Bump aws-sdk-s3 from 1.60.1 to 1.61.1 (#13306)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.60.1 to 1.61.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump discard from 1.1.0 to 1.2.0 (#13308)

Bumps [discard](https://github.com/jhawthorn/discard) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/jhawthorn/discard/releases)
- [Changelog](https://github.com/jhawthorn/discard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jhawthorn/discard/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump rspec-rails from 3.9.0 to 3.9.1 (#13305)

Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.9.0...v3.9.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump simplecov from 0.18.2 to 0.18.5 (#13310)

Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.18.2 to 0.18.5.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.18.2...v0.18.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump i18n-tasks from 0.9.30 to 0.9.31 (#13304)

Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.30 to 0.9.31.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.30...v0.9.31)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump browser from 3.0.3 to 4.0.0 (#13307)

Bumps [browser](https://github.com/fnando/browser) from 3.0.3 to 4.0.0.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v3.0.3...v4.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Fix media not being marked sensitive when client sets a CW but no text (#13277)

Mastodon enforces the “sensitive” flag on media attachments whenever a toot
is posted with a Content Warning. However, it does so *after* potentially
converting the Content Warning to toot text (when there is no toot text),
which leads to inconsistent and surprising behavior for API clients.
This commit fixes this inconsistency.

Fix frontend crash when deleting announcements (#13312)

Refactor and fix #13283, which only worked in some cases.

Change poll option hover/active styling to be less confusing (#13313)

Bump sidekiq-unique-jobs from 6.0.18 to 6.0.20 (#13294)

Fix bookmarks also searchable (#13293)

Bump sidekiq from 5.2.7 to 6.0.4 (#11727)

* Bump sidekiq from 5.2.7 to 6.0.0

Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Sidekiq::Logger.logger -> Sidekiq.logger

* Drop support Ruby 2.4

* update

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

[Security] Bump omniauth from 1.9.0 to 1.9.1 (#13229)

Bumps [omniauth](https://github.com/omniauth/omniauth) from 1.9.0 to 1.9.1. **This update includes a security fix.**
- [Release notes](https://github.com/omniauth/omniauth/releases)
- [Commits](https://github.com/omniauth/omniauth/compare/v1.9.0...v1.9.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Migrate Rails ujs as required for Rails 6 Upgrade. (#13280)

* Update yarn.lock

* Update package.json

* Update public.js

* Update admin.js

* Update log_out.js

* Update common.js

Add link to bookmarks in web UI dropdown (#13273)

Make bookmarks also searchable (#13271)

Fix frontend crash when deleting announcements (#13283)

This two-line change fixes a crash in the front end that occurred
under the following circumstances:
 *  A server had more than one announcement,
 *  A user was displaying the announcements, and
 *  An announcement was deleted (or unpublished, which amounts to
    the same thing.)

As might be expected, the bug was caused by attempting to access a
notification using an index value outside the bounds of the existing
announcements.  Specifically, in two places.  First,
`_markAnnouncementAsRead` attempts to modify announcements based on
the current index.  This is what caused the front end crash.  Second,
when rendering the `Announcements` component, the code paginates the
announcements and displays the current one.  This did not cause a
crash, but caused the front end to confusingly display a blank
announcement (in situations that would have caused a crash) with no
way for the user to navigate back to previous announcements.

This commit fixes both issues by adding a check to ensure that the
code never attempts to access an announcement with an index greater
than or equal to the number of announcements present.

Decommission support for Ruby 2.4 (#13287)

* Update Gemfile

* Update README.md

Fix reported accounts not being whitelisted when resolving a spamcheck report (#13289)

Bump capistrano from 3.11.2 to 3.12.1 (#13264)

* Bump capistrano from 3.11.2 to 3.12.1

Bumps [capistrano](https://github.com/capistrano/capistrano) from 3.11.2 to 3.12.1.
- [Release notes](https://github.com/capistrano/capistrano/releases)
- [Commits](https://github.com/capistrano/capistrano/compare/v3.11.2...v3.12.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Bump capistrano from 3.11.2 to 3.12.1

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Bump webmock from 3.8.0 to 3.8.3 (#13265)

Bumps [webmock](https://github.com/bblimke/webmock) from 3.8.0 to 3.8.3.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.8.0...v3.8.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump sidekiq-scheduler from 3.0.0 to 3.0.1 (#13233)

Bumps [sidekiq-scheduler](https://github.com/moove-it/sidekiq-scheduler) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/moove-it/sidekiq-scheduler/releases)
- [Commits](https://github.com/moove-it/sidekiq-scheduler/compare/v3.0.0...v3.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump simple_form from 5.0.1 to 5.0.2 (#13231)

Bumps [simple_form](https://github.com/plataformatec/simple_form) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/plataformatec/simple_form/releases)
- [Changelog](https://github.com/heartcombo/simple_form/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/simple_form/compare/v5.0.1...v5.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump json-ld from 3.1.0 to 3.1.1 (#13230)

Bumps [json-ld](https://github.com/ruby-rdf/json-ld) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld/releases)
- [Commits](https://github.com/ruby-rdf/json-ld/compare/3.1.0...3.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump redis from 2.8.0 to 3.0.2 (#13102)

Bumps [redis](https://github.com/NodeRedis/node-redis) from 2.8.0 to 3.0.2.
- [Release notes](https://github.com/NodeRedis/node-redis/releases)
- [Changelog](https://github.com/NodeRedis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NodeRedis/node-redis/compare/v.2.8.0...v3.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump mkdirp from 0.5.1 to 1.0.3 (#12979)

Bumps [mkdirp](https://github.com/isaacs/node-mkdirp) from 0.5.1 to 1.0.3.
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/commits/v1.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump sass from 1.25.0 to 1.26.3 (#13263)

Bumps [sass](https://github.com/sass/dart-sass) from 1.25.0 to 1.26.3.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.25.0...1.26.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump react-test-renderer from 16.12.0 to 16.13.0 (#13260)

Bumps [react-test-renderer](https://github.com/facebook/react/tree/HEAD/packages/react-test-renderer) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-test-renderer)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump react-dom from 16.12.0 to 16.13.0 (#13181)

Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 16.12.0 to 16.13.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v16.13.0/packages/react-dom)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump babel-jest from 24.9.0 to 25.1.0 (#12973)

Bumps [babel-jest](https://github.com/facebook/jest/tree/HEAD/packages/babel-jest) from 24.9.0 to 25.1.0.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v25.1.0/packages/babel-jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump react-immutable-proptypes from 2.1.0 to 2.2.0 (#13259)

Bumps [react-immutable-proptypes](https://github.com/HurricaneJames/react-immutable-proptypes) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/HurricaneJames/react-immutable-proptypes/releases)
- [Changelog](https://github.com/HurricaneJames/react-immutable-proptypes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/HurricaneJames/react-immutable-proptypes/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Fix WebUI crash in single-column mode on prehistoric browsers (#13267)

Fixes #13266

Fix some timeouts when searching URLs by limiting some database queries (#13253)

Only look up private toots from database if the request failed because of 401,
403 or 404 errors, as those may indicate a private toot, rather than something
that isn't a toot or cannot be processed.

Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)

* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains

Add titles to warning presets in admin UI (#13252)

Fix detailed view of direct messages displaying a 0 boost count (#13244)

The boost count is already removed from private toots,
do the same with direct messages.

[Security] Bump Node.js from 12.14.0 to 12.16.1 in Docker (#13235)

* Update Dockerfile

* Update Dockerfile

Fix regression in “Edit media” modal in web UI (#13243)

Fix videos with unsupported colorspace not being transcoded (#13242)

Fix MP4 (H264 + AAC) video files being needlessly re-encoded (#13239)

Bump eslint-plugin-react from 7.17.0 to 7.19.0 (#13224)

Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.17.0 to 7.19.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.17.0...v7.19.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump cross-env from 6.0.3 to 7.0.2 (#13228)

Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 6.0.3 to 7.0.2.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/cross-env/compare/v6.0.3...v7.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump wicg-inert from 3.0.0 to 3.0.2 (#13226)

Bumps [wicg-inert](https://github.com/WICG/inert) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/WICG/inert/releases)
- [Commits](https://github.com/WICG/inert/compare/v3.0.0...v3.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Bump file-loader from 5.0.2 to 5.1.0 (#13225)

Bumps [file-loader](https://github.com/webpack-contrib/file-loader) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/webpack-contrib/file-loader/releases)
- [Changelog](https://github.com/webpack-contrib/file-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/file-loader/compare/v5.0.2...v5.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Change the string "hidden" to "blocked" in WebUI (#13221)

* Change the string "hidden" to "blocked" in WebUI.

* update

Change video uploads to always be converted to H264/MP4 (#13220)

Even if the container format is the same (.mp4), the codec could
be different and not playable in web browsers

Change video uploads to enforce certain limits (#13218)

- Dimensions at most 1920x1200
- Frame rate at most 60

Bump cld3 from 3.2.6 to 3.3.0 (#13107)

* Bump cld3 from 3.2.6 to 3.3.0

Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.2.6 to 3.3.0.
- [Release notes](https://github.com/akihikodaki/cld3-ruby/releases)
- [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.2.6...v3.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix compatibility with cld3 3.3.0

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

Add federation support for the "hide network" preference (#11673)

* Change ActivityPub follower/following collections to not link first page

* Add support for hiding followers and following of remote users

* Switch to using a single `hide_collections` column

* Address code style remarks

Change local media attachments to perform heavy processing asynchronously (#13210)

Fix #9106

Bump doorkeeper from 5.2.3 to 5.3.1 (#13144)

Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.2.3 to 5.3.1.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.2.3...v.5.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Fix public posts from silenced accounts not being changed to unlisted visibility (#13096)

Add support for links to statuses in announcements to be opened in web UI (#13212)

* Add support for links to public statuses in announcements to be opened in WebUI

* Please CodeClimate

Change the tooltip "Toggle visibility" to "Hide media" in web UI (#13199)

Change wording of media display preferences to be more intuitive (#13198)

Update nginx.conf (#13066)

Add submit button to the top of preferences pages (#13068)

* Move submit button to the top of the edit page

* Duplicate save button on long form

* Fix click submit on profile spec

Code style improvements in JavaScript (#13159)

* JS-linter: fix trailing comma's

* Configure eslinter to ignore this onchange error.

Add `--skip-media-remove` option to `tootctl statuses remove` (#13080)

* Add skip_media_remove option to tootctl statuses remove

* Add skip_media_remove option to tootctl statuses remove

Co-authored-by: tateisu <tateisu@juggler.jp>

Add ability to delete files uploaded for settings in admin UI (#13192)

* Allow deleting site uploads

* Refactor and move links into hints

* Fix i18n tests

* Fix HTML output of site_upload_delete_hint

Change description of privacy levels to be more intuitive in web UI (#13197)

* Improve description of privacy levels in compose interface

* Change strings in defaultMessage and source as well as english

Co-authored-by: Thibaut Girka <thib@sitedethib.com>

Set BUNDLE_PATH in CircleCI (#13214)

Fix error when searching for URLs that contain the mention syntax (#13151)

Fixes #13150

Add sorting by username, creation and last activity in moderation view (#13076)

* Add ability to order accounts in moderation view

* Display last status date in “Most recent activity” for remote users

Fix text area above/right of emoji picker being accidentally clickable in web UI (#13148)

Add specific rate limits for posting and following (#13172)

Fix too large announcements not being scrollable in web UI (#13211)

Change GIF label to be displayed even when autoplay is enabled in web UI (#13209)

Remove useless `respond_to` calls (#13208)

Change the string "Hide everything from …" to "Block domain …" in web UI (#13178)

Blocking a domain is closer to blocking all its users than to a mute
action.

Fix "tootctl media remove-orphans" crashing when encountering invalid media (#13170)

Fixes #13168

Add tooltips to audio/video player buttons (#13203)

Bump @babel/runtime from 7.8.3 to 7.8.4 (#13183)

Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.8.3 to 7.8.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.8.4/packages/babel-runtime)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump webpack-dev-server from 3.10.1 to 3.10.3 (#13184)

Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v3.10.1...v3.10.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/core from 7.8.4 to 7.8.6 (#13185)

Bumps [@babel/core](https://github.com/babel/babel) from 7.8.4 to 7.8.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.4...v7.8.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump json-ld-preloaded from 3.1.0 to 3.1.1 (#13143)

Bumps [json-ld-preloaded](https://github.com/ruby-rdf/json-ld-preloaded) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby-rdf/json-ld-preloaded/releases)
- [Commits](https://github.com/ruby-rdf/json-ld-preloaded/compare/3.1.0...3.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump oj from 3.10.1 to 3.10.3 (#13187)

Bumps [oj](https://github.com/ohler55/oj) from 3.10.1 to 3.10.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.1...v3.10.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump strong_migrations from 0.5.1 to 0.6.2 (#13071)

Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.5.1 to 0.6.2.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.5.1...v0.6.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump puma from 4.3.2 to 4.3.3 (#13177)

This fixes cookies and devise authentication being broken as a result of
upgrading to puma 4.3.2, see https://github.com/puma/puma/issues/2132

Fix elasticsearch-api and faraday incompatibilities (#13166)

Fix installation failing when Redis password contains special characters (#13156)

* Add support for special characters in Redis passwords

Fixes #13154

* Refactor

[Security] Bump puma from 4.3.1 to 4.3.2 (#13167)

Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Fix announcements with fully-qualified mention to local user crashing WebUI (#13164)

Bump version to 3.1.2 (#13162)

Fix leak of arbitrary statuses through unfavourite action in REST API (#13161)

Fix dismissing an announcement twice raising an obscure error (#13124)

Fix misleading error when attempting to re-send a pending follow request (#13133)

Fixes #13131

Fix backups failing when files are missing from media attachments (#13146)

Fixes #13123

Fix duplicate accounts being created when fetching an account for its key only (#13147)

Fixes #13136

When a user's canonical acct domain is different from its id's domain
(WEB_DOMAIN ≠ LOCAL_DOMAIN), two webfinger queries are required to find the
canonical domain from the URI. However, we skip webfinger queries when
updating only the key of a remote user, which led to the creation of a
duplicate account, using the URI's domain instead of the canonical acct: one.

Bump react-redux from 7.1.3 to 7.2.0 (#13141)

Bumps [react-redux](https://github.com/reduxjs/react-redux) from 7.1.3 to 7.2.0.
- [Release notes](https://github.com/reduxjs/react-redux/releases)
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/react-redux/compare/v7.1.3...v7.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump webpack-cli from 3.3.10 to 3.3.11 (#13139)

Bumps [webpack-cli](https://github.com/webpack/webpack-cli) from 3.3.10 to 3.3.11.
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/next/CHANGELOG_v3.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.10...v3.3.11)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump rellax from 1.10.0 to 1.12.1 (#13140)

Bumps [rellax](https://github.com/dixonandmoe/rellax) from 1.10.0 to 1.12.1.
- [Release notes](https://github.com/dixonandmoe/rellax/releases)
- [Commits](https://github.com/dixonandmoe/rellax/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/core from 7.8.3 to 7.8.4 (#13137)

Bumps [@babel/core](https://github.com/babel/babel) from 7.8.3 to 7.8.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.3...v7.8.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Add `--reset-password` option to `tootctl accounts modify` (#13126)

Fix `/web` redirecting to `/web/web` in web UI (#13128)

Fixes #13127

Fix previously OStatus-based accounts not being detected as ActivityPub (#13129)

Bump rack from 2.1.2 to 2.2.2 (#13108)

Bumps [rack](https://github.com/rack/rack) from 2.1.2 to 2.2.2.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.1.2...v2.2.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Add source-mapped stacktrace to error message in web UI (#13082)

* Add source-mapped stack trace to copyable text in error boundary

* Add the error message to the copied report, not only the stack trace

Fix account JSON/RSS not being cacheable due to wrong mime type comparison (#13116)

`request.format` is not a symbol but a `Mime::Type`, so the condition actually
never matched, and a session was created even for those requests, preventing
caching.

Fix old browsers crashing because of missing `finally` polyfill in web UI (#13115)

Fix #13015