Merge branch 'main' into glitch-soc/merge-upstream

Conflicts: - `CHANGELOG.md`: Upstream added newlines. Conflicts are because the CHANGELOG was independently merged from 3.4.6 on last security update. Took upstream's version. - `app/helpers/context_helper.rb`: Conflicts because of extra vocabulary in glitch-soc. The conflicts were actually handled in last security merge. Kept our version.
2022-02-06 15:34:42 +01:00 · 2022-02-06 15:34:42 +01:00 · aa832d623a
commit aa832d623a
parent 24d1ddcc24 92658f0fb0
9 changed files with 110 additions and 40 deletions
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@ -11,6 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
+      - uses: docker/setup-qemu-action@v1
      - uses: docker/setup-buildx-action@v1
      - uses: docker/login-action@v1
        with:
@ -29,6 +30,7 @@ jobs:
      - uses: docker/build-push-action@v2
        with:
          context: .
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/mastodon:latest
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,10 +5,12 @@ All notable changes to this project will be documented in this file.

 ## [3.4.6] - 2022-02-03
 ### Fixed
+
 - Fix `mastodon:webpush:generate_vapid_key` task requiring a functional environment ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17338))
 - Fix spurious errors when receiving an Add activity for a private post ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17425))

 ### Security
+
 - Fix error-prone SQL queries ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/15828))
 - Fix not compacting incoming signed JSON-LD activities ([puckipedia](https://github.com/mastodon/mastodon/pull/17426), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17428)) (CVE-2022-24307)
 - Fix insufficient sanitization of report comments ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17430))
@ -17,10 +19,12 @@ All notable changes to this project will be documented in this file.

 ## [3.4.5] - 2022-01-31
 ### Added
+
 - Add more advanced migration tests ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17393))
 - Add github workflow to build Docker images ([unasuke](https://github.com/mastodon/mastodon/pull/16973), [Gargron](https://github.com/mastodon/mastodon/pull/16980), [Gargron](https://github.com/mastodon/mastodon/pull/17000))

 ### Fixed
+
 - Fix some old migrations failing when skipping releases ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17394))
 - Fix migrations script failing in certain edge cases ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17398))
 - Fix Docker build ([tribela](https://github.com/mastodon/mastodon/pull/17188))
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -106,7 +106,7 @@ GEM
      ffi (~> 1.14)
    bootsnap (1.10.2)
      msgpack (~> 1.2)
-    brakeman (5.2.0)
+    brakeman (5.2.1)
    browser (4.2.0)
    brpoplpush-redis_script (0.1.2)
      concurrent-ruby (~> 1.0, >= 1.0.5)
@ -208,7 +208,7 @@ GEM
      multi_json
    encryptor (3.0.0)
    erubi (1.10.0)
-    et-orbi (1.2.4)
+    et-orbi (1.2.6)
      tzinfo
    excon (0.76.0)
    fabrication (2.24.0)
@ -252,7 +252,7 @@ GEM
      fog-json (>= 1.0)
      ipaddress (>= 0.8)
    formatador (0.2.5)
-    fugit (1.4.5)
+    fugit (1.5.2)
      et-orbi (~> 1.1, >= 1.1.8)
      raabro (~> 1.4)
    fuubar (2.5.1)
@ -554,7 +554,7 @@ GEM
      nokogiri (>= 1.10.5)
      rexml
    ruby2_keywords (0.0.5)
-    rufus-scheduler (3.7.0)
+    rufus-scheduler (3.8.1)
      fugit (~> 1.1, >= 1.1.6)
    safety_net_attestation (0.4.0)
      jwt (~> 2.0)
@ -572,7 +572,7 @@ GEM
      redis (>= 4.2.0)
    sidekiq-bulk (0.2.0)
      sidekiq
-    sidekiq-scheduler (3.1.0)
+    sidekiq-scheduler (3.1.1)
      e2mmap
      redis (>= 3, < 5)
      rufus-scheduler (~> 3.2)
--- a/app/controllers/admin/relationships_controller.rb
+++ b/app/controllers/admin/relationships_controller.rb
@ -9,7 +9,8 @@ module Admin
    def index
      authorize :account, :index?

-      @accounts = RelationshipFilter.new(@account, filter_params).results.page(params[:page]).per(PER_PAGE)
+      @accounts = RelationshipFilter.new(@account, filter_params).results.includes(:account_stat, user: [:ips, :invite_request]).page(params[:page]).per(PER_PAGE)
+      @form     = Form::AccountBatch.new
    end

    private
--- a/app/controllers/instance_actors_controller.rb
+++ b/app/controllers/instance_actors_controller.rb
@ -3,6 +3,7 @@
 class InstanceActorsController < ApplicationController
  include AccountControllerConcern

+  skip_before_action :check_account_confirmation
  skip_around_action :set_locale

  def show
--- a/app/views/admin/relationships/index.html.haml
+++ b/app/views/admin/relationships/index.html.haml
@ -24,16 +24,17 @@

 %hr.spacer/

-.table-wrapper
-  %table.table
-    %thead
-      %tr
-        %th= t('admin.accounts.username')
-        %th= t('admin.accounts.role')
-        %th= t('admin.accounts.most_recent_ip')
-        %th= t('admin.accounts.most_recent_activity')
-        %th
-    %tbody
-      = render partial: 'admin/accounts/account', collection: @accounts
+= form_for(@form, url: batch_admin_accounts_path) do |f|
+  .batch-table
+    .batch-table__toolbar
+      %label.batch-table__toolbar__select.batch-checkbox-all
+        = check_box_tag :batch_checkbox_all, nil, false
+      .batch-table__toolbar__actions
+        = f.button safe_join([fa_icon('lock'), t('admin.accounts.perform_full_suspension')]), name: :suspend, class: 'table-action-link', type: :submit, data: { confirm: t('admin.reports.are_you_sure') }
+    .batch-table__body
+      - if @accounts.empty?
+        = nothing_here 'nothing-here--under-tabs'
+      - else
+        = render partial: 'admin/accounts/account', collection: @accounts, locals: { f: f }

 = paginate @accounts
--- a/package.json
+++ b/package.json
@ -101,7 +101,7 @@
    "font-awesome": "^4.7.0",
    "glob": "^7.2.0",
    "history": "^4.10.1",
-    "http-link-header": "^1.0.3",
+    "http-link-header": "^1.0.4",
    "immutable": "^4.0.0",
    "imports-loader": "^1.2.0",
    "intersection-observer": "^0.12.0",
@ -146,7 +146,7 @@
    "react-swipeable-views": "^0.14.0",
    "react-textarea-autosize": "^8.3.3",
    "react-toggle": "^4.1.2",
-    "redis": "^4.0.2",
+    "redis": "^4.0.3",
    "redux": "^4.1.2",
    "redux-immutable": "^4.0.0",
    "redux-thunk": "^2.4.1",
--- a/spec/controllers/instance_actors_controller_spec.rb
+++ b/spec/controllers/instance_actors_controller_spec.rb
@ -0,0 +1,55 @@
+require 'rails_helper'
+
+RSpec.describe InstanceActorsController, type: :controller do
+  describe 'GET #show' do
+    context 'as JSON' do
+      let(:format) { 'json' }
+
+      shared_examples 'shared behavior' do
+        before do
+          get :show, params: { format: format }
+        end
+
+        it 'returns http success' do
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns application/activity+json' do
+          expect(response.media_type).to eq 'application/activity+json'
+        end
+
+        it 'does not set cookies' do
+          expect(response.cookies).to be_empty
+          expect(response.headers['Set-Cookies']).to be nil
+        end
+
+        it 'does not set sessions' do
+          expect(session).to be_empty
+        end
+
+        it 'returns public Cache-Control header' do
+          expect(response.headers['Cache-Control']).to include 'public'
+        end
+
+        it 'renders account' do
+          json = body_as_json
+          expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :inbox, :outbox, :url)
+        end
+      end
+
+      before do
+        allow(controller).to receive(:authorized_fetch_mode?).and_return(authorized_fetch_mode)
+      end
+
+      context 'without authorized fetch mode' do
+        let(:authorized_fetch_mode) { false }
+        it_behaves_like 'shared behavior'
+      end
+
+      context 'with authorized fetch mode' do
+        let(:authorized_fetch_mode) { true }
+        it_behaves_like 'shared behavior'
+      end
+    end
+  end
+end
--- a/yarn.lock
+++ b/yarn.lock
@ -1384,32 +1384,37 @@
    "@types/yargs" "^16.0.0"
    chalk "^4.0.0"

-"@node-redis/bloom@^1.0.0":
+"@node-redis/bloom@1.0.1":
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/@node-redis/bloom/-/bloom-1.0.1.tgz#144474a0b7dc4a4b91badea2cfa9538ce0a1854e"
  integrity sha512-mXEBvEIgF4tUzdIN89LiYsbi6//EdpFA7L8M+DHCvePXg+bfHWi+ct5VI6nHUFQE5+ohm/9wmgihCH3HSkeKsw==

-"@node-redis/client@^1.0.2":
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/@node-redis/client/-/client-1.0.2.tgz#7f09fb739675728fbc6e73536f7cd1be99bf7b8f"
-  integrity sha512-C+gkx68pmTnxfV+y4pzasvCH3s4UGHNOAUNhdJxGI27aMdnXNDZct7ffDHBL7bAZSGv9FSwCP5PeYvEIEKGbiA==
+"@node-redis/client@1.0.3":
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/@node-redis/client/-/client-1.0.3.tgz#ece282b7ee07283d744e6ab1fa72f2d47641402c"
+  integrity sha512-IXNgOG99PHGL3NxN3/e8J8MuX+H08I+OMNmheGmZBXngE0IntaCQwwrd7NzmiHA+zH3SKHiJ+6k3P7t7XYknMw==
  dependencies:
    cluster-key-slot "1.1.0"
    generic-pool "3.8.2"
    redis-parser "3.0.0"
    yallist "4.0.0"

-"@node-redis/json@^1.0.2":
+"@node-redis/graph@1.0.0":
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/@node-redis/graph/-/graph-1.0.0.tgz#baf8eaac4a400f86ea04d65ec3d65715fd7951ab"
+  integrity sha512-mRSo8jEGC0cf+Rm7q8mWMKKKqkn6EAnA9IA2S3JvUv/gaWW/73vil7GLNwion2ihTptAm05I9LkepzfIXUKX5g==
+
+"@node-redis/json@1.0.2":
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/@node-redis/json/-/json-1.0.2.tgz#8ad2d0f026698dc1a4238cc3d1eb099a3bee5ab8"
  integrity sha512-qVRgn8WfG46QQ08CghSbY4VhHFgaTY71WjpwRBGEuqGPfWwfRcIf3OqSpR7Q/45X+v3xd8mvYjywqh0wqJ8T+g==

-"@node-redis/search@^1.0.2":
+"@node-redis/search@1.0.2":
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/@node-redis/search/-/search-1.0.2.tgz#8cfc91006ea787df801d41410283e1f59027f818"
  integrity sha512-gWhEeji+kTAvzZeguUNJdMSZNH2c5dv3Bci8Nn2f7VGuf6IvvwuZDSBOuOlirLVgayVuWzAG7EhwaZWK1VDnWQ==

-"@node-redis/time-series@^1.0.1":
+"@node-redis/time-series@1.0.1":
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/@node-redis/time-series/-/time-series-1.0.1.tgz#703149f8fa4f6fff377c61a0873911e7c1ba5cc3"
  integrity sha512-+nTn6EewVj3GlUXPuD3dgheWqo219jTxlo6R+pg24OeVvFHx9aFGGiyOgj3vBPhWUdRZ0xMcujXV5ki4fbLyMw==
@ -5481,10 +5486,10 @@ http-errors@~1.6.2:
    setprototypeof "1.1.0"
    statuses ">= 1.4.0 < 2"

-http-link-header@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/http-link-header/-/http-link-header-1.0.3.tgz#abbc2cdc5e06dd7e196a4983adac08a2d085ec90"
-  integrity sha512-nARK1wSKoBBrtcoESlHBx36c1Ln/gnbNQi1eB6MeTUefJIT3NvUOsV15bClga0k38f0q/kN5xxrGSDS3EFnm9w==
+http-link-header@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/http-link-header/-/http-link-header-1.0.4.tgz#f4efc76c6151ed0ba0d1a2d679798a18854a4a99"
+  integrity sha512-Cnv3Q+FF+35avekdnH/ML8dls++tdnSgrvUIWw0YEszrWeLSuw5Iq1vyCVTb5v0rEUgFTy0x4shxXyrO0MDUzw==

 "http-parser-js@>=0.4.0 <0.4.11":
  version "0.4.10"
@ -9157,16 +9162,17 @@ redis-parser@3.0.0:
  dependencies:
    redis-errors "^1.0.0"

-redis@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/redis/-/redis-4.0.2.tgz#096cf716842731a24f34c7c3a996c143e2b133bb"
-  integrity sha512-Ip1DJ/lwuvtJz9AZ6pl1Bv33fWzk5d3iQpGzsXpi04ErkT4fq0pfGOm4k/p9DHmPGieEIOWvJ9xmIeQMooLybg==
+redis@^4.0.3:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/redis/-/redis-4.0.3.tgz#f60931175de6f5b5727240a08e58a9ed5cf0f9de"
+  integrity sha512-SJMRXvgiQUYN0HaWwWv002J5ZgkhYXOlbLomzcrL3kP42yRNZ8Jx5nvLYhVpgmf10xcDpanFOxxJkphu2eyIFQ==
  dependencies:
-    "@node-redis/bloom" "^1.0.0"
-    "@node-redis/client" "^1.0.2"
-    "@node-redis/json" "^1.0.2"
-    "@node-redis/search" "^1.0.2"
-    "@node-redis/time-series" "^1.0.1"
+    "@node-redis/bloom" "1.0.1"
+    "@node-redis/client" "1.0.3"
+    "@node-redis/graph" "1.0.0"
+    "@node-redis/json" "1.0.2"
+    "@node-redis/search" "1.0.2"
+    "@node-redis/time-series" "1.0.1"

 redux-immutable@^4.0.0:
  version "4.0.0"