dependabot[bot]
fbe4192c03
Bump ox from 2.14.6 to 2.14.7 ( #17453 )
...
Bumps [ox](https://github.com/ohler55/ox ) from 2.14.6 to 2.14.7.
- [Release notes](https://github.com/ohler55/ox/releases )
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/ohler55/ox/compare/v2.14.6...v2.14.7 )
---
updated-dependencies:
- dependency-name: ox
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-10 15:11:16 +01:00
dependabot[bot]
a50c752726
Bump pg from 1.3.0 to 1.3.1 ( #17450 )
...
Bumps [pg](https://github.com/ged/ruby-pg ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/ged/ruby-pg/releases )
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc )
- [Commits](https://github.com/ged/ruby-pg/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: pg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-10 15:10:47 +01:00
dependabot[bot]
2c1e453d0c
Bump puma from 5.5.2 to 5.6.1 ( #17411 )
...
Bumps [puma](https://github.com/puma/puma ) from 5.5.2 to 5.6.1.
- [Release notes](https://github.com/puma/puma/releases )
- [Changelog](https://github.com/puma/puma/blob/master/History.md )
- [Commits](https://github.com/puma/puma/compare/v5.5.2...v5.6.1 )
---
updated-dependencies:
- dependency-name: puma
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-10 15:09:06 +01:00
dependabot[bot]
ae59818335
Bump sidekiq from 6.4.0 to 6.4.1 ( #17480 )
...
Bumps [sidekiq](https://github.com/mperham/sidekiq ) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/mperham/sidekiq/releases )
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md )
- [Commits](https://github.com/mperham/sidekiq/compare/v6.4.0...v6.4.1 )
---
updated-dependencies:
- dependency-name: sidekiq
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-10 15:07:06 +01:00
Claire
da91b18a8b
Fix NoMethodError in StatusUpdateDistributionWorker ( #17499 )
...
* Add tests
* Fix NoMethodError in StatusUpdateDistributionWorker
* Fix tests
2022-02-10 14:57:10 +01:00
Claire
63854bee6c
Fix poll votes not being properly reset on poll change ( #17498 )
...
* Fix poll votes not being properly reset on poll change
* Fix and add tests
* Fix poll update handling when the number of options changes
2022-02-10 14:26:54 +01:00
Eugen Rochko
1bfcb75105
Fix outdated iso-639 reference in update status service ( #17496 )
2022-02-10 03:09:44 +01:00
Eugen Rochko
63002cde03
Add editing for published statuses ( #17320 )
...
* Add editing for published statuses
* Fix change of multiple-choice boolean in poll not resetting votes
* Remove the ability to update existing media attachments for now
2022-02-10 00:15:30 +01:00
Eugen Rochko
20a3564ab2
Chore: Update browserslist ( #17493 )
2022-02-10 00:10:27 +01:00
Eugen Rochko
2f8159baad
Add category
and rule_ids
params to POST /api/v1/reports
( #17492 )
2022-02-10 00:10:16 +01:00
Takuya Yoshida
5533fa28b6
Add support >= 1.22 ( #17490 )
2022-02-09 12:30:00 +01:00
Eugen Rochko
3aebe711fd
Change languages to be listed under standard instead of native name in admin UI ( #17485 )
2022-02-09 04:15:38 +01:00
Eugen Rochko
fd3a45e348
Add edit history to web UI ( #17390 )
...
* Add edit history to web UI
* Change history reducer to store items per status
* Fix missing loading prop
2022-02-09 01:17:07 +01:00
Eugen Rochko
2adcad04ff
Fix error in suggestions API due to typo ( #17486 )
...
Regression from #17479
2022-02-08 22:23:04 +01:00
Eugen Rochko
b6d7726ecb
Remove language detection through cld3 ( #17478 )
...
* Remove language detection through cld3
* Update app/helpers/languages_helper.rb
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2022-02-08 02:41:17 +01:00
Eugen Rochko
85b86fe28c
Add global locale
param ( #17464 )
...
- Remove the session-based locale stickyness
2022-02-08 02:34:56 +01:00
Eugen Rochko
35850f8195
Fix localization of cold-start follow recommendations ( #17479 )
2022-02-08 01:53:49 +01:00
Claire
52c1b86964
Fix Ruby 2.5 incompatibility ( #17465 )
2022-02-07 19:57:06 +01:00
Eugen Rochko
f1f6ddd536
Fix structured data parsing from links choking on bad data ( #17403 )
...
* Fix structured data parsing from links choking on bad data
- Fix og:url meta tag being prioritized over canonical link tag
- Fix structured data parsing choking on commented-out CDATA declarations
- Fix HTML entities in title, description, provider_name, author_name
- Change structured data parsing to attempt every JSON-LD script tag
* Remove unnecessary slash escapes from CDATA regex pattern
2022-02-07 18:16:31 +01:00
Claire
73a782391c
Fix replies collection incorrectly looping ( #17462 )
...
* Refactor tests
* Add tests
* Fix replies collection incorrectly looping
2022-02-07 17:06:43 +01:00
Claire
0d2cf3cd4a
Fix errors when multiple Delete are received for a given actor ( #17460 )
2022-02-07 13:14:48 +01:00
Claire
92658f0fb0
Fix instance actor not being dereferenceable ( #17457 )
...
* Add tests
* Fix instance actor not being dereferenceable
* Fix tests
* Fix tests for real
2022-02-06 15:31:03 +01:00
potpro
097c4903f1
Update build-image.yml ( #17454 )
2022-02-05 17:29:54 +01:00
Eugen Rochko
e03e7ac290
Fix error on account relationships page in admin UI ( #17444 )
2022-02-05 05:06:34 +01:00
dependabot[bot]
6a649e9131
Bump brakeman from 5.2.0 to 5.2.1 ( #17410 )
...
Bumps [brakeman](https://github.com/presidentbeef/brakeman ) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v5.2.0...v5.2.1 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:03:12 +09:00
dependabot[bot]
bfe5ad5fee
Bump redis from 4.0.2 to 4.0.3 ( #17412 )
...
Bumps [redis](https://github.com/redis/node-redis ) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/redis/node-redis/releases )
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md )
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.2...redis@4.0.3 )
---
updated-dependencies:
- dependency-name: redis
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:03:06 +09:00
dependabot[bot]
e001e116da
Bump sidekiq-scheduler from 3.1.0 to 3.1.1 ( #17407 )
...
Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases )
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.1.0...v3.1.1 )
---
updated-dependencies:
- dependency-name: sidekiq-scheduler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:02:57 +09:00
dependabot[bot]
e0263c7369
Bump http-link-header from 1.0.3 to 1.0.4 ( #17414 )
...
Bumps [http-link-header](https://github.com/jhermsmeier/node-http-link-header ) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/jhermsmeier/node-http-link-header/releases )
- [Changelog](https://github.com/jhermsmeier/node-http-link-header/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jhermsmeier/node-http-link-header/compare/v1.0.3...v1.0.4 )
---
updated-dependencies:
- dependency-name: http-link-header
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 13:02:42 +09:00
Alexandra Catalina
50ab3f3dcb
Update tootsuite/mastodon Docker tag to v3.4.6 ( #17436 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-03 21:29:20 +01:00
Eugen Rochko
3413f1c44b
Forward-port version bump to 3.4.6 ( #17434 )
2022-02-03 14:21:38 +01:00
e0ddad2d4c
Merge tag 'v3.3.2'
2022-02-04 00:15:40 +11:00
53cc34124b
3.3.1
2022-02-04 00:15:26 +11:00
Claire
c8b1e72a4f
Fix compacted JSON-LD possibly causing compatibility issues on forwarding ( #17428 )
2022-02-03 14:09:04 +01:00
Claire
948235592a
Fix response_to_recipient? CTE ( #17427 )
2022-02-03 14:07:43 +01:00
Claire
d1ecc323e7
Compact JSON-LD signed incoming activities ( #17426 )
...
Co-authored-by: Puck Meerburg <puck@puck.moe>
2022-02-03 14:07:29 +01:00
42437cacf0
Merge tag 'v3.3.1'
2022-02-03 20:13:58 +11:00
Claire
637c7d464b
Bump version to 3.3.2
2022-02-02 23:48:20 +01:00
Claire
aeccbb2a14
Fix spurious errors when receiving an Add activity for a private post
2022-02-02 22:05:13 +01:00
Wonderfall
b99c58b6fe
disable legacy XSS filtering ( #17289 )
...
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
2022-02-02 22:05:13 +01:00
Claire
d7adbf5a63
Change mastodon:webpush:generate_vapid_key task to not require functional env ( #17338 )
...
Fixes #17297
2022-02-02 22:05:13 +01:00
Claire
5231ae7ae6
Fix response_to_recipient? CTE
2022-02-02 19:49:22 +01:00
Claire
1cc5c35bb0
Fix insufficient sanitization of report comments
2022-02-02 19:49:22 +01:00
Claire
f22f6d970d
Fix compacted JSON-LD possibly causing compatibility issues on forwarding
2022-02-02 19:49:22 +01:00
Puck Meerburg
5efc927261
Compact JSON-LD signed incoming activities
2022-02-02 14:21:12 +01:00
Claire
5e9118c9bb
Fix error-prone SQL queries ( #15828 )
...
* Fix error-prone SQL queries in Account search
While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.
This PR parameterises the `to_tsquery` input to make the query more robust.
* Harden code for Status#tagged_with_all and Status#tagged_with_none
Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.
* Remove unneeded spaces surrounding tsquery term
* Please CodeClimate
* Move advanced_search_for SQL template to its own function
This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.
* Add tests covering tagged_with, tagged_with_all and tagged_with_none
* Rewrite tagged_with_none to avoid multiple joins and make it more robust
* Remove obsolete brakeman warnings
* Revert "Remove unneeded spaces surrounding tsquery term"
The two queries are not strictly equivalent.
This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-02-02 14:21:12 +01:00
Alexandra Catalina
d0d15bf49c
Update tootsuite/mastodon Docker tag to v3.4.5 ( #17417 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-01 20:57:50 +01:00
Claire
987d88ea56
Fix requiring an extra restart after recent post-deployment migrations ( #17422 )
...
Follow-up to #16409
2022-02-01 20:57:39 +01:00
Rohan Sharma
4d6d4b43c6
Fixed prototype pollution bug and only allow trusted origin ( #17420 )
2022-02-01 17:34:48 +01:00
Claire
54581d43e7
Bump version to 3.4.5 ( #17402 )
2022-01-31 21:27:40 +01:00
Claire
b8a5b3a3db
Change docker-compose.yml to specifically tag v3.3.1 images
2022-01-31 18:16:17 +01:00