[BORKED] Merge branch 'main' of https://github.com/mastodon/mastodon

Conflicts: .github/CODEOWNERS .github/ISSUE_TEMPLATE/3.support.md CHANGELOG.md Gemfile.lock README.md app/chewy/statuses_index.rb app/javascript/mastodon/actions/compose.js app/javascript/mastodon/components/avatar.js app/javascript/mastodon/components/icon_button.js app/javascript/mastodon/features/compose/components/compose_form.js app/javascript/mastodon/features/compose/components/search_results.js app/javascript/mastodon/initial_state.js app/javascript/mastodon/locales/ca.json app/javascript/mastodon/locales/io.json app/javascript/mastodon/locales/ja.json app/javascript/mastodon/locales/kmr.json app/javascript/mastodon/locales/ru.json app/javascript/mastodon/locales/uk.json app/javascript/mastodon/locales/zh-CN.json app/javascript/mastodon/locales/zh-TW.json app/lib/formatter.rb app/lib/user_settings_decorator.rb app/models/account.rb app/models/status.rb app/models/user.rb app/views/about/show.html.haml boxfile.yml config/locales/ast.yml config/locales/en.yml config/locales/he.yml config/locales/kmr.yml config/locales/ku.yml db/schema.rb docker-compose.yml lib/mastodon/search_cli.rb lib/paperclip/storage_extensions.rb package.json public/emoji/1f327_border.svg public/emoji/1f328_border.svg public/emoji/1f329_border.svg public/emoji/1f359_border.svg public/emoji/1f35a_border.svg public/emoji/1f365_border.svg public/emoji/1f3d0_border.svg public/emoji/1f3f3_border.svg public/emoji/1f40f_border.svg public/emoji/1f410_border.svg public/emoji/1f411_border.svg public/emoji/1f413_border.svg public/emoji/1f414_border.svg public/emoji/1f440_border.svg public/emoji/1f47b_border.svg public/emoji/1f47d_border.svg public/emoji/1f480_border.svg public/emoji/1f4a8_border.svg public/emoji/1f4ac_border.svg public/emoji/1f4ad_border.svg public/emoji/1f4c3_border.svg public/emoji/1f507_border.svg public/emoji/1f508_border.svg public/emoji/1f509_border.svg public/emoji/1f50a_border.svg public/emoji/1f54a_border.svg public/emoji/25ab_border.svg public/emoji/25fb_border.svg public/emoji/25fd_border.svg public/emoji/2601_border.svg public/emoji/2620_border.svg public/emoji/26aa_border.svg public/emoji/26be_border.svg public/emoji/26f8_border.svg public/emoji/2754_border.svg public/emoji/2755_border.svg public/emoji/2b1c_border.svg spec/rails_helper.rb yarn.lock
1 month ago · 4e9f82e89b
1022 changed files with 42912 additions and 21927 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -1,8 +1,8 @@
 version: 2.1

 orbs:
-  ruby: circleci/ruby@1.2.0
-  node: circleci/node@4.7.0
+  ruby: circleci/ruby@1.4.1
+  node: circleci/node@5.0.1

 executors:
  default:
@ -23,7 +23,7 @@ executors:
        environment:
          POSTGRES_USER: root
          POSTGRES_HOST_AUTH_METHOD: trust
-      - image: circleci/redis:6-alpine
+      - image: cimg/redis:6.2

 commands:
  install-system-dependencies:
@ -45,7 +45,7 @@ commands:
            bundle config without 'development production'
          name: Set bundler settings
      - ruby/install-deps:
-          bundler-version: '2.2.31'
+          bundler-version: '2.3.8'
          key: ruby<< parameters.ruby-version >>-gems-v1
  wait-db:
    steps:
@ -127,9 +127,18 @@ jobs:
      - run:
          command: ./bin/rails tests:migrations:populate_v2
          name: Populate database with test data
+      - run:
+          command: ./bin/rails db:migrate VERSION=20180514140000
+          name: Run migrations up to v2.4.0
+      - run:
+          command: ./bin/rails tests:migrations:populate_v2_4
+          name: Populate database with test data
      - run:
          command: ./bin/rails db:migrate
          name: Run all remaining migrations
+      - run:
+          command: ./bin/rails tests:migrations:check_database
+          name: Check migration result

  test-two-step-migrations:
    executor:
@ -150,14 +159,25 @@ jobs:
      - run:
          command: ./bin/rails tests:migrations:populate_v2
          name: Populate database with test data
+      - run:
+          command: ./bin/rails db:migrate VERSION=20180514140000
+          name: Run pre-deployment migrations up to v2.4.0
+          environment:
+            SKIP_POST_DEPLOYMENT_MIGRATIONS: true
+      - run:
+          command: ./bin/rails tests:migrations:populate_v2_4
+          name: Populate database with test data
      - run:
          command: ./bin/rails db:migrate
          name: Run all pre-deployment migrations
-          evironment:
+          environment:
            SKIP_POST_DEPLOYMENT_MIGRATIONS: true
      - run:
          command: ./bin/rails db:migrate
          name: Run all post-deployment remaining migrations
+      - run:
+          command: ./bin/rails tests:migrations:check_database
+          name: Check migration result

 workflows:
  version: 2
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@ -1,4 +1,4 @@
-version: "2"
+version: '2'
 checks:
  argument-count:
    enabled: false
@ -34,8 +34,8 @@ plugins:
  sass-lint:
    enabled: true
 exclude_patterns:
- spec/
- vendor/asset/
+  - spec/
+  - vendor/asset/

- app/javascript/mastodon/locales/**/*.json
- config/locales/**/*.yml
+  - app/javascript/mastodon/locales/**/*.json
+  - config/locales/**/*.yml
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -0,0 +1,24 @@
+# [Choice] Ruby version (use -bullseye variants on local arm64/Apple Silicon): 3, 3.1, 3.0, 2, 2.7, 2.6, 3-bullseye, 3.1-bullseye, 3.0-bullseye, 2-bullseye, 2.7-bullseye, 2.6-bullseye, 3-buster, 3.1-buster, 3.0-buster, 2-buster, 2.7-buster, 2.6-buster
+ARG VARIANT=3.1-bullseye
+FROM mcr.microsoft.com/vscode/devcontainers/ruby:${VARIANT}
+
+# Install Rails
+# RUN gem install rails webdrivers
+
+# Default value to allow debug server to serve content over GitHub Codespace's port forwarding service
+# The value is a comma-separated list of allowed domains
+ENV RAILS_DEVELOPMENT_HOSTS=".githubpreview.dev"
+
+# [Choice] Node.js version: lts/*, 16, 14, 12, 10
+ARG NODE_VERSION="lts/*"
+RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
+
+# [Optional] Uncomment this section to install additional OS packages.
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libpam-dev
+
+# [Optional] Uncomment this line to install additional gems.
+RUN gem install foreman
+
+# [Optional] Uncomment this line to install global node packages.
+RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -0,0 +1,26 @@
+{
+  "name": "Mastodon",
+  "dockerComposeFile": "docker-compose.yml",
+  "service": "app",
+  "workspaceFolder": "/workspaces/mastodon",
+
+  // Set *default* container specific settings.json values on container create.
+  "settings": {},
+
+  // Add the IDs of extensions you want installed when the container is created.
+  "extensions": [
+    "EditorConfig.EditorConfig",
+    "dbaeumer.vscode-eslint",
+    "rebornix.Ruby"
+  ],
+
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // This can be used to network with other containers or the host.
+  "forwardPorts": [3000, 4000],
+
+  // Use 'postCreateCommand' to run commands after the container is created.
+  "postCreateCommand": "bundle install --path vendor/bundle && yarn install && ./bin/rails db:setup",
+
+  // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+  "remoteUser": "vscode"
+}
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@ -0,0 +1,83 @@
+version: '3'
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        # Update 'VARIANT' to pick a version of Ruby: 3, 3.1, 3.0, 2, 2.7, 2.6
+        # Append -bullseye or -buster to pin to an OS version.
+        # Use -bullseye variants on local arm64/Apple Silicon.
+        VARIANT: '3.0-bullseye'
+        # Optional Node.js version to install
+        NODE_VERSION: '14'
+    volumes:
+      - ..:/workspaces/mastodon:cached
+    environment:
+      RAILS_ENV: development
+      NODE_ENV: development
+
+      REDIS_HOST: redis
+      REDIS_PORT: '6379'
+      DB_HOST: db
+      DB_USER: postgres
+      DB_PASS: postgres
+      DB_PORT: '5432'
+      ES_ENABLED: 'true'
+      ES_HOST: es
+      ES_PORT: '9200'
+    # Overrides default command so things don't shut down after the process ends.
+    command: sleep infinity
+    networks:
+      - external_network
+      - internal_network
+    user: vscode
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_HOST_AUTH_METHOD: trust
+    networks:
+      - internal_network
+
+  redis:
+    image: redis:6-alpine
+    restart: unless-stopped
+    volumes:
+      - redis-data:/data
+    networks:
+      - internal_network
+
+  es:
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
+    restart: unless-stopped
+    environment:
+      ES_JAVA_OPTS: -Xms512m -Xmx512m
+      cluster.name: es-mastodon
+      discovery.type: single-node
+      bootstrap.memory_lock: 'true'
+    volumes:
+      - es-data:/usr/share/elasticsearch/data
+    networks:
+      - internal_network
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+
+volumes:
+  postgres-data:
+  redis-data:
+  es-data:
+
+networks:
+  external_network:
+  internal_network:
+    internal: true
--- a/.env.production.sample
+++ b/.env.production.sample
@ -49,7 +49,7 @@ SMTP_SERVER=smtp.mailgun.org
 SMTP_PORT=587
 SMTP_LOGIN=
 SMTP_PASSWORD=
-SMTP_FROM_ADDRESS=notificatons@example.com
+SMTP_FROM_ADDRESS=notifications@example.com

 # File storage (optional)
 # -----------------------
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -79,6 +79,11 @@ module.exports = {
    'no-irregular-whitespace': 'error',
    'no-mixed-spaces-and-tabs': 'warn',
    'no-nested-ternary': 'warn',
+    'no-restricted-properties': [
+      'error',
+      { property: 'substring', message: 'Use .slice instead of .substring.' },
+      { property: 'substr', message: 'Use .slice instead of .substr.' },
+    ],
    'no-trailing-spaces': 'warn',
    'no-undef': 'error',
    'no-unreachable': 'error',
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,32 +0,0 @@
-# CODEOWNERS for comm-network/mastodon
-
-# Translators
-# To add translator, copy these lines, replace `fr` with appropriate language code and replace `@żelipapą` with user's Git nickname preceded by `@` sign or e-mail address.
-# /app/javascript/mastodon/locales/fr.json @żelipapą
-# /app/views/user_mailer/*.fr.html.erb @żelipapą
-# /app/views/user_mailer/*.fr.text.erb @żelipapą
-# /config/locales/*.fr.yml @żelipapą
-# /config/locales/fr.yml @żelipapą
-
-# Polish
-/app/javascript/mastodon/locales/pl.json @m4sk1n
-/app/views/user_mailer/*.pl.html.erb @m4sk1n
-/app/views/user_mailer/*.pl.text.erb @m4sk1n
-/config/locales/*.pl.yml @m4sk1n
-/config/locales/pl.yml @m4sk1n
-
-# French
-/app/javascript/mastodon/locales/fr.json @aldarone
-/app/javascript/mastodon/locales/whitelist_fr.json @aldarone
-/app/views/user_mailer/*.fr.html.erb @aldarone
-/app/views/user_mailer/*.fr.text.erb @aldarone
-/config/locales/*.fr.yml @aldarone
-/config/locales/fr.yml @aldarone
-
-# Dutch
-/app/javascript/mastodon/locales/nl.json @jeroenpraat
-/app/javascript/mastodon/locales/whitelist_nl.json @jeroenpraat
-/app/views/user_mailer/*.nl.html.erb @jeroenpraat
-/app/views/user_mailer/*.nl.text.erb @jeroenpraat
-/config/locales/*.nl.yml @jeroenpraat
-/config/locales/nl.yml @jeroenpraat
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,3 +1,3 @@
 patreon: mastodon
 open_collective: mastodon
-github: [Gargron]
+custom: https://sponsor.joinmastodon.org
--- a/.github/ISSUE_TEMPLATE/2.feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/2.feature_request.yml
@ -1,5 +1,6 @@
 name: Feature Request
 description: I have a suggestion
+labels: suggestion
 body:
  - type: markdown
    attributes:
--- a/.github/ISSUE_TEMPLATE/3.support.md
+++ b/.github/ISSUE_TEMPLATE/3.support.md
@ -1,10 +0,0 @@
---
-name: Support
-about: Ask for help with your deployment
-title: DO NOT CREATE THIS ISSUE
---
-
-We primarily use Git as a bug and feature tracker. For usage questions, troubleshooting of deployments and other individual technical assistance, please use one of the resources below:
-
- https://discourse.joinmastodon.org
- #mastodon on irc.freenode.net
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
-  - name: Mastodon Meta Discussion Board
-    url: https://discourse.joinmastodon.org/
+  - name: GitHub Discussions
+    url: https://github.com/mastodon/mastodon/discussions
    about: Please ask and answer questions here.
+  - name: Bug Bounty Program
+    url: https://app.intigriti.com/programs/mastodon/mastodonio/detail
+    about: Please report security vulnerabilities here.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -6,7 +6,7 @@
 version: 2
 updates:
  - package-ecosystem: npm
-    directory: "/"
+    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
@ -14,7 +14,7 @@ updates:
      - dependency-type: direct

  - package-ecosystem: bundler
-    directory: "/"
+    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@ -3,9 +3,9 @@ on:
  workflow_dispatch:
  push:
    branches:
-      - "main"
+      - 'main'
    tags:
-      - "*"
+      - '*'
  pull_request:
    paths:
      - .github/workflows/build-image.yml
@ -21,6 +21,7 @@ jobs:
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        if: github.event_name != 'pull_request'
      - uses: docker/metadata-action@v3
        id: meta
        with:
@ -29,7 +30,8 @@ jobs:
            latest=auto
          tags: |
            type=edge,branch=main
-            type=semver,pattern={{ raw }}
+            type=match,pattern=v(.*),group=0
+            type=ref,event=pr
      - uses: docker/build-push-action@v2
        with:
          context: .
--- a/.github/workflows/check-i18n.yml
+++ b/.github/workflows/check-i18n.yml
@ -2,9 +2,9 @@ name: Check i18n

 on:
  push:
-    branches: [ main ]
+    branches: [main]
  pull_request:
-    branches: [ main ]
+    branches: [main]

 env:
  RAILS_ENV: test
@ -14,21 +14,21 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-    - uses: actions/checkout@v2
-    - name: Install system dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y libicu-dev libidn11-dev
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: '3.0'
-        bundler-cache: true
-    - name: Check locale file normalization
-      run: bundle exec i18n-tasks check-normalized
-    - name: Check for unused strings
-      run: bundle exec i18n-tasks unused -l en
-    - name: Check for wrong string interpolations
-      run: bundle exec i18n-tasks check-consistent-interpolations
-    - name: Check that all required locale files exist
-      run: bundle exec rake repo:check_locales_files
+      - uses: actions/checkout@v2
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.0'
+          bundler-cache: true
+      - name: Check locale file normalization
+        run: bundle exec i18n-tasks check-normalized
+      - name: Check for unused strings
+        run: bundle exec i18n-tasks unused -l en
+      - name: Check for wrong string interpolations
+        run: bundle exec i18n-tasks check-consistent-interpolations
+      - name: Check that all required locale files exist
+        run: bundle exec rake repo:check_locales_files
--- a/.prettierignore
+++ b/.prettierignore
@ -0,0 +1,78 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config and downloaded libraries.
+/.bundle
+/vendor/bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+.eslintcache
+/log/*
+!/log/.keep
+/tmp
+/coverage
+/public/system
+/public/assets
+/public/packs
+/public/packs-test
+.env
+.env.production
+.env.development
+/node_modules/
+/build/
+
+# Ignore Vagrant files
+.vagrant/
+
+# Ignore Capistrano customizations
+/config/deploy/*
+
+# Ignore IDE files
+.vscode/
+.idea/
+
+# Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
+/postgres
+/postgres14
+/redis
+/elasticsearch
+
+# ignore Helm dependency charts
+/chart/charts/*.tgz
+
+# Ignore Apple files
+.DS_Store
+
+# Ignore vim files
+*~
+*.swp
+
+# Ignore npm debug log
+npm-debug.log
+
+# Ignore yarn log files
+yarn-error.log
+yarn-debug.log
+
+# Ignore vagrant log files
+*-cloudimg-console.log
+
+# Ignore Docker option files
+docker-compose.override.yml
+
+# Ignore Helm files
+/chart
+
+# Ignore emoji map file
+/app/javascript/mastodon/features/emoji/emoji_map.json
+
+# Ignore locale files
+/app/javascript/mastodon/locales
+/config/locales
--- a/.prettierrc.js
+++ b/.prettierrc.js
@ -0,0 +1,3 @@
+module.exports = {
+  singleQuote: true
+}
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -5,17 +5,17 @@ AllCops:
  TargetRubyVersion: 2.5
  NewCops: disable
  Exclude:
-  - 'spec/**/*'
-  - 'db/**/*'
-  - 'app/views/**/*'
-  - 'config/**/*'
-  - 'bin/*'
-  - 'Rakefile'
-  - 'node_modules/**/*'
-  - 'Vagrantfile'
-  - 'vendor/**/*'
-  - 'lib/json_ld/*'
-  - 'lib/templates/**/*'
+    - 'spec/**/*'
+    - 'db/**/*'
+    - 'app/views/**/*'
+    - 'config/**/*'
+    - 'bin/*'
+    - 'Rakefile'
+    - 'node_modules/**/*'
+    - 'Vagrantfile'
+    - 'vendor/**/*'
+    - 'lib/json_ld/*'
+    - 'lib/templates/**/*'

 Bundler/OrderedGems:
  Enabled: false
@ -29,13 +29,17 @@ Layout/EmptyLineAfterMagicComment:
 Layout/EmptyLineAfterGuardClause:
  Enabled: false

+Layout/EmptyLineBetweenDefs:
+  AllowAdjacentOneLineDefs: true
+
 Layout/EmptyLinesAroundAttributeAccessor:
  Enabled: true

+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
+
 Layout/HashAlignment:
  Enabled: false
-  # EnforcedHashRocketStyle: table
-  # EnforcedColonStyle: table

 Layout/SpaceAroundMethodCallOperator:
  Enabled: true
--- a/AUTHORS.md
+++ b/AUTHORS.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/2
+++ b/2
@ -5,7 +5,7 @@ SHELL ["/bin/bash", "-c"]
 RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections

 # Install Node v16 (LTS)
-ENV NODE_VER="16.13.2"
+ENV NODE_VER="16.14.2"
 RUN ARCH= && \
    dpkgArch="$(dpkg --print-architecture)" && \
  case "${dpkgArch##*-}" in \
--- a/37
+++ b/37
@ -1,13 +1,13 @@
 # frozen_string_literal: true

 source 'https://rubygems.org'
-ruby '>= 2.5.0', '< 3.1.0'
+ruby '>= 2.6.0', '< 3.1.0'

 gem 'pkg-config', '~> 1.4'
 gem "rexml", "~> 3.2"

 gem 'puma', '~> 5.6'
-gem 'rails', '~> 6.1.4'
+gem 'rails', '~> 6.1.6'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
 gem 'rack', '~> 2.2.3'
@ -18,7 +18,7 @@ gem 'makara', '~> 0.5'
 gem 'pghero', '~> 2.8'
 gem 'dotenv-rails', '~> 2.7'

-gem 'aws-sdk-s3', '~> 1.112', require: false
+gem 'aws-sdk-s3', '~> 1.114', require: false
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'kt-paperclip', '~> 7.1'
@ -26,7 +26,7 @@ gem 'blurhash', '~> 0.1'

 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
-gem 'bootsnap', '~> 1.10.3', require: false
+gem 'bootsnap', '~> 1.11.1', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
 gem 'chewy', '~> 7.2'
@ -40,6 +40,7 @@ end
 gem 'net-ldap', '~> 0.17'
 gem 'omniauth-cas', '~> 2.0'
 gem 'omniauth-saml', '~> 1.10'
+gem 'gitlab-omniauth-openid-connect', '~>0.9.1', require: 'omniauth_openid_connect'
 gem 'omniauth', '~> 1.9'
 gem 'omniauth-rails_csrf_protection', '~> 0.1'

@ -65,9 +66,9 @@ gem 'oj', '~> 3.13'
 gem 'ox', '~> 2.14'
 gem 'parslet'
 gem 'posix-spawn'
-gem 'pundit', '~> 2.1'
+gem 'pundit', '~> 2.2'
 gem 'premailer-rails'
-gem 'rack-attack', '~> 6.5'
+gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 1.1', require: 'rack/cors'
 gem 'rails-i18n', '~> 6.0'
 gem 'rails-settings-cached', '~> 0.6'
@ -78,17 +79,17 @@ gem 'ruby-progressbar', '~> 1.11'
 gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.6'
 gem 'sidekiq', '~> 6.4'
-gem 'sidekiq-scheduler', '~> 3.1'
+gem 'sidekiq-scheduler', '~> 4.0'
 gem 'sidekiq-unique-jobs', '~> 7.1'
 gem 'sidekiq-bulk', '~>0.2.0'
 gem 'simple-navigation', '~> 4.3'
 gem 'simple_form', '~> 5.1'
 gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
-gem 'stoplight', '~> 2.2.1'
+gem 'stoplight', '~> 3.0.0'
 gem 'strong_migrations', '~> 0.7'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
-gem 'tzinfo-data', '~> 1.2021'
+gem 'tzinfo-data', '~> 1.2022'
 gem 'webpacker', '~> 5.4'
 gem 'webpush', '~> 0.3'
 gem 'webauthn', '~> 3.0.0.alpha1'
@ -98,9 +99,9 @@ gem 'json-ld-preloaded', '~> 3.2'
 gem 'rdf-normalize', '~> 0.5'

 group :development, :test do
-  gem 'fabrication', '~> 2.27'
+  gem 'fabrication', '~> 2.28'
  gem 'fuubar', '~> 2.5'
-  gem 'i18n-tasks', '~> 0.9', require: false
+  gem 'i18n-tasks', '~> 1.0', require: false
  gem 'pry-byebug', '~> 3.9'
  gem 'pry-rails', '~> 0.3'
  gem 'rspec-rails', '~> 5.1'
@ -111,9 +112,9 @@ group :production, :test do
 end

 group :test do
-  gem 'capybara', '~> 3.36'
+  gem 'capybara', '~> 3.37'
  gem 'climate_control', '~> 0.2'
-  gem 'faker', '~> 2.19'
+  gem 'faker', '~> 2.20'
  gem 'microformats', '~> 4.2'
  gem 'rails-controller-testing', '~> 1.0'
  gem 'rspec-sidekiq', '~> 3.1'
@ -128,15 +129,15 @@ group :development do
  gem 'better_errors', '~> 2.9'
  gem 'binding_of_caller', '~> 1.0'
  gem 'bullet', '~> 7.0'
-  gem 'letter_opener', '~> 1.7'
+  gem 'letter_opener', '~> 1.8'
  gem 'letter_opener_web', '~> 2.0'
  gem 'memory_profiler'
-  gem 'rubocop', '~> 1.25', require: false
-  gem 'rubocop-rails', '~> 2.13', require: false
+  gem 'rubocop', '~> 1.28', require: false
+  gem 'rubocop-rails', '~> 2.14', require: false
  gem 'brakeman', '~> 5.2', require: false
  gem 'bundler-audit', '~> 0.9', require: false

-  gem 'capistrano', '~> 3.16'
+  gem 'capistrano', '~> 3.17'
  gem 'capistrano-rails', '~> 1.6'
  gem 'capistrano-rbenv', '~> 2.2'
  gem 'capistrano-yarn', '~> 2.0'
@ -145,7 +146,7 @@ group :development do
 end

 group :production do
-  gem 'lograge', '~> 0.11'
+  gem 'lograge', '~> 0.12'
 end

 gem 'concurrent-ruby', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,40 +1,40 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (6.1.4.6)
-      actionpack (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
+    actioncable (6.1.6)
+      actionpack (= 6.1.6)
+      activesupport (= 6.1.6)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.4.6)
-      actionpack (= 6.1.4.6)
-      activejob (= 6.1.4.6)
-      activerecord (= 6.1.4.6)
-      activestorage (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
+    actionmailbox (6.1.6)
+      actionpack (= 6.1.6)
+      activejob (= 6.1.6)
+      activerecord (= 6.1.6)
+      activestorage (= 6.1.6)
+      activesupport (= 6.1.6)
      mail (>= 2.7.1)
-    actionmailer (6.1.4.6)
-      actionpack (= 6.1.4.6)
-      actionview (= 6.1.4.6)
-      activejob (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
+    actionmailer (6.1.6)
+      actionpack (= 6.1.6)
+      actionview (= 6.1.6)
+      activejob (= 6.1.6)
+      activesupport (= 6.1.6)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.6)
-      actionview (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
+    actionpack (6.1.6)
+      actionview (= 6.1.6)
+      activesupport (= 6.1.6)
      rack (~> 2.0, >= 2.0.9)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.4.6)
-      actionpack (= 6.1.4.6)
-      activerecord (= 6.1.4.6)
-      activestorage (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
+    actiontext (6.1.6)
+      actionpack (= 6.1.6)
+      activerecord (= 6.1.6)
+      activestorage (= 6.1.6)
+      activesupport (= 6.1.6)
      nokogiri (>= 1.8.5)
-    actionview (6.1.4.6)
-      activesupport (= 6.1.4.6)
+    actionview (6.1.6)
+      activesupport (= 6.1.6)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@ -45,22 +45,22 @@ GEM
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
    active_record_query_trace (1.8)
-    activejob (6.1.4.6)
-      activesupport (= 6.1.4.6)
+    activejob (6.1.6)
+      activesupport (= 6.1.6)
      globalid (>= 0.3.6)
-    activemodel (6.1.4.6)
-      activesupport (= 6.1.4.6)
-    activerecord (6.1.4.6)
-      activemodel (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
-    activestorage (6.1.4.6)
-      actionpack (= 6.1.4.6)
-      activejob (= 6.1.4.6)
-      activerecord (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
-      marcel (~> 1.0.0)
+    activemodel (6.1.6)
+      activesupport (= 6.1.6)
+    activerecord (6.1.6)
+      activemodel (= 6.1.6)
+      activesupport (= 6.1.6)
+    activestorage (6.1.6)
+      actionpack (= 6.1.6)
+      activejob (= 6.1.6)
+      activerecord (= 6.1.6)
+      activesupport (= 6.1.6)
+      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (6.1.4.6)
+    activesupport (6.1.6)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@ -68,6 +68,7 @@ GEM
      zeitwerk (~> 2.3)
    addressable (2.8.0)
      public_suffix (>= 2.0.2, < 5.0)
+    aes_key_wrap (1.1.0)
    airbrussh (1.4.0)
      sshkit (>= 1.6.1, != 1.7.0)
    android_key_attestation (0.3.0)
@ -77,36 +78,45 @@ GEM
    ast (2.4.2)
    attr_encrypted (3.1.0)
      encryptor (~> 3.0.0)
+    attr_required (1.0.1)
    awrence (1.2.1)
    aws-eventstream (1.2.0)
-    aws-partitions (1.554.0)
-    aws-sdk-core (3.126.2)
+    aws-partitions (1.587.0)
+    aws-sdk-core (3.131.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.525.0)
      aws-sigv4 (~> 1.1)
      jmespath (~> 1.0)
-    aws-sdk-kms (1.54.0)
-      aws-sdk-core (~> 3, >= 3.126.0)
+    aws-sdk-kms (1.56.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.112.0)
-      aws-sdk-core (~> 3, >= 3.126.0)
+    aws-sdk-s3 (1.114.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.4)
-    aws-sigv4 (1.4.0)
+    aws-sigv4 (1.5.0)
      aws-eventstream (~> 1, >= 1.0.2)
-    bcrypt (3.1.16)
+    bcrypt (3.1.17)
    better_errors (2.9.1)
      coderay (>= 1.0.0)
      erubi (>= 1.0.0)
      rack (>= 0.9.0)
+    better_html (1.0.16)
+      actionview (>= 4.0)
+      activesupport (>= 4.0)
+      ast (~> 2.0)
+      erubi (~> 1.4)
+      html_tokenizer (~> 0.0.6)
+      parser (>= 2.4)
+      smart_properties
    bindata (2.4.10)
    binding_of_caller (1.0.0)
      debug_inspector (>= 0.0.1)
-    blurhash (0.1.5)
+    blurhash (0.1.6)
      ffi (~> 1.14)
-    bootsnap (1.10.3)
+    bootsnap (1.11.1)
      msgpack (~> 1.2)
-    brakeman (5.2.1)
+    brakeman (5.2.3)
    browser (5.3.1)
    brpoplpush-redis_script (0.1.2)
      concurrent-ruby (~> 1.0, >= 1.0.5)
@ -119,14 +129,14 @@ GEM
      bundler (>= 1.2.0, < 3)
      thor (~> 1.0)
    byebug (11.1.3)
-    capistrano (3.16.0)
+    capistrano (3.17.0)
      airbrussh (>= 1.0.0)
      i18n
      rake (>= 10.0.0)
      sshkit (>= 1.9.0)
    capistrano-bundler (2.0.1)
      capistrano (~> 3.1)
-    capistrano-rails (1.6.1)
+    capistrano-rails (1.6.2)
      capistrano (~> 3.1)
      capistrano-bundler (>= 1.1, < 3)
    capistrano-rbenv (2.2.0)
@ -134,7 +144,7 @@ GEM
      sshkit (~> 1.3)
    capistrano-yarn (2.0.2)
      capistrano (~> 3.0)
-    capybara (3.36.0)
+    capybara (3.37.1)
      addressable
      matrix
      mini_mime (>= 0.1.3)
@ -147,7 +157,7 @@ GEM
      activesupport
    cbor (0.5.9.6)
    charlock_holmes (0.7.7)
-    chewy (7.2.4)
+    chewy (7.2.5)
      activesupport (>= 5.2)
      elasticsearch (>= 7.12.0, < 7.14.0)
      elasticsearch-dsl
@ -155,7 +165,7 @@ GEM
    climate_control (0.2.0)
    coderay (1.1.3)
    color_diff (0.1)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
    connection_pool (2.2.5)
    cose (1.0.0)
      cbor (~> 0.5.9)
@ -172,11 +182,11 @@ GEM
      railties (>= 4.1.0)
      responders
      warden (~> 1.2.3)
-    devise-two-factor (4.0.1)
-      activesupport (< 6.2)
+    devise-two-factor (4.0.2)
+      activesupport (< 7.1)
      attr_encrypted (>= 1.3, < 4, != 2)
      devise (~> 4.0)
-      railties (< 6.2)
+      railties (< 7.1)
      rotp (~> 6.0)
    devise_pam_authenticatable2 (9.2.0)
      devise (>= 4.0.0)
@ -193,7 +203,6 @@ GEM
    dotenv-rails (2.7.6)
      dotenv (= 2.7.6)
      railties (>= 3.2)
-    e2mmap (0.1.0)
    ed25519 (1.3.0)
    elasticsearch (7.13.3)
      elasticsearch-api (= 7.13.3)
@ -206,13 +215,13 @@ GEM
      multi_json
    encryptor (3.0.0)
    erubi (1.10.0)
-    et-orbi (1.2.6)
+    et-orbi (1.2.7)
      tzinfo
-    excon (0.91.0)
-    fabrication (2.27.0)
-    faker (2.19.0)
-      i18n (>= 1.6, < 2)
-    faraday (1.9.3)
+    excon (0.92.3)
+    fabrication (2.28.0)
+    faker (2.21.0)
+      i18n (>= 1.8.11, < 2)
+    faraday (1.10.0)
      faraday-em_http (~> 1.0)
      faraday-em_synchrony (~> 1.0)
      faraday-excon (~> 1.1)
@ -254,12 +263,16 @@ GEM
      fog-json (>= 1.0)
      ipaddress (>= 0.8)
    formatador (0.3.0)
-    fugit (1.5.2)
-      et-orbi (~> 1.1, >= 1.1.8)
+    fugit (1.5.3)
+      et-orbi (~> 1, >= 1.2.7)
      raabro (~> 1.4)
    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
+    gitlab-omniauth-openid-connect (0.9.1)
+      addressable (~> 2.7)
+      omniauth (~> 1.9)
+      openid_connect (~> 1.2)
    globalid (1.0.0)
      activesupport (>= 5.0)
    hamlit (2.16.0)
@ -276,6 +289,7 @@ GEM
    highline (2.0.3)
    hiredis (0.6.3)
    hkdf (0.3.0)
+    html_tokenizer (0.0.7)
    htmlentities (4.3.4)
    http (5.0.4)
      addressable (~> 2.8)
@ -286,14 +300,16 @@ GEM
      domain_name (~> 0.5)
    http-form_data (2.3.0)
    http_accept_language (2.1.1)
+    httpclient (2.8.3)
    httplog (1.5.0)
      rack (>= 1.0)
      rainbow (>= 2.0.0)
    i18n (1.10.0)
      concurrent-ruby (~> 1.0)
-    i18n-tasks (0.9.37)
+    i18n-tasks (1.0.10)
      activesupport (>= 4.0.2)
      ast (>= 2.1.0)
+      better_html (~> 1.0)
      erubi
      highline (>= 2.0.0)
      i18n
@ -304,10 +320,14 @@ GEM
    idn-ruby (0.1.4)
    ipaddr (1.2.4)
    ipaddress (0.8.3)
-    jmespath (1.6.0)
-    json (2.6.1)
+    jmespath (1.6.1)
+    json (2.6.2)
    json-canonicalization (0.3.0)
-    json-ld (3.2.0)
+    json-jwt (1.13.0)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
+    json-ld (3.2.1)
      htmlentities (~> 4.3)
      json-canonicalization (~> 0.3)
      link_header (~> 0.0, >= 0.0.8)
@ -339,8 +359,8 @@ GEM
      terrapin (~> 0.6.0)
    launchy (2.5.0)
      addressable (~> 2.7)
-    letter_opener (1.7.0)
-      launchy (~> 2.2)
+    letter_opener (1.8.1)
+      launchy (>= 2.2, < 3)
    letter_opener_web (2.0.0)
      actionmailer (>= 5.2)
      letter_opener (~> 1.7)
@ -350,12 +370,12 @@ GEM
    llhttp-ffi (0.4.0)
      ffi-compiler (~> 1.0)
      rake (~> 13.0)
-    lograge (0.11.2)
+    lograge (0.12.0)
      actionpack (>= 4)
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.14.0)
+    loofah (2.18.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
@ -375,9 +395,9 @@ GEM
      mime-types-data (~> 3.2015)
    mime-types-data (3.2022.0105)
    mini_mime (1.1.2)
-    mini_portile2 (2.7.1)
+    mini_portile2 (2.8.0)
    minitest (5.15.0)
-    msgpack (1.4.5)
+    msgpack (1.5.1)
    multi_json (1.15.0)
    multipart-post (2.1.1)
    net-ldap (0.17.0)
@ -385,8 +405,10 @@ GEM
      net-ssh (>= 2.6.5, < 7.0.0)
    net-ssh (6.1.0)
    nio4r (2.5.8)
-    nokogiri (1.13.1)
-      mini_portile2 (~> 2.7.0)
+    nokogiri (1.13.6)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    nokogiri (1.13.6-x86_64-linux)
      racc (~> 1.4)
    nsa (0.2.8)
      activesupport (>= 4.2, < 7)
@ -407,26 +429,36 @@ GEM
    omniauth-saml (1.10.3)
      omniauth (~> 1.3, >= 1.3.2)
      ruby-saml (~> 1.9)
+    openid_connect (1.3.0)
+      activemodel
+      attr_required (>= 1.0.0)
+      json-jwt (>= 1.5.0)
+      rack-oauth2 (>= 1.6.1)
+      swd (>= 1.0.0)
+      tzinfo
+      validate_email
+      validate_url
+      webfinger (>= 1.0.1)
    openssl (2.2.1)
      ipaddr
    openssl-signature_algorithm (0.4.0)
    orm_adapter (0.5.0)
-    ox (2.14.9)
-    parallel (1.21.0)
-    parser (3.1.0.0)
+    ox (2.14.11)
+    parallel (1.22.1)
+    parser (3.1.2.0)
      ast (~> 2.4.1)
    parslet (2.0.0)
    pastel (0.8.0)
      tty-color (~> 0.5)
-    pg (1.3.2)
+    pg (1.3.5)
    pg_search (2.3.6)
      activerecord (>= 5.2)
      activesupport (>= 5.2)
-    pghero (2.8.2)
+    pghero (2.8.3)
      activerecord (>= 5)
    pkg-config (1.4.7)
    posix-spawn (0.3.15)
-    premailer (1.15.0)
+    premailer (1.16.0)
      addressable
      css_parser (>= 1.6.0)
      htmlentities (>= 4.0.0)
@ -444,36 +476,42 @@ GEM
      pry (~> 0.13.0)
    pry-rails (0.3.9)
      pry (>= 0.10.4)
-    public_suffix (4.0.6)
-    puma (5.6.2)
+    public_suffix (4.0.7)
+    puma (5.6.4)
      nio4r (~> 2.0)
    pundit (2.2.0)
      activesupport (>= 3.0.0)
    raabro (1.4.0)
    racc (1.6.0)
    rack (2.2.3)
-    rack-attack (6.6.0)
+    rack-attack (6.6.1)
      rack (>= 1.0, < 3)
    rack-cors (1.1.1)
      rack (>= 2.0.0)
+    rack-oauth2 (1.19.0)
+      activesupport
+      attr_required
+      httpclient
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
    rack-proxy (0.7.2)
      rack
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
-    rails (6.1.4.6)
-      actioncable (= 6.1.4.6)
-      actionmailbox (= 6.1.4.6)
-      actionmailer (= 6.1.4.6)
-      actionpack (= 6.1.4.6)
-      actiontext (= 6.1.4.6)
-      actionview (= 6.1.4.6)
-      activejob (= 6.1.4.6)
-      activemodel (= 6.1.4.6)
-      activerecord (= 6.1.4.6)
-      activestorage (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
+    rails (6.1.6)
+      actioncable (= 6.1.6)
+      actionmailbox (= 6.1.6)
+      actionmailer (= 6.1.6)
+      actionpack (= 6.1.6)
+      actiontext (= 6.1.6)
+      actionview (= 6.1.6)
+      activejob (= 6.1.6)
+      activemodel (= 6.1.6)
+      activerecord (= 6.1.6)
+      activestorage (= 6.1.6)
+      activesupport (= 6.1.6)
      bundler (>= 1.15.0)
-      railties (= 6.1.4.6)
+      railties (= 6.1.6)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
@ -489,23 +527,23 @@ GEM
      railties (>= 6.0.0, < 7)
    rails-settings-cached (0.7.2)
      rails (>= 4.2.0)
-    railties (6.1.4.6)
-      actionpack (= 6.1.4.6)
-      activesupport (= 6.1.4.6)
+    railties (6.1.6)
+      actionpack (= 6.1.6)
+      activesupport (= 6.1.6)
      method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
      thor (~> 1.0)
    rainbow (3.1.1)
    rake (13.0.6)
-    rdf (3.2.4)
+    rdf (3.2.7)
      link_header (~> 0.0, >= 0.0.8)
    rdf-normalize (0.5.0)
      rdf (~> 3.2)
    redcarpet (3.5.1)
    redis (4.6.0)
-    redis-namespace (1.8.1)
+    redis-namespace (1.8.2)
      redis (>= 3.0.4)
-    regexp_parser (2.2.1)
+    regexp_parser (2.4.0)
    request_store (1.5.1)
      rack (>= 1.4)
    resolv (0.1.0)
@ -524,10 +562,10 @@ GEM
    rspec-expectations (3.11.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.0)
+    rspec-mocks (3.11.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.11.0)
-    rspec-rails (5.1.0)
+    rspec-rails (5.1.2)
      actionpack (>= 5.2)
      activesupport (>= 5.2)
      railties (>= 5.2)
@ -541,18 +579,18 @@ GEM
    rspec-support (3.11.0)
    rspec_junit_formatter (0.5.1)
      rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (1.25.1)
+    rubocop (1.29.1)
      parallel (~> 1.10)
      parser (>= 3.1.0.0)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.17.0, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.2)
-      parser (>= 3.0.1.1)
-    rubocop-rails (2.13.2)
+    rubocop-ast (1.18.0)
+      parser (>= 3.1.1.0)
+    rubocop-rails (2.14.2)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.7.0, < 2.0)
@ -573,20 +611,18 @@ GEM
      railties (>= 4.0.0)
    securecompare (1.0.0)
    semantic_range (3.0.0)
-    sidekiq (6.4.1)
+    sidekiq (6.4.2)
      connection_pool (>= 2.2.2)
      rack (~> 2.0)
      redis (>= 4.2.0)
    sidekiq-bulk (0.2.0)
      sidekiq
-    sidekiq-scheduler (3.1.1)
-      e2mmap
-      redis (>= 3, < 5)
+    sidekiq-scheduler (4.0.0)
+      redis (>= 4.2.0)
      rufus-scheduler (~> 3.2)
-      sidekiq (>= 3)
-      thwait
+      sidekiq (>= 4)
      tilt (>= 1.4.0)
-    sidekiq-unique-jobs (7.1.15)
+    sidekiq-unique-jobs (7.1.22)
      brpoplpush-redis_script (> 0.1.1, <= 2.0.0)
      concurrent-ruby (~> 1.0, >= 1.0.5)
      sidekiq (>= 5.0, < 8.0)
@ -602,6 +638,7 @@ GEM
      simplecov_json_formatter (~> 0.1)
    simplecov-html (0.12.3)
    simplecov_json_formatter (0.1.4)
+    smart_properties (1.17.0)
    sprockets (3.7.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
@ -612,19 +649,21 @@ GEM
    sshkit (1.21.2)
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
-    stackprof (0.2.18)
+    stackprof (0.2.19)
    statsd-ruby (1.5.0)
-    stoplight (2.2.1)
+    stoplight (3.0.0)
    strong_migrations (0.8.0)
      activerecord (>= 5.2)
+    swd (1.3.0)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.4)
    temple (0.8.2)
    terminal-table (3.0.2)
      unicode-display_width (>= 1.1.1, < 3)
    terrapin (0.6.0)
      climate_control (>= 0.0.3, < 1.0)
    thor (1.2.1)
-    thwait (0.2.0)
-      e2mmap
    tilt (2.0.10)
    tpm-key_attestation (0.9.0)
      bindata (~> 2.4)
@ -644,13 +683,19 @@ GEM
      unf (~> 0.1.0)
    tzinfo (2.0.4)
      concurrent-ruby (~> 1.0)
-    tzinfo-data (1.2021.5)
+    tzinfo-data (1.2022.1)
      tzinfo (>= 1.0.0)
    unf (0.1.4)
      unf_ext
-    unf_ext (0.0.8)
+    unf_ext (0.0.8.1)
    unicode-display_width (2.1.0)
-    uniform_notifier (1.14.2)
+    uniform_notifier (1.16.0)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (1.0.15)
+      activemodel (>= 3.0.0)
+      public_suffix
    warden (1.2.9)
      rack (>= 2.0.9)
    webauthn (3.0.0.alpha1)
@ -663,6 +708,9 @@ GEM
      safety_net_attestation (~> 0.4.0)
      securecompare (~> 1.0)
      tpm-key_attestation (~> 0.9.0)
+    webfinger (1.2.0)
+      activesupport
+      httpclient (>= 2.4)
    webmock (3.14.0)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
@ -687,26 +735,27 @@ GEM

 PLATFORMS
  ruby
+  x86_64-linux

 DEPENDENCIES
  active_model_serializers (~> 0.10)
  active_record_query_trace (~> 1.8)
  addressable (~> 2.8)
  annotate (~> 3.2)
-  aws-sdk-s3 (~> 1.112)
+  aws-sdk-s3 (~> 1.114)
  better_errors (~> 2.9)
  binding_of_caller (~> 1.0)
  blurhash (~> 0.1)
-  bootsnap (~> 1.10.3)
+  bootsnap (~> 1.11.1)
  brakeman (~> 5.2)
  browser
  bullet (~> 7.0)
  bundler-audit (~> 0.9)
-  capistrano (~> 3.16)
+  capistrano (~> 3.17)
  capistrano-rails (~> 1.6)
  capistrano-rbenv (~> 2.2)
  capistrano-yarn (~> 2.0)
-  capybara (~> 3.36)
+  capybara (~> 3.37)
  charlock_holmes (~> 0.7.7)
  chewy (~> 7.2)
  climate_control (~> 0.2)
@ -720,29 +769,30 @@ DEPENDENCIES
  doorkeeper (~> 5.5)
  dotenv-rails (~> 2.7)
  ed25519 (~> 1.3)
-  fabrication (~> 2.27)
-  faker (~> 2.19)
+  fabrication (~> 2.28)
+  faker (~> 2.20)
  fast_blank (~> 1.0)
  fastimage
  fog-core (<= 2.1.0)
  fog-openstack (~> 0.3)
  fuubar (~> 2.5)
+  gitlab-omniauth-openid-connect (~> 0.9.1)
  hamlit-rails (~> 0.2)
  hiredis (~> 0.6)
  htmlentities (~> 4.3)
  http (~> 5.0)
  http_accept_language (~> 2.1)
  httplog (~> 1.5.0)
-  i18n-tasks (~> 0.9)
+  i18n-tasks (~> 1.0)
  idn-ruby
  json-ld
  json-ld-preloaded (~> 3.2)
  kaminari (~> 1.2)
  kt-paperclip (~> 7.1)
-  letter_opener (~> 1.7)
+  letter_opener (~> 1.8)
  letter_opener_web (~> 2.0)
  link_header (~> 0.0)
-  lograge (~> 0.11)
+  lograge (~> 0.12)
  makara (~> 0.5)
  mario-redis-lock (~> 1.2)
  memory_profiler
@ -769,11 +819,11 @@ DEPENDENCIES
  pry-byebug (~> 3.9)
  pry-rails (~> 0.3)
  puma (~> 5.6)
-  pundit (~> 2.1)
+  pundit (~> 2.2)
  rack (~> 2.2.3)
-  rack-attack (~> 6.5)
+  rack-attack (~> 6.6)
  rack-cors (~> 1.1)
-  rails (~> 6.1.4)
+  rails (~> 6.1.6)
  rails-controller-testing (~> 1.0)
  rails-i18n (~> 6.0)
  rails-settings-cached (~> 0.6)
@ -787,14 +837,14 @@ DEPENDENCIES
  rspec-rails (~> 5.1)
  rspec-sidekiq (~> 3.1)
  rspec_junit_formatter (~> 0.5)
-  rubocop (~> 1.25)
-  rubocop-rails (~> 2.13)
+  rubocop (~> 1.28)
+  rubocop-rails (~> 2.14)
  ruby-progressbar (~> 1.11)
  sanitize (~> 6.0)
  scenic (~> 1.6)
  sidekiq (~> 6.4)
  sidekiq-bulk (~> 0.2.0)
-  sidekiq-scheduler (~> 3.1)
+  sidekiq-scheduler (~> 4.0)
  sidekiq-unique-jobs (~> 7.1)
  simple-navigation (~> 4.3)
  simple_form (~> 5.1)
@ -802,12 +852,12 @@ DEPENDENCIES
  sprockets (~> 3.7.2)
  sprockets-rails (~> 3.4)
  stackprof
-  stoplight (~> 2.2.1)
+  stoplight (~> 3.0.0)
  strong_migrations (~> 0.7)
  thor (~> 1.2)
  tty-prompt (~> 0.23)
  twitter-text (~> 3.1.0)
-  tzinfo-data (~> 1.2021)
+  tzinfo-data (~> 1.2022)
  webauthn (~> 3.0.0.alpha1)
  webmock (~> 3.14)
  webpacker (~> 5.4)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,13 +1,20 @@
 # Security Policy

+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you should submit the report through our [Bug Bounty Program][bug-bounty]. Alternatively, you can reach us at <hello@joinmastodon.org>.
+
+You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+
+## Scope
+
+A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us.
+
 ## Supported Versions

 | Version | Supported          |
 | ------- | ------------------ |
-| 3.4.x   | :white_check_mark: |
-| 3.3.x   | :white_check_mark: |
-| < 3.3   | :x:                |
-
-## Reporting a Vulnerability
+| 3.5.x   | Yes                |
+| 3.4.x   | Yes                |
+| 3.3.x   | Yes                |
+| < 3.3   | No                 |

-hello@joinmastodon.org
+[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail
--- a/app.json
+++ b/app.json
@ -95,8 +95,5 @@
  "scripts": {
    "postdeploy": "bundle exec rails db:migrate && bundle exec rails db:seed"
  },
-  "addons": [
-    "heroku-postgresql",
-    "heroku-redis"
-  ]
+  "addons": ["heroku-postgresql", "heroku-redis"]
 }
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -44,7 +44,6 @@ class AccountsController < ApplicationController
        limit     = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
        @statuses = filtered_statuses.without_reblogs.limit(limit)
        @statuses = cache_collection(@statuses, Status)
-        render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
      end

      format.json do
--- a/app/controllers/activitypub/base_controller.rb
+++ b/app/controllers/activitypub/base_controller.rb
@ -2,6 +2,7 @@

 class ActivityPub::BaseController < Api::BaseController
  skip_before_action :require_authenticated_user!
+  skip_around_action :set_locale

  private

--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@ -62,7 +62,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
    return unless page_requested?
			`@ -62,7 +62,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController`
			`return unless page_requested?`