Merge commit 'dc09c10fa8cc9230bf14e48d790c8f0c26043f8f' into glitch-soc/merge-upstream

Conflicts:
- `.rubocop_todo.yml`:
  Upstream re-generated the file, while glitch-soc has a specific ignore
  for some file.
  Updated the file as upstream did and kept our extra ignore.
- `config/webpack/shared.js`:
  Upstream added a plugin, but our files are pretty different.
  Added the plugin as well.
- `spec/helpers/application_helper_spec.rb`:
  Upstream refactored tests, but part of them were different because
  of glitch-soc's theming system.
  Applied the refactoring to glitch-soc's change.

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.54.2.
+# using RuboCop version 1.56.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -61,38 +61,8 @@ Lint/EmptyBlock:
     - 'spec/fabricators/access_token_fabricator.rb'
     - 'spec/fabricators/conversation_fabricator.rb'
     - 'spec/fabricators/system_key_fabricator.rb'
-    - 'spec/helpers/admin/action_logs_helper_spec.rb'
     - 'spec/lib/activitypub/adapter_spec.rb'
-    - 'spec/models/account_alias_spec.rb'
-    - 'spec/models/account_deletion_request_spec.rb'
-    - 'spec/models/account_moderation_note_spec.rb'
-    - 'spec/models/announcement_mute_spec.rb'
-    - 'spec/models/announcement_reaction_spec.rb'
-    - 'spec/models/announcement_spec.rb'
-    - 'spec/models/backup_spec.rb'
-    - 'spec/models/conversation_mute_spec.rb'
-    - 'spec/models/custom_filter_keyword_spec.rb'
-    - 'spec/models/custom_filter_spec.rb'
-    - 'spec/models/device_spec.rb'
-    - 'spec/models/encrypted_message_spec.rb'
-    - 'spec/models/featured_tag_spec.rb'
-    - 'spec/models/follow_recommendation_suppression_spec.rb'
-    - 'spec/models/list_account_spec.rb'
-    - 'spec/models/list_spec.rb'
-    - 'spec/models/login_activity_spec.rb'
-    - 'spec/models/mute_spec.rb'
-    - 'spec/models/preview_card_spec.rb'
-    - 'spec/models/preview_card_trend_spec.rb'
-    - 'spec/models/relay_spec.rb'
-    - 'spec/models/scheduled_status_spec.rb'
-    - 'spec/models/status_stat_spec.rb'
-    - 'spec/models/status_trend_spec.rb'
-    - 'spec/models/system_key_spec.rb'
-    - 'spec/models/tag_follow_spec.rb'
-    - 'spec/models/unavailable_domain_spec.rb'
-    - 'spec/models/user_invite_request_spec.rb'
     - 'spec/models/user_role_spec.rb'
-    - 'spec/models/web/setting_spec.rb'
 
 Lint/NonLocalExitFromIterator:
   Exclude:
@@ -135,7 +105,7 @@ Lint/UselessAssignment:
 
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 146
+  Max: 144
   Exclude:
     - 'app/serializers/initial_state_serializer.rb'
 
@@ -166,6 +136,19 @@ Naming/VariableNumber:
     - 'spec/models/domain_block_spec.rb'
     - 'spec/models/user_spec.rb'
 
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeMultiline.
+Performance/DeletePrefix:
+  Exclude:
+    - 'app/models/featured_tag.rb'
+
+Performance/MapMethodChain:
+  Exclude:
+    - 'app/models/feed.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
 RSpec/AnyInstance:
   Exclude:
     - 'spec/controllers/activitypub/inboxes_controller_spec.rb'
@@ -765,6 +748,15 @@ Style/RedundantFetchBlock:
     - 'config/initializers/paperclip.rb'
     - 'config/puma.rb'
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleReturnValues.
+Style/RedundantReturn:
+  Exclude:
+    - 'app/controllers/api/v1/directories_controller.rb'
+    - 'app/controllers/auth/confirmations_controller.rb'
+    - 'app/lib/ostatus/tag_manager.rb'
+    - 'app/models/form/import.rb'
+
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
 # AllowedMethods: present?, blank?, presence, try, try!

Gemfile.lock

@@ -147,6 +147,7 @@ GEM
       faraday_middleware (~> 1.0, >= 1.0.0.rc1)
       net-http-persistent (~> 4.0)
       nokogiri (~> 1, >= 1.10.8)
+    base64 (0.1.1)
     bcrypt (3.1.18)
     better_errors (2.10.1)
       erubi (>= 1.0.0)
@@ -451,7 +452,7 @@ GEM
       hashie (~> 5.0)
     memory_profiler (1.0.1)
     method_source (1.0.0)
-    mime-types (3.5.0)
+    mime-types (3.5.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2023.0808)
     mini_mime (1.1.5)
@@ -637,7 +638,8 @@ GEM
       sidekiq (>= 2.4.0)
     rspec-support (3.12.0)
     rspec_chunked (0.6)
-    rubocop (1.54.2)
+    rubocop (1.56.1)
+      base64 (~> 0.1.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
@@ -645,7 +647,7 @@ GEM
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.0, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.29.0)
@@ -654,14 +656,14 @@ GEM
       rubocop (~> 1.41)
     rubocop-factory_bot (2.23.1)
       rubocop (~> 1.33)
-    rubocop-performance (1.18.0)
+    rubocop-performance (1.19.0)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
     rubocop-rails (2.20.2)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
-    rubocop-rspec (2.22.0)
+    rubocop-rspec (2.23.2)
       rubocop (~> 1.33)
       rubocop-capybara (~> 2.17)
       rubocop-factory_bot (~> 2.22)

SECURITY.md

@@ -1,8 +1,11 @@
 # Security Policy
 
-If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can reach us at <security@joinmastodon.org>.
+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either:
 
-You should _not_ report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+- open a [Github security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
+- reach us at <security@joinmastodon.org>
+
+You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
 
 ## Scope
 

app/javascript/styles/mastodon/components.scss

@@ -8539,6 +8539,44 @@ noscript {
     }
   }
 
+  &__choices {
+    display: flex;
+    gap: 40px;
+
+    &__choice {
+      flex: 1;
+      box-sizing: border-box;
+
+      h3 {
+        margin-bottom: 20px;
+      }
+
+      p {
+        color: $darker-text-color;
+        margin-bottom: 20px;
+        font-size: 15px;
+      }
+
+      .button {
+        margin-bottom: 10px;
+
+        &:last-child {
+          margin-bottom: 0;
+        }
+      }
+    }
+  }
+
+  @media screen and (max-width: $no-gap-breakpoint - 1px) {
+    &__choices {
+      flex-direction: column;
+
+      &__choice {
+        margin-top: 40px;
+      }
+    }
+  }
+
   .link-button {
     font-size: inherit;
     display: inline;

app/lib/importer/base_importer.rb

@@ -68,8 +68,8 @@ class Importer::BaseImporter
 
   protected
 
-  def in_work_unit(*args, &block)
-    work_unit = Concurrent::Promises.future_on(@executor, *args, &block)
+  def in_work_unit(...)
+    work_unit = Concurrent::Promises.future_on(@executor, ...)
 
     work_unit.on_fulfillment!(&@on_progress)
     work_unit.on_rejection!(&@on_failure)

config/webpack/shared.js

@@ -2,6 +2,7 @@
 
 const { resolve } = require('path');
 
+const CircularDependencyPlugin = require('circular-dependency-plugin');
 const MiniCssExtractPlugin = require('mini-css-extract-plugin');
 const webpack = require('webpack');
 const AssetsManifestPlugin = require('webpack-assets-manifest');
@@ -112,6 +113,9 @@ module.exports = {
       writeToDisk: true,
       publicPath: true,
     }),
+    new CircularDependencyPlugin({
+      failOnError: true,
+    })
   ],
 
   resolve: {

lib/redis/namespace_extensions.rb

@@ -2,8 +2,8 @@
 
 class Redis
   module NamespaceExtensions
-    def exists?(*args, &block)
-      call_with_namespace('exists?', *args, &block)
+    def exists?(...)
+      call_with_namespace('exists?', ...)
     end
   end
 end

package.json

@@ -60,6 +60,7 @@
     "babel-plugin-preval": "^5.1.0",
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
     "blurhash": "^2.0.5",
+    "circular-dependency-plugin": "^5.2.2",
     "classnames": "^2.3.2",
     "cocoon-js-vanilla": "^1.3.0",
     "color-blend": "^4.0.0",

spec/controllers/api/v1/instances/translation_languages_controller_spec.rb

@@ -16,8 +16,7 @@ describe Api::V1::Instances::TranslationLanguagesController do
     context 'when a translation service is configured' do
       before do
         service = instance_double(TranslationService::DeepL, languages: { nil => %w(en de), 'en' => ['de'] })
-        allow(TranslationService).to receive(:configured?).and_return(true)
-        allow(TranslationService).to receive(:configured).and_return(service)
+        allow(TranslationService).to receive_messages(configured?: true, configured: service)
       end
 
       it 'returns language matrix' do

spec/controllers/api/v1/statuses/translations_controller_spec.rb

@@ -20,8 +20,7 @@ describe Api::V1::Statuses::TranslationsController do
       before do
         translation = TranslationService::Translation.new(text: 'Hello')
         service = instance_double(TranslationService::DeepL, translate: [translation])
-        allow(TranslationService).to receive(:configured?).and_return(true)
-        allow(TranslationService).to receive(:configured).and_return(service)
+        allow(TranslationService).to receive_messages(configured?: true, configured: service)
         Rails.cache.write('translation_service/languages', { 'es' => ['en'] })
         post :create, params: { status_id: status.id }
       end

spec/helpers/admin/filter_helper_spec.rb

@@ -7,8 +7,7 @@ describe Admin::FilterHelper do
     params = ActionController::Parameters.new(
       { test: 'test' }
     )
-    allow(helper).to receive(:params).and_return(params)
-    allow(helper).to receive(:url_for).and_return('/test')
+    allow(helper).to receive_messages(params: params, url_for: '/test')
     result = helper.filter_link_to('text', { resolved: true })
 
     expect(result).to match(/text/)

spec/helpers/application_helper_spec.rb

@@ -31,10 +31,7 @@ describe ApplicationHelper do
     context 'with a body class string from a controller' do
       before do
         without_partial_double_verification do
-          allow(helper).to receive(:body_class_string).and_return('modal-layout compose-standalone')
-          allow(helper).to receive(:current_flavour).and_return('glitch')
-          allow(helper).to receive(:current_skin).and_return('default')
-          allow(helper).to receive(:current_account).and_return(Fabricate(:account))
+          allow(helper).to receive_messages(body_class_string: 'modal-layout compose-standalone', current_flavour: 'glitch', current_skin: 'default', current_account: Fabricate(:account))
         end
       end
 

spec/helpers/home_helper_spec.rb

@@ -25,8 +25,7 @@ RSpec.describe HomeHelper do
 
       it 'returns a link to the account' do
         without_partial_double_verification do
-          allow(helper).to receive(:current_account).and_return(account)
-          allow(helper).to receive(:prefers_autoplay?).and_return(false)
+          allow(helper).to receive_messages(current_account: account, prefers_autoplay?: false)
           result = helper.account_link_to(account)
 
           expect(result).to match "@#{account.acct}"
@@ -101,8 +100,7 @@ RSpec.describe HomeHelper do
 
     context 'with open registrations' do
       it 'returns correct sign up message' do
-        allow(helper).to receive(:closed_registrations?).and_return(false)
-        allow(helper).to receive(:open_registrations?).and_return(true)
+        allow(helper).to receive_messages(closed_registrations?: false, open_registrations?: true)
         result = helper.sign_up_message
 
         expect(result).to eq t('auth.register')
@@ -111,9 +109,7 @@ RSpec.describe HomeHelper do
 
     context 'with approved registrations' do
       it 'returns correct sign up message' do
-        allow(helper).to receive(:closed_registrations?).and_return(false)
-        allow(helper).to receive(:open_registrations?).and_return(false)
-        allow(helper).to receive(:approved_registrations?).and_return(true)
+        allow(helper).to receive_messages(closed_registrations?: false, open_registrations?: false, approved_registrations?: true)
         result = helper.sign_up_message
 
         expect(result).to eq t('auth.apply_for_account')

spec/lib/admin/system_check/elasticsearch_check_spec.rb

@@ -14,13 +14,12 @@ describe Admin::SystemCheck::ElasticsearchCheck do
       before do
         allow(Chewy).to receive(:enabled?).and_return(true)
         allow(Chewy.client.cluster).to receive(:health).and_return({ 'status' => 'green', 'number_of_nodes' => 1 })
-        allow(Chewy.client.indices).to receive(:get_mapping).and_return({
+        allow(Chewy.client.indices).to receive_messages(get_mapping: {
           AccountsIndex.index_name => AccountsIndex.mappings_hash.deep_stringify_keys,
           StatusesIndex.index_name => StatusesIndex.mappings_hash.deep_stringify_keys,
           InstancesIndex.index_name => InstancesIndex.mappings_hash.deep_stringify_keys,
           TagsIndex.index_name => TagsIndex.mappings_hash.deep_stringify_keys,
-        })
-        allow(Chewy.client.indices).to receive(:get_settings).and_return({
+        }, get_settings: {
           'chewy_specifications' => {
             'settings' => {
               'index' => {

spec/models/report_filter_spec.rb

@@ -23,8 +23,7 @@ describe ReportFilter do
     it 'combines filters on Report' do
       filter = described_class.new(account_id: '123', resolved: true, target_account_id: '456')
 
-      allow(Report).to receive(:where).and_return(Report.none)
-      allow(Report).to receive(:resolved).and_return(Report.none)
+      allow(Report).to receive_messages(where: Report.none, resolved: Report.none)
       filter.results
       expect(Report).to have_received(:where).with(account_id: '123')
       expect(Report).to have_received(:where).with(target_account_id: '456')

spec/services/suspend_account_service_spec.rb

@@ -10,8 +10,7 @@ RSpec.describe SuspendAccountService, type: :service do
     let!(:list)           { Fabricate(:list, account: local_follower) }
 
     before do
-      allow(FeedManager.instance).to receive(:unmerge_from_home).and_return(nil)
-      allow(FeedManager.instance).to receive(:unmerge_from_list).and_return(nil)
+      allow(FeedManager.instance).to receive_messages(unmerge_from_home: nil, unmerge_from_list: nil)
 
       local_follower.follow!(account)
       list.accounts << account

spec/services/translate_status_service_spec.rb

@@ -29,8 +29,7 @@ RSpec.describe TranslateStatusService, type: :service do
         end
       end
 
-      allow(TranslationService).to receive(:configured?).and_return(true)
-      allow(TranslationService).to receive(:configured).and_return(translation_service)
+      allow(TranslationService).to receive_messages(configured?: true, configured: translation_service)
     end
 
     it 'returns translated status content' do

spec/services/unsuspend_account_service_spec.rb

@@ -10,8 +10,7 @@ RSpec.describe UnsuspendAccountService, type: :service do
     let!(:list)           { Fabricate(:list, account: local_follower) }
 
     before do
-      allow(FeedManager.instance).to receive(:merge_into_home).and_return(nil)
-      allow(FeedManager.instance).to receive(:merge_into_list).and_return(nil)
+      allow(FeedManager.instance).to receive_messages(merge_into_home: nil, merge_into_list: nil)
 
       local_follower.follow!(account)
       list.accounts << account

spec/views/statuses/show.html.haml_spec.rb

@@ -4,15 +4,9 @@ require 'rails_helper'
 
 describe 'statuses/show.html.haml', without_verify_partial_doubles: true do
   before do
-    allow(view).to receive(:api_oembed_url).and_return('')
-    allow(view).to receive(:show_landing_strip?).and_return(true)
-    allow(view).to receive(:site_title).and_return('example site')
-    allow(view).to receive(:site_hostname).and_return('example.com')
-    allow(view).to receive(:full_asset_url).and_return('//asset.host/image.svg')
+    allow(view).to receive_messages(api_oembed_url: '', show_landing_strip?: true, site_title: 'example site', site_hostname: 'example.com', full_asset_url: '//asset.host/image.svg', current_account: nil, single_user_mode?: false)
     allow(view).to receive(:local_time)
     allow(view).to receive(:local_time_ago)
-    allow(view).to receive(:current_account).and_return(nil)
-    allow(view).to receive(:single_user_mode?).and_return(false)
     assign(:instance_presenter, InstancePresenter.new)
   end
 

yarn.lock

@@ -4003,6 +4003,11 @@ cipher-base@^1.0.0, cipher-base@^1.0.1, cipher-base@^1.0.3:
     inherits "^2.0.1"
     safe-buffer "^5.0.1"
 
+circular-dependency-plugin@^5.2.2:
+  version "5.2.2"
+  resolved "https://registry.yarnpkg.com/circular-dependency-plugin/-/circular-dependency-plugin-5.2.2.tgz#39e836079db1d3cf2f988dc48c5188a44058b600"
+  integrity sha512-g38K9Cm5WRwlaH6g03B9OEz/0qRizI+2I7n+Gz+L5DxXJAPAiWQvwlYNm1V1jkdpUv95bOe/ASm2vfi/G560jQ==
+
 cjs-module-lexer@^1.0.0:
   version "1.2.3"
   resolved "https://registry.yarnpkg.com/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz#6c370ab19f8a3394e318fe682686ec0ac684d107"
@@ -11296,6 +11301,7 @@ stringz@^2.1.0:
     char-regex "^1.0.2"
 
 "strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1:
+  name strip-ansi-cjs
   version "6.0.1"
   resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
   integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==