Commit graph

11964 commits

Author SHA1 Message Date
b2448fbe1b Merge tag 'v3.5.5' 2022-11-16 14:36:21 +11:00
Claire
696f7b3608 Bump version to 3.5.5 2022-11-14 22:26:24 +01:00
Claire
b22e1476ca Fix nodes order being sometimes mangled when rewriting emoji (#20677)
* Fix front-end emoji tests

* Fix nodes order being sometimes mangled when rewriting emoji
2022-11-14 22:20:29 +01:00
Claire
105ab82425 Bump version to 3.5.4 2022-11-14 20:09:16 +01:00
Claire
2dd8f977e8 Fix emoji substitution not applying only to text nodes in backend code
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
Claire
2db06e1d08 Fix emoji substitution not applying only to text nodes in Web UI
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
Eugen Rochko
063579373e Fix rate limiting for paths with formats 2022-11-14 11:20:41 +01:00
Pierre Bourdon
1659788de4 blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.

Fixes #19235.
2022-11-14 11:20:41 +01:00
Claire
47eaf85f02 Fix crash when a remote Flag activity mentions a private post (#18760)
* Add tests

* Fix crash when a remote Flag activity mentions a private post
2022-11-14 11:20:41 +01:00
836322a3af Revision CW3 2022-06-03 18:42:19 +10:00
83445ffbee Missed upstream change 2022-06-03 18:29:41 +10:00
326b643cf3 Removed code not in upstream 2022-06-03 18:18:17 +10:00
e6417ff479 Bump to CW2 revision 2022-06-01 13:51:07 +10:00
0d448dfc7b Removed several versions ago 2022-06-01 13:46:55 +10:00
7be42b0312 Some files out of sync with upstream 2022-06-01 13:31:30 +10:00
ed34f4b9a4 Merge tag 'v3.5.3' 2022-05-27 18:31:42 +10:00
Eugen Rochko
fbcbf7898f
Bump version to 3.5.3 (#18530) 2022-05-26 23:26:15 +02:00
Eugen Rochko
0a1992430d
Fix errors when rendering RSS feeds (#18531) 2022-05-26 23:02:42 +02:00
Eugen Rochko
52f4e834f2
Fix concurrent unfollowing decrementing follower count more than once (#18527) 2022-05-26 22:14:47 +02:00
Eugen Rochko
8a9acbe604
Fix being able to appeal a strike unlimited times (#18529)
Peculiarity of the `has_one` association is that the convenience
creation method deletes the previous association even if the new
one is invalid
2022-05-26 22:08:12 +02:00
Eugen Rochko
c4d2c39a75
Fix being able to report otherwise inaccessible statuses (#18528) 2022-05-26 22:08:02 +02:00
Eugen Rochko
1ff4877945
Fix empty votes arbitrarily increasing voters count in polls (#18526) 2022-05-26 22:06:10 +02:00
Eugen Rochko
976cd6413e
Fix moderator leak in undo_mark_statuses_as_sensitive (#18525)
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

Co-authored-by: 40826d <74816220+40826d@users.noreply.github.com>
2022-05-26 22:04:16 +02:00
Eugen Rochko
9f81b9f29a
Fix suspended users being able to access APIs that don't require a user (#18524) 2022-05-26 22:04:05 +02:00
Eugen Rochko
96129c2f10
Fix confirmation redirect to app without Location header (#18523) 2022-05-26 22:03:54 +02:00
Eugen Rochko
3e0e7a1cfb
Fix follower and other counters being able to go negative (#18517) 2022-05-26 20:32:48 +02:00
Yamagishi Kazutoshi
702b709d9a
Add ES6 compatibility to browserslist (#18519) 2022-05-26 20:29:28 +02:00
Eugen Rochko
d8abc0018f
Remove 3.3.x from supported versions in security policy (#18516) 2022-05-26 18:43:14 +02:00
Eugen Rochko
088dc0ec5a
Fix regression in tootctl search deploy caused by unloaded attribute (#18514) 2022-05-26 18:05:47 +02:00
Eugen Rochko
a4fa9e23fc
Change "dangerous" to "sensitive" in privacy policy and web UI (#18515)
Fix #18470
2022-05-26 17:55:05 +02:00
Claire
440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API (#17530)
* Change unapproved and unconfirmed account to not be accessible in the REST API

* Change Account#searchable? to reject unconfirmed and unapproved users

* Disable search for unapproved and unconfirmed users in Account.search_for

* Disable search for unapproved and unconfirmed users in Account.advanced_search_for

* Remove unconfirmed and unapproved accounts from Account.searchable scope

* Prevent mentions to unapproved/unconfirmed accounts

* Fix some old tests for Account.advanced_search_for

* Add some Account.advanced_search_for tests for existing behaviors

* Add some tests for Account.search_for

* Add Account.advanced_search_for tests unconfirmed and unapproved accounts

* Add Account.searchable tests

* Fix Account.without_unapproved scope potentially messing with previously-applied scopes

* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup

This is so that the API can still be used to check whether an username is free
to use.
2022-05-26 15:50:33 +02:00
dependabot[bot]
86f4dba47e
Bump @babel/preset-env from 7.17.12 to 7.18.2 (#18512)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:16:19 +09:00
dependabot[bot]
77823333bb
Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 (#18511)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:06:44 +09:00
dependabot[bot]
ddddd4c043
Bump immutable from 4.0.0 to 4.1.0 (#18502)
Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: immutable
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 08:41:07 +09:00
dependabot[bot]
01db331657
Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.0 (#18489)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.12 to 7.18.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 08:06:55 +09:00
dependabot[bot]
2bc5e41b83
Bump @babel/runtime from 7.17.9 to 7.18.0 (#18494)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.17.9 to 7.18.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 08:06:29 +09:00
dependabot[bot]
4d48d83b00
Bump @babel/core from 7.17.12 to 7.18.0 (#18490)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.12 to 7.18.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.18.0/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 08:05:53 +09:00
Claire
25dda3061e
Fix unnecessary query on status creation (#17901) 2022-05-26 00:20:30 +02:00
Eugen Rochko
96f29ce91a
New Crowdin updates (#18458)
* New translations en.yml (Ido)

* New translations en.json (Ido)

* New translations doorkeeper.en.yml (Ido)

* New translations devise.en.yml (Ido)

* New translations simple_form.en.yml (Ido)

* New translations doorkeeper.en.yml (Ido)

* New translations simple_form.en.yml (Ido)

* New translations en.yml (Ido)

* New translations en.json (Ido)

* New translations doorkeeper.en.yml (Ido)

* New translations simple_form.en.yml (Ido)

* New translations en.yml (Ido)

* New translations en.json (Ido)

* New translations en.yml (Ido)

* New translations en.json (Ido)

* New translations doorkeeper.en.yml (Ido)

* New translations simple_form.en.yml (Ido)

* New translations en.json (Esperanto)

* New translations en.yml (Esperanto)

* New translations en.json (Esperanto)

* New translations doorkeeper.en.yml (Esperanto)

* New translations en.json (Esperanto)

* New translations en.yml (Ido)

* New translations en.json (Ido)

* New translations en.json (Ido)

* New translations doorkeeper.en.yml (Ido)

* New translations en.yml (Ido)

* New translations en.json (Ido)

* New translations simple_form.en.yml (Ido)

* New translations en.json (Armenian)

* New translations en.json (Armenian)

* New translations en.json (Armenian)

* New translations en.json (Scottish Gaelic)

* New translations en.yml (Ido)

* New translations simple_form.en.yml (Ido)

* New translations en.yml (Ido)

* New translations simple_form.en.yml (Ido)

* New translations en.yml (Russian)

* New translations en.json (Estonian)

* New translations en.json (Estonian)

* New translations en.json (Estonian)

* New translations en.json (Estonian)

* New translations en.yml (Estonian)

* New translations en.json (Estonian)

* New translations en.json (Estonian)

* New translations en.yml (Estonian)

* New translations en.json (Estonian)

* New translations en.yml (Estonian)

* New translations en.json (Estonian)

* New translations en.json (Estonian)

* New translations en.yml (Russian)

* New translations en.yml (Russian)

* New translations simple_form.en.yml (Russian)

* New translations en.yml (Russian)

* New translations simple_form.en.yml (Russian)

* New translations en.json (Sorani (Kurdish))

* New translations en.json (Sorani (Kurdish))

* New translations en.json (Sorani (Kurdish))

* New translations activerecord.en.yml (Sorani (Kurdish))

* New translations doorkeeper.en.yml (Sorani (Kurdish))

* New translations en.yml (Sorani (Kurdish))

* New translations doorkeeper.en.yml (Sorani (Kurdish))

* New translations en.yml (Sorani (Kurdish))

* New translations en.yml (Sorani (Kurdish))

* New translations en.yml (Sorani (Kurdish))

* New translations en.yml (Sorani (Kurdish))

* New translations en.yml (Sorani (Kurdish))

* Run `yarn manage:translations`

* Run `bundle exec i18n-tasks normalize`

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-05-24 23:33:18 +09:00
Claire
e5997a1956
Fix warning an account outside of a report closing all reports for that account (#18387)
* Fix warning an account outside of a report closing all reports for that account

* Make it clear what actions solve other reports

* Revert "Make it clear what actions solve other reports"

This reverts commit ad006de821f72e75480701298d13f0945b509059.
2022-05-23 20:38:29 +02:00
28ed4adff9 Extra assets for later 2022-05-23 20:39:44 +10:00
9a3caef1d8 Nah that gradient sucks 2022-05-23 20:35:00 +10:00
d75e89d902 Replace default avatar 2022-05-23 20:30:28 +10:00
720bdf143e Add more Chinwag images 2022-05-23 20:13:24 +10:00
428bbbd27c De-Tootening 2022-05-23 20:00:49 +10:00
d161ca885c Merge upstream tag 'v3.5.2' 2022-05-23 19:28:18 +10:00
Eugen Rochko
a9b64b24d6
Change algorithm of tootctl search deploy to improve performance (#18463) 2022-05-22 22:16:43 +02:00
dependabot[bot]
54bb659ad1
Bump sidekiq from 6.4.1 to 6.4.2 (#18091)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.4.1 to 6.4.2.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.4.1...v6.4.2)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-21 15:43:36 +09:00
Yamagishi Kazutoshi
dfb9e6dab1
Disable transpile to older iOS versions (#18462) 2022-05-20 04:39:05 +02:00
Yamagishi Kazutoshi
e925b06721
Fix languages dropdown on light theme (#18460) 2022-05-19 19:26:19 +02:00