-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump faker from 2.13.0 to 2.17.0 #659
Commits on Oct 19, 2020
-
Do not serve account actors at all in limited federation mode (mastod…
…on#14800) * Do not serve account actors at all in limited federation mode When an account is fetched without a signature from an allowed instance, return an error. This isn't really an improvement in security, as the only information that was previously returned was required protocol-level info, and the only personal bit was the existence of the account. The existence of the account can still be checked by issuing a webfinger query, as those are accepted without signatures. However, this change makes it so that unallowed instances won't create account records on their end when they find a reference to an unknown account. The previous behavior of rendering a limited list of fields, instead of not rendering the actor at all, was in order to prevent situations in which two instances in Authorized Fetch mode or Limited Federation mode would fail to reach each other because resolving an account would require a signed query… from an account which can only be fetched with a signed query itself. However, this should now be fine as fetching accounts is done by signing on behalf of the special instance actor, which does not require any kind of valid signature to be fetched. * Fix tests
Configuration menu - View commit details
-
Copy full SHA for aecdaf5 - Browse repository at this point
Copy the full SHA aecdaf5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0abfa06 - Browse repository at this point
Copy the full SHA 0abfa06View commit details -
Configuration menu - View commit details
-
Copy full SHA for c98b775 - Browse repository at this point
Copy the full SHA c98b775View commit details -
Fix handling of Reject Follow when a matching follow relationship exi…
…sts (mastodon#14479) * Add tests * Fix handling of Reject Follow when a matching follow relationship exists Regression from mastodon#12199
Configuration menu - View commit details
-
Copy full SHA for 4acfc3c - Browse repository at this point
Copy the full SHA 4acfc3cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8f79ed0 - Browse repository at this point
Copy the full SHA 8f79ed0View commit details -
Remove dependency on goldfinger gem (mastodon#14919)
There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix mastodon#14091
Configuration menu - View commit details
-
Copy full SHA for ce6aaed - Browse repository at this point
Copy the full SHA ce6aaedView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3f4ccee - Browse repository at this point
Copy the full SHA 3f4cceeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 58c59af - Browse repository at this point
Copy the full SHA 58c59afView commit details -
Configuration menu - View commit details
-
Copy full SHA for 856cb96 - Browse repository at this point
Copy the full SHA 856cb96View commit details -
Change content-type to be always computed from file data (mastodon#14452
) * Change content-type to be always computed from file data Restore previous behavior, detecting the content-type isn't very expensive, and some instances may serve files as application/octet-stream regardless of their true type, making fetching media from them fail, while it used to work pre-3.2.0. * Add test
Configuration menu - View commit details
-
Copy full SHA for 399c5f0 - Browse repository at this point
Copy the full SHA 399c5f0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 469c4c7 - Browse repository at this point
Copy the full SHA 469c4c7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1995a5c - Browse repository at this point
Copy the full SHA 1995a5cView commit details -
Fix thumbnail color extraction (mastodon#14464)
* Fix contrast calculation for thumbnail color extraction Luminance calculation was using 0-255 RGB values instead of 0-1 sRGB values, leading to incorrectly-computed contrast values. Since we use ColorDiff already, just use its XYZ colorspace conversion code to get the value. * Require at least 3:1 contrast for both accent and foreground colors * Lower required contrast for the accent color
Configuration menu - View commit details
-
Copy full SHA for 3b699f1 - Browse repository at this point
Copy the full SHA 3b699f1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6db143e - Browse repository at this point
Copy the full SHA 6db143eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8b448ae - Browse repository at this point
Copy the full SHA 8b448aeView commit details -
Add support for inlined objects in activity audience (mastodon#14514)
* Add support for inlined objects in activity audience * Add tests
Configuration menu - View commit details
-
Copy full SHA for aea0161 - Browse repository at this point
Copy the full SHA aea0161View commit details -
Fix: also use custom private boost icon for detailed status (mastodon…
…#14471) * use custom private boost icon for detail status * only use className
Configuration menu - View commit details
-
Copy full SHA for dd3a86e - Browse repository at this point
Copy the full SHA dd3a86eView commit details -
Fix dereferencing remote statuses not using the correct account (mast…
…odon#14656) Follow-up to mastodon#14359 In the case of limited toots, the receiver may not be explicitly part of the audience. If a specific user's inbox URI was specified, it makes sense to dereference the toot from the corresponding user, instead of trying to find someone in the explicit audience.
Configuration menu - View commit details
-
Copy full SHA for aa98655 - Browse repository at this point
Copy the full SHA aa98655View commit details -
Add support for latest HTTP Signatures spec draft (mastodon#14556)
* Add support for latest HTTP Signatures spec draft https://www.ietf.org/id/draft-ietf-httpbis-message-signatures-00.html - add support for the “hs2019” signature algorithm (assumed to be equivalent to RSA-SHA256, since we do not have a mechanism to specify the algorithm within the key metadata yet) - add support for (created) and (expires) pseudo-headers and related signature parameters, when using the hs2019 signature algorithm - adjust default “headers” parameter while being backwards-compatible with previous implementation - change the acceptable time window logic from 12 hours surrounding the “date” header to accepting signatures created up to 1 hour in the future and expiring up to 1 hour in the past (but only allowing expiration dates up to 12 hours after the creation date) This doesn't conform with the current draft, as it doesn't permit accounting for clock skew. This, however, should be addressed in a next version of the draft: httpwg/http-extensions#1235 * Add additional signature requirements * Rewrite signature params parsing using Parslet * Make apparent which signature algorithm Mastodon on verification failure Mastodon uses RSASSA-PKCS1-v1_5, which is not recommended for new applications, and new implementers may thus unknowingly use RSASSA-PSS. * Add workaround for PeerTube's invalid signature header The previous parser allowed incorrect Signature headers, such as those produced by old versions of the `http-signature` node.js package, and seemingly used by PeerTube. This commit adds a workaround for that. * Fix `signature_key_id` raising an exception Previously, parsing failures would result in `signature_key_id` being nil, but the parser changes made that result in an exception. This commit changes the `signature_key_id` method to return `nil` in case of parsing failures. * Move extra HTTP signature helper methods to private methods * Relax (request-target) requirement to (request-target) || digest This lets requests from Plume work without lowering security significantly.
Configuration menu - View commit details
-
Copy full SHA for 4ea7193 - Browse repository at this point
Copy the full SHA 4ea7193View commit details -
Configuration menu - View commit details
-
Copy full SHA for a583e54 - Browse repository at this point
Copy the full SHA a583e54View commit details -
- 検索クエリを分かち書きを行わない言語に最適化 - 形態素解析を行うためにElasticsearch側にkuromojiを導入 - 検索結果をマッチ度順ではなく日付順に変更
Configuration menu - View commit details
-
Copy full SHA for 0b77836 - Browse repository at this point
Copy the full SHA 0b77836View commit details -
[Change] 投票投稿時のWeb/API上のパラメータを修正
- 投票作成時,その選択肢の数の上限を4から16に変更 - 投票作成時,その有効期限をより細かく設定出来るように変更
Configuration menu - View commit details
-
Copy full SHA for a346abf - Browse repository at this point
Copy the full SHA a346abfView commit details -
Configuration menu - View commit details
-
Copy full SHA for a052845 - Browse repository at this point
Copy the full SHA a052845View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1a0e021 - Browse repository at this point
Copy the full SHA 1a0e021View commit details -
[Fix] 本家announcementsの導入に伴うCSSのclass name空間重複に関する問題を修正
- 元々導入していたhotaさんのannouncements機能と,本家announcements機能において,CSSのみ競合が発生 - class名が両方とも「announcements」となっており重複していた - 元々のannouncementsの方を「announcements2」に変更
Configuration menu - View commit details
-
Copy full SHA for 5699fb6 - Browse repository at this point
Copy the full SHA 5699fb6View commit details -
Configuration menu - View commit details
-
Copy full SHA for b51574b - Browse repository at this point
Copy the full SHA b51574bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 462aa37 - Browse repository at this point
Copy the full SHA 462aa37View commit details -
Configuration menu - View commit details
-
Copy full SHA for c5ac2d7 - Browse repository at this point
Copy the full SHA c5ac2d7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2108e22 - Browse repository at this point
Copy the full SHA 2108e22View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8daf8be - Browse repository at this point
Copy the full SHA 8daf8beView commit details -
Configuration menu - View commit details
-
Copy full SHA for f35692d - Browse repository at this point
Copy the full SHA f35692dView commit details -
プロフィール絵文字を追加 (best-friends/mastodon)
- カスタム絵文字としてユーザのアイコンが使える機能 - 対象はトゥート,投票の選択肢,お知らせ,アカウントプロフィール欄 - 自サーバの人が他サーバのアカウントのプロフィール絵文字を使うことはできる - 他サーバの人がプロフィール絵文字を使うことはできない
Configuration menu - View commit details
-
Copy full SHA for 4f8b8cc - Browse repository at this point
Copy the full SHA 4f8b8ccView commit details
Commits on Nov 3, 2020
-
[Add] カスタム絵文字のみの投稿をスタンプのように拡大表示
- 投稿に,文字の投稿が含まれず,かつカスタム絵文字が1つだけの場合に特大表示(7em)する - それに伴ってカスタム絵文字が段落に1つしか含まれない場合にちょっと大きく表示(4em)する機能は削除
Configuration menu - View commit details
-
Copy full SHA for 4f7f46c - Browse repository at this point
Copy the full SHA 4f7f46cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 615e3f9 - Browse repository at this point
Copy the full SHA 615e3f9View commit details -
[Fix] InstanceTickerを有効にしても自インスタンスではティッカーを表示しない設定を通知欄にも適用
- InstanceTickerを有効にするテーマの場合,はんドンクラブのティッカーは非表示にしていた - これまでは適用範囲がHTL/FTL/LTLのみだったが,今回それに加えてnotificationも追加した
Configuration menu - View commit details
-
Copy full SHA for fb4a8f8 - Browse repository at this point
Copy the full SHA fb4a8f8View commit details
Commits on Mar 15, 2021
-
Bump faker from 2.13.0 to 2.17.0
Bumps [faker](https://github.com/faker-ruby/faker) from 2.13.0 to 2.17.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](faker-ruby/faker@v2.13.0...v2.17.0) Signed-off-by: dependabot[bot] <support@github.com>
Configuration menu - View commit details
-
Copy full SHA for a129e68 - Browse repository at this point
Copy the full SHA a129e68View commit details