~cytrogen/masto-fe

ref: bb98d970e3f3333f85d454bc1fd26a1b582b14d2 masto-fe/lib d---------
bb98d970 — Claire 2 years ago 
Merge pull request #2291 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
9ae60f87 — Claire 2 years ago 
Merge commit '82e477b184b5666fff7fb55933dce22ca2925db8' into glitch-soc/merge-upstream

Conflicts:
- `db/migrate/20180831171112_create_bookmarks.rb`:
  Upstream ran a lint fix on this file, but this file is different in
  glitch-soc because the feature was added much earlier.
  Ran the lint fix on our own version of the file.
f8314520 — Matt Jankowski 2 years ago 
Refactor `Snowflake` to avoid brakeman sql injection warnings (#25879)
b8b2470c — Matt Jankowski 2 years ago 
Fix `Style/SlicingWithRange` cop (#25923)
1d557305 — Nick Schonning 2 years ago 
Enable Rubocop Style/FrozenStringLiteralComment (#23793)
a40529fa — Claire 2 years ago 
Merge pull request #2279 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
b9aa228c — Claire 2 years ago 
Merge branch 'main' into glitch-soc/merge-upstream

Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream attempted something with tags.
  Kept our version.
00511283 — Claire 2 years ago 
Bump version to v4.1.4 (#25805)
71d44949 — Claire 2 years ago 
Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794)
c25ba31e — Claire 2 years ago 
Merge pull request #2274 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
ff7aae30 — Claire 2 years ago 
Merge branch 'main' into glitch-soc/merge-upstream
5e1752ce — Claire 2 years ago 
Bump version to v4.1.3 (#25757)
dc8f1fbd — Claire 2 years ago 
Merge pull request from GHSA-9928-3cp5-93fm

* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
6d8e0fae — Claire 2 years ago 
Merge pull request from GHSA-ccm4-vgcc-73hp

* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
fed9cbfd — Claire 2 years ago 
Add hardened headers to user-uploaded files (#25756)
b052a7ed — Claire 2 years ago 
Merge pull request #2256 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
178e1510 — Claire 2 years ago 
Merge commit '55e7c08a83547424024bac311d5459cb82cf6dae' into glitch-soc/merge-upstream

Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
c78280a8 — Claire 2 years ago 
Add translate="no" to outgoing mentions and links (#25524)
eba3411b — Plastikmensch 2 years ago 
Re-allow title attribute in <abbr> (#2254)

* Re-allow title attribute in <abbr>

This was accidentally removed in 7623e181247b4d2227b7774143514f6e1ca9253b

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
f3c2035f — Claire 2 years ago 
Merge pull request #2251 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
Next