From e41cd77dd45099ff7deb0d04b7620aa7730aa5cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Dec 2022 00:57:51 +0900 Subject: [PATCH 1/4] Bump sidekiq-unique-jobs from 7.1.27 to 7.1.29 (#22078) Bumps [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) from 7.1.27 to 7.1.29. - [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases) - [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/main/CHANGELOG.md) - [Commits](https://github.com/mhenrixon/sidekiq-unique-jobs/compare/v7.1.27...v7.1.29) --- updated-dependencies: - dependency-name: sidekiq-unique-jobs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ebc0d0e049..46a6ad9ab5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -126,9 +126,9 @@ GEM msgpack (~> 1.2) brakeman (5.4.0) browser (4.2.0) - brpoplpush-redis_script (0.1.2) + brpoplpush-redis_script (0.1.3) concurrent-ruby (~> 1.0, >= 1.0.5) - redis (>= 1.0, <= 5.0) + redis (>= 1.0, < 6) builder (3.2.4) bullet (7.0.4) activesupport (>= 3.0.0) @@ -627,10 +627,11 @@ GEM rufus-scheduler (~> 3.2) sidekiq (>= 4, < 7) tilt (>= 1.4.0) - sidekiq-unique-jobs (7.1.27) + sidekiq-unique-jobs (7.1.29) brpoplpush-redis_script (> 0.1.1, <= 2.0.0) concurrent-ruby (~> 1.0, >= 1.0.5) - sidekiq (>= 5.0, < 8.0) + redis (< 5.0) + sidekiq (>= 5.0, < 7.0) thor (>= 0.20, < 3.0) simple-navigation (4.4.0) activesupport (>= 2.3.2) From 64502e72468ed9c5c35fcaaa4706fd4ab5c7cb38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Dec 2022 00:58:15 +0900 Subject: [PATCH 2/4] Bump axios from 1.2.0 to 1.2.1 (#22076) Bumps [axios](https://github.com/axios/axios) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index eecdf83dbe..1845facdea 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ "array-includes": "^3.1.6", "arrow-key-navigation": "^1.2.0", "autoprefixer": "^9.8.8", - "axios": "^1.2.0", + "axios": "^1.2.1", "babel-loader": "^8.3.0", "babel-plugin-lodash": "^3.3.4", "babel-plugin-preval": "^5.1.0", diff --git a/yarn.lock b/yarn.lock index 25230d8f91..17e6a5c269 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2503,10 +2503,10 @@ axe-core@^4.4.3: resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.3.tgz#11c74d23d5013c0fa5d183796729bc3482bd2f6f" integrity sha512-32+ub6kkdhhWick/UjvEwRchgoetXqTK14INLqbGm5U2TzBkBNF3nQtLYm8ovxSkQWArjEQvftCKryjZaATu3w== -axios@^1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.2.0.tgz#1cb65bd75162c70e9f8d118a905126c4a201d383" - integrity sha512-zT7wZyNYu3N5Bu0wuZ6QccIf93Qk1eV8LOewxgjOZFd2DenOs98cJ7+Y6703d0wkaXGY6/nZd4EweJaHz9uzQw== +axios@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.2.1.tgz#44cf04a3c9f0c2252ebd85975361c026cb9f864a" + integrity sha512-I88cFiGu9ryt/tfVEi4kX2SITsvDddTajXTOFmt2uK1ZVA8LytjtdeyefdQWEf5PU8w+4SSJDoYnggflB5tW4A== dependencies: follow-redirects "^1.15.0" form-data "^4.0.0" From 3958691dc71b3419b31e3d7bc82e0b7bf08885f3 Mon Sep 17 00:00:00 2001 From: prplecake Date: Sun, 11 Dec 2022 00:27:44 -0600 Subject: [PATCH 3/4] Add noindex setting to Admin settings Discovery page (#22205) * Add noindex setting to Admin settings Discovery page * Replace default_noindex i18n --- app/views/admin/settings/discovery/show.html.haml | 3 +++ config/locales/en.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/app/views/admin/settings/discovery/show.html.haml b/app/views/admin/settings/discovery/show.html.haml index b429cdd7b5..f60d1c7662 100644 --- a/app/views/admin/settings/discovery/show.html.haml +++ b/app/views/admin/settings/discovery/show.html.haml @@ -26,6 +26,9 @@ .fields-group = f.input :timeline_preview, as: :boolean, wrapper: :with_label + .fields-group + = f.input :noindex, as: :boolean, wrapper: :with_label, label: t('admin.settings.default_noindex.title'), hint: t('admin.settings.default_noindex.desc_html') + %h4= t('admin.settings.discovery.follow_recommendations') .fields-group diff --git a/config/locales/en.yml b/config/locales/en.yml index 1cc53dca4b..a045db1ab1 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -704,6 +704,9 @@ en: content_retention: preamble: Control how user-generated content is stored in Mastodon. title: Content retention + default_noindex: + desc_html: Affects all users who have not changed this setting themselves + title: Opt users out of search engine indexing by default discovery: follow_recommendations: Follow recommendations preamble: Surfacing interesting content is instrumental in onboarding new users who may not know anyone Mastodon. Control how various discovery features work on your server. From fc9f6cbc194ea91b7f2fda3720738dd1851ff6f7 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Sun, 11 Dec 2022 01:37:00 -0500 Subject: [PATCH 4/4] Update Node 16.18.1 for latest security release (#22019) * Update Node 16.18.1 for latest security release * Increase Yarn network timeout for build error --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 69153c0300..1a97965ac6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1.4 # This needs to be bullseye-slim because the Ruby image is built on bullseye-slim -ARG NODE_VERSION="16.17.1-bullseye-slim" +ARG NODE_VERSION="16.18.1-bullseye-slim" FROM ghcr.io/moritzheiber/ruby-jemalloc:3.0.4-slim as ruby FROM node:${NODE_VERSION} as build @@ -36,7 +36,7 @@ RUN apt update && \ bundle config set --local without 'development test' && \ bundle config set silence_root_warning true && \ bundle install -j"$(nproc)" && \ - yarn install --pure-lockfile + yarn install --pure-lockfile --network-timeout 600000 FROM node:${NODE_VERSION}