Merge commit 'c49e261ad07d46515af50cdf103524ecf554b2f8' into glitch-soc/merge-4.4

2025-12-13 15:58:50 +00:00 · 2025-11-19 22:29:14 +01:00
parent fa52f4361a c49e261ad0
commit 2b0b537152
7 changed files with 36 additions and 10 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -16,6 +16,6 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
 | Version | Supported        |
 | ------- | ---------------- |
 | 4.4.x   | Yes              |
-| 4.3.x   | Yes              |
+| 4.3.x   | Until 2026-05-06 |
 | 4.2.x   | Until 2026-01-08 |
 | < 4.2   | No               |
--- a/app/javascript/mastodon/features/status/components/detailed_status.tsx
+++ b/app/javascript/mastodon/features/status/components/detailed_status.tsx
@@ -384,6 +384,7 @@ export const DetailedStatus: React.FC<{
              <QuotedStatus
                quote={status.get('quote')}
                parentQuotePostId={status.get('id')}
+                contextType='thread'
              />
            )}
          </>
--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@@ -1,6 +1,9 @@
 # frozen_string_literal: true

 class ActivityPub::Activity::Update < ActivityPub::Activity
+  # Updates to unknown objects older than that are ignored
+  OBJECT_AGE_THRESHOLD = 1.day
+
  def perform
    @account.schedule_refresh_if_stale!

@@ -28,6 +31,9 @@ class ActivityPub::Activity::Update < ActivityPub::Activity

    @status = Status.find_by(uri: object_uri, account_id: @account.id)

+    # Ignore updates for old unknown objects, since those are updates we are not interested in
+    return if @status.nil? && object_too_old?
+
    # We may be getting `Create` and `Update` out of order
    @status ||= ActivityPub::Activity::Create.new(@json, @account, **@options).perform

@@ -35,4 +41,10 @@ class ActivityPub::Activity::Update < ActivityPub::Activity

    ActivityPub::ProcessStatusUpdateService.new.call(@status, @json, @object, request_id: @options[:request_id])
  end
+
+  def object_too_old?
+    @object['published'].present? && @object['published'].to_datetime < OBJECT_AGE_THRESHOLD.ago
+  rescue Date::Error
+    false
+  end
 end
--- a/lib/mastodon/cli/upgrade.rb
+++ b/lib/mastodon/cli/upgrade.rb
@@ -123,12 +123,12 @@ module Mastodon::CLI
        progress.log("Moving #{previous_path} to #{upgraded_path}") if options[:verbose]

        begin
-          move_previous_to_upgraded
+          move_previous_to_upgraded(previous_path, upgraded_path)
        rescue => e
          progress.log(pastel.red("Error processing #{previous_path}: #{e}"))
          success = false

-          remove_directory
+          remove_directory(upgraded_path)
        end
      end

--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
    "http-link-header": "^1.1.1",
    "immutable": "^4.3.0",
    "intl-messageformat": "^10.7.16",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
    "lande": "^1.0.10",
    "lodash": "^4.17.21",
    "marky": "^1.2.5",
--- a/spec/lib/activitypub/activity_spec.rb
+++ b/spec/lib/activitypub/activity_spec.rb
@@ -34,6 +34,8 @@ RSpec.describe ActivityPub::Activity do
      }
    end

+    let(:publication_date) { 1.hour.ago.utc }
+
    let(:create_json) do
      {
        '@context': [
@@ -52,7 +54,7 @@ RSpec.describe ActivityPub::Activity do
            'https://www.w3.org/ns/activitystreams#Public',
          ],
          content: 'foo',
-          published: '2025-05-24T11:03:10Z',
+          published: publication_date.iso8601,
          quote: ActivityPub::TagManager.instance.uri_for(quoted_status),
        },
      }.deep_stringify_keys
@@ -77,7 +79,7 @@ RSpec.describe ActivityPub::Activity do
            'https://www.w3.org/ns/activitystreams#Public',
          ],
          content: 'foo',
-          published: '2025-05-24T11:03:10Z',
+          published: publication_date.iso8601,
          quote: ActivityPub::TagManager.instance.uri_for(quoted_status),
          quoteAuthorization: approval_uri,
        },
--- a/yarn.lock
+++ b/yarn.lock
@@ -2689,7 +2689,7 @@ __metadata:
    husky: "npm:^9.0.11"
    immutable: "npm:^4.3.0"
    intl-messageformat: "npm:^10.7.16"
-    js-yaml: "npm:^4.1.0"
+    js-yaml: "npm:^4.1.1"
    lande: "npm:^1.0.10"
    lint-staged: "npm:^16.0.0"
    lodash: "npm:^4.17.21"
@@ -7769,8 +7769,8 @@ __metadata:
  linkType: hard

 "glob@npm:^10.0.0, glob@npm:^10.2.2, glob@npm:^10.3.10, glob@npm:^10.4.1":
-  version: 10.4.5
-  resolution: "glob@npm:10.4.5"
+  version: 10.5.0
+  resolution: "glob@npm:10.5.0"
  dependencies:
    foreground-child: "npm:^3.1.0"
    jackspeak: "npm:^3.1.2"
@@ -7780,7 +7780,7 @@ __metadata:
    path-scurry: "npm:^1.11.1"
  bin:
    glob: dist/esm/bin.mjs
-  checksum: 10c0/19a9759ea77b8e3ca0a43c2f07ecddc2ad46216b786bb8f993c445aee80d345925a21e5280c7b7c6c59e860a0154b84e4b2b60321fea92cd3c56b4a7489f160e
+  checksum: 10c0/100705eddbde6323e7b35e1d1ac28bcb58322095bd8e63a7d0bef1a2cdafe0d0f7922a981b2b48369a4f8c1b077be5c171804534c3509dfe950dde15fbe6d828
  languageName: node
  linkType: hard

@@ -8762,6 +8762,17 @@ __metadata:
  languageName: node
  linkType: hard

+"js-yaml@npm:^4.1.1":
+  version: 4.1.1
+  resolution: "js-yaml@npm:4.1.1"
+  dependencies:
+    argparse: "npm:^2.0.1"
+  bin:
+    js-yaml: bin/js-yaml.js
+  checksum: 10c0/561c7d7088c40a9bb53cc75becbfb1df6ae49b34b5e6e5a81744b14ae8667ec564ad2527709d1a6e7d5e5fa6d483aa0f373a50ad98d42fde368ec4a190d4fae7
+  languageName: node
+  linkType: hard
+
 "jsdoc-type-pratt-parser@npm:~4.1.0":
  version: 4.1.0
  resolution: "jsdoc-type-pratt-parser@npm:4.1.0"