ida
/
isnotalive
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,771 Commits 2 Branches 136 Tags 632 MiB
Commit Graph

11771 Commits

Author SHA1 Message Date
Eugen Rochko fd3a45e348
Add edit history to web UI (#17390) 
* Add edit history to web UI

* Change history reducer to store items per status

* Fix missing loading prop
 2022-02-09 01:17:07 +01:00
Eugen Rochko 2adcad04ff
Fix error in suggestions API due to typo (#17486) 
Regression from #17479
 2022-02-08 22:23:04 +01:00
Eugen Rochko b6d7726ecb
Remove language detection through cld3 (#17478) 
* Remove language detection through cld3

* Update app/helpers/languages_helper.rb

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
 2022-02-08 02:41:17 +01:00
Eugen Rochko 85b86fe28c
Add global `locale` param (#17464) 
- Remove the session-based locale stickyness
 2022-02-08 02:34:56 +01:00
Eugen Rochko 35850f8195
Fix localization of cold-start follow recommendations (#17479) 2022-02-08 01:53:49 +01:00
Claire 52c1b86964
Fix Ruby 2.5 incompatibility (#17465) 2022-02-07 19:57:06 +01:00
Eugen Rochko f1f6ddd536
Fix structured data parsing from links choking on bad data (#17403) 
* Fix structured data parsing from links choking on bad data

- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag

* Remove unnecessary slash escapes from CDATA regex pattern
 2022-02-07 18:16:31 +01:00
Claire 73a782391c
Fix replies collection incorrectly looping (#17462) 
* Refactor tests

* Add tests

* Fix replies collection incorrectly looping
 2022-02-07 17:06:43 +01:00
Claire 0d2cf3cd4a
Fix errors when multiple Delete are received for a given actor (#17460) 2022-02-07 13:14:48 +01:00
Claire 92658f0fb0
Fix instance actor not being dereferenceable (#17457) 
* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
 2022-02-06 15:31:03 +01:00
potpro 097c4903f1
Update build-image.yml (#17454) 2022-02-05 17:29:54 +01:00
Eugen Rochko e03e7ac290
Fix error on account relationships page in admin UI (#17444) 2022-02-05 05:06:34 +01:00
dependabot[bot] 6a649e9131
Bump brakeman from 5.2.0 to 5.2.1 (#17410) 
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:03:12 +09:00
dependabot[bot] bfe5ad5fee
Bump redis from 4.0.2 to 4.0.3 (#17412) 
Bumps [redis](https://github.com/redis/node-redis) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:03:06 +09:00
dependabot[bot] e001e116da
Bump sidekiq-scheduler from 3.1.0 to 3.1.1 (#17407) 
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: sidekiq-scheduler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:02:57 +09:00
dependabot[bot] e0263c7369
Bump http-link-header from 1.0.3 to 1.0.4 (#17414) 
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases)
- [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: http-link-header
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-05 13:02:42 +09:00
Alexandra Catalina 50ab3f3dcb
Update tootsuite/mastodon Docker tag to v3.4.6 (#17436) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-02-03 21:29:20 +01:00
ida schmidt f3cae1d606 Merge tag 'v3.4.6' of https://github.com/tootsuite/mastodon 2022-02-03 06:47:40 -07:00
Eugen Rochko 3413f1c44b
Forward-port version bump to 3.4.6 (#17434) 2022-02-03 14:21:38 +01:00
Claire c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding (#17428) 2022-02-03 14:09:04 +01:00
Claire 93a6c143af
Fix insufficient sanitization of report comments (#17430) 2022-02-03 14:08:24 +01:00
Claire 948235592a
Fix response_to_recipient? CTE (#17427) 2022-02-03 14:07:43 +01:00
Claire d1ecc323e7
Compact JSON-LD signed incoming activities (#17426) 
Co-authored-by: Puck Meerburg <puck@puck.moe>
 2022-02-03 14:07:29 +01:00
ida schmidt 098fcb1978 Merge tag 'v3.4.5' of https://github.com/tootsuite/mastodon 2022-02-03 05:11:55 -07:00
Claire bb7b2868a0 Bump version to 3.4.6 2022-02-02 23:48:38 +01:00
Wonderfall a06dda41d0 disable legacy XSS filtering (#17289) 
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
 2022-02-02 23:30:15 +01:00
Claire bf005edd30 Change mastodon:webpush:generate_vapid_key task to not require functional env (#17338) 
Fixes #17297
 2022-02-02 23:30:15 +01:00
Claire df68d2eab8 Fix response_to_recipient? CTE 2022-02-02 23:30:15 +01:00
Claire b27f50da5a Fix insufficient sanitization of report comments 2022-02-02 23:30:15 +01:00
Claire e2009ced3a Fix compacted JSON-LD possibly causing compatibility issues on forwarding 2022-02-02 23:30:15 +01:00
Puck Meerburg fe0210074f Compact JSON-LD signed incoming activities 2022-02-02 23:30:15 +01:00
Claire c8dbbd60eb Fix error-prone SQL queries (#15828) 
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
 2022-02-02 23:30:15 +01:00
Claire 6d831fe274
Fix spurious errors when receiving an Add activity for a private post (#17425) 2022-02-02 22:59:34 +01:00
Alexandra Catalina d0d15bf49c
Update tootsuite/mastodon Docker tag to v3.4.5 (#17417) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-02-01 20:57:50 +01:00
Claire 987d88ea56
Fix requiring an extra restart after recent post-deployment migrations (#17422) 
Follow-up to #16409
 2022-02-01 20:57:39 +01:00
Rohan Sharma 4d6d4b43c6
Fixed prototype pollution bug and only allow trusted origin (#17420) 2022-02-01 17:34:48 +01:00
Claire 54581d43e7
Bump version to 3.4.5 (#17402) 2022-01-31 21:27:40 +01:00
Claire 1c8c318281 Bump version to 3.4.5 2022-01-31 18:04:24 +01:00
Claire d722222fe1 Add more advanced migration tests (#17393) 
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
 2022-01-31 11:23:58 +01:00
Claire 03f0e98b32 Fix followers synchronization mechanism not working when URI has empty path (#16510) 
* Fix followers synchronization mechanism not working when URI has empty path

To my knowledge, there is no current implementation on the fediverse
that can use bare domains (e.g., actor is at https://example.org instead of
something like https://example.org/actor) that also plans to support the
followers synchronization mechanism. However, Mastodon's current implementation
would exclude such accounts from followers list.

Also adds tests and rename them to reflect the proper method names.

* Move url prefix regexp to its own constant
 2022-01-31 10:59:00 +01:00
Eugen Rochko 2c83b9076d Add manual GitHub Actions runs (#17000) 2022-01-31 10:35:55 +01:00
Eugen Rochko c8301bcfc3 Change workflow to push to Docker Hub (#16980) 2022-01-31 10:35:38 +01:00
Yusuke Nakamura 0ae91e45de Build container image by GitHub Actions (#16973) 
* Build container image by GitHub Actions

* Trigger docker build only pushed to main branch

* Tweak tagging imgae

- "edge" is the main branch
- "latest" is the tagged latest release
 2022-01-31 10:35:14 +01:00
Claire 2363b026e6 Bump ruby-saml from 1.11.0 to 1.13.0 (#16723) 
Fixes #16720
 2022-01-31 10:33:47 +01:00
Jeong Arm 959234c1e4 Save bundle config as local (#17188) 
Some bundle options are saved as global user config and not project local.
Specially, `deployment` must be saved as local config to be run on copied environment
 2022-01-31 10:32:46 +01:00
Claire 0dc103ea11 Fix edge case in migration helpers that caused crash because of PostgreSQL quirks (#17398) 2022-01-31 10:31:56 +01:00
Claire b782f86b51 Fix some old migration scripts (#17394) 
* Fix some old migration scripts

* Fix edge case in two-step migration from older releases
 2022-01-31 10:31:36 +01:00
Daniel Jakots aa45404578
Bump NODE_VER to 16.13.2, to solve security issues (#17399) 
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
 2022-01-31 00:32:03 +01:00
Claire a0e06c3c3e
Add more advanced migration tests (#17393) 
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
 2022-01-30 23:50:08 +01:00
Claire c6b291afc3
Change index corruption warning to be a little less scary (#17395) 2022-01-30 23:49:52 +01:00