From dd63923c0ae3601de76dee5bcf3a83f875584326 Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 24 Jan 2022 03:29:03 +0100 Subject: [PATCH 01/19] Fix link_to_login argument handling when a block is passed (#17345) --- app/helpers/application_helper.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 9e16de5b5..36c66b7d1 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -64,6 +64,8 @@ module ApplicationHelper def link_to_login(name = nil, html_options = nil, &block) target = new_user_session_path + html_options = name if block_given? + if omniauth_only? && Devise.mappings[:user].omniauthable? && User.omniauth_providers.size == 1 target = omniauth_authorize_path(:user, User.omniauth_providers[0]) html_options ||= {} From 244726e2e8682454cec6e49712e622fe87c5244f Mon Sep 17 00:00:00 2001 From: Wonderfall Date: Mon, 24 Jan 2022 13:14:26 +0100 Subject: [PATCH 02/19] disable legacy XSS filtering (#17289) Browsers are phasing out X-XSS-Protection, but Safari and IE still support it. --- config/environments/production.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 7e58c2b1c..7fe381040 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -118,7 +118,7 @@ Rails.application.configure do 'Server' => 'Mastodon', 'X-Frame-Options' => 'DENY', 'X-Content-Type-Options' => 'nosniff', - 'X-XSS-Protection' => '1; mode=block', + 'X-XSS-Protection' => '0', 'Permissions-Policy' => 'interest-cohort=()', } From 808e7cd9064f62e4a864e52b40992796647304f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:34:37 +0900 Subject: [PATCH 03/19] Bump rails from 6.1.4.1 to 6.1.4.4 (#17159) * Bump rails from 6.1.4.1 to 6.1.4.4 Bumps [rails](https://github.com/rails/rails) from 6.1.4.1 to 6.1.4.4. - [Release notes](https://github.com/rails/rails/releases) - [Commits](https://github.com/rails/rails/compare/v6.1.4.1...v6.1.4.4) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Revert marcel to 1.0.1 Avoid some regression that need to be investigated Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claire --- Gemfile.lock | 108 +++++++++++++++++++++++++-------------------------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index de94d1788..7868f0f74 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,40 +1,40 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.4.1) - actionpack (= 6.1.4.1) - activesupport (= 6.1.4.1) + actioncable (6.1.4.4) + actionpack (= 6.1.4.4) + activesupport (= 6.1.4.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.4.1) - actionpack (= 6.1.4.1) - activejob (= 6.1.4.1) - activerecord (= 6.1.4.1) - activestorage (= 6.1.4.1) - activesupport (= 6.1.4.1) + actionmailbox (6.1.4.4) + actionpack (= 6.1.4.4) + activejob (= 6.1.4.4) + activerecord (= 6.1.4.4) + activestorage (= 6.1.4.4) + activesupport (= 6.1.4.4) mail (>= 2.7.1) - actionmailer (6.1.4.1) - actionpack (= 6.1.4.1) - actionview (= 6.1.4.1) - activejob (= 6.1.4.1) - activesupport (= 6.1.4.1) + actionmailer (6.1.4.4) + actionpack (= 6.1.4.4) + actionview (= 6.1.4.4) + activejob (= 6.1.4.4) + activesupport (= 6.1.4.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.4.1) - actionview (= 6.1.4.1) - activesupport (= 6.1.4.1) + actionpack (6.1.4.4) + actionview (= 6.1.4.4) + activesupport (= 6.1.4.4) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.4.1) - actionpack (= 6.1.4.1) - activerecord (= 6.1.4.1) - activestorage (= 6.1.4.1) - activesupport (= 6.1.4.1) + actiontext (6.1.4.4) + actionpack (= 6.1.4.4) + activerecord (= 6.1.4.4) + activestorage (= 6.1.4.4) + activesupport (= 6.1.4.4) nokogiri (>= 1.8.5) - actionview (6.1.4.1) - activesupport (= 6.1.4.1) + actionview (6.1.4.4) + activesupport (= 6.1.4.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -45,22 +45,22 @@ GEM case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) active_record_query_trace (1.8) - activejob (6.1.4.1) - activesupport (= 6.1.4.1) + activejob (6.1.4.4) + activesupport (= 6.1.4.4) globalid (>= 0.3.6) - activemodel (6.1.4.1) - activesupport (= 6.1.4.1) - activerecord (6.1.4.1) - activemodel (= 6.1.4.1) - activesupport (= 6.1.4.1) - activestorage (6.1.4.1) - actionpack (= 6.1.4.1) - activejob (= 6.1.4.1) - activerecord (= 6.1.4.1) - activesupport (= 6.1.4.1) + activemodel (6.1.4.4) + activesupport (= 6.1.4.4) + activerecord (6.1.4.4) + activemodel (= 6.1.4.4) + activesupport (= 6.1.4.4) + activestorage (6.1.4.4) + actionpack (= 6.1.4.4) + activejob (= 6.1.4.4) + activerecord (= 6.1.4.4) + activesupport (= 6.1.4.4) marcel (~> 1.0.0) mini_mime (>= 1.1.0) - activesupport (6.1.4.1) + activesupport (6.1.4.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -258,7 +258,7 @@ GEM fuubar (2.5.1) rspec-core (~> 3.0) ruby-progressbar (~> 1.4) - globalid (0.5.2) + globalid (1.0.0) activesupport (>= 5.0) hamlit (2.13.0) temple (>= 0.8.2) @@ -452,20 +452,20 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.4.1) - actioncable (= 6.1.4.1) - actionmailbox (= 6.1.4.1) - actionmailer (= 6.1.4.1) - actionpack (= 6.1.4.1) - actiontext (= 6.1.4.1) - actionview (= 6.1.4.1) - activejob (= 6.1.4.1) - activemodel (= 6.1.4.1) - activerecord (= 6.1.4.1) - activestorage (= 6.1.4.1) - activesupport (= 6.1.4.1) + rails (6.1.4.4) + actioncable (= 6.1.4.4) + actionmailbox (= 6.1.4.4) + actionmailer (= 6.1.4.4) + actionpack (= 6.1.4.4) + actiontext (= 6.1.4.4) + actionview (= 6.1.4.4) + activejob (= 6.1.4.4) + activemodel (= 6.1.4.4) + activerecord (= 6.1.4.4) + activestorage (= 6.1.4.4) + activesupport (= 6.1.4.4) bundler (>= 1.15.0) - railties (= 6.1.4.1) + railties (= 6.1.4.4) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -481,9 +481,9 @@ GEM railties (>= 6.0.0, < 7) rails-settings-cached (0.6.6) rails (>= 4.2.0) - railties (6.1.4.1) - actionpack (= 6.1.4.1) - activesupport (= 6.1.4.1) + railties (6.1.4.4) + actionpack (= 6.1.4.4) + activesupport (= 6.1.4.4) method_source rake (>= 0.13) thor (~> 1.0) From d528db801fecb60d87223004dcbc1249606c4795 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:34:55 +0900 Subject: [PATCH 04/19] Bump @babel/core from 7.16.7 to 7.16.12 (#17360) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.16.7 to 7.16.12. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.12/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 66 ++++++++++++++-------------------------------------- 2 files changed, 19 insertions(+), 49 deletions(-) diff --git a/package.json b/package.json index 0f0921b3b..c4cb92376 100644 --- a/package.json +++ b/package.json @@ -60,7 +60,7 @@ }, "private": true, "dependencies": { - "@babel/core": "^7.16.7", + "@babel/core": "^7.16.12", "@babel/plugin-proposal-decorators": "^7.16.7", "@babel/plugin-transform-react-inline-elements": "^7.16.7", "@babel/plugin-transform-runtime": "^7.16.8", diff --git a/yarn.lock b/yarn.lock index 9edbf527e..dd1ca3c2e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -21,20 +21,20 @@ resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.16.8.tgz#31560f9f29fdf1868de8cb55049538a1b9732a60" integrity sha512-m7OkX0IdKLKPpBlJtF561YJal5y/jyI5fNfWbPxh2D/nbzzGI4qRyrD8xO2jB24u7l+5I2a43scCG2IrfjC50Q== -"@babel/core@^7.1.0", "@babel/core@^7.12.3", "@babel/core@^7.16.7", "@babel/core@^7.7.2", "@babel/core@^7.8.0": - version "7.16.7" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.16.7.tgz#db990f931f6d40cb9b87a0dc7d2adc749f1dcbcf" - integrity sha512-aeLaqcqThRNZYmbMqtulsetOQZ/5gbR/dWruUCJcpas4Qoyy+QeagfDsPdMrqwsPRDNxJvBlRiZxxX7THO7qtA== +"@babel/core@^7.1.0", "@babel/core@^7.12.3", "@babel/core@^7.16.12", "@babel/core@^7.7.2", "@babel/core@^7.8.0": + version "7.16.12" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.16.12.tgz#5edc53c1b71e54881315923ae2aedea2522bb784" + integrity sha512-dK5PtG1uiN2ikk++5OzSYsitZKny4wOCD0nrO4TqnW4BVBTQ2NGS3NgilvT/TEyxTST7LNyWV/T4tXDoD3fOgg== dependencies: "@babel/code-frame" "^7.16.7" - "@babel/generator" "^7.16.7" + "@babel/generator" "^7.16.8" "@babel/helper-compilation-targets" "^7.16.7" "@babel/helper-module-transforms" "^7.16.7" "@babel/helpers" "^7.16.7" - "@babel/parser" "^7.16.7" + "@babel/parser" "^7.16.12" "@babel/template" "^7.16.7" - "@babel/traverse" "^7.16.7" - "@babel/types" "^7.16.7" + "@babel/traverse" "^7.16.10" + "@babel/types" "^7.16.8" convert-source-map "^1.7.0" debug "^4.1.0" gensync "^1.0.0-beta.2" @@ -42,16 +42,7 @@ semver "^6.3.0" source-map "^0.5.0" -"@babel/generator@^7.16.7", "@babel/generator@^7.7.2": - version "7.16.7" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.16.7.tgz#b42bf46a3079fa65e1544135f32e7958f048adbb" - integrity sha512-/ST3Sg8MLGY5HVYmrjOgL60ENux/HfO/CsUh7y4MalThufhE/Ff/6EibFDHi4jiDCaWfJKoqbE6oTh21c5hrRg== - dependencies: - "@babel/types" "^7.16.7" - jsesc "^2.5.1" - source-map "^0.5.0" - -"@babel/generator@^7.16.8": +"@babel/generator@^7.16.8", "@babel/generator@^7.7.2": version "7.16.8" resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.16.8.tgz#359d44d966b8cd059d543250ce79596f792f2ebe" integrity sha512-1ojZwE9+lOXzcWdWmO6TbUzDfqLD39CmEhN8+2cX9XkDo5yW1OpgfejfliysR2AWLpMamTiOiAp/mtroaymhpw== @@ -312,15 +303,10 @@ chalk "^2.0.0" js-tokens "^4.0.0" -"@babel/parser@^7.1.0", "@babel/parser@^7.14.7", "@babel/parser@^7.16.7", "@babel/parser@^7.7.0": - version "7.16.7" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.16.7.tgz#d372dda9c89fcec340a82630a9f533f2fe15877e" - integrity sha512-sR4eaSrnM7BV7QPzGfEX5paG/6wrZM3I0HDzfIAK06ESvo9oy3xBuVBxE3MbQaKNhvg8g/ixjMWo2CGpzpHsDA== - -"@babel/parser@^7.16.8": - version "7.16.8" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.16.8.tgz#61c243a3875f7d0b0962b0543a33ece6ff2f1f17" - integrity sha512-i7jDUfrVBWc+7OKcBzEe5n7fbv3i2fWtxKzzCvOjnzSxMfWMigAhtfJ7qzZNGFNMsCCd67+uz553dYKWXPvCKw== +"@babel/parser@^7.1.0", "@babel/parser@^7.14.7", "@babel/parser@^7.16.10", "@babel/parser@^7.16.12", "@babel/parser@^7.16.7", "@babel/parser@^7.7.0": + version "7.16.12" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.16.12.tgz#9474794f9a650cf5e2f892444227f98e28cdf8b6" + integrity sha512-VfaV15po8RiZssrkPweyvbGVSe4x2y+aciFCgn0n0/SJMR22cwofRV1mtnJQYcSB1wUTaA/X1LnA3es66MCO5A== "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.16.7": version "7.16.7" @@ -1045,26 +1031,10 @@ "@babel/parser" "^7.16.7" "@babel/types" "^7.16.7" -"@babel/traverse@^7.13.0", "@babel/traverse@^7.16.7", "@babel/traverse@^7.7.0", "@babel/traverse@^7.7.2": - version "7.16.7" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.16.7.tgz#dac01236a72c2560073658dd1a285fe4e0865d76" - integrity sha512-8KWJPIb8c2VvY8AJrydh6+fVRo2ODx1wYBU2398xJVq0JomuLBZmVQzLPBblJgHIGYG4znCpUZUZ0Pt2vdmVYQ== - dependencies: - "@babel/code-frame" "^7.16.7" - "@babel/generator" "^7.16.7" - "@babel/helper-environment-visitor" "^7.16.7" - "@babel/helper-function-name" "^7.16.7" - "@babel/helper-hoist-variables" "^7.16.7" - "@babel/helper-split-export-declaration" "^7.16.7" - "@babel/parser" "^7.16.7" - "@babel/types" "^7.16.7" - debug "^4.1.0" - globals "^11.1.0" - -"@babel/traverse@^7.16.8": - version "7.16.8" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.16.8.tgz#bab2f2b09a5fe8a8d9cad22cbfe3ba1d126fef9c" - integrity sha512-xe+H7JlvKsDQwXRsBhSnq1/+9c+LlQcCK3Tn/l5sbx02HYns/cn7ibp9+RV1sIUqu7hKg91NWsgHurO9dowITQ== +"@babel/traverse@^7.13.0", "@babel/traverse@^7.16.10", "@babel/traverse@^7.16.7", "@babel/traverse@^7.16.8", "@babel/traverse@^7.7.0", "@babel/traverse@^7.7.2": + version "7.16.10" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.16.10.tgz#448f940defbe95b5a8029975b051f75993e8239f" + integrity sha512-yzuaYXoRJBGMlBhsMJoUW7G1UmSb/eXr/JHYM/MsOJgavJibLwASijW7oXBdw3NQ6T0bW7Ty5P/VarOs9cHmqw== dependencies: "@babel/code-frame" "^7.16.7" "@babel/generator" "^7.16.8" @@ -1072,7 +1042,7 @@ "@babel/helper-function-name" "^7.16.7" "@babel/helper-hoist-variables" "^7.16.7" "@babel/helper-split-export-declaration" "^7.16.7" - "@babel/parser" "^7.16.8" + "@babel/parser" "^7.16.10" "@babel/types" "^7.16.8" debug "^4.1.0" globals "^11.1.0" From 0d82c0359d06411e63f36a8ebc5bbe2f5053340e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:39:08 +0900 Subject: [PATCH 05/19] Bump rubocop from 1.24.1 to 1.25.0 (#17322) Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.24.1 to 1.25.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.24.1...v1.25.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 331dcfe97..4af31ac15 100644 --- a/Gemfile +++ b/Gemfile @@ -133,7 +133,7 @@ group :development do gem 'letter_opener', '~> 1.7' gem 'letter_opener_web', '~> 2.0' gem 'memory_profiler' - gem 'rubocop', '~> 1.24', require: false + gem 'rubocop', '~> 1.25', require: false gem 'rubocop-rails', '~> 2.13', require: false gem 'brakeman', '~> 5.2', require: false gem 'bundler-audit', '~> 0.9', require: false diff --git a/Gemfile.lock b/Gemfile.lock index 7868f0f74..fcacd7ce8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -531,9 +531,9 @@ GEM rspec-support (3.10.3) rspec_junit_formatter (0.5.1) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.24.1) + rubocop (1.25.0) parallel (~> 1.10) - parser (>= 3.0.0.0) + parser (>= 3.1.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml @@ -774,7 +774,7 @@ DEPENDENCIES rspec-rails (~> 5.0) rspec-sidekiq (~> 3.1) rspec_junit_formatter (~> 0.5) - rubocop (~> 1.24) + rubocop (~> 1.25) rubocop-rails (~> 2.13) ruby-progressbar (~> 1.11) sanitize (~> 6.0) From 4b5629cc3da0137a4884bf62034be90dcc94408c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:39:43 +0900 Subject: [PATCH 06/19] Bump @babel/preset-env from 7.16.8 to 7.16.11 (#17358) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.16.8 to 7.16.11. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.11/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 33 +++++++++++++++++++++++---------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index c4cb92376..c57310435 100644 --- a/package.json +++ b/package.json @@ -64,7 +64,7 @@ "@babel/plugin-proposal-decorators": "^7.16.7", "@babel/plugin-transform-react-inline-elements": "^7.16.7", "@babel/plugin-transform-runtime": "^7.16.8", - "@babel/preset-env": "^7.16.8", + "@babel/preset-env": "^7.16.11", "@babel/preset-react": "^7.16.7", "@babel/runtime": "^7.16.7", "@gamestdio/websocket": "^0.3.2", diff --git a/yarn.lock b/yarn.lock index dd1ca3c2e..cc830925a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -84,6 +84,19 @@ browserslist "^4.17.5" semver "^6.3.0" +"@babel/helper-create-class-features-plugin@^7.16.10": + version "7.16.10" + resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.16.10.tgz#8a6959b9cc818a88815ba3c5474619e9c0f2c21c" + integrity sha512-wDeej0pu3WN/ffTxMNCPW5UCiOav8IcLRxSIyp/9+IF2xJUM9h/OYjg0IJLHaL6F8oU8kqMz9nc1vryXhMsgXg== + dependencies: + "@babel/helper-annotate-as-pure" "^7.16.7" + "@babel/helper-environment-visitor" "^7.16.7" + "@babel/helper-function-name" "^7.16.7" + "@babel/helper-member-expression-to-functions" "^7.16.7" + "@babel/helper-optimise-call-expression" "^7.16.7" + "@babel/helper-replace-supers" "^7.16.7" + "@babel/helper-split-export-declaration" "^7.16.7" + "@babel/helper-create-class-features-plugin@^7.16.7": version "7.16.7" resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.16.7.tgz#9c5b34b53a01f2097daf10678d65135c1b9f84ba" @@ -435,12 +448,12 @@ "@babel/helper-skip-transparent-expression-wrappers" "^7.16.0" "@babel/plugin-syntax-optional-chaining" "^7.8.3" -"@babel/plugin-proposal-private-methods@^7.16.7": - version "7.16.7" - resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-methods/-/plugin-proposal-private-methods-7.16.7.tgz#e418e3aa6f86edd6d327ce84eff188e479f571e0" - integrity sha512-7twV3pzhrRxSwHeIvFE6coPgvo+exNDOiGUMg39o2LiLo1Y+4aKpfkcLGcg1UHonzorCt7SNXnoMyCnnIOA8Sw== +"@babel/plugin-proposal-private-methods@^7.16.11": + version "7.16.11" + resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-methods/-/plugin-proposal-private-methods-7.16.11.tgz#e8df108288555ff259f4527dbe84813aac3a1c50" + integrity sha512-F/2uAkPlXDr8+BHpZvo19w3hLFKge+k75XUprE6jaqKxjGkSYcK+4c+bup5PdW/7W/Rpjwql7FTVEDW+fRAQsw== dependencies: - "@babel/helper-create-class-features-plugin" "^7.16.7" + "@babel/helper-create-class-features-plugin" "^7.16.10" "@babel/helper-plugin-utils" "^7.16.7" "@babel/plugin-proposal-private-property-in-object@^7.16.7": @@ -897,10 +910,10 @@ "@babel/helper-create-regexp-features-plugin" "^7.16.7" "@babel/helper-plugin-utils" "^7.16.7" -"@babel/preset-env@^7.16.8": - version "7.16.8" - resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.16.8.tgz#e682fa0bcd1cf49621d64a8956318ddfb9a05af9" - integrity sha512-9rNKgVCdwHb3z1IlbMyft6yIXIeP3xz6vWvGaLHrJThuEIqWfHb0DNBH9VuTgnDfdbUDhkmkvMZS/YMCtP7Elg== +"@babel/preset-env@^7.16.11": + version "7.16.11" + resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.16.11.tgz#5dd88fd885fae36f88fd7c8342475c9f0abe2982" + integrity sha512-qcmWG8R7ZW6WBRPZK//y+E3Cli151B20W1Rv7ln27vuPaXU/8TKms6jFdiJtF7UDTxcrb7mZd88tAeK9LjdT8g== dependencies: "@babel/compat-data" "^7.16.8" "@babel/helper-compilation-targets" "^7.16.7" @@ -920,7 +933,7 @@ "@babel/plugin-proposal-object-rest-spread" "^7.16.7" "@babel/plugin-proposal-optional-catch-binding" "^7.16.7" "@babel/plugin-proposal-optional-chaining" "^7.16.7" - "@babel/plugin-proposal-private-methods" "^7.16.7" + "@babel/plugin-proposal-private-methods" "^7.16.11" "@babel/plugin-proposal-private-property-in-object" "^7.16.7" "@babel/plugin-proposal-unicode-property-regex" "^7.16.7" "@babel/plugin-syntax-async-generators" "^7.8.4" From 2033ca6b3129c7ab426820f2f167bfc3da58a3db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:41:22 +0900 Subject: [PATCH 07/19] Bump nanoid from 3.1.23 to 3.2.0 (#17342) Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.23 to 3.2.0. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](https://github.com/ai/nanoid/compare/3.1.23...3.2.0) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index cc830925a..4c087db58 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7396,9 +7396,9 @@ nan@^2.12.1: integrity sha512-isWHgVjnFjh2x2yuJ/tj3JbwoHu3UC2dX5G/88Cm24yB6YopVgxvBObDY7n5xW6ExmFhJpSEQqFPvq9zaXc8Jw== nanoid@^3.1.23: - version "3.1.23" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.1.23.tgz#f744086ce7c2bc47ee0a8472574d5c78e4183a81" - integrity sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw== + version "3.2.0" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.2.0.tgz#62667522da6673971cca916a6d3eff3f415ff80c" + integrity sha512-fmsZYa9lpn69Ad5eDn7FMcnnSR+8R34W9qJEijxYhTbfOWzr22n1QxCMzXLK+ODyW2973V3Fux959iQoUxzUIA== nanomatch@^1.2.9: version "1.2.13" From ee7fafe1c81bcb9444fd11f870a41658097283e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:44:01 +0900 Subject: [PATCH 08/19] Bump node-fetch from 2.6.1 to 2.6.7 (#17366) Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/yarn.lock b/yarn.lock index 4c087db58..183204640 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7000,11 +7000,6 @@ lodash.merge@^4.6.2: resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== -lodash.sortby@^4.7.0: - version "4.7.0" - resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438" - integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg= - lodash.truncate@^4.4.2: version "4.4.2" resolved "https://registry.yarnpkg.com/lodash.truncate/-/lodash.truncate-4.4.2.tgz#5a350da0b1113b837ecfffd5812cbe58d6eae193" @@ -7443,9 +7438,11 @@ nice-try@^1.0.4: integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ== node-fetch@^2.6.0: - version "2.6.1" - resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052" - integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw== + version "2.6.7" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad" + integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ== + dependencies: + whatwg-url "^5.0.0" node-forge@^0.10.0: version "0.10.0" @@ -10608,13 +10605,6 @@ tough-cookie@^4.0.0: punycode "^2.1.1" universalify "^0.1.2" -tr46@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/tr46/-/tr46-2.0.2.tgz#03273586def1595ae08fedb38d7733cee91d2479" - integrity sha512-3n1qG+/5kg+jrbTzwAykB5yRYtQCTqOGKq5U5PE3b0a1/mzo6snDhjGS0zJVJunO0NrT3Dg1MLy5TjWP/UJppg== - dependencies: - punycode "^2.1.1" - tr46@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/tr46/-/tr46-2.1.0.tgz#fa87aa81ca5d5941da8cbf1f9b749dc969a4e240" @@ -10622,6 +10612,11 @@ tr46@^2.1.0: dependencies: punycode "^2.1.1" +tr46@~0.0.3: + version "0.0.3" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" + integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o= + ts-essentials@^2.0.3: version "2.0.12" resolved "https://registry.yarnpkg.com/ts-essentials/-/ts-essentials-2.0.12.tgz#c9303f3d74f75fa7528c3d49b80e089ab09d8745" @@ -11032,6 +11027,11 @@ wbuf@^1.1.0, wbuf@^1.7.3: dependencies: minimalistic-assert "^1.0.0" +webidl-conversions@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" + integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE= + webidl-conversions@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff" @@ -11227,16 +11227,15 @@ whatwg-mimetype@^2.3.0: resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf" integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g== -whatwg-url@^8.0.0: - version "8.2.2" - resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.2.2.tgz#85e7f9795108b53d554cec640b2e8aee2a0d4bfd" - integrity sha512-PcVnO6NiewhkmzV0qn7A+UZ9Xx4maNTI+O+TShmfE4pqjoCMwUMjkvoNhNHPTvgR7QH9Xt3R13iHuWy2sToFxQ== +whatwg-url@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d" + integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0= dependencies: - lodash.sortby "^4.7.0" - tr46 "^2.0.2" - webidl-conversions "^6.1.0" + tr46 "~0.0.3" + webidl-conversions "^3.0.0" -whatwg-url@^8.5.0: +whatwg-url@^8.0.0, whatwg-url@^8.5.0: version "8.6.0" resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.6.0.tgz#27c0205a4902084b872aecb97cf0f2a7a3011f4c" integrity sha512-os0KkeeqUOl7ccdDT1qqUcS4KH4tcBTSKK5Nl5WKb2lyxInIZ/CpjkqKa1Ss12mjfdcRX9mHmPPs7/SxG1Hbdw== From 029d89bfea69909aadf414c9eb4db64c8091f5f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:45:45 +0900 Subject: [PATCH 09/19] Bump bootsnap from 1.10.1 to 1.10.2 (#17367) Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.10.1 to 1.10.2. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md) - [Commits](https://github.com/Shopify/bootsnap/compare/v1.10.1...v1.10.2) --- updated-dependencies: - dependency-name: bootsnap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 4af31ac15..6d4e4afdc 100644 --- a/Gemfile +++ b/Gemfile @@ -26,7 +26,7 @@ gem 'blurhash', '~> 0.1' gem 'active_model_serializers', '~> 0.10' gem 'addressable', '~> 2.8' -gem 'bootsnap', '~> 1.10.1', require: false +gem 'bootsnap', '~> 1.10.2', require: false gem 'browser' gem 'charlock_holmes', '~> 0.7.7' gem 'iso-639' diff --git a/Gemfile.lock b/Gemfile.lock index fcacd7ce8..08ad888d0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -104,7 +104,7 @@ GEM debug_inspector (>= 0.0.1) blurhash (0.1.5) ffi (~> 1.14) - bootsnap (1.10.1) + bootsnap (1.10.2) msgpack (~> 1.2) brakeman (5.2.0) browser (4.2.0) @@ -375,7 +375,7 @@ GEM mini_mime (1.1.2) mini_portile2 (2.7.1) minitest (5.15.0) - msgpack (1.4.2) + msgpack (1.4.4) multi_json (1.15.0) multipart-post (2.1.1) net-ldap (0.17.0) @@ -686,7 +686,7 @@ DEPENDENCIES better_errors (~> 2.9) binding_of_caller (~> 1.0) blurhash (~> 0.1) - bootsnap (~> 1.10.1) + bootsnap (~> 1.10.2) brakeman (~> 5.2) browser bullet (~> 7.0) From 2dfb67f0c95950e7d8c3fe04082ccd11cefa3e00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:46:52 +0900 Subject: [PATCH 10/19] Bump aws-sdk-s3 from 1.111.1 to 1.111.3 (#17368) Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.111.1 to 1.111.3. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 08ad888d0..e0b0faa93 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -79,8 +79,8 @@ GEM encryptor (~> 3.0.0) awrence (1.1.1) aws-eventstream (1.2.0) - aws-partitions (1.547.0) - aws-sdk-core (3.125.1) + aws-partitions (1.549.0) + aws-sdk-core (3.125.5) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) @@ -88,7 +88,7 @@ GEM aws-sdk-kms (1.53.0) aws-sdk-core (~> 3, >= 3.125.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.111.1) + aws-sdk-s3 (1.111.3) aws-sdk-core (~> 3, >= 3.125.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) From daf2d8952d380c4df03c3865b4f241f51cd0d778 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:48:05 +0900 Subject: [PATCH 11/19] Bump cld3 from 3.4.3 to 3.4.4 (#17357) Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.4.3 to 3.4.4. - [Release notes](https://github.com/akihikodaki/cld3-ruby/releases) - [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.4.3...v3.4.4) --- updated-dependencies: - dependency-name: cld3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 6d4e4afdc..c5f8e12bf 100644 --- a/Gemfile +++ b/Gemfile @@ -31,7 +31,7 @@ gem 'browser' gem 'charlock_holmes', '~> 0.7.7' gem 'iso-639' gem 'chewy', '~> 7.2' -gem 'cld3', '~> 3.4.3' +gem 'cld3', '~> 3.4.4' gem 'devise', '~> 4.8' gem 'devise-two-factor', '~> 4.0' diff --git a/Gemfile.lock b/Gemfile.lock index e0b0faa93..8dcea7947 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -152,7 +152,7 @@ GEM elasticsearch (>= 7.12.0, < 7.14.0) elasticsearch-dsl chunky_png (1.4.0) - cld3 (3.4.3) + cld3 (3.4.4) ffi (>= 1.1.0, < 1.16.0) climate_control (0.2.0) coderay (1.1.3) @@ -235,7 +235,7 @@ GEM faraday-rack (1.0.0) fast_blank (1.0.1) fastimage (2.2.6) - ffi (1.15.4) + ffi (1.15.5) ffi-compiler (1.0.1) ffi (>= 1.0.0) rake @@ -698,7 +698,7 @@ DEPENDENCIES capybara (~> 3.36) charlock_holmes (~> 0.7.7) chewy (~> 7.2) - cld3 (~> 3.4.3) + cld3 (~> 3.4.4) climate_control (~> 0.2) color_diff (~> 0.1) concurrent-ruby From 69cb20bca4013cfbd2c6382a83602c23b3089553 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:52:40 +0900 Subject: [PATCH 12/19] Bump @babel/plugin-transform-runtime from 7.16.8 to 7.16.10 (#17361) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.16.8 to 7.16.10. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.16.10/packages/babel-plugin-transform-runtime) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-runtime" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index c57310435..17639e105 100644 --- a/package.json +++ b/package.json @@ -63,7 +63,7 @@ "@babel/core": "^7.16.12", "@babel/plugin-proposal-decorators": "^7.16.7", "@babel/plugin-transform-react-inline-elements": "^7.16.7", - "@babel/plugin-transform-runtime": "^7.16.8", + "@babel/plugin-transform-runtime": "^7.16.10", "@babel/preset-env": "^7.16.11", "@babel/preset-react": "^7.16.7", "@babel/runtime": "^7.16.7", diff --git a/yarn.lock b/yarn.lock index 183204640..23df02967 100644 --- a/yarn.lock +++ b/yarn.lock @@ -847,10 +847,10 @@ dependencies: "@babel/helper-plugin-utils" "^7.16.7" -"@babel/plugin-transform-runtime@^7.16.8": - version "7.16.8" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.16.8.tgz#3339368701103edae708f0fba9e4bfb70a3e5872" - integrity sha512-6Kg2XHPFnIarNweZxmzbgYnnWsXxkx9WQUVk2sksBRL80lBC1RAQV3wQagWxdCHiYHqPN+oenwNIuttlYgIbQQ== +"@babel/plugin-transform-runtime@^7.16.10": + version "7.16.10" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.16.10.tgz#53d9fd3496daedce1dd99639097fa5d14f4c7c2c" + integrity sha512-9nwTiqETv2G7xI4RvXHNfpGdr8pAA+Q/YtN3yLK7OoK7n9OibVm/xymJ838a9A6E/IciOLPj82lZk0fW6O4O7w== dependencies: "@babel/helper-module-imports" "^7.16.7" "@babel/helper-plugin-utils" "^7.16.7" From cea00f593e25ce5b2c4ae7856d48d9c55b9734d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:22:10 +0900 Subject: [PATCH 13/19] Bump sidekiq from 6.3.1 to 6.4.0 (#17350) Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.3.1 to 6.4.0. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.3.1...v6.4.0) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index c5f8e12bf..c2d5fa812 100644 --- a/Gemfile +++ b/Gemfile @@ -79,7 +79,7 @@ gem 'rqrcode', '~> 2.1' gem 'ruby-progressbar', '~> 1.11' gem 'sanitize', '~> 6.0' gem 'scenic', '~> 1.5' -gem 'sidekiq', '~> 6.3' +gem 'sidekiq', '~> 6.4' gem 'sidekiq-scheduler', '~> 3.1' gem 'sidekiq-unique-jobs', '~> 7.1' gem 'sidekiq-bulk', '~>0.2.0' diff --git a/Gemfile.lock b/Gemfile.lock index 8dcea7947..bd04a27c6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -563,7 +563,7 @@ GEM railties (>= 4.0.0) securecompare (1.0.0) semantic_range (3.0.0) - sidekiq (6.3.1) + sidekiq (6.4.0) connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.2.0) @@ -779,7 +779,7 @@ DEPENDENCIES ruby-progressbar (~> 1.11) sanitize (~> 6.0) scenic (~> 1.5) - sidekiq (~> 6.3) + sidekiq (~> 6.4) sidekiq-bulk (~> 0.2.0) sidekiq-scheduler (~> 3.1) sidekiq-unique-jobs (~> 7.1) From 7b2c733dfcde52263a54e8e760d1c48422499534 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:22:51 +0900 Subject: [PATCH 14/19] Bump fabrication from 2.23.1 to 2.24.0 (#17356) Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.23.1 to 2.24.0. - [Release notes](https://github.com/paulelliott/fabrication/releases) - [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown) - [Commits](https://github.com/paulelliott/fabrication/commits) --- updated-dependencies: - dependency-name: fabrication dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index c2d5fa812..b6d8594ff 100644 --- a/Gemfile +++ b/Gemfile @@ -100,7 +100,7 @@ gem 'json-ld-preloaded', '~> 3.1' gem 'rdf-normalize', '~> 0.4' group :development, :test do - gem 'fabrication', '~> 2.23' + gem 'fabrication', '~> 2.24' gem 'fuubar', '~> 2.5' gem 'i18n-tasks', '~> 0.9', require: false gem 'pry-byebug', '~> 3.9' diff --git a/Gemfile.lock b/Gemfile.lock index bd04a27c6..3d2d3cefa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -211,7 +211,7 @@ GEM et-orbi (1.2.4) tzinfo excon (0.76.0) - fabrication (2.23.1) + fabrication (2.24.0) faker (2.19.0) i18n (>= 1.6, < 2) faraday (1.8.0) @@ -710,7 +710,7 @@ DEPENDENCIES doorkeeper (~> 5.5) dotenv-rails (~> 2.7) ed25519 (~> 1.3) - fabrication (~> 2.23) + fabrication (~> 2.24) faker (~> 2.19) fast_blank (~> 1.0) fastimage From f0d73d82f80417d8bd7d9478deaf493902b005d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:23:42 +0900 Subject: [PATCH 15/19] Bump json-ld-preloaded from 3.1.6 to 3.2.0 (#17353) Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.6 to 3.2.0. - [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases) - [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.6...3.2.0) --- updated-dependencies: - dependency-name: json-ld-preloaded dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index b6d8594ff..9baefcf74 100644 --- a/Gemfile +++ b/Gemfile @@ -96,7 +96,7 @@ gem 'webpush', '~> 0.3' gem 'webauthn', '~> 3.0.0.alpha1' gem 'json-ld' -gem 'json-ld-preloaded', '~> 3.1' +gem 'json-ld-preloaded', '~> 3.2' gem 'rdf-normalize', '~> 0.4' group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index 3d2d3cefa..5be4a4639 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -312,9 +312,9 @@ GEM multi_json (~> 1.15) rack (~> 2.2) rdf (~> 3.2) - json-ld-preloaded (3.1.6) - json-ld (~> 3.1) - rdf (~> 3.1) + json-ld-preloaded (3.2.0) + json-ld (~> 3.2) + rdf (~> 3.2) jsonapi-renderer (0.2.2) jwt (2.2.2) kaminari (1.2.2) @@ -727,7 +727,7 @@ DEPENDENCIES idn-ruby iso-639 json-ld - json-ld-preloaded (~> 3.1) + json-ld-preloaded (~> 3.2) kaminari (~> 1.2) kt-paperclip (~> 7.0) letter_opener (~> 1.7) From bebf9bf33f1d07d95f50a4ec581b8d0d7e9afc70 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:25:26 +0900 Subject: [PATCH 16/19] Bump sass from 1.48.0 to 1.49.0 (#17352) Bumps [sass](https://github.com/sass/dart-sass) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.48.0...1.49.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 17639e105..e98107c27 100644 --- a/package.json +++ b/package.json @@ -152,7 +152,7 @@ "requestidlecallback": "^0.3.0", "reselect": "^4.1.5", "rimraf": "^3.0.2", - "sass": "^1.48.0", + "sass": "^1.49.0", "sass-loader": "^10.2.0", "stacktrace-js": "^2.0.2", "stringz": "^2.1.0", diff --git a/yarn.lock b/yarn.lock index 23df02967..6449c0864 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9532,10 +9532,10 @@ sass-loader@^10.2.0: schema-utils "^3.0.0" semver "^7.3.2" -sass@^1.48.0: - version "1.48.0" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.48.0.tgz#b53cfccc1b8ab4be375cc54f306fda9d4711162c" - integrity sha512-hQi5g4DcfjcipotoHZ80l7GNJHGqQS5LwMBjVYB/TaT0vcSSpbgM8Ad7cgfsB2M0MinbkEQQPO9+sjjSiwxqmw== +sass@^1.49.0: + version "1.49.0" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.49.0.tgz#65ec1b1d9a6bc1bae8d2c9d4b392c13f5d32c078" + integrity sha512-TVwVdNDj6p6b4QymJtNtRS2YtLJ/CqZriGg0eIAbAKMlN8Xy6kbv33FsEZSF7FufFFM705SQviHjjThfaQ4VNw== dependencies: chokidar ">=3.0.0 <4.0.0" immutable "^4.0.0" From 6505b39e5d28abf938bd5f593eda2988d322887b Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 26 Jan 2022 18:05:39 +0100 Subject: [PATCH 17/19] Fix poll updates being saved as status edits (#17373) Fix #17344 --- .../process_status_update_service.rb | 22 ++-- spec/lib/activitypub/activity/update_spec.rb | 112 +++++++++++++----- 2 files changed, 98 insertions(+), 36 deletions(-) diff --git a/app/services/activitypub/process_status_update_service.rb b/app/services/activitypub/process_status_update_service.rb index ed10a0063..e22ea1ab6 100644 --- a/app/services/activitypub/process_status_update_service.rb +++ b/app/services/activitypub/process_status_update_service.rb @@ -10,6 +10,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService @status = status @account = status.account @media_attachments_changed = false + @poll_changed = false # Only native types can be updated at the moment return if !expected_type? || already_updated_more_recently? @@ -27,6 +28,9 @@ class ActivityPub::ProcessStatusUpdateService < BaseService end queue_poll_notifications! + + next unless significant_changes? + reset_preview_card! broadcast_updates! else @@ -92,7 +96,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService # If for some reasons the options were changed, it invalidates all previous # votes, so we need to remove them if poll_parser.significantly_changes?(poll) - @media_attachments_changed = true + @poll_changed = true poll.votes.delete_all unless poll.new_record? end @@ -107,7 +111,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService @status.poll_id = poll.id elsif previous_poll.present? previous_poll.destroy! - @media_attachments_changed = true + @poll_changed = true @status.poll_id = nil end end @@ -117,7 +121,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService @status.spoiler_text = @status_parser.spoiler_text || '' @status.sensitive = @account.sensitized? || @status_parser.sensitive || false @status.language = @status_parser.language || detected_language - @status.edited_at = @status_parser.edited_at || Time.now.utc + @status.edited_at = @status_parser.edited_at || Time.now.utc if significant_changes? @status.save! end @@ -227,12 +231,12 @@ class ActivityPub::ProcessStatusUpdateService < BaseService end def create_edit! - return unless @status.text_previously_changed? || @status.spoiler_text_previously_changed? || @media_attachments_changed + return unless significant_changes? @status_edit = @status.edits.create( text: @status.text, spoiler_text: @status.spoiler_text, - media_attachments_changed: @media_attachments_changed, + media_attachments_changed: @media_attachments_changed || @poll_changed, account_id: @account.id, created_at: @status.edited_at ) @@ -248,13 +252,17 @@ class ActivityPub::ProcessStatusUpdateService < BaseService mime_type.present? && !MediaAttachment.supported_mime_types.include?(mime_type) end + def significant_changes? + @status.text_changed? || @status.text_previously_changed? || @status.spoiler_text_changed? || @status.spoiler_text_previously_changed? || @media_attachments_changed || @poll_changed + end + def already_updated_more_recently? @status.edited_at.present? && @status_parser.edited_at.present? && @status.edited_at > @status_parser.edited_at end def reset_preview_card! - @status.preview_cards.clear if @status.text_previously_changed? || @status.spoiler_text.present? - LinkCrawlWorker.perform_in(rand(1..59).seconds, @status.id) if @status.spoiler_text.blank? + @status.preview_cards.clear + LinkCrawlWorker.perform_in(rand(1..59).seconds, @status.id) end def broadcast_updates! diff --git a/spec/lib/activitypub/activity/update_spec.rb b/spec/lib/activitypub/activity/update_spec.rb index 1c9bcf43b..4cd853af2 100644 --- a/spec/lib/activitypub/activity/update_spec.rb +++ b/spec/lib/activitypub/activity/update_spec.rb @@ -4,43 +4,97 @@ RSpec.describe ActivityPub::Activity::Update do let!(:sender) { Fabricate(:account) } before do - stub_request(:get, actor_json[:outbox]).to_return(status: 404) - stub_request(:get, actor_json[:followers]).to_return(status: 404) - stub_request(:get, actor_json[:following]).to_return(status: 404) - stub_request(:get, actor_json[:featured]).to_return(status: 404) - sender.update!(uri: ActivityPub::TagManager.instance.uri_for(sender)) end - let(:modified_sender) do - sender.tap do |modified_sender| - modified_sender.display_name = 'Totally modified now' - end - end - - let(:actor_json) do - ActiveModelSerializers::SerializableResource.new(modified_sender, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter).as_json - end - - let(:json) do - { - '@context': 'https://www.w3.org/ns/activitystreams', - id: 'foo', - type: 'Update', - actor: ActivityPub::TagManager.instance.uri_for(sender), - object: actor_json, - }.with_indifferent_access - end + subject { described_class.new(json, sender) } describe '#perform' do - subject { described_class.new(json, sender) } + context 'with an Actor object' do + let(:modified_sender) do + sender.tap do |modified_sender| + modified_sender.display_name = 'Totally modified now' + end + end - before do - subject.perform + let(:actor_json) do + ActiveModelSerializers::SerializableResource.new(modified_sender, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter).as_json + end + + let(:json) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + id: 'foo', + type: 'Update', + actor: ActivityPub::TagManager.instance.uri_for(sender), + object: actor_json, + }.with_indifferent_access + end + + before do + stub_request(:get, actor_json[:outbox]).to_return(status: 404) + stub_request(:get, actor_json[:followers]).to_return(status: 404) + stub_request(:get, actor_json[:following]).to_return(status: 404) + stub_request(:get, actor_json[:featured]).to_return(status: 404) + + subject.perform + end + + it 'updates profile' do + expect(sender.reload.display_name).to eq 'Totally modified now' + end end - it 'updates profile' do - expect(sender.reload.display_name).to eq 'Totally modified now' + context 'with a Question object' do + let!(:at_time) { Time.now.utc } + let!(:status) { Fabricate(:status, account: sender, poll: Poll.new(account: sender, options: %w(Bar Baz), cached_tallies: [0, 0], expires_at: at_time + 5.days)) } + + let(:json) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + id: 'foo', + type: 'Update', + actor: ActivityPub::TagManager.instance.uri_for(sender), + object: { + type: 'Question', + id: ActivityPub::TagManager.instance.uri_for(status), + content: 'Foo', + endTime: (at_time + 5.days).iso8601, + oneOf: [ + { + type: 'Note', + name: 'Bar', + replies: { + type: 'Collection', + totalItems: 0, + }, + }, + + { + type: 'Note', + name: 'Baz', + replies: { + type: 'Collection', + totalItems: 12, + }, + }, + ], + }, + }.with_indifferent_access + end + + before do + status.update!(uri: ActivityPub::TagManager.instance.uri_for(status)) + subject.perform + end + + it 'updates poll numbers' do + expect(status.preloadable_poll.cached_tallies).to eq [0, 12] + end + + it 'does not set status as edited' do + expect(status.edited_at).to be_nil + end end end end From 10188c7db77cd90382d8c7476f0c3f97f92fc4be Mon Sep 17 00:00:00 2001 From: Su Yang Date: Thu, 27 Jan 2022 01:08:49 +0800 Subject: [PATCH 18/19] Add healthcheck for sidekiq (#17365) --- docker-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index c1c4e5ac7..01fe320a4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,6 +94,9 @@ services: - internal_network volumes: - ./public/system:/mastodon/public/system + healthcheck: + test: ["CMD-SHELL", "ps aux | grep '[s]idekiq\ 6' || false"] + ## Uncomment to enable federation with tor instances along with adding the following ENV variables ## http_proxy=http://privoxy:8118 ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true From 166cc5b89d60f8e2e1f748df86ff8a9003a4876e Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 26 Jan 2022 20:53:50 +0100 Subject: [PATCH 19/19] Fix local distribution of edited statuses (#17380) Because `FanOutOnWriteService#update?` was broken, edits were considered as new toots and a regular `update` payload was sent. --- app/services/fan_out_on_write_service.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/services/fan_out_on_write_service.rb b/app/services/fan_out_on_write_service.rb index f62f78a79..3a2e82b6d 100644 --- a/app/services/fan_out_on_write_service.rb +++ b/app/services/fan_out_on_write_service.rb @@ -119,7 +119,7 @@ class FanOutOnWriteService < BaseService end def update? - @is_update + @options[:update] end def broadcastable?