Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(backend): fix type error(s) in security fixes #15009

Merged
merged 6 commits into from
Nov 21, 2024

Conversation

kakkokari-gtyih
Copy link
Contributor

@kakkokari-gtyih kakkokari-gtyih commented Nov 21, 2024

What

Why

Additional info (optional)

CIが通るまで待つ

Checklist

  • Read the contribution guide
  • Test working in a local environment
  • (If needed) Add story of storybook
  • (If needed) Update CHANGELOG.md
  • (If possible) Add tests

(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)
(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)
(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)
(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)
@github-actions github-actions bot added packages/backend Server side specific issue/PR packages/backend:test labels Nov 21, 2024
Copy link
Contributor

github-actions bot commented Nov 21, 2024

このPRによるapi.jsonの差分
差分はありません。
Get diff files from Workflow Page

Copy link

codecov bot commented Nov 21, 2024

Codecov Report

Attention: Patch coverage is 43.75000% with 9 lines in your changes missing coverage. Please review.

Project coverage is 39.86%. Comparing base (53e827b) to head (99884c2).
Report is 1 commits behind head on develop.

Files with missing lines Patch % Lines
packages/backend/src/core/HttpRequestService.ts 16.66% 5 Missing ⚠️
...end/src/core/activitypub/models/ApPersonService.ts 66.66% 3 Missing ⚠️
...kages/backend/src/core/RemoteUserResolveService.ts 0.00% 1 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##           develop   #15009       +/-   ##
============================================
+ Coverage    19.33%   39.86%   +20.53%     
============================================
  Files          728     1563      +835     
  Lines       103798   197735    +93937     
  Branches       991     3634     +2643     
============================================
+ Hits         20066    78836    +58770     
- Misses       83178   118324    +35146     
- Partials       554      575       +21     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.


🚨 Try these New Features:

K4rakara and others added 2 commits November 21, 2024 11:31
(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)
@syuilo syuilo merged commit 3a6c2aa into misskey-dev:develop Nov 21, 2024
31 of 32 checks passed
@syuilo
Copy link
Member

syuilo commented Nov 21, 2024

🙏

@kakkokari-gtyih kakkokari-gtyih deleted the fix-sec-1 branch November 21, 2024 03:10
HotoRas pushed a commit to HotoRas/misskey-neko that referenced this pull request Nov 24, 2024
* Fix type error in security fixes

(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)

* Fix error in test function calls

(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)

* Fix style error

(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)

* Fix another style error

(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)

* Fix `.punyHost` misuse

(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)

* attempt to fix test: make yaml valid

---------

Co-authored-by: Julia Johannesen <[email protected]>
mattyatea added a commit to Type4ny-Project/Type4ny that referenced this pull request Dec 3, 2024
* wip (misskey-dev#14745)

* Bump version to 2024.10.1-beta.3

* fix(backend): キューのエラーログを簡略化するように (misskey-dev#14748)

* reduce federation log spam

* Don't record stack trace for unrecoverable errors.
* Avoid logging duplicate stace traces.

(cherry picked from commit ed05701)

* improve error summaries

(cherry picked from commit 20dd66f)

* fix lint errors

(cherry picked from commit 83869e1)

* condense job info

(cherry picked from commit 786702e)

* fix maxAttempts calculation

(cherry picked from commit b4d10aa)

* condense error info

(cherry picked from commit f62cd89)

* normalize ID logging

(cherry picked from commit d8e1e48)

* further condense error details

(cherry picked from commit d867c20)

* collapse AbortErrors

(cherry picked from commit 5171ba7)

* don't log job name unless it has one

(cherry picked from commit a5316c0)

* Update Changelog

* Record origin

---------

Co-authored-by: Hazel K <[email protected]>

* Update about-misskey.vue

* Update index.d.ts

* fix(frontend): fix style

Fix misskey-dev#14754

* 🎨

* refactor: MkStickyContainerで<style />を使う (misskey-dev#14755)

* remove rootEL ref

* use css module

* use v-bind in css

* --MI prefix

* remove unused ref

---------

Co-authored-by: syuilo <[email protected]>

* 🎨

* feat: ユーザーの名前に禁止ワードを設定できるように (misskey-dev#14756)

* wip

* 🎨

* Enhance: モデレーター以上は制限の影響を受けないように

* refactor

* better error handling

* fix

* Revert "better error handling"

This reverts commit 5670b29.

* error handling

* エラーが出ないのを修正

* translation

* Update Changelog

* status code

* ✌️

* モデレーター以上は影響ないことを明記

* 🎨

* update changelog

* spdx

* Update update.ts

* refactor

* eliminate `screen name`

* remove untracked file

---------

Co-authored-by: KanariKanaru <[email protected]>

* feat: リモートサーバーのサーバー情報を収集しないオプション (misskey-dev#14634)

* wip

* wip

* Update FetchInstanceMetadataService.ts

* Update FetchInstanceMetadataService.ts

* Update types.ts

* refactor(backend): remove unnecessary .then

* feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知 (misskey-dev#14757)

* feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知

* fix misskey-js.api.md

* Revert "feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知"

This reverts commit 3ab953b.

* 通知をやめてユーザ単位でのお知らせ機能に変更

* テスト用実装を戻す

* Update packages/backend/src/queue/processors/CheckModeratorsActivityProcessorService.ts

Co-authored-by: syuilo <[email protected]>

* fix remove empty then

---------

Co-authored-by: syuilo <[email protected]>

* Bump version to 2024.10.1-beta.4

* fix(frontend): 使用されているexposeを復活させる (misskey-dev#14764)

* fix(frontend): タイムラインで、広告がない際にも広告のwrapperが出てしまうのを修正 (misskey-dev#14763)

* fix(backend): RBT有効時、リノートのリアクションが反映されない問題を修正

* perf(frontend): ノートのレンダリングをスキップできるように

* New Crowdin updates (misskey-dev#14753)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Italian)

* New translations ja-jp.yml (Italian)

* enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように (misskey-dev#14762)

* enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように

* Update Changelog

* enhance(frontend): アーカイブ済みのものを読み込めるように

* Update Changelog

* fix changelog

* 🎨

* Bump version to 2024.10.1-beta.5

* perf(frontend): improve notification rendering performance

* perf(frontend-embed): improve note rendering performance

* perf(frontend): make skipNoteRender on by default

* Update CHANGELOG.md

* Bump version to 2024.10.1-beta.6

* 🎨

* refactor

* Revert "refactor"

This reverts commit 7fd8ef3.

* refactor(backend): remove unnecessary any

* add note

* add note

* Update CHANGELOG.md

* Update CHANGELOG.md

* fix(frontend): blinkアニメーションが動作していないのを修正

* test(backend): add federation test (misskey-dev#14582)

* test(backend): add federation test

* fix(ci): install pnpm

* fix(ci): cd

* fix(ci): build entire project

* fix(ci): skip frontend build

* fix(ci): pull submodule when checkout

* chore: show log for debugging

* Revert "chore: show log for debugging"

This reverts commit a930964.

* fix(ci): build entire project

* chore: omit unused globals

* refactor: use strictEqual and simplify some asserts

* test: follow requests

* refactor: add resolveRemoteNote function

* refactor: refine resolveRemoteUser function

* refactor: cache admin credentials

* refactor: simplify assertion with excluded fields

* refactor: use assert

* test: note

* chore: labeler detect federation

* test: blocking

* test: move

* fix: use appropriate TLD

* chore: shorter purge interval

* fix(ci): change TLD

* refactor: delete trivial comment

* test(user): isCat

* chore: use jest

* chore: omit logs

* chore: add memo

* fix(ci): omit unnecessary build

* test: pinning Note

* fix: build daemon in container

* style: indent

* test(streaming): timeline

* chore: rename

* fix: delete role after test

* refactor: resolve users by uri

* fix: delete antenna after test

* test: api timeline

* test: Note deletion

* refactor: sleep function

* test: notification

* style: indent

* refactor: type-safe host

* docs: update description

* refactor: resolve function params

* fix(block): wrong test name

* fix: invalid type

* fix: longer timeout for fire testing

* test(timeline): hashtag

* test(note): vote delivery

* fix: wrong description

* fix: hashtag channel param type

* refactor: wrap basic cases

* test(timeline): add homeTimeline tests

* fix(timeline): correct wrong case and description

* test(notification): add tests for Note

* refactor(user): wrap profile consistency with describe

* chore(note): add issue link

* test(timeline): add test

* test(user): suspension

* test: emoji

* refactor: fetch admin first

* perf: faster tests

* test(drive): sensitive flag

* test(emoji): add tests

* chore: ignore .config/docker.env

* chore: hard-coded tester IP address

* test(emoji): custom emoji are surrounded by zero width space

* refactor: client and username as property

* test(notification): mute

* fix(notification): correct description

* test(block): mention

* refactor(emoji): addCustomEmoji function

* fix: typo

* test(note): add reaction tests

* test(timeline): Note deletion

* fix: unnecessary ts-expect-error

* refactor: unnecessary fetch mocking

* chore: add TODO comments

* test(user): deletion

* chore: enable --frozen-lockfile

* fix(ci): copying configs

* docs: update CONTRIBUTING.md

* docs: fix typo

* chore: set default sleep duration

* fix(notification): omit flaky tests

* fix(notification): correct type

* test(notification): add api endpoint tests

* chore: remove redundant mute test

* refactor: use param client

* fix: start timer after trigger

* refactor: remove unnecessary any

* chore: shorter timeout for checking if fired

* fix(block): remove outdated comment

* refactor: shorten remote user variable name

* refactor(block): use existing function

* refactor: file upload

* docs: update description

* test(user): ffVisibility

* fix: `/api/signin` -> `/api/signin-flow`

* test: abuse report

* refactor: use existing type

* refactor: extract duplicate configs to template file

* fix: typo

* fix: avoid conflict

* refactor: change container dependency

* perf: start misskey parallelly

* fix: remove dependency

* chore(backend): add typecheck

* test: add check for misskey-dev#14728

* chore: enable eslint check

* perf: don't start linked services when test

* test(note): remote note deletion for moderation

* chore: define config template

* chore: write setup script

* refactor: omit unnecessary conditional

* refactor: clarify scope

* refactor: omit type assertion

* refactor: omit logs

* style

* refactor: redundant promise

* refactor: unnecessary imports

* refactor: use readable error code

* refactor: cache set in signin function

* refactor: optimize import

* Release: 2024.10.1

* [skip ci] Update CHANGELOG.md (prepend template)

* enhance(frontend): Bull Dashboard に relationship queue を追加 (misskey-dev#14777)

* spec(frontend): Bull Dashboard に relationship queue を追加 (MisskeyIO#751)

(cherry picked from commit a8bbccb)

* Update Changelog

* Update Changelog

---------

Co-authored-by: riku6460 <[email protected]>

* refactor(frontend): getBgColorを共通化 (misskey-dev#14782)

* refactor: getBgColor関数の切り出し + fix types (taiyme#291)

* move thing

* revert unnecesary changes

---------

Co-authored-by: taiy <[email protected]>

* refactor(frontend): ページ内でdocument.titleを直接操作させない, タイポ修正 など (taiyme#288) (misskey-dev#14778)

Co-authored-by: taiy <[email protected]>

* Enhance: ドライブでソートができるように  (misskey-dev#14801)

* Enhance: ドライブでソートができるように

* Update CHANGELOG.md

* 🎨

* fix(frontend): 通知の範囲指定が必要ない通知設定でも範囲指定がでている問題を修正 (misskey-dev#14798)

* fix(frontend): 通知の範囲指定が必要ない通知設定でも範囲指定がでている問題を修正

* Update Changelog

---------

Co-authored-by: syuilo <[email protected]>

* fix(frontend): Captcha のエラーハンドリング (misskey-dev#14811)

* fix(frontend): Captcha のエラーハンドリングを修正 (MisskeyIO#768)

(cherry picked from commit 88912d0)

* Update Changelog

* typo

---------

Co-authored-by: riku6460 <[email protected]>

* feat: ノートの閲覧にログイン必須にする設定 (misskey-dev#14799)

* wip

* wip

* wip

* Update packages/frontend/src/pages/note.vue

Co-authored-by: かっこかり <[email protected]>

* wip

* Update WebhookTestService.ts

* Update privacy.vue

* wip

* rename

* Update locales/ja-JP.yml

Co-authored-by: Sayamame-beans <[email protected]>

* 🎨

* wip

---------

Co-authored-by: かっこかり <[email protected]>
Co-authored-by: Sayamame-beans <[email protected]>

* refs#10866 投稿ダイアログでEscキーが押されたときIME入力中ならダイアログは閉じない (misskey-dev#14787)

* Update CHANGELOG.md

* fix(frontend): デッキのタイムラインカラムでwithSensitiveが利用できない問題を修正 (misskey-dev#14772)

* fix(frontend): デッキのタイムラインカラムでwithSensitiveが利用できない問題を修正

* Update Changelog

* Update Changelog

* Update packages/frontend/src/ui/deck/tl-column.vue

* docs: ActivityPub層の変更を含む場合にやるべきことを明文化 (misskey-dev#14812)

* fix(frontend): MkSelectでmodelValueが更新されない限り値を更新しないように

* fix(frontend): /iのレスポンスに含まれないプロパティが消えずに残り続ける問題を修正

* Misskeyの最新とマージ

* Revert "Enhance: リアクションミュート周りを改修 (#54)"

This reverts commit 98b0237.

* Revert "Feat(Frontend): リアクションミュート周りの仕様を変更"

This reverts commit 8056f82

* Revert "Feat(Frontend): リアクションミュートを実装"

This reverts commit 17312d1

* feat(frontend/reactions): リアクションミュート機能を追加しました (MisskeyIO#758)

* feat(frontend/reactions): リモートのリアクションのミュートの方法を変えた (MisskeyIO#762)

Co-authored-by: kabo2468 <[email protected]>

* fix(frontend/reactions): ローカルのカスタム絵文字のミュートが正常に機能しない問題を修正 (MisskeyIO#765)

MisskeyIO#762

* fix(frontend/reaction): リアクションのミュートのボタンのアイコンが逆になっている問題を修正 (MisskeyIO#767)

* feat(frontend/reactions): リアクションのミュートで通知からもミュートされるように (MisskeyIO#771)

* 1.2.0-beta

* Fix: 仮想スクロール機能を削除

* Fix: 仮想スクロール機能の削除

* Fix: 相乗りリアクションできない問題を修正

* Fix: 相乗りリアクションできない問題を修正

* feat: 過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (misskey-dev#14814)

* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* Update privacy.vue

* wip

* Bump version to 2024.10.2-alpha.0

* Merge commit from fork

[GHSA-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)

Signed-off-by: eternal-flame-AD <[email protected]>

* 連合できないバグを修正したい

* 連合できないバグを修正したい

* Revert "wip (misskey-dev#14643)"

This reverts commit f0d0cd2

* コミットミスの修正

* マージミスの修正

* Revert "feat: リモートサーバーのサーバー情報を収集しないオプション (misskey-dev#14634)"

This reverts commit ff47fef

* 連合できるようになってほしい

* インポートを忘れてた

* インポートを忘れてた

* インポートを忘れてた

* enhance(frontend): 「単なるラッキー」の調整 (misskey-dev#14807)

* enhance(frontend): 「単なるラッキー」の調整

* refactor

* comment

* Update Changelog

---------

Co-authored-by: syuilo <[email protected]>

* enhance(frontend): 外部アプリ認証画面の改良 (misskey-dev#14828)

* enhance(frontend): 外部アプリ認証画面の改良

* 🎨

* lint

* Update Changelog

* indent

* lint

* enhance: miauthのリダイレクト先をUI内でも表示するように

* 🎨

* fix

* fix

* fix(frontend): 管理画面のリンク切れを修正 (misskey-dev#14831)

* fix(frontend): 管理画面のリンク切れを修正

* Update Changelog

* fix(backend): 招待コード発行可能残り数算出に使用すべきロールポリシーの値が違うのを修正 (misskey-dev#14834)

* fix: should use invite limit cycle to calculate invite/limit

* Update Changelog

* Update changelog

---------

Co-authored-by: Lhc_fl <[email protected]>

* 🎨

misskey-dev#14828 のデザイン修正

* Bump version to 2024.10.2-alpha.1

* enhance(frontend): Self-XSS防止用のメッセージを追加 (misskey-dev#14839)

* enhance(frontend): Self-XSS防止用のメッセージを追加

* Update Changelog

* embedにも同様の記述を追加

* Fix:met

* Fix: SignupService.ts

* fix(misskey-js): WebSocketの型定義をReconnectingWebsocketに依存するように (misskey-dev#14850)

* fix(misskey-js): WebSocketの型定義をReconnectingWebsocketに依存するように

* Update Changelog

* run api extractor

* fix

* fix

* New Crowdin updates (misskey-dev#14767)

* New translations ja-jp.yml (Russian)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Thai)

* New translations ja-jp.yml (Thai)

* New translations ja-jp.yml (Japanese, Kansai)

* New translations ja-jp.yml (Italian)

* New translations ja-jp.yml (Italian)

* New translations ja-jp.yml (Japanese, Kansai)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Thai)

* New translations ja-jp.yml (Thai)

* New translations ja-jp.yml (Thai)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Japanese, Kansai)

* New translations ja-jp.yml (Korean (Gyeongsang))

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Spanish)

* New translations ja-jp.yml (Spanish)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Italian)

* New translations ja-jp.yml (Indonesian)

* New translations ja-jp.yml (Indonesian)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Hungarian)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Italian)

* New translations ja-jp.yml (Korean (Gyeongsang))

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Italian)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* enhance(i18n): カタルーニャ語を追加 (misskey-dev#14842)

* enhance(i18n): 対応言語の追加

* 翻訳進捗が70%に満たないものを除外

* Update Changelog

* 翻訳進捗が70%を超えたら導入の旨を明記

* typo

---------

Co-authored-by: syuilo <[email protected]>

* Update about-misskey.vue

* 🎨

* Remove undefined styles (misskey-dev#14858)

* enhance: アイコンデコレーション管理画面の改善

* fix: encode RSS uris with escape sequences before fetching (misskey-dev#14826)

Co-authored-by: syuilo <[email protected]>

* fix(backend): Accept arrays in ActivityPub `icon` and `image` properties (misskey-dev#14825)

This is allowed according to the Activity vocabulary: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon
The issue is noticeable in combination with Bridgy Fed: snarfed/bridgy-fed#1408

* enhance(backend): check_connect.js で全RedisとDBへの接続を確認するように (misskey-dev#14853)

* fix race conditions in check_connect.js

(cherry picked from commit 524ddb9)

* fix

* Update Changelog

---------

Co-authored-by: Hazelnoot <[email protected]>

* Bump version to 2024.10.2-alpha.2

* fix(frontend): 一部のノート表示で設定にかかわらずセンシティブなファイルを含むノートが最小化される問題を修正

Fix misskey-dev#14772 (comment)

* refactor(frontend): asとanyをすぐなおせる範囲で除去 (misskey-dev#14848)

* refactor(frontend): できるだけanyを除去

* refactor

* lint

* fix

* remove unused

* Update packages/frontend/src/components/MkReactionsViewer.details.vue

* Update packages/frontend/src/components/MkUsersTooltip.vue

---------

Co-authored-by: syuilo <[email protected]>

* refactor

* lint

* refactor

* Fix: EmailService.ts

* fix(frontend): withSensitiveフィルタ周りの挙動修正 (misskey-dev#14884)

* fix(frontend): withSensitiveフィルタ周りの挙動修正

* Update MkNote.vue

* fix(backend): ノートを連合する際にリモートユーザーのacctの大小文字を区別して処理している問題を修正 (misskey-dev#14880)

* fix: make sure outgoing remote mentions get resolved correctly if referenced with non-canonical casing (resolves misskey-dev#646)

* Update Changelog

* Update Changelog

* indent

---------

Co-authored-by: Laura Hausmann <[email protected]>

* Update InboxModerationEditorFormula.vue

* Fix: Inbox

* Fix: Inbox

* Fix: Inbox

* Fix: Inbox

* logs

* logs

* logs

* logs

* logs

* logs

* logs

* fix

* バグ修正

* logs

* logs

* logs

* logs

* logs

* fix

* fix

* fix(frontend): ノート投稿ボタンにホバー時のスタイルが適用されていない (misskey-dev#14887)

* fix(frontend): ノート投稿ボタンにホバー時のスタイルが適用されていない (misskey-dev#305)

(cherry picked from commit 711ab84)

* Update Changelog

---------

Co-authored-by: taiy <[email protected]>

* fix(backend): FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (misskey-dev#14878)

* fix: return getfromdb when FanoutTimeline is not enabled

* Update Changelog

* fix

---------

Co-authored-by: Lhc_fl <[email protected]>

* chore: little type trick in pizzax.ts (misskey-dev#14891)

Make `makeGetterSetter` take the correct type associated with getter and setter

* fix(backend): フォロワーへのメッセージの絵文字をemojisに含めるように (misskey-dev#14904)

* Update CHANGELOG.md

* fix(backend): followedMessageではなくdescriptionになっていたのを修正 (misskey-dev#14908)

* Update CONTRIBUTING.md

* fix(backend): SQLのサニタイズを強化 (misskey-dev#14920)

* Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit 443335c)

* ✌️

---------

Co-authored-by: あわわわとーにゅ <[email protected]>

* fix(frontend): 外部URLへのリダイレクトのバリデーションを強化 (misskey-dev#14919)

* Fix code scanning alert no. 25: Incomplete URL scheme check (MisskeyIO#799)

* Fix code scanning alert no. 26: Incomplete URL scheme check

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Fix code scanning alert no. 25: Incomplete URL scheme check

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit 7d7552e)

* ✌️

---------

Co-authored-by: あわわわとーにゅ <[email protected]>

* enhance(frontend): 個別お知らせページではmetaタグを出力するように (misskey-dev#14902)

* enhance(frontend): 個別お知らせページではmetaタグを出力するように

* Update Changelog

* enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (misskey-dev#12892) (misskey-dev#14897)

* enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (misskey-dev#12892)

* オリジンリダイレクトのテストをtodoとして追加。

e2eテストにリモートユーザー考慮のテストがなさそうなので。

次のコマンドで動くことは確認済みです。
curl "http://localhost:3000/@foo@bar" -H "accept: application/activity+json" -L

* Acctのパースを既存のパーサーでするように修正

* lint

* refactor(frontend): 動画UIのフルスクリーン周りの調整 (misskey-dev#14877)

* refactor(frontend): フルスクリーン周りの調整

(cherry picked from commit 783032c)

* refactor(frontend): deviceKindの循環参照を除去

(cherry picked from commit 1ca471f)

* fix

---------

Co-authored-by: taiyme <[email protected]>

* fix(backend): ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (misskey-dev#14879)

* fix: make sure mentions of local users get rendered correctly during AP delivery (resolves misskey-dev#645)

* Update Changelog

* indent

---------

Co-authored-by: Laura Hausmann <[email protected]>
Co-authored-by: syuilo <[email protected]>

* Bump version to 2024.10.2-alpha.3

* Bump version to 2024.11.0-alpha.0

* Update CONTRIBUTING.md

* Update CHANGELOG.md

たぶんリリースワークフローはこうしないと認識してくれない

* Update CHANGELOG.md (書き方を揃える)

* fix(frontend): メールアドレス登録有効化時の「完了」ダイアログボックスの表示条件を修正 (misskey-dev#14928)

* fix(frontend): メールアドレス登録有効化時の「完了」ダイアログボックスの表示条件を修正

* Update MkSignupDialog.form.vue

* fix condition

* Update CHANGELOG.md

* Update about-misskey.vue

* fix(backend): Webhook Test一致性 (misskey-dev#14863)

* fix(backend): Webhook Test一致性

Signed-off-by: eternal-flame-AD <[email protected]>

* UserWebhookPayload<'followed'> 修正

Signed-off-by: eternal-flame-AD <[email protected]>

---------

Signed-off-by: eternal-flame-AD <[email protected]>

* Remove: サインインしたときにしかノートを見れなくなるオプションを削除

* Fix

* Fix

* fix

* Enhance(frontend): ノート詳細画面にロールのバッジを表示 (misskey-dev#14946)

* enhance(frontend): ノートの詳細画面にロールのバッジを表示(misskey-dev#14058)

* Update CHANGELOG.md

* update node to 22.11.0 (misskey-dev#14869)

* wip

* Update CHANGELOG.md

* Update CHANGELOG.md

* fix(frontend): スマホで表示した時にipv6だとはみ出てしまうのを修正 (misskey-dev#14960)

* fix(frontend): スマホで表示した時にipv6だとはみ出てしまうのを修正 (MisskeyIO#815)

(cherry picked from commit aec01dd)

* Update Changelog

---------

Co-authored-by: sleep-moe <[email protected]>

* update deps (misskey-dev#14950)

* update deps

* wip

* Revert "wip"

This reverts commit 393de24.

* wip

* wip

* wip

* wip

* feat: 送信したフォローリクエストを確認できるように (misskey-dev#14856)

* FEAT: Allow users to view pending follow requests they sent

This commit implements the `following/requests/sent` interface firstly
implemented on Firefish, and provides a UI interface to view the pending
follow requests users sent.

* ux: should not show follow requests tab when have no pending sent follow req

* fix default followreq tab

* fix default followreq tab

* restore missing hasPendingReceivedFollowRequest in navbar

* refactor

* use tabler icons

* tweak design

* Revert "ux: should not show follow requests tab when have no pending sent follow req"

This reverts commit e580b92.

* Update Changelog

* Update Changelog

* change tab titles

---------

Co-authored-by: Lhc_fl <[email protected]>
Co-authored-by: Hazelnoot <[email protected]>

* New Crowdin updates (misskey-dev#14859)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Vietnamese)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Swedish)

* New translations ja-jp.yml (Swedish)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Simplified)

* chore(deps): bump codecov/codecov-action from 4 to 5 (misskey-dev#14961)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(frontend): tweak animation style

* Bump version to 2024.11.0-alpha.1

* use nodemon 3.0.2

misskey-dev#14966

* Revert "use nodemon 3.0.2"

This reverts commit ce1f84e.

* use execa 8.0.1

misskey-dev#14966

* 🎨

* Update .gitignore

* add warning for open registration (misskey-dev#14963)

* wip

* wip

* Update ja-JP.yml

* Update index.d.ts

* ✌️

* fix(backend): fallback sharedInbox to null in ApPersonService (misskey-dev#14970)

* 🎨

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CONTRIBUTING.md

* Update CONTRIBUTING.md

* Update CONTRIBUTING.md

* Update SECURITY.md

* enhance(frontend): デッキ表示時にサイドバーを展開・折りたたみできるように (misskey-dev#14983)

* enhance(frontend): デッキ表示時にサイドバーを展開・折りたたみできるように

* wip

* wip

* Update navbar.vue

* ✌️

* Update CHANGELOG.md

* 🎨

---------

Co-authored-by: syuilo <[email protected]>

* fix(frontend): TypeScriptの型チェック対象ファイルを限定して高速化するように (misskey-dev#14994)

* fix frontend tsconfig includes

* fix frontend-embed tsconfig includes

* fix eslint in frontend / frontend-embed

* Update Changelog

---------

Co-authored-by: Hazelnoot <[email protected]>

* fix(backend): お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正  (misskey-dev#14990)

* fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正

Signed-off-by: eternal-flame-AD <[email protected]>

* Update CHANGELOG.md

Co-authored-by: おさむのひと <[email protected]>

---------

Signed-off-by: eternal-flame-AD <[email protected]>
Co-authored-by: おさむのひと <[email protected]>

* リノートメニューに「リノートの詳細」を追加 (misskey-dev#14985)

* add renote-detail menu

* changelog

* Apply suggestions from code review

Co-authored-by: かっこかり <[email protected]>

* Update CHANGELOG.md

---------

Co-authored-by: かっこかり <[email protected]>

* refactor(backend): SystemWebhookで送信されるペイロードの型を追加 (misskey-dev#14980)

* New Crowdin updates (misskey-dev#14965)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (Swedish)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (Swedish)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Romanian)

* New translations ja-jp.yml (French)

* New translations ja-jp.yml (Spanish)

* New translations ja-jp.yml (Arabic)

* New translations ja-jp.yml (Czech)

* New translations ja-jp.yml (Italian)

* New translations ja-jp.yml (Dutch)

* New translations ja-jp.yml (Norwegian)

* New translations ja-jp.yml (Polish)

* New translations ja-jp.yml (Portuguese)

* New translations ja-jp.yml (Russian)

* New translations ja-jp.yml (Slovak)

* New translations ja-jp.yml (Turkish)

* New translations ja-jp.yml (Ukrainian)

* New translations ja-jp.yml (Vietnamese)

* New translations ja-jp.yml (Indonesian)

* New translations ja-jp.yml (Bengali)

* New translations ja-jp.yml (Thai)

* New translations ja-jp.yml (Uzbek)

* New translations ja-jp.yml (Lao)

* New translations ja-jp.yml (Japanese, Kansai)

* New translations ja-jp.yml (Korean (Gyeongsang))

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (German)

* New translations ja-jp.yml (Polish)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (Swedish)

* New translations ja-jp.yml (French)

* New translations ja-jp.yml (French)

* New translations ja-jp.yml (French)

* New translations ja-jp.yml (French)

* New translations ja-jp.yml (Swedish)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Simplified)

* Bump version to 2024.11.0-alpha.2

* Fix(backend): アカウント削除のモデレーションログが動作していないのを修正 (misskey-dev#14996) (misskey-dev#14997)

* アカウント削除のモデレーションログが動作していないのを修正

* update CHANGELOG

* feat: 絵文字のポップアップメニューに編集を追加 (misskey-dev#15004)

* Mod: 絵文字のポップアップメニューに編集を追加

* fix: code styleの修正

* fix: code styleの修正

* fix

* perf(frontend): reduce api requests for non-logged-in enviroment (misskey-dev#15001)

* wip

* Update CHANGELOG.md

* wip

* Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (misskey-dev#15006)

* fix(backend): renoteMute doesn't work for note notification

* docs(changelog): update changelog

* New Crowdin updates (misskey-dev#15000)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (German)

* Merge commit from fork

* enhance: Add a few validation fixes from Sharkey

See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484

Co-Authored-By: Dakkar <[email protected]>

* fix: primitive 2: acceptance of cross-origin alternate

Co-Authored-By: Laura Hausmann <[email protected]>

* fix: primitive 3: validation of non-final url

* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities

* fix: primitives 5 & 8: reject activities with non
string identifiers

Co-Authored-By: Laura Hausmann <[email protected]>

* fix: primitive 6: reject anonymous objects that were fetched by their id

* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name

Co-Authored-By: Laura Hausmann <[email protected]>

* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections

* fix: code style for primitive 14

* fix: primitive 15: improper same-origin validation for
note uri and url

Co-Authored-By: Laura Hausmann <[email protected]>

* fix: primitive 16: improper same-origin validation for user uri and url

* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

* fix: code style for primitive 17

* fix: check attribution against actor in notes

While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.

* fix: primitive 18: `ap/get` bypasses access checks

One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.

* fix: primitive 19 & 20: respect blocks and hide more

Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.

* fix: primitives 21, 22, and 23: reuse resolver

This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.

* fix: primitives 25-33: proper local instance checks

* revert: fix: primitive 19 & 20

This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.

---------

Co-authored-by: Dakkar <[email protected]>
Co-authored-by: Laura Hausmann <[email protected]>
Co-authored-by: syuilo <[email protected]>

* Merge commit from fork

* Fix poll update spoofing

* fix: Disallow negative poll counts

---------

Co-authored-by: syuilo <[email protected]>

* Merge commit from fork

* fix(backend): check target IP before sending HTTP request

* fix(backend): allow accessing private IP when testing

* Apply suggestions from code review

Co-authored-by: anatawa12 <[email protected]>

* fix(backend): lint and typecheck

* fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService)

* fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses

---------

Co-authored-by: anatawa12 <[email protected]>
Co-authored-by: syuilo <[email protected]>

* fix(backend): use atomic command to improve security

Co-Authored-By: Acid Chicken <[email protected]>

* fix ap/show

* fix(backend): fix security patches (misskey-dev#15008)

* fix(backend): fix type error(s) in security fixes (misskey-dev#15009)

* Fix type error in security fixes

(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)

* Fix error in test function calls

(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)

* Fix style error

(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)

* Fix another style error

(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)

* Fix `.punyHost` misuse

(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)

* attempt to fix test: make yaml valid

---------

Co-authored-by: Julia Johannesen <[email protected]>

* fix(backend): fix apResolver (misskey-dev#15010)

* fix(backend): fix apResolver

* fix

* add comments

* tweak comment

* Bump version to 2024.11.0-alpha.3

* Update CHANGELOG.md

* Update CHANGELOG.md

* Bump version to 2024.11.0-beta.4

* Lockfile

* API

* API

* ci: reset prerelease number on release (misskey-dev#15024)

* fix(backend): Inboxのエラーをthrowせずreturnしている問題を修正 (misskey-dev#15022)

* fix exception handling for Like activities

(cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91)

* fix exception handling for Announce activities

(cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b)

* fix exception handling for Undo activities

* Update Changelog

---------

Co-authored-by: Hazelnoot <[email protected]>

* New Crowdin updates (misskey-dev#15027)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Simplified)

* Release: 2024.11.0

* [skip ci] Update CHANGELOG.md (prepend template)

* Update CHANGELOG.md (typo)

* fix(backend): use atomic command to improve security

* fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正 (misskey-dev#15042)

* fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正

* Update Changelog

* fix

* Update CHANGELOG.md (書き方を揃える)

* fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する (misskey-dev#15033)

* fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する

* fix CHANGELOG.md

* ci: do not run chromatic on fork repositories (misskey-dev#15041)

* fix(backend/misskey-js): タイポ修正 (misskey-dev#15046)

* fix(frontend): サーバードキュメントとMisskey関連リソースとの間にdividerが入らないことがある問題を修正 (misskey-dev#15044)

* fix(frontend): サーバードキュメントとMisskey関連リソースとの間にdividerが入らないことがある問題を修正

* Update Changelog

* fix(backend): 起動前の疎通チェックが機能しなくなっていた問題を修正 (misskey-dev#15043)

* check harder for connectibility

`allSettled` does not throw if a promise is rejected, so
`check_connect` never actually failed

* Update Changelog

---------

Co-authored-by: dakkar <[email protected]>

* fix: unable to upload to local object storage (misskey-dev#15040)

* Bump version to 2024.11.1-alpha.0

* システムアカウントの判定をしっかりするように

* Logs

* Remove Logs

* Fix: リモートの絵文字が正常に表示されない問題を修正 (#75)

* Enhance: 登録できるユーザー数を表示できるように (#71)

* Enhance: ロゴを作り直した

* Fix: Changelogの場所を変更

* Fix: アバターデコレーションが優先して描画される

* Fix: 日付が変

* Enhance: クソデカMFMを使った投稿で出る警告をいい感じに

* Update CHANGELOG.md

* Enhance: ギャラリーをいい感じに

* Fix: 通知欄で実績のバッチの背景が透明になってる問題を修正 #64

* Enhance: CWの本文に直接絵文字を挿入できるように

* Update CHANGELOG.md

* 1.2.0-beta.4

* Update CHANGELOG.md

* Fix: useCwをtrueにしてあげないといけなかった

* Enhance: 激しそうなMFMの判定を厳しく

* TODOを追加

* Enhance: ミュートしてるサーバーからのリアクションを表示しないように

* Release 1.2.1

---------

Signed-off-by: eternal-flame-AD <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: syuilo <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: かっこかり <[email protected]>
Co-authored-by: Hazel K <[email protected]>
Co-authored-by: FineArchs <[email protected]>
Co-authored-by: KanariKanaru <[email protected]>
Co-authored-by: おさむのひと <[email protected]>
Co-authored-by: zyoshoka <[email protected]>
Co-authored-by: riku6460 <[email protected]>
Co-authored-by: taiy <[email protected]>
Co-authored-by: tetsuya-ki <[email protected]>
Co-authored-by: Sayamame-beans <[email protected]>
Co-authored-by: Yuba <[email protected]>
Co-authored-by: Kisaragi <[email protected]>
Co-authored-by: kabo2468 <[email protected]>
Co-authored-by: あわわわとーにゅ <[email protected]>
Co-authored-by: 饺子w (Yumechi) <[email protected]>
Co-authored-by: Lhc_fl <[email protected]>
Co-authored-by: woxtu <[email protected]>
Co-authored-by: Pinapelz <[email protected]>
Co-authored-by: Tamme Schichler <[email protected]>
Co-authored-by: Laura Hausmann <[email protected]>
Co-authored-by: Linca <[email protected]>
Co-authored-by: 4ster1sk <[email protected]>
Co-authored-by: momoirodouhu <[email protected]>
Co-authored-by: shimmar <[email protected]>
Co-authored-by: sleep-moe <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CDN <[email protected]>
Co-authored-by: zawa-ch. <[email protected]>
Co-authored-by: 鴇峰 朔華 <[email protected]>
Co-authored-by: Julia <[email protected]>
Co-authored-by: Dakkar <[email protected]>
Co-authored-by: rectcoordsystem <[email protected]>
Co-authored-by: anatawa12 <[email protected]>
Co-authored-by: Acid Chicken <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
packages/backend:test packages/backend Server side specific issue/PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants