Merge 1ecf2b88dc into fbe9728f36

Bump version to v4.3.8 (#34626 )
Fix code style issue (#34624 )
2025-05-12 04:31:11 +00:00 · 2025-05-06 15:05:45 +00:00 · 2025-05-06 14:17:07 +00:00 · 2025-05-06 13:35:54 +00:00 · 2025-05-06 15:02:13 +02:00 · 2024-12-20 17:34:49 +01:00
10 changed files with 90 additions and 33 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,9 +2,34 @@
 All notable changes to this project will be documented in this file.
 ## [4.3.8] - 2025-05-06
 ### Security
 - Update dependencies
 - Check scheme on account, profile, and media URLs ([GHSA-x2rc-v5wx-g3m5](https://github.com/mastodon/mastodon/security/advisories/GHSA-x2rc-v5wx-g3m5))
 ### Added
 - Add warning for REDIS_NAMESPACE deprecation at startup (#34581 by @ClearlyClaire)
 - Add built-in context for interaction policies (#34574 by @ClearlyClaire)
 ### Changed
 - Change activity distribution error handling to skip retrying for deleted accounts (#33617 by @ClearlyClaire)
 ### Removed
 - Remove double-query for signed query strings (#34610 by @ClearlyClaire)
 ### Fixed
 - Fix incorrect redirect in response to unauthenticated API requests in limited federation mode (#34549 by @ClearlyClaire)
 - Fix sign-up e-mail confirmation page reloading on error or redirect (#34548 by @ClearlyClaire)
 ## [4.3.7] - 2025-04-02
-### Add
+### Added
 - Add delay to profile updates to debounce them (#34137 by @ClearlyClaire)
 - Add support for paginating partial collections in `SynchronizeFollowersService` (#34272 and #34277 by @ClearlyClaire)
--- a/app/javascript/mastodon/actions/importer/normalizer.js
+++ b/app/javascript/mastodon/actions/importer/normalizer.js
@ -77,6 +77,17 @@ export function normalizeStatus(status, normalOldStatus) {
    normalStatus.contentHtml  = emojify(normalStatus.content, emojiMap);
    normalStatus.spoilerHtml  = emojify(escapeTextContentForBrowser(spoilerText), emojiMap);
    normalStatus.hidden       = expandSpoilers ? false : spoilerText.length > 0 || normalStatus.sensitive;
    if (normalStatus.url && !(normalStatus.url.startsWith('http://') || normalStatus.url.startsWith('https://'))) {
      normalStatus.url = null;
    }
    normalStatus.url ||= normalStatus.uri;
    normalStatus.media_attachments.forEach(item => {
      if (item.remote_url && !(item.remote_url.startsWith('http://') || item.remote_url.startsWith('https://')))
        item.remote_url = null;
    });
  }
  if (normalOldStatus) {
--- a/app/javascript/mastodon/features/compose/components/search.tsx
+++ b/app/javascript/mastodon/features/compose/components/search.tsx
@ -497,19 +497,20 @@ export const Search: React.FC<{
            <div className='search__popout__menu'>
              {recentOptions.length > 0 ? (
                recentOptions.map(({ label, key, action, forget }, i) => (
-                  <button
+                  <div
                    key={key}
-                    onMouseDown={action}
+                    className='search__popout__menu__item search__popout__menu__item--flex'
                    className={classNames(
                      'search__popout__menu__item search__popout__menu__item--flex',
                      { selected: selectedOption === i },
                    )}
                  >
-                    <span>{label}</span>
+                    <button
                      onMouseDown={action}
                      className={classNames({ selected: selectedOption === i })}
                    >
                      <span>{label}</span>
                    </button>
                    <button className='icon-button' onMouseDown={forget}>
                      <Icon id='times' icon={CloseIcon} />
                    </button>
-                  </button>
+                  </div>
                ))
              ) : (
                <div className='search__popout__menu__message'>
--- a/app/javascript/mastodon/models/account.ts
+++ b/app/javascript/mastodon/models/account.ts
@ -144,5 +144,10 @@ export function createAccountFromServerJSON(serverJSON: ApiAccountJSON) {
    ),
    note_emojified: emojify(accountJSON.note, emojiMap),
    note_plain: unescapeHTML(accountJSON.note),
    url:
      accountJSON.url.startsWith('http://') ||
      accountJSON.url.startsWith('https://')
        ? accountJSON.url
        : accountJSON.uri,
  });
 }
--- a/app/javascript/styles/mastodon/components.scss
+++ b/app/javascript/styles/mastodon/components.scss
@ -5353,26 +5353,40 @@ a.status-card {
      &__item {
        display: block;
        box-sizing: border-box;
        width: 100%;
        border: 0;
        font: inherit;
        background: transparent;
        color: $darker-text-color;
        padding: 10px;
        cursor: pointer;
        border-radius: 4px;
        text-align: start;
        text-overflow: ellipsis;
        overflow: hidden;
        white-space: nowrap;
        &--flex {
          display: flex;
          justify-content: space-between;
        }
        &:is(button),
        button {
          flex: 1;
          box-sizing: border-box;
          border: 0;
          font: inherit;
          background: transparent;
          color: $darker-text-color;
          padding: 10px;
          cursor: pointer;
          text-align: start;
          text-overflow: ellipsis;
          overflow: hidden;
          white-space: nowrap;
          &:hover,
          &:focus,
          &:active,
          &.selected {
            color: $primary-text-color;
          }
        }
        .icon-button {
          flex: 0;
          padding: 10px 19px 10px 10px;
          transition: none;
        }
@ -5381,11 +5395,6 @@ a.status-card {
        &:active,
        &.selected {
          background: $ui-highlight-color;
          color: $primary-text-color;
          .icon-button {
            color: $primary-text-color;
          }
        }
        mark {
--- a/app/lib/activitypub/parser/media_attachment_parser.rb
+++ b/app/lib/activitypub/parser/media_attachment_parser.rb
@ -15,13 +15,15 @@ class ActivityPub::Parser::MediaAttachmentParser
  end
  def remote_url
-    Addressable::URI.parse(@json['url'])&.normalize&.to_s
+    url = Addressable::URI.parse(@json['url'])&.normalize&.to_s
    url unless unsupported_uri_scheme?(url)
  rescue Addressable::URI::InvalidURIError
    nil
  end
  def thumbnail_remote_url
-    Addressable::URI.parse(@json['icon'].is_a?(Hash) ? @json['icon']['url'] : @json['icon'])&.normalize&.to_s
+    url = Addressable::URI.parse(@json['icon'].is_a?(Hash) ? @json['icon']['url'] : @json['icon'])&.normalize&.to_s
    url unless unsupported_uri_scheme?(url)
  rescue Addressable::URI::InvalidURIError
    nil
  end
--- a/app/lib/activitypub/parser/status_parser.rb
+++ b/app/lib/activitypub/parser/status_parser.rb
@ -29,7 +29,10 @@ class ActivityPub::Parser::StatusParser
  end
  def url
-    url_to_href(@object['url'], 'text/html') if @object['url'].present?
+    return if @object['url'].blank?
    url = url_to_href(@object['url'], 'text/html')
    url unless unsupported_uri_scheme?(url)
  end
  def text
--- a/app/lib/activitypub/tag_manager.rb
+++ b/app/lib/activitypub/tag_manager.rb
@ -4,6 +4,7 @@ require 'singleton'
 class ActivityPub::TagManager
  include Singleton
  include JsonLdHelper
  include RoutingHelper
  CONTEXT = 'https://www.w3.org/ns/activitystreams'
@ -17,7 +18,7 @@ class ActivityPub::TagManager
  end
  def url_for(target)
-    return target.url if target.respond_to?(:local?) && !target.local?
+    return unsupported_uri_scheme?(target.url) ? nil : target.url if target.respond_to?(:local?) && !target.local?
    return unless target.respond_to?(:object_type)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -59,7 +59,7 @@ services:
  web:
    # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
    # build: .
-    image: ghcr.io/mastodon/mastodon:v4.3.7
+    image: ghcr.io/mastodon/mastodon:v4.3.8
    restart: always
    env_file: .env.production
    command: bundle exec puma -C config/puma.rb
@ -83,7 +83,7 @@ services:
    # build:
    #   dockerfile: ./streaming/Dockerfile
    #   context: .
-    image: ghcr.io/mastodon/mastodon-streaming:v4.3.7
+    image: ghcr.io/mastodon/mastodon-streaming:v4.3.8
    restart: always
    env_file: .env.production
    command: node ./streaming/index.js
@ -102,7 +102,7 @@ services:
  sidekiq:
    # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
    # build: .
-    image: ghcr.io/mastodon/mastodon:v4.3.7
+    image: ghcr.io/mastodon/mastodon:v4.3.8
    restart: always
    env_file: .env.production
    command: bundle exec sidekiq
--- a/lib/mastodon/version.rb
+++ b/lib/mastodon/version.rb
@ -17,7 +17,7 @@ module Mastodon
    end
    def default_prerelease
-      'alpha.4'
+      'alpha.5'
    end
    def prerelease
Author	SHA1	Message	Date
Christian Schmidt	d23bd80759	Merge `1ecf2b88dc` into `fbe9728f36`	2025-05-06 15:05:45 +00:00
Claire	fbe9728f36	Bump version to v4.3.8 (#34626 ) Some checks are pending Check i18n / check-i18n (push) Waiting to run Details CodeQL / Analyze (javascript) (push) Waiting to run Details CodeQL / Analyze (ruby) (push) Waiting to run Details Check formatting / lint (push) Waiting to run Details JavaScript Linting / lint (push) Waiting to run Details Ruby Linting / lint (push) Waiting to run Details JavaScript Testing / test (push) Waiting to run Details Historical data migration test / test (14-alpine) (push) Waiting to run Details Historical data migration test / test (15-alpine) (push) Waiting to run Details Historical data migration test / test (16-alpine) (push) Waiting to run Details Historical data migration test / test (17-alpine) (push) Waiting to run Details Ruby Testing / build (production) (push) Waiting to run Details Ruby Testing / build (test) (push) Waiting to run Details Ruby Testing / test (.ruby-version) (push) Blocked by required conditions Details Ruby Testing / test (3.2) (push) Blocked by required conditions Details Ruby Testing / test (3.3) (push) Blocked by required conditions Details Ruby Testing / Libvips tests (.ruby-version) (push) Blocked by required conditions Details Ruby Testing / Libvips tests (3.2) (push) Blocked by required conditions Details Ruby Testing / Libvips tests (3.3) (push) Blocked by required conditions Details Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions Details Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions Details Ruby Testing / End to End testing (3.3) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions Details Ruby Testing / Elastic Search integration testing (3.3, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions Details	2025-05-06 14:17:07 +00:00
Claire	3bbf3e9709	Fix code style issue (#34624 )	2025-05-06 13:35:54 +00:00
Claire	79931bf3ae	Merge commit from fork * Check scheme in account and post links * Harden media attachments * Client-side mitigation * Client-side mitigation for media attachments	2025-05-06 15:02:13 +02:00
Christian Schmidt	1ecf2b88dc	Lint	2024-12-20 17:34:49 +01:00
Christian Schmidt	ae5af957a1	Merge branch 'main' into search-warnings # Conflicts: # app/javascript/mastodon/features/compose/components/search.jsx # app/javascript/mastodon/features/explore/components/search_section.jsx	2024-12-20 17:03:36 +01:00
Christian Schmidt	3e1f11fa92	Pixel-perfect status quo	2024-11-21 21:32:39 +01:00
Christian Schmidt	5577bb5526	Merge branch 'main' into search-warnings	2024-10-31 23:38:06 +01:00
Christian Schmidt	12cc731a37	Avoid nested button	2024-09-28 17:18:19 +02:00
Christian Schmidt	7c3834a8c8	Invalid prop type	2024-09-28 16:16:14 +02:00