djsundog/tootlab-mastodon
1
0
Fork 0
mirror of https://github.com/glitch-soc/mastodon.git synced 2024-11-23 08:34:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
20,618 Commits 69 Branches 20 Tags 372 MiB
glitch-soc/security/8c76a208ed30cc1bd54262302b2aed27ae142509
Commit Graph

20618 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
renovate[bot]
d317ef8fb1 Update dependency pg to v1.5.5 (#29230) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-16 10:14:28 +01:00
Claire
766006c86e Allow JSON-LD documents with multiple profiles 2024-02-15 15:40:53 +01:00
Claire
6158984a3f Fix insufficient Content-Type checking of fetched ActivityStreams objects 2024-02-15 15:40:53 +01:00
Claire
541e59d114 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 23:13:27 +01:00
Claire
5612313bcb Fix OmniAuth tests (#29201) 2024-02-14 16:08:00 +01:00
Claire
2fafe653b2 Improve performance of deleting OAuth tokens 2024-02-14 14:21:11 +01:00
Emelia Smith
27ae1461c5 Ensure password resets revoke access to Streaming API 2024-02-14 14:21:11 +01:00
Emelia Smith
320faea827 Ensure destruction of OAuth Applications notifies streaming 
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
 2024-02-14 14:21:11 +01:00
Claire
27bdd6df17 Rename methods to avoid confusion between OAuth and OmniAuth 2024-02-14 13:58:42 +01:00
Claire
d0b66f596a Lock auth provider changes behind ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true 2024-02-14 13:58:42 +01:00
Claire
a2a0ea2e1a Prevent different identities from a same SSO provider from accessing a same account 2024-02-14 13:58:42 +01:00
Claire
b2ecc28e55 Add sidekiq_unique_jobs:delete_all_locks task and disable sidekiq-unique-jobs UI by default (#29199) 2024-02-14 13:54:53 +01:00
Emelia Smith
5edf600e60 Disable administrative doorkeeper routes (#29187) 2024-02-14 13:54:47 +01:00
renovate[bot]
0ef807d7a8 Update dependency sidekiq-unique-jobs to v7.1.33 (#29175) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-14 13:54:40 +01:00
Claire
8c76a208ed
Merge pull request #2607 from ClearlyClaire/glitch-soc/cherry-pick-upstream 
Cherry-pick upstream changes
 2024-02-06 21:56:01 +01:00
Eugen Rochko
65eb943b9d Fix confirmation e-mails when signing up through an app (#29064) 2024-02-06 21:00:33 +01:00
Claire
19f1ffe287 Fix self-destruct schedule not actually replacing initial schedule (#29049) 2024-02-06 21:00:09 +01:00
renovate[bot]
5ea36a3606 Update dependency brakeman to v6.1.2 (#29062) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-06 20:59:51 +01:00
renovate[bot]
b27cad27c2 Update dependency bootsnap to '~> 1.18.0' (#29019) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-06 20:59:51 +01:00
renovate[bot]
63f1f1465a Update dependency tzinfo-data to v1.2024.1 (#29052) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-06 20:59:51 +01:00
Matt Jankowski
4cd00c0dd9 Update nsa gem to version 0.3.0 (#29065) 2024-02-06 20:59:51 +01:00
renovate[bot]
c6f7e3a1fb Update dependency haml_lint to v0.56.0 (#29082) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-06 20:59:51 +01:00
renovate[bot]
93aa783aa1 Update dependency nokogiri to v1.16.2 [SECURITY] (#29106) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-06 20:59:51 +01:00
renovate[bot]
868333c86f Update dependency capybara to v3.40.0 (#28966) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-06 20:59:51 +01:00
renovate[bot]
ac49514bd6 Update dependency chewy to v7.5.1 (#29018) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-06 20:59:51 +01:00
github-actions[bot]
a2611d782c
New Crowdin Translations (automated) (#2588) 
* New Crowdin translations

* Fix bogus translation files

---------

Co-authored-by: GitHub Actions <noreply@github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-02-06 20:45:07 +01:00
JS Moore
541cbdd963
Add env variable support for number of followable hashtags in feed column (#2500) 
* Add env variable support for number of followable hashtags in feed column.

* Add a note about performance concerns for higher values.

See discussion in https://github.com/glitch-soc/mastodon/pull/2500

* Update .devcontainer/docker-compose.yml

---------

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-02-06 20:23:36 +01:00
Essem
08e511cecb
Fix doodle modal icons (#2597) 2024-02-06 20:22:42 +01:00
Claire
5bc39b3196 Fix build-security docker tags 2024-02-01 20:30:35 +01:00
Claire
c3936cbbe3 Temporary hack to correctly tag the security docker image… 2024-02-01 18:40:40 +01:00
Aaron Brady
970320d73c
Restore -streaming suffix for security builds (#2602) 2024-02-01 17:20:08 +01:00
Claire
63d7a30503 Fix build-security workflow for glitch-soc 2024-02-01 16:09:51 +01:00
Claire
ff58ec0103 Merge pull request from GHSA-3fjr-858r-92rw 
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
 2024-02-01 15:57:08 +01:00
Claire
3866597e24
Merge pull request #2601 from ClearlyClaire/glitch-soc/fixes/security-builds-latest 
Fix security builds not being tagged latest
 2024-02-01 11:48:45 +01:00
Claire
a7b16003e1 Fix security builds not being marked latest 2024-02-01 11:31:29 +01:00
Claire
626ff320cf
Merge pull request #2600 from ClearlyClaire/glitch-soc/fixes/failures 
Configure selenium to use Chrome version 120 (#29038)
 2024-02-01 11:30:34 +01:00
Matt Jankowski
f4416e6b3a Configure selenium to use Chrome version 120 (#29038) 2024-02-01 11:15:23 +01:00
Claire
7bb5f6efbc
Merge pull request #2599 from ClearlyClaire/glitch-soc/build-action 
Add github action workflow for manual security builds
 2024-02-01 11:14:40 +01:00
Claire
883f589653 Fix missing workflow_dispatch trigger for build-security (#29041) 2024-02-01 10:58:10 +01:00
Claire
85bdd145dc Adapt workflow to glitch-soc 2024-02-01 10:40:04 +01:00
Claire
a48447a6b2 Add github action workflow for manual security builds (#29040) 2024-02-01 10:39:23 +01:00
Claire
8b87673f5e
Remove obsolete locale file (#2596) 2024-01-30 23:21:35 +01:00
Claire
3ede233146
Fix crash in private mention conversations in glitch-soc flavor (#2595) 2024-01-30 22:42:22 +01:00
Claire
80308d384a
[Glitch] Refactor conversations components in web UI (#2589) 
Port 3205a654ca to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2024-01-28 14:53:08 +01:00
Claire
a4e7cc2d94
Merge pull request #2590 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes up to bf153b384b
 2024-01-28 14:47:35 +01:00
Claire
bf153b384b Merge commit '42ab855b2339c5cea3229c856ab539f883736b12' into glitch-soc/merge-upstream 
Conflicts:
- `app/controllers/auth/confirmations_controller.rb`:
  Upstream refactored, changing lines textually close of glitch-soc-only lines
  pertaining to the theming system.
  Resolved the conflict.
- `app/controllers/auth/passwords_controller.rb`:
  Upstream refactored, changing lines textually close of glitch-soc-only lines
  pertaining to the theming system.
  Resolved the conflict.
- `app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb`:
  Upstream refactored, changing lines textually close of glitch-soc-only lines
  pertaining to the theming system.
  Resolved the conflict.
 2024-01-27 19:06:41 +01:00
Claire
420ca90071
Merge pull request #2585 from ClearlyClaire/glitch-soc/merge-upstream 
Merge upstream changes up to 3205a654ca
 2024-01-27 18:35:29 +01:00
Claire
dd7a66949a Fix CSS loading in redirect controller 2024-01-26 21:04:02 +01:00
Claire
54ece5040d [Glitch] Use active variants for boost icons and increase icon size 
Port 5a838ceaa9 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-26 20:53:53 +01:00
Eugen Rochko
e5f50478b5 [Glitch] Add confirmation when redirecting logged-out requests to permalink 
Port SCSS changes from b19ae521b7 to glitch-soc

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-26 20:51:08 +01:00