Merge tag '4.17.0' into develop

Author: 1673beta

.config/cypress-devcontainer.yml

@@ -215,20 +215,9 @@ proxyBypassHosts:
 # Media Proxy
 #mediaProxy: https://example.com/proxy
 
-# Proxy remote files (default: true)
-proxyRemoteFiles: true
-
-# Sign to ActivityPub GET request (default: true)
-signToActivityPubGet: true
-
 allowedPrivateNetworks: [
   '127.0.0.1/32'
 ]
 
-# Disable automatic redirect for ActivityPub object lookup. (default: false)
-# This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
-# However it will make it impossible for other instances to lookup third-party user and notes through your URL.
-#disallowExternalApRedirect: true
-
 # Upload or download file size limits (bytes)
 #maxFileSize: 262144000

.config/docker_example.yml

@@ -236,28 +236,13 @@ proxyBypassHosts:
 # Media Proxy
 #mediaProxy: https://example.com/proxy
 
-# Proxy remote files endpoint
-# remoteProxy: https://example.com/files/
-# remoteProxy: /files/
-
-# Proxy remote files (default: true)
-proxyRemoteFiles: true
-
-# Sign to ActivityPub GET request (default: true)
-signToActivityPubGet: true
-
 # For security reasons, uploading attachments from the intranet is prohibited,
 # but exceptions can be made from the following settings. Default value is "undefined".
 # Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
 #allowedPrivateNetworks: [
 #  '127.0.0.1/32'
 #]
 
-# Disable automatic redirect for ActivityPub object lookup. (default: false)
-# This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
-# However it will make it impossible for other instances to lookup third-party user and notes through your URL.
-#disallowExternalApRedirect: true
-
 # Upload or download file size limits (bytes)
 #maxFileSize: 262144000
 

.config/example.yml

@@ -105,6 +105,16 @@ port: 3000
 # socket: /path/to/cherrypick.sock
 # chmodSocket: '777'
 
+# Proxy trust settings
+#
+# Changes how the server interpret the origin IP of the request.
+#
+# Any format supported by Fastify is accepted.
+# Default: trust all proxies (i.e. trustProxy: true)
+# See: https://fastify.dev/docs/latest/reference/server/#trustproxy
+#
+# trustProxy: 1
+
 #   ┌──────────────────────────┐
 #───┘ PostgreSQL configuration └────────────────────────────────
 
@@ -344,35 +354,19 @@ proxyBypassHosts:
 # * Perform image compression (on a different server resource than the main process)
 #mediaProxy: https://example.com/proxy
 
-# Proxy remote files endpoint
-# remoteProxy: https://example.com/files/
-# remoteProxy: /files/
-
-# Proxy remote files (default: true)
-# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
-proxyRemoteFiles: true
-
 # Movie Thumbnail Generation URL
 # There is no reference implementation.
 # For example, CherryPick will point to the following URL:
 #   https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
 #videoThumbnailGenerator: https://example.com
 
-# Sign to ActivityPub GET request (default: true)
-signToActivityPubGet: true
-
 # For security reasons, uploading attachments from the intranet is prohibited,
 # but exceptions can be made from the following settings. Default value is "undefined".
 # Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
 #allowedPrivateNetworks: [
 #  '127.0.0.1/32'
 #]
 
-# Disable automatic redirect for ActivityPub object lookup. (default: false)
-# This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
-# However it will make it impossible for other instances to lookup third-party user and notes through your URL.
-#disallowExternalApRedirect: true
-
 # Upload or download file size limits (bytes)
 #maxFileSize: 262144000
 

.devcontainer/devcontainer.json

@@ -5,7 +5,7 @@
 	"workspaceFolder": "/workspace",
 	"features": {
 		"ghcr.io/devcontainers/features/node:1": {
-			"version": "22.15.0"
+			"version": "24.10.0"
 		},
 		"ghcr.io/devcontainers-extra/features/pnpm:2": {
 			"version": "10.10.0"
@@ -22,6 +22,7 @@
 				"Orta.vscode-jest",
 				"dbaeumer.vscode-eslint",
 				"mrmlnc.vscode-json5",
+				"eamodio.gitlens",
 				"ms-vscode.vscode-typescript-next",
 				"oderwat.indent-rainbow"
 			]

.devcontainer/devcontainer.yml

@@ -226,12 +226,6 @@ proxyBypassHosts:
 # Media Proxy
 #mediaProxy: https://example.com/proxy
 
-# Proxy remote files (default: true)
-proxyRemoteFiles: true
-
-# Sign to ActivityPub GET request (default: true)
-signToActivityPubGet: true
-
 allowedPrivateNetworks: [
   '127.0.0.1/32'
 ]

.editorconfig

@@ -13,3 +13,7 @@ trim_trailing_whitespace = false
 
 [*.{yml,yaml}]
 indent_style = space
+
+[packages/backend/migration/*.js]
+indent_style = space
+indent_size = 4

.github/cherrypick/test.yml

@@ -15,3 +15,5 @@ redis:
   host: 127.0.0.1
   port: 56312
 id: aidx
+
+proxyRemoteFiles: true

.github/min.node-version

@@ -1 +1 @@
-20.10.0
+22.15.0

.github/workflows/api-cherrypick-js.yml

@@ -16,10 +16,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v4.3.0
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v4.1.0
+        uses: pnpm/action-setup@v4.2.0
 
       - name: Setup Node.js
         uses: actions/setup-node@v4.4.0

.github/workflows/changelog-check.yml

@@ -12,7 +12,7 @@ jobs:
 
     steps:
       - name: Checkout head
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v4.3.0
       - name: Setup Node.js
         uses: actions/setup-node@v4.4.0
         with: