Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to latest v4.2.7 #234

Merged
merged 1,967 commits into from
Feb 19, 2024
Merged

Update to latest v4.2.7 #234

merged 1,967 commits into from
Feb 19, 2024

Conversation

jtomchak
Copy link
Contributor

No description provided.

Gargron and others added 30 commits August 31, 2023 17:21
@Gargron
Fix videos not playing in some browsers due to unsupported color spac…
ecd76fa 
…e (#26745)
@ClearlyClaire
Change importers to avoid a few inefficiencies (#26721)
9bb2fb6
@Gargron
Fix search queries with slash causing or-condition (#26699)
0008458
@Gargron
Fix not being able to invoke phrase search using unicode quotation ma…
872145d 
…rks (#26687)
@Gargron
Fix unmatched quotes and prefixes causing search to fail (#26701)
e754083
@renovate
Update dependency oj to v3.16.1 (#26749)
630e558 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
Update dependency pg to v1.5.4 (#26750)
bb0edb1 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@ClearlyClaire
Revert to using primary database in IndexingScheduler (#26754)
5c0a9aa
@ClearlyClaire
Fix search popout including full-text search instructions when full-t…
6c4c724 
…ext search is disabled (#26755)
@ClearlyClaire
Add authorized_fetch server setting in addition to env var (#25798)
9e26cd5
@gmemstr @ThisIsMissEm
Move to ioredis for streaming (#26581)
be991f1 
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
@ClearlyClaire
Add admin notifications for new Mastodon versions (#26582)
16681e0
@Gargron
Fix some video encoding failing due to uneven dimensions (#26766)
0509326
@Gargron
Fix wrong color on active icons with counters in web UI (#26767)
728eb6a
@renovate
Update dependency typescript to v5.2.2 (#26786)
173041f 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@Gargron
Fix before:, after: and during: failing when time zone not set …
e52d049 
…(#26782)
@renovate
Update DefinitelyTyped types (non-major) (#26785)
1f92436 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@c960657
Fix invalid Content-Type header for WebP images (#26773)
ea31929
@Signez
Fix light mode colors for advanced interface banner (#26759)
a106c46
@Gargron
Fix #hashtag matching non-hashtagged posts in search (#26781)
68b4e36
@renovate
Update dependency rubocop to v1.56.2 (#26568)
59361df 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
Update dependency stylelint-config-standard-scss to v11 (#26780)
3e6a643 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@gunchleoc
Remove kmr from language selection (#26014)
ac3f310
@Gargron @ClearlyClaire
Add in:library syntax to search (#26760)
ece1ff7 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
@ClearlyClaire
Fix language settings for users having selected the kmr language (#…
cddef4c 
…26787)
@renovate
Update babel monorepo to v7.22.15 (#26790)
ddeca3b 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@ClearlyClaire
Bump version to v4.2.0-beta3 (#26753)
f80f426
@ClearlyClaire
Fix “Scoped order is ignored, it's forced to be batch order.” warning…
cab4cbf 
…s (#26793)
@vmstan
Migrate Dockerfile to Bookworm (#26802)
b749de7
@ClearlyClaire
Fix video player not being displayed in reports interface (#26801)
ea7de25
ClearlyClaire and others added 18 commits January 24, 2024 15:31
@ClearlyClaire
Bump version to v4.2.4
4633bb8
@ClearlyClaire
Merge pull request from GHSA-3fjr-858r-92rw
a6641f8 
* Fix insufficient origin validation

* Bump version to v4.2.5
@ClearlyClaire
Update dependency nokogiri to 1.16.2
b7230cd
@ClearlyClaire
Update dependency sidekiq-unique-jobs to 7.1.33
ae2dce8
@ThisIsMissEm @ClearlyClaire
Disable administrative doorkeeper routes (#29187)
6d43b63
@ClearlyClaire
Add sidekiq_unique_jobs:delete_all_locks task and disable `sidekiq-…
1a33d34 
…unique-jobs` UI by default (#29199)
@ClearlyClaire @ThisIsMissEm
Merge pull request from GHSA-7w3c-p9j8-mq3x
0b0c7af 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
@ClearlyClaire
Merge pull request from GHSA-vm39-j3vx-pch3
f170052 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
@ClearlyClaire
Bump version to v4.2.6
7c8ca0c
@ClearlyClaire
Fix OmniAuth tests (#29201)
76a37bd
@ClearlyClaire
Fix user creation failure handling in OAuth paths (#29207)
870ee80
@ClearlyClaire @mjankowski
Update nsa gem to version 0.3.0 (#29065) (#29206)
e4ec4ce 
Co-authored-by: Matt Jankowski <matt@jankowski.online>
@ClearlyClaire
Update dependency pg to 1.5.5
684f999
@ClearlyClaire
Merge pull request from GHSA-jhrq-qvrm-qr36
15de520 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
@ClearlyClaire
Bump version to v4.2.7
0e4e98f
@jtomchak
Merge tag 'v4.2.7' into MAM-3962-security-updates-to-lastest-mastodon…
1394dc2 
…-version
@jtomchak
update gemlock
147910c
@jtomchak
yarn update to 4
b37ead1
@jtomchak jtomchak self-assigned this Feb 19, 2024
@CLAassistant
Copy link

CLAassistant commented Feb 19, 2024
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 8 committers have signed the CLA.

❌ ClearlyClaire
❌ MitarashiDango
❌ Gargron
❌ brianholley
❌ gunchleoc
❌ ShadowJonathan
❌ ThisIsMissEm
❌ tribela
You have signed the CLA already but the status is still pending? Let us recheck it.

@jtomchak jtomchak marked this pull request as ready for review February 19, 2024 19:15
@jtomchak jtomchak requested a review from rileyhCode February 19, 2024 19:15
rileyhCode
rileyhCode approved these changes Feb 19, 2024
View reviewed changes
Copy link

@rileyhCode rileyhCode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jtomchak jtomchak merged commit f5fd616 into main Feb 19, 2024
28 of 29 checks passed
@jtomchak jtomchak deleted the MAM-3962-security-updates-to-lastest-mastodon-version branch February 19, 2024 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rileyhCode rileyhCode rileyhCode approved these changes

Assignees

@jtomchak jtomchak

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.