Merge upstream-devel #50

Open

yume wants to merge 0 commits from upstream-devel into develop

pull from: upstream-devel

merge into: yume:develop

yume:master

yume:develop

yume:master-bak

yume:incoming

yume:atomic-delete-less-intrusive

yume:atomic-delete

yume:relax-account-registration

yume:configurable-web-security

yume:folder-recursive

yume:build-git-info

yume:pick/pari-ws-stability

yume:auto-deploy

yume:pgroonga

yume:db-logical-replicate

yume:pr-webhook-payload

yume:hsts-pr

yume:nyuukyou

yume:KisaragiEffective-patch-2

yume:l10n_develop

yume:dependabot/npm_and_yarn/scripts/changelog-checker/rollup-4.22.5

yume:enableStatsForFederatedInstances

yume:dependabot/npm_and_yarn/packages/frontend-embed/rollup-4.22.4

yume:frontend-di

yume:KisaragiEffective-patch-1

yume:tweak-boot

yume:featured-sensitive

yume:multiple-reactions

yume:mahjong

yume:ed25519

yume:fix/invalid-queryrunner

yume:acid-chicken/debug-base-fix-insertone

yume:dependabot/npm_and_yarn/tar-7.0.0

yume:dependabot/npm_and_yarn/aws-sdk-09351ea602

yume:logger-inspect

yume:dependabot/npm_and_yarn/packages/backend/nodemailer-6.9.9

yume:reversi

yume:bubble-game-replay

yume:render-ap

yume:notification-grouping

yume:tl-push

yume:allow-suspended-access

yume:fetch-outbox

yume:pag-back

yume:frontend-typecheck

yume:revert-modal

yume:fix-storybook-testbed

yume:mkjs-n

yume:oauth2orize

yume:deck-nav

yume:misskey-js

Conversation 0 Commits - Files changed -

yume commented 2024-12-23 02:07:34 -06:00

Owner

Copy link

What

Why

Additional info (optional)

Checklist

• Read the contribution guide
• Test working in a local environment
• (If needed) Add story of storybook
• (If needed) Update CHANGELOG.md
• (If possible) Add tests

<!-- ℹ お読みください / README PRありがとうございます！ PRを作成する前に、コントリビューションガイドをご確認ください: Thank you for your PR! Before creating a PR, please check the contribution guide: https://forge.yumechi.jp/yume/yumechi-no-kuni/src/branch/master/CONTRIBUTING.md --> ## What <!-- このPRで何をしたのか？ どう変わるのか？ --> <!-- What did you do with this PR? How will it change things? --> ## Why <!-- なぜそうするのか？ どういう意図なのか？ 何が困っているのか？ --> <!-- Why do you do it? What are your intentions? What is the problem? --> ## Additional info (optional) <!-- テスト観点など --> <!-- Test perspective, etc --> ## Checklist - [ ] Read the [contribution guide](https://forge.yumechi.jp/yume/yumechi-no-kuni/src/branch/master/CONTRIBUTING.md) - [ ] Test working in a local environment - [ ] (If needed) Add story of storybook - [ ] (If needed) Update CHANGELOG.md - [ ] (If possible) Add tests

yume added 42 commits 2024-12-23 02:07:34 -06:00

perf(frontend): reduce api requests for non-logged-in enviroment (#15001) ... f0c3a4cc0b

* wip

* Update CHANGELOG.md

* wip

Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) ... aa48a0e207

* fix(backend): renoteMute doesn't work for note notification

* docs(changelog): update changelog

New Crowdin updates (#15000) ... 1c284c8154

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (German)

Merge commit from fork ... 5f675201f2

* enhance: Add a few validation fixes from Sharkey

See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484

Co-Authored-By: Dakkar <dakkar@thenautilus.net>

* fix: primitive 2: acceptance of cross-origin alternate

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 3: validation of non-final url

* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities

* fix: primitives 5 & 8: reject activities with non
string identifiers

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 6: reject anonymous objects that were fetched by their id

* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections

* fix: code style for primitive 14

* fix: primitive 15: improper same-origin validation for
note uri and url

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 16: improper same-origin validation for user uri and url

* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

* fix: code style for primitive 17

* fix: check attribution against actor in notes

While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.

* fix: primitive 18: `ap/get` bypasses access checks

One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.

* fix: primitive 19 & 20: respect blocks and hide more

Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.

* fix: primitives 21, 22, and 23: reuse resolver

This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.

* fix: primitives 25-33: proper local instance checks

* revert: fix: primitive 19 & 20

This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.

---------

Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

Merge commit from fork ... b9cb949eb1

* Fix poll update spoofing

* fix: Disallow negative poll counts

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

Merge commit from fork ... 090e9392cd

* fix(backend): check target IP before sending HTTP request

* fix(backend): allow accessing private IP when testing

* Apply suggestions from code review

Co-authored-by: anatawa12 <anatawa12@icloud.com>

* fix(backend): lint and typecheck

* fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService)

* fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses

---------

Co-authored-by: anatawa12 <anatawa12@icloud.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

fix(backend): use atomic command to improve security ... 9fdabe3666

Co-Authored-By: Acid Chicken <root@acid-chicken.com>

fix ap/show 0f59adc436

fix(backend): fix security patches (#15008) 53e827b18c

fix(backend): fix type error(s) in security fixes (#15009) ... 3a6c2aa835

* Fix type error in security fixes

(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)

* Fix error in test function calls

(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)

* Fix style error

(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)

* Fix another style error

(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)

* Fix `.punyHost` misuse

(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)

* attempt to fix test: make yaml valid

---------

Co-authored-by: Julia Johannesen <julia@insertdomain.name>

fix(backend): fix apResolver (#15010) ... c1f19fad1e

* fix(backend): fix apResolver

* fix

* add comments

* tweak comment

Bump version to 2024.11.0-alpha.3 a21a2c52d7

Update CHANGELOG.md 9871035597

Update CHANGELOG.md 7f0ae038d4

Bump version to 2024.11.0-beta.4 752606fe88

ci: reset prerelease number on release (#15024) 1911972ae2

fix(backend): Inboxのエラーをthrowせずreturnしている問題を修正 (#15022) ... f25fc5215b

* fix exception handling for Like activities

(cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91)

* fix exception handling for Announce activities

(cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b)

* fix exception handling for Undo activities

* Update Changelog

---------

Co-authored-by: Hazelnoot <acomputerdog@gmail.com>

New Crowdin updates (#15027) ... 71bfa85986

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Simplified)

Release: 2024.11.0 551040ed0f

[skip ci] Update CHANGELOG.md (prepend template) 872cefcfb8

Update CHANGELOG.md (typo) 0e90589290

fix(backend): use atomic command to improve security 04b221409c

fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正 (#15042) ... d91a1be562

* fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正

* Update Changelog

* fix

Update CHANGELOG.md (書き方を揃える) 00301ed04f

fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する (#15033) ... a77ad7a16b

* fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する

* fix CHANGELOG.md

ci: do not run chromatic on fork repositories (#15041) ae1d0b08eb

fix(backend/misskey-js): タイポ修正 (#15046) d176db517f

fix(frontend): サーバードキュメントとMisskey関連リソースとの間にdividerが入らないことがある問題を修正 (#15044) ... eddf6a2319

* fix(frontend): サーバードキュメントとMisskey関連リソースとの間にdividerが入らないことがある問題を修正

* Update Changelog

fix(backend): 起動前の疎通チェックが機能しなくなっていた問題を修正 (#15043) ... a0e91b5882

* check harder for connectibility

`allSettled` does not throw if a promise is rejected, so
`check_connect` never actually failed

* Update Changelog

---------

Co-authored-by: dakkar <dakkar@thenautilus.net>

fix: unable to upload to local object storage (#15040) dd56623cde

Bump version to 2024.11.1-alpha.0 8076f78d06

Update about-misskey.vue fa271cf84e

Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop dac3b1f405

fix(frontend): MiAuth認可画面のデザイン修正 (#15106) 020c191e2c

fix(frontend): 公開範囲がホームのノートの埋め込みウィジェットが読み込まれない問題を修正 (#15102) ... 074b7b0bee

* Resolve frontend/backend contradiction for home visibility embeds

This now uses the same check from `packages/frontend/src/scripts/get-note-menu.ts`

* Update Changelog

---------

Co-authored-by: CenTdemeern1 <timo.herngreen@gmail.com>

fix(frontend): ノートがログインしているユーザーしか見れない場合にログインをキャンセルした場合その後の動線がなくなる問題を修正 (#15101) ... e8bf6285cb

* fix(frontend): ノートがログインしているユーザーしか見れない場合にログインをキャンセルすると一切の処理が停止する問題を修正

* Update Changelog

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

misskey-js: APIClientにURL末尾の/を除去する処理を追加 (#15132) 234d91a884

enhance(frontend): PC画面でチャンネルが複数列で表示されるように (#15129) ... 5a2b29a3b4

* チャンネル一覧の列を最大3列にした (Otaku-Social#13)

* fix

* fix

* fix

* 🎨

* fix

* 🎨

* Update Changelog

* Update Changelog

* 要らない_marginを消す

---------

Co-authored-by: tmorio <morikapusan@morikapu-denki.com>

fix(frontend): 絵文字管理画面で絵文字が表示されないことがある問題を修正 (#15128) ... 3e0fcaeca8

* fix(frontend): 絵文字管理画面で絵文字が表示されないことがある問題を修正

* Update Changelog

* optimize

fix(frontend): serverContextの型エラーを修正 (#15131) ... 0804092426

* fix(frontend): serverContextの型エラーを修正

* add comment

enhance(frontend): 照会の際にエラーを表示するように (#15147) ... f123be38b9

* enhance: 照会の失敗理由を表示するように

* Update Changelog

* fix

* fix test

* lookupErrors-> remoteLookupErrors

fix(frontend): serverContextの値を利用する条件が間違っていたのを修正 (#15166) 3c81926f71

Some checks failed

Hide all checks

API report (misskey.js) / report (push) Successful in 1m59s

Details

Lint / locale_verify (push) Successful in 2m12s

Details

Check Misskey JS version / Check version (pull_request) Successful in 6s

Details

API report (misskey.js) / report (pull_request) Successful in 1m58s

Details

Check the description in CHANGELOG.md / check-changelog (pull_request) Failing after 42s

Details

Check SPDX-License-Identifier / check-spdx-license-id (pull_request) Successful in 22s

Details

Dockle / dockle (pull_request) Failing after 7s

Details

Get api.json from Misskey / save-pr-number (pull_request) Failing after 2s

Details

Get api.json from Misskey / get-from-misskey (api-head.json, 22.11.0, refs/pull/${{ github.event.number }}/merge) (pull_request) Failing after 38s

Details

Lint / pnpm_install (pull_request) Successful in 1m10s

Details

Test (backend) / unit (22.11.0) (pull_request) Failing after 2s

Details

Test (backend) / e2e (22.11.0) (pull_request) Failing after 0s

Details

Test (federation) / test (22.11.0) (pull_request) Failing after 6s

Details

Test (frontend) / vitest (22.11.0) (pull_request) Failing after 6s

Details

Test (frontend) / e2e (chrome, 22.11.0) (pull_request) Failing after 3s

Details

Test (misskey.js) / test (22.11.0) (pull_request) Failing after 2s

Details

Get api.json from Misskey / get-from-misskey (api-base.json, 22.11.0, ${{ github.base_ref }}) (pull_request) Failing after 1m59s

Details

Lint / locale_verify (pull_request) Successful in 1m33s

Details

Test (production install and build) / production (22.11.0) (pull_request) Successful in 1m31s

Details

Test (backend) / validate-api-json (22.11.0) (pull_request) Successful in 2m51s

Details

Lint / lint (backend) (pull_request) Successful in 3m1s

Details

Lint / lint (frontend-embed) (pull_request) Successful in 2m7s

Details

Lint / lint (frontend-shared) (pull_request) Successful in 2m2s

Details

Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m0s

Details

Lint / lint (misskey-js) (pull_request) Successful in 2m11s

Details

Lint / lint (misskey-reversi) (pull_request) Successful in 2m2s

Details

Lint / lint (sw) (pull_request) Successful in 2m3s

Details

Lint / typecheck (misskey-js) (pull_request) Successful in 1m11s

Details

Lint / lint (frontend) (pull_request) Successful in 9m41s

Details

Lint / typecheck (backend) (pull_request) Successful in 2m3s

Details

Lint / typecheck (sw) (pull_request) Successful in 1m29s

Details

This pull request has changes conflicting with the target branch.

• CHANGELOG.md
• package.json
• packages/backend/scripts/check_connect.js
• packages/backend/src/core/HttpRequestService.ts
• packages/backend/src/core/WebAuthnService.ts
• packages/backend/src/core/activitypub/ApDbResolverService.ts
• packages/backend/src/core/activitypub/ApInboxService.ts
• packages/backend/src/core/activitypub/ApRequestService.ts
• packages/backend/src/core/activitypub/ApResolverService.ts
• packages/backend/src/core/activitypub/misc/check-against-url.ts

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin upstream-devel:upstream-devel

git checkout upstream-devel

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git checkout develop

git merge --no-ff upstream-devel

git checkout upstream-devel

git rebase develop

git checkout develop

git merge --ff-only upstream-devel

git checkout upstream-devel

git rebase develop

git checkout develop

git merge --no-ff upstream-devel

git checkout develop

git merge --squash upstream-devel

git checkout develop

git merge --ff-only upstream-devel

git checkout develop

git merge upstream-devel

git push origin develop

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: yume/yumechi-no-kuni#50

No description provided.