diff --git a/.bundler-audit.yml b/.bundler-audit.yml
deleted file mode 100644
index c867b1abf..000000000
--- a/.bundler-audit.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-ignore:
- # devise-two-factor advisory about brute-forcing TOTP
- # We have rate-limits on authentication endpoints in place (including second
- # factor verification) since Mastodon v3.2.0
- - CVE-2024-0227
- # devise-two-factor advisory about generated secrets being weaker than expected
- # We call `generate_otp_secret` ourselves with a requested length of 32 characters,
- # which exceeds the recommended remediation of 26 characters, so we're safe
- - CVE-2024-8796
diff --git a/.env.production.sample b/.env.production.sample
index 15004b9d0..9ff63c49e 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -88,24 +88,3 @@ S3_ALIAS_HOST=files.example.com
# -----------------------
IP_RETENTION_PERIOD=31556952
SESSION_RETENTION_PERIOD=31556952
-
-# Fetch All Replies Behavior
-# --------------------------
-# When a user expands a post (DetailedStatus view), fetch all of its replies
-# (default: false)
-FETCH_REPLIES_ENABLED=false
-
-# Period to wait between fetching replies (in minutes)
-FETCH_REPLIES_COOLDOWN_MINUTES=15
-
-# Period to wait after a post is first created before fetching its replies (in minutes)
-FETCH_REPLIES_INITIAL_WAIT_MINUTES=5
-
-# Max number of replies to fetch - total, recursively through a whole reply tree
-FETCH_REPLIES_MAX_GLOBAL=1000
-
-# Max number of replies to fetch - for a single post
-FETCH_REPLIES_MAX_SINGLE=500
-
-# Max number of replies Collection pages to fetch - total
-FETCH_REPLIES_MAX_PAGES=500
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index ff2fd87b5..ea5288c56 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -75,8 +75,6 @@ class Api::V1::StatusesController < Api::BaseController
end
render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
-
- ActivityPub::FetchAllRepliesWorker.perform_async(@status.id) if !current_account.nil? && @status.should_fetch_replies?
end
def create
diff --git a/app/javascript/mastodon/polyfills/index.ts b/app/javascript/mastodon/polyfills/index.ts
index e7b31bfae..00da2042e 100644
--- a/app/javascript/mastodon/polyfills/index.ts
+++ b/app/javascript/mastodon/polyfills/index.ts
@@ -2,9 +2,6 @@
// If there are no polyfills, then this is just Promise.resolve() which means
// it will execute in the same tick of the event loop (i.e. near-instant).
-// eslint-disable-next-line import/extensions -- This file is virtual so it thinks it has an extension
-import 'vite/modulepreload-polyfill';
-
import { loadIntlPolyfills } from './intl';
function importExtraPolyfills() {
diff --git a/app/javascript/mastodon/svg_select.js b/app/javascript/mastodon/svg_select.js
deleted file mode 100644
index 346f4f5f7..000000000
--- a/app/javascript/mastodon/svg_select.js
+++ /dev/null
@@ -1,21 +0,0 @@
-export function svgSelect(light, dark) {
-
- var svgbg = window.getComputedStyle(document.getElementsByClassName("drawer__inner")[0], null).getPropertyValue("background-color");
- var rgbArray = ((svgbg.replace(/[^0-9,]/g, "")).split(",")).map(Number).map(x => x/255);
-
- for ( var i = 0; i < rgbArray.length; ++i ) {
- if ( rgbArray[i] <= 0.03928 ) {
- rgbArray[i] = rgbArray[i] / 12.92
- } else {
- rgbArray[i] = Math.pow( ( rgbArray[i] + 0.055 ) / 1.055, 2.4);
- }
- }
-
- var luminance = 0.2126 * rgbArray[0] + 0.7152 * rgbArray[1] + 0.0722 * rgbArray[2];
-
- if ( luminance <= 0.179 ) {
- return light;
- } else {
- return dark;
- }
-}
diff --git a/app/serializers/rest/instance_serializer.rb b/app/serializers/rest/instance_serializer.rb
index 4d5d8684b..e6056d79f 100644
--- a/app/serializers/rest/instance_serializer.rb
+++ b/app/serializers/rest/instance_serializer.rb
@@ -104,6 +104,21 @@ class REST::InstanceSerializer < ActiveModel::Serializer
enabled: TranslationService.configured?,
},
+ timelines_access: {
+ live_feeds: {
+ local: Setting.local_live_feed_access,
+ remote: Setting.remote_live_feed_access,
+ },
+ hashtag_feeds: {
+ local: Setting.local_topic_feed_access,
+ remote: Setting.remote_topic_feed_access,
+ },
+ trending_link_feeds: {
+ local: Setting.local_topic_feed_access,
+ remote: Setting.remote_topic_feed_access,
+ },
+ },
+
limited_federation: limited_federation?,
}
end
diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb
index 1bbce2dfe..84c4ba06f 100644
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@@ -15,9 +15,6 @@ class FetchLinkCardService < BaseService
)
}iox
- # URL size limit to safely store in PosgreSQL's unique indexes
- BYTESIZE_LIMIT = 2692
-
def call(status)
@status = status
@original_url = parse_urls
@@ -94,7 +91,7 @@ class FetchLinkCardService < BaseService
def bad_url?(uri)
# Avoid local instance URLs and invalid URLs
- uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme) || uri.to_s.bytesize > BYTESIZE_LIMIT
+ uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme)
end
def mention_link?(anchor)
diff --git a/app/views/about/_domain_blocks.html.haml b/app/views/about/_domain_blocks.html.haml
deleted file mode 100644
index 35a30f16e..000000000
--- a/app/views/about/_domain_blocks.html.haml
+++ /dev/null
@@ -1,12 +0,0 @@
-%table
- %thead
- %tr
- %th= t('about.unavailable_content_description.domain')
- %th= t('about.unavailable_content_description.reason')
- %tbody
- - domain_blocks.each do |domain_block|
- %tr
- %td.nowrap
- %span{ title: "SHA-256: #{domain_block.domain_digest}" }= domain_block.public_domain
- %td
- = domain_block.public_comment if display_blocks_rationale?
diff --git a/app/views/admin/settings/discovery/show.html.haml b/app/views/admin/settings/discovery/show.html.haml
index 24b05124d..ea1bd1248 100644
--- a/app/views/admin/settings/discovery/show.html.haml
+++ b/app/views/admin/settings/discovery/show.html.haml
@@ -57,8 +57,6 @@
%h4= t('admin.settings.discovery.privacy')
- %h4= t('admin.settings.discovery.privacy')
-
.fields-group
= f.input :noindex,
as: :boolean,
diff --git a/app/views/layouts/admin.html.haml b/app/views/layouts/admin.html.haml
index 8ffa66568..431275e7b 100644
--- a/app/views/layouts/admin.html.haml
+++ b/app/views/layouts/admin.html.haml
@@ -10,10 +10,8 @@
.sidebar-wrapper
.sidebar-wrapper__inner
.sidebar
- .logo
- %h2
- = link_to root_path, class: 'brand' do
- = site_title
+ = link_to root_path do
+ = site_title
.sidebar__toggle
.sidebar__toggle__logo
diff --git a/spec/controllers/oauth/authorized_applications_controller_spec.rb b/spec/controllers/oauth/authorized_applications_controller_spec.rb
index 5d5593599..8d804476e 100644
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@@ -64,13 +64,5 @@ RSpec.describe OAuth::AuthorizedApplicationsController do
expect(redis_pipeline_stub)
.to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')
end
-
- it 'removes the web_push_subscription' do
- expect { web_push_subscription.reload }.to raise_error(ActiveRecord::RecordNotFound)
- end
-
- it 'sends a session kill payload to the streaming server' do
- expect(redis_pipeline_stub).to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')
- end
end
end
diff --git a/spec/lib/activitypub/activity/delete_spec.rb b/spec/lib/activitypub/activity/delete_spec.rb
index 7d644822e..48d2946b9 100644
--- a/spec/lib/activitypub/activity/delete_spec.rb
+++ b/spec/lib/activitypub/activity/delete_spec.rb
@@ -120,61 +120,4 @@ RSpec.describe ActivityPub::Activity::Delete do
end
end
end
-
- context 'when the deleted object is an account' do
- let(:json) do
- {
- '@context': 'https://www.w3.org/ns/activitystreams',
- id: 'foo',
- type: 'Delete',
- actor: ActivityPub::TagManager.instance.uri_for(sender),
- object: ActivityPub::TagManager.instance.uri_for(sender),
- signature: 'foo',
- }.with_indifferent_access
- end
-
- describe '#perform' do
- subject { described_class.new(json, sender) }
-
- let(:service) { instance_double(DeleteAccountService, call: true) }
-
- before do
- allow(DeleteAccountService).to receive(:new).and_return(service)
- end
-
- it 'calls the account deletion service' do
- subject.perform
-
- expect(service)
- .to have_received(:call).with(sender, { reserve_username: false, skip_activitypub: true })
- end
- end
- end
-
- context 'when the deleted object is a quote authorization' do
- let(:quoter) { Fabricate(:account, domain: 'b.example.com') }
- let(:status) { Fabricate(:status, account: quoter) }
- let(:quoted_status) { Fabricate(:status, account: sender, uri: 'https://example.com/statuses/1234') }
- let!(:quote) { Fabricate(:quote, approval_uri: 'https://example.com/approvals/1234', state: :accepted, status: status, quoted_status: quoted_status) }
-
- let(:json) do
- {
- '@context': 'https://www.w3.org/ns/activitystreams',
- id: 'foo',
- type: 'Delete',
- actor: ActivityPub::TagManager.instance.uri_for(sender),
- object: quote.approval_uri,
- signature: 'foo',
- }.with_indifferent_access
- end
-
- describe '#perform' do
- subject { described_class.new(json, sender) }
-
- it 'revokes the authorization' do
- expect { subject.perform }
- .to change { quote.reload.state }.to('revoked')
- end
- end
- end
end
diff --git a/spec/lib/link_details_extractor_spec.rb b/spec/lib/link_details_extractor_spec.rb
index a44c7f789..019a57cac 100644
--- a/spec/lib/link_details_extractor_spec.rb
+++ b/spec/lib/link_details_extractor_spec.rb
@@ -102,12 +102,6 @@ RSpec.describe LinkDetailsExtractor do
language: eq('en')
)
end
-
- describe '#language' do
- it 'returns the language from structured data' do
- expect(subject.language).to eq 'en'
- end
- end
end
context 'when is wrapped in CDATA tags' do
diff --git a/spec/services/fetch_link_card_service_spec.rb b/spec/services/fetch_link_card_service_spec.rb
index aa9bf691f..1d61e33c0 100644
--- a/spec/services/fetch_link_card_service_spec.rb
+++ b/spec/services/fetch_link_card_service_spec.rb
@@ -235,19 +235,6 @@ RSpec.describe FetchLinkCardService do
end
end
- context 'with an URL too long for PostgreSQL unique indexes' do
- let(:url) { "http://example.com/#{'a' * 2674}" }
- let(:status) { Fabricate(:status, text: url) }
-
- it 'does not fetch the URL' do
- expect(a_request(:get, url)).to_not have_been_made
- end
-
- it 'does not create a preview card' do
- expect(status.preview_card).to be_nil
- end
- end
-
context 'with a URL of a page with oEmbed support' do
let(:html) { 'Hello world' }
let(:status) { Fabricate(:status, text: 'http://example.com/html') }
diff --git a/spec/services/notify_service_spec.rb b/spec/services/notify_service_spec.rb
index 78a703377..9d9d4eed3 100644
--- a/spec/services/notify_service_spec.rb
+++ b/spec/services/notify_service_spec.rb
@@ -18,17 +18,6 @@ RSpec.describe NotifyService do
expect { subject }.to_not change(Notification, :count)
end
- context 'when the sender is a local moderator' do
- let(:sender) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
- let(:type) { :mention }
- let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender)) }
-
- it 'does notify when the sender is blocked' do
- recipient.block!(sender)
- expect { subject }.to change(Notification, :count).by(1)
- end
- end
-
it 'does not notify when sender is muted with hide_notifications' do
recipient.mute!(sender, notifications: true)
expect { subject }.to_not change(Notification, :count)