chore: more closely align things with upstream

3 months ago · 47be7e7b3d
15 changed files with 18 additions and 174 deletions
--- a/.bundler-audit.yml
+++ b/.bundler-audit.yml
@ -1,10 +0,0 @@
 ---
 ignore:
  # devise-two-factor advisory about brute-forcing TOTP
  # We have rate-limits on authentication endpoints in place (including second
  # factor verification) since Mastodon v3.2.0
  - CVE-2024-0227
  # devise-two-factor advisory about generated secrets being weaker than expected
  # We call `generate_otp_secret` ourselves with a requested length of 32 characters,
  # which exceeds the recommended remediation of 26 characters, so we're safe
  - CVE-2024-8796
--- a/.env.production.sample
+++ b/.env.production.sample
@ -88,24 +88,3 @@ S3_ALIAS_HOST=files.example.com
 # -----------------------
 IP_RETENTION_PERIOD=31556952
 SESSION_RETENTION_PERIOD=31556952
 # Fetch All Replies Behavior
 # --------------------------
 # When a user expands a post (DetailedStatus view), fetch all of its replies
 # (default: false)
 FETCH_REPLIES_ENABLED=false
 # Period to wait between fetching replies (in minutes)
 FETCH_REPLIES_COOLDOWN_MINUTES=15
 # Period to wait after a post is first created before fetching its replies (in minutes)
 FETCH_REPLIES_INITIAL_WAIT_MINUTES=5
 # Max number of replies to fetch - total, recursively through a whole reply tree
 FETCH_REPLIES_MAX_GLOBAL=1000
 # Max number of replies to fetch - for a single post
 FETCH_REPLIES_MAX_SINGLE=500
 # Max number of replies Collection pages to fetch - total
 FETCH_REPLIES_MAX_PAGES=500
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -75,8 +75,6 @@ class Api::V1::StatusesController < Api::BaseController
    end
    render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
    ActivityPub::FetchAllRepliesWorker.perform_async(@status.id) if !current_account.nil? && @status.should_fetch_replies?
  end
  def create
--- a/app/javascript/mastodon/polyfills/index.ts
+++ b/app/javascript/mastodon/polyfills/index.ts
@ -2,9 +2,6 @@
 // If there are no polyfills, then this is just Promise.resolve() which means
 // it will execute in the same tick of the event loop (i.e. near-instant).
 // eslint-disable-next-line import/extensions -- This file is virtual so it thinks it has an extension
 import 'vite/modulepreload-polyfill';
 import { loadIntlPolyfills } from './intl';
 function importExtraPolyfills() {
--- a/app/javascript/mastodon/svg_select.js
+++ b/app/javascript/mastodon/svg_select.js
@ -1,21 +0,0 @@
 export function svgSelect(light, dark) {
  var svgbg = window.getComputedStyle(document.getElementsByClassName("drawer__inner")[0], null).getPropertyValue("background-color");
  var rgbArray = ((svgbg.replace(/[^0-9,]/g, "")).split(",")).map(Number).map(x => x/255);
  for ( var i = 0; i < rgbArray.length; ++i ) {
  			if ( rgbArray[i] <= 0.03928 ) {
  				rgbArray[i] = rgbArray[i] / 12.92
 	      } else {
  				rgbArray[i] = Math.pow( ( rgbArray[i] + 0.055 ) / 1.055, 2.4);
  			}
  		}
  var luminance = 0.2126 * rgbArray[0] + 0.7152 * rgbArray[1] + 0.0722 * rgbArray[2];
  		if ( luminance <= 0.179 ) {
  			return light;
  		} else {
  		  return dark;
  		}
 }
--- a/app/serializers/rest/instance_serializer.rb
+++ b/app/serializers/rest/instance_serializer.rb
@ -104,6 +104,21 @@ class REST::InstanceSerializer < ActiveModel::Serializer
        enabled: TranslationService.configured?,
      },
      timelines_access: {
        live_feeds: {
          local: Setting.local_live_feed_access,
          remote: Setting.remote_live_feed_access,
        },
        hashtag_feeds: {
          local: Setting.local_topic_feed_access,
          remote: Setting.remote_topic_feed_access,
        },
        trending_link_feeds: {
          local: Setting.local_topic_feed_access,
          remote: Setting.remote_topic_feed_access,
        },
      },
      limited_federation: limited_federation?,
    }
  end
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@ -15,9 +15,6 @@ class FetchLinkCardService < BaseService
    )
  }iox
  # URL size limit to safely store in PosgreSQL's unique indexes
  BYTESIZE_LIMIT = 2692
  def call(status)
    @status       = status
    @original_url = parse_urls
@ -94,7 +91,7 @@ class FetchLinkCardService < BaseService
  def bad_url?(uri)
    # Avoid local instance URLs and invalid URLs
-    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme) || uri.to_s.bytesize > BYTESIZE_LIMIT
+    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme)
  end
  def mention_link?(anchor)
--- a/app/views/about/_domain_blocks.html.haml
+++ b/app/views/about/_domain_blocks.html.haml
@ -1,12 +0,0 @@
 %table
  %thead
    %tr
      %th= t('about.unavailable_content_description.domain')
      %th= t('about.unavailable_content_description.reason')
  %tbody
    - domain_blocks.each do |domain_block|
      %tr
        %td.nowrap
          %span{ title: "SHA-256: #{domain_block.domain_digest}" }= domain_block.public_domain
        %td
          = domain_block.public_comment if display_blocks_rationale?
--- a/app/views/admin/settings/discovery/show.html.haml
+++ b/app/views/admin/settings/discovery/show.html.haml
@ -57,8 +57,6 @@
  %h4= t('admin.settings.discovery.privacy')
  %h4= t('admin.settings.discovery.privacy')
  .fields-group
    = f.input :noindex,
              as: :boolean,
--- a/app/views/layouts/admin.html.haml
+++ b/app/views/layouts/admin.html.haml
@ -10,10 +10,8 @@
    .sidebar-wrapper
      .sidebar-wrapper__inner
        .sidebar
-          .logo
+          = link_to root_path do
-            %h2
+            = site_title
              = link_to root_path, class: 'brand' do
                = site_title
          .sidebar__toggle
            .sidebar__toggle__logo
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@ -64,13 +64,5 @@ RSpec.describe OAuth::AuthorizedApplicationsController do
      expect(redis_pipeline_stub)
        .to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')
    end
    it 'removes the web_push_subscription' do
      expect { web_push_subscription.reload }.to raise_error(ActiveRecord::RecordNotFound)
    end
    it 'sends a session kill payload to the streaming server' do
      expect(redis_pipeline_stub).to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')
    end
  end
 end
--- a/spec/lib/activitypub/activity/delete_spec.rb
+++ b/spec/lib/activitypub/activity/delete_spec.rb
@ -120,61 +120,4 @@ RSpec.describe ActivityPub::Activity::Delete do
      end
    end
  end
  context 'when the deleted object is an account' do
    let(:json) do
      {
        '@context': 'https://www.w3.org/ns/activitystreams',
        id: 'foo',
        type: 'Delete',
        actor: ActivityPub::TagManager.instance.uri_for(sender),
        object: ActivityPub::TagManager.instance.uri_for(sender),
        signature: 'foo',
      }.with_indifferent_access
    end
    describe '#perform' do
      subject { described_class.new(json, sender) }
      let(:service) { instance_double(DeleteAccountService, call: true) }
      before do
        allow(DeleteAccountService).to receive(:new).and_return(service)
      end
      it 'calls the account deletion service' do
        subject.perform
        expect(service)
          .to have_received(:call).with(sender, { reserve_username: false, skip_activitypub: true })
      end
    end
  end
  context 'when the deleted object is a quote authorization' do
    let(:quoter) { Fabricate(:account, domain: 'b.example.com') }
    let(:status) { Fabricate(:status, account: quoter) }
    let(:quoted_status) { Fabricate(:status, account: sender, uri: 'https://example.com/statuses/1234') }
    let!(:quote) { Fabricate(:quote, approval_uri: 'https://example.com/approvals/1234', state: :accepted, status: status, quoted_status: quoted_status) }
    let(:json) do
      {
        '@context': 'https://www.w3.org/ns/activitystreams',
        id: 'foo',
        type: 'Delete',
        actor: ActivityPub::TagManager.instance.uri_for(sender),
        object: quote.approval_uri,
        signature: 'foo',
      }.with_indifferent_access
    end
    describe '#perform' do
      subject { described_class.new(json, sender) }
      it 'revokes the authorization' do
        expect { subject.perform }
          .to change { quote.reload.state }.to('revoked')
      end
    end
  end
 end
--- a/spec/lib/link_details_extractor_spec.rb
+++ b/spec/lib/link_details_extractor_spec.rb
@ -102,12 +102,6 @@ RSpec.describe LinkDetailsExtractor do
            language: eq('en')
          )
      end
      describe '#language' do
        it 'returns the language from structured data' do
          expect(subject.language).to eq 'en'
        end
      end
    end
    context 'when is wrapped in CDATA tags' do
--- a/spec/services/fetch_link_card_service_spec.rb
+++ b/spec/services/fetch_link_card_service_spec.rb
@ -235,19 +235,6 @@ RSpec.describe FetchLinkCardService do
      end
    end
    context 'with an URL too long for PostgreSQL unique indexes' do
      let(:url) { "http://example.com/#{'a' * 2674}" }
      let(:status) { Fabricate(:status, text: url) }
      it 'does not fetch the URL' do
        expect(a_request(:get, url)).to_not have_been_made
      end
      it 'does not create a preview card' do
        expect(status.preview_card).to be_nil
      end
    end
    context 'with a URL of a page with oEmbed support' do
      let(:html) { '<!doctype html><title>Hello world</title><link rel="alternate" type="application/json+oembed" href="http://example.com/oembed?url=http://example.com/html">' }
      let(:status) { Fabricate(:status, text: 'http://example.com/html') }
--- a/spec/services/notify_service_spec.rb
+++ b/spec/services/notify_service_spec.rb
@ -18,17 +18,6 @@ RSpec.describe NotifyService do
    expect { subject }.to_not change(Notification, :count)
  end
  context 'when the sender is a local moderator' do
    let(:sender) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
    let(:type) { :mention }
    let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender)) }
    it 'does notify when the sender is blocked' do
      recipient.block!(sender)
      expect { subject }.to change(Notification, :count).by(1)
    end
  end
  it 'does not notify when sender is muted with hide_notifications' do
    recipient.mute!(sender, notifications: true)
    expect { subject }.to_not change(Notification, :count)