From 90093f179595fbd73bbdbed3bc2c212dc932e3ec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 May 2019 15:00:24 +0900
Subject: [PATCH 1/5] Bump aws-sdk-s3 from 1.36.1 to 1.38.0 (#10769)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.36.1 to 1.38.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.36.1...v1.38.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Gemfile b/Gemfile
index 3e1d32d54..0d1b02fce 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,7 +15,7 @@ gem 'makara', '~> 0.4'
 gem 'pghero', '~> 2.2'
 gem 'dotenv-rails', '~> 2.7'
 
-gem 'aws-sdk-s3', '~> 1.36', require: false
+gem 'aws-sdk-s3', '~> 1.38', require: false
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'paperclip', '~> 6.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 9f11589a6..0e54a5a70 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -75,18 +75,18 @@ GEM
       encryptor (~> 3.0.0)
     av (0.9.0)
       cocaine (~> 0.5.3)
-    aws-eventstream (1.0.2)
-    aws-partitions (1.151.0)
-    aws-sdk-core (3.48.4)
+    aws-eventstream (1.0.3)
+    aws-partitions (1.162.0)
+    aws-sdk-core (3.52.1)
       aws-eventstream (~> 1.0, >= 1.0.2)
       aws-partitions (~> 1.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-kms (1.17.0)
-      aws-sdk-core (~> 3, >= 3.48.2)
+    aws-sdk-kms (1.20.0)
+      aws-sdk-core (~> 3, >= 3.52.1)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.36.1)
-      aws-sdk-core (~> 3, >= 3.48.2)
+    aws-sdk-s3 (1.38.0)
+      aws-sdk-core (~> 3, >= 3.52.1)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.0)
     aws-sigv4 (1.1.0)
@@ -658,7 +658,7 @@ DEPENDENCIES
   active_record_query_trace (~> 1.6)
   addressable (~> 2.6)
   annotate (~> 2.7)
-  aws-sdk-s3 (~> 1.36)
+  aws-sdk-s3 (~> 1.38)
   better_errors (~> 2.5)
   binding_of_caller (~> 0.7)
   blurhash (~> 0.1)

From 2310dd40fa6a0b3fa9ed6463b75c60ce94f328e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 May 2019 16:13:52 +0900
Subject: [PATCH 2/5] Bump capybara from 3.19.1 to 3.20.0 (#10768)

Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.19.1 to 3.20.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/3.19.1...3.20.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0d1b02fce..c9840016d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -108,7 +108,7 @@ group :production, :test do
 end
 
 group :test do
-  gem 'capybara', '~> 3.19'
+  gem 'capybara', '~> 3.20'
   gem 'climate_control', '~> 0.2'
   gem 'faker', '~> 1.9'
   gem 'microformats', '~> 4.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index 0e54a5a70..2bcf17562 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -129,13 +129,14 @@ GEM
       sshkit (~> 1.3)
     capistrano-yarn (2.0.2)
       capistrano (~> 3.0)
-    capybara (3.19.1)
+    capybara (3.20.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (~> 1.2)
+      uglifier
       xpath (~> 3.2)
     case_transform (0.2)
       activesupport
@@ -207,6 +208,7 @@ GEM
     et-orbi (1.1.6)
       tzinfo
     excon (0.62.0)
+    execjs (2.7.0)
     fabrication (2.20.2)
     faker (1.9.3)
       i18n (>= 0.7)
@@ -497,7 +499,7 @@ GEM
       redis-store (>= 1.2, < 2)
     redis-store (1.5.0)
       redis (>= 2.2, < 5)
-    regexp_parser (1.4.0)
+    regexp_parser (1.5.0)
     request_store (1.4.1)
       rack (>= 1.4)
     responders (2.4.1)
@@ -625,6 +627,8 @@ GEM
       thread_safe (~> 0.1)
     tzinfo-data (1.2019.1)
       tzinfo (>= 1.0.0)
+    uglifier (4.1.20)
+      execjs (>= 0.3.0, < 3)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.7.5)
@@ -671,7 +675,7 @@ DEPENDENCIES
   capistrano-rails (~> 1.4)
   capistrano-rbenv (~> 2.1)
   capistrano-yarn (~> 2.0)
-  capybara (~> 3.19)
+  capybara (~> 3.20)
   charlock_holmes (~> 0.7.6)
   chewy (~> 5.0)
   cld3 (~> 3.2.4)

From 520cfde7934d6d0cfe237a32e4d7f42cbc237d79 Mon Sep 17 00:00:00 2001
From: Alix Rossi <alixrossics@gmail.com>
Date: Fri, 17 May 2019 06:32:46 +0200
Subject: [PATCH 3/5] i18n: Update Corsican translation (#10770)

* i18n: update Corsican translation

* Fix typo in co.yml
---
 config/locales/co.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/locales/co.yml b/config/locales/co.yml
index 22ee4b0ce..4927c5c51 100644
--- a/config/locales/co.yml
+++ b/config/locales/co.yml
@@ -293,8 +293,8 @@ co:
           one: Un contu tuccatu indè a database
           other: "%{count} conti tuccati indè a database"
         retroactive:
-          silence: Ùn silenzà più i conti nant’à stu duminiu
-          suspend: Ùn suspende più i conti nant’à stu duminiu
+          silence: Ùn silenzà più i conti affettati di stu duminiu
+          suspend: Ùn suspende più i conti affettati di stu duminiu
         title: Ùn bluccà più u duminiu %{domain}
         undo: Annullà
       undo: Annullà u blucchime di duminiu

From e976a9dfbd33a5ac373dc1dd633df203b4b08ffe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 May 2019 15:23:21 +0900
Subject: [PATCH 4/5] Bump aws-sdk-s3 from 1.38.0 to 1.39.0 (#10773)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.38.0 to 1.39.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.38.0...v1.39.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile b/Gemfile
index c9840016d..ec7f36c47 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,7 +15,7 @@ gem 'makara', '~> 0.4'
 gem 'pghero', '~> 2.2'
 gem 'dotenv-rails', '~> 2.7'
 
-gem 'aws-sdk-s3', '~> 1.38', require: false
+gem 'aws-sdk-s3', '~> 1.39', require: false
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'paperclip', '~> 6.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 2bcf17562..2dde7ac64 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -85,7 +85,7 @@ GEM
     aws-sdk-kms (1.20.0)
       aws-sdk-core (~> 3, >= 3.52.1)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.38.0)
+    aws-sdk-s3 (1.39.0)
       aws-sdk-core (~> 3, >= 3.52.1)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.0)
@@ -662,7 +662,7 @@ DEPENDENCIES
   active_record_query_trace (~> 1.6)
   addressable (~> 2.6)
   annotate (~> 2.7)
-  aws-sdk-s3 (~> 1.38)
+  aws-sdk-s3 (~> 1.39)
   better_errors (~> 2.5)
   binding_of_caller (~> 0.7)
   blurhash (~> 0.1)

From a1519a8ef564ed3773f3a0d1613cbe1c5d6f8459 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sat, 18 May 2019 00:28:51 +0200
Subject: [PATCH 5/5] Prevent from publicly boosting one's own private toots
 (#10775)

---
 app/services/reblog_service.rb       |  4 +++-
 spec/services/reblog_service_spec.rb | 12 ++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/app/services/reblog_service.rb b/app/services/reblog_service.rb
index ff48d9c75..1710640c8 100644
--- a/app/services/reblog_service.rb
+++ b/app/services/reblog_service.rb
@@ -18,7 +18,9 @@ class ReblogService < BaseService
 
     return reblog unless reblog.nil?
 
-    reblog = account.statuses.create!(reblog: reblogged_status, text: '', visibility: options[:visibility] || account.user&.setting_default_privacy)
+    visibility = options[:visibility] || account.user&.setting_default_privacy
+    visibility = reblogged_status.visibility if reblogged_status.hidden?
+    reblog = account.statuses.create!(reblog: reblogged_status, text: '', visibility: visibility)
 
     DistributionWorker.perform_async(reblog.id)
     Pubsubhubbub::DistributionWorker.perform_async(reblog.stream_entry.id)
diff --git a/spec/services/reblog_service_spec.rb b/spec/services/reblog_service_spec.rb
index 9e66c6643..9d84c41d5 100644
--- a/spec/services/reblog_service_spec.rb
+++ b/spec/services/reblog_service_spec.rb
@@ -4,10 +4,9 @@ RSpec.describe ReblogService, type: :service do
   let(:alice)  { Fabricate(:account, username: 'alice') }
 
   context 'creates a reblog with appropriate visibility' do
-    let(:bob)               { Fabricate(:account, username: 'bob') }
     let(:visibility)        { :public }
     let(:reblog_visibility) { :public }
-    let(:status)            { Fabricate(:status, account: bob, visibility: visibility) }
+    let(:status)            { Fabricate(:status, account: alice, visibility: visibility) }
 
     subject { ReblogService.new }
 
@@ -22,6 +21,15 @@ RSpec.describe ReblogService, type: :service do
         expect(status.reblogs.first.visibility).to eq 'private'
       end
     end
+
+    describe 'public reblogs of private toots should remain private' do
+      let(:visibility)        { :private }
+      let(:reblog_visibility) { :public }
+
+      it 'reblogs privately' do
+        expect(status.reblogs.first.visibility).to eq 'private'
+      end
+    end
   end
 
   context 'OStatus' do