From 226d7a7badf0d03f2c2a57fd4da72889a3563d28 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 10:27:03 +0200 Subject: [PATCH 1/8] fix(deps): update dependency sass to v1.77.2 (#30338) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 07c89a5298..db706f04a7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -15316,15 +15316,15 @@ __metadata: linkType: hard "sass@npm:^1.62.1": - version: 1.77.1 - resolution: "sass@npm:1.77.1" + version: 1.77.2 + resolution: "sass@npm:1.77.2" dependencies: chokidar: "npm:>=3.0.0 <4.0.0" immutable: "npm:^4.0.0" source-map-js: "npm:>=0.6.2 <2.0.0" bin: sass: sass.js - checksum: 10c0/edcfc7d038234b1198c3ddcac5963fcd1e17a9c1ee0f9bd09784ab5353b60ff50b189b4c9154b34f5da9ca0eaab8b189fd3e83a4b43a494151ad4735f8e5f364 + checksum: 10c0/0d292339064de3c902e209d41de9c4eb2038cff326476aeebbb5be3eee1d23400d975face2b8e124ae617b10af3e93bec01580f61912f34e4c517fe137a118b6 languageName: node linkType: hard From f7f5b9dadd9e2cee98bf8a7d41193844a37c662b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 08:27:45 +0000 Subject: [PATCH 2/8] fix(deps): update dependency @rails/ujs to v7.1.3-3 (#30337) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 79544229df..773f19c50d 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "@formatjs/intl-pluralrules": "^5.2.2", "@gamestdio/websocket": "^0.3.2", "@github/webauthn-json": "^2.1.1", - "@rails/ujs": "7.1.3-2", + "@rails/ujs": "7.1.3-3", "@reduxjs/toolkit": "^2.0.1", "@svgr/webpack": "^5.5.0", "arrow-key-navigation": "^1.2.0", diff --git a/yarn.lock b/yarn.lock index db706f04a7..efe8cc0264 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2758,7 +2758,7 @@ __metadata: "@formatjs/intl-pluralrules": "npm:^5.2.2" "@gamestdio/websocket": "npm:^0.3.2" "@github/webauthn-json": "npm:^2.1.1" - "@rails/ujs": "npm:7.1.3-2" + "@rails/ujs": "npm:7.1.3-3" "@reduxjs/toolkit": "npm:^2.0.1" "@svgr/webpack": "npm:^5.5.0" "@testing-library/jest-dom": "npm:^6.0.0" @@ -3042,10 +3042,10 @@ __metadata: languageName: node linkType: hard -"@rails/ujs@npm:7.1.3-2": - version: 7.1.3-2 - resolution: "@rails/ujs@npm:7.1.3-2" - checksum: 10c0/8bd5b3a409c62f53790ed7e914f1f48235f461a472da7b4ce1d9ad57356fcdeaa7891c946298f7f620ff0ff7c6d5b995bf44057929c4fce796867a8cf4f27c99 +"@rails/ujs@npm:7.1.3-3": + version: 7.1.3-3 + resolution: "@rails/ujs@npm:7.1.3-3" + checksum: 10c0/9eee95372b72d8f704b67f14a3bf9f2681ab5b11c7b79919bfde3341f2970771876af5b40de5b3e4fca6a97c76a41046eff71d96490617c1fc80ef3ad8bbac47 languageName: node linkType: hard From 3286ad5226ca220a40f12353df2237c4f822af1d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 10:28:01 +0200 Subject: [PATCH 3/8] chore(deps): update dependency selenium-webdriver to v4.21.1 (#30335) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6001c73db4..2f46655549 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -775,7 +775,7 @@ GEM scenic (1.8.0) activerecord (>= 4.0.0) railties (>= 4.0.0) - selenium-webdriver (4.21.0) + selenium-webdriver (4.21.1) base64 (~> 0.2) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) From fc166d07f0b5472866e1e13a0c12d78a0c7bbcfb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 10:28:22 +0200 Subject: [PATCH 4/8] chore(deps): update dependency rails to v7.1.3.3 (#30334) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Gemfile.lock | 108 +++++++++++++++++++++++++-------------------------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2f46655549..eade99acfd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,35 +10,35 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + actioncable (7.1.3.3) + actionpack (= 7.1.3.3) + activesupport (= 7.1.3.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailbox (7.1.3.3) + actionpack (= 7.1.3.3) + activejob (= 7.1.3.3) + activerecord (= 7.1.3.3) + activestorage (= 7.1.3.3) + activesupport (= 7.1.3.3) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.1.3.2) - actionpack (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailer (7.1.3.3) + actionpack (= 7.1.3.3) + actionview (= 7.1.3.3) + activejob (= 7.1.3.3) + activesupport (= 7.1.3.3) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.2) - actionpack (7.1.3.2) - actionview (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionpack (7.1.3.3) + actionview (= 7.1.3.3) + activesupport (= 7.1.3.3) nokogiri (>= 1.8.5) racc rack (>= 2.2.4) @@ -46,15 +46,15 @@ GEM rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.3.2) - actionpack (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actiontext (7.1.3.3) + actionpack (= 7.1.3.3) + activerecord (= 7.1.3.3) + activestorage (= 7.1.3.3) + activesupport (= 7.1.3.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.3.2) - activesupport (= 7.1.3.2) + actionview (7.1.3.3) + activesupport (= 7.1.3.3) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) @@ -64,22 +64,22 @@ GEM activemodel (>= 4.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (7.1.3.2) - activesupport (= 7.1.3.2) + activejob (7.1.3.3) + activesupport (= 7.1.3.3) globalid (>= 0.3.6) - activemodel (7.1.3.2) - activesupport (= 7.1.3.2) - activerecord (7.1.3.2) - activemodel (= 7.1.3.2) - activesupport (= 7.1.3.2) + activemodel (7.1.3.3) + activesupport (= 7.1.3.3) + activerecord (7.1.3.3) + activemodel (= 7.1.3.3) + activesupport (= 7.1.3.3) timeout (>= 0.4.0) - activestorage (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activesupport (= 7.1.3.2) + activestorage (7.1.3.3) + actionpack (= 7.1.3.3) + activejob (= 7.1.3.3) + activerecord (= 7.1.3.3) + activesupport (= 7.1.3.3) marcel (~> 1.0) - activesupport (7.1.3.2) + activesupport (7.1.3.3) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) @@ -444,7 +444,7 @@ GEM timeout net-smtp (0.5.0) net-protocol - nio4r (2.7.1) + nio4r (2.7.3) nokogiri (1.16.5) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -634,20 +634,20 @@ GEM rackup (1.0.0) rack (< 3) webrick - rails (7.1.3.2) - actioncable (= 7.1.3.2) - actionmailbox (= 7.1.3.2) - actionmailer (= 7.1.3.2) - actionpack (= 7.1.3.2) - actiontext (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activemodel (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + rails (7.1.3.3) + actioncable (= 7.1.3.3) + actionmailbox (= 7.1.3.3) + actionmailer (= 7.1.3.3) + actionpack (= 7.1.3.3) + actiontext (= 7.1.3.3) + actionview (= 7.1.3.3) + activejob (= 7.1.3.3) + activemodel (= 7.1.3.3) + activerecord (= 7.1.3.3) + activestorage (= 7.1.3.3) + activesupport (= 7.1.3.3) bundler (>= 1.15.0) - railties (= 7.1.3.2) + railties (= 7.1.3.3) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -662,9 +662,9 @@ GEM rails-i18n (7.0.9) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) - railties (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + railties (7.1.3.3) + actionpack (= 7.1.3.3) + activesupport (= 7.1.3.3) irb rackup (>= 1.0.0) rake (>= 12.2) From a6d12299f22e0318f0bea8b4a0192e6c07398b70 Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Fri, 17 May 2024 04:29:13 -0400 Subject: [PATCH 5/8] Remove duplicate method def `ApplicationHelper#instance_presenter` (#30331) --- app/helpers/application_helper.rb | 4 ++++ app/helpers/mascot_helper.rb | 11 ----------- app/mailers/user_mailer.rb | 1 - 3 files changed, 4 insertions(+), 12 deletions(-) delete mode 100644 app/helpers/mascot_helper.rb diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index eb03f1e4ba..7563ae6105 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -240,6 +240,10 @@ module ApplicationHelper EmojiFormatter.new(html, custom_emojis, other_options.merge(animate: prefers_autoplay?)).to_s end + def mascot_url + full_asset_url(instance_presenter.mascot&.file&.url || frontend_asset_path('images/elephant_ui_plane.svg')) + end + def instance_presenter @instance_presenter ||= InstancePresenter.new end diff --git a/app/helpers/mascot_helper.rb b/app/helpers/mascot_helper.rb deleted file mode 100644 index 34b656411e..0000000000 --- a/app/helpers/mascot_helper.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -module MascotHelper - def mascot_url - full_asset_url(instance_presenter.mascot&.file&.url || frontend_asset_path('images/elephant_ui_plane.svg')) - end - - def instance_presenter - @instance_presenter ||= InstancePresenter.new - end -end diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index f8c1c9a8d0..81a2c0c6d0 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -5,7 +5,6 @@ class UserMailer < Devise::Mailer helper :accounts helper :application - helper :mascot helper :formatting helper :instance helper :routing From bff7769f5f9a4f3995038ad759c1b48a636d303b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 10:41:35 +0200 Subject: [PATCH 6/8] New Crowdin Translations (automated) (#30336) Co-authored-by: GitHub Actions --- config/locales/simple_form.fi.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/locales/simple_form.fi.yml b/config/locales/simple_form.fi.yml index 4971e25022..2f7010bacf 100644 --- a/config/locales/simple_form.fi.yml +++ b/config/locales/simple_form.fi.yml @@ -81,9 +81,11 @@ fi: backups_retention_period: Käyttäjillä on mahdollisuus arkistoida julkaisujaan myöhemmin ladattaviksi. Kun tämä on asetettu positiiviseksi arvoksi, nämä arkistot poistetaan automaattisesti asetetun päivien määrän jälkeen. bootstrap_timeline_accounts: Nämä tilit kiinnitetään uusien käyttäjien seuraamissuosituslistojen alkuun. closed_registrations_message: Näkyy, kun rekisteröityminen on suljettu + content_cache_retention_period: Kaikki muiden palvelimien viestit (mukaan lukien tehostukset ja vastaukset) poistetaan määritetyn päivien lukumäärän jälkeen, ottamatta huomioon paikallisen käyttäjän vuorovaikutusta kyseisten viestien kanssa. Sisältää viestit, jossa paikallinen käyttäjä on merkinnyt kirjanmerkiksi tai suosikeiksi. Myös yksityiset maininnat eri käyttäjien välillä menetetään, eikä niitä voi palauttaa. Tämän asetuksen käyttö on tarkoitettu erityisiin tapauksiin ja se rikkoo monia käyttäjien odotuksia, kun se toteutetaan yleistarkoituksiin. custom_css: Voit käyttää mukautettuja tyylejä Mastodonin verkkoversiossa. favicon: WEBP, PNG, GIF tai JPG. Korvaa oletusarvoisen Mastodonin suosikkikuvakkeen omalla kuvakkeella. mascot: Ohittaa kuvituksen edistyneessä selainkäyttöliittymässä. + media_cache_retention_period: Mediatiedostot käyttäjien tekemistä viesteistä ovat välimuistissa palvelimellasi. Kun arvo on positiivinen, media poistetaan määritetyn ajan jälkeen. Jos mediaa pyydetään sen poistamisen jälkeen, ne ladataan uudelleen, jos lähdesisältö on vielä saatavilla. Koska linkkien katselun kyselyitä kolmansien osapuolien sivustoille on rajoitettu, on suositeltavaa asettaa tämä arvo vähintään 14 päivään tai linkkien kortteja ei päivitetä pyynnöstä ennen tätä aikaa. peers_api_enabled: Luettelo verkkotunnuksista, jotka tämä palvelin on kohdannut fediversumissa. Se ei kerro, oletko liitossa tietyn palvelimen kanssa, vaan että palvelimesi on ylipäätään tietoinen siitä. Tätä tietoa käytetään palveluissa, jotka keräävät tilastoja federoinnista yleisellä tasolla. profile_directory: Profiilihakemisto lueteloi kaikki käyttäjät, jotka ovat ilmoittaneet olevansa löydettävissä. require_invite_text: Kun rekisteröityminen vaatii manuaalisen hyväksynnän, tee ”Miksi haluat liittyä?” -tekstikentästä pakollinen vapaaehtoisen sijaan From a627219b25f1787cbee0174e37e36e440489eb66 Mon Sep 17 00:00:00 2001 From: Jeong Arm Date: Fri, 17 May 2024 18:18:54 +0900 Subject: [PATCH 7/8] Fix moderation action logs (#30342) --- app/models/admin/action_log_filter.rb | 1 + config/locales/en.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb index f581af74e8..fc984b2445 100644 --- a/app/models/admin/action_log_filter.rb +++ b/app/models/admin/action_log_filter.rb @@ -59,6 +59,7 @@ class Admin::ActionLogFilter unsuspend_account: { target_type: 'Account', action: 'unsuspend' }.freeze, update_announcement: { target_type: 'Announcement', action: 'update' }.freeze, update_custom_emoji: { target_type: 'CustomEmoji', action: 'update' }.freeze, + update_report: { target_type: 'Report', action: 'update' }.freeze, update_status: { target_type: 'Status', action: 'update' }.freeze, update_user_role: { target_type: 'UserRole', action: 'update' }.freeze, update_ip_block: { target_type: 'IpBlock', action: 'update' }.freeze, diff --git a/config/locales/en.yml b/config/locales/en.yml index 446d06f0d1..d3704bbbcf 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -285,6 +285,7 @@ en: update_custom_emoji_html: "%{name} updated emoji %{target}" update_domain_block_html: "%{name} updated domain block for %{target}" update_ip_block_html: "%{name} changed rule for IP %{target}" + update_report_html: "%{name} updated report %{target}" update_status_html: "%{name} updated post by %{target}" update_user_role_html: "%{name} changed %{target} role" deleted_account: deleted account From 12472e7f407c42bcff6ee204b9f1887b5824734f Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 17 May 2024 11:28:40 +0200 Subject: [PATCH 8/8] Add emphasis on ActiveRecord Encryption configuration values being secret (#30340) --- .env.test | 9 +++++---- config/initializers/active_record_encryption.rb | 13 +++++++++++-- lib/tasks/db.rake | 2 +- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.env.test b/.env.test index 9e6abea5c9..d2763e582a 100644 --- a/.env.test +++ b/.env.test @@ -4,7 +4,8 @@ NODE_ENV=production LOCAL_DOMAIN=cb6e6126.ngrok.io LOCAL_HTTPS=true -# Required by ActiveRecord encryption feature -ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR -ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E -ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr +# Secret values required by ActiveRecord encryption feature +# Use `bin/rails db:encryption:init` to generate fresh secrets +ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=test_determinist_key_DO_NOT_USE_IN_PRODUCTION +ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=test_salt_DO_NOT_USE_IN_PRODUCTION +ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=test_primary_key_DO_NOT_USE_IN_PRODUCTION diff --git a/config/initializers/active_record_encryption.rb b/config/initializers/active_record_encryption.rb index 7cda8c621c..777bafc273 100644 --- a/config/initializers/active_record_encryption.rb +++ b/config/initializers/active_record_encryption.rb @@ -5,7 +5,7 @@ ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY ).each do |key| - ENV.fetch(key) do + value = ENV.fetch(key) do abort <<~MESSAGE Mastodon now requires that these variables are set: @@ -14,9 +14,18 @@ - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY - Run `bin/rails db:encryption:init` to generate values and then assign the environment variables. + Run `bin/rails db:encryption:init` to generate new secrets and then assign the environment variables. MESSAGE end + + next unless Rails.env.production? && value.end_with?('DO_NOT_USE_IN_PRODUCTION') + + abort <<~MESSAGE + + It looks like you are trying to run Mastodon in production with a #{key} value from the test environment. + + Please generate fresh secrets using `bin/rails db:encryption:init` and use them instead. + MESSAGE end Rails.application.configure do diff --git a/lib/tasks/db.rake b/lib/tasks/db.rake index d6377c9c82..d8bc927bc4 100644 --- a/lib/tasks/db.rake +++ b/lib/tasks/db.rake @@ -8,7 +8,7 @@ namespace :db do desc 'Generate a set of keys for configuring Active Record encryption in a given environment' task :init do # rubocop:disable Rails/RakeEnvironment puts <<~MSG - Add these environment variables to your Mastodon environment:#{' '} + Add these secret environment variables to your Mastodon environment (e.g. .env.production):#{' '} ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=#{SecureRandom.alphanumeric(32)} ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=#{SecureRandom.alphanumeric(32)}