Merge pull request #2537 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes up to b7bdcd4

.github/renovate.json5

@@ -99,6 +99,16 @@
       matchUpdateTypes: ['patch', 'minor'],
       groupName: 'eslint (non-major)',
     },
+    {
+      // Group actions/*-artifact in the same PR
+      matchManagers: ['github-actions'],
+      matchPackageNames: [
+        'actions/download-artifact',
+        'actions/upload-artifact',
+      ],
+      matchUpdateTypes: ['major'],
+      groupName: 'artifact actions (major)',
+    },
     {
       // Update @types/* packages every week, with one grouped PR
       matchPackagePrefixes: '@types/',

.haml-lint_todo.yml

@@ -1,33 +1,21 @@
 # This configuration was generated by
 # `haml-lint --auto-gen-config`
-# on 2023-10-26 09:32:34 -0400 using Haml-Lint version 0.51.0.
+# on 2023-12-15 11:02:19 -0500 using Haml-Lint version 0.52.0.
 # The point is for the user to remove these configuration records
 # one by one as the lints are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of Haml-Lint, may require this file to be generated again.
 
 linters:
-  # Offense count: 16
+  # Offense count: 11
   LineLength:
     exclude:
-      - 'app/views/admin/account_actions/new.html.haml'
-      - 'app/views/admin/accounts/index.html.haml'
-      - 'app/views/admin/ip_blocks/new.html.haml'
       - 'app/views/admin/roles/_form.html.haml'
-      - 'app/views/admin/settings/discovery/show.html.haml'
       - 'app/views/auth/registrations/edit.html.haml'
       - 'app/views/auth/registrations/new.html.haml'
-      - 'app/views/filters/_filter_fields.html.haml'
       - 'app/views/media/player.html.haml'
       - 'app/views/settings/applications/_fields.html.haml'
       - 'app/views/settings/imports/index.html.haml'
       - 'app/views/settings/preferences/appearance/show.html.haml'
       - 'app/views/settings/preferences/notifications/show.html.haml'
       - 'app/views/settings/preferences/other/show.html.haml'
-
-  # Offense count: 9
-  RuboCop:
-    exclude:
-      - 'app/views/admin/accounts/_buttons.html.haml'
-      - 'app/views/admin/accounts/_local_account.html.haml'
-      - 'app/views/admin/roles/_form.html.haml'

.rubocop.yml

@@ -105,6 +105,21 @@ Rails/Exit:
     - 'config/boot.rb'
     - 'lib/mastodon/cli/*.rb'
 
+Rails/SkipsModelValidations:
+  Exclude:
+    - 'db/*migrate/**/*'
+
+# Reason: We want to preserve the ability to migrate from arbitrary old versions,
+# and cannot guarantee that every installation has run every migration as they upgrade.
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsunusedignoredcolumns
+Rails/UnusedIgnoredColumns:
+  Enabled: false
+
+# Reason: Prevailing style choice
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsnegateinclude
+Rails/NegateInclude:
+  Enabled: false
+
 # Reason: Some single letter camel case files shouldn't be split
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
 RSpec/FilePath:

.rubocop_todo.yml

@@ -26,7 +26,7 @@ Lint/NonLocalExitFromIterator:
 
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 130
+  Max: 100
 
 # Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
@@ -119,23 +119,6 @@ Rails/LexicallyScopedActionFilter:
     - 'app/controllers/auth/passwords_controller.rb'
     - 'app/controllers/auth/registrations_controller.rb'
 
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/NegateInclude:
-  Exclude:
-    - 'app/controllers/concerns/signature_verification.rb'
-    - 'app/helpers/jsonld_helper.rb'
-    - 'app/lib/activitypub/activity/create.rb'
-    - 'app/lib/activitypub/activity/move.rb'
-    - 'app/lib/feed_manager.rb'
-    - 'app/lib/link_details_extractor.rb'
-    - 'app/models/concerns/attachmentable.rb'
-    - 'app/models/concerns/remotable.rb'
-    - 'app/models/custom_filter.rb'
-    - 'app/services/activitypub/process_status_update_service.rb'
-    - 'app/services/fetch_link_card_service.rb'
-    - 'app/workers/web/push_notification_worker.rb'
-    - 'lib/paperclip/color_extractor.rb'
-
 Rails/OutputSafety:
   Exclude:
     - 'config/initializers/simple_form.rb'
@@ -181,22 +164,6 @@ Rails/SkipsModelValidations:
     - 'app/workers/move_worker.rb'
     - 'app/workers/scheduler/ip_cleanup_scheduler.rb'
     - 'app/workers/scheduler/scheduled_statuses_scheduler.rb'
-    - 'db/migrate/20161203164520_add_from_account_id_to_notifications.rb'
-    - 'db/migrate/20170105224407_add_shortcode_to_media_attachments.rb'
-    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
-    - 'db/migrate/20170304202101_add_type_to_media_attachments.rb'
-    - 'db/migrate/20180528141303_fix_accounts_unique_index.rb'
-    - 'db/migrate/20180609104432_migrate_web_push_subscriptions2.rb'
-    - 'db/migrate/20181207011115_downcase_custom_emoji_domains.rb'
-    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
-    - 'db/migrate/20191007013357_update_pt_locales.rb'
-    - 'db/migrate/20220316233212_update_kurdish_locales.rb'
-    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
-    - 'db/post_migrate/20200917193528_migrate_notifications_type.rb'
-    - 'db/post_migrate/20201017234926_fill_account_suspension_origin.rb'
-    - 'db/post_migrate/20220617202502_migrate_roles.rb'
-    - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
-    - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
     - 'lib/mastodon/cli/accounts.rb'
     - 'lib/mastodon/cli/maintenance.rb'
     - 'spec/lib/activitypub/activity/follow_spec.rb'
@@ -212,19 +179,6 @@ Rails/UniqueValidationWithoutIndex:
     - 'app/models/identity.rb'
     - 'app/models/webauthn_credential.rb'
 
-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/UnusedIgnoredColumns:
-  Exclude:
-    - 'app/models/account.rb'
-    - 'app/models/account_stat.rb'
-    - 'app/models/admin/action_log.rb'
-    - 'app/models/custom_filter.rb'
-    - 'app/models/email_domain_block.rb'
-    - 'app/models/report.rb'
-    - 'app/models/status_edit.rb'
-    - 'app/models/user.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: exists, where
@@ -378,22 +332,6 @@ Style/IfUnlessModifier:
     - 'config/initializers/devise.rb'
     - 'config/initializers/ffmpeg.rb'
 
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: InverseMethods, InverseBlocks.
-Style/InverseMethods:
-  Exclude:
-    - 'app/models/custom_filter.rb'
-    - 'app/services/update_account_service.rb'
-    - 'spec/controllers/activitypub/replies_controller_spec.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: line_count_dependent, lambda, literal
-Style/Lambda:
-  Exclude:
-    - 'config/initializers/simple_form.rb'
-    - 'config/routes.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapToHash:
   Exclude:
@@ -458,15 +396,6 @@ Style/RedundantFetchBlock:
     - 'config/initializers/paperclip.rb'
     - 'config/puma.rb'
 
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowMultipleReturnValues.
-Style/RedundantReturn:
-  Exclude:
-    - 'app/controllers/api/v1/directories_controller.rb'
-    - 'app/controllers/auth/confirmations_controller.rb'
-    - 'app/lib/ostatus/tag_manager.rb'
-    - 'app/models/form/import.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
 # AllowedMethods: present?, blank?, presence, try, try!
@@ -487,11 +416,6 @@ Style/SingleArgumentDig:
   Exclude:
     - 'lib/webpacker/manifest_extensions.rb'
 
-# This cop supports safe autocorrection (--autocorrect).
-Style/StderrPuts:
-  Exclude:
-    - 'config/boot.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:
@@ -510,13 +434,6 @@ Style/StringLiterals:
     - 'config/initializers/webauthn.rb'
     - 'config/routes.rb'
 
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: AllowMethodsWithArguments, AllowedMethods, AllowedPatterns, AllowComments.
-# AllowedMethods: define_method, mail, respond_to
-Style/SymbolProc:
-  Exclude:
-    - 'config/initializers/3_omniauth.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, AllowSafeAssignment.
 # SupportedStyles: require_parentheses, require_no_parentheses, require_parentheses_when_complex

Gemfile.lock

@@ -168,7 +168,7 @@ GEM
       erubi (~> 1.4)
       parser (>= 2.4)
       smart_properties
-    bigdecimal (3.1.4)
+    bigdecimal (3.1.5)
     bindata (2.4.15)
     binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
@@ -197,7 +197,7 @@ GEM
       activesupport
     cbor (0.5.9.6)
     charlock_holmes (0.7.7)
-    chewy (7.3.5)
+    chewy (7.4.0)
       activesupport (>= 5.2)
       elasticsearch (>= 7.12.0, < 7.14.0)
       elasticsearch-dsl
@@ -326,7 +326,7 @@ GEM
       ruby-progressbar (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
-    haml (6.2.0)
+    haml (6.3.0)
       temple (>= 0.8.2)
       thor
       tilt
@@ -335,7 +335,7 @@ GEM
       activesupport (>= 5.1)
       haml (>= 4.0.6)
       railties (>= 5.1)
-    haml_lint (0.51.0)
+    haml_lint (0.52.0)
       haml (>= 4.0)
       parallel (~> 1.10)
       rainbow
@@ -381,7 +381,7 @@ GEM
       rdoc
       reline (>= 0.3.8)
     jmespath (1.6.2)
-    json (2.7.0)
+    json (2.7.1)
     json-canonicalization (1.0.0)
     json-jwt (1.15.3)
       activesupport (>= 4.2)
@@ -515,7 +515,7 @@ GEM
       openssl (> 2.0)
     orm_adapter (0.5.0)
     ox (2.14.17)
-    parallel (1.23.0)
+    parallel (1.24.0)
     parser (3.2.2.4)
       ast (~> 2.4.1)
       racc
@@ -622,7 +622,7 @@ GEM
       redis (>= 4)
     redlock (1.3.2)
       redis (>= 3.0.0, < 6.0)
-    regexp_parser (2.8.2)
+    regexp_parser (2.8.3)
     reline (0.4.1)
       io-console (~> 0.5)
     request_store (1.5.1)
@@ -662,7 +662,7 @@ GEM
       rspec-mocks (~> 3.0)
       sidekiq (>= 5, < 8)
     rspec-support (3.12.1)
-    rubocop (1.58.0)
+    rubocop (1.59.0)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
@@ -679,10 +679,10 @@ GEM
       rubocop (~> 1.41)
     rubocop-factory_bot (2.24.0)
       rubocop (~> 1.33)
-    rubocop-performance (1.19.1)
-      rubocop (>= 1.7.0, < 2.0)
-      rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.22.2)
+    rubocop-performance (1.20.0)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
+    rubocop-rails (2.23.0)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
@@ -759,7 +759,7 @@ GEM
       unicode-display_width (>= 1.1.1, < 3)
     terrapin (0.6.0)
       climate_control (>= 0.0.3, < 1.0)
-    test-prof (1.3.0)
+    test-prof (1.3.1)
     thor (1.3.0)
     tilt (2.3.0)
     timeout (0.4.1)

app/controllers/api/base_controller.rb

@@ -108,6 +108,10 @@ def require_not_suspended!
     render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.unavailable?
   end
 
+  def require_valid_pagination_options!
+    render json: { error: 'Pagination values for `offset` and `limit` must be positive' }, status: 400 if pagination_options_invalid?
+  end
+
   def require_user!
     if !current_user
       render json: { error: 'This method requires an authenticated user' }, status: 422
@@ -136,6 +140,10 @@ def disallow_unauthenticated_api_access?
 
   private
 
+  def pagination_options_invalid?
+    params.slice(:limit, :offset).values.map(&:to_i).any?(&:negative?)
+  end
+
   def respond_with_error(code)
     render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code
   end

app/controllers/api/v1/accounts/notes_controller.rb

@@ -25,6 +25,6 @@ def set_account
   end
 
   def relationships_presenter
-    AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
+    AccountRelationshipsPresenter.new([@account], current_user.account_id)
   end
 end

app/controllers/api/v1/accounts/pins_controller.rb

@@ -25,6 +25,6 @@ def set_account
   end
 
   def relationships_presenter
-    AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
+    AccountRelationshipsPresenter.new([@account], current_user.account_id)
   end
 end

app/controllers/api/v1/accounts/relationships_controller.rb

@@ -5,7 +5,7 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
   before_action :require_user!
 
   def index
-    @accounts = Account.where(id: account_ids).select('id')
+    @accounts = Account.where(id: account_ids).select(:id, :domain)
     @accounts.merge!(Account.without_suspended) unless truthy_param?(:with_suspended)
     render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships
   end

app/controllers/api/v1/accounts_controller.rb

@@ -88,7 +88,7 @@ def check_account_confirmation
   end
 
   def relationships(**options)
-    AccountRelationshipsPresenter.new([@account.id], current_user.account_id, **options)
+    AccountRelationshipsPresenter.new([@account], current_user.account_id, **options)
   end
 
   def account_params

app/controllers/api/v1/directories_controller.rb

@@ -12,7 +12,7 @@ def show
   private
 
   def require_enabled!
-    return not_found unless Setting.profile_directory
+    not_found unless Setting.profile_directory
   end
 
   def set_accounts

app/controllers/api/v1/follow_requests_controller.rb

@@ -25,11 +25,11 @@ def reject
   private
 
   def account
-    Account.find(params[:id])
+    @account ||= Account.find(params[:id])
   end
 
   def relationships(**options)
-    AccountRelationshipsPresenter.new([params[:id]], current_user.account_id, **options)
+    AccountRelationshipsPresenter.new([account], current_user.account_id, **options)
   end
 
   def load_accounts

app/controllers/api/v2/search_controller.rb

@@ -12,6 +12,7 @@ class Api::V2::SearchController < Api::BaseController
     before_action :query_pagination_error, if: :pagination_requested?
     before_action :remote_resolve_error, if: :remote_resolve_requested?
   end
+  before_action :require_valid_pagination_options!
 
   def index
     @search = Search.new(search_results)