-factor/releases)
- [Changelog](https://github.com/tinfoil/devise-two-factor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tinfoil/devise-two-factor/compare/v4.0.1...v4.0.2)

---
updated-dependencies:
- dependency-name: devise-two-factor
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 17:51:13 +09:00
dependabot[bot]
0949881355
Bump yargs from 17.3.1 to 17.4.0 (#17834)
Bumps [yargs](https://github.com/yargs/yargs) from 17.3.1 to 17.4.0.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v17.3.1...v17.4.0)

---
updated-dependencies:
- dependency-name: yargs
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 17:50:40 +09:00