From 6aa83b13ba541b948d7d6927728bbdcf63a23950 Mon Sep 17 00:00:00 2001 From: Jeong Arm Date: Tue, 16 Aug 2022 03:32:21 +0900 Subject: [PATCH 01/18] Properly delete remote account's avatar/header when fetch/update (#18973) --- app/services/activitypub/process_account_service.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index 4449a5427..34750dba6 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -105,11 +105,13 @@ class ActivityPub::ProcessAccountService < BaseService def set_fetchable_attributes! begin @account.avatar_remote_url = image_url('icon') || '' unless skip_download? + @account.avatar = nil if @account.avatar_remote_url.blank? rescue Mastodon::UnexpectedResponseError, HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError RedownloadAvatarWorker.perform_in(rand(30..600).seconds, @account.id) end begin @account.header_remote_url = image_url('image') || '' unless skip_download? + @account.header = nil if @account.header_remote_url.blank? rescue Mastodon::UnexpectedResponseError, HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError RedownloadHeaderWorker.perform_in(rand(30..600).seconds, @account.id) end From d92ce31c92903c3ce24c3fcadb99af3c1ba1d585 Mon Sep 17 00:00:00 2001 From: Shlee Date: Tue, 16 Aug 2022 04:03:05 +0930 Subject: [PATCH 02/18] Update notifications.js (#18977) --- app/javascript/mastodon/reducers/notifications.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/javascript/mastodon/reducers/notifications.js b/app/javascript/mastodon/reducers/notifications.js index 4b460bc10..4563118ea 100644 --- a/app/javascript/mastodon/reducers/notifications.js +++ b/app/javascript/mastodon/reducers/notifications.js @@ -234,8 +234,6 @@ export default function notifications(state = initialState, action) { case FOLLOW_REQUEST_AUTHORIZE_SUCCESS: case FOLLOW_REQUEST_REJECT_SUCCESS: return filterNotifications(state, [action.id], 'follow_request'); - case ACCOUNT_MUTE_SUCCESS: - return action.relationship.muting_notifications ? filterNotifications(state, [action.relationship.id]) : state; case NOTIFICATIONS_CLEAR: return state.set('items', ImmutableList()).set('pendingItems', ImmutableList()).set('hasMore', false); case TIMELINE_DELETE: From 461239db5d87ac584b07b394f894384853e875af Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 17 Aug 2022 23:06:48 +0200 Subject: [PATCH 03/18] Fix backend compatibility with OpenSSL 3.0 (#18449) * Update webpush to fork with OpenSSL 3 compatibility * Fix tests with OpenSSL 3.0 * Update webauthn gem to latest release and update dependencies --- Gemfile | 4 +- Gemfile.lock | 44 +++++++++++-------- .../webauthn_credential_fabricator.rb | 2 +- 3 files changed, 28 insertions(+), 22 deletions(-) diff --git a/Gemfile b/Gemfile index d21459fcc..cd519111f 100644 --- a/Gemfile +++ b/Gemfile @@ -91,8 +91,8 @@ gem 'tty-prompt', '~> 0.23', require: false gem 'twitter-text', '~> 3.1.0' gem 'tzinfo-data', '~> 1.2022' gem 'webpacker', '~> 5.4' -gem 'webpush', '~> 0.3' -gem 'webauthn', '~> 3.0.0.alpha1' +gem 'webpush', git: 'https://github.com/ClearlyClaire/webpush.git', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9' +gem 'webauthn', '~> 2.5' gem 'json-ld' gem 'json-ld-preloaded', '~> 3.2' diff --git a/Gemfile.lock b/Gemfile.lock index b08a7ce2e..72c58848e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,12 @@ +GIT + remote: https://github.com/ClearlyClaire/webpush.git + revision: f14a4d52e201128b1b00245d11b6de80d6cfdcd9 + ref: f14a4d52e201128b1b00245d11b6de80d6cfdcd9 + specs: + webpush (0.3.8) + hkdf (~> 0.2) + jwt (~> 2.0) + GEM remote: https://rubygems.org/ specs: @@ -79,7 +88,7 @@ GEM attr_encrypted (3.1.0) encryptor (~> 3.0.0) attr_required (1.0.1) - awrence (1.1.1) + awrence (1.2.1) aws-eventstream (1.2.0) aws-partitions (1.587.0) aws-sdk-core (3.130.2) @@ -168,9 +177,9 @@ GEM color_diff (0.1) concurrent-ruby (1.1.10) connection_pool (2.2.5) - cose (1.0.0) + cose (1.2.1) cbor (~> 0.5.9) - openssl-signature_algorithm (~> 0.4.0) + openssl-signature_algorithm (~> 1.0) crack (0.4.5) rexml crass (1.0.6) @@ -338,7 +347,7 @@ GEM json-ld (~> 3.2) rdf (~> 3.2) jsonapi-renderer (0.2.2) - jwt (2.2.2) + jwt (2.4.1) kaminari (1.2.2) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.2) @@ -437,8 +446,9 @@ GEM validate_email validate_url webfinger (>= 1.0.1) - openssl (2.2.0) - openssl-signature_algorithm (0.4.0) + openssl (3.0.0) + openssl-signature_algorithm (1.2.1) + openssl (> 2.0, < 3.1) orm_adapter (0.5.0) ox (2.14.11) parallel (1.22.1) @@ -599,7 +609,6 @@ GEM scenic (1.6.0) activerecord (>= 4.0.0) railties (>= 4.0.0) - securecompare (1.0.0) semantic_range (3.0.0) sidekiq (6.5.3) connection_pool (>= 2.2.2) @@ -655,9 +664,10 @@ GEM climate_control (>= 0.0.3, < 1.0) thor (1.2.1) tilt (2.0.10) - tpm-key_attestation (0.9.0) + tpm-key_attestation (0.11.0) bindata (~> 2.4) - openssl-signature_algorithm (~> 0.4.0) + openssl (> 2.0, < 3.1) + openssl-signature_algorithm (~> 1.0) tty-color (0.6.0) tty-cursor (0.7.1) tty-prompt (0.23.1) @@ -688,16 +698,15 @@ GEM public_suffix warden (1.2.9) rack (>= 2.0.9) - webauthn (3.0.0.alpha1) + webauthn (2.5.2) android_key_attestation (~> 0.3.0) awrence (~> 1.1) bindata (~> 2.4) cbor (~> 0.5.9) - cose (~> 1.0) - openssl (~> 2.0) + cose (~> 1.1) + openssl (>= 2.2, < 3.1) safety_net_attestation (~> 0.4.0) - securecompare (~> 1.0) - tpm-key_attestation (~> 0.9.0) + tpm-key_attestation (~> 0.11.0) webfinger (1.2.0) activesupport httpclient (>= 2.4) @@ -710,9 +719,6 @@ GEM rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) - webpush (0.3.8) - hkdf (~> 0.2) - jwt (~> 2.0) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -843,8 +849,8 @@ DEPENDENCIES tty-prompt (~> 0.23) twitter-text (~> 3.1.0) tzinfo-data (~> 1.2022) - webauthn (~> 3.0.0.alpha1) + webauthn (~> 2.5) webmock (~> 3.17) webpacker (~> 5.4) - webpush (~> 0.3) + webpush! xorcist (~> 1.1) diff --git a/spec/fabricators/webauthn_credential_fabricator.rb b/spec/fabricators/webauthn_credential_fabricator.rb index 496a7a735..ba59ce967 100644 --- a/spec/fabricators/webauthn_credential_fabricator.rb +++ b/spec/fabricators/webauthn_credential_fabricator.rb @@ -1,7 +1,7 @@ Fabricator(:webauthn_credential) do user_id { Fabricate(:user).id } external_id { Base64.urlsafe_encode64(SecureRandom.random_bytes(16)) } - public_key { OpenSSL::PKey::EC.new("prime256v1").generate_key.public_key } + public_key { OpenSSL::PKey::EC.generate('prime256v1').public_key } nickname 'USB key' sign_count 0 end From 656ac99ef04464b37d152b09f25facb8fd76c190 Mon Sep 17 00:00:00 2001 From: Mashiro Date: Thu, 18 Aug 2022 05:07:12 +0800 Subject: [PATCH 04/18] Fix ambiguous column names in `tootctl search deploy` (#18993) --- app/lib/importer/statuses_index_importer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/lib/importer/statuses_index_importer.rb b/app/lib/importer/statuses_index_importer.rb index 7c6532560..5b5153d5c 100644 --- a/app/lib/importer/statuses_index_importer.rb +++ b/app/lib/importer/statuses_index_importer.rb @@ -84,6 +84,6 @@ class Importer::StatusesIndexImporter < Importer::BaseImporter end def local_statuses_scope - Status.local.select('id, coalesce(reblog_of_id, id) as status_id') + Status.local.select('"statuses"."id", COALESCE("statuses"."reblog_of_id", "statuses"."id") AS status_id') end end From d415f1116b4d992b7f33b6f0d2dcbf00934f61b1 Mon Sep 17 00:00:00 2001 From: Jeong Arm Date: Thu, 18 Aug 2022 06:07:30 +0900 Subject: [PATCH 05/18] Fix /admin/accounts/ order parameter (#18996) --- app/views/admin/accounts/index.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/admin/accounts/index.html.haml b/app/views/admin/accounts/index.html.haml index 7560fac7a..cb378f0ed 100644 --- a/app/views/admin/accounts/index.html.haml +++ b/app/views/admin/accounts/index.html.haml @@ -21,7 +21,7 @@ .filter-subset.filter-subset--with-select %strong= t 'generic.order_by' .input.select - = select_tag :order, options_for_select([[t('relationships.most_recent'), nil], [t('relationships.last_active'), 'active']], params[:order]) + = select_tag :order, options_for_select([[t('relationships.most_recent'), 'recent'], [t('relationships.last_active'), 'active']], params[:order]) .fields-group - %i(username by_domain display_name email ip).each do |key| From 86b364920491de74128d0fa538f31b225a750154 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:52:05 +0900 Subject: [PATCH 06/18] Bump tzinfo-data from 1.2022.1 to 1.2022.3 (#19003) Bumps [tzinfo-data](https://github.com/tzinfo/tzinfo-data) from 1.2022.1 to 1.2022.3. - [Release notes](https://github.com/tzinfo/tzinfo-data/releases) - [Commits](https://github.com/tzinfo/tzinfo-data/compare/v1.2022.1...v1.2022.3) --- updated-dependencies: - dependency-name: tzinfo-data dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 72c58848e..5f76ae58d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -683,7 +683,7 @@ GEM unf (~> 0.1.0) tzinfo (2.0.5) concurrent-ruby (~> 1.0) - tzinfo-data (1.2022.1) + tzinfo-data (1.2022.3) tzinfo (>= 1.0.0) unf (0.1.4) unf_ext From 1cadebfcc7d74a2d4ec23e4a2380bfec174395d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:52:57 +0900 Subject: [PATCH 07/18] Bump stylelint from 14.9.1 to 14.10.0 (#18983) Bumps [stylelint](https://github.com/stylelint/stylelint) from 14.9.1 to 14.10.0. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/14.9.1...14.10.0) --- updated-dependencies: - dependency-name: stylelint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 58 +++++++++++++++------------------------------------- 2 files changed, 17 insertions(+), 43 deletions(-) diff --git a/package.json b/package.json index 564b8b3f5..3557537cd 100644 --- a/package.json +++ b/package.json @@ -155,7 +155,7 @@ "raf": "^3.4.1", "react-intl-translations-manager": "^5.0.3", "react-test-renderer": "^16.14.0", - "stylelint": "^14.9.1", + "stylelint": "^14.10.0", "stylelint-config-standard-scss": "^4.0.0", "webpack-dev-server": "^3.11.3", "yargs": "^17.5.1" diff --git a/yarn.lock b/yarn.lock index d2c61b112..6399f802f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1115,10 +1115,10 @@ resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== -"@csstools/selector-specificity@^2.0.1": - version "2.0.1" - resolved "https://registry.yarnpkg.com/@csstools/selector-specificity/-/selector-specificity-2.0.1.tgz#b6b8d81780b9a9f6459f4bfe9226ac6aefaefe87" - integrity sha512-aG20vknL4/YjQF9BSV7ts4EWm/yrjagAN7OWBNmlbEOUiu0llj4OGrFoOKK3g2vey4/p2omKCoHrWtPxSwV3HA== +"@csstools/selector-specificity@^2.0.2": + version "2.0.2" + resolved "https://registry.yarnpkg.com/@csstools/selector-specificity/-/selector-specificity-2.0.2.tgz#1bfafe4b7ed0f3e4105837e056e0a89b108ebe36" + integrity sha512-IkpVW/ehM1hWKln4fCA3NzJU8KwD+kIOvPZA4cqxoJHtE21CCzjyp+Kxbu0i5I4tBNOlXPL9mjwnWlL0VEG4Fg== "@emotion/babel-plugin@^11.7.1": version "11.9.2" @@ -3279,13 +3279,6 @@ clone-deep@^4.0.1: kind-of "^6.0.2" shallow-clone "^3.0.0" -clone-regexp@^2.1.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/clone-regexp/-/clone-regexp-2.2.0.tgz#7d65e00885cd8796405c35a737e7a86b7429e36f" - integrity sha512-beMpP7BOtTipFuW8hrJvREQ2DrRu3BE7by0ZpibtfBA+qfHYvMGTc2Yb1JMYPKg/JUw0CHYvpg796aNTSW9z7Q== - dependencies: - is-regexp "^2.0.0" - cluster-key-slot@1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/cluster-key-slot/-/cluster-key-slot-1.1.0.tgz#30474b2a981fb12172695833052bc0d01336d10d" @@ -4762,13 +4755,6 @@ execa@^5.0.0: signal-exit "^3.0.3" strip-final-newline "^2.0.0" -execall@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/execall/-/execall-2.0.0.tgz#16a06b5fe5099df7d00be5d9c06eecded1663b45" - integrity sha512-0FU2hZ5Hh6iQnarpRtQurM/aAvp3RIbfvgLHrcqJYzhXyV2KFruhuChf9NC6waAhiUR7FFtlugkI4p7f2Fqlow== - dependencies: - clone-regexp "^2.1.0" - exif-js@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/exif-js/-/exif-js-2.3.0.tgz#9d10819bf571f873813e7640241255ab9ce1a814" @@ -4909,10 +4895,10 @@ fast-levenshtein@^2.0.6, fast-levenshtein@~2.0.6: resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc= -fastest-levenshtein@^1.0.12: - version "1.0.12" - resolved "https://registry.yarnpkg.com/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz#9990f7d3a88cc5a9ffd1f1745745251700d497e2" - integrity sha512-On2N+BpYJ15xIC974QNVuYGMOlEVt4s0EOI3wwMqOmK1fdDY+FN/zltPV8vosq4ad4c/gJ1KHScUn/6AWIgiow== +fastest-levenshtein@^1.0.16: + version "1.0.16" + resolved "https://registry.yarnpkg.com/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz#210e61b6ff181de91ea9b3d1b84fdedd47e034e5" + integrity sha512-eRnCtTTtGZFpQCwhJiUOuxPQWRXVKYDn0b2PeHfXL6/Zi53SLAzAHfVhVWK2AryC/WH05kGfxhFIPvTF0SXQzg== fastq@^1.6.0: version "1.13.0" @@ -5237,11 +5223,6 @@ get-package-type@^0.1.0: resolved "https://registry.yarnpkg.com/get-package-type/-/get-package-type-0.1.0.tgz#8de2d803cff44df3bc6c456e6668b36c3926e11a" integrity sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q== -get-stdin@^8.0.0: - version "8.0.0" - resolved "https://registry.yarnpkg.com/get-stdin/-/get-stdin-8.0.0.tgz#cbad6a73feb75f6eeb22ba9e01f89aa28aa97a53" - integrity sha512-sY22aA6xchAzprjyqmSEQv4UbAAzRN0L2dQB0NlN5acTTK9Don6nhoc3eAbUnpZiCANAMfd/+40kVdKfFygohg== - get-stream@^4.0.0: version "4.1.0" resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-4.1.0.tgz#c1b255575f3dc21d59bfc79cd3d2b46b1c3a54b5" @@ -6257,11 +6238,6 @@ is-regex@^1.1.4: call-bind "^1.0.2" has-tostringtag "^1.0.0" -is-regexp@^2.0.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/is-regexp/-/is-regexp-2.1.0.tgz#cd734a56864e23b956bf4e7c66c396a4c0b22c2d" - integrity sha512-OZ4IlER3zmRIoB9AqNhEggVxqIH4ofDns5nRrPS6yQxXE1TPCUpFznBfRQmQa8uC+pXqjMnukiJBxCisIxiLGA== - is-resolvable@^1.0.0: version "1.1.0" resolved "https://registry.yarnpkg.com/is-resolvable/-/is-resolvable-1.1.0.tgz#fb18f87ce1feb925169c9a407c19318a3206ed88" @@ -8792,7 +8768,7 @@ postcss@^7.0.0, postcss@^7.0.1, postcss@^7.0.27, postcss@^7.0.32: source-map "^0.6.1" supports-color "^6.1.0" -postcss@^8.2.15, postcss@^8.4.14, postcss@^8.4.16: +postcss@^8.2.15, postcss@^8.4.16: version "8.4.16" resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.16.tgz#33a1d675fac39941f5f445db0de4db2b6e01d43c" integrity sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ== @@ -10538,22 +10514,20 @@ stylelint-scss@^4.0.0: postcss-selector-parser "^6.0.6" postcss-value-parser "^4.1.0" -stylelint@^14.9.1: - version "14.9.1" - resolved "https://registry.yarnpkg.com/stylelint/-/stylelint-14.9.1.tgz#6494ed38f148b1e75b402d678a3b6a8aae86dfda" - integrity sha512-RdAkJdPiLqHawCSnu21nE27MjNXaVd4WcOHA4vK5GtIGjScfhNnaOuWR2wWdfKFAvcWQPOYe311iveiVKSmwsA== +stylelint@^14.10.0: + version "14.10.0" + resolved "https://registry.yarnpkg.com/stylelint/-/stylelint-14.10.0.tgz#c588f5cd47cd214cf1acee5bc165961b6a3ad836" + integrity sha512-VAmyKrEK+wNFh9R8mNqoxEFzaa4gsHGhcT4xgkQDuOA5cjF6CaNS8loYV7gpi4tIZBPUyXesotPXzJAMN8VLOQ== dependencies: - "@csstools/selector-specificity" "^2.0.1" + "@csstools/selector-specificity" "^2.0.2" balanced-match "^2.0.0" colord "^2.9.2" cosmiconfig "^7.0.1" css-functions-list "^3.1.0" debug "^4.3.4" - execall "^2.0.0" fast-glob "^3.2.11" - fastest-levenshtein "^1.0.12" + fastest-levenshtein "^1.0.16" file-entry-cache "^6.0.1" - get-stdin "^8.0.0" global-modules "^2.0.0" globby "^11.1.0" globjoin "^0.1.4" @@ -10568,7 +10542,7 @@ stylelint@^14.9.1: micromatch "^4.0.5" normalize-path "^3.0.0" picocolors "^1.0.0" - postcss "^8.4.14" + postcss "^8.4.16" postcss-media-query-parser "^0.2.3" postcss-resolve-nested-selector "^0.1.1" postcss-safe-parser "^6.0.0" From da2a5233bea340d3ff17fc3a156d99bd52b4494b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:53:14 +0900 Subject: [PATCH 08/18] Bump sass from 1.54.3 to 1.54.4 (#18989) Bumps [sass](https://github.com/sass/dart-sass) from 1.54.3 to 1.54.4. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.54.3...1.54.4) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 3557537cd..5054c818c 100644 --- a/package.json +++ b/package.json @@ -119,7 +119,7 @@ "requestidlecallback": "^0.3.0", "reselect": "^4.1.6", "rimraf": "^3.0.2", - "sass": "^1.54.3", + "sass": "^1.54.4", "sass-loader": "^10.2.0", "stacktrace-js": "^2.0.2", "stringz": "^2.1.0", diff --git a/yarn.lock b/yarn.lock index 6399f802f..e916197dc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9745,10 +9745,10 @@ sass-loader@^10.2.0: schema-utils "^3.0.0" semver "^7.3.2" -sass@^1.54.3: - version "1.54.3" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.3.tgz#37baa2652f7f1fdadb73240ee9a2b9b81fabb5c4" - integrity sha512-fLodey5Qd41Pxp/Tk7Al97sViYwF/TazRc5t6E65O7JOk4XF8pzwIW7CvCxYVOfJFFI/1x5+elDyBIixrp+zrw== +sass@^1.54.4: + version "1.54.4" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.4.tgz#803ff2fef5525f1dd01670c3915b4b68b6cba72d" + integrity sha512-3tmF16yvnBwtlPrNBHw/H907j8MlOX8aTBnlNX1yrKx24RKcJGPyLhFUwkoKBKesR3unP93/2z14Ll8NicwQUA== dependencies: chokidar ">=3.0.0 <4.0.0" immutable "^4.0.0" From 0a3c0cbff7968ed539ae50a3d803ae760c46f633 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:53:28 +0900 Subject: [PATCH 09/18] Bump bullet from 7.0.2 to 7.0.3 (#18984) Bumps [bullet](https://github.com/flyerhzm/bullet) from 7.0.2 to 7.0.3. - [Release notes](https://github.com/flyerhzm/bullet/releases) - [Changelog](https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md) - [Commits](https://github.com/flyerhzm/bullet/compare/7.0.2...7.0.3) --- updated-dependencies: - dependency-name: bullet dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5f76ae58d..e71572504 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -131,7 +131,7 @@ GEM concurrent-ruby (~> 1.0, >= 1.0.5) redis (>= 1.0, <= 5.0) builder (3.2.4) - bullet (7.0.2) + bullet (7.0.3) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) bundler-audit (0.9.1) From 96fdbdb0ad8d8b1e61ec0611b333395cf6855834 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:53:37 +0900 Subject: [PATCH 10/18] Bump webmock from 3.17.0 to 3.17.1 (#18988) Bumps [webmock](https://github.com/bblimke/webmock) from 3.17.0 to 3.17.1. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.17.0...v3.17.1) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index e71572504..4ac700928 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -710,7 +710,7 @@ GEM webfinger (1.2.0) activesupport httpclient (>= 2.4) - webmock (3.17.0) + webmock (3.17.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) From a220c84181f45b6104e711a931b6a2b72799aace Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:54:31 +0900 Subject: [PATCH 11/18] Bump sidekiq from 6.5.3 to 6.5.4 (#18982) Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.5.3...v6.5.4) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 4ac700928..81a36ccd2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -610,7 +610,7 @@ GEM activerecord (>= 4.0.0) railties (>= 4.0.0) semantic_range (3.0.0) - sidekiq (6.5.3) + sidekiq (6.5.4) connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.5.0) From 71d403230e8cd9978bdd80092f155426ef4614a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:55:18 +0900 Subject: [PATCH 12/18] Bump brakeman from 5.2.3 to 5.3.1 (#18985) Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.2.3 to 5.3.1. - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/commits) --- updated-dependencies: - dependency-name: brakeman dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index cd519111f..addf923b4 100644 --- a/Gemfile +++ b/Gemfile @@ -134,7 +134,7 @@ group :development do gem 'memory_profiler' gem 'rubocop', '~> 1.30', require: false gem 'rubocop-rails', '~> 2.15', require: false - gem 'brakeman', '~> 5.2', require: false + gem 'brakeman', '~> 5.3', require: false gem 'bundler-audit', '~> 0.9', require: false gem 'capistrano', '~> 3.17' diff --git a/Gemfile.lock b/Gemfile.lock index 81a36ccd2..c7ff3b65e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -125,7 +125,7 @@ GEM ffi (~> 1.14) bootsnap (1.13.0) msgpack (~> 1.2) - brakeman (5.2.3) + brakeman (5.3.1) browser (4.2.0) brpoplpush-redis_script (0.1.2) concurrent-ruby (~> 1.0, >= 1.0.5) @@ -741,7 +741,7 @@ DEPENDENCIES binding_of_caller (~> 1.0) blurhash (~> 0.1) bootsnap (~> 1.13.0) - brakeman (~> 5.2) + brakeman (~> 5.3) browser bullet (~> 7.0) bundler-audit (~> 0.9) From 5935e61306d546d621ca6a4dd02100659ef4428d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:58:16 +0900 Subject: [PATCH 13/18] Bump pry-byebug from 3.9.0 to 3.10.1 (#19002) Bumps [pry-byebug](https://github.com/deivid-rodriguez/pry-byebug) from 3.9.0 to 3.10.1. - [Release notes](https://github.com/deivid-rodriguez/pry-byebug/releases) - [Changelog](https://github.com/deivid-rodriguez/pry-byebug/blob/master/CHANGELOG.md) - [Commits](https://github.com/deivid-rodriguez/pry-byebug/compare/v3.9.0...v3.10.1) --- updated-dependencies: - dependency-name: pry-byebug dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index addf923b4..38a4e6314 100644 --- a/Gemfile +++ b/Gemfile @@ -102,7 +102,7 @@ group :development, :test do gem 'fabrication', '~> 2.30' gem 'fuubar', '~> 2.5' gem 'i18n-tasks', '~> 1.0', require: false - gem 'pry-byebug', '~> 3.9' + gem 'pry-byebug', '~> 3.10' gem 'pry-rails', '~> 0.3' gem 'rspec-rails', '~> 5.1' end diff --git a/Gemfile.lock b/Gemfile.lock index c7ff3b65e..bd6150e53 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -470,12 +470,12 @@ GEM actionmailer (>= 3) premailer (~> 1.7, >= 1.7.9) private_address_check (0.5.0) - pry (0.13.1) + pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) - pry-byebug (3.9.0) + pry-byebug (3.10.1) byebug (~> 11.0) - pry (~> 0.13.0) + pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.7) @@ -809,7 +809,7 @@ DEPENDENCIES posix-spawn premailer-rails private_address_check (~> 0.5) - pry-byebug (~> 3.9) + pry-byebug (~> 3.10) pry-rails (~> 0.3) puma (~> 5.6) pundit (~> 2.2) From a7c280f93a22c1a711ca93b14282efece7fb16d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 09:06:07 +0900 Subject: [PATCH 14/18] Bump redis-namespace from 1.8.2 to 1.9.0 (#18987) Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.8.2 to 1.9.0. - [Release notes](https://github.com/resque/redis-namespace/releases) - [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md) - [Commits](https://github.com/resque/redis-namespace/compare/v1.8.2...v1.9) --- updated-dependencies: - dependency-name: redis-namespace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 38a4e6314..5dfaf756b 100644 --- a/Gemfile +++ b/Gemfile @@ -51,7 +51,7 @@ gem 'ed25519', '~> 1.3' gem 'fast_blank', '~> 1.0' gem 'fastimage' gem 'hiredis', '~> 0.6' -gem 'redis-namespace', '~> 1.8' +gem 'redis-namespace', '~> 1.9' gem 'htmlentities', '~> 4.3' gem 'http', '~> 5.1' gem 'http_accept_language', '~> 2.1' diff --git a/Gemfile.lock b/Gemfile.lock index bd6150e53..1ed77ed12 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -542,8 +542,8 @@ GEM rdf-normalize (0.5.0) rdf (~> 3.2) redis (4.5.1) - redis-namespace (1.8.2) - redis (>= 3.0.4) + redis-namespace (1.9.0) + redis (>= 4) regexp_parser (2.5.0) request_store (1.5.1) rack (>= 1.4) @@ -822,7 +822,7 @@ DEPENDENCIES rails-settings-cached (~> 0.6) rdf-normalize (~> 0.5) redis (~> 4.5) - redis-namespace (~> 1.8) + redis-namespace (~> 1.9) rexml (~> 3.2) rqrcode (~> 2.1) rspec-rails (~> 5.1) From 99f6be3b601d643ec31e679d20f0d065f788455e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 09:06:15 +0900 Subject: [PATCH 15/18] Bump pg from 1.4.2 to 1.4.3 (#18986) Bumps [pg](https://github.com/ged/ruby-pg) from 1.4.2 to 1.4.3. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](https://github.com/ged/ruby-pg/compare/v1.4.2...v1.4.3) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1ed77ed12..21d3b81ca 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -457,7 +457,7 @@ GEM parslet (2.0.0) pastel (0.8.0) tty-color (~> 0.5) - pg (1.4.2) + pg (1.4.3) pghero (2.8.3) activerecord (>= 5) pkg-config (1.4.9) From 1254fa122fd04e5e3f2fce01649ce6c78a560209 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 09:24:46 +0900 Subject: [PATCH 16/18] Bump cocoon-js-vanilla from 1.2.0 to 1.3.0 (#18991) Bumps cocoon-js-vanilla from 1.2.0 to 1.3.0. --- updated-dependencies: - dependency-name: cocoon-js-vanilla dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 5054c818c..6c7f9f53a 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "babel-plugin-transform-react-remove-prop-types": "^0.4.24", "blurhash": "^1.1.5", "classnames": "^2.3.1", - "cocoon-js-vanilla": "^1.2.0", + "cocoon-js-vanilla": "^1.3.0", "color-blend": "^3.0.1", "compression-webpack-plugin": "^6.1.1", "cross-env": "^7.0.3", diff --git a/yarn.lock b/yarn.lock index e916197dc..d98905b07 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3298,10 +3298,10 @@ coa@^2.0.2: chalk "^2.4.1" q "^1.1.2" -cocoon-js-vanilla@^1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/cocoon-js-vanilla/-/cocoon-js-vanilla-1.2.0.tgz#595348499d315d3b5828dd77a20974756cf59321" - integrity sha512-qLomIVL0Krfc983WLgaYPPktMjMtBN+F/CV15NPVDc9U9BCe2OL5WyAIYkPrVhDRphoYBmHCdIlZkq+vSBI4xg== +cocoon-js-vanilla@^1.3.0: + version "1.3.0" + resolved "https://registry.yarnpkg.com/cocoon-js-vanilla/-/cocoon-js-vanilla-1.3.0.tgz#1e53663f5d314e5e9b315b63eaf8ae701df113c0" + integrity sha512-rMnbfW6oFhvELUg141vfqZKzsowfLJRxs5FksfmDr1ZBs6LTNVYE63NQyvgRqyYUOK54cKKbI+V83dQKeeRuPg== collect-v8-coverage@^1.0.0: version "1.0.1" From a6dc606d5209c5f61f8c19f5fbe5e33cb74d662a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 09:27:53 +0900 Subject: [PATCH 17/18] Bump webmock from 3.17.0 to 3.18.1 (#19007) Bumps [webmock](https://github.com/bblimke/webmock) from 3.17.0 to 3.18.1. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.17.0...v3.18.1) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 5dfaf756b..75525b0ac 100644 --- a/Gemfile +++ b/Gemfile @@ -119,7 +119,7 @@ group :test do gem 'rails-controller-testing', '~> 1.0' gem 'rspec-sidekiq', '~> 3.1' gem 'simplecov', '~> 0.21', require: false - gem 'webmock', '~> 3.17' + gem 'webmock', '~> 3.18' gem 'rspec_junit_formatter', '~> 0.5' end diff --git a/Gemfile.lock b/Gemfile.lock index 21d3b81ca..35c2d5114 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -710,7 +710,7 @@ GEM webfinger (1.2.0) activesupport httpclient (>= 2.4) - webmock (3.17.1) + webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -850,7 +850,7 @@ DEPENDENCIES twitter-text (~> 3.1.0) tzinfo-data (~> 1.2022) webauthn (~> 2.5) - webmock (~> 3.17) + webmock (~> 3.18) webpacker (~> 5.4) webpush! xorcist (~> 1.1) From 5920d8fe33d5ecb0c7ca20c3b255216bb8de4aa9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Aug 2022 18:53:42 +0900 Subject: [PATCH 18/18] Bump omniauth from 1.9.1 to 1.9.2 (#19006) Bumps [omniauth](https://github.com/omniauth/omniauth) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/omniauth/omniauth/releases) - [Commits](https://github.com/omniauth/omniauth/compare/v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: omniauth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 35c2d5114..840fe0a78 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -423,7 +423,7 @@ GEM sidekiq (>= 3.5) statsd-ruby (~> 1.4, >= 1.4.0) oj (3.13.20) - omniauth (1.9.1) + omniauth (1.9.2) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) omniauth-cas (2.0.0)