0dbb089b47
FIX: Don't spam presence requests when getting 429 ( #20084 )
...
The presence service would retry `/presence/update` requests every second (or immediately in tests) in case where server returns 429 (rate limit) errors. That could lead to infinite spamming (until user refreshed tab/tabs)
Co-authored-by: David Taylor <david@taylorhq.com>
2023-01-31 09:49:23 +01:00
f31f0b70f8
SECURITY: Hide PM count for tags by default ( #20061 )
...
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.
With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-01-31 12:08:23 +08:00
7c1e1ef72b
DEV: Convert presence service tests to actual unit tests ( #20076 )
2023-01-30 23:31:39 +01:00
2c81b70b01
Build(deps): Bump deepmerge in /app/assets/javascripts ( #20082 )
...
Bumps [deepmerge](https://github.com/TehShrike/deepmerge ) from 4.2.2 to 4.3.0.
- [Release notes](https://github.com/TehShrike/deepmerge/releases )
- [Changelog](https://github.com/TehShrike/deepmerge/blob/master/changelog.md )
- [Commits](https://github.com/TehShrike/deepmerge/compare/v4.2.2...v4.3.0 )
---
updated-dependencies:
- dependency-name: deepmerge
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 23:00:42 +01:00
90ba62597a
Build(deps): Bump terser in /app/assets/javascripts ( #20081 )
...
Bumps [terser](https://github.com/terser/terser ) from 5.16.1 to 5.16.2.
- [Release notes](https://github.com/terser/terser/releases )
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/compare/v5.16.1...v5.16.2 )
---
updated-dependencies:
- dependency-name: terser
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 23:00:11 +01:00
73488f2f33
FIX: uses popper for cards
2023-01-30 21:12:30 +01:00
fda834d01c
Revert "DEV: uses popperjs for positioning user and group card ( #20063 )" ( #20072 )
...
This reverts commit 335c3f4621
2023-01-31 02:51:05 +08:00
58234246ff
DEV: Remove elder from codebase and also update 'regular' to 'member' ( #20065 )
...
A while back the definition of TL was changed but many
areas in the codebase still use the term 'Regular user'
despite it having some implicit meaning (TL2).
See 20140905055251_rename_trust_level_badges.rb
2023-01-31 01:41:25 +08:00
b334f0070d
DEV: dry up the Do Not Disturb widget ( #19494 )
2023-01-30 21:23:06 +04:00
587e9ed9ba
FEATURE: Enable service worker for Apple devices ( #19643 )
...
This is necessary so MacOS Ventura (and in 2023 iOS) can use our new
default push notifications.
We still disable caching of dynamic routes on Apple devices due to it's
always being buggy there.
2023-01-30 13:23:19 -03:00
9a196ced08
FEATURE: Move metadata user results to list bottom ( #18977 )
...
Partial username or name matches were shown together with metadata
matched results. This created a bad user experience because results
that look unrelated were before even partial or exact group matches.
2023-01-30 15:38:41 +02:00
335c3f4621
DEV: uses popperjs for positioning user and group card ( #20063 )
...
Behavior should be very similar but the code is simplified and it should fix various bugs where the card was showing out of screen even if we had available space.
2023-01-30 14:15:10 +01:00
18f7b47ecb
UX: improve emoji alignment for text ( #19815 )
...
* UX: improve emoji alignment for text
* UX: emoji exception for titles
2023-01-30 14:07:08 +01:00
d0780eacdc
FIX: preserves avatar size inside onebox ( #20066 )
...
* UX: Wrap chat one-box avatars
* UX: restrict onebox image css to non-avatar
2023-01-30 13:59:25 +01:00
79bea9464c
PERF: Move user-tips and narrative to per-user messagebus channels ( #19773 )
...
Using a shared channel with per-message permissions means that every client is updated with the channel's 'last_id', even if there are no messages available to them. Per-user channel names avoid this problem - the last_id will only be incremented when there is a message for the given user.
2023-01-30 11:48:09 +00:00
23a74ecf8f
FIX: Truncate existing user status to 100 chars ( #20044 )
...
This commits adds a database migration to limit the user status to 100
characters, limits the user status in the UI and makes sure that the
emoji is valid.
Follow up to commit b6f75e231c
2023-01-30 10:49:08 +02:00
137dbaf0dc
DEV: declare post position as simple number in structured data ( #16231 )
...
This replaces the position declared as `#123` with the more simple version `123`.
The property position may be of type Integer or Text. A value of type Integer, or more precise of type Text which simply casts to integer, is sufficient here.
See: https://schema.org/position
In category-view the topic-list already uses this notation for the position of topics:
`<meta itemprop="position" content="123">`
2023-01-30 08:07:04 +01:00
0a8387ecd2
FIX: Validate asset url before replacing base url ( #16438 )
...
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-01-30 07:32:48 +08:00
8410b25f3c
Build(deps): Bump @babel/standalone in /app/assets/javascripts ( #20055 )
...
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone ) from 7.20.13 to 7.20.14.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.20.14/packages/babel-standalone )
---
updated-dependencies:
- dependency-name: "@babel/standalone"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 22:44:40 +01:00
15e854f0f7
Build(deps): Bump eslint in /app/assets/javascripts ( #20054 )
...
Bumps [eslint](https://github.com/eslint/eslint ) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0 )
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 22:44:14 +01:00
a4c68d4a2e
FIX: Failing system spec for rate limited search ( #20046 )
2023-01-27 12:14:29 -08:00
39eec37e75
A11Y: post avatars should not be tabbable ( #20045 )
2023-01-27 14:39:55 -05:00
2c8dfc3dbc
FEATURE: rate limit anon searches per second ( #19708 )
2023-01-27 10:05:27 -08:00
5f90790110
Revert "Select-kit > use new color vars" ( #20042 )
...
This reverts commit 8534391044
2023-01-27 18:09:50 +01:00
e03f6057ec
UX: Highlight var refactor ( #20026 )
...
* Add new color vars
* Select-kit > use new color vars
* update all color schemes with values for new hover/select vars
* Add variable yml names
2023-01-27 15:50:36 +01:00
8fc11215e1
FIX: Ensure soft-deleted topics can be deleted ( #19802 )
...
* FIX: Ensure soft-deleted topics can be deleted
The topic was not found during the deletion process because it was
deleted and `@post.topic` was nil.
* DEV: Use @topic instead of finding the topic every time
2023-01-27 16:15:33 +02:00
0c967e6aa3
A11Y: add accessible label for bookmark name input ( #20036 )
2023-01-26 17:35:19 -05:00
13e9f5054c
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts ( #20017 )
...
Bumps [@embroider/test-setup](https://github.com/embroider-build/embroider/tree/HEAD/packages/test-setup ) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/embroider-build/embroider/releases )
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md )
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/test-setup )
---
updated-dependencies:
- dependency-name: "@embroider/test-setup"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 18:45:22 +01:00
2c9d76e510
FIX: Use specified limit option in user search ( #20020 )
2023-01-26 16:17:15 +02:00
d5745d34c2
SECURITY: Limit the character count of group membership requests ( #19993 )
...
When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.
Co-authored-by: Ted Johansson <ted@discourse.org>
2023-01-25 13:50:33 +02:00
3866867e45
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts ( #19982 )
2023-01-24 22:51:23 +01:00
69c7f676ea
Build(deps): Bump ember-auto-import in /app/assets/javascripts ( #19981 )
2023-01-24 22:50:05 +01:00
75032f4752
UX: remove extra whitespace in search helper ( #19980 )
2023-01-24 15:27:05 -05:00
e71bf672cb
UX: prevent user card status overflow ( #19979 )
2023-01-24 13:58:24 -05:00
4da8e15801
A11Y: discourse-tags should have a role and label ( #19977 )
2023-01-24 13:04:32 -05:00
a57d6a0f75
A11Y: add aria-labels for flagging textareas ( #19938 )
2023-01-24 09:49:15 -05:00
7683b4bbfa
UX: improve bulk button layout and alignment ( #19966 )
2023-01-24 09:47:35 -05:00
17deb79fcb
DEV: Fix random typos ( #19973 )
2023-01-24 15:41:01 +01:00
1bc39c1a4f
FIX: text selection breaks opening of links in new tabs ( #19867 )
...
When a user checks "Open all external links in a new tab" preference
he expects not to be overruled by unrelated text selections.
Yet if text is selected during a link click the link is followed on
the same tab. This change corrects that.
2023-01-24 14:17:03 +01:00
48713653df
DEV: Add failing test for `api.modifyClass` with native getters ( #19911 )
...
https://meta.discourse.org/t/251793/8
2023-01-24 10:41:48 +00:00
ac4ee1a3d4
FIX: TL4 user is not redirected to latest when delete topic ( #19967 )
...
Continue of https://github.com/discourse/discourse/pull/19766
When TL4 is allowed to delete topic, they should not be redirected to / after that action.
2023-01-24 11:28:04 +11:00
bc9874033f
Build(deps): Bump qunit from 2.19.3 to 2.19.4 in /app/assets/javascripts ( #19962 )
2023-01-23 23:52:22 +01:00
239815c4a4
UX: fixes and adjustments for user nav ( #19954 )
2023-01-23 14:28:55 -05:00
1d7b50a0d3
FIX: Fix margin on mini-tag-chooser ( #19953 )
2023-01-23 10:39:57 -06:00
b26e0dcf35
UX: Set penalty history to sticky ( #19933 )
2023-01-23 07:14:23 -06:00
54e5a2e4c4
Build(deps): Bump sass from 1.57.0 to 1.57.1 in /app/assets/javascripts ( #19538 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.57.0...1.57.1 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 23:36:16 +01:00
f81c94637a
Build(deps): Bump ember-rfc176-data in /app/assets/javascripts ( #19925 )
...
Bumps [ember-rfc176-data](https://github.com/ember-cli/ember-rfc176-data ) from 0.3.17 to 0.3.18.
- [Release notes](https://github.com/ember-cli/ember-rfc176-data/releases )
- [Changelog](https://github.com/ember-cli/ember-rfc176-data/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ember-cli/ember-rfc176-data/compare/v0.3.17...v0.3.18 )
---
updated-dependencies:
- dependency-name: ember-rfc176-data
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:56:17 +01:00
9be9f97373
Build(deps): Bump @babel/standalone in /app/assets/javascripts ( #19945 )
...
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone ) from 7.20.12 to 7.20.13.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.20.13/packages/babel-standalone )
---
updated-dependencies:
- dependency-name: "@babel/standalone"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:53:57 +01:00
36447fb043
Build(deps): Bump jsdom from 21.0.0 to 21.1.0 in /app/assets/javascripts ( #19944 )
...
Bumps [jsdom](https://github.com/jsdom/jsdom ) from 21.0.0 to 21.1.0.
- [Release notes](https://github.com/jsdom/jsdom/releases )
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md )
- [Commits](https://github.com/jsdom/jsdom/compare/21.0.0...21.1.0 )
---
updated-dependencies:
- dependency-name: jsdom
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:39:36 +01:00
f7907a3645
A11Y: remove heading tags from user profile ( #19935 )
2023-01-20 12:27:07 -05:00
Jarek Radosz
Alan Guo Xiang Tan
dependabot[bot]
Joffrey JAFFEUX
Natalie Tay
Andrei Prigorshnev
Rafael dos Santos Silva
Bianca Nenciu
chapoi
David Taylor
Ayke Halder
Zachary Huff
Keegan George
Kris
Sam
Aleksey Bogdanov
Krzysztof Kotlarek
Jordan Vidrine