cat aescling's git repositories

Bump ws from 8.2.1 to 8.2.2 (#16739)

Bumps [ws](https://github.com/websockets/ws) from 8.2.1 to 8.2.2.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.2.1...8.2.2)

---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump jest from 27.1.0 to 27.2.0 (#16737)

Bumps [jest](https://github.com/facebook/jest) from 27.1.0 to 27.2.0.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/compare/v27.1.0...v27.2.0)

---
updated-dependencies:
- dependency-name: jest
dependency-type: direct:development
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump parallel from 1.20.1 to 1.21.0 (#16736)

Bumps [parallel](https://github.com/grosser/parallel) from 1.20.1 to 1.21.0.
- [Release notes](https://github.com/grosser/parallel/releases)
- [Commits](https://github.com/grosser/parallel/compare/v1.20.1...v1.21.0)

---
updated-dependencies:
- dependency-name: parallel
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump @babel/preset-env from 7.15.4 to 7.15.6 (#16742)

Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.15.4 to 7.15.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.6/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump bootsnap from 1.6.0 to 1.8.1 (#16677)

* Bump bootsnap from 1.6.0 to 1.8.1

Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.6.0 to 1.8.1.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.6.0...v1.8.1)

---
updated-dependencies:
- dependency-name: bootsnap
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
* Remove deprecated bootsnap config options

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Pull in latest changes from GlitchSoc (#28)

Fix followers synchronization mechanism not working when URI has empty path (#16744)

Follow-up to #16510, forgot the controller exposing the actual followers…

Merge pull request #1602 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes

Bump rubocop-rails from 2.11.3 to 2.12.2 (#16734)

Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.11.3 to 2.12.2.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.11.3...v2.12.2)

---
updated-dependencies:
- dependency-name: rubocop-rails
dependency-type: direct:development
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Merge branch 'main' into glitch-soc/merge-upstream

Bump rubocop from 1.20.0 to 1.21.0 (#16733)

Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.20.0 to 1.21.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.20.0...v1.21.0)

---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump http from 5.0.1 to 5.0.2 (#16732)

Bumps [http](https://github.com/httprb/http) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/httprb/http/releases)
- [Changelog](https://github.com/httprb/http/blob/main/CHANGES.md)
- [Commits](https://github.com/httprb/http/compare/v5.0.1...v5.0.2)

---
updated-dependencies:
- dependency-name: http
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Merge pull request #13 from kibicat/unlisted-default-tests

Fix tests RE: default privacy

Update Dockerfile (#16696)

Fix some Rails frameworks being unnecessarily loaded (#16725)

Saves about 10MiB of memory usage at boot

Stop setting a shortcode to newly-created media attachments (#16730)

* Stop setting a shortcode to newly-created media attachments

The WebUI has stopped using the “short media URL” in ages. This isn't used
anywhere except for mail notifications.

Deprecating it would allow us to eventually get rid of at least a database
column and corruption-prone index, as well as a controller.

* Fix tests

Fix tests RE: default privacy

Merge pull request #7 from kibicat/kibicatify

Kibicatify docs!

Add .github/ with various community documentations

The following files were removed from the root directory and added
(with different content) to /.github/:

• CODE_OF_CONDUCT.md
• CONTRIBUTING.md
• SECURITY.md

The ‹ .md › extension is used instead of ‹ .markdown › because I think
GitHub requires it for some things.

New README

• Removed ‹ README.md ›, which was the old GlitchSoc README.

• Added ‹ README.markdown ›, containing new README information.

Update versioning to use kibicat/mastodon, etcetera

Delete .github directory

These files pertain mainly to upstream development practices and are not applicable to this fork.

Bump ruby-saml from 1.11.0 to 1.13.0 (#16723)

Fixes #16720

Bump @babel/plugin-proposal-decorators from 7.14.5 to 7.15.4 (#16711)

Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.14.5 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-plugin-proposal-decorators)

---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump @babel/preset-env from 7.15.0 to 7.15.4 (#16706)

Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.15.0 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fix media icons not being added in CWs

Bump devise-two-factor from 4.0.0 to 4.0.1 (#16705)

Bumps [devise-two-factor](https://github.com/tinfoil/devise-two-factor) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/tinfoil/devise-two-factor/releases)
- [Changelog](https://github.com/tinfoil/devise-two-factor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tinfoil/devise-two-factor/compare/v4.0.0...v4.0.1)

---
updated-dependencies:
- dependency-name: devise-two-factor
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump sass from 1.38.2 to 1.39.0 (#16707)

Bumps [sass](https://github.com/sass/dart-sass) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.38.2...1.39.0)

---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump axios from 0.21.1 to 0.21.4 (#16709)

Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.4.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.4)

---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump @babel/runtime from 7.15.3 to 7.15.4 (#16710)

Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.15.3 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump react-redux from 7.2.4 to 7.2.5 (#16708)

Bumps [react-redux](https://github.com/reduxjs/react-redux) from 7.2.4 to 7.2.5.
- [Release notes](https://github.com/reduxjs/react-redux/releases)
- [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md)
- [Commits](https://github.com/reduxjs/react-redux/compare/v7.2.4...v7.2.5)

---
updated-dependencies:
- dependency-name: react-redux
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump npmlog from 5.0.0 to 5.0.1 (#16704)

Bumps [npmlog](https://github.com/npm/npmlog) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/npm/npmlog/releases)
- [Changelog](https://github.com/npm/npmlog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/npmlog/compare/v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: npmlog
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump oj from 3.13.2 to 3.13.4 (#16703)

Bumps [oj](https://github.com/ohler55/oj) from 3.13.2 to 3.13.4.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.13.2...v3.13.4)

---
updated-dependencies:
- dependency-name: oj
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump aws-sdk-s3 from 1.100.0 to 1.102.0 (#16702)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.100.0 to 1.102.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump @babel/core from 7.15.0 to 7.15.5 (#16712)

Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.15.0 to 7.15.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.5/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Merge remote-tracking branch 'origin/main'

use relative path for `scope` (#16714)

Use relative path for `scope` in web manifest to allow users use PWA correctly via alternate domains.

Fix addressing of remote groups' followers (#16700)

Fixes #16699

Fix glitch-soc front-end not linking to the provided SOURCE_URL

Fix media attachments not being displayed on polls

Fixes #1595

Merge pull request #1597 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes

Merge branch 'main' into glitch-soc/merge-upstream

Merge pull request #1594 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes

Fix suspicious sign-in mail text being out of date (#16690)

Fixes #16687

Merge branch 'main' into glitch-soc/merge-upstream

Fix processing mentions to domains with non-ascii TLDs (#16689)

Fixes #16602

Change default post privacy for new accounts to unlisted

allowing randos to show up in your menchies should be an informed
choice, especially for new users to the fediverse

kibi pointed this out so i guess i'm doing a guar gum now lol

--- yr cat

Allow access to the instance through subdomains of glitch.cat.family

Rails 6 forces you to whitelist what domain names an application
may be accessed from. while it is possible to supply a regular
expression, it is not clear how to do this when mastodon parses the
environment variable you supply the regex from. meanwhile, disabling
whitelisting entirely DOES work

this is theoretically less secure; if we can find a way to supply a
regex, that would be preferable.

--- yr cat

[Glitch] Fix follow request count to dynamically update

Port 79341d0f5f3eb2d90f5ea954f4037120f7189cec to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

Explicitly set userVerification to discoraged (#16545)

Fix authentication failures after going halfway through a sign-in attempt (#16607)

* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious

New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED (#16655)

When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.

We need a new environment variable like for SAML to assume the email
from CAS is verified.

* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.

Bump rails from 6.1.4 to 6.1.4.1 (#16650)

Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1)

---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fix follow request count to dynamically update (#16652)

Fix undefined variable for Auth::OmniauthCallbacksController (#16654)

The addition of authentication history broke the omniauth login with
the following error:

  method=GET path=/auth/auth/cas/callback format=html
  controller=Auth::OmniauthCallbacksController action=cas status=500
  error='NameError: undefined local variable or method `user' for
  #<Auth::OmniauthCallbacksController:0x00000000036290>
  Did you mean?  @user' duration=435.93 view=0.00 db=36.19

* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
  name to `@user`

Bump eslint-plugin-import from 2.24.0 to 2.24.1 (#16635)

Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump ws from 8.1.0 to 8.2.0 (#16636)

Bumps [ws](https://github.com/websockets/ws) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0)

---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 (#16590)

Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump eslint-plugin-react from 7.24.0 to 7.25.1 (#16680)

Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.24.0 to 7.25.1.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.24.0...v7.25.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-react
dependency-type: direct:development
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump tar from 6.1.3 to 6.1.11 (#16685)

Bumps [tar](https://github.com/npm/node-tar) from 6.1.3 to 6.1.11.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v6.1.3...v6.1.11)

---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump rqrcode from 2.0.0 to 2.1.0 (#16678)

Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/whomwah/rqrcode/releases)
- [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whomwah/rqrcode/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: rqrcode
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump rubocop from 1.19.1 to 1.20.0 (#16674)

Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.1 to 1.20.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.1...v1.20.0)

---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump nokogiri from 1.12.3 to 1.12.4 (#16675)

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.3 to 1.12.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.3...v1.12.4)

---
updated-dependencies:
- dependency-name: nokogiri
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump aws-sdk-s3 from 1.99.0 to 1.100.0 (#16676)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.99.0 to 1.100.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump ws from 8.2.0 to 8.2.1 (#16679)

Bumps [ws](https://github.com/websockets/ws) from 8.2.0 to 8.2.1.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.2.0...8.2.1)

---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump sass from 1.38.0 to 1.38.2 (#16671)

Bumps [sass](https://github.com/sass/dart-sass) from 1.38.0 to 1.38.2.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.38.0...1.38.2)

---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump eslint-plugin-import from 2.24.1 to 2.24.2 (#16668)

Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.1 to 2.24.2.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.1...v2.24.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump url-parse from 1.5.1 to 1.5.3 (#16666)

Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](https://github.com/unshiftio/url-parse/compare/1.5.1...1.5.3)

---
updated-dependencies:
- dependency-name: url-parse
dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump color-string from 1.5.3 to 1.6.0 (#16665)

Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0.
- [Release notes](https://github.com/Qix-/color-string/releases)
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Qix-/color-string/commits/1.6.0)

---
updated-dependencies:
- dependency-name: color-string
dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump http from 4.4.1 to 5.0.1 (#16438)

Bumps [http](https://github.com/httprb/http) from 4.4.1 to 5.0.1.
- [Release notes](https://github.com/httprb/http/releases)
- [Changelog](https://github.com/httprb/http/blob/master/CHANGES.md)
- [Commits](https://github.com/httprb/http/compare/v4.4.1...v5.0.1)

---
updated-dependencies:
- dependency-name: http
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump y18n from 4.0.0 to 4.0.3 (#16664)

Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)

---
updated-dependencies:
- dependency-name: y18n
dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump jest from 26.6.3 to 27.1.0 (#16376)

* Bump jest from 26.6.3 to 27.0.4

Bumps [jest](https://github.com/facebook/jest) from 26.6.3 to 27.0.4.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/compare/v26.6.3...v27.0.4)

---
updated-dependencies:
- dependency-name: jest
dependency-type: direct:development
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
* Set test environment for jest

* Remove unnecessary ext

* Bump jest from 27.0.4 to 27.1.0

* Remove --coverage option

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>

Bump sidekiq from 6.2.1 to 6.2.2 (#16647)

Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: sidekiq
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Merge pull request #1591 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes

Bump webpacker from 5.4.0 to 5.4.2 (#16648)

Bumps [webpacker](https://github.com/rails/webpacker) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/rails/webpacker/releases)
- [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/webpacker/compare/v5.4.0...v5.4.2)

---
updated-dependencies:
- dependency-name: webpacker
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump faker from 2.18.0 to 2.19.0 (#16646)

Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0)

---
updated-dependencies:
- dependency-name: faker
dependency-type: direct:development
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump rubocop from 1.19.0 to 1.19.1 (#16649)

Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: rubocop
dependency-type: direct:development
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[Glitch] Fix follow request count to dynamically update

Port 79341d0f5f3eb2d90f5ea954f4037120f7189cec to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

Merge branch 'main' into glitch-soc/merge-upstream

Explicitly set userVerification to discoraged (#16545)

Fix authentication failures after going halfway through a sign-in attempt (#16607)

* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious

New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED (#16655)

When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.

We need a new environment variable like for SAML to assume the email
from CAS is verified.

* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.

Bump rails from 6.1.4 to 6.1.4.1 (#16650)

Bumps [rails](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.4...v6.1.4.1)

---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fix follow request count to dynamically update (#16652)

Fix undefined variable for Auth::OmniauthCallbacksController (#16654)

The addition of authentication history broke the omniauth login with
the following error:

  method=GET path=/auth/auth/cas/callback format=html
  controller=Auth::OmniauthCallbacksController action=cas status=500
  error='NameError: undefined local variable or method `user' for
  #<Auth::OmniauthCallbacksController:0x00000000036290>
  Did you mean?  @user' duration=435.93 view=0.00 db=36.19

* app/controllers/auth/omniauth_callbacks_controller.rb: fix variable
  name to `@user`

Bump eslint-plugin-import from 2.24.0 to 2.24.1 (#16635)

Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.24.0...v2.24.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump ws from 8.1.0 to 8.2.0 (#16636)

Bumps [ws](https://github.com/websockets/ws) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.1.0...8.2.0)

---
updated-dependencies:
- dependency-name: ws
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump @babel/plugin-transform-runtime from 7.14.5 to 7.15.0 (#16590)

Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.14.5 to 7.15.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.0/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Merge pull request #1589 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes

Merge branch 'main' into glitch-soc/merge-upstream

Fix “discoverable” account setting being tied to profile directory (#16637)

Merge pull request #1588 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes

[Glitch] Fix crash if a notification contains an unprocessed media attachment

Port 0c24c865b785a557f43125c976090e271247a2b1 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

[Glitch] Fix download button color in audio player

Port aaf24d3093d565461b0051d2238d8b74db63a041 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>

Merge branch 'main' into glitch-soc/merge-upstream

Make sure nginx always send HSTS header (#16633)

By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308

As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.

Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/

Add tests for SuspendAccountService and UnsuspendAccountService (#16627)

* Add tests for SuspendAccountService

* Add tests for UnsuspendAccountService

Bump rspec-rails from 5.0.1 to 5.0.2 (#16622)

Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.1...v5.0.2)

---
updated-dependencies:
- dependency-name: rspec-rails
dependency-type: direct:development
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump sass from 1.37.0 to 1.38.0 (#16623)

Bumps [sass](https://github.com/sass/dart-sass) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.37.0...1.38.0)

---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump fast_blank from 1.0.0 to 1.0.1 (#16621)

Bumps [fast_blank](https://github.com/SamSaffron/fast_blank) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/SamSaffron/fast_blank/releases)
- [Commits](https://github.com/SamSaffron/fast_blank/compare/1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: fast_blank
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>