Commit Graph

10038 Commits

Author SHA1 Message Date
e4a1ebf721 [Security] Update Dockerfile for Ruby 2.6.6 (#13393) 2020-04-05 12:52:07 +02:00
89e28c7674 Fix PostgreSQL load when linking in announcements (#13250)
* Fix PostgreSQL load when linking in announcements

Fixes #13245 by caching status lookups

Since statuses are supposed to be known already and we only
need their URLs and a few other things, caching them should
be fine.

Since it's only used by announcements so far, there won't
be much statuses to cache.

* Perform status lookup when saving announcements, not when rendering them

* Change EntityCache#status to fetch URLs instead of looking into the database

* Move announcement link lookup to publishing worker

* Address issues pointed out during review
2020-04-05 12:51:22 +02:00
a889756dd5 Bump version to 3.1.3 (#13389) 2020-04-05 06:23:46 +02:00
5c2e63acd5 Bump rails from 5.2.4.1 to 5.2.4.2 and kind-of from 6.0.2 to 6.0.3 (#13387)
* Bump rails from 5.2.4.1 to 5.2.4.2

* Bump kind-of from 6.0.2 to 6.0.3
2020-04-04 23:24:59 +02:00
d3ff06a320 Add explanation as to why unlocked accounts may have follow requests (#13385)
* Add explanation as to why unlocked accounts may have follow requests

* Change wording to avoid “silenced”
2020-04-04 19:02:10 +02:00
ae7e3f0933 Update config.yml (#13379) 2020-04-04 15:52:42 +02:00
51f2315248 Update Vagrant box to Bionic (#13384) 2020-04-04 15:47:48 +02:00
f65568f1d4 Add ability to filter audit log in admin UI (#13381) 2020-04-03 13:06:34 +02:00
69558d2fe5 Bump rspec-rails from 3.9.1 to 4.0.0 (#13364)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.1 to 4.0.0.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.1...v4.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-02 18:54:41 +02:00
37b3985bfa Improve polls: option lengths & redesign (#13257)
This commit redesign the polls and increases characters limit for the
options from 25 to 50 characters, giving pollsters more freedom.

Summarizing, the redesign is making the polls more adaptive for upcoming
changes to the options characters limit: the bar, or a "chart", is now
displayed separately from the option itself; vote check mark is moved
next to the option text, making the percentages take less space. Option
lengths are taken into account and text is wrapped to multiple lines
if necessary to avoid overflow.
2020-04-02 17:10:55 +02:00
a9a063c0e9 Fix tootctl media remove-orphans ignoring PAPERCLIP_ROOT_PATH (#13375)
Fix #13371
2020-04-02 05:28:51 +02:00
c3965e28b3 Fix returning results when searching for URL with non-zero offset (#13377)
Fix #13083
2020-04-02 03:39:37 +02:00
4bf5aeae83 Fix pinning a column in web UI sometimes redirecting out of web UI (#13376)
Fix #13216
2020-04-02 03:12:10 +02:00
47ab0bd3e4 Bump json-ld from 3.1.1 to 3.1.2 (#13368)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.1...3.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-01 10:05:33 +09:00
64980ed8ed Bump json-ld-preloaded from 3.1.1 to 3.1.2 (#13365)
Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.1...3.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-01 10:05:26 +09:00
12f6d41284 Bump bootsnap from 1.4.5 to 1.4.6 (#13369)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.4.5...v1.4.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-01 10:02:35 +09:00
77772baf34 Bump tty-prompt from 0.20.0 to 0.21.0 (#13366)
Bumps [tty-prompt](https://github.com/piotrmurach/tty-prompt) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/piotrmurach/tty-prompt/releases)
- [Changelog](https://github.com/piotrmurach/tty-prompt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/piotrmurach/tty-prompt/compare/v0.20.0...v0.21.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-01 10:02:24 +09:00
66e82e9506 Bump faker from 2.10.1 to 2.11.0 (#13363)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/commits/v2.11.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-01 10:01:50 +09:00
662b5874c9 Bump sidekiq-unique-jobs from 6.0.20 to 6.0.21 (#13367)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.20 to 6.0.21.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v6.0.20...v6.0.21)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-01 09:50:25 +09:00
9014367bd8 Fix background jobs not using locks like they are supposed to (#13361)
Also:

- Fix locks not being removed when jobs go to the dead job queue
- Add UI for managing locks to the Sidekiq dashboard
- Remove unused Sidekiq workers

Fix #13349
2020-03-31 21:59:03 +02:00
1fb92037e4 Improve toot clicking areas (#13327)
* Make the area to the left “Show Thread” also expand the toot in Web UI

* Clicking the left part of a conversation with the avatars now opens it in Web UI
2020-03-31 19:40:23 +02:00
9241cbf861 Fix re-sending of e-mail confirmation not being rate limited (#13360)
Fix #13330
2020-03-31 18:20:48 +02:00
dd23fc6b12 Bump autoprefixer from 9.7.4 to 9.7.5 (#13338)
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.4 to 9.7.5.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.4...9.7.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 23:41:52 +09:00
361c447d35 Bump @babel/preset-react from 7.8.3 to 7.9.4 (#13335)
Bumps [@babel/preset-react](https://github.com/babel/babel) from 7.8.3 to 7.9.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 23:37:30 +09:00
141e5c2a17 Bump babel-loader from 8.0.6 to 8.1.0 (#13333)
Bumps [babel-loader](https://github.com/babel/babel-loader) from 8.0.6 to 8.1.0.
- [Release notes](https://github.com/babel/babel-loader/releases)
- [Changelog](https://github.com/babel/babel-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel-loader/compare/v8.0.6...v8.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 22:15:37 +09:00
dd084c3d76 Bump yargs from 15.1.0 to 15.3.1 (#13334)
Bumps [yargs](https://github.com/yargs/yargs) from 15.1.0 to 15.3.1.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v15.1.0...v15.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 22:15:06 +09:00
0d6ac92263 Bump @babel/preset-env from 7.8.3 to 7.9.0 (#13336)
Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 22:13:31 +09:00
9523aa80e1 Bump babel-jest from 25.1.0 to 25.2.4 (#13332)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 25.1.0 to 25.2.4.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.2.4/packages/babel-jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 22:12:52 +09:00
2db449ee23 Bump stringz from 2.0.0 to 2.1.0 (#13331)
Bumps [stringz](https://github.com/sallar/stringz) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/sallar/stringz/releases)
- [Changelog](https://github.com/sallar/stringz/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sallar/stringz/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 22:11:00 +09:00
c54f264e82 Bump react from 16.12.0 to 16.13.1 (#13337)
Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) from 16.12.0 to 16.13.1.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.1/packages/react)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 22:10:25 +09:00
bff1bd5447 Bump concurrent-ruby from 1.1.5 to 1.1.6 (#13346)
Bumps [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases)
- [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.5...v1.1.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 22:09:14 +09:00
cf1fa73347 Fix content warning being unnecessarily cleared when enabling/disabling CW (#13348) 2020-03-31 14:10:18 +02:00
31bd625205 Bump uuid from 3.4.0 to 7.0.2 (#13295)
Bumps [uuid](https://github.com/uuidjs/uuid) from 3.4.0 to 7.0.2.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v3.4.0...v7.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 12:47:04 +02:00
caabc0ee76 Bump parallel_tests from 2.30.1 to 2.32.0 (#13341)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.30.1 to 2.32.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.30.1...v2.32.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 12:44:33 +02:00
e4617c8ed8 Fix ImportsController param to permit :mode (#13347) 2020-03-31 12:43:42 +02:00
a37ff2bd8b Bump better_errors from 2.5.1 to 2.6.0 (#13340)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.5.1...v2.6.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 12:42:44 +02:00
1bcf466fb1 Bump ox from 2.12.1 to 2.13.2 (#13342)
Bumps [ox](https://github.com/ohler55/ox) from 2.12.1 to 2.13.2.
- [Release notes](https://github.com/ohler55/ox/releases)
- [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ox/compare/v2.12.1...v2.13.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 12:42:17 +02:00
a2934af2e3 Bump iso-639 from 0.2.8 to 0.3.5 (#13343)
Bumps [iso-639](https://github.com/xwmx/iso-639) from 0.2.8 to 0.3.5.
- [Release notes](https://github.com/xwmx/iso-639/releases)
- [Commits](https://github.com/xwmx/iso-639/compare/0.2.8...0.3.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 12:41:55 +02:00
cc271e99dc Bump oj from 3.10.3 to 3.10.5 (#13345)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.3 to 3.10.5.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.3...v3.10.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 12:40:54 +02:00
b43731c69c Bump pg from 1.2.2 to 1.2.3 (#13344)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.2...v1.2.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-31 12:40:33 +02:00
be2f1597cf Fix wrong color for ellipsis in boost confirmation dialog in Web UI (#13355) 2020-03-31 12:39:50 +02:00
11169367e4 Fix incorrect deletion of local accounts imported by overwriting (#13350) 2020-03-30 20:32:34 +02:00
0d117c106a Fix 404 and 410 API errors being silently discarded in WebUI (#13279)
* Fix 404 and 410 API errors being silently discarded in WebUI

Fixes #13278

* Return more appropriate error when user replies to a deleted toot

* Please CodeClimate

* Fix 404/410 errors on fetching account timelines & identity proofs

* Refactor error handling

* Move error message string to statuses.errors
2020-03-28 17:59:45 +01:00
7ddbbdea6d Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
Fixes #13321
2020-03-27 22:35:57 +01:00
bf1919e44a Bump brakeman from 4.7.2 to 4.8.0 (#13309)
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.7.2 to 4.8.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/master/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.7.2...v4.8.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-27 22:35:49 +01:00
6c79b7237e Fix Paperclip using deprecated URI.escape function (#13320)
Monkey-patch Paperclip to perform URL escaping in a slightly more
appropriate way, and get rid of runtime deprecation warnings.
2020-03-26 15:09:16 +01:00
d88480da4a Bump webpack from 4.41.5 to 4.42.1 (#13319)
Bumps [webpack](https://github.com/webpack/webpack) from 4.41.5 to 4.42.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.41.5...v4.42.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-26 12:45:12 +09:00
cb5ad2bd6d Bump @babel/plugin-transform-runtime from 7.8.3 to 7.9.0 (#13301)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel) from 7.8.3 to 7.9.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.9.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-26 12:44:47 +09:00
5020c04e39 Bump react-select from 3.0.8 to 3.1.0 (#13296)
Bumps [react-select](https://github.com/JedWatson/react-select) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/.sweet-changelogs.js)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.0.8...react-select@3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-26 09:57:34 +09:00
0c8945e5ff Change tootctl media remove-orphans to work for all classes (#13316)
Change `tootctl media lookup` to not use an interactive prompt
2020-03-26 01:56:41 +01:00