asonix/mastodon
1
1
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

v4.2.6 #61

Merged
asonix merged 9 commits from asonix/changes into asonix/downstream 2024-02-14 16:38:25 +00:00
Conversation 0 Commits 9 Files changed 16 +213 -34

9 commits

Author SHA1 Message Date
asonix 875021cf8d Merge pull request 'v4.2.6' (#60) from v4.2.6-branch into asonix/changes 
Reviewed-on: #60
 2024-02-14 16:37:14 +00:00
asonix 047282424a Merge branch 'asonix/changes' into v4.2.6-branch 2024-02-14 10:32:35 -06:00
Claire 7c8ca0c6d6 Bump version to v4.2.6 2024-02-14 15:16:34 +01:00
Claire f1700523f1
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire 0b0c7af2c1
Merge pull request from GHSA-7w3c-p9j8-mq3x 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
 2024-02-14 15:15:34 +01:00
Claire 1a33d348d0 Add sidekiq_unique_jobs:delete_all_locks task and disable sidekiq-unique-jobs UI by default (#29199) 2024-02-14 13:17:45 +01:00
Emelia Smith 6d43b63275 Disable administrative doorkeeper routes (#29187) 2024-02-14 11:03:21 +01:00
Claire ae2dce813a Update dependency sidekiq-unique-jobs to 7.1.33 2024-02-14 11:02:55 +01:00
Claire b7230cd759 Update dependency nokogiri to 1.16.2 2024-02-14 11:02:11 +01:00