Merge pull request 'Incorporate glitch changes as of 2023-07-06' (#62 ) from test-merge-2023-07-04 into main

Reviewed-on: #62
th: Merge remote-tracking branch 'glitch/main'
2023-07-06 20:27:32 +00:00 · 2023-07-06 12:12:21 -07:00 · 2023-07-06 15:21:10 +02:00 · 2023-07-06 15:16:34 +02:00 · 2023-07-06 15:14:42 +02:00 · 2023-07-06 15:06:49 +02:00
1892 changed files with 41307 additions and 31636 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -1,5 +1,5 @@
 # For details, see https://github.com/devcontainers/images/tree/main/src/ruby
-FROM mcr.microsoft.com/devcontainers/ruby:0-3.2-bullseye
+FROM mcr.microsoft.com/devcontainers/ruby:1-3.2-bullseye

 # Install Rails
 # RUN gem install rails webdrivers
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@ -69,7 +69,7 @@ services:
        hard: -1

  libretranslate:
-    image: libretranslate/libretranslate:v1.3.10
+    image: libretranslate/libretranslate:v1.3.11
    restart: unless-stopped
    volumes:
      - lt-data:/home/libretranslate/.local
--- a/.env.development
+++ b/.env.development
@ -5,3 +5,5 @@ DB_HOST=$(pwd)/data/postgres
 DB_USER=mastodon
 DB_NAME=mastodon_dev
 REDIS_URL=unix://./data/redis/redis-dev.sock
+
+TH_USE_INVITE_QUOTA=1
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -4,10 +4,12 @@ module.exports = {
  extends: [
    'eslint:recommended',
    'plugin:react/recommended',
+    'plugin:react-hooks/recommended',
    'plugin:jsx-a11y/recommended',
    'plugin:import/recommended',
    'plugin:promise/recommended',
    'plugin:jsdoc/recommended',
+    'plugin:prettier/recommended',
  ],

  env: {
@ -53,28 +55,14 @@ module.exports = {
      '\\.(css|scss|json)$',
    ],
    'import/resolver': {
-      node: {
-        paths: ['app/javascript'],
-        extensions: ['.js', '.jsx', '.ts', '.tsx'],
-      },
+      typescript: {},
    },
  },

  rules: {
-    'brace-style': 'warn',
-    'comma-dangle': ['error', 'always-multiline'],
-    'comma-spacing': [
-      'warn',
-      {
-        before: false,
-        after: true,
-      },
-    ],
-    'comma-style': ['warn', 'last'],
    'consistent-return': 'error',
    'dot-notation': 'error',
    eqeqeq: ['error', 'always', { 'null': 'ignore' }],
-    indent: ['warn', 2],
    'jsx-quotes': ['error', 'prefer-single'],
    'no-case-declarations': 'off',
    'no-catch-shadow': 'error',
@ -93,8 +81,16 @@ module.exports = {
      { property: 'substring', message: 'Use .slice instead of .substring.' },
      { property: 'substr', message: 'Use .slice instead of .substr.' },
    ],
+    'no-restricted-syntax': [
+      'error',
+      {
+        // eslint-disable-next-line no-restricted-syntax
+        selector: 'Literal[value=/•/], JSXText[value=/•/]',
+        // eslint-disable-next-line no-restricted-syntax
+        message: "Use '·' (middle dot) instead of '•' (bullet)",
+      },
+    ],
    'no-self-assign': 'off',
-    'no-trailing-spaces': 'warn',
    'no-unused-expressions': 'error',
    'no-unused-vars': 'off',
    '@typescript-eslint/no-unused-vars': [
@ -102,34 +98,26 @@ module.exports = {
      {
        vars: 'all',
        args: 'after-used',
+        destructuredArrayIgnorePattern: '^_',
        ignoreRestSiblings: true,
      },
    ],
-    'object-curly-spacing': ['error', 'always'],
-    'padded-blocks': [
-      'error',
-      {
-        classes: 'always',
-      },
-    ],
-    quotes: ['error', 'single'],
-    semi: 'error',
    'valid-typeof': 'error',

    'react/jsx-filename-extension': ['error', { extensions: ['.jsx', 'tsx'] }],
    'react/jsx-boolean-value': 'error',
-    'react/jsx-closing-bracket-location': ['error', 'line-aligned'],
-    'react/jsx-curly-spacing': 'error',
    'react/display-name': 'off',
+    'react/jsx-fragments': ['error', 'syntax'],
    'react/jsx-equals-spacing': 'error',
-    'react/jsx-first-prop-new-line': ['error', 'multiline-multiprop'],
-    'react/jsx-indent': ['error', 2],
    'react/jsx-no-bind': 'error',
+    'react/jsx-no-useless-fragment': 'error',
    'react/jsx-no-target-blank': 'off',
    'react/jsx-tag-spacing': 'error',
+    'react/jsx-uses-react': 'off', // not needed with new JSX transform
    'react/jsx-wrap-multilines': 'error',
    'react/no-deprecated': 'off',
    'react/no-unknown-property': 'off',
+    'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
    'react/self-closing-comp': 'error',

    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/src/index.js
@ -192,11 +180,14 @@ module.exports = {
      {
        js: 'never',
        jsx: 'never',
+        mjs: 'never',
        ts: 'never',
        tsx: 'never',
      },
    ],
+    'import/first': 'error',
    'import/newline-after-import': 'error',
+    'import/no-anonymous-default-export': 'error',
    'import/no-extraneous-dependencies': [
      'error',
      {
@ -208,8 +199,63 @@ module.exports = {
        ],
      },
    ],
+    'import/no-amd': 'error',
+    'import/no-commonjs': 'error',
+    'import/no-import-module-exports': 'error',
+    'import/no-relative-packages': 'error',
+    'import/no-self-import': 'error',
+    'import/no-useless-path-segments': 'error',
    'import/no-webpack-loader-syntax': 'error',

+    'import/order': [
+      'error',
+      {
+        alphabetize: { order: 'asc' },
+        'newlines-between': 'always',
+        groups: [
+          'builtin',
+          'external',
+          'internal',
+          'parent',
+          ['index', 'sibling'],
+          'object',
+        ],
+        pathGroups: [
+          // React core packages
+          {
+            pattern: '{react,react-dom,react-dom/client,prop-types}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // I18n
+          {
+            pattern: '{react-intl,intl-messageformat}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // Common React utilities
+          {
+            pattern: '{classnames,react-helmet,react-router-dom}',
+            group: 'external',
+            position: 'before',
+          },
+          // Immutable / Redux / data store
+          {
+            pattern: '{immutable,react-redux,react-immutable-proptypes,react-immutable-pure-component,reselect}',
+            group: 'external',
+            position: 'before',
+          },
+          // Internal packages
+          {
+            pattern: '{mastodon/**,flavours/glitch-soc/**}',
+            group: 'internal',
+            position: 'after',
+          },
+        ],
+        pathGroupsExcludedImportTypes: [],
+      },
+    ],
+
    'promise/always-return': 'off',
    'promise/catch-or-return': [
      'error',
@ -255,6 +301,8 @@ module.exports = {
        '*.config.js',
        '.*rc.js',
        'ide-helper.js',
+        'config/webpack/**/*',
+        'config/formatjs-formatter.js',
      ],

      env: {
@ -264,6 +312,10 @@ module.exports = {
      parserOptions: {
        sourceType: 'script',
      },
+
+      rules: {
+        'import/no-commonjs': 'off',
+      },
    },
    {
      files: [
@ -274,18 +326,39 @@ module.exports = {
      extends: [
        'eslint:recommended',
        'plugin:@typescript-eslint/recommended',
+        'plugin:@typescript-eslint/recommended-requiring-type-checking',
        'plugin:react/recommended',
+        'plugin:react-hooks/recommended',
        'plugin:jsx-a11y/recommended',
        'plugin:import/recommended',
        'plugin:import/typescript',
        'plugin:promise/recommended',
-        'plugin:jsdoc/recommended',
+        'plugin:jsdoc/recommended-typescript',
+        'plugin:prettier/recommended',
      ],

+      parserOptions: {
+        project: './tsconfig.json',
+        tsconfigRootDir: __dirname,
+      },
+
      rules: {
-        '@typescript-eslint/no-explicit-any': 'off',
+        'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],
+
+        '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
+        '@typescript-eslint/consistent-type-exports': 'error',
+        '@typescript-eslint/consistent-type-imports': 'error',

        'jsdoc/require-jsdoc': 'off',
+
+        // Those rules set stricter rules for TS files
+        // to enforce better practices when converting from JS
+        'import/no-default-export': 'warn',
+        'react/prefer-stateless-function': 'warn',
+        'react/function-component-definition': ['error', { namedComponents: 'arrow-function' }],
+        'react/jsx-uses-react': 'off', // not needed with new JSX transform
+        'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
+        'react/prop-types': 'off',
      },
    },
    {
@ -298,5 +371,13 @@ module.exports = {
        jest: true,
      },
    },
+    {
+      files: [
+        'streaming/**/*',
+      ],
+      rules: {
+        'import/no-commonjs': 'off',
+      },
+    },
  ],
 };
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -0,0 +1,114 @@
+{
+  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+  extends: [
+    'config:base',
+    ':dependencyDashboard',
+    ':labels(dependencies)',
+    ':maintainLockFilesMonthly', // update non-direct dependencies monthly
+    ':prConcurrentLimit10', // only 10 open PRs at the same time
+  ],
+  stabilityDays: 3, // Wait 3 days after the package has been published before upgrading it
+  // packageRules order is important, they are applied from top to bottom and are merged,
+  // so for example grouping rules needs to be at the bottom
+  packageRules: [
+    {
+      // Ignore major version bumps for these node packages
+      matchManagers: ['npm'],
+      matchPackageNames: [
+        '@rails/ujs', // Needs to match the major Rails version
+        'tesseract.js', // Requires code changes
+        'react-hotkeys', // Requires code changes
+
+        // Requires Webpacker upgrade or replacement
+        '@types/webpack',
+        'babel-loader',
+        'compression-webpack-plugin',
+        'css-loader',
+        'imports-loader',
+        'mini-css-extract-plugin',
+        'postcss-loader',
+        'sass-loader',
+        'terser-webpack-plugin',
+        'webpack',
+        'webpack-assets-manifest',
+        'webpack-bundle-analyzer',
+        'webpack-dev-server',
+        'webpack-cli',
+
+        // react-router: Requires manual upgrade
+        'history',
+        'react-router-dom',
+      ],
+      matchUpdateTypes: ['major'],
+      enabled: false,
+    },
+    {
+      // Ignore major version bumps for these Ruby packages
+      matchManagers: ['bundler'],
+      matchPackageNames: [
+        'sprockets', // Requires manual upgrade https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
+        'strong_migrations', // Requires manual upgrade
+        'sidekiq', // Requires manual upgrade
+        'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version
+        'redis', // Requires manual upgrade and sync with Sidekiq version
+        'fog-openstack', // TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964
+
+        // Needs major Rails version bump
+        'rack',
+        'rails',
+        'rails-i18n',
+      ],
+      matchUpdateTypes: ['major'],
+      enabled: false,
+    },
+    {
+      // Update Github Actions and Docker images weekly
+      matchManagers: ['github-actions', 'dockerfile', 'docker-compose'],
+      extends: ['schedule:weekly'],
+    },
+    {
+      // Ignore major & minor bumps for the ruby image, this needs to be synced with .ruby-version
+      matchManagers: ['dockerfile'],
+      matchPackageNames: ['moritzheiber/ruby-jemalloc'],
+      matchUpdateTypes: ['minor', 'major'],
+      enabled: false,
+    },
+    {
+      // Ignore major bump for the node image, this needs to be synced with .nvmrc
+      matchManagers: ['dockerfile'],
+      matchPackageNames: ['node'],
+      matchUpdateTypes: ['major'],
+      enabled: false,
+    },
+    {
+      // Ignore major postgres bumps in the docker-compose file, as those break dev environments
+      matchManagers: ['docker-compose'],
+      matchPackageNames: ['postgres'],
+      matchUpdateTypes: ['major'],
+      enabled: false,
+    },
+    {
+      // Update devDependencies every week, with one grouped PR
+      matchDepTypes: 'devDependencies',
+      matchUpdateTypes: ['patch', 'minor'],
+      excludePackageNames: [
+        'typescript', // Typescript has many changes in minor versions, needs to be checked every time
+      ],
+      groupName: 'devDependencies (non-major)',
+      extends: ['schedule:weekly'],
+    },
+    {
+      // Update @types/* packages every week, with one grouped PR
+      matchPackagePrefixes: '@types/',
+      matchUpdateTypes: ['patch', 'minor'],
+      groupName: 'DefinitelyTyped types (non-major)',
+      extends: ['schedule:weekly'],
+      addLabels: ['typescript'],
+    },
+    // Add labels depending on package manager
+    { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] },
+    { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] },
+    { matchManagers: ['docker-compose', 'dockerfile'], addLabels: ['docker'] },
+    { matchManagers: ['github-actions'], addLabels: ['github_actions'] },
+  ],
+}
--- a/.github/workflows/check-i18n.yml
+++ b/.github/workflows/check-i18n.yml
@ -41,8 +41,7 @@ jobs:

      - name: Check for missing strings in English JSON
        run: |
-          yarn build:development
-          yarn manage:translations en
+          yarn i18n:extract --throws
          git diff --exit-code

      - name: Check locale file normalization
--- a/.github/workflows/lint-css.yml
+++ b/.github/workflows/lint-css.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
@ -48,4 +49,4 @@ jobs:
      - run: echo "::add-matcher::.github/stylelint-matcher.json"

      - name: Stylelint
-        run: yarn test:lint:sass
+        run: yarn lint:sass
--- a/.github/workflows/lint-haml.yml
+++ b/.github/workflows/lint-haml.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - '.github/workflows/haml-lint-problem-matcher.json'
      - '.github/workflows/lint-haml.yml'
--- a/.github/workflows/lint-js.yml
+++ b/.github/workflows/lint-js.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
@ -48,7 +49,7 @@ jobs:
        run: yarn --frozen-lockfile

      - name: ESLint
-        run: yarn test:lint:js --max-warnings 0
+        run: yarn lint:js --max-warnings 0

      - name: Typecheck
-        run: yarn test:typecheck
+        run: yarn typecheck
--- a/.github/workflows/lint-json.yml
+++ b/.github/workflows/lint-json.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
@ -40,4 +41,4 @@ jobs:
        run: yarn --frozen-lockfile

      - name: Prettier
-        run: yarn prettier --check "**/*.json"
+        run: yarn lint:json
--- a/.github/workflows/lint-md.yml
+++ b/.github/workflows/lint-md.yml
@ -3,8 +3,10 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - '.github/workflows/lint-md.yml'
+      - '.nvmrc'
      - '.prettier*'
      - '**/*.md'
      - '!AUTHORS.md'
@ -14,6 +16,7 @@ on:
  pull_request:
    paths:
      - '.github/workflows/lint-md.yml'
+      - '.nvmrc'
      - '.prettier*'
      - '**/*.md'
      - '!AUTHORS.md'
@ -32,9 +35,10 @@ jobs:
        uses: actions/setup-node@v3
        with:
          cache: yarn
+          node-version-file: '.nvmrc'

      - name: Install all yarn packages
        run: yarn --frozen-lockfile

      - name: Prettier
-        run: yarn prettier --check "**/*.md"
+        run: yarn lint:md
--- a/.github/workflows/lint-ruby.yml
+++ b/.github/workflows/lint-ruby.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - 'Gemfile*'
      - '.rubocop*.yml'
--- a/.github/workflows/lint-yml.yml
+++ b/.github/workflows/lint-yml.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
@ -42,4 +43,4 @@ jobs:
        run: yarn --frozen-lockfile

      - name: Prettier
-        run: yarn prettier --check "**/*.{yml,yaml}"
+        run: yarn lint:yml
--- a/.github/workflows/rebase-needed.yml
+++ b/.github/workflows/rebase-needed.yml
@ -4,10 +4,12 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
      - 'l10n_main'
  pull_request_target:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
      - 'l10n_main'
    types: [synchronize]

--- a/.github/workflows/test-js.yml
+++ b/.github/workflows/test-js.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
@ -44,4 +45,4 @@ jobs:
        run: yarn --frozen-lockfile

      - name: Jest testing
-        run: yarn test:jest --reporters github-actions summary
+        run: yarn jest --reporters github-actions summary
--- a/.github/workflows/test-migrations-one-step.yml
+++ b/.github/workflows/test-migrations-one-step.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
  pull_request:

 jobs:
@ -23,9 +24,17 @@ jobs:
    needs: pre_job
    if: needs.pre_job.outputs.should_skip != 'true'

+    strategy:
+      fail-fast: false
+
+      matrix:
+        postgres:
+          - 14-alpine
+          - 15-alpine
+
    services:
      postgres:
-        image: postgres:14-alpine
+        image: postgres:${{ matrix.postgres}}
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
--- a/.github/workflows/test-migrations-two-step.yml
+++ b/.github/workflows/test-migrations-two-step.yml
@ -3,6 +3,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
  pull_request:

 jobs:
@ -23,9 +24,17 @@ jobs:
    needs: pre_job
    if: needs.pre_job.outputs.should_skip != 'true'

+    strategy:
+      fail-fast: false
+
+      matrix:
+        postgres:
+          - 14-alpine
+          - 15-alpine
+
    services:
      postgres:
-        image: postgres:14-alpine
+        image: postgres:${{ matrix.postgres}}
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
--- a/.github/workflows/test-ruby.yml
+++ b/.github/workflows/test-ruby.yml
@ -4,6 +4,7 @@ on:
  push:
    branches-ignore:
      - 'dependabot/**'
+      - 'renovate/**'
  pull_request:

 env:
--- a/.haml-lint.yml
+++ b/.haml-lint.yml
@ -4,6 +4,11 @@ exclude:
  - 'vendor/**/*'
  - lib/templates/haml/scaffold/_form.html.haml

+require:
+  - ./lib/linter/haml_middle_dot.rb
+
 linters:
  AltText:
    enabled: true
+  MiddleDot:
+    enabled: true
--- a/.prettierignore
+++ b/.prettierignore
@ -61,7 +61,7 @@ docker-compose.override.yml
 /app/javascript/mastodon/features/emoji/emoji_map.json

 # Ignore locale files
-/app/javascript/mastodon/locales
+/app/javascript/mastodon/locales/*.json
 /config/locales

 # Ignore vendored CSS reset
@ -70,8 +70,6 @@ app/javascript/styles/mastodon/reset.scss
 # Ignore Javascript pending https://github.com/mastodon/mastodon/pull/23631
 *.js
 *.jsx
-*.ts
-*.tsx

 # Ignore HTML till cleaned and included in CI
 *.html
--- a/.prettierrc.js
+++ b/.prettierrc.js
@ -1,3 +1,4 @@
 module.exports = {
-  singleQuote: true
+  singleQuote: true,
+  jsxSingleQuote: true
 }
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -11,6 +11,7 @@ require:
  - rubocop-rspec
  - rubocop-performance
  - rubocop-capybara
+  - ./lib/linter/rubocop_middle_dot

 AllCops:
  TargetRubyVersion: 3.0 # Set to minimum supported version of CI
@ -43,7 +44,7 @@ Layout/LineLength:
    - !ruby/regexp / \# .*$/
    - !ruby/regexp /^\# .*$/
  Exclude:
-    - lib/**/*cli*.rb
+    - 'lib/mastodon/cli/*.rb'
    - db/*migrate/**/*
    - db/seeds/**/*

@ -53,113 +54,52 @@ Lint/UselessAccessModifier:
  ContextCreatingMethods:
    - class_methods

+## Disable most Metrics/*Length cops
+# Reason: those are often triggered and force significant refactors when this happend
+#         but the team feel they are not really improving the code quality.
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocklength
+Metrics/BlockLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsclasslength
+Metrics/ClassLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmethodlength
+Metrics/MethodLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmodulelength
+Metrics/ModuleLength:
+  Enabled: false
+
+## End Disable Metrics/*Length cops
+
 # Reason: Currently disabled in .rubocop_todo.yml
 # https://docs.rubocop.org/rubocop/cops_metrics.html#metricsabcsize
 Metrics/AbcSize:
  Exclude:
-    - 'lib/**/*cli*.rb'
+    - 'lib/mastodon/cli/*.rb'
    - db/*migrate/**/*

-# Reason: Some functions cannot be broken up, but others may be refactor candidates
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocklength
-Metrics/BlockLength:
-  CountAsOne: ['array', 'hash', 'heredoc', 'method_call']
-  Exclude:
-    - 'config/routes.rb'
-    - 'lib/mastodon/*_cli.rb'
-    - 'lib/tasks/*.rake'
-    - 'app/models/concerns/account_associations.rb'
-    - 'app/models/concerns/account_interactions.rb'
-    - 'app/models/concerns/ldap_authenticable.rb'
-    - 'app/models/concerns/omniauthable.rb'
-    - 'app/models/concerns/pam_authenticable.rb'
-    - 'app/models/concerns/remotable.rb'
-    - 'app/services/suspend_account_service.rb'
-    - 'app/services/unsuspend_account_service.rb'
-    - 'app/views/accounts/show.rss.ruby'
-    - 'app/views/tags/show.rss.ruby'
-    - 'config/environments/development.rb'
-    - 'config/environments/production.rb'
-    - 'config/initializers/devise.rb'
-    - 'config/initializers/doorkeeper.rb'
-    - 'config/initializers/omniauth.rb'
-    - 'config/initializers/simple_form.rb'
-    - 'config/navigation.rb'
-    - 'config/routes.rb'
-    - 'config/routes/*.rb'
-    - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
-    - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
-    - 'lib/paperclip/gif_transcoder.rb'
-
 # Reason:
 # https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocknesting
 Metrics/BlockNesting:
  Exclude:
-    - 'lib/mastodon/*_cli.rb'
-
-# Reason: Some Excluded files would be candidates for refactoring but not currently addressed
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsclasslength
-Metrics/ClassLength:
-  CountAsOne: ['array', 'hash', 'heredoc', 'method_call']
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
-    - 'app/controllers/admin/accounts_controller.rb'
-    - 'app/controllers/api/base_controller.rb'
-    - 'app/controllers/api/v1/admin/accounts_controller.rb'
-    - 'app/controllers/application_controller.rb'
-    - 'app/controllers/auth/registrations_controller.rb'
-    - 'app/controllers/auth/sessions_controller.rb'
-    - 'app/lib/activitypub/activity.rb'
-    - 'app/lib/activitypub/activity/create.rb'
-    - 'app/lib/activitypub/tag_manager.rb'
-    - 'app/lib/feed_manager.rb'
-    - 'app/lib/link_details_extractor.rb'
-    - 'app/lib/request.rb'
-    - 'app/lib/text_formatter.rb'
-    - 'app/lib/user_settings_decorator.rb'
-    - 'app/mailers/user_mailer.rb'
-    - 'app/models/account.rb'
-    - 'app/models/admin/account_action.rb'
-    - 'app/models/form/account_batch.rb'
-    - 'app/models/media_attachment.rb'
-    - 'app/models/status.rb'
-    - 'app/models/tag.rb'
-    - 'app/models/user.rb'
-    - 'app/serializers/activitypub/actor_serializer.rb'
-    - 'app/serializers/activitypub/note_serializer.rb'
-    - 'app/serializers/rest/status_serializer.rb'
-    - 'app/services/account_search_service.rb'
-    - 'app/services/activitypub/process_account_service.rb'
-    - 'app/services/activitypub/process_status_update_service.rb'
-    - 'app/services/backup_service.rb'
-    - 'app/services/bulk_import_service.rb'
-    - 'app/services/delete_account_service.rb'
-    - 'app/services/fan_out_on_write_service.rb'
-    - 'app/services/fetch_link_card_service.rb'
-    - 'app/services/import_service.rb'
-    - 'app/services/notify_service.rb'
-    - 'app/services/post_status_service.rb'
-    - 'app/services/update_status_service.rb'
-    - 'lib/paperclip/color_extractor.rb'
+    - 'lib/mastodon/cli/*.rb'

 # Reason: Currently disabled in .rubocop_todo.yml
 # https://docs.rubocop.org/rubocop/cops_metrics.html#metricscyclomaticcomplexity
 Metrics/CyclomaticComplexity:
  Exclude:
-    - lib/mastodon/*cli*.rb
+    - lib/mastodon/cli/*.rb
    - db/*migrate/**/*

-# Reason: Currently disabled in .rubocop_todo.yml
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmethodlength
-Metrics/MethodLength:
-  CountAsOne: [array, heredoc]
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
-
 # Reason:
-# https://docs.rubocop.org/rubocop/cops_style.html#stylerescuestandarderror
-Metrics/ModuleLength:
-  CountAsOne: [array, heredoc]
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsparameterlists
+Metrics/ParameterLists:
+  CountKeywordArgs: false

 # Reason: Prevailing style is argument file paths
 # https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsfilepath
@ -171,13 +111,12 @@ Rails/FilePath:
 Rails/HttpStatus:
  EnforcedStyle: numeric

-# Reason: Allowed only in the `tootctl` CLI application code
+# Reason: Allowed in `tootctl` CLI code and in boot ENV checker
 # https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsexit
 Rails/Exit:
  Exclude:
-    - 'lib/mastodon/*_cli.rb'
-    - 'lib/mastodon/cli_helper.rb'
-    - 'lib/cli.rb'
+    - 'config/boot.rb'
+    - 'lib/mastodon/cli/*.rb'

 # Reason: Some single letter camel case files shouldn't be split
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
@ -267,3 +206,6 @@ Style/TrailingCommaInArrayLiteral:
 # https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral
 Style/TrailingCommaInHashLiteral:
  EnforcedStyleForMultiline: 'comma'
+
+Style/MiddleDot:
+  Enabled: true
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.50.2.
+# using RuboCop version 1.52.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@ -21,12 +21,6 @@ Layout/ArgumentAlignment:
    - 'config/initializers/cors.rb'
    - 'config/initializers/session_store.rb'

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowForAlignment, AllowBeforeTrailingComments, ForceEqualSignAlignment.
-Layout/ExtraSpacing:
-  Exclude:
-    - 'config/initializers/omniauth.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
 # SupportedHashRocketStyles: key, separator, table
@ -39,12 +33,6 @@ Layout/HashAlignment:
    - 'config/initializers/rack_attack.rb'
    - 'config/routes.rb'

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Width, AllowedPatterns.
-Layout/IndentationWidth:
-  Exclude:
-    - 'config/initializers/ffmpeg.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
 Layout/LeadingCommentSpace:
@ -52,14 +40,6 @@ Layout/LeadingCommentSpace:
    - 'config/application.rb'
    - 'config/initializers/omniauth.rb'

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces.
-# SupportedStyles: space, no_space
-# SupportedStylesForEmptyBraces: space, no_space
-Layout/SpaceBeforeBlockBraces:
-  Exclude:
-    - 'config/initializers/paperclip.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: require_no_space, require_space
@ -69,35 +49,13 @@ Layout/SpaceInLambdaLiteral:
    - 'config/initializers/content_security_policy.rb'

 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: space, no_space
-Layout/SpaceInsideStringInterpolation:
-  Exclude:
-    - 'config/initializers/webauthn.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowInHeredoc.
-Layout/TrailingWhitespace:
-  Exclude:
-    - 'config/initializers/paperclip.rb'
-
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Lint/AmbiguousBlockAssociation:
  Exclude:
-    - 'spec/controllers/admin/account_moderation_notes_controller_spec.rb'
    - 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb'
    - 'spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb'
-    - 'spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb'
    - 'spec/services/activitypub/process_status_update_service_spec.rb'
    - 'spec/services/post_status_service_spec.rb'
-    - 'spec/services/suspend_account_service_spec.rb'
-    - 'spec/services/unsuspend_account_service_spec.rb'
-    - 'spec/workers/scheduler/accounts_statuses_cleanup_scheduler_spec.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-Lint/AmbiguousOperatorPrecedence:
-  Exclude:
-    - 'config/initializers/rack_attack.rb'

 # Configuration parameters: AllowComments, AllowEmptyLambdas.
 Lint/EmptyBlock:
@ -162,6 +120,7 @@ Lint/UnusedBlockArgument:
    - 'config/initializers/paperclip.rb'
    - 'config/initializers/simple_form.rb'

+# This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/UselessAssignment:
  Exclude:
    - 'app/services/activitypub/process_status_update_service.rb'
@ -183,6 +142,7 @@ Lint/UselessAssignment:
    - 'spec/services/resolve_url_service_spec.rb'
    - 'spec/views/statuses/show.html.haml_spec.rb'

+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
  Exclude:
@ -194,12 +154,6 @@ Metrics/AbcSize:
  Exclude:
    - 'app/serializers/initial_state_serializer.rb'

-# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns, inherit_mode.
-# AllowedMethods: refine
-Metrics/BlockLength:
-  Exclude:
-    - 'app/models/concerns/status_safe_reblog_insert.rb'
-
 # Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
  Exclude:
@ -209,31 +163,9 @@ Metrics/BlockNesting:
 Metrics/CyclomaticComplexity:
  Max: 25

-# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
-Metrics/MethodLength:
-  Max: 58
-
-# Configuration parameters: CountComments, Max, CountAsOne.
-Metrics/ModuleLength:
-  Exclude:
-    - 'app/controllers/concerns/signature_verification.rb'
-    - 'app/helpers/application_helper.rb'
-    - 'app/helpers/jsonld_helper.rb'
-    - 'app/models/concerns/account_interactions.rb'
-    - 'app/models/concerns/has_user_settings.rb'
-    - 'lib/sanitize_ext/sanitize_config.rb'
-
-# Configuration parameters: Max, CountKeywordArgs, MaxOptionalParameters.
-Metrics/ParameterLists:
-  Exclude:
-    - 'app/models/concerns/account_interactions.rb'
-    - 'app/services/activitypub/fetch_remote_account_service.rb'
-    - 'app/services/activitypub/fetch_remote_actor_service.rb'
-    - 'app/services/activitypub/fetch_remote_status_service.rb'
-
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/PerceivedComplexity:
-  Max: 28
+  Max: 27

 Naming/AccessorMethodName:
  Exclude:
@ -246,6 +178,7 @@ Naming/FileName:
  Exclude:
    - 'config/locales/sr-Latn.rb'

+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyleForLeadingUnderscores.
 # SupportedStylesForLeadingUnderscores: disallowed, required, optional
 Naming/MemoizedInstanceVariableName:
@ -268,39 +201,9 @@ Naming/VariableNumber:
    - 'db/migrate/20190820003045_update_statuses_index.rb'
    - 'db/migrate/20190823221802_add_local_index_to_statuses.rb'
    - 'db/migrate/20200119112504_add_public_index_to_statuses.rb'
-    - 'spec/controllers/activitypub/followers_synchronizations_controller_spec.rb'
-    - 'spec/lib/feed_manager_spec.rb'
    - 'spec/models/account_spec.rb'
-    - 'spec/models/concerns/account_interactions_spec.rb'
-    - 'spec/models/custom_emoji_filter_spec.rb'
    - 'spec/models/domain_block_spec.rb'
    - 'spec/models/user_spec.rb'
-    - 'spec/services/activitypub/fetch_featured_collection_service_spec.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Performance/MapCompact:
-  Exclude:
-    - 'app/lib/admin/metrics/dimension.rb'
-    - 'app/lib/admin/metrics/measure.rb'
-    - 'app/lib/feed_manager.rb'
-    - 'app/models/account.rb'
-    - 'app/models/account_statuses_cleanup_policy.rb'
-    - 'app/models/account_suggestions/setting_source.rb'
-    - 'app/models/account_suggestions/source.rb'
-    - 'app/models/follow_recommendation_filter.rb'
-    - 'app/models/notification.rb'
-    - 'app/models/user_role.rb'
-    - 'app/models/webhook.rb'
-    - 'app/services/process_mentions_service.rb'
-    - 'app/validators/existing_username_validator.rb'
-    - 'db/migrate/20200407202420_migrate_unavailable_inboxes.rb'
-    - 'spec/presenters/status_relationships_presenter_spec.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: SafeMultiline.
-Performance/StartWith:
-  Exclude:
-    - 'app/lib/extractor.rb'

 # This cop supports unsafe autocorrection (--autocorrect-all).
 Performance/UnfreezeString:
@ -330,79 +233,6 @@ RSpec/AnyInstance:
    - 'spec/workers/activitypub/delivery_worker_spec.rb'
    - 'spec/workers/web/push_notification_worker_spec.rb'

-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: SkipBlocks, EnforcedStyle.
-# SupportedStyles: described_class, explicit
-RSpec/DescribedClass:
-  Exclude:
-    - 'spec/controllers/concerns/cache_concern_spec.rb'
-    - 'spec/controllers/concerns/challengable_concern_spec.rb'
-    - 'spec/lib/entity_cache_spec.rb'
-    - 'spec/lib/extractor_spec.rb'
-    - 'spec/lib/feed_manager_spec.rb'
-    - 'spec/lib/hash_object_spec.rb'
-    - 'spec/lib/ostatus/tag_manager_spec.rb'
-    - 'spec/lib/request_spec.rb'
-    - 'spec/lib/tag_manager_spec.rb'
-    - 'spec/lib/webfinger_resource_spec.rb'
-    - 'spec/mailers/notification_mailer_spec.rb'
-    - 'spec/mailers/user_mailer_spec.rb'
-    - 'spec/models/account_conversation_spec.rb'
-    - 'spec/models/account_domain_block_spec.rb'
-    - 'spec/models/account_migration_spec.rb'
-    - 'spec/models/account_spec.rb'
-    - 'spec/models/block_spec.rb'
-    - 'spec/models/domain_block_spec.rb'
-    - 'spec/models/email_domain_block_spec.rb'
-    - 'spec/models/export_spec.rb'
-    - 'spec/models/favourite_spec.rb'
-    - 'spec/models/follow_spec.rb'
-    - 'spec/models/identity_spec.rb'
-    - 'spec/models/import_spec.rb'
-    - 'spec/models/media_attachment_spec.rb'
-    - 'spec/models/notification_spec.rb'
-    - 'spec/models/relationship_filter_spec.rb'
-    - 'spec/models/report_filter_spec.rb'
-    - 'spec/models/session_activation_spec.rb'
-    - 'spec/models/setting_spec.rb'
-    - 'spec/models/site_upload_spec.rb'
-    - 'spec/models/status_pin_spec.rb'
-    - 'spec/models/status_spec.rb'
-    - 'spec/models/user_spec.rb'
-    - 'spec/policies/account_moderation_note_policy_spec.rb'
-    - 'spec/presenters/account_relationships_presenter_spec.rb'
-    - 'spec/presenters/status_relationships_presenter_spec.rb'
-    - 'spec/serializers/activitypub/note_serializer_spec.rb'
-    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
-    - 'spec/serializers/rest/account_serializer_spec.rb'
-    - 'spec/services/activitypub/fetch_remote_account_service_spec.rb'
-    - 'spec/services/activitypub/fetch_remote_actor_service_spec.rb'
-    - 'spec/services/activitypub/fetch_remote_key_service_spec.rb'
-    - 'spec/services/after_block_domain_from_account_service_spec.rb'
-    - 'spec/services/authorize_follow_service_spec.rb'
-    - 'spec/services/batched_remove_status_service_spec.rb'
-    - 'spec/services/block_domain_service_spec.rb'
-    - 'spec/services/block_service_spec.rb'
-    - 'spec/services/bootstrap_timeline_service_spec.rb'
-    - 'spec/services/clear_domain_media_service_spec.rb'
-    - 'spec/services/favourite_service_spec.rb'
-    - 'spec/services/follow_service_spec.rb'
-    - 'spec/services/import_service_spec.rb'
-    - 'spec/services/post_status_service_spec.rb'
-    - 'spec/services/precompute_feed_service_spec.rb'
-    - 'spec/services/process_mentions_service_spec.rb'
-    - 'spec/services/purge_domain_service_spec.rb'
-    - 'spec/services/reblog_service_spec.rb'
-    - 'spec/services/reject_follow_service_spec.rb'
-    - 'spec/services/remove_from_followers_service_spec.rb'
-    - 'spec/services/remove_status_service_spec.rb'
-    - 'spec/services/unallow_domain_service_spec.rb'
-    - 'spec/services/unblock_service_spec.rb'
-    - 'spec/services/unfollow_service_spec.rb'
-    - 'spec/services/unmute_service_spec.rb'
-    - 'spec/services/update_account_service_spec.rb'
-    - 'spec/validators/note_length_validator_spec.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 RSpec/EmptyExampleGroup:
  Exclude:
@ -442,29 +272,6 @@ RSpec/EmptyExampleGroup:
 RSpec/ExampleLength:
  Max: 22

-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: method_call, block
-RSpec/ExpectChange:
-  Exclude:
-    - 'spec/controllers/admin/account_moderation_notes_controller_spec.rb'
-    - 'spec/controllers/admin/custom_emojis_controller_spec.rb'
-    - 'spec/controllers/admin/invites_controller_spec.rb'
-    - 'spec/controllers/admin/report_notes_controller_spec.rb'
-    - 'spec/controllers/concerns/accountable_concern_spec.rb'
-    - 'spec/controllers/invites_controller_spec.rb'
-    - 'spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb'
-    - 'spec/models/admin/account_action_spec.rb'
-    - 'spec/services/suspend_account_service_spec.rb'
-    - 'spec/services/unsuspend_account_service_spec.rb'
-    - 'spec/workers/scheduler/accounts_statuses_cleanup_scheduler_spec.rb'
-
-RSpec/ExpectInHook:
-  Exclude:
-    - 'spec/controllers/api/v1/media_controller_spec.rb'
-    - 'spec/controllers/settings/applications_controller_spec.rb'
-    - 'spec/lib/status_filter_spec.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: implicit, each, example
@ -509,11 +316,8 @@ RSpec/LetSetup:
    - 'spec/controllers/admin/statuses_controller_spec.rb'
    - 'spec/controllers/api/v1/accounts/statuses_controller_spec.rb'
    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
-    - 'spec/controllers/api/v1/admin/domain_allows_controller_spec.rb'
-    - 'spec/controllers/api/v1/admin/domain_blocks_controller_spec.rb'
    - 'spec/controllers/api/v1/filters_controller_spec.rb'
    - 'spec/controllers/api/v1/followed_tags_controller_spec.rb'
-    - 'spec/controllers/api/v1/tags_controller_spec.rb'
    - 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
    - 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
    - 'spec/controllers/api/v2/filters/statuses_controller_spec.rb'
@ -550,7 +354,6 @@ RSpec/LetSetup:
    - 'spec/services/suspend_account_service_spec.rb'
    - 'spec/services/unallow_domain_service_spec.rb'
    - 'spec/services/unsuspend_account_service_spec.rb'
-    - 'spec/workers/scheduler/accounts_statuses_cleanup_scheduler_spec.rb'
    - 'spec/workers/scheduler/user_cleanup_scheduler_spec.rb'

 RSpec/MessageChain:
@ -582,32 +385,8 @@ RSpec/MessageSpies:
    - 'spec/spec_helper.rb'
    - 'spec/validators/status_length_validator_spec.rb'

-RSpec/MissingExampleGroupArgument:
-  Exclude:
-    - 'spec/controllers/accounts_controller_spec.rb'
-    - 'spec/controllers/activitypub/collections_controller_spec.rb'
-    - 'spec/controllers/admin/statuses_controller_spec.rb'
-    - 'spec/controllers/admin/users/roles_controller_spec.rb'
-    - 'spec/controllers/api/v1/accounts_controller_spec.rb'
-    - 'spec/controllers/api/v1/admin/account_actions_controller_spec.rb'
-    - 'spec/controllers/api/v1/admin/domain_allows_controller_spec.rb'
-    - 'spec/controllers/api/v1/statuses_controller_spec.rb'
-    - 'spec/controllers/auth/registrations_controller_spec.rb'
-    - 'spec/features/log_in_spec.rb'
-    - 'spec/lib/activitypub/activity/undo_spec.rb'
-    - 'spec/lib/status_reach_finder_spec.rb'
-    - 'spec/models/account_spec.rb'
-    - 'spec/models/email_domain_block_spec.rb'
-    - 'spec/models/trends/statuses_spec.rb'
-    - 'spec/models/trends/tags_spec.rb'
-    - 'spec/models/user_role_spec.rb'
-    - 'spec/models/user_spec.rb'
-    - 'spec/services/fetch_link_card_service_spec.rb'
-    - 'spec/services/notify_service_spec.rb'
-    - 'spec/services/process_mentions_service_spec.rb'
-
 RSpec/MultipleExpectations:
-  Max: 19
+  Max: 8

 # Configuration parameters: AllowSubject.
 RSpec/MultipleMemoizedHelpers:
@ -617,53 +396,10 @@ RSpec/MultipleMemoizedHelpers:
 RSpec/NestedGroups:
  Max: 6

-# Configuration parameters: AllowedPatterns.
-# AllowedPatterns: ^expect_, ^assert_
-RSpec/NoExpectationExample:
-  Exclude:
-    - 'spec/controllers/auth/registrations_controller_spec.rb'
-    - 'spec/services/precompute_feed_service_spec.rb'
-
 RSpec/PendingWithoutReason:
  Exclude:
-    - 'spec/controllers/statuses_controller_spec.rb'
    - 'spec/models/account_spec.rb'

-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: Strict, EnforcedStyle, AllowedExplicitMatchers.
-# SupportedStyles: inflected, explicit
-RSpec/PredicateMatcher:
-  Exclude:
-    - 'spec/controllers/api/v1/accounts/notes_controller_spec.rb'
-    - 'spec/models/user_spec.rb'
-    - 'spec/services/post_status_service_spec.rb'
-
-RSpec/RepeatedExample:
-  Exclude:
-    - 'spec/policies/status_policy_spec.rb'
-
-RSpec/RepeatedExampleGroupBody:
-  Exclude:
-    - 'spec/controllers/statuses_controller_spec.rb'
-
-RSpec/RepeatedExampleGroupDescription:
-  Exclude:
-    - 'spec/controllers/admin/reports/actions_controller_spec.rb'
-    - 'spec/policies/report_note_policy_spec.rb'
-
-RSpec/ScatteredSetup:
-  Exclude:
-    - 'spec/controllers/activitypub/followers_synchronizations_controller_spec.rb'
-    - 'spec/controllers/activitypub/outboxes_controller_spec.rb'
-    - 'spec/controllers/admin/disputes/appeals_controller_spec.rb'
-    - 'spec/controllers/auth/registrations_controller_spec.rb'
-    - 'spec/services/activitypub/process_account_service_spec.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-RSpec/SharedContext:
-  Exclude:
-    - 'spec/services/unsuspend_account_service_spec.rb'
-
 RSpec/StubbedMock:
  Exclude:
    - 'spec/controllers/api/base_controller_spec.rb'
@ -678,7 +414,6 @@ RSpec/StubbedMock:
 RSpec/SubjectDeclaration:
  Exclude:
    - 'spec/controllers/admin/domain_blocks_controller_spec.rb'
-    - 'spec/controllers/api/v1/admin/domain_blocks_controller_spec.rb'
    - 'spec/models/account_migration_spec.rb'
    - 'spec/models/account_spec.rb'
    - 'spec/models/relationship_filter_spec.rb'
@ -704,45 +439,6 @@ RSpec/SubjectStub:
    - 'spec/services/unallow_domain_service_spec.rb'
    - 'spec/validators/blacklisted_email_validator_spec.rb'

-# Configuration parameters: IgnoreNameless, IgnoreSymbolicNames.
-RSpec/VerifiedDoubles:
-  Exclude:
-    - 'spec/controllers/admin/change_emails_controller_spec.rb'
-    - 'spec/controllers/admin/confirmations_controller_spec.rb'
-    - 'spec/controllers/admin/disputes/appeals_controller_spec.rb'
-    - 'spec/controllers/admin/domain_allows_controller_spec.rb'
-    - 'spec/controllers/admin/domain_blocks_controller_spec.rb'
-    - 'spec/controllers/api/v1/reports_controller_spec.rb'
-    - 'spec/controllers/api/web/embeds_controller_spec.rb'
-    - 'spec/controllers/auth/sessions_controller_spec.rb'
-    - 'spec/controllers/disputes/appeals_controller_spec.rb'
-    - 'spec/helpers/statuses_helper_spec.rb'
-    - 'spec/lib/suspicious_sign_in_detector_spec.rb'
-    - 'spec/models/account/field_spec.rb'
-    - 'spec/models/session_activation_spec.rb'
-    - 'spec/models/setting_spec.rb'
-    - 'spec/services/account_search_service_spec.rb'
-    - 'spec/services/post_status_service_spec.rb'
-    - 'spec/services/search_service_spec.rb'
-    - 'spec/validators/blacklisted_email_validator_spec.rb'
-    - 'spec/validators/disallowed_hashtags_validator_spec.rb'
-    - 'spec/validators/email_mx_validator_spec.rb'
-    - 'spec/validators/follow_limit_validator_spec.rb'
-    - 'spec/validators/note_length_validator_spec.rb'
-    - 'spec/validators/poll_validator_spec.rb'
-    - 'spec/validators/status_length_validator_spec.rb'
-    - 'spec/validators/status_pin_validator_spec.rb'
-    - 'spec/validators/unique_username_validator_spec.rb'
-    - 'spec/validators/unreserved_username_validator_spec.rb'
-    - 'spec/validators/url_validator_spec.rb'
-    - 'spec/views/statuses/show.html.haml_spec.rb'
-    - 'spec/workers/activitypub/processing_worker_spec.rb'
-    - 'spec/workers/admin/domain_purge_worker_spec.rb'
-    - 'spec/workers/domain_block_worker_spec.rb'
-    - 'spec/workers/domain_clear_media_worker_spec.rb'
-    - 'spec/workers/feed_insert_worker_spec.rb'
-    - 'spec/workers/regeneration_worker_spec.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationController:
  Exclude:
@ -805,12 +501,6 @@ Rails/DuplicateAssociation:
    - 'app/serializers/activitypub/collection_serializer.rb'
    - 'app/serializers/activitypub/note_serializer.rb'

-# Configuration parameters: Include.
-# Include: app/**/*.rb, config/**/*.rb, lib/**/*.rb
-Rails/Exit:
-  Exclude:
-    - 'config/boot.rb'
-
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
@ -859,7 +549,6 @@ Rails/NegateInclude:
    - 'app/models/concerns/attachmentable.rb'
    - 'app/models/concerns/remotable.rb'
    - 'app/models/custom_filter.rb'
-    - 'app/models/webhook.rb'
    - 'app/services/activitypub/process_status_update_service.rb'
    - 'app/services/fetch_link_card_service.rb'
    - 'app/services/search_service.rb'
@ -945,9 +634,9 @@ Rails/SkipsModelValidations:
    - 'db/post_migrate/20220617202502_migrate_roles.rb'
    - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
    - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
-    - 'lib/cli.rb'
-    - 'lib/mastodon/accounts_cli.rb'
-    - 'lib/mastodon/maintenance_cli.rb'
+    - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/main.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
    - 'spec/lib/activitypub/activity/follow_spec.rb'
    - 'spec/services/follow_service_spec.rb'
@ -1029,13 +718,9 @@ Rails/WhereExists:
    - 'app/validators/vote_validator.rb'
    - 'app/workers/move_worker.rb'
    - 'db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb'
-    - 'lib/mastodon/email_domain_blocks_cli.rb'
    - 'lib/tasks/tests.rake'
-    - 'spec/controllers/api/v1/accounts/notes_controller_spec.rb'
-    - 'spec/controllers/api/v1/tags_controller_spec.rb'
    - 'spec/models/account_spec.rb'
    - 'spec/services/activitypub/process_collection_service_spec.rb'
-    - 'spec/services/post_status_service_spec.rb'
    - 'spec/services/purge_domain_service_spec.rb'
    - 'spec/services/unallow_domain_service_spec.rb'

@ -1057,6 +742,7 @@ Style/ClassVars:
  Exclude:
    - 'config/initializers/devise.rb'

+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/CombinableLoops:
  Exclude:
    - 'app/models/form/custom_emoji_batch.rb'
@ -1091,7 +777,6 @@ Style/FormatStringToken:
  Exclude:
    - 'app/models/privacy_policy.rb'
    - 'config/initializers/devise.rb'
-    - 'lib/mastodon/maintenance_cli.rb'
    - 'lib/paperclip/color_extractor.rb'

 # This cop supports unsafe autocorrection (--autocorrect-all).
@ -1501,11 +1186,6 @@ Style/GlobalStdStream:
    - 'config/environments/development.rb'
    - 'config/environments/production.rb'

-# Configuration parameters: AllowedVariables.
-Style/GlobalVars:
-  Exclude:
-    - 'config/initializers/statsd.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
@ -1536,9 +1216,9 @@ Style/GuardClause:
    - 'db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb'
    - 'lib/devise/two_factor_ldap_authenticatable.rb'
    - 'lib/devise/two_factor_pam_authenticatable.rb'
-    - 'lib/mastodon/accounts_cli.rb'
-    - 'lib/mastodon/maintenance_cli.rb'
-    - 'lib/mastodon/media_cli.rb'
+    - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'lib/mastodon/cli/media.rb'
    - 'lib/paperclip/attachment_extensions.rb'
    - 'lib/tasks/repo.rake'

@ -1639,7 +1319,6 @@ Style/RedundantConstantBase:
  Exclude:
    - 'config/environments/production.rb'
    - 'config/initializers/sidekiq.rb'
-    - 'config/initializers/statsd.rb'
    - 'config/locales/sr-Latn.rb'
    - 'config/locales/sr.rb'

@ -1653,52 +1332,6 @@ Style/RedundantFetchBlock:
    - 'config/initializers/paperclip.rb'
    - 'config/puma.rb'

-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantRegexpCharacterClass:
-  Exclude:
-    - 'app/lib/link_details_extractor.rb'
-    - 'app/lib/tag_manager.rb'
-    - 'app/models/domain_allow.rb'
-    - 'app/models/domain_block.rb'
-    - 'app/services/fetch_oembed_service.rb'
-    - 'config/initializers/rack_attack.rb'
-    - 'lib/tasks/emojis.rake'
-    - 'lib/tasks/mastodon.rake'
-
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantRegexpEscape:
-  Exclude:
-    - 'app/lib/webfinger_resource.rb'
-    - 'app/models/account.rb'
-    - 'app/models/tag.rb'
-    - 'app/services/fetch_link_card_service.rb'
-    - 'config/initializers/twitter_regex.rb'
-    - 'lib/paperclip/color_extractor.rb'
-    - 'lib/tasks/mastodon.rake'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, AllowInnerSlashes.
-# SupportedStyles: slashes, percent_r, mixed
-Style/RegexpLiteral:
-  Exclude:
-    - 'app/lib/link_details_extractor.rb'
-    - 'app/lib/plain_text_formatter.rb'
-    - 'app/lib/tag_manager.rb'
-    - 'app/lib/text_formatter.rb'
-    - 'app/models/account.rb'
-    - 'app/models/domain_allow.rb'
-    - 'app/models/domain_block.rb'
-    - 'app/models/site_upload.rb'
-    - 'app/models/tag.rb'
-    - 'app/services/backup_service.rb'
-    - 'app/services/fetch_oembed_service.rb'
-    - 'app/services/search_service.rb'
-    - 'config/initializers/rack_attack.rb'
-    - 'config/initializers/twitter_regex.rb'
-    - 'config/routes.rb'
-    - 'lib/mastodon/premailer_webpack_strategy.rb'
-    - 'lib/tasks/mastodon.rake'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
 # AllowedMethods: present?, blank?, presence, try, try!
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -14,7 +14,7 @@ clone:
    image: woodpeckerci/plugin-git
    settings:
      partial: false
-      depth: 10
+      depth: 5

 pipeline:
  build-base:
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@ -3,3 +3,7 @@ enableGlobalCache: true
 nodeLinker: node-modules

 yarnPath: .yarn/releases/yarn-3.4.1.cjs
+
+logFilters:
+  - code: YN0013
+    level: ${YARN_NOISE_LOG_CODE_LEVEL:-info}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,54 @@

 All notable changes to this project will be documented in this file.

+## [4.1.3] - 2023-07-06
+
+### Added
+
+- Add fallback redirection when getting a webfinger query `LOCAL_DOMAIN@LOCAL_DOMAIN` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23600))
+
+### Changed
+
+- Change OpenGraph-based embeds to allow fullscreen ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25058))
+- Change AccessTokensVacuum to also delete expired tokens ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24868))
+- Change profile updates to be sent to recently-mentioned servers ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24852))
+- Change automatic post deletion thresholds and load detection ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24614))
+- Change `/api/v1/statuses/:id/history` to always return at least one item ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25510))
+- Change auto-linking to allow carets in URL query params ([renchap](https://github.com/mastodon/mastodon/pull/25216))
+
+### Removed
+
+- Remove invalid `X-Frame-Options: ALLOWALL` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25070))
+
+### Fixed
+
+- Fix wrong view being displayed when a webhook fails validation ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25464))
+- Fix soft-deleted post cleanup scheduler overwhelming the streaming server ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25519))
+- Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/25477))
+- Fix multiple inefficiencies in automatic post cleanup worker ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24607), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24785), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24840))
+- Fix performance of streaming by parsing message JSON once ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25278), [ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25361))
+- Fix CSP headers when `S3_ALIAS_HOST` includes a path component ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25273))
+- Fix `tootctl accounts approve --number N` not aproving N earliest registrations ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24605))
+- Fix reports not being closed when performing batch suspensions ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24988))
+- Fix being able to vote on your own polls ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25015))
+- Fix race condition when reblogging a status ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25016))
+- Fix “Authorized applications” inefficiently and incorrectly getting last use date ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25060))
+- Fix “Authorized applications” crashing when listing apps with certain admin API scopes ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25713))
+- Fix multiple N+1s in ConversationsController ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25134), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25399), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25499))
+- Fix user archive takeouts when using OpenStack Swift ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24431))
+- Fix searching for remote content by URL not working under certain conditions ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25637))
+- Fix inefficiencies in indexing content for search ([VyrCossont](https://github.com/mastodon/mastodon/pull/24285), [VyrCossont](https://github.com/mastodon/mastodon/pull/24342))
+
+### Security
+
+- Add finer permission requirements for managing webhooks ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25463))
+- Update dependencies
+- Add hardening headers for user-uploaded files ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25756))
+- Fix verified links possibly hiding important parts of the URL (CVE-2023-36462)
+- Fix timeout handling of outbound HTTP requests (CVE-2023-36461)
+- Fix arbitrary file creation through media processing (CVE-2023-36460)
+- Fix possible XSS in preview cards (CVE-2023-36459)
+
 ## [4.1.2] - 2023-04-04

 ### Fixed
--- a/119
+++ b/119
@ -1,113 +1,143 @@
 # syntax=docker/dockerfile:1.4
 # This needs to be bullseye-slim because the Ruby image is built on bullseye-slim
-ARG NODE_VERSION="18.15-bullseye-slim"
+ARG NODE_IMAGE=node:18.16-bullseye-slim
+ARG RUBY_IMAGE=ghcr.io/moritzheiber/ruby-jemalloc:3.2.2-slim

-FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.1-slim as ruby
-FROM node:${NODE_VERSION} as build-base
+FROM ${RUBY_IMAGE} as ruby
+
+# build-base
+FROM ${NODE_IMAGE} as build-base

 COPY --link --from=ruby /opt/ruby /opt/ruby

 ENV DEBIAN_FRONTEND="noninteractive" \
-    PATH="${PATH}:/opt/ruby/bin" \
-    NODE_OPTIONS=--openssl-legacy-provider
+    PATH="${PATH}:/opt/ruby/bin"

 SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 WORKDIR /opt/mastodon

 # hadolint ignore=DL3008
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends build-essential \
+RUN --mount=type=cache,id=apt,target=/var/cache/apt,sharing=private \
+    set -eux && \
+    rm -f /etc/apt/apt.conf.d/docker-clean && \
+    echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential \
        ca-certificates \
        git \
-        libicu-dev \
-        libidn11-dev \
-        libpq-dev \
-        libjemalloc-dev \
-        zlib1g-dev \
        libgdbm-dev \
        libgmp-dev \
+        libicu-dev \
+        libidn11-dev \
+        libjemalloc-dev \
+        libpq-dev \
+        libreadline8 \
        libssl-dev \
        libyaml-0-2 \
-        ca-certificates \
-        libreadline8 \
        python3 \
-        shared-mime-info
+        shared-mime-info \
+        zlib1g-dev

 COPY --link .yarn/releases/ /opt/mastodon/.yarn/releases/
 COPY --link Gemfile* package.json yarn.lock .yarnrc.yml /opt/mastodon/

-RUN \
+ENV NODE_OPTIONS=--openssl-legacy-provider \
+    YARN_GLOBAL_FOLDER=/opt/yarn \
+    YARN_ENABLE_GLOBAL_CACHE=1
+
+RUN --mount=type=cache,id=bundle,target=/opt/bundle/cache,sharing=private \
+    --mount=type=cache,id=yarn,target=/opt/yarn/cache,sharing=private \
+    set -eux && \
+    bundle config set cache_path /opt/bundle/cache && \
+    bundle config set silence_root_warning 'true' && \
+    bundle cache --no-install && \
    bundle config set --local deployment 'true' && \
-    bundle config set --local without 'development test' && \
-    bundle config set silence_root_warning true && \
-    bundle install -j"$(nproc)" && \
-    yarn install && \
-    yarn cache clean
+    bundle install --local -j"$(nproc)" && \
+    yarn install --immutable

 # Precompile assets
 # TODO(kouhai): we're currently patching node_modules because of emoji-mart.
 # we should integrate our own fork instead.
 COPY --link . /opt/mastodon

+# build
 FROM build-base AS build

 ENV RAILS_ENV="production" \
    NODE_ENV="production"

+ENV NODE_OPTIONS=--openssl-legacy-provider \
+    YARN_GLOBAL_FOLDER=/opt/yarn \
+    YARN_ENABLE_GLOBAL_CACHE=1
+
 ENV OTP_SECRET=precompile_placeholder \
    SECRET_KEY_BASE=precompile_placeholder \
    RAKE_NO_YARN_INSTALL_HACK=1
-RUN mv ./emoji_data/all.json ./node_modules/emoji-mart/data/all.json && yarn install && \
+
+ENV BOOTSNAP_CACHE_DIR=/opt/mastodon/bootsnap
+
+RUN --mount=type=cache,id=yarn,target=/opt/yarn/cache,sharing=private \
+    --mount=type=cache,id=webpacker,target=/opt/webpacker/cache,sharing=private \
+    set -eux && \
+    mkdir -p tmp/cache && \
+    ln -sf /opt/webpacker/cache tmp/cache/webpacker && \
+    mv ./emoji_data/all.json ./node_modules/emoji-mart/data/all.json && \
+    yarn install && \
    bundle exec rails assets:precompile

-
-FROM node:${NODE_VERSION}
+# final image
+FROM ${NODE_IMAGE} as output

 # Use those args to specify your own version flags & suffixes
+ARG SOURCE_TAG=""
 ARG MASTODON_VERSION_FLAGS=""
 ARG MASTODON_VERSION_SUFFIX=""

 ARG UID="991"
 ARG GID="991"

-COPY --link --from=ruby /opt/ruby /opt/ruby
-
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 ENV DEBIAN_FRONTEND="noninteractive" \
    PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin"

-# Ignoreing these here since we don't want to pin any versions and the Debian image removes apt-get content after use
+# Ignoring these here since we don't want to pin any versions and the Debian image removes apt-get content after use
 # hadolint ignore=DL3008,DL3009
-RUN apt-get update && \
+RUN --mount=type=cache,id=apt,target=/var/cache/apt,sharing=private \
+    set -eux && \
+    rm -f /etc/apt/apt.conf.d/docker-clean && \
+    echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache && \
+    apt-get update && \
    echo "Etc/UTC" > /etc/localtime && \
    groupadd -g "${GID}" mastodon && \
    useradd -l -u "$UID" -g "${GID}" -m -d /opt/mastodon mastodon && \
-    apt-get -y --no-install-recommends install whois \
-        wget \
-        procps \
-        libssl1.1 \
-        libpq5 \
-        imagemagick \
+    apt-get -y --no-install-recommends install \
+        ca-certificates \
        ffmpeg \
-        libjemalloc2 \
+        file \
+        imagemagick \
        libicu67 \
        libidn11 \
-        libyaml-0-2 \
-        file \
-        ca-certificates \
-        tzdata \
+        libjemalloc2 \
+        libpq5 \
        libreadline8 \
-        tini && \
-    ln -s /opt/mastodon /mastodon
+        libssl1.1 \
+        libyaml-0-2 \
+        procps \
+        tini \
+        tzdata \
+        wget \
+        whois \
+    && ln -s /opt/mastodon /mastodon

 # Note: no, cleaning here since Debian does this automatically
 # See the file /etc/apt/apt.conf.d/docker-clean within the Docker image's filesystem

+COPY --link --from=ruby /opt/ruby /opt/ruby
 COPY --link --chown=mastodon:mastodon --from=build /opt/mastodon /opt/mastodon

-ARG SOURCE_TAG=''
 ENV RAILS_ENV="production" \
    NODE_ENV="production" \
    RAILS_SERVE_STATIC_FILES="true" \
@ -116,6 +146,11 @@ ENV RAILS_ENV="production" \
    MASTODON_VERSION_FLAGS="${MASTODON_VERSION_FLAGS}" \
    MASTODON_VERSION_SUFFIX="${MASTODON_VERSION_SUFFIX}"

+ENV BOOTSNAP_CACHE_DIR=/opt/mastodon/bootsnap
+
+# override this at will
+ENV BOOTSNAP_READONLY=1
+
 # Set the run user
 USER mastodon
 WORKDIR /opt/mastodon
--- a/102
+++ b/102
@ -3,9 +3,7 @@
 source 'https://rubygems.org'
 ruby '>= 3.0.0'

-gem 'pkg-config', '~> 1.5'
-
-gem 'puma', '~> 6.2'
+gem 'puma', '~> 6.3'
 gem 'rails', '~> 6.1.7'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
@ -17,10 +15,10 @@ gem 'makara', '~> 0.5'
 gem 'pghero'
 gem 'dotenv-rails', '~> 2.8'

-gem 'aws-sdk-s3', '~> 1.120', require: false
+gem 'aws-sdk-s3', '~> 1.123', require: false
 gem 'fog-core', '<= 2.4.0'
 gem 'fog-openstack', '~> 0.3', require: false
-gem 'kt-paperclip', '~> 7.1', github: 'kreeti/kt-paperclip', ref: '11abf222dc31bff71160a1d138b445214f434b2b'
+gem 'kt-paperclip', '~> 7.2'
 gem 'blurhash', '~> 0.1'

 gem 'active_model_serializers', '~> 0.10'
@ -59,8 +57,7 @@ gem 'idn-ruby', require: 'idn'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
 gem 'mime-types', '~> 3.4.1', require: 'mime/types/columnar'
-gem 'nokogiri', '~> 1.14'
-gem 'nsa', '~> 0.2'
+gem 'nokogiri', '~> 1.15'
 gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
@ -75,7 +72,7 @@ gem 'rails-settings-cached', '~> 0.6', git: 'https://github.com/mastodon/rails-s
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'rqrcode', '~> 2.1'
+gem 'rqrcode', '~> 2.2'
 gem 'ruby-progressbar', '~> 1.13'
 gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.7'
@ -99,55 +96,89 @@ gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
 gem 'rdf-normalize', '~> 0.5'

-group :development, :test do
-  gem 'fabrication', '~> 2.30'
-  gem 'fuubar', '~> 2.5'
-  gem 'i18n-tasks', '~> 1.0', require: false
-  gem 'rspec-rails', '~> 6.0'
-  gem 'rspec_chunked', '~> 0.6'
-
-  gem 'rubocop-capybara', require: false
-  gem 'rubocop-performance', require: false
-  gem 'rubocop-rails', require: false
-  gem 'rubocop-rspec', require: false
-  gem 'rubocop', require: false
-end
-
-group :production, :test do
-  gem 'private_address_check', '~> 0.5'
-end
+gem 'private_address_check', '~> 0.5'

 group :test do
-  gem 'capybara', '~> 3.39'
-  gem 'climate_control'
-  gem 'faker', '~> 3.2'
-  gem 'json-schema', '~> 4.0'
-  gem 'rack-test', '~> 2.1'
-  gem 'rails-controller-testing', '~> 1.0'
-  gem 'rspec_junit_formatter', '~> 0.6'
+  # RSpec runner for rails
+  gem 'rspec-rails', '~> 6.0'
+
+  # Used to split testing into chunks in CI
+  gem 'rspec_chunked', '~> 0.6'
+
+  # RSpec progress bar formatter
+  gem 'fuubar', '~> 2.5'
+
+  # Extra RSpec extenion methods and helpers for sidekiq
  gem 'rspec-sidekiq', '~> 3.1'
+
+  # Browser integration testing
+  gem 'capybara', '~> 3.39'
+
+  # Used to mock environment variables
+  gem 'climate_control', '~> 0.2'
+
+  # Generating fake data for specs
+  gem 'faker', '~> 3.2'
+
+  # Generate test objects for specs
+  gem 'fabrication', '~> 2.30'
+
+  # Add back helpers functions removed in Rails 5.1
+  gem 'rails-controller-testing', '~> 1.0'
+
+  # Validate schemas in specs
+  gem 'json-schema', '~> 4.0'
+
+  # Test harness fo rack components
+  gem 'rack-test', '~> 2.1'
+
+  # Coverage formatter for RSpec test if DISABLE_SIMPLECOV is false
  gem 'simplecov', '~> 0.22', require: false
+
+  # Stub web requests for specs
  gem 'webmock', '~> 3.18'
 end

 group :development do
+  # Code linting CLI and plugins
+  gem 'rubocop', require: false
+  gem 'rubocop-capybara', require: false
+  gem 'rubocop-performance', require: false
+  gem 'rubocop-rails', require: false
+  gem 'rubocop-rspec', require: false
+
+  # Annotates modules with schema
  gem 'annotate', '~> 3.2'
+
+  # Enhanced error message pages for development
  gem 'better_errors', '~> 2.9'
  gem 'binding_of_caller', '~> 1.0'
+
+  # Preview mail in the browser
  gem 'letter_opener', '~> 1.8'
  gem 'letter_opener_web', '~> 2.0'
-  gem 'memory_profiler'
+
+  # Security analysis CLI tools
  gem 'brakeman', '~> 5.4', require: false
  gem 'bundler-audit', '~> 0.9', require: false
+
+  # Linter CLI for HAML files
  gem 'haml_lint', require: false

+  # Deployment automation
  gem 'capistrano', '~> 3.17'
  gem 'capistrano-rails', '~> 1.6'
  gem 'capistrano-rbenv', '~> 2.2'
  gem 'capistrano-yarn', '~> 2.0'

-  gem 'stackprof'
+  # Validate missing i18n keys
+  gem 'i18n-tasks', '~> 1.0', require: false

+  # Profiling tools
+  gem 'memory_profiler', require: false
+  gem 'stackprof', require: false
+
+  # foreman
  gem 'foreman'
 end

@ -159,8 +190,9 @@ gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'

-gem 'hcaptcha', '~> 7.1'
 gem 'cocoon', '~> 1.2'

 gem 'net-http', '~> 0.3.2'
 gem 'rubyzip', '~> 2.3'
+
+gem 'hcaptcha', '~> 7.1'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -7,18 +7,6 @@ GIT
      hkdf (~> 0.2)
      jwt (~> 2.0)

-GIT
-  remote: https://github.com/kreeti/kt-paperclip.git
-  revision: 11abf222dc31bff71160a1d138b445214f434b2b
-  ref: 11abf222dc31bff71160a1d138b445214f434b2b
-  specs:
-    kt-paperclip (7.1.1)
-      activemodel (>= 4.2.0)
-      activesupport (>= 4.2.0)
-      marcel (~> 1.0.1)
-      mime-types
-      terrapin (~> 0.6.0)
-
 GIT
  remote: https://github.com/mastodon/rails-settings-cached.git
  revision: 86328ef0bd04ce21cc0504ff5e334591e8c2ccab
@ -30,40 +18,40 @@ GIT
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actioncable (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionmailbox (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activestorage (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      mail (>= 2.7.1)
-    actionmailer (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      actionview (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionmailer (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      actionview (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.3)
-      actionview (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionpack (6.1.7.4)
+      actionview (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      rack (~> 2.0, >= 2.0.9)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actiontext (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activestorage (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      nokogiri (>= 1.8.5)
-    actionview (6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionview (6.1.7.4)
+      activesupport (= 6.1.7.4)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@ -73,22 +61,22 @@ GEM
      activemodel (>= 4.1, < 7.1)
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (6.1.7.3)
-      activesupport (= 6.1.7.3)
+    activejob (6.1.7.4)
+      activesupport (= 6.1.7.4)
      globalid (>= 0.3.6)
-    activemodel (6.1.7.3)
-      activesupport (= 6.1.7.3)
-    activerecord (6.1.7.3)
-      activemodel (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
-    activestorage (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    activemodel (6.1.7.4)
+      activesupport (= 6.1.7.4)
+    activerecord (6.1.7.4)
+      activemodel (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
+    activestorage (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (6.1.7.3)
+    activesupport (6.1.7.4)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@ -109,26 +97,26 @@ GEM
    attr_required (1.0.1)
    awrence (1.2.1)
    aws-eventstream (1.2.0)
-    aws-partitions (1.752.0)
-    aws-sdk-core (3.171.0)
+    aws-partitions (1.780.0)
+    aws-sdk-core (3.175.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.5)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.63.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-kms (1.67.0)
+      aws-sdk-core (~> 3, >= 3.174.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.121.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-s3 (1.126.0)
+      aws-sdk-core (~> 3, >= 3.174.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.4)
    aws-sigv4 (1.5.2)
      aws-eventstream (~> 1, >= 1.0.2)
    bcrypt (3.1.18)
-    better_errors (2.9.1)
-      coderay (>= 1.0.0)
+    better_errors (2.10.1)
      erubi (>= 1.0.0)
      rack (>= 0.9.0)
+      rouge (>= 1.0.0)
    better_html (2.0.1)
      actionview (>= 6.0)
      activesupport (>= 6.0)
@ -151,7 +139,7 @@ GEM
    bundler-audit (0.9.1)
      bundler (>= 1.2.0, < 3)
      thor (~> 1.0)
-    capistrano (3.17.2)
+    capistrano (3.17.3)
      airbrussh (>= 1.0.0)
      i18n
      rake (>= 10.0.0)
@ -166,7 +154,7 @@ GEM
      sshkit (~> 1.3)
    capistrano-yarn (2.0.2)
      capistrano (~> 3.0)
-    capybara (3.39.0)
+    capybara (3.39.2)
      addressable
      matrix
      mini_mime (>= 0.1.3)
@ -186,10 +174,9 @@ GEM
    chunky_png (1.4.0)
    climate_control (0.2.0)
    cocoon (1.2.15)
-    coderay (1.1.3)
    color_diff (0.1)
    concurrent-ruby (1.2.2)
-    connection_pool (2.4.0)
+    connection_pool (2.4.1)
    cose (1.3.0)
      cbor (~> 0.5.9)
      openssl-signature_algorithm (~> 1.0)
@ -241,7 +228,7 @@ GEM
    erubi (1.12.0)
    et-orbi (1.2.7)
      tzinfo
-    excon (0.99.0)
+    excon (0.100.0)
    fabrication (2.30.0)
    faker (3.2.0)
      i18n (>= 1.8.11, < 2)
@ -269,7 +256,7 @@ GEM
    faraday-rack (1.0.0)
    faraday-retry (1.0.3)
    fast_blank (1.0.1)
-    fastimage (2.2.6)
+    fastimage (2.2.7)
    ffi (1.15.5)
    ffi-compiler (1.0.1)
      ffi (>= 1.0.0)
@ -305,11 +292,11 @@ GEM
      activesupport (>= 5.1)
      haml (>= 4.0.6)
      railties (>= 5.1)
-    haml_lint (0.45.0)
+    haml_lint (0.46.0)
      haml (>= 4.0, < 6.2)
      parallel (~> 1.10)
      rainbow
-      rubocop (>= 0.50.0)
+      rubocop (>= 1.0)
      sysexits (~> 1.1)
    hashdiff (1.0.1)
    hashie (5.0.0)
@ -332,7 +319,7 @@ GEM
    httplog (1.6.2)
      rack (>= 2.0)
      rainbow (>= 2.0.0)
-    i18n (1.12.0)
+    i18n (1.14.1)
      concurrent-ruby (~> 1.0)
    i18n-tasks (1.0.12)
      activesupport (>= 4.0.2)
@ -368,7 +355,7 @@ GEM
    json-schema (4.0.0)
      addressable (>= 2.8)
    jsonapi-renderer (0.2.2)
-    jwt (2.7.0)
+    jwt (2.7.1)
    kaminari (1.2.2)
      activesupport (>= 4.1.0)
      kaminari-actionview (= 1.2.2)
@ -381,6 +368,13 @@ GEM
      activerecord
      kaminari-core (= 1.2.2)
    kaminari-core (1.2.2)
+    kt-paperclip (7.2.0)
+      activemodel (>= 4.2.0)
+      activesupport (>= 4.2.0)
+      marcel (~> 1.0.1)
+      mime-types
+      terrapin (~> 0.6.0)
+    language_server-protocol (3.17.0.3)
    launchy (2.5.2)
      addressable (~> 2.8)
    letter_opener (1.8.1)
@ -399,9 +393,9 @@ GEM
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.20.0)
+    loofah (2.21.3)
      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
    mail (2.8.1)
      mini_mime (>= 0.1.1)
      net-imap
@ -419,14 +413,14 @@ GEM
      mime-types-data (~> 3.2015)
    mime-types-data (3.2023.0218.1)
    mini_mime (1.1.2)
-    mini_portile2 (2.8.1)
-    minitest (5.18.0)
-    msgpack (1.7.0)
+    mini_portile2 (2.8.2)
+    minitest (5.18.1)
+    msgpack (1.7.1)
    multi_json (1.15.0)
    multipart-post (2.3.0)
    net-http (0.3.2)
      uri
-    net-imap (0.3.4)
+    net-imap (0.3.6)
      date
      net-protocol
    net-ldap (0.18.0)
@ -440,15 +434,10 @@ GEM
      net-protocol
    net-ssh (7.1.0)
    nio4r (2.5.9)
-    nokogiri (1.14.3)
-      mini_portile2 (~> 2.8.0)
+    nokogiri (1.15.2)
+      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
-    nsa (0.2.8)
-      activesupport (>= 4.2, < 7)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      sidekiq (>= 3.5)
-      statsd-ruby (~> 1.4, >= 1.4.0)
-    oj (3.14.3)
+    oj (3.15.0)
    omniauth (1.9.2)
      hashie (>= 3.4.6)
      rack (>= 1.6.2, < 3)
@ -482,15 +471,15 @@ GEM
    orm_adapter (0.5.0)
    ox (2.14.16)
    parallel (1.23.0)
-    parser (3.2.2.1)
+    parser (3.2.2.3)
      ast (~> 2.4.1)
+      racc
    parslet (2.0.0)
    pastel (0.8.0)
      tty-color (~> 0.5)
    pg (1.5.3)
    pghero (3.3.3)
      activerecord (>= 6)
-    pkg-config (1.5.1)
    posix-spawn (0.3.15)
    premailer (1.21.0)
      addressable
@ -502,12 +491,12 @@ GEM
      premailer (~> 1.7, >= 1.7.9)
    private_address_check (0.5.0)
    public_suffix (5.0.1)
-    puma (6.2.2)
+    puma (6.3.0)
      nio4r (~> 2.0)
    pundit (2.3.0)
      activesupport (>= 3.0.0)
    raabro (1.4.0)
-    racc (1.6.2)
+    racc (1.7.1)
    rack (2.2.7)
    rack-attack (6.6.1)
      rack (>= 1.0, < 3)
@ -523,20 +512,20 @@ GEM
      rack
    rack-test (2.1.0)
      rack (>= 1.3)
-    rails (6.1.7.3)
-      actioncable (= 6.1.7.3)
-      actionmailbox (= 6.1.7.3)
-      actionmailer (= 6.1.7.3)
-      actionpack (= 6.1.7.3)
-      actiontext (= 6.1.7.3)
-      actionview (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activemodel (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    rails (6.1.7.4)
+      actioncable (= 6.1.7.4)
+      actionmailbox (= 6.1.7.4)
+      actionmailer (= 6.1.7.4)
+      actionpack (= 6.1.7.4)
+      actiontext (= 6.1.7.4)
+      actionview (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activemodel (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activestorage (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      bundler (>= 1.15.0)
-      railties (= 6.1.7.3)
+      railties (= 6.1.7.4)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
@ -545,30 +534,31 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.5.0)
-      loofah (~> 2.19, >= 2.19.1)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
    rails-i18n (6.0.0)
      i18n (>= 0.7, < 2)
      railties (>= 6.0.0, < 7)
-    railties (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    railties (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
    rainbow (3.1.1)
    rake (13.0.6)
-    rdf (3.2.10)
+    rdf (3.2.11)
      link_header (~> 0.0, >= 0.0.8)
-    rdf-normalize (0.5.1)
+    rdf-normalize (0.6.0)
      rdf (~> 3.2)
    redcarpet (3.6.0)
    redis (4.8.1)
-    redis-namespace (1.10.0)
+    redis-namespace (1.11.0)
      redis (>= 4)
    redlock (1.3.2)
      redis (>= 3.0.0, < 6.0)
-    regexp_parser (2.8.0)
+    regexp_parser (2.8.1)
    request_store (1.5.1)
      rack (>= 1.4)
    responders (3.1.0)
@ -576,8 +566,9 @@ GEM
      railties (>= 5.2)
    rexml (3.2.5)
    rotp (6.2.2)
+    rouge (4.1.2)
    rpam2 (4.0.2)
-    rqrcode (2.1.2)
+    rqrcode (2.2.0)
      chunky_png (~> 1.0)
      rqrcode_core (~> 1.0)
    rqrcode_core (1.2.0)
@ -589,52 +580,54 @@ GEM
    rspec-mocks (3.12.5)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
-    rspec-rails (6.0.1)
+    rspec-rails (6.0.3)
      actionpack (>= 6.1)
      activesupport (>= 6.1)
      railties (>= 6.1)
-      rspec-core (~> 3.11)
-      rspec-expectations (~> 3.11)
-      rspec-mocks (~> 3.11)
-      rspec-support (~> 3.11)
+      rspec-core (~> 3.12)
+      rspec-expectations (~> 3.12)
+      rspec-mocks (~> 3.12)
+      rspec-support (~> 3.12)
    rspec-sidekiq (3.1.0)
      rspec-core (~> 3.0, >= 3.0.0)
      sidekiq (>= 2.4.0)
    rspec-support (3.12.0)
    rspec_chunked (0.6)
-    rspec_junit_formatter (0.6.0)
-      rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (1.50.2)
+    rubocop (1.54.1)
      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.2.2.3)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
      rubocop-ast (>= 1.28.0, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.28.0)
+    rubocop-ast (1.29.0)
      parser (>= 3.2.1.0)
    rubocop-capybara (2.18.0)
      rubocop (~> 1.41)
-    rubocop-performance (1.17.1)
+    rubocop-factory_bot (2.23.1)
+      rubocop (~> 1.33)
+    rubocop-performance (1.18.0)
      rubocop (>= 1.7.0, < 2.0)
      rubocop-ast (>= 0.4.0)
    rubocop-rails (2.19.1)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.33.0, < 2.0)
-    rubocop-rspec (2.19.0)
+    rubocop-rspec (2.22.0)
      rubocop (~> 1.33)
      rubocop-capybara (~> 2.17)
+      rubocop-factory_bot (~> 2.22)
    ruby-progressbar (1.13.0)
-    ruby-saml (1.13.0)
-      nokogiri (>= 1.10.5)
+    ruby-saml (1.15.0)
+      nokogiri (>= 1.13.10)
      rexml
    ruby2_keywords (0.0.5)
    rubyzip (2.3.2)
-    rufus-scheduler (3.8.2)
+    rufus-scheduler (3.9.1)
      fugit (~> 1.1, >= 1.1.6)
    safety_net_attestation (0.4.0)
      jwt (~> 2.0)
@ -645,13 +638,13 @@ GEM
      activerecord (>= 4.0.0)
      railties (>= 4.0.0)
    semantic_range (3.0.0)
-    sidekiq (6.5.8)
+    sidekiq (6.5.9)
      connection_pool (>= 2.2.5, < 3)
      rack (~> 2.0)
      redis (>= 4.5.0, < 5)
    sidekiq-bulk (0.2.0)
      sidekiq
-    sidekiq-scheduler (5.0.2)
+    sidekiq-scheduler (5.0.3)
      rufus-scheduler (~> 3.2)
      sidekiq (>= 6, < 8)
      tilt (>= 1.4.0)
@ -684,7 +677,6 @@ GEM
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
    stackprof (0.2.25)
-    statsd-ruby (1.5.0)
    stoplight (3.0.1)
      redlock (~> 1.0)
    strong_migrations (0.8.0)
@ -694,13 +686,13 @@ GEM
      attr_required (>= 0.0.5)
      httpclient (>= 2.4)
    sysexits (1.2.0)
-    temple (0.10.0)
+    temple (0.10.2)
    terminal-table (3.0.2)
      unicode-display_width (>= 1.1.1, < 3)
    terrapin (0.6.0)
      climate_control (>= 0.0.3, < 1.0)
-    thor (1.2.1)
-    tilt (2.1.0)
+    thor (1.2.2)
+    tilt (2.2.0)
    timeout (0.3.2)
    tpm-key_attestation (0.12.0)
      bindata (~> 2.4)
@ -727,7 +719,7 @@ GEM
      unf_ext
    unf_ext (0.0.8.2)
    unicode-display_width (2.4.2)
-    uri (0.12.1)
+    uri (0.12.2)
    validate_email (0.1.6)
      activemodel (>= 3.0)
      mail (>= 2.2.5)
@ -764,7 +756,7 @@ GEM
    xorcist (1.1.3)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.6.7)
+    zeitwerk (2.6.8)

 PLATFORMS
  ruby
@ -773,7 +765,7 @@ DEPENDENCIES
  active_model_serializers (~> 0.10)
  addressable (~> 2.8)
  annotate (~> 3.2)
-  aws-sdk-s3 (~> 1.120)
+  aws-sdk-s3 (~> 1.123)
  better_errors (~> 2.9)
  binding_of_caller (~> 1.0)
  blurhash (~> 0.1)
@ -788,7 +780,7 @@ DEPENDENCIES
  capybara (~> 3.39)
  charlock_holmes (~> 0.7.7)
  chewy (~> 7.3)
-  climate_control
+  climate_control (~> 0.2)
  cocoon (~> 1.2)
  color_diff (~> 0.1)
  concurrent-ruby
@ -822,7 +814,7 @@ DEPENDENCIES
  json-ld-preloaded (~> 3.2)
  json-schema (~> 4.0)
  kaminari (~> 1.2)
-  kt-paperclip (~> 7.1)!
+  kt-paperclip (~> 7.2)
  letter_opener (~> 1.8)
  letter_opener_web (~> 2.0)
  link_header (~> 0.0)
@ -833,8 +825,7 @@ DEPENDENCIES
  mime-types (~> 3.4.1)
  net-http (~> 0.3.2)
  net-ldap (~> 0.18)
-  nokogiri (~> 1.14)
-  nsa (~> 0.2)
+  nokogiri (~> 1.15)
  oj (~> 3.14)
  omniauth (~> 1.9)
  omniauth-cas (~> 2.0)
@ -845,12 +836,11 @@ DEPENDENCIES
  parslet
  pg (~> 1.5)
  pghero
-  pkg-config (~> 1.5)
  posix-spawn
  premailer-rails
  private_address_check (~> 0.5)
  public_suffix (~> 5.0)
-  puma (~> 6.2)
+  puma (~> 6.3)
  pundit (~> 2.3)
  rack (~> 2.2.7)
  rack-attack (~> 6.6)
@ -864,11 +854,10 @@ DEPENDENCIES
  redcarpet (~> 3.6)
  redis (~> 4.5)
  redis-namespace (~> 1.10)
-  rqrcode (~> 2.1)
+  rqrcode (~> 2.2)
  rspec-rails (~> 6.0)
  rspec-sidekiq (~> 3.1)
  rspec_chunked (~> 0.6)
-  rspec_junit_formatter (~> 0.6)
  rubocop
  rubocop-capybara
  rubocop-performance
@ -901,7 +890,7 @@ DEPENDENCIES
  xorcist (~> 1.1)

 RUBY VERSION
-   ruby 3.0.5p211
+   ruby 3.2.2p53

 BUNDLED WITH
-   2.4.6
+   2.4.13
--- a/app/chewy/accounts_index.rb
+++ b/app/chewy/accounts_index.rb
@ -2,8 +2,37 @@

 class AccountsIndex < Chewy::Index
  settings index: { refresh_interval: '30s' }, analysis: {
+    filter: {
+      english_stop: {
+        type: 'stop',
+        stopwords: '_english_',
+      },
+
+      english_stemmer: {
+        type: 'stemmer',
+        language: 'english',
+      },
+
+      english_possessive_stemmer: {
+        type: 'stemmer',
+        language: 'possessive_english',
+      },
+    },
+
    analyzer: {
-      content: {
+      natural: {
+        tokenizer: 'uax_url_email',
+        filter: %w(
+          english_possessive_stemmer
+          lowercase
+          asciifolding
+          cjk_width
+          english_stop
+          english_stemmer
+        ),
+      },
+
+      verbatim: {
        tokenizer: 'whitespace',
        filter: %w(lowercase asciifolding cjk_width),
      },
@ -26,18 +55,13 @@ class AccountsIndex < Chewy::Index
  index_scope ::Account.searchable.includes(:account_stat)

  root date_detection: false do
-    field :id, type: 'long'
-
-    field :display_name, type: 'text', analyzer: 'content' do
-      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-    end
-
-    field :acct, type: 'text', analyzer: 'content', value: ->(account) { [account.username, account.domain].compact.join('@') } do
-      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-    end
-
-    field :following_count, type: 'long', value: ->(account) { account.following_count }
-    field :followers_count, type: 'long', value: ->(account) { account.followers_count }
-    field :last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at }
+    field(:id, type: 'long')
+    field(:following_count, type: 'long')
+    field(:followers_count, type: 'long')
+    field(:properties, type: 'keyword', value: ->(account) { account.searchable_properties })
+    field(:last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at })
+    field(:display_name, type: 'text', analyzer: 'verbatim') { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
+    field(:username, type: 'text', analyzer: 'verbatim', value: ->(account) { [account.username, account.domain].compact.join('@') }) { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
+    field(:text, type: 'text', value: ->(account) { account.searchable_text }) { field :stemmed, type: 'text', analyzer: 'natural' }
  end
 end
--- a/app/controllers/admin/dashboard_controller.rb
+++ b/app/controllers/admin/dashboard_controller.rb
@ -14,15 +14,5 @@ module Admin
      @pending_tags_count    = Tag.pending_review.count
      @pending_appeals_count = Appeal.pending.count
    end
-
-    private
-
-    def redis_info
-      @redis_info ||= if redis.is_a?(Redis::Namespace)
-                        redis.redis.info
-                      else
-                        redis.info
-                      end
-    end
  end
 end
--- a/app/controllers/admin/domain_blocks_controller.rb
+++ b/app/controllers/admin/domain_blocks_controller.rb
@ -31,31 +31,41 @@ module Admin
      @domain_block = DomainBlock.new(resource_params)
      existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil

+      # Disallow accidentally downgrading a domain block
      if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
        @domain_block.save
        flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe
        @domain_block.errors.delete(:domain)
-        render :new
-      else
-        if existing_domain_block.present?
-          @domain_block = existing_domain_block
-          @domain_block.update(resource_params)
-        end
+        return render :new
+      end

-        if @domain_block.save
-          DomainBlockWorker.perform_async(@domain_block.id)
-          log_action :create, @domain_block
-          redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
-        else
-          render :new
-        end
+      # Allow transparently upgrading a domain block
+      if existing_domain_block.present?
+        @domain_block = existing_domain_block
+        @domain_block.assign_attributes(resource_params)
+      end
+
+      # Require explicit confirmation when suspending
+      return render :confirm_suspension if requires_confirmation?
+
+      if @domain_block.save
+        DomainBlockWorker.perform_async(@domain_block.id)
+        log_action :create, @domain_block
+        redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
+      else
+        render :new
      end
    end

    def update
      authorize :domain_block, :update?

-      if @domain_block.update(update_params)
+      @domain_block.assign_attributes(update_params)
+
+      # Require explicit confirmation when suspending
+      return render :confirm_suspension if requires_confirmation?
+
+      if @domain_block.save
        DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?)
        log_action :update, @domain_block
        redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
@ -92,5 +102,9 @@ module Admin
    def action_from_button
      'save' if params[:save]
    end
+
+    def requires_confirmation?
+      @domain_block.valid? && (@domain_block.new_record? || @domain_block.severity_changed?) && @domain_block.severity.to_s == 'suspend' && !params[:confirm]
+    end
  end
 end
--- a/app/controllers/admin/webhooks_controller.rb
+++ b/app/controllers/admin/webhooks_controller.rb
@ -28,6 +28,7 @@ module Admin
      authorize :webhook, :create?

      @webhook = Webhook.new(resource_params)
+      @webhook.current_account = current_account

      if @webhook.save
        redirect_to admin_webhook_path(@webhook)
@ -39,10 +40,12 @@ module Admin
    def update
      authorize @webhook, :update?

+      @webhook.current_account = current_account
+
      if @webhook.update(resource_params)
        redirect_to admin_webhook_path(@webhook)
      else
-        render :show
+        render :edit
      end
    end

@ -71,7 +74,7 @@ module Admin
    end

    def resource_params
-      params.require(:webhook).permit(:url, events: [])
+      params.require(:webhook).permit(:url, :template, events: [])
    end
  end
 end
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -90,7 +90,7 @@ class Api::V1::AccountsController < Api::BaseController
  end

  def account_params
-    params.permit(:username, :email, :password, :agreement, :locale, :reason)
+    params.permit(:username, :email, :password, :agreement, :locale, :reason, :time_zone)
  end

  def check_enabled_registrations
--- a/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb
@ -58,7 +58,7 @@ class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController
  end

  def set_canonical_email_blocks_from_test
-    @canonical_email_blocks = CanonicalEmailBlock.matching_email(params[:email])
+    @canonical_email_blocks = CanonicalEmailBlock.matching_email(params.require(:email))
  end

  def set_canonical_email_block
--- a/app/controllers/api/v1/admin/domain_allows_controller.rb
+++ b/app/controllers/api/v1/admin/domain_allows_controller.rb
@ -29,7 +29,7 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
  def create
    authorize :domain_allow, :create?

-    @domain_allow = DomainAllow.find_by(resource_params)
+    @domain_allow = DomainAllow.find_by(domain: resource_params[:domain])

    if @domain_allow.nil?
      @domain_allow = DomainAllow.create!(resource_params)
--- a/app/controllers/api/v1/conversations_controller.rb
+++ b/app/controllers/api/v1/conversations_controller.rb
@ -11,7 +11,7 @@ class Api::V1::ConversationsController < Api::BaseController

  def index
    @conversations = paginated_conversations
-    render json: @conversations, each_serializer: REST::ConversationSerializer
+    render json: @conversations, each_serializer: REST::ConversationSerializer, relationships: StatusRelationshipsPresenter.new(@conversations.map(&:last_status), current_user&.account_id)
  end

  def read
@ -19,6 +19,11 @@ class Api::V1::ConversationsController < Api::BaseController
    render json: @conversation, serializer: REST::ConversationSerializer
  end

+  def unread
+    @conversation.update!(unread: true)
+    render json: @conversation, serializer: REST::ConversationSerializer
+  end
+
  def destroy
    @conversation.destroy!
    render_empty
@ -32,6 +37,19 @@ class Api::V1::ConversationsController < Api::BaseController

  def paginated_conversations
    AccountConversation.where(account: current_account)
+                       .includes(
+                         account: :account_stat,
+                         last_status: [
+                           :media_attachments,
+                           :preview_cards,
+                           :status_stat,
+                           :tags,
+                           {
+                             active_mentions: [account: :account_stat],
+                             account: :account_stat,
+                           },
+                         ]
+                       )
                       .to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end

--- a/app/controllers/api/v1/directories_controller.rb
+++ b/app/controllers/api/v1/directories_controller.rb
@ -21,11 +21,35 @@ class Api::V1::DirectoriesController < Api::BaseController

  def accounts_scope
    Account.discoverable.tap do |scope|
-      scope.merge!(Account.local)                                          if truthy_param?(:local)
-      scope.merge!(Account.by_recent_status)                               if params[:order].blank? || params[:order] == 'active'
-      scope.merge!(Account.order(id: :desc))                               if params[:order] == 'new'
-      scope.merge!(Account.not_excluded_by_account(current_account))       if current_account
-      scope.merge!(Account.not_domain_blocked_by_account(current_account)) if current_account && !truthy_param?(:local)
+      scope.merge!(account_order_scope)
+      scope.merge!(local_account_scope) if local_accounts?
+      scope.merge!(account_exclusion_scope) if current_account
+      scope.merge!(account_domain_block_scope) if current_account && !local_accounts?
    end
  end
+
+  def local_accounts?
+    truthy_param?(:local)
+  end
+
+  def account_order_scope
+    case params[:order]
+    when 'new'
+      Account.order(id: :desc)
+    when 'active', nil
+      Account.by_recent_status
+    end
+  end
+
+  def local_account_scope
+    Account.local
+  end
+
+  def account_exclusion_scope
+    Account.not_excluded_by_account(current_account)
+  end
+
+  def account_domain_block_scope
+    Account.not_domain_blocked_by_account(current_account)
+  end
 end
--- a/app/controllers/api/v1/emails/confirmations_controller.rb
+++ b/app/controllers/api/v1/emails/confirmations_controller.rb
@ -1,9 +1,11 @@
 # frozen_string_literal: true

 class Api::V1::Emails::ConfirmationsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
-  before_action :require_user_owned_by_application!
-  before_action :require_user_not_confirmed!
+  before_action -> { authorize_if_got_token! :read, :'read:accounts' }, only: :check
+  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, except: :check
+  before_action :require_user_owned_by_application!, except: :check
+  before_action :require_user_not_confirmed!, except: :check
+  before_action :require_authenticated_user!, only: :check

  def create
    current_user.update!(email: params[:email]) if params.key?(:email)
@ -12,6 +14,10 @@ class Api::V1::Emails::ConfirmationsController < Api::BaseController
    render_empty
  end

+  def check
+    render json: current_user.confirmed?
+  end
+
  private

  def require_user_owned_by_application!
--- a/app/controllers/api/v1/featured_tags_controller.rb
+++ b/app/controllers/api/v1/featured_tags_controller.rb
@ -13,7 +13,7 @@ class Api::V1::FeaturedTagsController < Api::BaseController
  end

  def create
-    featured_tag = CreateFeaturedTagService.new.call(current_account, featured_tag_params[:name])
+    featured_tag = CreateFeaturedTagService.new.call(current_account, params.require(:name))
    render json: featured_tag, serializer: REST::FeaturedTagSerializer
  end

@ -31,8 +31,4 @@ class Api::V1::FeaturedTagsController < Api::BaseController
  def set_featured_tags
    @featured_tags = current_account.featured_tags.order(statuses_count: :desc)
  end
-
-  def featured_tag_params
-    params.permit(:name)
-  end
 end
--- a/app/controllers/api/v1/lists_controller.rb
+++ b/app/controllers/api/v1/lists_controller.rb
@ -42,6 +42,6 @@ class Api::V1::ListsController < Api::BaseController
  end

  def list_params
-    params.permit(:title, :replies_policy)
+    params.permit(:title, :replies_policy, :exclusive)
  end
 end
--- a/app/controllers/api/v1/statuses/histories_controller.rb
+++ b/app/controllers/api/v1/statuses/histories_controller.rb
@ -8,11 +8,15 @@ class Api::V1::Statuses::HistoriesController < Api::BaseController

  def show
    cache_if_unauthenticated!
-    render json: @status.edits.includes(:account, status: [:account]), each_serializer: REST::StatusEditSerializer
+    render json: status_edits, each_serializer: REST::StatusEditSerializer
  end

  private

+  def status_edits
+    @status.edits.includes(:account, status: [:account]).to_a.presence || [@status.build_snapshot(at_time: @status.edited_at || @status.created_at)]
+  end
+
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@ -2,6 +2,8 @@

 class Api::V1::Statuses::ReblogsController < Api::BaseController
  include Authorization
+  include Redisable
+  include Lockable

  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
  before_action :require_user!
@ -10,7 +12,9 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
  override_rate_limit_headers :create, family: :statuses

  def create
-    @status = ReblogService.new.call(current_account, @reblog, reblog_params)
+    with_redis_lock("reblog:#{current_account.id}:#{@reblog.id}") do
+      @status = ReblogService.new.call(current_account, @reblog, reblog_params)
+    end

    render json: @status, serializer: REST::StatusSerializer
  end
--- a/app/controllers/api/v2/admin/accounts_controller.rb
+++ b/app/controllers/api/v2/admin/accounts_controller.rb
@ -18,6 +18,14 @@ class Api::V2::Admin::AccountsController < Api::V1::Admin::AccountsController

  private

+  def next_path
+    api_v2_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
+  end
+
+  def prev_path
+    api_v2_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
+  end
+
  def filtered_accounts
    AccountFilter.new(translated_filter_params).results
  end
--- a/app/controllers/api/v2/search_controller.rb
+++ b/app/controllers/api/v2/search_controller.rb
@ -34,11 +34,11 @@ class Api::V2::SearchController < Api::BaseController
      params[:q],
      current_account,
      limit_param(RESULTS_LIMIT),
-      search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed))
+      search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed), following: truthy_param?(:following))
    )
  end

  def search_params
-    params.permit(:type, :offset, :min_id, :max_id, :account_id)
+    params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)
  end
 end
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@ -57,9 +57,6 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController

  def captcha_user_bypass?
    return true if @confirmation_user.nil? || @confirmation_user.confirmed?
-
-    invite = Invite.find(@confirmation_user.invite_id) if @confirmation_user.invite_id.present?
-    invite.present? && !invite.max_uses.nil?
  end

  def set_pack
@ -91,8 +88,10 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
  def after_confirmation_path_for(_resource_name, user)
    if user.created_by_application && truthy_param?(:redirect_to_app)
      user.created_by_application.confirmation_redirect_uri
+    elsif user_signed_in?
+      web_url('start')
    else
-      super
+      new_user_session_path
    end
  end
 end
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@ -132,7 +132,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  end

  def set_sessions
-    @sessions = current_user.session_activations
+    @sessions = current_user.session_activations.order(updated_at: :desc)
  end

  def set_strikes
--- a/app/controllers/auth/setup_controller.rb
+++ b/app/controllers/auth/setup_controller.rb
@ -45,6 +45,6 @@ class Auth::SetupController < ApplicationController
  end

  def set_pack
-    use_pack 'auth'
+    use_pack 'sign_up'
  end
 end
--- a/app/controllers/backups_controller.rb
+++ b/app/controllers/backups_controller.rb
@ -11,15 +11,15 @@ class BackupsController < ApplicationController
  def download
    case Paperclip::Attachment.default_options[:storage]
    when :s3
-      redirect_to @backup.dump.expiring_url(10)
+      redirect_to @backup.dump.expiring_url(10), allow_other_host: true
    when :fog
      if Paperclip::Attachment.default_options.dig(:fog_credentials, :openstack_temp_url_key).present?
-        redirect_to @backup.dump.expiring_url(Time.now.utc + 10)
+        redirect_to @backup.dump.expiring_url(Time.now.utc + 10), allow_other_host: true
      else
-        redirect_to full_asset_url(@backup.dump.url)
+        redirect_to full_asset_url(@backup.dump.url), allow_other_host: true
      end
    when :filesystem
-      redirect_to full_asset_url(@backup.dump.url)
+      redirect_to full_asset_url(@backup.dump.url), allow_other_host: true
    end
  end

--- a/app/controllers/concerns/captcha_concern.rb
+++ b/app/controllers/concerns/captcha_concern.rb
@ -2,6 +2,7 @@

 module CaptchaConcern
  extend ActiveSupport::Concern
+
  include Hcaptcha::Adapters::ViewMethods

  included do
@ -35,18 +36,22 @@ module CaptchaConcern
        flash.delete(:hcaptcha_error)
        yield message
      end
+
      false
    end
  end

  def extend_csp_for_captcha!
    policy = request.content_security_policy
+
    return unless captcha_required? && policy.present?

    %w(script_src frame_src style_src connect_src).each do |directive|
      values = policy.send(directive)
+
      values << 'https://hcaptcha.com' unless values.include?('https://hcaptcha.com') || values.include?('https:')
      values << 'https://*.hcaptcha.com' unless values.include?('https://*.hcaptcha.com') || values.include?('https:')
+
      policy.send(directive, *values)
    end
  end
--- a/app/controllers/concerns/theming_concern.rb
+++ b/app/controllers/concerns/theming_concern.rb
@ -75,7 +75,7 @@ module ThemingConcern
    end

    fallbacks.each do |fallback|
-      return resolve_pack(Themes.instance.flavour(fallback), pack_name) if Themes.instance.flavour(fallback)
+      return resolve_pack(Themes.instance.flavour(fallback), pack_name, skin) if Themes.instance.flavour(fallback)
    end

    nil
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@ -15,6 +15,8 @@ class InvitesController < ApplicationController

    @invites = invites
    @invite  = Invite.new
+    @invite.max_uses ||= 1
+    @invite.expires_in ||= 1.day.in_seconds
  end

  def create
--- a/app/controllers/mail_subscriptions_controller.rb
+++ b/app/controllers/mail_subscriptions_controller.rb
@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+class MailSubscriptionsController < ApplicationController
+  layout 'auth'
+
+  skip_before_action :require_functional!
+
+  before_action :set_body_classes
+  before_action :set_user
+  before_action :set_type
+
+  def show; end
+
+  def create
+    @user.settings[email_type_from_param] = false
+    @user.save!
+  end
+
+  private
+
+  def set_user
+    @user = GlobalID::Locator.locate_signed(params[:token], for: 'unsubscribe')
+  end
+
+  def set_body_classes
+    @body_classes = 'lighter'
+  end
+
+  def set_type
+    @type = email_type_from_param
+  end
+
+  def email_type_from_param
+    case params[:type]
+    when 'follow', 'reblog', 'favourite', 'mention', 'follow_request'
+      "notification_emails.#{params[:type]}"
+    else
+      raise ArgumentError
+    end
+  end
+end
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@ -46,7 +46,7 @@ class MediaController < ApplicationController
  end

  def allow_iframing
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
+    response.headers.delete('X-Frame-Options')
  end

  def set_pack
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@ -10,6 +10,8 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
  before_action :set_body_classes
  before_action :set_cache_headers

+  before_action :set_last_used_at_by_app, only: :index, unless: -> { request.format == :json }
+
  skip_before_action :require_functional!

  include Localized
@ -40,4 +42,14 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
  def set_cache_headers
    response.cache_control.replace(private: true, no_store: true)
  end
+
+  def set_last_used_at_by_app
+    @last_used_at_by_app = Doorkeeper::AccessToken
+                           .select('DISTINCT ON (application_id) application_id, last_used_at')
+                           .where(resource_owner_id: current_resource_owner.id)
+                           .where.not(last_used_at: nil)
+                           .order(application_id: :desc, last_used_at: :desc)
+                           .pluck(:application_id, :last_used_at)
+                           .to_h
+  end
 end
--- a/app/controllers/settings/imports_controller.rb
+++ b/app/controllers/settings/imports_controller.rb
@ -12,6 +12,7 @@ class Settings::ImportsController < Settings::BaseController
    muting: 'muted_accounts_failures.csv',
    domain_blocking: 'blocked_domains_failures.csv',
    bookmarks: 'bookmarks_failures.csv',
+    lists: 'lists_failures.csv',
  }.freeze

  TYPE_TO_HEADERS_MAP = {
@ -20,6 +21,7 @@ class Settings::ImportsController < Settings::BaseController
    muting: ['Account address', 'Hide notifications'],
    domain_blocking: false,
    bookmarks: false,
+    lists: false,
  }.freeze

  def index
@ -49,6 +51,8 @@ class Settings::ImportsController < Settings::BaseController
              csv << [row.data['domain']]
            when :bookmarks
              csv << [row.data['uri']]
+            when :lists
+              csv << [row.data['list_name'], row.data['acct']]
            end
          end
        end
--- a/app/controllers/settings/preferences/base_controller.rb
+++ b/app/controllers/settings/preferences/base_controller.rb
@ -19,6 +19,6 @@ class Settings::Preferences::BaseController < Settings::BaseController
  end

  def user_params
-    params.require(:user).permit(:locale, chosen_languages: [], settings_attributes: UserSettings.keys)
+    params.require(:user).permit(:locale, :time_zone, chosen_languages: [], settings_attributes: UserSettings.keys)
  end
 end
--- a/app/controllers/settings/verifications_controller.rb
+++ b/app/controllers/settings/verifications_controller.rb
@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class Settings::VerificationsController < Settings::BaseController
+  before_action :set_account
+
+  def show
+    @verified_links = @account.fields.select(&:verified?)
+  end
+
+  private
+
+  def set_account
+    @account = current_account
+  end
+end
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -46,7 +46,7 @@ class StatusesController < ApplicationController
    return not_found if @status.hidden? || @status.reblog?

    expires_in 180, public: true
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
+    response.headers.delete('X-Frame-Options')

    render layout: 'embedded'
  end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -52,7 +52,7 @@ module ApplicationHelper
    if closed_registrations? || omniauth_only?
      'https://joinmastodon.org/#getting-started'
    else
-      new_user_registration_path
+      ENV.fetch('SSO_ACCOUNT_SIGN_UP', new_user_registration_path)
    end
  end

@ -170,11 +170,11 @@ module ApplicationHelper
  end

  def storage_host
-    URI::HTTPS.build(host: storage_host_name).to_s
+    "https://#{storage_host_var}"
  end

  def storage_host?
-    storage_host_name.present?
+    storage_host_var.present?
  end

  def quote_wrap(text, line_width: 80, break_sequence: "\n")
@ -235,7 +235,7 @@ module ApplicationHelper

  private

-  def storage_host_name
+  def storage_host_var
    ENV.fetch('S3_ALIAS_HOST', nil) || ENV.fetch('S3_CLOUDFRONT_HOST', nil)
  end
 end
--- a/app/helpers/formatting_helper.rb
+++ b/app/helpers/formatting_helper.rb
@ -64,6 +64,10 @@ module FormattingHelper
  end

  def account_field_value_format(field, with_rel_me: true)
-    html_aware_format(field.value, field.account.local?, with_rel_me: with_rel_me, with_domains: true, multiline: false)
+    if field.verified? && !field.account.local?
+      TextFormatter.shortened_link(field.value_for_verification)
+    else
+      html_aware_format(field.value, field.account.local?, with_rel_me: with_rel_me, with_domains: true, multiline: false)
+    end
  end
 end
--- a/app/helpers/languages_helper.rb
+++ b/app/helpers/languages_helper.rb
@ -1,7 +1,5 @@
 # frozen_string_literal: true

-# rubocop:disable Metrics/ModuleLength
-
 module LanguagesHelper
  ISO_639_1 = {
    aa: ['Afar', 'Afaraf'].freeze,
--- a/app/helpers/react_component_helper.rb
+++ b/app/helpers/react_component_helper.rb
@ -11,7 +11,7 @@ module ReactComponentHelper
  end

  def react_admin_component(name, props = {})
-    data = { 'admin-component': name.to_s.camelcase, props: Oj.dump({ locale: I18n.locale }.merge(props)) }
+    data = { 'admin-component': name.to_s.camelcase, props: Oj.dump(props) }
    div_tag_with_data(data)
  end

--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@ -5,10 +5,6 @@ module SettingsHelper
    LanguagesHelper::SUPPORTED_LOCALES.keys
  end

-  def hash_to_object(hash)
-    HashObject.new(hash)
-  end
-
  def session_device_icon(session)
    device = session.detection.device

@ -28,13 +24,4 @@ module SettingsHelper
      safe_join([image_tag(account.avatar.url, width: 15, height: 15, alt: display_name(account), class: 'avatar'), content_tag(:span, account.acct, class: 'username')], ' ')
    end
  end
-
-  def picture_hint(hint, picture)
-    if picture.original_filename.nil?
-      hint
-    else
-      link = link_to t('generic.delete'), settings_profile_picture_path(picture.name.to_s), data: { method: :delete }
-      safe_join([hint, link], '<br/>'.html_safe)
-    end
-  end
 end
--- a/app/javascript/core/admin.js
+++ b/app/javascript/core/admin.js
@ -2,6 +2,7 @@

 import 'packs/public-path';
 import { delegate } from '@rails/ujs';
+
 import ready from '../mastodon/ready';

 const setAnnouncementEndsAttributes = (target) => {
--- a/app/javascript/core/mailer.js
+++ b/app/javascript/core/mailer.js
@ -1,3 +1,3 @@
-require('../styles/mailer.scss');
+import '../styles/mailer.scss';

 require.context('../icons');
--- a/app/javascript/core/public.js
+++ b/app/javascript/core/public.js
@ -2,7 +2,7 @@

 import 'packs/public-path';

-const { delegate } = require('@rails/ujs');
+import { delegate } from '@rails/ujs';

 const getProfileAvatarAnimationHandler = (swapTo) => {
  //animate avatar gifs on the profile page when moused over
--- a/app/javascript/core/settings.js
+++ b/app/javascript/core/settings.js
@ -1,9 +1,9 @@
 //  This file will be loaded on settings pages, regardless of theme.

 import 'packs/public-path';
+import { delegate } from '@rails/ujs';
 import escapeTextContentForBrowser from 'escape-html';

-const { delegate } = require('@rails/ujs');

 import emojify from '../mastodon/features/emoji/emoji';

--- a/app/javascript/core/theme.yml
+++ b/app/javascript/core/theme.yml
@ -16,4 +16,5 @@ pack:
  modal: public.js
  public: public.js
  settings: settings.js
+  sign_up:
  share:
--- a/app/javascript/core/two_factor_authentication.js
+++ b/app/javascript/core/two_factor_authentication.js
@ -1,6 +1,8 @@
 import 'packs/public-path';
-import axios from 'axios';
+
 import * as WebAuthnJSON from '@github/webauthn-json';
+import axios from 'axios';
+
 import ready from '../mastodon/ready';
 import 'regenerator-runtime/runtime';

--- a/app/javascript/flavours/glitch/actions/accounts.js
+++ b/app/javascript/flavours/glitch/actions/accounts.js
@ -1,4 +1,5 @@
 import api, { getLinks } from '../api';
+
 import { importFetchedAccount, importFetchedAccounts } from './importer';

 export const ACCOUNT_FETCH_REQUEST = 'ACCOUNT_FETCH_REQUEST';
--- a/app/javascript/flavours/glitch/actions/announcements.js
+++ b/app/javascript/flavours/glitch/actions/announcements.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { normalizeAnnouncement } from './importer/normalizer';

 export const ANNOUNCEMENTS_FETCH_REQUEST = 'ANNOUNCEMENTS_FETCH_REQUEST';
--- a/app/javascript/flavours/glitch/actions/app.ts
+++ b/app/javascript/flavours/glitch/actions/app.ts
@ -1,7 +1,9 @@
 import { createAction } from '@reduxjs/toolkit';

-type ChangeLayoutPayload = {
-  layout: 'mobile' | 'single-column' | 'multi-column';
-};
+import type { LayoutType } from '../is_mobile';
+
+interface ChangeLayoutPayload {
+  layout: LayoutType;
+}
 export const changeLayout =
  createAction<ChangeLayoutPayload>('APP_LAYOUT_CHANGE');
--- a/app/javascript/flavours/glitch/actions/blocks.js
+++ b/app/javascript/flavours/glitch/actions/blocks.js
@ -1,4 +1,5 @@
 import api, { getLinks } from '../api';
+
 import { fetchRelationships } from './accounts';
 import { importFetchedAccounts } from './importer';
 import { openModal } from './modal';
@ -94,6 +95,6 @@ export function initBlockModal(account) {
      account,
    });

-    dispatch(openModal('BLOCK'));
+    dispatch(openModal({ modalType: 'BLOCK' }));
  };
 }
--- a/app/javascript/flavours/glitch/actions/bookmarks.js
+++ b/app/javascript/flavours/glitch/actions/bookmarks.js
@ -1,4 +1,5 @@
 import api, { getLinks } from '../api';
+
 import { importFetchedStatuses } from './importer';

 export const BOOKMARKED_STATUSES_FETCH_REQUEST = 'BOOKMARKED_STATUSES_FETCH_REQUEST';
--- a/app/javascript/flavours/glitch/actions/boosts.js
+++ b/app/javascript/flavours/glitch/actions/boosts.js
@ -14,7 +14,10 @@ export function initBoostModal(props) {
      privacy,
    });

-    dispatch(openModal('BOOST', props));
+    dispatch(openModal({
+      modalType: 'BOOST',
+      modalProps: props,
+    }));
  };
 }

--- a/app/javascript/flavours/glitch/actions/compose.js
+++ b/app/javascript/flavours/glitch/actions/compose.js
@ -1,11 +1,14 @@
+import { defineMessages } from 'react-intl';
+
 import axios from 'axios';
 import { throttle } from 'lodash';
-import { defineMessages } from 'react-intl';
+
 import api from 'flavours/glitch/api';
 import { search as emojiSearch } from 'flavours/glitch/features/emoji/emoji_mart_search_light';
 import { tagHistory } from 'flavours/glitch/settings';
 import { recoverHashtags } from 'flavours/glitch/utils/hashtag';
 import resizeImage from 'flavours/glitch/utils/resize_image';
+
 import { showAlert, showAlertForError } from './alerts';
 import { useEmoji } from './emojis';
 import { importFetchedAccounts, importFetchedStatus } from './importer';
@ -436,7 +439,10 @@ export function initMediaEditModal(id) {
      id,
    });

-    dispatch(openModal('FOCAL_POINT', { id }));
+    dispatch(openModal({
+      modalType: 'FOCAL_POINT',
+      modalProps: { id },
+    }));
  };
 }

--- a/app/javascript/flavours/glitch/actions/conversations.js
+++ b/app/javascript/flavours/glitch/actions/conversations.js
@ -1,4 +1,5 @@
 import api, { getLinks } from '../api';
+
 import {
  importFetchedAccounts,
  importFetchedStatuses,
--- a/app/javascript/flavours/glitch/actions/directory.js
+++ b/app/javascript/flavours/glitch/actions/directory.js
@ -1,6 +1,7 @@
 import api from '../api';
-import { importFetchedAccounts } from './importer';
+
 import { fetchRelationships } from './accounts';
+import { importFetchedAccounts } from './importer';

 export const DIRECTORY_FETCH_REQUEST = 'DIRECTORY_FETCH_REQUEST';
 export const DIRECTORY_FETCH_SUCCESS = 'DIRECTORY_FETCH_SUCCESS';
--- a/app/javascript/flavours/glitch/actions/favourites.js
+++ b/app/javascript/flavours/glitch/actions/favourites.js
@ -1,4 +1,5 @@
 import api, { getLinks } from '../api';
+
 import { importFetchedStatuses } from './importer';

 export const FAVOURITED_STATUSES_FETCH_REQUEST = 'FAVOURITED_STATUSES_FETCH_REQUEST';
--- a/app/javascript/flavours/glitch/actions/filters.js
+++ b/app/javascript/flavours/glitch/actions/filters.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { openModal } from './modal';

 export const FILTERS_FETCH_REQUEST = 'FILTERS_FETCH_REQUEST';
@ -14,9 +15,12 @@ export const FILTERS_CREATE_SUCCESS = 'FILTERS_CREATE_SUCCESS';
 export const FILTERS_CREATE_FAIL    = 'FILTERS_CREATE_FAIL';

 export const initAddFilter = (status, { contextType }) => dispatch =>
-  dispatch(openModal('FILTER', {
-    statusId: status?.get('id'),
-    contextType: contextType,
+  dispatch(openModal({
+    modalType: 'FILTER',
+    modalProps: {
+      statusId: status?.get('id'),
+      contextType: contextType,
+    },
  }));

 export const fetchFilters = () => (dispatch, getState) => {
--- a/app/javascript/flavours/glitch/actions/history.js
+++ b/app/javascript/flavours/glitch/actions/history.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { importFetchedAccounts } from './importer';

 export const HISTORY_FETCH_REQUEST = 'HISTORY_FETCH_REQUEST';
--- a/app/javascript/flavours/glitch/actions/importer/normalizer.js
+++ b/app/javascript/flavours/glitch/actions/importer/normalizer.js
@ -1,11 +1,12 @@
 import escapeTextContentForBrowser from 'escape-html';
+
 import emojify from 'flavours/glitch/features/emoji/emoji';
-import { unescapeHTML } from 'flavours/glitch/utils/html';
 import { autoHideCW } from 'flavours/glitch/utils/content_warning';
+import { unescapeHTML } from 'flavours/glitch/utils/html';

 const domParser = new DOMParser();

-const makeEmojiMap = record => record.emojis.reduce((obj, emoji) => {
+const makeEmojiMap = emojis => emojis.reduce((obj, emoji) => {
  obj[`:${emoji.shortcode}:`] = emoji;
  return obj;
 }, {});
@ -19,7 +20,7 @@ export function searchTextFromRawStatus (status) {
 export function normalizeAccount(account) {
  account = { ...account };

-  const emojiMap = makeEmojiMap(account);
+  const emojiMap = makeEmojiMap(account.emojis);
  const displayName = account.display_name.trim().length === 0 ? account.username : account.display_name;

  account.display_name_html = emojify(escapeTextContentForBrowser(displayName), emojiMap);
@ -79,7 +80,7 @@ export function normalizeStatus(status, normalOldStatus, settings) {
  } else {
    const spoilerText   = normalStatus.spoiler_text || '';
    const searchContent = ([spoilerText, status.content].concat((status.poll && status.poll.options) ? status.poll.options.map(option => option.title) : [])).concat(status.media_attachments.map(att => att.description)).join('\n\n').replace(/<br\s*\/?>/g, '\n').replace(/<\/p><p>/g, '\n\n');
-    const emojiMap      = makeEmojiMap(normalStatus);
+    const emojiMap      = makeEmojiMap(normalStatus.emojis);

    normalStatus.search_index = domParser.parseFromString(searchContent, 'text/html').documentElement.textContent;
    normalStatus.contentHtml  = emojify(normalStatus.content, emojiMap);
@ -119,22 +120,48 @@ export function normalizeStatus(status, normalOldStatus, settings) {
  return normalStatus;
 }

+export function normalizeStatusTranslation(translation, status) {
+  const emojiMap = makeEmojiMap(status.get('emojis').toJS());
+
+  const normalTranslation = {
+    detected_source_language: translation.detected_source_language,
+    language: translation.language,
+    provider: translation.provider,
+    contentHtml: emojify(translation.content, emojiMap),
+    spoilerHtml: emojify(escapeTextContentForBrowser(translation.spoiler_text), emojiMap),
+    spoiler_text: translation.spoiler_text,
+  };
+
+  return normalTranslation;
+}
+
 export function normalizePoll(poll) {
  const normalPoll = { ...poll };
-  const emojiMap = makeEmojiMap(normalPoll);
+  const emojiMap = makeEmojiMap(poll.emojis);

  normalPoll.options = poll.options.map((option, index) => ({
    ...option,
    voted: poll.own_votes && poll.own_votes.includes(index),
-    title_emojified: emojify(escapeTextContentForBrowser(option.title), emojiMap),
+    titleHtml: emojify(escapeTextContentForBrowser(option.title), emojiMap),
  }));

  return normalPoll;
 }

+export function normalizePollOptionTranslation(translation, poll) {
+  const emojiMap = makeEmojiMap(poll.get('emojis').toJS());
+
+  const normalTranslation = {
+    ...translation,
+    titleHtml: emojify(escapeTextContentForBrowser(translation.title), emojiMap),
+  };
+
+  return normalTranslation;
+}
+
 export function normalizeAnnouncement(announcement) {
  const normalAnnouncement = { ...announcement };
-  const emojiMap = makeEmojiMap(normalAnnouncement);
+  const emojiMap = makeEmojiMap(normalAnnouncement.emojis);

  normalAnnouncement.contentHtml = emojify(normalAnnouncement.content, emojiMap);

--- a/app/javascript/flavours/glitch/actions/interactions.js
+++ b/app/javascript/flavours/glitch/actions/interactions.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { importFetchedAccounts, importFetchedStatus } from './importer';

 export const REBLOG_REQUEST = 'REBLOG_REQUEST';
--- a/app/javascript/flavours/glitch/actions/lists.js
+++ b/app/javascript/flavours/glitch/actions/lists.js
@ -1,6 +1,7 @@
 import api from '../api';
-import { importFetchedAccounts } from './importer';
+
 import { showAlertForError } from './alerts';
+import { importFetchedAccounts } from './importer';

 export const LIST_FETCH_REQUEST = 'LIST_FETCH_REQUEST';
 export const LIST_FETCH_SUCCESS = 'LIST_FETCH_SUCCESS';
@ -150,10 +151,10 @@ export const createListFail = error => ({
  error,
 });

-export const updateList = (id, title, shouldReset, replies_policy) => (dispatch, getState) => {
+export const updateList = (id, title, shouldReset, isExclusive, replies_policy) => (dispatch, getState) => {
  dispatch(updateListRequest(id));

-  api(getState).put(`/api/v1/lists/${id}`, { title, replies_policy }).then(({ data }) => {
+  api(getState).put(`/api/v1/lists/${id}`, { title, replies_policy, exclusive: typeof isExclusive === 'undefined' ? undefined : !!isExclusive }).then(({ data }) => {
    dispatch(updateListSuccess(data));

    if (shouldReset) {
--- a/app/javascript/flavours/glitch/actions/local_settings.js
+++ b/app/javascript/flavours/glitch/actions/local_settings.js
@ -1,4 +1,5 @@
 import { expandSpoilers, disableSwiping } from 'flavours/glitch/initial_state';
+
 import { openModal } from './modal';

 export const LOCAL_SETTING_CHANGE = 'LOCAL_SETTING_CHANGE';
@ -27,9 +28,12 @@ export function checkDeprecatedLocalSettings() {
    }

    if (changed_settings.length > 0) {
-      dispatch(openModal('DEPRECATED_SETTINGS', {
-        settings: changed_settings,
-        onConfirm: () => dispatch(clearDeprecatedLocalSettings()),
+      dispatch(openModal({
+        modalType: 'DEPRECATED_SETTINGS',
+        modalProps: {
+          settings: changed_settings,
+          onConfirm: () => dispatch(clearDeprecatedLocalSettings()),
+        },
      }));
    }
  };
--- a/app/javascript/flavours/glitch/actions/markers.js
+++ b/app/javascript/flavours/glitch/actions/markers.js
@ -1,8 +1,10 @@
-import api from '../api';
-import { debounce } from 'lodash';
-import compareId from '../compare_id';
 import { List as ImmutableList } from 'immutable';

+import { debounce } from 'lodash';
+
+import api from '../api';
+import { compareId } from '../compare_id';
+
 export const MARKERS_FETCH_REQUEST = 'MARKERS_FETCH_REQUEST';
 export const MARKERS_FETCH_SUCCESS = 'MARKERS_FETCH_SUCCESS';
 export const MARKERS_FETCH_FAIL    = 'MARKERS_FETCH_FAIL';
--- a/app/javascript/flavours/glitch/actions/modal.js
+++ b/app/javascript/flavours/glitch/actions/modal.js
@ -1,18 +0,0 @@
-export const MODAL_OPEN  = 'MODAL_OPEN';
-export const MODAL_CLOSE = 'MODAL_CLOSE';
-
-export function openModal(type, props) {
-  return {
-    type: MODAL_OPEN,
-    modalType: type,
-    modalProps: props,
-  };
-}
-
-export function closeModal(type, options = { ignoreFocus: false }) {
-  return {
-    type: MODAL_CLOSE,
-    modalType: type,
-    ignoreFocus: options.ignoreFocus,
-  };
-}
--- a/app/javascript/flavours/glitch/actions/modal.ts
+++ b/app/javascript/flavours/glitch/actions/modal.ts
@ -0,0 +1,17 @@
+import { createAction } from '@reduxjs/toolkit';
+
+import type { MODAL_COMPONENTS } from '../features/ui/components/modal_root';
+
+export type ModalType = keyof typeof MODAL_COMPONENTS;
+
+interface OpenModalPayload {
+  modalType: ModalType;
+  modalProps: unknown;
+}
+export const openModal = createAction<OpenModalPayload>('MODAL_OPEN');
+
+interface CloseModalPayload {
+  modalType: ModalType | undefined;
+  ignoreFocus: boolean;
+}
+export const closeModal = createAction<CloseModalPayload>('MODAL_CLOSE');
--- a/app/javascript/flavours/glitch/actions/mutes.js
+++ b/app/javascript/flavours/glitch/actions/mutes.js
@ -1,7 +1,9 @@
+import { openModal } from 'flavours/glitch/actions/modal';
+
 import api, { getLinks } from '../api';
+
 import { fetchRelationships } from './accounts';
 import { importFetchedAccounts } from './importer';
-import { openModal } from 'flavours/glitch/actions/modal';

 export const MUTES_FETCH_REQUEST = 'MUTES_FETCH_REQUEST';
 export const MUTES_FETCH_SUCCESS = 'MUTES_FETCH_SUCCESS';
@ -96,7 +98,7 @@ export function initMuteModal(account) {
      account,
    });

-    dispatch(openModal('MUTE'));
+    dispatch(openModal({ modalType: 'MUTE' }));
  };
 }

--- a/app/javascript/flavours/glitch/actions/notifications.js
+++ b/app/javascript/flavours/glitch/actions/notifications.js
@ -1,5 +1,15 @@
+import { IntlMessageFormat } from 'intl-messageformat';
+import { defineMessages } from 'react-intl';
+
+import { List as ImmutableList } from 'immutable';
+
+import { compareId } from 'flavours/glitch/compare_id';
+import { usePendingItems as preferPendingItems } from 'flavours/glitch/initial_state';
+import { unescapeHTML } from 'flavours/glitch/utils/html';
+import { requestNotificationPermission } from 'flavours/glitch/utils/notifications';
+
 import api, { getLinks } from '../api';
-import IntlMessageFormat from 'intl-messageformat';
+
 import { fetchFollowRequests, fetchRelationships } from './accounts';
 import {
  importFetchedAccount,
@ -9,12 +19,9 @@ import {
 } from './importer';
 import { submitMarkers } from './markers';
 import { saveSettings } from './settings';
-import { defineMessages } from 'react-intl';
-import { List as ImmutableList } from 'immutable';
-import { unescapeHTML } from 'flavours/glitch/utils/html';
-import { usePendingItems as preferPendingItems } from 'flavours/glitch/initial_state';
-import compareId from 'flavours/glitch/compare_id';
-import { requestNotificationPermission } from 'flavours/glitch/utils/notifications';
+
+
+

 export const NOTIFICATIONS_UPDATE = 'NOTIFICATIONS_UPDATE';
 export const NOTIFICATIONS_UPDATE_NOOP = 'NOTIFICATIONS_UPDATE_NOOP';
--- a/app/javascript/flavours/glitch/actions/onboarding.js
+++ b/app/javascript/flavours/glitch/actions/onboarding.js
@ -6,7 +6,9 @@ export function showOnboardingOnce() {
    const alreadySeen = getState().getIn(['settings', 'onboarded']);

    if (!alreadySeen) {
-      dispatch(openModal('ONBOARDING'));
+      dispatch(openModal({
+        modalType: 'ONBOARDING',
+      }));
      dispatch(changeSetting(['onboarded'], true));
      dispatch(saveSettings());
    }
--- a/app/javascript/flavours/glitch/actions/pin_statuses.js
+++ b/app/javascript/flavours/glitch/actions/pin_statuses.js
@ -1,12 +1,14 @@
+import { me } from 'flavours/glitch/initial_state';
+
 import api from '../api';
+
 import { importFetchedStatuses } from './importer';

+
 export const PINNED_STATUSES_FETCH_REQUEST = 'PINNED_STATUSES_FETCH_REQUEST';
 export const PINNED_STATUSES_FETCH_SUCCESS = 'PINNED_STATUSES_FETCH_SUCCESS';
 export const PINNED_STATUSES_FETCH_FAIL = 'PINNED_STATUSES_FETCH_FAIL';

-import { me } from 'flavours/glitch/initial_state';
-
 export function fetchPinnedStatuses() {
  return (dispatch, getState) => {
    dispatch(fetchPinnedStatusesRequest());
--- a/app/javascript/flavours/glitch/actions/polls.js
+++ b/app/javascript/flavours/glitch/actions/polls.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { importFetchedPoll } from './importer';

 export const POLL_VOTE_REQUEST = 'POLL_VOTE_REQUEST';
--- a/app/javascript/flavours/glitch/actions/push_notifications/index.js
+++ b/app/javascript/flavours/glitch/actions/push_notifications/index.js
@ -1,5 +1,5 @@
-import { setAlerts } from './setter';
 import { saveSettings } from './registerer';
+import { setAlerts } from './setter';

 export function changeAlerts(path, value) {
  return dispatch => {
--- a/app/javascript/flavours/glitch/actions/push_notifications/registerer.js
+++ b/app/javascript/flavours/glitch/actions/push_notifications/registerer.js
@ -1,5 +1,6 @@
 import api from '../../api';
 import { pushNotificationsSetting } from '../../settings';
+
 import { setBrowserSupport, setSubscription, clearSubscription } from './setter';

 // Taken from https://www.npmjs.com/package/web-push
--- a/app/javascript/flavours/glitch/actions/reports.js
+++ b/app/javascript/flavours/glitch/actions/reports.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { openModal } from './modal';

 export const REPORT_SUBMIT_REQUEST = 'REPORT_SUBMIT_REQUEST';
@ -6,9 +7,12 @@ export const REPORT_SUBMIT_SUCCESS = 'REPORT_SUBMIT_SUCCESS';
 export const REPORT_SUBMIT_FAIL    = 'REPORT_SUBMIT_FAIL';

 export const initReport = (account, status) => dispatch =>
-  dispatch(openModal('REPORT', {
-    accountId: account.get('id'),
-    statusId: status?.get('id'),
+  dispatch(openModal({
+    modalType: 'REPORT',
+    modalProps: {
+      accountId: account.get('id'),
+      statusId: status?.get('id'),
+    },
  }));

 export const submitReport = (params, onSuccess, onFail) => (dispatch, getState) => {
--- a/app/javascript/flavours/glitch/actions/search.js
+++ b/app/javascript/flavours/glitch/actions/search.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { fetchRelationships } from './accounts';
 import { importFetchedAccounts, importFetchedStatuses } from './importer';

--- a/app/javascript/flavours/glitch/actions/server.js
+++ b/app/javascript/flavours/glitch/actions/server.js
@ -1,4 +1,5 @@
 import api from '../api';
+
 import { importFetchedAccount } from './importer';

 export const SERVER_FETCH_REQUEST = 'Server_FETCH_REQUEST';
@ -18,6 +19,10 @@ export const SERVER_DOMAIN_BLOCKS_FETCH_SUCCESS = 'SERVER_DOMAIN_BLOCKS_FETCH_SU
 export const SERVER_DOMAIN_BLOCKS_FETCH_FAIL    = 'SERVER_DOMAIN_BLOCKS_FETCH_FAIL';

 export const fetchServer = () => (dispatch, getState) => {
+  if (getState().getIn(['server', 'server', 'isLoading'])) {
+    return;
+  }
+
  dispatch(fetchServerRequest());

  api(getState)
@ -65,6 +70,10 @@ const fetchServerTranslationLanguagesFail = error => ({
 });

 export const fetchExtendedDescription = () => (dispatch, getState) => {
+  if (getState().getIn(['server', 'extendedDescription', 'isLoading'])) {
+    return;
+  }
+
  dispatch(fetchExtendedDescriptionRequest());

  api(getState)
@ -88,6 +97,10 @@ const fetchExtendedDescriptionFail = error => ({
 });

 export const fetchDomainBlocks = () => (dispatch, getState) => {
+  if (getState().getIn(['server', 'domainBlocks', 'isLoading'])) {
+    return;
+  }
+
  dispatch(fetchDomainBlocksRequest());

  api(getState)
--- a/app/javascript/flavours/glitch/actions/settings.js
+++ b/app/javascript/flavours/glitch/actions/settings.js
@ -1,5 +1,7 @@
-import api from '../api';
 import { debounce } from 'lodash';
+
+import api from '../api';
+
 import { showAlertForError } from './alerts';

 export const SETTING_CHANGE = 'SETTING_CHANGE';
--- a/Show More
+++ b/Show More