Commit Graph

11128 Commits (f52e8d466371e69a24dab59c453416d9630c4959)

Author SHA1 Message Date
dependabot[bot] a6360a47d5 Bump aws-sdk-s3 from 1.111.1 to 1.111.3 (#17368)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.111.1 to 1.111.3.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:46:52 +09:00
dependabot[bot] e23ac7533c Bump bootsnap from 1.10.1 to 1.10.2 (#17367)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.10.1...v1.10.2)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:45:45 +09:00
dependabot[bot] 7a153d7e73 Bump node-fetch from 2.6.1 to 2.6.7 (#17366)
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:44:01 +09:00
dependabot[bot] babd992684 Bump nanoid from 3.1.23 to 3.2.0 (#17342)
Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.23 to 3.2.0.
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ai/nanoid/compare/3.1.23...3.2.0)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:41:22 +09:00
dependabot[bot] cdbb032e21 Bump @babel/preset-env from 7.16.8 to 7.16.11 (#17358)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.16.8 to 7.16.11.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.16.11/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:39:43 +09:00
dependabot[bot] 2a3e637e56 Bump rubocop from 1.24.1 to 1.25.0 (#17322)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.24.1...v1.25.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:39:08 +09:00
dependabot[bot] e3d7ed2139 Bump @babel/core from 7.16.7 to 7.16.12 (#17360)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.16.7 to 7.16.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.16.12/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:34:55 +09:00
dependabot[bot] c4647b48d2 Bump rails from 6.1.4.1 to 6.1.4.4 (#17159)
* Bump rails from 6.1.4.1 to 6.1.4.4

Bumps [rails](https://github.com/rails/rails) from 6.1.4.1 to 6.1.4.4.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.4.1...v6.1.4.4)

---
updated-dependencies:
- dependency-name: rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Revert marcel to 1.0.1

Avoid some regression that need to be investigated

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-01-25 20:34:37 +09:00
Wonderfall 85389ddd45 disable legacy XSS filtering (#17289)
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
2022-01-24 13:14:26 +01:00
Claire d045ba2add Fix link_to_login argument handling when a block is passed (#17345) 2022-01-24 03:29:03 +01:00
Claire e92ac5b769 Fix error-prone SQL queries (#15828)
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-01-23 18:10:10 +01:00
Claire 41d64ee271 Change `percent` to `rate` in retention metrics API (#16910) 2022-01-23 16:01:25 +01:00
Claire 06f653972a Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN

Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.

* Add OMNIAUTH_ONLY environment variable to enforce external log-in only

* Disable user registration when OMNIAUTH_ONLY is set to true

* Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-23 15:52:58 +01:00
Claire 12bb24ea35 Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)
Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
2022-01-23 15:50:41 +01:00
Claire 8114f4208f Remove leftover database columns from Devise::Models::Rememberable (#17191)
* Remove leftover database columns from Devise::Models::Rememberable

* Update fix-duplication maintenance script

* Improve errors/warnings in the fix-duplicates maintenance script
2022-01-23 15:46:30 +01:00
Claire 12e087568d Remove old duplicate index (#17245)
Some Mastodon versions (v1.1 and v1.2) had a duplicate index in `db/schema.rb`
without any migration script creating it. #2224 (included in v1.3) removed the
duplicate index from the file but did not provide a migration script to remove
it.

This means that any instance that was installed from v1.1 or v1.2's source code
has a duplicate index and a corresponding warning in PgHero. Instances set up
using an earlier or later Mastodon version do not have this issue.

This PR removes the duplicate index if it is present.
2022-01-23 13:53:58 +01:00
Claire 335049cc33 Fix text being incorrectly pre-selected in composer textarea on /share (#17339)
Fixes #17295
2022-01-20 20:56:21 +01:00
Claire efd2f303fe Change mastodon:webpush:generate_vapid_key task to not require functional env (#17338)
Fixes #17297
2022-01-20 14:51:23 +01:00
Claire 68a9057420 Add post edited notice in admin and public UIs (#17335)
* Add edited toot flag on public pages

* Add toot edit flag to admin pages
2022-01-20 13:37:31 +01:00
Eugen Rochko a427958026 Fix error when using raw distribution worker (#17334)
Regression from #16697
2022-01-19 23:05:59 +01:00
Eugen Rochko bfbfbf5032 Fix error when processing poll updates (#17333)
Regression from #16697
2022-01-19 22:50:01 +01:00
Eugen Rochko 06b698a723 Add support for editing for published statuses (#16697)
* Add support for editing for published statuses

* Fix references to stripped-out code

* Various fixes and improvements

* Further fixes and improvements

* Fix updates being potentially sent to unauthorized recipients

* Various fixes and improvements

* Fix wrong words in test

* Fix notifying accounts that were tagged but were not in the audience

* Fix mistake
2022-01-19 22:37:27 +01:00
Jeong Arm be15674215 Fix NameError on ActivityPub::FetchFeaturedCollectionService (#17326)
Related: #16954
2022-01-19 04:08:46 +01:00
dependabot[bot] 1eeed9357a Bump json-ld from 3.1.10 to 3.2.0 (#17224)
Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.10 to 3.2.0.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.10...3.2.0)

---
updated-dependencies:
- dependency-name: json-ld
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:12:01 +09:00
dependabot[bot] 14a82cadc5 Bump thor from 1.1.0 to 1.2.1 (#17250)
Bumps [thor](https://github.com/rails/thor) from 1.1.0 to 1.2.1.
- [Release notes](https://github.com/rails/thor/releases)
- [Commits](https://github.com/rails/thor/compare/v1.1.0...v1.2.1)

---
updated-dependencies:
- dependency-name: thor
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:07:37 +09:00
dependabot[bot] 98ab5025d7 Bump nokogiri from 1.12.5 to 1.13.1 (#17306)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.5...v1.13.1)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:06:17 +09:00
dependabot[bot] 2e46fca321 Bump aws-sdk-s3 from 1.109.0 to 1.111.1 (#17277)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.109.0 to 1.111.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:04:34 +09:00
dependabot[bot] 1a57293853 Bump prop-types from 15.7.2 to 15.8.1 (#17278)
Bumps [prop-types](https://github.com/facebook/prop-types) from 15.7.2 to 15.8.1.
- [Release notes](https://github.com/facebook/prop-types/releases)
- [Changelog](https://github.com/facebook/prop-types/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/prop-types/compare/v15.7.2...v15.8.1)

---
updated-dependencies:
- dependency-name: prop-types
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:04:24 +09:00
dependabot[bot] 85d321a874 Bump ed25519 from 1.2.4 to 1.3.0 (#17310)
Bumps [ed25519](https://github.com/RubyCrypto/ed25519) from 1.2.4 to 1.3.0.
- [Release notes](https://github.com/RubyCrypto/ed25519/releases)
- [Changelog](https://github.com/RubyCrypto/ed25519/blob/main/CHANGES.md)
- [Commits](https://github.com/RubyCrypto/ed25519/compare/v1.2.4...v1.3.0)

---
updated-dependencies:
- dependency-name: ed25519
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:04:11 +09:00
dependabot[bot] e6eb819c82 Bump bootsnap from 1.9.3 to 1.10.1 (#17311)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.9.3 to 1.10.1.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.9.3...v1.10.1)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:03:28 +09:00
dependabot[bot] 8f003bdd12 Bump sass from 1.45.2 to 1.48.0 (#17315)
Bumps [sass](https://github.com/sass/dart-sass) from 1.45.2 to 1.48.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.45.2...1.48.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 11:01:18 +09:00
dependabot[bot] d52ace97d8 Bump babel-jest from 27.4.5 to 27.4.6 (#17280)
Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 27.4.5 to 27.4.6.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v27.4.6/packages/babel-jest)

---
updated-dependencies:
- dependency-name: babel-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 10:53:39 +09:00
dependabot[bot] eddf6cf98c Bump @babel/plugin-transform-runtime from 7.16.7 to 7.16.8 (#17314)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.16.7 to 7.16.8.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.16.8/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 10:53:26 +09:00
dependabot[bot] 932432f699 Bump ws from 8.3.0 to 8.4.2 (#17318)
Bumps [ws](https://github.com/websockets/ws) from 8.3.0 to 8.4.2.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.3.0...8.4.2)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 10:53:12 +09:00
dependabot[bot] 48e6932d85 Bump rubocop-rails from 2.13.0 to 2.13.2 (#17321)
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.13.0 to 2.13.2.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.13.0...v2.13.2)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 10:53:03 +09:00
dependabot[bot] 0b8498bb76 Bump redis from 4.0.1 to 4.0.2 (#17309)
Bumps [redis](https://github.com/redis/node-redis) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@4.0.1...redis@4.0.2)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:39:12 +09:00
dependabot[bot] b3c5df6f94 Bump bullet from 7.0.0 to 7.0.1 (#17312)
Bumps [bullet](https://github.com/flyerhzm/bullet) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/flyerhzm/bullet/releases)
- [Changelog](https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flyerhzm/bullet/compare/7.0.0...7.0.1)

---
updated-dependencies:
- dependency-name: bullet
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:38:54 +09:00
dependabot[bot] df0062fe17 Bump react-select from 5.2.1 to 5.2.2 (#17313)
Bumps [react-select](https://github.com/JedWatson/react-select) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@5.2.1...react-select@5.2.2)

---
updated-dependencies:
- dependency-name: react-select
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:38:45 +09:00
dependabot[bot] 6b84857bc3 Bump @babel/preset-env from 7.16.7 to 7.16.8 (#17317)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.16.7 to 7.16.8.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.16.8/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:38:12 +09:00
dependabot[bot] 88ed1fd327 Bump pkg-config from 1.4.6 to 1.4.7 (#17307)
Bumps [pkg-config](https://github.com/ruby-gnome/pkg-config) from 1.4.6 to 1.4.7.
- [Release notes](https://github.com/ruby-gnome/pkg-config/releases)
- [Changelog](https://github.com/ruby-gnome/pkg-config/blob/master/NEWS)
- [Commits](https://github.com/ruby-gnome/pkg-config/compare/1.4.6...1.4.7)

---
updated-dependencies:
- dependency-name: pkg-config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:36:39 +09:00
dependabot[bot] b19e6957fe Bump active_model_serializers from 0.10.12 to 0.10.13 (#17305)
Bumps [active_model_serializers](https://github.com/rails-api/active_model_serializers) from 0.10.12 to 0.10.13.
- [Release notes](https://github.com/rails-api/active_model_serializers/releases)
- [Changelog](https://github.com/rails-api/active_model_serializers/blob/v0.10.13/CHANGELOG.md)
- [Commits](https://github.com/rails-api/active_model_serializers/compare/v0.10.12...v0.10.13)

---
updated-dependencies:
- dependency-name: active_model_serializers
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:36:22 +09:00
dependabot[bot] 41c89621b8 Bump follow-redirects from 1.14.4 to 1.14.7 (#17285)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.7)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:36:11 +09:00
dependabot[bot] c6308084dc Bump jest from 27.4.5 to 27.4.7 (#17279)
Bumps [jest](https://github.com/facebook/jest) from 27.4.5 to 27.4.7.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/compare/v27.4.5...v27.4.7)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:35:31 +09:00
dependabot[bot] d31ad5641d Bump rspec_junit_formatter from 0.5.0 to 0.5.1 (#17275)
Bumps [rspec_junit_formatter](https://github.com/sj26/rspec_junit_formatter) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/sj26/rspec_junit_formatter/releases)
- [Changelog](https://github.com/sj26/rspec_junit_formatter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sj26/rspec_junit_formatter/compare/v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: rspec_junit_formatter
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:35:15 +09:00
dependabot[bot] 25658e80ee Bump rubocop-rails from 2.13.0 to 2.13.1 (#17274)
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.13.0 to 2.13.1.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.13.0...v2.13.1)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:35:02 +09:00
dependabot[bot] 8816108ca1 Bump scenic from 1.5.4 to 1.5.5 (#17193)
Bumps [scenic](https://github.com/scenic-views/scenic) from 1.5.4 to 1.5.5.
- [Release notes](https://github.com/scenic-views/scenic/releases)
- [Changelog](https://github.com/scenic-views/scenic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/scenic-views/scenic/compare/v1.5.4...v1.5.5)

---
updated-dependencies:
- dependency-name: scenic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:34:45 +09:00
Claire 833a5e4e52 Fix `pinned` attribute not being set for private self-posts (#17304) 2022-01-17 11:59:46 +01:00
Eugen Rochko 2fb76550a9 Add notifications for statuses deleted by moderators (#17204) 2022-01-17 09:41:33 +01:00
Claire 5aade2baac Add support for private pinned posts (#16954)
* Add support for private pinned toots

* Allow local user to pin private toots

* Change wording to avoid "direct message"
2022-01-17 00:49:55 +01:00
Claire 928890bd38 Fix admin interface crash when displaying deleted user (#17301) 2022-01-16 20:57:37 +01:00