Commit Graph

9951 Commits

Author SHA1 Message Date
Eugen Rochko acc1c03861
Fix cookies not having a SameSite attribute (#15098) 2020-11-06 11:57:14 +01:00
Eugen Rochko 9b1f2a4b61
Add subresource integrity for JS and CSS assets (#15096)
Fix #2744
2020-11-06 11:56:31 +01:00
Mélanie Chauvel 68d4b2b83e
Display “Show newer” and “Show older” instead of “Show more” in public pages (#15052) 2020-11-04 21:15:45 +01:00
ThibG b29defb851
Change order of announcements in admin page to sort them newest-first (#15091)
* Change order of announcements in admin page to sort show newly-created first

Fixes #15090

* Use reverse-chronological rather than creation date only
2020-11-04 21:15:22 +01:00
Takeshi Umeda d6fe0c94ca
Add account sensitized (#14361)
* Add account sensitized

* Fix i18n normalize

* Fix description and spec

* Fix spec

* Fix wording
2020-11-04 20:45:01 +01:00
dependabot[bot] f90620b2f3
Bump puma from 5.0.2 to 5.0.4 (#15085)
Bumps [puma](https://github.com/puma/puma) from 5.0.2 to 5.0.4.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v5.0.2...v5.0.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-04 20:44:10 +01:00
Mashiro f720af6b72
Add limitation of image's max zoom rate (max to the original size of image) (#15094)
* limit image max scale rate to fit the actual image size

* replace with MIN_SCALE

* fix behavior on touch screen
2020-11-04 20:43:31 +01:00
dependabot[bot] ab00998503
Bump webpack-merge from 4.2.2 to 5.0.9 (#14424)
* Bump webpack-merge from 4.2.2 to 5.0.9

Bumps [webpack-merge](https://github.com/survivejs/webpack-merge) from 4.2.2 to 5.0.9.
- [Release notes](https://github.com/survivejs/webpack-merge/releases)
- [Changelog](https://github.com/survivejs/webpack-merge/blob/master/CHANGELOG.md)
- [Commits](https://github.com/survivejs/webpack-merge/compare/v4.2.2...v5.0.9)

Signed-off-by: dependabot[bot] <support@github.com>

* Fix import path

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2020-11-05 02:21:28 +09:00
dependabot[bot] e16b0fb15a
Bump detect-passive-events from 1.0.5 to 2.0.1 (#15003)
* Bump detect-passive-events from 1.0.5 to 2.0.1

Bumps [detect-passive-events](https://github.com/rafgraph/detect-passive-events) from 1.0.5 to 2.0.1.
- [Release notes](https://github.com/rafgraph/detect-passive-events/releases)
- [Commits](https://github.com/rafgraph/detect-passive-events/compare/v1.0.5...v2.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

* Migrate to detect-passive-events v2

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2020-11-05 02:21:05 +09:00
dependabot[bot] 352c4907b2
Bump sass from 1.27.0 to 1.28.0 (#15082)
Bumps [sass](https://github.com/sass/dart-sass) from 1.27.0 to 1.28.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.27.0...1.28.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-05 00:23:05 +09:00
dependabot[bot] 4a4f23744f
Bump mini-css-extract-plugin from 1.2.0 to 1.2.1 (#15077)
Bumps [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/webpack-contrib/mini-css-extract-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/mini-css-extract-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/mini-css-extract-plugin/compare/v1.2.0...v1.2.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-05 00:13:15 +09:00
dependabot[bot] 5b28298160
Bump eslint-plugin-jsx-a11y from 6.3.1 to 6.4.1 (#15078)
Bumps [eslint-plugin-jsx-a11y](https://github.com/evcohen/eslint-plugin-jsx-a11y) from 6.3.1 to 6.4.1.
- [Release notes](https://github.com/evcohen/eslint-plugin-jsx-a11y/releases)
- [Changelog](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evcohen/eslint-plugin-jsx-a11y/compare/v6.3.1...v6.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-05 00:07:58 +09:00
dependabot[bot] f298e78a37
Bump react-redux from 7.2.1 to 7.2.2 (#15079)
Bumps [react-redux](https://github.com/reduxjs/react-redux) from 7.2.1 to 7.2.2.
- [Release notes](https://github.com/reduxjs/react-redux/releases)
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.1...v7.2.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-05 00:07:03 +09:00
dependabot[bot] 868a13b20d
Bump eslint from 7.12.0 to 7.12.1 (#15080)
Bumps [eslint](https://github.com/eslint/eslint) from 7.12.0 to 7.12.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.12.0...v7.12.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-05 00:06:37 +09:00
dependabot[bot] ff93ec5590
Bump compression-webpack-plugin from 6.0.3 to 6.0.4 (#15076)
Bumps [compression-webpack-plugin](https://github.com/webpack-contrib/compression-webpack-plugin) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/webpack-contrib/compression-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/compression-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/compression-webpack-plugin/compare/v6.0.3...v6.0.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-04 23:48:28 +09:00
dependabot[bot] 84cffe89fd
Bump file-loader from 6.1.1 to 6.2.0 (#15075)
Bumps [file-loader](https://github.com/webpack-contrib/file-loader) from 6.1.1 to 6.2.0.
- [Release notes](https://github.com/webpack-contrib/file-loader/releases)
- [Changelog](https://github.com/webpack-contrib/file-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/file-loader/compare/v6.1.1...v6.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-04 23:43:15 +09:00
dependabot[bot] 5b6676382d
Bump wicg-inert from 3.0.3 to 3.1.0 (#15081)
Bumps [wicg-inert](https://github.com/WICG/inert) from 3.0.3 to 3.1.0.
- [Release notes](https://github.com/WICG/inert/releases)
- [Commits](https://github.com/WICG/inert/compare/v3.0.3...v3.1.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-04 23:41:45 +09:00
dependabot[bot] d60485cb72
Bump sidekiq-unique-jobs from 6.0.24 to 6.0.25 (#15083)
Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 6.0.24 to 6.0.25.
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/commits/v6.0.25)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-04 23:39:02 +09:00
dependabot[bot] f43000d32c
Bump bootsnap from 1.4.8 to 1.4.9 (#15086)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.4.8 to 1.4.9.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.4.8...v1.4.9)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-04 23:38:06 +09:00
Mashiro f645dad661
add mouse scroll lock in image expand view (#15088)
* add mouse scroll lock in image expand view

* enhancement
2020-11-03 06:06:45 +01:00
Mashiro 6a2db10f76
Add expand/compress image button on image view box (#15068)
* add zoom image button

* enhance zoom algorithm & add translation

* code structure

* code structure

* code structure

* enhance grab performance

* rm useless state

* fix behavior on Firefox & scroll lock & horizontal scroll with mousewheel

* remove scroll lock on MouseWheelEvent

* code structure

* enhance algorithm and code structure

* rm Gemfile.lock from tree

* codeclimate

* fix a stupid mistake
2020-11-02 21:16:38 +01:00
Patrice Ferlet 4b2ec4a2dc
Fix postrgres secret name for cronjob (#15072)
The cronjob tries to get key from `mastodon` secret instead of
`mastodon-postgresql` - so the cronjob fails with this error:

Error: couldn't find key postgresql-password in Secret [NS]/mastodon

Another solution is to save the postgres password in mastodon secret,
but that means that the password is placed in two places.

Postgresql use <fullname>-postgresql name as secret name.
2020-11-02 06:16:51 +01:00
ThibG fa929d8b81
Tweak signature verification (#15069)
* Add more specific error message when request body digest is invalid

This may help other implementors debug their implementation.

* Relax Host parameter requirement to GET requests

The only POST requests processed by Mastodon need objects/actors (including
their host) to be explicitly mentioned in the request's body, so replaying
a legitimate request to another host should not be a security issue.

* Support Digest headers using multiple algorithms or lowercase alogirthm names
2020-11-01 23:38:31 +01:00
ThibG 9d023ed4f6
Fix some account media gallery items having empty labels (#15073)
Remove the labels entirely for images instead of putting an empty label.
2020-11-01 18:31:39 +01:00
ThibG c49805efb1
Fix poll ending notifications being created for each vote (#15071)
On a poll ending, notifications were created for each vote instead
of for each voter.
2020-11-01 06:34:43 +01:00
Darius Kazemi f1f0400adc
Show announcements in reverse chronological order (#15065) 2020-10-30 13:09:51 +01:00
fuyu 8d7fbe7dd9
Fix wrong seek bar width on media player (#15060) 2020-10-30 13:09:20 +01:00
dependabot[bot] d56e14a9cb
Bump mini-css-extract-plugin from 0.11.3 to 1.2.0 (#15034)
Bumps [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) from 0.11.3 to 1.2.0.
- [Release notes](https://github.com/webpack-contrib/mini-css-extract-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/mini-css-extract-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/mini-css-extract-plugin/compare/v0.11.3...v1.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-30 17:02:55 +09:00
dependabot[bot] c79626493a
Bump css-loader from 4.3.0 to 5.0.0 (#15011)
Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v4.3.0...v5.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-30 16:55:59 +09:00
mayaeh 2ae751f19d
Fix width of content text fluctuating over time (#15055) 2020-10-27 13:34:02 +01:00
Mélanie Chauvel c5704e75ae
Make “Mark media as sensitive” properly translatable (#15051) 2020-10-27 03:05:50 +01:00
Mélanie Chauvel 1d07f51039
Make visibility icon clickable as part of the time of a toot (#15053)
- Makes permalink to a toot more easily clickable
- Fix clicking between icon and time in fact clicking the display name
- Fix clicking slightly under time in fact clicking the display name
2020-10-27 03:00:47 +01:00
Mélanie Chauvel 0a8ab822e2
Sort filters by “keyword or phrase” in Settings (#15050) 2020-10-27 03:00:06 +01:00
Mélanie Chauvel a5afbb62d2
Make click area of video/audio player buttons bigger in WebUI (#15049) 2020-10-27 02:58:47 +01:00
dependabot[bot] 4a509d5722
Bump jest from 26.5.3 to 26.6.1 (#15037)
Bumps [jest](https://github.com/facebook/jest) from 26.5.3 to 26.6.1.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/compare/v26.5.3...v26.6.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 09:06:10 +09:00
dependabot[bot] d388e5ce2f
Bump babel-jest from 26.5.2 to 26.6.1 (#15036)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 26.5.2 to 26.6.1.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v26.6.1/packages/babel-jest)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 08:36:39 +09:00
dependabot[bot] 2089290849
Bump axios from 0.20.0 to 0.21.0 (#15033)
Bumps [axios](https://github.com/axios/axios) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.20.0...v0.21.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:54:31 +09:00
dependabot[bot] 444ed97099
Bump react-test-renderer from 16.13.1 to 16.14.0 (#15038)
Bumps [react-test-renderer](https://github.com/facebook/react/tree/HEAD/packages/react-test-renderer) from 16.13.1 to 16.14.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.14.0/packages/react-test-renderer)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:52:38 +09:00
dependabot[bot] e63c1f12c4
Bump eslint from 7.11.0 to 7.12.0 (#15040)
Bumps [eslint](https://github.com/eslint/eslint) from 7.11.0 to 7.12.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.11.0...v7.12.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:51:12 +09:00
dependabot[bot] 56939e1037
Bump @testing-library/jest-dom from 5.11.4 to 5.11.5 (#15039)
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 5.11.4 to 5.11.5.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/master/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v5.11.4...v5.11.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:47:24 +09:00
dependabot[bot] 336b6a3c3f
Bump tzinfo-data from 1.2020.3 to 1.2020.4 (#15041)
Bumps [tzinfo-data](https://github.com/tzinfo/tzinfo-data) from 1.2020.3 to 1.2020.4.
- [Release notes](https://github.com/tzinfo/tzinfo-data/releases)
- [Commits](https://github.com/tzinfo/tzinfo-data/compare/v1.2020.3...v1.2020.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:44:48 +09:00
dependabot[bot] 0a30a138b2
Bump sass-loader from 10.0.3 to 10.0.4 (#15035)
Bumps [sass-loader](https://github.com/webpack-contrib/sass-loader) from 10.0.3 to 10.0.4.
- [Release notes](https://github.com/webpack-contrib/sass-loader/releases)
- [Changelog](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/sass-loader/compare/v10.0.3...v10.0.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:44:27 +09:00
dependabot[bot] 0e04878e23
Bump eslint-plugin-react from 7.21.4 to 7.21.5 (#15043)
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.21.4 to 7.21.5.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.21.4...v7.21.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:43:57 +09:00
dependabot[bot] 1eda0a9a25
Bump strong_migrations from 0.7.1 to 0.7.2 (#15044)
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.7.1...v0.7.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:43:19 +09:00
dependabot[bot] 8b4654fd85
Bump simplecov from 0.19.0 to 0.19.1 (#15042)
Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 0.19.0 to 0.19.1.
- [Release notes](https://github.com/simplecov-ruby/simplecov/releases)
- [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md)
- [Commits](https://github.com/simplecov-ruby/simplecov/compare/v0.19.0...v0.19.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:41:36 +09:00
dependabot[bot] 652f6269f9
Bump aws-sdk-s3 from 1.83.0 to 1.83.1 (#15045)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.83.0 to 1.83.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:41:15 +09:00
dependabot[bot] 853d2761e4
Bump stackprof from 0.2.15 to 0.2.16 (#15046)
Bumps [stackprof](https://github.com/tmm1/stackprof) from 0.2.15 to 0.2.16.
- [Release notes](https://github.com/tmm1/stackprof/releases)
- [Changelog](https://github.com/tmm1/stackprof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tmm1/stackprof/compare/v0.2.15...v0.2.16)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 02:40:37 +09:00
ThibG 3678b10823
Fix follow request notifications (#15048) 2020-10-26 15:41:28 +01:00
ThibG 1f945e7390
Fix followers synchronization mechanism not being triggered on mentions (#15026)
e.g. if someone on an instance that previously had followers gets mentioned
in a private toot, before this PR, they would not receive a
Collection-Synchronization header and may show the toot to the former followers
in addition to the mentioned person.
2020-10-23 14:22:16 +02:00
ThibG fb586584f2
Fix account processing failing because of large collections (#15027)
Fixes #15025
2020-10-23 14:21:31 +02:00