Commit Graph

9513 Commits

Author SHA1 Message Date
2b956c1218 Bump rack-attack from 6.2.2 to 6.3.0 (#13657)
Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 6.2.2 to 6.3.0.
- [Release notes](https://github.com/kickstarter/rack-attack/releases)
- [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kickstarter/rack-attack/compare/v6.2.2...v6.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-08 17:44:24 +02:00
174eed7bec Bump strong_migrations from 0.6.2 to 0.6.5 (#13649)
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.6.2 to 0.6.5.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.6.2...v0.6.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-08 17:44:00 +02:00
9cabc9c5d2 Bump brakeman from 4.8.0 to 4.8.1 (#13652)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/master/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.8.0...v4.8.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-08 17:42:54 +02:00
b964fd3df6 Bump premailer-rails from 1.10.3 to 1.11.1 (#13620)
Bumps [premailer-rails](https://github.com/fphilipe/premailer-rails) from 1.10.3 to 1.11.1.
- [Release notes](https://github.com/fphilipe/premailer-rails/releases)
- [Changelog](https://github.com/fphilipe/premailer-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fphilipe/premailer-rails/compare/v1.10.3...v1.11.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-08 17:42:05 +02:00
1bef85ffc9 Bump doorkeeper from 5.3.2 to 5.3.3 (#13673)
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.3.2 to 5.3.3.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-07 22:30:56 +02:00
2902138336 Bump pghero from 2.4.1 to 2.4.2 (#13603)
Bumps [pghero](https://github.com/ankane/pghero) from 2.4.1 to 2.4.2.
- [Release notes](https://github.com/ankane/pghero/releases)
- [Changelog](https://github.com/ankane/pghero/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/pghero/compare/v2.4.1...v2.4.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-07 20:29:15 +02:00
51dad928c6 [Security] Bump doorkeeper from 5.3.1 to 5.3.2 (#13613)
Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.3.1 to 5.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v.5.3.1...v5.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-07 20:16:15 +02:00
f51c547407 Bump kaminari from 1.1.1 to 1.2.0 (#13596)
Bumps [kaminari](https://github.com/kaminari/kaminari) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/kaminari/kaminari/releases)
- [Changelog](https://github.com/kaminari/kaminari/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kaminari/kaminari/compare/v1.1.1...v1.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-04 13:53:42 +02:00
dea5db0e25 Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595) 2020-05-04 13:52:41 +02:00
ff72c0472f Fix tootctl upgrade storage-schema failing to delete empty directories (#13593) 2020-05-04 13:51:34 +02:00
5cff7910c2 Add more ActivityPub controller tests (#13590) 2020-05-03 22:19:24 +02:00
c0b849bdfd Fix use of inline CSS in public pages (#13576)
Change `account_link_to` to use an image tag rather than some
inline CSS. Dropped the `size` parameter in the process, but it wasn't
used for anything except the default value of 36px.

Dropped CSS rules that were always overriden, and defaulted to 36px width
and height instead.
2020-05-03 22:04:18 +02:00
e223fd8c61 Revert "improve status title (#8596)" (#13591)
This reverts commit 05756c9a14.
2020-05-03 18:48:13 +02:00
988b0493fe Add more tests for ActivityPub controllers (#13585) 2020-05-03 16:30:36 +02:00
a1062df1e1 Fix the circleci packages for Buster. (#13583)
* Update config.yml

* Update config.yml

* Update config.yml

* Update config.yml

* Update config.yml

* Update config.yml

* Update config.yml

* Update .circleci/config.yml

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>

* Update config.yml

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-05-01 23:45:40 +02:00
60408fa3ef Change CircleCI test output (#13587) 2020-05-01 20:19:01 +02:00
3511528e50 Only check locally when deduplicating usernames (#13581)
When deduplicating account usernames for OAuthable users, the routine did check if any account was known with that username, including remote accounts. This caused some unnecessary deduplication, and usernames ending with unexpected trailing _1.
This fixes #13580
2020-04-30 14:39:05 +02:00
b8ba977497 Fix admin-facing uses of inline CSS (#13575)
* Move .back-button inline styles to CSS file

All occurrences of the back-button CSS class used the same inline
CSS rules, so moved them over to the CSS file

* Fix “Add new domain block” button using inline CSS

* Replace common pattern of inline-styled button boxes by a CSS class

In particular, switching from `float: left/right` to a flexbox with
`justify-content: space-between`. This implied changing the order of
a few HTML tags and adding an empty `div` in one case.

Also removed a `margin-bottom` rule that wasn't needed due to the
margins of surrounding elements.

* Move account admin view inline CSS to CSS file
2020-04-28 19:39:16 +02:00
432c40c516 Bump parslet from 1.8.2 to 2.0.0 (#13564)
Bumps [parslet](https://github.com/kschiess/parslet) from 1.8.2 to 2.0.0.
- [Release notes](https://github.com/kschiess/parslet/releases)
- [Changelog](https://github.com/kschiess/parslet/blob/master/HISTORY.txt)
- [Commits](https://github.com/kschiess/parslet/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-29 01:39:21 +09:00
8357d6b027 Bump json-ld from 3.1.2 to 3.1.3 (#13566)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.2...3.1.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-29 00:30:53 +09:00
f08ba21f6f Bump ruby-saml from 1.9.0 to 1.11.0 (#13559)
Bumps [ruby-saml](https://github.com/onelogin/ruby-saml) from 1.9.0 to 1.11.0.
- [Release notes](https://github.com/onelogin/ruby-saml/releases)
- [Changelog](https://github.com/onelogin/ruby-saml/blob/master/changelog.md)
- [Commits](https://github.com/onelogin/ruby-saml/compare/v1.9.0...v1.11.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-29 00:26:15 +09:00
4532593245 Bump mime-types-data from 3.2019.1009 to 3.2020.0425 (#13554)
Bumps [mime-types-data](https://github.com/mime-types/mime-types-data) from 3.2019.1009 to 3.2020.0425.
- [Release notes](https://github.com/mime-types/mime-types-data/releases)
- [Changelog](https://github.com/mime-types/mime-types-data/blob/master/History.md)
- [Commits](https://github.com/mime-types/mime-types-data/compare/v3.2019.1009...v3.2020.0425)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-29 00:24:52 +09:00
f094b46f3a Bump http-form_data from 2.2.0 to 2.3.0 (#13560)
Bumps [http-form_data](https://github.com/httprb/form_data.rb) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/httprb/form_data.rb/releases)
- [Changelog](https://github.com/httprb/form_data/blob/master/CHANGES.md)
- [Commits](https://github.com/httprb/form_data.rb/compare/v2.2.0...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-29 00:21:53 +09:00
5ed739adb1 Bump aws-sdk-s3 from 1.61.2 to 1.63.0 (#13562)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.61.2 to 1.63.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits/v1.63.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-29 00:21:33 +09:00
1145a38015 Bump aws-partitions from 1.296.0 to 1.303.0 (#13552)
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.296.0 to 1.303.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-partitions/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-29 00:15:52 +09:00
77ec0875ea Fix page incorrectly scrolling when bringing up dropdown menus (#13574)
Fixes #13573

For some reason (I suspect this may be related to focusing the item before it
got drown by the browser), Firefox scrolls to top when bringing up dropdown
menus with pre-selected items.

This commit uses the “preventScroll” option as, due to the placement behavior,
the menu should be visible anyway and not trigger scrolling.
2020-04-28 13:19:39 +02:00
f70a54b34c Bump normalize-package-data from 2.4.0 to 2.5.0 (#13561)
Bumps [normalize-package-data](https://github.com/npm/normalize-package-data) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/npm/normalize-package-data/releases)
- [Commits](https://github.com/npm/normalize-package-data/compare/v2.4.0...v2.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 19:23:13 +09:00
85be934fac Bump flatted from 2.0.0 to 2.0.2 (#13558)
Bumps [flatted](https://github.com/WebReflection/flatted) from 2.0.0 to 2.0.2.
- [Release notes](https://github.com/WebReflection/flatted/releases)
- [Commits](https://github.com/WebReflection/flatted/compare/v2.0.0...v2.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 19:02:30 +09:00
9aeae7a194 Bump nearley from 2.16.0 to 2.19.2 (#13556)
Bumps [nearley](https://github.com/hardmath123/nearley) from 2.16.0 to 2.19.2.
- [Release notes](https://github.com/hardmath123/nearley/releases)
- [Commits](https://github.com/hardmath123/nearley/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 18:47:03 +09:00
8f4dff2c52 Bump core-js-pure from 3.6.4 to 3.6.5 (#13553)
Bumps [core-js-pure](https://github.com/zloirock/core-js) from 3.6.4 to 3.6.5.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v3.6.4...v3.6.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 18:30:51 +09:00
6c685cb55a Bump request from 2.88.0 to 2.88.2 (#13565)
Bumps [request](https://github.com/request/request) from 2.88.0 to 2.88.2.
- [Release notes](https://github.com/request/request/releases)
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](https://github.com/request/request/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 18:26:30 +09:00
7abf1433c2 Bump cacache from 12.0.3 to 12.0.4 (#13567)
Bumps [cacache](https://github.com/npm/cacache) from 12.0.3 to 12.0.4.
- [Release notes](https://github.com/npm/cacache/releases)
- [Changelog](https://github.com/npm/cacache/blob/v12.0.4/CHANGELOG.md)
- [Commits](https://github.com/npm/cacache/compare/v12.0.3...v12.0.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 18:15:18 +09:00
3e13223043 Bump functions-have-names from 1.2.0 to 1.2.1 (#13568)
Bumps [functions-have-names](https://github.com/ljharb/functions-have-names) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/ljharb/functions-have-names/releases)
- [Changelog](https://github.com/inspect-js/functions-have-names/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ljharb/functions-have-names/compare/v1.2.0...v1.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 18:12:55 +09:00
07bfb853c0 Bump loglevel from 1.6.6 to 1.6.8 (#13569)
Bumps [loglevel](https://github.com/pimterry/loglevel) from 1.6.6 to 1.6.8.
- [Release notes](https://github.com/pimterry/loglevel/releases)
- [Commits](https://github.com/pimterry/loglevel/compare/v1.6.6...v1.6.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 17:59:00 +09:00
d7d8191d58 Bump svgo from 1.1.1 to 1.3.2 (#13570)
Bumps [svgo](https://github.com/svg/svgo) from 1.1.1 to 1.3.2.
- [Release notes](https://github.com/svg/svgo/releases)
- [Changelog](https://github.com/svg/svgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/svg/svgo/compare/v1.1.1...v1.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-28 17:46:20 +09:00
0e362b7678 Fix end-user-facing uses of inline CSS (#13438)
* Move some inline styles to CSS files

* Move default_account_display_name span to fix useless tags with duplicate id

* Change handling of public pages spoiler text from inline CSS to dataset attribute

* Use the `dir` HTML attribute instead of inline CSS

* Move status action bar inline CSS to CSS file

* Hide logo resources from CSS file, not inline CSS

Fixes #11601

* Move translation prompt styling from inline CSS to CSS file

* Move “invited by” styling on registration form from inline to CSS file

* Use the progress tag to display poll results in JS fallback

* Fix poll results JS-less fallback when the user has voted for an option

* Change account public page “moved” notice to use img tags instead of inline CSS

* Move OTP hint inline CSS to SCSS file

* Hide JS-less fallback vote progressbars from accessibility tools

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-04-28 10:16:55 +02:00
ad9c7aefe6 Refactor/cleanup TIMELINE_DELETE-related code (#13175) 2020-04-28 09:53:42 +02:00
04eb599864 Fix messed up z-index when NoScript blocks media/previews (#13449)
Fixes #13444
2020-04-28 09:44:17 +02:00
b3d0de8b40 Fix /public showing public instead of community timeline for logged-in users (#13499) 2020-04-28 09:43:45 +02:00
b40d68cc31 Add invites_enabled to API (#13501) 2020-04-28 09:43:34 +02:00
157850577f Add tootctl emoji export (#13534)
* add emoji export command to cli

* fix codeclimate issues

* add error when no matching category was found

* add other suggestions

* exit 1 when no matching category is found

* changes according to suggestions

* 👀

* RubyNein

Y u always autoformat :c
2020-04-27 22:17:49 +02:00
8456676206 Bump oj from 3.10.5 to 3.10.6 (#13557)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.5 to 3.10.6.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.5...v3.10.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-27 17:20:34 +02:00
ee017ca533 Add JS IDE helper (#13012)
* add IDE helper for Webpack

* fix ESLint error in IDE helper

* fix IDE helper code style
2020-04-27 17:19:53 +02:00
acc367fd14 Fix naming issue (#13551) 2020-04-27 10:32:05 +02:00
c3ca3801f2 Add separate cache directory for non-local uploads (#12821) 2020-04-26 23:29:08 +02:00
2744f61696 Fix not being able to resolve public resources in development environment (#13505) 2020-04-25 22:01:08 +02:00
be637146f3 Fix uninformative error message when uploading unsupported image files (#13540)
Attempting to upload image files that the browser is unable to load results
in “Oops! An unexpected error occurred.”

This commit changes the error handling so that an unprocessable image results
in the file being sent anyway, which might cover a few corner cases, and
provide a slightly better error message.
2020-04-25 12:27:29 +02:00
c955f98d36 Fix expanded video player issues (#13541)
Fixes #13536

- Expanding a paused video doesn't autoplay anymore
- Default volume level for the expanded video inherited from the original video

Position/playing state/volume are carried over from the original video player
to the modal, but they're not reported back to the modal as it would require
deeper changes.
2020-04-25 12:16:05 +02:00
46b2cc184f Fix enable/disable relay failures (#13535) 2020-04-23 22:04:18 +02:00
c5c8f68031 Set max-width and max-height to gif video (#13533) 2020-04-23 15:49:33 +02:00