Browse Source

[BORKED] Merge branch 'main' of https://github.com/mastodon/mastodon

Conflicts:
	.github/CODEOWNERS
	.github/ISSUE_TEMPLATE/3.support.md
	CHANGELOG.md
	Gemfile.lock
	README.md
	app/chewy/statuses_index.rb
	app/javascript/mastodon/actions/compose.js
	app/javascript/mastodon/components/avatar.js
	app/javascript/mastodon/components/icon_button.js
	app/javascript/mastodon/features/compose/components/compose_form.js
	app/javascript/mastodon/features/compose/components/search_results.js
	app/javascript/mastodon/initial_state.js
	app/javascript/mastodon/locales/ca.json
	app/javascript/mastodon/locales/io.json
	app/javascript/mastodon/locales/ja.json
	app/javascript/mastodon/locales/kmr.json
	app/javascript/mastodon/locales/ru.json
	app/javascript/mastodon/locales/uk.json
	app/javascript/mastodon/locales/zh-CN.json
	app/javascript/mastodon/locales/zh-TW.json
	app/lib/formatter.rb
	app/lib/user_settings_decorator.rb
	app/models/account.rb
	app/models/status.rb
	app/models/user.rb
	app/views/about/show.html.haml
	boxfile.yml
	config/locales/ast.yml
	config/locales/en.yml
	config/locales/he.yml
	config/locales/kmr.yml
	config/locales/ku.yml
	db/schema.rb
	docker-compose.yml
	lib/mastodon/search_cli.rb
	lib/paperclip/storage_extensions.rb
	package.json
	public/emoji/1f327_border.svg
	public/emoji/1f328_border.svg
	public/emoji/1f329_border.svg
	public/emoji/1f359_border.svg
	public/emoji/1f35a_border.svg
	public/emoji/1f365_border.svg
	public/emoji/1f3d0_border.svg
	public/emoji/1f3f3_border.svg
	public/emoji/1f40f_border.svg
	public/emoji/1f410_border.svg
	public/emoji/1f411_border.svg
	public/emoji/1f413_border.svg
	public/emoji/1f414_border.svg
	public/emoji/1f440_border.svg
	public/emoji/1f47b_border.svg
	public/emoji/1f47d_border.svg
	public/emoji/1f480_border.svg
	public/emoji/1f4a8_border.svg
	public/emoji/1f4ac_border.svg
	public/emoji/1f4ad_border.svg
	public/emoji/1f4c3_border.svg
	public/emoji/1f507_border.svg
	public/emoji/1f508_border.svg
	public/emoji/1f509_border.svg
	public/emoji/1f50a_border.svg
	public/emoji/1f54a_border.svg
	public/emoji/25ab_border.svg
	public/emoji/25fb_border.svg
	public/emoji/25fd_border.svg
	public/emoji/2601_border.svg
	public/emoji/2620_border.svg
	public/emoji/26aa_border.svg
	public/emoji/26be_border.svg
	public/emoji/26f8_border.svg
	public/emoji/2754_border.svg
	public/emoji/2755_border.svg
	public/emoji/2b1c_border.svg
	spec/rails_helper.rb
	yarn.lock
main
Lerk 1 month ago
parent
commit
4e9f82e89b
  1. 30
      .circleci/config.yml
  2. 10
      .codeclimate.yml
  3. 24
      .devcontainer/Dockerfile
  4. 26
      .devcontainer/devcontainer.json
  5. 83
      .devcontainer/docker-compose.yml
  6. 2
      .env.production.sample
  7. 5
      .eslintrc.js
  8. 32
      .github/CODEOWNERS
  9. 2
      .github/FUNDING.yml
  10. 1
      .github/ISSUE_TEMPLATE/2.feature_request.yml
  11. 10
      .github/ISSUE_TEMPLATE/3.support.md
  12. 7
      .github/ISSUE_TEMPLATE/config.yml
  13. 4
      .github/dependabot.yml
  14. 8
      .github/workflows/build-image.yml
  15. 40
      .github/workflows/check-i18n.yml
  16. 78
      .prettierignore
  17. 3
      .prettierrc.js
  18. 30
      .rubocop.yml
  19. 639
      AUTHORS.md
  20. 3016
      CHANGELOG.md
  21. 2
      Dockerfile
  22. 37
      Gemfile
  23. 342
      Gemfile.lock
  24. 19
      SECURITY.md
  25. 5
      app.json
  26. 1
      app/controllers/accounts_controller.rb
  27. 1
      app/controllers/activitypub/base_controller.rb
  28. 2
      app/controllers/activitypub/outboxes_controller.rb
  29. 8
      app/controllers/admin/dashboard_controller.rb
  30. 4
      app/controllers/admin/domain_blocks_controller.rb
  31. 72
      app/controllers/admin/email_domain_blocks_controller.rb
  32. 26
      app/controllers/admin/instances_controller.rb
  33. 4
      app/controllers/admin/reports/actions_controller.rb
  34. 27
      app/controllers/admin/sign_in_token_authentications_controller.rb
  35. 12
      app/controllers/admin/trends/links/preview_card_providers_controller.rb
  36. 20
      app/controllers/admin/trends/links_controller.rb
  37. 45
      app/controllers/admin/trends/statuses_controller.rb
  38. 12
      app/controllers/admin/trends/tags_controller.rb
  39. 3
      app/controllers/api/base_controller.rb
  40. 25
      app/controllers/api/v1/accounts/familiar_followers_controller.rb
  41. 2
      app/controllers/api/v1/accounts/lookup_controller.rb
  42. 41
      app/controllers/api/v1/accounts/statuses_controller.rb
  43. 6
      app/controllers/api/v1/accounts_controller.rb
  44. 2
      app/controllers/api/v1/admin/account_actions_controller.rb
  45. 21
      app/controllers/api/v1/admin/accounts_controller.rb
  46. 2
      app/controllers/api/v1/admin/dimensions_controller.rb
  47. 2
      app/controllers/api/v1/admin/measures_controller.rb
  48. 2
      app/controllers/api/v1/admin/reports_controller.rb
  49. 2
      app/controllers/api/v1/admin/retention_controller.rb
  50. 17
      app/controllers/api/v1/admin/trends/links_controller.rb
  51. 17
      app/controllers/api/v1/admin/trends/statuses_controller.rb
  52. 4
      app/controllers/api/v1/admin/trends/tags_controller.rb
  53. 2
      app/controllers/api/v1/blocks_controller.rb
  54. 2
      app/controllers/api/v1/bookmarks_controller.rb
  55. 4
      app/controllers/api/v1/domain_blocks_controller.rb
  56. 4
      app/controllers/api/v1/emails/confirmations_controller.rb
  57. 2
      app/controllers/api/v1/favourites_controller.rb
  58. 6
      app/controllers/api/v1/follow_requests_controller.rb
  59. 2
      app/controllers/api/v1/media_controller.rb
  60. 2
      app/controllers/api/v1/mutes_controller.rb
  61. 19
      app/controllers/api/v1/notifications_controller.rb
  62. 12
      app/controllers/api/v1/reports_controller.rb
  63. 12
      app/controllers/api/v1/statuses_controller.rb
  64. 34
      app/controllers/api/v1/trends/links_controller.rb
  65. 53
      app/controllers/api/v1/trends/statuses_controller.rb
  66. 30
      app/controllers/api/v1/trends/tags_controller.rb
  67. 31
      app/controllers/api/v2/admin/accounts_controller.rb
  68. 4
      app/controllers/api/v2/search_controller.rb
  69. 2
      app/controllers/api/web/embeds_controller.rb
  70. 23
      app/controllers/api/web/push_subscriptions_controller.rb
  71. 6
      app/controllers/auth/omniauth_callbacks_controller.rb
  72. 2
      app/controllers/auth/registrations_controller.rb
  73. 9
      app/controllers/auth/sessions_controller.rb
  74. 8
      app/controllers/authorize_interactions_controller.rb
  75. 21
      app/controllers/concerns/access_token_tracking_concern.rb
  76. 2
      app/controllers/concerns/authorization.rb
  77. 6
      app/controllers/concerns/localized.rb
  78. 4
      app/controllers/concerns/session_tracking_concern.rb
  79. 56
      app/controllers/concerns/sign_in_token_authentication_concern.rb
  80. 4
      app/controllers/concerns/user_tracking_concern.rb
  81. 6
      app/controllers/disputes/strikes_controller.rb
  82. 6
      app/controllers/follower_accounts_controller.rb
  83. 9
      app/controllers/following_accounts_controller.rb
  84. 18
      app/controllers/media_proxy_controller.rb
  85. 3
      app/controllers/oauth/tokens_controller.rb
  86. 16
      app/controllers/settings/exports_controller.rb
  87. 4
      app/controllers/settings/preferences_controller.rb
  88. 2
      app/controllers/settings/profiles_controller.rb
  89. 1
      app/controllers/tags_controller.rb
  90. 8
      app/helpers/accounts_helper.rb
  91. 7
      app/helpers/admin/filter_helper.rb
  92. 5
      app/helpers/admin/trends/statuses_helper.rb
  93. 30
      app/helpers/application_helper.rb
  94. 54
      app/helpers/formatting_helper.rb
  95. 10
      app/helpers/jsonld_helper.rb
  96. 20
      app/helpers/languages_helper.rb
  97. 3
      app/helpers/routing_helper.rb
  98. 28
      app/helpers/statuses_helper.rb
  99. 7
      app/javascript/mastodon/actions/accounts.js
  100. 12
      app/javascript/mastodon/actions/compose.js

30
.circleci/config.yml

@ -1,8 +1,8 @@
version: 2.1
orbs:
ruby: circleci/ruby@1.2.0
node: circleci/node@4.7.0
ruby: circleci/ruby@1.4.1
node: circleci/node@5.0.1
executors:
default:
@ -23,7 +23,7 @@ executors:
environment:
POSTGRES_USER: root
POSTGRES_HOST_AUTH_METHOD: trust
- image: circleci/redis:6-alpine
- image: cimg/redis:6.2
commands:
install-system-dependencies:
@ -45,7 +45,7 @@ commands:
bundle config without 'development production'
name: Set bundler settings
- ruby/install-deps:
bundler-version: '2.2.31'
bundler-version: '2.3.8'
key: ruby<< parameters.ruby-version >>-gems-v1
wait-db:
steps:
@ -127,9 +127,18 @@ jobs:
- run:
command: ./bin/rails tests:migrations:populate_v2
name: Populate database with test data
- run:
command: ./bin/rails db:migrate VERSION=20180514140000
name: Run migrations up to v2.4.0
- run:
command: ./bin/rails tests:migrations:populate_v2_4
name: Populate database with test data
- run:
command: ./bin/rails db:migrate
name: Run all remaining migrations
- run:
command: ./bin/rails tests:migrations:check_database
name: Check migration result
test-two-step-migrations:
executor:
@ -150,14 +159,25 @@ jobs:
- run:
command: ./bin/rails tests:migrations:populate_v2
name: Populate database with test data
- run:
command: ./bin/rails db:migrate VERSION=20180514140000
name: Run pre-deployment migrations up to v2.4.0
environment:
SKIP_POST_DEPLOYMENT_MIGRATIONS: true
- run:
command: ./bin/rails tests:migrations:populate_v2_4
name: Populate database with test data
- run:
command: ./bin/rails db:migrate
name: Run all pre-deployment migrations
evironment:
environment:
SKIP_POST_DEPLOYMENT_MIGRATIONS: true
- run:
command: ./bin/rails db:migrate
name: Run all post-deployment remaining migrations
- run:
command: ./bin/rails tests:migrations:check_database
name: Check migration result
workflows:
version: 2

10
.codeclimate.yml

@ -1,4 +1,4 @@
version: "2"
version: '2'
checks:
argument-count:
enabled: false
@ -34,8 +34,8 @@ plugins:
sass-lint:
enabled: true
exclude_patterns:
- spec/
- vendor/asset/
- spec/
- vendor/asset/
- app/javascript/mastodon/locales/**/*.json
- config/locales/**/*.yml
- app/javascript/mastodon/locales/**/*.json
- config/locales/**/*.yml

24
.devcontainer/Dockerfile

@ -0,0 +1,24 @@
# [Choice] Ruby version (use -bullseye variants on local arm64/Apple Silicon): 3, 3.1, 3.0, 2, 2.7, 2.6, 3-bullseye, 3.1-bullseye, 3.0-bullseye, 2-bullseye, 2.7-bullseye, 2.6-bullseye, 3-buster, 3.1-buster, 3.0-buster, 2-buster, 2.7-buster, 2.6-buster
ARG VARIANT=3.1-bullseye
FROM mcr.microsoft.com/vscode/devcontainers/ruby:${VARIANT}
# Install Rails
# RUN gem install rails webdrivers
# Default value to allow debug server to serve content over GitHub Codespace's port forwarding service
# The value is a comma-separated list of allowed domains
ENV RAILS_DEVELOPMENT_HOSTS=".githubpreview.dev"
# [Choice] Node.js version: lts/*, 16, 14, 12, 10
ARG NODE_VERSION="lts/*"
RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
# [Optional] Uncomment this section to install additional OS packages.
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
&& apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libpam-dev
# [Optional] Uncomment this line to install additional gems.
RUN gem install foreman
# [Optional] Uncomment this line to install global node packages.
RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1

26
.devcontainer/devcontainer.json

@ -0,0 +1,26 @@
{
"name": "Mastodon",
"dockerComposeFile": "docker-compose.yml",
"service": "app",
"workspaceFolder": "/workspaces/mastodon",
// Set *default* container specific settings.json values on container create.
"settings": {},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"EditorConfig.EditorConfig",
"dbaeumer.vscode-eslint",
"rebornix.Ruby"
],
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// This can be used to network with other containers or the host.
"forwardPorts": [3000, 4000],
// Use 'postCreateCommand' to run commands after the container is created.
"postCreateCommand": "bundle install --path vendor/bundle && yarn install && ./bin/rails db:setup",
// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode"
}

83
.devcontainer/docker-compose.yml

@ -0,0 +1,83 @@
version: '3'
services:
app:
build:
context: .
dockerfile: Dockerfile
args:
# Update 'VARIANT' to pick a version of Ruby: 3, 3.1, 3.0, 2, 2.7, 2.6
# Append -bullseye or -buster to pin to an OS version.
# Use -bullseye variants on local arm64/Apple Silicon.
VARIANT: '3.0-bullseye'
# Optional Node.js version to install
NODE_VERSION: '14'
volumes:
- ..:/workspaces/mastodon:cached
environment:
RAILS_ENV: development
NODE_ENV: development
REDIS_HOST: redis
REDIS_PORT: '6379'
DB_HOST: db
DB_USER: postgres
DB_PASS: postgres
DB_PORT: '5432'
ES_ENABLED: 'true'
ES_HOST: es
ES_PORT: '9200'
# Overrides default command so things don't shut down after the process ends.
command: sleep infinity
networks:
- external_network
- internal_network
user: vscode
db:
image: postgres:14-alpine
restart: unless-stopped
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: postgres
POSTGRES_DB: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_HOST_AUTH_METHOD: trust
networks:
- internal_network
redis:
image: redis:6-alpine
restart: unless-stopped
volumes:
- redis-data:/data
networks:
- internal_network
es:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
restart: unless-stopped
environment:
ES_JAVA_OPTS: -Xms512m -Xmx512m
cluster.name: es-mastodon
discovery.type: single-node
bootstrap.memory_lock: 'true'
volumes:
- es-data:/usr/share/elasticsearch/data
networks:
- internal_network
ulimits:
memlock:
soft: -1
hard: -1
volumes:
postgres-data:
redis-data:
es-data:
networks:
external_network:
internal_network:
internal: true

2
.env.production.sample

@ -49,7 +49,7 @@ SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=notificatons@example.com
SMTP_FROM_ADDRESS=notifications@example.com
# File storage (optional)
# -----------------------

5
.eslintrc.js

@ -79,6 +79,11 @@ module.exports = {
'no-irregular-whitespace': 'error',
'no-mixed-spaces-and-tabs': 'warn',
'no-nested-ternary': 'warn',
'no-restricted-properties': [
'error',
{ property: 'substring', message: 'Use .slice instead of .substring.' },
{ property: 'substr', message: 'Use .slice instead of .substr.' },
],
'no-trailing-spaces': 'warn',
'no-undef': 'error',
'no-unreachable': 'error',

32
.github/CODEOWNERS

@ -1,32 +0,0 @@
# CODEOWNERS for comm-network/mastodon
# Translators
# To add translator, copy these lines, replace `fr` with appropriate language code and replace `@żelipapą` with user's Git nickname preceded by `@` sign or e-mail address.
# /app/javascript/mastodon/locales/fr.json @żelipapą
# /app/views/user_mailer/*.fr.html.erb @żelipapą
# /app/views/user_mailer/*.fr.text.erb @żelipapą
# /config/locales/*.fr.yml @żelipapą
# /config/locales/fr.yml @żelipapą
# Polish
/app/javascript/mastodon/locales/pl.json @m4sk1n
/app/views/user_mailer/*.pl.html.erb @m4sk1n
/app/views/user_mailer/*.pl.text.erb @m4sk1n
/config/locales/*.pl.yml @m4sk1n
/config/locales/pl.yml @m4sk1n
# French
/app/javascript/mastodon/locales/fr.json @aldarone
/app/javascript/mastodon/locales/whitelist_fr.json @aldarone
/app/views/user_mailer/*.fr.html.erb @aldarone
/app/views/user_mailer/*.fr.text.erb @aldarone
/config/locales/*.fr.yml @aldarone
/config/locales/fr.yml @aldarone
# Dutch
/app/javascript/mastodon/locales/nl.json @jeroenpraat
/app/javascript/mastodon/locales/whitelist_nl.json @jeroenpraat
/app/views/user_mailer/*.nl.html.erb @jeroenpraat
/app/views/user_mailer/*.nl.text.erb @jeroenpraat
/config/locales/*.nl.yml @jeroenpraat
/config/locales/nl.yml @jeroenpraat

2
.github/FUNDING.yml

@ -1,3 +1,3 @@
patreon: mastodon
open_collective: mastodon
github: [Gargron]
custom: https://sponsor.joinmastodon.org

1
.github/ISSUE_TEMPLATE/2.feature_request.yml

@ -1,5 +1,6 @@
name: Feature Request
description: I have a suggestion
labels: suggestion
body:
- type: markdown
attributes:

10
.github/ISSUE_TEMPLATE/3.support.md

@ -1,10 +0,0 @@
---
name: Support
about: Ask for help with your deployment
title: DO NOT CREATE THIS ISSUE
---
We primarily use Git as a bug and feature tracker. For usage questions, troubleshooting of deployments and other individual technical assistance, please use one of the resources below:
- https://discourse.joinmastodon.org
- #mastodon on irc.freenode.net

7
.github/ISSUE_TEMPLATE/config.yml

@ -1,5 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Mastodon Meta Discussion Board
url: https://discourse.joinmastodon.org/
- name: GitHub Discussions
url: https://github.com/mastodon/mastodon/discussions
about: Please ask and answer questions here.
- name: Bug Bounty Program
url: https://app.intigriti.com/programs/mastodon/mastodonio/detail
about: Please report security vulnerabilities here.

4
.github/dependabot.yml

@ -6,7 +6,7 @@
version: 2
updates:
- package-ecosystem: npm
directory: "/"
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
@ -14,7 +14,7 @@ updates:
- dependency-type: direct
- package-ecosystem: bundler
directory: "/"
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99

8
.github/workflows/build-image.yml

@ -3,9 +3,9 @@ on:
workflow_dispatch:
push:
branches:
- "main"
- 'main'
tags:
- "*"
- '*'
pull_request:
paths:
- .github/workflows/build-image.yml
@ -21,6 +21,7 @@ jobs:
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
if: github.event_name != 'pull_request'
- uses: docker/metadata-action@v3
id: meta
with:
@ -29,7 +30,8 @@ jobs:
latest=auto
tags: |
type=edge,branch=main
type=semver,pattern={{ raw }}
type=match,pattern=v(.*),group=0
type=ref,event=pr
- uses: docker/build-push-action@v2
with:
context: .

40
.github/workflows/check-i18n.yml

@ -2,9 +2,9 @@ name: Check i18n
on:
push:
branches: [ main ]
branches: [main]
pull_request:
branches: [ main ]
branches: [main]
env:
RAILS_ENV: test
@ -14,21 +14,21 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libicu-dev libidn11-dev
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.0'
bundler-cache: true
- name: Check locale file normalization
run: bundle exec i18n-tasks check-normalized
- name: Check for unused strings
run: bundle exec i18n-tasks unused -l en
- name: Check for wrong string interpolations
run: bundle exec i18n-tasks check-consistent-interpolations
- name: Check that all required locale files exist
run: bundle exec rake repo:check_locales_files
- uses: actions/checkout@v2
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libicu-dev libidn11-dev
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.0'
bundler-cache: true
- name: Check locale file normalization
run: bundle exec i18n-tasks check-normalized
- name: Check for unused strings
run: bundle exec i18n-tasks unused -l en
- name: Check for wrong string interpolations
run: bundle exec i18n-tasks check-consistent-interpolations
- name: Check that all required locale files exist
run: bundle exec rake repo:check_locales_files

78
.prettierignore

@ -0,0 +1,78 @@
# See https://help.github.com/articles/ignoring-files for more about ignoring files.
#
# If you find yourself ignoring temporary files generated by your text editor
# or operating system, you probably want to add a global ignore instead:
# git config --global core.excludesfile '~/.gitignore_global'
# Ignore bundler config and downloaded libraries.
/.bundle
/vendor/bundle
# Ignore the default SQLite database.
/db/*.sqlite3
/db/*.sqlite3-journal
# Ignore all logfiles and tempfiles.
.eslintcache
/log/*
!/log/.keep
/tmp
/coverage
/public/system
/public/assets
/public/packs
/public/packs-test
.env
.env.production
.env.development
/node_modules/
/build/
# Ignore Vagrant files
.vagrant/
# Ignore Capistrano customizations
/config/deploy/*
# Ignore IDE files
.vscode/
.idea/
# Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
/postgres
/postgres14
/redis
/elasticsearch
# ignore Helm dependency charts
/chart/charts/*.tgz
# Ignore Apple files
.DS_Store
# Ignore vim files
*~
*.swp
# Ignore npm debug log
npm-debug.log
# Ignore yarn log files
yarn-error.log
yarn-debug.log
# Ignore vagrant log files
*-cloudimg-console.log
# Ignore Docker option files
docker-compose.override.yml
# Ignore Helm files
/chart
# Ignore emoji map file
/app/javascript/mastodon/features/emoji/emoji_map.json
# Ignore locale files
/app/javascript/mastodon/locales
/config/locales

3
.prettierrc.js

@ -0,0 +1,3 @@
module.exports = {
singleQuote: true
}

30
.rubocop.yml

@ -5,17 +5,17 @@ AllCops:
TargetRubyVersion: 2.5
NewCops: disable
Exclude:
- 'spec/**/*'
- 'db/**/*'
- 'app/views/**/*'
- 'config/**/*'
- 'bin/*'
- 'Rakefile'
- 'node_modules/**/*'
- 'Vagrantfile'
- 'vendor/**/*'
- 'lib/json_ld/*'
- 'lib/templates/**/*'
- 'spec/**/*'
- 'db/**/*'
- 'app/views/**/*'
- 'config/**/*'
- 'bin/*'
- 'Rakefile'
- 'node_modules/**/*'
- 'Vagrantfile'
- 'vendor/**/*'
- 'lib/json_ld/*'
- 'lib/templates/**/*'
Bundler/OrderedGems:
Enabled: false
@ -29,13 +29,17 @@ Layout/EmptyLineAfterMagicComment:
Layout/EmptyLineAfterGuardClause:
Enabled: false
Layout/EmptyLineBetweenDefs:
AllowAdjacentOneLineDefs: true
Layout/EmptyLinesAroundAttributeAccessor:
Enabled: true
Layout/FirstHashElementIndentation:
EnforcedStyle: consistent
Layout/HashAlignment:
Enabled: false
# EnforcedHashRocketStyle: table
# EnforcedColonStyle: table
Layout/SpaceAroundMethodCallOperator:
Enabled: true

639
AUTHORS.md

File diff suppressed because it is too large

3016
CHANGELOG.md

File diff suppressed because it is too large

2
Dockerfile

@ -5,7 +5,7 @@ SHELL ["/bin/bash", "-c"]
RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
# Install Node v16 (LTS)
ENV NODE_VER="16.13.2"
ENV NODE_VER="16.14.2"
RUN ARCH= && \
dpkgArch="$(dpkg --print-architecture)" && \
case "${dpkgArch##*-}" in \

37
Gemfile

@ -1,13 +1,13 @@
# frozen_string_literal: true
source 'https://rubygems.org'
ruby '>= 2.5.0', '< 3.1.0'
ruby '>= 2.6.0', '< 3.1.0'
gem 'pkg-config', '~> 1.4'
gem "rexml", "~> 3.2"
gem 'puma', '~> 5.6'
gem 'rails', '~> 6.1.4'
gem 'rails', '~> 6.1.6'
gem 'sprockets', '~> 3.7.2'
gem 'thor', '~> 1.2'
gem 'rack', '~> 2.2.3'
@ -18,7 +18,7 @@ gem 'makara', '~> 0.5'
gem 'pghero', '~> 2.8'
gem 'dotenv-rails', '~> 2.7'
gem 'aws-sdk-s3', '~> 1.112', require: false
gem 'aws-sdk-s3', '~> 1.114', require: false
gem 'fog-core', '<= 2.1.0'
gem 'fog-openstack', '~> 0.3', require: false
gem 'kt-paperclip', '~> 7.1'
@ -26,7 +26,7 @@ gem 'blurhash', '~> 0.1'
gem 'active_model_serializers', '~> 0.10'
gem 'addressable', '~> 2.8'
gem 'bootsnap', '~> 1.10.3', require: false
gem 'bootsnap', '~> 1.11.1', require: false
gem 'browser'
gem 'charlock_holmes', '~> 0.7.7'
gem 'chewy', '~> 7.2'
@ -40,6 +40,7 @@ end
gem 'net-ldap', '~> 0.17'
gem 'omniauth-cas', '~> 2.0'
gem 'omniauth-saml', '~> 1.10'
gem 'gitlab-omniauth-openid-connect', '~>0.9.1', require: 'omniauth_openid_connect'
gem 'omniauth', '~> 1.9'
gem 'omniauth-rails_csrf_protection', '~> 0.1'
@ -65,9 +66,9 @@ gem 'oj', '~> 3.13'
gem 'ox', '~> 2.14'
gem 'parslet'
gem 'posix-spawn'
gem 'pundit', '~> 2.1'
gem 'pundit', '~> 2.2'
gem 'premailer-rails'
gem 'rack-attack', '~> 6.5'
gem 'rack-attack', '~> 6.6'
gem 'rack-cors', '~> 1.1', require: 'rack/cors'
gem 'rails-i18n', '~> 6.0'
gem 'rails-settings-cached', '~> 0.6'
@ -78,17 +79,17 @@ gem 'ruby-progressbar', '~> 1.11'
gem 'sanitize', '~> 6.0'
gem 'scenic', '~> 1.6'
gem 'sidekiq', '~> 6.4'
gem 'sidekiq-scheduler', '~> 3.1'
gem 'sidekiq-scheduler', '~> 4.0'
gem 'sidekiq-unique-jobs', '~> 7.1'
gem 'sidekiq-bulk', '~>0.2.0'
gem 'simple-navigation', '~> 4.3'
gem 'simple_form', '~> 5.1'
gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
gem 'stoplight', '~> 2.2.1'
gem 'stoplight', '~> 3.0.0'
gem 'strong_migrations', '~> 0.7'
gem 'tty-prompt', '~> 0.23', require: false
gem 'twitter-text', '~> 3.1.0'
gem 'tzinfo-data', '~> 1.2021'
gem 'tzinfo-data', '~> 1.2022'
gem 'webpacker', '~> 5.4'
gem 'webpush', '~> 0.3'
gem 'webauthn', '~> 3.0.0.alpha1'
@ -98,9 +99,9 @@ gem 'json-ld-preloaded', '~> 3.2'
gem 'rdf-normalize', '~> 0.5'
group :development, :test do
gem 'fabrication', '~> 2.27'
gem 'fabrication', '~> 2.28'
gem 'fuubar', '~> 2.5'
gem 'i18n-tasks', '~> 0.9', require: false
gem 'i18n-tasks', '~> 1.0', require: false
gem 'pry-byebug', '~> 3.9'
gem 'pry-rails', '~> 0.3'
gem 'rspec-rails', '~> 5.1'
@ -111,9 +112,9 @@ group :production, :test do
end
group :test do
gem 'capybara', '~> 3.36'
gem 'capybara', '~> 3.37'
gem 'climate_control', '~> 0.2'
gem 'faker', '~> 2.19'
gem 'faker', '~> 2.20'
gem 'microformats', '~> 4.2'
gem 'rails-controller-testing', '~> 1.0'
gem 'rspec-sidekiq', '~> 3.1'
@ -128,15 +129,15 @@ group :development do
gem 'better_errors', '~> 2.9'
gem 'binding_of_caller', '~> 1.0'
gem 'bullet', '~> 7.0'
gem 'letter_opener', '~> 1.7'
gem 'letter_opener', '~> 1.8'
gem 'letter_opener_web', '~> 2.0'
gem 'memory_profiler'
gem 'rubocop', '~> 1.25', require: false
gem 'rubocop-rails', '~> 2.13', require: false
gem 'rubocop', '~> 1.28', require: false
gem 'rubocop-rails', '~> 2.14', require: false
gem 'brakeman', '~> 5.2', require: false
gem 'bundler-audit', '~> 0.9', require: false
gem 'capistrano', '~> 3.16'
gem 'capistrano', '~> 3.17'
gem 'capistrano-rails', '~> 1.6'
gem 'capistrano-rbenv', '~> 2.2'
gem 'capistrano-yarn', '~> 2.0'
@ -145,7 +146,7 @@ group :development do
end
group :production do
gem 'lograge', '~> 0.11'
gem 'lograge', '~> 0.12'
end
gem 'concurrent-ruby', require: false

342
Gemfile.lock

@ -1,40 +1,40 @@
GEM
remote: https://rubygems.org/
specs:
actioncable (6.1.4.6)
actionpack (= 6.1.4.6)
activesupport (= 6.1.4.6)
actioncable (6.1.6)
actionpack (= 6.1.6)
activesupport (= 6.1.6)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.4.6)
actionpack (= 6.1.4.6)
activejob (= 6.1.4.6)
activerecord (= 6.1.4.6)
activestorage (= 6.1.4.6)
activesupport (= 6.1.4.6)
actionmailbox (6.1.6)
actionpack (= 6.1.6)
activejob (= 6.1.6)
activerecord (= 6.1.6)
activestorage (= 6.1.6)
activesupport (= 6.1.6)
mail (>= 2.7.1)
actionmailer (6.1.4.6)
actionpack (= 6.1.4.6)
actionview (= 6.1.4.6)
activejob (= 6.1.4.6)
activesupport (= 6.1.4.6)
actionmailer (6.1.6)
actionpack (= 6.1.6)
actionview (= 6.1.6)
activejob (= 6.1.6)
activesupport (= 6.1.6)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.1.4.6)
actionview (= 6.1.4.6)
activesupport (= 6.1.4.6)
actionpack (6.1.6)
actionview (= 6.1.6)
activesupport (= 6.1.6)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.4.6)
actionpack (= 6.1.4.6)
activerecord (= 6.1.4.6)
activestorage (= 6.1.4.6)
activesupport (= 6.1.4.6)
actiontext (6.1.6)
actionpack (= 6.1.6)
activerecord (= 6.1.6)
activestorage (= 6.1.6)
activesupport (= 6.1.6)
nokogiri (>= 1.8.5)
actionview (6.1.4.6)
activesupport (= 6.1.4.6)
actionview (6.1.6)
activesupport (= 6.1.6)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
@ -45,22 +45,22 @@ GEM
case_transform (>= 0.2)
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
active_record_query_trace (1.8)
activejob (6.1.4.6)
activesupport (= 6.1.4.6)
activejob (6.1.6)
activesupport (= 6.1.6)
globalid (>= 0.3.6)
activemodel (6.1.4.6)
activesupport (= 6.1.4.6)
activerecord (6.1.4.6)
activemodel (= 6.1.4.6)
activesupport (= 6.1.4.6)
activestorage (6.1.4.6)
actionpack (= 6.1.4.6)
activejob (= 6.1.4.6)
activerecord (= 6.1.4.6)
activesupport (= 6.1.4.6)
marcel (~> 1.0.0)
activemodel (6.1.6)
activesupport (= 6.1.6)
activerecord (6.1.6)
activemodel (= 6.1.6)
activesupport (= 6.1.6)
activestorage (6.1.6)
actionpack (= 6.1.6)
activejob (= 6.1.6)
activerecord (= 6.1.6)
activesupport (= 6.1.6)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.4.6)
activesupport (6.1.6)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
@ -68,6 +68,7 @@ GEM
zeitwerk (~> 2.3)
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
aes_key_wrap (1.1.0)
airbrussh (1.4.0)
sshkit (>= 1.6.1, != 1.7.0)
android_key_attestation (0.3.0)
@ -77,36 +78,45 @@ GEM
ast (2.4.2)
attr_encrypted (3.1.0)
encryptor (~> 3.0.0)
attr_required (1.0.1)
awrence (1.2.1)
aws-eventstream (1.2.0)
aws-partitions (1.554.0)
aws-sdk-core (3.126.2)
aws-partitions (1.587.0)
aws-sdk-core (3.131.0)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-kms (1.54.0)
aws-sdk-core (~> 3, >= 3.126.0)
aws-sdk-kms (1.56.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.112.0)
aws-sdk-core (~> 3, >= 3.126.0)
aws-sdk-s3 (1.114.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sigv4 (1.4.0)
aws-sigv4 (1.5.0)
aws-eventstream (~> 1, >= 1.0.2)
bcrypt (3.1.16)
bcrypt (3.1.17)
better_errors (2.9.1)
coderay (>= 1.0.0)
erubi (>= 1.0.0)
rack (>= 0.9.0)
better_html (1.0.16)
actionview (>= 4.0)
activesupport (>= 4.0)
ast (~> 2.0)
erubi (~> 1.4)
html_tokenizer (~> 0.0.6)
parser (>= 2.4)
smart_properties
bindata (2.4.10)
binding_of_caller (1.0.0)
debug_inspector (>= 0.0.1)
blurhash (0.1.5)
blurhash (0.1.6)
ffi (~> 1.14)
bootsnap (1.10.3)
bootsnap (1.11.1)
msgpack (~> 1.2)
brakeman (5.2.1)
brakeman (5.2.3)
browser (5.3.1)
brpoplpush-redis_script (0.1.2)
concurrent-ruby (~> 1.0, >= 1.0.5)
@ -119,14 +129,14 @@ GEM
bundler (>= 1.2.0, < 3)
thor (~> 1.0)
byebug (11.1.3)
capistrano (3.16.0)
capistrano (3.17.0)
airbrussh (>= 1.0.0)
i18n
rake (>= 10.0.0)
sshkit (>= 1.9.0)
capistrano-bundler (2.0.1)
capistrano (~> 3.1)
capistrano-rails (1.6.1)
capistrano-rails (1.6.2)
capistrano (~> 3.1)
capistrano-bundler (>= 1.1, < 3)
capistrano-rbenv (2.2.0)
@ -134,7 +144,7 @@ GEM
sshkit (~> 1.3)
capistrano-yarn (2.0.2)
capistrano (~> 3.0)
capybara (3.36.0)
capybara (3.37.1)
addressable
matrix
mini_mime (>= 0.1.3)
@ -147,7 +157,7 @@ GEM
activesupport
cbor (0.5.9.6)
charlock_holmes (0.7.7)
chewy (7.2.4)
chewy (7.2.5)
activesupport (>= 5.2)
elasticsearch (>= 7.12.0, < 7.14.0)
elasticsearch-dsl
@ -155,7 +165,7 @@ GEM
climate_control (0.2.0)
coderay (1.1.3)
color_diff (0.1)
concurrent-ruby (1.1.9)
concurrent-ruby (1.1.10)
connection_pool (2.2.5)
cose (1.0.0)
cbor (~> 0.5.9)
@ -172,11 +182,11 @@ GEM
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
devise-two-factor (4.0.1)
activesupport (< 6.2)
devise-two-factor (4.0.2)
activesupport (< 7.1)
attr_encrypted (>= 1.3, < 4, != 2)
devise (~> 4.0)
railties (< 6.2)
railties (< 7.1)
rotp (~> 6.0)
devise_pam_authenticatable2 (9.2.0)
devise (>= 4.0.0)
@ -193,7 +203,6 @@ GEM
dotenv-rails (2.7.6)
dotenv (= 2.7.6)
railties (>= 3.2)
e2mmap (0.1.0)
ed25519 (1.3.0)
elasticsearch (7.13.3)
elasticsearch-api (= 7.13.3)
@ -206,13 +215,13 @@ GEM
multi_json
encryptor (3.0.0)
erubi (1.10.0)
et-orbi (1.2.6)
et-orbi (1.2.7)
tzinfo
excon (0.91.0)
fabrication (2.27.0)
faker (2.19.0)
i18n (>= 1.6, < 2)
faraday (1.9.3)
excon (0.92.3)
fabrication (2.28.0)
faker (2.21.0)
i18n (>= 1.8.11, < 2)
faraday (1.10.0)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
@ -254,12 +263,16 @@ GEM
fog-json (>= 1.0)
ipaddress (>= 0.8)
formatador (0.3.0)
fugit (1.5.2)
et-orbi (~> 1.1, >= 1.1.8)
fugit (1.5.3)
et-orbi (~> 1, >= 1.2.7)
raabro (~> 1.4)
fuubar (2.5.1)
rspec-core (~> 3.0)
ruby-progressbar (~> 1.4)
gitlab-omniauth-openid-connect (0.9.1)
addressable (~> 2.7)
omniauth (~> 1.9)
openid_connect (~> 1.2)
globalid (1.0.0)
activesupport (>= 5.0)
hamlit (2.16.0)
@ -276,6 +289,7 @@ GEM
highline (2.0.3)
hiredis (0.6.3)
hkdf (0.3.0)
html_tokenizer (0.0.7)
htmlentities (4.3.4)
http (5.0.4)
addressable (~> 2.8)
@ -286,14 +300,16 @@ GEM
domain_name (~> 0.5)
http-form_data (2.3.0)
http_accept_language (2.1.1)
httpclient (2.8.3)
httplog (1.5.0)
rack (>= 1.0)
rainbow (>= 2.0.0)
i18n (1.10.0)
concurrent-ruby (~> 1.0)
i18n-tasks (0.9.37)
i18n-tasks (1.0.10)
activesupport (>= 4.0.2)
ast (>= 2.1.0)
better_html (~> 1.0)
erubi
highline (>= 2.0.0)
i18n
@ -304,10 +320,14 @@ GEM
idn-ruby (0.1.4)
ipaddr (1.2.4)
ipaddress (0.8.3)
jmespath (1.6.0)
json (2.6.1)
jmespath (1.6.1)
json (2.6.2)
json-canonicalization (0.3.0)
json-ld (3.2.0)
json-jwt (1.13.0)
activesupport (>= 4.2)
aes_key_wrap
bindata
json-ld (3.2.1)
htmlentities (~> 4.3)
json-canonicalization (~> 0.3)
link_header (~> 0.0, >= 0.0.8)
@ -339,8 +359,8 @@ GEM
terrapin (~> 0.6.0)
launchy (2.5.0)
addressable (~> 2.7)
letter_opener (1.7.0)
launchy (~> 2.2)
letter_opener (1.8.1)
launchy (>= 2.2, < 3)
letter_opener_web (2.0.0)
actionmailer (>= 5.2)
letter_opener (~> 1.7)
@ -350,12 +370,12 @@ GEM
llhttp-ffi (0.4.0)
ffi-compiler (~> 1.0)
rake (~> 13.0)
lograge (0.11.2)
lograge (0.12.0)
actionpack (>= 4)
activesupport (>= 4)
railties (>= 4)
request_store (~> 1.0)
loofah (2.14.0)
loofah (2.18.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
@ -375,9 +395,9 @@ GEM
mime-types-data (~> 3.2015)
mime-types-data (3.2022.0105)
mini_mime (1.1.2)
mini_portile2 (2.7.1)
mini_portile2 (2.8.0)
minitest (5.15.0)
msgpack (1.4.5)
msgpack (1.5.1)
multi_json (1.15.0)
multipart-post (2.1.1)
net-ldap (0.17.0)
@ -385,8 +405,10 @@ GEM
net-ssh (>= 2.6.5, < 7.0.0)
net-ssh (6.1.0)
nio4r (2.5.8)
nokogiri (1.13.1)
mini_portile2 (~> 2.7.0)
nokogiri (1.13.6)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
nokogiri (1.13.6-x86_64-linux)
racc (~> 1.4)
nsa (0.2.8)
activesupport (>= 4.2, < 7)
@ -407,26 +429,36 @@ GEM
omniauth-saml (1.10.3)
omniauth (~> 1.3, >= 1.3.2)
ruby-saml (~> 1.9)
openid_connect (1.3.0)
activemodel
attr_required (>= 1.0.0)
json-jwt (>= 1.5.0)
rack-oauth2 (>= 1.6.1)
swd (>= 1.0.0)
tzinfo
validate_email
validate_url
webfinger (>= 1.0.1)
openssl (2.2.1)
ipaddr
openssl-signature_algorithm (0.4.0)
orm_adapter (0.5.0)
ox (2.14.9)
parallel (1.21.0)
parser (3.1.0.0)
ox (2.14.11)
parallel (1.22.1)
parser (3.1.2.0)
ast (~> 2.4.1)
parslet (2.0.0)
pastel (0.8.0)
tty-color (~> 0.5)
pg (1.3.2)
pg (1.3.5)
pg_search (2.3.6)
activerecord (>= 5.2)
activesupport (>= 5.2)
pghero (2.8.2)
pghero (2.8.3)
activerecord (>= 5)
pkg-config (1.4.7)
posix-spawn (0.3.15)
premailer (1.15.0)
premailer (1.16.0)
addressable
css_parser (>= 1.6.0)
htmlentities (>= 4.0.0)
@ -444,36 +476,42 @@ GEM
pry (~> 0.13.0)
pry-rails (0.3.9)
pry (>= 0.10.4)
public_suffix (4.0.6)
puma (5.6.2)
public_suffix (4.0.7)
puma (5.6.4)
nio4r (~> 2.0)
pundit (2.2.0)
activesupport (>= 3.0.0)
raabro (1.4.0)
racc (1.6.0)
rack (2.2.3)
rack-attack (6.6.0)
rack-attack (6.6.1)
rack (>= 1.0, < 3)
rack-cors (1.1.1)
rack (>= 2.0.0)
rack-oauth2 (1.19.0)
activesupport
attr_required
httpclient
json-jwt (>= 1.11.0)
rack (>= 2.1.0)
rack-proxy (0.7.2)
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (6.1.4.6)
actioncable (= 6.1.4.6)
actionmailbox (= 6.1.4.6)
actionmailer (= 6.1.4.6)
actionpack (= 6.1.4.6)
actiontext (= 6.1.4.6)
actionview (= 6.1.4.6)
activejob (= 6.1.4.6)
activemodel (= 6.1.4.6)
activerecord (= 6.1.4.6)
activestorage (= 6.1.4.6)
activesupport (= 6.1.4.6)
rails (6.1.6)
actioncable (= 6.1.6)
actionmailbox (= 6.1.6)
actionmailer (= 6.1.6)
actionpack (= 6.1.6)
actiontext (= 6.1.6)
actionview (= 6.1.6)
activejob (= 6.1.6)
activemodel (= 6.1.6)
activerecord (= 6.1.6)
activestorage (= 6.1.6)
activesupport (= 6.1.6)
bundler (>= 1.15.0)
railties (= 6.1.4.6)
railties (= 6.1.6)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
@ -489,23 +527,23 @@ GEM
railties (>= 6.0.0, < 7)
rails-settings-cached (0.7.2)
rails (>= 4.2.0)
railties (6.1.4.6)
actionpack (= 6.1.4.6)
activesupport (= 6.1.4.6)
railties (6.1.6)
actionpack (= 6.1.6)
activesupport (= 6.1.6)
method_source
rake (>= 0.13)
rake (>= 12.2)
thor (~> 1.0)
rainbow (3.1.1)
rake (13.0.6)
rdf (3.2.4)
rdf (3.2.7)
link_header (~> 0.0, >= 0.0.8)
rdf-normalize (0.5.0)
rdf (~> 3.2)
redcarpet (3.5.1)
redis (4.6.0)
redis-namespace (1.8.1)
redis-namespace (1.8.2)
redis (>= 3.0.4)
regexp_parser (2.2.1)
regexp_parser (2.4.0)
request_store (1.5.1)
rack (>= 1.4)
resolv (0.1.0)
@ -524,10 +562,10 @@ GEM
rspec-expectations (3.11.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-mocks (3.11.0)
rspec-mocks (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-rails (5.1.0)
rspec-rails (5.1.2)
actionpack (>= 5.2)
activesupport (>= 5.2)
railties (>= 5.2)
@ -541,18 +579,18 @@ GEM
rspec-support (3.11.0)
rspec_junit_formatter (0.5.1)
rspec-core (>= 2, < 4, != 2.12.0)
rubocop (1.25.1)
rubocop (1.29.1)
parallel (~> 1.10)
parser (>= 3.1.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml
rubocop-ast (>= 1.15.1, < 2.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.17.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.15.2)
parser (>= 3.0.1.1)
rubocop-rails (2.13.2)
rubocop-ast (1.18.0)
parser (>= 3.1.1.0)
rubocop-rails (2.14.2)
activesupport (>= 4.2.0)
rack (>= 1.1)
rubocop (>= 1.7.0, < 2.0)
@ -573,20 +611,18 @@ GEM
railties (>= 4.0.0)
securecompare (1.0.0)
semantic_range (3.0.0)
sidekiq (6.4.1)
sidekiq (6.4.2)
connection_pool (>= 2.2.2)
rack (~> 2.0)
redis (>= 4.2.0)
sidekiq-bulk (0.2.0)
sidekiq
sidekiq-scheduler (3.1.1)
e2mmap
redis (>= 3, < 5)
sidekiq-scheduler (4.0.0)
redis (>= 4.2.0)
rufus-scheduler (~> 3.2)
sidekiq (>= 3)
thwait
sidekiq (>= 4)
tilt (>= 1.4.0)
sidekiq-unique-jobs (7.1.15)
sidekiq-unique-jobs (7.1.22)
brpoplpush-redis_script (> 0.1.1, <= 2.0.0)
concurrent-ruby (~> 1.0, >= 1.0.5)
sidekiq (>= 5.0, < 8.0)
@ -602,6 +638,7 @@ GEM
simplecov_json_formatter (~> 0.1)
simplecov-html (0.12.3)
simplecov_json_formatter (0.1.4)
smart_properties (1.17.0)
sprockets (3.7.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
@ -612,19 +649,21 @@ GEM
sshkit (1.21.2)
net-scp (>= 1.1.2)
net-ssh (>= 2.8.0)
stackprof (0.2.18)
stackprof (0.2.19)
statsd-ruby (1.5.0)
stoplight (2.2.1)
stoplight (3.0.0)
strong_migrations (0.8.0)
activerecord (>= 5.2)
swd (1.3.0)
activesupport (>= 3)
attr_required (>= 0.0.5)
httpclient (>= 2.4)
temple (0.8.2)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
terrapin (0.6.0)
climate_control (>= 0.0.3, < 1.0)
thor (1.2.1)
thwait (0.2.0)
e2mmap
tilt (2.0.10)
tpm-key_attestation (0.9.0)
bindata (~> 2.4)
@ -644,13 +683,19 @@ GEM
unf (~> 0.1.0)
tzinfo (2.0.4)
concurrent-ruby (~> 1.0)
tzinfo-data (1.2021.5)
tzinfo-data (1.2022.1)
tzinfo (>= 1.0.0)
unf (0.1.4)
unf_ext
unf_ext (0.0.8)
unf_ext (0.0.8.1)
unicode-display_width (2.1.0)
uniform_notifier (1.14.2)
uniform_notifier (1.16.0)
validate_email (0.1.6)
activemodel (>= 3.0)
mail (>= 2.2.5)
validate_url (1.0.15)
activemodel (>= 3.0.0)
public_suffix
warden (1.2.9)
rack (>= 2.0.9)
webauthn (3.0.0.alpha1)
@ -663,6 +708,9 @@ GEM
safety_net_attestation (~> 0.4.0)
securecompare (~> 1.0)
tpm-key_attestation (~> 0.9.0)
webfinger (1.2.0)
activesupport
httpclient (>= 2.4)
webmock (3.14.0)
addressable (>= 2.8.0)
crack (>= 0.3.2)
@ -687,26 +735,27 @@ GEM
PLATFORMS
ruby
x86_64-linux
DEPENDENCIES
active_model_serializers (~> 0.10)
active_record_query_trace (~> 1.8)
addressable (~> 2.8)
annotate (~> 3.2)
aws-sdk-s3 (~> 1.112)
aws-sdk-s3 (~> 1.114)
better_errors (~> 2.9)
binding_of_caller (~> 1.0)
blurhash (~> 0.1)
bootsnap (~> 1.10.3)
bootsnap (~> 1.11.1)
brakeman (~> 5.2)
browser
bullet (~> 7.0)
bundler-audit (~> 0.9)
capistrano (~> 3.16)
capistrano (~> 3.17)
capistrano-rails (~> 1.6)
capistrano-rbenv (~> 2.2)
capistrano-yarn (~> 2.0)
capybara (~> 3.36)
capybara (~> 3.37)
charlock_holmes (~> 0.7.7)
chewy (~> 7.2)
climate_control (~> 0.2)
@ -720,29 +769,30 @@ DEPENDENCIES
doorkeeper (~> 5.5)
dotenv-rails (~> 2.7)
ed25519 (~> 1.3)
fabrication (~> 2.27)
faker (~> 2.19)
fabrication (~> 2.28)
faker (~> 2.20)
fast_blank (~> 1.0)
fastimage
fog-core (<= 2.1.0)
fog-openstack (~> 0.3)
fuubar (~> 2.5)
gitlab-omniauth-openid-connect (~> 0.9.1)
hamlit-rails (~> 0.2)
hiredis (~> 0.6)
htmlentities (~> 4.3)
http (~> 5.0)
http_accept_language (~> 2.1)
httplog (~> 1.5.0)
i18n-tasks (~> 0.9)
i18n-tasks (~> 1.0)
idn-ruby
json-ld
json-ld-preloaded (~> 3.2)
kaminari (~> 1.2)
kt-paperclip (~> 7.1)
letter_opener (~> 1.7)
letter_opener (~> 1.8)
letter_opener_web (~> 2.0)
link_header (~> 0.0)
lograge (~> 0.11)
lograge (~> 0.12)
makara (~> 0.5)
mario-redis-lock (~> 1.2)
memory_profiler
@ -769,11 +819,11 @@ DEPENDENCIES
pry-byebug (~> 3.9)
pry-rails (~> 0.3)
puma (~> 5.6)
pundit (~> 2.1)
pundit (~> 2.2)
rack (~> 2.2.3)
rack-attack (~> 6.5)
rack-attack (~> 6.6)
rack-cors (~> 1.1)
rails (~> 6.1.4)
rails (~> 6.1.6)
rails-controller-testing (~> 1.0)
rails-i18n (~> 6.0)
rails-settings-cached (~> 0.6)
@ -787,14 +837,14 @@ DEPENDENCIES
rspec-rails (~> 5.1)
rspec-sidekiq (~> 3.1)
rspec_junit_formatter (~> 0.5)
rubocop (~> 1.25)
rubocop-rails (~> 2.13)
rubocop (~> 1.28)
rubocop-rails (~> 2.14)
ruby-progressbar (~> 1.11)
sanitize (~> 6.0)
scenic (~> 1.6)
sidekiq (~> 6.4)
sidekiq-bulk (~> 0.2.0)
sidekiq-scheduler (~> 3.1)
sidekiq-scheduler (~> 4.0)
sidekiq-unique-jobs (~> 7.1)
simple-navigation (~> 4.3)
simple_form (~> 5.1)
@ -802,12 +852,12 @@ DEPENDENCIES
sprockets (~> 3.7.2)
sprockets-rails (~> 3.4)
stackprof
stoplight (~> 2.2.1)
stoplight (~> 3.0.0)
strong_migrations (~> 0.7)
thor (~> 1.2)
tty-prompt (~> 0.23)
twitter-text (~> 3.1.0)
tzinfo-data (~> 1.2021)
tzinfo-data (~> 1.2022)
webauthn (~> 3.0.0.alpha1)
webmock (~> 3.14)
webpacker (~> 5.4)

19
SECURITY.md

@ -1,13 +1,20 @@
# Security Policy
If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you should submit the report through our [Bug Bounty Program][bug-bounty]. Alternatively, you can reach us at <hello@joinmastodon.org>.
You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
## Scope
A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us.
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 3.4.x | :white_check_mark: |
| 3.3.x | :white_check_mark: |
| < 3.3 | :x: |
## Reporting a Vulnerability
| 3.5.x | Yes |
| 3.4.x | Yes |
| 3.3.x | Yes |
| < 3.3 | No |
hello@joinmastodon.org
[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail

5
app.json

@ -95,8 +95,5 @@
"scripts": {
"postdeploy": "bundle exec rails db:migrate && bundle exec rails db:seed"
},
"addons": [
"heroku-postgresql",
"heroku-redis"
]
"addons": ["heroku-postgresql", "heroku-redis"]
}

1
app/controllers/accounts_controller.rb

@ -44,7 +44,6 @@ class AccountsController < ApplicationController
limit = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
@statuses = filtered_statuses.without_reblogs.limit(limit)
@statuses = cache_collection(@statuses, Status)
render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
end
format.json do

1
app/controllers/activitypub/base_controller.rb

@ -2,6 +2,7 @@
class ActivityPub::BaseController < Api::BaseController
skip_before_action :require_authenticated_user!
skip_around_action :set_locale
private

2
app/controllers/activitypub/outboxes_controller.rb

@ -62,7 +62,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
return unless page_requested?