diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 8708c3d02..55583e5f8 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,6 +1,6 @@ # This configuration was generated by # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp` -# using RuboCop version 1.54.2. +# using RuboCop version 1.56.1. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new @@ -61,38 +61,8 @@ Lint/EmptyBlock: - 'spec/fabricators/access_token_fabricator.rb' - 'spec/fabricators/conversation_fabricator.rb' - 'spec/fabricators/system_key_fabricator.rb' - - 'spec/helpers/admin/action_logs_helper_spec.rb' - 'spec/lib/activitypub/adapter_spec.rb' - - 'spec/models/account_alias_spec.rb' - - 'spec/models/account_deletion_request_spec.rb' - - 'spec/models/account_moderation_note_spec.rb' - - 'spec/models/announcement_mute_spec.rb' - - 'spec/models/announcement_reaction_spec.rb' - - 'spec/models/announcement_spec.rb' - - 'spec/models/backup_spec.rb' - - 'spec/models/conversation_mute_spec.rb' - - 'spec/models/custom_filter_keyword_spec.rb' - - 'spec/models/custom_filter_spec.rb' - - 'spec/models/device_spec.rb' - - 'spec/models/encrypted_message_spec.rb' - - 'spec/models/featured_tag_spec.rb' - - 'spec/models/follow_recommendation_suppression_spec.rb' - - 'spec/models/list_account_spec.rb' - - 'spec/models/list_spec.rb' - - 'spec/models/login_activity_spec.rb' - - 'spec/models/mute_spec.rb' - - 'spec/models/preview_card_spec.rb' - - 'spec/models/preview_card_trend_spec.rb' - - 'spec/models/relay_spec.rb' - - 'spec/models/scheduled_status_spec.rb' - - 'spec/models/status_stat_spec.rb' - - 'spec/models/status_trend_spec.rb' - - 'spec/models/system_key_spec.rb' - - 'spec/models/tag_follow_spec.rb' - - 'spec/models/unavailable_domain_spec.rb' - - 'spec/models/user_invite_request_spec.rb' - 'spec/models/user_role_spec.rb' - - 'spec/models/web/setting_spec.rb' Lint/NonLocalExitFromIterator: Exclude: @@ -135,7 +105,7 @@ Lint/UselessAssignment: # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes. Metrics/AbcSize: - Max: 146 + Max: 144 Exclude: - 'app/serializers/initial_state_serializer.rb' @@ -166,6 +136,19 @@ Naming/VariableNumber: - 'spec/models/domain_block_spec.rb' - 'spec/models/user_spec.rb' +# This cop supports unsafe autocorrection (--autocorrect-all). +# Configuration parameters: SafeMultiline. +Performance/DeletePrefix: + Exclude: + - 'app/models/featured_tag.rb' + +Performance/MapMethodChain: + Exclude: + - 'app/models/feed.rb' + - 'lib/mastodon/cli/maintenance.rb' + - 'spec/services/bulk_import_service_spec.rb' + - 'spec/services/import_service_spec.rb' + RSpec/AnyInstance: Exclude: - 'spec/controllers/activitypub/inboxes_controller_spec.rb' @@ -765,6 +748,15 @@ Style/RedundantFetchBlock: - 'config/initializers/paperclip.rb' - 'config/puma.rb' +# This cop supports safe autocorrection (--autocorrect). +# Configuration parameters: AllowMultipleReturnValues. +Style/RedundantReturn: + Exclude: + - 'app/controllers/api/v1/directories_controller.rb' + - 'app/controllers/auth/confirmations_controller.rb' + - 'app/lib/ostatus/tag_manager.rb' + - 'app/models/form/import.rb' + # This cop supports unsafe autocorrection (--autocorrect-all). # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength. # AllowedMethods: present?, blank?, presence, try, try! diff --git a/Gemfile.lock b/Gemfile.lock index 73e3bd975..706df8ffd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -147,6 +147,7 @@ GEM faraday_middleware (~> 1.0, >= 1.0.0.rc1) net-http-persistent (~> 4.0) nokogiri (~> 1, >= 1.10.8) + base64 (0.1.1) bcrypt (3.1.18) better_errors (2.10.1) erubi (>= 1.0.0) @@ -451,7 +452,7 @@ GEM hashie (~> 5.0) memory_profiler (1.0.1) method_source (1.0.0) - mime-types (3.5.0) + mime-types (3.5.1) mime-types-data (~> 3.2015) mime-types-data (3.2023.0808) mini_mime (1.1.5) @@ -637,7 +638,8 @@ GEM sidekiq (>= 2.4.0) rspec-support (3.12.0) rspec_chunked (0.6) - rubocop (1.54.2) + rubocop (1.56.1) + base64 (~> 0.1.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) @@ -645,7 +647,7 @@ GEM rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.28.0, < 2.0) + rubocop-ast (>= 1.28.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.29.0) @@ -654,14 +656,14 @@ GEM rubocop (~> 1.41) rubocop-factory_bot (2.23.1) rubocop (~> 1.33) - rubocop-performance (1.18.0) + rubocop-performance (1.19.0) rubocop (>= 1.7.0, < 2.0) rubocop-ast (>= 0.4.0) rubocop-rails (2.20.2) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.33.0, < 2.0) - rubocop-rspec (2.22.0) + rubocop-rspec (2.23.2) rubocop (~> 1.33) rubocop-capybara (~> 2.17) rubocop-factory_bot (~> 2.22) diff --git a/SECURITY.md b/SECURITY.md index 6a51c126a..7a79d9f91 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,8 +1,11 @@ # Security Policy -If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can reach us at . +If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either: -You should _not_ report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk. +- open a [Github security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new) +- reach us at + +You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk. ## Scope diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 3ec96e47a..19ef8fbdd 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -8539,6 +8539,44 @@ noscript { } } + &__choices { + display: flex; + gap: 40px; + + &__choice { + flex: 1; + box-sizing: border-box; + + h3 { + margin-bottom: 20px; + } + + p { + color: $darker-text-color; + margin-bottom: 20px; + font-size: 15px; + } + + .button { + margin-bottom: 10px; + + &:last-child { + margin-bottom: 0; + } + } + } + } + + @media screen and (max-width: $no-gap-breakpoint - 1px) { + &__choices { + flex-direction: column; + + &__choice { + margin-top: 40px; + } + } + } + .link-button { font-size: inherit; display: inline; diff --git a/app/lib/importer/base_importer.rb b/app/lib/importer/base_importer.rb index 07be4650e..cc1b7b44d 100644 --- a/app/lib/importer/base_importer.rb +++ b/app/lib/importer/base_importer.rb @@ -68,8 +68,8 @@ class Importer::BaseImporter protected - def in_work_unit(*args, &block) - work_unit = Concurrent::Promises.future_on(@executor, *args, &block) + def in_work_unit(...) + work_unit = Concurrent::Promises.future_on(@executor, ...) work_unit.on_fulfillment!(&@on_progress) work_unit.on_rejection!(&@on_failure) diff --git a/config/webpack/shared.js b/config/webpack/shared.js index b82c5d5be..bf1b006b0 100644 --- a/config/webpack/shared.js +++ b/config/webpack/shared.js @@ -2,6 +2,7 @@ const { resolve } = require('path'); +const CircularDependencyPlugin = require('circular-dependency-plugin'); const MiniCssExtractPlugin = require('mini-css-extract-plugin'); const webpack = require('webpack'); const AssetsManifestPlugin = require('webpack-assets-manifest'); @@ -112,6 +113,9 @@ module.exports = { writeToDisk: true, publicPath: true, }), + new CircularDependencyPlugin({ + failOnError: true, + }) ], resolve: { diff --git a/lib/redis/namespace_extensions.rb b/lib/redis/namespace_extensions.rb index 310a4f465..9af59c296 100644 --- a/lib/redis/namespace_extensions.rb +++ b/lib/redis/namespace_extensions.rb @@ -2,8 +2,8 @@ class Redis module NamespaceExtensions - def exists?(*args, &block) - call_with_namespace('exists?', *args, &block) + def exists?(...) + call_with_namespace('exists?', ...) end end end diff --git a/package.json b/package.json index 168bb1a6f..abd470906 100644 --- a/package.json +++ b/package.json @@ -60,6 +60,7 @@ "babel-plugin-preval": "^5.1.0", "babel-plugin-transform-react-remove-prop-types": "^0.4.24", "blurhash": "^2.0.5", + "circular-dependency-plugin": "^5.2.2", "classnames": "^2.3.2", "cocoon-js-vanilla": "^1.3.0", "color-blend": "^4.0.0", diff --git a/spec/controllers/api/v1/instances/translation_languages_controller_spec.rb b/spec/controllers/api/v1/instances/translation_languages_controller_spec.rb index 5b7e4abb6..88bcc4034 100644 --- a/spec/controllers/api/v1/instances/translation_languages_controller_spec.rb +++ b/spec/controllers/api/v1/instances/translation_languages_controller_spec.rb @@ -16,8 +16,7 @@ describe Api::V1::Instances::TranslationLanguagesController do context 'when a translation service is configured' do before do service = instance_double(TranslationService::DeepL, languages: { nil => %w(en de), 'en' => ['de'] }) - allow(TranslationService).to receive(:configured?).and_return(true) - allow(TranslationService).to receive(:configured).and_return(service) + allow(TranslationService).to receive_messages(configured?: true, configured: service) end it 'returns language matrix' do diff --git a/spec/controllers/api/v1/statuses/translations_controller_spec.rb b/spec/controllers/api/v1/statuses/translations_controller_spec.rb index 989e94750..6257494ae 100644 --- a/spec/controllers/api/v1/statuses/translations_controller_spec.rb +++ b/spec/controllers/api/v1/statuses/translations_controller_spec.rb @@ -20,8 +20,7 @@ describe Api::V1::Statuses::TranslationsController do before do translation = TranslationService::Translation.new(text: 'Hello') service = instance_double(TranslationService::DeepL, translate: [translation]) - allow(TranslationService).to receive(:configured?).and_return(true) - allow(TranslationService).to receive(:configured).and_return(service) + allow(TranslationService).to receive_messages(configured?: true, configured: service) Rails.cache.write('translation_service/languages', { 'es' => ['en'] }) post :create, params: { status_id: status.id } end diff --git a/spec/helpers/admin/filter_helper_spec.rb b/spec/helpers/admin/filter_helper_spec.rb index bbf90a996..40ed63239 100644 --- a/spec/helpers/admin/filter_helper_spec.rb +++ b/spec/helpers/admin/filter_helper_spec.rb @@ -7,8 +7,7 @@ describe Admin::FilterHelper do params = ActionController::Parameters.new( { test: 'test' } ) - allow(helper).to receive(:params).and_return(params) - allow(helper).to receive(:url_for).and_return('/test') + allow(helper).to receive_messages(params: params, url_for: '/test') result = helper.filter_link_to('text', { resolved: true }) expect(result).to match(/text/) diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb index 654029ad3..4b4207b2e 100644 --- a/spec/helpers/application_helper_spec.rb +++ b/spec/helpers/application_helper_spec.rb @@ -31,10 +31,7 @@ describe ApplicationHelper do context 'with a body class string from a controller' do before do without_partial_double_verification do - allow(helper).to receive(:body_class_string).and_return('modal-layout compose-standalone') - allow(helper).to receive(:current_flavour).and_return('glitch') - allow(helper).to receive(:current_skin).and_return('default') - allow(helper).to receive(:current_account).and_return(Fabricate(:account)) + allow(helper).to receive_messages(body_class_string: 'modal-layout compose-standalone', current_flavour: 'glitch', current_skin: 'default', current_account: Fabricate(:account)) end end diff --git a/spec/helpers/home_helper_spec.rb b/spec/helpers/home_helper_spec.rb index 15067471e..c6baec5a1 100644 --- a/spec/helpers/home_helper_spec.rb +++ b/spec/helpers/home_helper_spec.rb @@ -25,8 +25,7 @@ RSpec.describe HomeHelper do it 'returns a link to the account' do without_partial_double_verification do - allow(helper).to receive(:current_account).and_return(account) - allow(helper).to receive(:prefers_autoplay?).and_return(false) + allow(helper).to receive_messages(current_account: account, prefers_autoplay?: false) result = helper.account_link_to(account) expect(result).to match "@#{account.acct}" @@ -101,8 +100,7 @@ RSpec.describe HomeHelper do context 'with open registrations' do it 'returns correct sign up message' do - allow(helper).to receive(:closed_registrations?).and_return(false) - allow(helper).to receive(:open_registrations?).and_return(true) + allow(helper).to receive_messages(closed_registrations?: false, open_registrations?: true) result = helper.sign_up_message expect(result).to eq t('auth.register') @@ -111,9 +109,7 @@ RSpec.describe HomeHelper do context 'with approved registrations' do it 'returns correct sign up message' do - allow(helper).to receive(:closed_registrations?).and_return(false) - allow(helper).to receive(:open_registrations?).and_return(false) - allow(helper).to receive(:approved_registrations?).and_return(true) + allow(helper).to receive_messages(closed_registrations?: false, open_registrations?: false, approved_registrations?: true) result = helper.sign_up_message expect(result).to eq t('auth.apply_for_account') diff --git a/spec/lib/admin/system_check/elasticsearch_check_spec.rb b/spec/lib/admin/system_check/elasticsearch_check_spec.rb index bf518b56e..f3918d403 100644 --- a/spec/lib/admin/system_check/elasticsearch_check_spec.rb +++ b/spec/lib/admin/system_check/elasticsearch_check_spec.rb @@ -14,13 +14,12 @@ describe Admin::SystemCheck::ElasticsearchCheck do before do allow(Chewy).to receive(:enabled?).and_return(true) allow(Chewy.client.cluster).to receive(:health).and_return({ 'status' => 'green', 'number_of_nodes' => 1 }) - allow(Chewy.client.indices).to receive(:get_mapping).and_return({ + allow(Chewy.client.indices).to receive_messages(get_mapping: { AccountsIndex.index_name => AccountsIndex.mappings_hash.deep_stringify_keys, StatusesIndex.index_name => StatusesIndex.mappings_hash.deep_stringify_keys, InstancesIndex.index_name => InstancesIndex.mappings_hash.deep_stringify_keys, TagsIndex.index_name => TagsIndex.mappings_hash.deep_stringify_keys, - }) - allow(Chewy.client.indices).to receive(:get_settings).and_return({ + }, get_settings: { 'chewy_specifications' => { 'settings' => { 'index' => { diff --git a/spec/models/report_filter_spec.rb b/spec/models/report_filter_spec.rb index 4b0852f08..6baf0ea42 100644 --- a/spec/models/report_filter_spec.rb +++ b/spec/models/report_filter_spec.rb @@ -23,8 +23,7 @@ describe ReportFilter do it 'combines filters on Report' do filter = described_class.new(account_id: '123', resolved: true, target_account_id: '456') - allow(Report).to receive(:where).and_return(Report.none) - allow(Report).to receive(:resolved).and_return(Report.none) + allow(Report).to receive_messages(where: Report.none, resolved: Report.none) filter.results expect(Report).to have_received(:where).with(account_id: '123') expect(Report).to have_received(:where).with(target_account_id: '456') diff --git a/spec/services/suspend_account_service_spec.rb b/spec/services/suspend_account_service_spec.rb index 7cdbc873e..edb705008 100644 --- a/spec/services/suspend_account_service_spec.rb +++ b/spec/services/suspend_account_service_spec.rb @@ -10,8 +10,7 @@ RSpec.describe SuspendAccountService, type: :service do let!(:list) { Fabricate(:list, account: local_follower) } before do - allow(FeedManager.instance).to receive(:unmerge_from_home).and_return(nil) - allow(FeedManager.instance).to receive(:unmerge_from_list).and_return(nil) + allow(FeedManager.instance).to receive_messages(unmerge_from_home: nil, unmerge_from_list: nil) local_follower.follow!(account) list.accounts << account diff --git a/spec/services/translate_status_service_spec.rb b/spec/services/translate_status_service_spec.rb index 515dd1a99..5f6418f5d 100644 --- a/spec/services/translate_status_service_spec.rb +++ b/spec/services/translate_status_service_spec.rb @@ -29,8 +29,7 @@ RSpec.describe TranslateStatusService, type: :service do end end - allow(TranslationService).to receive(:configured?).and_return(true) - allow(TranslationService).to receive(:configured).and_return(translation_service) + allow(TranslationService).to receive_messages(configured?: true, configured: translation_service) end it 'returns translated status content' do diff --git a/spec/services/unsuspend_account_service_spec.rb b/spec/services/unsuspend_account_service_spec.rb index 3c13d5bd3..c555b661e 100644 --- a/spec/services/unsuspend_account_service_spec.rb +++ b/spec/services/unsuspend_account_service_spec.rb @@ -10,8 +10,7 @@ RSpec.describe UnsuspendAccountService, type: :service do let!(:list) { Fabricate(:list, account: local_follower) } before do - allow(FeedManager.instance).to receive(:merge_into_home).and_return(nil) - allow(FeedManager.instance).to receive(:merge_into_list).and_return(nil) + allow(FeedManager.instance).to receive_messages(merge_into_home: nil, merge_into_list: nil) local_follower.follow!(account) list.accounts << account diff --git a/spec/views/statuses/show.html.haml_spec.rb b/spec/views/statuses/show.html.haml_spec.rb index 06f5132d9..354f9d3e6 100644 --- a/spec/views/statuses/show.html.haml_spec.rb +++ b/spec/views/statuses/show.html.haml_spec.rb @@ -4,15 +4,9 @@ require 'rails_helper' describe 'statuses/show.html.haml', without_verify_partial_doubles: true do before do - allow(view).to receive(:api_oembed_url).and_return('') - allow(view).to receive(:show_landing_strip?).and_return(true) - allow(view).to receive(:site_title).and_return('example site') - allow(view).to receive(:site_hostname).and_return('example.com') - allow(view).to receive(:full_asset_url).and_return('//asset.host/image.svg') + allow(view).to receive_messages(api_oembed_url: '', show_landing_strip?: true, site_title: 'example site', site_hostname: 'example.com', full_asset_url: '//asset.host/image.svg', current_account: nil, single_user_mode?: false) allow(view).to receive(:local_time) allow(view).to receive(:local_time_ago) - allow(view).to receive(:current_account).and_return(nil) - allow(view).to receive(:single_user_mode?).and_return(false) assign(:instance_presenter, InstancePresenter.new) end diff --git a/yarn.lock b/yarn.lock index 4a4789dc3..7d666f0e5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4003,6 +4003,11 @@ cipher-base@^1.0.0, cipher-base@^1.0.1, cipher-base@^1.0.3: inherits "^2.0.1" safe-buffer "^5.0.1" +circular-dependency-plugin@^5.2.2: + version "5.2.2" + resolved "https://registry.yarnpkg.com/circular-dependency-plugin/-/circular-dependency-plugin-5.2.2.tgz#39e836079db1d3cf2f988dc48c5188a44058b600" + integrity sha512-g38K9Cm5WRwlaH6g03B9OEz/0qRizI+2I7n+Gz+L5DxXJAPAiWQvwlYNm1V1jkdpUv95bOe/ASm2vfi/G560jQ== + cjs-module-lexer@^1.0.0: version "1.2.3" resolved "https://registry.yarnpkg.com/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz#6c370ab19f8a3394e318fe682686ec0ac684d107" @@ -11296,6 +11301,7 @@ stringz@^2.1.0: char-regex "^1.0.2" "strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: + name strip-ansi-cjs version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==