summaryrefslogtreecommitdiff
path: root/packages (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix(backend): ↵かっこかり2024-11-221-5/+9
| | | | | | | | | | | | | | | | | | | Inboxのエラーをthrowせずreturnしている問題を修正 (#15022) * fix exception handling for Like activities (cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91) * fix exception handling for Announce activities (cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b) * fix exception handling for Undo activities * Update Changelog --------- Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* Bump version to 2024.11.0-beta.4github-actions[bot]2024-11-211-1/+1
|
* Bump version to 2024.11.0-alpha.3github-actions[bot]2024-11-211-1/+1
|
* fix(backend): fix apResolver (#15010)かっこかり2024-11-212-3/+5
| | | | | | | | | * fix(backend): fix apResolver * fix * add comments * tweak comment
* fix(backend): fix type error(s) in security fixes (#15009)かっこかり2024-11-215-19/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix type error in security fixes (cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205) * Fix error in test function calls (cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b) * Fix style error (cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a) * Fix another style error (cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a) * Fix `.punyHost` misuse (cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42) * attempt to fix test: make yaml valid --------- Co-authored-by: Julia Johannesen <julia@insertdomain.name>
* fix(backend): fix security patches (#15008)かっこかり2024-11-212-3/+3
|
* fix ap/showsyuilo2024-11-211-1/+1
|
* fix(backend): use atomic command to improve securitysyuilo2024-11-211-3/+1
| | | | Co-Authored-By: Acid Chicken <root@acid-chicken.com>
* Merge commit from forkrectcoordsystem2024-11-214-36/+123
| | | | | | | | | | | | | | | | | | | | * fix(backend): check target IP before sending HTTP request * fix(backend): allow accessing private IP when testing * Apply suggestions from code review Co-authored-by: anatawa12 <anatawa12@icloud.com> * fix(backend): lint and typecheck * fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService) * fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses --------- Co-authored-by: anatawa12 <anatawa12@icloud.com> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Merge commit from forkJulia2024-11-212-8/+23
| | | | | | | | | * Fix poll update spoofing * fix: Disallow negative poll counts --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Merge commit from forkJulia2024-11-2115-76/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * enhance: Add a few validation fixes from Sharkey See the original MR on the GitLab instance: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484 Co-Authored-By: Dakkar <dakkar@thenautilus.net> * fix: primitive 2: acceptance of cross-origin alternate Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 3: validation of non-final url * fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities * fix: primitives 5 & 8: reject activities with non string identifiers Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 6: reject anonymous objects that were fetched by their id * fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections * fix: code style for primitive 14 * fix: primitive 15: improper same-origin validation for note uri and url Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 16: improper same-origin validation for user uri and url * fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array * fix: code style for primitive 17 * fix: check attribution against actor in notes While this isn't strictly required to fix the exploits at hand, this mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a preemptive countermeasure. * fix: primitive 18: `ap/get` bypasses access checks One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else. * fix: primitive 19 & 20: respect blocks and hide more Ideally, the user property should also be hidden (as leaving it in leaks information slightly), but given the schema of the note endpoint, I don't think that would be possible without introducing some kind of "ghost" user, who is attributed for posts by users who have you blocked. * fix: primitives 21, 22, and 23: reuse resolver This also increases the default `recursionLimit` for `Resolver`, as it theoretically will go higher that it previously would and could possibly fail on non-malicious collection activities. * fix: primitives 25-33: proper local instance checks * revert: fix: primitive 19 & 20 This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c. --------- Co-authored-by: Dakkar <dakkar@thenautilus.net> Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Fix: ↵Sayamame-beans2024-11-211-4/+14
| | | | | | | リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) * fix(backend): renoteMute doesn't work for note notification * docs(changelog): update changelog
* perf(frontend): reduce api requests for non-logged-in enviroment (#15001)syuilo2024-11-216-7/+76
| | | | | | | * wip * Update CHANGELOG.md * wip
* feat: 絵文字のポップアップメニューに編集を追加 (#15004)鴇峰 朔華2024-11-202-5/+52
| | | | | | | | | * Mod: 絵文字のポップアップメニューに編集を追加 * fix: code styleの修正 * fix: code styleの修正 * fix
* Fix(backend): ↵zawa-ch.2024-11-192-3/+3
| | | | | | | アカウント削除のモデレーションログが動作していないのを修正 (#14996) (#14997) * アカウント削除のモデレーションログが動作していないのを修正 * update CHANGELOG
* Bump version to 2024.11.0-alpha.2github-actions[bot]2024-11-191-1/+1
|
* refactor(backend): ↵おさむのひと2024-11-195-29/+63
| | | | SystemWebhookで送信されるペイロードの型を追加 (#14980)
* リノートメニューに「リノートの詳細」を追加 (#14985)FineArchs2024-11-191-0/+10
| | | | | | | | | | | | | | | * add renote-detail menu * changelog * Apply suggestions from code review Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * Update CHANGELOG.md --------- Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
* fix(backend): ↵饺子w (Yumechi)2024-11-192-3/+4
| | | | | | | | | | | | | | | | お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990) * fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * Update CHANGELOG.md Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp> Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
* fix(frontend): ↵かっこかり2024-11-192-5/+9
| | | | | | | | | | | | | | | TypeScriptの型チェック対象ファイルを限定して高速化するように (#14994) * fix frontend tsconfig includes * fix frontend-embed tsconfig includes * fix eslint in frontend / frontend-embed * Update Changelog --------- Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* enhance(frontend): ↵おさむのひと2024-11-182-7/+64
| | | | | | | | | | | | | | | | | | | | | デッキ表示時にサイドバーを展開・折りたたみできるように (#14983) * enhance(frontend): デッキ表示時にサイドバーを展開・折りたたみできるように * wip * wip * Update navbar.vue * ✌️ * Update CHANGELOG.md * 🎨 --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* 🎨syuilo2024-11-161-1/+15
|
* fix(backend): fallback sharedInbox to null in ApPersonService (#14970)CDN2024-11-161-3/+3
|
* add warning for open registration (#14963)syuilo2024-11-161-4/+17
| | | | | | | | | | | * wip * wip * Update ja-JP.yml * Update index.d.ts * ✌️
* 🎨syuilo2024-11-161-3/+3
|
* use execa 8.0.1syuilo2024-11-154-4/+4
| | | | #14966
* Revert "use nodemon 3.0.2"syuilo2024-11-157-7/+7
| | | | This reverts commit ce1f84e5a3c4c906ca611a4c4aa558f5012394d9.
* use nodemon 3.0.2syuilo2024-11-157-7/+7
| | | | #14966
* Bump version to 2024.11.0-alpha.1github-actions[bot]2024-11-151-1/+1
|
* Merge branch 'develop' of https://github.com/misskey-dev/misskey into developsyuilo2024-11-1511-38/+256
|\
| * feat: 送信したフォローリクエストを確認できるように ↵かっこかり2024-11-1511-38/+256
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#14856) * FEAT: Allow users to view pending follow requests they sent This commit implements the `following/requests/sent` interface firstly implemented on Firefish, and provides a UI interface to view the pending follow requests users sent. * ux: should not show follow requests tab when have no pending sent follow req * fix default followreq tab * fix default followreq tab * restore missing hasPendingReceivedFollowRequest in navbar * refactor * use tabler icons * tweak design * Revert "ux: should not show follow requests tab when have no pending sent follow req" This reverts commit e580b92c37f27c2849c6d27e22ca4c47086081bb. * Update Changelog * Update Changelog * change tab titles --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com> Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* | chore(frontend): tweak animation stylesyuilo2024-11-151-9/+6
|/
* update deps (#14950)syuilo2024-11-159-119/+119
| | | | | | | | | | | | | | | | | * update deps * wip * Revert "wip" This reverts commit 393de249fe248ae181221266e0b7828a3ac53152. * wip * wip * wip * wip
* fix(frontend): ↵かっこかり2024-11-151-0/+1
| | | | | | | | | | | | | スマホで表示した時にipv6だとはみ出てしまうのを修正 (#14960) * fix(frontend): スマホで表示した時にipv6だとはみ出てしまうのを修正 (MisskeyIO#815) (cherry picked from commit aec01dd4adda8e975da523c5bea329120e689569) * Update Changelog --------- Co-authored-by: sleep-moe <yukikum57@gmail.com>
* Enhance(frontend): ノート詳細画面にロールのバッジを表示 ↵shimmar2024-11-131-1/+26
| | | | | | | (#14946) * enhance(frontend): ノートの詳細画面にロールのバッジを表示(#14058) * Update CHANGELOG.md
* fix(backend): Webhook Test一致性 (#14863)饺子w (Yumechi)2024-11-126-27/+47
| | | | | | | | | | | | | * fix(backend): Webhook Test一致性 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * UserWebhookPayload<'followed'> 修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* Merge branch 'develop' of https://github.com/misskey-dev/misskey into developsyuilo2024-11-1124-69/+206
|\
| * fix(frontend): ↵かっこかり2024-11-101-1/+3
| | | | | | | | | | | | | | | | | | メールアドレス登録有効化時の「完了」ダイアログボックスの表示条件を修正 (#14928) * fix(frontend): メールアドレス登録有効化時の「完了」ダイアログボックスの表示条件を修正 * Update MkSignupDialog.form.vue * fix condition
| * Bump version to 2024.11.0-alpha.0github-actions[bot]2024-11-091-1/+1
| |
| * Bump version to 2024.10.2-alpha.3github-actions[bot]2024-11-091-1/+1
| |
| * fix(backend): ↵かっこかり2024-11-091-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (#14879) * fix: make sure mentions of local users get rendered correctly during AP delivery (resolves #645) * Update Changelog * indent --------- Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
| * refactor(frontend): 動画UIのフルスクリーン周りの調整 (#14877)かっこかり2024-11-095-40/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * refactor(frontend): フルスクリーン周りの調整 (cherry picked from commit 783032caec5853d78d5af3391e29cf364f2282e8) * refactor(frontend): deviceKindの循環参照を除去 (cherry picked from commit 1ca471f57e968a1a6e2259bde4a7c6da1fe0c54e) * fix --------- Co-authored-by: taiyme <53635909+taiyme@users.noreply.github.com>
| * enhance(backend) : ↵momoirodouhu2024-11-092-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) (#14897) * enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) * オリジンリダイレクトのテストをtodoとして追加。 e2eテストにリモートユーザー考慮のテストがなさそうなので。 次のコマンドで動くことは確認済みです。 curl "http://localhost:3000/@foo@bar" -H "accept: application/activity+json" -L * Acctのパースを既存のパーサーでするように修正 * lint
| * enhance(frontend): ↵かっこかり2024-11-094-3/+60
| | | | | | | | | | | | | | 個別お知らせページではmetaタグを出力するように (#14902) * enhance(frontend): 個別お知らせページではmetaタグを出力するように * Update Changelog
| * fix(frontend): ↵かっこかり2024-11-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 外部URLへのリダイレクトのバリデーションを強化 (#14919) * Fix code scanning alert no. 25: Incomplete URL scheme check (MisskeyIO#799) * Fix code scanning alert no. 26: Incomplete URL scheme check Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Fix code scanning alert no. 25: Incomplete URL scheme check Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> (cherry picked from commit 7d7552e076c0152a5966e919be0e9a60b3736208) * :v: --------- Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
| * fix(backend): SQLのサニタイズを強化 (#14920)かっこかり2024-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> (cherry picked from commit 443335c662b14f609d6a81a8f3807e95709aebc1) * :v: --------- Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
| * fix(backend): ↵4ster1sk2024-11-071-1/+1
| | | | | | | | followedMessageではなくdescriptionになっていたのを修正 (#14908)
| * fix(backend): ↵4ster1sk2024-11-071-0/+6
| | | | | | | | フォロワーへのメッセージの絵文字をemojisに含めるように (#14904)
| * chore: little type trick in pizzax.ts (#14891)Linca2024-11-061-4/+8
| | | | | | Make `makeGetterSetter` take the correct type associated with getter and setter
| * fix(backend): ↵かっこかり2024-11-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (#14878) * fix: return getfromdb when FanoutTimeline is not enabled * Update Changelog * fix --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com>
generated by cgit v1.3.1-freya (git 2.54.0) at 2026-06-03 05:50:55 +0000