abc63d5610
Fix some Rails frameworks being unnecessarily loaded ( #16725 )
...
Saves about 10MiB of memory usage at boot
2021-09-13 18:59:56 +02:00
4080a8ec33
Stop setting a shortcode to newly-created media attachments ( #16730 )
...
* Stop setting a shortcode to newly-created media attachments
The WebUI has stopped using the “short media URL” in ages. This isn't used
anywhere except for mail notifications.
Deprecating it would allow us to eventually get rid of at least a database
column and corruption-prone index, as well as a controller.
* Fix tests
2021-09-13 18:59:37 +02:00
7f0b3eaaca
Bump ruby-saml from 1.11.0 to 1.13.0 ( #16723 )
...
Fixes #16720
2021-09-10 15:43:28 +02:00
5a6bae832e
Bump @babel/plugin-proposal-decorators from 7.14.5 to 7.15.4 ( #16711 )
...
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators ) from 7.14.5 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-plugin-proposal-decorators )
---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-10 09:24:55 +09:00
3030fa64ef
Bump @babel/preset-env from 7.15.0 to 7.15.4 ( #16706 )
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.15.0 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-10 09:24:39 +09:00
ac09e14d7f
Bump devise-two-factor from 4.0.0 to 4.0.1 ( #16705 )
...
Bumps [devise-two-factor](https://github.com/tinfoil/devise-two-factor ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/tinfoil/devise-two-factor/releases )
- [Changelog](https://github.com/tinfoil/devise-two-factor/blob/main/CHANGELOG.md )
- [Commits](https://github.com/tinfoil/devise-two-factor/compare/v4.0.0...v4.0.1 )
---
updated-dependencies:
- dependency-name: devise-two-factor
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:43:00 +09:00
6740c86fb4
Bump sass from 1.38.2 to 1.39.0 ( #16707 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.38.2...1.39.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:42:38 +09:00
1c4f5b4a8c
Bump axios from 0.21.1 to 0.21.4 ( #16709 )
...
Bumps [axios](https://github.com/axios/axios ) from 0.21.1 to 0.21.4.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.4 )
---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:41:47 +09:00
aa2665c570
Bump @babel/runtime from 7.15.3 to 7.15.4 ( #16710 )
...
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime ) from 7.15.3 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-runtime )
---
updated-dependencies:
- dependency-name: "@babel/runtime"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:41:26 +09:00
ee5eddeb52
Bump react-redux from 7.2.4 to 7.2.5 ( #16708 )
...
Bumps [react-redux](https://github.com/reduxjs/react-redux ) from 7.2.4 to 7.2.5.
- [Release notes](https://github.com/reduxjs/react-redux/releases )
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md )
- [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.4...v7.2.5 )
---
updated-dependencies:
- dependency-name: react-redux
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:41:03 +09:00
065eb6f9aa
Bump npmlog from 5.0.0 to 5.0.1 ( #16704 )
...
Bumps [npmlog](https://github.com/npm/npmlog ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/npm/npmlog/releases )
- [Changelog](https://github.com/npm/npmlog/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/npmlog/compare/v5.0.0...v5.0.1 )
---
updated-dependencies:
- dependency-name: npmlog
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:40:14 +09:00
0c413253c7
Bump oj from 3.13.2 to 3.13.4 ( #16703 )
...
Bumps [oj](https://github.com/ohler55/oj ) from 3.13.2 to 3.13.4.
- [Release notes](https://github.com/ohler55/oj/releases )
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/ohler55/oj/compare/v3.13.2...v3.13.4 )
---
updated-dependencies:
- dependency-name: oj
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:39:49 +09:00
6fb6fcf0c2
Bump aws-sdk-s3 from 1.100.0 to 1.102.0 ( #16702 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.100.0 to 1.102.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:39:21 +09:00
47b1649962
Bump @babel/core from 7.15.0 to 7.15.5 ( #16712 )
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.15.0 to 7.15.5.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.5/packages/babel-core )
---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-09 17:36:14 +09:00
8c688e3626
use relative path for `scope` ( #16714 )
...
Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.
2021-09-08 23:33:36 +02:00
067d10d664
Fix addressing of remote groups' followers ( #16700 )
...
Fixes #16699
2021-09-08 23:33:23 +02:00
4893216634
Fix suspicious sign-in mail text being out of date ( #16690 )
...
Fixes #16687
2021-09-04 16:44:50 +02:00
a20cb503ec
Fix processing mentions to domains with non-ascii TLDs ( #16689 )
...
Fixes #16602
2021-09-01 22:06:40 +02:00
295e5846ca
Bump eslint-plugin-react from 7.24.0 to 7.25.1 ( #16680 )
...
Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react ) from 7.24.0 to 7.25.1.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases )
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.24.0...v7.25.1 )
---
updated-dependencies:
- dependency-name: eslint-plugin-react
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-01 08:18:55 +09:00
d95e09dbe2
Bump tar from 6.1.3 to 6.1.11 ( #16685 )
...
Bumps [tar](https://github.com/npm/node-tar ) from 6.1.3 to 6.1.11.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-tar/compare/v6.1.3...v6.1.11 )
---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-01 08:18:29 +09:00
00ed4bc743
Bump rqrcode from 2.0.0 to 2.1.0 ( #16678 )
...
Bumps [rqrcode](https://github.com/whomwah/rqrcode ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/whomwah/rqrcode/releases )
- [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md )
- [Commits](https://github.com/whomwah/rqrcode/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: rqrcode
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:58:34 +09:00
443c806900
Bump rubocop from 1.19.1 to 1.20.0 ( #16674 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.19.1 to 1.20.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.1...v1.20.0 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:56:14 +09:00
31d98ce24d
Bump nokogiri from 1.12.3 to 1.12.4 ( #16675 )
...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.12.3 to 1.12.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases )
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.3...v1.12.4 )
---
updated-dependencies:
- dependency-name: nokogiri
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:56:07 +09:00
7d63710348
Bump aws-sdk-s3 from 1.99.0 to 1.100.0 ( #16676 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.99.0 to 1.100.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:56:01 +09:00
76adb47a91
Bump ws from 8.2.0 to 8.2.1 ( #16679 )
...
Bumps [ws](https://github.com/websockets/ws ) from 8.2.0 to 8.2.1.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/8.2.0...8.2.1 )
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-31 20:55:49 +09:00
ec1cb262a0
Bump sass from 1.38.0 to 1.38.2 ( #16671 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.38.0 to 1.38.2.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.38.0...1.38.2 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29 09:00:57 +09:00
29cc9b7f3c
Bump eslint-plugin-import from 2.24.1 to 2.24.2 ( #16668 )
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.24.1 to 2.24.2.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.1...v2.24.2 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-29 09:00:41 +09:00
36b6572f15
Bump url-parse from 1.5.1 to 1.5.3 ( #16666 )
...
Bumps [url-parse](https://github.com/unshiftio/url-parse ) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/unshiftio/url-parse/releases )
- [Commits](https://github.com/unshiftio/url-parse/compare/1.5.1...1.5.3 )
---
updated-dependencies:
- dependency-name: url-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:18:58 +02:00
e07cd410cf
Bump color-string from 1.5.3 to 1.6.0 ( #16665 )
...
Bumps [color-string](https://github.com/Qix-/color-string ) from 1.5.3 to 1.6.0.
- [Release notes](https://github.com/Qix-/color-string/releases )
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Qix-/color-string/commits/1.6.0 )
---
updated-dependencies:
- dependency-name: color-string
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:18:35 +02:00
61d8996cda
Bump http from 4.4.1 to 5.0.1 ( #16438 )
...
Bumps [http](https://github.com/httprb/http ) from 4.4.1 to 5.0.1.
- [Release notes](https://github.com/httprb/http/releases )
- [Changelog](https://github.com/httprb/http/blob/master/CHANGES.md )
- [Commits](https://github.com/httprb/http/compare/v4.4.1...v5.0.1 )
---
updated-dependencies:
- dependency-name: http
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:17:59 +02:00
26536c2401
Bump y18n from 4.0.0 to 4.0.3 ( #16664 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3 )
---
updated-dependencies:
- dependency-name: y18n
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 18:15:05 +02:00
96edc26165
Bump jest from 26.6.3 to 27.1.0 ( #16376 )
...
* Bump jest from 26.6.3 to 27.0.4
Bumps [jest](https://github.com/facebook/jest ) from 26.6.3 to 27.0.4.
- [Release notes](https://github.com/facebook/jest/releases )
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md )
- [Commits](https://github.com/facebook/jest/compare/v26.6.3...v27.0.4 )
---
updated-dependencies:
- dependency-name: jest
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Set test environment for jest
* Remove unnecessary ext
* Bump jest from 27.0.4 to 27.1.0
* Remove --coverage option
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-08-28 09:58:04 +09:00
516c97b6e5
Bump sidekiq from 6.2.1 to 6.2.2 ( #16647 )
...
Bumps [sidekiq](https://github.com/mperham/sidekiq ) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases )
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md )
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2 )
---
updated-dependencies:
- dependency-name: sidekiq
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-28 08:59:45 +09:00
58ce453c86
Bump webpacker from 5.4.0 to 5.4.2 ( #16648 )
...
Bumps [webpacker](https://github.com/rails/webpacker ) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/rails/webpacker/releases )
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2 )
---
updated-dependencies:
- dependency-name: webpacker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:43 +09:00
8a40b1b40a
Bump faker from 2.18.0 to 2.19.0 ( #16646 )
...
Bumps [faker](https://github.com/faker-ruby/faker ) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases )
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md )
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0 )
---
updated-dependencies:
- dependency-name: faker
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:47:00 +09:00
3e6c085559
Bump rubocop from 1.19.0 to 1.19.1 ( #16649 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 21:46:28 +09:00
567021abeb
Explicitly set userVerification to discoraged ( #16545 )
2021-08-26 09:51:22 -05:00
84566f17de
Fix authentication failures after going halfway through a sign-in attempt ( #16607 )
...
* Add tests
* Add security-related tests
My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.
* Fix authentication failures after going halfway through a sign-in attempt
* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
2021-08-25 22:52:41 +02:00
8632cc7dc5
New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED ( #16655 )
...
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.
We need a new environment variable like for SAML to assume the email
from CAS is verified.
* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.
2021-08-25 18:41:24 +02:00
fc9f57c442
Bump rails from 6.1.4 to 6.1.4.1 ( #16650 )
...
Bumps [rails](https://github.com/rails/rails ) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases )
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1 )
---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-26 01:39:55 +09:00
28796d1342
Fix follow request count to dynamically update ( #16652 )
2021-08-25 17:46:29 +02:00
eb30899df2
Fix undefined variable for Auth::OmniauthCallbacksController ( #16654 )
...
The addition of authentication history broke the omniauth login with
the following error:
method=GET path=/auth/auth/cas/callback format=html
controller=Auth::OmniauthCallbacksController action=cas status=500
error='NameError: undefined local variable or method `user' for
#<Auth::OmniauthCallbacksController:0x00000000036290>
Did you mean? @user' duration=435.93 view=0.00 db=36.19
* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
name to `@user`
2021-08-25 17:40:56 +02:00
9c6cecb7a9
Bump eslint-plugin-import from 2.24.0 to 2.24.1 ( #16635 )
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:53 +09:00
3f2ddcda8a
Bump ws from 8.1.0 to 8.2.0 ( #16636 )
...
Bumps [ws](https://github.com/websockets/ws ) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0 )
---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:38 +09:00
4cfa969d71
Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 ( #16590 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 22:03:23 +09:00
8965ccd208
Fix “discoverable” account setting being tied to profile directory ( #16637 )
2021-08-20 16:11:58 +02:00
4f1a4dbd74
Make sure nginx always send HSTS header ( #16633 )
...
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308
As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.
Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
2021-08-20 10:54:11 +01:00
b48cd23cf3
Add tests for SuspendAccountService and UnsuspendAccountService ( #16627 )
...
* Add tests for SuspendAccountService
* Add tests for UnsuspendAccountService
2021-08-20 10:53:33 +01:00
39076399f9
Bump rspec-rails from 5.0.1 to 5.0.2 ( #16622 )
...
Bumps [rspec-rails](https://github.com/rspec/rspec-rails ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/rspec/rspec-rails/releases )
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md )
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.1...v5.0.2 )
---
updated-dependencies:
- dependency-name: rspec-rails
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20 18:48:39 +09:00
e4055a1f10
Bump sass from 1.37.0 to 1.38.0 ( #16623 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.37.0...1.38.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20 18:48:25 +09:00
Claire