diff --git a/.circleci/config.yml b/.circleci/config.yml index 2a60ae684..a373d685e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,8 +1,8 @@ version: 2.1 orbs: - ruby: circleci/ruby@1.4.1 - node: circleci/node@5.0.1 + ruby: circleci/ruby@2.0.0 + node: circleci/node@5.0.3 executors: default: @@ -19,11 +19,11 @@ executors: DB_USER: root DISABLE_SIMPLECOV: true RAILS_ENV: test - - image: cimg/postgres:14.0 + - image: cimg/postgres:14.5 environment: POSTGRES_USER: root POSTGRES_HOST_AUTH_METHOD: trust - - image: cimg/redis:6.2 + - image: cimg/redis:7.0 commands: install-system-dependencies: @@ -45,7 +45,7 @@ commands: bundle config without 'development production' name: Set bundler settings - ruby/install-deps: - bundler-version: '2.3.8' + bundler-version: '2.3.26' key: ruby<< parameters.ruby-version >>-gems-v1 wait-db: steps: @@ -68,7 +68,9 @@ jobs: cache-version: v1 pkg-manager: yarn - run: - command: ./bin/rails assets:precompile + command: | + export NODE_OPTIONS=--openssl-legacy-provider + ./bin/rails assets:precompile name: Precompile assets - persist_to_workspace: paths: @@ -219,5 +221,5 @@ workflows: pkg-manager: yarn requires: - build - version: lts + version: '16.18' yarn-run: test:jest diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index ac495e1c9..425b86a6b 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -9,7 +9,7 @@ FROM mcr.microsoft.com/vscode/devcontainers/ruby:${VARIANT} # The value is a comma-separated list of allowed domains ENV RAILS_DEVELOPMENT_HOSTS=".githubpreview.dev" -# [Choice] Node.js version: lts/*, 16, 14, 12, 10 +# [Choice] Node.js version: lts/*, 18, 16, 14 ARG NODE_VERSION="lts/*" RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1" diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 47497794f..b98f6a21e 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -2,7 +2,7 @@ "name": "Mastodon", "dockerComposeFile": "docker-compose.yml", "service": "app", - "workspaceFolder": "/workspaces/mastodon", + "workspaceFolder": "/mastodon", // Set *default* container specific settings.json values on container create. "settings": {}, @@ -15,12 +15,18 @@ "webben.browserslist" ], + "features": { + "ghcr.io/devcontainers/features/sshd:1": { + "version": "latest" + } + }, + // Use 'forwardPorts' to make a list of ports inside the container available locally. // This can be used to network with other containers or the host. "forwardPorts": [3000, 4000], // Use 'postCreateCommand' to run commands after the container is created. - "postCreateCommand": "bundle install --path vendor/bundle && yarn install && git checkout -- Gemfile.lock && ./bin/rails db:setup", + "postCreateCommand": ".devcontainer/post-create.sh", // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. "remoteUser": "vscode" diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 46f42c454..95f401379 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -11,9 +11,9 @@ services: # Use -bullseye variants on local arm64/Apple Silicon. VARIANT: '3.0-bullseye' # Optional Node.js version to install - NODE_VERSION: '14' + NODE_VERSION: '16' volumes: - - ..:/workspaces/mastodon:cached + - ..:/mastodon:cached environment: RAILS_ENV: development NODE_ENV: development diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh new file mode 100755 index 000000000..02f488f12 --- /dev/null +++ b/.devcontainer/post-create.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e # Fail the whole script on first error + +# Fetch Ruby gem dependencies +bundle install --path vendor/bundle --with='development test' + +# Fetch Javascript dependencies +yarn install + +# Make Gemfile.lock pristine again +git checkout -- Gemfile.lock + +# [re]create, migrate, and seed the test database +RAILS_ENV=test ./bin/rails db:setup + +# Precompile assets for development +RAILS_ENV=development ./bin/rails assets:precompile + +# Precompile assets for test +RAILS_ENV=test NODE_ENV=tests ./bin/rails assets:precompile diff --git a/.env.production.sample b/.env.production.sample index da4c7fe4c..7bcce0f7e 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -103,7 +103,7 @@ VAPID_PUBLIC_KEY= # Sending mail # ------------ -SMTP_SERVER=smtp.mailgun.org +SMTP_SERVER= SMTP_PORT=587 SMTP_LOGIN= SMTP_PASSWORD= diff --git a/.eslintrc.js b/.eslintrc.js index e4ada6fe0..03af2975b 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,6 +1,10 @@ module.exports = { root: true, + extends: [ + 'eslint:recommended', + ], + env: { browser: true, node: true, @@ -64,8 +68,8 @@ module.exports = { eqeqeq: 'error', indent: ['warn', 2], 'jsx-quotes': ['error', 'prefer-single'], + 'no-case-declarations': 'off', 'no-catch-shadow': 'error', - 'no-cond-assign': 'error', 'no-console': [ 'warn', { @@ -75,18 +79,16 @@ module.exports = { ], }, ], - 'no-fallthrough': 'error', - 'no-irregular-whitespace': 'error', - 'no-mixed-spaces-and-tabs': 'warn', + 'no-empty': 'off', 'no-nested-ternary': 'warn', + 'no-prototype-builtins': 'off', 'no-restricted-properties': [ 'error', { property: 'substring', message: 'Use .slice instead of .substring.' }, { property: 'substr', message: 'Use .slice instead of .substr.' }, ], + 'no-self-assign': 'off', 'no-trailing-spaces': 'warn', - 'no-undef': 'error', - 'no-unreachable': 'error', 'no-unused-expressions': 'error', 'no-unused-vars': [ 'error', @@ -96,6 +98,7 @@ module.exports = { ignoreRestSiblings: true, }, ], + 'no-useless-escape': 'off', 'object-curly-spacing': ['error', 'always'], 'padded-blocks': [ 'error', @@ -105,7 +108,6 @@ module.exports = { ], quotes: ['error', 'single'], semi: 'error', - strict: 'off', 'valid-typeof': 'error', 'react/jsx-boolean-value': 'error', diff --git a/.github/ISSUE_TEMPLATE/1.bug_report.yml b/.github/ISSUE_TEMPLATE/1.bug_report.yml index cdd08d2b0..22f51f7bd 100644 --- a/.github/ISSUE_TEMPLATE/1.bug_report.yml +++ b/.github/ISSUE_TEMPLATE/1.bug_report.yml @@ -1,6 +1,6 @@ name: Bug Report description: If something isn't working as expected -labels: bug +labels: [bug] body: - type: markdown attributes: @@ -50,7 +50,7 @@ body: Google Chrome 106.0.5249.119 Firefox 105.0.3 - + etc... validations: required: true diff --git a/.github/ISSUE_TEMPLATE/2.feature_request.yml b/.github/ISSUE_TEMPLATE/2.feature_request.yml index 6626c2876..2cabcf61e 100644 --- a/.github/ISSUE_TEMPLATE/2.feature_request.yml +++ b/.github/ISSUE_TEMPLATE/2.feature_request.yml @@ -1,6 +1,6 @@ name: Feature Request description: I have a suggestion -labels: suggestion +labels: [suggestion] body: - type: markdown attributes: diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index fd62889d0..f5d319652 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -2,4 +2,4 @@ blank_issues_enabled: false contact_links: - name: GitHub Discussions url: https://github.com/mastodon/mastodon/discussions - about: Please ask and answer questions here. \ No newline at end of file + about: Please ask and answer questions here. diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 4c3cade3b..51ee8a071 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -17,6 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: hadolint/hadolint-action@v3.1.0 - uses: docker/setup-qemu-action@v2 - uses: docker/setup-buildx-action@v2 - uses: docker/login-action@v2 @@ -37,7 +38,8 @@ jobs: with: context: . platforms: linux/amd64,linux/arm64 + builder: ${{ steps.buildx.outputs.name }} push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} - cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/mastodon:edge - cache-to: type=inline + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/check-i18n.yml b/.github/workflows/check-i18n.yml index a9d8ea2ea..9a7463060 100644 --- a/.github/workflows/check-i18n.yml +++ b/.github/workflows/check-i18n.yml @@ -25,7 +25,7 @@ jobs: - name: Set up Ruby uses: ruby/setup-ruby@v1 with: - ruby-version: '3.0' + ruby-version: .ruby-version bundler-cache: true - name: Check locale file normalization run: bundle exec i18n-tasks check-normalized diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..8534501d4 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,62 @@ +name: 'CodeQL' + +on: + push: + branches: ['main'] + pull_request: + # The branches below must be a subset of the branches above + branches: ['main'] + schedule: + - cron: '22 6 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ['javascript', 'ruby'] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: '/language:${{matrix.language}}' diff --git a/.github/workflows/lint-json.yml b/.github/workflows/lint-json.yml new file mode 100644 index 000000000..5bf4349b3 --- /dev/null +++ b/.github/workflows/lint-json.yml @@ -0,0 +1,38 @@ +name: JSON Linting +on: + push: + branches-ignore: + - 'dependabot/**' + paths: + - 'package.json' + - 'yarn.lock' + - '.prettier*' + - '**/*.json' + - '.github/workflows/lint-json.yml' + + pull_request: + paths: + - 'package.json' + - 'yarn.lock' + - '.prettier*' + - '**/*.json' + - '.github/workflows/lint-json.yml' + +jobs: + lint: + runs-on: ubuntu-latest + + steps: + - name: Clone repository + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + cache: yarn + + - name: Install all yarn packages + run: yarn --frozen-lockfile + + - name: Prettier + run: yarn prettier --check "**/*.json" diff --git a/.github/workflows/lint-yml.yml b/.github/workflows/lint-yml.yml new file mode 100644 index 000000000..b939ec8ce --- /dev/null +++ b/.github/workflows/lint-yml.yml @@ -0,0 +1,40 @@ +name: YML Linting +on: + push: + branches-ignore: + - 'dependabot/**' + paths: + - 'package.json' + - 'yarn.lock' + - '.prettier*' + - '**/*.yaml' + - '**/*.yml' + - '.github/workflows/lint-yml.yml' + + pull_request: + paths: + - 'package.json' + - 'yarn.lock' + - '.prettier*' + - '**/*.yaml' + - '**/*.yml' + - '.github/workflows/lint-yml.yml' + +jobs: + lint: + runs-on: ubuntu-latest + + steps: + - name: Clone repository + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + cache: yarn + + - name: Install all yarn packages + run: yarn --frozen-lockfile + + - name: Prettier + run: yarn prettier --check "**/*.{yml,yaml}" diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index cd8cb12c4..b6438d665 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -53,7 +53,7 @@ jobs: - name: Set-up Node.js uses: actions/setup-node@v3 with: - node-version: 16.x + node-version-file: .nvmrc cache: yarn - name: Install dependencies run: yarn install --frozen-lockfile @@ -62,7 +62,7 @@ jobs: - name: Set-up Stylelint Problem Matcher uses: xt0rted/stylelint-problem-matcher@v1 # https://github.com/xt0rted/stylelint-problem-matcher/issues/360 - - run: echo "::add-matcher::.github/stylelint-matcher.json" + - run: echo "::add-matcher::.github/stylelint-matcher.json" ################################ # Run Linter against code base # diff --git a/.github/workflows/rebase-needed.yml b/.github/workflows/rebase-needed.yml new file mode 100644 index 000000000..6f903ee61 --- /dev/null +++ b/.github/workflows/rebase-needed.yml @@ -0,0 +1,17 @@ +name: PR Needs Rebase + +on: + push: + pull_request_target: + types: [synchronize] + +jobs: + label-rebase-needed: + runs-on: ubuntu-latest + steps: + - name: Check for merge conflicts + uses: eps1lon/actions-label-merge-conflict@releases/2.x + with: + dirtyLabel: 'rebase needed :construction:' + repoToken: '${{ secrets.GITHUB_TOKEN }}' + commentOnDirty: This pull request has merge conflicts that must be resolved before it can be merged. diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml deleted file mode 100644 index b9ff80855..000000000 --- a/.github/workflows/test-chart.yml +++ /dev/null @@ -1,138 +0,0 @@ -# This is a GitHub workflow defining a set of jobs with a set of steps. -# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions -# -name: Test chart - -on: - pull_request: - paths: - - "chart/**" - - "!**.md" - - ".github/workflows/test-chart.yml" - push: - paths: - - "chart/**" - - "!**.md" - - ".github/workflows/test-chart.yml" - branches-ignore: - - "dependabot/**" - workflow_dispatch: - -permissions: - contents: read - -defaults: - run: - working-directory: chart - -jobs: - lint-templates: - runs-on: ubuntu-22.04 - - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 - with: - python-version: "3.x" - - - name: Install dependencies (yamllint) - run: pip install yamllint - - - run: helm dependency update - - - name: helm lint - run: | - helm lint . \ - --values dev-values.yaml - - - name: helm template - run: | - helm template . \ - --values dev-values.yaml \ - --output-dir rendered-templates - - - name: yamllint (only on templates we manage) - run: | - rm -rf rendered-templates/mastodon/charts - - yamllint rendered-templates \ - --config-data "{rules: {indentation: {spaces: 2}, line-length: disable}}" - - # This job helps us validate that rendered templates are valid k8s resources - # against a k8s api-server, via "helm template --validate", but also that a - # basic configuration can be used to successfully startup mastodon. - # - test-install: - runs-on: ubuntu-22.04 - timeout-minutes: 15 - - strategy: - fail-fast: false - matrix: - include: - # k3s-channel reference: https://update.k3s.io/v1-release/channels - - k3s-channel: latest - - k3s-channel: stable - - # This represents the oldest configuration we test against. - # - # The k8s version chosen is based on the oldest still supported k8s - # version among two managed k8s services, GKE, EKS. - # - GKE: https://endoflife.date/google-kubernetes-engine - # - EKS: https://endoflife.date/amazon-eks - # - # The helm client's version can influence what helper functions is - # available for use in the templates, currently we need v3.6.0 or - # higher. - # - - k3s-channel: v1.21 - helm-version: v3.6.0 - - steps: - - uses: actions/checkout@v3 - - # This action starts a k8s cluster with NetworkPolicy enforcement and - # installs both kubectl and helm. - # - # ref: https://github.com/jupyterhub/action-k3s-helm#readme - # - - uses: jupyterhub/action-k3s-helm@v3 - with: - k3s-channel: ${{ matrix.k3s-channel }} - helm-version: ${{ matrix.helm-version }} - metrics-enabled: false - traefik-enabled: false - docker-enabled: false - - - run: helm dependency update - - # Validate rendered helm templates against the k8s api-server - - name: helm template --validate - run: | - helm template --validate mastodon . \ - --values dev-values.yaml - - - name: helm install - run: | - helm install mastodon . \ - --values dev-values.yaml \ - --timeout 10m - - # This actions provides a report about the state of the k8s cluster, - # providing logs etc on anything that has failed and workloads marked as - # important. - # - # ref: https://github.com/jupyterhub/action-k8s-namespace-report#readme - # - - name: Kubernetes namespace report - uses: jupyterhub/action-k8s-namespace-report@v1 - if: always() - with: - important-workloads: >- - deploy/mastodon-sidekiq - deploy/mastodon-streaming - deploy/mastodon-web - job/mastodon-assets-precompile - job/mastodon-chewy-upgrade - job/mastodon-create-admin - job/mastodon-db-migrate diff --git a/.gitignore b/.gitignore index 7d76b8275..2bc8b18c8 100644 --- a/.gitignore +++ b/.gitignore @@ -44,12 +44,6 @@ /redis /elasticsearch -# ignore Helm charts -/chart/*.tgz - -# ignore Helm dependency charts -/chart/charts/*.tgz - # Ignore Apple files .DS_Store diff --git a/.nvmrc b/.nvmrc index 8351c1939..b6a7d89c6 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -14 +16 diff --git a/.prettierignore b/.prettierignore index de7673eb6..dc8c53693 100644 --- a/.prettierignore +++ b/.prettierignore @@ -44,9 +44,6 @@ /redis /elasticsearch -# ignore Helm dependency charts -/chart/charts/*.tgz - # Ignore Apple files .DS_Store @@ -67,12 +64,16 @@ yarn-debug.log # Ignore Docker option files docker-compose.override.yml -# Ignore Helm files -/chart - # Ignore emoji map file /app/javascript/mastodon/features/emoji/emoji_map.json # Ignore locale files /app/javascript/mastodon/locales /config/locales + +# Ignore glitch-soc locale files +/app/javascript/flavours/glitch/locales +/config/locales-glitch + +# Ignore glitch-soc emoji map file +/app/javascript/flavours/glitch/features/emoji/emoji_map.json diff --git a/.rubocop.yml b/.rubocop.yml index 8dc2d1c47..3c9223470 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,12 +1,18 @@ require: - rubocop-rails + - rubocop-rspec + - rubocop-performance AllCops: - TargetRubyVersion: 2.5 - NewCops: disable + TargetRubyVersion: 2.7 + DisplayCopNames: true + DisplayStyleGuide: true + ExtraDetails: true + UseCache: true + CacheRootDirectory: tmp + NewCops: enable Exclude: - - 'spec/**/*' - - 'db/**/*' + - db/schema.rb - 'app/views/**/*' - 'config/**/*' - 'bin/*' @@ -67,15 +73,57 @@ Lint/UselessAccessModifier: - class_methods Metrics/AbcSize: - Max: 115 + Max: 34 # RuboCop default 17 Exclude: - - 'lib/mastodon/*_cli.rb' + - 'lib/**/*cli*.rb' + - db/*migrate/**/* + - lib/paperclip/color_extractor.rb + - app/workers/scheduler/follow_recommendations_scheduler.rb + - app/services/activitypub/fetch*_service.rb + - lib/paperclip/**/* + CountRepeatedAttributes: false + AllowedMethods: + - update_media_attachments! + - account_link_to + - attempt_oembed + - build_crutches + - calculate_scores + - cc + - dump_actor! + - filter_from_home? + - hydrate + - import_bookmarks! + - import_relationships! + - initialize + - link_to_mention + - log_target + - matches_time_window? + - parse_metadata + - perform_statuses_search! + - privatize_media_attachments! + - process_update + - publish_media_attachments! + - remotable_attachment + - render_initial_state + - render_with_cache + - searchable_by + - self.cached_filters_for + - set_fetchable_attributes! + - signed_request_actor + - statuses_to_delete + - update_poll! Metrics/BlockLength: Max: 55 Exclude: - - 'lib/tasks/**/*' - 'lib/mastodon/*_cli.rb' + CountComments: false + CountAsOne: [array, heredoc] + AllowedMethods: + - task + - namespace + - class_methods + - included Metrics/BlockNesting: Max: 3 @@ -85,34 +133,144 @@ Metrics/BlockNesting: Metrics/ClassLength: CountComments: false Max: 500 + CountAsOne: [array, heredoc] Exclude: - 'lib/mastodon/*_cli.rb' Metrics/CyclomaticComplexity: - Max: 25 + Max: 12 Exclude: - - 'lib/mastodon/*_cli.rb' + - lib/mastodon/*cli*.rb + - db/*migrate/**/* + AllowedMethods: + - attempt_oembed + - blocked? + - build_crutches + - calculate_scores + - cc + - discover_endpoint! + - filter_from_home? + - hydrate + - klass + - link_to_mention + - log_target + - matches_time_window? + - patch_for_forwarding! + - preprocess_attributes! + - process_update + - remotable_attachment + - scan_text! + - self.cached_filters_for + - set_fetchable_attributes! + - setup_redis_env_url + - update_media_attachments! Layout/LineLength: + Max: 140 # RuboCop default 120 + AllowHeredoc: true AllowURI: true - Enabled: false + IgnoreCopDirectives: true + AllowedPatterns: + # Allow comments to be long lines + - !ruby/regexp / \# .*$/ + - !ruby/regexp /^\# .*$/ + Exclude: + - lib/**/*cli*.rb + - db/*migrate/**/* + - db/seeds/**/* Metrics/MethodLength: CountComments: false - Max: 65 + CountAsOne: [array, heredoc] + Max: 25 # RuboCop default 10 Exclude: - 'lib/mastodon/*_cli.rb' + AllowedMethods: + - account_link_to + - attempt_oembed + - body_with_limit + - build_crutches + - cached_filters_for + - calculate_scores + - check_webfinger! + - clean_feeds! + - collection_items + - collection_presenter + - copy_account_notes! + - deduplicate_accounts! + - deduplicate_conversations! + - deduplicate_local_accounts! + - deduplicate_statuses! + - deduplicate_tags! + - deduplicate_users! + - discover_endpoint! + - extract_extra_uris_with_indices + - extract_hashtags_with_indices + - extract_mentions_or_lists_with_indices + - filter_from_home? + - from_elasticsearch + - handle_explicit_update! + - handle_mark_as_sensitive! + - hsl_to_rgb + - import_bookmarks! + - import_domain_blocks! + - import_relationships! + - ldap_options + - matches_time_window? + - outbox_presenter + - pam_get_user + - parallelize_with_progress + - parse_and_transform + - patch_for_forwarding! + - populate_home + - post_process_style + - preload_cache_collection_target_statuses + - privatize_media_attachments! + - provides_callback_for + - publish_media_attachments! + - relevant_account_timestamp + - remotable_attachment + - rgb_to_hsl + - rss_status_content_format + - set_fetchable_attributes! + - setup_redis_env_url + - signed_request_actor + - to_preview_card_attributes + - upgrade_storage_filesystem + - upgrade_storage_s3 + - user_settings_params + - hydrate + - cc + - self_destruct Metrics/ModuleLength: CountComments: false Max: 200 + CountAsOne: [array, heredoc] Metrics/ParameterLists: - Max: 5 - CountKeywordArgs: true + Max: 5 # RuboCop default 5 + CountKeywordArgs: true # RuboCop default true + MaxOptionalParameters: 3 # RuboCop default 3 + Exclude: + - app/models/concerns/account_interactions.rb + - app/services/activitypub/fetch_remote_account_service.rb + - app/services/activitypub/fetch_remote_actor_service.rb Metrics/PerceivedComplexity: - Max: 25 + Max: 16 # RuboCop default 8 + AllowedMethods: + - attempt_oembed + - build_crutches + - calculate_scores + - deduplicate_users! + - discover_endpoint! + - filter_from_home? + - hydrate + - patch_for_forwarding! + - process_update + - remove_orphans + - update_media_attachments! Naming/MemoizedInstanceVariableName: Enabled: false @@ -243,6 +401,10 @@ Style/HashTransformKeys: Style/HashTransformValues: Enabled: false +Style/HashSyntax: + Enabled: true + EnforcedStyle: ruby19_no_mixed_keys + Style/IfUnlessModifier: Enabled: false @@ -263,9 +425,6 @@ Style/PercentLiteralDelimiters: Style/PerlBackrefs: AutoCorrect: false -Style/RedundantAssignment: - Enabled: false - Style/RedundantFetchBlock: Enabled: true @@ -288,7 +447,7 @@ Style/RegexpLiteral: Enabled: false Style/RescueStandardError: - Enabled: false + Enabled: true Style/SignalException: Enabled: false @@ -307,3 +466,14 @@ Style/TrailingCommaInHashLiteral: Style/UnpackFirst: Enabled: false + +RSpec/ScatteredSetup: + Enabled: false +RSpec/ImplicitExpect: + Enabled: false +RSpec/NamedSubject: + Enabled: false +RSpec/DescribeClass: + Enabled: false +RSpec/LetSetup: + Enabled: false diff --git a/Aptfile b/Aptfile index a52eef4e1..8f5bb72a2 100644 --- a/Aptfile +++ b/Aptfile @@ -1,26 +1,4 @@ ffmpeg -libicu[0-9][0-9] -libicu-dev -libidn12 -libidn-dev libpq-dev libxdamage1 libxfixes3 -zlib1g-dev -libcairo2 -libcroco3 -libdatrie1 -libgdk-pixbuf2.0-0 -libgraphite2-3 -libharfbuzz0b -libpango-1.0-0 -libpangocairo-1.0-0 -libpangoft2-1.0-0 -libpixman-1-0 -librsvg2-2 -libthai-data -libthai0 -libvpx[5-9] -libxcb-render0 -libxcb-shm0 -libxrender1 diff --git a/CHANGELOG.md b/CHANGELOG.md index b1ad9e5fd..9a1ad4ffc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,191 @@ Changelog All notable changes to this project will be documented in this file. +## [4.1.0] - UNRELEASED + +### Added + +- **Add support for importing/exporting server-wide domain blocks** ([enbylenore](https://github.com/mastodon/mastodon/pull/20597), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/21471), [dariusk](https://github.com/mastodon/mastodon/pull/22803), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/21470)) +- Add listing of followed hashtags ([connorshea](https://github.com/mastodon/mastodon/pull/21773)) +- Add support for editing media description and focus point of already-sent posts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20878)) +- Add follow request banner on account header ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20785)) +- Add confirmation screen when handling reports ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22375), [Gargron](https://github.com/mastodon/mastodon/pull/23156), [tribela](https://github.com/mastodon/mastodon/pull/23178)) +- Add option to make the landing page be `/about` even when trends are enabled ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20808)) +- Add `noindex` setting back to the admin interface ([prplecake](https://github.com/mastodon/mastodon/pull/22205)) +- Add instance peers API endpoint toggle back to the admin interface ([dariusk](https://github.com/mastodon/mastodon/pull/22810)) +- Add instance activity API endpoint toggle back to the admin interface ([dariusk](https://github.com/mastodon/mastodon/pull/22833)) +- Add `account.approved` webhook ([Saiv46](https://github.com/mastodon/mastodon/pull/22938)) +- Add 12 hours option to polls ([Pleclown](https://github.com/mastodon/mastodon/pull/21131)) +- Add dropdown menu item to open admin interface for remote domains ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21895)) +- Add `--remove-headers`, `--prune-profiles` and `--include-follows` flags to `tootctl media remove` ([evanphilip](https://github.com/mastodon/mastodon/pull/22149)) +- Add `--email` and `--dry-run` options to `tootctl accounts delete` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22328)) +- Add `tootctl accounts migrate` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22330)) +- Add `tootctl accounts prune` ([tribela](https://github.com/mastodon/mastodon/pull/18397)) +- Add `tootctl domains purge` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22063)) +- Add `SIDEKIQ_CONCURRENCY` environment variable ([muffinista](https://github.com/mastodon/mastodon/pull/19589)) +- Add `MIN_THREADS` environment variable to set minimum Puma threads ([jimeh](https://github.com/mastodon/mastodon/pull/21048)) +- Add explanation text to log-in page ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20946)) +- Add user profile OpenGraph tag on post pages ([bramus](https://github.com/mastodon/mastodon/pull/21423)) +- Add maskable icon support for Android ([workeffortwaste](https://github.com/mastodon/mastodon/pull/20904)) +- Add Belarusian to supported languages ([Mixaill](https://github.com/mastodon/mastodon/pull/22022)) +- Add Western Frisian to supported languages ([ykzts](https://github.com/mastodon/mastodon/pull/18602)) +- Add Montenegrin to the language picker ([ayefries](https://github.com/mastodon/mastodon/pull/21013)) +- Add Southern Sami and Lule Sami to the language picker ([Jullan-M](https://github.com/mastodon/mastodon/pull/21262)) +- Add logging for Rails cache timeouts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21667)) +- Add color highlight for active hashtag “follow” button ([MFTabriz](https://github.com/mastodon/mastodon/pull/21629)) +- Add brotli compression to `assets:precompile` ([Izorkin](https://github.com/mastodon/mastodon/pull/19025)) +- Add “disabled” account filter to the `/admin/accounts` UI ([tribela](https://github.com/mastodon/mastodon/pull/21282)) +- Add transparency to modal background for accessibility ([edent](https://github.com/mastodon/mastodon/pull/18081)) +- Add `title` attribute to video elements in media attachments ([bramus](https://github.com/mastodon/mastodon/pull/21420)) +- Add left and right margins to emojis ([dsblank](https://github.com/mastodon/mastodon/pull/20464)) +- Add `reading:autoplay:gifs` to `/api/v1/preferences` ([j-f1](https://github.com/mastodon/mastodon/pull/22706)) +- Add `hide_collections` parameter to `/api/v1/accounts/credentials` ([CarlSchwan](https://github.com/mastodon/mastodon/pull/22790)) +- Add `policy` attribute to web push subscription objects in `/api/v1/push/subscriptions` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23210)) +- Add more specific error messages to HTTP signature verification ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21617)) +- Add Storj DCS to cloud object storage options in the `mastodon:setup` rake task ([jtolio](https://github.com/mastodon/mastodon/pull/21929)) +- Add checkmark symbol in the checkbox for sensitive media ([sidp](https://github.com/mastodon/mastodon/pull/22795)) +- Add missing accessibility attributes to logout link in modals ([kytta](https://github.com/mastodon/mastodon/pull/22549)) +- Add missing accessibility attributes to “Hide image” button in `MediaGallery` ([hs4man21](https://github.com/mastodon/mastodon/pull/22513)) +- Add missing accessibility attributes to hide content warning field when disabled ([hs4man21](https://github.com/mastodon/mastodon/pull/22568)) +- Add `aria-hidden` to footer circle dividers to improve accessibility ([hs4man21](https://github.com/mastodon/mastodon/pull/22576)) +- Add `lang` attribute to compose form inputs ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23240)) + +### Changed + +- **Ensure exact match is the first result in hashtag searches** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21315)) +- Change account search to return followed accounts first ([dariusk](https://github.com/mastodon/mastodon/pull/22956)) +- Change batch account suspension to create a strike ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20897)) +- Change default reply language to match the default language when replying to a translated post ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22272)) +- Change misleading wording about waitlists ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20850)) +- Increase width of the unread notification border ([connorshea](https://github.com/mastodon/mastodon/pull/21692)) +- Change new post notification button on profiles to make it more apparent when it is enabled ([tribela](https://github.com/mastodon/mastodon/pull/22541)) +- Change trending tags admin interface to always show batch action controls ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23013)) +- Change wording of some OAuth scope descriptions ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22491)) +- Change wording of admin report handling actions ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18388)) +- Change confirm prompts for relationships management ([tribela](https://github.com/mastodon/mastodon/pull/19411)) +- Change language surrounding disability in prompts for media descriptions ([hs4man21](https://github.com/mastodon/mastodon/pull/20923)) +- Change confusing wording in the sign in banner ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22490)) +- Change account moderation notes to make links clickable ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22553)) +- Change email address input to be read-only for logged-in users when requesting a new confirmation e-mail ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23247)) +- Save avatar or header correctly even if the other one fails ([tribela](https://github.com/mastodon/mastodon/pull/18465)) +- Change `referrer-policy` to `same-origin` application-wide ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23014), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/23037)) +- Add 'private' to `Cache-Control`, match Rails expectations ([daxtens](https://github.com/mastodon/mastodon/pull/20608)) +- Make the button that expands the compose form differentiable from the button that publishes a post ([Tak](https://github.com/mastodon/mastodon/pull/20864)) +- Change automatic post deletion configuration to be accessible to moved users ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20774)) +- Make tag following idempotent ([trwnh](https://github.com/mastodon/mastodon/pull/20860), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/21285)) +- Use buildx functions for faster builds ([inductor](https://github.com/mastodon/mastodon/pull/20692)) +- Split off Dockerfile components for faster builds ([moritzheiber](https://github.com/mastodon/mastodon/pull/20933), [ineffyble](https://github.com/mastodon/mastodon/pull/20948), [BtbN](https://github.com/mastodon/mastodon/pull/21028)) +- Change last occurrence of “silence” to “limit” in UI text ([cincodenada](https://github.com/mastodon/mastodon/pull/20637)) +- Change “hide toot” to “hide post” ([seanthegeek](https://github.com/mastodon/mastodon/pull/22385)) +- Don't allow URLs that contain non-normalized paths to be verified ([dgl](https://github.com/mastodon/mastodon/pull/20999)) +- Change the “Trending now” header to be a link to the Explore page ([connorshea](https://github.com/mastodon/mastodon/pull/21759)) +- Change PostgreSQL connection timeout from 2 minutes to 15 seconds ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21790)) +- Make handle more easily selectable on profile page ([cadars](https://github.com/mastodon/mastodon/pull/21479)) +- Allow admins to refresh remotely-suspended accounts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22327)) +- Change dropdown menu to contain “Copy link to post” even for non-public posts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21316)) +- Allow adding relays in secure mode and limited federation mode ([ineffyble](https://github.com/mastodon/mastodon/pull/22324)) +- Change timestamps to be displayed using the user's timezone throughout the moderation interface ([FrancisMurillo](https://github.com/mastodon/mastodon/pull/21878), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/22555)) +- Change CSP directives on API to be tight and concise ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20960)) +- Change web UI to not autofocus the compose form ([raboof](https://github.com/mastodon/mastodon/pull/16517)) +- Change idempotency key handling for posting when database access is slow ([lambda](https://github.com/mastodon/mastodon/pull/21840)) +- Change remote media files to be downloaded outside of transactions ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21796)) +- Improve contrast of charts in “poll has ended” notifications ([j-f1](https://github.com/mastodon/mastodon/pull/22575)) +- Change OEmbed detection and validation to be somewhat more lenient ([ineffyble](https://github.com/mastodon/mastodon/pull/22533)) +- Widen ElasticSearch version detection to not display a warning for OpenSearch ([VyrCossont](https://github.com/mastodon/mastodon/pull/22422), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/23064)) +- Change link verification to allow pages larger than 1MB as long as the link is in the first 1MB ([untitaker](https://github.com/mastodon/mastodon/pull/22879)) +- Update default Node.js version to Node.js 16 ([ineffyble](https://github.com/mastodon/mastodon/pull/22223), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/22342)) + +### Removed + +- Officially remove support for Ruby 2.6 ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21477)) +- Remove `object-fit` polyfill used for old versions of Microsoft Edge ([shuuji3](https://github.com/mastodon/mastodon/pull/22693)) +- Remove empty `title` tag from mailer layout ([nametoolong](https://github.com/mastodon/mastodon/pull/23078)) + +### Fixed + +- **Fix changing domain block severity not undoing individual account effects** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22135)) +- Fix suspension worker crashing on S3-compatible setups without ACL support ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22487)) +- Fix possible race conditions when suspending/unsuspending accounts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22363)) +- Fix being stuck in edit mode when deleting the edited status ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22126)) +- Fix filters not being applied to some notification types ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23211)) +- Fix some performance issues with `/admin/instances` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21907)) +- Fix some pre-4.0 admin audit logs ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22091)) +- Fix moderation audit log items for warnings having incorrect links ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23242)) +- Fix account activation being sometimes triggered before email confirmation ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23245)) +- Fix missing OAuth scopes for admin APIs ([trwnh](https://github.com/mastodon/mastodon/pull/20918), [trwnh](https://github.com/mastodon/mastodon/pull/20979)) +- Fix voter count not being cleared when a poll is reset ([afontenot](https://github.com/mastodon/mastodon/pull/21700)) +- Fix attachments of edited statuses not being fetched ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21565)) +- Fix irreversible and whole_word parameters handling in `/api/v1/filters` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21988)) +- Fix 500 error when marking posts as sensitive while some of them are deleted ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22134)) +- Fix expanded statuses not always being scrolled into view ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21797)) +- Fix not being able to scroll the remote interaction modal on small screens ([xendke](https://github.com/mastodon/mastodon/pull/21763)) +- Fix audio player volume control on Safari ([minacle](https://github.com/mastodon/mastodon/pull/23187)) +- Fix disappearing “Explore” tabs on Safari ([nyura](https://github.com/mastodon/mastodon/pull/20917), [ykzts](https://github.com/mastodon/mastodon/pull/20982)) +- Fix wrong padding in RTL layout ([Gargron](https://github.com/mastodon/mastodon/pull/23157)) +- Fix drag & drop upload area display in single-column mode ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23217)) +- Fix being unable to get a single EmailDomainBlock from the admin API ([trwnh](https://github.com/mastodon/mastodon/pull/20846)) +- Fix pagination of followed tags ([trwnh](https://github.com/mastodon/mastodon/pull/20861)) +- Fix dropdown menu positions when scrolling ([sidp](https://github.com/mastodon/mastodon/pull/22916), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/23062)) +- Fix email with empty domain name labels passing validation ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23246)) +- Fix mysterious registration failure when “Require a reason to join” is set with open registrations ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22127)) +- Fix attachment rendering of edited posts in OpenGraph ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22270)) +- Fix invalid/empty RSS feed link on account pages ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20772)) +- Fix error in `VerifyLinkService` when processing links with no href ([joshuap](https://github.com/mastodon/mastodon/pull/20741)) +- Fix error in `VerifyLinkService` when processing links with invalid URLs ([untitaker](https://github.com/mastodon/mastodon/pull/23204)) +- Fix media uploads with FFmpeg 5 ([dead10ck](https://github.com/mastodon/mastodon/pull/21191)) +- Fix sensitive flag not being set when replying to a post with a content warning under certain conditions ([kedamaDQ](https://github.com/mastodon/mastodon/pull/21724)) +- Fix “Share @user's profile” profile menu item not working ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21490)) +- Fix crash and incorrect behavior in `tootctl domains crawl` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/19004)) +- Fix autoplay on iOS ([jamesadney](https://github.com/mastodon/mastodon/pull/21422)) +- Fix spaces not being stripped in admin account search ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21324)) +- Fix spaces not being stripped when adding relays ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22655)) +- Fix infinite loading spinner instead of soft 404 for non-existing remote accounts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21303)) +- Fix minor visual issue with the top border of verified account fields ([j-f1](https://github.com/mastodon/mastodon/pull/22006)) +- Fix pending account approval and rejection not being recorded in the admin audit log ([FrancisMurillo](https://github.com/mastodon/mastodon/pull/22088)) +- Fix “Sign up” button with closed registrations not opening modal on mobile ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22060)) +- Fix UI header overflowing on mobile ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21783)) +- Fix 500 error when trying to migrate to an invalid address ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21462)) +- Fix crash when trying to fetch unobtainable avatar of user using external authentication ([lochiiconnectivity](https://github.com/mastodon/mastodon/pull/22462)) +- Fix potential duplicate statuses in Explore tab ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22121)) +- Fix deprecation warning in `tootctl accounts rotate` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22120)) +- Fix missing style in warning and strike cards ([AtelierSnek](https://github.com/mastodon/mastodon/pull/22177), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/22302)) +- Fix wasteful request to `/api/v1/custom_emojis` when not logged in ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22326)) +- Fix replies sometimes being delivered to user-blocked domains ([tribela](https://github.com/mastodon/mastodon/pull/22117)) +- Fix admin dashboard crash when using some ElasticSearch replacements ([cortices](https://github.com/mastodon/mastodon/pull/21006)) +- Fix profile avatar being slightly offset into left border ([RiedleroD](https://github.com/mastodon/mastodon/pull/20994)) +- Fix N+1 queries in `NotificationsController` ([nametoolong](https://github.com/mastodon/mastodon/pull/21202)) +- Fix being unable to react to announcements with the keycap number sign emoji ([kescherCode](https://github.com/mastodon/mastodon/pull/22231)) +- Fix height computation of post embeds ([hodgesmr](https://github.com/mastodon/mastodon/pull/22141)) +- Fix accessibility issue of the search bar due to hidden placeholder ([alexstine](https://github.com/mastodon/mastodon/pull/21275)) +- Fix layout change handler not being removed due to a typo ([nschonni](https://github.com/mastodon/mastodon/pull/21829)) +- Fix typo in the default `S3_HOSTNAME` used in the `mastodon:setup` rake task ([danp](https://github.com/mastodon/mastodon/pull/19932)) +- Fix the top action bar appearing in the multi-column layout ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20943)) +- Fix inability to use local LibreTranslate without setting `ALLOWED_PRIVATE_ADDRESSES` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21926)) +- Fix punycoded local domains not being prettified in initial state ([Tritlo](https://github.com/mastodon/mastodon/pull/21440)) +- Fix CSP violation warning by removing inline CSS from SVG logo ([luxiaba](https://github.com/mastodon/mastodon/pull/20814)) +- Fix margin for search field on medium window size ([minacle](https://github.com/mastodon/mastodon/pull/21606)) +- Fix search popout scrolling with the page in single-column mode ([rgroothuijsen](https://github.com/mastodon/mastodon/pull/16463)) +- Fix minor status cache hydration discrepancy ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/19879)) +- Fix `・` detection in hashtags ([parthoghosh24](https://github.com/mastodon/mastodon/pull/22888)) +- Fix hashtag follows bypassing user blocks ([tribela](https://github.com/mastodon/mastodon/pull/22849)) +- Fix moved accounts being incorrectly redirected to account settings when trying to view a remote profile ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22497)) +- Fix site upload validations ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22479)) +- Fix “Add new domain block” button using last submitted search value instead of the current one ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22485)) +- Fix misleading hashtag warning when posting with “Followers only” or “Mentioned people only” visibility ([n0toose](https://github.com/mastodon/mastodon/pull/22827)) +- Fix embedded posts with videos grabbing focus ([Akkiesoft](https://github.com/mastodon/mastodon/pull/22778)) +- Fix `$` not being escaped in `.env.production` files generated by the `mastodon:setup` rake task ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23012), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/23072)) +- Fix sanitizer parsing link text as HTML when stripping unsupported links ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22558)) +- Fix `scheduled_at` input not using `datetime-local` when editing announcements ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21896)) +- Fix REST API serializer for `Account` not including `moved` when the moved account has itself moved ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22483)) +- Fix `/api/v1/admin/trends/tags` using wrong serializer ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18943)) +- Fix situations in which instance actor can be set to a Mastodon-incompatible name ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22307)) + +### Security + +- Add `form-action` CSP directive ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20781), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/20958), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/20962)) +- Fix unbounded recursion in account discovery ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22025)) +- Revoke all authorized applications on password reset ([FrancisMurillo](https://github.com/mastodon/mastodon/pull/21325)) + ## [4.0.2] - 2022-11-15 ### Fixed diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index cc0a7f51b..b3eafdc48 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -40,7 +40,7 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [https://contributor-covenant.org/version/1/4][version] -[homepage]: http://contributor-covenant.org -[version]: http://contributor-covenant.org/version/1/4/ +[homepage]: https://contributor-covenant.org +[version]: https://contributor-covenant.org/version/1/4/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 049cd4e29..ed670f5a6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,6 +6,12 @@ Here are some guidelines, and ways you can help. > (This document is a bit of a work-in-progress, so please bear with us. > If you don't see what you're looking for here, please don't hesitate to reach out!) +## Translations + +You can submit glitch-soc-specific translations via [Crowdin](https://crowdin.com/project/glitch-soc). They are periodically merged into the codebase. + +[![Crowdin](https://badges.crowdin.net/glitch-soc/localized.svg)](https://crowdin.com/project/glitch-soc) + ## Planning ## Right now a lot of the planning for this project takes place in our development Discord, or through GitHub Issues and Projects. diff --git a/Dockerfile b/Dockerfile index cf311fef2..ce7f4d718 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,121 +1,99 @@ -FROM ubuntu:20.04 as build-dep - -# Use bash for the shell -SHELL ["/bin/bash", "-c"] -RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections - -# Install Node v16 (LTS) -ENV NODE_VER="16.17.1" -RUN ARCH= && \ - dpkgArch="$(dpkg --print-architecture)" && \ - case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac && \ - echo "Etc/UTC" > /etc/localtime && \ - apt-get update && \ - apt-get install -y --no-install-recommends ca-certificates wget python3 apt-utils && \ - cd ~ && \ - wget -q https://nodejs.org/download/release/v$NODE_VER/node-v$NODE_VER-linux-$ARCH.tar.gz && \ - tar xf node-v$NODE_VER-linux-$ARCH.tar.gz && \ - rm node-v$NODE_VER-linux-$ARCH.tar.gz && \ - mv node-v$NODE_VER-linux-$ARCH /opt/node - -# Install Ruby 3.0 -ENV RUBY_VER="3.0.4" -RUN apt-get update && \ - apt-get install -y --no-install-recommends build-essential \ - bison libyaml-dev libgdbm-dev libreadline-dev libjemalloc-dev \ - libncurses5-dev libffi-dev zlib1g-dev libssl-dev && \ - cd ~ && \ - wget https://cache.ruby-lang.org/pub/ruby/${RUBY_VER%.*}/ruby-$RUBY_VER.tar.gz && \ - tar xf ruby-$RUBY_VER.tar.gz && \ - cd ruby-$RUBY_VER && \ - ./configure --prefix=/opt/ruby \ - --with-jemalloc \ - --with-shared \ - --disable-install-doc && \ - make -j"$(nproc)" > /dev/null && \ - make install && \ - rm -rf ../ruby-$RUBY_VER.tar.gz ../ruby-$RUBY_VER - -ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin" - -RUN npm install -g npm@latest && \ - npm install -g yarn && \ - gem install bundler && \ - apt-get update && \ - apt-get install -y --no-install-recommends git libicu-dev libidn11-dev \ - libpq-dev shared-mime-info +# syntax=docker/dockerfile:1.4 +# This needs to be bullseye-slim because the Ruby image is built on bullseye-slim +ARG NODE_VERSION="16.18.1-bullseye-slim" -COPY Gemfile* package.json yarn.lock /opt/mastodon/ +FROM ghcr.io/moritzheiber/ruby-jemalloc:3.0.4-slim as ruby +FROM node:${NODE_VERSION} as build -RUN cd /opt/mastodon && \ - bundle config set --local deployment 'true' && \ - bundle config set --local without 'development test' && \ - bundle config set silence_root_warning true && \ - bundle install -j"$(nproc)" && \ - yarn install --pure-lockfile +COPY --link --from=ruby /opt/ruby /opt/ruby -FROM ubuntu:20.04 +ENV DEBIAN_FRONTEND="noninteractive" \ + PATH="${PATH}:/opt/ruby/bin" -# Copy over all the langs needed for runtime -COPY --from=build-dep /opt/node /opt/node -COPY --from=build-dep /opt/ruby /opt/ruby +SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Add more PATHs to the PATH -ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin:/opt/mastodon/bin" +WORKDIR /opt/mastodon +COPY Gemfile* package.json yarn.lock /opt/mastodon/ -# Create the mastodon user -ARG UID=991 -ARG GID=991 -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# hadolint ignore=DL3008 RUN apt-get update && \ - echo "Etc/UTC" > /etc/localtime && \ - apt-get install -y --no-install-recommends whois wget && \ - addgroup --gid $GID mastodon && \ - useradd -m -u $UID -g $GID -d /opt/mastodon mastodon && \ - echo "mastodon:$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256)" | chpasswd && \ - rm -rf /var/lib/apt/lists/* - -# Install mastodon runtime deps -RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections + apt-get install -y --no-install-recommends build-essential \ + ca-certificates \ + git \ + libicu-dev \ + libidn11-dev \ + libpq-dev \ + libjemalloc-dev \ + zlib1g-dev \ + libgdbm-dev \ + libgmp-dev \ + libssl-dev \ + libyaml-0-2 \ + ca-certificates \ + libreadline8 \ + python3 \ + shared-mime-info && \ + bundle config set --local deployment 'true' && \ + bundle config set --local without 'development test' && \ + bundle config set silence_root_warning true && \ + bundle install -j"$(nproc)" && \ + yarn install --pure-lockfile --network-timeout 600000 + +FROM node:${NODE_VERSION} + +ARG UID="991" +ARG GID="991" + +COPY --link --from=ruby /opt/ruby /opt/ruby + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +ENV DEBIAN_FRONTEND="noninteractive" \ + PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin" + +# Ignoreing these here since we don't want to pin any versions and the Debian image removes apt-get content after use +# hadolint ignore=DL3008,DL3009 RUN apt-get update && \ - apt-get -y --no-install-recommends install \ - libssl1.1 libpq5 imagemagick ffmpeg libjemalloc2 \ - libicu66 libidn11 libyaml-0-2 \ - file ca-certificates tzdata libreadline8 gcc tini apt-utils && \ - ln -s /opt/mastodon /mastodon && \ - gem install bundler && \ - rm -rf /var/cache && \ - rm -rf /var/lib/apt/lists/* - -# Copy over mastodon source, and dependencies from building, and set permissions -COPY --chown=mastodon:mastodon . /opt/mastodon -COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon + echo "Etc/UTC" > /etc/localtime && \ + groupadd -g "${GID}" mastodon && \ + useradd -l -u "$UID" -g "${GID}" -m -d /opt/mastodon mastodon && \ + apt-get -y --no-install-recommends install whois \ + wget \ + procps \ + libssl1.1 \ + libpq5 \ + imagemagick \ + ffmpeg \ + libjemalloc2 \ + libicu67 \ + libidn11 \ + libyaml-0-2 \ + file \ + ca-certificates \ + tzdata \ + libreadline8 \ + tini && \ + ln -s /opt/mastodon /mastodon + +# Note: no, cleaning here since Debian does this automatically +# See the file /etc/apt/apt.conf.d/docker-clean within the Docker image's filesystem -# Run mastodon services in prod mode -ENV RAILS_ENV="production" -ENV NODE_ENV="production" +COPY --chown=mastodon:mastodon . /opt/mastodon +COPY --chown=mastodon:mastodon --from=build /opt/mastodon /opt/mastodon -# Tell rails to serve static files -ENV RAILS_SERVE_STATIC_FILES="true" -ENV BIND="0.0.0.0" +ENV RAILS_ENV="production" \ + NODE_ENV="production" \ + RAILS_SERVE_STATIC_FILES="true" \ + BIND="0.0.0.0" # Set the run user USER mastodon +WORKDIR /opt/mastodon # Precompile assets -RUN cd ~ && \ - OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \ - yarn cache clean +RUN OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \ + yarn cache clean # Set the work dir and the container entry point -WORKDIR /opt/mastodon ENTRYPOINT ["/usr/bin/tini", "--"] EXPOSE 3000 4000 diff --git a/Gemfile b/Gemfile index 1bff6cc7d..dd3d59d2d 100644 --- a/Gemfile +++ b/Gemfile @@ -1,32 +1,32 @@ # frozen_string_literal: true source 'https://rubygems.org' -ruby '>= 2.6.0', '< 3.1.0' +ruby '>= 2.7.0', '< 3.1.0' -gem 'pkg-config', '~> 1.4' +gem 'pkg-config', '~> 1.5' gem 'rexml', '~> 3.2' gem 'puma', '~> 5.6' gem 'rails', '~> 6.1.7' gem 'sprockets', '~> 3.7.2' gem 'thor', '~> 1.2' -gem 'rack', '~> 2.2.4' +gem 'rack', '~> 2.2.6' gem 'hamlit-rails', '~> 0.2' gem 'pg', '~> 1.4' gem 'makara', '~> 0.5' -gem 'pghero', '~> 2.8' +gem 'pghero' gem 'dotenv-rails', '~> 2.8' -gem 'aws-sdk-s3', '~> 1.114', require: false -gem 'fog-core', '<= 2.1.0' +gem 'aws-sdk-s3', '~> 1.117', require: false +gem 'fog-core', '<= 2.4.0' gem 'fog-openstack', '~> 0.3', require: false gem 'kt-paperclip', '~> 7.1' gem 'blurhash', '~> 0.1' gem 'active_model_serializers', '~> 0.10' gem 'addressable', '~> 2.8' -gem 'bootsnap', '~> 1.13.0', require: false +gem 'bootsnap', '~> 1.15.0', require: false gem 'browser' gem 'charlock_holmes', '~> 0.7.7' gem 'chewy', '~> 7.2' @@ -51,22 +51,23 @@ gem 'ed25519', '~> 1.3' gem 'fast_blank', '~> 1.0' gem 'fastimage' gem 'hiredis', '~> 0.6' -gem 'redis-namespace', '~> 1.9' +gem 'redis-namespace', '~> 1.10' gem 'htmlentities', '~> 4.3' gem 'http', '~> 5.1' gem 'http_accept_language', '~> 2.1' -gem 'httplog', '~> 1.6.0' +gem 'httplog', '~> 1.6.2' gem 'idn-ruby', require: 'idn' gem 'kaminari', '~> 1.2' gem 'link_header', '~> 0.0' gem 'mime-types', '~> 3.4.1', require: 'mime/types/columnar' -gem 'nokogiri', '~> 1.13' +gem 'nokogiri', '~> 1.14' gem 'nsa', '~> 0.2' gem 'oj', '~> 3.13' gem 'ox', '~> 2.14' gem 'parslet' gem 'posix-spawn' -gem 'pundit', '~> 2.2' +gem 'public_suffix', '~> 5.0' +gem 'pundit', '~> 2.3' gem 'premailer-rails' gem 'rack-attack', '~> 6.6' gem 'rack-cors', '~> 1.1', require: 'rack/cors' @@ -78,7 +79,7 @@ gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock' gem 'rqrcode', '~> 2.1' gem 'ruby-progressbar', '~> 1.11' gem 'sanitize', '~> 6.0' -gem 'scenic', '~> 1.6' +gem 'scenic', '~> 1.7' gem 'sidekiq', '~> 6.5' gem 'sidekiq-scheduler', '~> 4.0' gem 'sidekiq-unique-jobs', '~> 7.1' @@ -86,7 +87,7 @@ gem 'sidekiq-bulk', '~> 0.2.0' gem 'simple-navigation', '~> 4.4' gem 'simple_form', '~> 5.1' gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie' -gem 'stoplight', '~> 3.0.0' +gem 'stoplight', '~> 3.0.1' gem 'strong_migrations', '~> 0.7' gem 'tty-prompt', '~> 0.23', require: false gem 'twitter-text', '~> 3.1.0' @@ -106,6 +107,10 @@ group :development, :test do gem 'pry-byebug', '~> 3.10' gem 'pry-rails', '~> 0.3' gem 'rspec-rails', '~> 5.1' + gem 'rubocop-performance', require: false + gem 'rubocop-rails', require: false + gem 'rubocop-rspec', require: false + gem 'rubocop', require: false end group :production, :test do @@ -113,16 +118,16 @@ group :production, :test do end group :test do - gem 'capybara', '~> 3.37' + gem 'capybara', '~> 3.38' gem 'climate_control', '~> 0.2' - gem 'faker', '~> 2.23' - gem 'microformats', '~> 4.4' + gem 'faker', '~> 3.1' + gem 'json-schema', '~> 3.0' + gem 'rack-test', '~> 2.0' gem 'rails-controller-testing', '~> 1.0' + gem 'rspec_junit_formatter', '~> 0.6' gem 'rspec-sidekiq', '~> 3.1' - gem 'simplecov', '~> 0.21', require: false + gem 'simplecov', '~> 0.22', require: false gem 'webmock', '~> 3.18' - gem 'rspec_junit_formatter', '~> 0.6' - gem 'rack-test', '~> 2.0' end group :development do @@ -134,9 +139,7 @@ group :development do gem 'letter_opener', '~> 1.8' gem 'letter_opener_web', '~> 2.0' gem 'memory_profiler' - gem 'rubocop', '~> 1.30', require: false - gem 'rubocop-rails', '~> 2.15', require: false - gem 'brakeman', '~> 5.3', require: false + gem 'brakeman', '~> 5.4', require: false gem 'bundler-audit', '~> 0.9', require: false gem 'capistrano', '~> 3.17' diff --git a/Gemfile.lock b/Gemfile.lock index 912156966..2160c1579 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,40 +10,40 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7) - actionpack (= 6.1.7) - activesupport (= 6.1.7) + actioncable (6.1.7.1) + actionpack (= 6.1.7.1) + activesupport (= 6.1.7.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7) - actionpack (= 6.1.7) - activejob (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + actionmailbox (6.1.7.1) + actionpack (= 6.1.7.1) + activejob (= 6.1.7.1) + activerecord (= 6.1.7.1) + activestorage (= 6.1.7.1) + activesupport (= 6.1.7.1) mail (>= 2.7.1) - actionmailer (6.1.7) - actionpack (= 6.1.7) - actionview (= 6.1.7) - activejob (= 6.1.7) - activesupport (= 6.1.7) + actionmailer (6.1.7.1) + actionpack (= 6.1.7.1) + actionview (= 6.1.7.1) + activejob (= 6.1.7.1) + activesupport (= 6.1.7.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.7) - actionview (= 6.1.7) - activesupport (= 6.1.7) + actionpack (6.1.7.1) + actionview (= 6.1.7.1) + activesupport (= 6.1.7.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7) - actionpack (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + actiontext (6.1.7.1) + actionpack (= 6.1.7.1) + activerecord (= 6.1.7.1) + activestorage (= 6.1.7.1) + activesupport (= 6.1.7.1) nokogiri (>= 1.8.5) - actionview (6.1.7) - activesupport (= 6.1.7) + actionview (6.1.7.1) + activesupport (= 6.1.7.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -54,22 +54,22 @@ GEM case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) active_record_query_trace (1.8) - activejob (6.1.7) - activesupport (= 6.1.7) + activejob (6.1.7.1) + activesupport (= 6.1.7.1) globalid (>= 0.3.6) - activemodel (6.1.7) - activesupport (= 6.1.7) - activerecord (6.1.7) - activemodel (= 6.1.7) - activesupport (= 6.1.7) - activestorage (6.1.7) - actionpack (= 6.1.7) - activejob (= 6.1.7) - activerecord (= 6.1.7) - activesupport (= 6.1.7) + activemodel (6.1.7.1) + activesupport (= 6.1.7.1) + activerecord (6.1.7.1) + activemodel (= 6.1.7.1) + activesupport (= 6.1.7.1) + activestorage (6.1.7.1) + actionpack (= 6.1.7.1) + activejob (= 6.1.7.1) + activerecord (= 6.1.7.1) + activesupport (= 6.1.7.1) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7) + activesupport (6.1.7.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -90,20 +90,20 @@ GEM attr_required (1.0.1) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.587.0) - aws-sdk-core (3.130.2) + aws-partitions (1.670.0) + aws-sdk-core (3.168.2) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) + jmespath (~> 1, >= 1.6.1) + aws-sdk-kms (1.60.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-kms (1.56.0) - aws-sdk-core (~> 3, >= 3.127.0) - aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.2) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) - aws-sigv4 (1.5.0) + aws-sigv4 (1.5.2) aws-eventstream (~> 1, >= 1.0.2) bcrypt (3.1.17) better_errors (2.9.1) @@ -122,15 +122,15 @@ GEM debug_inspector (>= 0.0.1) blurhash (0.1.6) ffi (~> 1.14) - bootsnap (1.13.0) + bootsnap (1.15.0) msgpack (~> 1.2) - brakeman (5.3.1) + brakeman (5.4.0) browser (4.2.0) - brpoplpush-redis_script (0.1.2) + brpoplpush-redis_script (0.1.3) concurrent-ruby (~> 1.0, >= 1.0.5) - redis (>= 1.0, <= 5.0) + redis (>= 1.0, < 6) builder (3.2.4) - bullet (7.0.3) + bullet (7.0.7) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) bundler-audit (0.9.1) @@ -152,7 +152,7 @@ GEM sshkit (~> 1.3) capistrano-yarn (2.0.2) capistrano (~> 3.0) - capybara (3.37.1) + capybara (3.38.0) addressable matrix mini_mime (>= 0.1.3) @@ -174,7 +174,7 @@ GEM cocoon (1.2.15) coderay (1.1.3) color_diff (0.1) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.0) connection_pool (2.3.0) cose (1.2.1) cbor (~> 0.5.9) @@ -182,8 +182,9 @@ GEM crack (0.4.5) rexml crass (1.0.6) - css_parser (1.7.1) + css_parser (1.12.0) addressable + date (3.3.3) debug_inspector (1.0.0) devise (4.8.1) bcrypt (~> 3.0) @@ -203,10 +204,10 @@ GEM diff-lcs (1.5.0) discard (1.2.1) activerecord (>= 4.2, < 8) - docile (1.3.4) + docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - doorkeeper (5.6.0) + doorkeeper (5.6.2) railties (>= 5) dotenv (2.8.1) dotenv-rails (2.8.1) @@ -223,12 +224,12 @@ GEM faraday (~> 1) multi_json encryptor (3.0.0) - erubi (1.11.0) + erubi (1.12.0) et-orbi (1.2.7) tzinfo - excon (0.76.0) + excon (0.95.0) fabrication (2.30.0) - faker (2.23.0) + faker (3.1.0) i18n (>= 1.8.11, < 2) faraday (1.9.3) faraday-em_http (~> 1.0) @@ -271,7 +272,7 @@ GEM fog-core (>= 1.45, <= 2.1.0) fog-json (>= 1.0) ipaddress (>= 0.8) - formatador (0.2.5) + formatador (0.3.0) fugit (1.7.1) et-orbi (~> 1, >= 1.2.7) raabro (~> 1.4) @@ -282,7 +283,7 @@ GEM addressable (~> 2.7) omniauth (>= 1.9, < 3) openid_connect (~> 1.2) - globalid (1.0.0) + globalid (1.0.1) activesupport (>= 5.0) hamlit (2.13.0) temple (>= 0.8.2) @@ -301,7 +302,7 @@ GEM hiredis (0.6.3) hkdf (0.3.0) htmlentities (4.3.4) - http (5.1.0) + http (5.1.1) addressable (~> 2.8) http-cookie (~> 1.0) http-form_data (~> 2.2) @@ -311,7 +312,7 @@ GEM http-form_data (2.3.0) http_accept_language (2.1.1) httpclient (2.8.3) - httplog (1.6.0) + httplog (1.6.2) rack (>= 2.0) rainbow (>= 2.0.0) i18n (1.12.0) @@ -327,12 +328,12 @@ GEM rails-i18n rainbow (>= 2.2.2, < 4.0) terminal-table (>= 1.5.1) - idn-ruby (0.1.4) + idn-ruby (0.1.5) ipaddress (0.8.3) - jmespath (1.6.1) - json (2.6.2) + jmespath (1.6.2) + json (2.6.3) json-canonicalization (0.3.0) - json-jwt (1.13.0) + json-jwt (1.14.0) activesupport (>= 4.2) aes_key_wrap bindata @@ -346,8 +347,10 @@ GEM json-ld-preloaded (3.2.2) json-ld (~> 3.2) rdf (~> 3.2) + json-schema (3.0.0) + addressable (>= 2.8) jsonapi-renderer (0.2.2) - jwt (2.4.1) + jwt (2.5.0) kaminari (1.2.2) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.2) @@ -384,11 +387,14 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.19.0) + loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.0.1) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp makara (0.5.1) activerecord (>= 5.2.0) marcel (1.0.2) @@ -397,24 +403,30 @@ GEM matrix (0.4.2) memory_profiler (1.0.1) method_source (1.0.0) - microformats (4.4.1) - json (~> 2.2) - nokogiri (~> 1.10) mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.16.3) - msgpack (1.5.4) + mini_portile2 (2.8.1) + minitest (5.17.0) + msgpack (1.6.0) multi_json (1.15.0) multipart-post (2.1.1) + net-imap (0.3.4) + date + net-protocol net-ldap (0.17.1) + net-pop (0.1.2) + net-protocol + net-protocol (0.1.3) + timeout net-scp (4.0.0.rc1) net-ssh (>= 2.6.5, < 8.0.0) + net-smtp (0.3.3) + net-protocol net-ssh (7.0.1) nio4r (2.5.8) - nokogiri (1.13.9) + nokogiri (1.14.0) mini_portile2 (~> 2.8.0) racc (~> 1.4) nsa (0.2.8) @@ -450,24 +462,25 @@ GEM openssl-signature_algorithm (1.2.1) openssl (> 2.0, < 3.1) orm_adapter (0.5.0) - ox (2.14.11) + ox (2.14.13) parallel (1.22.1) - parser (3.1.2.1) + parser (3.2.0.0) ast (~> 2.4.1) parslet (2.0.0) pastel (0.8.0) tty-color (~> 0.5) - pg (1.4.4) - pghero (2.8.3) - activerecord (>= 5) - pkg-config (1.4.9) + pg (1.4.5) + pghero (3.1.0) + activerecord (>= 6) + pkg-config (1.5.1) posix-spawn (0.3.15) - premailer (1.14.2) + premailer (1.18.0) addressable - css_parser (>= 1.6.0) + css_parser (>= 1.12.0) htmlentities (>= 4.0.0) - premailer-rails (1.11.1) + premailer-rails (1.12.0) actionmailer (>= 3) + net-smtp premailer (~> 1.7, >= 1.7.9) private_address_check (0.5.0) pry (0.14.1) @@ -478,14 +491,14 @@ GEM pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (5.0.0) + public_suffix (5.0.1) puma (5.6.5) nio4r (~> 2.0) - pundit (2.2.0) + pundit (2.3.0) activesupport (>= 3.0.0) raabro (1.4.0) - racc (1.6.0) - rack (2.2.4) + racc (1.6.2) + rack (2.2.6.2) rack-attack (6.6.1) rack (>= 1.0, < 3) rack-cors (1.1.1) @@ -500,20 +513,20 @@ GEM rack rack-test (2.0.2) rack (>= 1.3) - rails (6.1.7) - actioncable (= 6.1.7) - actionmailbox (= 6.1.7) - actionmailer (= 6.1.7) - actionpack (= 6.1.7) - actiontext (= 6.1.7) - actionview (= 6.1.7) - activejob (= 6.1.7) - activemodel (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + rails (6.1.7.1) + actioncable (= 6.1.7.1) + actionmailbox (= 6.1.7.1) + actionmailer (= 6.1.7.1) + actionpack (= 6.1.7.1) + actiontext (= 6.1.7.1) + actionview (= 6.1.7.1) + activejob (= 6.1.7.1) + activemodel (= 6.1.7.1) + activerecord (= 6.1.7.1) + activestorage (= 6.1.7.1) + activesupport (= 6.1.7.1) bundler (>= 1.15.0) - railties (= 6.1.7) + railties (= 6.1.7.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -522,16 +535,16 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.3) - loofah (~> 2.3) + rails-html-sanitizer (1.4.4) + loofah (~> 2.19, >= 2.19.1) rails-i18n (6.0.0) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 7) rails-settings-cached (0.6.6) rails (>= 4.2.0) - railties (6.1.7) - actionpack (= 6.1.7) - activesupport (= 6.1.7) + railties (6.1.7.1) + actionpack (= 6.1.7.1) + activesupport (= 6.1.7.1) method_source rake (>= 12.2) thor (~> 1.0) @@ -539,13 +552,15 @@ GEM rake (13.0.6) rdf (3.2.9) link_header (~> 0.0, >= 0.0.8) - rdf-normalize (0.5.0) + rdf-normalize (0.5.1) rdf (~> 3.2) redcarpet (3.5.1) redis (4.5.1) - redis-namespace (1.9.0) + redis-namespace (1.10.0) redis (>= 4) - regexp_parser (2.5.0) + redlock (1.3.2) + redis (>= 3.0.0, < 6.0) + regexp_parser (2.6.2) request_store (1.5.1) rack (>= 1.4) responders (3.0.1) @@ -580,21 +595,30 @@ GEM rspec-support (3.11.1) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.30.1) + rubocop (1.44.0) + json (~> 2.3) parallel (~> 1.10) - parser (>= 3.1.0.0) + parser (>= 3.2.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.18.0, < 2.0) + rubocop-ast (>= 1.24.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.18.0) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.24.1) parser (>= 3.1.1.0) - rubocop-rails (2.15.0) + rubocop-capybara (2.17.0) + rubocop (~> 1.41) + rubocop-performance (1.15.2) + rubocop (>= 1.7.0, < 2.0) + rubocop-ast (>= 0.4.0) + rubocop-rails (2.17.4) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) + rubocop (>= 1.33.0, < 2.0) + rubocop-rspec (2.18.1) + rubocop (~> 1.33) + rubocop-capybara (~> 2.17) ruby-progressbar (1.11.0) ruby-saml (1.13.0) nokogiri (>= 1.10.5) @@ -607,7 +631,7 @@ GEM sanitize (6.0.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) - scenic (1.6.0) + scenic (1.7.0) activerecord (>= 4.0.0) railties (>= 4.0.0) semantic_range (3.0.0) @@ -622,22 +646,23 @@ GEM rufus-scheduler (~> 3.2) sidekiq (>= 4, < 7) tilt (>= 1.4.0) - sidekiq-unique-jobs (7.1.27) + sidekiq-unique-jobs (7.1.29) brpoplpush-redis_script (> 0.1.1, <= 2.0.0) concurrent-ruby (~> 1.0, >= 1.0.5) - sidekiq (>= 5.0, < 8.0) + redis (< 5.0) + sidekiq (>= 5.0, < 7.0) thor (>= 0.20, < 3.0) simple-navigation (4.4.0) activesupport (>= 2.3.2) simple_form (5.1.0) actionpack (>= 5.2) activemodel (>= 5.2) - simplecov (0.21.2) + simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) - simplecov_json_formatter (0.1.2) + simplecov_json_formatter (0.1.4) smart_properties (1.17.0) sprockets (3.7.2) concurrent-ruby (~> 1.0) @@ -649,9 +674,10 @@ GEM sshkit (1.21.2) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) - stackprof (0.2.22) + stackprof (0.2.23) statsd-ruby (1.5.0) - stoplight (3.0.0) + stoplight (3.0.1) + redlock (~> 1.0) strong_migrations (0.7.9) activerecord (>= 5) swd (1.3.0) @@ -665,6 +691,7 @@ GEM climate_control (>= 0.0.3, < 1.0) thor (1.2.1) tilt (2.0.11) + timeout (0.3.0) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -684,12 +711,12 @@ GEM unf (~> 0.1.0) tzinfo (2.0.5) concurrent-ruby (~> 1.0) - tzinfo-data (1.2022.6) + tzinfo-data (1.2022.7) tzinfo (>= 1.0.0) unf (0.1.4) unf_ext unf_ext (0.0.8.2) - unicode-display_width (2.3.0) + unicode-display_width (2.4.2) uniform_notifier (1.16.0) validate_email (0.1.6) activemodel (>= 3.0) @@ -727,7 +754,7 @@ GEM xorcist (1.1.3) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.0) + zeitwerk (2.6.6) PLATFORMS ruby @@ -737,12 +764,12 @@ DEPENDENCIES active_record_query_trace (~> 1.8) addressable (~> 2.8) annotate (~> 3.2) - aws-sdk-s3 (~> 1.114) + aws-sdk-s3 (~> 1.117) better_errors (~> 2.9) binding_of_caller (~> 1.0) blurhash (~> 0.1) - bootsnap (~> 1.13.0) - brakeman (~> 5.3) + bootsnap (~> 1.15.0) + brakeman (~> 5.4) browser bullet (~> 7.0) bundler-audit (~> 0.9) @@ -750,7 +777,7 @@ DEPENDENCIES capistrano-rails (~> 1.6) capistrano-rbenv (~> 2.2) capistrano-yarn (~> 2.0) - capybara (~> 3.37) + capybara (~> 3.38) charlock_holmes (~> 0.7.7) chewy (~> 7.2) climate_control (~> 0.2) @@ -766,10 +793,10 @@ DEPENDENCIES dotenv-rails (~> 2.8) ed25519 (~> 1.3) fabrication (~> 2.30) - faker (~> 2.23) + faker (~> 3.1) fast_blank (~> 1.0) fastimage - fog-core (<= 2.1.0) + fog-core (<= 2.4.0) fog-openstack (~> 0.3) fuubar (~> 2.5) gitlab-omniauth-openid-connect (~> 0.10.0) @@ -779,11 +806,12 @@ DEPENDENCIES htmlentities (~> 4.3) http (~> 5.1) http_accept_language (~> 2.1) - httplog (~> 1.6.0) + httplog (~> 1.6.2) i18n-tasks (~> 1.0) idn-ruby json-ld json-ld-preloaded (~> 3.2) + json-schema (~> 3.0) kaminari (~> 1.2) kt-paperclip (~> 7.1) letter_opener (~> 1.8) @@ -793,10 +821,9 @@ DEPENDENCIES makara (~> 0.5) mario-redis-lock (~> 1.2) memory_profiler - microformats (~> 4.4) mime-types (~> 3.4.1) net-ldap (~> 0.17) - nokogiri (~> 1.13) + nokogiri (~> 1.14) nsa (~> 0.2) oj (~> 3.13) omniauth (~> 1.9) @@ -806,16 +833,17 @@ DEPENDENCIES ox (~> 2.14) parslet pg (~> 1.4) - pghero (~> 2.8) - pkg-config (~> 1.4) + pghero + pkg-config (~> 1.5) posix-spawn premailer-rails private_address_check (~> 0.5) pry-byebug (~> 3.10) pry-rails (~> 0.3) + public_suffix (~> 5.0) puma (~> 5.6) - pundit (~> 2.2) - rack (~> 2.2.4) + pundit (~> 2.3) + rack (~> 2.2.6) rack-attack (~> 6.6) rack-cors (~> 1.1) rack-test (~> 2.0) @@ -826,28 +854,30 @@ DEPENDENCIES rdf-normalize (~> 0.5) redcarpet (~> 3.5) redis (~> 4.5) - redis-namespace (~> 1.9) + redis-namespace (~> 1.10) rexml (~> 3.2) rqrcode (~> 2.1) rspec-rails (~> 5.1) rspec-sidekiq (~> 3.1) rspec_junit_formatter (~> 0.6) - rubocop (~> 1.30) - rubocop-rails (~> 2.15) + rubocop + rubocop-performance + rubocop-rails + rubocop-rspec ruby-progressbar (~> 1.11) sanitize (~> 6.0) - scenic (~> 1.6) + scenic (~> 1.7) sidekiq (~> 6.5) sidekiq-bulk (~> 0.2.0) sidekiq-scheduler (~> 4.0) sidekiq-unique-jobs (~> 7.1) simple-navigation (~> 4.4) simple_form (~> 5.1) - simplecov (~> 0.21) + simplecov (~> 0.22) sprockets (~> 3.7.2) sprockets-rails (~> 3.4) stackprof - stoplight (~> 3.0.0) + stoplight (~> 3.0.1) strong_migrations (~> 0.7) thor (~> 1.2) tty-prompt (~> 0.23) diff --git a/Vagrantfile b/Vagrantfile index 0d44b4d23..043bab3e9 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -3,16 +3,14 @@ ENV["PORT"] ||= "3000" -$provision = <