1
0
Commit Graph

861 Commits

Author SHA1 Message Date
Matt Jankowski
930d84d40e
Gem version bumps (#24131) 2023-04-24 19:07:45 +02:00
dependabot[bot]
1153531e92
Bump faker from 3.1.1 to 3.2.0 (#24579)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-18 10:39:46 +02:00
dependabot[bot]
722c0011d1
Bump chewy from 7.2.7 to 7.3.0 (#24507)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 13:47:38 +02:00
dependabot[bot]
b9efca65e3
Bump net-ldap from 0.17.1 to 0.18.0 (#24484)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-11 12:53:13 +02:00
dependabot[bot]
4fcfeaba36
Bump puma from 6.1.1 to 6.2.1 (#24402)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 13:57:21 +02:00
dependabot[bot]
e2f58c8c82
Bump capybara from 3.38.0 to 3.39.0 (#24395)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 13:29:14 +02:00
dependabot[bot]
60602fd846
Bump aws-sdk-s3 from 1.119.2 to 1.120.0 (#24401)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 13:26:33 +02:00
dependabot[bot]
b60f7b31cf
Bump tzinfo-data from 1.2022.7 to 1.2023.2 (#24300)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-29 10:32:51 +02:00
Matt Jankowski
5b7898230e
Update strong_migrations to version 0.8.0 (#24270) 2023-03-27 09:11:10 +02:00
dependabot[bot]
84f14b2451
Bump rack-cors from 1.1.1 to 2.0.1 (#24189)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-21 10:42:34 +09:00
Nick Schonning
b22b4bac03
Include config/ and update all rubcop deps (#23963) 2023-03-17 10:13:28 +01:00
Eugen Rochko
6fa81ca17e
Remove bullet and active_record_query_trace gems (#24121) 2023-03-16 02:53:55 +01:00
dependabot[bot]
0566c81a0c
Bump rack-test from 2.0.2 to 2.1.0 (#24112)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-16 10:33:26 +09:00
Nick Schonning
75131e7bf7
Setup haml-lint CI with todo config (#23524) 2023-03-15 04:15:36 +01:00
Matt Jankowski
2f7a663b0b
Explicitly set github repo in instance presenter spec (#24036) 2023-03-09 14:27:48 +01:00
dependabot[bot]
c9860d36d4
Bump omniauth_openid_connect from 0.6.0 to 0.6.1 (#23991)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-08 11:44:23 +01:00
Nick Schonning
e594bb7d50
Convert CircleCI to GitHub Actions (#23608) 2023-03-07 04:49:43 +01:00
Nick Schonning
4595862978
Remove pinned rexml (#23964) 2023-03-06 15:43:21 +01:00
Nick Schonning
1840d5d50c
Remove pry gems (#23884) 2023-03-03 22:53:08 +01:00
Nick Schonning
c65c34dfd1
Remove climate_control gem (#23886) 2023-03-03 22:48:48 +01:00
Matt Jankowski
9da52ac044
Update rspec-rails to version 6.0.1 (#23908) 2023-03-02 15:55:37 +01:00
Shlee
f8848a5c8b
[Dependashlee] Update to Puma 6.1.0 (#23795) 2023-02-28 13:30:28 +01:00
dependabot[bot]
4b964fa605
Bump devise from 4.8.1 to 4.9.0 (#23691)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-21 10:41:28 +01:00
dependabot[bot]
49b9ef0c1e
Bump oj from 3.13.23 to 3.14.2 (#23560)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-18 14:21:10 +09:00
dependabot[bot]
7cf3430e63
Bump webauthn from 2.5.2 to 3.0.0 (#23659)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 10:06:24 +01:00
Aaron Patterson
fb8503e861
Upgrade to Ruby 3.2 (#22928)
Co-authored-by: Matthew Ford <matt@bitzesty.com>
2023-02-15 08:30:27 +01:00
Stan Hu
f553b064e0
Switch OpenID Connect gems (#23223)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-02-13 15:47:50 +01:00
Claire
cc92c65d83
Add dependency on net-http (#23571) 2023-02-13 14:36:07 +01:00
dependabot[bot]
31352f0d2c
Bump sidekiq-scheduler from 4.0.3 to 5.0.0 (#23212)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-02-13 13:31:42 +01:00
Nick Schonning
7c5d396fca
Replace hamlit-rails with haml-rails (#23542) 2023-02-13 04:59:30 +01:00
dependabot[bot]
1f9f8035e4
Bump bootsnap from 1.15.0 to 1.16.0 (#23340)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-04 15:55:07 +09:00
dependabot[bot]
41baf4b217
Bump redcarpet from 3.5.1 to 3.6.0 (#23339)
Bumps [redcarpet](https://github.com/vmg/redcarpet) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/vmg/redcarpet/releases)
- [Changelog](https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vmg/redcarpet/compare/v3.5.1...v3.6.0)

---
updated-dependencies:
- dependency-name: redcarpet
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:19:30 +01:00
dependabot[bot]
fa379a993d
Bump aws-sdk-s3 from 1.118.0 to 1.119.0 (#23341)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.118.0 to 1.119.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:16:38 +01:00
dependabot[bot]
801a209e06
Bump simple_form from 5.1.0 to 5.2.0 (#23328)
Bumps [simple_form](https://github.com/heartcombo/simple_form) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/heartcombo/simple_form/releases)
- [Changelog](https://github.com/heartcombo/simple_form/blob/main/CHANGELOG.md)
- [Commits](https://github.com/heartcombo/simple_form/compare/v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: simple_form
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:07:16 +01:00
dependabot[bot]
1ca3127a1d
Bump gitlab-omniauth-openid-connect from 0.10.0 to 0.10.1 (#23241)
Bumps [gitlab-omniauth-openid-connect](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect) from 0.10.0 to 0.10.1.
- [Release notes](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/tags)
- [Commits](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/compare/v0.10.0...v0.10.1)

---
updated-dependencies:
- dependency-name: gitlab-omniauth-openid-connect
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-31 00:46:27 +09:00
dependabot[bot]
ea1507ee85
Bump aws-sdk-s3 from 1.117.2 to 1.118.0 (#23202)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.117.2 to 1.118.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 10:57:59 +09:00
Kaspar V
9b795a25cd
fix(pghero): update because CVE-2023-22626 (#23190)
There is a vulnerability
[CVE-2023-22626](https://github.com/advisories/GHSA-vf99-xw26-86g5)

```
Name: pghero
Version: 2.8.3
CVE: CVE-2023-22626
GHSA: GHSA-vf99-xw26-86g5
Criticality: High
URL: https://github.com/ankane/pghero/issues/439
Title: Information Disclosure Through EXPLAIN Feature
Solution: upgrade to '>= 3.1.0'
```
2023-01-22 23:09:02 +01:00
dependabot[bot]
c6cda209d5
Bump rack from 2.2.5 to 2.2.6.2 (#23142)
Bumps [rack](https://github.com/rack/rack) from 2.2.5 to 2.2.6.2.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.5...v2.2.6.2)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 11:31:39 +01:00
dependabot[bot]
d047e93f47
Bump nokogiri from 1.13.10 to 1.14.0 (#23128)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.0.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.14.0)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 10:54:19 +01:00
Aaron Patterson
546e301bcd
Remove microformats gem dependency (#22923)
Looks like this gem was introduced as a dependency in 89707ad0ac for
testing Miroformat output.  The last test using the Microformats gem was
removed in 62782babd0, so I think it is
safe to remove this dependency.

For context, you [can't install the microformats gem with Ruby 3.2](https://github.com/microformats/microformats-ruby/pull/131),
so we can't currently bundle Mastodon with Ruby 3.2.  But since we don't
really need this gem, we can just remove it and unblock Ruby 3.2
2023-01-04 01:45:16 +01:00
dependabot[bot]
536d55c6ad
Bump redis-namespace from 1.9.0 to 1.10.0 (#22765)
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/resque/redis-namespace/releases)
- [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/redis-namespace/compare/v1.9...v1.10.0)

---
updated-dependencies:
- dependency-name: redis-namespace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:52:15 +09:00
dependabot[bot]
6deab78c5c
Bump rack from 2.2.4 to 2.2.5 (#22777)
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.2.4...v2.2.5)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:51:39 +09:00
dependabot[bot]
eb28b41922
Bump simplecov from 0.21.2 to 0.22.0 (#22773)
Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 0.21.2 to 0.22.0.
- [Release notes](https://github.com/simplecov-ruby/simplecov/releases)
- [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md)
- [Commits](https://github.com/simplecov-ruby/simplecov/compare/v0.21.2...v0.22.0)

---
updated-dependencies:
- dependency-name: simplecov
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:37:19 +09:00
dependabot[bot]
620e875b55
Bump faker from 3.0.0 to 3.1.0 (#22762)
Bumps [faker](https://github.com/faker-ruby/faker) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:35:54 +09:00
dependabot[bot]
919747322f
Bump scenic from 1.6.0 to 1.7.0 (#22258)
Bumps [scenic](https://github.com/scenic-views/scenic) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/scenic-views/scenic/releases)
- [Changelog](https://github.com/scenic-views/scenic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/scenic-views/scenic/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: scenic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:10:09 +09:00
dependabot[bot]
ef09016f35
Bump pundit from 2.2.0 to 2.3.0 (#22516)
Bumps [pundit](https://github.com/varvet/pundit) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/varvet/pundit/releases)
- [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/varvet/pundit/commits)

---
updated-dependencies:
- dependency-name: pundit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:08:53 +09:00
dependabot[bot]
fcaeae7761
Bump fog-core from 2.1.0 to 2.3.0 (#22521)
Bumps [fog-core](https://github.com/fog/fog-core) from 2.1.0 to 2.3.0.
- [Release notes](https://github.com/fog/fog-core/releases)
- [Changelog](https://github.com/fog/fog-core/blob/master/changelog.md)
- [Commits](https://github.com/fog/fog-core/compare/v2.1.0...v2.3.0)

---
updated-dependencies:
- dependency-name: fog-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:08:22 +09:00
Kaspar V
19f78ea8fa
linting: RuboCop update, config fixes (#20574)
* fix(rubocop): update gems and add performance and rspec

fix(rubocop): update gems and add performance and rspec

- update present rubocop gems
- add rubocop-rspec and rubocop-performance gems
- move rubocop gems to gem group :development, :test in order to
  make linting in a github action that runs with RAILS_ENV=test possible

* feat(rubocop): disable some annoyance RSpec cops

To mee these prooved to be more annoying than helpful.
If not agreed, they can be enabled any time.

* fix(rubocop): do not ignore spec/**/*

Because rubocop-rspec should lint the specs as well, and they
deserve to be readable in general. It is relevant code, after all.

* fix(rubocop): change ignore db/**/* to db/schema.rb

because rails cops do some lints for migrations.
E.g. reversable migrations linting and more.

* fix(rubocop): tune rules configs

Bunch of commits squashed:

fix(rubocop): enable Layout/LineLength cop

Because this project has code with line lenghts > 500 chars.
This is not good practice at all, so I strongly suggest to
change the practice in the future.

But allow heredoc, URI and comments to still be long lines
and make the default Max: 120 explicit, by repeating it in the
config. To me this max length seems reasonable. Perhaps
a bit more could be ok for some. But > 500 chars in one line
Seems to be way too long IMHO.

fix(rubocop): Metrics/CyclomaticComplexity Max to 12

The default is 7, perhaps quite strict. But 25 is too loose,
the rule becomes pointless like that.

fix(rubocop): AllCops ruby version, cacheing and more info

- fix the target ruby version from 2.5 to 3.0
- have the cop error messages to be more informative and helpful
- enable cacheing in /tmp

fix(rubocop): Metrics/AbcSize to 34 from 115

Rubocops default is 17. If the rule is at 115 is becomes
pointless.

fix(rubocop): Metrics/BlockLength improvements

- instead of ignoring tasks completely, ignore only the
  long blocks that are specific to tasks (task, namespace)
- ignore also concern specific block methods (included, class_methods)

fix(rubocop): Metrics/ClassLength count heredoc array as one line

fix(rubocop): Metrics/MethodLength Max to 25

- the default is 10, but 65 is too loose, so perhaps 25?

fix(rubocop): Metrics/ModuleLength array and heredoc count as one

fix(rubocop): Metrics/PerceivedComplexity to 16 from 25

Rubocops default is 8, so how about only doubling that, instead
of > than tripple it?

fix(rubocop): enable Style/RedundantAssignment

Because I think that this rule would never really hurt,
but improve code quality and readability.

fix(rubocop): enable Style/RescueStandardError

I think everyone that ever had to debug what this can bring
will hopefully agree that this rule totally makes sense.
In the super rare exeptions where this is totally needed,
it can be excluded by disabling comment in that place.

fix(rubocop): Metrics/ParameterLists add explicit defaults and some excludes
2022-12-15 16:39:59 +01:00
Meisam
6cdbc345f4
Validate nodeinfo response by schema (#21395)
* add json-schema to :test in Gemfile

* Create node_info_2.0_schema.json

* test match_response_schema

* Create match_response_schema.rb

* Update nodeinfo_controller_spec.rb

* Rename spec/support/node_info_2.0_schema.json to spec/support/schema/node_info_2.0_schema.json

* Update match_response_schema.rb

* cleanup

* additionally validate the json schema itself

disable throwing errors

test the schema matcher

* rename nodeinfo schema to nodeinfo_2.0

* use Rails.root.join to construct the path

* prettify json

* sync Gemfile.lock
2022-12-15 15:43:05 +01:00
Claire
c8849d6cee
Fix unbounded recursion in account discovery (#22025)
* Fix trying to fetch posts from other users when fetching featured posts

* Rate-limit discovery of new subdomains

* Put a limit on recursively discovering new accounts
2022-12-07 00:15:24 +01:00