Update dependency pg to v1.5.5 (#29230)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.devcontainer/Dockerfile

@@ -4,7 +4,7 @@ FROM mcr.microsoft.com/devcontainers/ruby:1-3.2-bullseye
 # Install Rails
 # RUN gem install rails webdrivers
 
-ARG NODE_VERSION="20"
+ARG NODE_VERSION="16"
 RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
 
 # [Optional] Uncomment this section to install additional OS packages.
@@ -15,6 +15,6 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
 RUN gem install foreman
 
 # [Optional] Uncomment this line to install global node packages.
-RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && corepack enable" 2>&1
+RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1
 
 COPY welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt

.devcontainer/docker-compose.yml

@@ -70,7 +70,7 @@ services:
         hard: -1
 
   libretranslate:
-    image: libretranslate/libretranslate:v1.4.1
+    image: libretranslate/libretranslate:v1.3.11
     restart: unless-stopped
     volumes:
       - lt-data:/home/libretranslate/.local

.devcontainer/post-create.sh

@@ -11,8 +11,7 @@ bundle install
 git checkout -- Gemfile.lock
 
 # Fetch Javascript dependencies
-corepack prepare
-yarn install --immutable
+yarn --frozen-lockfile
 
 # [re]create, migrate, and seed the test database
 RAILS_ENV=test ./bin/rails db:setup

.dockerignore

@@ -8,7 +8,6 @@
 public/system
 public/assets
 public/packs
-public/packs-test
 node_modules
 neo4j
 vendor/bundle

.env.test

@@ -1,5 +1,5 @@
-# In test, compile the NodeJS code as if we are in production
-NODE_ENV=production
+# Node.js
+NODE_ENV=tests
 # Federation
 LOCAL_DOMAIN=cb6e6126.ngrok.io
 LOCAL_HTTPS=true

.eslintrc.js

@@ -9,6 +9,7 @@ module.exports = {
     'plugin:import/recommended',
     'plugin:promise/recommended',
     'plugin:jsdoc/recommended',
+    'plugin:prettier/recommended',
   ],
 
   env: {
@@ -62,9 +63,7 @@ module.exports = {
     'consistent-return': 'error',
     'dot-notation': 'error',
     eqeqeq: ['error', 'always', { 'null': 'ignore' }],
-    'indent': ['error', 2],
     'jsx-quotes': ['error', 'prefer-single'],
-    'semi': ['error', 'always'],
     'no-case-declarations': 'off',
     'no-catch-shadow': 'error',
     'no-console': [
@@ -236,7 +235,7 @@ module.exports = {
           },
           // Common React utilities
           {
-            pattern: '{classnames,react-helmet,react-router,react-router-dom}',
+            pattern: '{classnames,react-helmet,react-router-dom}',
             group: 'external',
             position: 'before',
           },

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+patreon: mastodon
+open_collective: mastodon
+custom: https://sponsor.joinmastodon.org

.github/actions/setup-javascript/action.yml

@@ -1,42 +0,0 @@
-name: 'Setup Javascript'
-description: 'Setup a Javascript environment ready to run the Mastodon code'
-inputs:
-  onlyProduction:
-    description: Only install production dependencies
-    default: 'false'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Set up Node.js
-      uses: actions/setup-node@v3
-      with:
-        node-version-file: '.nvmrc'
-
-    # The following is needed because we can not use `cache: true` for `setup-node`, as it does not support Corepack yet and mess up with the cache location if ran after Node is installed
-    - name: Enable corepack
-      shell: bash
-      run: corepack enable
-
-    - name: Get yarn cache directory path
-      id: yarn-cache-dir-path
-      shell: bash
-      run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
-
-    - uses: actions/cache@v3
-      id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
-      with:
-        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-        key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-yarn-
-
-    - name: Install all yarn packages
-      shell: bash
-      run: yarn install --immutable
-      if: inputs.onlyProduction == 'false'
-
-    - name: Install all production yarn packages
-      shell: bash
-      run: yarn workspaces focus --production
-      if: inputs.onlyProduction != 'false'

.github/actions/setup-ruby/action.yml

@@ -1,23 +0,0 @@
-name: 'Setup RUby'
-description: 'Setup a Ruby environment ready to run the Mastodon code'
-inputs:
-  ruby-version:
-    description: The Ruby version to install
-    default: '.ruby-version'
-  additional-system-dependencies:
-    description: 'Additional packages to install'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Install system dependencies
-      shell: bash
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y libicu-dev libidn11-dev ${{ inputs.additional-system-dependencies }}
-
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ inputs.ruby-version }}
-        bundler-cache: true

.github/renovate.json5

@@ -3,6 +3,7 @@
   extends: [
     'config:recommended',
     ':labels(dependencies)',
+    ':maintainLockFilesMonthly', // update non-direct dependencies monthly
     ':prConcurrentLimitNone', // Remove limit for open PRs at any time.
     ':prHourlyLimit2', // Rate limit PR creation to a maximum of two per hour.
   ],
@@ -12,7 +13,6 @@
   // If we do not want a package to be grouped with others, we need to set its groupName
   // to `null` after any other rule set it to something.
   dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).',
-  postUpdateOptions: ['yarnDedupeHighest'],
   packageRules: [
     {
       // Require Dependency Dashboard Approval for major version bumps of these node packages

.github/workflows/build-container-image.yml

@@ -29,10 +29,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-qemu-action@v2
         if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder
 
-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-buildx-action@v2
         id: buildx
         if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }}
 
@@ -41,7 +41,7 @@ jobs:
         run: |
           docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234
 
-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-buildx-action@v2
         id: buildx-native
         if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
         with:
@@ -61,20 +61,20 @@ jobs:
 
       - name: Log in to Docker Hub
         if: contains(inputs.push_to_images, 'tootsuite')
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Log in to the Github Container registry
         if: contains(inputs.push_to_images, 'ghcr.io')
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: docker/metadata-action@v5
+      - uses: docker/metadata-action@v4
         id: meta
         if: ${{ inputs.push_to_images != '' }}
         with:
@@ -83,7 +83,7 @@ jobs:
           tags: ${{ inputs.tags }}
           labels: ${{ inputs.labels }}
 
-      - uses: docker/build-push-action@v5
+      - uses: docker/build-push-action@v4
         with:
           context: .
           build-args: |

.github/workflows/build-nightly.yml

@@ -11,7 +11,6 @@ permissions:
 jobs:
   compute-suffix:
     runs-on: ubuntu-latest
-    if: github.repository == 'glitch-soc/mastodon'
     steps:
       - id: version_vars
         env:

.github/workflows/bundler-audit.yml

@@ -27,8 +27,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Run bundler-audit
         run: bundle exec bundler-audit

.github/workflows/check-i18n.yml

@@ -19,11 +19,25 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: Check for missing strings in English JSON
         run: |

.github/workflows/crowdin-download.yml

@@ -11,7 +11,6 @@ permissions:
 jobs:
   download-translations:
     runs-on: ubuntu-latest
-    if: github.repository == 'glitch-soc/mastodon'
 
     steps:
       - name: Checkout
@@ -45,8 +44,14 @@ jobs:
         run: sudo chown -R runner:docker .
 
       # This is needed to run the normalize step
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Run i18n normalize task
         run: bundle exec i18n-tasks normalize

.github/workflows/lint-css.yml

@@ -35,8 +35,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - uses: xt0rted/stylelint-problem-matcher@v1
 

.github/workflows/lint-haml.yml

@@ -30,8 +30,16 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Run haml-lint
         run: |

.github/workflows/lint-js.yml

@@ -39,8 +39,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: ESLint
         run: yarn lint:js --max-warnings 0

.github/workflows/lint-json.yml

@@ -31,8 +31,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: Prettier
         run: yarn lint:json

.github/workflows/lint-md.yml

@@ -31,8 +31,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: Prettier
         run: yarn lint:md

.github/workflows/lint-ruby.yml

@@ -31,8 +31,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Set-up RuboCop Problem Matcher
         uses: r7kamura/rubocop-problem-matchers-action@v1

.github/workflows/lint-yml.yml

@@ -33,8 +33,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: Prettier
         run: yarn lint:yml

.github/workflows/test-js.yml

@@ -35,8 +35,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: Jest testing
         run: yarn jest --reporters github-actions summary

.github/workflows/test-migrations-one-step.yml

@@ -72,8 +72,16 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Create database
         run: './bin/rails db:create'

.github/workflows/test-migrations-two-step.yml

@@ -71,8 +71,16 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Create database
         run: './bin/rails db:create'

.github/workflows/test-ruby.yml

@@ -34,29 +34,36 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
         with:
-          onlyProduction: 'true'
+          cache: yarn
+          node-version-file: '.nvmrc'
 
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - run: yarn --frozen-lockfile --production
       - name: Precompile assets
         # Previously had set this, but it's not supported
         # export NODE_OPTIONS=--openssl-legacy-provider
         run: |-
           ./bin/rails assets:precompile
 
-      - name: Archive asset artifacts
-        run: |
-          tar --exclude={"*.br","*.gz"} -zcf artifacts.tar.gz public/assets public/packs*
-
       - uses: actions/upload-artifact@v3
         if: matrix.mode == 'test'
         with:
           path: |-
-            ./artifacts.tar.gz
+            ./public/assets
+            ./public/packs-test
           name: ${{ github.sha }}
           retention-days: 0
 
@@ -105,7 +112,7 @@ jobs:
       SAML_ENABLED: true
       CAS_ENABLED: true
       BUNDLE_WITH: 'pam_authentication test'
-      GITHUB_RSPEC: ${{ matrix.ruby-version == '.ruby-version' && github.event.pull_request && 'true' }}
+      CI_JOBS: ${{ matrix.ci_job }}/4
 
     strategy:
       fail-fast: false
@@ -114,28 +121,38 @@ jobs:
           - '3.0'
           - '3.1'
           - '.ruby-version'
+        ci_job:
+          - 1
+          - 2
+          - 3
+          - 4
     steps:
       - uses: actions/checkout@v4
 
       - uses: actions/download-artifact@v3
         with:
-          path: './'
+          path: './public'
           name: ${{ github.sha }}
 
-      - name: Expand archived asset artifacts
-        run: |
-          tar xvzf artifacts.tar.gz
+      - name: Update package index
+        run: sudo apt-get update
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick libpam-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg imagemagick libpam-dev
+          bundler-cache: true
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'
 
-      - run: bin/rspec
+      - run: bundle exec rake rspec_chunked
 
   test-e2e:
     name: End to End testing
@@ -192,14 +209,28 @@ jobs:
           path: './public'
           name: ${{ github.sha }}
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Update package index
+        run: sudo apt-get update
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg imagemagick
+          bundler-cache: true
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - run: yarn --frozen-lockfile
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'
@@ -251,8 +282,8 @@ jobs:
         ports:
           - 6379:6379
 
-      search:
-        image: ${{ matrix.search-image }}
+      elasticsearch:
+        image: docker.elastic.co/elasticsearch/elasticsearch:7.17.13
         env:
           discovery.type: single-node
           xpack.security.enabled: false
@@ -282,11 +313,6 @@ jobs:
           - '3.0'
           - '3.1'
           - '.ruby-version'
-        search-image:
-          - docker.elastic.co/elasticsearch/elasticsearch:7.17.13
-        include:
-          - ruby-version: '.ruby-version'
-            search-image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2
 
     steps:
       - uses: actions/checkout@v4
@@ -296,14 +322,28 @@ jobs:
           path: './public'
           name: ${{ github.sha }}
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Update package index
+        run: sudo apt-get update
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg imagemagick
+          bundler-cache: true
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - run: yarn --frozen-lockfile
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'

.gitignore

@@ -31,6 +31,9 @@
 # Ignore Vagrant files
 .vagrant/
 
+# Ignore Capistrano customizations
+/config/deploy/*
+
 # Ignore IDE files
 .vscode/
 .idea/
@@ -55,15 +58,6 @@ npm-debug.log
 yarn-error.log
 yarn-debug.log
 
-# From https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions
-
 # Ignore vagrant log files
 *-cloudimg-console.log
 

.haml-lint.yml

@@ -12,5 +12,3 @@ linters:
     enabled: true
   MiddleDot:
     enabled: true
-  LineLength:
-    max: 320

.haml-lint_todo.yml

@@ -1,33 +1,47 @@
 # This configuration was generated by
 # `haml-lint --auto-gen-config`
-# on 2023-10-26 09:32:34 -0400 using Haml-Lint version 0.51.0.
+# on 2023-07-20 09:47:50 -0400 using Haml-Lint version 0.48.0.
 # The point is for the user to remove these configuration records
 # one by one as the lints are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of Haml-Lint, may require this file to be generated again.
 
 linters:
-  # Offense count: 16
+  # Offense count: 951
   LineLength:
-    exclude:
-      - 'app/views/admin/account_actions/new.html.haml'
-      - 'app/views/admin/accounts/index.html.haml'
-      - 'app/views/admin/ip_blocks/new.html.haml'
-      - 'app/views/admin/roles/_form.html.haml'
-      - 'app/views/admin/settings/discovery/show.html.haml'
-      - 'app/views/auth/registrations/edit.html.haml'
-      - 'app/views/auth/registrations/new.html.haml'
-      - 'app/views/filters/_filter_fields.html.haml'
-      - 'app/views/media/player.html.haml'
-      - 'app/views/settings/applications/_fields.html.haml'
-      - 'app/views/settings/imports/index.html.haml'
-      - 'app/views/settings/preferences/appearance/show.html.haml'
-      - 'app/views/settings/preferences/notifications/show.html.haml'
-      - 'app/views/settings/preferences/other/show.html.haml'
+    enabled: false
 
-  # Offense count: 9
+  # Offense count: 22
+  UnnecessaryStringOutput:
+    enabled: false
+
+  # Offense count: 57
   RuboCop:
+    enabled: false
+
+  # Offense count: 3
+  ViewLength:
     exclude:
-      - 'app/views/admin/accounts/_buttons.html.haml'
-      - 'app/views/admin/accounts/_local_account.html.haml'
+      - 'app/views/admin/accounts/show.html.haml'
+      - 'app/views/admin/reports/show.html.haml'
+      - 'app/views/disputes/strikes/show.html.haml'
+
+  # Offense count: 32
+  InstanceVariables:
+    exclude:
+      - 'app/views/admin/reports/_actions.html.haml'
       - 'app/views/admin/roles/_form.html.haml'
+      - 'app/views/admin/webhooks/_form.html.haml'
+      - 'app/views/auth/registrations/_status.html.haml'
+      - 'app/views/auth/sessions/two_factor/_otp_authentication_form.html.haml'
+      - 'app/views/authorize_interactions/_post_follow_actions.html.haml'
+      - 'app/views/invites/_form.html.haml'
+      - 'app/views/relationships/_account.html.haml'
+      - 'app/views/shared/_og.html.haml'
+
+  # Offense count: 3
+  IdNames:
+    exclude:
+      - 'app/views/authorize_interactions/error.html.haml'
+      - 'app/views/oauth/authorizations/error.html.haml'
+      - 'app/views/shared/_error_messages.html.haml'

.nvmrc

@@ -1 +1 @@
-20.9
+20.7

.prettierignore

@@ -31,6 +31,9 @@
 # Ignore Vagrant files
 .vagrant/
 
+# Ignore Capistrano customizations
+/config/deploy/*
+
 # Ignore IDE files
 .vscode/
 .idea/

.rubocop.yml

@@ -27,8 +27,7 @@ AllCops:
     - 'node_modules/**/*'
     - 'Vagrantfile'
     - 'vendor/**/*'
-    - 'config/initializers/json_ld*' # Generated files
-    - 'lib/mastodon/migration_helpers.rb' # Vendored from GitLab
+    - 'lib/json_ld/*' # Generated files
     - 'lib/templates/**/*'
 
 # Reason: Prefer Hashes without extreme indentation
@@ -76,6 +75,12 @@ Metrics/AbcSize:
     - 'lib/mastodon/cli/*.rb'
     - db/*migrate/**/*
 
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocknesting
+Metrics/BlockNesting:
+  Exclude:
+    - 'lib/mastodon/cli/*.rb'
+
 # Reason: Currently disabled in .rubocop_todo.yml
 # https://docs.rubocop.org/rubocop/cops_metrics.html#metricscyclomaticcomplexity
 Metrics/CyclomaticComplexity:
@@ -109,11 +114,16 @@ Rails/Exit:
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
 RSpec/FilePath:
   CustomTransform:
-    ActivityPub: activitypub
+    ActivityPub: activitypub # Ignore the snake_case due to the amount of files to rename
     DeepL: deepl
     FetchOEmbedService: fetch_oembed_service
+    JsonLdHelper: jsonld_helper
     OEmbedController: oembed_controller
     OStatus: ostatus
+    NodeInfoController: nodeinfo_controller # NodeInfo isn't snake_cased for any of the instances
+  Exclude:
+    - 'spec/config/initializers/rack_attack_spec.rb' # namespaces usually have separate folder
+    - 'spec/lib/sanitize_config_spec.rb' # namespaces usually have separate folder
 
 # Reason:
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnamedsubject
@@ -130,16 +140,6 @@ RSpec/NotToNot:
 RSpec/Rails/HttpStatus:
   EnforcedStyle: numeric
 
-# Reason: Match overrides from Rspec/FilePath rule above
-# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecspecfilepathformat
-RSpec/SpecFilePathFormat:
-  CustomTransform:
-    ActivityPub: activitypub
-    DeepL: deepl
-    FetchOEmbedService: fetch_oembed_service
-    OEmbedController: oembed_controller
-    OStatus: ostatus
-
 # Reason:
 # https://docs.rubocop.org/rubocop/cops_style.html#styleclassandmodulechildren
 Style/ClassAndModuleChildren:

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.57.2.
+# using RuboCop version 1.56.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -13,6 +13,32 @@ Bundler/OrderedGems:
   Exclude:
     - 'Gemfile'
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: with_first_argument, with_fixed_indentation
+Layout/ArgumentAlignment:
+  Exclude:
+    - 'config/initializers/cors.rb'
+    - 'config/initializers/session_store.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/HashAlignment:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/rack_attack.rb'
+    - 'config/routes.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
+Layout/LeadingCommentSpace:
+  Exclude:
+    - 'config/application.rb'
+    - 'config/initializers/3_omniauth.rb'
+
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
@@ -20,10 +46,63 @@ Layout/LineLength:
   Exclude:
     - 'app/models/account.rb'
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_no_space, require_space
+Layout/SpaceInLambdaLiteral:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
+# Configuration parameters: AllowComments, AllowEmptyLambdas.
+Lint/EmptyBlock:
+  Exclude:
+    - 'spec/controllers/api/v2/search_controller_spec.rb'
+    - 'spec/fabricators/access_token_fabricator.rb'
+    - 'spec/fabricators/conversation_fabricator.rb'
+    - 'spec/fabricators/system_key_fabricator.rb'
+    - 'spec/lib/activitypub/adapter_spec.rb'
+    - 'spec/models/user_role_spec.rb'
+
 Lint/NonLocalExitFromIterator:
   Exclude:
     - 'app/helpers/jsonld_helper.rb'
 
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/OrAssignmentToConstant:
+  Exclude:
+    - 'lib/sanitize_ext/sanitize_config.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'config/initializers/content_security_policy.rb'
+    - 'config/initializers/doorkeeper.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/initializers/simple_form.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/UselessAssignment:
+  Exclude:
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'config/initializers/3_omniauth.rb'
+    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
+    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
+    - 'spec/controllers/api/v1/favourites_controller_spec.rb'
+    - 'spec/controllers/concerns/account_controller_concern_spec.rb'
+    - 'spec/helpers/jsonld_helper_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/status_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/models/webauthn_credentials_spec.rb'
+    - 'spec/services/account_search_service_spec.rb'
+    - 'spec/services/post_status_service_spec.rb'
+    - 'spec/services/precompute_feed_service_spec.rb'
+    - 'spec/services/resolve_url_service_spec.rb'
+    - 'spec/views/statuses/show.html.haml_spec.rb'
+
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
   Max: 144
@@ -43,14 +122,101 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 27
 
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
+# SupportedStyles: snake_case, normalcase, non_integer
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
+Naming/VariableNumber:
+  Exclude:
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180514140000_revert_index_change_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20190820003045_update_statuses_index.rb'
+    - 'db/migrate/20190823221802_add_local_index_to_statuses.rb'
+    - 'db/migrate/20200119112504_add_public_index_to_statuses.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/user_spec.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeMultiline.
+Performance/DeletePrefix:
+  Exclude:
+    - 'app/models/featured_tag.rb'
+
+Performance/MapMethodChain:
+  Exclude:
+    - 'app/models/feed.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+RSpec/AnyInstance:
+  Exclude:
+    - 'spec/controllers/activitypub/inboxes_controller_spec.rb'
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/resets_controller_spec.rb'
+    - 'spec/controllers/admin/settings/branding_controller_spec.rb'
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb'
+    - 'spec/lib/request_spec.rb'
+    - 'spec/lib/status_filter_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/validators/follow_limit_validator_spec.rb'
+    - 'spec/workers/activitypub/delivery_worker_spec.rb'
+    - 'spec/workers/web/push_notification_worker_spec.rb'
+
 # Configuration parameters: CountAsOne.
 RSpec/ExampleLength:
   Max: 22
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: implicit, each, example
+RSpec/HookArgument:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/well_known/webfinger_controller_spec.rb'
+    - 'spec/helpers/instance_helper_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/rails_helper.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+# Configuration parameters: AssignmentOnly.
+RSpec/InstanceVariable:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/auth/confirmations_controller_spec.rb'
+    - 'spec/controllers/auth/passwords_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/concerns/export_controller_concern_spec.rb'
+    - 'spec/controllers/home_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb'
+    - 'spec/controllers/statuses_cleanup_controller_spec.rb'
+    - 'spec/models/concerns/account_finder_concern_spec.rb'
+    - 'spec/models/concerns/account_interactions_spec.rb'
+    - 'spec/models/public_feed_spec.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/remove_status_service_spec.rb'
+    - 'spec/services/search_service_spec.rb'
+    - 'spec/services/unblock_domain_service_spec.rb'
+
 RSpec/LetSetup:
   Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/action_logs_controller_spec.rb'
+    - 'spec/controllers/admin/instances_controller_spec.rb'
+    - 'spec/controllers/admin/reports/actions_controller_spec.rb'
+    - 'spec/controllers/admin/statuses_controller_spec.rb'
     - 'spec/controllers/api/v1/accounts/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
     - 'spec/controllers/api/v1/filters_controller_spec.rb'
+    - 'spec/controllers/api/v1/followed_tags_controller_spec.rb'
     - 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
     - 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
     - 'spec/controllers/api/v2/filters/statuses_controller_spec.rb'
@@ -89,6 +255,31 @@ RSpec/LetSetup:
     - 'spec/services/unsuspend_account_service_spec.rb'
     - 'spec/workers/scheduler/user_cleanup_scheduler_spec.rb'
 
+RSpec/MessageChain:
+  Exclude:
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: have_received, receive
+RSpec/MessageSpies:
+  Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/helpers/admin/account_moderation_notes_helper_spec.rb'
+    - 'spec/lib/webfinger_resource_spec.rb'
+    - 'spec/models/admin/account_action_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/follow_request_spec.rb'
+    - 'spec/models/identity_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/fetch_replies_service_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/spec_helper.rb'
+    - 'spec/validators/status_length_validator_spec.rb'
+
 RSpec/MultipleExpectations:
   Max: 8
 
@@ -100,11 +291,35 @@ RSpec/MultipleMemoizedHelpers:
 RSpec/NestedGroups:
   Max: 6
 
+RSpec/PendingWithoutReason:
+  Exclude:
+    - 'spec/models/account_spec.rb'
+
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationController:
   Exclude:
     - 'app/controllers/health_controller.rb'
 
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/CreateTableWithTimestamps:
+  Exclude:
+    - 'db/migrate/20170508230434_create_conversation_mutes.rb'
+    - 'db/migrate/20170823162448_create_status_pins.rb'
+    - 'db/migrate/20171116161857_create_list_accounts.rb'
+    - 'db/migrate/20180929222014_create_account_conversations.rb'
+    - 'db/migrate/20181007025445_create_pghero_space_stats.rb'
+    - 'db/migrate/20190103124649_create_scheduled_statuses.rb'
+    - 'db/migrate/20220824233535_create_status_trends.rb'
+    - 'db/migrate/20221006061337_create_preview_card_trends.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Severity.
+Rails/DuplicateAssociation:
+  Exclude:
+    - 'app/serializers/activitypub/collection_serializer.rb'
+    - 'app/serializers/activitypub/note_serializer.rb'
+
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
@@ -128,12 +343,18 @@ Rails/HasManyOrHasOneDependent:
     - 'app/models/user.rb'
     - 'app/models/web/push_subscription.rb'
 
+Rails/I18nLocaleTexts:
+  Exclude:
+    - 'lib/tasks/mastodon.rake'
+    - 'spec/helpers/flashes_helper_spec.rb'
+
 # Configuration parameters: Include.
 # Include: app/controllers/**/*.rb, app/mailers/**/*.rb
 Rails/LexicallyScopedActionFilter:
   Exclude:
     - 'app/controllers/auth/passwords_controller.rb'
     - 'app/controllers/auth/registrations_controller.rb'
+    - 'app/controllers/auth/sessions_controller.rb'
 
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/NegateInclude:
@@ -149,6 +370,7 @@ Rails/NegateInclude:
     - 'app/models/custom_filter.rb'
     - 'app/services/activitypub/process_status_update_service.rb'
     - 'app/services/fetch_link_card_service.rb'
+    - 'app/services/search_service.rb'
     - 'app/workers/web/push_notification_worker.rb'
     - 'lib/paperclip/color_extractor.rb'
 
@@ -168,6 +390,24 @@ Rails/RakeEnvironment:
     - 'lib/tasks/repo.rake'
     - 'lib/tasks/statistics.rake'
 
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ReversibleMigration:
+  Exclude:
+    - 'db/migrate/20160223164502_make_uris_nullable_in_statuses.rb'
+    - 'db/migrate/20161122163057_remove_unneeded_indexes.rb'
+    - 'db/migrate/20170205175257_remove_devices.rb'
+    - 'db/migrate/20170322143850_change_primary_key_to_bigint_on_statuses.rb'
+    - 'db/migrate/20170520145338_change_language_filter_to_opt_out.rb'
+    - 'db/migrate/20170609145826_remove_default_language_from_statuses.rb'
+    - 'db/migrate/20170711225116_fix_null_booleans.rb'
+    - 'db/migrate/20171129172043_add_index_on_stream_entries.rb'
+    - 'db/migrate/20171212195226_remove_duplicate_indexes_in_lists.rb'
+    - 'db/migrate/20171226094803_more_faster_index_on_notifications.rb'
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180617162849_remove_unused_indexes.rb'
+    - 'db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb'
+
 # Configuration parameters: ForbiddenMethods, AllowedMethods.
 # ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
 Rails/SkipsModelValidations:
@@ -214,11 +454,38 @@ Rails/SkipsModelValidations:
     - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
     - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
     - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/main.rb'
     - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
     - 'spec/lib/activitypub/activity/follow_spec.rb'
     - 'spec/services/follow_service_spec.rb'
     - 'spec/services/update_account_service_spec.rb'
 
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ThreeStateBooleanColumn:
+  Exclude:
+    - 'db/migrate/20160325130944_add_admin_to_users.rb'
+    - 'db/migrate/20161123093447_add_sensitive_to_statuses.rb'
+    - 'db/migrate/20170123203248_add_reject_media_to_domain_blocks.rb'
+    - 'db/migrate/20170127165745_add_devise_two_factor_to_users.rb'
+    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
+    - 'db/migrate/20170330163835_create_imports.rb'
+    - 'db/migrate/20170905165803_add_local_to_statuses.rb'
+    - 'db/migrate/20171210213213_add_local_only_flag_to_statuses.rb'
+    - 'db/migrate/20181203021853_add_discoverable_to_accounts.rb'
+    - 'db/migrate/20190509164208_add_by_moderator_to_tombstone.rb'
+    - 'db/migrate/20190805123746_add_capabilities_to_tags.rb'
+    - 'db/migrate/20191212163405_add_hide_collections_to_accounts.rb'
+    - 'db/migrate/20200309150742_add_forwarded_to_reports.rb'
+    - 'db/migrate/20210609202149_create_login_activities.rb'
+    - 'db/migrate/20210621221010_add_skip_sign_in_token_to_users.rb'
+    - 'db/migrate/20211031031021_create_preview_card_providers.rb'
+    - 'db/migrate/20211115032527_add_trendable_to_preview_cards.rb'
+    - 'db/migrate/20220202200743_add_trendable_to_accounts.rb'
+    - 'db/migrate/20220202200926_add_trendable_to_statuses.rb'
+    - 'db/migrate/20220303000827_add_ordered_media_attachment_ids_to_status_edits.rb'
+
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/UniqueValidationWithoutIndex:
@@ -282,7 +549,7 @@ Style/CaseEquality:
   Exclude:
     - 'config/initializers/trusted_proxies.rb'
 
-# This cop supports unsafe autocorrection (--autocorrect-all).
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 # AllowedMethods: ==, equal?, eql?
 Style/ClassEqualityComparison:
@@ -294,6 +561,12 @@ Style/ClassVars:
   Exclude:
     - 'config/initializers/devise.rb'
 
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/CombinableLoops:
+  Exclude:
+    - 'app/models/form/custom_emoji_batch.rb'
+    - 'app/models/form/ip_block_batch.rb'
+
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedVars.
 Style/FetchEnvVar:
@@ -306,6 +579,7 @@ Style/FetchEnvVar:
     - 'config/initializers/3_omniauth.rb'
     - 'config/initializers/blacklists.rb'
     - 'config/initializers/cache_buster.rb'
+    - 'config/initializers/content_security_policy.rb'
     - 'config/initializers/devise.rb'
     - 'config/initializers/paperclip.rb'
     - 'config/initializers/vapid.rb'
@@ -489,6 +763,7 @@ Style/RedundantReturn:
 Style/SafeNavigation:
   Exclude:
     - 'app/models/concerns/account_finder_concern.rb'
+    - 'app/models/status.rb'
 
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
@@ -503,6 +778,14 @@ Style/SingleArgumentDig:
   Exclude:
     - 'lib/webpacker/manifest_extensions.rb'
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_parentheses, require_no_parentheses
+Style/StabbyLambdaParentheses:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
 # This cop supports safe autocorrection (--autocorrect).
 Style/StderrPuts:
   Exclude:
@@ -561,3 +844,6 @@ Style/TrailingCommaInHashLiteral:
 Style/WordArray:
   Exclude:
     - 'app/helpers/languages_helper.rb'
+    - 'config/initializers/cors.rb'
+    - 'spec/controllers/settings/imports_controller_spec.rb'
+    - 'spec/models/form/import_spec.rb'

.watchmanconfig

@@ -1,3 +0,0 @@
-{
-  "ignore_dirs": ["node_modules/", "public/"]
-}

.yarn/patches/babel-plugin-lodash-npm-3.3.4-c7161075b6.patch

@@ -1,13 +0,0 @@
-diff --git a/lib/index.js b/lib/index.js
-index 16ed6be8be8f555cc99096c2ff60954b42dc313d..d009c069770d066ad0db7ad02de1ea473a29334e 100644
---- a/lib/index.js
-+++ b/lib/index.js
-@@ -99,7 +99,7 @@ function lodash(_ref) {
- 
-         var node = _ref3;
- 
--        if ((0, _types.isModuleDeclaration)(node)) {
-+        if ((0, _types.isImportDeclaration)(node)  || (0, _types.isExportDeclaration)(node)) {
-           isModule = true;
-           break;
-         }

.yarn/patches/compression-webpack-plugin-npm-6.1.1-3a2a65987e.patch

@@ -1,22 +0,0 @@
-diff --git a/dist/index.js b/dist/index.js
-index 57e375592d984e9a429bcd9f800fa2d15cd662e4..0c47d96df3608e23adfd77d887a8f72abbd501c0 100644
---- a/dist/index.js
-+++ b/dist/index.js
-@@ -5,7 +5,7 @@ Object.defineProperty(exports, "__esModule", {
- });
- exports.default = void 0;
- 
--var _crypto = _interopRequireDefault(require("crypto"));
-+var _createHash = _interopRequireDefault(require("webpack/lib/util/createHash"));
- 
- var _path = _interopRequireDefault(require("path"));
- 
-@@ -227,7 +227,7 @@ class CompressionPlugin {
-             originalAlgorithm: this.options.algorithm,
-             compressionOptions: this.options.compressionOptions,
-             name,
--            contentHash: _crypto.default.createHash("md4").update(input).digest("hex")
-+            contentHash: _createHash.default("md4").update(input).digest("hex")
-           };
-         } else {
-           cacheData.name = (0, _serializeJavascript.default)({

.yarnclean

@@ -0,0 +1,49 @@
+# test directories
+__tests__
+test
+tests
+powered-test
+
+# asset directories
+docs
+doc
+website
+images
+# assets
+
+# examples
+example
+examples
+
+# code coverage directories
+coverage
+.nyc_output
+
+# build scripts
+Makefile
+Gulpfile.js
+Gruntfile.js
+
+# configs
+.tern-project
+.gitattributes
+.editorconfig
+.*ignore
+.eslintrc
+.jshintrc
+.flowconfig
+.documentup.json
+.yarn-metadata.json
+.*.yml
+*.yml
+
+# misc
+*.gz
+*.md
+
+# for specific ignore
+!.svgo.yml
+!sass-lint/**/*.yml
+
+# breaks lint-staged or generally anything using https://github.com/eemeli/yaml/issues/384
+!**/yaml/dist/**/doc

.yarnrc.yml

@@ -1 +0,0 @@
-nodeLinker: node-modules

Capfile

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'capistrano/setup'
+require 'capistrano/deploy'
+require 'capistrano/scm/git'
+
+install_plugin Capistrano::SCM::Git
+
+require 'capistrano/rbenv'
+require 'capistrano/bundler'
+require 'capistrano/yarn'
+require 'capistrano/rails/assets'
+require 'capistrano/rails/migrations'
+
+Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r }

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1.4
 # This needs to be bookworm-slim because the Ruby image is built on bookworm-slim
-ARG NODE_VERSION="20.9-bookworm-slim"
+ARG NODE_VERSION="20.6-bookworm-slim"
 
 FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.2-slim as ruby
 FROM node:${NODE_VERSION} as build
@@ -13,6 +13,7 @@ ENV DEBIAN_FRONTEND="noninteractive" \
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 WORKDIR /opt/mastodon
+COPY Gemfile* package.json yarn.lock /opt/mastodon/
 
 # hadolint ignore=DL3008
 RUN apt-get update && \
@@ -27,7 +28,7 @@ RUN apt-get update && \
         libgdbm-dev \
         libgmp-dev \
         libssl-dev \
-        libyaml-dev \
+        libyaml-0-2 \
         ca-certificates \
         libreadline8 \
         python3 \
@@ -35,14 +36,8 @@ RUN apt-get update && \
     bundle config set --local deployment 'true' && \
     bundle config set --local without 'development test' && \
     bundle config set silence_root_warning true && \
-    corepack enable
-
-COPY Gemfile* package.json yarn.lock .yarnrc.yml /opt/mastodon/
-COPY .yarn /opt/mastodon/.yarn
-
-RUN bundle install -j"$(nproc)"
-
-RUN yarn workspaces focus --all --production && \
+    bundle install -j"$(nproc)" && \
+    yarn install --pure-lockfile --production --network-timeout 600000 && \
     yarn cache clean
 
 FROM node:${NODE_VERSION}
@@ -83,8 +78,7 @@ RUN apt-get update && \
         tzdata \
         libreadline8 \
         tini && \
-    ln -s /opt/mastodon /mastodon && \
-    corepack enable
+    ln -s /opt/mastodon /mastodon
 
 # Note: no, cleaning here since Debian does this automatically
 # See the file /etc/apt/apt.conf.d/docker-clean within the Docker image's filesystem

Gemfile

@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 ruby '>= 3.0.0'
 
 gem 'puma', '~> 6.3'
-gem 'rails', '~> 7.1.1'
+gem 'rails', '~> 7.0'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
 gem 'rack', '~> 2.2.7'
@@ -16,14 +16,14 @@ gem 'dotenv-rails', '~> 2.8'
 
 gem 'aws-sdk-s3', '~> 1.123', require: false
 gem 'fog-core', '<= 2.4.0'
-gem 'fog-openstack', '~> 1.0', require: false
+gem 'fog-openstack', '~> 0.3', require: false
 gem 'kt-paperclip', '~> 7.2'
 gem 'md-paperclip-azure', '~> 2.2', require: false
 gem 'blurhash', '~> 0.1'
 
 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
-gem 'bootsnap', '~> 1.17.0', require: false
+gem 'bootsnap', '~> 1.16.0', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
 gem 'chewy', '~> 7.3'
@@ -88,7 +88,7 @@ gem 'simple-navigation', '~> 4.4'
 gem 'simple_form', '~> 5.2'
 gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
 gem 'stoplight', '~> 3.0.1'
-gem 'strong_migrations', '1.6.4'
+gem 'strong_migrations', '~> 0.8'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2023'
@@ -103,8 +103,8 @@ gem 'rdf-normalize', '~> 0.5'
 gem 'private_address_check', '~> 0.5'
 
 group :test do
-  # Adds RSpec Error/Warning annotations to GitHub PRs on the Files tab
-  gem 'rspec-github', '~> 2.4', require: false
+  # Used to split testing into chunks in CI
+  gem 'rspec_chunked', '~> 0.6'
 
   # RSpec progress bar formatter
   gem 'fuubar', '~> 2.5'
@@ -170,6 +170,12 @@ group :development do
   # Linter CLI for HAML files
   gem 'haml_lint', require: false
 
+  # Deployment automation
+  gem 'capistrano', '~> 3.17'
+  gem 'capistrano-rails', '~> 1.6'
+  gem 'capistrano-rbenv', '~> 2.2'
+  gem 'capistrano-yarn', '~> 2.0'
+
   # Validate missing i18n keys
   gem 'i18n-tasks', '~> 1.0', require: false
 end
@@ -195,7 +201,7 @@ gem 'xorcist', '~> 1.1'
 
 gem 'cocoon', '~> 1.2'
 
-gem 'net-http', '~> 0.4.0'
+gem 'net-http', '~> 0.3.2'
 gem 'rubyzip', '~> 2.3'
 
 gem 'hcaptcha', '~> 7.1'

Gemfile.lock

@@ -39,88 +39,81 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.1.2)
-      actionpack (= 7.1.2)
-      activesupport (= 7.1.2)
+    actioncable (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-      zeitwerk (~> 2.6)
-    actionmailbox (7.1.2)
-      actionpack (= 7.1.2)
-      activejob (= 7.1.2)
-      activerecord (= 7.1.2)
-      activestorage (= 7.1.2)
-      activesupport (= 7.1.2)
+    actionmailbox (7.0.8)
+      actionpack (= 7.0.8)
+      activejob (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.1.2)
-      actionpack (= 7.1.2)
-      actionview (= 7.1.2)
-      activejob (= 7.1.2)
-      activesupport (= 7.1.2)
+    actionmailer (7.0.8)
+      actionpack (= 7.0.8)
+      actionview (= 7.0.8)
+      activejob (= 7.0.8)
+      activesupport (= 7.0.8)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
-      rails-dom-testing (~> 2.2)
-    actionpack (7.1.2)
-      actionview (= 7.1.2)
-      activesupport (= 7.1.2)
-      nokogiri (>= 1.8.5)
-      racc
-      rack (>= 2.2.4)
-      rack-session (>= 1.0.1)
+      rails-dom-testing (~> 2.0)
+    actionpack (7.0.8)
+      actionview (= 7.0.8)
+      activesupport (= 7.0.8)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.2)
-      actionpack (= 7.1.2)
-      activerecord (= 7.1.2)
-      activestorage (= 7.1.2)
-      activesupport (= 7.1.2)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (7.0.8)
+      actionpack (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.2)
-      activesupport (= 7.1.2)
+    actionview (7.0.8)
+      activesupport (= 7.0.8)
       builder (~> 3.1)
-      erubi (~> 1.11)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
-    active_model_serializers (0.10.14)
-      actionpack (>= 4.1)
-      activemodel (>= 4.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    active_model_serializers (0.10.13)
+      actionpack (>= 4.1, < 7.1)
+      activemodel (>= 4.1, < 7.1)
       case_transform (>= 0.2)
       jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (7.1.2)
-      activesupport (= 7.1.2)
+    activejob (7.0.8)
+      activesupport (= 7.0.8)
       globalid (>= 0.3.6)
-    activemodel (7.1.2)
-      activesupport (= 7.1.2)
-    activerecord (7.1.2)
-      activemodel (= 7.1.2)
-      activesupport (= 7.1.2)
-      timeout (>= 0.4.0)
-    activestorage (7.1.2)
-      actionpack (= 7.1.2)
-      activejob (= 7.1.2)
-      activerecord (= 7.1.2)
-      activesupport (= 7.1.2)
+    activemodel (7.0.8)
+      activesupport (= 7.0.8)
+    activerecord (7.0.8)
+      activemodel (= 7.0.8)
+      activesupport (= 7.0.8)
+    activestorage (7.0.8)
+      actionpack (= 7.0.8)
+      activejob (= 7.0.8)
+      activerecord (= 7.0.8)
+      activesupport (= 7.0.8)
       marcel (~> 1.0)
-    activesupport (7.1.2)
-      base64
-      bigdecimal
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.8)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      connection_pool (>= 2.2.5)
-      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
-      mutex_m
       tzinfo (~> 2.0)
     addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
+    airbrussh (1.4.1)
+      sshkit (>= 1.6.1, != 1.7.0)
     android_key_attestation (0.3.0)
     annotate (3.2.0)
       activerecord (>= 3.2, < 8.0)
@@ -131,8 +124,8 @@ GEM
     attr_required (1.0.1)
     awrence (1.2.1)
     aws-eventstream (1.2.0)
-    aws-partitions (1.828.0)
-    aws-sdk-core (3.183.1)
+    aws-partitions (1.809.0)
+    aws-sdk-core (3.181.0)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.5)
@@ -140,7 +133,7 @@ GEM
     aws-sdk-kms (1.71.0)
       aws-sdk-core (~> 3, >= 3.177.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.136.0)
+    aws-sdk-s3 (1.133.0)
       aws-sdk-core (~> 3, >= 3.181.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.6)
@@ -155,25 +148,23 @@ GEM
       net-http-persistent (~> 4.0)
       nokogiri (~> 1, >= 1.10.8)
     base64 (0.1.1)
-    bcp47_spec (0.2.1)
-    bcrypt (3.1.19)
+    bcrypt (3.1.18)
     better_errors (2.10.1)
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
       rouge (>= 1.0.0)
-    better_html (2.0.2)
+    better_html (2.0.1)
       actionview (>= 6.0)
       activesupport (>= 6.0)
       ast (~> 2.0)
       erubi (~> 1.4)
       parser (>= 2.4)
       smart_properties
-    bigdecimal (3.1.4)
     bindata (2.4.15)
     binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
     blurhash (0.1.7)
-    bootsnap (1.17.0)
+    bootsnap (1.16.0)
       msgpack (~> 1.2)
     brakeman (6.0.1)
     browser (5.3.1)
@@ -184,6 +175,21 @@ GEM
     bundler-audit (0.9.1)
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
+    capistrano (3.17.3)
+      airbrussh (>= 1.0.0)
+      i18n
+      rake (>= 10.0.0)
+      sshkit (>= 1.9.0)
+    capistrano-bundler (2.1.0)
+      capistrano (~> 3.1)
+    capistrano-rails (1.6.3)
+      capistrano (~> 3.1)
+      capistrano-bundler (>= 1.1, < 3)
+    capistrano-rbenv (2.2.0)
+      capistrano (~> 3.1)
+      sshkit (~> 1.3)
+    capistrano-yarn (2.0.2)
+      capistrano (~> 3.0)
     capybara (3.39.2)
       addressable
       matrix
@@ -219,25 +225,25 @@ GEM
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    date (3.3.4)
+    date (3.3.3)
     debug_inspector (1.1.0)
-    devise (4.9.3)
+    devise (4.9.2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
-    devise-two-factor (4.1.1)
-      activesupport (~> 7.0)
+    devise-two-factor (4.1.0)
+      activesupport (< 7.1)
       attr_encrypted (>= 1.3, < 5, != 2)
       devise (~> 4.0)
-      railties (~> 7.0)
+      railties (< 7.1)
       rotp (~> 6.0)
     devise_pam_authenticatable2 (9.2.0)
       devise (>= 4.0.0)
       rpam2 (~> 4.0)
     diff-lcs (1.5.0)
-    discard (1.3.0)
+    discard (1.2.1)
       activerecord (>= 4.2, < 8)
     docile (1.4.0)
     domain_name (0.5.20190701)
@@ -248,8 +254,6 @@ GEM
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
-    drb (2.1.1)
-      ruby2_keywords
     ed25519 (1.3.0)
     elasticsearch (7.13.3)
       elasticsearch-api (= 7.13.3)
@@ -264,9 +268,9 @@ GEM
     erubi (1.12.0)
     et-orbi (1.2.7)
       tzinfo
-    excon (0.104.0)
+    excon (0.100.0)
     fabrication (2.30.0)
-    faker (3.2.2)
+    faker (3.2.1)
       i18n (>= 1.8.11, < 2)
     faraday (1.10.3)
       faraday-em_http (~> 1.0)
@@ -299,27 +303,28 @@ GEM
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    fog-core (2.3.0)
+    fog-core (2.1.0)
       builder
-      excon (~> 0.71)
-      formatador (>= 0.2, < 2.0)
+      excon (~> 0.58)
+      formatador (~> 0.2)
       mime-types
     fog-json (1.2.0)
       fog-core
       multi_json (~> 1.10)
-    fog-openstack (1.1.0)
-      fog-core (~> 2.1)
+    fog-openstack (0.3.10)
+      fog-core (>= 1.45, <= 2.1.0)
       fog-json (>= 1.0)
-    formatador (1.1.0)
+      ipaddress (>= 0.8)
+    formatador (0.3.0)
     fugit (1.8.1)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
     fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
-    globalid (1.2.1)
-      activesupport (>= 6.1)
-    haml (6.2.0)
+    globalid (1.1.0)
+      activesupport (>= 5.0)
+    haml (6.1.2)
       temple (>= 0.8.2)
       thor
       tilt
@@ -328,8 +333,8 @@ GEM
       activesupport (>= 5.1)
       haml (>= 4.0.6)
       railties (>= 5.1)
-    haml_lint (0.51.0)
-      haml (>= 4.0)
+    haml_lint (0.50.0)
+      haml (>= 4.0, < 6.2)
       parallel (~> 1.10)
       rainbow
       rubocop (>= 1.0)
@@ -357,41 +362,38 @@ GEM
       rainbow (>= 2.0.0)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    i18n-tasks (1.0.13)
+    i18n-tasks (1.0.12)
       activesupport (>= 4.0.2)
       ast (>= 2.1.0)
       better_html (>= 1.0, < 3.0)
       erubi
       highline (>= 2.0.0)
       i18n
-      parser (>= 3.2.2.1)
+      parser (>= 2.2.3.0)
       rails-i18n
       rainbow (>= 2.2.2, < 4.0)
       terminal-table (>= 1.5.1)
     idn-ruby (0.1.5)
-    io-console (0.6.0)
-    irb (1.8.3)
-      rdoc
-      reline (>= 0.3.8)
+    ipaddress (0.8.3)
     jmespath (1.6.2)
     json (2.6.3)
-    json-canonicalization (1.0.0)
+    json-canonicalization (0.3.2)
     json-jwt (1.15.3)
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
       httpclient
-    json-ld (3.3.1)
+    json-ld (3.2.5)
       htmlentities (~> 4.3)
-      json-canonicalization (~> 1.0)
+      json-canonicalization (~> 0.3, >= 0.3.2)
       link_header (~> 0.0, >= 0.0.8)
       multi_json (~> 1.15)
       rack (>= 2.2, < 4)
-      rdf (~> 3.3)
-    json-ld-preloaded (3.3.0)
-      json-ld (~> 3.3)
-      rdf (~> 3.3)
-    json-schema (4.1.1)
+      rdf (~> 3.2, >= 3.2.10)
+    json-ld-preloaded (3.2.2)
+      json-ld (~> 3.2)
+      rdf (~> 3.2)
+    json-schema (4.0.0)
       addressable (>= 2.8)
     jsonapi-renderer (0.2.2)
     jwt (2.7.1)
@@ -427,12 +429,12 @@ GEM
     llhttp-ffi (0.4.0)
       ffi-compiler (~> 1.0)
       rake (~> 13.0)
-    lograge (0.14.0)
+    lograge (0.13.0)
       actionpack (>= 4)
       activesupport (>= 4)
       railties (>= 4)
       request_store (~> 1.0)
-    loofah (2.21.4)
+    loofah (2.21.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -449,32 +451,35 @@ GEM
       azure-storage-blob (~> 2.0.1)
       hashie (~> 5.0)
     memory_profiler (1.0.1)
+    method_source (1.0.0)
     mime-types (3.5.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.1003)
+    mime-types-data (3.2023.0808)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.5)
-    minitest (5.20.0)
-    msgpack (1.7.2)
+    mini_portile2 (2.8.4)
+    minitest (5.19.0)
+    msgpack (1.7.1)
     multi_json (1.15.0)
     multipart-post (2.3.0)
-    mutex_m (0.1.2)
-    net-http (0.4.0)
+    net-http (0.3.2)
       uri
     net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
-    net-imap (0.4.4)
+    net-imap (0.3.7)
       date
       net-protocol
     net-ldap (0.18.0)
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.2.2)
+    net-protocol (0.2.1)
       timeout
-    net-smtp (0.4.0)
+    net-scp (4.0.0)
+      net-ssh (>= 2.6.5, < 8.0.0)
+    net-smtp (0.3.3)
       net-protocol
+    net-ssh (7.1.0)
     nio4r (2.5.9)
-    nokogiri (1.15.4)
+    nokogiri (1.16.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     oj (3.16.1)
@@ -508,13 +513,13 @@ GEM
     orm_adapter (0.5.0)
     ox (2.14.17)
     parallel (1.23.0)
-    parser (3.2.2.4)
+    parser (3.2.2.3)
       ast (~> 2.4.1)
       racc
     parslet (2.0.0)
     pastel (0.8.0)
       tty-color (~> 0.5)
-    pg (1.5.4)
+    pg (1.5.5)
     pghero (3.3.4)
       activerecord (>= 6)
     posix-spawn (0.3.15)
@@ -527,15 +532,13 @@ GEM
       net-smtp
       premailer (~> 1.7, >= 1.7.9)
     private_address_check (0.5.0)
-    psych (5.1.1.1)
-      stringio
     public_suffix (5.0.3)
-    puma (6.4.0)
+    puma (6.3.1)
       nio4r (~> 2.0)
-    pundit (2.3.1)
+    pundit (2.3.0)
       activesupport (>= 3.0.0)
     raabro (1.4.0)
-    racc (1.7.3)
+    racc (1.7.1)
     rack (2.2.8)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
@@ -551,74 +554,63 @@ GEM
       rack
     rack-proxy (0.7.6)
       rack
-    rack-session (1.0.1)
-      rack (< 3)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rackup (1.0.0)
-      rack (< 3)
-      webrick
-    rails (7.1.2)
-      actioncable (= 7.1.2)
-      actionmailbox (= 7.1.2)
-      actionmailer (= 7.1.2)
-      actionpack (= 7.1.2)
-      actiontext (= 7.1.2)
-      actionview (= 7.1.2)
-      activejob (= 7.1.2)
-      activemodel (= 7.1.2)
-      activerecord (= 7.1.2)
-      activestorage (= 7.1.2)
-      activesupport (= 7.1.2)
+    rails (7.0.8)
+      actioncable (= 7.0.8)
+      actionmailbox (= 7.0.8)
+      actionmailer (= 7.0.8)
+      actionpack (= 7.0.8)
+      actiontext (= 7.0.8)
+      actionview (= 7.0.8)
+      activejob (= 7.0.8)
+      activemodel (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       bundler (>= 1.15.0)
-      railties (= 7.1.2)
+      railties (= 7.0.8)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.2.0)
+    rails-dom-testing (2.1.1)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    rails-i18n (7.0.8)
+    rails-i18n (7.0.7)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (7.1.2)
-      actionpack (= 7.1.2)
-      activesupport (= 7.1.2)
-      irb
-      rackup (>= 1.0.0)
+    railties (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
+      method_source
       rake (>= 12.2)
-      thor (~> 1.0, >= 1.2.2)
-      zeitwerk (~> 2.6)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
-    rdf (3.3.1)
-      bcp47_spec (~> 0.2)
+    rdf (3.2.11)
       link_header (~> 0.0, >= 0.0.8)
     rdf-normalize (0.6.1)
       rdf (~> 3.2)
-    rdoc (6.5.0)
-      psych (>= 4.0.0)
     redcarpet (3.6.0)
     redis (4.8.1)
     redis-namespace (1.11.0)
       redis (>= 4)
     redlock (1.3.2)
       redis (>= 3.0.0, < 6.0)
-    regexp_parser (2.8.2)
-    reline (0.3.9)
-      io-console (~> 0.5)
+    regexp_parser (2.8.1)
     request_store (1.5.1)
       rack (>= 1.4)
-    responders (3.1.1)
+    responders (3.1.0)
       actionpack (>= 5.2)
       railties (>= 5.2)
     rexml (3.2.6)
-    rotp (6.3.0)
+    rotp (6.2.2)
     rouge (4.1.2)
     rpam2 (4.0.2)
     rqrcode (2.2.0)
@@ -630,9 +622,7 @@ GEM
     rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-github (2.4.0)
-      rspec-core (~> 3.0)
-    rspec-mocks (3.12.6)
+    rspec-mocks (3.12.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-rails (6.0.3)
@@ -643,38 +633,40 @@ GEM
       rspec-expectations (~> 3.12)
       rspec-mocks (~> 3.12)
       rspec-support (~> 3.12)
-    rspec-sidekiq (4.1.0)
+    rspec-sidekiq (4.0.1)
       rspec-core (~> 3.0)
       rspec-expectations (~> 3.0)
       rspec-mocks (~> 3.0)
       sidekiq (>= 5, < 8)
     rspec-support (3.12.1)
-    rubocop (1.57.2)
+    rspec_chunked (0.6)
+    rubocop (1.56.3)
+      base64 (~> 0.1.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.4)
+      parser (>= 3.2.2.3)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.28.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.30.0)
+    rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
-    rubocop-capybara (2.19.0)
+    rubocop-capybara (2.18.0)
       rubocop (~> 1.41)
-    rubocop-factory_bot (2.24.0)
+    rubocop-factory_bot (2.23.1)
       rubocop (~> 1.33)
-    rubocop-performance (1.19.1)
+    rubocop-performance (1.19.0)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.22.1)
+    rubocop-rails (2.20.2)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
-    rubocop-rspec (2.25.0)
-      rubocop (~> 1.40)
+    rubocop-rspec (2.23.2)
+      rubocop (~> 1.33)
       rubocop-capybara (~> 2.17)
       rubocop-factory_bot (~> 2.22)
     ruby-prof (1.6.3)
@@ -688,18 +680,18 @@ GEM
       fugit (~> 1.1, >= 1.1.6)
     safety_net_attestation (0.4.0)
       jwt (~> 2.0)
-    sanitize (6.1.0)
+    sanitize (6.0.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     scenic (1.7.0)
       activerecord (>= 4.0.0)
       railties (>= 4.0.0)
-    selenium-webdriver (4.15.0)
+    selenium-webdriver (4.11.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
     semantic_range (3.0.0)
-    sidekiq (6.5.12)
+    sidekiq (6.5.9)
       connection_pool (>= 2.2.5, < 3)
       rack (~> 2.0)
       redis (>= 4.5.0, < 5)
@@ -709,7 +701,7 @@ GEM
       rufus-scheduler (~> 3.2)
       sidekiq (>= 6, < 8)
       tilt (>= 1.4.0)
-    sidekiq-unique-jobs (7.1.30)
+    sidekiq-unique-jobs (7.1.33)
       brpoplpush-redis_script (> 0.1.1, <= 2.0.0)
       concurrent-ruby (~> 1.0, >= 1.0.5)
       redis (< 5.0)
@@ -717,7 +709,7 @@ GEM
       thor (>= 0.20, < 3.0)
     simple-navigation (4.4.0)
       activesupport (>= 2.3.2)
-    simple_form (5.3.0)
+    simple_form (5.2.0)
       actionpack (>= 5.2)
       activemodel (>= 5.2)
     simplecov (0.22.0)
@@ -734,12 +726,14 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
+    sshkit (1.21.5)
+      net-scp (>= 1.1.2)
+      net-ssh (>= 2.8.0)
     stackprof (0.2.25)
     statsd-ruby (1.5.0)
     stoplight (3.0.2)
       redlock (~> 1.0)
-    stringio (3.0.9)
-    strong_migrations (1.6.4)
+    strong_migrations (0.8.0)
       activerecord (>= 5.2)
     swd (1.3.0)
       activesupport (>= 3)
@@ -752,9 +746,9 @@ GEM
     terrapin (0.6.0)
       climate_control (>= 0.0.3, < 1.0)
     test-prof (1.2.3)
-    thor (1.3.0)
-    tilt (2.3.0)
-    timeout (0.4.1)
+    thor (1.2.2)
+    tilt (2.2.0)
+    timeout (0.4.0)
     tpm-key_attestation (0.12.0)
       bindata (~> 2.4)
       openssl (> 2.0)
@@ -779,7 +773,7 @@ GEM
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8.2)
-    unicode-display_width (2.5.0)
+    unicode-display_width (2.4.2)
     uri (0.12.2)
     validate_email (0.1.6)
       activemodel (>= 3.0)
@@ -810,8 +804,7 @@ GEM
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
       semantic_range (>= 2.3.0)
-    webrick (1.8.1)
-    websocket (1.2.10)
+    websocket (1.2.9)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -819,7 +812,7 @@ GEM
     xorcist (1.1.3)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.12)
+    zeitwerk (2.6.11)
 
 PLATFORMS
   ruby
@@ -832,10 +825,14 @@ DEPENDENCIES
   better_errors (~> 2.9)
   binding_of_caller (~> 1.0)
   blurhash (~> 0.1)
-  bootsnap (~> 1.17.0)
+  bootsnap (~> 1.16.0)
   brakeman (~> 6.0)
   browser
   bundler-audit (~> 0.9)
+  capistrano (~> 3.17)
+  capistrano-rails (~> 1.6)
+  capistrano-rbenv (~> 2.2)
+  capistrano-yarn (~> 2.0)
   capybara (~> 3.39)
   charlock_holmes (~> 0.7.7)
   chewy (~> 7.3)
@@ -857,7 +854,7 @@ DEPENDENCIES
   fast_blank (~> 1.0)
   fastimage
   fog-core (<= 2.4.0)
-  fog-openstack (~> 1.0)
+  fog-openstack (~> 0.3)
   fuubar (~> 2.5)
   haml-rails (~> 2.0)
   haml_lint
@@ -882,7 +879,7 @@ DEPENDENCIES
   md-paperclip-azure (~> 2.2)
   memory_profiler
   mime-types (~> 3.5.0)
-  net-http (~> 0.4.0)
+  net-http (~> 0.3.2)
   net-ldap (~> 0.18)
   nokogiri (~> 1.15)
   nsa!
@@ -906,7 +903,7 @@ DEPENDENCIES
   rack-attack (~> 6.6)
   rack-cors (~> 2.0)
   rack-test (~> 2.1)
-  rails (~> 7.1.1)
+  rails (~> 7.0)
   rails-controller-testing (~> 1.0)
   rails-i18n (~> 7.0)
   rails-settings-cached (~> 0.6)!
@@ -915,9 +912,9 @@ DEPENDENCIES
   redis (~> 4.5)
   redis-namespace (~> 1.10)
   rqrcode (~> 2.2)
-  rspec-github (~> 2.4)
   rspec-rails (~> 6.0)
   rspec-sidekiq (~> 4.0)
+  rspec_chunked (~> 0.6)
   rubocop
   rubocop-capybara
   rubocop-performance
@@ -940,7 +937,7 @@ DEPENDENCIES
   sprockets-rails (~> 3.4)
   stackprof
   stoplight (~> 3.0.1)
-  strong_migrations (= 1.6.4)
+  strong_migrations (~> 0.8)
   test-prof
   thor (~> 1.2)
   tty-prompt (~> 0.23)
@@ -956,4 +953,4 @@ RUBY VERSION
    ruby 3.2.2p53
 
 BUNDLED WITH
-   2.4.20
+   2.4.13

SECURITY.md

@@ -15,8 +15,7 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
 
 | Version | Supported        |
 | ------- | ---------------- |
-| 4.2.x   | Yes              |
 | 4.1.x   | Yes              |
-| 4.0.x   | No               |
+| 4.0.x   | Until 2023-10-31 |
 | 3.5.x   | Until 2023-12-31 |
 | < 3.5   | No               |

Vagrantfile

@@ -112,11 +112,11 @@ bundle install
 
 # Install node modules
 sudo corepack enable
-corepack prepare
+yarn set version classic
 yarn install
 
 # Build Mastodon
-export RAILS_ENV=development
+export RAILS_ENV=development 
 export $(cat ".env.vagrant" | xargs)
 bundle exec rails db:setup
 

app/chewy/public_statuses_index.rb

@@ -53,7 +53,7 @@ class PublicStatusesIndex < Chewy::Index
   index_scope ::Status.unscoped
                       .kept
                       .indexable
-                      .includes(:media_attachments, :preloadable_poll, :tags, preview_cards_status: :preview_card)
+                      .includes(:media_attachments, :preloadable_poll, :preview_cards, :tags)
 
   root date_detection: false do
     field(:id, type: 'long')

app/chewy/statuses_index.rb

@@ -50,7 +50,7 @@ class StatusesIndex < Chewy::Index
     },
   }
 
-  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :local_mentioned, :local_favorited, :local_reblogged, :local_bookmarked, :tags, preview_cards_status: :preview_card, preloadable_poll: :local_voters), delete_if: ->(status) { status.searchable_by.empty? }
+  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preview_cards, :local_mentioned, :local_favorited, :local_reblogged, :local_bookmarked, :tags, preloadable_poll: :local_voters), delete_if: ->(status) { status.searchable_by.empty? }
 
   root date_detection: false do
     field(:id, type: 'long')

app/controllers/about_controller.rb

@@ -5,7 +5,15 @@ class AboutController < ApplicationController
 
   skip_before_action :require_functional!
 
+  before_action :set_instance_presenter
+
   def show
     expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
   end
+
+  private
+
+  def set_instance_presenter
+    @instance_presenter = InstancePresenter.new
+  end
 end

app/controllers/admin/account_actions_controller.rb

@@ -21,7 +21,7 @@ module Admin
       account_action.save!
 
       if account_action.with_report?
-        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: resource_params[:report_id])
+        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: params[:report_id])
       else
         redirect_to admin_account_path(@account.id)
       end

app/controllers/admin/disputes/appeals_controller.rb

@@ -20,7 +20,7 @@ class Admin::Disputes::AppealsController < Admin::BaseController
     authorize @appeal, :approve?
     log_action :reject, @appeal
     @appeal.reject!(current_account)
-    UserMailer.appeal_rejected(@appeal.account.user, @appeal).deliver_later
+    UserMailer.appeal_rejected(@appeal.account.user, @appeal)
     redirect_to disputes_strike_path(@appeal.strike)
   end
 

app/controllers/admin/domain_blocks_controller.rb

@@ -33,7 +33,7 @@ module Admin
 
       # Disallow accidentally downgrading a domain block
       if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
-        @domain_block.validate
+        @domain_block.save
         flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe
         @domain_block.errors.delete(:domain)
         return render :new

app/controllers/admin/instances_controller.rb

@@ -49,7 +49,7 @@ module Admin
     private
 
     def set_instance
-      @instance = Instance.find_or_initialize_by(domain: TagManager.instance.normalize_domain(params[:id]&.strip))
+      @instance = Instance.find(TagManager.instance.normalize_domain(params[:id]&.strip))
     end
 
     def set_instances

app/controllers/admin/statuses_controller.rb

@@ -31,11 +31,6 @@ module Admin
 
     private
 
-    def batched_ordered_status_edits
-      @status.edits.reorder(nil).includes(:account, status: [:account]).find_each(order: :asc)
-    end
-    helper_method :batched_ordered_status_edits
-
     def admin_status_batch_action_params
       params.require(:admin_status_batch_action).permit(status_ids: [])
     end

app/controllers/api/base_controller.rb

@@ -7,7 +7,6 @@ class Api::BaseController < ApplicationController
   include RateLimitHeaders
   include AccessTokenTrackingConcern
   include ApiCachingConcern
-  include Api::ContentSecurityPolicy
 
   skip_before_action :require_functional!, unless: :limited_federation_mode?
 
@@ -18,6 +17,26 @@ class Api::BaseController < ApplicationController
 
   protect_from_forgery with: :null_session
 
+  content_security_policy do |p|
+    # Set every directive that does not have a fallback
+    p.default_src :none
+    p.frame_ancestors :none
+    p.form_action :none
+
+    # Disable every directive with a fallback to cut on response size
+    p.base_uri false
+    p.font_src false
+    p.img_src false
+    p.style_src false
+    p.media_src false
+    p.frame_src false
+    p.manifest_src false
+    p.connect_src false
+    p.script_src false
+    p.child_src false
+    p.worker_src false
+  end
+
   rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
     render json: { error: e.to_s }, status: 422
   end

app/controllers/api/v1/accounts/relationships_controller.rb

@@ -5,11 +5,10 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
   before_action :require_user!
 
   def index
-    scope = Account.where(id: account_ids).select('id')
-    scope.merge!(Account.without_suspended) unless truthy_param?(:with_suspended)
+    accounts = Account.where(id: account_ids).select('id')
     # .where doesn't guarantee that our results are in the same order
     # we requested them, so return the "right" order to the requestor.
-    @accounts = scope.index_by(&:id).values_at(*account_ids).compact
+    @accounts = accounts.index_by(&:id).values_at(*account_ids).compact
     render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships
   end
 

app/controllers/api/v1/accounts_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class Api::V1::AccountsController < Api::BaseController
-  include RegistrationHelper
-
   before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:create, :follow, :unfollow, :remove_from_followers, :block, :unblock, :mute, :unmute]
   before_action -> { doorkeeper_authorize! :follow, :write, :'write:follows' }, only: [:follow, :unfollow, :remove_from_followers]
   before_action -> { doorkeeper_authorize! :follow, :write, :'write:mutes' }, only: [:mute, :unmute]
@@ -92,14 +90,18 @@ class Api::V1::AccountsController < Api::BaseController
   end
 
   def account_params
-    params.permit(:username, :email, :password, :agreement, :locale, :reason, :time_zone, :invite_code)
-  end
-
-  def invite
-    Invite.find_by(code: params[:invite_code]) if params[:invite_code].present?
+    params.permit(:username, :email, :password, :agreement, :locale, :reason, :time_zone)
   end
 
   def check_enabled_registrations
-    forbidden unless allowed_registration?(request.remote_ip, invite)
+    forbidden if single_user_mode? || omniauth_only? || !allowed_registrations?
+  end
+
+  def allowed_registrations?
+    Setting.registrations_mode != 'none'
+  end
+
+  def omniauth_only?
+    ENV['OMNIAUTH_ONLY'] == 'true'
   end
 end

app/controllers/api/v1/apps/credentials_controller.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 class Api::V1::Apps::CredentialsController < Api::BaseController
-  def show
-    return doorkeeper_render_error unless valid_doorkeeper_token?
+  before_action -> { doorkeeper_authorize! :read }
 
-    render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key client_id scopes)
+  def show
+    render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key)
   end
 end

app/controllers/api/v1/conversations_controller.rb

@@ -41,10 +41,10 @@ class Api::V1::ConversationsController < Api::BaseController
                          account: :account_stat,
                          last_status: [
                            :media_attachments,
+                           :preview_cards,
                            :status_stat,
                            :tags,
                            {
-                             preview_cards_status: :preview_card,
                              active_mentions: [account: :account_stat],
                              account: :account_stat,
                            },

app/controllers/api/v1/instances/activity_controller.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::ActivityController < Api::V1::Instances::BaseController
+class Api::V1::Instances::ActivityController < Api::BaseController
   before_action :require_enabled_api!
 
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
+
+  vary_by ''
+
   def show
     cache_even_if_authenticated!
     render_with_cache json: :activity, expires_in: 1.day

app/controllers/api/v1/instances/base_controller.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Instances::BaseController < Api::BaseController
-  skip_before_action :require_authenticated_user!,
-                     unless: :limited_federation_mode?
-
-  vary_by ''
-end

app/controllers/api/v1/instances/domain_blocks_controller.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::DomainBlocksController < Api::V1::Instances::BaseController
+class Api::V1::Instances::DomainBlocksController < Api::BaseController
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
+
   before_action :require_enabled_api!
   before_action :set_domain_blocks
 
@@ -13,7 +15,7 @@ class Api::V1::Instances::DomainBlocksController < Api::V1::Instances::BaseContr
       cache_if_unauthenticated!
     end
 
-    render json: @domain_blocks, each_serializer: REST::DomainBlockSerializer, with_comment: show_rationale_in_response?
+    render json: @domain_blocks, each_serializer: REST::DomainBlockSerializer, with_comment: (Setting.show_domain_blocks_rationale == 'all' || (Setting.show_domain_blocks_rationale == 'users' && user_signed_in?))
   end
 
   private
@@ -25,16 +27,4 @@ class Api::V1::Instances::DomainBlocksController < Api::V1::Instances::BaseContr
   def set_domain_blocks
     @domain_blocks = DomainBlock.with_user_facing_limitations.by_severity
   end
-
-  def show_rationale_in_response?
-    always_show_rationale? || show_rationale_for_user?
-  end
-
-  def always_show_rationale?
-    Setting.show_domain_blocks_rationale == 'all'
-  end
-
-  def show_rationale_for_user?
-    Setting.show_domain_blocks_rationale == 'users' && user_signed_in?
-  end
 end

app/controllers/api/v1/instances/extended_descriptions_controller.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::ExtendedDescriptionsController < Api::V1::Instances::BaseController
+class Api::V1::Instances::ExtendedDescriptionsController < Api::BaseController
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
   skip_around_action :set_locale
 
   before_action :set_extended_description
 
+  vary_by ''
+
   # Override `current_user` to avoid reading session cookies unless in whitelist mode
   def current_user
     super if limited_federation_mode?

app/controllers/api/v1/instances/languages_controller.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::LanguagesController < Api::V1::Instances::BaseController
+class Api::V1::Instances::LanguagesController < Api::BaseController
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
   skip_around_action :set_locale
 
   before_action :set_languages
 
+  vary_by ''
+
   def show
     cache_even_if_authenticated!
     render json: @languages, each_serializer: REST::LanguageSerializer

app/controllers/api/v1/instances/peers_controller.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::PeersController < Api::V1::Instances::BaseController
+class Api::V1::Instances::PeersController < Api::BaseController
   before_action :require_enabled_api!
 
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
   skip_around_action :set_locale
 
+  vary_by ''
+
   # Override `current_user` to avoid reading session cookies unless in whitelist mode
   def current_user
     super if limited_federation_mode?

app/controllers/api/v1/instances/privacy_policies_controller.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::PrivacyPoliciesController < Api::V1::Instances::BaseController
+class Api::V1::Instances::PrivacyPoliciesController < Api::BaseController
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
+
   before_action :set_privacy_policy
 
+  vary_by ''
+
   def show
     cache_even_if_authenticated!
     render json: @privacy_policy, serializer: REST::PrivacyPolicySerializer

app/controllers/api/v1/instances/rules_controller.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::RulesController < Api::V1::Instances::BaseController
+class Api::V1::Instances::RulesController < Api::BaseController
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
   skip_around_action :set_locale
 
   before_action :set_rules
 
+  vary_by ''
+
   # Override `current_user` to avoid reading session cookies unless in whitelist mode
   def current_user
     super if limited_federation_mode?

app/controllers/api/v1/instances/translation_languages_controller.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
-class Api::V1::Instances::TranslationLanguagesController < Api::V1::Instances::BaseController
+class Api::V1::Instances::TranslationLanguagesController < Api::BaseController
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
+
   before_action :set_languages
 
+  vary_by ''
+
   def show
     cache_even_if_authenticated!
     render json: @languages

app/controllers/api/v1/invites_controller.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::InvitesController < Api::BaseController
-  include RegistrationHelper
-
-  skip_before_action :require_authenticated_user!
-  skip_around_action :set_locale
-
-  before_action :set_invite
-  before_action :check_enabled_registrations!
-
-  # Override `current_user` to avoid reading session cookies
-  def current_user; end
-
-  def show
-    render json: { invite_code: params[:invite_code], instance_api_url: api_v2_instance_url }, status: 200
-  end
-
-  private
-
-  def set_invite
-    @invite = Invite.find_by!(code: params[:invite_code])
-  end
-
-  def check_enabled_registrations!
-    return render json: { error: I18n.t('invites.invalid') }, status: 401 unless @invite.valid_for_use?
-
-    raise Mastodon::NotPermittedError unless allowed_registration?(request.remote_ip, @invite)
-  end
-end

app/controllers/api/v1/statuses/base_controller.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Statuses::BaseController < Api::BaseController
-  include Authorization
-
-  before_action :set_status
-
-  private
-
-  def set_status
-    @status = Status.find(params[:status_id])
-    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
-    not_found
-  end
-end

app/controllers/api/v1/statuses/bookmarks_controller.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::BookmarksController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::BookmarksController < Api::BaseController
+  include Authorization
+
   before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
   before_action :require_user!
-  skip_before_action :set_status, only: [:destroy]
+  before_action :set_status, only: [:create]
 
   def create
     current_account.bookmarks.find_or_create_by!(account: current_account, status: @status)
@@ -26,4 +28,13 @@ class Api::V1::Statuses::BookmarksController < Api::V1::Statuses::BaseController
   rescue Mastodon::NotPermittedError
     not_found
   end
+
+  private
+
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
 end

app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::FavouritedByAccountsController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
+  include Authorization
+
   before_action -> { authorize_if_got_token! :read, :'read:accounts' }
+  before_action :set_status
   after_action :insert_pagination_headers
 
   def index
@@ -58,6 +61,13 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::V1::Statuses::Bas
     @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
   end
 
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
+
   def pagination_params(core_params)
     params.slice(:limit).permit(:limit).merge(core_params)
   end

app/controllers/api/v1/statuses/favourites_controller.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::FavouritesController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::FavouritesController < Api::BaseController
+  include Authorization
+
   before_action -> { doorkeeper_authorize! :write, :'write:favourites' }
   before_action :require_user!
-  skip_before_action :set_status, only: [:destroy]
+  before_action :set_status, only: [:create]
 
   def create
     FavouriteService.new.call(current_account, @status)
@@ -28,4 +30,13 @@ class Api::V1::Statuses::FavouritesController < Api::V1::Statuses::BaseControlle
   rescue Mastodon::NotPermittedError
     not_found
   end
+
+  private
+
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
 end

app/controllers/api/v1/statuses/histories_controller.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::HistoriesController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::HistoriesController < Api::BaseController
+  include Authorization
+
   before_action -> { authorize_if_got_token! :read, :'read:statuses' }
+  before_action :set_status
 
   def show
     cache_if_unauthenticated!
@@ -13,4 +16,11 @@ class Api::V1::Statuses::HistoriesController < Api::V1::Statuses::BaseController
   def status_edits
     @status.edits.includes(:account, status: [:account]).to_a.presence || [@status.build_snapshot(at_time: @status.edited_at || @status.created_at)]
   end
+
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
 end

app/controllers/api/v1/statuses/mutes_controller.rb

@@ -1,8 +1,11 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::MutesController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::MutesController < Api::BaseController
+  include Authorization
+
   before_action -> { doorkeeper_authorize! :write, :'write:mutes' }
   before_action :require_user!
+  before_action :set_status
   before_action :set_conversation
 
   def create
@@ -21,6 +24,13 @@ class Api::V1::Statuses::MutesController < Api::V1::Statuses::BaseController
 
   private
 
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
+
   def set_conversation
     @conversation = @status.conversation
     raise Mastodon::ValidationError if @conversation.nil?

app/controllers/api/v1/statuses/pins_controller.rb

@@ -1,8 +1,11 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::PinsController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::PinsController < Api::BaseController
+  include Authorization
+
   before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
   before_action :require_user!
+  before_action :set_status
 
   def create
     StatusPin.create!(account: current_account, status: @status)
@@ -23,6 +26,10 @@ class Api::V1::Statuses::PinsController < Api::V1::Statuses::BaseController
 
   private
 
+  def set_status
+    @status = Status.find(params[:status_id])
+  end
+
   def distribute_add_activity!
     json = ActiveModelSerializers::SerializableResource.new(
       @status,

app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::RebloggedByAccountsController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
+  include Authorization
+
   before_action -> { authorize_if_got_token! :read, :'read:accounts' }
+  before_action :set_status
   after_action :insert_pagination_headers
 
   def index
@@ -54,6 +57,13 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::V1::Statuses::Base
     @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
   end
 
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
+
   def pagination_params(core_params)
     params.slice(:limit).permit(:limit).merge(core_params)
   end

app/controllers/api/v1/statuses/reblogs_controller.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::ReblogsController < Api::BaseController
+  include Authorization
   include Redisable
   include Lockable
 
   before_action -> { doorkeeper_authorize! :write, :'write:statuses' }
   before_action :require_user!
   before_action :set_reblog, only: [:create]
-  skip_before_action :set_status
 
   override_rate_limit_headers :create, family: :statuses
 

app/controllers/api/v1/statuses/sources_controller.rb

@@ -1,9 +1,21 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::SourcesController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::SourcesController < Api::BaseController
+  include Authorization
+
   before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
+  before_action :set_status
 
   def show
     render json: @status, serializer: REST::StatusSourceSerializer
   end
+
+  private
+
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
 end

app/controllers/api/v1/statuses/translations_controller.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
-class Api::V1::Statuses::TranslationsController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::TranslationsController < Api::BaseController
+  include Authorization
+
   before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
+  before_action :set_status
   before_action :set_translation
 
   rescue_from TranslationService::NotConfiguredError, with: :not_found
@@ -21,6 +24,13 @@ class Api::V1::Statuses::TranslationsController < Api::V1::Statuses::BaseControl
 
   private
 
+  def set_status
+    @status = Status.find(params[:status_id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
+  end
+
   def set_translation
     @translation = TranslateStatusService.new.call(@status, content_locale)
   end

app/controllers/application_controller.rb

@@ -13,7 +13,6 @@ class ApplicationController < ActionController::Base
   include ThemingConcern
   include DatabaseHelper
   include AuthorizedFetchHelper
-  include SelfDestructHelper
 
   helper_method :current_account
   helper_method :current_session
@@ -42,8 +41,6 @@ class ApplicationController < ActionController::Base
     service_unavailable
   end
 
-  before_action :check_self_destruct!
-
   before_action :store_referrer, except: :raise_not_found, if: :devise_controller?
   before_action :require_functional!, if: :user_signed_in?
 
@@ -172,18 +169,6 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  def check_self_destruct!
-    return unless self_destruct?
-
-    respond_to do |format|
-      format.any do
-        use_pack 'error'
-        render 'errors/self_destruct', layout: 'auth', status: 410, formats: [:html]
-      end
-      format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[410] }, status: code }
-    end
-  end
-
   def set_cache_control_defaults
     response.cache_control.replace(private: true, no_store: true)
   end

app/controllers/auth/challenges_controller.rb

@@ -8,7 +8,6 @@ class Auth::ChallengesController < ApplicationController
   before_action :set_pack
   before_action :authenticate_user!
 
-  skip_before_action :check_self_destruct!
   skip_before_action :require_functional!
 
   def create

app/controllers/auth/confirmations_controller.rb

@@ -13,7 +13,6 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
   before_action :extend_csp_for_captcha!, only: [:show, :confirm_captcha]
   before_action :require_captcha_if_needed!, only: [:show]
 
-  skip_before_action :check_self_destruct!
   skip_before_action :require_functional!
 
   def show
@@ -40,12 +39,6 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
     show
   end
 
-  def redirect_to_app?
-    truthy_param?(:redirect_to_app)
-  end
-
-  helper_method :redirect_to_app?
-
   private
 
   def require_captcha_if_needed!
@@ -93,7 +86,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
   end
 
   def after_confirmation_path_for(_resource_name, user)
-    if user.created_by_application && redirect_to_app?
+    if user.created_by_application && truthy_param?(:redirect_to_app)
       user.created_by_application.confirmation_redirect_uri
     elsif user_signed_in?
       web_url('start')

app/controllers/auth/omniauth_callbacks_controller.rb

@@ -1,13 +1,12 @@
 # frozen_string_literal: true
 
 class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
-  skip_before_action :check_self_destruct!
   skip_before_action :verify_authenticity_token
 
   def self.provides_callback_for(provider)
     define_method provider do
       @provider = provider
-      @user = User.find_for_oauth(request.env['omniauth.auth'], current_user)
+      @user = User.find_for_omniauth(request.env['omniauth.auth'], current_user)
 
       if @user.persisted?
         record_login_activity
@@ -17,6 +16,9 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
         session["devise.#{provider}_data"] = request.env['omniauth.auth']
         redirect_to new_user_registration_url
       end
+    rescue ActiveRecord::RecordInvalid
+      flash[:alert] = I18n.t('devise.failure.omniauth_user_creation_failure') if is_navigational_format?
+      redirect_to new_user_session_url
     end
   end
 

app/controllers/auth/passwords_controller.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 class Auth::PasswordsController < Devise::PasswordsController
-  skip_before_action :check_self_destruct!
   before_action :check_validity_of_reset_password_token, only: :edit
   before_action :set_pack
   before_action :set_body_classes

app/controllers/auth/registrations_controller.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 class Auth::RegistrationsController < Devise::RegistrationsController
-  include RegistrationHelper
   include RegistrationSpamConcern
 
   layout :determine_layout
@@ -12,6 +11,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   before_action :set_pack
   before_action :set_sessions, only: [:edit, :update]
   before_action :set_strikes, only: [:edit, :update]
+  before_action :set_instance_presenter, only: [:new, :create, :update]
   before_action :set_body_classes, only: [:new, :create, :edit, :update]
   before_action :require_not_suspended!, only: [:update]
   before_action :set_cache_headers, only: [:edit, :update]
@@ -19,7 +19,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   before_action :require_rules_acceptance!, only: :new
   before_action :set_registration_form_time, only: :new
 
-  skip_before_action :check_self_destruct!, only: [:edit, :update]
   skip_before_action :require_functional!, only: [:edit, :update]
 
   def new
@@ -84,7 +83,19 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   end
 
   def check_enabled_registrations
-    redirect_to root_path unless allowed_registration?(request.remote_ip, @invite)
+    redirect_to root_path if single_user_mode? || omniauth_only? || !allowed_registrations? || ip_blocked?
+  end
+
+  def allowed_registrations?
+    Setting.registrations_mode != 'none' || @invite&.valid_for_use?
+  end
+
+  def omniauth_only?
+    ENV['OMNIAUTH_ONLY'] == 'true'
+  end
+
+  def ip_blocked?
+    IpBlock.where(severity: :sign_up_block).where('ip >>= ?', request.remote_ip.to_s).exists?
   end
 
   def invite_code
@@ -101,6 +112,10 @@ class Auth::RegistrationsController < Devise::RegistrationsController
     use_pack %w(edit update).include?(action_name) ? 'admin' : 'auth'
   end
 
+  def set_instance_presenter
+    @instance_presenter = InstancePresenter.new
+  end
+
   def set_body_classes
     @body_classes = %w(edit update).include?(action_name) ? 'admin' : 'lighter'
   end

app/controllers/auth/sessions_controller.rb

@@ -3,7 +3,6 @@
 class Auth::SessionsController < Devise::SessionsController
   layout 'auth'
 
-  skip_before_action :check_self_destruct!
   skip_before_action :require_no_authentication, only: [:create]
   skip_before_action :require_functional!
   skip_before_action :update_user_sign_in
@@ -13,6 +12,7 @@ class Auth::SessionsController < Devise::SessionsController
 
   include TwoFactorAuthenticationConcern
 
+  before_action :set_instance_presenter, only: [:new]
   before_action :set_body_classes
 
   content_security_policy only: :new do |p|
@@ -104,6 +104,10 @@ class Auth::SessionsController < Devise::SessionsController
     use_pack 'auth'
   end
 
+  def set_instance_presenter
+    @instance_presenter = InstancePresenter.new
+  end
+
   def set_body_classes
     @body_classes = 'lighter'
   end

app/controllers/backups_controller.rb

@@ -3,7 +3,6 @@
 class BackupsController < ApplicationController
   include RoutingHelper
 
-  skip_before_action :check_self_destruct!
   skip_before_action :require_functional!
 
   before_action :authenticate_user!

app/controllers/concerns/account_controller_concern.rb

@@ -9,11 +9,17 @@ module AccountControllerConcern
   FOLLOW_PER_PAGE = 12
 
   included do
+    before_action :set_instance_presenter
+
     after_action :set_link_headers, if: -> { request.format.nil? || request.format == :html }
   end
 
   private
 
+  def set_instance_presenter
+    @instance_presenter = InstancePresenter.new
+  end
+
   def set_link_headers
     response.headers['Link'] = LinkHeader.new(
       [

app/controllers/concerns/api/content_security_policy.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-module Api::ContentSecurityPolicy
-  extend ActiveSupport::Concern
-
-  included do
-    content_security_policy do |policy|
-      # Set every directive that does not have a fallback
-      policy.default_src :none
-      policy.frame_ancestors :none
-      policy.form_action :none
-
-      # Disable every directive with a fallback to cut on response size
-      policy.base_uri false
-      policy.font_src false
-      policy.img_src false
-      policy.style_src false
-      policy.media_src false
-      policy.frame_src false
-      policy.manifest_src false
-      policy.connect_src false
-      policy.script_src false
-      policy.child_src false
-      policy.worker_src false
-    end
-  end
-end

app/controllers/concerns/cache_concern.rb

@@ -92,10 +92,18 @@ module CacheConcern
         arguments
       end
 
-      def attributes_for_database(record)
-        attributes = record.attributes_for_database
-        attributes.transform_values! { |attr| attr.is_a?(::ActiveModel::Type::Binary::Data) ? attr.to_s : attr }
-        attributes
+      if Rails.gem_version >= Gem::Version.new('7.0')
+        def attributes_for_database(record)
+          attributes = record.attributes_for_database
+          attributes.transform_values! { |attr| attr.is_a?(::ActiveModel::Type::Binary::Data) ? attr.to_s : attr }
+          attributes
+        end
+      else
+        def attributes_for_database(record)
+          attributes = record.instance_variable_get(:@attributes).send(:attributes).transform_values(&:value_for_database)
+          attributes.transform_values! { |attr| attr.is_a?(::ActiveModel::Type::Binary::Data) ? attr.to_s : attr }
+          attributes
+        end
       end
 
       def deserialize_record(class_name, attributes_from_database, new_record = false) # rubocop:disable Style/OptionalBooleanParameter

app/controllers/concerns/export_controller_concern.rb

@@ -7,7 +7,6 @@ module ExportControllerConcern
     before_action :authenticate_user!
     before_action :load_export
 
-    skip_before_action :check_self_destruct!
     skip_before_action :require_functional!
   end
 

app/controllers/concerns/signature_verification.rb

@@ -250,7 +250,7 @@ module SignatureVerification
       stoplight_wrap_request { ResolveAccountService.new.call(key_id.delete_prefix('acct:'), suppress_errors: false) }
     elsif !ActivityPub::TagManager.instance.local_uri?(key_id)
       account   = ActivityPub::TagManager.instance.uri_to_actor(key_id)
-      account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, id: false, suppress_errors: false) }
+      account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) }
       account
     end
   rescue Mastodon::PrivateNetworkAddressError => e

app/controllers/concerns/two_factor_authentication_concern.rb

@@ -5,7 +5,6 @@ module TwoFactorAuthenticationConcern
 
   included do
     prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
-    helper_method :webauthn_enabled?
   end
 
   def two_factor_enabled?
@@ -90,10 +89,4 @@ module TwoFactorAuthenticationConcern
 
     set_locale { render :two_factor }
   end
-
-  protected
-
-  def webauthn_enabled?
-    @webauthn_enabled
-  end
 end

app/controllers/concerns/web_app_controller_concern.rb

@@ -4,11 +4,11 @@ module WebAppControllerConcern
   extend ActiveSupport::Concern
 
   included do
-    vary_by 'Accept, Accept-Language, Cookie'
-
-    before_action :redirect_unauthenticated_to_permalinks!
+    prepend_before_action :redirect_unauthenticated_to_permalinks!
     before_action :set_pack
     before_action :set_app_body_class
+
+    vary_by 'Accept, Accept-Language, Cookie'
   end
 
   def skip_csrf_meta_tags?
@@ -23,10 +23,8 @@ module WebAppControllerConcern
     return if user_signed_in? # NOTE: Different from upstream because we allow moved users to log in
 
     redirect_path = PermalinkRedirector.new(request.path).redirect_path
-    return if redirect_path.blank?
 
-    expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
-    redirect_to(redirect_path)
+    redirect_to(redirect_path) if redirect_path.present?
   end
 
   def set_pack

app/controllers/follower_accounts_controller.rb

@@ -3,6 +3,7 @@
 class FollowerAccountsController < ApplicationController
   include AccountControllerConcern
   include SignatureVerification
+  include WebAppControllerConcern
 
   vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
 

app/controllers/following_accounts_controller.rb

@@ -3,6 +3,7 @@
 class FollowingAccountsController < ApplicationController
   include AccountControllerConcern
   include SignatureVerification
+  include WebAppControllerConcern
 
   vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
 

app/controllers/home_controller.rb

@@ -3,7 +3,15 @@
 class HomeController < ApplicationController
   include WebAppControllerConcern
 
+  before_action :set_instance_presenter
+
   def index
     expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
   end
+
+  private
+
+  def set_instance_presenter
+    @instance_presenter = InstancePresenter.new
+  end
 end

app/controllers/privacy_controller.rb

@@ -5,7 +5,15 @@ class PrivacyController < ApplicationController
 
   skip_before_action :require_functional!
 
+  before_action :set_instance_presenter
+
   def show
     expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
   end
+
+  private
+
+  def set_instance_presenter
+    @instance_presenter = InstancePresenter.new
+  end
 end

app/controllers/settings/exports_controller.rb

@@ -5,7 +5,6 @@ class Settings::ExportsController < Settings::BaseController
   include Redisable
   include Lockable
 
-  skip_before_action :check_self_destruct!
   skip_before_action :require_functional!
 
   def show