diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh index 7c3852e7e..a075cc7b3 100755 --- a/.devcontainer/post-create.sh +++ b/.devcontainer/post-create.sh @@ -3,14 +3,16 @@ set -e # Fail the whole script on first error # Fetch Ruby gem dependencies -bundle install --path vendor/bundle --with='development test' - -# Fetch Javascript dependencies -yarn install +bundle config path 'vendor/bundle' +bundle config with 'development test' +bundle install # Make Gemfile.lock pristine again git checkout -- Gemfile.lock +# Fetch Javascript dependencies +yarn --frozen-lockfile + # [re]create, migrate, and seed the test database RAILS_ENV=test ./bin/rails db:setup diff --git a/.github/workflows/check-i18n.yml b/.github/workflows/check-i18n.yml index aa8f1f584..df0d75c9f 100644 --- a/.github/workflows/check-i18n.yml +++ b/.github/workflows/check-i18n.yml @@ -30,13 +30,28 @@ jobs: ruby-version: .ruby-version bundler-cache: true + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + cache: yarn + node-version-file: '.nvmrc' + + - name: Install all yarn packages + run: yarn --frozen-lockfile + + - name: Check for missing strings in English JSON + run: | + yarn build:development + yarn manage:translations + git diff --exit-code + - name: Check locale file normalization run: bundle exec i18n-tasks check-normalized - name: Check for unused strings run: bundle exec i18n-tasks unused - - name: Check for missing strings in English + - name: Check for missing strings in English YML run: | bundle exec i18n-tasks add-missing -l en git diff --exit-code diff --git a/.github/workflows/lint-js.yml b/.github/workflows/lint-js.yml index 44929f63d..e0c309c73 100644 --- a/.github/workflows/lint-js.yml +++ b/.github/workflows/lint-js.yml @@ -6,22 +6,28 @@ on: paths: - 'package.json' - 'yarn.lock' + - 'tsconfig.json' - '.nvmrc' - '.prettier*' - '.eslint*' - '**/*.js' - '**/*.jsx' + - '**/*.ts' + - '**/*.tsx' - '.github/workflows/lint-js.yml' pull_request: paths: - 'package.json' - 'yarn.lock' + - 'tsconfig.json' - '.nvmrc' - '.prettier*' - '.eslint*' - '**/*.js' - '**/*.jsx' + - '**/*.ts' + - '**/*.tsx' - '.github/workflows/lint-js.yml' jobs: @@ -43,3 +49,6 @@ jobs: - name: ESLint run: yarn test:lint:js + + - name: Typecheck + run: yarn test:typecheck diff --git a/.nvmrc b/.nvmrc index 030fcd56b..59ea99ee6 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -16.19 +16.20 diff --git a/.prettierignore b/.prettierignore index af0411e9c..36ba57bfb 100644 --- a/.prettierignore +++ b/.prettierignore @@ -70,6 +70,8 @@ app/javascript/styles/mastodon/reset.scss # Ignore Javascript pending https://github.com/mastodon/mastodon/pull/23631 *.js *.jsx +*.ts +*.tsx # Ignore HTML till cleaned and included in CI *.html diff --git a/CHANGELOG.md b/CHANGELOG.md index 4527c50d9..91a2c48a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,20 @@ All notable changes to this project will be documented in this file. +## [4.1.2] - 2023-04-04 + +### Fixed + +- Fix crash in `tootctl` commands making use of parallelization when Elasticsearch is enabled ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24182), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24377)) +- Fix crash in `db:setup` when Elasticsearch is enabled ([rrgeorge](https://github.com/mastodon/mastodon/pull/24302)) +- Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24200)) +- Fix invalid/expired invites being processed on sign-up ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24337)) + +### Security + +- Update Ruby to 3.0.6 due to ReDoS vulnerabilities ([saizai](https://github.com/mastodon/mastodon/pull/24334)) +- Fix unescaped user input in LDAP query ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24379)) + ## [4.1.1] - 2023-03-16 ### Added diff --git a/Dockerfile b/Dockerfile index dca547c6d..978933421 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1.4 # This needs to be bullseye-slim because the Ruby image is built on bullseye-slim -ARG NODE_VERSION="16.19-bullseye-slim" +ARG NODE_VERSION="16.20-bullseye-slim" FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.2-slim as ruby FROM node:${NODE_VERSION} as build @@ -18,7 +18,6 @@ COPY Gemfile* package.json yarn.lock /opt/mastodon/ # hadolint ignore=DL3008 RUN apt-get update && \ apt-get install -y --no-install-recommends build-essential \ - ca-certificates \ git \ libicu-dev \ libidn11-dev \ diff --git a/Gemfile b/Gemfile index 46f3e0106..d175d7412 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ ruby '>= 2.7.0', '< 3.3.0' gem 'pkg-config', '~> 1.5' -gem 'puma', '~> 6.1' +gem 'puma', '~> 6.2' gem 'rails', '~> 6.1.7' gem 'sprockets', '~> 3.7.2' gem 'thor', '~> 1.2' @@ -17,7 +17,7 @@ gem 'makara', '~> 0.5' gem 'pghero' gem 'dotenv-rails', '~> 2.8' -gem 'aws-sdk-s3', '~> 1.119', require: false +gem 'aws-sdk-s3', '~> 1.120', require: false gem 'fog-core', '<= 2.4.0' gem 'fog-openstack', '~> 0.3', require: false gem 'kt-paperclip', '~> 7.1', github: 'kreeti/kt-paperclip', ref: '11abf222dc31bff71160a1d138b445214f434b2b' @@ -118,7 +118,7 @@ group :production, :test do end group :test do - gem 'capybara', '~> 3.38' + gem 'capybara', '~> 3.39' gem 'climate_control' gem 'faker', '~> 3.1' gem 'json-schema', '~> 3.0' diff --git a/Gemfile.lock b/Gemfile.lock index 683539844..5b05b79d6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,7 +94,7 @@ GEM minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.8.1) + addressable (2.8.2) public_suffix (>= 2.0.2, < 6.0) aes_key_wrap (1.1.0) airbrussh (1.4.1) @@ -109,7 +109,7 @@ GEM attr_required (1.0.1) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.735.0) + aws-partitions (1.739.0) aws-sdk-core (3.171.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) @@ -118,7 +118,7 @@ GEM aws-sdk-kms (1.63.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.119.2) + aws-sdk-s3 (1.120.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) @@ -166,7 +166,7 @@ GEM sshkit (~> 1.3) capistrano-yarn (2.0.2) capistrano (~> 3.0) - capybara (3.38.0) + capybara (3.39.0) addressable matrix mini_mime (>= 0.1.3) @@ -438,7 +438,7 @@ GEM net-smtp (0.3.3) net-protocol net-ssh (7.0.1) - nio4r (2.5.8) + nio4r (2.5.9) nokogiri (1.14.2) mini_portile2 (~> 2.8.0) racc (~> 1.4) @@ -481,7 +481,7 @@ GEM orm_adapter (0.5.0) ox (2.14.14) parallel (1.22.1) - parser (3.2.1.1) + parser (3.2.2.0) ast (~> 2.4.1) parslet (2.0.0) pastel (0.8.0) @@ -501,7 +501,7 @@ GEM premailer (~> 1.7, >= 1.7.9) private_address_check (0.5.0) public_suffix (5.0.1) - puma (6.1.1) + puma (6.2.1) nio4r (~> 2.0) pundit (2.3.0) activesupport (>= 3.0.0) @@ -603,17 +603,17 @@ GEM rspec_chunked (0.6) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.48.1) + rubocop (1.49.0) json (~> 2.3) parallel (~> 1.10) parser (>= 3.2.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.26.0, < 2.0) + rubocop-ast (>= 1.28.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.27.0) + rubocop-ast (1.28.0) parser (>= 3.2.1.0) rubocop-capybara (2.17.1) rubocop (~> 1.41) @@ -771,7 +771,7 @@ DEPENDENCIES active_model_serializers (~> 0.10) addressable (~> 2.8) annotate (~> 3.2) - aws-sdk-s3 (~> 1.119) + aws-sdk-s3 (~> 1.120) better_errors (~> 2.9) binding_of_caller (~> 1.0) blurhash (~> 0.1) @@ -783,7 +783,7 @@ DEPENDENCIES capistrano-rails (~> 1.6) capistrano-rbenv (~> 2.2) capistrano-yarn (~> 2.0) - capybara (~> 3.38) + capybara (~> 3.39) charlock_holmes (~> 0.7.7) chewy (~> 7.2) climate_control @@ -847,7 +847,7 @@ DEPENDENCIES premailer-rails private_address_check (~> 0.5) public_suffix (~> 5.0) - puma (~> 6.1) + puma (~> 6.2) pundit (~> 2.3) rack (~> 2.2.6) rack-attack (~> 6.6) diff --git a/app/controllers/backups_controller.rb b/app/controllers/backups_controller.rb index 0687b62c5..5891da6f6 100644 --- a/app/controllers/backups_controller.rb +++ b/app/controllers/backups_controller.rb @@ -13,7 +13,7 @@ class BackupsController < ApplicationController when :s3 redirect_to @backup.dump.expiring_url(10) when :fog - if Paperclip::Attachment.default_options.dig(:storage, :fog_credentials, :openstack_temp_url_key).present? + if Paperclip::Attachment.default_options.dig(:fog_credentials, :openstack_temp_url_key).present? redirect_to @backup.dump.expiring_url(Time.now.utc + 10) else redirect_to full_asset_url(@backup.dump.url) diff --git a/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb b/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb index cbba842a9..0bff01ec2 100644 --- a/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb +++ b/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb @@ -22,18 +22,9 @@ module Settings private - def confirmation_params - params.require(:form_two_factor_confirmation).permit(:otp_attempt) - end - def verify_otp_not_enabled redirect_to settings_two_factor_authentication_methods_path if current_user.otp_enabled? end - - def acceptable_code? - current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt]) || - current_user.invalidate_otp_backup_code!(confirmation_params[:otp_attempt]) - end end end end diff --git a/app/javascript/mastodon/actions/markers.js b/app/javascript/mastodon/actions/markers.js index 16ec7fe77..ca246dce7 100644 --- a/app/javascript/mastodon/actions/markers.js +++ b/app/javascript/mastodon/actions/markers.js @@ -55,7 +55,7 @@ export const synchronouslySubmitMarkers = () => (dispatch, getState) => { client.open('POST', '/api/v1/markers', false); client.setRequestHeader('Content-Type', 'application/json'); client.setRequestHeader('Authorization', `Bearer ${accessToken}`); - client.SUBMIT(JSON.stringify(params)); + client.send(JSON.stringify(params)); } catch (e) { // Do not make the BeforeUnload handler error out } diff --git a/app/javascript/mastodon/base_polyfills.js b/app/javascript/mastodon/base_polyfills.js index d3ac0d510..91bc5d6dc 100644 --- a/app/javascript/mastodon/base_polyfills.js +++ b/app/javascript/mastodon/base_polyfills.js @@ -1,16 +1,11 @@ import 'intl'; import 'intl/locale-data/jsonp/en'; import 'es6-symbol/implement'; -import includes from 'array-includes'; import assign from 'object-assign'; import values from 'object.values'; import { decode as decodeBase64 } from './utils/base64'; import promiseFinally from 'promise.prototype.finally'; -if (!Array.prototype.includes) { - includes.shim(); -} - if (!Object.assign) { Object.assign = assign; } diff --git a/app/javascript/mastodon/components/admin/ReportReasonSelector.jsx b/app/javascript/mastodon/components/admin/ReportReasonSelector.jsx index 58a861fde..cd14dac4e 100644 --- a/app/javascript/mastodon/components/admin/ReportReasonSelector.jsx +++ b/app/javascript/mastodon/components/admin/ReportReasonSelector.jsx @@ -33,7 +33,7 @@ class Category extends React.PureComponent { const { id, text, disabled, selected, children } = this.props; return ( -