Use codeblock for native redirect URI (#12570)

This commit changes how doorkeeper.applications.help.native_redirect_uri
string is being formatted to use <code> tag for native_redirect_uri
placeholder. This makes the URI look more distinguishable.

Fix error handling in `tootctl media remove-orphans` (#12571)

Add `tootctl media remove-orphans` (#12568)

Fix generic HTTP 500 error on duplicate records (#12563)

Fix #12551
Fix #12547

Fix account search with no query (#12549)

* Fix account search with no query

Modeled after #12541. Fix #12548

* fix codeclimate

[Security] Bump puma from 4.2.0 to 4.3.1 (#12559)

Bumps [puma](https://github.com/puma/puma) from 4.2.0 to 4.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.2.0...v4.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Highlight border when focusing poll-form footer (#12544)

Fix media open hotkey (#12546)

Remove some duplicate methods from StatusHelper and reflect changes to AccountHelper (#12545)

Add basic support for group actors (#12071)

* Show badge on group actor in WebUI

* Do not notify in case of  by following group actor

* If you mention group actor, also mention group actor followers

* Relax characters that can be used in username (same as Application)

* Revert "Relax characters that can be used in username (same as Application)"

This reverts commit 7e10a137b878d0db1b5252c52106faef5e09ca4b.

* Delete display_name method

upgrade/replace websocket.js to @gamestdio/websocket v2 (#12543)

* Update stream.js

* Update package.json

* Update yarn.lock

Co-authored-by: hina <hina@hinaloe.net>

Fix old migration failing with new status default scope (#12493)

Fix error when using search API with no query (#12541)

Fix #12462

Return `discoverable` via REST API (fix #12507) (#12508)

Fix poll options not being selectable via keyboard (#12538)

* Fix poll options not being selectable via keyboard

Fixes #12384

* Improve styling of poll option checkboxes/radio buttons

* Use more appropriate ARIA roles for poll options

* Allow switching between single and multiple choice from keyboard

* Coding style

* Avoid using .bind()

add S3_OPEN_TIMEOUT environment variable (#12459)

Move rspec examples to tmp dir (#12539)

Bump faker from 2.7.0 to 2.8.0 (#12531)

Bumps [faker](https://github.com/faker-ruby/faker) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.7.0...v2.8.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump brakeman from 4.7.1 to 4.7.2 (#12530)

Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.7.1 to 4.7.2.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/master/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v4.7.1...v4.7.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump autoprefixer from 9.6.1 to 9.7.3 (#12519)

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.6.1 to 9.7.3.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.6.1...9.7.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Update ESLint and RuboCop in Code Climate (#12534)

Fix blocking/unblocking users from status dropdown menu (#12535)

Fixes #12511

Bump eslint-plugin-react from 7.16.0 to 7.17.0 (#12524)

Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.16.0 to 7.17.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.16.0...v7.17.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump blurhash from 1.0.0 to 1.1.3 (#12411)

Bumps [blurhash](https://github.com/woltapp/blurhash) from 1.0.0 to 1.1.3.
- [Release notes](https://github.com/woltapp/blurhash/releases)
- [Commits](https://github.com/woltapp/blurhash/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump aws-sdk-s3 from 1.55.0 to 1.57.0 (#12528)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.55.0 to 1.57.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.55.0...v1.57.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump arrow-key-navigation from 1.0.2 to 1.1.0 (#12523)

Bumps [arrow-key-navigation](https://github.com/nolanlawson/arrow-key-navigation) from 1.0.2 to 1.1.0.
- [Release notes](https://github.com/nolanlawson/arrow-key-navigation/releases)
- [Commits](https://github.com/nolanlawson/arrow-key-navigation/compare/v1.0.2...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump tty-prompt from 0.19.0 to 0.20.0 (#12529)

Bumps [tty-prompt](https://github.com/piotrmurach/tty-prompt) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/piotrmurach/tty-prompt/releases)
- [Changelog](https://github.com/piotrmurach/tty-prompt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/piotrmurach/tty-prompt/compare/v0.19.0...v0.20.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump rubocop-rails from 2.3.2 to 2.4.0 (#12532)

Bumps [rubocop-rails](https://github.com/rubocop-hq/rubocop-rails) from 2.3.2 to 2.4.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rails/compare/v2.3.2...v2.4.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump fabrication from 2.20.2 to 2.21.0 (#12527)

Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.20.2 to 2.21.0.
- [Release notes](https://github.com/paulelliott/fabrication/releases)
- [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown)
- [Commits](https://github.com/paulelliott/fabrication/compare/2.20.2...2.21.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump rails-ujs from 5.2.3 to 5.2.4 (#12526)

Bumps [rails-ujs](https://github.com/rails/rails) from 5.2.3 to 5.2.4.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v5.2.3...v5.2.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump eslint from 6.5.1 to 6.7.2 (#12522)

Bumps [eslint](https://github.com/eslint/eslint) from 6.5.1 to 6.7.2.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v6.5.1...v6.7.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Fix notifications label (#12517)

* Fix translations not being displayed

* ran `yarn manage:translations en`

Remove unnecessary dependencies (#12533)

Link to reports targetting instance in admin view (#12513)

:sparkles: Add an LDAP Mail attribute config (#12053)

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

Add follow_request notification type (#12198)

* Add follow_request notification type

The notification type already existed in the backend but was never pushed
to the front-end. This also means translation strings were also available
for the backend, from the notification mailer.

Unlike other notification types, these are off by default, to match what
I remember of Gargron's view on the topic: that follow requests should not
clutter notifications and should instead be reviewed at the user's own
leisure in the dedicated column.

Since follow requests have their own column, I've deemed it unnecessary to
add a specific tab for them in the notification quick filter.

* Show follow request link in single-column if there are pending requests, even if account isn't locked

* Push follow requests from notifications to the follow_requests list

* Offer to accept or reject follow request from the notification

* Redesign follow request notification

Only normalize local polls (#12515)

Before this patch, if remote poll options have leading or trailing spaces,
the information stored locally won't match them, causing federated voting to
fail.

:sparkles: Convert LDAP username (#12461)

* :sparkles: Convert LDAP username #12021

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :bug: Fix conversion var use

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :bug: Fix LDAP uid conversion test

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :ok_hand: Remove comments with ref to PR

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :ok_hand: Remove unnecessary paranthesis

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
* :wrench: Move space in conversion string

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

Split relationships page strings (#12502)

Before this moment relationships managing page was using strings from
other context - from counters, but in order for translators to be able
to translate it relatively to the page, it must use separate strings.

I've split the strings for "Following" and "Followers" and put them to
"relationships" keyset in localization file. This should solve this
issue.

Fixes #10863

Fix conversations not having an unread indicator in web UI (#12506)

Fallback to Create audience when object has no defined audience (#12249)

Fixes #11137

Add ability to filter reports by target account domain (#12154)

* Add ability to filter reports by target account domain

* Reword by_target_domain label

LDAP & PAM added to OAuth password grant strategy (#7999) (#12390)

When authenticating via OAuth, the resource owner password grant
strategy is allowed by Mastodon, but (without this PR), it does not
attempt to authenticate against LDAP or PAM. As a result, LDAP or PAM
authenticated users cannot sign in to Mastodon with their
email/password credentials via OAuth (for instance, for native/mobile
app users).

This PR fleshes out the authentication strategy supplied to doorkeeper
in its initializer by looking up the user with LDAP and/or PAM when
devise is configured to use LDAP/PAM backends. It attempts to follow the
same logic as the Auth::SessionsController for handling email/password
credentials.

Note #1: Since this pull request affects an initializer, it's unclear
how to add test automation.

Note #2: The PAM authentication path has not been manually tested. It
was added for completeness sake, and it is hoped that it can be manually
tested before merging.

Fix lost focus when modals open/close (#12437)

* Fix lost focus after modal closes

Regression caused by the use of the wicg-inert polyfill

* Fix regression introduced by wicg-inert

* Catch errors to please CodeClimate

Fix counter sizing (#12446)

Counter size is currently set to strict 33.3% width, but with it
counter may break in other languages than English. For example it is
already broken on Gargron's profile on mastodon.social using Russian
locale.

This commit changes "width" to "min-width", so counters still displayed
correctly, but if they need more width to fit text, they are now allowed
to take as many width as they need.

Updated NodeJS in Dockerfile (#12492)

Improve notifications page (#12497)

Currently notifications page seems a bit cluttered with no clear
separation between e-mail and filtering settings. This commit tries to
address them by adding clear separation with headers, hints and removing
continuously reused texts for events checkboxes.

Add hotkey for opening media files (#12498)

* [WiP] Add hotkey to open media

* Give focus to play/pause button when opening video modal

Fix pending upload count not being decremented on error (#12499)

The arguments were passed to the wrong function… also, there is no
need to have a conditional decrementation: failure to upload means
we marked an upload as pending, in all cases.

Fix n+1 query for bookmarks on statuses (#12494)

Fix proofs API being inaccessible in secure mode (#12495)

Bump net-ldap from 0.16.1 to 0.16.2 (#12479)

Bumps [net-ldap](https://github.com/ruby-ldap/ruby-net-ldap) from 0.16.1 to 0.16.2.
- [Release notes](https://github.com/ruby-ldap/ruby-net-ldap/releases)
- [Changelog](https://github.com/ruby-ldap/ruby-net-ldap/blob/master/History.rdoc)
- [Commits](https://github.com/ruby-ldap/ruby-net-ldap/compare/v0.16.1...v0.16.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump parallel from 1.18.0 to 1.19.1 (#12475)

Bumps [parallel](https://github.com/grosser/parallel) from 1.18.0 to 1.19.1.
- [Release notes](https://github.com/grosser/parallel/releases)
- [Commits](https://github.com/grosser/parallel/compare/v1.18.0...v1.19.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Use override_csp options on pghero (#12489)

Bump browser from 2.6.1 to 2.7.1 (#12490)

Bumps [browser](https://github.com/fnando/browser) from 2.6.1 to 2.7.1.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v2.6.1...v2.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/plugin-transform-react-inline-elements from 7.2.0 to 7.7.4 (#12467)

Bumps [@babel/plugin-transform-react-inline-elements](https://github.com/babel/babel) from 7.2.0 to 7.7.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.2.0...v7.7.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/preset-env from 7.7.1 to 7.7.4 (#12471)

Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.7.1 to 7.7.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.7.1...v7.7.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump rack-cors from 1.0.6 to 1.1.0 (#12477)

Bumps [rack-cors](https://github.com/cyu/rack-cors) from 1.0.6 to 1.1.0.
- [Release notes](https://github.com/cyu/rack-cors/releases)
- [Changelog](https://github.com/cyu/rack-cors/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cyu/rack-cors/compare/v1.0.6...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump browser from 2.6.1 to 2.7.0 (#12476)

Bumps [browser](https://github.com/fnando/browser) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v2.6.1...v2.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump charlock_holmes from 0.7.6 to 0.7.7 (#12474)

Bumps [charlock_holmes](https://github.com/brianmario/charlock_holmes) from 0.7.6 to 0.7.7.
- [Release notes](https://github.com/brianmario/charlock_holmes/releases)
- [Commits](https://github.com/brianmario/charlock_holmes/compare/0.7.6...v0.7.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/plugin-transform-react-jsx-self from 7.2.0 to 7.7.4 (#12466)

Bumps [@babel/plugin-transform-react-jsx-self](https://github.com/babel/babel) from 7.2.0 to 7.7.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.2.0...v7.7.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/plugin-syntax-dynamic-import from 7.2.0 to 7.7.4 (#12469)

Bumps [@babel/plugin-syntax-dynamic-import](https://github.com/babel/babel) from 7.2.0 to 7.7.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.2.0...v7.7.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/runtime from 7.7.2 to 7.7.4 (#12472)

Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.7.2 to 7.7.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.7.4/packages/babel-runtime)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/plugin-transform-runtime from 7.5.5 to 7.7.4 (#12473)

Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel) from 7.5.5 to 7.7.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.5.5...v7.7.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump pghero from 2.3.0 to 2.4.1 (#12478)

Bumps [pghero](https://github.com/ankane/pghero) from 2.3.0 to 2.4.1.
- [Release notes](https://github.com/ankane/pghero/releases)
- [Changelog](https://github.com/ankane/pghero/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/pghero/compare/v2.3.0...v2.4.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Fix empty poll options not being filtered on remote poll update (#12484)

If a poll contains empty options (which is apparently possible on Pleroma),
it is created without them. However, the poll update code doesn't filter
empty options, and thus:
1. Clear known votes, as it assumes the set of options has changed
2. Errors out because it tries adding empty options, which fails validation

This commit fixes that by filtering them out the same way they are filtered
out at poll creation time.

Fix OCR with delete & redraft (#12465)

Revert "Bump tesseract.js from 2.0.0-alpha.16 to 2.0.0-beta.2 (#12311)" (#12454)

This reverts commit 0c204426050071c7f0e1205f1526b091e8408d5a.

Fix an eslint warning (#12426)

Fix blur behind closed registration message (#12442)

* Fix closed registration message blur

* Adjust overlay margins to account for blur

Fixes #12425

Fix OEmbed discovery not handling different URL variants in query (#12439)

Fix #12433

Simplify SQL query when performing account search amongst followings (#12302)

Fix FetchLinkCardServices crashing on a tags without a target (#12159)

* Add test for links without targets

* Fix FetchLinkCardServices crashing on a tags without a target

Change media description label to be context-sensitive (#12270)

“Describe for the visually impaired” makes no sense when the uploaded media
is an audio file.

Change domain block behavior to update user records before deleting data (#12247)

When suspending or silencing a domain, one probably wants the silence or
suspend parts to take effect as soon as possible. Deleting media files can
take a while (possibly days), so perform silencing as soon as possible, and
clean up media afterwards.

Fix whitelist federation for subdomains (#12435)

Bump webpacker from 4.0.7 to 4.2.0 (#12416)

* Bump webpacker from 4.0.7 to 4.2.0

Bumps [webpacker](https://github.com/rails/webpacker) from 4.0.7 to 4.2.0.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v4.0.7...v4.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Use NODE_ENV=tests instead of test, to work around async modules not having a chunk

Fix account dropdown not opening due to regression from #12377 (#12430)

Bump react-dom from 16.11.0 to 16.12.0 (#12415)

Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 16.11.0 to 16.12.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.12.0/packages/react-dom)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Add relationship-based options to status dropdowns (#12377)

Move bookmark action in inline statuses from action bar to dropdown

Store rspec statuses in .cache/rspec (#12427)

This allows using rspec with `--only-failures`

Bump glob from 7.1.5 to 7.1.6 (#12413)

Bumps [glob](https://github.com/isaacs/node-glob) from 7.1.5 to 7.1.6.
- [Release notes](https://github.com/isaacs/node-glob/releases)
- [Changelog](https://github.com/isaacs/node-glob/blob/master/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v7.1.5...v7.1.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump babel-plugin-preval from 3.0.1 to 4.0.0 (#12414)

Bumps [babel-plugin-preval](https://github.com/kentcdodds/babel-plugin-preval) from 3.0.1 to 4.0.0.
- [Release notes](https://github.com/kentcdodds/babel-plugin-preval/releases)
- [Changelog](https://github.com/kentcdodds/babel-plugin-preval/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/babel-plugin-preval/compare/v3.0.1...v4.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump aws-sdk-s3 from 1.52.0 to 1.55.0 (#12419)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.52.0 to 1.55.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.52.0...v1.55.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump derailed_benchmarks from 1.4.1 to 1.4.2 (#12418)

Bumps [derailed_benchmarks](https://github.com/schneems/derailed_benchmarks) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/schneems/derailed_benchmarks/releases)
- [Changelog](https://github.com/schneems/derailed_benchmarks/blob/master/CHANGELOG.md)
- [Commits](https://github.com/schneems/derailed_benchmarks/compare/v1.4.1...v1.4.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump react-textarea-autosize from 7.1.0 to 7.1.2 (#12412)

Bumps [react-textarea-autosize](https://github.com/andreypopp/react-textarea-autosize) from 7.1.0 to 7.1.2.
- [Release notes](https://github.com/andreypopp/react-textarea-autosize/releases)
- [Commits](https://github.com/andreypopp/react-textarea-autosize/compare/v7.1.0...v7.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump httplog from 1.3.2 to 1.3.3 (#12420)

Bumps [httplog](https://github.com/trusche/httplog) from 1.3.2 to 1.3.3.
- [Release notes](https://github.com/trusche/httplog/releases)
- [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md)
- [Commits](https://github.com/trusche/httplog/compare/v1.3.2...v1.3.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump rack-attack from 6.1.0 to 6.2.1 (#12421)

Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 6.1.0 to 6.2.1.
- [Release notes](https://github.com/kickstarter/rack-attack/releases)
- [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kickstarter/rack-attack/compare/v6.1.0...v6.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/preset-react from 7.6.3 to 7.7.0 (#12410)

Bumps [@babel/preset-react](https://github.com/babel/babel) from 7.6.3 to 7.7.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.6.3...v7.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump doorkeeper from 5.2.1 to 5.2.2 (#12417)

Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.2.1...v5.2.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump copy-webpack-plugin from 5.0.4 to 5.0.5 (#12408)

Bumps [copy-webpack-plugin](https://github.com/webpack-contrib/copy-webpack-plugin) from 5.0.4 to 5.0.5.
- [Release notes](https://github.com/webpack-contrib/copy-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/copy-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/copy-webpack-plugin/compare/v5.0.4...v5.0.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump react-select from 3.0.5 to 3.0.8 (#12407)

Bumps [react-select](https://github.com/JedWatson/react-select) from 3.0.5 to 3.0.8.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/.sweet-changelogs.js)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.0.5...react-select@3.0.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

[Security] Bump nokogiri from 1.10.4 to 1.10.5 (#12404)

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.5. **This update includes a security fix.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Add cache for OEmbed endpoints to avoid extra HTTP requests (#12403)

* add youtube oembed endpoint

* add check for oembed endpoint

* change unless for a more readable if

* clear blank lines

* endpoint via https

* Fix string literal in condition

* use cache for endpoints

* use cache for endpoints

* clean up and adding check

* clean up and remove redundant return

* add html check

* add false to return

* use double quotes

* use double quotes

* Clean up

Support min_id-based pagination for bookmarks (#12381)

* Support min_id-based pagination for bookmarks

* Fix spec

Edit CONTRIBUTING.md (#12401)

Edited to improve clarity, concision, and assertiveness

make it not return http 400 when passing and empty source argument (#12259)

* make it not return http 400 when passing and empty source argument

* create a spec for the empty source hash bug

* compact checks for nil, empty? parameters

* use nil.blank? instead checking for nil

[Security] Bump rack-cors from 1.0.3 to 1.0.6 (#12395)

Bumps [rack-cors](https://github.com/cyu/rack-cors) from 1.0.3 to 1.0.6. **This update includes a security fix.**
- [Release notes](https://github.com/cyu/rack-cors/releases)
- [Changelog](https://github.com/cyu/rack-cors/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Fix inconsistent interpolations test by ignoring single plural keys (#12394)

Fix localization test failing due to order of locale definitions (#12393)