Refactor `Snowflake` to avoid brakeman sql injection warnings (#25879)
Fix `Style/SlicingWithRange` cop (#25923)
Enable Rubocop Style/FrozenStringLiteralComment (#23793)
Bump version to v4.1.4 (#25805)
Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794)
Bump version to v4.1.3 (#25757)
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
Add hardened headers to user-uploaded files (#25756)
Add translate="no" to outgoing mentions and links (#25524)
Add coverage for `CLI::Feeds` command (#25319)
Add coverage for `CLI::Cache` command (#25238)
Consistently use middle dot (·) instead of bullet (•) to separate items (#25248)
Extract verify options method in search cli (#25121)
Add CLI area progress bar helper (#25208)
Use thor methods instead of tty prompt in maintenance cli (#25207)
Fix FormatStringToken cop in CLI (#25122)
Fix Rails/WhereExists cop in CLI (#25123)
Extract helper method for error report in cli/accounts command (#25119)