Merge tag 'v3.1.4' into hometown-dev

2020-05-15 15:34:04 -07:00 · 2020-05-15 15:34:04 -07:00 · 877a478466
commit 877a478466
parent 1d70261350 c9dcc2d39f
1182 changed files with 15087 additions and 6745 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -5,11 +5,13 @@ aliases:
    docker:
      - image: circleci/ruby:2.7-buster-node
        environment: &ruby_environment
          BUNDLE_JOBS: 3
          BUNDLE_RETRY: 3
          BUNDLE_APP_CONFIG: ./.bundle/
          BUNDLE_PATH: ./vendor/bundle/
          DB_HOST: localhost
          DB_USER: root
          RAILS_ENV: test
          PARALLEL_TEST_PROCESSORS: 4
          ALLOW_NOPAM: true
          CONTINUOUS_INTEGRATION: true
          DISABLE_SIMPLECOV: true
@ -31,9 +33,9 @@ aliases:
  - &restore_ruby_dependencies
    restore_cache:
      keys:
-        - v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
+        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
-        - v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
+        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
-        - v2-ruby-dependencies-
+        - v3-ruby-dependencies-
  - &install_steps
    steps:
@ -41,11 +43,13 @@ aliases:
      - *attach_workspace
      - restore_cache:
          keys:
-            - v1-node-dependencies-{{ checksum "yarn.lock" }}
+            - v2-node-dependencies-{{ checksum "yarn.lock" }}
-            - v1-node-dependencies-
+            - v2-node-dependencies-
-      - run: yarn install --frozen-lockfile
+      - run:
          name: Install yarn dependencies
          command: yarn install --frozen-lockfile
      - save_cache:
-          key: v1-node-dependencies-{{ checksum "yarn.lock" }}
+          key: v2-node-dependencies-{{ checksum "yarn.lock" }}
          paths:
            - ./node_modules/
      - *persist_to_workspace
@ -57,26 +61,27 @@ aliases:
          sudo apt-get update
          sudo apt-get install -y libicu-dev libidn11-dev libprotobuf-dev protobuf-compiler
          ## TODO: FIX THESE BUSTER DEPENDANCES
          sudo wget http://ftp.au.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u3_amd64.deb
          sudo dpkg -i libicu57_57.1-6+deb9u3_amd64.deb
          sudo wget http://ftp.au.debian.org/debian/pool/main/p/protobuf/libprotobuf10_3.0.0-9_amd64.deb
          sudo dpkg -i libprotobuf10_3.0.0-9_amd64.deb
  - &install_ruby_dependencies
      steps:
        - *attach_workspace
        - *install_system_dependencies
-        - run: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
+        - run:
            name: Set Ruby version
            command: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
        - *restore_ruby_dependencies
-        - run: bundle config set clean 'true'
+        - run:
-        - run: bundle config set deployment 'true'
+            name: Set bundler settings
-        - run: bundle config set with 'pam_authentication'
+            command: |
-        - run: bundle config set without 'development production'
+              bundle config clean 'true'
-        - run: bundle config set frozen 'true'
+              bundle config deployment 'true'
-        - run: bundle install --jobs 16 --retry 3 && bundle clean
+              bundle config with 'pam_authentication'
              bundle config without 'development production'
              bundle config frozen 'true'
        - run:
            name: Install bundler dependencies
            command: bundle check || (bundle install && bundle clean)
        - save_cache:
-            key: v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
+            key: v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
            paths:
              - ./.bundle/
              - ./vendor/bundle/
@ -87,17 +92,26 @@ aliases:
                - ./mastodon/vendor/bundle/
  - &test_steps
      parallelism: 4
      steps:
        - *attach_workspace
        - *install_system_dependencies
        - run: sudo apt-get install -y ffmpeg
        - run:
-            name: Prepare Tests
+            name: Install FFMPEG
-            command: ./bin/rails parallel:create parallel:load_schema parallel:prepare
+            command: sudo apt-get install -y ffmpeg
        - run:
-            name: Run Tests
+            name: Load database schema
-            command: ./bin/retry bundle exec parallel_test ./spec/ --group-by filesize --type rspec
+            command: ./bin/rails db:create db:schema:load db:seed
-
+        - run:
            name: Run rspec in parallel
            command: |
              bundle exec rspec --profile 10 \
                                --format RspecJunitFormatter \
                                --out test_results/rspec.xml \
                                --format progress \
                                $(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
        - store_test_results:
            path: test_results
 jobs:
  install:
    <<: *defaults
@ -114,19 +128,14 @@ jobs:
        environment: *ruby_environment
    <<: *install_ruby_dependencies
  install-ruby2.5:
    <<: *defaults
    docker:
      - image: circleci/ruby:2.5-buster-node
        environment: *ruby_environment
    <<: *install_ruby_dependencies
  build:
    <<: *defaults
    steps:
      - *attach_workspace
      - *install_system_dependencies
-      - run: ./bin/rails assets:precompile
+      - run:
          name: Precompile assets
          command: ./bin/rails assets:precompile
      - persist_to_workspace:
          root: ~/projects/
          paths:
@ -138,28 +147,30 @@ jobs:
    docker:
      - image: circleci/ruby:2.7-buster-node
        environment: *ruby_environment
-      - image: circleci/postgres:10.6-alpine
+      - image: circleci/postgres:12.2
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
      - image: circleci/redis:5-alpine
    steps:
      - *attach_workspace
      - *install_system_dependencies
      - run:
          name: Create database
-          command: ./bin/rails parallel:create
+          command: ./bin/rails db:create
      - run:
          name: Run migrations
-          command: ./bin/rails parallel:migrate
+          command: ./bin/rails db:migrate
  test-ruby2.7:
    <<: *defaults
    docker:
      - image: circleci/ruby:2.7-buster-node
        environment: *ruby_environment
-      - image: circleci/postgres:10.6-alpine
+      - image: circleci/postgres:12.2
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
      - image: circleci/redis:5-alpine
    <<: *test_steps
@ -168,20 +179,10 @@ jobs:
    docker:
      - image: circleci/ruby:2.6-buster-node
        environment: *ruby_environment
-      - image: circleci/postgres:10.6-alpine
+      - image: circleci/postgres:12.2
        environment:
          POSTGRES_USER: root
      - image: circleci/redis:5-alpine
    <<: *test_steps
  test-ruby2.5:
    <<: *defaults
    docker:
      - image: circleci/ruby:2.5-buster-node
        environment: *ruby_environment
      - image: circleci/postgres:10.6-alpine
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
      - image: circleci/redis:5-alpine
    <<: *test_steps
@ -191,17 +192,27 @@ jobs:
      - image: circleci/node:12-buster
    steps:
      - *attach_workspace
-      - run: ./bin/retry yarn test:jest
+      - run:
          name: Run jest
          command: yarn test:jest
  check-i18n:
    <<: *defaults
    steps:
      - *attach_workspace
      - *install_system_dependencies
-      - run: bundle exec i18n-tasks check-normalized
+      - run:
-      - run: bundle exec i18n-tasks unused -l en
+          name: Check locale file normalization
-      - run: bundle exec i18n-tasks check-consistent-interpolations
+          command: bundle exec i18n-tasks check-normalized
-      - run: bundle exec rake repo:check_locales_files
+      - run:
          name: Check for unused strings
          command: bundle exec i18n-tasks unused -l en
      - run:
          name: Check for wrong string interpolations
          command: bundle exec i18n-tasks check-consistent-interpolations
      - run:
          name: Check that all required locale files exist
          command: bundle exec rake repo:check_locales_files
 workflows:
  version: 2
@ -215,10 +226,6 @@ workflows:
          requires:
            - install
            - install-ruby2.7
      - install-ruby2.5:
          requires:
            - install
            - install-ruby2.7
      - build:
          requires:
            - install-ruby2.7
@ -233,10 +240,6 @@ workflows:
          requires:
            - install-ruby2.6
            - build
      - test-ruby2.5:
          requires:
            - install-ruby2.5
            - build
      - test-webui:
          requires:
            - install
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@ -30,7 +30,7 @@ plugins:
    channel: eslint-6
  rubocop:
    enabled: true
-    channel: rubocop-0-76
+    channel: rubocop-0-82
  sass-lint:
    enabled: true
 exclude_patterns:
--- a/.dependabot/config.yml
+++ b/.dependabot/config.yml
@ -4,7 +4,25 @@ update_configs:
  - package_manager: "ruby:bundler"
    directory: "/"
    update_schedule: "weekly"
    # Supported update schedule: live daily weekly monthly
    version_requirement_updates: "auto"
    # Supported version requirements: auto widen_ranges increase_versions increase_versions_if_necessary
    allowed_updates:
      - match:
          dependency_type: "all"
          # Supported dependency types: all indirect direct production development
          update_type: "all"
          # Supported update types: all security
  - package_manager: "javascript"
    directory: "/"
    update_schedule: "weekly"
    # Supported update schedule: live daily weekly monthly
    version_requirement_updates: "auto"
    # Supported version requirements: auto widen_ranges increase_versions increase_versions_if_necessary
    allowed_updates:
      - match:
          dependency_type: "all"
          # Supported dependency types: all indirect direct production development
          update_type: "all"
          # Supported update types: all security
--- a/.env.production.sample
+++ b/.env.production.sample
@ -33,7 +33,7 @@ LOCAL_DOMAIN=example.com
 # ALTERNATE_DOMAINS=example1.com,example2.com
 # Application secrets
-# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
+# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web bundle exec rake secret` if you use docker compose)
 SECRET_KEY_BASE=
 OTP_SECRET=
@ -42,7 +42,7 @@ OTP_SECRET=
 # You should only generate this once per instance. If you later decide to change it, all push subscription will
 # be invalidated, requiring the users to access the website again to resubscribe.
 #
-# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
+# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key` if you use docker compose)
 #
 # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
 VAPID_PRIVATE_KEY=
--- a/.gitignore
+++ b/.gitignore
@ -58,7 +58,7 @@ yarn-error.log
 yarn-debug.log
 # Ignore vagrant log files
-ubuntu-xenial-16.04-cloudimg-console.log
+*-cloudimg-console.log
 # Ignore Docker option files
 docker-compose.override.yml
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -2,7 +2,7 @@ require:
  - rubocop-rails
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.4
  Exclude:
  - 'spec/**/*'
  - 'db/**/*'
@ -46,7 +46,7 @@ Metrics/ClassLength:
 Metrics/CyclomaticComplexity:
  Max: 25
-Metrics/LineLength:
+Layout/LineLength:
  AllowURI: true
  Enabled: false
--- a/.ruby-version
+++ b/.ruby-version
@ -1 +1 @@
-2.6.5
+2.6.6
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,146 @@ Changelog
 All notable changes to this project will be documented in this file.
 ## [v3.1.4] - 2020-05-14
 ### Added
 - Add `vi` to available locales ([taicv](https://github.com/tootsuite/mastodon/pull/13542))
 - Add ability to remove identity proofs from account ([Gargron](https://github.com/tootsuite/mastodon/pull/13682))
 - Add ability to exclude local content from federated timeline ([noellabo](https://github.com/tootsuite/mastodon/pull/13504), [noellabo](https://github.com/tootsuite/mastodon/pull/13745))
  - Add `remote` param to `GET /api/v1/timelines/public` REST API
  - Add `public/remote` / `public:remote` variants to streaming API
  - "Remote only" option in federated timeline column settings in web UI
 - Add ability to exclude remote content from hashtag timelines in web UI ([noellabo](https://github.com/tootsuite/mastodon/pull/13502))
  - No changes to REST API
  - "Local only" option in hashtag column settings in web UI
 - Add Capistrano tasks that reload the services after deploying ([berkes](https://github.com/tootsuite/mastodon/pull/12642))
 - Add `invites_enabled` attribute to `GET /api/v1/instance` in REST API ([ThibG](https://github.com/tootsuite/mastodon/pull/13501))
 - Add `tootctl emoji export` command ([lfuelling](https://github.com/tootsuite/mastodon/pull/13534))
 - Add separate cache directory for non-local uploads ([Gargron](https://github.com/tootsuite/mastodon/pull/12821), [Hanage999](https://github.com/tootsuite/mastodon/pull/13593), [mayaeh](https://github.com/tootsuite/mastodon/pull/13551))
  - Add `tootctl upgrade storage-schema` command to move old non-local uploads to the cache directory
 - Add buttons to delete header and avatar from profile settings ([sternenseemann](https://github.com/tootsuite/mastodon/pull/13234))
 - Add emoji graphics and shortcodes from Twemoji 12.1.5 ([DeeUnderscore](https://github.com/tootsuite/mastodon/pull/13021))
 ### Changed
 - Change error message when trying to migrate to an account that does not have current account set as an alias to be more clear ([TheEvilSkeleton](https://github.com/tootsuite/mastodon/pull/13746))
 - Change delivery failure tracking to work with hostnames instead of URLs ([Gargron](https://github.com/tootsuite/mastodon/pull/13437), [noellabo](https://github.com/tootsuite/mastodon/pull/13481), [noellabo](https://github.com/tootsuite/mastodon/pull/13482), [noellabo](https://github.com/tootsuite/mastodon/pull/13535))
 - Change Content-Security-Policy to not need unsafe-inline style-src ([ThibG](https://github.com/tootsuite/mastodon/pull/13679), [ThibG](https://github.com/tootsuite/mastodon/pull/13692), [ThibG](https://github.com/tootsuite/mastodon/pull/13576), [ThibG](https://github.com/tootsuite/mastodon/pull/13575), [ThibG](https://github.com/tootsuite/mastodon/pull/13438))
 - Change how RSS items are titled and formatted ([ThibG](https://github.com/tootsuite/mastodon/pull/13592), [ykzts](https://github.com/tootsuite/mastodon/pull/13591))
 ### Fixed
 - Fix dropdown of muted and followed accounts offering option to hide boosts in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13748))
 - Fix "You are already signed in" alert being shown at wrong times ([ThibG](https://github.com/tootsuite/mastodon/pull/13547))
 - Fix retrying of failed-to-download media files not actually working ([noellabo](https://github.com/tootsuite/mastodon/pull/13741))
 - Fix first poll option not being focused when adding a poll in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13740))
 - Fix `sr` locale being selected over `sr-Latn` ([ThibG](https://github.com/tootsuite/mastodon/pull/13693))
 - Fix error within error when limiting backtrace to 3 lines ([Gargron](https://github.com/tootsuite/mastodon/pull/13120))
 - Fix `tootctl media remove-orphans` crashing on "Import" files ([ThibG](https://github.com/tootsuite/mastodon/pull/13685))
 - Fix regression in `tootctl media remove-orphans` ([Gargron](https://github.com/tootsuite/mastodon/pull/13405))
 - Fix old unique jobs digests not having been cleaned up ([Gargron](https://github.com/tootsuite/mastodon/pull/13683))
 - Fix own following/followers not showing muted users ([ThibG](https://github.com/tootsuite/mastodon/pull/13614))
 - Fix list of followed people ignoring sorting on Follows & Followers page  ([taras2358](https://github.com/tootsuite/mastodon/pull/13676))
 - Fix wrong pgHero Content-Security-Policy when `CDN_HOST` is set ([ThibG](https://github.com/tootsuite/mastodon/pull/13595))
 - Fix needlessly deduplicating usernames on collisions with remote accounts when signing-up through SAML/CAS ([kaiyou](https://github.com/tootsuite/mastodon/pull/13581))
 - Fix page incorrectly scrolling when bringing up dropdown menus in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13574))
 - Fix messed up z-index when NoScript blocks media/previews in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13449))
 - Fix "See what's happening" page showing public instead of local timeline for logged-in users ([ThibG](https://github.com/tootsuite/mastodon/pull/13499))
 - Fix not being able to resolve public resources in development environment ([Gargron](https://github.com/tootsuite/mastodon/pull/13505))
 - Fix uninformative error message when uploading unsupported image files ([ThibG](https://github.com/tootsuite/mastodon/pull/13540))
 - Fix expanded video player issues in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13541), [eai04191](https://github.com/tootsuite/mastodon/pull/13533))
 - Fix and refactor keyboard navigation in dropdown menus in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13528))
 - Fix uploaded image orientation being messed up in some browsers in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13493))
 - Fix actions log crash when displaying updates of deleted announcements in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13489))
 - Fix search not working due to proxy settings when using hidden services ([Gargron](https://github.com/tootsuite/mastodon/pull/13488))
 - Fix poll refresh button not being debounced in web UI ([rasjonell](https://github.com/tootsuite/mastodon/pull/13485), [ThibG](https://github.com/tootsuite/mastodon/pull/13490))
 - Fix confusing error when failing to add an alias to an unknown account ([ThibG](https://github.com/tootsuite/mastodon/pull/13480))
 - Fix "Email changed" notification sometimes having wrong e-mail ([ThibG](https://github.com/tootsuite/mastodon/pull/13475))
 - Fix varioues issues on the account aliases page ([ThibG](https://github.com/tootsuite/mastodon/pull/13452))
 - Fix API footer link in web UI ([bubblineyuri](https://github.com/tootsuite/mastodon/pull/13441))
 - Fix pagination of following, followers, follow requests, blocks and mutes lists in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13445))
 - Fix styling of polls in JS-less fallback on public pages ([ThibG](https://github.com/tootsuite/mastodon/pull/13436))
 - Fix trying to delete already deleted file when post-processing ([Gargron](https://github.com/tootsuite/mastodon/pull/13406))
 ### Security
 - Fix Doorkeeper vulnerability that exposed app secret to users who authorized the app and reset secret of the web UI that could have been exposed ([dependabot-preview[bot]](https://github.com/tootsuite/mastodon/pull/13613), [Gargron](https://github.com/tootsuite/mastodon/pull/13688))
  - For apps that self-register on behalf of every individual user (such as most mobile apps), this is a non-issue
  - The issue only affects developers of apps who are shared between multiple users, such as server-side apps like cross-posters
 ## [v3.1.3] - 2020-04-05
 ### Added
 - Add ability to filter audit log in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13381))
 - Add titles to warning presets in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13252))
 - Add option to include resolved DNS records when blacklisting e-mail domains in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13254))
 - Add ability to delete files uploaded for settings in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13192))
 - Add sorting by username, creation and last activity in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13076))
 - Add explanation as to why unlocked accounts may have follow requests in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13385))
 - Add link to bookmarks to dropdown in web UI ([mayaeh](https://github.com/tootsuite/mastodon/pull/13273))
 - Add support for links to statuses in announcements to be opened in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13212), [ThibG](https://github.com/tootsuite/mastodon/pull/13250))
 - Add tooltips to audio/video player buttons in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13203))
 - Add submit button to the top of preferences pages ([guigeekz](https://github.com/tootsuite/mastodon/pull/13068))
 - Add specific rate limits for posting, following and reporting ([Gargron](https://github.com/tootsuite/mastodon/pull/13172), [Gargron](https://github.com/tootsuite/mastodon/pull/13390))
  - 300 posts every 3 hours
  - 400 follows or follow requests every 24 hours
  - 400 reports every 24 hours
 - Add federation support for the "hide network" preference ([ThibG](https://github.com/tootsuite/mastodon/pull/11673))
 - Add `--skip-media-remove` option to `tootctl statuses remove` ([tateisu](https://github.com/tootsuite/mastodon/pull/13080))
 ### Changed
 - **Change design of polls in web UI** ([Sasha-Sorokin](https://github.com/tootsuite/mastodon/pull/13257), [ThibG](https://github.com/tootsuite/mastodon/pull/13313))
 - Change status click areas in web UI to be bigger ([ariasuni](https://github.com/tootsuite/mastodon/pull/13327))
 - **Change `tootctl media remove-orphans` to work for all classes** ([Gargron](https://github.com/tootsuite/mastodon/pull/13316))
 - **Change local media attachments to perform heavy processing asynchronously** ([Gargron](https://github.com/tootsuite/mastodon/pull/13210))
 - Change video uploads to always be converted to H264/MP4 ([Gargron](https://github.com/tootsuite/mastodon/pull/13220), [ThibG](https://github.com/tootsuite/mastodon/pull/13239), [ThibG](https://github.com/tootsuite/mastodon/pull/13242))
 - Change video uploads to enforce certain limits ([Gargron](https://github.com/tootsuite/mastodon/pull/13218))
  - Dimensions smaller than 1920x1200px
  - Frame rate at most 60fps
 - Change the tooltip "Toggle visibility" to "Hide media" in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13199))
 - Change description of privacy levels to be more intuitive in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13197))
 - Change GIF label to be displayed even when autoplay is enabled in web UI ([koyuawsmbrtn](https://github.com/tootsuite/mastodon/pull/13209))
 - Change the string "Hide everything from …" to "Block domain …" in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13178), [mayaeh](https://github.com/tootsuite/mastodon/pull/13221))
 - Change wording of media display preferences to be more intuitive ([ariasuni](https://github.com/tootsuite/mastodon/pull/13198))
 ### Deprecated
 - `POST /api/v1/media` → `POST /api/v2/media` ([Gargron](https://github.com/tootsuite/mastodon/pull/13210))
 ### Fixed
 - Fix `tootctl media remove-orphans` ignoring `PAPERCLIP_ROOT_PATH` ([Gargron](https://github.com/tootsuite/mastodon/pull/13375))
 - Fix returning results when searching for URL with non-zero offset ([Gargron](https://github.com/tootsuite/mastodon/pull/13377))
 - Fix pinning a column in web UI sometimes redirecting out of web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/13376))
 - Fix background jobs not using locks like they are supposed to ([Gargron](https://github.com/tootsuite/mastodon/pull/13361))
 - Fix content warning being unnecessarily cleared when hiding content warning input in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13348))
 - Fix "Show more" not switching to "Show less" on public pages ([ThibG](https://github.com/tootsuite/mastodon/pull/13174))
 - Fix import overwrite option not being selectable ([noellabo](https://github.com/tootsuite/mastodon/pull/13347))
 - Fix wrong color for ellipsis in boost confirmation dialog in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13355))
 - Fix unnecessary unfollowing when importing follows with overwrite option ([noellabo](https://github.com/tootsuite/mastodon/pull/13350))
 - Fix 404 and 410 API errors being silently discarded in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13279))
 - Fix OCR not working on Safari because of unsupported worker-src CSP ([ThibG](https://github.com/tootsuite/mastodon/pull/13323))
 - Fix media not being marked sensitive when a content warning is set with no text ([ThibG](https://github.com/tootsuite/mastodon/pull/13277))
 - Fix crash after deleting announcements in web UI ([codesections](https://github.com/tootsuite/mastodon/pull/13283), [ThibG](https://github.com/tootsuite/mastodon/pull/13312))
 - Fix bookmarks not being searchable ([Kjwon15](https://github.com/tootsuite/mastodon/pull/13271), [noellabo](https://github.com/tootsuite/mastodon/pull/13293))
 - Fix reported accounts not being whitelisted from further spam checks when resolving a spam check report ([ThibG](https://github.com/tootsuite/mastodon/pull/13289))
 - Fix web UI crash in single-column mode on prehistoric browsers ([ThibG](https://github.com/tootsuite/mastodon/pull/13267))
 - Fix some timeouts when searching for URLs ([ThibG](https://github.com/tootsuite/mastodon/pull/13253))
 - Fix detailed view of direct messages displaying a 0 boost count in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13244))
 - Fix regression in “Edit media” modal in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13243))
 - Fix public posts from silenced accounts not being changed to unlisted visibility ([ThibG](https://github.com/tootsuite/mastodon/pull/13096))
 - Fix error when searching for URLs that contain the mention syntax ([ThibG](https://github.com/tootsuite/mastodon/pull/13151))
 - Fix text area above/right of emoji picker being accidentally clickable in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/13148))
 - Fix too large announcements not being scrollable in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13211))
 - Fix `tootctl media remove-orphans` crashing when encountering invalid media ([ThibG](https://github.com/tootsuite/mastodon/pull/13170))
 - Fix installation failing when Redis password contains special characters ([ThibG](https://github.com/tootsuite/mastodon/pull/13156))
 - Fix announcements with fully-qualified mentions to local users crashing web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/13164))
 ### Security
 - Fix re-sending of e-mail confirmation not being rate limited ([Gargron](https://github.com/tootsuite/mastodon/pull/13360))
 ## [v3.1.2] - 2020-02-27
 ### Added
--- a/6
+++ b/6
@ -4,7 +4,7 @@ FROM ubuntu:18.04 as build-dep
 SHELL ["bash", "-c"]
 # Install Node v12 (LTS)
-ENV NODE_VER="12.14.0"  
+ENV NODE_VER="12.16.1"
 RUN	ARCH= && \
    dpkgArch="$(dpkg --print-architecture)" && \
  case "${dpkgArch##*-}" in \
@ -38,8 +38,8 @@ RUN apt update && \
 	make -j$(nproc) > /dev/null && \
 	make install_bin install_include install_lib
-# Install ruby
+# Install Ruby
-ENV RUBY_VER="2.6.5"
+ENV RUBY_VER="2.6.6"
 ENV CPPFLAGS="-I/opt/jemalloc/include"
 ENV LDFLAGS="-L/opt/jemalloc/lib/"
 RUN apt update && \
--- a/53
+++ b/53
@ -1,12 +1,12 @@
 # frozen_string_literal: true
 source 'https://rubygems.org'
-ruby '>= 2.4.0', '< 3.0.0'
+ruby '>= 2.5.0', '< 3.0.0'
 gem 'pkg-config', '~> 1.4'
 gem 'puma', '~> 4.3'
-gem 'rails', '~> 5.2.4'
+gem 'rails', '~> 5.2.4.2'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 0.20'
 gem 'rack', '~> 2.2.2'
@ -20,7 +20,7 @@ gem 'makara', '~> 0.4'
 gem 'pghero', '~> 2.4'
 gem 'dotenv-rails', '~> 2.7'
-gem 'aws-sdk-s3', '~> 1.60', require: false
+gem 'aws-sdk-s3', '~> 1.64', require: false
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'paperclip', '~> 6.0'
@ -35,7 +35,7 @@ gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
 gem 'iso-639'
 gem 'chewy', '~> 5.1'
-gem 'cld3', '~> 3.2.6'
+gem 'cld3', '~> 3.3.0'
 gem 'devise', '~> 4.7'
 gem 'devise-two-factor', '~> 3.1'
@ -48,8 +48,8 @@ gem 'omniauth-cas', '~> 1.1'
 gem 'omniauth-saml', '~> 1.10'
 gem 'omniauth', '~> 1.9'
-gem 'discard', '~> 1.1'
+gem 'discard', '~> 1.2'
-gem 'doorkeeper', '~> 5.2'
+gem 'doorkeeper', '~> 5.4'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'goldfinger', '~> 2.1'
@ -57,25 +57,25 @@ gem 'hiredis', '~> 0.6'
 gem 'redis-namespace', '~> 1.7'
 gem 'health_check', git: 'https://github.com/ianheggie/health_check', ref: '0b799ead604f900ed50685e9b2d469cd2befba5b'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 4.3'
+gem 'http', '~> 4.4'
 gem 'http_accept_language', '~> 2.1'
 gem 'http_parser.rb', '~> 0.6', git: 'https://github.com/tmm1/http_parser.rb', ref: '54b17ba8c7d8d20a16dfc65d1775241833219cf2', submodules: true
 gem 'httplog', '~> 1.4.2'
 gem 'idn-ruby', require: 'idn'
-gem 'kaminari', '~> 1.1'
+gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
 gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar'
 gem 'nilsimsa', git: 'https://github.com/witgo/nilsimsa', ref: 'fd184883048b922b176939f851338d0a4971a532'
 gem 'nokogiri', '~> 1.10'
 gem 'nsa', '~> 0.2'
 gem 'oj', '~> 3.10'
-gem 'ox', '~> 2.12'
+gem 'ox', '~> 2.13'
 gem 'parslet'
 gem 'parallel', '~> 1.19'
 gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c'
 gem 'pundit', '~> 2.1'
 gem 'premailer-rails'
-gem 'rack-attack', '~> 6.2'
+gem 'rack-attack', '~> 6.3'
 gem 'rack-cors', '~> 1.1', require: 'rack/cors'
 gem 'rails-i18n', '~> 5.1'
 gem 'rails-settings-cached', '~> 0.6'
@ -84,7 +84,7 @@ gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 1.1'
 gem 'ruby-progressbar', '~> 1.10'
 gem 'sanitize', '~> 5.1'
-gem 'sidekiq', '~> 5.2'
+gem 'sidekiq', '~> 6.0'
 gem 'sidekiq-scheduler', '~> 3.0'
 gem 'sidekiq-unique-jobs', '~> 6.0'
 gem 'sidekiq-bulk', '~>0.2.0'
@ -92,12 +92,12 @@ gem 'simple-navigation', '~> 4.1'
 gem 'simple_form', '~> 5.0'
 gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
 gem 'stoplight', '~> 2.2.0'
-gem 'strong_migrations', '~> 0.5'
+gem 'strong_migrations', '~> 0.6'
 gem 'tty-command', '~> 0.9', require: false
-gem 'tty-prompt', '~> 0.20', require: false
+gem 'tty-prompt', '~> 0.21', require: false
 gem 'twitter-text', '~> 1.14'
-gem 'tzinfo-data', '~> 1.2019'
+gem 'tzinfo-data', '~> 1.2020'
-gem 'webpacker', '~> 4.2'
+gem 'webpacker', '~> 5.1'
 gem 'webpush'
 gem 'json-ld'
@ -108,9 +108,9 @@ group :development, :test do
  gem 'fabrication', '~> 2.21'
  gem 'fuubar', '~> 2.5'
  gem 'i18n-tasks', '~> 0.9', require: false
-  gem 'pry-byebug', '~> 3.8'
+  gem 'pry-byebug', '~> 3.9'
  gem 'pry-rails', '~> 0.3'
-  gem 'rspec-rails', '~> 3.9'
+  gem 'rspec-rails', '~> 4.0'
 end
 group :production, :test do
@ -118,32 +118,33 @@ group :production, :test do
 end
 group :test do
-  gem 'capybara', '~> 3.31'
+  gem 'capybara', '~> 3.32'
  gem 'climate_control', '~> 0.2'
-  gem 'faker', '~> 2.10'
+  gem 'faker', '~> 2.11'
  gem 'microformats', '~> 4.2'
  gem 'rails-controller-testing', '~> 1.0'
  gem 'rspec-sidekiq', '~> 3.0'
  gem 'simplecov', '~> 0.18', require: false
  gem 'webmock', '~> 3.8'
-  gem 'parallel_tests', '~> 2.30'
+  gem 'parallel_tests', '~> 2.32'
  gem 'rspec_junit_formatter', '~> 0.4'
 end
 group :development do
  gem 'active_record_query_trace', '~> 1.7'
-  gem 'annotate', '~> 3.0'
+  gem 'annotate', '~> 3.1'
-  gem 'better_errors', '~> 2.5'
+  gem 'better_errors', '~> 2.7'
  gem 'binding_of_caller', '~> 0.7'
  gem 'bullet', '~> 6.1'
  gem 'letter_opener', '~> 1.7'
  gem 'letter_opener_web', '~> 1.4'
  gem 'memory_profiler'
-  gem 'rubocop', '~> 0.79', require: false
+  gem 'rubocop', '~> 0.82', require: false
-  gem 'rubocop-rails', '~> 2.4', require: false
+  gem 'rubocop-rails', '~> 2.5', require: false
-  gem 'brakeman', '~> 4.7', require: false
+  gem 'brakeman', '~> 4.8', require: false
  gem 'bundler-audit', '~> 0.6', require: false
-  gem 'capistrano', '~> 3.11'
+  gem 'capistrano', '~> 3.14'
  gem 'capistrano-rails', '~> 1.4'
  gem 'capistrano-rbenv', '~> 2.1'
  gem 'capistrano-yarn', '~> 2.0'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -31,25 +31,25 @@ GIT
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (5.2.4.1)
+    actioncable (5.2.4.2)
-      actionpack (= 5.2.4.1)
+      actionpack (= 5.2.4.2)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.1)
+    actionmailer (5.2.4.2)
-      actionpack (= 5.2.4.1)
+      actionpack (= 5.2.4.2)
-      actionview (= 5.2.4.1)
+      actionview (= 5.2.4.2)
-      activejob (= 5.2.4.1)
+      activejob (= 5.2.4.2)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.1)
+    actionpack (5.2.4.2)
-      actionview (= 5.2.4.1)
+      actionview (= 5.2.4.2)
-      activesupport (= 5.2.4.1)
+      activesupport (= 5.2.4.2)
      rack (~> 2.0, >= 2.0.8)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.1)
+    actionview (5.2.4.2)
-      activesupport (= 5.2.4.1)
+      activesupport (= 5.2.4.2)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@ -60,20 +60,20 @@ GEM
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
    active_record_query_trace (1.7)
-    activejob (5.2.4.1)
+    activejob (5.2.4.2)
-      activesupport (= 5.2.4.1)
+      activesupport (= 5.2.4.2)
      globalid (>= 0.3.6)
-    activemodel (5.2.4.1)
+    activemodel (5.2.4.2)
-      activesupport (= 5.2.4.1)
+      activesupport (= 5.2.4.2)
-    activerecord (5.2.4.1)
+    activerecord (5.2.4.2)
-      activemodel (= 5.2.4.1)
+      activemodel (= 5.2.4.2)
-      activesupport (= 5.2.4.1)
+      activesupport (= 5.2.4.2)
      arel (>= 9.0)
-    activestorage (5.2.4.1)
+    activestorage (5.2.4.2)
-      actionpack (= 5.2.4.1)
+      actionpack (= 5.2.4.2)
-      activerecord (= 5.2.4.1)
+      activerecord (= 5.2.4.2)
      marcel (~> 0.3.1)
-    activesupport (5.2.4.1)
+    activesupport (5.2.4.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
@ -82,7 +82,7 @@ GEM
      public_suffix (>= 2.0.2, < 5.0)
    airbrussh (1.4.0)
      sshkit (>= 1.6.1, != 1.7.0)
-    annotate (3.0.3)
+    annotate (3.1.1)
      activerecord (>= 3.2, < 7.0)
      rake (>= 10.4, < 14.0)
    arel (9.0.0)
@ -91,24 +91,24 @@ GEM
      encryptor (~> 3.0.0)
    av (0.9.0)
      cocaine (~> 0.5.3)
-    aws-eventstream (1.0.3)
+    aws-eventstream (1.1.0)
-    aws-partitions (1.261.0)
+    aws-partitions (1.312.0)
-    aws-sdk-core (3.86.0)
+    aws-sdk-core (3.95.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
+      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.239.0)
      aws-sigv4 (~> 1.1)
      jmespath (~> 1.0)
-    aws-sdk-kms (1.27.0)
+    aws-sdk-kms (1.31.0)
      aws-sdk-core (~> 3, >= 3.71.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.60.1)
+    aws-sdk-s3 (1.64.0)
      aws-sdk-core (~> 3, >= 3.83.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.1.0)
+    aws-sigv4 (1.1.3)
      aws-eventstream (~> 1.0, >= 1.0.2)
-    bcrypt (3.1.12)
+    bcrypt (3.1.13)
-    better_errors (2.5.1)
+    better_errors (2.7.0)
      coderay (>= 1.0.0)
      erubi (>= 1.0.0)
      rack (>= 0.9.0)
@ -116,10 +116,10 @@ GEM
      debug_inspector (>= 0.0.1)
    blurhash (0.1.4)
      ffi (~> 1.10.0)
-    bootsnap (1.4.5)
+    bootsnap (1.4.6)
      msgpack (~> 1.0)
-    brakeman (4.7.2)
+    brakeman (4.8.1)
-    browser (3.0.3)
+    browser (4.1.0)
    builder (3.2.4)
    bullet (6.1.0)
      activesupport (>= 3.0.0)
@ -127,15 +127,14 @@ GEM
    bundler-audit (0.6.1)
      bundler (>= 1.2.0, < 3)
      thor (~> 0.18)
-    byebug (11.1.1)
+    byebug (11.1.3)
-    capistrano (3.11.2)
+    capistrano (3.14.0)
      airbrussh (>= 1.0.0)
      i18n
      rake (>= 10.0.0)
      sshkit (>= 1.9.0)
-    capistrano-bundler (1.3.0)
+    capistrano-bundler (1.6.0)
      capistrano (~> 3.1)
      sshkit (~> 1.2)
    capistrano-rails (1.4.0)
      capistrano (~> 3.1)
      capistrano-bundler (~> 1.1)
@ -144,7 +143,7 @@ GEM
      sshkit (~> 1.3)
    capistrano-yarn (2.0.2)
      capistrano (~> 3.0)
-    capybara (3.31.0)
+    capybara (3.32.1)
      addressable
      mini_mime (>= 0.1.3)
      nokogiri (~> 1.8)
@ -160,13 +159,13 @@ GEM
      elasticsearch (>= 2.0.0)
      elasticsearch-dsl
    chunky_png (1.3.11)
-    cld3 (3.2.6)
+    cld3 (3.3.0)
      ffi (>= 1.1.0, < 1.12.0)
    climate_control (0.2.0)
    cocaine (0.5.8)
      climate_control (>= 0.0.3, < 1.0)
    coderay (1.1.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.6)
    connection_pool (2.2.2)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
@ -190,37 +189,37 @@ GEM
      devise (>= 4.0.0)
      rpam2 (~> 4.0)
    diff-lcs (1.3)
-    discard (1.1.0)
+    discard (1.2.0)
      activerecord (>= 4.2, < 7)
    docile (1.3.2)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.2.3)
+    doorkeeper (5.4.0)
      railties (>= 5)
    dotenv (2.7.5)
    dotenv-rails (2.7.5)
      dotenv (= 2.7.5)
      railties (>= 3.2, < 6.1)
    e2mmap (0.1.0)
-    elasticsearch (7.3.0)
+    elasticsearch (7.6.0)
-      elasticsearch-api (= 7.3.0)
+      elasticsearch-api (= 7.6.0)
-      elasticsearch-transport (= 7.3.0)
+      elasticsearch-transport (= 7.6.0)
-    elasticsearch-api (7.3.0)
+    elasticsearch-api (7.6.0)
      multi_json
-    elasticsearch-dsl (0.1.8)
+    elasticsearch-dsl (0.1.9)
-    elasticsearch-transport (7.3.0)
+    elasticsearch-transport (7.6.0)
-      faraday
+      faraday (~> 1)
      multi_json
    encryptor (3.0.0)
    equatable (0.6.1)
    erubi (1.9.0)
-    et-orbi (1.1.6)
+    et-orbi (1.2.4)
      tzinfo
-    excon (0.71.0)
+    excon (0.73.0)
-    fabrication (2.21.0)
+    fabrication (2.21.1)
-    faker (2.10.1)
+    faker (2.11.0)
      i18n (>= 1.6, < 2)
-    faraday (1.0.0)
+    faraday (1.0.1)
      multipart-post (>= 1.2, < 3)
    fast_blank (1.0.0)
    fastimage (2.1.7)
@ -241,8 +240,8 @@ GEM
      fog-json (>= 1.0)
      ipaddress (>= 0.8)
    formatador (0.2.5)
-    fugit (1.1.6)
+    fugit (1.3.5)
-      et-orbi (~> 1.1, >= 1.1.6)
+      et-orbi (~> 1.1, >= 1.1.8)
      raabro (~> 1.1)
    fuubar (2.5.0)
      rspec-core (~> 3.0)
@ -265,20 +264,20 @@ GEM
      railties (>= 4.0.1)
    hamster (3.0.0)
      concurrent-ruby (~> 1.0)
-    hashdiff (1.0.0)
+    hashdiff (1.0.1)
-    hashie (3.6.0)
+    hashie (4.1.0)
    highline (2.0.3)
    hiredis (0.6.3)
    hkdf (0.3.0)
    htmlentities (4.3.4)
-    http (4.3.0)
+    http (4.4.1)
      addressable (~> 2.3)
      http-cookie (~> 1.0)
      http-form_data (~> 2.2)
      http-parser (~> 1.2.0)
    http-cookie (1.0.3)
      domain_name (~> 0.5)
-    http-form_data (2.2.0)
+    http-form_data (2.3.0)
    http-parser (1.2.1)
      ffi-compiler (>= 1.0, < 2.0)
    http_accept_language (2.1.1)
@ -287,7 +286,7 @@ GEM
      rainbow (>= 2.0.0)
    i18n (1.8.2)
      concurrent-ruby (~> 1.0)
-    i18n-tasks (0.9.30)
+    i18n-tasks (0.9.31)
      activesupport (>= 4.0.2)
      ast (>= 2.1.0)
      erubi
@ -299,37 +298,37 @@ GEM
      terminal-table (>= 1.5.1)
    idn-ruby (0.1.0)
    ipaddress (0.8.3)
-    iso-639 (0.2.8)
+    iso-639 (0.3.5)
    jaro_winkler (1.5.4)
    jmespath (1.4.0)
    json (2.3.0)
    json-canonicalization (0.2.0)
-    json-ld (3.1.0)
+    json-ld (3.1.4)
      htmlentities (~> 4.3)
-      json-canonicalization (~> 0.1)
+      json-canonicalization (~> 0.2)
      link_header (~> 0.0, >= 0.0.8)
      multi_json (~> 1.14)
      rack (~> 2.0)
      rdf (~> 3.1)
-    json-ld-preloaded (3.1.0)
+    json-ld-preloaded (3.1.2)
      json-ld (~> 3.1)
      rdf (~> 3.1)
    jsonapi-renderer (0.2.2)
-    jwt (2.1.0)
+    jwt (2.2.1)
-    kaminari (1.1.1)
+    kaminari (1.2.0)
      activesupport (>= 4.1.0)
-      kaminari-actionview (= 1.1.1)
+      kaminari-actionview (= 1.2.0)
-      kaminari-activerecord (= 1.1.1)
+      kaminari-activerecord (= 1.2.0)
-      kaminari-core (= 1.1.1)
+      kaminari-core (= 1.2.0)
-    kaminari-actionview (1.1.1)
+    kaminari-actionview (1.2.0)
      actionview
-      kaminari-core (= 1.1.1)
+      kaminari-core (= 1.2.0)
-    kaminari-activerecord (1.1.1)
+    kaminari-activerecord (1.2.0)
      activerecord
-      kaminari-core (= 1.1.1)
+      kaminari-core (= 1.2.0)
-    kaminari-core (1.1.1)
+    kaminari-core (1.2.0)
-    launchy (2.4.3)
+    launchy (2.5.0)
-      addressable (~> 2.3)
+      addressable (~> 2.7)
    letter_opener (1.7.0)
      launchy (~> 2.2)
    letter_opener_web (1.4.0)
@ -342,7 +341,7 @@ GEM
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.4.0)
+    loofah (2.5.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
@ -354,38 +353,38 @@ GEM
    mario-redis-lock (1.2.1)
      redis (>= 3.0.5)
    memory_profiler (0.9.14)
-    method_source (0.9.2)
+    method_source (1.0.0)
    microformats (4.2.0)
      json (~> 2.2)
      nokogiri (~> 1.10)
    mime-types (3.3.1)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.1009)
+    mime-types-data (3.2020.0425)
-    mimemagic (0.3.3)
+    mimemagic (0.3.5)
    mini_mime (1.0.2)
    mini_portile2 (2.4.0)
    minitest (5.14.0)
-    msgpack (1.3.1)
+    msgpack (1.3.3)
    multi_json (1.14.1)
    multipart-post (2.1.1)
    necromancer (0.5.1)
    net-ldap (0.16.2)
-    net-scp (2.0.0)
+    net-scp (3.0.0)
-      net-ssh (>= 2.6.5, < 6.0.0)
+      net-ssh (>= 2.6.5, < 7.0.0)
-    net-ssh (5.2.0)
+    net-ssh (6.0.2)
    nio4r (2.5.2)
-    nokogiri (1.10.8)
+    nokogiri (1.10.9)
      mini_portile2 (~> 2.4.0)
-    nokogumbo (2.0.1)
+    nokogumbo (2.0.2)
      nokogiri (~> 1.8, >= 1.8.4)
    nsa (0.2.7)
      activesupport (>= 4.2, < 6)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      sidekiq (>= 3.5)
      statsd-ruby (~> 1.4, >= 1.4.0)
-    oj (3.10.1)
+    oj (3.10.6)
-    omniauth (1.9.0)
+    omniauth (1.9.1)
-      hashie (>= 3.4.6, < 3.7.0)
+      hashie (>= 3.4.6)
      rack (>= 1.6.2, < 3)
    omniauth-cas (1.1.1)
      addressable (~> 2.3)
@ -395,7 +394,7 @@ GEM
      omniauth (~> 1.3, >= 1.3.2)
      ruby-saml (~> 1.7)
    orm_adapter (0.5.0)
-    ox (2.12.1)
+    ox (2.13.2)
    paperclip (6.0.0)
      activemodel (>= 4.2.0)
      activesupport (>= 4.2.0)
@ -406,63 +405,63 @@ GEM
      av (~> 0.9.0)
      paperclip (>= 2.5.2)
    parallel (1.19.1)
-    parallel_tests (2.30.1)
+    parallel_tests (2.32.0)
      parallel
-    parser (2.7.0.2)
+    parser (2.7.1.2)
      ast (~> 2.4.0)
-    parslet (1.8.2)
+    parslet (2.0.0)
-    pastel (0.7.3)
+    pastel (0.7.4)
      equatable (~> 0.6)
      tty-color (~> 0.5)
-    pg (1.2.2)
+    pg (1.2.3)
-    pghero (2.4.1)
+    pghero (2.4.2)
      activerecord (>= 5)
    pkg-config (1.4.1)
    premailer (1.11.1)
      addressable
      css_parser (>= 1.6.0)
      htmlentities (>= 4.0.0)
-    premailer-rails (1.10.3)
+    premailer-rails (1.11.1)
      actionmailer (>= 3)
      premailer (~> 1.7, >= 1.7.9)
    private_address_check (0.5.0)
-    pry (0.12.2)
+    pry (0.13.1)
-      coderay (~> 1.1.0)
+      coderay (~> 1.1)
-      method_source (~> 0.9.0)
+      method_source (~> 1.0)
-    pry-byebug (3.8.0)
+    pry-byebug (3.9.0)
      byebug (~> 11.0)
-      pry (~> 0.10)
+      pry (~> 0.13.0)
    pry-rails (0.3.9)
      pry (>= 0.10.4)
-    public_suffix (4.0.3)
+    public_suffix (4.0.5)
-    puma (4.3.1)
+    puma (4.3.3)
      nio4r (~> 2.0)
    pundit (2.1.0)
      activesupport (>= 3.0.0)
-    raabro (1.1.6)
+    raabro (1.3.1)
    rack (2.2.2)
-    rack-attack (6.2.2)
+    rack-attack (6.3.0)
      rack (>= 1.0, < 3)
    rack-cors (1.1.1)
      rack (>= 2.0.0)
-    rack-protection (2.0.7)
+    rack-protection (2.0.8.1)
      rack
    rack-proxy (0.6.5)
      rack
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
-    rails (5.2.4.1)
+    rails (5.2.4.2)
-      actioncable (= 5.2.4.1)
+      actioncable (= 5.2.4.2)
-      actionmailer (= 5.2.4.1)
+      actionmailer (= 5.2.4.2)
-      actionpack (= 5.2.4.1)
+      actionpack (= 5.2.4.2)
-      actionview (= 5.2.4.1)
+      actionview (= 5.2.4.2)
-      activejob (= 5.2.4.1)
+      activejob (= 5.2.4.2)
-      activemodel (= 5.2.4.1)
+      activemodel (= 5.2.4.2)
-      activerecord (= 5.2.4.1)
+      activerecord (= 5.2.4.2)
-      activestorage (= 5.2.4.1)
+      activestorage (= 5.2.4.2)
-      activesupport (= 5.2.4.1)
+      activesupport (= 5.2.4.2)
      bundler (>= 1.3.0)
-      railties (= 5.2.4.1)
+      railties (= 5.2.4.2)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.4)
      actionpack (>= 5.0.1.x)
@ -478,9 +477,9 @@ GEM
      railties (>= 5.0, < 6)
    rails-settings-cached (0.6.6)
      rails (>= 4.2.0)
-    railties (5.2.4.1)
+    railties (5.2.4.2)
-      actionpack (= 5.2.4.1)
+      actionpack (= 5.2.4.2)
-      activesupport (= 5.2.4.1)
+      activesupport (= 5.2.4.2)
      method_source
      rake (>= 0.8.7)
      thor (>= 0.19.0, < 2.0)
@ -491,102 +490,110 @@ GEM
      link_header (~> 0.0, >= 0.0.8)
    rdf-normalize (0.4.0)
      rdf (~> 3.1)
-    redis (4.1.3)
+    redis (4.1.4)
-    redis-actionpack (5.0.2)
+    redis-actionpack (5.2.0)
-      actionpack (>= 4.0, < 6)
+      actionpack (>= 5, < 7)
-      redis-rack (>= 1, < 3)
+      redis-rack (>= 2.1.0, < 3)
      redis-store (>= 1.1.0, < 2)
-    redis-activesupport (5.0.4)
+    redis-activesupport (5.2.0)
-      activesupport (>= 3, < 6)
+      activesupport (>= 3, < 7)
      redis-store (>= 1.3, < 2)
    redis-namespace (1.7.0)
      redis (>= 3.0.4)
-    redis-rack (2.0.4)
+    redis-rack (2.1.2)
-      rack (>= 1.5, < 3)
+      rack (>= 2.0.8, < 3)
      redis-store (>= 1.2, < 2)
    redis-rails (5.0.2)
      redis-actionpack (>= 5.0, < 6)
      redis-activesupport (>= 5.0, < 6)
      redis-store (>= 1.2, < 2)
-    redis-store (1.5.0)
+    redis-store (1.8.2)
-      redis (>= 2.2, < 5)
+      redis (>= 4, < 5)
-    regexp_parser (1.6.0)
+    regexp_parser (1.7.0)
    request_store (1.5.0)
      rack (>= 1.4)
    responders (3.0.0)
      actionpack (>= 5.0)
      railties (>= 5.0)
    rexml (3.2.4)
    rotp (2.1.2)
    rpam2 (4.0.2)
    rqrcode (1.1.2)
      chunky_png (~> 1.0)
      rqrcode_core (~> 0.1)
-    rqrcode_core (0.1.1)
+    rqrcode_core (0.1.2)
-    rspec-core (3.9.0)
+    rspec-core (3.9.2)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.0)
+    rspec-expectations (3.9.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
+    rspec-mocks (3.9.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.9.0)
-    rspec-rails (3.9.0)
+    rspec-rails (4.0.0)
-      actionpack (>= 3.0)
+      actionpack (>= 4.2)
-      activesupport (>= 3.0)
+      activesupport (>= 4.2)
-      railties (>= 3.0)
+      railties (>= 4.2)
-      rspec-core (~> 3.9.0)
+      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9.0)
+      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9.0)
+      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.9)
    rspec-sidekiq (3.0.3)
      rspec-core (~> 3.0, >= 3.0.0)
      sidekiq (>= 2.4.0)
-    rspec-support (3.9.0)
+    rspec-support (3.9.3)
-    rubocop (0.79.0)
+    rspec_junit_formatter (0.4.1)
      rspec-core (>= 2, < 4, != 2.12.0)
    rubocop (0.82.0)
      jaro_winkler (~> 1.5.1)
      parallel (~> 1.10)
      parser (>= 2.7.0.1)
      rainbow (>= 2.2.2, < 4.0)
      rexml
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-rails (2.4.2)
+    rubocop-rails (2.5.2)
      activesupport
      rack (>= 1.1)
      rubocop (>= 0.72.0)
    ruby-progressbar (1.10.1)
-    ruby-saml (1.9.0)
+    ruby-saml (1.11.0)
      nokogiri (>= 1.5.10)
-    rufus-scheduler (3.5.2)
+    rufus-scheduler (3.6.0)
-      fugit (~> 1.1, >= 1.1.5)
+      fugit (~> 1.1, >= 1.1.6)
    safe_yaml (1.0.5)
    sanitize (5.1.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.8.0)
      nokogumbo (~> 2.0)
-    sidekiq (5.2.7)
+    semantic_range (2.3.0)
-      connection_pool (~> 2.2, >= 2.2.2)
+    sidekiq (6.0.7)
-      rack (>= 1.5.0)
+      connection_pool (>= 2.2.2)
-      rack-protection (>= 1.5.0)
+      rack (~> 2.0)
-      redis (>= 3.3.5, < 5)
+      rack-protection (>= 2.0.0)
      redis (>= 4.1.0)
    sidekiq-bulk (0.2.0)
      sidekiq
-    sidekiq-scheduler (3.0.0)
+    sidekiq-scheduler (3.0.1)
      e2mmap
      redis (>= 3, < 5)
      rufus-scheduler (~> 3.2)
      sidekiq (>= 3)
      thwait
      tilt (>= 1.4.0)
-    sidekiq-unique-jobs (6.0.18)
+    sidekiq-unique-jobs (6.0.21)
      concurrent-ruby (~> 1.0, >= 1.0.5)
      sidekiq (>= 4.0, < 7.0)
      thor (~> 0)
    simple-navigation (4.1.0)
      activesupport (>= 2.3.2)
-    simple_form (5.0.1)
+    simple_form (5.0.2)
      actionpack (>= 5.0)
      activemodel (>= 5.0)
-    simplecov (0.18.2)
+    simplecov (0.18.5)
      docile (~> 1.1)
      simplecov-html (~> 0.11)
-    simplecov-html (0.12.0)
+    simplecov-html (0.12.2)
    sprockets (3.7.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
@ -594,7 +601,7 @@ GEM
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
-    sshkit (1.20.0)
+    sshkit (1.21.0)
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
    stackprof (0.2.15)
@ -602,7 +609,7 @@ GEM
    stoplight (2.2.0)
    streamio-ffmpeg (3.0.2)
      multi_json (~> 1.8)
-    strong_migrations (0.5.1)
+    strong_migrations (0.6.6)
      activerecord (>= 5)
    temple (0.8.2)
    terminal-table (1.8.0)
@ -613,11 +620,11 @@ GEM
    thread_safe (0.3.6)
    thwait (0.1.0)
    tilt (2.0.10)
-    tty-color (0.5.0)
+    tty-color (0.5.1)
    tty-command (0.9.0)
      pastel (~> 0.7.0)
-    tty-cursor (0.7.0)
+    tty-cursor (0.7.1)
-    tty-prompt (0.20.0)
+    tty-prompt (0.21.0)
      necromancer (~> 0.5.0)
      pastel (~> 0.7.0)
      tty-reader (~> 0.7.0)
@ -625,28 +632,29 @@ GEM
      tty-cursor (~> 0.7)
      tty-screen (~> 0.7)
      wisper (~> 2.0.0)
-    tty-screen (0.7.0)
+    tty-screen (0.7.1)
    twitter-text (1.14.7)
      unf (~> 0.1.0)
-    tzinfo (1.2.6)
+    tzinfo (1.2.7)
      thread_safe (~> 0.1)
-    tzinfo-data (1.2019.3)
+    tzinfo-data (1.2020.1)
      tzinfo (>= 1.0.0)
    unf (0.1.4)
      unf_ext
-    unf_ext (0.0.7.6)
+    unf_ext (0.0.7.7)
-    unicode-display_width (1.6.1)
+    unicode-display_width (1.7.0)
    uniform_notifier (1.13.0)
    warden (1.2.8)
      rack (>= 2.0.6)
-    webmock (3.8.0)
+    webmock (3.8.3)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
-    webpacker (4.2.2)
+    webpacker (5.1.1)
-      activesupport (>= 4.2)
+      activesupport (>= 5.2)
      rack-proxy (>= 0.6.1)
-      railties (>= 4.2)
+      railties (>= 5.2)
      semantic_range (>= 2.3.0)
    webpush (0.3.8)
      hkdf (~> 0.2)
      jwt (~> 2.0)
@ -664,36 +672,36 @@ DEPENDENCIES
  active_model_serializers (~> 0.10)
  active_record_query_trace (~> 1.7)
  addressable (~> 2.7)
-  annotate (~> 3.0)
+  annotate (~> 3.1)
-  aws-sdk-s3 (~> 1.60)
+  aws-sdk-s3 (~> 1.64)
-  better_errors (~> 2.5)
+  better_errors (~> 2.7)
  binding_of_caller (~> 0.7)
  blurhash (~> 0.1)
  bootsnap (~> 1.4)
-  brakeman (~> 4.7)
+  brakeman (~> 4.8)
  browser
  bullet (~> 6.1)
  bundler-audit (~> 0.6)
-  capistrano (~> 3.11)
+  capistrano (~> 3.14)
  capistrano-rails (~> 1.4)
  capistrano-rbenv (~> 2.1)
  capistrano-yarn (~> 2.0)
-  capybara (~> 3.31)
+  capybara (~> 3.32)
  charlock_holmes (~> 0.7.7)
  chewy (~> 5.1)
-  cld3 (~> 3.2.6)
+  cld3 (~> 3.3.0)
  climate_control (~> 0.2)
  concurrent-ruby
  connection_pool
  devise (~> 4.7)
  devise-two-factor (~> 3.1)
  devise_pam_authenticatable2 (~> 9.2)
-  discard (~> 1.1)
+  discard (~> 1.2)
-  doorkeeper (~> 5.2)
+  doorkeeper (~> 5.4)
  dotenv-rails (~> 2.7)
  e2mmap (~> 0.1.0)
  fabrication (~> 2.21)
-  faker (~> 2.10)
+  faker (~> 2.11)
  fast_blank (~> 1.0)
  fastimage
  fog-core (<= 2.1.0)
@ -704,7 +712,7 @@ DEPENDENCIES
  health_check!
  hiredis (~> 0.6)
  htmlentities (~> 4.3)
-  http (~> 4.3)
+  http (~> 4.4)
  http_accept_language (~> 2.1)
  http_parser.rb (~> 0.6)!
  httplog (~> 1.4.2)
@ -713,7 +721,7 @@ DEPENDENCIES
  iso-639
  json-ld
  json-ld-preloaded (~> 3.1)
-  kaminari (~> 1.1)
+  kaminari (~> 1.2)
  letter_opener (~> 1.7)
  letter_opener_web (~> 1.4)
  link_header (~> 0.0)
@ -731,11 +739,11 @@ DEPENDENCIES
  omniauth (~> 1.9)
  omniauth-cas (~> 1.1)
  omniauth-saml (~> 1.10)
-  ox (~> 2.12)
+  ox (~> 2.13)
  paperclip (~> 6.0)
  paperclip-av-transcoder (~> 0.6)
  parallel (~> 1.19)
-  parallel_tests (~> 2.30)
+  parallel_tests (~> 2.32)
  parslet
  pg (~> 1.2)
  pghero (~> 2.4)
@ -743,14 +751,14 @@ DEPENDENCIES
  posix-spawn!
  premailer-rails
  private_address_check (~> 0.5)
-  pry-byebug (~> 3.8)
+  pry-byebug (~> 3.9)
  pry-rails (~> 0.3)
  puma (~> 4.3)
  pundit (~> 2.1)
  rack (~> 2.2.2)
-  rack-attack (~> 6.2)
+  rack-attack (~> 6.3)
  rack-cors (~> 1.1)
-  rails (~> 5.2.4)
+  rails (~> 5.2.4.2)
  rails-controller-testing (~> 1.0)
  rails-i18n (~> 5.1)
  rails-settings-cached (~> 0.6)
@ -759,13 +767,14 @@ DEPENDENCIES
  redis-namespace (~> 1.7)
  redis-rails (~> 5.0)
  rqrcode (~> 1.1)
-  rspec-rails (~> 3.9)
+  rspec-rails (~> 4.0)
  rspec-sidekiq (~> 3.0)
-  rubocop (~> 0.79)
+  rspec_junit_formatter (~> 0.4)
-  rubocop-rails (~> 2.4)
+  rubocop (~> 0.82)
  rubocop-rails (~> 2.5)
  ruby-progressbar (~> 1.10)
  sanitize (~> 5.1)
-  sidekiq (~> 5.2)
+  sidekiq (~> 6.0)
  sidekiq-bulk (~> 0.2.0)
  sidekiq-scheduler (~> 3.0)
  sidekiq-unique-jobs (~> 6.0)
@ -777,15 +786,15 @@ DEPENDENCIES
  stackprof
  stoplight (~> 2.2.0)
  streamio-ffmpeg (~> 3.0)
-  strong_migrations (~> 0.5)
+  strong_migrations (~> 0.6)
  thor (~> 0.20)
  thwait (~> 0.1.0)
  tty-command (~> 0.9)
-  tty-prompt (~> 0.20)
+  tty-prompt (~> 0.21)
  twitter-text (~> 1.14)
-  tzinfo-data (~> 1.2019)
+  tzinfo-data (~> 1.2020)
  webmock (~> 3.8)
-  webpacker (~> 4.2)
+  webpacker (~> 5.1)
  webpush
 RUBY VERSION
--- a/2
+++ b/2
@ -91,7 +91,7 @@ VAGRANTFILE_API_VERSION = "2"
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "ubuntu/xenial64"
+  config.vm.box = "ubuntu/bionic64"
  config.vm.provider :virtualbox do |vb|
    vb.name = "mastodon"
--- a/app/chewy/statuses_index.rb
+++ b/app/chewy/statuses_index.rb
@ -47,6 +47,11 @@ class StatusesIndex < Chewy::Index
      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
    end
    crutch :bookmarks do |collection|
      data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
    end
    root date_detection: false do
      field :id, type: 'long'
      field :account_id, type: 'long'
--- a/app/controllers/account_follow_controller.rb
+++ b/app/controllers/account_follow_controller.rb
@ -6,7 +6,7 @@ class AccountFollowController < ApplicationController
  before_action :authenticate_user!
  def create
-    FollowService.new.call(current_user.account, @account.acct)
+    FollowService.new.call(current_user.account, @account, with_rate_limit: true)
    redirect_to account_path(@account)
  end
 end
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -27,7 +27,7 @@ class AccountsController < ApplicationController
        end
        @pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses?
-        @statuses        = filtered_status_page(params)
+        @statuses        = filtered_status_page
        @statuses        = cache_collection(@statuses, Status)
        @rss_url         = rss_url
@ -40,7 +40,7 @@ class AccountsController < ApplicationController
      format.rss do
        expires_in 1.minute, public: true
-        @statuses = filtered_statuses.without_reblogs.without_local_only.without_replies.limit(PAGE_SIZE)
+        @statuses = filtered_statuses.without_reblogs.without_local_only.limit(PAGE_SIZE)
        @statuses = cache_collection(@statuses, Status)
        render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
      end
@ -133,23 +133,23 @@ class AccountsController < ApplicationController
  end
  def media_requested?
-    request.path.ends_with?('/media') && !tag_requested?
+    request.path.split('.').first.ends_with?('/media') && !tag_requested?
  end
  def replies_requested?
-    request.path.ends_with?('/with_replies') && !tag_requested?
+    request.path.split('.').first.ends_with?('/with_replies') && !tag_requested?
  end
  def tag_requested?
    request.path.split('.').first.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
  end
-  def filtered_status_page(params)
+  def filtered_status_page
-    if params[:min_id].present?
+    filtered_statuses.paginate_by_id(PAGE_SIZE, params_slice(:max_id, :min_id, :since_id))
      filtered_statuses.paginate_by_min_id(PAGE_SIZE, params[:min_id]).reverse
    else
      filtered_statuses.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id]).to_a
  end
  def params_slice(*keys)
    params.slice(*keys).permit(*keys)
  end
  def restrict_fields_to
--- a/app/controllers/activitypub/collections_controller.rb
+++ b/app/controllers/activitypub/collections_controller.rb
@ -24,20 +24,23 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
  def set_size
    case params[:id]
    when 'featured'
-      @account.pinned_statuses.count
+      @size = @account.pinned_statuses.count
    else
-      raise ActiveRecord::RecordNotFound
+      not_found
    end
  end
  def scope_for_collection
    case params[:id]
    when 'featured'
-      return Status.none if @account.blocking?(signed_request_account)
+      # Because in public fetch mode we cache the response, there would be no
-
+      # benefit from performing the check below, since a blocked account or domain
-      @account.pinned_statuses
+      # would likely be served the cache from the reverse proxy anyway
      if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
        Status.none
      else
-      raise ActiveRecord::RecordNotFound
+        @account.pinned_statuses
      end
    end
  end
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@ -49,7 +49,7 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
      ResolveAccountWorker.perform_async(signed_request_account.acct)
    end
-    DeliveryFailureTracker.track_inverse_success!(signed_request_account)
+    DeliveryFailureTracker.reset!(signed_request_account.inbox_url)
  end
  def process_payload
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@ -11,7 +11,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
  before_action :set_cache_headers
  def show
-    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)
+    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?))
    render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
  end
@ -50,12 +50,12 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
    return unless page_requested?
    @statuses = @account.statuses.permitted_for(@account, signed_request_account)
-    @statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id])
+    @statuses = @statuses.paginate_by_id(LIMIT, params_slice(:max_id, :min_id, :since_id))
    @statuses = cache_collection(@statuses, Status)
  end
  def page_requested?
-    params[:page] == 'true'
+    truthy_param?(:page)
  end
  def page_params
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class ActivityPub::RepliesController < ActivityPub::BaseController
-  include SignatureAuthentication
+  include SignatureVerification
  include Authorization
  include AccountOwnedConcern
@ -19,15 +19,19 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  private
  def pundit_user
    signed_request_account
  end
  def set_status
    @status = @account.statuses.find(params[:status_id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
-    raise ActiveRecord::RecordNotFound
+    not_found
  end
  def set_replies
-    @replies = page_params[:only_other_accounts] ? Status.where.not(account_id: @account.id) : @account.statuses
+    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id) : @account.statuses
    @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
    @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
  end
@ -38,7 +42,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
      type: :unordered,
      part_of: account_status_replies_url(@account, @status),
      next: next_page,
-      items: @replies.map { |status| status.local ? status : status.uri }
+      items: @replies.map { |status| status.local? ? status : status.uri }
    )
    return page if page_requested?
@ -51,16 +55,21 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  end
  def page_requested?
-    params[:page] == 'true'
+    truthy_param?(:page)
  end
  def only_other_accounts?
    truthy_param?(:only_other_accounts)
  end
  def next_page
    only_other_accounts = !(@replies&.last&.account_id == @account.id && @replies.size == DESCENDANTS_LIMIT)
    account_status_replies_url(
      @account,
      @status,
      page: true,
-      min_id: only_other_accounts && !page_params[:only_other_accounts] ? nil : @replies&.last&.id,
+      min_id: only_other_accounts && !only_other_accounts? ? nil : @replies&.last&.id,
      only_other_accounts: only_other_accounts
    )
  end
--- a/app/controllers/admin/action_logs_controller.rb
+++ b/app/controllers/admin/action_logs_controller.rb
@ -2,8 +2,18 @@
 module Admin
  class ActionLogsController < BaseController
-    def index
+    before_action :set_action_logs
-      @action_logs = Admin::ActionLog.page(params[:page])
+
    def index; end
    private
    def set_action_logs
      @action_logs = Admin::ActionLogFilter.new(filter_params).results.page(params[:page])
    end
    def filter_params
      params.slice(:page, *Admin::ActionLogFilter::KEYS).permit(:page, *Admin::ActionLogFilter::KEYS)
    end
  end
 end
--- a/app/controllers/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/admin/email_domain_blocks_controller.rb
@ -6,12 +6,12 @@ module Admin
    def index
      authorize :email_domain_block, :index?
-      @email_domain_blocks = EmailDomainBlock.page(params[:page])
+      @email_domain_blocks = EmailDomainBlock.where(parent_id: nil).includes(:children).order(id: :desc).page(params[:page])
    end
    def new
      authorize :email_domain_block, :create?
-      @email_domain_block = EmailDomainBlock.new
+      @email_domain_block = EmailDomainBlock.new(domain: params[:_domain])
    end
    def create
@ -21,6 +21,28 @@ module Admin
      if @email_domain_block.save
        log_action :create, @email_domain_block
        if @email_domain_block.with_dns_records?
          hostnames = []
          ips       = []
          Resolv::DNS.open do |dns|
            dns.timeouts = 1
            hostnames = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
            ([@email_domain_block.domain] + hostnames).uniq.each do |hostname|
              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::A).to_a.map { |e| e.address.to_s })
              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::AAAA).to_a.map { |e| e.address.to_s })
            end
          end
          (hostnames + ips).each do |hostname|
            another_email_domain_block = EmailDomainBlock.new(domain: hostname, parent: @email_domain_block)
            log_action :create, another_email_domain_block if another_email_domain_block.save
          end
        end
        redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg')
      else
        render :new
@ -41,7 +63,7 @@ module Admin
    end
    def resource_params
-      params.require(:email_domain_block).permit(:domain)
+      params.require(:email_domain_block).permit(:domain, :with_dns_records)
    end
  end
 end
--- a/app/controllers/admin/instances_controller.rb
+++ b/app/controllers/admin/instances_controller.rb
@ -19,7 +19,7 @@ module Admin
      @followers_count = Follow.where(target_account: Account.where(domain: params[:id])).count
      @reports_count   = Report.where(target_account: Account.where(domain: params[:id])).count
      @blocks_count    = Block.where(target_account: Account.where(domain: params[:id])).count
-      @available       = DeliveryFailureTracker.available?(Account.select(:shared_inbox_url).where(domain: params[:id]).first&.shared_inbox_url)
+      @available       = DeliveryFailureTracker.available?(params[:id])
      @media_storage   = MediaAttachment.where(account: Account.where(domain: params[:id])).sum(:file_file_size)
      @private_comment = @domain_block&.private_comment
      @public_comment  = @domain_block&.public_comment
--- a/app/controllers/admin/site_uploads_controller.rb
+++ b/app/controllers/admin/site_uploads_controller.rb
@ -0,0 +1,21 @@
 # frozen_string_literal: true
 module Admin
  class SiteUploadsController < BaseController
    before_action :set_site_upload
    def destroy
      authorize :settings, :destroy?
      @site_upload.destroy!
      redirect_to edit_admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg')
    end
    private
    def set_site_upload
      @site_upload = SiteUpload.find(params[:id])
    end
  end
 end
--- a/app/controllers/admin/warning_presets_controller.rb
+++ b/app/controllers/admin/warning_presets_controller.rb
@ -7,7 +7,7 @@ module Admin
    def index
      authorize :account_warning_preset, :index?
-      @warning_presets = AccountWarningPreset.all
+      @warning_presets = AccountWarningPreset.alphabetic
      @warning_preset  = AccountWarningPreset.new
    end
@ -19,7 +19,7 @@ module Admin
      if @warning_preset.save
        redirect_to admin_warning_presets_path
      else
-        @warning_presets = AccountWarningPreset.all
+        @warning_presets = AccountWarningPreset.alphabetic
        render :index
      end
    end
@ -52,7 +52,7 @@ module Admin
    end
    def warning_preset_params
-      params.require(:account_warning_preset).permit(:text)
+      params.require(:account_warning_preset).permit(:title, :text)
    end
  end
 end
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -44,6 +44,10 @@ class Api::BaseController < ApplicationController
    render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
  end
  rescue_from Mastodon::RateLimitExceededError do
    render json: { error: I18n.t('errors.429') }, status: 429
  end
  rescue_from ActionController::ParameterMissing do |e|
    render json: { error: e.to_s }, status: 400
  end
--- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
@ -5,8 +5,6 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
  before_action :set_account
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
@ -22,12 +20,12 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
    return [] if hide_results?
    scope = default_accounts
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
    scope.merge(paginated_follows).to_a
  end
  def hide_results?
-    (@account.user_hides_network? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
  end
  def default_accounts
--- a/app/controllers/api/v1/accounts/following_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb
@ -5,8 +5,6 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
  before_action :set_account
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
@ -22,12 +20,12 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
    return [] if hide_results?
    scope = default_accounts
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
    scope.merge(paginated_follows).to_a
  end
  def hide_results?
-    (@account.user_hides_network? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
  end
  def default_accounts
--- a/app/controllers/api/v1/accounts/identity_proofs_controller.rb
+++ b/app/controllers/api/v1/accounts/identity_proofs_controller.rb
@ -4,8 +4,6 @@ class Api::V1::Accounts::IdentityProofsController < Api::BaseController
  before_action :require_user!
  before_action :set_account
  respond_to :json
  def index
    @proofs = @account.identity_proofs.active
    render json: @proofs, each_serializer: REST::IdentityProofSerializer
--- a/app/controllers/api/v1/accounts/lists_controller.rb
+++ b/app/controllers/api/v1/accounts/lists_controller.rb
@ -5,8 +5,6 @@ class Api::V1::Accounts::ListsController < Api::BaseController
  before_action :require_user!
  before_action :set_account
  respond_to :json
  def index
    @lists = @account.lists.where(account: current_account)
    render json: @lists, each_serializer: REST::ListSerializer
--- a/app/controllers/api/v1/accounts/pins_controller.rb
+++ b/app/controllers/api/v1/accounts/pins_controller.rb
@ -7,8 +7,6 @@ class Api::V1::Accounts::PinsController < Api::BaseController
  before_action :require_user!
  before_action :set_account
  respond_to :json
  def create
    AccountPin.create!(account: current_account, target_account: @account)
    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships_presenter
--- a/app/controllers/api/v1/accounts/relationships_controller.rb
+++ b/app/controllers/api/v1/accounts/relationships_controller.rb
@ -4,8 +4,6 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:follows' }
  before_action :require_user!
  respond_to :json
  def index
    accounts = Account.where(id: account_ids).select('id')
    # .where doesn't guarantee that our results are in the same order
--- a/app/controllers/api/v1/accounts/search_controller.rb
+++ b/app/controllers/api/v1/accounts/search_controller.rb
@ -4,8 +4,6 @@ class Api::V1::Accounts::SearchController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }
  before_action :require_user!
  respond_to :json
  def show
    @accounts = account_search
    render json: @accounts, each_serializer: REST::AccountSerializer
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@ -6,8 +6,6 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
  after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
  respond_to :json
  def index
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -14,7 +14,7 @@ class Api::V1::AccountsController < Api::BaseController
  skip_before_action :require_authenticated_user!, only: :create
-  respond_to :json
+  override_rate_limit_headers :follow, family: :follows
  def show
    render json: @account, serializer: REST::AccountSerializer
@ -31,7 +31,7 @@ class Api::V1::AccountsController < Api::BaseController
  end
  def follow
-    FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs))
+    FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs), with_rate_limit: true)
    options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } }
--- a/app/controllers/api/v1/apps/credentials_controller.rb
+++ b/app/controllers/api/v1/apps/credentials_controller.rb
@ -3,8 +3,6 @@
 class Api::V1::Apps::CredentialsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  respond_to :json
  def show
    render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key)
  end
--- a/app/controllers/api/v1/blocks_controller.rb
+++ b/app/controllers/api/v1/blocks_controller.rb
@ -5,8 +5,6 @@ class Api::V1::BlocksController < Api::BaseController
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
--- a/app/controllers/api/v1/bookmarks_controller.rb
+++ b/app/controllers/api/v1/bookmarks_controller.rb
@ -5,8 +5,6 @@ class Api::V1::BookmarksController < Api::BaseController
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
--- a/app/controllers/api/v1/conversations_controller.rb
+++ b/app/controllers/api/v1/conversations_controller.rb
@ -9,8 +9,6 @@ class Api::V1::ConversationsController < Api::BaseController
  before_action :set_conversation, except: :index
  after_action :insert_pagination_headers, only: :index
  respond_to :json
  def index
    @conversations = paginated_conversations
    render json: @conversations, each_serializer: REST::ConversationSerializer
--- a/app/controllers/api/v1/custom_emojis_controller.rb
+++ b/app/controllers/api/v1/custom_emojis_controller.rb
@ -1,8 +1,6 @@
 # frozen_string_literal: true
 class Api::V1::CustomEmojisController < Api::BaseController
  respond_to :json
  skip_before_action :set_cache_headers
  def index
--- a/app/controllers/api/v1/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/domain_blocks_controller.rb
@ -8,8 +8,6 @@ class Api::V1::DomainBlocksController < Api::BaseController
  before_action :require_user!
  after_action :insert_pagination_headers, only: :show
  respond_to :json
  def show
    @blocks = load_domain_blocks
    render json: @blocks.map(&:domain)
--- a/app/controllers/api/v1/endorsements_controller.rb
+++ b/app/controllers/api/v1/endorsements_controller.rb
@ -5,8 +5,6 @@ class Api::V1::EndorsementsController < Api::BaseController
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
--- a/app/controllers/api/v1/favourites_controller.rb
+++ b/app/controllers/api/v1/favourites_controller.rb
@ -5,8 +5,6 @@ class Api::V1::FavouritesController < Api::BaseController
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
--- a/app/controllers/api/v1/featured_tags/suggestions_controller.rb
+++ b/app/controllers/api/v1/featured_tags/suggestions_controller.rb
@ -2,12 +2,9 @@
 class Api::V1::FeaturedTags::SuggestionsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, only: :index
  before_action :require_user!
  before_action :set_most_used_tags, only: :index
  respond_to :json
  def index
    render json: @most_used_tags, each_serializer: REST::TagSerializer
  end
--- a/app/controllers/api/v1/filters_controller.rb
+++ b/app/controllers/api/v1/filters_controller.rb
@ -7,8 +7,6 @@ class Api::V1::FiltersController < Api::BaseController
  before_action :set_filters, only: :index
  before_action :set_filter, only: [:show, :update, :destroy]
  respond_to :json
  def index
    render json: @filters, each_serializer: REST::FilterSerializer
  end
--- a/app/controllers/api/v1/instances/activity_controller.rb
+++ b/app/controllers/api/v1/instances/activity_controller.rb
@ -6,8 +6,6 @@ class Api::V1::Instances::ActivityController < Api::BaseController
  skip_before_action :set_cache_headers
  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
  respond_to :json
  def show
    expires_in 1.day, public: true
    render_with_cache json: :activity, expires_in: 1.day
--- a/app/controllers/api/v1/instances/peers_controller.rb
+++ b/app/controllers/api/v1/instances/peers_controller.rb
@ -6,8 +6,6 @@ class Api::V1::Instances::PeersController < Api::BaseController
  skip_before_action :set_cache_headers
  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
  respond_to :json
  def index
    expires_in 1.day, public: true
    render_with_cache(expires_in: 1.day) { Account.remote.domains }
--- a/app/controllers/api/v1/instances_controller.rb
+++ b/app/controllers/api/v1/instances_controller.rb
@ -1,8 +1,6 @@
 # frozen_string_literal: true
 class Api::V1::InstancesController < Api::BaseController
  respond_to :json
  skip_before_action :set_cache_headers
  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@ -3,27 +3,42 @@
 class Api::V1::MediaController < Api::BaseController
  before_action -> { doorkeeper_authorize! :write, :'write:media' }
  before_action :require_user!
-
+  before_action :set_media_attachment, except: [:create]
-  respond_to :json
+  before_action :check_processing, except: [:create]
  def create
-    @media = current_account.media_attachments.create!(media_params)
+    @media_attachment = current_account.media_attachments.create!(media_attachment_params)
-    render json: @media, serializer: REST::MediaAttachmentSerializer
+    render json: @media_attachment, serializer: REST::MediaAttachmentSerializer
  rescue Paperclip::Errors::NotIdentifiedByImageMagickError
    render json: file_type_error, status: 422
  rescue Paperclip::Error
    render json: processing_error, status: 500
  end
  def show
    render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
  end
  def update
-    @media = current_account.media_attachments.where(status_id: nil).find(params[:id])
+    @media_attachment.update!(media_attachment_params)
-    @media.update!(media_params)
+    render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
    render json: @media, serializer: REST::MediaAttachmentSerializer
  end
  private
-  def media_params
+  def status_code_for_media_attachment
    @media_attachment.not_processed? ? 206 : 200
  end
  def set_media_attachment
    @media_attachment = current_account.media_attachments.unattached.find(params[:id])
  end
  def check_processing
    render json: processing_error, status: 422 if @media_attachment.processing_failed?
  end
  def media_attachment_params
    params.permit(:file, :description, :focus)
  end
--- a/app/controllers/api/v1/mutes_controller.rb
+++ b/app/controllers/api/v1/mutes_controller.rb
@ -5,8 +5,6 @@ class Api::V1::MutesController < Api::BaseController
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@ -6,8 +6,6 @@ class Api::V1::NotificationsController < Api::BaseController
  before_action :require_user!
  after_action :insert_pagination_headers, only: :index
  respond_to :json
  DEFAULT_NOTIFICATIONS_LIMIT = 15
  def index
--- a/app/controllers/api/v1/polls/votes_controller.rb
+++ b/app/controllers/api/v1/polls/votes_controller.rb
@ -7,8 +7,6 @@ class Api::V1::Polls::VotesController < Api::BaseController
  before_action :require_user!
  before_action :set_poll
  respond_to :json
  def create
    VoteService.new.call(current_account, @poll, vote_params[:choices])
    render json: @poll, serializer: REST::PollSerializer
@ -20,7 +18,7 @@ class Api::V1::Polls::VotesController < Api::BaseController
    @poll = Poll.attached.find(params[:poll_id])
    authorize @poll.status, :show?
  rescue Mastodon::NotPermittedError
-    raise ActiveRecord::RecordNotFound
+    not_found
  end
  def vote_params
--- a/app/controllers/api/v1/polls_controller.rb
+++ b/app/controllers/api/v1/polls_controller.rb
@ -7,8 +7,6 @@ class Api::V1::PollsController < Api::BaseController
  before_action :set_poll
  before_action :refresh_poll
  respond_to :json
  def show
    render json: @poll, serializer: REST::PollSerializer, include_results: true
  end
@ -19,7 +17,7 @@ class Api::V1::PollsController < Api::BaseController
    @poll = Poll.attached.find(params[:id])
    authorize @poll.status, :show?
  rescue Mastodon::NotPermittedError
-    raise ActiveRecord::RecordNotFound
+    not_found
  end
  def refresh_poll
--- a/app/controllers/api/v1/preferences_controller.rb
+++ b/app/controllers/api/v1/preferences_controller.rb
@ -4,8 +4,6 @@ class Api::V1::PreferencesController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }
  before_action :require_user!
  respond_to :json
  def index
    render json: current_account, serializer: REST::PreferencesSerializer
  end
--- a/app/controllers/api/v1/push/subscriptions_controller.rb
+++ b/app/controllers/api/v1/push/subscriptions_controller.rb
@ -4,6 +4,7 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :push }
  before_action :require_user!
  before_action :set_web_push_subscription
  before_action :check_web_push_subscription, only: [:show, :update]
  def create
    @web_subscription&.destroy!
@ -21,16 +22,11 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
  end
  def show
    raise ActiveRecord::RecordNotFound if @web_subscription.nil?
    render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
  end
  def update
    raise ActiveRecord::RecordNotFound if @web_subscription.nil?
    @web_subscription.update!(data: data_params)
    render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
  end
@ -45,12 +41,17 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
    @web_subscription = ::Web::PushSubscription.find_by(access_token_id: doorkeeper_token.id)
  end
  def check_web_push_subscription
    not_found if @web_subscription.nil?
  end
  def subscription_params
    params.require(:subscription).permit(:endpoint, keys: [:auth, :p256dh])
  end
  def data_params
    return {} if params[:data].blank?
    params.require(:data).permit(alerts: [:follow, :follow_request, :favourite, :reblog, :mention, :poll])
  end
 end
--- a/app/controllers/api/v1/reports_controller.rb
+++ b/app/controllers/api/v1/reports_controller.rb
@ -4,7 +4,7 @@ class Api::V1::ReportsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :write, :'write:reports' }, only: [:create]
  before_action :require_user!
-  respond_to :json
+  override_rate_limit_headers :create, family: :reports
  def create
    @report = ReportService.new.call(
--- a/app/controllers/api/v1/statuses/bookmarks_controller.rb
+++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb
@ -7,8 +7,6 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
  before_action :require_user!
  before_action :set_status
  respond_to :json
  def create
    current_account.bookmarks.find_or_create_by!(account: current_account, status: @status)
    render json: @status, serializer: REST::StatusSerializer
--- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@ -7,8 +7,6 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
  before_action :set_status
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
--- a/app/controllers/api/v1/statuses/favourites_controller.rb
+++ b/app/controllers/api/v1/statuses/favourites_controller.rb
@ -7,8 +7,6 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
  before_action :require_user!
  before_action :set_status
  respond_to :json
  def create
    FavouriteService.new.call(current_account, @status)
    render json: @status, serializer: REST::StatusSerializer
--- a/app/controllers/api/v1/statuses/mutes_controller.rb
+++ b/app/controllers/api/v1/statuses/mutes_controller.rb
@ -8,8 +8,6 @@ class Api::V1::Statuses::MutesController < Api::BaseController
  before_action :set_status
  before_action :set_conversation
  respond_to :json
  def create
    current_account.mute_conversation!(@conversation)
    @mutes_map = { @conversation.id => true }
@ -30,8 +28,7 @@ class Api::V1::Statuses::MutesController < Api::BaseController
    @status = Status.find(params[:status_id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
-    # Reraise in order to get a 404 instead of a 403 error code
+    not_found
    raise ActiveRecord::RecordNotFound
  end
  def set_conversation
--- a/app/controllers/api/v1/statuses/pins_controller.rb
+++ b/app/controllers/api/v1/statuses/pins_controller.rb
@ -7,8 +7,6 @@ class Api::V1::Statuses::PinsController < Api::BaseController
  before_action :require_user!
  before_action :set_status
  respond_to :json
  def create
    StatusPin.create!(account: current_account, status: @status)
    distribute_add_activity!
--- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
@ -7,8 +7,6 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
  before_action :set_status
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@ -7,10 +7,11 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
  before_action :require_user!
  before_action :set_reblog
-  respond_to :json
+  override_rate_limit_headers :create, family: :statuses
  def create
    @status = ReblogService.new.call(current_account, @reblog, reblog_params)
    render json: @status, serializer: REST::StatusSerializer
  end
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -7,8 +7,9 @@ class Api::V1::StatusesController < Api::BaseController
  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :destroy]
  before_action :require_user!, except:  [:show, :context]
  before_action :set_status, only:       [:show, :context]
  before_action :set_thread, only:       [:create]
-  respond_to :json
+  override_rate_limit_headers :create, family: :statuses
  # This API was originally unlimited, pagination cannot be introduced without
  # breaking backwards-compatibility. Arbitrarily high number to cover most
@ -36,7 +37,7 @@ class Api::V1::StatusesController < Api::BaseController
  def create
    @status = PostStatusService.new.call(current_user.account,
                                         text: status_params[:status],
-                                         thread: status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id]),
+                                         thread: @thread,
                                         media_ids: status_params[:media_ids],
                                         sensitive: status_params[:sensitive],
                                         spoiler_text: status_params[:spoiler_text],
@ -45,7 +46,8 @@ class Api::V1::StatusesController < Api::BaseController
                                         application: doorkeeper_token.application,
                                         poll: status_params[:poll],
                                         idempotency: request.headers['Idempotency-Key'],
-                                         local_only: status_params[:local_only])
+                                         local_only: status_params[:local_only]),
                                         with_rate_limit: true)
    render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
  end
@ -66,7 +68,13 @@ class Api::V1::StatusesController < Api::BaseController
    @status = Status.find(params[:id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
-    raise ActiveRecord::RecordNotFound
+    not_found
  end
  def set_thread
    @thread = status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id])
  rescue ActiveRecord::RecordNotFound
    render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
  end
  def status_params
--- a/app/controllers/api/v1/streaming_controller.rb
+++ b/app/controllers/api/v1/streaming_controller.rb
@ -1,8 +1,6 @@
 # frozen_string_literal: true
 class Api::V1::StreamingController < Api::BaseController
  respond_to :json
  def index
    if Rails.configuration.x.streaming_api_base_url != request.host
      redirect_to streaming_api_url, status: 301
--- a/app/controllers/api/v1/suggestions_controller.rb
+++ b/app/controllers/api/v1/suggestions_controller.rb
@ -7,8 +7,6 @@ class Api::V1::SuggestionsController < Api::BaseController
  before_action :require_user!
  before_action :set_accounts
  respond_to :json
  def index
    render json: @accounts, each_serializer: REST::AccountSerializer
  end
--- a/app/controllers/api/v1/timelines/home_controller.rb
+++ b/app/controllers/api/v1/timelines/home_controller.rb
@ -5,8 +5,6 @@ class Api::V1::Timelines::HomeController < Api::BaseController
  before_action :require_user!, only: [:show]
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  respond_to :json
  def show
    @statuses = load_statuses
--- a/app/controllers/api/v1/timelines/public_controller.rb
+++ b/app/controllers/api/v1/timelines/public_controller.rb
@ -4,8 +4,6 @@ class Api::V1::Timelines::PublicController < Api::BaseController
  before_action :require_user!, only: [:show], if: :require_auth?
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  respond_to :json
  def show
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
@ -41,7 +39,7 @@ class Api::V1::Timelines::PublicController < Api::BaseController
  end
  def public_timeline_statuses
-    Status.as_public_timeline(current_account, truthy_param?(:local))
+    Status.as_public_timeline(current_account, truthy_param?(:remote) ? :remote : truthy_param?(:local))
  end
  def insert_pagination_headers
@ -49,7 +47,7 @@ class Api::V1::Timelines::PublicController < Api::BaseController
  end
  def pagination_params(core_params)
-    params.slice(:local, :limit, :only_media).permit(:local, :limit, :only_media).merge(core_params)
+    params.slice(:local, :remote, :limit, :only_media).permit(:local, :remote, :limit, :only_media).merge(core_params)
  end
  def next_path
--- a/app/controllers/api/v1/timelines/tag_controller.rb
+++ b/app/controllers/api/v1/timelines/tag_controller.rb
@ -4,8 +4,6 @@ class Api::V1::Timelines::TagController < Api::BaseController
  before_action :load_tag
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  respond_to :json
  def show
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
--- a/app/controllers/api/v1/trends_controller.rb
+++ b/app/controllers/api/v1/trends_controller.rb
@ -3,8 +3,6 @@
 class Api::V1::TrendsController < Api::BaseController
  before_action :set_tags
  respond_to :json
  def index
    render json: @tags, each_serializer: REST::TagSerializer
  end
--- a/app/controllers/api/v2/media_controller.rb
+++ b/app/controllers/api/v2/media_controller.rb
@ -0,0 +1,12 @@
 # frozen_string_literal: true
 class Api::V2::MediaController < Api::V1::MediaController
  def create
    @media_attachment = current_account.media_attachments.create!({ delay_processing: true }.merge(media_attachment_params))
    render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: 202
  rescue Paperclip::Errors::NotIdentifiedByImageMagickError
    render json: file_type_error, status: 422
  rescue Paperclip::Error
    render json: processing_error, status: 500
  end
 end
--- a/app/controllers/api/v2/search_controller.rb
+++ b/app/controllers/api/v2/search_controller.rb
@ -8,8 +8,6 @@ class Api::V2::SearchController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:search' }
  before_action :require_user!
  respond_to :json
  def index
    @search = Search.new(search_results)
    render json: @search, serializer: REST::SearchSerializer
--- a/app/controllers/api/web/embeds_controller.rb
+++ b/app/controllers/api/web/embeds_controller.rb
@ -1,8 +1,6 @@
 # frozen_string_literal: true
 class Api::Web::EmbedsController < Api::Web::BaseController
  respond_to :json
  before_action :require_user!
  def create
--- a/app/controllers/api/web/push_subscriptions_controller.rb
+++ b/app/controllers/api/web/push_subscriptions_controller.rb
@ -1,8 +1,6 @@
 # frozen_string_literal: true
 class Api::Web::PushSubscriptionsController < Api::Web::BaseController
  respond_to :json
  before_action :require_user!
  def create
--- a/app/controllers/api/web/settings_controller.rb
+++ b/app/controllers/api/web/settings_controller.rb
@ -1,8 +1,6 @@
 # frozen_string_literal: true
 class Api::Web::SettingsController < Api::Web::BaseController
  respond_to :json
  before_action :require_user!
  def update
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -29,6 +29,7 @@ class ApplicationController < ActionController::Base
  rescue_from Mastodon::NotPermittedError, with: :forbidden
  rescue_from HTTP::Error, OpenSSL::SSL::SSLError, with: :internal_server_error
  rescue_from Mastodon::RaceConditionError, with: :service_unavailable
  rescue_from Mastodon::RateLimitExceededError, with: :too_many_requests
  before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
  before_action :require_functional!, if: :user_signed_in?
@ -111,6 +112,10 @@ class ApplicationController < ActionController::Base
    respond_with_error(503)
  end
  def too_many_requests
    respond_with_error(429)
  end
  def single_user_mode?
    @single_user_mode ||= Rails.configuration.x.single_user_mode && Account.where('id > 0').exists?
  end
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@ -111,6 +111,13 @@ class Auth::SessionsController < Devise::SessionsController
    render :two_factor
  end
  def require_no_authentication
    super
    # Delete flash message that isn't entirely useful and may be confusing in
    # most cases because /web doesn't display/clear flash messages.
    flash.delete(:alert) if flash[:alert] == I18n.t('devise.failure.already_authenticated')
  end
  private
  def set_instance_presenter
--- a/app/controllers/authorize_interactions_controller.rb
+++ b/app/controllers/authorize_interactions_controller.rb
@ -20,7 +20,7 @@ class AuthorizeInteractionsController < ApplicationController
  end
  def create
-    if @resource.is_a?(Account) && FollowService.new.call(current_account, @resource)
+    if @resource.is_a?(Account) && FollowService.new.call(current_account, @resource, with_rate_limit: true)
      render :success
    else
      render :error
--- a/app/controllers/concerns/localized.rb
+++ b/app/controllers/concerns/localized.rb
@ -28,18 +28,6 @@ module Localized
  end
  def request_locale
-    preferred_locale || compatible_locale
+    http_accept_language.language_region_compatible_from(I18n.available_locales)
  end
  def preferred_locale
    http_accept_language.preferred_language_from(available_locales)
  end
  def compatible_locale
    http_accept_language.compatible_language_from(available_locales)
  end
  def available_locales
    I18n.available_locales.reverse
  end
 end
--- a/app/controllers/concerns/rate_limit_headers.rb
+++ b/app/controllers/concerns/rate_limit_headers.rb
@ -3,6 +3,20 @@
 module RateLimitHeaders
  extend ActiveSupport::Concern
  class_methods do
    def override_rate_limit_headers(method_name, options = {})
      around_action(only: method_name, if: :current_account) do |_controller, block|
        begin
          block.call
        ensure
          rate_limiter = RateLimiter.new(current_account, options)
          rate_limit_headers = rate_limiter.to_headers
          response.headers.merge!(rate_limit_headers) unless response.headers['X-RateLimit-Remaining'].present? && rate_limit_headers['X-RateLimit-Remaining'].to_i > response.headers['X-RateLimit-Remaining'].to_i
        end
      end
    end
  end
  included do
    before_action :set_rate_limit_headers, if: :rate_limited_request?
  end
@ -44,7 +58,7 @@ module RateLimitHeaders
  end
  def api_throttle_data
-    most_limited_type, = request.env['rack.attack.throttle_data'].min_by { |_, v| v[:limit] }
+    most_limited_type, = request.env['rack.attack.throttle_data'].min_by { |_, v| v[:limit] - v[:count] }
    request.env['rack.attack.throttle_data'][most_limited_type]
  end
--- a/app/controllers/follower_accounts_controller.rb
+++ b/app/controllers/follower_accounts_controller.rb
@ -28,7 +28,8 @@ class FollowerAccountsController < ApplicationController
        render json: collection_presenter,
               serializer: ActivityPub::CollectionSerializer,
               adapter: ActivityPub::Adapter,
-               content_type: 'application/activity+json'
+               content_type: 'application/activity+json',
               fields: restrict_fields_to
      end
    end
  end
@ -71,4 +72,12 @@ class FollowerAccountsController < ApplicationController
      )
    end
  end
  def restrict_fields_to
    if page_requested? || !@account.user_hides_network?
      # Return all fields
    else
      %i(id type totalItems)
    end
  end
 end
--- a/app/controllers/following_accounts_controller.rb
+++ b/app/controllers/following_accounts_controller.rb
@ -28,7 +28,8 @@ class FollowingAccountsController < ApplicationController
        render json: collection_presenter,
               serializer: ActivityPub::CollectionSerializer,
               adapter: ActivityPub::Adapter,
-               content_type: 'application/activity+json'
+               content_type: 'application/activity+json',
               fields: restrict_fields_to
      end
    end
  end
@ -71,4 +72,12 @@ class FollowingAccountsController < ApplicationController
      )
    end
  end
  def restrict_fields_to
    if page_requested? || !@account.user_hides_network?
      # Return all fields
    else
      %i(id type totalItems)
    end
  end
 end
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@ -33,7 +33,7 @@ class MediaController < ApplicationController
  def verify_permitted_status!
    authorize @media_attachment.status, :show?
  rescue Mastodon::NotPermittedError
-    raise ActiveRecord::RecordNotFound
+    not_found
  end
  def check_playable
--- a/app/controllers/remote_interaction_controller.rb
+++ b/app/controllers/remote_interaction_controller.rb
@ -41,7 +41,7 @@ class RemoteInteractionController < ApplicationController
    @status = Status.find(params[:id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
-    raise ActiveRecord::RecordNotFound
+    not_found
  end
  def set_body_classes
--- a/app/controllers/settings/identity_proofs_controller.rb
+++ b/app/controllers/settings/identity_proofs_controller.rb
@ -21,8 +21,7 @@ class Settings::IdentityProofsController < Settings::BaseController
    if current_account.username.casecmp(params[:username]).zero?
      render layout: 'auth'
    else
-      flash[:alert] = I18n.t('identity_proofs.errors.wrong_user', proving: params[:username], current: current_account.username)
+      redirect_to settings_identity_proofs_path, alert: I18n.t('identity_proofs.errors.wrong_user', proving: params[:username], current: current_account.username)
      redirect_to settings_identity_proofs_path
    end
  end
@ -34,11 +33,16 @@ class Settings::IdentityProofsController < Settings::BaseController
      PostStatusService.new.call(current_user.account, text: post_params[:status_text]) if publish_proof?
      redirect_to @proof.on_success_path(params[:user_agent])
    else
-      flash[:alert] = I18n.t('identity_proofs.errors.failed', provider: @proof.provider.capitalize)
+      redirect_to settings_identity_proofs_path, alert: I18n.t('identity_proofs.errors.failed', provider: @proof.provider.capitalize)
      redirect_to settings_identity_proofs_path
    end
  end
  def destroy
    @proof = current_account.identity_proofs.find(params[:id])
    @proof.destroy!
    redirect_to settings_identity_proofs_path, success: I18n.t('identity_proofs.removed')
  end
  private
  def check_required_params
--- a/app/controllers/settings/imports_controller.rb
+++ b/app/controllers/settings/imports_controller.rb
@ -29,6 +29,6 @@ class Settings::ImportsController < Settings::BaseController
  end
  def import_params
-    params.require(:import).permit(:data, :type)
+    params.require(:import).permit(:data, :type, :mode)
  end
 end
--- a/app/controllers/settings/pictures_controller.rb
+++ b/app/controllers/settings/pictures_controller.rb
@ -0,0 +1,37 @@
 # frozen_string_literal: true
 module Settings
  class PicturesController < BaseController
    before_action :authenticate_user!
    before_action :set_account
    before_action :set_picture
    def destroy
      if valid_picture
        account_params = {
          @picture => nil,
          (@picture + '_remote_url') => nil,
        }
        msg = UpdateAccountService.new.call(@account, account_params) ? I18n.t('generic.changes_saved_msg') : nil
        redirect_to settings_profile_path, notice: msg, status: 303
      else
        bad_request
      end
    end
    private
    def set_account
      @account = current_account
    end
    def set_picture
      @picture = params[:id]
    end
    def valid_picture
      @picture == 'avatar' || @picture == 'header'
    end
  end
 end
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -46,7 +46,7 @@ class StatusesController < ApplicationController
  end
  def embed
-    return not_found if @status.hidden?
+    return not_found if @status.hidden? || @status.reblog?
    expires_in 180, public: true
    response.headers['X-Frame-Options'] = 'ALLOWALL'
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@ -10,6 +10,7 @@ class TagsController < ApplicationController
  before_action :require_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
  before_action :authenticate_user!, if: :whitelist_mode?
  before_action :set_tag
  before_action :set_local
  before_action :set_body_classes
  before_action :set_instance_presenter
@ -24,7 +25,7 @@ class TagsController < ApplicationController
      format.rss do
        expires_in 0, public: true
-        @statuses = HashtagQueryService.new.call(@tag, filter_params).limit(PAGE_SIZE)
+        @statuses = HashtagQueryService.new.call(@tag, filter_params, nil, @local).limit(PAGE_SIZE)
        @statuses = cache_collection(@statuses, Status)
        render xml: RSS::TagSerializer.render(@tag, @statuses)
@ -33,7 +34,7 @@ class TagsController < ApplicationController
      format.json do
        expires_in 3.minutes, public: public_fetch_mode?
-        @statuses = HashtagQueryService.new.call(@tag, filter_params, current_account, params[:local]).paginate_by_max_id(PAGE_SIZE, params[:max_id])
+        @statuses = HashtagQueryService.new.call(@tag, filter_params, current_account, @local).paginate_by_max_id(PAGE_SIZE, params[:max_id])
        @statuses = cache_collection(@statuses, Status)
        render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
@ -47,6 +48,10 @@ class TagsController < ApplicationController
    @tag = Tag.usable.find_normalized!(params[:id])
  end
  def set_local
    @local = truthy_param?(:local)
  end
  def set_body_classes
    @body_classes = 'with-modals'
  end
--- a/app/helpers/admin/action_logs_helper.rb
+++ b/app/helpers/admin/action_logs_helper.rb
@ -9,79 +9,8 @@ module Admin::ActionLogsHelper
    end
  end
  def relevant_log_changes(log)
    if log.target_type == 'CustomEmoji' && [:enable, :disable, :destroy].include?(log.action)
      log.recorded_changes.slice('domain')
    elsif log.target_type == 'CustomEmoji' && log.action == :update
      log.recorded_changes.slice('domain', 'visible_in_picker')
    elsif log.target_type == 'User' && [:promote, :demote].include?(log.action)
      log.recorded_changes.slice('moderator', 'admin')
    elsif log.target_type == 'User' && [:change_email].include?(log.action)
      log.recorded_changes.slice('email', 'unconfirmed_email')
    elsif log.target_type == 'DomainBlock'
      log.recorded_changes.slice('severity', 'reject_media')
    elsif log.target_type == 'Status' && log.action == :update
      log.recorded_changes.slice('sensitive')
    elsif log.target_type == 'Announcement' && log.action == :update
      log.recorded_changes.slice('text', 'starts_at', 'ends_at', 'all_day')
    end
  end
  def log_extra_attributes(hash)
    safe_join(hash.to_a.map { |key, value| safe_join([content_tag(:span, key, class: 'diff-key'), '=', log_change(value)]) }, ' ')
  end
  def log_change(val)
    return content_tag(:span, val, class: 'diff-neutral') unless val.is_a?(Array)
    safe_join([content_tag(:span, val.first, class: 'diff-old'), content_tag(:span, val.last, class: 'diff-new')], '→')
  end
  def icon_for_log(log)
    case log.target_type
    when 'Account', 'User'
      'user'
    when 'CustomEmoji'
      'file'
    when 'Report'
      'flag'
    when 'DomainBlock'
      'lock'
    when 'DomainAllow'
      'plus-circle'
    when 'EmailDomainBlock'
      'envelope'
    when 'Status'
      'pencil'
    when 'AccountWarning'
      'warning'
    when 'Announcement'
      'bullhorn'
    end
  end
  def class_for_log_icon(log)
    case log.action
    when :enable, :unsuspend, :unsilence, :confirm, :promote, :resolve
      'positive'
    when :create
      opposite_verbs?(log) ? 'negative' : 'positive'
    when :update, :reset_password, :disable_2fa, :memorialize, :change_email
      'neutral'
    when :demote, :silence, :disable, :suspend, :remove_avatar, :remove_header, :reopen
      'negative'
    when :destroy
      opposite_verbs?(log) ? 'positive' : 'negative'
    else
      ''
    end
  end
  private
  def opposite_verbs?(log)
    %w(DomainBlock EmailDomainBlock AccountWarning).include?(log.target_type)
  end
  def linkable_log_target(record)
    case record.class.name
    when 'Account'
@ -99,7 +28,7 @@ module Admin::ActionLogsHelper
    when 'AccountWarning'
      link_to record.target_account.acct, admin_account_path(record.target_account_id)
    when 'Announcement'
-      link_to "##{record.id}", edit_admin_announcement_path(record.id)
+      link_to truncate(record.text), edit_admin_announcement_path(record.id)
    end
  end
@ -118,7 +47,7 @@ module Admin::ActionLogsHelper
        I18n.t('admin.action_logs.deleted_status')
      end
    when 'Announcement'
-      "##{attributes['id']}"
+      truncate(attributes['text'].is_a?(Array) ? attributes['text'].last : attributes['text'])
    end
  end
 end
--- a/app/helpers/admin/filter_helper.rb
+++ b/app/helpers/admin/filter_helper.rb
@ -10,6 +10,7 @@ module Admin::FilterHelper
    InviteFilter::KEYS,
    RelationshipFilter::KEYS,
    AnnouncementFilter::KEYS,
    Admin::ActionLogFilter::KEYS,
  ].flatten.freeze
  def filter_link_to(text, link_to_params, link_class_params = link_to_params)
--- a/app/helpers/admin/settings_helper.rb
+++ b/app/helpers/admin/settings_helper.rb
@ -0,0 +1,11 @@
 # frozen_string_literal: true
 module Admin::SettingsHelper
  def site_upload_delete_hint(hint, var)
    upload = SiteUpload.find_by(var: var.to_s)
    return hint unless upload
    link = link_to t('admin.site_uploads.delete'), admin_site_upload_path(upload), data: { method: :delete }
    safe_join([hint, link], '<br/>'.html_safe)
  end
 end
--- a/app/helpers/home_helper.rb
+++ b/app/helpers/home_helper.rb
@ -7,13 +7,13 @@ module HomeHelper
    }
  end
-  def account_link_to(account, button = '', size: 36, path: nil)
+  def account_link_to(account, button = '', path: nil)
    content_tag(:div, class: 'account') do
      content_tag(:div, class: 'account__wrapper') do
        section = if account.nil?
                    content_tag(:div, class: 'account__display-name') do
                      content_tag(:div, class: 'account__avatar-wrapper') do
-                        content_tag(:div, '', class: 'account__avatar', style: "width: #{size}px; height: #{size}px; background-size: #{size}px #{size}px; background-image: url(#{full_asset_url('avatars/original/missing.png', skip_pipeline: true)})")
+                        image_tag(full_asset_url('avatars/original/missing.png', skip_pipeline: true), class: 'account__avatar')
                      end +
                        content_tag(:span, class: 'display-name') do
                          content_tag(:strong, t('about.contact_missing')) +
@ -23,7 +23,7 @@ module HomeHelper
                  else
                    link_to(path || ActivityPub::TagManager.instance.url_for(account), class: 'account__display-name') do
                      content_tag(:div, class: 'account__avatar-wrapper') do
-                        content_tag(:div, '', class: 'account__avatar', style: "width: #{size}px; height: #{size}px; background-size: #{size}px #{size}px; background-image: url(#{full_asset_url(current_account&.user&.setting_auto_play_gif ? account.avatar_original_url : account.avatar_static_url)})")
+                        image_tag(full_asset_url(current_account&.user&.setting_auto_play_gif ? account.avatar_original_url : account.avatar_static_url), class: 'account__avatar')
                      end +
                        content_tag(:span, class: 'display-name') do
                          content_tag(:bdi) do
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@ -68,6 +68,7 @@ module SettingsHelper
    tr: 'Türkçe',
    uk: 'Українська',
    ur: 'اُردُو',
    vi: 'Tiếng Việt',
    'zh-CN': '简体中文',
    'zh-HK': '繁體中文（香港）',
    'zh-TW': '繁體中文（臺灣）',
@ -105,4 +106,13 @@ module SettingsHelper
      safe_join([image_tag(account.avatar.url, width: 15, height: 15, alt: display_name(account), class: 'avatar'), content_tag(:span, account.acct, class: 'username')], ' ')
    end
  end
  def picture_hint(hint, picture)
    if picture.original_filename.nil?
      hint
    else
      link = link_to t('generic.delete'), settings_profile_picture_path(picture.name.to_s), data: { method: :delete }
      safe_join([hint, link], '<br/>'.html_safe)
    end
  end
 end
--- a/app/helpers/webfinger_helper.rb
+++ b/app/helpers/webfinger_helper.rb
@ -0,0 +1,19 @@
 # frozen_string_literal: true
 module WebfingerHelper
  def webfinger!(uri)
    hidden_service_uri = /\.(onion|i2p)(:\d+)?$/.match(uri)
    raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if !Rails.configuration.x.access_to_hidden_service && hidden_service_uri
    opts = {
      ssl: !hidden_service_uri,
      headers: {
        'User-Agent': Mastodon::Version.user_agent,
      },
    }
    Goldfinger::Client.new(uri, opts.merge(Rails.configuration.x.http_client_proxy)).finger
  end
 end
--- a/app/javascript/images/logo_transparent_white.svg
+++ b/app/javascript/images/logo_transparent_white.svg
@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 216.4144 232.00976"><path d="M107.86523 0C78.203984.2425 49.672422 3.4535937 33.044922 11.089844c0 0-32.97656262 14.752031-32.97656262 65.082031 0 11.525-.224375 25.306175.140625 39.919925 1.19750002 49.22 9.02375002 97.72843 54.53124962 109.77343 20.9825 5.55375 38.99711 6.71547 53.505856 5.91797 26.31125-1.45875 41.08203-9.38867 41.08203-9.38867l-.86914-19.08984s-18.80171 5.92758-39.91796 5.20508c-20.921254-.7175-43.006879-2.25516-46.390629-27.94141-.3125-2.25625-.46875-4.66938-.46875-7.20313 0 0 20.536953 5.0204 46.564449 6.21289 15.915.73001 30.8393-.93343 45.99805-2.74218 29.07-3.47125 54.38125-21.3818 57.5625-37.74805 5.0125-25.78125 4.59961-62.916015 4.59961-62.916015 0-50.33-32.97461-65.082031-32.97461-65.082031C166.80539 3.4535938 138.255.2425 108.59375 0h-.72852zM74.296875 39.326172c12.355 0 21.710234 4.749297 27.896485 14.248047l6.01367 10.080078 6.01563-10.080078c6.185-9.49875 15.54023-14.248047 27.89648-14.248047 10.6775 0 19.28156 3.753672 25.85156 11.076172 6.36875 7.3225 9.53907 17.218828 9.53907 29.673828v60.941408h-24.14454V81.869141c0-12.46875-5.24453-18.798829-15.73828-18.798829-11.6025 0-17.41797 7.508516-17.41797 22.353516v32.375002H96.207031V85.423828c0-14.845-5.815468-22.353515-17.417969-22.353516-10.49375 0-15.740234 6.330079-15.740234 18.798829v59.148439H38.904297V80.076172c0-12.455 3.171016-22.351328 9.541015-29.673828 6.568751-7.3225 15.172813-11.076172 25.851563-11.076172z" fill="#fff"/></svg>
--- a/app/javascript/mastodon/actions/accounts.js
+++ b/app/javascript/mastodon/actions/accounts.js
@ -106,7 +106,7 @@ export function fetchAccount(id) {
      dispatch,
      getState,
      db.transaction('accounts', 'read').objectStore('accounts').index('id'),
-      id
+      id,
    ).then(() => db.close(), error => {
      db.close();
      throw error;
@ -396,6 +396,7 @@ export function fetchFollowersFail(id, error) {
    type: FOLLOWERS_FETCH_FAIL,
    id,
    error,
    skipNotFound: true,
  };
 };
@ -482,6 +483,7 @@ export function fetchFollowingFail(id, error) {
    type: FOLLOWING_FETCH_FAIL,
    id,
    error,
    skipNotFound: true,
  };
 };
@ -571,6 +573,7 @@ export function fetchRelationshipsFail(error) {
    type: RELATIONSHIPS_FETCH_FAIL,
    error,
    skipLoading: true,
    skipNotFound: true,
  };
 };
--- a/app/javascript/mastodon/actions/alerts.js
+++ b/app/javascript/mastodon/actions/alerts.js
@ -34,11 +34,11 @@ export function showAlert(title = messages.unexpectedTitle, message = messages.u
  };
 };
-export function showAlertForError(error) {
+export function showAlertForError(error, skipNotFound = false) {
  if (error.response) {
    const { data, status, statusText, headers } = error.response;
-    if (status === 404 || status === 410) {
+    if (skipNotFound && (status === 404 || status === 410)) {
      // Skip these errors as they are reflected in the UI
      return { type: ALERT_NOOP };
    }
--- a/app/javascript/mastodon/actions/compose.js
+++ b/app/javascript/mastodon/actions/compose.js
@ -232,12 +232,31 @@ export function uploadCompose(files) {
        // Account for disparity in size of original image and resized data
        total += file.size - f.size;
-        return api(getState).post('/api/v1/media', data, {
+        return api(getState).post('/api/v2/media', data, {
          onUploadProgress: function({ loaded }){
            progress[i] = loaded;
            dispatch(uploadComposeProgress(progress.reduce((a, v) => a + v, 0), total));
          },
-        }).then(({ data }) => dispatch(uploadComposeSuccess(data, f)));
+        }).then(({ status, data }) => {
          // If server-side processing of the media attachment has not completed yet,
          // poll the server until it is, before showing the media attachment as uploaded
          if (status === 200) {
            dispatch(uploadComposeSuccess(data, f));
          } else if (status === 202) {
            const poll = () => {
              api(getState).get(`/api/v1/media/${data.id}`).then(response => {
                if (response.status === 200) {
                  dispatch(uploadComposeSuccess(response.data, f));
                } else if (response.status === 206) {
                  setTimeout(() => poll(), 1000);
                }
              }).catch(error => dispatch(uploadComposeFail(error)));
            };
            poll();
          }
        });
      }).catch(error => dispatch(uploadComposeFail(error)));
    };
  };
--- a/app/javascript/mastodon/actions/identity_proofs.js
+++ b/app/javascript/mastodon/actions/identity_proofs.js
@ -27,4 +27,5 @@ export const fetchAccountIdentityProofsFail = (accountId, err) => ({
  type: IDENTITY_PROOFS_ACCOUNT_FETCH_FAIL,
  accountId,
  err,
  skipNotFound: true,
 });
--- a/app/javascript/mastodon/actions/streaming.js
+++ b/app/javascript/mastodon/actions/streaming.js
@ -73,7 +73,7 @@ const refreshHomeTimelineAndNotification = (dispatch, done) => {
 export const connectUserStream      = () => connectTimelineStream('home', 'user', refreshHomeTimelineAndNotification);
 export const connectCommunityStream = ({ onlyMedia } = {}) => connectTimelineStream(`community${onlyMedia ? ':media' : ''}`, `public:local${onlyMedia ? ':media' : ''}`);
-export const connectPublicStream    = ({ onlyMedia } = {}) => connectTimelineStream(`public${onlyMedia ? ':media' : ''}`, `public${onlyMedia ? ':media' : ''}`);
+export const connectPublicStream    = ({ onlyMedia, onlyRemote } = {}) => connectTimelineStream(`public${onlyRemote ? ':remote' : ''}${onlyMedia ? ':media' : ''}`, `public${onlyRemote ? ':remote' : ''}${onlyMedia ? ':media' : ''}`);
 export const connectHashtagStream   = (id, tag, accept) => connectTimelineStream(`hashtag:${id}`, `hashtag&tag=${tag}`, null, accept);
 export const connectDirectStream    = () => connectTimelineStream('direct', 'direct');
 export const connectListStream      = id => connectTimelineStream(`list:${id}`, `list&list=${id}`);
--- a/Show More
+++ b/Show More
		`@ -0,0 +1 @@`
							<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 216.4144 232.00976"><path d="M107.86523 0C78.203984.2425 49.672422 3.4535937 33.044922 11.089844c0 0-32.97656262 14.752031-32.97656262 65.082031 0 11.525-.224375 25.306175.140625 39.919925 1.19750002 49.22 9.02375002 97.72843 54.53124962 109.77343 20.9825 5.55375 38.99711 6.71547 53.505856 5.91797 26.31125-1.45875 41.08203-9.38867 41.08203-9.38867l-.86914-19.08984s-18.80171 5.92758-39.91796 5.20508c-20.921254-.7175-43.006879-2.25516-46.390629-27.94141-.3125-2.25625-.46875-4.66938-.46875-7.20313 0 0 20.536953 5.0204 46.564449 6.21289 15.915.73001 30.8393-.93343 45.99805-2.74218 29.07-3.47125 54.38125-21.3818 57.5625-37.74805 5.0125-25.78125 4.59961-62.916015 4.59961-62.916015 0-50.33-32.97461-65.082031-32.97461-65.082031C166.80539 3.4535938 138.255.2425 108.59375 0h-.72852zM74.296875 39.326172c12.355 0 21.710234 4.749297 27.896485 14.248047l6.01367 10.080078 6.01563-10.080078c6.185-9.49875 15.54023-14.248047 27.89648-14.248047 10.6775 0 19.28156 3.753672 25.85156 11.076172 6.36875 7.3225 9.53907 17.218828 9.53907 29.673828v60.941408h-24.14454V81.869141c0-12.46875-5.24453-18.798829-15.73828-18.798829-11.6025 0-17.41797 7.508516-17.41797 22.353516v32.375002H96.207031V85.423828c0-14.845-5.815468-22.353515-17.417969-22.353516-10.49375 0-15.740234 6.330079-15.740234 18.798829v59.148439H38.904297V80.076172c0-12.455 3.171016-22.351328 9.541015-29.673828 6.568751-7.3225 15.172813-11.076172 25.851563-11.076172z" fill="#fff"/></svg>