merge develop #51

Merged

yume merged 48 commits from develop into master 2024-12-23 02:42:42 -06:00

Conversation 0 Commits 48 Files changed 49 +587 -1371

yume commented 2024-12-23 02:41:24 -06:00

Owner

Copy link

What

Why

Additional info (optional)

Checklist

• Read the contribution guide
• Test working in a local environment
• (If needed) Add story of storybook
• (If needed) Update CHANGELOG.md
• (If possible) Add tests

<!-- ℹ お読みください / README PRありがとうございます！ PRを作成する前に、コントリビューションガイドをご確認ください: Thank you for your PR! Before creating a PR, please check the contribution guide: https://forge.yumechi.jp/yume/yumechi-no-kuni/src/branch/master/CONTRIBUTING.md --> ## What <!-- このPRで何をしたのか？ どう変わるのか？ --> <!-- What did you do with this PR? How will it change things? --> ## Why <!-- なぜそうするのか？ どういう意図なのか？ 何が困っているのか？ --> <!-- Why do you do it? What are your intentions? What is the problem? --> ## Additional info (optional) <!-- テスト観点など --> <!-- Test perspective, etc --> ## Checklist - [ ] Read the [contribution guide](https://forge.yumechi.jp/yume/yumechi-no-kuni/src/branch/master/CONTRIBUTING.md) - [ ] Test working in a local environment - [ ] (If needed) Add story of storybook - [ ] (If needed) Update CHANGELOG.md - [ ] (If possible) Add tests

yume added 48 commits 2024-12-23 02:41:24 -06:00

perf(frontend): reduce api requests for non-logged-in enviroment (#15001) ... f0c3a4cc0b

* wip

* Update CHANGELOG.md

* wip

Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) ... aa48a0e207

* fix(backend): renoteMute doesn't work for note notification

* docs(changelog): update changelog

New Crowdin updates (#15000) ... 1c284c8154

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (German)

Merge commit from fork ... 5f675201f2

* enhance: Add a few validation fixes from Sharkey

See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484

Co-Authored-By: Dakkar <dakkar@thenautilus.net>

* fix: primitive 2: acceptance of cross-origin alternate

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 3: validation of non-final url

* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities

* fix: primitives 5 & 8: reject activities with non
string identifiers

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 6: reject anonymous objects that were fetched by their id

* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections

* fix: code style for primitive 14

* fix: primitive 15: improper same-origin validation for
note uri and url

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 16: improper same-origin validation for user uri and url

* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

* fix: code style for primitive 17

* fix: check attribution against actor in notes

While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.

* fix: primitive 18: `ap/get` bypasses access checks

One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.

* fix: primitive 19 & 20: respect blocks and hide more

Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.

* fix: primitives 21, 22, and 23: reuse resolver

This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.

* fix: primitives 25-33: proper local instance checks

* revert: fix: primitive 19 & 20

This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.

---------

Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

Merge commit from fork ... b9cb949eb1

* Fix poll update spoofing

* fix: Disallow negative poll counts

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

Merge commit from fork ... 090e9392cd

* fix(backend): check target IP before sending HTTP request

* fix(backend): allow accessing private IP when testing

* Apply suggestions from code review

Co-authored-by: anatawa12 <anatawa12@icloud.com>

* fix(backend): lint and typecheck

* fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService)

* fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses

---------

Co-authored-by: anatawa12 <anatawa12@icloud.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

fix(backend): use atomic command to improve security ... 9fdabe3666

Co-Authored-By: Acid Chicken <root@acid-chicken.com>

fix ap/show 0f59adc436

fix(backend): fix security patches (#15008) 53e827b18c

fix(backend): fix type error(s) in security fixes (#15009) ... 3a6c2aa835

* Fix type error in security fixes

(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)

* Fix error in test function calls

(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)

* Fix style error

(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)

* Fix another style error

(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)

* Fix `.punyHost` misuse

(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)

* attempt to fix test: make yaml valid

---------

Co-authored-by: Julia Johannesen <julia@insertdomain.name>

fix(backend): fix apResolver (#15010) ... c1f19fad1e

* fix(backend): fix apResolver

* fix

* add comments

* tweak comment

Bump version to 2024.11.0-alpha.3 a21a2c52d7

Update CHANGELOG.md 9871035597

Update CHANGELOG.md 7f0ae038d4

Bump version to 2024.11.0-beta.4 752606fe88

ci: reset prerelease number on release (#15024) 1911972ae2

fix(backend): Inboxのエラーをthrowせずreturnしている問題を修正 (#15022) ... f25fc5215b

* fix exception handling for Like activities

(cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91)

* fix exception handling for Announce activities

(cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b)

* fix exception handling for Undo activities

* Update Changelog

---------

Co-authored-by: Hazelnoot <acomputerdog@gmail.com>

New Crowdin updates (#15027) ... 71bfa85986

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Simplified)

Release: 2024.11.0 551040ed0f

[skip ci] Update CHANGELOG.md (prepend template) 872cefcfb8

Update CHANGELOG.md (typo) 0e90589290

fix(backend): use atomic command to improve security 04b221409c

fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正 (#15042) ... d91a1be562

* fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正

* Update Changelog

* fix

Update CHANGELOG.md (書き方を揃える) 00301ed04f

fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する (#15033) ... a77ad7a16b

* fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する

* fix CHANGELOG.md

ci: do not run chromatic on fork repositories (#15041) ae1d0b08eb

fix(backend/misskey-js): タイポ修正 (#15046) d176db517f

fix(frontend): サーバードキュメントとMisskey関連リソースとの間にdividerが入らないことがある問題を修正 (#15044) ... eddf6a2319

* fix(frontend): サーバードキュメントとMisskey関連リソースとの間にdividerが入らないことがある問題を修正

* Update Changelog

fix(backend): 起動前の疎通チェックが機能しなくなっていた問題を修正 (#15043) ... a0e91b5882

* check harder for connectibility

`allSettled` does not throw if a promise is rejected, so
`check_connect` never actually failed

* Update Changelog

---------

Co-authored-by: dakkar <dakkar@thenautilus.net>

fix: unable to upload to local object storage (#15040) dd56623cde

Bump version to 2024.11.1-alpha.0 8076f78d06

Update about-misskey.vue fa271cf84e

Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop dac3b1f405

reduce metric cardinaility ... 8d10b6d846

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

fix(frontend): MiAuth認可画面のデザイン修正 (#15106) 020c191e2c

fix(frontend): 公開範囲がホームのノートの埋め込みウィジェットが読み込まれない問題を修正 (#15102) ... 074b7b0bee

* Resolve frontend/backend contradiction for home visibility embeds

This now uses the same check from `packages/frontend/src/scripts/get-note-menu.ts`

* Update Changelog

---------

Co-authored-by: CenTdemeern1 <timo.herngreen@gmail.com>

fix(frontend): ノートがログインしているユーザーしか見れない場合にログインをキャンセルした場合その後の動線がなくなる問題を修正 (#15101) ... e8bf6285cb

* fix(frontend): ノートがログインしているユーザーしか見れない場合にログインをキャンセルすると一切の処理が停止する問題を修正

* Update Changelog

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

defensive programming before reaction insert ... 54d38f029f

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

misskey-js: APIClientにURL末尾の/を除去する処理を追加 (#15132) 234d91a884

enhance(frontend): PC画面でチャンネルが複数列で表示されるように (#15129) ... 5a2b29a3b4

* チャンネル一覧の列を最大3列にした (Otaku-Social#13)

* fix

* fix

* fix

* 🎨

* fix

* 🎨

* Update Changelog

* Update Changelog

* 要らない_marginを消す

---------

Co-authored-by: tmorio <morikapusan@morikapu-denki.com>

fix(frontend): 絵文字管理画面で絵文字が表示されないことがある問題を修正 (#15128) ... 3e0fcaeca8

* fix(frontend): 絵文字管理画面で絵文字が表示されないことがある問題を修正

* Update Changelog

* optimize

fix(frontend): serverContextの型エラーを修正 (#15131) ... 0804092426

* fix(frontend): serverContextの型エラーを修正

* add comment

enhance(frontend): 照会の際にエラーを表示するように (#15147) ... f123be38b9

* enhance: 照会の失敗理由を表示するように

* Update Changelog

* fix

* fix test

* lookupErrors-> remoteLookupErrors

fix(frontend): serverContextの値を利用する条件が間違っていたのを修正 (#15166) 3c81926f71

Merge branch 'upstream-devel' into develop ... a83d13c143

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

Remove nsfwjs ... fb68389b7e

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

Revert check_connect ... 81890283f0

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

fixup! Remove nsfwjs 34f35e0bb2

yume merged commit e535558449 into master 2024-12-23 02:42:42 -06:00

yume referenced this pull request from a commit 2024-12-23 02:42:44 -06:00

Merge pull request 'merge develop' (#51) from develop into master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: yume/yumechi-no-kuni#51

No description provided.