Merge branch 'glitch-soc-main'

2023-09-19 18:25:18 +02:00 · 2023-09-19 18:25:18 +02:00 · 514b03afaa
parent fe1f214c3c fb29a3ebc5
commit 514b03afaa
1778 changed files with 38514 additions and 29655 deletions
--- a/.bundler-audit.yml
+++ b/.bundler-audit.yml
@ -1,3 +0,0 @@
 ---
 ignore:
  - CVE-2015-9284 # Mitigation following https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284#mitigating-in-rails-applications
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -4,10 +4,6 @@ FROM mcr.microsoft.com/devcontainers/ruby:1-3.2-bullseye
 # Install Rails
 # RUN gem install rails webdrivers
 # Default value to allow debug server to serve content over GitHub Codespace's port forwarding service
 # The value is a comma-separated list of allowed domains
 ENV RAILS_DEVELOPMENT_HOSTS=".githubpreview.dev,.preview.app.github.dev,.app.github.dev"
 ARG NODE_VERSION="16"
 RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
--- a/.devcontainer/codespaces/devcontainer.json
+++ b/.devcontainer/codespaces/devcontainer.json
@ -0,0 +1,49 @@
 {
  "name": "Mastodon on GitHub Codespaces",
  "dockerComposeFile": "../docker-compose.yml",
  "service": "app",
  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
  "features": {
    "ghcr.io/devcontainers/features/sshd:1": {}
  },
  "runServices": ["app", "db", "redis"],
  "forwardPorts": [3000, 4000],
  "portsAttributes": {
    "3000": {
      "label": "web",
      "onAutoForward": "notify"
    },
    "4000": {
      "label": "stream",
      "onAutoForward": "silent"
    }
  },
  "otherPortsAttributes": {
    "onAutoForward": "silent"
  },
  "remoteEnv": {
    "LOCAL_DOMAIN": "${localEnv:CODESPACE_NAME}-3000.app.github.dev",
    "LOCAL_HTTPS": "true",
    "STREAMING_API_BASE_URL": "https://${localEnv:CODESPACE_NAME}-4000.app.github.dev",
    "DISABLE_FORGERY_REQUEST_PROTECTION": "true",
    "ES_ENABLED": "",
    "LIBRE_TRANSLATE_ENDPOINT": ""
  },
  "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
  "postCreateCommand": ".devcontainer/post-create.sh",
  "waitFor": "postCreateCommand",
  "customizations": {
    "vscode": {
      "settings": {},
      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
    }
  }
 }
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,31 +1,39 @@
 // For more details, see https://aka.ms/devcontainer.json.
 {
-  "name": "Mastodon",
+  "name": "Mastodon on local machine",
  "dockerComposeFile": "docker-compose.yml",
  "service": "app",
  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
  // Features to add to the dev container. More info: https://containers.dev/features.
  "features": {
    "ghcr.io/devcontainers/features/sshd:1": {}
  },
  // Use 'forwardPorts' to make a list of ports inside the container available locally.
  // This can be used to network with other containers or the host.
  "forwardPorts": [3000, 4000],
-  // Use 'postCreateCommand' to run commands after the container is created.
+  "portsAttributes": {
    "3000": {
      "label": "web",
      "onAutoForward": "notify",
      "requireLocalPort": true
    },
    "4000": {
      "label": "stream",
      "onAutoForward": "silent",
      "requireLocalPort": true
    }
  },
  "otherPortsAttributes": {
    "onAutoForward": "silent"
  },
  "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
  "postCreateCommand": ".devcontainer/post-create.sh",
  "waitFor": "postCreateCommand",
  // Configure tool-specific properties.
  "customizations": {
    // Configure properties specific to VS Code.
    "vscode": {
      // Set *default* container specific settings.json values on container create.
      "settings": {},
      // Add the IDs of extensions you want installed when the container is created.
      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
    }
  }
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@ -25,6 +25,7 @@ services:
    command: sleep infinity
    ports:
      - '127.0.0.1:3000:3000'
      - '127.0.0.1:3035:3035'
      - '127.0.0.1:4000:4000'
    networks:
      - external_network
--- a/.env.vagrant
+++ b/.env.vagrant
@ -2,3 +2,7 @@ VAGRANT=true
 LOCAL_DOMAIN=mastodon.local
 BIND=0.0.0.0
 DB_HOST=/var/run/postgresql/
 ES_ENABLED=true
 ES_HOST=localhost
 ES_PORT=9200
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -247,7 +247,12 @@ module.exports = {
          },
          // Internal packages
          {
-            pattern: '{mastodon/**,flavours/glitch-soc/**}',
+            pattern: '{mastodon/**}',
            group: 'internal',
            position: 'after',
          },
          {
            pattern: '{flavours/glitch-soc/**}',
            group: 'internal',
            position: 'after',
          },
@ -256,6 +261,18 @@ module.exports = {
      },
    ],
    // Forbid imports from vanilla in glitch flavour
    'import/no-restricted-paths': [
      'error',
      {
        zones: [{
          target: 'app/javascript/flavours/glitch/',
          from: 'app/javascript/mastodon/',
          message: 'Import from /flavours/glitch/ instead'
        }]
      }
    ],
    'promise/always-return': 'off',
    'promise/catch-or-return': [
      'error',
@ -325,8 +342,8 @@ module.exports = {
      extends: [
        'eslint:recommended',
-        'plugin:@typescript-eslint/recommended',
+        'plugin:@typescript-eslint/strict-type-checked',
-        'plugin:@typescript-eslint/recommended-requiring-type-checking',
+        'plugin:@typescript-eslint/stylistic-type-checked',
        'plugin:react/recommended',
        'plugin:react-hooks/recommended',
        'plugin:jsx-a11y/recommended',
@ -338,7 +355,7 @@ module.exports = {
      ],
      parserOptions: {
-        project: './tsconfig.json',
+        project: true,
        tsconfigRootDir: __dirname,
      },
@ -348,6 +365,7 @@ module.exports = {
        '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
        '@typescript-eslint/consistent-type-exports': 'error',
        '@typescript-eslint/consistent-type-imports': 'error',
        "@typescript-eslint/prefer-nullish-coalescing": ['error', {ignorePrimitives: {boolean: true}}],
        'jsdoc/require-jsdoc': 'off',
--- a/.github/ISSUE_TEMPLATE/1.bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1.bug_report.yml
@ -1,56 +0,0 @@
 name: Bug Report
 description: If something isn't working as expected
 labels: [bug]
 body:
  - type: markdown
    attributes:
      value: |
        Make sure that you are submitting a new bug that was not previously reported or already fixed.
        Please use a concise and distinct title for the issue.
  - type: textarea
    attributes:
      label: Steps to reproduce the problem
      description: What were you trying to do?
      value: |
        1.
        2.
        3.
        ...
    validations:
      required: true
  - type: input
    attributes:
      label: Expected behaviour
      description: What should have happened?
    validations:
      required: true
  - type: input
    attributes:
      label: Actual behaviour
      description: What happened?
    validations:
      required: true
  - type: textarea
    attributes:
      label: Detailed description
    validations:
      required: false
  - type: textarea
    attributes:
      label: Specifications
      description: |
        What version or commit hash of Mastodon did you find this bug in?
        If a front-end issue, what browser and operating systems were you using?
      placeholder: |
        Mastodon 3.5.3 (or Edge)
        Ruby 2.7.6 (or v3.1.2)
        Node.js 16.18.0
        Google Chrome 106.0.5249.119
        Firefox 105.0.3
        etc...
    validations:
      required: true
--- a/.github/ISSUE_TEMPLATE/1.web_bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml
@ -0,0 +1,76 @@
 name: Bug Report (Web Interface)
 description: If you are using Mastodon's web interface and something is not working as expected
 labels: [bug, 'status/to triage', 'area/web interface']
 body:
  - type: markdown
    attributes:
      value: |
        Make sure that you are submitting a new bug that was not previously reported or already fixed.
        Please use a concise and distinct title for the issue.
  - type: textarea
    attributes:
      label: Steps to reproduce the problem
      description: What were you trying to do?
      value: |
        1.
        2.
        3.
        ...
    validations:
      required: true
  - type: input
    attributes:
      label: Expected behaviour
      description: What should have happened?
    validations:
      required: true
  - type: input
    attributes:
      label: Actual behaviour
      description: What happened?
    validations:
      required: true
  - type: textarea
    attributes:
      label: Detailed description
    validations:
      required: false
  - type: input
    attributes:
      label: Mastodon instance
      description: The address of the Mastodon instance where you experienced the issue
      placeholder: mastodon.social
    validations:
      required: true
  - type: input
    attributes:
      label: Mastodon version
      description: |
        This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
      placeholder: v4.1.2
    validations:
      required: true
  - type: input
    attributes:
      label: Browser name and version
      description: |
        What browser are you using when getting this bug? Please specify the version as well.
      placeholder: Firefox 105.0.3
    validations:
      required: true
  - type: input
    attributes:
      label: Operating system
      description: |
        What OS are you running? Please specify the version as well.
      placeholder: macOS 13.4.1
    validations:
      required: true
  - type: textarea
    attributes:
      label: Technical details
      description: |
        Any additional technical details you may have. This can include the full error log, inspector's output…
    validations:
      required: false
--- a/.github/ISSUE_TEMPLATE/2.server_bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml
@ -0,0 +1,65 @@
 name: Bug Report (server / API)
 description: |
  If something is not working as expected, but is not from using the web interface.
 labels: [bug, 'status/to triage']
 body:
  - type: markdown
    attributes:
      value: |
        Make sure that you are submitting a new bug that was not previously reported or already fixed.
        Please use a concise and distinct title for the issue.
  - type: textarea
    attributes:
      label: Steps to reproduce the problem
      description: What were you trying to do?
      value: |
        1.
        2.
        3.
        ...
    validations:
      required: true
  - type: input
    attributes:
      label: Expected behaviour
      description: What should have happened?
    validations:
      required: true
  - type: input
    attributes:
      label: Actual behaviour
      description: What happened?
    validations:
      required: true
  - type: textarea
    attributes:
      label: Detailed description
    validations:
      required: false
  - type: input
    attributes:
      label: Mastodon instance
      description: The address of the Mastodon instance where you experienced the issue
      placeholder: mastodon.social
    validations:
      required: false
  - type: input
    attributes:
      label: Mastodon version
      description: |
        This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
      placeholder: v4.1.2
    validations:
      required: false
  - type: textarea
    attributes:
      label: Technical details
      description: |
        Any additional technical details you may have, like logs or error traces
      value: |
        If this is happening on your own Mastodon server, please fill out those:
        - Ruby version: (from `ruby --version`, eg. v3.1.2)
        - Node.js version: (from `node --version`, eg. v18.16.0)
    validations:
      required: false
--- a/.github/ISSUE_TEMPLATE/3.feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/3.feature_request.yml
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -1,21 +1,23 @@
 {
  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
  extends: [
-    'config:base',
+    'config:recommended',
    ':dependencyDashboard',
    ':labels(dependencies)',
    ':maintainLockFilesMonthly', // update non-direct dependencies monthly
-    ':prConcurrentLimit10', // only 10 open PRs at the same time
+    ':prConcurrentLimitNone', // Remove limit for open PRs at any time.
    ':prHourlyLimit2', // Rate limit PR creation to a maximum of two per hour.
  ],
-  stabilityDays: 3, // Wait 3 days after the package has been published before upgrading it
+  minimumReleaseAge: '3', // Wait 3 days after the package has been published before upgrading it
  // packageRules order is important, they are applied from top to bottom and are merged,
-  // so for example grouping rules needs to be at the bottom
+  // meaning the most important ones must be at the bottom, for example grouping rules
  // If we do not want a package to be grouped with others, we need to set its groupName
  // to `null` after any other rule set it to something.
  dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).',
  packageRules: [
    {
-      // Ignore major version bumps for these node packages
+      // Require Dependency Dashboard Approval for major version bumps of these node packages
      matchManagers: ['npm'],
      matchPackageNames: [
        '@rails/ujs', // Needs to match the major Rails version
        'tesseract.js', // Requires code changes
        'react-hotkeys', // Requires code changes
@ -40,26 +42,21 @@
        'react-router-dom',
      ],
      matchUpdateTypes: ['major'],
-      enabled: false,
+      dependencyDashboardApproval: true,
    },
    {
-      // Ignore major version bumps for these Ruby packages
+      // Require Dependency Dashboard Approval for major version bumps of these Ruby packages
      matchManagers: ['bundler'],
      matchPackageNames: [
        'rack', // Needs to be synced with Rails version
        'sprockets', // Requires manual upgrade https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
        'strong_migrations', // Requires manual upgrade
        'sidekiq', // Requires manual upgrade
        'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version
        'redis', // Requires manual upgrade and sync with Sidekiq version
        'fog-openstack', // TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964
        // Needs major Rails version bump
        'rack',
        'rails',
        'rails-i18n',
      ],
      matchUpdateTypes: ['major'],
-      enabled: false,
+      dependencyDashboardApproval: true,
    },
    {
      // Update Github Actions and Docker images weekly
@ -67,36 +64,41 @@
      extends: ['schedule:weekly'],
    },
    {
-      // Ignore major & minor bumps for the ruby image, this needs to be synced with .ruby-version
+      // Require Dependency Dashboard Approval for major & minor bumps for the ruby image, this needs to be synced with .ruby-version
      matchManagers: ['dockerfile'],
      matchPackageNames: ['moritzheiber/ruby-jemalloc'],
      matchUpdateTypes: ['minor', 'major'],
-      enabled: false,
+      dependencyDashboardApproval: true,
    },
    {
-      // Ignore major bump for the node image, this needs to be synced with .nvmrc
+      // Require Dependency Dashboard Approval for major bumps for the node image, this needs to be synced with .nvmrc
      matchManagers: ['dockerfile'],
      matchPackageNames: ['node'],
      matchUpdateTypes: ['major'],
-      enabled: false,
+      dependencyDashboardApproval: true,
    },
    {
-      // Ignore major postgres bumps in the docker-compose file, as those break dev environments
+      // Require Dependency Dashboard Approval for major postgres bumps in the docker-compose file, as those break dev environments
      matchManagers: ['docker-compose'],
      matchPackageNames: ['postgres'],
      matchUpdateTypes: ['major'],
-      enabled: false,
+      dependencyDashboardApproval: true,
    },
    {
      // Update devDependencies every week, with one grouped PR
      matchDepTypes: 'devDependencies',
      matchUpdateTypes: ['patch', 'minor'],
      excludePackageNames: [
        'typescript', // Typescript has many changes in minor versions, needs to be checked every time
      ],
      groupName: 'devDependencies (non-major)',
      extends: ['schedule:weekly'],
    },
    {
      // Group all eslint-related packages with `eslint` in the same PR
      matchManagers: ['npm'],
      matchPackageNames: ['eslint'],
      matchPackagePrefixes: ['eslint-', '@typescript-eslint/'],
      matchUpdateTypes: ['patch', 'minor'],
      groupName: 'eslint (non-major)',
    },
    {
      // Update @types/* packages every week, with one grouped PR
      matchPackagePrefixes: '@types/',
@ -105,6 +107,14 @@
      extends: ['schedule:weekly'],
      addLabels: ['typescript'],
    },
    {
      // We want those packages to always have their own PR
      matchManagers: ['npm'],
      matchPackageNames: [
        'typescript', // Typescript has code-impacting changes in minor versions
      ],
      groupName: null, // We dont want them to belong to any group
    },
    // Add labels depending on package manager
    { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] },
    { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] },
--- a/.github/workflows/build-container-image.yml
+++ b/.github/workflows/build-container-image.yml
@ -0,0 +1,99 @@
 on:
  workflow_call:
    inputs:
      platforms:
        required: true
        type: string
      cache:
        type: boolean
        default: true
      use_native_arm64_builder:
        type: boolean
      push_to_images:
        type: string
      version_prerelease:
        type: string
      version_metadata:
        type: string
      flavor:
        type: string
      tags:
        type: string
      labels:
        type: string
 jobs:
  build-image:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-qemu-action@v2
        if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder
      - uses: docker/setup-buildx-action@v2
        id: buildx
        if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }}
      - name: Start a local Docker Builder
        if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
        run: |
          docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234
      - uses: docker/setup-buildx-action@v2
        id: buildx-native
        if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
        with:
          driver: remote
          endpoint: tcp://localhost:1234
          platforms: linux/amd64
          append: |
            - endpoint: tcp://${{ vars.DOCKER_BUILDER_HETZNER_ARM64_01_HOST }}:13865
              platforms: linux/arm64
              name: mastodon-docker-builder-arm64-01
              driver-opts:
                - servername=mastodon-docker-builder-arm64-01
        env:
          BUILDER_NODE_1_AUTH_TLS_CACERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CACERT }}
          BUILDER_NODE_1_AUTH_TLS_CERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CERT }}
          BUILDER_NODE_1_AUTH_TLS_KEY: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_KEY }}
      - name: Log in to Docker Hub
        if: contains(inputs.push_to_images, 'tootsuite')
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to the Github Container registry
        if: contains(inputs.push_to_images, 'ghcr.io')
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/metadata-action@v4
        id: meta
        if: ${{ inputs.push_to_images != '' }}
        with:
          images: ${{ inputs.push_to_images }}
          flavor: ${{ inputs.flavor }}
          tags: ${{ inputs.tags }}
          labels: ${{ inputs.labels }}
      - uses: docker/build-push-action@v4
        with:
          context: .
          build-args: |
            MASTODON_VERSION_PRERELEASE=${{ inputs.version_prerelease }}
            MASTODON_VERSION_METADATA=${{ inputs.version_metadata }}
          platforms: ${{ inputs.platforms }}
          provenance: false
          builder: ${{ steps.buildx.outputs.name || steps.buildx-native.outputs.name }}
          push: ${{ inputs.push_to_images != '' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: ${{ inputs.cache && 'type=gha' || '' }}
          cache-to: ${{ inputs.cache && 'type=gha,mode=max' || '' }}
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@ -1,63 +0,0 @@
 name: Build container image
 on:
  workflow_dispatch:
  push:
    branches:
      - 'main'
  pull_request:
    paths:
      - .github/workflows/build-image.yml
      - Dockerfile
 permissions:
  contents: read
  packages: write
 jobs:
  build-image:
    runs-on: ubuntu-latest
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v3
      - uses: hadolint/hadolint-action@v3.1.0
      - uses: docker/setup-qemu-action@v2
      - uses: docker/setup-buildx-action@v2
      - name: Log in to the Github Container registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
        if: github.event_name != 'pull_request'
      - uses: docker/metadata-action@v4
        id: meta
        with:
          images: ghcr.io/${{ github.repository_owner }}/mastodon
          tags: |
            type=raw,value=latest,enable={{is_default_branch}}
            type=edge,branch=main
            type=sha,prefix=,format=long
      - name: Generate version suffix
        id: version_vars
        if: github.repository == 'mastodon/mastodon' && github.event_name == 'push' && github.ref_name == 'main'
        run: |
          echo mastodon_version_suffix=+edge-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
      - uses: docker/build-push-action@v4
        with:
          context: .
          build-args: MASTODON_VERSION_SUFFIX=${{ steps.version_vars.outputs.mastodon_version_suffix }}
          platforms: linux/amd64,linux/arm64
          provenance: false
          builder: ${{ steps.buildx.outputs.name }}
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/build-nightly.yml
+++ b/.github/workflows/build-nightly.yml
@ -3,58 +3,39 @@ on:
  workflow_dispatch:
  schedule:
    - cron: '0 2 * * *' # run at 2 AM UTC
 permissions:
  contents: read
  packages: write
 jobs:
-  build-nightly-image:
+  compute-suffix:
    runs-on: ubuntu-latest
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    steps:
-      - uses: actions/checkout@v3
+      - id: version_vars
-      - uses: hadolint/hadolint-action@v3.1.0
+        env:
-      - uses: docker/setup-qemu-action@v2
+          TZ: Etc/UTC
-      - uses: docker/setup-buildx-action@v2
+        run: |
          echo mastodon_version_prerelease=nightly.$(date +'%Y-%m-%d')>> $GITHUB_OUTPUT
    outputs:
      prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }}
-      - name: Log in to the Github Container registry
+  build-image:
-        uses: docker/login-action@v2
+    needs: compute-suffix
    uses: ./.github/workflows/build-container-image.yml
    with:
-          registry: ghcr.io
+      platforms: linux/amd64,linux/arm64
-          username: ${{ github.actor }}
+      use_native_arm64_builder: false
-          password: ${{ secrets.GITHUB_TOKEN }}
+      cache: false
-
+      push_to_images: |
-      - uses: docker/metadata-action@v4
+        ghcr.io/${{ github.repository_owner }}/mastodon
-        id: meta
+      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
        with:
          images: |
            ghcr.io/mastodon/mastodon
          flavor: |
            latest=auto
          tags: |
            type=raw,value=nightly
            type=schedule,pattern=nightly-{{date 'YYYY-MM-DD' tz='Etc/UTC'}}
      labels: |
        org.opencontainers.image.description=Nightly build image used for testing purposes
-
+      flavor: |
-      - name: Generate version suffix
+        latest=true
-        id: version_vars
+      tags: |
-        run: |
+        type=raw,value=edge
-          echo mastodon_version_suffix=+nightly-$(date +'%Y%m%d') >> $GITHUB_OUTPUT
+        type=raw,value=nightly
-
+        type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }}
-      - uses: docker/build-push-action@v4
+    secrets: inherit
        with:
          context: .
          build-args: MASTODON_VERSION_SUFFIX=${{ steps.version_vars.outputs.mastodon_version_suffix }}
          platforms: linux/amd64,linux/arm64
          provenance: false
          builder: ${{ steps.buildx.outputs.name }}
          push: ${{ github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/build-push-pr.yml
+++ b/.github/workflows/build-push-pr.yml
@ -0,0 +1,41 @@
 name: Build container image for PR
 on:
  pull_request:
    types: [labeled, synchronize, reopened, ready_for_review, opened]
 permissions:
  contents: read
  packages: write
 jobs:
  compute-suffix:
    runs-on: ubuntu-latest
    # This is only allowed to run if:
    # - the PR branch is in the `mastodon/mastodon` repository
    # - the PR is not a draft
    # - the PR has the "build-image" label
    if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !github.event.pull_request.draft && contains(github.event.pull_request.labels.*.name, 'build-image') }}
    steps:
      # Repository needs to be cloned so `git rev-parse` below works
      - name: Clone repository
        uses: actions/checkout@v4
      - id: version_vars
        run: |
          echo mastodon_version_metadata=pr-${{ github.event.pull_request.number }}-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
    outputs:
      metadata: ${{ steps.version_vars.outputs.mastodon_version_metadata }}
  build-image:
    needs: compute-suffix
    uses: ./.github/workflows/build-container-image.yml
    with:
      platforms: linux/amd64,linux/arm64
      use_native_arm64_builder: false
      push_to_images: |
        ghcr.io/${{ github.repository_owner }}/mastodon
      version_metadata: ${{ needs.compute-suffix.outputs.metadata }}
      flavor: |
        latest=auto
      tags: |
        type=ref,event=pr
    secrets: inherit
--- a/.github/workflows/build-releases.yml
+++ b/.github/workflows/build-releases.yml
@ -0,0 +1,28 @@
 name: Build container release images
 on:
  push:
    tags:
      - '*'
 permissions:
  contents: read
  packages: write
 jobs:
  build-image:
    uses: ./.github/workflows/build-container-image.yml
    with:
      platforms: linux/amd64,linux/arm64
      use_native_arm64_builder: false
      push_to_images: |
        ghcr.io/${{ github.repository_owner }}/mastodon
      # Do not use cache when building releases, so apt update is always ran and the release always contain the latest packages
      cache: false
      # Only tag with latest when ran against the latest stable branch
      # This needs to be updated after each minor version release
      flavor: |
        latest=${{ startsWith(github.ref, 'refs/tags/v4.1.') }}
      tags: |
        type=pep440,pattern={{raw}}
        type=pep440,pattern=v{{major}}.{{minor}}
    secrets: inherit
--- a/.github/workflows/bundler-audit.yml
+++ b/.github/workflows/bundler-audit.yml
@ -0,0 +1,40 @@
 name: Bundler Audit
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
    paths:
      - 'Gemfile*'
      - '.ruby-version'
      - '.bundler-audit.yml'
      - '.github/workflows/bundler-audit.yml'
  pull_request:
    paths:
      - 'Gemfile*'
      - '.ruby-version'
      - '.bundler-audit.yml'
      - '.github/workflows/bundler-audit.yml'
  schedule:
    - cron: '0 5 * * 1'
 jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v4
      - name: Install native Ruby dependencies
        run: sudo apt-get install -y libicu-dev libidn11-dev
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true
      - name: Run bundler-audit
        run: bundle exec bundler-audit
--- a/.github/workflows/check-i18n.yml
+++ b/.github/workflows/check-i18n.yml
@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Install system dependencies
        run: |
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -27,7 +27,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
--- a/.github/workflows/crowdin-download.yml
+++ b/.github/workflows/crowdin-download.yml
@ -0,0 +1,77 @@
 name: Crowdin / Download translations
 on:
  schedule:
    - cron: '17 4 * * *' # Every day
  workflow_dispatch:
 permissions:
  contents: write
  pull-requests: write
 jobs:
  download-translations:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Increase Git http.postBuffer
        # This is needed due to a bug in Ubuntu's cURL version?
        # See https://github.com/orgs/community/discussions/55820
        run: |
          git config --global http.version HTTP/1.1
          git config --global http.postBuffer 157286400
      # Download the translation files from Crowdin
      - name: crowdin action
        uses: crowdin/github-action@v1
        with:
          config: crowdin-glitch.yml
          upload_sources: false
          upload_translations: false
          download_translations: true
          crowdin_branch_name: main
          push_translations: false
          create_pull_request: false
        env:
          CROWDIN_PROJECT_ID: ${{ vars.CROWDIN_PROJECT_ID }}
          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
      # As the files are extracted from a Docker container, they belong to root:root
      # We need to fix this before the next steps
      - name: Fix file permissions
        run: sudo chown -R runner:docker .
      # This is needed to run the normalize step
      - name: Install native Ruby dependencies
        run: sudo apt-get install -y libicu-dev libidn11-dev
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true
      - name: Run i18n normalize task
        run: bundle exec i18n-tasks normalize
      # Create or update the pull request
      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v5.0.2
        with:
          commit-message: 'New Crowdin translations'
          title: 'New Crowdin Translations (automated)'
          author: 'GitHub Actions <noreply@github.com>'
          body: |
            New Crowdin translations, automated with Github Actions
            See `.github/workflows/crowdin-download.yml`
            This PR will be updated every day with new translations.
            Due to a limitation in Github Actions, checks are not running on this PR without manual action.
            If you want to run the checks, then close and re-open it.
          branch: i18n/crowdin/translations
          base: main
          labels: i18n
--- a/.github/workflows/crowdin-upload.yml
+++ b/.github/workflows/crowdin-upload.yml
@ -0,0 +1,36 @@
 name: Crowdin / Upload translations
 on:
  push:
    branches:
      - main
    paths:
      - crowdin.yml
      - app/javascript/mastodon/locales/en.json
      - config/locales/en.yml
      - config/locales/simple_form.en.yml
      - config/locales/activerecord.en.yml
      - config/locales/devise.en.yml
      - config/locales/doorkeeper.en.yml
      - .github/workflows/crowdin-upload.yml
 jobs:
  upload-translations:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: crowdin action
        uses: crowdin/github-action@v1
        with:
          config: crowdin-glitch.yml
          upload_sources: true
          upload_translations: false
          download_translations: false
          crowdin_branch_name: main
        env:
          CROWDIN_PROJECT_ID: ${{ vars.CROWDIN_PROJECT_ID }}
          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/lint-css.yml
+++ b/.github/workflows/lint-css.yml
@ -33,7 +33,7 @@ jobs:
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
--- a/.github/workflows/lint-haml.yml
+++ b/.github/workflows/lint-haml.yml
@ -28,7 +28,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Install native Ruby dependencies
        run: |
--- a/.github/workflows/lint-js.yml
+++ b/.github/workflows/lint-js.yml
@ -37,7 +37,7 @@ jobs:
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
--- a/.github/workflows/lint-json.yml
+++ b/.github/workflows/lint-json.yml
@ -29,7 +29,7 @@ jobs:
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
--- a/.github/workflows/lint-md.yml
+++ b/.github/workflows/lint-md.yml
@ -29,7 +29,7 @@ jobs:
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
--- a/.github/workflows/lint-ruby.yml
+++ b/.github/workflows/lint-ruby.yml
@ -8,7 +8,7 @@ on:
      - 'Gemfile*'
      - '.rubocop*.yml'
      - '.ruby-version'
-      - '.bundler-audit.yml'
+      - 'config/brakeman.ignore'
      - '**/*.rb'
      - '**/*.rake'
      - '.github/workflows/lint-ruby.yml'
@ -18,7 +18,7 @@ on:
      - 'Gemfile*'
      - '.rubocop*.yml'
      - '.ruby-version'
-      - '.bundler-audit.yml'
+      - 'config/brakeman.ignore'
      - '**/*.rb'
      - '**/*.rake'
      - '.github/workflows/lint-ruby.yml'
@ -29,7 +29,7 @@ jobs:
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Install native Ruby dependencies
        run: sudo apt-get install -y libicu-dev libidn11-dev
@ -46,5 +46,6 @@ jobs:
      - name: Run rubocop
        run: bundle exec rubocop
-      - name: Run bundler-audit
+      - name: Run brakeman
-        run: bundle exec bundler-audit
+        if: always() # Run both checks, even if the first failed
        run: bundle exec brakeman
--- a/.github/workflows/lint-yml.yml
+++ b/.github/workflows/lint-yml.yml
@ -31,7 +31,7 @@ jobs:
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
--- a/.github/workflows/rebase-needed.yml
+++ b/.github/workflows/rebase-needed.yml
@ -1,17 +1,8 @@
 name: PR Needs Rebase
 on:
-  push:
+  schedule:
-    branches-ignore:
+    - cron: '0 * * * *'
      - 'dependabot/**'
      - 'renovate/**'
      - 'l10n_main'
  pull_request_target:
    branches-ignore:
      - 'dependabot/**'
      - 'renovate/**'
      - 'l10n_main'
    types: [synchronize]
 permissions:
  pull-requests: write
@ -32,5 +23,5 @@ jobs:
          repoToken: '${{ secrets.GITHUB_TOKEN }}'
          commentOnClean: This pull request has resolved merge conflicts and is ready for review.
          commentOnDirty: This pull request has merge conflicts that must be resolved before it can be merged.
-          retryMax: 10
+          retryMax: 30
          continueOnMissingPermissions: false
--- a/.github/workflows/test-image-build.yml
+++ b/.github/workflows/test-image-build.yml
@ -0,0 +1,21 @@
 name: Test container image build
 on:
  pull_request:
    paths:
      - .github/workflows/build-nightly.yml
      - .github/workflows/build-push-pr.yml
      - .github/workflows/build-releases.yml
      - .github/workflows/test-image-build.yml
      - Dockerfile
 permissions:
  contents: read
 jobs:
  build-image:
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    uses: ./.github/workflows/build-container-image.yml
    with:
      platforms: linux/amd64 # Testing only on native platform so it is performant
--- a/.github/workflows/test-js.yml
+++ b/.github/workflows/test-js.yml
@ -33,7 +33,7 @@ jobs:
    steps:
      - name: Clone repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
--- a/.github/workflows/test-migrations-one-step.yml
+++ b/.github/workflows/test-migrations-one-step.yml
@ -70,7 +70,7 @@ jobs:
      BUNDLE_RETRY: 3
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Install native Ruby dependencies
        run: |
--- a/.github/workflows/test-migrations-two-step.yml
+++ b/.github/workflows/test-migrations-two-step.yml
@ -69,7 +69,7 @@ jobs:
      BUNDLE_RETRY: 3
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Install native Ruby dependencies
        run: |
--- a/.github/workflows/test-ruby.yml
+++ b/.github/workflows/test-ruby.yml
@ -32,7 +32,7 @@ jobs:
      SECRET_KEY_BASE: precompile_placeholder
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v3
@ -107,6 +107,10 @@ jobs:
      PAM_ENABLED: true
      PAM_DEFAULT_SERVICE: pam_test
      PAM_CONTROLLED_SERVICE: pam_test_controlled
      OIDC_ENABLED: true
      OIDC_SCOPE: read
      SAML_ENABLED: true
      CAS_ENABLED: true
      BUNDLE_WITH: 'pam_authentication test'
      CI_JOBS: ${{ matrix.ci_job }}/4
@ -123,7 +127,7 @@ jobs:
          - 3
          - 4
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v3
        with:
@ -149,3 +153,213 @@ jobs:
        run: './bin/rails db:create db:schema:load db:seed'
      - run: bundle exec rake rspec_chunked
  test-e2e:
    name: End to End testing
    runs-on: ubuntu-latest
    needs:
      - build
    services:
      postgres:
        image: postgres:14-alpine
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432
      redis:
        image: redis:7-alpine
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 6379:6379
    env:
      DB_HOST: localhost
      DB_USER: postgres
      DB_PASS: postgres
      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      BUNDLE_WITH: test
    strategy:
      fail-fast: false
      matrix:
        ruby-version:
          - '3.0'
          - '3.1'
          - '.ruby-version'
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v3
        with:
          path: './public'
          name: ${{ github.sha }}
      - name: Update package index
        run: sudo apt-get update
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          cache: yarn
          node-version-file: '.nvmrc'
      - name: Install native Ruby dependencies
        run: sudo apt-get install -y libicu-dev libidn11-dev
      - name: Install additional system dependencies
        run: sudo apt-get install -y ffmpeg imagemagick
      - name: Set up bundler cache
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ matrix.ruby-version}}
          bundler-cache: true
      - run: yarn --frozen-lockfile
      - name: Load database schema
        run: './bin/rails db:create db:schema:load db:seed'
      - run: bundle exec rake spec:system
      - name: Archive logs
        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: e2e-logs-${{ matrix.ruby-version }}
          path: log/
      - name: Archive test screenshots
        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: e2e-screenshots
          path: tmp/screenshots/
  test-search:
    name: Testing search
    runs-on: ubuntu-latest
    needs:
      - build
    services:
      postgres:
        image: postgres:14-alpine
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432
      redis:
        image: redis:7-alpine
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 6379:6379
      elasticsearch:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.17.13
        env:
          discovery.type: single-node
          xpack.security.enabled: false
        options: >-
          --health-cmd "curl http://localhost:9200/_cluster/health"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 10
        ports:
          - 9200:9200
    env:
      DB_HOST: localhost
      DB_USER: postgres
      DB_PASS: postgres
      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      BUNDLE_WITH: test
      ES_ENABLED: true
      ES_HOST: localhost
      ES_PORT: 9200
    strategy:
      fail-fast: false
      matrix:
        ruby-version:
          - '3.0'
          - '3.1'
          - '.ruby-version'
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v3
        with:
          path: './public'
          name: ${{ github.sha }}
      - name: Update package index
        run: sudo apt-get update
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          cache: yarn
          node-version-file: '.nvmrc'
      - name: Install native Ruby dependencies
        run: sudo apt-get install -y libicu-dev libidn11-dev
      - name: Install additional system dependencies
        run: sudo apt-get install -y ffmpeg imagemagick
      - name: Set up bundler cache
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ matrix.ruby-version}}
          bundler-cache: true
      - run: yarn --frozen-lockfile
      - name: Load database schema
        run: './bin/rails db:create db:schema:load db:seed'
      - run: bundle exec rake spec:search
      - name: Archive logs
        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: test-search-logs-${{ matrix.ruby-version }}
          path: log/
      - name: Archive test screenshots
        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: test-search-screenshots
          path: tmp/screenshots/
--- a/.haml-lint_todo.yml
+++ b/.haml-lint_todo.yml
@ -1,73 +1,23 @@
 # This configuration was generated by
 # `haml-lint --auto-gen-config`
-# on 2023-03-15 00:55:01 -0400 using Haml-Lint version 0.45.0.
+# on 2023-07-20 09:47:50 -0400 using Haml-Lint version 0.48.0.
 # The point is for the user to remove these configuration records
 # one by one as the lints are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of Haml-Lint, may require this file to be generated again.
 linters:
-  # Offense count: 63
+  # Offense count: 951
  RuboCop:
    exclude:
      - 'app/views/accounts/_og.html.haml'
      - 'app/views/admin/account_warnings/_account_warning.html.haml'
      - 'app/views/admin/accounts/index.html.haml'
      - 'app/views/admin/accounts/show.html.haml'
      - 'app/views/admin/announcements/edit.html.haml'
      - 'app/views/admin/announcements/new.html.haml'
      - 'app/views/admin/disputes/appeals/_appeal.html.haml'
      - 'app/views/admin/domain_blocks/edit.html.haml'
      - 'app/views/admin/domain_blocks/new.html.haml'
      - 'app/views/admin/ip_blocks/new.html.haml'
      - 'app/views/admin/reports/actions/preview.html.haml'
      - 'app/views/admin/reports/index.html.haml'
      - 'app/views/admin/reports/show.html.haml'
      - 'app/views/admin/roles/_form.html.haml'
      - 'app/views/admin/settings/about/show.html.haml'
      - 'app/views/admin/settings/appearance/show.html.haml'
      - 'app/views/admin/settings/registrations/show.html.haml'
      - 'app/views/admin/statuses/show.html.haml'
      - 'app/views/auth/registrations/new.html.haml'
      - 'app/views/disputes/strikes/show.html.haml'
      - 'app/views/filters/_filter_fields.html.haml'
      - 'app/views/invites/_form.html.haml'
      - 'app/views/layouts/application.html.haml'
      - 'app/views/layouts/error.html.haml'
      - 'app/views/notification_mailer/_status.html.haml'
      - 'app/views/settings/applications/_fields.html.haml'
      - 'app/views/settings/imports/show.html.haml'
      - 'app/views/settings/preferences/appearance/show.html.haml'
      - 'app/views/settings/preferences/other/show.html.haml'
      - 'app/views/statuses/_detailed_status.html.haml'
      - 'app/views/statuses/_poll.html.haml'
      - 'app/views/statuses/show.html.haml'
      - 'app/views/statuses_cleanup/show.html.haml'
      - 'app/views/user_mailer/warning.html.haml'
  # Offense count: 913
  LineLength:
    enabled: false
  # Offense count: 22
  UnnecessaryStringOutput:
-    exclude:
+    enabled: false
-      - 'app/views/accounts/show.html.haml'
+
-      - 'app/views/admin/custom_emojis/_custom_emoji.html.haml'
+  # Offense count: 57
-      - 'app/views/admin/relays/_relay.html.haml'
+  RuboCop:
-      - 'app/views/admin/rules/_rule.html.haml'
+    enabled: false
      - 'app/views/admin/statuses/index.html.haml'
      - 'app/views/auth/registrations/_sessions.html.haml'
      - 'app/views/disputes/strikes/show.html.haml'
      - 'app/views/notification_mailer/_status.html.haml'
      - 'app/views/settings/two_factor_authentication_methods/index.html.haml'
      - 'app/views/statuses/_detailed_status.html.haml'
      - 'app/views/statuses/_poll.html.haml'
      - 'app/views/statuses/_simple_status.html.haml'
      - 'app/views/user_mailer/suspicious_sign_in.html.haml'
      - 'app/views/user_mailer/webauthn_credential_added.html.haml'
      - 'app/views/user_mailer/webauthn_credential_deleted.html.haml'
      - 'app/views/user_mailer/welcome.html.haml'
  # Offense count: 3
  ViewLength:
@ -76,27 +26,18 @@ linters:
      - 'app/views/admin/reports/show.html.haml'
      - 'app/views/disputes/strikes/show.html.haml'
-  # Offense count: 41
+  # Offense count: 32
  InstanceVariables:
    exclude:
      - 'app/views/admin/reports/_actions.html.haml'
      - 'app/views/admin/roles/_form.html.haml'
      - 'app/views/admin/webhooks/_form.html.haml'
      - 'app/views/auth/registrations/_sessions.html.haml'
      - 'app/views/auth/registrations/_status.html.haml'
      - 'app/views/auth/sessions/two_factor/_otp_authentication_form.html.haml'
      - 'app/views/authorize_interactions/_post_follow_actions.html.haml'
      - 'app/views/invites/_form.html.haml'
      - 'app/views/relationships/_account.html.haml'
      - 'app/views/shared/_og.html.haml'
      - 'app/views/statuses/_status.html.haml'
  # Offense count: 6
  ConsecutiveSilentScripts:
    exclude:
      - 'app/views/admin/settings/shared/_links.html.haml'
      - 'app/views/settings/login_activities/_login_activity.html.haml'
      - 'app/views/statuses/_poll.html.haml'
  # Offense count: 3
  IdNames:
--- a/.nvmrc
+++ b/.nvmrc
@ -1 +1 @@
-16.20
+20.7
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -24,7 +24,6 @@ AllCops:
  Exclude:
    - db/schema.rb
    - 'bin/*'
    - 'Rakefile'
    - 'node_modules/**/*'
    - 'Vagrantfile'
    - 'vendor/**/*'
@ -39,14 +38,7 @@ Layout/FirstHashElementIndentation:
 # Reason: Currently disabled in .rubocop_todo.yml
 # https://docs.rubocop.org/rubocop/cops_layout.html#layoutlinelength
 Layout/LineLength:
-  AllowedPatterns:
+  Max: 320 # Default of 120 causes a duplicate entry in generated todo file
    # Allow comments to be long lines
    - !ruby/regexp / \# .*$/
    - !ruby/regexp /^\# .*$/
  Exclude:
    - 'lib/mastodon/cli/*.rb'
    - db/*migrate/**/*
    - db/seeds/**/*
 # Reason:
 # https://docs.rubocop.org/rubocop/cops_lint.html#lintuselessaccessmodifier
@ -132,12 +124,6 @@ RSpec/FilePath:
  Exclude:
    - 'spec/config/initializers/rack_attack_spec.rb' # namespaces usually have separate folder
    - 'spec/lib/sanitize_config_spec.rb' # namespaces usually have separate folder
    - 'spec/controllers/concerns/account_controller_concern_spec.rb' # Concerns describe ApplicationController and don't fit naming
    - 'spec/controllers/concerns/export_controller_concern_spec.rb'
    - 'spec/controllers/concerns/localized_spec.rb'
    - 'spec/controllers/concerns/rate_limit_headers_spec.rb'
    - 'spec/controllers/concerns/signature_verification_spec.rb'
    - 'spec/controllers/concerns/user_tracking_concern_spec.rb'
 # Reason:
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnamedsubject
@ -192,6 +178,11 @@ Style/RedundantBegin:
 Style/RescueStandardError:
  EnforcedStyle: implicit
 # Reason: Simplify some spec layouts
 # https://docs.rubocop.org/rubocop/cops_style.html#stylesemicolon
 Style/Semicolon:
  AllowAsExpressionSeparator: true
 # Reason: Originally disabled for CodeClimate, and no config consensus has been found
 # https://docs.rubocop.org/rubocop/cops_style.html#stylesymbolarray
 Style/SymbolArray:
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.52.1.
+# using RuboCop version 1.56.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@ -28,7 +28,6 @@ Layout/ArgumentAlignment:
 # SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
 Layout/HashAlignment:
  Exclude:
    - 'config/boot.rb'
    - 'config/environments/production.rb'
    - 'config/initializers/rack_attack.rb'
    - 'config/routes.rb'
@ -38,7 +37,14 @@ Layout/HashAlignment:
 Layout/LeadingCommentSpace:
  Exclude:
    - 'config/application.rb'
-    - 'config/initializers/omniauth.rb'
+    - 'config/initializers/3_omniauth.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
 Layout/LineLength:
  Exclude:
    - 'app/models/account.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
@ -48,15 +54,6 @@ Layout/SpaceInLambdaLiteral:
    - 'config/environments/production.rb'
    - 'config/initializers/content_security_policy.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Lint/AmbiguousBlockAssociation:
  Exclude:
    - 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb'
    - 'spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb'
    - 'spec/services/activitypub/process_status_update_service_spec.rb'
    - 'spec/services/post_status_service_spec.rb'
 # Configuration parameters: AllowComments, AllowEmptyLambdas.
 Lint/EmptyBlock:
  Exclude:
@ -64,38 +61,8 @@ Lint/EmptyBlock:
    - 'spec/fabricators/access_token_fabricator.rb'
    - 'spec/fabricators/conversation_fabricator.rb'
    - 'spec/fabricators/system_key_fabricator.rb'
    - 'spec/helpers/admin/action_logs_helper_spec.rb'
    - 'spec/lib/activitypub/adapter_spec.rb'
    - 'spec/models/account_alias_spec.rb'
    - 'spec/models/account_deletion_request_spec.rb'
    - 'spec/models/account_moderation_note_spec.rb'
    - 'spec/models/announcement_mute_spec.rb'
    - 'spec/models/announcement_reaction_spec.rb'
    - 'spec/models/announcement_spec.rb'
    - 'spec/models/backup_spec.rb'
    - 'spec/models/conversation_mute_spec.rb'
    - 'spec/models/custom_filter_keyword_spec.rb'
    - 'spec/models/custom_filter_spec.rb'
    - 'spec/models/device_spec.rb'
    - 'spec/models/encrypted_message_spec.rb'
    - 'spec/models/featured_tag_spec.rb'
    - 'spec/models/follow_recommendation_suppression_spec.rb'
    - 'spec/models/list_account_spec.rb'
    - 'spec/models/list_spec.rb'
    - 'spec/models/login_activity_spec.rb'
    - 'spec/models/mute_spec.rb'
    - 'spec/models/preview_card_spec.rb'
    - 'spec/models/preview_card_trend_spec.rb'
    - 'spec/models/relay_spec.rb'
    - 'spec/models/scheduled_status_spec.rb'
    - 'spec/models/status_stat_spec.rb'
    - 'spec/models/status_trend_spec.rb'
    - 'spec/models/system_key_spec.rb'
    - 'spec/models/tag_follow_spec.rb'
    - 'spec/models/unavailable_domain_spec.rb'
    - 'spec/models/user_invite_request_spec.rb'
    - 'spec/models/user_role_spec.rb'
    - 'spec/models/web/setting_spec.rb'
 Lint/NonLocalExitFromIterator:
  Exclude:
@ -106,11 +73,6 @@ Lint/OrAssignmentToConstant:
  Exclude:
    - 'lib/sanitize_ext/sanitize_config.rb'
 # This cop supports safe autocorrection (--autocorrect).
 Lint/SendWithMixinArgument:
  Exclude:
    - 'config/application.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
 Lint/UnusedBlockArgument:
@ -124,10 +86,9 @@ Lint/UnusedBlockArgument:
 Lint/UselessAssignment:
  Exclude:
    - 'app/services/activitypub/process_status_update_service.rb'
-    - 'config/initializers/omniauth.rb'
+    - 'config/initializers/3_omniauth.rb'
    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
    - 'spec/controllers/api/v1/bookmarks_controller_spec.rb'
    - 'spec/controllers/api/v1/favourites_controller_spec.rb'
    - 'spec/controllers/concerns/account_controller_concern_spec.rb'
    - 'spec/helpers/jsonld_helper_spec.rb'
@ -142,15 +103,9 @@ Lint/UselessAssignment:
    - 'spec/services/resolve_url_service_spec.rb'
    - 'spec/views/statuses/show.html.haml_spec.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
  Exclude:
    - 'spec/services/resolve_account_service_spec.rb'
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 150
+  Max: 144
  Exclude:
    - 'app/serializers/initial_state_serializer.rb'
@ -167,30 +122,6 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
  Max: 27
 Naming/AccessorMethodName:
  Exclude:
    - 'app/controllers/auth/sessions_controller.rb'
 # Configuration parameters: ExpectMatchingDefinition, CheckDefinitionPathHierarchy, CheckDefinitionPathHierarchyRoots, Regex, IgnoreExecutableScripts, AllowedAcronyms.
 # CheckDefinitionPathHierarchyRoots: lib, spec, test, src
 # AllowedAcronyms: CLI, DSL, ACL, API, ASCII, CPU, CSS, DNS, EOF, GUID, HTML, HTTP, HTTPS, ID, IP, JSON, LHS, QPS, RAM, RHS, RPC, SLA, SMTP, SQL, SSH, TCP, TLS, TTL, UDP, UI, UID, UUID, URI, URL, UTF8, VM, XML, XMPP, XSRF, XSS
 Naming/FileName:
  Exclude:
    - 'config/locales/sr-Latn.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyleForLeadingUnderscores.
 # SupportedStylesForLeadingUnderscores: disallowed, required, optional
 Naming/MemoizedInstanceVariableName:
  Exclude:
    - 'app/controllers/api/v1/bookmarks_controller.rb'
    - 'app/controllers/api/v1/favourites_controller.rb'
    - 'app/controllers/concerns/rate_limit_headers.rb'
    - 'app/lib/activitypub/activity.rb'
    - 'app/services/resolve_url_service.rb'
    - 'app/services/search_service.rb'
    - 'config/initializers/rack_attack.rb'
 # Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
 # SupportedStyles: snake_case, normalcase, non_integer
 # AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
@ -206,12 +137,17 @@ Naming/VariableNumber:
    - 'spec/models/user_spec.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
-Performance/UnfreezeString:
+# Configuration parameters: SafeMultiline.
 Performance/DeletePrefix:
  Exclude:
-    - 'app/lib/rss/builder.rb'
+    - 'app/models/featured_tag.rb'
-    - 'app/lib/text_formatter.rb'
+
-    - 'app/validators/status_length_validator.rb'
+Performance/MapMethodChain:
-    - 'lib/tasks/mastodon.rake'
+  Exclude:
    - 'app/models/feed.rb'
    - 'lib/mastodon/cli/maintenance.rb'
    - 'spec/services/bulk_import_service_spec.rb'
    - 'spec/services/import_service_spec.rb'
 RSpec/AnyInstance:
  Exclude:
@ -228,46 +164,10 @@ RSpec/AnyInstance:
    - 'spec/models/account_spec.rb'
    - 'spec/models/setting_spec.rb'
    - 'spec/services/activitypub/process_collection_service_spec.rb'
    - 'spec/validators/blacklisted_email_validator_spec.rb'
    - 'spec/validators/follow_limit_validator_spec.rb'
    - 'spec/workers/activitypub/delivery_worker_spec.rb'
    - 'spec/workers/web/push_notification_worker_spec.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 RSpec/EmptyExampleGroup:
  Exclude:
    - 'spec/helpers/admin/action_logs_helper_spec.rb'
    - 'spec/models/account_alias_spec.rb'
    - 'spec/models/account_deletion_request_spec.rb'
    - 'spec/models/account_moderation_note_spec.rb'
    - 'spec/models/announcement_mute_spec.rb'
    - 'spec/models/announcement_reaction_spec.rb'
    - 'spec/models/announcement_spec.rb'
    - 'spec/models/backup_spec.rb'
    - 'spec/models/conversation_mute_spec.rb'
    - 'spec/models/custom_filter_keyword_spec.rb'
    - 'spec/models/custom_filter_spec.rb'
    - 'spec/models/device_spec.rb'
    - 'spec/models/encrypted_message_spec.rb'
    - 'spec/models/featured_tag_spec.rb'
    - 'spec/models/follow_recommendation_suppression_spec.rb'
    - 'spec/models/list_account_spec.rb'
    - 'spec/models/list_spec.rb'
    - 'spec/models/login_activity_spec.rb'
    - 'spec/models/mute_spec.rb'
    - 'spec/models/preview_card_spec.rb'
    - 'spec/models/preview_card_trend_spec.rb'
    - 'spec/models/relay_spec.rb'
    - 'spec/models/scheduled_status_spec.rb'
    - 'spec/models/status_stat_spec.rb'
    - 'spec/models/status_trend_spec.rb'
    - 'spec/models/system_key_spec.rb'
    - 'spec/models/tag_follow_spec.rb'
    - 'spec/models/unavailable_domain_spec.rb'
    - 'spec/models/user_invite_request_spec.rb'
    - 'spec/models/web/setting_spec.rb'
    - 'spec/services/unmute_service_spec.rb'
 # Configuration parameters: CountAsOne.
 RSpec/ExampleLength:
  Max: 22
@ -285,7 +185,6 @@ RSpec/HookArgument:
    - 'spec/serializers/activitypub/note_serializer_spec.rb'
    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
    - 'spec/services/import_service_spec.rb'
    - 'spec/spec_helper.rb'
 # Configuration parameters: AssignmentOnly.
 RSpec/InstanceVariable:
@ -321,7 +220,6 @@ RSpec/LetSetup:
    - 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
    - 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
    - 'spec/controllers/api/v2/filters/statuses_controller_spec.rb'
    - 'spec/controllers/api/v2/filters_controller_spec.rb'
    - 'spec/controllers/auth/confirmations_controller_spec.rb'
    - 'spec/controllers/auth/passwords_controller_spec.rb'
    - 'spec/controllers/auth/sessions_controller_spec.rb'
@ -331,6 +229,7 @@ RSpec/LetSetup:
    - 'spec/controllers/oauth/tokens_controller_spec.rb'
    - 'spec/controllers/settings/imports_controller_spec.rb'
    - 'spec/lib/activitypub/activity/delete_spec.rb'
    - 'spec/lib/vacuum/applications_vacuum_spec.rb'
    - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb'
    - 'spec/models/account_spec.rb'
    - 'spec/models/account_statuses_cleanup_policy_spec.rb'
@ -368,11 +267,7 @@ RSpec/MessageChain:
 RSpec/MessageSpies:
  Exclude:
    - 'spec/controllers/admin/accounts_controller_spec.rb'
    - 'spec/controllers/api/base_controller_spec.rb'
    - 'spec/controllers/auth/registrations_controller_spec.rb'
    - 'spec/helpers/admin/account_moderation_notes_helper_spec.rb'
    - 'spec/helpers/application_helper_spec.rb'
    - 'spec/lib/status_finder_spec.rb'
    - 'spec/lib/webfinger_resource_spec.rb'
    - 'spec/models/admin/account_action_spec.rb'
    - 'spec/models/concerns/remotable_spec.rb'
@ -400,89 +295,13 @@ RSpec/PendingWithoutReason:
  Exclude:
    - 'spec/models/account_spec.rb'
 RSpec/StubbedMock:
  Exclude:
    - 'spec/controllers/api/base_controller_spec.rb'
    - 'spec/controllers/api/v1/media_controller_spec.rb'
    - 'spec/controllers/auth/registrations_controller_spec.rb'
    - 'spec/helpers/application_helper_spec.rb'
    - 'spec/lib/status_filter_spec.rb'
    - 'spec/lib/status_finder_spec.rb'
    - 'spec/lib/webfinger_resource_spec.rb'
    - 'spec/services/activitypub/process_collection_service_spec.rb'
 RSpec/SubjectDeclaration:
  Exclude:
    - 'spec/controllers/admin/domain_blocks_controller_spec.rb'
    - 'spec/models/account_migration_spec.rb'
    - 'spec/models/account_spec.rb'
    - 'spec/models/relationship_filter_spec.rb'
    - 'spec/models/user_role_spec.rb'
    - 'spec/policies/account_moderation_note_policy_spec.rb'
    - 'spec/policies/account_policy_spec.rb'
    - 'spec/policies/backup_policy_spec.rb'
    - 'spec/policies/custom_emoji_policy_spec.rb'
    - 'spec/policies/domain_block_policy_spec.rb'
    - 'spec/policies/email_domain_block_policy_spec.rb'
    - 'spec/policies/instance_policy_spec.rb'
    - 'spec/policies/invite_policy_spec.rb'
    - 'spec/policies/relay_policy_spec.rb'
    - 'spec/policies/report_note_policy_spec.rb'
    - 'spec/policies/report_policy_spec.rb'
    - 'spec/policies/settings_policy_spec.rb'
    - 'spec/policies/tag_policy_spec.rb'
    - 'spec/policies/user_policy_spec.rb'
    - 'spec/services/activitypub/process_account_service_spec.rb'
 RSpec/SubjectStub:
  Exclude:
    - 'spec/services/unallow_domain_service_spec.rb'
    - 'spec/validators/blacklisted_email_validator_spec.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationController:
  Exclude:
    - 'app/controllers/health_controller.rb'
 # Configuration parameters: Database, Include.
 # SupportedDatabases: mysql, postgresql
 # Include: db/migrate/*.rb
 Rails/BulkChangeTable:
  Exclude:
    - 'db/migrate/20160222143943_add_profile_fields_to_accounts.rb'
    - 'db/migrate/20160223162837_add_metadata_to_statuses.rb'
    - 'db/migrate/20160305115639_add_devise_to_users.rb'
    - 'db/migrate/20160314164231_add_owner_to_application.rb'
    - 'db/migrate/20160926213048_remove_owner_from_application.rb'
    - 'db/migrate/20161003142332_add_confirmable_to_users.rb'
    - 'db/migrate/20170112154826_migrate_settings.rb'
    - 'db/migrate/20170127165745_add_devise_two_factor_to_users.rb'
    - 'db/migrate/20170322143850_change_primary_key_to_bigint_on_statuses.rb'
    - 'db/migrate/20170330021336_add_counter_caches.rb'
    - 'db/migrate/20170425202925_add_oembed_to_preview_cards.rb'
    - 'db/migrate/20170427011934_re_add_owner_to_application.rb'
    - 'db/migrate/20170520145338_change_language_filter_to_opt_out.rb'
    - 'db/migrate/20170624134742_add_description_to_session_activations.rb'
    - 'db/migrate/20170718211102_add_activitypub_to_accounts.rb'
    - 'db/migrate/20171006142024_add_uri_to_custom_emojis.rb'
    - 'db/migrate/20180812123222_change_relays_enabled.rb'
    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
    - 'db/migrate/20190805123746_add_capabilities_to_tags.rb'
    - 'db/migrate/20190807135426_add_comments_to_domain_blocks.rb'
    - 'db/migrate/20190815225426_add_last_status_at_to_tags.rb'
    - 'db/migrate/20190901035623_add_max_score_to_tags.rb'
    - 'db/migrate/20200417125749_add_storage_schema_version.rb'
    - 'db/migrate/20200608113046_add_sign_in_token_to_users.rb'
    - 'db/migrate/20211112011713_add_language_to_preview_cards.rb'
    - 'db/migrate/20211231080958_add_category_to_reports.rb'
    - 'db/migrate/20220202200743_add_trendable_to_accounts.rb'
    - 'db/migrate/20220224010024_add_ips_to_email_domain_blocks.rb'
    - 'db/migrate/20220227041951_add_last_used_at_to_oauth_access_tokens.rb'
    - 'db/migrate/20220303000827_add_ordered_media_attachment_ids_to_status_edits.rb'
    - 'db/migrate/20220824164433_add_human_identifier_to_admin_action_logs.rb'
 # Configuration parameters: Include.
-# Include: db/migrate/*.rb
+# Include: db/**/*.rb
 Rails/CreateTableWithTimestamps:
  Exclude:
    - 'db/migrate/20170508230434_create_conversation_mutes.rb'
@ -756,12 +575,12 @@ Style/FetchEnvVar:
    - 'app/lib/translation_service.rb'
    - 'config/environments/development.rb'
    - 'config/environments/production.rb'
-    - 'config/initializers/2_whitelist_mode.rb'
+    - 'config/initializers/2_limited_federation_mode.rb'
    - 'config/initializers/3_omniauth.rb'
    - 'config/initializers/blacklists.rb'
    - 'config/initializers/cache_buster.rb'
    - 'config/initializers/content_security_policy.rb'
    - 'config/initializers/devise.rb'
    - 'config/initializers/omniauth.rb'
    - 'config/initializers/paperclip.rb'
    - 'config/initializers/vapid.rb'
    - 'lib/mastodon/premailer_webpack_strategy.rb'
@ -779,406 +598,6 @@ Style/FormatStringToken:
    - 'config/initializers/devise.rb'
    - 'lib/paperclip/color_extractor.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
  Exclude:
    - 'app/views/accounts/show.rss.ruby'
    - 'app/views/tags/show.rss.ruby'
    - 'app/views/well_known/host_meta/show.xml.ruby'
    - 'config/application.rb'
    - 'config/boot.rb'
    - 'config/environment.rb'
    - 'config/environments/development.rb'
    - 'config/environments/production.rb'
    - 'config/environments/test.rb'
    - 'config/initializers/0_post_deployment_migrations.rb'
    - 'config/initializers/active_model_serializers.rb'
    - 'config/initializers/application_controller_renderer.rb'
    - 'config/initializers/assets.rb'
    - 'config/initializers/backtrace_silencers.rb'
    - 'config/initializers/cache_logging.rb'
    - 'config/initializers/chewy.rb'
    - 'config/initializers/content_security_policy.rb'
    - 'config/initializers/cookies_serializer.rb'
    - 'config/initializers/cors.rb'
    - 'config/initializers/devise.rb'
    - 'config/initializers/doorkeeper.rb'
    - 'config/initializers/fast_blank.rb'
    - 'config/initializers/ffmpeg.rb'
    - 'config/initializers/filter_parameter_logging.rb'
    - 'config/initializers/http_client_proxy.rb'
    - 'config/initializers/httplog.rb'
    - 'config/initializers/inflections.rb'
    - 'config/initializers/mail_delivery_job.rb'
    - 'config/initializers/makara.rb'
    - 'config/initializers/mime_types.rb'
    - 'config/initializers/oj.rb'
    - 'config/initializers/omniauth.rb'
    - 'config/initializers/open_uri_redirection.rb'
    - 'config/initializers/permissions_policy.rb'
    - 'config/initializers/pghero.rb'
    - 'config/initializers/preload_link_headers.rb'
    - 'config/initializers/premailer_rails.rb'
    - 'config/initializers/rack_attack_logging.rb'
    - 'config/initializers/redis.rb'
    - 'config/initializers/session_store.rb'
    - 'config/initializers/simple_form.rb'
    - 'config/initializers/stoplight.rb'
    - 'config/initializers/trusted_proxies.rb'
    - 'config/initializers/twitter_regex.rb'
    - 'config/initializers/webauthn.rb'
    - 'config/initializers/wrap_parameters.rb'
    - 'config/locales/sr-Latn.rb'
    - 'config/locales/sr.rb'
    - 'config/puma.rb'
    - 'db/migrate/20160220174730_create_accounts.rb'
    - 'db/migrate/20160220211917_create_statuses.rb'
    - 'db/migrate/20160221003140_create_users.rb'
    - 'db/migrate/20160221003621_create_follows.rb'
    - 'db/migrate/20160222122600_create_stream_entries.rb'
    - 'db/migrate/20160222143943_add_profile_fields_to_accounts.rb'
    - 'db/migrate/20160223162837_add_metadata_to_statuses.rb'
    - 'db/migrate/20160223164502_make_uris_nullable_in_statuses.rb'
    - 'db/migrate/20160223165723_add_url_to_statuses.rb'
    - 'db/migrate/20160223165855_add_url_to_accounts.rb'
    - 'db/migrate/20160223171800_create_favourites.rb'
    - 'db/migrate/20160224223247_create_mentions.rb'
    - 'db/migrate/20160227230233_add_attachment_avatar_to_accounts.rb'
    - 'db/migrate/20160305115639_add_devise_to_users.rb'
    - 'db/migrate/20160306172223_create_doorkeeper_tables.rb'
    - 'db/migrate/20160312193225_add_attachment_header_to_accounts.rb'
    - 'db/migrate/20160314164231_add_owner_to_application.rb'
    - 'db/migrate/20160316103650_add_missing_indices.rb'
    - 'db/migrate/20160322193748_add_avatar_remote_url_to_accounts.rb'
    - 'db/migrate/20160325130944_add_admin_to_users.rb'
    - 'db/migrate/20160826155805_add_superapp_to_oauth_applications.rb'
    - 'db/migrate/20160905150353_create_media_attachments.rb'
    - 'db/migrate/20160919221059_add_subscription_expires_at_to_accounts.rb'
    - 'db/migrate/20160920003904_remove_verify_token_from_accounts.rb'
    - 'db/migrate/20160926213048_remove_owner_from_application.rb'
    - 'db/migrate/20161003142332_add_confirmable_to_users.rb'
    - 'db/migrate/20161003145426_create_blocks.rb'
    - 'db/migrate/20161006213403_rails_settings_migration.rb'
    - 'db/migrate/20161009120834_create_domain_blocks.rb'
    - 'db/migrate/20161027172456_add_silenced_to_accounts.rb'
    - 'db/migrate/20161104173623_create_tags.rb'
    - 'db/migrate/20161105130633_create_statuses_tags_join_table.rb'
    - 'db/migrate/20161116162355_add_locale_to_users.rb'
    - 'db/migrate/20161119211120_create_notifications.rb'
    - 'db/migrate/20161122163057_remove_unneeded_indexes.rb'
    - 'db/migrate/20161123093447_add_sensitive_to_statuses.rb'
    - 'db/migrate/20161128103007_create_subscriptions.rb'
    - 'db/migrate/20161130142058_add_last_successful_delivery_at_to_subscriptions.rb'
    - 'db/migrate/20161130185319_add_visibility_to_statuses.rb'
    - 'db/migrate/20161202132159_add_in_reply_to_account_id_to_statuses.rb'
    - 'db/migrate/20161203164520_add_from_account_id_to_notifications.rb'
    - 'db/migrate/20161205214545_add_suspended_to_accounts.rb'
    - 'db/migrate/20161221152630_add_hidden_to_stream_entries.rb'
    - 'db/migrate/20161222201034_add_locked_to_accounts.rb'
    - 'db/migrate/20161222204147_create_follow_requests.rb'
    - 'db/migrate/20170105224407_add_shortcode_to_media_attachments.rb'
    - 'db/migrate/20170109120109_create_web_settings.rb'
    - 'db/migrate/20170112154826_migrate_settings.rb'
    - 'db/migrate/20170114194937_add_application_to_statuses.rb'
    - 'db/migrate/20170114203041_add_website_to_oauth_application.rb'
    - 'db/migrate/20170119214911_create_preview_cards.rb'
    - 'db/migrate/20170123162658_add_severity_to_domain_blocks.rb'
    - 'db/migrate/20170123203248_add_reject_media_to_domain_blocks.rb'
    - 'db/migrate/20170125145934_add_spoiler_text_to_statuses.rb'
    - 'db/migrate/20170127165745_add_devise_two_factor_to_users.rb'
    - 'db/migrate/20170205175257_remove_devices.rb'
    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
    - 'db/migrate/20170214110202_create_reports.rb'
    - 'db/migrate/20170217012631_add_reblog_of_id_foreign_key_to_statuses.rb'
    - 'db/migrate/20170301222600_create_mutes.rb'
    - 'db/migrate/20170303212857_add_last_emailed_at_to_users.rb'
    - 'db/migrate/20170304202101_add_type_to_media_attachments.rb'
    - 'db/migrate/20170317193015_add_search_index_to_accounts.rb'
    - 'db/migrate/20170318214217_add_header_remote_url_to_accounts.rb'
    - 'db/migrate/20170322021028_add_lowercase_index_to_accounts.rb'
    - 'db/migrate/20170322143850_change_primary_key_to_bigint_on_statuses.rb'
    - 'db/migrate/20170322162804_add_search_index_to_tags.rb'
    - 'db/migrate/20170330021336_add_counter_caches.rb'
    - 'db/migrate/20170330163835_create_imports.rb'
    - 'db/migrate/20170330164118_add_attachment_data_to_imports.rb'
    - 'db/migrate/20170403172249_add_action_taken_by_account_id_to_reports.rb'
    - 'db/migrate/20170405112956_add_index_on_mentions_status_id.rb'
    - 'db/migrate/20170406215816_add_notifications_and_favourites_indices.rb'
    - 'db/migrate/20170409170753_add_last_webfingered_at_to_accounts.rb'
    - 'db/migrate/20170414080609_add_devise_two_factor_backupable_to_users.rb'
    - 'db/migrate/20170414132105_add_language_to_statuses.rb'
    - 'db/migrate/20170418160728_add_indexes_to_reports_for_accounts.rb'
    - 'db/migrate/20170423005413_add_allowed_languages_to_user.rb'
    - 'db/migrate/20170424003227_create_account_domain_blocks.rb'
    - 'db/migrate/20170424112722_add_status_id_index_to_statuses_tags.rb'
    - 'db/migrate/20170425131920_add_media_attachment_meta.rb'
    - 'db/migrate/20170425202925_add_oembed_to_preview_cards.rb'
    - 'db/migrate/20170427011934_re_add_owner_to_application.rb'
    - 'db/migrate/20170506235850_create_conversations.rb'
    - 'db/migrate/20170507000211_add_conversation_id_to_statuses.rb'
    - 'db/migrate/20170507141759_optimize_index_subscriptions.rb'
    - 'db/migrate/20170508230434_create_conversation_mutes.rb'
    - 'db/migrate/20170516072309_add_index_accounts_on_uri.rb'
    - 'db/migrate/20170520145338_change_language_filter_to_opt_out.rb'
    - 'db/migrate/20170601210557_add_index_on_media_attachments_account_id.rb'
    - 'db/migrate/20170604144747_add_foreign_keys_for_accounts.rb'
    - 'db/migrate/20170606113804_change_tag_search_index_to_btree.rb'
    - 'db/migrate/20170609145826_remove_default_language_from_statuses.rb'
    - 'db/migrate/20170610000000_add_statuses_index_on_account_id_id.rb'
    - 'db/migrate/20170623152212_create_session_activations.rb'
    - 'db/migrate/20170624134742_add_description_to_session_activations.rb'
    - 'db/migrate/20170625140443_add_access_token_id_to_session_activations.rb'
    - 'db/migrate/20170711225116_fix_null_booleans.rb'
    - 'db/migrate/20170713112503_make_tag_search_case_insensitive.rb'
    - 'db/migrate/20170713175513_create_web_push_subscriptions.rb'
    - 'db/migrate/20170713190709_add_web_push_subscription_to_session_activations.rb'
    - 'db/migrate/20170714184731_add_domain_to_subscriptions.rb'
    - 'db/migrate/20170716191202_add_hide_notifications_to_mute.rb'
    - 'db/migrate/20170718211102_add_activitypub_to_accounts.rb'
    - 'db/migrate/20170720000000_add_index_favourites_on_account_id_and_id.rb'
    - 'db/migrate/20170823162448_create_status_pins.rb'
    - 'db/migrate/20170824103029_add_timestamps_to_status_pins.rb'
    - 'db/migrate/20170829215220_remove_status_pins_account_index.rb'
    - 'db/migrate/20170901141119_truncate_preview_cards.rb'
    - 'db/migrate/20170901142658_create_join_table_preview_cards_statuses.rb'
    - 'db/migrate/20170905044538_add_index_id_account_id_activity_type_on_notifications.rb'
    - 'db/migrate/20170905165803_add_local_to_statuses.rb'
    - 'db/migrate/20170913000752_create_site_uploads.rb'
    - 'db/migrate/20170917153509_create_custom_emojis.rb'
    - 'db/migrate/20170918125918_ids_to_bigints.rb'
    - 'db/migrate/20170920024819_status_ids_to_timestamp_ids.rb'
    - 'db/migrate/20170920032311_fix_reblogs_in_feeds.rb'
    - 'db/migrate/20170924022025_ids_to_bigints2.rb'
    - 'db/migrate/20170927215609_add_description_to_media_attachments.rb'
    - 'db/migrate/20170928082043_create_email_domain_blocks.rb'
    - 'db/migrate/20171005102658_create_account_moderation_notes.rb'
    - 'db/migrate/20171005171936_add_disabled_to_custom_emojis.rb'
    - 'db/migrate/20171006142024_add_uri_to_custom_emojis.rb'
    - 'db/migrate/20171010023049_add_foreign_key_to_account_moderation_notes.rb'
    - 'db/migrate/20171010025614_change_accounts_nonnullable_in_account_moderation_notes.rb'
    - 'db/migrate/20171020084748_add_visible_in_picker_to_custom_emoji.rb'
    - 'db/migrate/20171028221157_add_reblogs_to_follows.rb'
    - 'db/migrate/20171107143332_add_memorial_to_accounts.rb'
    - 'db/migrate/20171107143624_add_disabled_to_users.rb'
    - 'db/migrate/20171109012327_add_moderator_to_accounts.rb'
    - 'db/migrate/20171114080328_add_index_domain_to_email_domain_blocks.rb'
    - 'db/migrate/20171114231651_create_lists.rb'
    - 'db/migrate/20171116161857_create_list_accounts.rb'
    - 'db/migrate/20171118012443_add_moved_to_account_id_to_accounts.rb'
    - 'db/migrate/20171119172437_create_admin_action_logs.rb'
    - 'db/migrate/20171122120436_add_index_account_and_reblog_of_id_to_statuses.rb'
    - 'db/migrate/20171125024930_create_invites.rb'
    - 'db/migrate/20171125031751_add_invite_id_to_users.rb'
    - 'db/migrate/20171125185353_add_index_reblog_of_id_and_account_to_statuses.rb'
    - 'db/migrate/20171125190735_remove_old_reblog_index_on_statuses.rb'
    - 'db/migrate/20171129172043_add_index_on_stream_entries.rb'
    - 'db/migrate/20171130000000_add_embed_url_to_preview_cards.rb'
    - 'db/migrate/20171201000000_change_account_id_nonnullable_in_lists.rb'
    - 'db/migrate/20171212195226_remove_duplicate_indexes_in_lists.rb'
    - 'db/migrate/20171226094803_more_faster_index_on_notifications.rb'
    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
    - 'db/migrate/20180109143959_add_remember_token_to_users.rb'
    - 'db/migrate/20180204034416_create_identities.rb'
    - 'db/migrate/20180206000000_change_user_id_nonnullable.rb'
    - 'db/migrate/20180211015820_create_backups.rb'
    - 'db/migrate/20180304013859_add_featured_collection_url_to_accounts.rb'
    - 'db/migrate/20180310000000_change_columns_in_notifications_nonnullable.rb'
    - 'db/migrate/20180402031200_add_assigned_account_id_to_reports.rb'
    - 'db/migrate/20180402040909_create_report_notes.rb'
    - 'db/migrate/20180410204633_add_fields_to_accounts.rb'
    - 'db/migrate/20180416210259_add_uri_to_relationships.rb'
    - 'db/migrate/20180506221944_add_actor_type_to_accounts.rb'
    - 'db/migrate/20180510214435_add_access_token_id_to_web_push_subscriptions.rb'
    - 'db/migrate/20180510230049_migrate_web_push_subscriptions.rb'
    - 'db/migrate/20180528141303_fix_accounts_unique_index.rb'
    - 'db/migrate/20180608213548_reject_following_blocked_users.rb'
    - 'db/migrate/20180609104432_migrate_web_push_subscriptions2.rb'
    - 'db/migrate/20180615122121_add_autofollow_to_invites.rb'
    - 'db/migrate/20180616192031_add_chosen_languages_to_users.rb'
    - 'db/migrate/20180617162849_remove_unused_indexes.rb'
    - 'db/migrate/20180628181026_create_custom_filters.rb'
    - 'db/migrate/20180707154237_add_whole_word_to_custom_filter.rb'
    - 'db/migrate/20180711152640_create_relays.rb'
    - 'db/migrate/20180808175627_create_account_pins.rb'
    - 'db/migrate/20180812123222_change_relays_enabled.rb'
    - 'db/migrate/20180812162710_create_status_stats.rb'
    - 'db/migrate/20180812173710_copy_status_stats.rb'
    - 'db/migrate/20180814171349_add_confidential_to_doorkeeper_application.rb'
    - 'db/migrate/20180831171112_create_bookmarks.rb'
    - 'db/migrate/20180929222014_create_account_conversations.rb'
    - 'db/migrate/20181007025445_create_pghero_space_stats.rb'
    - 'db/migrate/20181010141500_add_silent_to_mentions.rb'
    - 'db/migrate/20181017170937_add_reject_reports_to_domain_blocks.rb'
    - 'db/migrate/20181018205649_add_unread_to_account_conversations.rb'
    - 'db/migrate/20181024224956_migrate_account_conversations.rb'
    - 'db/migrate/20181026034033_remove_faux_remote_account_duplicates.rb'
    - 'db/migrate/20181116165755_create_account_stats.rb'
    - 'db/migrate/20181116173541_copy_account_stats.rb'
    - 'db/migrate/20181127130500_identity_id_to_bigint.rb'
    - 'db/migrate/20181127165847_add_show_replies_to_lists.rb'
    - 'db/migrate/20181203003808_create_accounts_tags_join_table.rb'
    - 'db/migrate/20181203021853_add_discoverable_to_accounts.rb'
    - 'db/migrate/20181204193439_add_last_status_at_to_account_stats.rb'
    - 'db/migrate/20181204215309_create_account_tag_stats.rb'
    - 'db/migrate/20181207011115_downcase_custom_emoji_domains.rb'
    - 'db/migrate/20181213184704_create_account_warnings.rb'
    - 'db/migrate/20181213185533_create_account_warning_presets.rb'
    - 'db/migrate/20181219235220_add_created_by_application_id_to_users.rb'
    - 'db/migrate/20181226021420_add_also_known_as_to_accounts.rb'
    - 'db/migrate/20190103124649_create_scheduled_statuses.rb'
    - 'db/migrate/20190103124754_add_scheduled_status_id_to_media_attachments.rb'
    - 'db/migrate/20190117114553_create_tombstones.rb'
    - 'db/migrate/20190201012802_add_overwrite_to_imports.rb'
    - 'db/migrate/20190203180359_create_featured_tags.rb'
    - 'db/migrate/20190225031541_create_polls.rb'
    - 'db/migrate/20190225031625_create_poll_votes.rb'
    - 'db/migrate/20190226003449_add_poll_id_to_statuses.rb'
    - 'db/migrate/20190304152020_add_uri_to_poll_votes.rb'
    - 'db/migrate/20190306145741_add_lock_version_to_polls.rb'
    - 'db/migrate/20190307234537_add_approved_to_users.rb'
    - 'db/migrate/20190314181829_migrate_open_registrations_setting.rb'
    - 'db/migrate/20190316190352_create_account_identity_proofs.rb'
    - 'db/migrate/20190317135723_add_uri_to_reports.rb'
    - 'db/migrate/20190403141604_add_comment_to_invites.rb'
    - 'db/migrate/20190409054914_create_user_invite_requests.rb'
    - 'db/migrate/20190420025523_add_blurhash_to_media_attachments.rb'
    - 'db/migrate/20190509164208_add_by_moderator_to_tombstone.rb'
    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
    - 'db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb'
    - 'db/migrate/20190627222225_create_custom_emoji_categories.rb'
    - 'db/migrate/20190627222826_add_category_id_to_custom_emojis.rb'
    - 'db/migrate/20190701022101_add_trust_level_to_accounts.rb'
    - 'db/migrate/20190705002136_create_domain_allows.rb'
    - 'db/migrate/20190715164535_add_instance_actor.rb'
    - 'db/migrate/20190726175042_add_case_insensitive_index_to_tags.rb'
    - 'db/migrate/20190729185330_add_score_to_tags.rb'
    - 'db/migrate/20190805123746_add_capabilities_to_tags.rb'
    - 'db/migrate/20190807135426_add_comments_to_domain_blocks.rb'
    - 'db/migrate/20190815225426_add_last_status_at_to_tags.rb'
    - 'db/migrate/20190819134503_add_deleted_at_to_statuses.rb'
    - 'db/migrate/20190820003045_update_statuses_index.rb'
    - 'db/migrate/20190823221802_add_local_index_to_statuses.rb'
    - 'db/migrate/20190901035623_add_max_score_to_tags.rb'
    - 'db/migrate/20190904222339_create_markers.rb'
    - 'db/migrate/20190914202517_create_account_migrations.rb'
    - 'db/migrate/20190915194355_create_account_aliases.rb'
    - 'db/migrate/20190927232842_add_voters_count_to_polls.rb'
    - 'db/migrate/20191001213028_add_lock_version_to_account_stats.rb'
    - 'db/migrate/20191007013357_update_pt_locales.rb'
    - 'db/migrate/20191031163205_change_list_account_follow_nullable.rb'
    - 'db/migrate/20191212003415_increase_backup_size.rb'
    - 'db/migrate/20191212163405_add_hide_collections_to_accounts.rb'
    - 'db/migrate/20191218153258_create_announcements.rb'
    - 'db/migrate/20200113125135_create_announcement_mutes.rb'
    - 'db/migrate/20200114113335_create_announcement_reactions.rb'
    - 'db/migrate/20200119112504_add_public_index_to_statuses.rb'
    - 'db/migrate/20200126203551_add_published_at_to_announcements.rb'
    - 'db/migrate/20200306035625_add_processing_to_media_attachments.rb'
    - 'db/migrate/20200309150742_add_forwarded_to_reports.rb'
    - 'db/migrate/20200312144258_add_title_to_account_warning_presets.rb'
    - 'db/migrate/20200312162302_add_status_ids_to_announcements.rb'
    - 'db/migrate/20200312185443_add_parent_id_to_email_domain_blocks.rb'
    - 'db/migrate/20200317021758_add_expires_at_to_mutes.rb'
    - 'db/migrate/20200407201300_create_unavailable_domains.rb'
    - 'db/migrate/20200407202420_migrate_unavailable_inboxes.rb'
    - 'db/migrate/20200417125749_add_storage_schema_version.rb'
    - 'db/migrate/20200508212852_reset_unique_jobs_locks.rb'
    - 'db/migrate/20200510110808_reset_web_app_secret.rb'
    - 'db/migrate/20200510181721_remove_duplicated_indexes_pghero.rb'
    - 'db/migrate/20200516180352_create_devices.rb'
    - 'db/migrate/20200516183822_create_one_time_keys.rb'
    - 'db/migrate/20200518083523_create_encrypted_messages.rb'
    - 'db/migrate/20200521180606_encrypted_message_ids_to_timestamp_ids.rb'
    - 'db/migrate/20200529214050_add_devices_url_to_accounts.rb'
    - 'db/migrate/20200601222558_create_system_keys.rb'
    - 'db/migrate/20200605155027_add_blurhash_to_preview_cards.rb'
    - 'db/migrate/20200608113046_add_sign_in_token_to_users.rb'
    - 'db/migrate/20200614002136_add_sensitized_to_accounts.rb'
    - 'db/migrate/20200620164023_add_fixed_lowercase_index_to_accounts.rb'
    - 'db/migrate/20200622213645_media_attachment_ids_to_timestamp_ids.rb'
    - 'db/migrate/20200627125810_add_thumbnail_columns_to_media_attachments.rb'
    - 'db/migrate/20200628133322_create_account_notes.rb'
    - 'db/migrate/20200630190240_create_webauthn_credentials.rb'
    - 'db/migrate/20200630190544_add_webauthn_id_to_users.rb'
    - 'db/migrate/20200908193330_create_account_deletion_requests.rb'
    - 'db/migrate/20200917192924_add_notify_to_follows.rb'
    - 'db/migrate/20200917193034_add_type_to_notifications.rb'
    - 'db/migrate/20200917222316_add_index_notifications_on_type.rb'
    - 'db/migrate/20201008202037_create_ip_blocks.rb'
    - 'db/migrate/20201008220312_add_sign_up_ip_to_users.rb'
    - 'db/migrate/20201017233919_add_suspension_origin_to_accounts.rb'
    - 'db/migrate/20201206004238_create_instances.rb'
    - 'db/migrate/20201218054746_add_obfuscate_to_domain_blocks.rb'
    - 'db/migrate/20210221045109_create_rules.rb'
    - 'db/migrate/20210306164523_account_ids_to_timestamp_ids.rb'
    - 'db/migrate/20210322164601_create_account_summaries.rb'
    - 'db/migrate/20210323114347_create_follow_recommendations.rb'
    - 'db/migrate/20210324171613_create_follow_recommendation_suppressions.rb'
    - 'db/migrate/20210416200740_create_canonical_email_blocks.rb'
    - 'db/migrate/20210421121431_add_case_insensitive_btree_index_to_tags.rb'
    - 'db/migrate/20210425135952_add_index_on_media_attachments_account_id_status_id.rb'
    - 'db/migrate/20210505174616_update_follow_recommendations_to_version_2.rb'
    - 'db/migrate/20210609202149_create_login_activities.rb'
    - 'db/migrate/20210616214526_create_user_ips.rb'
    - 'db/migrate/20210621221010_add_skip_sign_in_token_to_users.rb'
    - 'db/migrate/20210630000137_fix_canonical_email_blocks_foreign_key.rb'
    - 'db/migrate/20210722120340_create_account_statuses_cleanup_policies.rb'
    - 'db/migrate/20210904215403_add_edited_at_to_statuses.rb'
    - 'db/migrate/20210908220918_create_status_edits.rb'
    - 'db/migrate/20211031031021_create_preview_card_providers.rb'
    - 'db/migrate/20211112011713_add_language_to_preview_cards.rb'
    - 'db/migrate/20211115032527_add_trendable_to_preview_cards.rb'
    - 'db/migrate/20211123212714_add_link_type_to_preview_cards.rb'
    - 'db/migrate/20211213040746_update_account_summaries_to_version_2.rb'
    - 'db/migrate/20211231080958_add_category_to_reports.rb'
    - 'db/migrate/20220105163928_remove_mentions_status_id_index.rb'
    - 'db/migrate/20220115125126_add_report_id_to_account_warnings.rb'
    - 'db/migrate/20220115125341_fix_account_warning_actions.rb'
    - 'db/migrate/20220116202951_add_deleted_at_index_on_statuses.rb'
    - 'db/migrate/20220124141035_create_appeals.rb'
    - 'db/migrate/20220202200743_add_trendable_to_accounts.rb'
    - 'db/migrate/20220202200926_add_trendable_to_statuses.rb'
    - 'db/migrate/20220210153119_add_overruled_at_to_account_warnings.rb'
    - 'db/migrate/20220224010024_add_ips_to_email_domain_blocks.rb'
    - 'db/migrate/20220227041951_add_last_used_at_to_oauth_access_tokens.rb'
    - 'db/migrate/20220302232632_add_ordered_media_attachment_ids_to_statuses.rb'
    - 'db/migrate/20220303000827_add_ordered_media_attachment_ids_to_status_edits.rb'
    - 'db/migrate/20220304195405_migrate_hide_network_preference.rb'
    - 'db/migrate/20220307094650_fix_featured_tags_constraints.rb'
    - 'db/migrate/20220309213005_fix_reblog_deleted_at.rb'
    - 'db/migrate/20220316233212_update_kurdish_locales.rb'
    - 'db/migrate/20220428112511_add_index_statuses_on_account_id.rb'
    - 'db/migrate/20220428112727_add_index_statuses_pins_on_status_id.rb'
    - 'db/migrate/20220428114454_add_index_reports_on_assigned_account_id.rb'
    - 'db/migrate/20220428114902_add_index_reports_on_action_taken_by_account_id.rb'
    - 'db/migrate/20220606044941_create_webhooks.rb'
    - 'db/migrate/20220611210335_create_user_roles.rb'
    - 'db/migrate/20220611212541_add_role_id_to_users.rb'
    - 'db/migrate/20220710102457_add_display_name_to_tags.rb'
    - 'db/migrate/20220714171049_create_tag_follows.rb'
    - 'db/migrate/20220824164433_add_human_identifier_to_admin_action_logs.rb'
    - 'db/migrate/20220824233535_create_status_trends.rb'
    - 'db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb'
    - 'db/migrate/20220829192633_add_languages_to_follows.rb'
    - 'db/migrate/20220829192658_add_languages_to_follow_requests.rb'
    - 'db/migrate/20221006061337_create_preview_card_trends.rb'
    - 'db/migrate/20221012181003_add_blurhash_to_site_uploads.rb'
    - 'db/migrate/20221021055441_add_index_featured_tags_on_account_id_and_tag_id.rb'
    - 'db/migrate/20221025171544_add_index_ip_blocks_on_ip.rb'
    - 'db/migrate/20221104133904_add_name_to_featured_tags.rb'
    - 'db/post_migrate/20190519130537_remove_boosts_widening_audience.rb'
    - 'db/post_migrate/20210308133107_remove_subscription_expires_at_from_accounts.rb'
    - 'db/post_migrate/20220118183123_remove_rememberable_from_users.rb'
    - 'db/seeds/01_web_app.rb'
    - 'db/seeds/02_instance_actor.rb'
    - 'db/seeds/03_roles.rb'
    - 'db/seeds/04_admin.rb'
    - 'lib/rails/engine_extensions.rb'
    - 'lib/tasks/branding.rake'
    - 'spec/fabricators_spec.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/GlobalStdStream:
  Exclude:
@ -1277,7 +696,6 @@ Style/MutableConstant:
  Exclude:
    - 'app/models/tag.rb'
    - 'app/services/delete_account_service.rb'
    - 'config/initializers/twitter_regex.rb'
    - 'lib/mastodon/migration_warning.rb'
 # This cop supports safe autocorrection (--autocorrect).
@ -1319,8 +737,6 @@ Style/RedundantConstantBase:
  Exclude:
    - 'config/environments/production.rb'
    - 'config/initializers/sidekiq.rb'
    - 'config/locales/sr-Latn.rb'
    - 'config/locales/sr.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: SafeForConstants.
@ -1332,6 +748,15 @@ Style/RedundantFetchBlock:
    - 'config/initializers/paperclip.rb'
    - 'config/puma.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowMultipleReturnValues.
 Style/RedundantReturn:
  Exclude:
    - 'app/controllers/api/v1/directories_controller.rb'
    - 'app/controllers/auth/confirmations_controller.rb'
    - 'app/lib/ostatus/tag_manager.rb'
    - 'app/models/form/import.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
 # AllowedMethods: present?, blank?, presence, try, try!
@ -1340,13 +765,6 @@ Style/SafeNavigation:
    - 'app/models/concerns/account_finder_concern.rb'
    - 'app/models/status.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowAsExpressionSeparator.
 Style/Semicolon:
  Exclude:
    - 'spec/services/activitypub/process_status_update_service_spec.rb'
    - 'spec/validators/blacklisted_email_validator_spec.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: only_raise, only_fail, semantic
@ -1360,21 +778,6 @@ Style/SingleArgumentDig:
  Exclude:
    - 'lib/webpacker/manifest_extensions.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
  Exclude:
    - 'app/lib/emoji_formatter.rb'
    - 'app/lib/text_formatter.rb'
    - 'app/models/account_alias.rb'
    - 'app/models/domain_block.rb'
    - 'app/models/email_domain_block.rb'
    - 'app/models/preview_card_provider.rb'
    - 'app/validators/status_length_validator.rb'
    - 'db/migrate/20190726175042_add_case_insensitive_index_to_tags.rb'
    - 'lib/active_record/batches.rb'
    - 'lib/mastodon/premailer_webpack_strategy.rb'
    - 'lib/tasks/repo.rake'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: require_parentheses, require_no_parentheses
@ -1411,7 +814,7 @@ Style/StringLiterals:
 # AllowedMethods: define_method, mail, respond_to
 Style/SymbolProc:
  Exclude:
-    - 'config/initializers/omniauth.rb'
+    - 'config/initializers/3_omniauth.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, AllowSafeAssignment.
@ -1444,9 +847,3 @@ Style/WordArray:
    - 'config/initializers/cors.rb'
    - 'spec/controllers/settings/imports_controller_spec.rb'
    - 'spec/models/form/import_spec.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
 Layout/LineLength:
  Max: 701
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,353 @@
 All notable changes to this project will be documented in this file.
 ## [4.2.0] - UNRELEASED
 The following changelog entries focus on changes visible to users, administrators, client developers or federated software developers, but there has also been a lot of code modernization, refactoring, and tooling work, in particular by [@danielmbrasil](https://github.com/danielmbrasil), [@mjankowski](https://github.com/mjankowski), [@nschonni](https://github.com/nschonni), [@renchap](https://github.com/renchap), and [@takayamaki](https://github.com/takayamaki).
 ### Added
 - **Add full-text search of opted-in public posts and rework search operators** ([Gargron](https://github.com/mastodon/mastodon/pull/26485), [jsgoldstein](https://github.com/mastodon/mastodon/pull/26344), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26657), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26650), [jsgoldstein](https://github.com/mastodon/mastodon/pull/26659), [Gargron](https://github.com/mastodon/mastodon/pull/26660), [Gargron](https://github.com/mastodon/mastodon/pull/26663), [Gargron](https://github.com/mastodon/mastodon/pull/26688), [Gargron](https://github.com/mastodon/mastodon/pull/26689), [Gargron](https://github.com/mastodon/mastodon/pull/26686), [Gargron](https://github.com/mastodon/mastodon/pull/26687), [Gargron](https://github.com/mastodon/mastodon/pull/26692), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26697), [Gargron](https://github.com/mastodon/mastodon/pull/26699), [Gargron](https://github.com/mastodon/mastodon/pull/26701), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26710), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26739), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26754), [Gargron](https://github.com/mastodon/mastodon/pull/26662), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26755), [Gargron](https://github.com/mastodon/mastodon/pull/26781), [Gargron](https://github.com/mastodon/mastodon/pull/26782), [Gargron](https://github.com/mastodon/mastodon/pull/26760), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26756), [Gargron](https://github.com/mastodon/mastodon/pull/26784), [Gargron](https://github.com/mastodon/mastodon/pull/26807), [Gargron](https://github.com/mastodon/mastodon/pull/26835), [Gargron](https://github.com/mastodon/mastodon/pull/26847), [Gargron](https://github.com/mastodon/mastodon/pull/26834), [arbolitoloco1](https://github.com/mastodon/mastodon/pull/26893), [tribela](https://github.com/mastodon/mastodon/pull/26896), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26927), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26959))
  This introduces a new `public_statuses` Elasticsearch index for public posts by users who have opted in to their posts being searchable (`toot#indexable` flag).
  This also revisits the other indexes to provide more useful indexing, and adds new search operators such as `from:me`, `before:2022-11-01`, `after:2022-11-01`, `during:2022-11-01`, `language:fr`, `has:poll`, or `in:library` (for searching only in posts you have written or interacted with).
  Results are now ordered chronologically.
 - **Add admin notifications for new Mastodon versions** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26582))
  This is done by querying `https://api.joinmastodon.org/update-check` every 30 minutes in a background job.
  That URL can be changed using the `UPDATE_CHECK_URL` environment variable, and the feature outright disabled by setting that variable to an empty string (`UPDATE_CHECK_URL=`).
 - **Add “Privacy and reach” tab in profile settings** ([Gargron](https://github.com/mastodon/mastodon/pull/26484), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26508))
  This reorganized scattered privacy and reach settings to a single place, as well as improve their wording.
 - **Add display of out-of-band hashtags in the web interface** ([Gargron](https://github.com/mastodon/mastodon/pull/26492), [arbolitoloco1](https://github.com/mastodon/mastodon/pull/26497), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26506), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26525), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26606), [Gargron](https://github.com/mastodon/mastodon/pull/26666), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26960))
 - **Add role badges to the web interface** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25649), [Gargron](https://github.com/mastodon/mastodon/pull/26281))
 - **Add ability to pick domains to forward reports to using the `forward_to_domains` parameter in `POST /api/v1/reports`** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25866), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26636))
  The `forward_to_domains` REST API parameter is a list of strings. If it is empty or omitted, the previous behavior is maintained.
  The `forward` parameter still needs to be set for `forward_to_domains` to be taken into account.
  The forwarded-to domains can only include that of the original author and people being replied to.
 - **Add forwarding of reported replies to servers being replied to** ([Gargron](https://github.com/mastodon/mastodon/pull/25341), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26189))
 - Add `ONE_CLICK_SSO_LOGIN` environment variable to directly link to the Single-Sign On provider if there is only one sign up method available ([CSDUMMI](https://github.com/mastodon/mastodon/pull/26083), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26368), [CSDUMMI](https://github.com/mastodon/mastodon/pull/26857), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26901))
 - **Add webhook templating** ([Gargron](https://github.com/mastodon/mastodon/pull/23289))
 - **Add webhooks for local `status.created`, `status.updated`, `account.updated` and `report.updated`** ([VyrCossont](https://github.com/mastodon/mastodon/pull/24133), [VyrCossont](https://github.com/mastodon/mastodon/pull/24243), [VyrCossont](https://github.com/mastodon/mastodon/pull/24211))
 - **Add exclusive lists** ([dariusk](https://github.com/mastodon/mastodon/pull/22048), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25324))
 - **Add a confirmation screen when suspending a domain** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25144), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25603))
 - **Add support for importing lists** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25203), [mgmn](https://github.com/mastodon/mastodon/pull/26120), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26372))
 - **Add optional hCaptcha support** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25019), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25057), [Gargron](https://github.com/mastodon/mastodon/pull/25395), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26388))
 - **Add lines to threads in web UI** ([Gargron](https://github.com/mastodon/mastodon/pull/24549), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24677), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24696), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24711), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24714), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24713), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24715), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24800), [teeerevor](https://github.com/mastodon/mastodon/pull/25706), [renchap](https://github.com/mastodon/mastodon/pull/25807))
 - **Add new onboarding flow to web UI** ([Gargron](https://github.com/mastodon/mastodon/pull/24619), [Gargron](https://github.com/mastodon/mastodon/pull/24646), [Gargron](https://github.com/mastodon/mastodon/pull/24705), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24872), [ThisIsMissEm](https://github.com/mastodon/mastodon/pull/24883), [Gargron](https://github.com/mastodon/mastodon/pull/24954), [stevenjlm](https://github.com/mastodon/mastodon/pull/24959), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25010), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25275), [Gargron](https://github.com/mastodon/mastodon/pull/25559), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25561))
 - **Add `S3_DISABLE_CHECKSUM_MODE` environment variable for compatibility with some S3-compatible providers** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26435))
 - **Add auto-refresh of accounts we get new messages/edits of** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26510))
 - **Add Elasticsearch cluster health check and indexes mismatch check to dashboard** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26448), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26605), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26658))
 - Add admin API for managing tags ([rrgeorge](https://github.com/mastodon/mastodon/pull/26872))
 - Add a link to hashtag timelines from the Trending hashtags moderation interface ([gunchleoc](https://github.com/mastodon/mastodon/pull/26724))
 - Add timezone to datetimes in e-mails ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26822))
 - Add `authorized_fetch` server setting in addition to env var ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25798), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26958))
 - Add avatar image to webfinger responses ([tvler](https://github.com/mastodon/mastodon/pull/26558))
 - Add debug logging on signature verification failure ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26637), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26812))
 - Add explicit error messages when DeepL quota is exceeded ([lutoma](https://github.com/mastodon/mastodon/pull/26704))
 - Add Elasticsearch/OpenSearch version to “Software” in admin dashboard ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26652))
 - Add `data-nosnippet` attribute to remote posts and local posts with `noindex` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26648))
 - Add support for federating `memorial` attribute ([rrgeorge](https://github.com/mastodon/mastodon/pull/26583))
 - Add Cherokee and Kalmyk to languages dropdown ([gunchleoc](https://github.com/mastodon/mastodon/pull/26012), [gunchleoc](https://github.com/mastodon/mastodon/pull/26013))
 - Add `DELETE /api/v1/profile/avatar` and `DELETE /api/v1/profile/header` to the REST API ([danielmbrasil](https://github.com/mastodon/mastodon/pull/25124), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26573))
 - Add `ES_PRESET` option to customize numbers of shards and replicas ([Gargron](https://github.com/mastodon/mastodon/pull/26483), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26489))
  This can have a value of `single_node_cluster` (default), `small_cluster` (uses one replica) or `large_cluster` (uses one replica and a higher number of shards).
 - Add `CACHE_BUSTER_HTTP_METHOD` environment variable ([renchap](https://github.com/mastodon/mastodon/pull/26528), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26542))
 - Add support for `DB_PASS` when using `DATABASE_URL` ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26295))
 - Add `GET /api/v1/instance/languages` to REST API ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24443))
 - Add primary key to `preview_cards_statuses` join table ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25243), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26384), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26447), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26737))
 - Add client-side timeout on resend confirmation button ([Gargron](https://github.com/mastodon/mastodon/pull/26300))
 - Add published date and author to news on the explore screen in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26155))
 - Add `lang` attribute to various UI components ([c960657](https://github.com/mastodon/mastodon/pull/23869), [c960657](https://github.com/mastodon/mastodon/pull/23891), [c960657](https://github.com/mastodon/mastodon/pull/26111), [c960657](https://github.com/mastodon/mastodon/pull/26149))
 - Add stricter protocol fields validation for accounts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25937))
 - Add support for Azure blob storage ([mistydemeo](https://github.com/mastodon/mastodon/pull/23607), [mistydemeo](https://github.com/mastodon/mastodon/pull/26080))
 - Add toast with option to open post after publishing in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25564), [Signez](https://github.com/mastodon/mastodon/pull/25919), [Gargron](https://github.com/mastodon/mastodon/pull/26664))
 - Add canonical link tags in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25715))
 - Add button to see results for polls in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25726))
 - Add at-symbol prepended to mention span title ([forsamori](https://github.com/mastodon/mastodon/pull/25684))
 - Add users index on `unconfirmed_email` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25672), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25702))
 - Add superapp index on `oauth_applications` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25670))
 - Add index to backups on `user_id` column ([mjankowski](https://github.com/mastodon/mastodon/pull/25647))
 - Add onboarding prompt when home feed too slow in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25267), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25556), [Gargron](https://github.com/mastodon/mastodon/pull/25579), [renchap](https://github.com/mastodon/mastodon/pull/25580), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25581), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25617), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25917), [Gargron](https://github.com/mastodon/mastodon/pull/26829), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26935))
 - Add `POST /api/v1/conversations/:id/unread` API endpoint to mark a conversation as unread ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25509))
 - Add `translate="no"` to outgoing mentions and links ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25524))
 - Add unsubscribe link and headers to e-mails ([Gargron](https://github.com/mastodon/mastodon/pull/25378), [c960657](https://github.com/mastodon/mastodon/pull/26085))
 - Add logging of websocket send errors ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25280))
 - Add time zone preference ([Gargron](https://github.com/mastodon/mastodon/pull/25342), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26025))
 - Add `legal` as report category ([Gargron](https://github.com/mastodon/mastodon/pull/23941), [renchap](https://github.com/mastodon/mastodon/pull/25400), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26509))
 - Add `data-nosnippet` so Google doesn't use trending posts in snippets for `/` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25279))
 - Add card with who invited you to join when displaying rules on sign-up ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23475))
 - Add missing primary keys to `accounts_tags` and `statuses_tags` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25210))
 - Add support for custom sign-up URLs ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25014), [renchap](https://github.com/mastodon/mastodon/pull/25108), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25190), [mgmn](https://github.com/mastodon/mastodon/pull/25531))
  This is set using `SSO_ACCOUNT_SIGN_UP` and reflected in the REST API by adding `registrations.sign_up_url` to the `/api/v2/instance` endpoint.
 - Add polling and automatic redirection to `/start` on email confirmation ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25013))
 - Add ability to block sign-ups from IP using the CLI ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24870))
 - Add ALT badges to media that has alternative text in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24782), [c960657](https://github.com/mastodon/mastodon/pull/26166)
 - Add ability to include accounts with pending follow requests in lists ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/19727), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24810))
 - Add trend management to admin API ([rrgeorge](https://github.com/mastodon/mastodon/pull/24257))
  - `POST /api/v1/admin/trends/statuses/:id/approve`
  - `POST /api/v1/admin/trends/statuses/:id/reject`
  - `POST /api/v1/admin/trends/links/:id/approve`
  - `POST /api/v1/admin/trends/links/:id/reject`
  - `POST /api/v1/admin/trends/tags/:id/approve`
  - `POST /api/v1/admin/trends/tags/:id/reject`
  - `GET /api/v1/admin/trends/links/publishers`
  - `POST /api/v1/admin/trends/links/publishers/:id/approve`
  - `POST /api/v1/admin/trends/links/publishers/:id/reject`
 - Add user handle to notification mail recipient address ([HeitorMC](https://github.com/mastodon/mastodon/pull/24240))
 - Add progress indicator to sign-up flow ([Gargron](https://github.com/mastodon/mastodon/pull/24545))
 - Add client-side validation for taken username in sign-up form ([Gargron](https://github.com/mastodon/mastodon/pull/24546))
 - Add `--approve` option to `tootctl accounts create` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24533))
 - Add “In Memoriam” banner back to profiles ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23591), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/23614))
  This adds the `memorial` attribute to the `Account` REST API entity.
 - Add colour to follow button when hashtag is being followed ([c960657](https://github.com/mastodon/mastodon/pull/24361))
 - Add further explanations to the profile link verification instructions ([drzax](https://github.com/mastodon/mastodon/pull/19723))
 - Add a link to Identity provider's account settings from the account settings ([CSDUMMI](https://github.com/mastodon/mastodon/pull/24100), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24628))
 - Add support for streaming server to connect to postgres with self-signed certs through the `sslmode` URL parameter ([ramuuns](https://github.com/mastodon/mastodon/pull/21431))
 - Add support for specifying S3 storage classes through the `S3_STORAGE_CLASS` environment variable ([hyl](https://github.com/mastodon/mastodon/pull/22480))
 - Add support for incoming rich text ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23913))
 - Add support for Ruby 3.2 ([tenderlove](https://github.com/mastodon/mastodon/pull/22928), [casperisfine](https://github.com/mastodon/mastodon/pull/24142), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24202), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26934))
 - Add API parameter to safeguard unexpected mentions in new posts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18350))
 ### Changed
 - **Change hashtags to be displayed separately when they are the last line of a post** ([renchap](https://github.com/mastodon/mastodon/pull/26499), [renchap](https://github.com/mastodon/mastodon/pull/26614), [renchap](https://github.com/mastodon/mastodon/pull/26615))
 - **Change reblogs to be excluded from "Posts and replies" tab in web UI** ([Gargron](https://github.com/mastodon/mastodon/pull/26302))
 - **Change interaction modal in web interface** ([Gargron, ClearlyClaire](https://github.com/mastodon/mastodon/pull/26075), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26269), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26268), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26267), [mgmn](https://github.com/mastodon/mastodon/pull/26459), [tribela](https://github.com/mastodon/mastodon/pull/26461), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26593), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26795))
 - **Change design of link previews in web UI** ([Gargron](https://github.com/mastodon/mastodon/pull/26136), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26151), [Gargron](https://github.com/mastodon/mastodon/pull/26153), [Gargron](https://github.com/mastodon/mastodon/pull/26250), [Gargron](https://github.com/mastodon/mastodon/pull/26287), [Gargron](https://github.com/mastodon/mastodon/pull/26286), [c960657](https://github.com/mastodon/mastodon/pull/26184))
 - **Change "direct message" nomenclature to "private mention" in web UI** ([Gargron](https://github.com/mastodon/mastodon/pull/24248))
 - **Change translation feature to cover Content Warnings, poll options and media descriptions** ([c960657](https://github.com/mastodon/mastodon/pull/24175), [S-H-GAMELINKS](https://github.com/mastodon/mastodon/pull/25251), [c960657](https://github.com/mastodon/mastodon/pull/26168), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26452))
 - **Change account search to match by text when opted-in** ([jsgoldstein](https://github.com/mastodon/mastodon/pull/25599), [Gargron](https://github.com/mastodon/mastodon/pull/26378))
 - **Change import feature to be clearer, less error-prone and more reliable** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21054), [mgmn](https://github.com/mastodon/mastodon/pull/24874))
 - **Change local and federated timelines to be tabs of a single “Live feeds” column** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25641), [Gargron](https://github.com/mastodon/mastodon/pull/25683), [mgmn](https://github.com/mastodon/mastodon/pull/25694), [Plastikmensch](https://github.com/mastodon/mastodon/pull/26247), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26633))
 - **Change user archive export to be faster and more reliable, and export `.zip` archives instead of `.tar.gz` ones** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23360), [TheEssem](https://github.com/mastodon/mastodon/pull/25034))
 - **Change `mastodon-streaming` systemd unit files to be templated** ([e-nomem](https://github.com/mastodon/mastodon/pull/24751))
 - **Change `statsd` integration to disable sidekiq metrics by default** ([mjankowski](https://github.com/mastodon/mastodon/pull/25265), [mjankowski](https://github.com/mastodon/mastodon/pull/25336), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26310))
  This deprecates `statsd` support and disables the sidekiq integration unless `STATSD_SIDEKIQ` is set to `true`.
  This is because the `nsa` gem is unmaintained, and its sidekiq integration is known to add very significant overhead.
  Later versions of Mastodon will have other ways to get the same metrics.
 - **Change replica support to native Rails adapter** ([krainboltgreene](https://github.com/mastodon/mastodon/pull/25693), [Gargron](https://github.com/mastodon/mastodon/pull/25849), [Gargron](https://github.com/mastodon/mastodon/pull/25874), [Gargron](https://github.com/mastodon/mastodon/pull/25851), [Gargron](https://github.com/mastodon/mastodon/pull/25977), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26074), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26326), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26386), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26856))
  This is a breaking change, dropping `makara` support, and requiring you to update your database configuration if you are using replicas.
  To tell Mastodon to use a read replica, you can either set the `REPLICA_DB_NAME` environment variable (along with `REPLICA_DB_USER`, `REPLICA_DB_PASS`, `REPLICA_DB_HOST`, and `REPLICA_DB_PORT`, if they differ from the primary database), or the `REPLICA_DATABASE_URL` environment variable if your configuration is based on `DATABASE_URL`.
 - Change DCT method used for JPEG encoding to float ([electroCutie](https://github.com/mastodon/mastodon/pull/26675))
 - Change from `node-redis` to `ioredis` for streaming ([gmemstr](https://github.com/mastodon/mastodon/pull/26581))
 - Change private statuses index to index without crutches ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26713))
 - Change video compression parameters ([Gargron](https://github.com/mastodon/mastodon/pull/26631), [Gargron](https://github.com/mastodon/mastodon/pull/26745), [Gargron](https://github.com/mastodon/mastodon/pull/26766), [Gargron](https://github.com/mastodon/mastodon/pull/26970))
 - Change admin e-mail notification settings to be their own settings group ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26596))
 - Change opacity of the delete icon in the search field to be more visible ([AntoninDelFabbro](https://github.com/mastodon/mastodon/pull/26449))
 - Change Account Search to prioritize username over display name ([jsgoldstein](https://github.com/mastodon/mastodon/pull/26623))
 - Change follow recommendation materialized view to be faster in most cases ([renchap, ClearlyClaire](https://github.com/mastodon/mastodon/pull/26545))
 - Change `robots.txt` to block GPTBot ([Foritus](https://github.com/mastodon/mastodon/pull/26396))
 - Change header of hashtag timelines in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26362), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26416))
 - Change streaming `/metrics` to include additional metrics ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26299), [ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26945))
 - Change indexing frequency from 5 minutes to 1 minute, add locks to schedulers ([Gargron](https://github.com/mastodon/mastodon/pull/26304))
 - Change column link to add a better keyboard focus indicator ([teeerevor](https://github.com/mastodon/mastodon/pull/26278))
 - Change poll form element colors to fit with the rest of the ui ([teeerevor](https://github.com/mastodon/mastodon/pull/26139), [teeerevor](https://github.com/mastodon/mastodon/pull/26162), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26164))
 - Change 'favourite' to 'favorite' for American English ([marekr](https://github.com/mastodon/mastodon/pull/24667), [gunchleoc](https://github.com/mastodon/mastodon/pull/26009), [nabijaczleweli](https://github.com/mastodon/mastodon/pull/26109))
 - Change ActivityStreams representation of suspended accounts to not use a blank `name` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25276))
 - Change focus UI for keyboard only input ([teeerevor](https://github.com/mastodon/mastodon/pull/25935), [Gargron](https://github.com/mastodon/mastodon/pull/26125), [Gargron](https://github.com/mastodon/mastodon/pull/26767))
 - Change thread view to scroll to the selected post rather than the post being replied to ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24685))
 - Change links in multi-column mode so tabs are open in single-column mode ([Signez](https://github.com/mastodon/mastodon/pull/25893), [Signez](https://github.com/mastodon/mastodon/pull/26070), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25973), [Signez](https://github.com/mastodon/mastodon/pull/26019), [Signez](https://github.com/mastodon/mastodon/pull/26759))
 - Change searching with `#` to include account index ([jsgoldstein](https://github.com/mastodon/mastodon/pull/25638))
 - Change label and design of sensitive and unavailable media in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25712), [Gargron](https://github.com/mastodon/mastodon/pull/26135), [Gargron](https://github.com/mastodon/mastodon/pull/26330))
 - Change button colors to increase hover/focus contrast and consistency ([teeerevor](https://github.com/mastodon/mastodon/pull/25677), [Gargron](https://github.com/mastodon/mastodon/pull/25679))
 - Change dropdown icon above compose form from ellipsis to bars in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25661))
 - Change header backgrounds to use fewer different colors in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25577))
 - Change files to be deleted in batches instead of one-by-one ([Gargron](https://github.com/mastodon/mastodon/pull/23302), [S-H-GAMELINKS](https://github.com/mastodon/mastodon/pull/25586), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25587))
 - Change emoji picker icon ([iparr](https://github.com/mastodon/mastodon/pull/25479))
 - Change edit profile page ([Gargron](https://github.com/mastodon/mastodon/pull/25413), [c960657](https://github.com/mastodon/mastodon/pull/26538))
 - Change "bot" label to "automated" ([Gargron](https://github.com/mastodon/mastodon/pull/25356))
 - Change design of dropdowns in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25107))
 - Change wording of “Content cache retention period” setting to highlight destructive implications ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23261))
 - Change autolinking to allow carets in URL search params ([renchap](https://github.com/mastodon/mastodon/pull/25216))
 - Change share action from being in action bar to being in dropdown in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25105))
 - Change sessions to be ordered from most-recent to least-recently updated ([frankieroberto](https://github.com/mastodon/mastodon/pull/25005))
 - Change vacuum scheduler to also delete expired tokens and unused application records ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24868), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24871))
 - Change "Sign in" to "Login" ([Gargron](https://github.com/mastodon/mastodon/pull/24942))
 - Change domain suspensions to also be checked before trying to fetch unknown remote resources ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24535))
 - Change media components to use aspect-ratio rather than compute height themselves ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24686), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24943), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26801))
 - Change logo version in header based on screen size in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24707))
 - Change label from "For you" to "People" on explore screen in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24706))
 - Change logged-out WebUI HTML pages to be cached for a few seconds ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24708))
 - Change unauthenticated responses to be cached in REST API ([Gargron](https://github.com/mastodon/mastodon/pull/24348), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24662), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24665))
 - Change HTTP caching logic ([Gargron](https://github.com/mastodon/mastodon/pull/24347), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24604))
 - Change hashtags and mentions in bios to open in-app in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24643))
 - Change styling of the recommended accounts to allow bio to be more visible ([chike00](https://github.com/mastodon/mastodon/pull/24480))
 - Change account search in moderation interface to allow searching by username including the leading `@` ([HeitorMC](https://github.com/mastodon/mastodon/pull/24242))
 - Change all components to use the same error page in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24512))
 - Change search pop-out in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24305))
 - Change user settings to be stored in a more optimal way ([Gargron](https://github.com/mastodon/mastodon/pull/23630), [c960657](https://github.com/mastodon/mastodon/pull/24321), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24453), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24460), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24558), [Gargron](https://github.com/mastodon/mastodon/pull/24761), [Gargron](https://github.com/mastodon/mastodon/pull/24783), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25508), [jsgoldstein](https://github.com/mastodon/mastodon/pull/25340), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26884))
 - Change media upload limits and remove client-side resizing ([Gargron](https://github.com/mastodon/mastodon/pull/23726))
 - Change design of account rows in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24247), [Gargron](https://github.com/mastodon/mastodon/pull/24343), [Gargron](https://github.com/mastodon/mastodon/pull/24956), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25131))
 - Change log-out to use Single Logout when using external log-in through OIDC ([CSDUMMI](https://github.com/mastodon/mastodon/pull/24020))
 - Change sidekiq-bulk's batch size from 10,000 to 1,000 jobs in one Redis call ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24034))
 - Change translation to only be offered for supported languages ([c960657](https://github.com/mastodon/mastodon/pull/23879), [c960657](https://github.com/mastodon/mastodon/pull/24037))
  This adds the `/api/v1/instance/translation_languages` REST API endpoint that returns an object with the supported translation language pairs in the form:
  ```json
  {
    "fr": ["en", "de"]
  }
  ```
  (where `fr` is a supported source language and `en` and `de` or supported output language when translating a `fr` string)
 - Change compose form checkbox to native input with `appearance: none` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/22949))
 - Change posts' clickable area to be larger ([c960657](https://github.com/mastodon/mastodon/pull/23621))
 - Change `followed_by` link to `location=all` if account is local on /admin/accounts/:id page ([tribela](https://github.com/mastodon/mastodon/pull/23467))
 ### Removed
 - **Remove support for Node.js 14** ([renchap](https://github.com/mastodon/mastodon/pull/25198))
 - **Remove support for Ruby 2.7** ([nschonni](https://github.com/mastodon/mastodon/pull/24237))
 - **Remove clustering from streaming API** ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/24655))
 - **Remove anonymous access to the streaming API** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23989))
 - Remove obfuscation of reply count in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26768))
 - Remove `kmr` from language selection, as it was a duplicate for `ku` ([gunchleoc](https://github.com/mastodon/mastodon/pull/26014), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26787))
 - Remove 16:9 cropping from web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26132))
 - Remove back button from bookmarks, favourites and lists screens in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26126))
 - Remove display name input from sign-up form ([Gargron](https://github.com/mastodon/mastodon/pull/24704))
 - Remove `tai` locale ([c960657](https://github.com/mastodon/mastodon/pull/23880))
 - Remove empty Kushubian (csb) local files ([nschonni](https://github.com/mastodon/mastodon/pull/24151))
 - Remove `Permissions-Policy` header from all responses ([Gargron](https://github.com/mastodon/mastodon/pull/24124))
 ### Fixed
 - **Fix filters not being applying in the explore page** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25887))
 - **Fix being unable to load past a full page of filtered posts in Home timeline** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24930))
 - **Fix log-in flow when involving both OAuth and external authentication** ([CSDUMMI](https://github.com/mastodon/mastodon/pull/24073))
 - **Fix broken links in account gallery** ([c960657](https://github.com/mastodon/mastodon/pull/24218))
 - **Fix migration handler not updating lists** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24808))
 - Fix crash when viewing a moderation appeal and the moderator account has been deleted ([xrobau](https://github.com/mastodon/mastodon/pull/25900))
 - Fix error in Web UI when server rules cannot be fetched ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26957))
 - Fix paragraph margins resulting in irregular read-more cut-off in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26828))
 - Fix notification permissions being requested immediately after login ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26472))
 - Fix performances of profile directory ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26840), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26842))
 - Fix mute button and volume slider feeling disconnected in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26827), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26860))
 - Fix “Scoped order is ignored, it's forced to be batch order.” warnings ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26793))
 - Fix blocked domain appearing in account feeds ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26823))
 - Fix invalid `Content-Type` header for WebP images ([c960657](https://github.com/mastodon/mastodon/pull/26773))
 - Fix minor inefficiencies in `tootctl search deploy` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26721))
 - Fix filter form in profiles directory overflowing instead of wrapping ([arbolitoloco1](https://github.com/mastodon/mastodon/pull/26682))
 - Fix sign up steps progress layout in right-to-left locales ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26728))
 - Fix bug with “favorited by” and “reblogged by“ view on posts only showing up to 40 items ([timothyjrogers](https://github.com/mastodon/mastodon/pull/26577), [timothyjrogers](https://github.com/mastodon/mastodon/pull/26574))
 - Fix bad search type heuristic ([Gargron](https://github.com/mastodon/mastodon/pull/26673))
 - Fix not being able to negate prefix clauses in search ([Gargron](https://github.com/mastodon/mastodon/pull/26672))
 - Fix timeout on invalid set of exclusionary parameters in `/api/v1/timelines/public` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/26239))
 - Fix adding column with default value taking longer on Postgres >= 11 ([Gargron](https://github.com/mastodon/mastodon/pull/26375))
 - Fix light theme select option for hashtags ([teeerevor](https://github.com/mastodon/mastodon/pull/26311))
 - Fix AVIF attachments ([c960657](https://github.com/mastodon/mastodon/pull/26264))
 - Fix incorrect URL normalization when fetching remote resources ([c960657](https://github.com/mastodon/mastodon/pull/26219), [c960657](https://github.com/mastodon/mastodon/pull/26285))
 - Fix being unable to filter posts for individual Chinese languages ([gunchleoc](https://github.com/mastodon/mastodon/pull/26066))
 - Fix preview card sometimes linking to 4xx error pages ([c960657](https://github.com/mastodon/mastodon/pull/26200))
 - Fix emoji picker button scrolling with textarea content in single-column view ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25304))
 - Fix missing border on error screen in light theme in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/26152))
 - Fix UI overlap with the loupe icon in the Explore Tab ([gol-cha](https://github.com/mastodon/mastodon/pull/26113))
 - Fix unexpected redirection to `/explore` after sign-in ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26143))
 - Fix `/api/v1/statuses/:id/unfavourite` and `/api/v1/statuses/:id/unreblog` returning non-updated counts ([c960657](https://github.com/mastodon/mastodon/pull/24365))
 - Fix clicking the “Back” button sometimes leading out of Mastodon ([c960657](https://github.com/mastodon/mastodon/pull/23953), [CSFlorin](https://github.com/mastodon/mastodon/pull/24835), [S-H-GAMELINKS](https://github.com/mastodon/mastodon/pull/24867), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25281))
 - Fix processing of `null` ActivityPub activities ([tribela](https://github.com/mastodon/mastodon/pull/26021))
 - Fix hashtag posts not being removed from home feed on hashtag unfollow ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26028))
 - Fix for "follows you" indicator in light web UI not readable ([vmstan](https://github.com/mastodon/mastodon/pull/25993))
 - Fix incorrect line break between icon and number of reposts & favourites ([edent](https://github.com/mastodon/mastodon/pull/26004))
 - Fix sounds not being loaded from assets host ([Signez](https://github.com/mastodon/mastodon/pull/25931))
 - Fix buttons showing inconsistent styles ([teeerevor](https://github.com/mastodon/mastodon/pull/25903), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25965), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26341), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/26482))
 - Fix trend calculation working on too many items at a time ([Gargron](https://github.com/mastodon/mastodon/pull/25835))
 - Fix dropdowns being disabled for logged out users in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25714), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25964))
 - Fix explore page being inaccessible when opted-out of trends in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25716))
 - Fix re-activated accounts possibly getting deleted by `AccountDeletionWorker` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25711))
 - Fix `/api/v2/search` not working with following query param ([danielmbrasil](https://github.com/mastodon/mastodon/pull/25681))
 - Fix inefficient query when requesting a new confirmation email from a logged-in account ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25669))
 - Fix unnecessary concurrent calls to `/api/*/instance` in web UI ([mgmn](https://github.com/mastodon/mastodon/pull/25663))
 - Fix resolving local URL for remote content ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25637))
 - Fix search not being easily findable on smaller screens in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25576), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/25631))
 - Fix j/k keyboard shortcuts on some status lists ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25554))
 - Fix missing validation on `default_privacy` setting ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25513))
 - Fix incorrect pagination headers in `/api/v2/admin/accounts` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/25477))
 - Fix non-interactive upload container being given a `button` role and tabIndex ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25462))
 - Fix always redirecting to onboarding in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/25396))
 - Fix inconsistent use of middle dot (·) instead of bullet (•) to separate items ([j-f1](https://github.com/mastodon/mastodon/pull/25248))
 - Fix spacing of middle dots in the detailed status meta section ([j-f1](https://github.com/mastodon/mastodon/pull/25247))
 - Fix prev/next buttons color in media viewer ([renchap](https://github.com/mastodon/mastodon/pull/25231))
 - Fix email addresses not being properly updated in `tootctl maintenance fix-duplicates` ([mjankowski](https://github.com/mastodon/mastodon/pull/25118))
 - Fix unicode surrogate pairs sometimes being broken in page title ([eai04191](https://github.com/mastodon/mastodon/pull/25148))
 - Fix various inefficient queries against account domains ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25126))
 - Fix video player offering to expand in a lightbox when it's in an `iframe` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25067))
 - Fix post embed previews ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25071))
 - Fix inadequate error handling in several API controllers when given invalid parameters ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24947), [danielmbrasil](https://github.com/mastodon/mastodon/pull/24958), [danielmbrasil](https://github.com/mastodon/mastodon/pull/25063), [danielmbrasil](https://github.com/mastodon/mastodon/pull/25072), [danielmbrasil](https://github.com/mastodon/mastodon/pull/25386), [danielmbrasil](https://github.com/mastodon/mastodon/pull/25595))
 - Fix uncaught `ActiveRecord::StatementInvalid` in Mastodon::IpBlocksCLI ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24861))
 - Fix various edge cases with local moves ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24812))
 - Fix `tootctl accounts cull` crashing when encountering a domain resolving to a private address ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23378))
 - Fix `tootctl accounts approve --number N` not aproving the N earliest registrations ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24605))
 - Fix being unable to clear media description when editing posts ([c960657](https://github.com/mastodon/mastodon/pull/24720))
 - Fix unavailable translations not falling back to English ([mgmn](https://github.com/mastodon/mastodon/pull/24727))
 - Fix anonymous visitors getting a session cookie on first visit ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24584), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24650), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24664))
 - Fix cutting off first letter of hashtag links sometimes in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/24623))
 - Fix crash in `tootctl accounts create --reattach --force` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/24557), [danielmbrasil](https://github.com/mastodon/mastodon/pull/24680))
 - Fix characters being emojified even when using Variation Selector 15 (text) ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20949), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/24615))
 - Fix uncaught ActiveRecord::StatementInvalid exception in `Mastodon::AccountsCLI#approve` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24590))
 - Fix email confirmation skip option in `tootctl accounts modify USERNAME --email EMAIL --confirm` ([danielmbrasil](https://github.com/mastodon/mastodon/pull/24578))
 - Fix tooltip for dates without time ([c960657](https://github.com/mastodon/mastodon/pull/24244))
 - Fix missing loading spinner and loading more on scroll in Private Mentions column ([c960657](https://github.com/mastodon/mastodon/pull/24446))
 - Fix account header image missing from `/settings/profile` on narrow screens ([c960657](https://github.com/mastodon/mastodon/pull/24433))
 - Fix height of announcements not being updated when using reduced animations ([c960657](https://github.com/mastodon/mastodon/pull/24354))
 - Fix inconsistent radius in advanced interface drawer ([thislight](https://github.com/mastodon/mastodon/pull/24407))
 - Fix loading more trending posts on scroll in the advanced interface ([OmmyZhang](https://github.com/mastodon/mastodon/pull/24314))
 - Fix poll ending notification for edited polls ([c960657](https://github.com/mastodon/mastodon/pull/24311))
 - Fix max width of media in `/about` and `/privacy-policy` ([mgmn](https://github.com/mastodon/mastodon/pull/24180))
 - Fix streaming API not being usable without `DATABASE_URL` ([Gargron](https://github.com/mastodon/mastodon/pull/23960))
 - Fix external authentication not running onboarding code for new users ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/23458))
 ## [4.1.8] - 2023-09-19
 ### Fixed
 - Fix post edits not being forwarded as expected ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26936))
 - Fix moderator rights inconsistencies ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26729))
 - Fix crash when encountering invalid URL ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26814))
 - Fix cached posts including stale stats ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26409))
 - Fix uploading of video files for which `ffprobe` reports `0/0` average framerate ([NicolaiSoeborg](https://github.com/mastodon/mastodon/pull/26500))
 - Fix unexpected audio stream transcoding when uploaded video is eligible to passthrough ([yufushiro](https://github.com/mastodon/mastodon/pull/26608))
 ### Security
 - Fix missing HTML sanitization in translation API (CVE-2023-42452)
 - Fix incorrect domain name normalization (CVE-2023-42451)
 ## [4.1.7] - 2023-09-05
 ### Changed
 - Change remote report processing to accept reports with long comments, but truncate them ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25028))
 ### Fixed
 - **Fix blocking subdomains of an already-blocked domain** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26392))
 - Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled ([danielmbrasil](https://github.com/mastodon/mastodon/pull/26237))
 - Fix inefficiencies in `PlainTextFormatter` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26727))
 ## [4.1.6] - 2023-07-31
 ### Fixed
 - Fix memory leak in streaming server ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26228))
 - Fix wrong filters sometimes applying in streaming ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26159), [ThisIsMissEm](https://github.com/mastodon/mastodon/pull/26213), [renchap](https://github.com/mastodon/mastodon/pull/26233))
 - Fix incorrect connect timeout in outgoing requests ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26116))
 ## [4.1.5] - 2023-07-21
 ### Added
 - Add check preventing Sidekiq workers from running with Makara configured ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25850))
 ### Changed
 - Change request timeout handling to use a longer deadline ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26055))
 ### Fixed
 - Fix moderation interface for remote instances with a .zip TLD ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25885))
 - Fix remote accounts being possibly persisted to database with incomplete protocol values ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25886))
 - Fix trending publishers table not rendering correctly on narrow screens ([vmstan](https://github.com/mastodon/mastodon/pull/25945))
 ### Security
 - Fix CSP headers being unintentionally wide ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26105))
 ## [4.1.4] - 2023-07-07
 ### Fixed
@ -143,7 +490,7 @@ All notable changes to this project will be documented in this file.
 - Add instance activity API endpoint toggle back to the admin interface ([dariusk](https://github.com/mastodon/mastodon/pull/22833))
 - Add setting for status page URL ([Gargron](https://github.com/mastodon/mastodon/pull/23390), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/23499))
  - REST API changes:
-    - Add `configuration.urls.status` attribute to the object returned by `GET /api/v1/instance`
+    - Add `configuration.urls.status` attribute to the object returned by `GET /api/v2/instance`
 - Add `account.approved` webhook ([Saiv46](https://github.com/mastodon/mastodon/pull/22938))
 - Add 12 hours option to polls ([Pleclown](https://github.com/mastodon/mastodon/pull/21131))
 - Add dropdown menu item to open admin interface for remote domains ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/21895))
--- a/21
+++ b/21
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1.4
-# This needs to be bullseye-slim because the Ruby image is built on bullseye-slim
+# This needs to be bookworm-slim because the Ruby image is built on bookworm-slim
-ARG NODE_VERSION="16.20-bullseye-slim"
+ARG NODE_VERSION="20.6-bookworm-slim"
 FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.2-slim as ruby
 FROM node:${NODE_VERSION} as build
@ -17,10 +17,11 @@ COPY Gemfile* package.json yarn.lock /opt/mastodon/
 # hadolint ignore=DL3008
 RUN apt-get update && \
    apt-get -yq dist-upgrade && \
    apt-get install -y --no-install-recommends build-essential \
        git \
        libicu-dev \
-        libidn11-dev \
+        libidn-dev \
        libpq-dev \
        libjemalloc-dev \
        zlib1g-dev \
@ -42,8 +43,8 @@ RUN apt-get update && \
 FROM node:${NODE_VERSION}
 # Use those args to specify your own version flags & suffixes
-ARG MASTODON_VERSION_FLAGS=""
+ARG MASTODON_VERSION_PRERELEASE=""
-ARG MASTODON_VERSION_SUFFIX=""
+ARG MASTODON_VERSION_METADATA=""
 ARG UID="991"
 ARG GID="991"
@ -64,13 +65,13 @@ RUN apt-get update && \
    apt-get -y --no-install-recommends install whois \
        wget \
        procps \
-        libssl1.1 \
+        libssl3 \
        libpq5 \
        imagemagick \
        ffmpeg \
        libjemalloc2 \
-        libicu67 \
+        libicu72 \
-        libidn11 \
+        libidn12 \
        libyaml-0-2 \
        file \
        ca-certificates \
@ -89,8 +90,8 @@ ENV RAILS_ENV="production" \
    NODE_ENV="production" \
    RAILS_SERVE_STATIC_FILES="true" \
    BIND="0.0.0.0" \
-    MASTODON_VERSION_FLAGS="${MASTODON_VERSION_FLAGS}" \
+    MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
-    MASTODON_VERSION_SUFFIX="${MASTODON_VERSION_SUFFIX}"
+    MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}"
 # Set the run user
 USER mastodon
--- a/FEDERATION.md
+++ b/FEDERATION.md
@ -27,4 +27,5 @@ More information on HTTP Signatures, as well as examples, can be found here: htt
 - Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
 - Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
- Followers collection synchronization: https://git.activitypub.dev/ActivityPubDev/Fediverse-Enhancement-Proposals/src/branch/main/feps/fep-8fcf.md
+- Followers collection synchronization: https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md
 - Search indexing consent for actors: https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md
--- a/38
+++ b/38
@ -4,14 +4,13 @@ source 'https://rubygems.org'
 ruby '>= 3.0.0'
 gem 'puma', '~> 6.3'
-gem 'rails', '~> 6.1.7'
+gem 'rails', '~> 7.0'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
 gem 'rack', '~> 2.2.7'
 gem 'haml-rails', '~>2.0'
 gem 'pg', '~> 1.5'
 gem 'makara', '~> 0.5'
 gem 'pghero'
 gem 'dotenv-rails', '~> 2.8'
@ -19,6 +18,7 @@ gem 'aws-sdk-s3', '~> 1.123', require: false
 gem 'fog-core', '<= 2.4.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'kt-paperclip', '~> 7.2'
 gem 'md-paperclip-azure', '~> 2.2', require: false
 gem 'blurhash', '~> 0.1'
 gem 'active_model_serializers', '~> 0.10'
@ -35,11 +35,14 @@ group :pam_authentication, optional: true do
 end
 gem 'net-ldap', '~> 0.18'
-gem 'omniauth-cas', '~> 2.0'
+
-gem 'omniauth-saml', '~> 1.10'
+# TODO: Point back at released omniauth-cas gem when PR merged
 # https://github.com/dlindahl/omniauth-cas/pull/68
 gem 'omniauth-cas', github: 'stanhu/omniauth-cas', ref: '4211e6d05941b4a981f9a36b49ec166cecd0e271'
 gem 'omniauth-saml', '~> 2.0'
 gem 'omniauth_openid_connect', '~> 0.6.1'
-gem 'omniauth', '~> 1.9'
+gem 'omniauth', '~> 2.0'
-gem 'omniauth-rails_csrf_protection', '~> 0.1'
+gem 'omniauth-rails_csrf_protection', '~> 1.0'
 gem 'color_diff', '~> 0.1'
 gem 'discard', '~> 1.2'
@ -56,8 +59,9 @@ gem 'httplog', '~> 1.6.2'
 gem 'idn-ruby', require: 'idn'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
-gem 'mime-types', '~> 3.4.1', require: 'mime/types/columnar'
+gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
 gem 'nokogiri', '~> 1.15'
 gem 'nsa', github: 'jhawthorn/nsa', ref: 'e020fcc3a54d993ab45b7194d89ab720296c111b'
 gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
@ -67,7 +71,7 @@ gem 'pundit', '~> 2.3'
 gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 2.0', require: 'rack/cors'
-gem 'rails-i18n', '~> 6.0'
+gem 'rails-i18n', '~> 7.0'
 gem 'rails-settings-cached', '~> 0.6', git: 'https://github.com/mastodon/rails-settings-cached.git', branch: 'v0.6.6-aliases-true'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
@ -99,9 +103,6 @@ gem 'rdf-normalize', '~> 0.5'
 gem 'private_address_check', '~> 0.5'
 group :test do
  # RSpec runner for rails
  gem 'rspec-rails', '~> 6.0'
  # Used to split testing into chunks in CI
  gem 'rspec_chunked', '~> 0.6'
@ -109,10 +110,14 @@ group :test do
  gem 'fuubar', '~> 2.5'
  # Extra RSpec extenion methods and helpers for sidekiq
-  gem 'rspec-sidekiq', '~> 3.1'
+  gem 'rspec-sidekiq', '~> 4.0'
  # Browser integration testing
  gem 'capybara', '~> 3.39'
  gem 'selenium-webdriver'
  # Used to reset the database between system tests
  gem 'database_cleaner-active_record'
  # Used to mock environment variables
  gem 'climate_control', '~> 0.2'
@ -159,7 +164,7 @@ group :development do
  gem 'letter_opener_web', '~> 2.0'
  # Security analysis CLI tools
-  gem 'brakeman', '~> 5.4', require: false
+  gem 'brakeman', '~> 6.0', require: false
  gem 'bundler-audit', '~> 0.9', require: false
  # Linter CLI for HAML files
@ -173,10 +178,17 @@ group :development do
  # Validate missing i18n keys
  gem 'i18n-tasks', '~> 1.0', require: false
 end
 group :development, :test do
  # Profiling tools
  gem 'memory_profiler', require: false
  gem 'ruby-prof', require: false
  gem 'stackprof', require: false
  gem 'test-prof'
  # RSpec runner for rails
  gem 'rspec-rails', '~> 6.0'
 end
 group :production do
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -7,6 +7,17 @@ GIT
      hkdf (~> 0.2)
      jwt (~> 2.0)
 GIT
  remote: https://github.com/jhawthorn/nsa.git
  revision: e020fcc3a54d993ab45b7194d89ab720296c111b
  ref: e020fcc3a54d993ab45b7194d89ab720296c111b
  specs:
    nsa (0.2.8)
      activesupport (>= 4.2, < 7.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      sidekiq (>= 3.5)
      statsd-ruby (~> 1.4, >= 1.4.0)
 GIT
  remote: https://github.com/mastodon/rails-settings-cached.git
  revision: 86328ef0bd04ce21cc0504ff5e334591e8c2ccab
@ -15,43 +26,60 @@ GIT
    rails-settings-cached (0.6.6)
      rails (>= 4.2.0)
 GIT
  remote: https://github.com/stanhu/omniauth-cas.git
  revision: 4211e6d05941b4a981f9a36b49ec166cecd0e271
  ref: 4211e6d05941b4a981f9a36b49ec166cecd0e271
  specs:
    omniauth-cas (2.0.0)
      addressable (~> 2.3)
      nokogiri (~> 1.5)
      omniauth (>= 1.2, < 3)
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (6.1.7.4)
+    actioncable (7.0.8)
-      actionpack (= 6.1.7.4)
+      actionpack (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.4)
+    actionmailbox (7.0.8)
-      actionpack (= 6.1.7.4)
+      actionpack (= 7.0.8)
-      activejob (= 6.1.7.4)
+      activejob (= 7.0.8)
-      activerecord (= 6.1.7.4)
+      activerecord (= 7.0.8)
-      activestorage (= 6.1.7.4)
+      activestorage (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      mail (>= 2.7.1)
-    actionmailer (6.1.7.4)
+      net-imap
-      actionpack (= 6.1.7.4)
+      net-pop
-      actionview (= 6.1.7.4)
+      net-smtp
-      activejob (= 6.1.7.4)
+    actionmailer (7.0.8)
-      activesupport (= 6.1.7.4)
+      actionpack (= 7.0.8)
      actionview (= 7.0.8)
      activejob (= 7.0.8)
      activesupport (= 7.0.8)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.4)
+    actionpack (7.0.8)
-      actionview (= 6.1.7.4)
+      actionview (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
-      rack (~> 2.0, >= 2.0.9)
+      rack (~> 2.0, >= 2.2.4)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.4)
+    actiontext (7.0.8)
-      actionpack (= 6.1.7.4)
+      actionpack (= 7.0.8)
-      activerecord (= 6.1.7.4)
+      activerecord (= 7.0.8)
-      activestorage (= 6.1.7.4)
+      activestorage (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
-    actionview (6.1.7.4)
+    actionview (7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@ -61,28 +89,27 @@ GEM
      activemodel (>= 4.1, < 7.1)
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (6.1.7.4)
+    activejob (7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      globalid (>= 0.3.6)
-    activemodel (6.1.7.4)
+    activemodel (7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
-    activerecord (6.1.7.4)
+    activerecord (7.0.8)
-      activemodel (= 6.1.7.4)
+      activemodel (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
-    activestorage (6.1.7.4)
+    activestorage (7.0.8)
-      actionpack (= 6.1.7.4)
+      actionpack (= 7.0.8)
-      activejob (= 6.1.7.4)
+      activejob (= 7.0.8)
-      activerecord (= 6.1.7.4)
+      activerecord (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (6.1.7.4)
+    activesupport (7.0.8)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
+    addressable (2.8.5)
    addressable (2.8.4)
      public_suffix (>= 2.0.2, < 6.0)
    aes_key_wrap (1.1.0)
    airbrussh (1.4.1)
@ -97,21 +124,30 @@ GEM
    attr_required (1.0.1)
    awrence (1.2.1)
    aws-eventstream (1.2.0)
-    aws-partitions (1.780.0)
+    aws-partitions (1.809.0)
-    aws-sdk-core (3.175.0)
+    aws-sdk-core (3.181.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.5)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.67.0)
+    aws-sdk-kms (1.71.0)
-      aws-sdk-core (~> 3, >= 3.174.0)
+      aws-sdk-core (~> 3, >= 3.177.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.126.0)
+    aws-sdk-s3 (1.133.0)
-      aws-sdk-core (~> 3, >= 3.174.0)
+      aws-sdk-core (~> 3, >= 3.181.0)
      aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.4)
+      aws-sigv4 (~> 1.6)
-    aws-sigv4 (1.5.2)
+    aws-sigv4 (1.6.0)
      aws-eventstream (~> 1, >= 1.0.2)
    azure-storage-blob (2.0.3)
      azure-storage-common (~> 2.0)
      nokogiri (~> 1, >= 1.10.8)
    azure-storage-common (2.0.4)
      faraday (~> 1.0)
      faraday_middleware (~> 1.0, >= 1.0.0.rc1)
      net-http-persistent (~> 4.0)
      nokogiri (~> 1, >= 1.10.8)
    base64 (0.1.1)
    bcrypt (3.1.18)
    better_errors (2.10.1)
      erubi (>= 1.0.0)
@ -130,7 +166,7 @@ GEM
    blurhash (0.1.7)
    bootsnap (1.16.0)
      msgpack (~> 1.2)
-    brakeman (5.4.1)
+    brakeman (6.0.1)
    browser (5.3.1)
    brpoplpush-redis_script (0.1.3)
      concurrent-ruby (~> 1.0, >= 1.0.5)
@ -146,7 +182,7 @@ GEM
      sshkit (>= 1.9.0)
    capistrano-bundler (2.1.0)
      capistrano (~> 3.1)
-    capistrano-rails (1.6.2)
+    capistrano-rails (1.6.3)
      capistrano (~> 3.1)
      capistrano-bundler (>= 1.1, < 3)
    capistrano-rbenv (2.2.0)
@ -167,7 +203,7 @@ GEM
      activesupport
    cbor (0.5.9.6)
    charlock_holmes (0.7.7)
-    chewy (7.3.2)
+    chewy (7.3.4)
      activesupport (>= 5.2)
      elasticsearch (>= 7.12.0, < 7.14.0)
      elasticsearch-dsl
@ -185,6 +221,10 @@ GEM
    crass (1.0.6)
    css_parser (1.14.0)
      addressable
    database_cleaner-active_record (2.1.0)
      activerecord (>= 5.a)
      database_cleaner-core (~> 2.0.0)
    database_cleaner-core (2.0.1)
    date (3.3.3)
    debug_inspector (1.1.0)
    devise (4.9.2)
@ -230,7 +270,7 @@ GEM
      tzinfo
    excon (0.100.0)
    fabrication (2.30.0)
-    faker (3.2.0)
+    faker (3.2.1)
      i18n (>= 1.8.11, < 2)
    faraday (1.10.3)
      faraday-em_http (~> 1.0)
@ -255,6 +295,8 @@ GEM
    faraday-patron (1.0.0)
    faraday-rack (1.0.0)
    faraday-retry (1.0.3)
    faraday_middleware (1.2.0)
      faraday (~> 1.0)
    fast_blank (1.0.1)
    fastimage (2.2.7)
    ffi (1.15.5)
@ -282,7 +324,7 @@ GEM
      ruby-progressbar (~> 1.4)
    globalid (1.1.0)
      activesupport (>= 5.0)
-    haml (6.1.1)
+    haml (6.1.2)
      temple (>= 0.8.2)
      thor
      tilt
@ -291,11 +333,11 @@ GEM
      activesupport (>= 5.1)
      haml (>= 4.0.6)
      railties (>= 5.1)
-    haml_lint (0.45.0)
+    haml_lint (0.50.0)
      haml (>= 4.0, < 6.2)
      parallel (~> 1.10)
      rainbow
-      rubocop (>= 0.50.0)
+      rubocop (>= 1.0)
      sysexits (~> 1.1)
    hashdiff (1.0.1)
    hashie (5.0.0)
@ -367,12 +409,13 @@ GEM
      activerecord
      kaminari-core (= 1.2.2)
    kaminari-core (1.2.2)
-    kt-paperclip (7.2.0)
+    kt-paperclip (7.2.1)
      activemodel (>= 4.2.0)
      activesupport (>= 4.2.0)
      marcel (~> 1.0.1)
      mime-types
      terrapin (~> 0.6.0)
    language_server-protocol (3.17.0.3)
    launchy (2.5.2)
      addressable (~> 2.8)
    letter_opener (1.8.1)
@ -386,7 +429,7 @@ GEM
    llhttp-ffi (0.4.0)
      ffi-compiler (~> 1.0)
      rake (~> 13.0)
-    lograge (0.12.0)
+    lograge (0.13.0)
      actionpack (>= 4)
      activesupport (>= 4)
      railties (>= 4)
@ -399,26 +442,30 @@ GEM
      net-imap
      net-pop
      net-smtp
    makara (0.5.1)
      activerecord (>= 5.2.0)
    marcel (1.0.2)
    mario-redis-lock (1.2.1)
      redis (>= 3.0.5)
    matrix (0.4.2)
    md-paperclip-azure (2.2.0)
      addressable (~> 2.5)
      azure-storage-blob (~> 2.0.1)
      hashie (~> 5.0)
    memory_profiler (1.0.1)
    method_source (1.0.0)
-    mime-types (3.4.1)
+    mime-types (3.5.1)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.0218.1)
+    mime-types-data (3.2023.0808)
-    mini_mime (1.1.2)
+    mini_mime (1.1.5)
-    mini_portile2 (2.8.2)
+    mini_portile2 (2.8.4)
-    minitest (5.18.1)
+    minitest (5.19.0)
    msgpack (1.7.1)
    multi_json (1.15.0)
    multipart-post (2.3.0)
    net-http (0.3.2)
      uri
-    net-imap (0.3.6)
+    net-http-persistent (4.0.2)
      connection_pool (~> 2.2)
    net-imap (0.3.7)
      date
      net-protocol
    net-ldap (0.18.0)
@ -432,23 +479,20 @@ GEM
      net-protocol
    net-ssh (7.1.0)
    nio4r (2.5.9)
-    nokogiri (1.15.3)
+    nokogiri (1.15.4)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
-    oj (3.15.0)
+    oj (3.16.1)
-    omniauth (1.9.2)
+    omniauth (2.1.1)
      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
+      rack (>= 2.2.3)
-    omniauth-cas (2.0.0)
+      rack-protection
-      addressable (~> 2.3)
+    omniauth-rails_csrf_protection (1.0.1)
      nokogiri (~> 1.5)
      omniauth (~> 1.2)
    omniauth-rails_csrf_protection (0.1.2)
      actionpack (>= 4.2)
-      omniauth (>= 1.3.1)
+      omniauth (~> 2.0)
-    omniauth-saml (1.10.3)
+    omniauth-saml (2.1.0)
-      omniauth (~> 1.3, >= 1.3.2)
+      omniauth (~> 2.0)
-      ruby-saml (~> 1.9)
+      ruby-saml (~> 1.12)
    omniauth_openid_connect (0.6.1)
      omniauth (>= 1.9, < 3)
      openid_connect (~> 1.1)
@ -467,7 +511,7 @@ GEM
    openssl-signature_algorithm (1.3.0)
      openssl (> 2.0)
    orm_adapter (0.5.0)
-    ox (2.14.16)
+    ox (2.14.17)
    parallel (1.23.0)
    parser (3.2.2.3)
      ast (~> 2.4.1)
@ -475,8 +519,8 @@ GEM
    parslet (2.0.0)
    pastel (0.8.0)
      tty-color (~> 0.5)
-    pg (1.5.3)
+    pg (1.5.4)
-    pghero (3.3.3)
+    pghero (3.3.4)
      activerecord (>= 6)
    posix-spawn (0.3.15)
    premailer (1.21.0)
@ -488,16 +532,16 @@ GEM
      net-smtp
      premailer (~> 1.7, >= 1.7.9)
    private_address_check (0.5.0)
-    public_suffix (5.0.1)
+    public_suffix (5.0.3)
-    puma (6.3.0)
+    puma (6.3.1)
      nio4r (~> 2.0)
    pundit (2.3.0)
      activesupport (>= 3.0.0)
    raabro (1.4.0)
    racc (1.7.1)
-    rack (2.2.7)
+    rack (2.2.8)
-    rack-attack (6.6.1)
+    rack-attack (6.7.0)
-      rack (>= 1.0, < 3)
+      rack (>= 1.0, < 4)
    rack-cors (2.0.1)
      rack (>= 2.0.0)
    rack-oauth2 (1.21.3)
@ -506,49 +550,52 @@ GEM
      httpclient
      json-jwt (>= 1.11.0)
      rack (>= 2.1.0)
    rack-protection (3.0.5)
      rack
    rack-proxy (0.7.6)
      rack
    rack-test (2.1.0)
      rack (>= 1.3)
-    rails (6.1.7.4)
+    rails (7.0.8)
-      actioncable (= 6.1.7.4)
+      actioncable (= 7.0.8)
-      actionmailbox (= 6.1.7.4)
+      actionmailbox (= 7.0.8)
-      actionmailer (= 6.1.7.4)
+      actionmailer (= 7.0.8)
-      actionpack (= 6.1.7.4)
+      actionpack (= 7.0.8)
-      actiontext (= 6.1.7.4)
+      actiontext (= 7.0.8)
-      actionview (= 6.1.7.4)
+      actionview (= 7.0.8)
-      activejob (= 6.1.7.4)
+      activejob (= 7.0.8)
-      activemodel (= 6.1.7.4)
+      activemodel (= 7.0.8)
-      activerecord (= 6.1.7.4)
+      activerecord (= 7.0.8)
-      activestorage (= 6.1.7.4)
+      activestorage (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      bundler (>= 1.15.0)
-      railties (= 6.1.7.4)
+      railties (= 7.0.8)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
      actionview (>= 5.0.1.rc1)
      activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
+    rails-dom-testing (2.1.1)
-      activesupport (>= 4.2.0)
+      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.6.0)
      loofah (~> 2.21)
      nokogiri (~> 1.14)
-    rails-i18n (6.0.0)
+    rails-i18n (7.0.7)
      i18n (>= 0.7, < 2)
-      railties (>= 6.0.0, < 7)
+      railties (>= 6.0.0, < 8)
-    railties (6.1.7.4)
+    railties (7.0.8)
-      actionpack (= 6.1.7.4)
+      actionpack (= 7.0.8)
-      activesupport (= 6.1.7.4)
+      activesupport (= 7.0.8)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
      zeitwerk (~> 2.5)
    rainbow (3.1.1)
    rake (13.0.6)
    rdf (3.2.11)
      link_header (~> 0.0, >= 0.0.8)
-    rdf-normalize (0.6.0)
+    rdf-normalize (0.6.1)
      rdf (~> 3.2)
    redcarpet (3.6.0)
    redis (4.8.1)
@ -562,7 +609,7 @@ GEM
    responders (3.1.0)
      actionpack (>= 5.2)
      railties (>= 5.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
    rotp (6.2.2)
    rouge (4.1.2)
    rpam2 (4.0.2)
@ -586,19 +633,23 @@ GEM
      rspec-expectations (~> 3.12)
      rspec-mocks (~> 3.12)
      rspec-support (~> 3.12)
-    rspec-sidekiq (3.1.0)
+    rspec-sidekiq (4.0.1)
-      rspec-core (~> 3.0, >= 3.0.0)
+      rspec-core (~> 3.0)
-      sidekiq (>= 2.4.0)
+      rspec-expectations (~> 3.0)
-    rspec-support (3.12.0)
+      rspec-mocks (~> 3.0)
      sidekiq (>= 5, < 8)
    rspec-support (3.12.1)
    rspec_chunked (0.6)
-    rubocop (1.52.1)
+    rubocop (1.56.3)
      base64 (~> 0.1.1)
      json (~> 2.3)
      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
      parser (>= 3.2.2.3)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.0, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
    rubocop-ast (1.29.0)
@ -607,17 +658,18 @@ GEM
      rubocop (~> 1.41)
    rubocop-factory_bot (2.23.1)
      rubocop (~> 1.33)
-    rubocop-performance (1.18.0)
+    rubocop-performance (1.19.0)
      rubocop (>= 1.7.0, < 2.0)
      rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.19.1)
+    rubocop-rails (2.20.2)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.33.0, < 2.0)
-    rubocop-rspec (2.22.0)
+    rubocop-rspec (2.23.2)
      rubocop (~> 1.33)
      rubocop-capybara (~> 2.17)
      rubocop-factory_bot (~> 2.22)
    ruby-prof (1.6.3)
    ruby-progressbar (1.13.0)
    ruby-saml (1.15.0)
      nokogiri (>= 1.13.10)
@ -634,6 +686,10 @@ GEM
    scenic (1.7.0)
      activerecord (>= 4.0.0)
      railties (>= 4.0.0)
    selenium-webdriver (4.11.0)
      rexml (~> 3.2, >= 3.2.5)
      rubyzip (>= 1.2.2, < 3.0)
      websocket (~> 1.0)
    semantic_range (3.0.0)
    sidekiq (6.5.9)
      connection_pool (>= 2.2.5, < 3)
@ -670,11 +726,12 @@ GEM
      actionpack (>= 5.2)
      activesupport (>= 5.2)
      sprockets (>= 3.0.0)
-    sshkit (1.21.4)
+    sshkit (1.21.5)
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
    stackprof (0.2.25)
-    stoplight (3.0.1)
+    statsd-ruby (1.5.0)
    stoplight (3.0.2)
      redlock (~> 1.0)
    strong_migrations (0.8.0)
      activerecord (>= 5.2)
@ -688,9 +745,10 @@ GEM
      unicode-display_width (>= 1.1.1, < 3)
    terrapin (0.6.0)
      climate_control (>= 0.0.3, < 1.0)
    test-prof (1.2.3)
    thor (1.2.2)
    tilt (2.2.0)
-    timeout (0.3.2)
+    timeout (0.4.0)
    tpm-key_attestation (0.12.0)
      bindata (~> 2.4)
      openssl (> 2.0)
@ -737,7 +795,7 @@ GEM
    webfinger (1.2.0)
      activesupport
      httpclient (>= 2.4)
-    webmock (3.18.1)
+    webmock (3.19.1)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
@ -746,14 +804,15 @@ GEM
      rack-proxy (>= 0.6.1)
      railties (>= 5.2)
      semantic_range (>= 2.3.0)
-    websocket-driver (0.7.5)
+    websocket (1.2.9)
    websocket-driver (0.7.6)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    wisper (2.0.1)
    xorcist (1.1.3)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.6.8)
+    zeitwerk (2.6.11)
 PLATFORMS
  ruby
@ -767,7 +826,7 @@ DEPENDENCIES
  binding_of_caller (~> 1.0)
  blurhash (~> 0.1)
  bootsnap (~> 1.16.0)
-  brakeman (~> 5.4)
+  brakeman (~> 6.0)
  browser
  bundler-audit (~> 0.9)
  capistrano (~> 3.17)
@ -782,6 +841,7 @@ DEPENDENCIES
  color_diff (~> 0.1)
  concurrent-ruby
  connection_pool
  database_cleaner-active_record
  devise (~> 4.9)
  devise-two-factor (~> 4.1)
  devise_pam_authenticatable2 (~> 9.2)
@ -815,18 +875,19 @@ DEPENDENCIES
  letter_opener_web (~> 2.0)
  link_header (~> 0.0)
  lograge (~> 0.12)
  makara (~> 0.5)
  mario-redis-lock (~> 1.2)
  md-paperclip-azure (~> 2.2)
  memory_profiler
-  mime-types (~> 3.4.1)
+  mime-types (~> 3.5.0)
  net-http (~> 0.3.2)
  net-ldap (~> 0.18)
  nokogiri (~> 1.15)
  nsa!
  oj (~> 3.14)
-  omniauth (~> 1.9)
+  omniauth (~> 2.0)
-  omniauth-cas (~> 2.0)
+  omniauth-cas!
-  omniauth-rails_csrf_protection (~> 0.1)
+  omniauth-rails_csrf_protection (~> 1.0)
-  omniauth-saml (~> 1.10)
+  omniauth-saml (~> 2.0)
  omniauth_openid_connect (~> 0.6.1)
  ox (~> 2.14)
  parslet
@ -842,9 +903,9 @@ DEPENDENCIES
  rack-attack (~> 6.6)
  rack-cors (~> 2.0)
  rack-test (~> 2.1)
-  rails (~> 6.1.7)
+  rails (~> 7.0)
  rails-controller-testing (~> 1.0)
-  rails-i18n (~> 6.0)
+  rails-i18n (~> 7.0)
  rails-settings-cached (~> 0.6)!
  rdf-normalize (~> 0.5)
  redcarpet (~> 3.6)
@ -852,17 +913,19 @@ DEPENDENCIES
  redis-namespace (~> 1.10)
  rqrcode (~> 2.2)
  rspec-rails (~> 6.0)
-  rspec-sidekiq (~> 3.1)
+  rspec-sidekiq (~> 4.0)
  rspec_chunked (~> 0.6)
  rubocop
  rubocop-capybara
  rubocop-performance
  rubocop-rails
  rubocop-rspec
  ruby-prof
  ruby-progressbar (~> 1.13)
  rubyzip (~> 2.3)
  sanitize (~> 6.0)
  scenic (~> 1.7)
  selenium-webdriver
  sidekiq (~> 6.5)
  sidekiq-bulk (~> 0.2.0)
  sidekiq-scheduler (~> 5.0)
@ -875,6 +938,7 @@ DEPENDENCIES
  stackprof
  stoplight (~> 3.0.1)
  strong_migrations (~> 0.8)
  test-prof
  thor (~> 1.2)
  tty-prompt (~> 0.23)
  twitter-text (~> 3.1.0)
--- a/Procfile.dev
+++ b/Procfile.dev
@ -1,4 +1,4 @@
 web: env PORT=3000 RAILS_ENV=development bundle exec puma -C config/puma.rb
 sidekiq: env PORT=3000 RAILS_ENV=development bundle exec sidekiq
 stream: env PORT=4000 yarn run start
-webpack: ./bin/webpack-dev-server --listen-host 0.0.0.0
+webpack: bin/webpack-dev-server
--- a/4
+++ b/4
@ -1,6 +1,8 @@
 # frozen_string_literal: true
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
-require File.expand_path('../config/application', __FILE__)
+require File.expand_path('config/application', __dir__)
 Rails.application.load_tasks
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,8 +1,11 @@
 # Security Policy
-If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can reach us at <security@joinmastodon.org>.
+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either:
-You should _not_ report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+- open a [Github security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
 - reach us at <security@joinmastodon.org>
 You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
 ## Scope
@ -11,8 +14,8 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
 ## Supported Versions
 | Version | Supported        |
-| ------- | --------- |
+| ------- | ---------------- |
 | 4.1.x   | Yes              |
-| 4.0.x   | Yes       |
+| 4.0.x   | Until 2023-10-31 |
-| 3.5.x   | Yes       |
+| 3.5.x   | Until 2023-12-31 |
 | < 3.5   | No               |
--- a/44
+++ b/44
@ -60,6 +60,38 @@ sudo usermod -a -G rvm $USER
 SCRIPT
 $provisionElasticsearch = <<SCRIPT
 # Install Elastic Search
 sudo apt install openjdk-17-jre-headless -y
 sudo wget -O /usr/share/keyrings/elasticsearch.asc https://artifacts.elastic.co/GPG-KEY-elasticsearch
 sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/elasticsearch.asc] https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'
 sudo apt update
 sudo apt install elasticsearch -y
 sudo systemctl daemon-reload
 sudo systemctl enable --now elasticsearch
 echo 'path.data: /var/lib/elasticsearch
 path.logs: /var/log/elasticsearch
 network.host: 0.0.0.0
 http.port: 9200
 discovery.seed_hosts: ["localhost"]
 cluster.initial_master_nodes: ["node-1"]
 xpack.security.enabled: false' > /etc/elasticsearch/elasticsearch.yml
 sudo systemctl restart elasticsearch
 # Install Kibana
 sudo apt install kibana -y
 sudo systemctl enable --now kibana
 echo 'server.host: "0.0.0.0"
 elasticsearch.hosts: ["http://localhost:9200"]' > /etc/kibana/kibana.yml
 sudo systemctl restart kibana
 SCRIPT
 $provisionB = <<SCRIPT
 source "/etc/profile.d/rvm.sh"
@ -102,10 +134,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.provider :virtualbox do |vb|
    vb.name = "mastodon"
-    vb.customize ["modifyvm", :id, "--memory", "4096"]
+    vb.customize ["modifyvm", :id, "--memory", "8192"]
-    # Increase the number of CPUs. Uncomment and adjust to
+    vb.customize ["modifyvm", :id, "--cpus", "3"]
    # increase performance
    # vb.customize ["modifyvm", :id, "--cpus", "3"]
    # Disable VirtualBox DNS proxy to skip long-delay IPv6 resolutions.
    # https://github.com/mitchellh/vagrant/issues/1172
@ -141,9 +171,15 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.network :forwarded_port, guest: 3000, host: 3000
  config.vm.network :forwarded_port, guest: 4000, host: 4000
  config.vm.network :forwarded_port, guest: 8080, host: 8080
  config.vm.network :forwarded_port, guest: 9200, host: 9200
  config.vm.network :forwarded_port, guest: 9300, host: 9300
  config.vm.network :forwarded_port, guest: 9243, host: 9243
  config.vm.network :forwarded_port, guest: 5601, host: 5601
  # Full provisioning script, only runs on first 'vagrant up' or with 'vagrant provision'
  config.vm.provision :shell, inline: $provisionA, privileged: false, reset: true
  # Run with elevated privileges for Elasticsearch installation
  config.vm.provision :shell, inline: $provisionElasticsearch, privileged: true
  config.vm.provision :shell, inline: $provisionB, privileged: false
  config.vm.post_up_message = <<MESSAGE
--- a/app/chewy/accounts_index.rb
+++ b/app/chewy/accounts_index.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class AccountsIndex < Chewy::Index
-  settings index: { refresh_interval: '30s' }, analysis: {
+  settings index: index_preset(refresh_interval: '30s'), analysis: {
    filter: {
      english_stop: {
        type: 'stop',
@ -21,19 +21,20 @@ class AccountsIndex < Chewy::Index
    analyzer: {
      natural: {
-        tokenizer: 'uax_url_email',
+        tokenizer: 'standard',
        filter: %w(
          english_possessive_stemmer
          lowercase
          asciifolding
          cjk_width
          elision
          english_possessive_stemmer
          english_stop
          english_stemmer
        ),
      },
      verbatim: {
-        tokenizer: 'whitespace',
+        tokenizer: 'standard',
        filter: %w(lowercase asciifolding cjk_width),
      },
@ -62,6 +63,6 @@ class AccountsIndex < Chewy::Index
    field(:last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at })
    field(:display_name, type: 'text', analyzer: 'verbatim') { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
    field(:username, type: 'text', analyzer: 'verbatim', value: ->(account) { [account.username, account.domain].compact.join('@') }) { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
-    field(:text, type: 'text', value: ->(account) { account.searchable_text }) { field :stemmed, type: 'text', analyzer: 'natural' }
+    field(:text, type: 'text', analyzer: 'verbatim', value: ->(account) { account.searchable_text }) { field :stemmed, type: 'text', analyzer: 'natural' }
  end
 end
--- a/app/chewy/instances_index.rb
+++ b/app/chewy/instances_index.rb
@ -0,0 +1,12 @@
 # frozen_string_literal: true
 class InstancesIndex < Chewy::Index
  settings index: index_preset(refresh_interval: '30s')
  index_scope ::Instance.searchable
  root date_detection: false do
    field :domain, type: 'text', index_prefixes: { min_chars: 1, max_chars: 5 }
    field :accounts_count, type: 'long'
  end
 end
--- a/app/chewy/public_statuses_index.rb
+++ b/app/chewy/public_statuses_index.rb
@ -0,0 +1,67 @@
 # frozen_string_literal: true
 class PublicStatusesIndex < Chewy::Index
  settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
    filter: {
      english_stop: {
        type: 'stop',
        stopwords: '_english_',
      },
      english_stemmer: {
        type: 'stemmer',
        language: 'english',
      },
      english_possessive_stemmer: {
        type: 'stemmer',
        language: 'possessive_english',
      },
    },
    analyzer: {
      verbatim: {
        tokenizer: 'uax_url_email',
        filter: %w(lowercase),
      },
      content: {
        tokenizer: 'standard',
        filter: %w(
          lowercase
          asciifolding
          cjk_width
          elision
          english_possessive_stemmer
          english_stop
          english_stemmer
        ),
      },
      hashtag: {
        tokenizer: 'keyword',
        filter: %w(
          word_delimiter_graph
          lowercase
          asciifolding
          cjk_width
        ),
      },
    },
  }
  index_scope ::Status.unscoped
                      .kept
                      .indexable
                      .includes(:media_attachments, :preloadable_poll, :preview_cards, :tags)
  root date_detection: false do
    field(:id, type: 'long')
    field(:account_id, type: 'long')
    field(:text, type: 'text', analyzer: 'verbatim', value: ->(status) { status.searchable_text }) { field(:stemmed, type: 'text', analyzer: 'content') }
    field(:tags, type: 'text', analyzer: 'hashtag', value: ->(status) { status.tags.map(&:display_name) })
    field(:language, type: 'keyword')
    field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
    field(:created_at, type: 'date')
  end
 end
--- a/app/chewy/statuses_index.rb
+++ b/app/chewy/statuses_index.rb
@ -1,75 +1,65 @@
 # frozen_string_literal: true
 class StatusesIndex < Chewy::Index
-  include FormattingHelper
+  settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
  settings index: { refresh_interval: '30s' }, analysis: {
    filter: {
      english_stop: {
        type: 'stop',
        stopwords: '_english_',
      },
      english_stemmer: {
        type: 'stemmer',
        language: 'english',
      },
      english_possessive_stemmer: {
        type: 'stemmer',
        language: 'possessive_english',
      },
    },
    analyzer: {
-      content: {
+      verbatim: {
        tokenizer: 'uax_url_email',
        filter: %w(lowercase),
      },
      content: {
        tokenizer: 'standard',
        filter: %w(
          english_possessive_stemmer
          lowercase
          asciifolding
          cjk_width
          elision
          english_possessive_stemmer
          english_stop
          english_stemmer
        ),
      },
      hashtag: {
        tokenizer: 'keyword',
        filter: %w(
          word_delimiter_graph
          lowercase
          asciifolding
          cjk_width
        ),
      },
    },
  }
-  # We do not use delete_if option here because it would call a method that we
+  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preview_cards, :local_mentioned, :local_favorited, :local_reblogged, :local_bookmarked, :tags, preloadable_poll: :local_voters), delete_if: ->(status) { status.searchable_by.empty? }
  # expect to be called with crutches without crutches, causing n+1 queries
  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preloadable_poll)
  crutch :mentions do |collection|
    data = ::Mention.where(status_id: collection.map(&:id)).where(account: Account.local, silent: false).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :favourites do |collection|
    data = ::Favourite.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :reblogs do |collection|
    data = ::Status.where(reblog_of_id: collection.map(&:id)).where(account: Account.local).pluck(:reblog_of_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :bookmarks do |collection|
    data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  crutch :votes do |collection|
    data = ::PollVote.joins(:poll).where(poll: { status_id: collection.map(&:id) }).where(account: Account.local).pluck(:status_id, :account_id)
    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
  end
  root date_detection: false do
-    field :id, type: 'long'
+    field(:id, type: 'long')
-    field :account_id, type: 'long'
+    field(:account_id, type: 'long')
-
+    field(:text, type: 'text', analyzer: 'verbatim', value: ->(status) { status.searchable_text }) { field(:stemmed, type: 'text', analyzer: 'content') }
-    field :text, type: 'text', value: ->(status) { status.searchable_text } do
+    field(:tags, type: 'text', analyzer: 'hashtag',  value: ->(status) { status.tags.map(&:display_name) })
-      field :stemmed, type: 'text', analyzer: 'content'
+    field(:searchable_by, type: 'long', value: ->(status) { status.searchable_by })
-    end
+    field(:language, type: 'keyword')
-
+    field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
-    field :searchable_by, type: 'long', value: ->(status, crutches) { status.searchable_by(crutches) }
+    field(:created_at, type: 'date')
  end
 end
--- a/app/chewy/tags_index.rb
+++ b/app/chewy/tags_index.rb
@ -1,16 +1,25 @@
 # frozen_string_literal: true
 class TagsIndex < Chewy::Index
-  settings index: { refresh_interval: '30s' }, analysis: {
+  settings index: index_preset(refresh_interval: '30s'), analysis: {
    analyzer: {
      content: {
        tokenizer: 'keyword',
-        filter: %w(lowercase asciifolding cjk_width),
+        filter: %w(
          word_delimiter_graph
          lowercase
          asciifolding
          cjk_width
        ),
      },
      edge_ngram: {
        tokenizer: 'edge_ngram',
-        filter: %w(lowercase asciifolding cjk_width),
+        filter: %w(
          lowercase
          asciifolding
          cjk_width
        ),
      },
    },
@ -30,12 +39,9 @@ class TagsIndex < Chewy::Index
  end
  root date_detection: false do
-    field :name, type: 'text', analyzer: 'content' do
+    field(:name, type: 'text', analyzer: 'content', value: :display_name) { field(:edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content') }
-      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
+    field(:reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? })
-    end
+    field(:usage, type: 'long', value: ->(tag, crutches) { tag.history.aggregate(crutches.time_period).accounts })
-
+    field(:last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at })
    field :reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? }
    field :usage, type: 'long', value: ->(tag, crutches) { tag.history.aggregate(crutches.time_period).accounts }
    field :last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at }
  end
 end
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -12,7 +12,7 @@ class AccountsController < ApplicationController
  before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
  skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :require_functional!, unless: :limited_federation_mode?
  def show
    respond_to do |format|
--- a/app/controllers/admin/domain_blocks_controller.rb
+++ b/app/controllers/admin/domain_blocks_controller.rb
@ -40,7 +40,7 @@ module Admin
      end
      # Allow transparently upgrading a domain block
-      if existing_domain_block.present?
+      if existing_domain_block.present? && existing_domain_block.domain == TagManager.instance.normalize_domain(@domain_block.domain.strip)
        @domain_block = existing_domain_block
        @domain_block.assign_attributes(resource_params)
      end
--- a/app/controllers/admin/instances_controller.rb
+++ b/app/controllers/admin/instances_controller.rb
@ -65,7 +65,7 @@ module Admin
    end
    def filtered_instances
-      InstanceFilter.new(whitelist_mode? ? { allowed: true } : filter_params).results
+      InstanceFilter.new(limited_federation_mode? ? { allowed: true } : filter_params).results
    end
    def filter_params
--- a/app/controllers/admin/software_updates_controller.rb
+++ b/app/controllers/admin/software_updates_controller.rb
@ -0,0 +1,18 @@
 # frozen_string_literal: true
 module Admin
  class SoftwareUpdatesController < BaseController
    before_action :check_enabled!
    def index
      authorize :software_update, :index?
      @software_updates = SoftwareUpdate.all.sort_by(&:gem_version)
    end
    private
    def check_enabled!
      not_found unless SoftwareUpdate.check_enabled?
    end
  end
 end
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -8,7 +8,7 @@ class Api::BaseController < ApplicationController
  include AccessTokenTrackingConcern
  include ApiCachingConcern
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :require_functional!, unless: :limited_federation_mode?
  before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
  before_action :require_not_suspended!
@ -150,7 +150,7 @@ class Api::BaseController < ApplicationController
  end
  def disallow_unauthenticated_api_access?
-    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
+    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.limited_federation_mode
  end
  private
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@ -30,6 +30,7 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
      :bot,
      :discoverable,
      :hide_collections,
      :indexable,
      fields_attributes: [:name, :value]
    )
  end
--- a/app/controllers/api/v1/admin/tags_controller.rb
+++ b/app/controllers/api/v1/admin/tags_controller.rb
@ -0,0 +1,74 @@
 # frozen_string_literal: true
 class Api::V1::Admin::TagsController < Api::BaseController
  include Authorization
  before_action -> { authorize_if_got_token! :'admin:read' }, only: [:index, :show]
  before_action -> { authorize_if_got_token! :'admin:write' }, only: :update
  before_action :set_tags, only: :index
  before_action :set_tag, except: :index
  after_action :insert_pagination_headers, only: :index
  after_action :verify_authorized
  LIMIT = 100
  PAGINATION_PARAMS = %i(limit).freeze
  def index
    authorize :tag, :index?
    render json: @tags, each_serializer: REST::Admin::TagSerializer
  end
  def show
    authorize @tag, :show?
    render json: @tag, serializer: REST::Admin::TagSerializer
  end
  def update
    authorize @tag, :update?
    @tag.update!(tag_params.merge(reviewed_at: Time.now.utc))
    render json: @tag, serializer: REST::Admin::TagSerializer
  end
  private
  def set_tag
    @tag = Tag.find(params[:id])
  end
  def set_tags
    @tags = Tag.all.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end
  def tag_params
    params.permit(:display_name, :trendable, :usable, :listable)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_tags_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
  def prev_path
    api_v1_admin_tags_url(pagination_params(min_id: pagination_since_id)) unless @tags.empty?
  end
  def pagination_max_id
    @tags.last.id
  end
  def pagination_since_id
    @tags.first.id
  end
  def records_continue?
    @tags.size == limit_param(LIMIT)
  end
  def pagination_params(core_params)
    params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
  end
 end
--- a/app/controllers/api/v1/bookmarks_controller.rb
+++ b/app/controllers/api/v1/bookmarks_controller.rb
@ -21,7 +21,7 @@ class Api::V1::BookmarksController < Api::BaseController
  end
  def results
-    @_results ||= account_bookmarks.joins(:status).eager_load(:status).to_a_paginated_by_id(
+    @results ||= account_bookmarks.joins(:status).eager_load(:status).to_a_paginated_by_id(
      limit_param(DEFAULT_STATUSES_LIMIT),
      params_slice(:max_id, :since_id, :min_id)
    )
--- a/app/controllers/api/v1/directories_controller.rb
+++ b/app/controllers/api/v1/directories_controller.rb
@ -16,8 +16,10 @@ class Api::V1::DirectoriesController < Api::BaseController
  end
  def set_accounts
    with_read_replica do
      @accounts = accounts_scope.offset(params[:offset]).limit(limit_param(DEFAULT_ACCOUNTS_LIMIT))
    end
  end
  def accounts_scope
    Account.discoverable.tap do |scope|
--- a/app/controllers/api/v1/favourites_controller.rb
+++ b/app/controllers/api/v1/favourites_controller.rb
@ -21,7 +21,7 @@ class Api::V1::FavouritesController < Api::BaseController
  end
  def results
-    @_results ||= account_favourites.joins(:status).eager_load(:status).to_a_paginated_by_id(
+    @results ||= account_favourites.joins(:status).eager_load(:status).to_a_paginated_by_id(
      limit_param(DEFAULT_STATUSES_LIMIT),
      params_slice(:max_id, :since_id, :min_id)
    )
--- a/app/controllers/api/v1/instances/activity_controller.rb
+++ b/app/controllers/api/v1/instances/activity_controller.rb
@ -3,7 +3,7 @@
 class Api::V1::Instances::ActivityController < Api::BaseController
  before_action :require_enabled_api!
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  vary_by ''
@ -33,6 +33,6 @@ class Api::V1::Instances::ActivityController < Api::BaseController
  end
  def require_enabled_api!
-    head 404 unless Setting.activity_api_enabled && !whitelist_mode?
+    head 404 unless Setting.activity_api_enabled && !limited_federation_mode?
  end
 end
--- a/app/controllers/api/v1/instances/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/instances/domain_blocks_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class Api::V1::Instances::DomainBlocksController < Api::BaseController
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  before_action :require_enabled_api!
  before_action :set_domain_blocks
--- a/app/controllers/api/v1/instances/extended_descriptions_controller.rb
+++ b/app/controllers/api/v1/instances/extended_descriptions_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class Api::V1::Instances::ExtendedDescriptionsController < Api::BaseController
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  skip_around_action :set_locale
  before_action :set_extended_description
@ -10,7 +10,7 @@ class Api::V1::Instances::ExtendedDescriptionsController < Api::BaseController
  # Override `current_user` to avoid reading session cookies unless in whitelist mode
  def current_user
-    super if whitelist_mode?
+    super if limited_federation_mode?
  end
  def show
--- a/app/controllers/api/v1/instances/languages_controller.rb
+++ b/app/controllers/api/v1/instances/languages_controller.rb
@ -0,0 +1,21 @@
 # frozen_string_literal: true
 class Api::V1::Instances::LanguagesController < Api::BaseController
  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  skip_around_action :set_locale
  before_action :set_languages
  vary_by ''
  def show
    cache_even_if_authenticated!
    render json: @languages, each_serializer: REST::LanguageSerializer
  end
  private
  def set_languages
    @languages = LanguagesHelper::SUPPORTED_LOCALES.keys.map { |code| LanguagePresenter.new(code) }
  end
 end
--- a/app/controllers/api/v1/instances/peers_controller.rb
+++ b/app/controllers/api/v1/instances/peers_controller.rb
@ -3,24 +3,24 @@
 class Api::V1::Instances::PeersController < Api::BaseController
  before_action :require_enabled_api!
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  skip_around_action :set_locale
  vary_by ''
  # Override `current_user` to avoid reading session cookies unless in whitelist mode
  def current_user
-    super if whitelist_mode?
+    super if limited_federation_mode?
  end
  def index
    cache_even_if_authenticated!
-    render_with_cache(expires_in: 1.day) { Instance.where.not(domain: DomainBlock.select(:domain)).pluck(:domain) }
+    render_with_cache(expires_in: 1.day) { Instance.searchable.pluck(:domain) }
  end
  private
  def require_enabled_api!
-    head 404 unless Setting.peers_api_enabled && !whitelist_mode?
+    head 404 unless Setting.peers_api_enabled && !limited_federation_mode?
  end
 end
--- a/app/controllers/api/v1/instances/privacy_policies_controller.rb
+++ b/app/controllers/api/v1/instances/privacy_policies_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class Api::V1::Instances::PrivacyPoliciesController < Api::BaseController
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  before_action :set_privacy_policy
--- a/app/controllers/api/v1/instances/rules_controller.rb
+++ b/app/controllers/api/v1/instances/rules_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class Api::V1::Instances::RulesController < Api::BaseController
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  skip_around_action :set_locale
  before_action :set_rules
@ -10,7 +10,7 @@ class Api::V1::Instances::RulesController < Api::BaseController
  # Override `current_user` to avoid reading session cookies unless in whitelist mode
  def current_user
-    super if whitelist_mode?
+    super if limited_federation_mode?
  end
  def index
--- a/app/controllers/api/v1/instances/translation_languages_controller.rb
+++ b/app/controllers/api/v1/instances/translation_languages_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class Api::V1::Instances::TranslationLanguagesController < Api::BaseController
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  before_action :set_languages
--- a/app/controllers/api/v1/instances_controller.rb
+++ b/app/controllers/api/v1/instances_controller.rb
@ -1,14 +1,14 @@
 # frozen_string_literal: true
 class Api::V1::InstancesController < Api::BaseController
-  skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
+  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  skip_around_action :set_locale
  vary_by ''
  # Override `current_user` to avoid reading session cookies unless in whitelist mode
  def current_user
-    super if whitelist_mode?
+    super if limited_federation_mode?
  end
  def show
--- a/app/controllers/api/v1/markers_controller.rb
+++ b/app/controllers/api/v1/markers_controller.rb
@ -7,7 +7,10 @@ class Api::V1::MarkersController < Api::BaseController
  before_action :require_user!
  def index
    with_read_replica do
      @markers = current_user.markers.where(timeline: Array(params[:timeline])).index_by(&:timeline)
    end
    render json: serialize_map(@markers)
  end
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@ -9,8 +9,12 @@ class Api::V1::NotificationsController < Api::BaseController
  DEFAULT_NOTIFICATIONS_LIMIT = 40
  def index
    with_read_replica do
      @notifications = load_notifications
-    render json: @notifications, each_serializer: REST::NotificationSerializer, relationships: StatusRelationshipsPresenter.new(target_statuses_from_notifications, current_user&.account_id)
+      @relationships = StatusRelationshipsPresenter.new(target_statuses_from_notifications, current_user&.account_id)
    end
    render json: @notifications, each_serializer: REST::NotificationSerializer, relationships: @relationships
  end
  def show
--- a/app/controllers/api/v1/peers/search_controller.rb
+++ b/app/controllers/api/v1/peers/search_controller.rb
@ -0,0 +1,47 @@
 # frozen_string_literal: true
 class Api::V1::Peers::SearchController < Api::BaseController
  before_action :require_enabled_api!
  before_action :set_domains
  skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
  skip_around_action :set_locale
  vary_by ''
  def index
    cache_even_if_authenticated!
    render json: @domains
  end
  private
  def require_enabled_api!
    head 404 unless Setting.peers_api_enabled && !limited_federation_mode?
  end
  def set_domains
    return if params[:q].blank?
    if Chewy.enabled?
      @domains = InstancesIndex.query(function_score: {
        query: {
          prefix: {
            domain: TagManager.instance.normalize_domain(params[:q].strip),
          },
        },
        field_value_factor: {
          field: 'accounts_count',
          modifier: 'log2p',
        },
      }).limit(10).pluck(:domain)
    else
      domain = params[:q].strip
      domain = TagManager.instance.normalize_domain(domain)
      @domains = Instance.searchable.where(Instance.arel_table[:domain].matches("#{Instance.sanitize_sql_like(domain)}%", false, true)).limit(10).pluck(:domain)
    end
  rescue Addressable::URI::InvalidURIError
    @domains = []
  end
 end
--- a/app/controllers/api/v1/profile/avatars_controller.rb
+++ b/app/controllers/api/v1/profile/avatars_controller.rb
@ -0,0 +1,13 @@
 # frozen_string_literal: true
 class Api::V1::Profile::AvatarsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
  before_action :require_user!
  def destroy
    @account = current_account
    UpdateAccountService.new.call(@account, { avatar: nil }, raise_error: true)
    ActivityPub::UpdateDistributionWorker.perform_async(@account.id)
    render json: @account, serializer: REST::CredentialAccountSerializer
  end
 end
--- a/app/controllers/api/v1/profile/headers_controller.rb
+++ b/app/controllers/api/v1/profile/headers_controller.rb
@ -0,0 +1,13 @@
 # frozen_string_literal: true
 class Api::V1::Profile::HeadersController < Api::BaseController
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
  before_action :require_user!
  def destroy
    @account = current_account
    UpdateAccountService.new.call(@account, { header: nil }, raise_error: true)
    ActivityPub::UpdateDistributionWorker.perform_async(@account.id)
    render json: @account, serializer: REST::CredentialAccountSerializer
  end
 end
--- a/app/controllers/api/v1/reports_controller.rb
+++ b/app/controllers/api/v1/reports_controller.rb
@ -23,6 +23,6 @@ class Api::V1::ReportsController < Api::BaseController
  end
  def report_params
-    params.permit(:account_id, :comment, :category, :forward, status_ids: [], rule_ids: [])
+    params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
  end
 end
--- a/app/controllers/api/v1/statuses/favourites_controller.rb
+++ b/app/controllers/api/v1/statuses/favourites_controller.rb
@ -17,13 +17,16 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
    if fav
      @status = fav.status
      count = [@status.favourites_count - 1, 0].max
      UnfavouriteWorker.perform_async(current_account.id, @status.id)
    else
      @status = Status.find(params[:status_id])
      count = @status.favourites_count
      authorize @status, :show?
    end
-    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false })
+    relationships = StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false }, attributes_map: { @status.id => { favourites_count: count } })
    render json: @status, serializer: REST::StatusSerializer, relationships: relationships
  rescue Mastodon::NotPermittedError
    not_found
  end
--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@ -24,15 +24,18 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
    if @status
      authorize @status, :unreblog?
      @reblog = @status.reblog
      count = [@reblog.reblogs_count - 1, 0].max
      @status.discard
      RemovalWorker.perform_async(@status.id)
      @reblog = @status.reblog
    else
      @reblog = Status.find(params[:status_id])
      count = @reblog.reblogs_count
      authorize @reblog, :show?
    end
-    render json: @reblog, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false })
+    relationships = StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false }, attributes_map: { @reblog.id => { reblogs_count: count } })
    render json: @reblog, serializer: REST::StatusSerializer, relationships: relationships
  rescue Mastodon::NotPermittedError
    not_found
  end
--- a/app/controllers/api/v1/statuses/translations_controller.rb
+++ b/app/controllers/api/v1/statuses/translations_controller.rb
@ -8,7 +8,15 @@ class Api::V1::Statuses::TranslationsController < Api::BaseController
  before_action :set_translation
  rescue_from TranslationService::NotConfiguredError, with: :not_found
-  rescue_from TranslationService::UnexpectedResponseError, TranslationService::QuotaExceededError, TranslationService::TooManyRequestsError, with: :service_unavailable
+  rescue_from TranslationService::UnexpectedResponseError, with: :service_unavailable
  rescue_from TranslationService::QuotaExceededError do
    render json: { error: I18n.t('translation.errors.quota_exceeded') }, status: 503
  end
  rescue_from TranslationService::TooManyRequestsError do
    render json: { error: I18n.t('translation.errors.too_many_requests') }, status: 503
  end
  def create
    render json: @translation, serializer: REST::TranslationSerializer
--- a/app/controllers/api/v1/tags_controller.rb
+++ b/app/controllers/api/v1/tags_controller.rb
@ -19,6 +19,7 @@ class Api::V1::TagsController < Api::BaseController
  def unfollow
    TagFollow.find_by(account: current_account, tag: @tag)&.destroy!
    TagUnmergeWorker.perform_async(@tag.id, current_account.id)
    render json: @tag, serializer: REST::TagSerializer
  end
--- a/app/controllers/api/v1/timelines/home_controller.rb
+++ b/app/controllers/api/v1/timelines/home_controller.rb
@ -6,11 +6,14 @@ class Api::V1::Timelines::HomeController < Api::BaseController
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  def show
    with_read_replica do
      @statuses = load_statuses
      @relationships = StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
    end
    render json: @statuses,
           each_serializer: REST::StatusSerializer,
-           relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id),
+           relationships: @relationships,
           status: account_home_feed.regenerating? ? 206 : 200
  end
--- a/app/controllers/api/v1/timelines/tag_controller.rb
+++ b/app/controllers/api/v1/timelines/tag_controller.rb
@ -1,6 +1,7 @@
 # frozen_string_literal: true
 class Api::V1::Timelines::TagController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, only: :show, if: :require_auth?
  before_action :load_tag
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
@ -12,6 +13,10 @@ class Api::V1::Timelines::TagController < Api::BaseController
  private
  def require_auth?
    !Setting.timeline_preview
  end
  def load_tag
    @tag = Tag.find_normalized(params[:id])
  end
--- a/app/controllers/api/web/embeds_controller.rb
+++ b/app/controllers/api/web/embeds_controller.rb
@ -1,17 +1,20 @@
 # frozen_string_literal: true
 class Api::Web::EmbedsController < Api::Web::BaseController
-  before_action :require_user!
+  include Authorization
-  def create
+  before_action :set_status
    status = StatusFinder.new(params[:url]).status
-    return not_found if status.hidden?
+  def show
    return not_found if @status.hidden?
-    render json: status, serializer: OEmbedSerializer, width: 400
+    if @status.local?
-  rescue ActiveRecord::RecordNotFound
+      render json: @status, serializer: OEmbedSerializer, width: 400
-    oembed = FetchOEmbedService.new.call(params[:url])
+    else
      return not_found unless user_signed_in?
      url = ActivityPub::TagManager.instance.url_for(@status)
      oembed = FetchOEmbedService.new.call(url)
      return not_found if oembed.nil?
      begin
@ -22,4 +25,12 @@ class Api::Web::EmbedsController < Api::Web::BaseController
      render json: oembed
    end
  end
  def set_status
    @status = Status.find(params[:id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    not_found
  end
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -11,6 +11,8 @@ class ApplicationController < ActionController::Base
  include CacheConcern
  include DomainControlHelper
  include ThemingConcern
  include DatabaseHelper
  include AuthorizedFetchHelper
  helper_method :current_account
  helper_method :current_session
@ -20,7 +22,7 @@ class ApplicationController < ActionController::Base
  helper_method :use_seamless_external_login?
  helper_method :omniauth_only?
  helper_method :sso_account_settings
-  helper_method :whitelist_mode?
+  helper_method :limited_federation_mode?
  helper_method :body_class_string
  helper_method :skip_csrf_meta_tags?
@ -52,10 +54,6 @@ class ApplicationController < ActionController::Base
  private
  def authorized_fetch_mode?
    ENV['AUTHORIZED_FETCH'] == 'true' || Rails.configuration.x.whitelist_mode
  end
  def public_fetch_mode?
    !authorized_fetch_mode?
  end
--- a/app/controllers/auth/omniauth_callbacks_controller.rb
+++ b/app/controllers/auth/omniauth_callbacks_controller.rb
@ -5,21 +5,13 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def self.provides_callback_for(provider)
    define_method provider do
      @provider = provider
      @user = User.find_for_oauth(request.env['omniauth.auth'], current_user)
      if @user.persisted?
-        LoginActivity.create(
+        record_login_activity
          user: @user,
          success: true,
          authentication_method: :omniauth,
          provider: provider,
          ip: request.remote_ip,
          user_agent: request.user_agent
        )
        sign_in_and_redirect @user, event: :authentication
-        label = Devise.omniauth_configs[provider]&.strategy&.display_name.presence || I18n.t("auth.providers.#{provider}", default: provider.to_s.chomp('_oauth2').capitalize)
+        set_flash_message(:notice, :success, kind: label_for_provider) if is_navigational_format?
        set_flash_message(:notice, :success, kind: label) if is_navigational_format?
      else
        session["devise.#{provider}_data"] = request.env['omniauth.auth']
        redirect_to new_user_registration_url
@ -38,4 +30,29 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
      auth_setup_path(missing_email: '1')
    end
  end
  private
  def record_login_activity
    LoginActivity.create(
      user: @user,
      success: true,
      authentication_method: :omniauth,
      provider: @provider,
      ip: request.remote_ip,
      user_agent: request.user_agent
    )
  end
  def label_for_provider
    provider_display_name || configured_provider_name
  end
  def provider_display_name
    Devise.omniauth_configs[@provider]&.strategy&.display_name.presence
  end
  def configured_provider_name
    I18n.t("auth.providers.#{@provider}", default: @provider.to_s.chomp('_oauth2').capitalize)
  end
 end
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@ -113,7 +113,7 @@ class Auth::SessionsController < Devise::SessionsController
  end
  def home_paths(resource)
-    paths = [about_path]
+    paths = [about_path, '/explore']
    paths << short_account_path(username: resource.account) if single_user_mode? && resource.is_a?(User)
@ -129,7 +129,7 @@ class Auth::SessionsController < Devise::SessionsController
    redirect_to new_user_session_path, alert: I18n.t('devise.failure.timeout')
  end
-  def set_attempt_session(user)
+  def register_attempt_in_session(user)
    session[:attempt_user_id]         = user.id
    session[:attempt_user_updated_at] = user.updated_at.to_s
  end
--- a/app/controllers/authorize_interactions_controller.rb
+++ b/app/controllers/authorize_interactions_controller.rb
@ -3,33 +3,19 @@
 class AuthorizeInteractionsController < ApplicationController
  include Authorization
  layout 'modal'
  before_action :authenticate_user!
  before_action :set_body_classes
  before_action :set_resource
  before_action :set_pack
  def show
    if @resource.is_a?(Account)
-      render :show
+      redirect_to web_url("@#{@resource.pretty_acct}")
    elsif @resource.is_a?(Status)
      redirect_to web_url("@#{@resource.account.pretty_acct}/#{@resource.id}")
    else
-      render :error
+      not_found
    end
  end
  def create
    if @resource.is_a?(Account) && FollowService.new.call(current_account, @resource, with_rate_limit: true)
      render :success
    else
      render :error
    end
  rescue ActiveRecord::RecordNotFound
    render :error
  end
  private
  def set_resource
@ -62,12 +48,4 @@ class AuthorizeInteractionsController < ApplicationController
  def uri_param
    params[:uri] || params.fetch(:acct, '').delete_prefix('acct:')
  end
  def set_body_classes
    @body_classes = 'modal-layout'
  end
  def set_pack
    use_pack 'modal'
  end
 end
--- a/app/controllers/backups_controller.rb
+++ b/app/controllers/backups_controller.rb
@ -10,7 +10,7 @@ class BackupsController < ApplicationController
  def download
    case Paperclip::Attachment.default_options[:storage]
-    when :s3
+    when :s3, :azure
      redirect_to @backup.dump.expiring_url(10), allow_other_host: true
    when :fog
      if Paperclip::Attachment.default_options.dig(:fog_credentials, :openstack_temp_url_key).present?
--- a/app/controllers/concerns/account_owned_concern.rb
+++ b/app/controllers/concerns/account_owned_concern.rb
@ -4,7 +4,7 @@ module AccountOwnedConcern
  extend ActiveSupport::Concern
  included do
-    before_action :authenticate_user!, if: -> { whitelist_mode? && request.format != :json }
+    before_action :authenticate_user!, if: -> { limited_federation_mode? && request.format != :json }
    before_action :set_account, if: :account_required?
    before_action :check_account_approval, if: :account_required?
    before_action :check_account_suspension, if: :account_required?
--- a/app/controllers/concerns/api_caching_concern.rb
+++ b/app/controllers/concerns/api_caching_concern.rb
@ -8,6 +8,6 @@ module ApiCachingConcern
  end
  def cache_even_if_authenticated!
-    expires_in(5.minutes, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless whitelist_mode?
+    expires_in(5.minutes, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless limited_federation_mode?
  end
 end
--- a/app/controllers/concerns/captcha_concern.rb
+++ b/app/controllers/concerns/captcha_concern.rb
@ -42,7 +42,7 @@ module CaptchaConcern
  end
  def extend_csp_for_captcha!
-    policy = request.content_security_policy
+    policy = request.content_security_policy&.clone
    return unless captcha_required? && policy.present?
@ -54,6 +54,8 @@ module CaptchaConcern
      policy.send(directive, *values)
    end
    request.content_security_policy = policy
  end
  def render_captcha
--- a/app/controllers/concerns/rate_limit_headers.rb
+++ b/app/controllers/concerns/rate_limit_headers.rb
@ -61,7 +61,7 @@ module RateLimitHeaders
  end
  def request_time
-    @_request_time ||= Time.now.utc
+    @request_time ||= Time.now.utc
  end
  def reset_period_offset
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@ -119,6 +119,8 @@ module SignatureVerification
  private
  def fail_with!(message, **options)
    Rails.logger.debug { "Signature verification failed: #{message}" }
    @signature_verification_failure_reason = { error: message }.merge(options)
    @signed_request_actor = nil
  end
--- a/app/controllers/concerns/two_factor_authentication_concern.rb
+++ b/app/controllers/concerns/two_factor_authentication_concern.rb
@ -75,7 +75,7 @@ module TwoFactorAuthenticationConcern
  end
  def prompt_for_two_factor(user)
-    set_attempt_session(user)
+    register_attempt_in_session(user)
    use_pack 'auth'
--- a/app/controllers/concerns/web_app_controller_concern.rb
+++ b/app/controllers/concerns/web_app_controller_concern.rb
@ -12,7 +12,7 @@ module WebAppControllerConcern
  end
  def skip_csrf_meta_tags?
-    current_user.nil?
+    !(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?
  end
  def set_app_body_class
--- a/app/controllers/follower_accounts_controller.rb
+++ b/app/controllers/follower_accounts_controller.rb
@ -10,7 +10,7 @@ class FollowerAccountsController < ApplicationController
  before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
  skip_around_action :set_locale, if: -> { request.format == :json }
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :require_functional!, unless: :limited_federation_mode?
  def index
    respond_to do |format|
--- a/app/controllers/following_accounts_controller.rb
+++ b/app/controllers/following_accounts_controller.rb
@ -10,7 +10,7 @@ class FollowingAccountsController < ApplicationController
  before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
  skip_around_action :set_locale, if: -> { request.format == :json }
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :require_functional!, unless: :limited_federation_mode?
  def index
    respond_to do |format|
--- a/app/controllers/mail_subscriptions_controller.rb
+++ b/app/controllers/mail_subscriptions_controller.rb
@ -9,6 +9,8 @@ class MailSubscriptionsController < ApplicationController
  before_action :set_user
  before_action :set_type
  protect_from_forgery with: :null_session
  def show; end
  def create
@ -20,6 +22,7 @@ class MailSubscriptionsController < ApplicationController
  def set_user
    @user = GlobalID::Locator.locate_signed(params[:token], for: 'unsubscribe')
    not_found unless @user
  end
  def set_body_classes
@ -35,7 +38,7 @@ class MailSubscriptionsController < ApplicationController
    when 'follow', 'reblog', 'favourite', 'mention', 'follow_request'
      "notification_emails.#{params[:type]}"
    else
-      raise ArgumentError
+      not_found
    end
  end
 end
--- a/Show More
+++ b/Show More