dakkar
ec404fd3ce
remove leftover debug line
2025-04-30 20:30:52 +01:00
Hazelnoot
d18885eefc
fix type errors in e2e tests
2025-04-30 11:13:54 -04:00
Hazelnoot
6e4e4fdc33
fix type errors in mastodon API
2025-04-30 11:13:46 -04:00
Hazelnoot
4ea1b6aa4d
fix type errors in SponsorsService.ts
2025-04-30 11:13:38 -04:00
Hazelnoot
dc087d4477
update @nestjs/platform-express to match other nestjs versions
2025-04-29 16:18:37 -04:00
Hazelnoot
25c96c1688
update broken SWC release ( https://github.com/swc-project/swc/issues/10413 )
2025-04-29 16:14:10 -04:00
Hazelnoot
dc9106dfb3
remove outdated packages from megalodon
2025-04-29 16:07:56 -04:00
Hazelnoot
9c301fa5aa
Merge branch 'misskey-develop' into merge/2025-03-24
...
# Conflicts:
# .github/workflows/api-misskey-js.yml
# .github/workflows/changelog-check.yml
# .github/workflows/check-misskey-js-autogen.yml
# .github/workflows/get-api-diff.yml
# .github/workflows/lint.yml
# .github/workflows/locale.yml
# .github/workflows/on-release-created.yml
# .github/workflows/storybook.yml
# .github/workflows/test-backend.yml
# .github/workflows/test-federation.yml
# .github/workflows/test-frontend.yml
# .github/workflows/test-misskey-js.yml
# .github/workflows/test-production.yml
# .github/workflows/validate-api-json.yml
# package.json
# packages/backend/package.json
# packages/backend/src/server/api/ApiCallService.ts
# packages/backend/src/server/api/endpoints/drive/files/create.ts
# packages/frontend-shared/js/url.ts
# packages/frontend/package.json
# packages/frontend/src/components/MkFileCaptionEditWindow.vue
# packages/frontend/src/components/MkInfo.vue
# packages/frontend/src/components/MkLink.vue
# packages/frontend/src/components/MkNote.vue
# packages/frontend/src/components/MkNotes.vue
# packages/frontend/src/components/MkPageWindow.vue
# packages/frontend/src/components/MkReactionsViewer.vue
# packages/frontend/src/components/MkTimeline.vue
# packages/frontend/src/components/MkUrlPreview.vue
# packages/frontend/src/components/MkUserPopup.vue
# packages/frontend/src/components/global/MkPageHeader.vue
# packages/frontend/src/components/global/MkUrl.vue
# packages/frontend/src/components/global/PageWithHeader.vue
# packages/frontend/src/pages/about-misskey.vue
# packages/frontend/src/pages/announcements.vue
# packages/frontend/src/pages/antenna-timeline.vue
# packages/frontend/src/pages/channel.vue
# packages/frontend/src/pages/instance-info.vue
# packages/frontend/src/pages/note.vue
# packages/frontend/src/pages/page.vue
# packages/frontend/src/pages/role.vue
# packages/frontend/src/pages/tag.vue
# packages/frontend/src/pages/timeline.vue
# packages/frontend/src/pages/user-list-timeline.vue
# packages/frontend/src/pages/user/followers.vue
# packages/frontend/src/pages/user/following.vue
# packages/frontend/src/pages/user/home.vue
# packages/frontend/src/pages/user/index.vue
# packages/frontend/src/ui/deck.vue
# packages/misskey-js/generator/package.json
# pnpm-lock.yaml
# scripts/changelog-checker/package-lock.json
# scripts/changelog-checker/package.json
2025-04-29 15:54:11 -04:00
syuilo
d6ae4c980b
feat(frontend): タイトルバーを表示できるように
2025-04-29 09:43:15 +09:00
Julia
d10fdfe973
Merge commit from fork
...
* SP-2025-03.1 always wrap icon&thumbnail URLs
if they're not HTTP URLs, the frontend won't be able to display them
anyway (`<img src="mailto:…">` or '<div stile="background-image:
url(nntp:…)">` aren't going to work!), so let's always run them through the
media proxy, which will fail harder (fetching a `javascript:` URL
won't do anything in the backend, might do something in the frontend)
and will always protect the client's address in cases like `gemini:`
where the browser could try to fetch
* SP-2025-03.2 use object binding for more styles
interpolating a random (remote-controlled!) string into a `style`
attribute is a bad idea; using VueJS object binding, we should get
proper quoting and therefore safe parse failures instead of CSS
injections / XSS
* SP-2025-03.3 slightly more robust "self" URL handling
parse URLs instead of treating them as strings; this is still not
perfect, but the `URL` class only handles full URLs, not relative
ones, so there's so way to ask it "give me a URL object that
represents this resource relative to this base URL"
notice that passing very weird URLs to `MkUrl` and `MkUrlPreview` will
break the frontend (in dev mode) because there's an untrapped `new
URL(…)` that may explode; production builds seem to safely ignore the
error, though
---------
Co-authored-by: dakkar <dakkar@thenautilus.net>
2025-04-29 08:15:54 +09:00
おさむのひと
7e8cc4d7c0
fix: 添付ファイルのあるリクエストを受けたときの初動を改善 ( #15896 )
...
* wip
* ロールポリシーの値も参照するように
* エンドポイントのテストを追加
* fix review
* add spdx
* fix CHANGELOG.md
* fix test
* regenerate
* add log
* Revert "add log"
This reverts commit 4b2bf59a609b85ca0bfcc9b71438db782f11983d.
* add log
* fix
* Revert "add log"
This reverts commit c5a73d57da0f30ec5215e08a8b4d78785cce48d1.
2025-04-29 08:15:09 +09:00
dakkar
4981e5ba36
Merge branch 'develop' into merge/2025-03-24
2025-04-28 15:31:28 +01:00
zyoshoka
aaa31c9d64
fix(backend): correct response schema of chat endpoints ( #15904 )
2025-04-28 18:58:08 +09:00
かっこかり
b5268fa240
fix(test): fix federation test ( #15900 )
2025-04-28 11:24:26 +09:00
renovate[bot]
b94ff3590b
fix(deps): update [backend] update dependencies ( #15811 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-28 09:29:52 +09:00
anatawa12
ec92bf47f1
Exclude blocked instance note from most timelines ( #15792 )
...
* Exclude blocked instance note from most timelines
* Exclude blocked instance note from FTT timelines
* Exclude blocked instance note from featured
* fix type
2025-04-28 07:21:00 +09:00
Julia Johannesen
ac905118cc
Merge branch 'stable' into merge-stable-into-develop
2025-04-27 16:19:44 -04:00
Julia Johannesen
35df3944c1
Update summaly
2025-04-27 13:31:27 -04:00
Julia Johannesen
0bb4e57b0c
Security fixes
...
Co-Authored-By: dakkar <dakkar@thenautilus.net>
2025-04-27 13:05:09 -04:00
syuilo
9481b5a6e8
feat: アップロード可能な最大ファイルサイズをロールごとに設定可能に
2025-04-27 09:35:44 +09:00
なっかあ
de073d6d69
Fix #15876 絵文字がアニメーションしない問題を修正 ( #15881 )
2025-04-27 09:16:41 +09:00
Hazelnoot
335603f073
fix null checks for background in UserEntityService.ts
2025-04-24 15:07:26 -04:00
Marie
e6888131b7
baseQueueOptions > baseWorkerOptions
2025-04-24 18:57:32 +00:00
Hazelnoot
cdf9921f2c
fix build errors in ApRendererService.ts
2025-04-24 14:55:18 -04:00
Hazelnoot
a4dd19fdd4
merge upstream again
2025-04-24 14:23:45 -04:00
Hazelnoot
ac894986f9
Merge branch 'develop' into merge/2025-03-24
...
# Conflicts:
# CONTRIBUTING.md
# packages/backend/src/core/activitypub/models/ApPersonService.ts
2025-04-24 13:07:41 -04:00
饺子w (Yumechi)
7a41cfe28b
enhance(backend): DB note (userId) インデクス -> (userId, id) 複合インデクスにする ( #15879 )
...
* enhance(backend): use composite index for ordering notes by user
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* fixup! enhance(backend): use composite index for ordering notes by user
---------
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
2025-04-23 14:29:42 +09:00
dakkar
fda71c4147
make toPuny
work better in testing
2025-04-21 16:44:13 +01:00
dakkar
58c0ac6c89
check signatures with and without query - fix #1036
...
@Oneric explained:
> Spec says query params must be included in the signature; Mastodon
> being Mastodon used to always exclude it though and for
> compatibility everyone followed this. At some point GtS decided to
> follow spec instead which caused interop issues, but succeeded in
> getting Mastodon (and others like *oma) to accept incoming requests
> with (and also still without) query params though outgoing requests
> remaing query-param-free. Some still only accept query-param-less
> requests though and GtS uses a retry mechanism to resend any request
> failing with 401 with an query-parama-less signature once. (Also
> see:
> https://docs.gotosocial.org/en/latest/federation/http_signatures/ )
>
> So for incoming requests both versions need to be checked. For
> outgoing requests, unless you want to jump through retry hoops like
> GtS, omitting query-params is the safer bet for now (presumably this
> will only change if Mastodon ever decides to send out requests
> signed with query params)
2025-04-21 16:44:13 +01:00
piuvas
6df82f4eef
remove redundant sql query.
2025-04-20 23:21:50 -03:00
piuvas
06fb6fbeca
requested changes.
2025-04-20 23:20:59 -03:00
piuvas
8609426e71
remove fortnite.
2025-04-20 14:21:44 -03:00
piuvas
46fa99fc28
requested changes to verifyFieldLinks
...
Co-authored-by: dakkar <dakkar@thenautilus.net>
2025-04-20 12:34:00 -03:00
piuvas
1d9876d3fa
make link detection slightly more performant.
2025-04-19 23:20:21 -03:00
piuvas
8a60c7df02
verify links in remote profiles.
2025-04-19 23:10:27 -03:00
piuvas
6a77512737
refactor link verification.
2025-04-19 23:04:48 -03:00
renovate[bot]
0a604285a0
fix(deps): update dependency fastify to v5.3.2 [security] ( #15866 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-19 21:07:10 +09:00
syuilo
7b38806413
feat: Job queue inspector ( #15856 )
...
* wip
* wip
* Update job-queue.vue
* wip
* wip
* Update job-queue.vue
* wip
* Update job-queue.vue
* wip
* Update QueueService.ts
* Update QueueService.ts
* Update QueueService.ts
* Update job-queue.vue
* wip
* wip
* wip
* Update job-queue.vue
* wip
* Update MkTl.vue
* wip
* Update index.vue
* wip
* wip
* Update MkTl.vue
* 🎨
* jobs search
* wip
* Update job-queue.vue
* wip
* wip
* Update job-queue.vue
* Update job-queue.vue
* Update job-queue.vue
* Update job-queue.vue
* wip
* Update job-queue.job.vue
* wip
* wip
* wip
* Update MkCode.vue
* wip
* Update job-queue.job.vue
* wip
* Update job-queue.job.vue
* Update misskey-js.api.md
* Update CHANGELOG.md
* Update job-queue.job.vue
2025-04-19 14:00:38 +09:00
syuilo
eda2f587a3
enhance: コントロールパネルでジョブキューをクリアできるように
2025-04-16 16:47:03 +09:00
anatawa12
4bd23c4c8c
feat: migrate antenna on account move ( #15843 )
...
* feat: migrate antenna on account move
* docs(changelog): アカウントの移行時にアンテナのフィルターのユーザが更新されない問題を修正
* refactor: move to AntennaService
2025-04-16 09:49:27 +09:00
anatawa12
86774ad753
fix: improve flaky federation test ( #15845 )
2025-04-16 07:51:21 +09:00
Marie
28ad2ae534
fix: friendlycaptcha always failing
2025-04-15 20:13:16 +00:00
syuilo
fc6037af46
enhance(backend): push notification for chat message
...
Resolve #15831
2025-04-15 18:27:45 +09:00
Marie
4f64803ef2
merge: make MOTD html unescaped. (requires discussion?) ( !759 )
...
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759
Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2025-04-15 07:45:51 +00:00
anatawa12
b2e3e65896
fix: use ftt for outbox ( #15819 )
...
* fix: use ftt for outbox
* chore: check for enableFanoutTimeline
* lint: fix lint
2025-04-15 16:15:27 +09:00
anatawa12
f454e820bd
feat: render quote note with quote-inline
class for ap compatibility ( #15818 )
2025-04-15 16:14:52 +09:00
anatawa12
d5fe6e36ae
fix: avatarId が null のときにも avatarUrl が non null 担ってることがある問題 ( #15833 )
2025-04-15 16:10:17 +09:00
dakkar
d3baf735e6
allow /
in objectStoragePrefix
2025-04-14 14:56:02 +01:00
Hazelnoot
d1682ee7cc
relax rate limit on /users endpoint
2025-04-13 19:56:43 -04:00
Hazelnoot
8957cd9f3e
Make NoteEdit entity match the database schema
2025-04-13 19:19:49 -04:00