Merge branch 'main' into glitch-soc/merge-upstream

Conflicts:
- `.github/dependabot.yml`:
  Updated upstream, removed in glitch-soc to disable noise.
  Kept removed.
- `CODE_OF_CONDUCT.md`:
  Upstream updated to a new version of the covenant, but I have not read it
  yet, so kept unchanged.
- `Gemfile.lock`:
  Not a real conflict, one upstream dependency updated textually too close to
  the glitch-soc only `hcaptcha` dependency.
  Applied upstream changes.
- `app/controllers/admin/base_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/application_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/disputes/base_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/relationships_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/controllers/statuses_cleanup_controller.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/helpers/application_helper.rb`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `app/javascript/mastodon/features/compose/components/compose_form.jsx`:
  Upstream added a highlight animation for onboarding, while we changed the
  max character limit.
  Applied our local changes on top of upstream's new version.
- `app/views/layouts/application.html.haml`:
  Minor conflict due to glitch-soc's theming system.
  Applied upstream changes.
- `stylelint.config.js`:
  Upstream added ignore paths, glitch-soc had extra ignore paths.
  Added the same paths as upstream.

app/lib/activitypub/activity/create.rb

@@ -17,7 +17,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
   private
 
   def create_encrypted_message
-    return reject_payload! if invalid_origin?(object_uri) || @options[:delivered_to_account_id].blank?
+    return reject_payload! if non_matching_uri_hosts?(@account.uri, object_uri) || @options[:delivered_to_account_id].blank?
 
     target_account = Account.find(@options[:delivered_to_account_id])
     target_device  = target_account.devices.find_by(device_id: @object.dig('to', 'deviceId'))
@@ -45,7 +45,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
   end
 
   def create_status
-    return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity?
+    return reject_payload! if unsupported_object_type? || non_matching_uri_hosts?(@account.uri, object_uri) || tombstone_exists? || !related_to_local_activity?
 
     with_lock("create:#{object_uri}") do
       return if delete_arrived_first?(object_uri) || poll_vote?

app/lib/activitypub/activity/delete.rb

@@ -21,7 +21,7 @@ class ActivityPub::Activity::Delete < ActivityPub::Activity
     return if object_uri.nil?
 
     with_lock("delete_status_in_progress:#{object_uri}", raise_on_failure: false) do
-      unless invalid_origin?(object_uri)
+      unless non_matching_uri_hosts?(@account.uri, object_uri)
         # This lock ensures a concurrent `ActivityPub::Activity::Create` either
         # does not create a status at all, or has finished saving it to the
         # database before we try to load it.

app/lib/activitypub/activity/flag.rb

@@ -33,6 +33,6 @@ class ActivityPub::Activity::Flag < ActivityPub::Activity
   end
 
   def report_uri
-    @json['id'] unless @json['id'].nil? || invalid_origin?(@json['id'])
+    @json['id'] unless @json['id'].nil? || non_matching_uri_hosts?(@account.uri, @json['id'])
   end
 end

app/lib/activitypub/activity/update.rb

@@ -22,7 +22,7 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
   end
 
   def update_status
-    return reject_payload! if invalid_origin?(object_uri)
+    return reject_payload! if non_matching_uri_hosts?(@account.uri, object_uri)
 
     @status = Status.find_by(uri: object_uri, account_id: @account.id)
 

app/lib/activitypub/dereferencer.rb

@@ -40,7 +40,7 @@ class ActivityPub::Dereferencer
   end
 
   def perform_request(uri, headers: nil)
-    return if invalid_origin?(uri)
+    return if non_matching_uri_hosts?(@permitted_origin, uri)
 
     req = Request.new(:get, uri)
 
@@ -57,13 +57,4 @@ class ActivityPub::Dereferencer
       end
     end
   end
-
-  def invalid_origin?(uri)
-    return true if unsupported_uri_scheme?(uri)
-
-    needle   = Addressable::URI.parse(uri).host
-    haystack = Addressable::URI.parse(@permitted_origin).host
-
-    !haystack.casecmp(needle).zero?
-  end
 end

app/lib/emoji_formatter.rb

@@ -3,7 +3,7 @@
 class EmojiFormatter
   include RoutingHelper
 
-  DISALLOWED_BOUNDING_REGEX = /[[:alnum:]:]/.freeze
+  DISALLOWED_BOUNDING_REGEX = /[[:alnum:]:]/
 
   attr_reader :html, :custom_emojis, :options
 

app/lib/plain_text_formatter.rb

@@ -3,7 +3,7 @@
 class PlainTextFormatter
   include ActionView::Helpers::TextHelper
 
-  NEWLINE_TAGS_RE = /(<br \/>|<br>|<\/p>)+/.freeze
+  NEWLINE_TAGS_RE = /(<br \/>|<br>|<\/p>)+/
 
   attr_reader :text, :local
 

app/lib/text_formatter.rb

@@ -5,7 +5,7 @@ class TextFormatter
   include ERB::Util
   include RoutingHelper
 
-  URL_PREFIX_REGEX = /\A(https?:\/\/(www\.)?|xmpp:)/.freeze
+  URL_PREFIX_REGEX = /\A(https?:\/\/(www\.)?|xmpp:)/
 
   DEFAULT_REL = %w(nofollow noopener noreferrer).freeze