From 5efb1ff337e7c1c090eb9c43dc3ba5b284302460 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 11 Aug 2021 17:48:42 +0200 Subject: [PATCH 01/30] Fix followers synchronization mechanism not working when URI has empty path (#16510) * Fix followers synchronization mechanism not working when URI has empty path To my knowledge, there is no current implementation on the fediverse that can use bare domains (e.g., actor is at https://example.org instead of something like https://example.org/actor) that also plans to support the followers synchronization mechanism. However, Mastodon's current implementation would exclude such accounts from followers list. Also adds tests and rename them to reflect the proper method names. * Move url prefix regexp to its own constant --- app/models/account.rb | 7 ++- app/models/concerns/account_interactions.rb | 9 ++- app/workers/activitypub/delivery_worker.rb | 6 +- .../concerns/account_interactions_spec.rb | 61 +++++++++++-------- .../activitypub/delivery_worker_spec.rb | 2 +- 5 files changed, 48 insertions(+), 37 deletions(-) diff --git a/app/models/account.rb b/app/models/account.rb index f7a7f4a7b..2c2840ee4 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -58,8 +58,9 @@ class Account < ApplicationRecord hub_url ) - USERNAME_RE = /[a-z0-9_]+([a-z0-9_\.-]+[a-z0-9_]+)?/i - MENTION_RE = /(?<=^|[^\/[:word:]])@((#{USERNAME_RE})(?:@[[:word:]\.\-]+[a-z0-9]+)?)/i + USERNAME_RE = /[a-z0-9_]+([a-z0-9_\.-]+[a-z0-9_]+)?/i + MENTION_RE = /(?<=^|[^\/[:word:]])@((#{USERNAME_RE})(?:@[[:word:]\.\-]+[a-z0-9]+)?)/i + URL_PREFIX_RE = /\Ahttp(s?):\/\/[^\/]+/ include AccountAssociations include AccountAvatar @@ -379,7 +380,7 @@ class Account < ApplicationRecord def synchronization_uri_prefix return 'local' if local? - @synchronization_uri_prefix ||= uri[/http(s?):\/\/[^\/]+\//] + @synchronization_uri_prefix ||= "#{uri[URL_PREFIX_RE]}/" end class Field < ActiveModelSerializers::Model diff --git a/app/models/concerns/account_interactions.rb b/app/models/concerns/account_interactions.rb index 4bf62539c..8f19176a7 100644 --- a/app/models/concerns/account_interactions.rb +++ b/app/models/concerns/account_interactions.rb @@ -254,10 +254,13 @@ module AccountInteractions .where('users.current_sign_in_at > ?', User::ACTIVE_DURATION.ago) end - def remote_followers_hash(url_prefix) - Rails.cache.fetch("followers_hash:#{id}:#{url_prefix}") do + def remote_followers_hash(url) + url_prefix = url[Account::URL_PREFIX_RE] + return if url_prefix.blank? + + Rails.cache.fetch("followers_hash:#{id}:#{url_prefix}/") do digest = "\x00" * 32 - followers.where(Account.arel_table[:uri].matches(url_prefix + '%', false, true)).pluck_each(:uri) do |uri| + followers.where(Account.arel_table[:uri].matches("#{Account.sanitize_sql_like(url_prefix)}/%", false, true)).or(followers.where(uri: url_prefix)).pluck_each(:uri) do |uri| Xorcist.xor!(digest, Digest::SHA256.digest(uri)) end digest.unpack('H*')[0] diff --git a/app/workers/activitypub/delivery_worker.rb b/app/workers/activitypub/delivery_worker.rb index 6c5a576a7..788f2cf80 100644 --- a/app/workers/activitypub/delivery_worker.rb +++ b/app/workers/activitypub/delivery_worker.rb @@ -44,11 +44,7 @@ class ActivityPub::DeliveryWorker end def synchronization_header - "collectionId=\"#{account_followers_url(@source_account)}\", digest=\"#{@source_account.remote_followers_hash(inbox_url_prefix)}\", url=\"#{account_followers_synchronization_url(@source_account)}\"" - end - - def inbox_url_prefix - @inbox_url[/http(s?):\/\/[^\/]+\//] + "collectionId=\"#{account_followers_url(@source_account)}\", digest=\"#{@source_account.remote_followers_hash(@inbox_url)}\", url=\"#{account_followers_synchronization_url(@source_account)}\"" end def perform_request diff --git a/spec/models/concerns/account_interactions_spec.rb b/spec/models/concerns/account_interactions_spec.rb index 85fbf7e79..ca243ebc5 100644 --- a/spec/models/concerns/account_interactions_spec.rb +++ b/spec/models/concerns/account_interactions_spec.rb @@ -539,46 +539,57 @@ describe AccountInteractions do end end - describe '#followers_hash' do + describe '#remote_followers_hash' do let(:me) { Fabricate(:account, username: 'Me') } let(:remote_1) { Fabricate(:account, username: 'alice', domain: 'example.org', uri: 'https://example.org/users/alice') } let(:remote_2) { Fabricate(:account, username: 'bob', domain: 'example.org', uri: 'https://example.org/users/bob') } - let(:remote_3) { Fabricate(:account, username: 'eve', domain: 'foo.org', uri: 'https://foo.org/users/eve') } + let(:remote_3) { Fabricate(:account, username: 'instance-actor', domain: 'example.org', uri: 'https://example.org') } + let(:remote_4) { Fabricate(:account, username: 'eve', domain: 'foo.org', uri: 'https://foo.org/users/eve') } before do remote_1.follow!(me) remote_2.follow!(me) remote_3.follow!(me) + remote_4.follow!(me) me.follow!(remote_1) end - context 'on a local user' do - it 'returns correct hash for remote domains' do - expect(me.remote_followers_hash('https://example.org/')).to eq '707962e297b7bd94468a21bc8e506a1bcea607a9142cd64e27c9b106b2a5f6ec' - expect(me.remote_followers_hash('https://foo.org/')).to eq 'ccb9c18a67134cfff9d62c7f7e7eb88e6b803446c244b84265565f4eba29df0e' - end + it 'returns correct hash for remote domains' do + expect(me.remote_followers_hash('https://example.org/')).to eq '20aecbe774b3d61c25094370baf370012b9271c5b172ecedb05caff8d79ef0c7' + expect(me.remote_followers_hash('https://foo.org/')).to eq 'ccb9c18a67134cfff9d62c7f7e7eb88e6b803446c244b84265565f4eba29df0e' + expect(me.remote_followers_hash('https://foo.org.evil.com/')).to eq '0000000000000000000000000000000000000000000000000000000000000000' + expect(me.remote_followers_hash('https://foo')).to eq '0000000000000000000000000000000000000000000000000000000000000000' + end - it 'invalidates cache as needed when removing or adding followers' do - expect(me.remote_followers_hash('https://example.org/')).to eq '707962e297b7bd94468a21bc8e506a1bcea607a9142cd64e27c9b106b2a5f6ec' - remote_1.unfollow!(me) - expect(me.remote_followers_hash('https://example.org/')).to eq '241b00794ce9b46aa864f3220afadef128318da2659782985bac5ed5bd436bff' - remote_1.follow!(me) - expect(me.remote_followers_hash('https://example.org/')).to eq '707962e297b7bd94468a21bc8e506a1bcea607a9142cd64e27c9b106b2a5f6ec' - end + it 'invalidates cache as needed when removing or adding followers' do + expect(me.remote_followers_hash('https://example.org/')).to eq '20aecbe774b3d61c25094370baf370012b9271c5b172ecedb05caff8d79ef0c7' + remote_3.unfollow!(me) + expect(me.remote_followers_hash('https://example.org/')).to eq '707962e297b7bd94468a21bc8e506a1bcea607a9142cd64e27c9b106b2a5f6ec' + remote_1.unfollow!(me) + expect(me.remote_followers_hash('https://example.org/')).to eq '241b00794ce9b46aa864f3220afadef128318da2659782985bac5ed5bd436bff' + remote_1.follow!(me) + expect(me.remote_followers_hash('https://example.org/')).to eq '707962e297b7bd94468a21bc8e506a1bcea607a9142cd64e27c9b106b2a5f6ec' end + end - context 'on a remote user' do - it 'returns correct hash for remote domains' do - expect(remote_1.local_followers_hash).to eq Digest::SHA256.hexdigest(ActivityPub::TagManager.instance.uri_for(me)) - end + describe '#local_followers_hash' do + let(:me) { Fabricate(:account, username: 'Me') } + let(:remote_1) { Fabricate(:account, username: 'alice', domain: 'example.org', uri: 'https://example.org/users/alice') } - it 'invalidates cache as needed when removing or adding followers' do - expect(remote_1.local_followers_hash).to eq Digest::SHA256.hexdigest(ActivityPub::TagManager.instance.uri_for(me)) - me.unfollow!(remote_1) - expect(remote_1.local_followers_hash).to eq '0000000000000000000000000000000000000000000000000000000000000000' - me.follow!(remote_1) - expect(remote_1.local_followers_hash).to eq Digest::SHA256.hexdigest(ActivityPub::TagManager.instance.uri_for(me)) - end + before do + me.follow!(remote_1) + end + + it 'returns correct hash for local users' do + expect(remote_1.local_followers_hash).to eq Digest::SHA256.hexdigest(ActivityPub::TagManager.instance.uri_for(me)) + end + + it 'invalidates cache as needed when removing or adding followers' do + expect(remote_1.local_followers_hash).to eq Digest::SHA256.hexdigest(ActivityPub::TagManager.instance.uri_for(me)) + me.unfollow!(remote_1) + expect(remote_1.local_followers_hash).to eq '0000000000000000000000000000000000000000000000000000000000000000' + me.follow!(remote_1) + expect(remote_1.local_followers_hash).to eq Digest::SHA256.hexdigest(ActivityPub::TagManager.instance.uri_for(me)) end end diff --git a/spec/workers/activitypub/delivery_worker_spec.rb b/spec/workers/activitypub/delivery_worker_spec.rb index f4633731e..d39393d50 100644 --- a/spec/workers/activitypub/delivery_worker_spec.rb +++ b/spec/workers/activitypub/delivery_worker_spec.rb @@ -11,7 +11,7 @@ describe ActivityPub::DeliveryWorker do let(:payload) { 'test' } before do - allow_any_instance_of(Account).to receive(:remote_followers_hash).with('https://example.com/').and_return('somehash') + allow_any_instance_of(Account).to receive(:remote_followers_hash).with('https://example.com/api').and_return('somehash') end describe 'perform' do From aaf24d3093d565461b0051d2238d8b74db63a041 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 11 Aug 2021 17:48:55 +0200 Subject: [PATCH 02/30] Fix download button color in audio player (#16572) Fixes #16571 --- app/javascript/styles/mastodon/components.scss | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index 5f570f4a4..db74c09da 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -5542,7 +5542,8 @@ a.status-card.compact:hover { opacity: 0.2; } - .video-player__buttons button { + .video-player__buttons button, + .video-player__buttons a { color: currentColor; opacity: 0.75; From 0c24c865b785a557f43125c976090e271247a2b1 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 11 Aug 2021 17:49:10 +0200 Subject: [PATCH 03/30] Fix crash if a notification contains an unprocessed media attachment (#16573) * Refactor AttachmentList * Do not crash if a notification contains an unprocessed media attachment Fixes #16530 * Fix spacing in compact form --- .../mastodon/components/attachment_list.js | 36 +++++++------------ 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/app/javascript/mastodon/components/attachment_list.js b/app/javascript/mastodon/components/attachment_list.js index ebd696583..0e23889de 100644 --- a/app/javascript/mastodon/components/attachment_list.js +++ b/app/javascript/mastodon/components/attachment_list.js @@ -2,6 +2,8 @@ import React from 'react'; import ImmutablePropTypes from 'react-immutable-proptypes'; import PropTypes from 'prop-types'; import ImmutablePureComponent from 'react-immutable-pure-component'; +import { FormattedMessage } from 'react-intl'; +import classNames from 'classnames'; import Icon from 'mastodon/components/icon'; const filename = url => url.split('/').pop().split('#')[0].split('?')[0]; @@ -16,29 +18,13 @@ export default class AttachmentList extends ImmutablePureComponent { render () { const { media, compact } = this.props; - if (compact) { - return ( -
-
    - {media.map(attachment => { - const displayUrl = attachment.get('remote_url') || attachment.get('url'); - - return ( -
  • - {filename(displayUrl)} -
    • - ); - })} -
-
- ); - } - return ( -
-
- -
+
+ {!compact && ( +
+ +
+ )}
    {media.map(attachment => { @@ -46,7 +32,11 @@ export default class AttachmentList extends ImmutablePureComponent { return (
  • - {filename(displayUrl)} + + {compact && } + {compact && ' ' } + {displayUrl ? filename(displayUrl) : } +
    • ); })} From 2ddf0fdb876307278b26e9b6bc1433c944f78ce1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:30:15 +0900 Subject: [PATCH 04/30] Bump @testing-library/react from 11.2.7 to 12.0.0 (#16440) Bumps [@testing-library/react](https://github.com/testing-library/react-testing-library) from 11.2.7 to 12.0.0. - [Release notes](https://github.com/testing-library/react-testing-library/releases) - [Changelog](https://github.com/testing-library/react-testing-library/blob/main/CHANGELOG.md) - [Commits](https://github.com/testing-library/react-testing-library/compare/v11.2.7...v12.0.0) --- updated-dependencies: - dependency-name: "@testing-library/react" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 39 +++++++++++++++++++++++++++------------ 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/package.json b/package.json index 11e23fba1..8f5dc8806 100644 --- a/package.json +++ b/package.json @@ -172,7 +172,7 @@ }, "devDependencies": { "@testing-library/jest-dom": "^5.14.1", - "@testing-library/react": "^11.2.7", + "@testing-library/react": "^12.0.0", "babel-eslint": "^10.1.0", "babel-jest": "^27.0.6", "eslint": "^7.32.0", diff --git a/yarn.lock b/yarn.lock index 1ad88ca72..3c52fa6a7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1473,19 +1473,19 @@ dependencies: "@sinonjs/commons" "^1.7.0" -"@testing-library/dom@^7.28.1": - version "7.28.1" - resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-7.28.1.tgz#dea78be6e1e6db32ddcb29a449e94d9700c79eb9" - integrity sha512-acv3l6kDwZkQif/YqJjstT3ks5aaI33uxGNVIQmdKzbZ2eMKgg3EV2tB84GDdc72k3Kjhl6mO8yUt6StVIdRDg== +"@testing-library/dom@^8.0.0": + version "8.1.0" + resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-8.1.0.tgz#f8358b1883844ea569ba76b7e94582168df5370d" + integrity sha512-kmW9alndr19qd6DABzQ978zKQ+J65gU2Rzkl8hriIetPnwpesRaK4//jEQyYh8fEALmGhomD/LBQqt+o+DL95Q== dependencies: "@babel/code-frame" "^7.10.4" "@babel/runtime" "^7.12.5" "@types/aria-query" "^4.2.0" aria-query "^4.2.2" chalk "^4.1.0" - dom-accessibility-api "^0.5.4" + dom-accessibility-api "^0.5.6" lz-string "^1.4.4" - pretty-format "^26.6.2" + pretty-format "^27.0.2" "@testing-library/jest-dom@^5.14.1": version "5.14.1" @@ -1502,13 +1502,13 @@ lodash "^4.17.15" redent "^3.0.0" -"@testing-library/react@^11.2.7": - version "11.2.7" - resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-11.2.7.tgz#b29e2e95c6765c815786c0bc1d5aed9cb2bf7818" - integrity sha512-tzRNp7pzd5QmbtXNG/mhdcl7Awfu/Iz1RaVHY75zTdOkmHCuzMhRL83gWHSgOAcjS3CCbyfwUHMZgRJb4kAfpA== +"@testing-library/react@^12.0.0": + version "12.0.0" + resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-12.0.0.tgz#9aeb2264521522ab9b68f519eaf15136148f164a" + integrity sha512-sh3jhFgEshFyJ/0IxGltRhwZv2kFKfJ3fN1vTZ6hhMXzz9ZbbcTgmDYM4e+zJv+oiVKKEWZPyqPAh4MQBI65gA== dependencies: "@babel/runtime" "^7.12.5" - "@testing-library/dom" "^7.28.1" + "@testing-library/dom" "^8.0.0" "@types/aria-query@^4.2.0": version "4.2.0" @@ -2075,6 +2075,11 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0: "@types/color-name" "^1.1.1" color-convert "^2.0.1" +ansi-styles@^5.0.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-5.2.0.tgz#07449690ad45777d1924ac2abb2fc8895dba836b" + integrity sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA== + anymatch@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-2.0.0.tgz#bcb24b4f37934d9aa7ac17b4adaf89e7c76ef2eb" @@ -3986,7 +3991,7 @@ doctrine@^3.0.0: dependencies: esutils "^2.0.2" -dom-accessibility-api@^0.5.4, dom-accessibility-api@^0.5.6: +dom-accessibility-api@^0.5.6: version "0.5.6" resolved "https://registry.yarnpkg.com/dom-accessibility-api/-/dom-accessibility-api-0.5.6.tgz#3f5d43b52c7a3bd68b5fb63fa47b4e4c1fdf65a9" integrity sha512-DplGLZd8L1lN64jlT27N9TVSESFR5STaEJvX+thCby7fuCHonfPpAlodYc3vuUYbDuDec5w8AMP7oCM5TWFsqw== @@ -8854,6 +8859,16 @@ pretty-format@^26.6.2: ansi-styles "^4.0.0" react-is "^17.0.1" +pretty-format@^27.0.2: + version "27.0.6" + resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-27.0.6.tgz#ab770c47b2c6f893a21aefc57b75da63ef49a11f" + integrity sha512-8tGD7gBIENgzqA+UBzObyWqQ5B778VIFZA/S66cclyd5YkFLYs2Js7gxDKf0MXtTc9zcS7t1xhdfcElJ3YIvkQ== + dependencies: + "@jest/types" "^27.0.6" + ansi-regex "^5.0.0" + ansi-styles "^5.0.0" + react-is "^17.0.1" + process-nextick-args@~2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2" From 1bdd3dafb8f97042df8ecc23250ace74b0be648a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:30:54 +0900 Subject: [PATCH 05/30] Bump @babel/core from 7.14.8 to 7.15.0 (#16588) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.14.8 to 7.15.0. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 74 +++++++++------------------------------------------- 2 files changed, 14 insertions(+), 62 deletions(-) diff --git a/package.json b/package.json index 8f5dc8806..d34c16da2 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ }, "private": true, "dependencies": { - "@babel/core": "^7.14.8", + "@babel/core": "^7.15.0", "@babel/plugin-proposal-decorators": "^7.14.5", "@babel/plugin-transform-react-inline-elements": "^7.14.5", "@babel/plugin-transform-runtime": "^7.14.5", diff --git a/yarn.lock b/yarn.lock index 3c52fa6a7..08f23461c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -21,20 +21,20 @@ resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.15.0.tgz#2dbaf8b85334796cafbb0f5793a90a2fc010b176" integrity sha512-0NqAC1IJE0S0+lL1SWFMxMkz1pKCNCjI4tr2Zx4LJSXxCLAdr6KyArnY+sno5m3yH9g737ygOyPABDsnXkpxiA== -"@babel/core@^7.1.0", "@babel/core@^7.14.8", "@babel/core@^7.7.2", "@babel/core@^7.7.5": - version "7.14.8" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.14.8.tgz#20cdf7c84b5d86d83fac8710a8bc605a7ba3f010" - integrity sha512-/AtaeEhT6ErpDhInbXmjHcUQXH0L0TEgscfcxk1qbOvLuKCa5aZT0SOOtDKFY96/CLROwbLSKyFor6idgNaU4Q== +"@babel/core@^7.1.0", "@babel/core@^7.15.0", "@babel/core@^7.7.2", "@babel/core@^7.7.5": + version "7.15.0" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.15.0.tgz#749e57c68778b73ad8082775561f67f5196aafa8" + integrity sha512-tXtmTminrze5HEUPn/a0JtOzzfp0nk+UEXQ/tqIJo3WDGypl/2OFQEMll/zSFU8f/lfmfLXvTaORHF3cfXIQMw== dependencies: "@babel/code-frame" "^7.14.5" - "@babel/generator" "^7.14.8" - "@babel/helper-compilation-targets" "^7.14.5" - "@babel/helper-module-transforms" "^7.14.8" + "@babel/generator" "^7.15.0" + "@babel/helper-compilation-targets" "^7.15.0" + "@babel/helper-module-transforms" "^7.15.0" "@babel/helpers" "^7.14.8" - "@babel/parser" "^7.14.8" + "@babel/parser" "^7.15.0" "@babel/template" "^7.14.5" - "@babel/traverse" "^7.14.8" - "@babel/types" "^7.14.8" + "@babel/traverse" "^7.15.0" + "@babel/types" "^7.15.0" convert-source-map "^1.7.0" debug "^4.1.0" gensync "^1.0.0-beta.2" @@ -42,15 +42,6 @@ semver "^6.3.0" source-map "^0.5.0" -"@babel/generator@^7.14.8": - version "7.14.8" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.14.8.tgz#bf86fd6af96cf3b74395a8ca409515f89423e070" - integrity sha512-cYDUpvIzhBVnMzRoY1fkSEhK/HmwEVwlyULYgn/tMQYd6Obag3ylCjONle3gdErfXBW61SVTlR9QR7uWlgeIkg== - dependencies: - "@babel/types" "^7.14.8" - jsesc "^2.5.1" - source-map "^0.5.0" - "@babel/generator@^7.15.0": version "7.15.0" resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.15.0.tgz#a7d0c172e0d814974bad5aa77ace543b97917f15" @@ -178,21 +169,7 @@ dependencies: "@babel/types" "^7.14.5" -"@babel/helper-module-transforms@^7.14.5", "@babel/helper-module-transforms@^7.14.8": - version "7.14.8" - resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.14.8.tgz#d4279f7e3fd5f4d5d342d833af36d4dd87d7dc49" - integrity sha512-RyE+NFOjXn5A9YU1dkpeBaduagTlZ0+fccnIcAGbv1KGUlReBj7utF7oEth8IdIBQPcux0DDgW5MFBH2xu9KcA== - dependencies: - "@babel/helper-module-imports" "^7.14.5" - "@babel/helper-replace-supers" "^7.14.5" - "@babel/helper-simple-access" "^7.14.8" - "@babel/helper-split-export-declaration" "^7.14.5" - "@babel/helper-validator-identifier" "^7.14.8" - "@babel/template" "^7.14.5" - "@babel/traverse" "^7.14.8" - "@babel/types" "^7.14.8" - -"@babel/helper-module-transforms@^7.15.0": +"@babel/helper-module-transforms@^7.14.5", "@babel/helper-module-transforms@^7.15.0": version "7.15.0" resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.15.0.tgz#679275581ea056373eddbe360e1419ef23783b08" integrity sha512-RkGiW5Rer7fpXv9m1B3iHIFDZdItnO2/BLfWVW/9q7+KqQSDY5kUfQEbzdXM1MVhJGcugKV7kRrNVzNxmk7NBg== @@ -278,11 +255,6 @@ resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.14.5.tgz#d0f0e277c512e0c938277faa85a3968c9a44c0e8" integrity sha512-5lsetuxCLilmVGyiLEfoHBRX8UCFD+1m2x3Rj97WrW3V7H3u4RWRXA4evMjImCsin2J2YT0QaVDGf+z8ondbAg== -"@babel/helper-validator-identifier@^7.14.8": - version "7.14.8" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.14.8.tgz#32be33a756f29e278a0d644fa08a2c9e0f88a34c" - integrity sha512-ZGy6/XQjllhYQrNw/3zfWRwZCTVSiBLZ9DHVZxn9n2gip/7ab8mv2TWlKPIBk26RwedCBoWdjLmn+t9na2Gcow== - "@babel/helper-validator-identifier@^7.14.9": version "7.14.9" resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.14.9.tgz#6654d171b2024f6d8ee151bf2509699919131d48" @@ -330,12 +302,7 @@ chalk "^2.0.0" js-tokens "^4.0.0" -"@babel/parser@^7.1.0", "@babel/parser@^7.14.5", "@babel/parser@^7.14.8", "@babel/parser@^7.7.0": - version "7.14.8" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.14.8.tgz#66fd41666b2d7b840bd5ace7f7416d5ac60208d4" - integrity sha512-syoCQFOoo/fzkWDeM0dLEZi5xqurb5vuyzwIMNZRNun+N/9A4cUZeQaE7dTrB8jGaKuJRBtEOajtnmw0I5hvvA== - -"@babel/parser@^7.15.0": +"@babel/parser@^7.1.0", "@babel/parser@^7.14.5", "@babel/parser@^7.15.0", "@babel/parser@^7.7.0": version "7.15.0" resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.15.0.tgz#b6d6e29058ca369127b0eeca2a1c4b5794f1b6b9" integrity sha512-0v7oNOjr6YT9Z2RAOTv4T9aP+ubfx4Q/OhVtAet7PFDt0t9Oy6Jn+/rfC6b8HJ5zEqrQCiMxJfgtHpmIminmJQ== @@ -1046,22 +1013,7 @@ "@babel/parser" "^7.14.5" "@babel/types" "^7.14.5" -"@babel/traverse@^7.1.0", "@babel/traverse@^7.13.0", "@babel/traverse@^7.14.5", "@babel/traverse@^7.14.8", "@babel/traverse@^7.7.0": - version "7.14.8" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.14.8.tgz#c0253f02677c5de1a8ff9df6b0aacbec7da1a8ce" - integrity sha512-kexHhzCljJcFNn1KYAQ6A5wxMRzq9ebYpEDV4+WdNyr3i7O44tanbDOR/xjiG2F3sllan+LgwK+7OMk0EmydHg== - dependencies: - "@babel/code-frame" "^7.14.5" - "@babel/generator" "^7.14.8" - "@babel/helper-function-name" "^7.14.5" - "@babel/helper-hoist-variables" "^7.14.5" - "@babel/helper-split-export-declaration" "^7.14.5" - "@babel/parser" "^7.14.8" - "@babel/types" "^7.14.8" - debug "^4.1.0" - globals "^11.1.0" - -"@babel/traverse@^7.15.0": +"@babel/traverse@^7.1.0", "@babel/traverse@^7.13.0", "@babel/traverse@^7.14.5", "@babel/traverse@^7.14.8", "@babel/traverse@^7.15.0", "@babel/traverse@^7.7.0": version "7.15.0" resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.15.0.tgz#4cca838fd1b2a03283c1f38e141f639d60b3fc98" integrity sha512-392d8BN0C9eVxVWd8H6x9WfipgVH5IaIoLp23334Sc1vbKKWINnvwRpb4us0xtPaCumlwbTtIYNA0Dv/32sVFw== From d5b4290caa85504686bcc5408456d87c4fca7437 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:31:14 +0900 Subject: [PATCH 06/30] Bump @babel/runtime from 7.14.8 to 7.15.3 (#16619) Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.14.8 to 7.15.3. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.15.3/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index d34c16da2..f893c6ab0 100644 --- a/package.json +++ b/package.json @@ -65,7 +65,7 @@ "@babel/plugin-transform-runtime": "^7.14.5", "@babel/preset-env": "^7.15.0", "@babel/preset-react": "^7.14.5", - "@babel/runtime": "^7.14.8", + "@babel/runtime": "^7.15.3", "@gamestdio/websocket": "^0.3.2", "@github/webauthn-json": "^0.5.7", "@rails/ujs": "^6.1.4", diff --git a/yarn.lock b/yarn.lock index 08f23461c..5ec6e4489 100644 --- a/yarn.lock +++ b/yarn.lock @@ -997,10 +997,10 @@ dependencies: regenerator-runtime "^0.12.0" -"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.12.0", "@babel/runtime@^7.12.1", "@babel/runtime@^7.12.5", "@babel/runtime@^7.14.8", "@babel/runtime@^7.2.0", "@babel/runtime@^7.3.1", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2": - version "7.14.8" - resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.14.8.tgz#7119a56f421018852694290b9f9148097391b446" - integrity sha512-twj3L8Og5SaCRCErB4x4ajbvBIVV77CGeFglHpeg5WC5FF8TZzBWXtTJ4MqaD9QszLYTtr+IsaAL2rEUevb+eg== +"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.12.0", "@babel/runtime@^7.12.1", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.3", "@babel/runtime@^7.2.0", "@babel/runtime@^7.3.1", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2": + version "7.15.3" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.15.3.tgz#2e1c2880ca118e5b2f9988322bd8a7656a32502b" + integrity sha512-OvwMLqNXkCXSz1kSm58sEsNuhqOx/fKpnUnKnFB5v8uDda5bLNEHNgKPvhDN6IU0LDcnHQ90LlJ0Q6jnyBSIBA== dependencies: regenerator-runtime "^0.13.4" From 2d080f5e049d39942d6fa675691ad5621d9707b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:32:29 +0900 Subject: [PATCH 07/30] Bump strong_migrations from 0.7.7 to 0.7.8 (#16584) Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.7.7 to 0.7.8. - [Release notes](https://github.com/ankane/strong_migrations/releases) - [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md) - [Commits](https://github.com/ankane/strong_migrations/compare/v0.7.7...v0.7.8) --- updated-dependencies: - dependency-name: strong_migrations dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 266ce3759..e45a19086 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -594,7 +594,7 @@ GEM stackprof (0.2.17) statsd-ruby (1.5.0) stoplight (2.2.1) - strong_migrations (0.7.7) + strong_migrations (0.7.8) activerecord (>= 5) temple (0.8.2) terminal-table (3.0.0) From 479a8d1004e5d77bd11afc88167a6df452134698 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:40:17 +0900 Subject: [PATCH 08/30] Bump rubocop from 1.18.4 to 1.19.0 (#16618) Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.18.4 to 1.19.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.18.4...v1.19.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 2dda4aa7f..026fe39b2 100644 --- a/Gemfile +++ b/Gemfile @@ -134,7 +134,7 @@ group :development do gem 'letter_opener', '~> 1.7' gem 'letter_opener_web', '~> 1.4' gem 'memory_profiler' - gem 'rubocop', '~> 1.18', require: false + gem 'rubocop', '~> 1.19', require: false gem 'rubocop-rails', '~> 2.11', require: false gem 'brakeman', '~> 5.1', require: false gem 'bundler-audit', '~> 0.8', require: false diff --git a/Gemfile.lock b/Gemfile.lock index e45a19086..83dc9bb6b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -521,16 +521,16 @@ GEM rspec-support (3.10.2) rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.18.4) + rubocop (1.19.0) parallel (~> 1.10) parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 1.8.0, < 2.0) + rubocop-ast (>= 1.9.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.8.0) + rubocop-ast (1.10.0) parser (>= 3.0.1.1) rubocop-rails (2.11.3) activesupport (>= 4.2.0) @@ -764,7 +764,7 @@ DEPENDENCIES rspec-rails (~> 5.0) rspec-sidekiq (~> 3.1) rspec_junit_formatter (~> 0.4) - rubocop (~> 1.18) + rubocop (~> 1.19) rubocop-rails (~> 2.11) ruby-progressbar (~> 1.11) sanitize (~> 6.0) From 30cf90c9311346c117ef87a7b68c1ea0ed5671a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:41:01 +0900 Subject: [PATCH 09/30] Bump redux from 4.1.0 to 4.1.1 (#16586) Bumps [redux](https://github.com/reduxjs/redux) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/reduxjs/redux/releases) - [Changelog](https://github.com/reduxjs/redux/blob/master/CHANGELOG.md) - [Commits](https://github.com/reduxjs/redux/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: redux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index f893c6ab0..fd5fd659e 100644 --- a/package.json +++ b/package.json @@ -143,7 +143,7 @@ "react-textarea-autosize": "^8.3.3", "react-toggle": "^4.1.2", "redis": "^3.1.2", - "redux": "^4.1.0", + "redux": "^4.1.1", "redux-immutable": "^4.0.0", "redux-thunk": "^2.2.0", "regenerator-runtime": "^0.13.9", diff --git a/yarn.lock b/yarn.lock index 5ec6e4489..5c5562011 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9438,10 +9438,10 @@ redux-thunk@^2.2.0: resolved "https://registry.yarnpkg.com/redux-thunk/-/redux-thunk-2.3.0.tgz#51c2c19a185ed5187aaa9a2d08b666d0d6467622" integrity sha512-km6dclyFnmcvxhAcrQV2AkZmPQjzPDjgVlQtR0EQjxZPyJ0BnMf3in1ryuR8A2qU0HldVRfxYXbFSKlI3N7Slw== -redux@^4.0.0, redux@^4.1.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/redux/-/redux-4.1.0.tgz#eb049679f2f523c379f1aff345c8612f294c88d4" - integrity sha512-uI2dQN43zqLWCt6B/BMGRMY6db7TTY4qeHHfGeKb3EOhmOKjU3KdWvNLJyqaHRksv/ErdNH7cFZWg9jXtewy4g== +redux@^4.0.0, redux@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/redux/-/redux-4.1.1.tgz#76f1c439bb42043f985fbd9bf21990e60bd67f47" + integrity sha512-hZQZdDEM25UY2P493kPYuKqviVwZ58lEmGQNeQ+gXa+U0gYPUBf7NKYazbe3m+bs/DzM/ahN12DbF+NG8i0CWw== dependencies: "@babel/runtime" "^7.9.2" From f3084bbf7cbac691008ea498e7e287f8f174e5ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:49:00 +0900 Subject: [PATCH 10/30] Bump webmock from 3.13.0 to 3.14.0 (#16587) Bumps [webmock](https://github.com/bblimke/webmock) from 3.13.0 to 3.14.0. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 026fe39b2..e46cd5e3a 100644 --- a/Gemfile +++ b/Gemfile @@ -120,7 +120,7 @@ group :test do gem 'rails-controller-testing', '~> 1.0' gem 'rspec-sidekiq', '~> 3.1' gem 'simplecov', '~> 0.21', require: false - gem 'webmock', '~> 3.13' + gem 'webmock', '~> 3.14' gem 'parallel_tests', '~> 3.7' gem 'rspec_junit_formatter', '~> 0.4' end diff --git a/Gemfile.lock b/Gemfile.lock index 83dc9bb6b..935979876 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -642,8 +642,8 @@ GEM safety_net_attestation (~> 0.4.0) securecompare (~> 1.0) tpm-key_attestation (~> 0.9.0) - webmock (3.13.0) - addressable (>= 2.3.6) + webmock (3.14.0) + addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) webpacker (5.4.0) @@ -786,7 +786,7 @@ DEPENDENCIES twitter-text (~> 3.1.0) tzinfo-data (~> 1.2021) webauthn (~> 3.0.0.alpha1) - webmock (~> 3.13) + webmock (~> 3.14) webpacker (~> 5.4) webpush (~> 0.3) xorcist (~> 1.1) From ec0b8f7e8197e7c00170e0efeadf626e618e9670 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:49:21 +0900 Subject: [PATCH 11/30] Bump aws-sdk-s3 from 1.98.0 to 1.99.0 (#16611) Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.98.0 to 1.99.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index e46cd5e3a..c39111537 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ gem 'makara', '~> 0.5' gem 'pghero', '~> 2.8' gem 'dotenv-rails', '~> 2.7' -gem 'aws-sdk-s3', '~> 1.98', require: false +gem 'aws-sdk-s3', '~> 1.99', require: false gem 'fog-core', '<= 2.1.0' gem 'fog-openstack', '~> 0.3', require: false gem 'paperclip', '~> 6.0' diff --git a/Gemfile.lock b/Gemfile.lock index 935979876..245df8169 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -79,7 +79,7 @@ GEM encryptor (~> 3.0.0) awrence (1.1.1) aws-eventstream (1.1.1) - aws-partitions (1.482.0) + aws-partitions (1.488.0) aws-sdk-core (3.119.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) @@ -88,7 +88,7 @@ GEM aws-sdk-kms (1.46.0) aws-sdk-core (~> 3, >= 3.119.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.98.0) + aws-sdk-s3 (1.99.0) aws-sdk-core (~> 3, >= 3.119.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) @@ -671,7 +671,7 @@ DEPENDENCIES active_record_query_trace (~> 1.8) addressable (~> 2.8) annotate (~> 3.1) - aws-sdk-s3 (~> 1.98) + aws-sdk-s3 (~> 1.99) better_errors (~> 2.9) binding_of_caller (~> 1.0) blurhash (~> 0.1) From 81d11b01fc7f6b7ab1874470479a39cc9f8af59e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:49:59 +0900 Subject: [PATCH 12/30] Bump parallel_tests from 3.7.0 to 3.7.1 (#16612) Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 3.7.0 to 3.7.1. - [Release notes](https://github.com/grosser/parallel_tests/releases) - [Changelog](https://github.com/grosser/parallel_tests/blob/master/CHANGELOG.md) - [Commits](https://github.com/grosser/parallel_tests/compare/v3.7.0...v3.7.1) --- updated-dependencies: - dependency-name: parallel_tests dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 245df8169..13b42bb55 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -397,7 +397,7 @@ GEM mimemagic (~> 0.3.0) terrapin (~> 0.6.0) parallel (1.20.1) - parallel_tests (3.7.0) + parallel_tests (3.7.1) parallel parser (3.0.2.0) ast (~> 2.4.1) From f77d347f88ba1ee227f8a96655a545bd70bee961 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 12:58:37 +0900 Subject: [PATCH 13/30] Bump path-parse from 1.0.6 to 1.0.7 (#16597) Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 5c5562011..b8f1d1eb0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8201,9 +8201,9 @@ path-key@^3.0.0, path-key@^3.1.0: integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-to-regexp@0.1.7: version "0.1.7" From 68e9e9ee0f5f17f35e60e10724f1b1c7cc001838 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:00:04 +0900 Subject: [PATCH 14/30] Bump pundit from 2.1.0 to 2.1.1 (#16615) Bumps [pundit](https://github.com/varvet/pundit) from 2.1.0 to 2.1.1. - [Release notes](https://github.com/varvet/pundit/releases) - [Changelog](https://github.com/varvet/pundit/blob/master/CHANGELOG.md) - [Commits](https://github.com/varvet/pundit/compare/v2.1.0...v2.1.1) --- updated-dependencies: - dependency-name: pundit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 13b42bb55..0e9b93f97 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -428,7 +428,7 @@ GEM public_suffix (4.0.6) puma (5.4.0) nio4r (~> 2.0) - pundit (2.1.0) + pundit (2.1.1) activesupport (>= 3.0.0) raabro (1.4.0) racc (1.5.2) From 358b43c3a6af2f3d3a91e944bf0b9e1df73ad968 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:00:17 +0900 Subject: [PATCH 15/30] Bump blurhash from 1.1.3 to 1.1.4 (#16613) Bumps [blurhash](https://github.com/woltapp/blurhash) from 1.1.3 to 1.1.4. - [Release notes](https://github.com/woltapp/blurhash/releases) - [Commits](https://github.com/woltapp/blurhash/commits) --- updated-dependencies: - dependency-name: blurhash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index fd5fd659e..5af859387 100644 --- a/package.json +++ b/package.json @@ -79,7 +79,7 @@ "babel-plugin-react-intl": "^6.2.0", "babel-plugin-transform-react-remove-prop-types": "^0.4.24", "babel-runtime": "^6.26.0", - "blurhash": "^1.1.3", + "blurhash": "^1.1.4", "classnames": "^2.3.1", "color-blend": "^3.0.1", "compression-webpack-plugin": "^6.1.1", diff --git a/yarn.lock b/yarn.lock index b8f1d1eb0..c87bcd17f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2543,10 +2543,10 @@ bluebird@^3.5.5: resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f" integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg== -blurhash@^1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/blurhash/-/blurhash-1.1.3.tgz#dc325af7da836d07a0861d830bdd63694382483e" - integrity sha512-yUhPJvXexbqbyijCIE/T2NCXcj9iNPhWmOKbPTuR/cm7Q5snXYIfnVnz6m7MWOXxODMz/Cr3UcVkRdHiuDVRDw== +blurhash@^1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/blurhash/-/blurhash-1.1.4.tgz#a7010ceb3019cd2c9809b17c910ebf6175d29244" + integrity sha512-MXIPz6zwYUKayju+Uidf83KhH0vodZfeRl6Ich8Gu+KGl0JgKiFq9LsfqV7cVU5fKD/AotmduZqvOfrGKOfTaA== bmp-js@^0.1.0: version "0.1.0" From 3318aa26f2cced6c06a833d3b8a24ac0bd72a4b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:00:37 +0900 Subject: [PATCH 16/30] Bump nokogiri from 1.12.2 to 1.12.3 (#16610) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.2 to 1.12.3. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.2...v1.12.3) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0e9b93f97..fe838cc5c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -364,7 +364,7 @@ GEM net-ssh (>= 2.6.5, < 7.0.0) net-ssh (6.1.0) nio4r (2.5.7) - nokogiri (1.12.2) + nokogiri (1.12.3) mini_portile2 (~> 2.6.1) racc (~> 1.4) nsa (0.2.8) From 00944fc0f4e63876701ddcc1822b3c9b6711b100 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:00:53 +0900 Subject: [PATCH 17/30] Bump fastimage from 2.2.4 to 2.2.5 (#16609) Bumps [fastimage](https://github.com/sdsykes/fastimage) from 2.2.4 to 2.2.5. - [Release notes](https://github.com/sdsykes/fastimage/releases) - [Changelog](https://github.com/sdsykes/fastimage/blob/master/CHANGELOG) - [Commits](https://github.com/sdsykes/fastimage/compare/v2.2.4...v2.2.5) --- updated-dependencies: - dependency-name: fastimage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index fe838cc5c..a599428fe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -219,7 +219,7 @@ GEM ruby2_keywords faraday-net_http (1.0.1) fast_blank (1.0.0) - fastimage (2.2.4) + fastimage (2.2.5) ffi (1.15.0) ffi-compiler (1.0.1) ffi (>= 1.0.0) From f5a8011cf4a6a28470648d448986ed40008ef64e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:01:31 +0900 Subject: [PATCH 18/30] Bump bullet from 6.1.4 to 6.1.5 (#16617) Bumps [bullet](https://github.com/flyerhzm/bullet) from 6.1.4 to 6.1.5. - [Release notes](https://github.com/flyerhzm/bullet/releases) - [Changelog](https://github.com/flyerhzm/bullet/blob/master/CHANGELOG.md) - [Commits](https://github.com/flyerhzm/bullet/compare/6.1.4...6.1.5) --- updated-dependencies: - dependency-name: bullet dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a599428fe..a63043037 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,7 +112,7 @@ GEM concurrent-ruby (~> 1.0, >= 1.0.5) redis (>= 1.0, <= 5.0) builder (3.2.4) - bullet (6.1.4) + bullet (6.1.5) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) bundler-audit (0.8.0) @@ -629,7 +629,7 @@ GEM unf_ext unf_ext (0.0.7.7) unicode-display_width (1.7.0) - uniform_notifier (1.14.1) + uniform_notifier (1.14.2) warden (1.2.9) rack (>= 2.0.9) webauthn (3.0.0.alpha1) From 1d63f0798ad4c6f274db3a7759c35142f5082864 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:19:31 +0900 Subject: [PATCH 19/30] Bump ws from 8.0.0 to 8.1.0 (#16616) Bumps [ws](https://github.com/websockets/ws) from 8.0.0 to 8.1.0. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/8.0.0...8.1.0) --- updated-dependencies: - dependency-name: ws dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 5af859387..9b1d44b2a 100644 --- a/package.json +++ b/package.json @@ -168,7 +168,7 @@ "webpack-cli": "^3.3.12", "webpack-merge": "^5.8.0", "wicg-inert": "^3.1.1", - "ws": "^8.0.0" + "ws": "^8.1.0" }, "devDependencies": { "@testing-library/jest-dom": "^5.14.1", diff --git a/yarn.lock b/yarn.lock index c87bcd17f..966fa3535 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11773,10 +11773,10 @@ ws@^7.2.3, ws@^7.3.1: resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.3.tgz#160835b63c7d97bfab418fc1b8a9fced2ac01a74" integrity sha512-kQ/dHIzuLrS6Je9+uv81ueZomEwH0qVYstcAQ4/Z93K8zeko9gtAbttJWzoC5ukqXY1PpoouV3+VSOqEAFt5wg== -ws@^8.0.0: - version "8.0.0" - resolved "https://registry.yarnpkg.com/ws/-/ws-8.0.0.tgz#550605d13dfc1437c9ec1396975709c6d7ffc57d" - integrity sha512-6AcSIXpBlS0QvCVKk+3cWnWElLsA6SzC0lkQ43ciEglgXJXiCWK3/CGFEJ+Ybgp006CMibamAsqOlxE9s4AvYA== +ws@^8.1.0: + version "8.1.0" + resolved "https://registry.yarnpkg.com/ws/-/ws-8.1.0.tgz#75e5ec608f66d3d3934ec6dbc4ebc8a34a68638c" + integrity sha512-0UWlCD2s3RSclw8FN+D0zDTUyMO+1kHwJQQJzkgUh16S8d3NYON0AKCEQPffE0ez4JyRFu76QDA9KR5bOG/7jw== xml-name-validator@^3.0.0: version "3.0.0" From c04c3e98e3eb333f38547c5ab16eeddc10423a93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:19:51 +0900 Subject: [PATCH 20/30] Bump yargs from 17.0.1 to 17.1.1 (#16614) Bumps [yargs](https://github.com/yargs/yargs) from 17.0.1 to 17.1.1. - [Release notes](https://github.com/yargs/yargs/releases) - [Changelog](https://github.com/yargs/yargs/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/yargs/compare/v17.0.1...v17.1.1) --- updated-dependencies: - dependency-name: yargs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 9b1d44b2a..707ed4785 100644 --- a/package.json +++ b/package.json @@ -186,7 +186,7 @@ "react-test-renderer": "^16.14.0", "sass-lint": "^1.13.1", "webpack-dev-server": "^3.11.2", - "yargs": "^17.0.1" + "yargs": "^17.1.1" }, "resolutions": { "kind-of": "^6.0.3" diff --git a/yarn.lock b/yarn.lock index 966fa3535..38d474ff9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11872,10 +11872,10 @@ yargs@^15.4.1: y18n "^4.0.0" yargs-parser "^18.1.2" -yargs@^17.0.1: - version "17.0.1" - resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.0.1.tgz#6a1ced4ed5ee0b388010ba9fd67af83b9362e0bb" - integrity sha512-xBBulfCc8Y6gLFcrPvtqKz9hz8SO0l1Ni8GgDekvBX2ro0HRQImDGnikfc33cgzcYUSncapnNcZDjVFIH3f6KQ== +yargs@^17.1.1: + version "17.1.1" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.1.1.tgz#c2a8091564bdb196f7c0a67c1d12e5b85b8067ba" + integrity sha512-c2k48R0PwKIqKhPMWjeiF6y2xY/gPMUlro0sgxqXpbOIohWiLNXWslsootttv7E1e73QPAMQSg5FeySbVcpsPQ== dependencies: cliui "^7.0.2" escalade "^3.1.1" From 6cdbff88e7bc200626302db1ce5bc81297468d62 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:20:21 +0900 Subject: [PATCH 21/30] Bump eslint-plugin-import from 2.23.4 to 2.24.0 (#16592) Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.23.4 to 2.24.0. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.23.4...v2.24.0) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 34 +++++++++++++++++----------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/package.json b/package.json index 707ed4785..cc35747b2 100644 --- a/package.json +++ b/package.json @@ -176,7 +176,7 @@ "babel-eslint": "^10.1.0", "babel-jest": "^27.0.6", "eslint": "^7.32.0", - "eslint-plugin-import": "~2.23.4", + "eslint-plugin-import": "~2.24.0", "eslint-plugin-jsx-a11y": "~6.4.1", "eslint-plugin-promise": "~5.1.0", "eslint-plugin-react": "~7.24.0", diff --git a/yarn.lock b/yarn.lock index 38d474ff9..0904d3a4e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4338,33 +4338,33 @@ escope@^3.6.0: esrecurse "^4.1.0" estraverse "^4.1.1" -eslint-import-resolver-node@^0.3.4: - version "0.3.4" - resolved "https://registry.yarnpkg.com/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.4.tgz#85ffa81942c25012d8231096ddf679c03042c717" - integrity sha512-ogtf+5AB/O+nM6DIeBUNr2fuT7ot9Qg/1harBfBtaP13ekEWFQEEMP94BCB7zaNW3gyY+8SHYF00rnqYwXKWOA== +eslint-import-resolver-node@^0.3.5: + version "0.3.5" + resolved "https://registry.yarnpkg.com/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.5.tgz#939bbb0f74e179e757ca87f7a4a890dabed18ac4" + integrity sha512-XMoPKjSpXbkeJ7ZZ9icLnJMTY5Mc1kZbCakHquaFsXPpyWOwK0TK6CODO+0ca54UoM9LKOxyUNnoVZRl8TeaAg== dependencies: - debug "^2.6.9" - resolve "^1.13.1" + debug "^3.2.7" + resolve "^1.20.0" -eslint-module-utils@^2.6.1: - version "2.6.1" - resolved "https://registry.yarnpkg.com/eslint-module-utils/-/eslint-module-utils-2.6.1.tgz#b51be1e473dd0de1c5ea638e22429c2490ea8233" - integrity sha512-ZXI9B8cxAJIH4nfkhTwcRTEAnrVfobYqwjWy/QMCZ8rHkZHFjf9yO4BzpiF9kCSfNlMG54eKigISHpX0+AaT4A== +eslint-module-utils@^2.6.2: + version "2.6.2" + resolved "https://registry.yarnpkg.com/eslint-module-utils/-/eslint-module-utils-2.6.2.tgz#94e5540dd15fe1522e8ffa3ec8db3b7fa7e7a534" + integrity sha512-QG8pcgThYOuqxupd06oYTZoNOGaUdTY1PqK+oS6ElF6vs4pBdk/aYxFVQQXzcrAqp9m7cl7lb2ubazX+g16k2Q== dependencies: debug "^3.2.7" pkg-dir "^2.0.0" -eslint-plugin-import@~2.23.4: - version "2.23.4" - resolved "https://registry.yarnpkg.com/eslint-plugin-import/-/eslint-plugin-import-2.23.4.tgz#8dceb1ed6b73e46e50ec9a5bb2411b645e7d3d97" - integrity sha512-6/wP8zZRsnQFiR3iaPFgh5ImVRM1WN5NUWfTIRqwOdeiGJlBcSk82o1FEVq8yXmy4lkIzTo7YhHCIxlU/2HyEQ== +eslint-plugin-import@~2.24.0: + version "2.24.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-import/-/eslint-plugin-import-2.24.0.tgz#697ffd263e24da5e84e03b282f5fb62251777177" + integrity sha512-Kc6xqT9hiYi2cgybOc0I2vC9OgAYga5o/rAFinam/yF/t5uBqxQbauNPMC6fgb640T/89P0gFoO27FOilJ/Cqg== dependencies: array-includes "^3.1.3" array.prototype.flat "^1.2.4" debug "^2.6.9" doctrine "^2.1.0" - eslint-import-resolver-node "^0.3.4" - eslint-module-utils "^2.6.1" + eslint-import-resolver-node "^0.3.5" + eslint-module-utils "^2.6.2" find-up "^2.0.0" has "^1.0.3" is-core-module "^2.4.0" @@ -9694,7 +9694,7 @@ resolve-url@^0.2.1: resolved "https://registry.yarnpkg.com/resolve-url/-/resolve-url-0.2.1.tgz#2c637fe77c893afd2a663fe21aa9080068e2052a" integrity sha1-LGN/53yJOv0qZj/iGqkIAGjiBSo= -resolve@^1.10.0, resolve@^1.12.0, resolve@^1.13.1, resolve@^1.14.2, resolve@^1.18.1, resolve@^1.20.0: +resolve@^1.10.0, resolve@^1.12.0, resolve@^1.14.2, resolve@^1.18.1, resolve@^1.20.0: version "1.20.0" resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.20.0.tgz#629a013fb3f70755d6f0b7935cc1c2c5378b1975" integrity sha512-wENBPt4ySzg4ybFQW2TT1zMQucPK95HSh/nq2CFTZVOGut2+pQvSsgtda4d26YrYcr067wjbmzOG8byDPBX63A== From ce8f41e56095efe4381a8bd7436f50ef55109321 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 13:58:07 +0900 Subject: [PATCH 22/30] Bump oj from 3.12.2 to 3.13.2 (#16620) Bumps [oj](https://github.com/ohler55/oj) from 3.12.2 to 3.13.2. - [Release notes](https://github.com/ohler55/oj/releases) - [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md) - [Commits](https://github.com/ohler55/oj/compare/v3.12.2...v3.13.2) --- updated-dependencies: - dependency-name: oj dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index c39111537..d499cd482 100644 --- a/Gemfile +++ b/Gemfile @@ -62,7 +62,7 @@ gem 'link_header', '~> 0.0' gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar' gem 'nokogiri', '~> 1.12' gem 'nsa', '~> 0.2' -gem 'oj', '~> 3.12' +gem 'oj', '~> 3.13' gem 'ox', '~> 2.14' gem 'parslet' gem 'parallel', '~> 1.20' diff --git a/Gemfile.lock b/Gemfile.lock index a63043037..64c154ee3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -372,7 +372,7 @@ GEM concurrent-ruby (~> 1.0, >= 1.0.2) sidekiq (>= 3.5) statsd-ruby (~> 1.4, >= 1.4.0) - oj (3.12.2) + oj (3.13.2) omniauth (1.9.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) @@ -730,7 +730,7 @@ DEPENDENCIES net-ldap (~> 0.17) nokogiri (~> 1.12) nsa (~> 0.2) - oj (~> 3.12) + oj (~> 3.13) omniauth (~> 1.9) omniauth-cas (~> 2.0) omniauth-rails_csrf_protection (~> 0.1) From 0cae6c07bb64b86bb1ac7188c11ddf182021aa5b Mon Sep 17 00:00:00 2001 From: Holger Date: Fri, 20 Aug 2021 14:39:37 +0800 Subject: [PATCH 23/30] Fix #16603 (#16605) Fix issue #16603 undefined method `serialize_payload' for Unsuspend Account Service error. It seems that this service forgot to `include Payloadable` so that `serialize_payload` could not be found in this service. --- app/services/unsuspend_account_service.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/services/unsuspend_account_service.rb b/app/services/unsuspend_account_service.rb index 949c670aa..b383f126a 100644 --- a/app/services/unsuspend_account_service.rb +++ b/app/services/unsuspend_account_service.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class UnsuspendAccountService < BaseService + include Payloadable def call(account) @account = account From 9ac7e6fef770c0627c14d704fdf525c9515d6a6c Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 20 Aug 2021 08:40:33 +0200 Subject: [PATCH 24/30] Fix remotely-suspended accounts' toots being merged back into timelines (#16628) * Fix remotely-suspended accounts' toots being merged back into timelines * Mark remotely-deleted accounts as remotely suspended --- app/services/resolve_account_service.rb | 1 + app/services/unsuspend_account_service.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/services/resolve_account_service.rb b/app/services/resolve_account_service.rb index 5400612bf..b266c019e 100644 --- a/app/services/resolve_account_service.rb +++ b/app/services/resolve_account_service.rb @@ -142,6 +142,7 @@ class ResolveAccountService < BaseService end def queue_deletion! + @account.suspend!(origin: :remote) AccountDeletionWorker.perform_async(@account.id, reserve_username: false, skip_activitypub: true) end diff --git a/app/services/unsuspend_account_service.rb b/app/services/unsuspend_account_service.rb index b383f126a..39d8a6ba7 100644 --- a/app/services/unsuspend_account_service.rb +++ b/app/services/unsuspend_account_service.rb @@ -8,7 +8,7 @@ class UnsuspendAccountService < BaseService unsuspend! refresh_remote_account! - return if @account.nil? + return if @account.nil? || @account.suspended? merge_into_home_timelines! merge_into_list_timelines! From e03dc3956f8c7c20914775ca1aca19decf61b616 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Fri, 20 Aug 2021 15:15:07 +0800 Subject: [PATCH 25/30] Disable nginx ssl_session_tickets for better security (#16632) It's default turned on, but it's better to turn it off for security reason. Reference: - https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets - https://github.com/mozilla/server-side-tls/issues/135 --- dist/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/dist/nginx.conf b/dist/nginx.conf index a0429d2aa..2b260f33c 100644 --- a/dist/nginx.conf +++ b/dist/nginx.conf @@ -31,6 +31,7 @@ server { ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; # Uncomment these lines once you acquire a certificate: # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; From 63fa767c83800bba95b6584d6955f33244120c13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Aug 2021 18:47:45 +0900 Subject: [PATCH 26/30] Bump fast_blank from 1.0.0 to 1.0.1 (#16621) Bumps [fast_blank](https://github.com/SamSaffron/fast_blank) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/SamSaffron/fast_blank/releases) - [Commits](https://github.com/SamSaffron/fast_blank/compare/1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: fast_blank dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 64c154ee3..f55e928b3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -218,7 +218,7 @@ GEM multipart-post (>= 1.2, < 3) ruby2_keywords faraday-net_http (1.0.1) - fast_blank (1.0.0) + fast_blank (1.0.1) fastimage (2.2.5) ffi (1.15.0) ffi-compiler (1.0.1) From 588f48bf6f5996d38894a85c400f4934e8a0bf6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Aug 2021 18:48:25 +0900 Subject: [PATCH 27/30] Bump sass from 1.37.0 to 1.38.0 (#16623) Bumps [sass](https://github.com/sass/dart-sass) from 1.37.0 to 1.38.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.37.0...1.38.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index cc35747b2..757f48327 100644 --- a/package.json +++ b/package.json @@ -151,7 +151,7 @@ "requestidlecallback": "^0.3.0", "reselect": "^4.0.0", "rimraf": "^3.0.2", - "sass": "^1.37.0", + "sass": "^1.38.0", "sass-loader": "^10.2.0", "stacktrace-js": "^2.0.2", "stringz": "^2.1.0", diff --git a/yarn.lock b/yarn.lock index 0904d3a4e..c66f79ade 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9859,10 +9859,10 @@ sass-loader@^10.2.0: schema-utils "^3.0.0" semver "^7.3.2" -sass@^1.37.0: - version "1.37.0" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.37.0.tgz#f1b03a9d072ee9053a29d125c8130c78e92827c2" - integrity sha512-B+Tu6cSAG8ffs/cqsZl/bgSH2pCmavDaPTYAoW8QA1qNHh/RqndNfVKuABKYkLjUQ5aq/BnCENVpE80cqdSM1w== +sass@^1.38.0: + version "1.38.0" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.38.0.tgz#2f3e60a1efdcdc910586fa79dc89d3399a145b4f" + integrity sha512-WBccZeMigAGKoI+NgD7Adh0ab1HUq+6BmyBUEaGxtErbUtWUevEbdgo5EZiJQofLUGcKtlNaO2IdN73AHEua5g== dependencies: chokidar ">=3.0.0 <4.0.0" From 90a8d4ef1c637f47d40bbe9ab9a81f798d3b8244 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Aug 2021 18:48:39 +0900 Subject: [PATCH 28/30] Bump rspec-rails from 5.0.1 to 5.0.2 (#16622) Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/rspec/rspec-rails/releases) - [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md) - [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.1...v5.0.2) --- updated-dependencies: - dependency-name: rspec-rails dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f55e928b3..5562cae82 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -332,7 +332,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.10.0) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -477,7 +477,7 @@ GEM rake (>= 0.13) thor (~> 1.0) rainbow (3.0.0) - rake (13.0.3) + rake (13.0.6) rdf (3.1.15) hamster (~> 3.0) link_header (~> 0.0, >= 0.0.8) @@ -507,7 +507,7 @@ GEM rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) - rspec-rails (5.0.1) + rspec-rails (5.0.2) actionpack (>= 5.2) activesupport (>= 5.2) railties (>= 5.2) From 67021484726e88040c5c1502dddd0eef45734c6b Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 20 Aug 2021 11:53:33 +0200 Subject: [PATCH 29/30] Add tests for SuspendAccountService and UnsuspendAccountService (#16627) * Add tests for SuspendAccountService * Add tests for UnsuspendAccountService --- spec/services/suspend_account_service_spec.rb | 85 +++++++++++ .../unsuspend_account_service_spec.rb | 135 ++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 spec/services/suspend_account_service_spec.rb create mode 100644 spec/services/unsuspend_account_service_spec.rb diff --git a/spec/services/suspend_account_service_spec.rb b/spec/services/suspend_account_service_spec.rb new file mode 100644 index 000000000..cf7eb257a --- /dev/null +++ b/spec/services/suspend_account_service_spec.rb @@ -0,0 +1,85 @@ +require 'rails_helper' + +RSpec.describe SuspendAccountService, type: :service do + shared_examples 'common behavior' do + let!(:local_follower) { Fabricate(:user, current_sign_in_at: 1.hour.ago).account } + let!(:list) { Fabricate(:list, account: local_follower) } + + subject do + -> { described_class.new.call(account) } + end + + before do + allow(FeedManager.instance).to receive(:unmerge_from_home).and_return(nil) + allow(FeedManager.instance).to receive(:unmerge_from_list).and_return(nil) + + local_follower.follow!(account) + list.accounts << account + end + + it "unmerges from local followers' feeds" do + subject.call + expect(FeedManager.instance).to have_received(:unmerge_from_home).with(account, local_follower) + expect(FeedManager.instance).to have_received(:unmerge_from_list).with(account, list) + end + + it 'marks account as suspended' do + is_expected.to change { account.suspended? }.from(false).to(true) + end + end + + describe 'suspending a local account' do + def match_update_actor_request(req, account) + json = JSON.parse(req.body) + actor_id = ActivityPub::TagManager.instance.uri_for(account) + json['type'] == 'Update' && json['actor'] == actor_id && json['object']['id'] == actor_id && json['object']['suspended'] + end + + before do + stub_request(:post, 'https://alice.com/inbox').to_return(status: 201) + stub_request(:post, 'https://bob.com/inbox').to_return(status: 201) + end + + include_examples 'common behavior' do + let!(:account) { Fabricate(:account) } + let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub) } + let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) } + let!(:report) { Fabricate(:report, account: remote_reporter, target_account: account) } + + before do + remote_follower.follow!(account) + end + + it 'sends an update actor to followers and reporters' do + subject.call + expect(a_request(:post, remote_follower.inbox_url).with { |req| match_update_actor_request(req, account) }).to have_been_made.once + expect(a_request(:post, remote_reporter.inbox_url).with { |req| match_update_actor_request(req, account) }).to have_been_made.once + end + end + end + + describe 'suspending a remote account' do + def match_reject_follow_request(req, account, followee) + json = JSON.parse(req.body) + json['type'] == 'Reject' && json['actor'] == ActivityPub::TagManager.instance.uri_for(followee) && json['object']['actor'] == account.uri + end + + before do + stub_request(:post, 'https://bob.com/inbox').to_return(status: 201) + end + + include_examples 'common behavior' do + let!(:account) { Fabricate(:account, domain: 'bob.com', uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) } + let!(:local_followee) { Fabricate(:account) } + + before do + account.follow!(local_followee) + end + + it 'sends a reject follow' do + subject.call + expect(a_request(:post, account.inbox_url).with { |req| match_reject_follow_request(req, account, local_followee) }).to have_been_made.once + end + end + end +end diff --git a/spec/services/unsuspend_account_service_spec.rb b/spec/services/unsuspend_account_service_spec.rb new file mode 100644 index 000000000..d52cb6cc0 --- /dev/null +++ b/spec/services/unsuspend_account_service_spec.rb @@ -0,0 +1,135 @@ +require 'rails_helper' + +RSpec.describe UnsuspendAccountService, type: :service do + shared_examples 'common behavior' do + let!(:local_follower) { Fabricate(:user, current_sign_in_at: 1.hour.ago).account } + let!(:list) { Fabricate(:list, account: local_follower) } + + subject do + -> { described_class.new.call(account) } + end + + before do + allow(FeedManager.instance).to receive(:merge_into_home).and_return(nil) + allow(FeedManager.instance).to receive(:merge_into_list).and_return(nil) + + local_follower.follow!(account) + list.accounts << account + + account.suspend!(origin: :local) + end + end + + describe 'unsuspending a local account' do + def match_update_actor_request(req, account) + json = JSON.parse(req.body) + actor_id = ActivityPub::TagManager.instance.uri_for(account) + json['type'] == 'Update' && json['actor'] == actor_id && json['object']['id'] == actor_id && !json['object']['suspended'] + end + + before do + stub_request(:post, 'https://alice.com/inbox').to_return(status: 201) + stub_request(:post, 'https://bob.com/inbox').to_return(status: 201) + end + + it 'marks account as unsuspended' do + is_expected.to change { account.suspended? }.from(true).to(false) + end + + include_examples 'common behavior' do + let!(:account) { Fabricate(:account) } + let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub) } + let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) } + let!(:report) { Fabricate(:report, account: remote_reporter, target_account: account) } + + before do + remote_follower.follow!(account) + end + + it "merges back into local followers' feeds" do + subject.call + expect(FeedManager.instance).to have_received(:merge_into_home).with(account, local_follower) + expect(FeedManager.instance).to have_received(:merge_into_list).with(account, list) + end + + it 'sends an update actor to followers and reporters' do + subject.call + expect(a_request(:post, remote_follower.inbox_url).with { |req| match_update_actor_request(req, account) }).to have_been_made.once + expect(a_request(:post, remote_reporter.inbox_url).with { |req| match_update_actor_request(req, account) }).to have_been_made.once + end + end + end + + describe 'unsuspending a remote account' do + include_examples 'common behavior' do + let!(:account) { Fabricate(:account, domain: 'bob.com', uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) } + let!(:reslove_account_service) { double } + + before do + allow(ResolveAccountService).to receive(:new).and_return(reslove_account_service) + end + + context 'when the account is not remotely suspended' do + before do + allow(reslove_account_service).to receive(:call).with(account).and_return(account) + end + + it 're-fetches the account' do + subject.call + expect(reslove_account_service).to have_received(:call).with(account) + end + + it "merges back into local followers' feeds" do + subject.call + expect(FeedManager.instance).to have_received(:merge_into_home).with(account, local_follower) + expect(FeedManager.instance).to have_received(:merge_into_list).with(account, list) + end + + it 'marks account as unsuspended' do + is_expected.to change { account.suspended? }.from(true).to(false) + end + end + + context 'when the account is remotely suspended' do + before do + allow(reslove_account_service).to receive(:call).with(account) do |account| + account.suspend!(origin: :remote) + account + end + end + + it 're-fetches the account' do + subject.call + expect(reslove_account_service).to have_received(:call).with(account) + end + + it "does not merge back into local followers' feeds" do + subject.call + expect(FeedManager.instance).to_not have_received(:merge_into_home).with(account, local_follower) + expect(FeedManager.instance).to_not have_received(:merge_into_list).with(account, list) + end + + it 'does not mark the account as unsuspended' do + is_expected.not_to change { account.suspended? } + end + end + + context 'when the account is remotely deleted' do + before do + allow(reslove_account_service).to receive(:call).with(account).and_return(nil) + end + + it 're-fetches the account' do + subject.call + expect(reslove_account_service).to have_received(:call).with(account) + end + + it "does not merge back into local followers' feeds" do + subject.call + expect(FeedManager.instance).to_not have_received(:merge_into_home).with(account, local_follower) + expect(FeedManager.instance).to_not have_received(:merge_into_list).with(account, list) + end + end + end + end +end From a2afcac7d9d55860f62f2f27475cd5a059090505 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Fri, 20 Aug 2021 17:54:11 +0800 Subject: [PATCH 30/30] Make sure nginx always send HSTS header (#16633) By default, it'll only send those headers when the response code is one of the following: - 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308 As all the traffics should be https, the http protocol only exists to do 301 redirect, and always send the HSTS header is almost one of the best practices, we should set nginx to do so. Reference: - https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header - https://ssl-config.mozilla.org/ --- dist/nginx.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dist/nginx.conf b/dist/nginx.conf index 2b260f33c..27ca868ab 100644 --- a/dist/nginx.conf +++ b/dist/nginx.conf @@ -52,7 +52,7 @@ server { gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - add_header Strict-Transport-Security "max-age=31536000"; + add_header Strict-Transport-Security "max-age=31536000" always; location / { try_files $uri @proxy; @@ -60,13 +60,13 @@ server { location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { add_header Cache-Control "public, max-age=31536000, immutable"; - add_header Strict-Transport-Security "max-age=31536000"; + add_header Strict-Transport-Security "max-age=31536000" always; try_files $uri @proxy; } location /sw.js { add_header Cache-Control "public, max-age=0"; - add_header Strict-Transport-Security "max-age=31536000"; + add_header Strict-Transport-Security "max-age=31536000" always; try_files $uri @proxy; } @@ -90,7 +90,7 @@ server { proxy_cache_valid 410 24h; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; add_header X-Cached $upstream_cache_status; - add_header Strict-Transport-Security "max-age=31536000"; + add_header Strict-Transport-Security "max-age=31536000" always; tcp_nodelay on; }