Bump version to v4.3.9

Fix NoMethodError in edge case of emoji cache handling (#34749 )
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2026-03-22 02:16:16 -05:00 · 2025-07-02 12:51:46 +02:00 · 2025-07-02 12:51:46 +02:00 · 2025-07-02 12:51:46 +02:00 · 2025-07-02 12:51:46 +02:00 · 2025-07-02 12:51:46 +02:00
4113 changed files with 74715 additions and 172919 deletions
--- a/.annotaterb.yml
+++ b/.annotaterb.yml
@ -1,59 +0,0 @@
---
-:position: before
-:position_in_additional_file_patterns: before
-:position_in_class: before
-:position_in_factory: before
-:position_in_fixture: before
-:position_in_routes: before
-:position_in_serializer: before
-:position_in_test: before
-:classified_sort: true
-:exclude_controllers: true
-:exclude_factories: true
-:exclude_fixtures: true
-:exclude_helpers: true
-:exclude_scaffolds: true
-:exclude_serializers: true
-:exclude_sti_subclasses: true
-:exclude_tests: true
-:force: false
-:format_markdown: false
-:format_rdoc: false
-:format_yard: false
-:frozen: false
-:ignore_model_sub_dir: false
-:ignore_unknown_models: false
-:include_version: false
-:show_complete_foreign_keys: false
-:show_foreign_keys: false
-:show_indexes: false
-:simple_indexes: false
-:sort: false
-:timestamp: false
-:trace: false
-:with_comment: true
-:with_column_comments: true
-:with_table_comments: true
-:active_admin: false
-:command:
-:debug: false
-:hide_default_column_types: ''
-:hide_limit_column_types: 'integer,boolean'
-:ignore_columns:
-:ignore_routes:
-:models: true
-:routes: false
-:skip_on_db_migrate: false
-:target_action: :do_annotations
-:wrapper:
-:wrapper_close:
-:wrapper_open:
-:classes_default_to_s: []
-:additional_file_patterns: []
-:model_dir:
-  - app/models
-:require: []
-:root_dir:
-  - ''
-
-:show_check_constraints: false
--- a/.browserslistrc
+++ b/.browserslistrc
@ -1,6 +1,10 @@
+[production]
 defaults
 > 0.2%
 firefox >= 78
 ios >= 15.6
 not dead
 not OperaMini all
+
+[development]
+supports es6-module
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -1,5 +1,5 @@
 # For details, see https://github.com/devcontainers/images/tree/main/src/ruby
-FROM mcr.microsoft.com/devcontainers/ruby:3.4-trixie
+FROM mcr.microsoft.com/devcontainers/ruby:1-3.3-bookworm

 # Install node version from .nvmrc
 WORKDIR /app
@ -9,7 +9,7 @@ RUN /bin/bash --login -i -c "nvm install"
 # Install additional OS packages
 RUN apt-get update && \
    export DEBIAN_FRONTEND=noninteractive && \
-    apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg libvips42 libpam-dev
+    apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libvips42 libpam-dev

 # Disable download prompt for Corepack
 ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0
--- a/.devcontainer/compose.yaml
+++ b/.devcontainer/compose.yaml
@ -9,9 +9,7 @@ services:
    environment:
      RAILS_ENV: development
      NODE_ENV: development
-      VITE_RUBY_HOST: 0.0.0.0
      BIND: 0.0.0.0
-      BOOTSNAP_CACHE_DIR: /tmp
      REDIS_HOST: redis
      REDIS_PORT: '6379'
      DB_HOST: db
@ -22,14 +20,12 @@ services:
      ES_HOST: es
      ES_PORT: '9200'
      LIBRE_TRANSLATE_ENDPOINT: http://libretranslate:5000
-      LOCAL_DOMAIN: ${LOCAL_DOMAIN:-localhost:3000}
-      VITE_DEV_SERVER_PUBLIC: ${VITE_DEV_SERVER_PUBLIC:-localhost:3036}
    # Overrides default command so things don't shut down after the process ends.
    command: sleep infinity
    ports:
-      - '3000:3000'
-      - '3036:3036'
-      - '4000:4000'
+      - '127.0.0.1:3000:3000'
+      - '127.0.0.1:3035:3035'
+      - '127.0.0.1:4000:4000'
    networks:
      - external_network
      - internal_network
@ -56,7 +52,7 @@ services:
      - internal_network

  es:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.29
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    restart: unless-stopped
    environment:
      ES_JAVA_OPTS: -Xms512m -Xmx512m
@ -73,7 +69,7 @@ services:
        hard: -1

  libretranslate:
-    image: libretranslate/libretranslate:v1.7.3
+    image: libretranslate/libretranslate:v1.6.1
    restart: unless-stopped
    volumes:
      - lt-data:/home/libretranslate/.local
--- a/.dockerignore
+++ b/.dockerignore
@ -5,7 +5,6 @@
 .gitattributes
 .gitignore
 .github
-.vscode
 public/system
 public/assets
 public/packs
@ -21,10 +20,3 @@ postgres14
 redis
 elasticsearch
 chart
-storybook-static
-.yarn/
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions
--- a/.env.production.sample
+++ b/.env.production.sample
@ -43,6 +43,7 @@ ES_PASS=password
 # Make sure to use `bundle exec rails secret` to generate secrets
 # -------
 SECRET_KEY_BASE=
+OTP_SECRET=

 # Encryption secrets
 # ------------------
@ -78,9 +79,6 @@ AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 S3_ALIAS_HOST=files.example.com

-# Optional list of hosts that are allowed to serve media for your instance
-# EXTRA_MEDIA_HOSTS=https://data.example1.com,https://data.example2.com
-
 # IP and session retention
 # -----------------------
 # Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
--- a/.eslintignore
+++ b/.eslintignore
@ -0,0 +1,13 @@
+/build/**
+/coverage/**
+/db/**
+/lib/**
+/log/**
+/node_modules/**
+/nonobox/**
+/public/**
+!/public/embed.js
+/spec/**
+/tmp/**
+/vendor/**
+!.eslintrc.js
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -0,0 +1,368 @@
+// @ts-check
+const { defineConfig } = require('eslint-define-config');
+
+module.exports = defineConfig({
+  root: true,
+
+  extends: [
+    'eslint:recommended',
+    'plugin:react/recommended',
+    'plugin:react-hooks/recommended',
+    'plugin:jsx-a11y/recommended',
+    'plugin:import/recommended',
+    'plugin:promise/recommended',
+    'plugin:jsdoc/recommended',
+  ],
+
+  env: {
+    browser: true,
+    node: true,
+    es6: true,
+  },
+
+  parser: '@typescript-eslint/parser',
+
+  plugins: [
+    'react',
+    'jsx-a11y',
+    'import',
+    'promise',
+    '@typescript-eslint',
+    'formatjs',
+  ],
+
+  parserOptions: {
+    sourceType: 'module',
+    ecmaFeatures: {
+      jsx: true,
+    },
+    ecmaVersion: 2021,
+    requireConfigFile: false,
+    babelOptions: {
+      configFile: false,
+      presets: ['@babel/react', '@babel/env'],
+    },
+  },
+
+  settings: {
+    react: {
+      version: 'detect',
+    },
+    'import/ignore': [
+      'node_modules',
+      '\\.(css|scss|json)$',
+    ],
+    'import/resolver': {
+      typescript: {},
+    },
+  },
+
+  rules: {
+    'consistent-return': 'error',
+    'dot-notation': 'error',
+    eqeqeq: ['error', 'always', { 'null': 'ignore' }],
+    'indent': ['error', 2],
+    'jsx-quotes': ['error', 'prefer-single'],
+    'semi': ['error', 'always'],
+    'no-case-declarations': 'off',
+    'no-catch-shadow': 'error',
+    'no-console': [
+      'warn',
+      {
+        allow: [
+          'error',
+          'warn',
+        ],
+      },
+    ],
+    'no-empty': ['error', { "allowEmptyCatch": true }],
+    'no-restricted-properties': [
+      'error',
+      { property: 'substring', message: 'Use .slice instead of .substring.' },
+      { property: 'substr', message: 'Use .slice instead of .substr.' },
+    ],
+    'no-restricted-syntax': [
+      'error',
+      {
+        // eslint-disable-next-line no-restricted-syntax
+        selector: 'Literal[value=/•/], JSXText[value=/•/]',
+        // eslint-disable-next-line no-restricted-syntax
+        message: "Use '·' (middle dot) instead of '•' (bullet)",
+      },
+    ],
+    'no-unused-expressions': 'error',
+    'no-unused-vars': 'off',
+    '@typescript-eslint/no-unused-vars': [
+      'error',
+      {
+        vars: 'all',
+        args: 'after-used',
+        destructuredArrayIgnorePattern: '^_',
+        ignoreRestSiblings: true,
+      },
+    ],
+    'valid-typeof': 'error',
+
+    'react/jsx-filename-extension': ['error', { extensions: ['.jsx', 'tsx'] }],
+    'react/jsx-boolean-value': 'error',
+    'react/display-name': 'off',
+    'react/jsx-fragments': ['error', 'syntax'],
+    'react/jsx-equals-spacing': 'error',
+    'react/jsx-no-bind': 'error',
+    'react/jsx-no-useless-fragment': 'error',
+    'react/jsx-no-target-blank': 'off',
+    'react/jsx-tag-spacing': 'error',
+    'react/jsx-uses-react': 'off', // not needed with new JSX transform
+    'react/jsx-wrap-multilines': 'error',
+    'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
+    'react/self-closing-comp': 'error',
+
+    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/v6.8.0/src/index.js#L46
+    'jsx-a11y/click-events-have-key-events': 'off',
+    'jsx-a11y/label-has-associated-control': 'off',
+    'jsx-a11y/media-has-caption': 'off',
+    'jsx-a11y/no-autofocus': 'off',
+    // recommended rule is:
+    // 'jsx-a11y/no-interactive-element-to-noninteractive-role': [
+    //   'error',
+    //   {
+    //     tr: ['none', 'presentation'],
+    //     canvas: ['img'],
+    //   },
+    // ],
+    'jsx-a11y/no-interactive-element-to-noninteractive-role': 'off',
+    // recommended rule is:
+    // 'jsx-a11y/no-noninteractive-tabindex': [
+    //   'error',
+    //   {
+    //     tags: [],
+    //     roles: ['tabpanel'],
+    //     allowExpressionValues: true,
+    //   },
+    // ],
+    'jsx-a11y/no-noninteractive-tabindex': 'off',
+    // recommended is full 'error'
+    'jsx-a11y/no-static-element-interactions': [
+      'warn',
+      {
+        handlers: [
+          'onClick',
+        ],
+      },
+    ],
+
+    // See https://github.com/import-js/eslint-plugin-import/blob/v2.29.1/config/recommended.js
+    'import/extensions': [
+      'error',
+      'always',
+      {
+        js: 'never',
+        jsx: 'never',
+        mjs: 'never',
+        ts: 'never',
+        tsx: 'never',
+      },
+    ],
+    'import/first': 'error',
+    'import/newline-after-import': 'error',
+    'import/no-anonymous-default-export': 'error',
+    'import/no-extraneous-dependencies': [
+      'error',
+      {
+        devDependencies: [
+          '.eslintrc.js',
+          'config/webpack/**',
+          'app/javascript/mastodon/performance.js',
+          'app/javascript/mastodon/test_setup.js',
+          'app/javascript/**/__tests__/**',
+        ],
+      },
+    ],
+    'import/no-amd': 'error',
+    'import/no-commonjs': 'error',
+    'import/no-import-module-exports': 'error',
+    'import/no-relative-packages': 'error',
+    'import/no-self-import': 'error',
+    'import/no-useless-path-segments': 'error',
+    'import/no-webpack-loader-syntax': 'error',
+
+    'import/order': [
+      'error',
+      {
+        alphabetize: { order: 'asc' },
+        'newlines-between': 'always',
+        groups: [
+          'builtin',
+          'external',
+          'internal',
+          'parent',
+          ['index', 'sibling'],
+          'object',
+        ],
+        pathGroups: [
+          // React core packages
+          {
+            pattern: '{react,react-dom,react-dom/client,prop-types}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // I18n
+          {
+            pattern: '{react-intl,intl-messageformat}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // Common React utilities
+          {
+            pattern: '{classnames,react-helmet,react-router,react-router-dom}',
+            group: 'external',
+            position: 'before',
+          },
+          // Immutable / Redux / data store
+          {
+            pattern: '{immutable,@reduxjs/toolkit,react-redux,react-immutable-proptypes,react-immutable-pure-component}',
+            group: 'external',
+            position: 'before',
+          },
+          // Internal packages
+          {
+            pattern: '{mastodon/**}',
+            group: 'internal',
+            position: 'after',
+          },
+        ],
+        pathGroupsExcludedImportTypes: [],
+      },
+    ],
+
+    'promise/always-return': 'off',
+    'promise/catch-or-return': [
+      'error',
+      {
+        allowFinally: true,
+      },
+    ],
+    'promise/no-callback-in-promise': 'off',
+    'promise/no-nesting': 'off',
+    'promise/no-promise-in-callback': 'off',
+
+    'formatjs/blocklist-elements': 'error',
+    'formatjs/enforce-default-message': ['error', 'literal'],
+    'formatjs/enforce-description': 'off', // description values not currently used
+    'formatjs/enforce-id': 'off', // Explicit IDs are used in the project
+    'formatjs/enforce-placeholders': 'off', // Issues in short_number.jsx
+    'formatjs/enforce-plural-rules': 'error',
+    'formatjs/no-camel-case': 'off', // disabledAccount is only non-conforming
+    'formatjs/no-complex-selectors': 'error',
+    'formatjs/no-emoji': 'error',
+    'formatjs/no-id': 'off', // IDs are used for translation keys
+    'formatjs/no-invalid-icu': 'error',
+    'formatjs/no-literal-string-in-jsx': 'off', // Should be looked at, but mainly flagging punctuation outside of strings
+    'formatjs/no-multiple-whitespaces': 'error',
+    'formatjs/no-offset': 'error',
+    'formatjs/no-useless-message': 'error',
+    'formatjs/prefer-formatted-message': 'error',
+    'formatjs/prefer-pound-in-plural': 'error',
+
+    'jsdoc/check-types': 'off',
+    'jsdoc/no-undefined-types': 'off',
+    'jsdoc/require-jsdoc': 'off',
+    'jsdoc/require-param-description': 'off',
+    'jsdoc/require-property-description': 'off',
+    'jsdoc/require-returns-description': 'off',
+    'jsdoc/require-returns': 'off',
+  },
+
+  overrides: [
+    {
+      files: [
+        '.eslintrc.js',
+        '*.config.js',
+        '.*rc.js',
+        'ide-helper.js',
+        'config/webpack/**/*',
+        'config/formatjs-formatter.js',
+      ],
+
+      env: {
+        commonjs: true,
+      },
+
+      parserOptions: {
+        sourceType: 'script',
+      },
+
+      rules: {
+        'import/no-commonjs': 'off',
+      },
+    },
+    {
+      files: [
+        '**/*.ts',
+        '**/*.tsx',
+      ],
+
+      extends: [
+        'eslint:recommended',
+        'plugin:@typescript-eslint/strict-type-checked',
+        'plugin:@typescript-eslint/stylistic-type-checked',
+        'plugin:react/recommended',
+        'plugin:react-hooks/recommended',
+        'plugin:jsx-a11y/recommended',
+        'plugin:import/recommended',
+        'plugin:import/typescript',
+        'plugin:promise/recommended',
+        'plugin:jsdoc/recommended-typescript',
+      ],
+
+      parserOptions: {
+        projectService: true,
+        tsconfigRootDir: __dirname,
+      },
+
+      rules: {
+        // Disable formatting rules that have been enabled in the base config
+        'indent': 'off',
+
+        // This is not needed as we use noImplicitReturns, which handles this in addition to understanding types
+        'consistent-return': 'off',
+
+        'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],
+
+        '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
+        '@typescript-eslint/consistent-type-exports': 'error',
+        '@typescript-eslint/consistent-type-imports': 'error',
+        "@typescript-eslint/prefer-nullish-coalescing": ['error', { ignorePrimitives: { boolean: true } }],
+        "@typescript-eslint/no-restricted-imports": [
+          "warn",
+          {
+            "name": "react-redux",
+            "importNames": ["useSelector", "useDispatch"],
+            "message": "Use typed hooks `useAppDispatch` and `useAppSelector` instead."
+          }
+        ],
+        "@typescript-eslint/restrict-template-expressions": ['warn', { allowNumber: true }],
+        'jsdoc/require-jsdoc': 'off',
+
+        // Those rules set stricter rules for TS files
+        // to enforce better practices when converting from JS
+        'import/no-default-export': 'warn',
+        'react/prefer-stateless-function': 'warn',
+        'react/function-component-definition': ['error', { namedComponents: 'arrow-function' }],
+        'react/jsx-uses-react': 'off', // not needed with new JSX transform
+        'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
+        'react/prop-types': 'off',
+      },
+    },
+    {
+      files: [
+        '**/__tests__/*.js',
+        '**/__tests__/*.jsx',
+      ],
+
+      env: {
+        jest: true,
+      },
+    }
+  ],
+});
--- a/.github/.well-known/funding-manifest-urls
+++ b/.github/.well-known/funding-manifest-urls
@ -1 +0,0 @@
-https://joinmastodon.org/funding.json
--- a/.github/ISSUE_TEMPLATE/1.web_bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml
@ -1,7 +1,6 @@
 name: Bug Report (Web Interface)
-description: There is a problem using Mastodon's web interface.
-labels: ['area/web interface']
-type: Bug
+description: If you are using Mastodon's web interface and something is not working as expected
+labels: [bug, 'status/to triage', 'area/web interface']
 body:
  - type: markdown
    attributes:
@ -48,8 +47,8 @@ body:
    attributes:
      label: Mastodon version
      description: |
-        This is displayed at the bottom of the About page, eg. `v4.4.0-beta.1`
-      placeholder: v4.4.0-beta.1
+        This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
+      placeholder: v4.1.2
    validations:
      required: true
  - type: input
@ -57,7 +56,7 @@ body:
      label: Browser name and version
      description: |
        What browser are you using when getting this bug? Please specify the version as well.
-      placeholder: Firefox 139.0.0
+      placeholder: Firefox 105.0.3
    validations:
      required: true
  - type: input
@ -65,7 +64,7 @@ body:
      label: Operating system
      description: |
        What OS are you running? Please specify the version as well.
-      placeholder: macOS 15.5
+      placeholder: macOS 13.4.1
    validations:
      required: true
  - type: textarea
--- a/.github/ISSUE_TEMPLATE/2.server_bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml
@ -1,7 +1,7 @@
 name: Bug Report (server / API)
 description: |
-  There is a problem with the HTTP server, REST API, ActivityPub interaction, etc.
-type: 'Bug'
+  If something is not working as expected, but is not from using the web interface.
+labels: [bug, 'status/to triage']
 body:
  - type: markdown
    attributes:
@ -48,8 +48,8 @@ body:
    attributes:
      label: Mastodon version
      description: |
-        This is displayed at the bottom of the About page, eg. `v4.4.0-beta.1`
-      placeholder: v4.4.0-beta.1
+        This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
+      placeholder: v4.1.2
    validations:
      required: false
  - type: textarea
@ -59,7 +59,7 @@ body:
        Any additional technical details you may have, like logs or error traces
      value: |
        If this is happening on your own Mastodon server, please fill out those:
-        - Ruby version: (from `ruby --version`, eg. v3.4.9)
-        - Node.js version: (from `node --version`, eg. v22.16.0)
+        - Ruby version: (from `ruby --version`, eg. v3.1.2)
+        - Node.js version: (from `node --version`, eg. v18.16.0)
    validations:
      required: false
--- a/.github/ISSUE_TEMPLATE/3.feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/3.feature_request.yml
@ -1,6 +1,6 @@
 name: Feature Request
 description: I have a suggestion
-type: Suggestion
+labels: [suggestion]
 body:
  - type: markdown
    attributes:
--- a/.github/ISSUE_TEMPLATE/3.troubleshooting.yml
+++ b/.github/ISSUE_TEMPLATE/3.troubleshooting.yml
@ -1,74 +0,0 @@
-name: Deployment troubleshooting
-description: |
-  You are a server administrator and you are encountering a technical issue during installation, upgrade or operations of Mastodon.
-labels: ['status/to triage']
-type: 'Troubleshooting'
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Make sure that you are submitting a new bug that was not previously reported or already fixed.
-
-        Please use a concise and distinct title for the issue.
-  - type: textarea
-    attributes:
-      label: Steps to reproduce the problem
-      description: What were you trying to do?
-      value: |
-        1.
-        2.
-        3.
-        ...
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Expected behaviour
-      description: What should have happened?
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Actual behaviour
-      description: What happened?
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Detailed description
-    validations:
-      required: false
-  - type: input
-    attributes:
-      label: Mastodon instance
-      description: The address of the Mastodon instance where you experienced the issue
-      placeholder: mastodon.social
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Mastodon version
-      description: |
-        This is displayed at the bottom of the About page, eg. `v4.4.0-alpha.1`
-      placeholder: v4.4.0-beta.1
-    validations:
-      required: false
-  - type: textarea
-    attributes:
-      label: Environment
-      description: |
-        Details about your environment, like how Mastodon is deployed, if containers are used, version numbers, etc.
-      value: |
-        Please at least include those informations:
-        - Operating system: (eg. Ubuntu 24.04.2)
-        - Ruby version: (from `ruby --version`, eg. v3.4.9)
-        - Node.js version: (from `node --version`, eg. v22.16.0)
-    validations:
-      required: false
-  - type: textarea
-    attributes:
-      label: Technical details
-      description: |
-        Any additional technical details you may have, like logs or error traces
-    validations:
-      required: false
--- a/.github/actions/setup-javascript/action.yml
+++ b/.github/actions/setup-javascript/action.yml
@ -9,7 +9,7 @@ runs:
  using: 'composite'
  steps:
    - name: Set up Node.js
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
+      uses: actions/setup-node@v4
      with:
        node-version-file: '.nvmrc'

@ -23,7 +23,7 @@ runs:
      shell: bash
      run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT

-    - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5
+    - uses: actions/cache@v4
      id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
      with:
        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
--- a/.github/actions/setup-ruby/action.yml
+++ b/.github/actions/setup-ruby/action.yml
@ -17,7 +17,8 @@ runs:
        sudo apt-get install -y libicu-dev libidn11-dev libvips42 ${{ inputs.additional-system-dependencies }}

    - name: Set up Ruby
-      uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6 # v1
+      uses: ruby/setup-ruby@v1
      with:
        ruby-version: ${{ inputs.ruby-version }}
        bundler-cache: true
+        cache-version: 4.3
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -5,7 +5,7 @@
    'customManagers:dockerfileVersions',
    ':labels(dependencies)',
    ':prConcurrentLimitNone', // Remove limit for open PRs at any time.
-    ':enableVulnerabilityAlertsWithLabel(security)',
+    ':prHourlyLimit2', // Rate limit PR creation to a maximum of two per hour.
  ],
  rebaseWhen: 'conflicted',
  minimumReleaseAge: '3', // Wait 3 days after the package has been published before upgrading it
@ -15,19 +15,34 @@
  // to `null` after any other rule set it to something.
  dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).',
  postUpdateOptions: ['yarnDedupeHighest'],
-  // The types are now included in recent versions,we ignore them here until we upgrade and remove the dependency
-  ignoreDeps: ['@types/emoji-mart'],
  packageRules: [
    {
      // Require Dependency Dashboard Approval for major version bumps of these node packages
      matchManagers: ['npm'],
      matchPackageNames: [
+        'tesseract.js', // Requires code changes
+        'react-hotkeys', // Requires code changes
+
+        // Requires Webpacker upgrade or replacement
+        '@svgr/webpack',
+        '@types/webpack',
+        'babel-loader',
+        'compression-webpack-plugin',
+        'css-loader',
+        'imports-loader',
+        'mini-css-extract-plugin',
+        'postcss-loader',
+        'sass-loader',
+        'terser-webpack-plugin',
+        'webpack',
+        'webpack-assets-manifest',
+        'webpack-bundle-analyzer',
+        'webpack-dev-server',
+        'webpack-cli',
+
        // react-router: Requires manual upgrade
        'history',
        'react-router-dom',
-
-        // react-spring: Requires manual upgrade when upgrading react
-        '@react-spring/web',
      ],
      matchUpdateTypes: ['major'],
      dependencyDashboardApproval: true,
@ -36,6 +51,7 @@
      // Require Dependency Dashboard Approval for major version bumps of these Ruby packages
      matchManagers: ['bundler'],
      matchPackageNames: [
+        'rack', // Needs to be synced with Rails version
        'strong_migrations', // Requires manual upgrade
        'sidekiq', // Requires manual upgrade
        'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version
@ -81,29 +97,10 @@
    {
      // Group all eslint-related packages with `eslint` in the same PR
      matchManagers: ['npm'],
-      matchPackageNames: [
-        'eslint',
-        'eslint-*',
-        'typescript-eslint',
-        '@eslint/*',
-        'globals',
-      ],
+      matchPackageNames: ['eslint', 'eslint-*', '@typescript-eslint/*'],
      matchUpdateTypes: ['patch', 'minor'],
      groupName: 'eslint (non-major)',
    },
-    {
-      // Group all Storybook-related packages in the same PR
-      matchManagers: ['npm'],
-      matchPackageNames: [
-        'chromatic',
-        'storybook',
-        '@storybook/*',
-        'msw',
-        'msw-storybook-addon',
-      ],
-      matchUpdateTypes: ['patch', 'minor'],
-      groupName: 'storybook (non-major)',
-    },
    {
      // Group actions/*-artifact in the same PR
      matchManagers: ['github-actions'],
@ -113,7 +110,6 @@
      ],
      matchUpdateTypes: ['major'],
      groupName: 'artifact actions (major)',
-      extends: ['helpers:pinGitHubActionDigests'],
    },
    {
      // Update @types/* packages every week, with one grouped PR
@ -153,18 +149,6 @@
      matchUpdateTypes: ['patch', 'minor'],
      groupName: 'opentelemetry-ruby (non-major)',
    },
-    {
-      // The ruby portion of the Playwright group
-      matchManagers: ['bundler'],
-      matchPackageNames: ['playwright-ruby-client'],
-      groupName: 'Playwright',
-    },
-    {
-      // The node portion of the Playwright group
-      matchManagers: ['npm'],
-      matchPackageNames: ['playwright'],
-      groupName: 'Playwright',
-    },
    // Add labels depending on package manager
    { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] },
    { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] },
--- a/.github/workflows/build-container-image.yml
+++ b/.github/workflows/build-container-image.yml
@ -35,7 +35,7 @@ jobs:
          - linux/arm64

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

      - name: Prepare
        env:
@ -47,19 +47,19 @@ jobs:
          image_names=${PUSH_TO_IMAGES//$'\n'/,}
          echo "IMAGE_NAMES=${image_names%,}" >> $GITHUB_ENV

-      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+      - uses: docker/setup-buildx-action@v3
        id: buildx

      - name: Log in to Docker Hub
        if: contains(inputs.push_to_images, 'tootsuite')
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Log in to the GitHub Container registry
        if: contains(inputs.push_to_images, 'ghcr.io')
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@ -67,7 +67,7 @@ jobs:

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        uses: docker/metadata-action@v5
        if: ${{ inputs.push_to_images != '' }}
        with:
          images: ${{ inputs.push_to_images }}
@ -76,7 +76,7 @@ jobs:

      - name: Build and push by digest
        id: build
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: ${{ inputs.file_to_build }}
@ -100,7 +100,7 @@ jobs:

      - name: Upload digest
        if: ${{ inputs.push_to_images != '' }}
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
+        uses: actions/upload-artifact@v4
        with:
          # `hashFiles` is used to disambiguate between streaming and non-streaming images
          name: digests-${{ hashFiles(inputs.file_to_build) }}-${{ env.PLATFORM_PAIR }}
@ -119,10 +119,10 @@ jobs:
      PUSH_TO_IMAGES: ${{ inputs.push_to_images }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

      - name: Download digests
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
+        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          # `hashFiles` is used to disambiguate between streaming and non-streaming images
@ -131,25 +131,25 @@ jobs:

      - name: Log in to Docker Hub
        if: contains(inputs.push_to_images, 'tootsuite')
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Log in to the GitHub Container registry
        if: contains(inputs.push_to_images, 'ghcr.io')
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+        uses: docker/setup-buildx-action@v3

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        uses: docker/metadata-action@v5
        if: ${{ inputs.push_to_images != '' }}
        with:
          images: ${{ inputs.push_to_images }}
--- a/.github/workflows/build-push-pr.yml
+++ b/.github/workflows/build-push-pr.yml
@ -18,7 +18,7 @@ jobs:
    steps:
      # Repository needs to be cloned so `git rev-parse` below works
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - id: version_vars
        run: |
          echo mastodon_version_metadata=pr-${{ github.event.pull_request.number }}-$(git rev-parse --short ${{github.event.pull_request.head.sha}}) >> $GITHUB_OUTPUT
--- a/.github/workflows/build-releases.yml
+++ b/.github/workflows/build-releases.yml
@ -9,44 +9,7 @@ permissions:
  packages: write

 jobs:
-  check-latest-stable:
-    runs-on: ubuntu-latest
-    outputs:
-      latest: ${{ steps.check.outputs.is_latest_stable }}
-    steps:
-      # Repository needs to be cloned to list branches
-      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Check latest stable
-        shell: bash
-        id: check
-        run: |
-          ref="${GITHUB_REF#refs/tags/}"
-
-          if [[ "$ref" =~ ^v([0-9]+)\.([0-9]+)(\.[0-9]+)?$ ]]; then
-            current="${BASH_REMATCH[1]}.${BASH_REMATCH[2]}"
-          else
-            echo "tag $ref is not semver"
-            echo "is_latest_stable=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          latest=$(git for-each-ref --format='%(refname:short)' "refs/remotes/origin/stable-*.*" \
-            | sed -E 's#^origin/stable-##' \
-            | sort -Vr \
-            | head -n1)
-
-          if [[ "$current" == "$latest" ]]; then
-            echo "is_latest_stable=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "is_latest_stable=false" >> "$GITHUB_OUTPUT"
-          fi
-
  build-image:
-    needs: check-latest-stable
    uses: ./.github/workflows/build-container-image.yml
    with:
      file_to_build: Dockerfile
@ -58,14 +21,14 @@ jobs:
      # Only tag with latest when ran against the latest stable branch
      # This needs to be updated after each minor version release
      flavor: |
-        latest=${{ needs.check-latest-stable.outputs.latest }}
+        latest=${{ startsWith(github.ref, 'refs/tags/v4.3.') }}
      tags: |
        type=pep440,pattern={{raw}}
        type=pep440,pattern=v{{major}}.{{minor}}
    secrets: inherit

  build-image-streaming:
-    needs: check-latest-stable
+    if: startsWith(github.ref, 'refs/tags/v4.3.')
    uses: ./.github/workflows/build-container-image.yml
    with:
      file_to_build: streaming/Dockerfile
@ -77,7 +40,7 @@ jobs:
      # Only tag with latest when ran against the latest stable branch
      # This needs to be updated after each minor version release
      flavor: |
-        latest=${{ needs.check-latest-stable.outputs.latest }}
+        latest=${{ startsWith(github.ref, 'refs/tags/v4.3.') }}
      tags: |
        type=pep440,pattern={{raw}}
        type=pep440,pattern=v{{major}}.{{minor}}
--- a/.github/workflows/build-security.yml
+++ b/.github/workflows/build-security.yml
@ -9,6 +9,7 @@ permissions:
 jobs:
  compute-suffix:
    runs-on: ubuntu-latest
+    if: github.repository == 'mastodon/mastodon'
    steps:
      - id: version_vars
        env:
--- a/.github/workflows/bundler-audit.yml
+++ b/.github/workflows/bundler-audit.yml
@ -28,12 +28,12 @@ jobs:

    steps:
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Set up Ruby
-        uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6 # v1
+        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true

      - name: Run bundler-audit
-        run: bin/bundler-audit check --update
+        run: bundle exec bundler-audit check --update
--- a/.github/workflows/check-i18n.yml
+++ b/.github/workflows/check-i18n.yml
@ -18,10 +18,10 @@ permissions:

 jobs:
  check-i18n:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

      - name: Set up Ruby environment
        uses: ./.github/actions/setup-ruby
@ -35,17 +35,18 @@ jobs:
          git diff --exit-code

      - name: Check locale file normalization
-        run: bin/i18n-tasks check-normalized
+        run: bundle exec i18n-tasks check-normalized

      - name: Check for unused strings
-        run: bin/i18n-tasks unused
+        run: bundle exec i18n-tasks unused

      - name: Check for missing strings in English YML
        run: |
-          bin/i18n-tasks missing -t used -l en
+          bundle exec i18n-tasks add-missing -l en
+          git diff --exit-code

      - name: Check for wrong string interpolations
-        run: bin/i18n-tasks check-consistent-interpolations
+        run: bundle exec i18n-tasks check-consistent-interpolations

      - name: Check that all required locale files exist
-        run: bin/rake repo:check_locales_files
+        run: bundle exec rake repo:check_locales_files
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@ -1,62 +0,0 @@
-name: 'Chromatic'
-permissions:
-  contents: read
-
-on:
-  push:
-    branches-ignore:
-      - renovate/*
-      - stable-*
-
-jobs:
-  pathcheck:
-    name: Check for relevant changes
-    runs-on: ubuntu-latest
-    outputs:
-      changed: ${{ steps.filter.outputs.src }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
-        id: filter
-        with:
-          filters: |
-            src:
-              - 'package.json'
-              - 'yarn.lock'
-              - '**/*.js'
-              - '**/*.jsx'
-              - '**/*.ts'
-              - '**/*.tsx'
-              - '**/*.css'
-              - '**/*.scss'
-              - '.github/workflows/chromatic.yml'
-
-  chromatic:
-    name: Run Chromatic
-    runs-on: ubuntu-latest
-    needs: pathcheck
-    if: github.repository == 'mastodon/mastodon' && needs.pathcheck.outputs.changed == 'true'
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
-
-      - name: Build Storybook
-        run: yarn build-storybook
-
-      - name: Run Chromatic
-        uses: chromaui/action@07791f8243f4cb2698bf4d00426baf4b2d1cb7e0 # v13
-        with:
-          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
-          zip: true
-          storybookBuildDir: 'storybook-static'
-          exitOnceUploaded: true # Exit immediately after upload
-          autoAcceptChanges: 'main' # Auto-accept changes on main branch only
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -25,17 +25,17 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: ['actions', 'javascript', 'ruby']
-        # CodeQL supports [ 'actions', 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        language: ['javascript', 'ruby']
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4
+        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@ -48,7 +48,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4
+        uses: github/codeql-action/autobuild@v3

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@ -61,6 +61,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4
+        uses: github/codeql-action/analyze@v3
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/crowdin-download-stable.yml
+++ b/.github/workflows/crowdin-download-stable.yml
@ -13,7 +13,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Increase Git http.postBuffer
        # This is needed due to a bug in Ubuntu's cURL version?
@ -24,7 +24,7 @@ jobs:

      # Download the translation files from Crowdin
      - name: crowdin action
-        uses: crowdin/github-action@b4b468cffefb50bdd99dd83e5d2eaeb63c880380 # v2
+        uses: crowdin/github-action@v2
        with:
          upload_sources: false
          upload_translations: false
@ -46,11 +46,11 @@ jobs:
        uses: ./.github/actions/setup-ruby

      - name: Run i18n normalize task
-        run: bin/i18n-tasks normalize
+        run: bundle exec i18n-tasks normalize

      # Create or update the pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        uses: peter-evans/create-pull-request@v7.0.5
        with:
          commit-message: 'New Crowdin translations'
          title: 'New Crowdin Translations for ${{ github.base_ref || github.ref_name }} (automated)'
--- a/.github/workflows/crowdin-download.yml
+++ b/.github/workflows/crowdin-download.yml
@ -15,7 +15,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Increase Git http.postBuffer
        # This is needed due to a bug in Ubuntu's cURL version?
@ -26,7 +26,7 @@ jobs:

      # Download the translation files from Crowdin
      - name: crowdin action
-        uses: crowdin/github-action@b4b468cffefb50bdd99dd83e5d2eaeb63c880380 # v2
+        uses: crowdin/github-action@v2
        with:
          upload_sources: false
          upload_translations: false
@ -48,11 +48,11 @@ jobs:
        uses: ./.github/actions/setup-ruby

      - name: Run i18n normalize task
-        run: bin/i18n-tasks normalize
+        run: bundle exec i18n-tasks normalize

      # Create or update the pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8
+        uses: peter-evans/create-pull-request@v7.0.5
        with:
          commit-message: 'New Crowdin translations'
          title: 'New Crowdin Translations (automated)'
--- a/.github/workflows/crowdin-upload.yml
+++ b/.github/workflows/crowdin-upload.yml
@ -14,7 +14,6 @@ on:
      - config/locales/devise.en.yml
      - config/locales/doorkeeper.en.yml
      - .github/workflows/crowdin-upload.yml
-  workflow_dispatch:

 jobs:
  upload-translations:
@ -23,10 +22,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: crowdin action
-        uses: crowdin/github-action@b4b468cffefb50bdd99dd83e5d2eaeb63c880380 # v2
+        uses: crowdin/github-action@v2
        with:
          upload_sources: true
          upload_translations: false
--- a/.github/workflows/format-check.yml
+++ b/.github/workflows/format-check.yml
@ -13,10 +13,10 @@ jobs:

    steps:
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript

-      - name: Check formatting
+      - name: Check formatting with Prettier
        run: yarn format:check
--- a/.github/workflows/haml-lint-problem-matcher.json
+++ b/.github/workflows/haml-lint-problem-matcher.json
@ -0,0 +1,17 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "haml-lint",
+      "severity": "warning",
+      "pattern": [
+        {
+          "regexp": "^(.*):(\\d+)\\s\\[W]\\s(.*):\\s(.*)$",
+          "file": 1,
+          "line": 2,
+          "code": 3,
+          "message": 4
+        }
+      ]
+    }
+  ]
+}
--- a/.github/workflows/lint-css.yml
+++ b/.github/workflows/lint-css.yml
@ -9,6 +9,7 @@ on:
      - 'package.json'
      - 'yarn.lock'
      - '.nvmrc'
+      - '.prettier*'
      - 'stylelint.config.js'
      - '**/*.css'
      - '**/*.scss'
@ -20,6 +21,7 @@ on:
      - 'package.json'
      - 'yarn.lock'
      - '.nvmrc'
+      - '.prettier*'
      - 'stylelint.config.js'
      - '**/*.css'
      - '**/*.scss'
@ -32,10 +34,10 @@ jobs:

    steps:
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript

      - name: Stylelint
-        run: yarn lint:css --custom-formatter @csstools/stylelint-formatter-github
+        run: yarn lint:css -f github
--- a/.github/workflows/lint-haml.yml
+++ b/.github/workflows/lint-haml.yml
@ -33,13 +33,14 @@ jobs:

    steps:
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Set up Ruby
-        uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6 # v1
+        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true

      - name: Run haml-lint
        run: |
-          bin/haml-lint --reporter github
+          echo "::add-matcher::.github/workflows/haml-lint-problem-matcher.json"
+          bundle exec haml-lint --reporter github
--- a/.github/workflows/lint-js.yml
+++ b/.github/workflows/lint-js.yml
@ -10,7 +10,8 @@ on:
      - 'yarn.lock'
      - 'tsconfig.json'
      - '.nvmrc'
-      - 'eslint.config.mjs'
+      - '.prettier*'
+      - '.eslint*'
      - '**/*.js'
      - '**/*.jsx'
      - '**/*.ts'
@ -23,7 +24,8 @@ on:
      - 'yarn.lock'
      - 'tsconfig.json'
      - '.nvmrc'
-      - 'eslint.config.mjs'
+      - '.prettier*'
+      - '.eslint*'
      - '**/*.js'
      - '**/*.jsx'
      - '**/*.ts'
@ -36,13 +38,13 @@ jobs:

    steps:
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript

      - name: ESLint
-        run: yarn workspaces foreach --all --parallel run lint:js --max-warnings 0
+        run: yarn lint:js --max-warnings 0

      - name: Typecheck
        run: yarn typecheck
--- a/.github/workflows/lint-ruby.yml
+++ b/.github/workflows/lint-ruby.yml
@ -9,7 +9,6 @@ on:
      - 'Gemfile*'
      - '.rubocop*.yml'
      - '.ruby-version'
-      - 'bin/rubocop'
      - 'config/brakeman.ignore'
      - '**/*.rb'
      - '**/*.rake'
@ -20,7 +19,6 @@ on:
      - 'Gemfile*'
      - '.rubocop*.yml'
      - '.ruby-version'
-      - 'bin/rubocop'
      - 'config/brakeman.ignore'
      - '**/*.rb'
      - '**/*.rake'
@ -35,15 +33,15 @@ jobs:

    steps:
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Set up Ruby
-        uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6 # v1
+        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true

      - name: Set-up RuboCop Problem Matcher
-        uses: r7kamura/rubocop-problem-matchers-action@59f1a0759f50cc2649849fd850b8487594bb5a81 # v1.2.2
+        uses: r7kamura/rubocop-problem-matchers-action@v1

      - name: Run rubocop
        run: bin/rubocop
--- a/.github/workflows/rebase-needed.yml
+++ b/.github/workflows/rebase-needed.yml
@ -18,7 +18,7 @@ jobs:

    steps:
      - name: Check for merge conflicts
-        uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3
+        uses: eps1lon/actions-label-merge-conflict@v3
        with:
          dirtyLabel: 'rebase needed :construction:'
          repoToken: '${{ secrets.GITHUB_TOKEN }}'
--- a/.github/workflows/test-image-build.yml
+++ b/.github/workflows/test-image-build.yml
@ -8,7 +8,6 @@ on:
      - .github/workflows/test-image-build.yml
      - Dockerfile
      - streaming/Dockerfile
-      - .dockerignore
 permissions:
  contents: read

--- a/.github/workflows/test-js.yml
+++ b/.github/workflows/test-js.yml
@ -34,10 +34,10 @@ jobs:

    steps:
      - name: Clone repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4

      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript

      - name: JavaScript testing
-        run: yarn test:js
+        run: yarn jest --reporters github-actions summary
--- a/.github/workflows/test-migrations.yml
+++ b/.github/workflows/test-migrations.yml
@ -12,7 +12,6 @@ on:
      - '**/*.rb'
      - '.github/workflows/test-migrations.yml'
      - 'lib/tasks/tests.rake'
-      - 'lib/tasks/db.rake'

  pull_request:
    paths:
@ -64,6 +63,7 @@ jobs:
      DB_HOST: localhost
      DB_USER: postgres
      DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      BUNDLE_CLEAN: true
      BUNDLE_FROZEN: true
@ -72,23 +72,11 @@ jobs:
      BUNDLE_RETRY: 3

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

      - name: Set up Ruby environment
        uses: ./.github/actions/setup-ruby

-      - name: Ensure no errors with `db:prepare`
-        run: |
-          bin/rails db:drop
-          bin/rails db:prepare
-          bin/rails db:migrate
-
-      - name: Ensure no errors with `db:prepare` and SKIP_POST_DEPLOYMENT_MIGRATIONS
-        run: |
-          bin/rails db:drop
-          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails db:prepare
-          bin/rails db:migrate
-
      - name: Test "one step migration" flow
        run: |
          bin/rails db:drop
@ -102,11 +90,6 @@ jobs:
          bin/rails db:drop
          bin/rails db:create
          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails tests:migrations:prepare_database
-
-          # Migrate up to v4.2.0 breakpoint
-          bin/rails db:migrate VERSION=20230907150100
-
-          # Migrate the rest
          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails db:migrate
          bin/rails db:migrate
          bin/rails tests:migrations:check_database
--- a/.github/workflows/test-ruby.yml
+++ b/.github/workflows/test-ruby.yml
@ -32,7 +32,7 @@ jobs:
      SECRET_KEY_BASE_DUMMY: 1

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

      - name: Set up Ruby environment
        uses: ./.github/actions/setup-ruby
@ -43,13 +43,13 @@ jobs:
          onlyProduction: 'true'

      - name: Cache assets from compilation
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5
+        uses: actions/cache@v4
        with:
          path: |
            public/assets
            public/packs
            public/packs-test
-            tmp/cache/vite
+            tmp/cache/webpacker
          key: ${{ matrix.mode }}-assets-${{ github.head_ref || github.ref_name }}-${{ github.sha }}
          restore-keys: |
            ${{ matrix.mode }}-assets-${{ github.head_ref || github.ref_name }}-${{ github.sha }}
@ -63,9 +63,9 @@ jobs:

      - name: Archive asset artifacts
        run: |
-          tar --exclude={"*.br","*.gz"} -zcf artifacts.tar.gz public/assets public/packs* tmp/cache/vite/last-build*.json
+          tar --exclude={"*.br","*.gz"} -zcf artifacts.tar.gz public/assets public/packs*

-      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
+      - uses: actions/upload-artifact@v4
        if: matrix.mode == 'test'
        with:
          path: |-
@ -107,7 +107,7 @@ jobs:
      DB_HOST: localhost
      DB_USER: postgres
      DB_PASS: postgres
-      COVERAGE: ${{ matrix.ruby-version == '.ruby-version' }}
+      DISABLE_SIMPLECOV: ${{ matrix.ruby-version != '.ruby-version' }}
      RAILS_ENV: test
      ALLOW_NOPAM: true
      PAM_ENABLED: true
@ -124,13 +124,14 @@ jobs:
      fail-fast: false
      matrix:
        ruby-version:
+          - '3.1'
          - '3.2'
-          - '3.3'
          - '.ruby-version'
+          - '3.4'
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

-      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
+      - uses: actions/download-artifact@v4
        with:
          path: './'
          name: ${{ github.sha }}
@ -143,7 +144,7 @@ jobs:
        uses: ./.github/actions/setup-ruby
        with:
          ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg libpam-dev
+          additional-system-dependencies: ffmpeg imagemagick libpam-dev

      - name: Load database schema
        run: |
@ -151,7 +152,7 @@ jobs:
          bin/flatware fan bin/rails db:test:prepare

      - name: Cache RSpec persistence file
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5
+        uses: actions/cache@v4
        with:
          path: |
            tmp/rspec/examples.txt
@ -167,12 +168,100 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: matrix.ruby-version == '.ruby-version'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5
+        uses: codecov/codecov-action@v4
        with:
          files: coverage/lcov/*.lcov
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

+  test-libvips:
+    name: Libvips tests
+    runs-on: ubuntu-24.04
+
+    needs:
+      - build
+
+    services:
+      postgres:
+        image: postgres:14-alpine
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_USER: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10ms
+          --health-timeout 3s
+          --health-retries 50
+        ports:
+          - 5432:5432
+
+      redis:
+        image: redis:7-alpine
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10ms
+          --health-timeout 3s
+          --health-retries 50
+        ports:
+          - 6379:6379
+
+    env:
+      DB_HOST: localhost
+      DB_USER: postgres
+      DB_PASS: postgres
+      DISABLE_SIMPLECOV: ${{ matrix.ruby-version != '.ruby-version' }}
+      RAILS_ENV: test
+      ALLOW_NOPAM: true
+      PAM_ENABLED: true
+      PAM_DEFAULT_SERVICE: pam_test
+      PAM_CONTROLLED_SERVICE: pam_test_controlled
+      OIDC_ENABLED: true
+      OIDC_SCOPE: read
+      SAML_ENABLED: true
+      CAS_ENABLED: true
+      BUNDLE_WITH: 'pam_authentication test'
+      GITHUB_RSPEC: ${{ matrix.ruby-version == '.ruby-version' && github.event.pull_request && 'true' }}
+      MASTODON_USE_LIBVIPS: true
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version:
+          - '3.1'
+          - '3.2'
+          - '.ruby-version'
+          - '3.4'
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/download-artifact@v4
+        with:
+          path: './'
+          name: ${{ github.sha }}
+
+      - name: Expand archived asset artifacts
+        run: |
+          tar xvzf artifacts.tar.gz
+
+      - name: Set up Ruby environment
+        uses: ./.github/actions/setup-ruby
+        with:
+          ruby-version: ${{ matrix.ruby-version}}
+          additional-system-dependencies: ffmpeg libpam-dev
+
+      - name: Load database schema
+        run: './bin/rails db:create db:schema:load db:seed'
+
+      - run: bin/rspec --tag attachment_processing
+
+      - name: Upload coverage reports to Codecov
+        if: matrix.ruby-version == '.ruby-version'
+        uses: codecov/codecov-action@v4
+        with:
+          files: coverage/lcov/mastodon.lcov
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
  test-e2e:
    name: End to End testing
    runs-on: ubuntu-latest
@ -208,6 +297,7 @@ jobs:
      DB_HOST: localhost
      DB_USER: postgres
      DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      BUNDLE_WITH: test
      LOCAL_DOMAIN: localhost:3000
@ -217,14 +307,15 @@ jobs:
      fail-fast: false
      matrix:
        ruby-version:
+          - '3.1'
          - '3.2'
-          - '3.3'
          - '.ruby-version'
+          - '3.4'

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

-      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
+      - uses: actions/download-artifact@v4
        with:
          path: './'
          name: ${{ github.sha }}
@ -237,7 +328,7 @@ jobs:
        uses: ./.github/actions/setup-ruby
        with:
          ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg
+          additional-system-dependencies: ffmpeg imagemagick

      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
@ -245,35 +336,20 @@ jobs:
      - name: Load database schema
        run: './bin/rails db:create db:schema:load db:seed'

-      - name: Cache Playwright Chromium browser
-        id: playwright-cache
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5
-        with:
-          path: ~/.cache/ms-playwright
-          key: playwright-browsers-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
-
-      - name: Install Playwright Chromium browser (with deps)
-        if: steps.playwright-cache.outputs.cache-hit != 'true'
-        run: yarn run playwright install --with-deps chromium
-
-      - name: Install Playwright Chromium browser deps
-        if: steps.playwright-cache.outputs.cache-hit == 'true'
-        run: yarn run playwright install-deps chromium
-
      - run: bin/rspec spec/system --tag streaming --tag js

      - name: Archive logs
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
+        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: e2e-logs-${{ matrix.ruby-version }}
          path: log/

      - name: Archive test screenshots
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
+        uses: actions/upload-artifact@v4
        if: failure()
        with:
-          name: e2e-screenshots-${{ matrix.ruby-version }}
+          name: e2e-screenshots
          path: tmp/capybara/

  test-search:
@ -338,6 +414,7 @@ jobs:
      DB_HOST: localhost
      DB_USER: postgres
      DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      BUNDLE_WITH: test
      ES_ENABLED: true
@ -348,21 +425,22 @@ jobs:
      fail-fast: false
      matrix:
        ruby-version:
+          - '3.1'
          - '3.2'
-          - '3.3'
          - '.ruby-version'
+          - '3.4'
        search-image:
-          - docker.elastic.co/elasticsearch/elasticsearch:7.17.29
+          - docker.elastic.co/elasticsearch/elasticsearch:7.17.13
        include:
          - ruby-version: '.ruby-version'
-            search-image: docker.elastic.co/elasticsearch/elasticsearch:8.19.2
+            search-image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2
          - ruby-version: '.ruby-version'
            search-image: opensearchproject/opensearch:2

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4

-      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
+      - uses: actions/download-artifact@v4
        with:
          path: './'
          name: ${{ github.sha }}
@ -371,7 +449,7 @@ jobs:
        uses: ./.github/actions/setup-ruby
        with:
          ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg
+          additional-system-dependencies: ffmpeg imagemagick

      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
@ -382,14 +460,14 @@ jobs:
      - run: bin/rspec --tag search

      - name: Archive logs
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
+        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: test-search-logs-${{ matrix.ruby-version }}
          path: log/

      - name: Archive test screenshots
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
+        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: test-search-screenshots
--- a/.gitignore
+++ b/.gitignore
@ -21,12 +21,10 @@
 /public/system
 /public/assets
 /public/packs
-/public/packs-dev
 /public/packs-test
-stats.html
 .env
 .env.production
-node_modules/
+/node_modules/
 /build/

 # Ignore Vagrant files
@ -76,6 +74,3 @@ docker-compose.override.yml

 # Ignore local-only rspec configuration
 .rspec-local
-
-*storybook.log
-storybook-static
--- a/.haml-lint.yml
+++ b/.haml-lint.yml
@ -10,6 +10,6 @@ linters:
  MiddleDot:
    enabled: true
  LineLength:
-    max: 240 # Override default value of 80 inherited from rubocop
+    max: 300
  ViewLength:
    max: 200 # Override default value of 100 inherited from rubocop
--- a/.nvmrc
+++ b/.nvmrc
@ -1 +1 @@
-24.14
+20.17
--- a/.oxfmtrc.json
+++ b/.oxfmtrc.json
@ -1,92 +0,0 @@
-{
-  "$schema": "./node_modules/oxfmt/configuration_schema.json",
-  "singleQuote": true,
-  "jsxSingleQuote": true,
-  "printWidth": 80,
-  "ignorePatterns": [
-    "/tmp",
-    "/coverage",
-    "/public/assets",
-    "/public/emoji",
-    "/public/packs",
-    "/public/packs-test",
-    "/public/system",
-    "/public/vite*",
-
-    "*.html",
-    "docker-compose.override.yml",
-
-    // Ignore config YAML files that include ERB/ruby code
-    "config/email.yml",
-
-    // Vendored CSS
-    "app/javascript/styles/mastodon/reset.scss",
-
-    // Automatically generated
-    "/app/javascript/mastodon/features/emoji/emoji_map.json",
-    "/app/javascript/mastodon/features/emoji/emoji_data.json",
-    "AUTHORS.md",
-    "/app/javascript/mastodon/locales/*.json",
-    "/config/locales",
-    ".storybook/static/mockServiceWorker.js",
-
-    // do not reformat JS files as this will change too many files and cause merge conflicts with open PRs and forks
-    "app/javascript/**/*.js",
-    "app/javascript/**/*.jsx",
-    "streaming/**/*.js"
-  ],
-  "experimentalSortPackageJson": false,
-  "experimentalSortImports": {
-    "groups": [
-      ["builtin"],
-      ["react"],
-      ["react-intl"],
-      ["react-utils"],
-      ["redux"],
-      ["external", "type-external"],
-      ["internal", "type-internal"],
-      ["mastodon-internals"],
-      ["parent", "type-parent"],
-      ["sibling", "type-sibling", "index", "type-index"],
-      ["side_effect"]
-    ],
-    "customGroups": [
-      {
-        "groupName": "react",
-        "elementNamePattern": [
-          "react",
-          "react-dom",
-          "react-dom/client",
-          "prop-types"
-        ]
-      },
-      {
-        "groupName": "react-intl",
-        "elementNamePattern": ["react-intl", "intl-messageformat"]
-      },
-      {
-        "groupName": "react-utils",
-        "elementNamePattern": [
-          "classnames",
-          "react-helmet",
-          "react-router",
-          "react-router-dom"
-        ]
-      },
-      {
-        "groupName": "redux",
-        "elementNamePattern": [
-          "immutable",
-          "@reduxjs/toolkit",
-          "react-redux",
-          "react-immutable-proptypes",
-          "react-immutable-pure-component"
-        ]
-      },
-      {
-        "groupName": "mastodon-internals",
-        "elementNamePattern": ["mastodon/**", "@/**"]
-      }
-    ]
-  }
-}
--- a/.prettierignore
+++ b/.prettierignore
@ -0,0 +1,85 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config and downloaded libraries.
+/.bundle
+/vendor/bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+.eslintcache
+/log/*
+!/log/.keep
+/tmp
+/coverage
+/public/system
+/public/assets
+/public/packs
+/public/packs-test
+.env
+.env.production
+.env.development
+/node_modules/
+/build/
+
+# Ignore Vagrant files
+.vagrant/
+
+# Ignore IDE files
+.vscode/
+.idea/
+
+# Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
+/postgres
+/postgres14
+/redis
+/elasticsearch
+
+# Ignore Apple files
+.DS_Store
+
+# Ignore vim files
+*~
+*.swp
+
+# Ignore log files
+*.log
+
+# Ignore Docker option files
+docker-compose.override.yml
+
+# Ignore public
+/public/assets
+/public/emoji
+/public/packs
+/public/packs-test
+/public/system
+
+# Ignore emoji map file
+/app/javascript/mastodon/features/emoji/emoji_map.json
+
+# Ignore locale files
+/app/javascript/mastodon/locales/*.json
+/config/locales
+
+# Ignore vendored CSS reset
+app/javascript/styles/mastodon/reset.scss
+
+# Ignore Javascript pending https://github.com/mastodon/mastodon/pull/23631
+*.js
+*.jsx
+
+# Ignore HTML till cleaned and included in CI
+*.html
+
+# Ignore the generated AUTHORS.md
+AUTHORS.md
+
+# Process a few selected JS files
+!lint-staged.config.js
--- a/.prettierrc.js
+++ b/.prettierrc.js
@ -0,0 +1,4 @@
+module.exports = {
+  singleQuote: true,
+  jsxSingleQuote: true
+}
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -8,7 +8,7 @@ AllCops:
    - lib/mastodon/migration_helpers.rb
  ExtraDetails: true
  NewCops: enable
-  TargetRubyVersion: 3.2 # Oldest supported ruby version
+  TargetRubyVersion: 3.1 # Oldest supported ruby version

 inherit_from:
  - .rubocop/layout.yml
@ -18,7 +18,6 @@ inherit_from:
  - .rubocop/rspec_rails.yml
  - .rubocop/rspec.yml
  - .rubocop/style.yml
-  - .rubocop/i18n.yml
  - .rubocop/custom.yml
  - .rubocop_todo.yml
  - .rubocop/strict.yml
@ -27,10 +26,9 @@ inherit_mode:
  merge:
    - Exclude

-plugins:
-  - rubocop-capybara
-  - rubocop-i18n
-  - rubocop-performance
+require:
  - rubocop-rails
  - rubocop-rspec
  - rubocop-rspec_rails
+  - rubocop-performance
+  - rubocop-capybara
--- a/.rubocop/i18n.yml
+++ b/.rubocop/i18n.yml
@ -1,12 +0,0 @@
-I18n/RailsI18n:
-  Enabled: true
-  Exclude:
-    - 'config/**/*'
-    - 'db/**/*'
-    - 'lib/**/*'
-    - 'spec/**/*'
-I18n/GetText:
-  Enabled: false
-
-I18n/RailsI18n/DecorateStringFormattingUsingInterpolation:
-  Enabled: false
--- a/.rubocop/layout.yml
+++ b/.rubocop/layout.yml
@ -4,6 +4,3 @@ Layout/FirstHashElementIndentation:

 Layout/LineLength:
  Max: 300 # Default of 120 causes a duplicate entry in generated todo file
-
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
--- a/.rubocop/metrics.yml
+++ b/.rubocop/metrics.yml
@ -1,21 +1,17 @@
 ---
 Metrics/AbcSize:
-  Enabled: false
+  Exclude:
+    - lib/mastodon/cli/*.rb

 Metrics/BlockLength:
  Enabled: false

-Metrics/BlockNesting:
-  Enabled: false
-
 Metrics/ClassLength:
  Enabled: false

-Metrics/CollectionLiteralLength:
-  Enabled: false
-
 Metrics/CyclomaticComplexity:
-  Enabled: false
+  Exclude:
+    - lib/mastodon/cli/*.rb

 Metrics/MethodLength:
  Enabled: false
@ -24,7 +20,4 @@ Metrics/ModuleLength:
  Enabled: false

 Metrics/ParameterLists:
-  Enabled: false
-
-Metrics/PerceivedComplexity:
-  Enabled: false
+  CountKeywordArgs: false
--- a/.rubocop/naming.yml
+++ b/.rubocop/naming.yml
@ -1,6 +1,3 @@
 ---
 Naming/BlockForwarding:
  EnforcedStyle: explicit
-
-Naming/PredicateMethod:
-  Enabled: false
--- a/.rubocop/rails.yml
+++ b/.rubocop/rails.yml
@ -2,9 +2,6 @@
 Rails/BulkChangeTable:
  Enabled: false # Conflicts with strong_migrations features

-Rails/Delegate:
-  Enabled: false
-
 Rails/FilePath:
  EnforcedStyle: arguments

--- a/.rubocop/rspec.yml
+++ b/.rubocop/rspec.yml
@ -23,6 +23,5 @@ RSpec/SpecFilePathFormat:
    ActivityPub: activitypub
    DeepL: deepl
    FetchOEmbedService: fetch_oembed_service
-    OAuth: oauth
    OEmbedController: oembed_controller
    OStatus: ostatus
--- a/.rubocop/style.yml
+++ b/.rubocop/style.yml
@ -1,7 +1,4 @@
 ---
-Style/ArrayIntersect:
-  Enabled: false
-
 Style/ClassAndModuleChildren:
  Enabled: false

@ -22,13 +19,6 @@ Style/HashSyntax:
  EnforcedShorthandSyntax: either
  EnforcedStyle: ruby19_no_mixed_keys

-Style/IfUnlessModifier:
-  Exclude:
-    - '**/*.haml'
-
-Style/KeywordArgumentsMerging:
-  Enabled: false
-
 Style/NumericLiterals:
  AllowedPatterns:
    - \d{4}_\d{2}_\d{2}_\d{6}
@ -47,9 +37,6 @@ Style/RedundantFetchBlock:
 Style/RescueStandardError:
  EnforcedStyle: implicit

-Style/SafeNavigationChainLength:
-  Enabled: false
-
 Style/SymbolArray:
  Enabled: false

@ -58,6 +45,3 @@ Style/TrailingCommaInArrayLiteral:

 Style/TrailingCommaInHashLiteral:
  EnforcedStyleForMultiline: comma
-
-Style/WordArray:
-  MinSize: 3 # Override default of 2
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -1,18 +1,113 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.80.2.
+# using RuboCop version 1.66.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.

+Lint/NonLocalExitFromIterator:
+  Exclude:
+    - 'app/helpers/jsonld_helper.rb'
+
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
+Metrics/AbcSize:
+  Max: 82
+
+# Configuration parameters: CountBlocks, CountModifierForms, Max.
+Metrics/BlockNesting:
+  Exclude:
+    - 'lib/tasks/mastodon.rake'
+
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/CyclomaticComplexity:
+  Max: 25
+
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/PerceivedComplexity:
+  Max: 27
+
+Rails/OutputSafety:
+  Exclude:
+    - 'config/initializers/simple_form.rb'
+
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowedVars, DefaultToNil.
+# Configuration parameters: AllowedVars.
 Style/FetchEnvVar:
  Exclude:
+    - 'app/lib/translation_service.rb'
+    - 'config/environments/production.rb'
+    - 'config/initializers/2_limited_federation_mode.rb'
+    - 'config/initializers/3_omniauth.rb'
+    - 'config/initializers/cache_buster.rb'
+    - 'config/initializers/devise.rb'
    - 'config/initializers/paperclip.rb'
+    - 'config/initializers/vapid.rb'
+    - 'lib/tasks/repo.rake'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
+# SupportedStyles: annotated, template, unannotated
+# AllowedMethods: redirect
+Style/FormatStringToken:
+  Exclude:
+    - 'config/initializers/devise.rb'
+    - 'lib/paperclip/color_extractor.rb'

 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
  Enabled: false
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/HashTransformValues:
+  Exclude:
+    - 'app/serializers/rest/web_push_subscription_serializer.rb'
+    - 'app/services/import_service.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/MapToHash:
+  Exclude:
+    - 'app/models/status.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: literals, strict
+Style/MutableConstant:
+  Exclude:
+    - 'app/models/tag.rb'
+    - 'app/services/delete_account_service.rb'
+    - 'lib/mastodon/migration_warning.rb'
+
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: respond_to_missing?
+Style/OptionalBooleanParameter:
+  Exclude:
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/lib/admin/system_check/message.rb'
+    - 'app/lib/request.rb'
+    - 'app/lib/webfinger.rb'
+    - 'app/services/block_domain_service.rb'
+    - 'app/services/fetch_resource_service.rb'
+    - 'app/workers/domain_block_worker.rb'
+    - 'app/workers/unfollow_follow_worker.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: short, verbose
+Style/PreferredHashMethods:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantConstantBase:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/sidekiq.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: WordRegex.
+# SupportedStyles: percent, brackets
+Style/WordArray:
+  EnforcedStyle: percent
+  MinSize: 3
--- a/.ruby-version
+++ b/.ruby-version
@ -1 +1 @@
-3.4.9
+3.3.5
--- a/.storybook/main.ts
+++ b/.storybook/main.ts
@ -1,40 +0,0 @@
-import { resolve } from 'node:path';
-
-import type { StorybookConfig } from '@storybook/react-vite';
-
-const config: StorybookConfig = {
-  stories: ['../app/javascript/**/*.stories.@(js|jsx|mjs|ts|tsx)'],
-  addons: [
-    '@storybook/addon-docs',
-    '@storybook/addon-a11y',
-    '@storybook/addon-vitest',
-  ],
-  framework: {
-    name: '@storybook/react-vite',
-    options: {},
-  },
-  staticDirs: [
-    './static',
-    // We need to manually specify the assets because of the symlink in public/sw.js
-    ...[
-      'avatars',
-      'emoji',
-      'headers',
-      'sounds',
-      'badge.png',
-      'loading.gif',
-      'loading.png',
-      'oops.gif',
-      'oops.png',
-    ].map((path) => ({ from: `../public/${path}`, to: `/${path}` })),
-    { from: '../app/javascript/images/logo.svg', to: '/custom-emoji/logo.svg' },
-  ],
-  viteFinal(config) {
-    // For an unknown reason, Storybook does not use the root
-    // from the Vite config so we need to set it manually.
-    config.root = resolve(import.meta.dirname, '../app/javascript');
-    return config;
-  },
-};
-
-export default config;
--- a/.storybook/manager.ts
+++ b/.storybook/manager.ts
@ -1,7 +0,0 @@
-import { addons } from 'storybook/manager-api';
-
-import theme from './storybook-theme';
-
-addons.setConfig({
-  theme,
-});
--- a/.storybook/modes.ts
+++ b/.storybook/modes.ts
@ -1,8 +0,0 @@
-export const modes = {
-  darkTheme: {
-    theme: 'dark',
-  },
-  lightTheme: {
-    theme: 'light',
-  },
-} as const;
--- a/.storybook/preview-body.html
+++ b/.storybook/preview-body.html
@ -1,2 +0,0 @@
-<html class="no-reduce-motion" data-color-scheme="light">
-</html>
--- a/.storybook/preview-head.html
+++ b/.storybook/preview-head.html
@ -1,18 +0,0 @@
-<style>
-	/* Increase docs font size */
-	.sbdocs.sbdocs-content :where(p:not(.sb-anchor, .sb-unstyled, .sb-unstyled p)),
-	.sbdocs.sbdocs-content :where(li:not(.sb-anchor, .sb-unstyled, .sb-unstyled li)) {
-		font-size: 1.0666rem; /* 17px */
-		line-height: 1.585; /* 27px */
-	}
-
-	.sbdocs.sbdocs-content :where(p:not(.sb-anchor, .sb-unstyled, .sb-unstyled p)) code,
-	.sbdocs.sbdocs-content :where(li:not(.sb-anchor, .sb-unstyled, .sb-unstyled li)) code {
-		font-size: 0.875rem; /* ~15px */
-	}
-
-	/* Bring numbers back for ordered lists */
-	ol {
-		list-style: revert !important;
-	}
-</style>
--- a/.storybook/preview.tsx
+++ b/.storybook/preview.tsx
@ -1,211 +0,0 @@
-import { useEffect, useState } from 'react';
-
-import { IntlProvider } from 'react-intl';
-
-import { MemoryRouter, Route } from 'react-router';
-
-import { configureStore } from '@reduxjs/toolkit';
-import { Provider } from 'react-redux';
-
-import type { Preview } from '@storybook/react-vite';
-import { initialize, mswLoader } from 'msw-storybook-addon';
-import { action } from 'storybook/actions';
-
-import {
-  importCustomEmojiData,
-  importLegacyShortcodes,
-  importEmojiData,
-} from '@/mastodon/features/emoji/loader';
-import type { LocaleData } from '@/mastodon/locales';
-import { reducerWithInitialState } from '@/mastodon/reducers';
-import { defaultMiddleware } from '@/mastodon/store/store';
-import { mockHandlers, unhandledRequestHandler } from '@/testing/api';
-
-import { modes } from './modes';
-
-import '../app/javascript/styles/application.scss';
-import './styles.css';
-
-const localeFiles = import.meta.glob('@/mastodon/locales/*.json', {
-  query: { as: 'json' },
-});
-
-// Initialize MSW
-initialize({
-  onUnhandledRequest: unhandledRequestHandler,
-});
-
-const preview: Preview = {
-  // Auto-generate docs: https://storybook.js.org/docs/writing-docs/autodocs
-  tags: ['autodocs'],
-  globalTypes: {
-    locale: {
-      description: 'Locale for the story',
-      toolbar: {
-        title: 'Locale',
-        icon: 'globe',
-        items: Object.keys(localeFiles).map((path) =>
-          path.replace('/mastodon/locales/', '').replace('.json', ''),
-        ),
-        dynamicTitle: true,
-      },
-    },
-    theme: {
-      description: 'Theme for the story',
-      toolbar: {
-        title: 'Theme',
-        icon: 'circlehollow',
-        items: [{ value: 'light' }, { value: 'dark' }],
-        dynamicTitle: true,
-      },
-    },
-  },
-  initialGlobals: {
-    locale: 'en',
-    theme: 'light',
-  },
-  decorators: [
-    (Story, { parameters, globals, args, argTypes }) => {
-      // Get the locale from the global toolbar
-      // and merge it with any parameters or args state.
-      const { locale } = globals as { locale: string };
-      const { state = {} } = parameters;
-
-      const argsState: Record<string, unknown> = {};
-      for (const [key, value] of Object.entries(args)) {
-        const argType = argTypes[key];
-        if (argType?.reduxPath) {
-          const reduxPath = Array.isArray(argType.reduxPath)
-            ? argType.reduxPath.map((p) => p.toString())
-            : argType.reduxPath.split('.');
-
-          reduxPath.reduce((acc, key, i) => {
-            if (acc[key] === undefined) {
-              acc[key] = {};
-            }
-            if (i === reduxPath.length - 1) {
-              acc[key] = value;
-            }
-            return acc[key] as Record<string, unknown>;
-          }, argsState);
-        }
-      }
-
-      const reducer = reducerWithInitialState(
-        {
-          meta: {
-            locale,
-          },
-        },
-        state as Record<string, unknown>,
-        argsState,
-      );
-
-      const store = configureStore({
-        reducer,
-        middleware(getDefaultMiddleware) {
-          return getDefaultMiddleware(defaultMiddleware);
-        },
-      });
-      return (
-        <Provider store={store}>
-          <Story />
-        </Provider>
-      );
-    },
-    (Story, { globals }) => {
-      const currentLocale = (globals.locale as string) || 'en';
-      const [messages, setMessages] = useState<
-        Record<string, Record<string, string>>
-      >({});
-      const currentLocaleData = messages[currentLocale];
-
-      useEffect(() => {
-        async function loadLocaleData() {
-          const { default: localeFile } = (await import(
-            `@/mastodon/locales/${currentLocale}.json`
-          )) as { default: LocaleData['messages'] };
-          setMessages((prevLocales) => ({
-            ...prevLocales,
-            [currentLocale]: localeFile,
-          }));
-        }
-        if (!currentLocaleData) {
-          void loadLocaleData();
-        }
-      }, [currentLocale, currentLocaleData]);
-
-      return (
-        <IntlProvider
-          locale={currentLocale}
-          messages={currentLocaleData}
-          textComponent='span'
-        >
-          <Story />
-        </IntlProvider>
-      );
-    },
-    (Story, { globals }) => {
-      const theme = (globals.theme as string) || 'light';
-      useEffect(() => {
-        document.body.setAttribute('data-color-scheme', theme);
-      }, [theme]);
-      return <Story />;
-    },
-    (Story) => (
-      <MemoryRouter>
-        <Story />
-        <Route
-          path='*'
-          // eslint-disable-next-line react/jsx-no-bind
-          render={({ location }) => {
-            if (location.pathname !== '/') {
-              action(`route change to ${location.pathname}`)(location);
-            }
-            return null;
-          }}
-        />
-      </MemoryRouter>
-    ),
-  ],
-  loaders: [
-    mswLoader,
-    importCustomEmojiData,
-    importLegacyShortcodes,
-    ({ globals: { locale } }) => importEmojiData(locale as string),
-  ],
-  parameters: {
-    layout: 'centered',
-
-    controls: {
-      matchers: {
-        color: /(background|color)$/i,
-        date: /Date$/i,
-      },
-    },
-
-    a11y: {
-      // 'todo' - show a11y violations in the test UI only
-      // 'error' - fail CI on a11y violations
-      // 'off' - skip a11y checks entirely
-      test: 'todo',
-    },
-
-    state: {},
-
-    docs: {},
-
-    msw: {
-      handlers: mockHandlers,
-    },
-
-    chromatic: {
-      modes: {
-        dark: modes.darkTheme,
-        light: modes.lightTheme,
-      },
-    },
-  },
-};
-
-export default preview;
--- a/.storybook/static/mockServiceWorker.js
+++ b/.storybook/static/mockServiceWorker.js
@ -1,349 +0,0 @@
-/* eslint-disable */
-/* tslint:disable */
-
-/**
- * Mock Service Worker.
- * @see https://github.com/mswjs/msw
- * - Please do NOT modify this file.
- */
-
-const PACKAGE_VERSION = '2.12.1'
-const INTEGRITY_CHECKSUM = '4db4a41e972cec1b64cc569c66952d82'
-const IS_MOCKED_RESPONSE = Symbol('isMockedResponse')
-const activeClientIds = new Set()
-
-addEventListener('install', function () {
-  self.skipWaiting()
-})
-
-addEventListener('activate', function (event) {
-  event.waitUntil(self.clients.claim())
-})
-
-addEventListener('message', async function (event) {
-  const clientId = Reflect.get(event.source || {}, 'id')
-
-  if (!clientId || !self.clients) {
-    return
-  }
-
-  const client = await self.clients.get(clientId)
-
-  if (!client) {
-    return
-  }
-
-  const allClients = await self.clients.matchAll({
-    type: 'window',
-  })
-
-  switch (event.data) {
-    case 'KEEPALIVE_REQUEST': {
-      sendToClient(client, {
-        type: 'KEEPALIVE_RESPONSE',
-      })
-      break
-    }
-
-    case 'INTEGRITY_CHECK_REQUEST': {
-      sendToClient(client, {
-        type: 'INTEGRITY_CHECK_RESPONSE',
-        payload: {
-          packageVersion: PACKAGE_VERSION,
-          checksum: INTEGRITY_CHECKSUM,
-        },
-      })
-      break
-    }
-
-    case 'MOCK_ACTIVATE': {
-      activeClientIds.add(clientId)
-
-      sendToClient(client, {
-        type: 'MOCKING_ENABLED',
-        payload: {
-          client: {
-            id: client.id,
-            frameType: client.frameType,
-          },
-        },
-      })
-      break
-    }
-
-    case 'CLIENT_CLOSED': {
-      activeClientIds.delete(clientId)
-
-      const remainingClients = allClients.filter((client) => {
-        return client.id !== clientId
-      })
-
-      // Unregister itself when there are no more clients
-      if (remainingClients.length === 0) {
-        self.registration.unregister()
-      }
-
-      break
-    }
-  }
-})
-
-addEventListener('fetch', function (event) {
-  const requestInterceptedAt = Date.now()
-
-  // Bypass navigation requests.
-  if (event.request.mode === 'navigate') {
-    return
-  }
-
-  // Opening the DevTools triggers the "only-if-cached" request
-  // that cannot be handled by the worker. Bypass such requests.
-  if (
-    event.request.cache === 'only-if-cached' &&
-    event.request.mode !== 'same-origin'
-  ) {
-    return
-  }
-
-  // Bypass all requests when there are no active clients.
-  // Prevents the self-unregistered worked from handling requests
-  // after it's been terminated (still remains active until the next reload).
-  if (activeClientIds.size === 0) {
-    return
-  }
-
-  const requestId = crypto.randomUUID()
-  event.respondWith(handleRequest(event, requestId, requestInterceptedAt))
-})
-
-/**
- * @param {FetchEvent} event
- * @param {string} requestId
- * @param {number} requestInterceptedAt
- */
-async function handleRequest(event, requestId, requestInterceptedAt) {
-  const client = await resolveMainClient(event)
-  const requestCloneForEvents = event.request.clone()
-  const response = await getResponse(
-    event,
-    client,
-    requestId,
-    requestInterceptedAt,
-  )
-
-  // Send back the response clone for the "response:*" life-cycle events.
-  // Ensure MSW is active and ready to handle the message, otherwise
-  // this message will pend indefinitely.
-  if (client && activeClientIds.has(client.id)) {
-    const serializedRequest = await serializeRequest(requestCloneForEvents)
-
-    // Clone the response so both the client and the library could consume it.
-    const responseClone = response.clone()
-
-    sendToClient(
-      client,
-      {
-        type: 'RESPONSE',
-        payload: {
-          isMockedResponse: IS_MOCKED_RESPONSE in response,
-          request: {
-            id: requestId,
-            ...serializedRequest,
-          },
-          response: {
-            type: responseClone.type,
-            status: responseClone.status,
-            statusText: responseClone.statusText,
-            headers: Object.fromEntries(responseClone.headers.entries()),
-            body: responseClone.body,
-          },
-        },
-      },
-      responseClone.body ? [serializedRequest.body, responseClone.body] : [],
-    )
-  }
-
-  return response
-}
-
-/**
- * Resolve the main client for the given event.
- * Client that issues a request doesn't necessarily equal the client
- * that registered the worker. It's with the latter the worker should
- * communicate with during the response resolving phase.
- * @param {FetchEvent} event
- * @returns {Promise<Client | undefined>}
- */
-async function resolveMainClient(event) {
-  const client = await self.clients.get(event.clientId)
-
-  if (activeClientIds.has(event.clientId)) {
-    return client
-  }
-
-  if (client?.frameType === 'top-level') {
-    return client
-  }
-
-  const allClients = await self.clients.matchAll({
-    type: 'window',
-  })
-
-  return allClients
-    .filter((client) => {
-      // Get only those clients that are currently visible.
-      return client.visibilityState === 'visible'
-    })
-    .find((client) => {
-      // Find the client ID that's recorded in the
-      // set of clients that have registered the worker.
-      return activeClientIds.has(client.id)
-    })
-}
-
-/**
- * @param {FetchEvent} event
- * @param {Client | undefined} client
- * @param {string} requestId
- * @param {number} requestInterceptedAt
- * @returns {Promise<Response>}
- */
-async function getResponse(event, client, requestId, requestInterceptedAt) {
-  // Clone the request because it might've been already used
-  // (i.e. its body has been read and sent to the client).
-  const requestClone = event.request.clone()
-
-  function passthrough() {
-    // Cast the request headers to a new Headers instance
-    // so the headers can be manipulated with.
-    const headers = new Headers(requestClone.headers)
-
-    // Remove the "accept" header value that marked this request as passthrough.
-    // This prevents request alteration and also keeps it compliant with the
-    // user-defined CORS policies.
-    const acceptHeader = headers.get('accept')
-    if (acceptHeader) {
-      const values = acceptHeader.split(',').map((value) => value.trim())
-      const filteredValues = values.filter(
-        (value) => value !== 'msw/passthrough',
-      )
-
-      if (filteredValues.length > 0) {
-        headers.set('accept', filteredValues.join(', '))
-      } else {
-        headers.delete('accept')
-      }
-    }
-
-    return fetch(requestClone, { headers })
-  }
-
-  // Bypass mocking when the client is not active.
-  if (!client) {
-    return passthrough()
-  }
-
-  // Bypass initial page load requests (i.e. static assets).
-  // The absence of the immediate/parent client in the map of the active clients
-  // means that MSW hasn't dispatched the "MOCK_ACTIVATE" event yet
-  // and is not ready to handle requests.
-  if (!activeClientIds.has(client.id)) {
-    return passthrough()
-  }
-
-  // Notify the client that a request has been intercepted.
-  const serializedRequest = await serializeRequest(event.request)
-  const clientMessage = await sendToClient(
-    client,
-    {
-      type: 'REQUEST',
-      payload: {
-        id: requestId,
-        interceptedAt: requestInterceptedAt,
-        ...serializedRequest,
-      },
-    },
-    [serializedRequest.body],
-  )
-
-  switch (clientMessage.type) {
-    case 'MOCK_RESPONSE': {
-      return respondWithMock(clientMessage.data)
-    }
-
-    case 'PASSTHROUGH': {
-      return passthrough()
-    }
-  }
-
-  return passthrough()
-}
-
-/**
- * @param {Client} client
- * @param {any} message
- * @param {Array<Transferable>} transferrables
- * @returns {Promise<any>}
- */
-function sendToClient(client, message, transferrables = []) {
-  return new Promise((resolve, reject) => {
-    const channel = new MessageChannel()
-
-    channel.port1.onmessage = (event) => {
-      if (event.data && event.data.error) {
-        return reject(event.data.error)
-      }
-
-      resolve(event.data)
-    }
-
-    client.postMessage(message, [
-      channel.port2,
-      ...transferrables.filter(Boolean),
-    ])
-  })
-}
-
-/**
- * @param {Response} response
- * @returns {Response}
- */
-function respondWithMock(response) {
-  // Setting response status code to 0 is a no-op.
-  // However, when responding with a "Response.error()", the produced Response
-  // instance will have status code set to 0. Since it's not possible to create
-  // a Response instance with status code 0, handle that use-case separately.
-  if (response.status === 0) {
-    return Response.error()
-  }
-
-  const mockedResponse = new Response(response.body, response)
-
-  Reflect.defineProperty(mockedResponse, IS_MOCKED_RESPONSE, {
-    value: true,
-    enumerable: true,
-  })
-
-  return mockedResponse
-}
-
-/**
- * @param {Request} request
- */
-async function serializeRequest(request) {
-  return {
-    url: request.url,
-    mode: request.mode,
-    method: request.method,
-    headers: Object.fromEntries(request.headers.entries()),
-    cache: request.cache,
-    credentials: request.credentials,
-    destination: request.destination,
-    integrity: request.integrity,
-    redirect: request.redirect,
-    referrer: request.referrer,
-    referrerPolicy: request.referrerPolicy,
-    body: await request.arrayBuffer(),
-    keepalive: request.keepalive,
-  }
-}
--- a/.storybook/storybook-theme.ts
+++ b/.storybook/storybook-theme.ts
@ -1,7 +0,0 @@
-import { create } from 'storybook/theming';
-
-export default create({
-  base: 'light',
-  brandTitle: 'Mastodon Storybook',
-  brandImage: 'https://joinmastodon.org/logos/wordmark-black-text.svg',
-});
--- a/.storybook/storybook.d.ts
+++ b/.storybook/storybook.d.ts
@ -1,20 +0,0 @@
-// The addon package.json incorrectly exports types, so we need to override them here.
-
-import type { RootState } from '@/mastodon/store';
-
-// See: https://github.com/storybookjs/storybook/blob/v9.0.4/code/addons/vitest/package.json#L70-L76
-declare module '@storybook/addon-vitest/vitest-plugin' {
-  export * from '@storybook/addon-vitest/dist/vitest-plugin/index';
-}
-
-type RootPathKeys = keyof RootState;
-
-declare module 'storybook/internal/csf' {
-  export interface InputType {
-    reduxPath?:
-      | `${RootPathKeys}.${string}`
-      | [RootPathKeys, ...(string | number)[]];
-  }
-}
-
-export {};
--- a/.storybook/styles.css
+++ b/.storybook/styles.css
@ -1,8 +0,0 @@
-a {
-  color: inherit;
-  text-decoration: none;
-}
-
-a:hover {
-  text-decoration: underline;
-}
--- a/.storybook/vitest.setup.ts
+++ b/.storybook/vitest.setup.ts
@ -1,8 +0,0 @@
-import * as a11yAddonAnnotations from '@storybook/addon-a11y/preview';
-import { setProjectAnnotations } from '@storybook/react-vite';
-
-import * as projectAnnotations from './preview';
-
-// This is an important step to apply the right configuration when testing your stories.
-// More info at: https://storybook.js.org/docs/api/portable-stories/portable-stories-vitest#setprojectannotations
-setProjectAnnotations([a11yAddonAnnotations, projectAnnotations]);
--- a/.yarn/patches/babel-plugin-lodash-npm-3.3.4-c7161075b6.patch
+++ b/.yarn/patches/babel-plugin-lodash-npm-3.3.4-c7161075b6.patch
@ -0,0 +1,13 @@
+diff --git a/lib/index.js b/lib/index.js
+index 16ed6be8be8f555cc99096c2ff60954b42dc313d..d009c069770d066ad0db7ad02de1ea473a29334e 100644
+--- a/lib/index.js
+++ b/lib/index.js
+@@ -99,7 +99,7 @@ function lodash(_ref) {
+ 
+         var node = _ref3;
+ 
+-        if ((0, _types.isModuleDeclaration)(node)) {
+        if ((0, _types.isImportDeclaration)(node)  || (0, _types.isExportDeclaration)(node)) {
+           isModule = true;
+           break;
+         }
--- a/AUTHORS.md
+++ b/AUTHORS.md
@ -538,7 +538,7 @@ and provided thanks to the work of the following contributors:
 * [Drew Schuster](mailto:dtschust@gmail.com)
 * [Dryusdan](mailto:dryusdan@dryusdan.fr)
 * [Eai](mailto:eai@mizle.net)
-* [Eashwar Ranganathan](mailto:eashwar@eashwar.com)
+* [Eashwar Ranganathan](mailto:eranganathan@lyft.com)
 * [Ed Knutson](mailto:knutsoned@gmail.com)
 * [Elizabeth Martín Campos](mailto:me@elizabeth.sh)
 * [Elizabeth Myers](mailto:elizabeth@interlinked.me)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -9,58 +9,30 @@ You can contribute in the following ways:
 - Contributing code to Mastodon by fixing bugs or implementing features
 - Improving the documentation

+If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
+
 Please review the org-level [contribution guidelines] for high-level acceptance
-criteria guidance and the [DEVELOPMENT] guide for environment-specific details.
-You should also read the project's [AI Contribution Policy] to understand how we approach
-AI-assisted contributions.
+criteria guidance.
+
+[contribution guidelines]: https://github.com/mastodon/.github/blob/main/CONTRIBUTING.md

 ## API Changes and Additions

-Any changes or additions made to the API should have an accompanying pull
-request on our [documentation repository].
+Please note that any changes or additions made to the API should have an accompanying pull request on [our documentation repository](https://github.com/mastodon/documentation).

-## Bug Reports
+## Bug reports

-Bug reports and feature suggestions must use descriptive and concise titles and
-be submitted to [GitHub Issues]. Please use the search function to make sure
-there are not duplicate bug reports or feature requests.
-
-## Security Issues
-
-If you believe you have identified a security issue in Mastodon or our own apps,
-check [SECURITY].
+Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues](https://github.com/mastodon/mastodon/issues). Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.

 ## Translations

-Translations are community contributed via [Crowdin]. They are periodically
-reviewed and merged into the codebase.
+You can submit translations via [Crowdin](https://crowdin.com/project/mastodon). They are periodically merged into the codebase.

 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)](https://crowdin.com/project/mastodon)

-## Pull Requests
+## Pull requests

-### Size and Scope
-
-Our time is limited and PRs making large, unsolicited changes are unlikely to
-get a response. Changes which link to an existing confirmed issue, or which come
-from a "help wanted" issue or other request, are more likely to be reviewed.
-
-The smaller and more narrowly focused the changes in a PR are, the easier they
-are to review and potentially merge. If the change only makes sense in some
-larger context of future ongoing work, note that in the description, but still
-aim to keep each distinct PR to a "smallest viable change" chunk of work.
-
-### Description of Changes
-
-Unless the Pull Request is about refactoring code, updating dependencies or
-other internal tasks, assume that the audience are not developers, but a
-Mastodon user or server admin, and try to describe it from their perspective.
-
-The final commit in the main branch will carry the title from the PR. The main
-branch is then fed into the changelog and ultimately into release notes. We try
-to follow the [keepachangelog] spec, and while that does not prescribe how
-exactly the entries ought to be named, starting titles using one of the verbs
-"Add", "Change", "Deprecate", "Remove", or "Fix" (present tense) is helpful.
+**Please use clean, concise titles for your pull requests.** Unless the pull request is about refactoring code, updating dependencies or other internal tasks, assume that the person reading the pull request title is not a programmer or Mastodon developer, but instead a Mastodon user or server administrator, and **try to describe your change or fix from their perspective**. We use commit squashing, so the final commit in the main branch will carry the title of the pull request, and commits from the main branch are fed into the changelog. The changelog is separated into [keepachangelog.com categories](https://keepachangelog.com/en/1.0.0/), and while that spec does not prescribe how the entries ought to be named, for easier sorting, start your pull request titles using one of the verbs "Add", "Change", "Deprecate", "Remove", or "Fix" (present tense).

 Example:

@ -68,27 +40,16 @@ Example:
 | ------------------------------------ | ------------------------------------------------------------- |
 | Fixed NoMethodError in RemovalWorker | Fix nil error when removing statuses caused by race condition |

-### Technical Requirements
+It is not always possible to phrase every change in such a manner, but it is desired.

-Pull requests that do not pass automated checks on CI may not be reviewed. In
-particular, please keep in mind:
+**The smaller the set of changes in the pull request is, the quicker it can be reviewed and merged.** Splitting tasks into multiple smaller pull requests is often preferable.

- Unit and integration tests (rspec, vitest)
+**Pull requests that do not pass automated checks may not be reviewed**. In particular, you need to keep in mind:
+
+- Unit and integration tests (rspec, jest)
 - Code style rules (rubocop, eslint)
 - Normalization of locale files (i18n-tasks)
- Relevant accessibility or performance concerns

 ## Documentation

-The [Mastodon documentation] is a statically generated site that contains guides
-and API docs. Improvements are made via PRs to the [documentation repository].
-
-[contribution guidelines]: https://github.com/mastodon/.github/blob/main/CONTRIBUTING.md
-[Crowdin]: https://crowdin.com/project/mastodon
-[DEVELOPMENT]: docs/DEVELOPMENT.md
-[documentation repository]: https://github.com/mastodon/documentation
-[GitHub Issues]: https://github.com/mastodon/mastodon/issues
-[keepachangelog]: https://keepachangelog.com/en/1.0.0/
-[Mastodon documentation]: https://docs.joinmastodon.org
-[SECURITY]: SECURITY.md
-[AI Contribution Policy]: https://github.com/mastodon/.github/blob/main/AI_POLICY.md
+The [Mastodon documentation](https://docs.joinmastodon.org) is a statically generated site. You can [submit merge requests to mastodon/documentation](https://github.com/mastodon/documentation).
--- a/401
+++ b/401
@ -1,7 +1,7 @@
-# syntax=docker/dockerfile:1.18
+# syntax=docker/dockerfile:1.9

 # This file is designed for production server deployment, not local development work
-# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker
+# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/README.md#docker

 # Please see https://docs.docker.com/engine/reference/builder for information about
 # the extended buildx capabilities used in this file.
@ -9,20 +9,19 @@
 # See: https://docs.docker.com/build/building/multi-platform/
 ARG TARGETPLATFORM=${TARGETPLATFORM}
 ARG BUILDPLATFORM=${BUILDPLATFORM}
-ARG BASE_REGISTRY="docker.io"

-# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.4.x"]
+# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.3.x"]
 # renovate: datasource=docker depName=docker.io/ruby
-ARG RUBY_VERSION="3.4.9"
-# # Node.js version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="22"]
+ARG RUBY_VERSION="3.3.5"
+# # Node version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="20"]
 # renovate: datasource=node-version depName=node
-ARG NODE_MAJOR_VERSION="24"
-# Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="trixie"]
-ARG DEBIAN_VERSION="trixie"
-# Node.js image to use for base image based on combined variables (ex: 20-trixie-slim)
-FROM ${BASE_REGISTRY}/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim AS node
-# Ruby image to use for base image based on combined variables (ex: 3.4.x-slim-trixie)
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS ruby
+ARG NODE_MAJOR_VERSION="20"
+# Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="bookworm"]
+ARG DEBIAN_VERSION="bookworm"
+# Node image to use for base image based on combined variables (ex: 20-bookworm-slim)
+FROM docker.io/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim AS node
+# Ruby image to use for base image based on combined variables (ex: 3.3.x-slim-bookworm)
+FROM docker.io/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS ruby

 # Resulting version string is vX.X.X-MASTODON_VERSION_PRERELEASE+MASTODON_VERSION_METADATA
 # Example: v4.3.0-nightly.2023.11.09+pr-123456
@ -30,8 +29,6 @@ FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS ruby
 ARG MASTODON_VERSION_PRERELEASE=""
 # Append build metadata or fork information to version.rb [--build-arg MASTODON_VERSION_METADATA="pr-123456"]
 ARG MASTODON_VERSION_METADATA=""
-# Will be available as Mastodon::Version.source_commit
-ARG SOURCE_COMMIT=""

 # Allow Ruby on Rails to serve static files
 # See: https://docs.joinmastodon.org/admin/config/#rails_serve_static_files
@ -48,29 +45,30 @@ ARG GID="991"

 # Apply Mastodon build options based on options above
 ENV \
-  # Apply Mastodon version information
+# Apply Mastodon version information
  MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
  MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}" \
-  SOURCE_COMMIT="${SOURCE_COMMIT}" \
-  # Apply Mastodon static files and YJIT options
+# Apply Mastodon static files and YJIT options
  RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES} \
  RUBY_YJIT_ENABLE=${RUBY_YJIT_ENABLE} \
-  # Apply timezone
+# Apply timezone
  TZ=${TZ}

 ENV \
-  # Configure the IP to bind Mastodon to when serving traffic
+# Configure the IP to bind Mastodon to when serving traffic
  BIND="0.0.0.0" \
-  # Use production settings for Yarn, Node.js and related tools
+# Use production settings for Yarn, Node and related nodejs based tools
  NODE_ENV="production" \
-  # Use production settings for Ruby on Rails
+# Use production settings for Ruby on Rails
  RAILS_ENV="production" \
-  # Add Ruby and Mastodon installation to the PATH
+# Add Ruby and Mastodon installation to the PATH
  DEBIAN_FRONTEND="noninteractive" \
  PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin" \
-  # Optimize jemalloc 5.x performance
+# Optimize jemalloc 5.x performance
  MALLOC_CONF="narenas:2,background_thread:true,thp:never,dirty_decay_ms:1000,muzzy_decay_ms:0" \
-  # Sidekiq will touch tmp/sidekiq_process_has_started_and_will_begin_processing_jobs to indicate it is ready. This can be used for a readiness check in Kubernetes
+# Enable libvips, should not be changed
+  MASTODON_USE_LIBVIPS=true \
+# Sidekiq will touch tmp/sidekiq_process_has_started_and_will_begin_processing_jobs to indicate it is ready. This can be used for a readiness check in Kubernetes
  MASTODON_SIDEKIQ_READY_FILENAME=sidekiq_process_has_started_and_will_begin_processing_jobs

 # Set default shell used for running commands
@ -81,107 +79,123 @@ ARG TARGETPLATFORM
 RUN echo "Target platform is $TARGETPLATFORM"

 RUN \
-  # Remove automatic apt cache Docker cleanup scripts
+# Remove automatic apt cache Docker cleanup scripts
  rm -f /etc/apt/apt.conf.d/docker-clean; \
-  # Sets timezone
+# Sets timezone
  echo "${TZ}" > /etc/localtime; \
-  # Creates mastodon user/group and sets home directory
+# Creates mastodon user/group and sets home directory
  groupadd -g "${GID}" mastodon; \
  useradd -l -u "${UID}" -g "${GID}" -m -d /opt/mastodon mastodon; \
-  # Creates /mastodon symlink to /opt/mastodon
+# Creates /mastodon symlink to /opt/mastodon
  ln -s /opt/mastodon /mastodon;

 # Set /opt/mastodon as working directory
 WORKDIR /opt/mastodon

+# Add backport repository for some specific packages where we need the latest version
+RUN echo 'deb http://deb.debian.org/debian bookworm-backports main' >> /etc/apt/sources.list
+
 # hadolint ignore=DL3008,DL3005
 RUN \
-  # Mount Apt cache and lib directories from Docker buildx caches
-  --mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-  # Apt update & upgrade to check for security updates to Debian image
+# Mount Apt cache and lib directories from Docker buildx caches
+--mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
+--mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
+# Apt update & upgrade to check for security updates to Debian image
  apt-get update; \
  apt-get dist-upgrade -yq; \
-  # Install jemalloc, curl and other necessary components
+# Install jemalloc, curl and other necessary components
  apt-get install -y --no-install-recommends \
-  curl \
-  file \
-  libjemalloc2 \
-  patchelf \
-  procps \
-  tini \
-  tzdata \
-  wget \
+    curl \
+    file \
+    libjemalloc2 \
+    patchelf \
+    procps \
+    tini \
+    tzdata \
+    wget \
  ; \
-  # Patch Ruby to use jemalloc
+# Patch Ruby to use jemalloc
  patchelf --add-needed libjemalloc.so.2 /usr/local/bin/ruby; \
-  # Discard patchelf after use
+# Discard patchelf after use
  apt-get purge -y \
-  patchelf \
+    patchelf \
  ;

 # Create temporary build layer from base image
 FROM ruby AS build

+# Copy Node package configuration files into working directory
+COPY package.json yarn.lock .yarnrc.yml /opt/mastodon/
+COPY .yarn /opt/mastodon/.yarn
+
+COPY --from=node /usr/local/bin /usr/local/bin
+COPY --from=node /usr/local/lib /usr/local/lib
+
 ARG TARGETPLATFORM

 # hadolint ignore=DL3008
 RUN \
-  # Mount Apt cache and lib directories from Docker buildx caches
-  --mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-  # Install build tools and bundler dependencies from APT
+# Mount Apt cache and lib directories from Docker buildx caches
+--mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
+--mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
+# Install build tools and bundler dependencies from APT
  apt-get install -y --no-install-recommends \
-  autoconf \
-  automake \
-  build-essential \
-  cmake \
-  git \
-  libgdbm-dev \
-  libglib2.0-dev \
-  libgmp-dev \
-  libicu-dev \
-  libidn-dev \
-  libpq-dev \
-  libssl-dev \
-  libtool \
-  libyaml-dev \
-  meson \
-  nasm \
-  pkg-config \
-  shared-mime-info \
-  xz-utils \
-  # libvips components
-  libcgif-dev \
-  libexif-dev \
-  libexpat1-dev \
-  libgirepository1.0-dev \
-  libheif-dev \
-  libhwy-dev \
-  libimagequant-dev \
-  libjpeg62-turbo-dev \
-  liblcms2-dev \
-  libspng-dev \
-  libtiff-dev \
-  libwebp-dev \
+    autoconf \
+    automake \
+    build-essential \
+    cmake \
+    git \
+    libgdbm-dev \
+    libglib2.0-dev \
+    libgmp-dev \
+    libicu-dev \
+    libidn-dev \
+    libpq-dev \
+    libssl-dev \
+    libtool \
+    libyaml-dev \
+    meson \
+    nasm \
+    pkg-config \
+    shared-mime-info \
+    xz-utils \
+	# libvips components
+    libcgif-dev \
+    libexif-dev \
+    libexpat1-dev \
+    libgirepository1.0-dev \
+    libheif-dev/bookworm-backports \
+    libimagequant-dev \
+    libjpeg62-turbo-dev \
+    liblcms2-dev \
+    liborc-dev \
+    libspng-dev \
+    libtiff-dev \
+    libwebp-dev \
  # ffmpeg components
-  libdav1d-dev \
-  liblzma-dev \
-  libmp3lame-dev \
-  libopus-dev \
-  libsnappy-dev \
-  libvorbis-dev \
-  libvpx-dev \
-  libx264-dev \
-  libx265-dev \
+    libdav1d-dev \
+    liblzma-dev \
+    libmp3lame-dev \
+    libopus-dev \
+    libsnappy-dev \
+    libvorbis-dev \
+    libvpx-dev \
+    libx264-dev \
+    libx265-dev \
  ;

+RUN \
+# Configure Corepack
+  rm /usr/local/bin/yarn*; \
+  corepack enable; \
+  corepack prepare --activate;
+
 # Create temporary libvips specific build layer from build layer
 FROM build AS libvips

 # libvips version to compile, change with [--build-arg VIPS_VERSION="8.15.2"]
 # renovate: datasource=github-releases depName=libvips packageName=libvips/libvips
-ARG VIPS_VERSION=8.18.1
+ARG VIPS_VERSION=8.15.3
 # libvips download URL, change with [--build-arg VIPS_URL="https://github.com/libvips/libvips/releases/download"]
 ARG VIPS_URL=https://github.com/libvips/libvips/releases/download

@ -204,42 +218,42 @@ FROM build AS ffmpeg

 # ffmpeg version to compile, change with [--build-arg FFMPEG_VERSION="7.0.x"]
 # renovate: datasource=repology depName=ffmpeg packageName=openpkg_current/ffmpeg
-ARG FFMPEG_VERSION=8.0
+ARG FFMPEG_VERSION=7.0.2
 # ffmpeg download URL, change with [--build-arg FFMPEG_URL="https://ffmpeg.org/releases"]
-ARG FFMPEG_URL=https://github.com/FFmpeg/FFmpeg/archive/refs/tags
+ARG FFMPEG_URL=https://ffmpeg.org/releases

 WORKDIR /usr/local/ffmpeg/src
 # Download and extract ffmpeg source code
-ADD ${FFMPEG_URL}/n${FFMPEG_VERSION}.tar.gz /usr/local/ffmpeg/src/
-RUN tar xf n${FFMPEG_VERSION}.tar.gz && mv FFmpeg-n${FFMPEG_VERSION} ffmpeg-${FFMPEG_VERSION};
+ADD ${FFMPEG_URL}/ffmpeg-${FFMPEG_VERSION}.tar.xz /usr/local/ffmpeg/src/
+RUN tar xf ffmpeg-${FFMPEG_VERSION}.tar.xz;

 WORKDIR /usr/local/ffmpeg/src/ffmpeg-${FFMPEG_VERSION}

 # Configure and compile ffmpeg
 RUN \
  ./configure \
-  --prefix=/usr/local/ffmpeg \
-  --toolchain=hardened \
-  --disable-debug \
-  --disable-devices \
-  --disable-doc \
-  --disable-ffplay \
-  --disable-network \
-  --disable-static \
-  --enable-ffmpeg \
-  --enable-ffprobe \
-  --enable-gpl \
-  --enable-libdav1d \
-  --enable-libmp3lame \
-  --enable-libopus \
-  --enable-libsnappy \
-  --enable-libvorbis \
-  --enable-libvpx \
-  --enable-libwebp \
-  --enable-libx264 \
-  --enable-libx265 \
-  --enable-shared \
-  --enable-version3 \
+    --prefix=/usr/local/ffmpeg \
+    --toolchain=hardened \
+    --disable-debug \
+    --disable-devices \
+    --disable-doc \
+    --disable-ffplay \
+    --disable-network \
+    --disable-static \
+    --enable-ffmpeg \
+    --enable-ffprobe \
+    --enable-gpl \
+    --enable-libdav1d \
+    --enable-libmp3lame \
+    --enable-libopus \
+    --enable-libsnappy \
+    --enable-libvorbis \
+    --enable-libvpx \
+    --enable-libwebp \
+    --enable-libx264 \
+    --enable-libx265 \
+    --enable-shared \
+    --enable-version3 \
  ; \
  make -j$(nproc); \
  make install;
@ -253,57 +267,58 @@ ARG TARGETPLATFORM
 COPY Gemfile* /opt/mastodon/

 RUN \
-  # Mount Ruby Gem caches
-  --mount=type=cache,id=gem-cache-${TARGETPLATFORM},target=/usr/local/bundle/cache/,sharing=locked \
-  # Configure bundle to prevent changes to Gemfile and Gemfile.lock
+# Mount Ruby Gem caches
+--mount=type=cache,id=gem-cache-${TARGETPLATFORM},target=/usr/local/bundle/cache/,sharing=locked \
+# Configure bundle to prevent changes to Gemfile and Gemfile.lock
  bundle config set --global frozen "true"; \
-  # Configure bundle to not cache downloaded Gems
+# Configure bundle to not cache downloaded Gems
  bundle config set --global cache_all "false"; \
-  # Configure bundle to only process production Gems
+# Configure bundle to only process production Gems
  bundle config set --local without "development test"; \
-  # Configure bundle to not warn about root user
+# Configure bundle to not warn about root user
  bundle config set silence_root_warning "true"; \
-  # Download and install required Gems
+# Download and install required Gems
  bundle install -j"$(nproc)";

+# Create temporary node specific build layer from build layer
+FROM build AS yarn
+
+ARG TARGETPLATFORM
+
+# Copy Node package configuration files into working directory
+COPY package.json yarn.lock .yarnrc.yml /opt/mastodon/
+COPY streaming/package.json /opt/mastodon/streaming/
+COPY .yarn /opt/mastodon/.yarn
+
+# hadolint ignore=DL3008
+RUN \
+--mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
+--mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
+# Install Node packages
+  yarn workspaces focus --production @mastodon/mastodon;
+
 # Create temporary assets build layer from build layer
 FROM build AS precompiler

-ARG TARGETPLATFORM
-
-# Copy Mastodon sources into layer
+# Copy Mastodon sources into precompiler layer
 COPY . /opt/mastodon/

-# Copy Node.js binaries/libraries into layer
-COPY --from=node /usr/local/bin /usr/local/bin
-COPY --from=node /usr/local/lib /usr/local/lib
-
-RUN \
-  # Configure Corepack
-  rm /usr/local/bin/yarn*; \
-  corepack enable; \
-  corepack prepare --activate;
-
-# hadolint ignore=DL3008
-RUN \
-  --mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
-  --mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
-  # Install Node.js packages
-  yarn workspaces focus --production @mastodon/mastodon;
-
-# Copy libvips components into layer for precompiler
-COPY --from=libvips /usr/local/libvips/bin /usr/local/bin
-COPY --from=libvips /usr/local/libvips/lib /usr/local/lib
-# Copy bundler packages into layer for precompiler
+# Copy bundler and node packages from build layer to container
+COPY --from=yarn /opt/mastodon /opt/mastodon/
 COPY --from=bundler /opt/mastodon /opt/mastodon/
 COPY --from=bundler /usr/local/bundle/ /usr/local/bundle/
+# Copy libvips components to layer for precompiler
+COPY --from=libvips /usr/local/libvips/bin /usr/local/bin
+COPY --from=libvips /usr/local/libvips/lib /usr/local/lib
+
+ARG TARGETPLATFORM

 RUN \
  ldconfig; \
-  # Use Ruby on Rails to create Mastodon assets
+# Use Ruby on Rails to create Mastodon assets
  SECRET_KEY_BASE_DUMMY=1 \
  bundle exec rails assets:precompile; \
-  # Cleanup temporary files
+# Cleanup temporary files
  rm -fr /opt/mastodon/tmp;

 # Prep final Mastodon Ruby layer
@ -313,49 +328,49 @@ ARG TARGETPLATFORM

 # hadolint ignore=DL3008
 RUN \
-  # Mount Apt cache and lib directories from Docker buildx caches
-  --mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-  # Mount Corepack and Yarn caches from Docker buildx caches
-  --mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
-  --mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
-  # Apt update install non-dev versions of necessary components
+# Mount Apt cache and lib directories from Docker buildx caches
+--mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
+--mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
+# Mount Corepack and Yarn caches from Docker buildx caches
+--mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
+--mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
+# Apt update install non-dev versions of necessary components
  apt-get install -y --no-install-recommends \
-  libexpat1 \
-  libglib2.0-0t64 \
-  libicu76 \
-  libidn12 \
-  libpq5 \
-  libreadline8t64 \
-  libssl3t64 \
-  libyaml-0-2 \
+    libexpat1 \
+    libglib2.0-0 \
+    libicu72 \
+    libidn12 \
+    libpq5 \
+    libreadline8 \
+    libssl3 \
+    libyaml-0-2 \
  # libvips components
-  libcgif0 \
-  libexif12 \
-  libheif1 \
-  libhwy1t64 \
-  libimagequant0 \
-  libjpeg62-turbo \
-  liblcms2-2 \
-  libspng0 \
-  libtiff6 \
-  libwebp7 \
-  libwebpdemux2 \
-  libwebpmux3 \
+    libcgif0 \
+    libexif12 \
+    libheif1/bookworm-backports \
+    libimagequant0 \
+    libjpeg62-turbo \
+    liblcms2-2 \
+    liborc-0.4-0 \
+    libspng0 \
+    libtiff6 \
+    libwebp7 \
+    libwebpdemux2 \
+    libwebpmux3 \
  # ffmpeg components
-  libdav1d7 \
-  libmp3lame0 \
-  libopencore-amrnb0 \
-  libopencore-amrwb0 \
-  libopus0 \
-  libsnappy1v5 \
-  libtheora0 \
-  libvorbis0a \
-  libvorbisenc2 \
-  libvorbisfile3 \
-  libvpx9 \
-  libx264-164 \
-  libx265-215 \
+    libdav1d6 \
+    libmp3lame0 \
+    libopencore-amrnb0 \
+    libopencore-amrwb0 \
+    libopus0 \
+    libsnappy1v5 \
+    libtheora0 \
+    libvorbis0a \
+    libvorbisenc2 \
+    libvorbisfile3 \
+    libvpx7 \
+    libx264-164 \
+    libx265-199 \
  ;

 # Copy Mastodon sources into final layer
@ -375,7 +390,7 @@ COPY --from=ffmpeg /usr/local/ffmpeg/lib /usr/local/lib

 RUN \
  ldconfig; \
-  # Smoketest media processors
+# Smoketest media processors
  vips -v; \
  ffmpeg -version; \
  ffprobe -version;
@ -385,10 +400,10 @@ RUN \
  bundle exec bootsnap precompile --gemfile app/ lib/;

 RUN \
-  # Pre-create and chown system volume to Mastodon user
+# Pre-create and chown system volume to Mastodon user
  mkdir -p /opt/mastodon/public/system; \
  chown mastodon:mastodon /opt/mastodon/public/system; \
-  # Set Mastodon user as owner of tmp folder
+# Set Mastodon user as owner of tmp folder
  chown -R mastodon:mastodon /opt/mastodon/tmp;

 # Set the running user for resulting container
--- a/FEDERATION.md
+++ b/FEDERATION.md
@ -13,8 +13,6 @@
 - [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
 - [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)
 - [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)
- [FEP-044f: Consent-respecting quote posts](https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md)
- [FEP-3b86: Activity Intents](https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md): offer handlers for `Object` and `Create` (with support for the `content` parameter only), has support for the `Follow`, `Announce`, `Like` and `Object` intents

 ## ActivityPub in Mastodon

@ -49,25 +47,3 @@ Mastodon requires all `POST` requests to be signed, and MAY require `GET` reques
 ### Additional documentation

 - [Mastodon documentation](https://docs.joinmastodon.org/)
-
-## Size limits
-
-Mastodon imposes a few hard limits on federated content.
-These limits are intended to be very generous and way above what the Mastodon user experience is optimized for, so as to accommodate future changes and unusual or unforeseen usage patterns, while still providing some limits for performance reasons.
-The following table summarizes those limits.
-
-| Limited property                                              | Size limit | Consequence of exceeding the limit |
-| ------------------------------------------------------------- | ---------- | ---------------------------------- |
-| Serialized JSON-LD                                            | 1MB        | **Activity is rejected/dropped**   |
-| Profile fields (actor `PropertyValue` attachments) name/value | 2047       | Field name/value is truncated      |
-| Number of profile fields (actor `PropertyValue` attachments)  | 50         | Fields list is truncated           |
-| Poll options (number of `anyOf`/`oneOf` in a `Question`)      | 500        | Items list is truncated            |
-| Account username (actor `preferredUsername`) length           | 2048       | **Actor will be rejected**         |
-| Account display name (actor `name`) length                    | 2048       | Display name will be truncated     |
-| Account note (actor `summary`) length                         | 20kB       | Account note will be truncated     |
-| Account `attributionDomains`                                  | 256        | List will be truncated             |
-| Account aliases (actor `alsoKnownAs`)                         | 256        | List will be truncated             |
-| Custom emoji shortcode (`Emoji` `name`)                       | 2048       | Emoji will be rejected             |
-| Media and avatar/header descriptions (`name`/`summary`)       | 1500       | Description will be truncated      |
-| Collection name (`FeaturedCollection` `name`)                 | 256        | Name will be truncated             |
-| Collection description (`FeaturedCollection` `summary`)       | 2048       | Description will be truncated      |
--- a/131
+++ b/131
@ -1,34 +1,34 @@
 # frozen_string_literal: true

 source 'https://rubygems.org'
-ruby '>= 3.2.0', '< 3.5.0'
+ruby '>= 3.1.0'

 gem 'propshaft'
-gem 'puma', '~> 7.0'
-gem 'rails', '~> 8.1.0'
+gem 'puma', '~> 6.3'
+gem 'rack', '~> 2.2.7'
+gem 'rails', '~> 7.1.1'
 gem 'thor', '~> 1.2'

 gem 'dotenv'
-gem 'haml-rails', '~>3.0'
+gem 'haml-rails', '~>2.0'
 gem 'pg', '~> 1.5'
 gem 'pghero'

-gem 'aws-sdk-core', require: false
 gem 'aws-sdk-s3', '~> 1.123', require: false
 gem 'blurhash', '~> 0.1'
-gem 'fog-core', '<= 2.6.0'
+gem 'fog-core', '<= 2.5.0'
 gem 'fog-openstack', '~> 1.0', require: false
-gem 'jd-paperclip-azure', '~> 3.0', require: false
 gem 'kt-paperclip', '~> 7.2'
+gem 'md-paperclip-azure', '~> 2.2', require: false
 gem 'ruby-vips', '~> 2.2', require: false

 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
-gem 'bootsnap', require: false
-gem 'browser'
+gem 'bootsnap', '~> 1.18.0', require: false
+gem 'browser', '< 6' # https://github.com/fnando/browser/issues/543
 gem 'charlock_holmes', '~> 0.7.7'
-gem 'chewy'
-gem 'devise'
+gem 'chewy', '~> 7.3'
+gem 'devise', '~> 4.9'
 gem 'devise-two-factor'

 group :pam_authentication, optional: true do
@ -39,86 +39,82 @@ gem 'net-ldap', '~> 0.18'

 gem 'omniauth', '~> 2.0'
 gem 'omniauth-cas', '~> 3.0.0.beta.1'
-gem 'omniauth_openid_connect', '~> 0.8.0'
-gem 'omniauth-rails_csrf_protection', '~> 2.0'
+gem 'omniauth_openid_connect', '~> 0.6.1'
+gem 'omniauth-rails_csrf_protection', '~> 1.0'
 gem 'omniauth-saml', '~> 2.0'

 gem 'color_diff', '~> 0.1'
 gem 'csv', '~> 3.2'
 gem 'discard', '~> 1.2'
 gem 'doorkeeper', '~> 5.6'
-gem 'faraday-httpclient'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'hiredis', '~> 0.6'
-gem 'hiredis-client'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 5.3.0'
+gem 'http', '~> 5.2.0'
 gem 'http_accept_language', '~> 2.1'
-gem 'httplog', '~> 1.8.0', require: false
+gem 'httplog', '~> 1.7.0'
 gem 'i18n'
 gem 'idn-ruby', require: 'idn'
 gem 'inline_svg'
 gem 'irb', '~> 1.8'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
-gem 'linzer', '~> 0.7.7'
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'mime-types', '~> 3.7.0', require: 'mime/types/columnar'
-gem 'mutex_m'
+gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
 gem 'nokogiri', '~> 1.15'
+gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
 gem 'premailer-rails'
-gem 'public_suffix', '~> 7.0'
+gem 'public_suffix', '~> 6.0'
 gem 'pundit', '~> 2.3'
 gem 'rack-attack', '~> 6.6'
-gem 'rack-cors', require: 'rack/cors'
-gem 'rails-i18n', '~> 8.0'
+gem 'rack-cors', '~> 2.0', require: 'rack/cors'
+gem 'rails-i18n', '~> 7.0'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
-gem 'rqrcode', '~> 3.0'
+gem 'redis-namespace', '~> 1.10'
+gem 'rqrcode', '~> 2.2'
 gem 'ruby-progressbar', '~> 1.13'
-gem 'sanitize', '~> 7.0'
+gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.7'
-gem 'sidekiq', '< 9'
+gem 'sidekiq', '~> 6.5'
 gem 'sidekiq-bulk', '~> 0.2.0'
-gem 'sidekiq-scheduler', '~> 6.0'
-gem 'sidekiq-unique-jobs', '> 8'
+gem 'sidekiq-scheduler', '~> 5.0'
+gem 'sidekiq-unique-jobs', '~> 7.1'
 gem 'simple_form', '~> 5.2'
 gem 'simple-navigation', '~> 4.4'
-gem 'stoplight'
+gem 'stoplight', '~> 4.1'
 gem 'strong_migrations'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2023'
 gem 'webauthn', '~> 3.0'
-gem 'webpush', github: 'mastodon/webpush', ref: '9631ac63045cfabddacc69fc06e919b4c13eb913'
+gem 'webpacker', '~> 5.4'
+gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'

-gem 'json'
 gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
 gem 'rdf-normalize', '~> 0.5'

-gem 'prometheus_exporter', '~> 2.2', require: false
-
-gem 'opentelemetry-api', '~> 1.8.0'
+gem 'opentelemetry-api', '~> 1.4.0'

 group :opentelemetry do
-  gem 'opentelemetry-exporter-otlp', '~> 0.32.0', require: false
-  gem 'opentelemetry-instrumentation-active_job', '~> 0.10.0', require: false
-  gem 'opentelemetry-instrumentation-active_model_serializers', '~> 0.24.0', require: false
-  gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.24.0', require: false
-  gem 'opentelemetry-instrumentation-excon', '~> 0.28.0', require: false
-  gem 'opentelemetry-instrumentation-faraday', '~> 0.32.0', require: false
-  gem 'opentelemetry-instrumentation-http', '~> 0.29.0', require: false
-  gem 'opentelemetry-instrumentation-http_client', '~> 0.28.0', require: false
-  gem 'opentelemetry-instrumentation-net_http', '~> 0.28.0', require: false
-  gem 'opentelemetry-instrumentation-pg', '~> 0.35.0', require: false
-  gem 'opentelemetry-instrumentation-rack', '~> 0.30.0', require: false
-  gem 'opentelemetry-instrumentation-rails', '~> 0.40.0', require: false
-  gem 'opentelemetry-instrumentation-redis', '~> 0.28.0', require: false
-  gem 'opentelemetry-instrumentation-sidekiq', '~> 0.28.0', require: false
+  gem 'opentelemetry-exporter-otlp', '~> 0.29.0', require: false
+  gem 'opentelemetry-instrumentation-active_job', '~> 0.7.1', require: false
+  gem 'opentelemetry-instrumentation-active_model_serializers', '~> 0.20.1', require: false
+  gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.21.2', require: false
+  gem 'opentelemetry-instrumentation-excon', '~> 0.22.0', require: false
+  gem 'opentelemetry-instrumentation-faraday', '~> 0.24.1', require: false
+  gem 'opentelemetry-instrumentation-http', '~> 0.23.2', require: false
+  gem 'opentelemetry-instrumentation-http_client', '~> 0.22.3', require: false
+  gem 'opentelemetry-instrumentation-net_http', '~> 0.22.4', require: false
+  gem 'opentelemetry-instrumentation-pg', '~> 0.29.0', require: false
+  gem 'opentelemetry-instrumentation-rack', '~> 0.24.1', require: false
+  gem 'opentelemetry-instrumentation-rails', '~> 0.31.0', require: false
+  gem 'opentelemetry-instrumentation-redis', '~> 0.25.3', require: false
+  gem 'opentelemetry-instrumentation-sidekiq', '~> 0.25.2', require: false
  gem 'opentelemetry-sdk', '~> 1.4', require: false
 end

@ -127,15 +123,17 @@ group :test do
  gem 'flatware-rspec'

  # Adds RSpec Error/Warning annotations to GitHub PRs on the Files tab
-  gem 'rspec-github', '~> 3.0', require: false
+  gem 'rspec-github', '~> 2.4', require: false
+
+  # RSpec helpers for email specs
+  gem 'email_spec'

  # Extra RSpec extension methods and helpers for sidekiq
  gem 'rspec-sidekiq', '~> 5.0'

  # Browser integration testing
  gem 'capybara', '~> 3.39'
-  gem 'capybara-playwright-driver'
-  gem 'playwright-ruby-client', '1.57.1', require: false # Pinning the exact version as it needs to be kept in sync with the installed npm package
+  gem 'selenium-webdriver'

  # Used to reset the database between system tests
  gem 'database_cleaner-active_record'
@ -143,48 +141,47 @@ group :test do
  # Used to mock environment variables
  gem 'climate_control'

+  # Add back helpers functions removed in Rails 5.1
+  gem 'rails-controller-testing', '~> 1.0'
+
  # Validate schemas in specs
-  gem 'json-schema', '~> 6.0'
+  gem 'json-schema', '~> 5.0'

  # Test harness fo rack components
  gem 'rack-test', '~> 2.1'

  gem 'shoulda-matchers'

-  # Coverage formatter for RSpec
+  # Coverage formatter for RSpec test if DISABLE_SIMPLECOV is false
  gem 'simplecov', '~> 0.22', require: false
  gem 'simplecov-lcov', '~> 0.8', require: false

  # Stub web requests for specs
  gem 'webmock', '~> 3.18'
-
-  # Websocket driver for testing integration between rails/sidekiq and streaming
-  gem 'websocket-driver', '~> 0.8', require: false
 end

 group :development do
  # Code linting CLI and plugins
  gem 'rubocop', require: false
  gem 'rubocop-capybara', require: false
-  gem 'rubocop-i18n', require: false
  gem 'rubocop-performance', require: false
  gem 'rubocop-rails', require: false
  gem 'rubocop-rspec', require: false
  gem 'rubocop-rspec_rails', require: false

  # Annotates modules with schema
-  gem 'annotaterb', '~> 4.13', require: false
+  gem 'annotate', '~> 3.2'

  # Enhanced error message pages for development
  gem 'better_errors', '~> 2.9'
-  gem 'binding_of_caller'
+  gem 'binding_of_caller', '~> 1.0'

  # Preview mail in the browser
  gem 'letter_opener', '~> 1.8'
  gem 'letter_opener_web', '~> 3.0'

  # Security analysis CLI tools
-  gem 'brakeman', '~> 8.0', require: false
+  gem 'brakeman', '~> 6.0', require: false
  gem 'bundler-audit', '~> 0.9', require: false

  # Linter CLI for HAML files
@ -196,22 +193,22 @@ end

 group :development, :test do
  # Interactive Debugging tools
-  gem 'debug', '~> 1.8', require: false
+  gem 'debug', '~> 1.8'

  # Generate fake data values
  gem 'faker', '~> 3.2'

  # Generate factory objects
-  gem 'fabrication'
+  gem 'fabrication', '~> 2.30'

  # Profiling tools
  gem 'memory_profiler', require: false
  gem 'ruby-prof', require: false
  gem 'stackprof', require: false
-  gem 'test-prof', require: false
+  gem 'test-prof'

  # RSpec runner for rails
-  gem 'rspec-rails', '~> 8.0'
+  gem 'rspec-rails', '~> 7.0'
 end

 group :production do
@ -223,11 +220,9 @@ gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'

-gem 'net-http', '~> 0.6.0'
-gem 'rubyzip', '~> 3.0'
+gem 'net-http', '~> 0.4.0'
+gem 'rubyzip', '~> 2.3'

 gem 'hcaptcha', '~> 7.1'

 gem 'mail', '~> 2.8'
-
-gem 'vite_rails', '~> 3.0.19'
--- a/Gemfile.lock
+++ b/Gemfile.lock
--- a/Procfile.dev
+++ b/Procfile.dev
@ -1,4 +1,4 @@
 web: env PORT=3000 RAILS_ENV=development bundle exec puma -C config/puma.rb
 sidekiq: env PORT=3000 RAILS_ENV=development bundle exec sidekiq
 stream: env PORT=4000 yarn workspace @mastodon/streaming start
-vite: yarn dev
+webpack: bin/webpack-dev-server
--- a/README.md
+++ b/README.md
@ -1,100 +1,158 @@
-> [!NOTE]
-> Want to learn more about Mastodon?
-> Click below to find out more in a video.
+<h1><picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
+  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
+  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
+</picture></h1>

-<p align="center">
-  <a style="text-decoration:none" href="https://www.youtube.com/watch?v=IPSbNdBmWKE">
-    <img alt="Mastodon hero image" src="https://github.com/user-attachments/assets/ef53f5e9-c0d8-484d-9f53-00efdebb92c3" />
-  </a>
-</p>
+[![GitHub release](https://img.shields.io/github/release/mastodon/mastodon.svg)][releases]
+[![Ruby Testing](https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml/badge.svg)](https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml)
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)][crowdin]

-<p align="center">
-  <a style="text-decoration:none" href="https://github.com/mastodon/mastodon/releases">
-    <img src="https://img.shields.io/github/release/mastodon/mastodon.svg" alt="Release" /></a>
-  <a style="text-decoration:none" href="https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml">
-    <img src="https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml/badge.svg" alt="Ruby Testing" /></a>
-  <a style="text-decoration:none" href="https://crowdin.com/project/mastodon">
-    <img src="https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg" alt="Crowdin" /></a>
-</p>
+[releases]: https://github.com/mastodon/mastodon/releases
+[crowdin]: https://crowdin.com/project/mastodon

-Mastodon is a **free, open-source social network server** based on [ActivityPub](https://www.w3.org/TR/activitypub/) where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub!)
+Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub!)
+
+Click below to **learn more** in a video:
+
+[![Screenshot](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/ezgif-2-60f1b00403.gif)][youtube_demo]
+
+[youtube_demo]: https://www.youtube.com/watch?v=IPSbNdBmWKE

 ## Navigation

 - [Project homepage 🐘](https://joinmastodon.org)
- [Donate to support development 🎁](https://joinmastodon.org/sponsors#donate)
-  - [View sponsors](https://joinmastodon.org/sponsors)
- [Blog 📰](https://blog.joinmastodon.org)
- [Documentation 📚](https://docs.joinmastodon.org)
- [Official container image 🚢](https://github.com/mastodon/mastodon/pkgs/container/mastodon)
+- [Support the development via Patreon][patreon]
+- [View sponsors](https://joinmastodon.org/sponsors)
+- [Blog](https://blog.joinmastodon.org)
+- [Documentation](https://docs.joinmastodon.org)
+- [Roadmap](https://joinmastodon.org/roadmap)
+- [Official Docker image](https://github.com/mastodon/mastodon/pkgs/container/mastodon)
+- [Browse Mastodon servers](https://joinmastodon.org/communities)
+- [Browse Mastodon apps](https://joinmastodon.org/apps)
+
+[patreon]: https://www.patreon.com/mastodon

 ## Features

-<img src="./app/javascript/images/elephant_ui_working.svg?raw=true" align="right" width="30%" />
+<img src="/app/javascript/images/elephant_ui_working.svg?raw=true" align="right" width="30%" />

-**Part of the Fediverse. Based on open standards, with no vendor lock-in.** - the network goes beyond just Mastodon; anything that implements ActivityPub is part of a broader social network known as [the Fediverse](https://jointhefediverse.net/). You can follow and interact with users on other servers (including those running different software), and they can follow you back.
+### No vendor lock-in: Fully interoperable with any conforming platform

-**Real-time, chronological timeline updates** - updates of people you're following appear in real-time in the UI.
+It doesn't have to be Mastodon; whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)

-**Media attachments** - upload and view images and videos attached to the updates. Videos with no audio track are treated like animated GIFs; normal videos loop continuously.
+### Real-time, chronological timeline updates

-**Safety and moderation tools** - Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking, and many other features, along with a reporting and moderation system.
+Updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!

-**OAuth2 and a straightforward REST API** - Mastodon acts as an OAuth2 provider, and third party apps can use the REST and Streaming APIs. This results in a [rich app ecosystem](https://joinmastodon.org/apps) with a variety of choices!
+### Media attachments like images and short videos
+
+Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos loop continuously!
+
+### Safety and moderation tools
+
+Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking, and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
+
+### OAuth2 and a straightforward REST API
+
+Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Streaming APIs. This results in a rich app ecosystem with a lot of choices!

 ## Deployment

 ### Tech stack

- [Ruby on Rails](https://github.com/rails/rails) powers the REST API and other web pages.
- [PostgreSQL](https://www.postgresql.org/) is the main database.
- [Redis](https://redis.io/) and [Sidekiq](https://sidekiq.org/) are used for caching and queueing.
- [Node.js](https://nodejs.org/) powers the streaming API.
- [React.js](https://reactjs.org/) and [Redux](https://redux.js.org/) are used for the dynamic parts of the interface.
- [BrowserStack](https://www.browserstack.com/) supports testing on real devices and browsers. (This project is tested with BrowserStack)
- [Chromatic](https://www.chromatic.com/) provides visual regression testing. (This project is tested with Chromatic)
+- **Ruby on Rails** powers the REST API and other web pages
+- **React.js** and **Redux** are used for the dynamic parts of the interface
+- **Node.js** powers the streaming API

 ### Requirements

- **Ruby** 3.2+
- **PostgreSQL** 14+
- **Redis** 7.0+
- **Node.js** 20+
- **FFmpeg** 5.1+
+- **PostgreSQL** 12+
+- **Redis** 4+
+- **Ruby** 3.1+
+- **Node.js** 18+

-This repository includes deployment configurations for **Docker and docker-compose**, as well as for other environments like Heroku and Scalingo. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). A [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the main documentation.
+The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, and **Scalingo**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
+
+## Development
+
+### Vagrant
+
+A **Vagrant** configuration is included for development purposes. To use it, complete the following steps:
+
+- Install Vagrant and Virtualbox
+- Install the `vagrant-hostsupdater` plugin: `vagrant plugin install vagrant-hostsupdater`
+- Run `vagrant up`
+- Run `vagrant ssh -c "cd /vagrant && bin/dev"`
+- Open `http://mastodon.local` in your browser
+
+### macOS
+
+To set up **macOS** for native development, complete the following steps:
+
+- Install [Homebrew] and run `brew install postgresql@14 redis imagemagick
+libidn nvm` to install the required project dependencies
+- Use a Ruby version manager to activate the ruby in `.ruby-version` and run
+  `nvm use` to activate the node version from `.nvmrc`
+- Run the `bin/setup` script, which will install the required ruby gems and node
+  packages and prepare the database for local development
+- Finally, run the `bin/dev` script which will launch services via `overmind`
+  (if installed) or `foreman`
+
+### Docker
+
+For production hosting and deployment with **Docker**, use the `Dockerfile` and
+`docker-compose.yml` in the project root directory.
+
+For local development, install and launch [Docker], and run:
+
+```shell
+docker compose -f .devcontainer/compose.yaml up -d
+docker compose -f .devcontainer/compose.yaml exec app bin/setup
+docker compose -f .devcontainer/compose.yaml exec app bin/dev
+```
+
+### Dev Containers
+
+Within IDEs that support the [Development Containers] specification, start the
+"Mastodon on local machine" container from the editor. The necessary `docker
+compose` commands to build and setup the container should run automatically. For
+**Visual Studio Code** this requires installing the [Dev Container extension].
+
+### GitHub Codespaces
+
+[GitHub Codespaces] provides a web-based version of VS Code and a cloud hosted
+development environment configured with the software needed for this project.
+
+[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)][codespace]
+
+- Click the button to create a new codespace, and confirm the options
+- Wait for the environment to build (takes a few minutes)
+- When the editor is ready, run `bin/dev` in the terminal
+- Wait for an _Open in Browser_ prompt. This will open Mastodon
+- On the _Ports_ tab "stream" setting change _Port visibility_ → _Public_

 ## Contributing

-Mastodon is **free, open-source software** licensed under **AGPLv3**. We welcome contributions and help from anyone who wants to improve the project.
+Mastodon is **free, open-source software** licensed under **AGPLv3**.

-You should read the overall [CONTRIBUTING](https://github.com/mastodon/.github/blob/main/CONTRIBUTING.md) guide, which covers our development processes.
+You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).

-You should also read and understand the [CODE OF CONDUCT](https://github.com/mastodon/.github/blob/main/CODE_OF_CONDUCT.md) that enables us to maintain a welcoming and inclusive community. Collaboration begins with mutual respect and understanding.
+**IRC channel**: #mastodon on irc.libera.chat

-You can learn about setting up a development environment in the [DEVELOPMENT](docs/DEVELOPMENT.md) documentation.
+## License

-If you would like to help with translations 🌐 you can do so on [Crowdin](https://crowdin.com/project/mastodon).
+Copyright (C) 2016-2024 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))

-## LICENSE
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

-Copyright (c) 2016-2025 Eugen Rochko (+ [`mastodon authors`](AUTHORS.md))
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

-Licensed under GNU Affero General Public License as stated in the [LICENSE](LICENSE):
+You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

-```text
-Copyright (c) 2016-2025 Eugen Rochko & other Mastodon contributors
-
-This program is free software: you can redistribute it and/or modify it under
-the terms of the GNU Affero General Public License as published by the Free
-Software Foundation, either version 3 of the License, or (at your option) any
-later version.
-
-This program is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-details.
-
-You should have received a copy of the GNU Affero General Public License along
-with this program. If not, see https://www.gnu.org/licenses/
-```
+[codespace]: https://codespaces.new/mastodon/mastodon?quickstart=1&devcontainer_path=.devcontainer%2Fcodespaces%2Fdevcontainer.json
+[Dev Container extension]: https://containers.dev/supporting#dev-containers
+[Development Containers]: https://containers.dev/supporting
+[Docker]: https://docs.docker.com
+[GitHub Codespaces]: https://docs.github.com/en/codespaces
+[Homebrew]: https://brew.sh
--- a/2
+++ b/2
@ -3,6 +3,6 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.

-require_relative 'config/application'
+require File.expand_path('config/application', __dir__)

 Rails.application.load_tasks
--- a/SECURITY.md
+++ b/SECURITY.md
@ -15,7 +15,7 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through

 | Version | Supported        |
 | ------- | ---------------- |
-| 4.5.x   | Yes              |
-| 4.4.x   | Yes              |
-| 4.3.x   | Until 2026-05-06 |
-| < 4.3   | No               |
+| 4.3.x   | Yes              |
+| 4.2.x   | Yes              |
+| 4.1.x   | Until 2025-04-08 |
+| < 4.1   | No               |
--- a/6
+++ b/6
@ -29,6 +29,7 @@ sudo apt-get install \
  libpq-dev \
  libxml2-dev \
  libxslt1-dev \
+  imagemagick \
  nodejs \
  redis-server \
  redis-tools \
@ -53,7 +54,6 @@ sudo apt-get install \
  pkg-config \
  protobuf-compiler \
  zlib1g-dev \
-  libvips42t64 \
  -y

 # Install rvm
@ -134,7 +134,7 @@ VAGRANTFILE_API_VERSION = "2"

 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

-  config.vm.box = "bento/ubuntu-24.04"
+  config.vm.box = "ubuntu/focal64"

  config.vm.provider :virtualbox do |vb|
    vb.name = "mastodon"
@ -174,7 +174,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  if config.vm.networks.any? { |type, options| type == :private_network }
    config.vm.synced_folder ".", "/vagrant", type: "nfs", mount_options: ['rw', 'actimeo=1']
  else
-    config.vm.synced_folder ".", "/vagrant", type: "rsync", create: true, rsync__args: ["--verbose", "--archive", "--delete", "-z"]
+    config.vm.synced_folder ".", "/vagrant"
  end

  # Otherwise, you can access the site at http://localhost:3000 and http://localhost:4000 , http://localhost:8080
--- a/app.json
+++ b/app.json
@ -17,6 +17,10 @@
      "description": "The secret key base",
      "generator": "secret"
    },
+    "OTP_SECRET": {
+      "description": "One-time password secret",
+      "generator": "secret"
+    },
    "SINGLE_USER_MODE": {
      "description": "Should the instance run in single user mode? (Disable registrations, redirect to front page)",
      "value": "false",
--- a/app/chewy/accounts_index.rb
+++ b/app/chewy/accounts_index.rb
@ -19,16 +19,9 @@ class AccountsIndex < Chewy::Index
        type: 'stemmer',
        language: 'possessive_english',
      },
-
-      word_joiner: {
-        type: 'shingle',
-        output_unigrams: true,
-        token_separator: '',
-      },
    },

    analyzer: {
-      # "The FOOING's bar" becomes "foo bar"
      natural: {
        tokenizer: 'standard',
        filter: %w(
@ -42,20 +35,11 @@ class AccountsIndex < Chewy::Index
        ),
      },

-      # "FOO bar" becomes "foo bar"
      verbatim: {
        tokenizer: 'standard',
        filter: %w(lowercase asciifolding cjk_width),
      },

-      # "Foo bar" becomes "foo bar foobar"
-      word_join_analyzer: {
-        type: 'custom',
-        tokenizer: 'standard',
-        filter: %w(lowercase asciifolding cjk_width word_joiner),
-      },
-
-      # "Foo bar" becomes "f fo foo b ba bar"
      edge_ngram: {
        tokenizer: 'edge_ngram',
        filter: %w(lowercase asciifolding cjk_width),
--- a/app/chewy/public_statuses_index.rb
+++ b/app/chewy/public_statuses_index.rb
@ -53,9 +53,9 @@ class PublicStatusesIndex < Chewy::Index
  }

  index_scope ::Status.unscoped
-    .kept
-    .indexable
-    .includes(:media_attachments, :preloadable_poll, :tags, preview_cards_status: :preview_card)
+                      .kept
+                      .indexable
+                      .includes(:media_attachments, :preloadable_poll, :tags, preview_cards_status: :preview_card)

  root date_detection: false do
    field(:id, type: 'long')
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -18,8 +18,6 @@ class AccountsController < ApplicationController
    respond_to do |format|
      format.html do
        expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
-
-        redirect_to short_account_path(@account) if account_id_param.present? && username_param.blank?
      end

      format.rss do
@ -73,10 +71,6 @@ class AccountsController < ApplicationController
    params[:username]
  end

-  def account_id_param
-    params[:id]
-  end
-
  def skip_temporary_suspension_response?
    request.format == :json
  end
--- a/app/controllers/activitypub/collections_controller.rb
+++ b/app/controllers/activitypub/collections_controller.rb
@ -1,36 +1,20 @@
 # frozen_string_literal: true

 class ActivityPub::CollectionsController < ActivityPub::BaseController
-  SUPPORTED_COLLECTIONS = %w(featured tags).freeze
-
  vary_by -> { 'Signature' if authorized_fetch_mode? }

  before_action :require_account_signature!, if: :authorized_fetch_mode?
-  before_action :check_authorization
  before_action :set_items
  before_action :set_size
  before_action :set_type

  def show
    expires_in 3.minutes, public: public_fetch_mode?
-
-    if @unauthorized
-      render json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
-    else
-      render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
-    end
+    render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
  end

  private

-  def check_authorization
-    # Because in public fetch mode we cache the response, there would be no
-    # benefit from performing the check below, since a blocked account or domain
-    # would likely be served the cache from the reverse proxy anyway
-
-    @unauthorized = authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
-  end
-
  def set_items
    case params[:id]
    when 'featured'
@ -65,7 +49,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController

  def collection_presenter
    ActivityPub::CollectionPresenter.new(
-      id: ActivityPub::TagManager.instance.collection_uri_for(@account, params[:id]),
+      id: account_collection_url(@account, params[:id]),
      type: @type,
      size: @size,
      items: @items
@ -73,7 +57,11 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
  end

  def for_signed_account
-    if @unauthorized
+    # Because in public fetch mode we cache the response, there would be no
+    # benefit from performing the check below, since a blocked account or domain
+    # would likely be served the cache from the reverse proxy anyway
+
+    if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
      []
    else
      yield
--- a/app/controllers/activitypub/contexts_controller.rb
+++ b/app/controllers/activitypub/contexts_controller.rb
@ -1,81 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::ContextsController < ActivityPub::BaseController
-  vary_by -> { 'Signature' if authorized_fetch_mode? }
-
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
-  before_action :set_conversation
-  before_action :set_items
-
-  DESCENDANTS_LIMIT = 60
-
-  def show
-    expires_in 3.minutes, public: public_fetch_mode?
-    render_with_cache json: context_presenter, serializer: ActivityPub::ContextSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
-  end
-
-  def items
-    expires_in 3.minutes, public: public_fetch_mode?
-    render_with_cache json: items_collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
-  end
-
-  private
-
-  def account_required?
-    false
-  end
-
-  def set_conversation
-    account_id, status_id = params[:id].split('-')
-    @conversation = Conversation.local.find_by(parent_account_id: account_id, parent_status_id: status_id)
-  end
-
-  def set_items
-    @items = @conversation.statuses.distributable_visibility.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
-  end
-
-  def context_presenter
-    first_page = ActivityPub::CollectionPresenter.new(
-      type: :unordered,
-      part_of: context_url(@conversation),
-      next: next_page,
-      items: @items.map { |status| status.local? ? ActivityPub::TagManager.instance.uri_for(status) : status.uri }
-    )
-
-    ActivityPub::ContextPresenter.from_conversation(@conversation).tap do |presenter|
-      presenter.first = first_page
-    end
-  end
-
-  def items_collection_presenter
-    page = ActivityPub::CollectionPresenter.new(
-      id: items_context_url(@conversation, page_params),
-      type: :unordered,
-      part_of: context_url(@conversation),
-      next: next_page,
-      items: @items.map { |status| status.local? ? ActivityPub::TagManager.instance.uri_for(status) : status.uri }
-    )
-
-    return page if page_requested?
-
-    ActivityPub::CollectionPresenter.new(
-      id: items_context_url(@conversation),
-      type: :unordered,
-      first: page
-    )
-  end
-
-  def page_requested?
-    truthy_param?(:page)
-  end
-
-  def next_page
-    return nil if @items.size < DESCENDANTS_LIMIT
-
-    items_context_url(@conversation, page: true, min_id: @items.last.id)
-  end
-
-  def page_params
-    params.permit(:page, :min_id)
-  end
-end
--- a/app/controllers/activitypub/feature_authorizations_controller.rb
+++ b/app/controllers/activitypub/feature_authorizations_controller.rb
@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::FeatureAuthorizationsController < ActivityPub::BaseController
-  include Authorization
-
-  vary_by -> { 'Signature' if authorized_fetch_mode? }
-
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
-  before_action :set_collection_item
-
-  def show
-    expires_in 30.seconds, public: true if public_fetch_mode?
-    render json: @collection_item, serializer: ActivityPub::FeatureAuthorizationSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
-  end
-
-  private
-
-  def pundit_user
-    signed_request_account
-  end
-
-  def set_collection_item
-    @collection_item = @account.collection_items.accepted.find(params[:id])
-
-    authorize @collection_item.collection, :show?
-  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
-    not_found
-  end
-end
--- a/app/controllers/activitypub/featured_collections_controller.rb
+++ b/app/controllers/activitypub/featured_collections_controller.rb
@ -1,77 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::FeaturedCollectionsController < ApplicationController
-  include SignatureAuthentication
-  include Authorization
-  include AccountOwnedConcern
-
-  PER_PAGE = 5
-
-  vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
-
-  before_action :check_feature_enabled
-  before_action :require_account_signature!, if: -> { authorized_fetch_mode? }
-  before_action :set_collections
-
-  skip_around_action :set_locale
-  skip_before_action :require_functional!, unless: :limited_federation_mode?
-
-  def index
-    respond_to do |format|
-      format.json do
-        expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)
-
-        render json: collection_presenter,
-               serializer: ActivityPub::CollectionSerializer,
-               adapter: ActivityPub::Adapter,
-               content_type: 'application/activity+json'
-      end
-    end
-  end
-
-  private
-
-  def set_collections
-    authorize @account, :index_collections?
-    @collections = @account.collections.page(params[:page]).per(PER_PAGE)
-  rescue Mastodon::NotPermittedError
-    not_found
-  end
-
-  def page_requested?
-    params[:page].present?
-  end
-
-  def next_page_url
-    ap_account_featured_collections_url(@account, page: @collections.next_page) if @collections.respond_to?(:next_page)
-  end
-
-  def prev_page_url
-    ap_account_featured_collections_url(@account, page: @collections.prev_page) if @collections.respond_to?(:prev_page)
-  end
-
-  def collection_presenter
-    if page_requested?
-      ActivityPub::CollectionPresenter.new(
-        id: ap_account_featured_collections_url(@account, page: params.fetch(:page, 1)),
-        type: :unordered,
-        size: @account.collections.count,
-        items: @collections,
-        part_of: ap_account_featured_collections_url(@account),
-        next: next_page_url,
-        prev: prev_page_url
-      )
-    else
-      ActivityPub::CollectionPresenter.new(
-        id: ap_account_featured_collections_url(@account),
-        type: :unordered,
-        size: @account.collections.count,
-        first: ap_account_featured_collections_url(@account, page: 1)
-      )
-    end
-  end
-
-  def check_feature_enabled
-    raise ActionController::RoutingError unless Mastodon::Feature.collections_enabled?
-  end
-end
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@ -3,7 +3,6 @@
 class ActivityPub::InboxesController < ActivityPub::BaseController
  include JsonLdHelper

-  before_action :skip_large_payload
  before_action :skip_unknown_actor_activity
  before_action :require_actor_signature!
  skip_before_action :authenticate_user!
@ -17,18 +16,14 @@ class ActivityPub::InboxesController < ActivityPub::BaseController

  private

-  def skip_large_payload
-    head 413 if request.content_length > ActivityPub::Activity::MAX_JSON_SIZE
-  end
-
  def skip_unknown_actor_activity
    head 202 if unknown_affected_account?
  end

  def unknown_affected_account?
-    json = JSON.parse(body)
+    json = Oj.load(body, mode: :strict)
    json.is_a?(Hash) && %w(Delete Update).include?(json['type']) && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.exists?(uri: json['actor'])
-  rescue JSON::ParserError
+  rescue Oj::ParseError
    false
  end

@ -44,7 +39,7 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
    return @body if defined?(@body)

    @body = request.body.read
-    @body.presence&.force_encoding('UTF-8')
+    @body.force_encoding('UTF-8') if @body.present?

    request.body.rewind if request.body.respond_to?(:rewind)

--- a/app/controllers/activitypub/likes_controller.rb
+++ b/app/controllers/activitypub/likes_controller.rb
@ -22,13 +22,13 @@ class ActivityPub::LikesController < ActivityPub::BaseController
  def set_status
    @status = @account.statuses.find(params[:status_id])
    authorize @status, :show?
-  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
+  rescue Mastodon::NotPermittedError
    not_found
  end

  def likes_collection_presenter
    ActivityPub::CollectionPresenter.new(
-      id: ActivityPub::TagManager.instance.likes_uri_for(@status),
+      id: account_status_likes_url(@account, @status),
      type: :unordered,
      size: @status.favourites_count
    )
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@ -41,8 +41,12 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
    end
  end

-  def outbox_url(...)
-    ActivityPub::TagManager.instance.outbox_uri_for(@account, ...)
+  def outbox_url(**kwargs)
+    if params[:account_username].present?
+      account_outbox_url(@account, **kwargs)
+    else
+      instance_actor_outbox_url(**kwargs)
+    end
  end

  def next_page
@ -73,8 +77,6 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
  end

  def set_account
-    return super if params[:account_username].present? || params[:account_id].present?
-
-    @account = Account.representative
+    @account = params[:account_username].present? ? Account.find_local!(username_param) : Account.representative
  end
 end
--- a/app/controllers/activitypub/quote_authorizations_controller.rb
+++ b/app/controllers/activitypub/quote_authorizations_controller.rb
@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::QuoteAuthorizationsController < ActivityPub::BaseController
-  include Authorization
-
-  vary_by -> { 'Signature' if authorized_fetch_mode? }
-
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
-  before_action :set_quote_authorization
-
-  def show
-    expires_in 30.seconds, public: true if @quote.quoted_status.distributable? && public_fetch_mode?
-    render json: @quote, serializer: ActivityPub::QuoteAuthorizationSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
-  end
-
-  private
-
-  def pundit_user
-    signed_request_account
-  end
-
-  def set_quote_authorization
-    @quote = Quote.accepted.where(quoted_account: @account).find(params[:id])
-    return not_found unless @quote.status.present? && @quote.quoted_status.present?
-
-    authorize @quote.quoted_status, :show?
-  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
-    not_found
-  end
-end
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@ -25,7 +25,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  def set_status
    @status = @account.statuses.find(params[:status_id])
    authorize @status, :show?
-  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
+  rescue Mastodon::NotPermittedError
    not_found
  end

@ -37,7 +37,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController

  def replies_collection_presenter
    page = ActivityPub::CollectionPresenter.new(
-      id: ActivityPub::TagManager.instance.replies_uri_for(@status, page_params),
+      id: account_status_replies_url(@account, @status, page_params),
      type: :unordered,
      part_of: account_status_replies_url(@account, @status),
      next: next_page,
@ -47,7 +47,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
    return page if page_requested?

    ActivityPub::CollectionPresenter.new(
-      id: ActivityPub::TagManager.instance.replies_uri_for(@status),
+      id: account_status_replies_url(@account, @status),
      type: :unordered,
      first: page
    )
@ -66,7 +66,8 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
      # Only consider remote accounts
      return nil if @replies.size < DESCENDANTS_LIMIT

-      ActivityPub::TagManager.instance.replies_uri_for(
+      account_status_replies_url(
+        @account,
        @status,
        page: true,
        min_id: @replies&.last&.id,
@ -76,7 +77,8 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
      # For now, we're serving only self-replies, but next page might be other accounts
      next_only_other_accounts = @replies&.last&.account_id != @account.id || @replies.size < DESCENDANTS_LIMIT

-      ActivityPub::TagManager.instance.replies_uri_for(
+      account_status_replies_url(
+        @account,
        @status,
        page: true,
        min_id: next_only_other_accounts ? nil : @replies&.last&.id,
--- a/app/controllers/activitypub/shares_controller.rb
+++ b/app/controllers/activitypub/shares_controller.rb
@ -22,13 +22,13 @@ class ActivityPub::SharesController < ActivityPub::BaseController
  def set_status
    @status = @account.statuses.find(params[:status_id])
    authorize @status, :show?
-  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
+  rescue Mastodon::NotPermittedError
    not_found
  end

  def shares_collection_presenter
    ActivityPub::CollectionPresenter.new(
-      id: ActivityPub::TagManager.instance.shares_uri_for(@status),
+      id: account_status_shares_url(@account, @status),
      type: :unordered,
      size: @status.reblogs_count
    )
--- a/app/controllers/admin/account_actions_controller.rb
+++ b/app/controllers/admin/account_actions_controller.rb
@ -14,20 +14,16 @@ module Admin
    def create
      authorize @account, :show?

-      @account_action                 = Admin::AccountAction.new(resource_params)
-      @account_action.target_account  = @account
-      @account_action.current_account = current_account
+      account_action                 = Admin::AccountAction.new(resource_params)
+      account_action.target_account  = @account
+      account_action.current_account = current_account

-      if @account_action.save
-        if @account_action.with_report?
-          redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: resource_params[:report_id])
-        else
-          redirect_to admin_account_path(@account.id)
-        end
+      account_action.save!
+
+      if account_action.with_report?
+        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: resource_params[:report_id])
      else
-        @warning_presets = AccountWarningPreset.all
-
-        render :new
+        redirect_to admin_account_path(@account.id)
      end
    end

@ -38,8 +34,7 @@ module Admin
    end

    def resource_params
-      params
-        .expect(admin_account_action: [:type, :report_id, :warning_preset_id, :text, :send_email_notification, :include_statuses])
+      params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification, :include_statuses)
    end
  end
 end
--- a/app/controllers/admin/account_moderation_notes_controller.rb
+++ b/app/controllers/admin/account_moderation_notes_controller.rb
@ -29,8 +29,10 @@ module Admin
    private

    def resource_params
-      params
-        .expect(account_moderation_note: [:content, :target_account_id])
+      params.require(:account_moderation_note).permit(
+        :content,
+        :target_account_id
+      )
    end

    def set_account_moderation_note
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@ -16,14 +16,11 @@ module Admin
    def batch
      authorize :account, :index?

-      @form = Form::AccountBatch.new(
-        form_account_batch_params.merge(
-          action: action_from_button,
-          current_account:,
-          query: filtered_accounts,
-          select_all_matching: params[:select_all_matching]
-        )
-      )
+      @form = Form::AccountBatch.new(form_account_batch_params)
+      @form.current_account = current_account
+      @form.action = action_from_button
+      @form.select_all_matching = params[:select_all_matching]
+      @form.query = filtered_accounts
      @form.save
    rescue ActionController::ParameterMissing
      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
@ -161,8 +158,7 @@ module Admin
    end

    def form_account_batch_params
-      params
-        .expect(form_account_batch: [:action, account_ids: []])
+      params.require(:form_account_batch).permit(:action, account_ids: [])
    end

    def action_from_button
--- a/app/controllers/admin/action_logs_controller.rb
+++ b/app/controllers/admin/action_logs_controller.rb
@ -6,7 +6,7 @@ module Admin

    def index
      authorize :audit_log, :index?
-      @auditable_accounts = Account.auditable.select(:id, :username).order(username: :asc)
+      @auditable_accounts = Account.auditable.select(:id, :username)
    end

    private
--- a/app/controllers/admin/announcements/distributions_controller.rb
+++ b/app/controllers/admin/announcements/distributions_controller.rb
@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-class Admin::Announcements::DistributionsController < Admin::BaseController
-  before_action :set_announcement
-
-  def create
-    authorize @announcement, :distribute?
-    @announcement.touch(:notification_sent_at)
-    Admin::DistributeAnnouncementNotificationWorker.perform_async(@announcement.id)
-    redirect_to admin_announcements_path
-  end
-
-  private
-
-  def set_announcement
-    @announcement = Announcement.find(params[:announcement_id])
-  end
-end
--- a/app/controllers/admin/announcements/previews_controller.rb
+++ b/app/controllers/admin/announcements/previews_controller.rb
@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-class Admin::Announcements::PreviewsController < Admin::BaseController
-  before_action :set_announcement
-
-  def show
-    authorize @announcement, :distribute?
-    @user_count = @announcement.scope_for_notification.count
-  end
-
-  private
-
-  def set_announcement
-    @announcement = Announcement.find(params[:announcement_id])
-  end
-end
--- a/app/controllers/admin/announcements/tests_controller.rb
+++ b/app/controllers/admin/announcements/tests_controller.rb
@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-class Admin::Announcements::TestsController < Admin::BaseController
-  before_action :set_announcement
-
-  def create
-    authorize @announcement, :distribute?
-    UserMailer.announcement_published(current_user, @announcement).deliver_later!
-    redirect_to admin_announcements_path
-  end
-
-  private
-
-  def set_announcement
-    @announcement = Announcement.find(params[:announcement_id])
-  end
-end
--- a/app/controllers/admin/announcements_controller.rb
+++ b/app/controllers/admin/announcements_controller.rb
@ -84,7 +84,6 @@ class Admin::AnnouncementsController < Admin::BaseController
  end

  def resource_params
-    params
-      .expect(announcement: [:text, :scheduled_at, :starts_at, :ends_at, :all_day])
+    params.require(:announcement).permit(:text, :scheduled_at, :starts_at, :ends_at, :all_day)
  end
 end
--- a/Show More
+++ b/Show More
 @ -1 +1 @@
 .14
 .17
 @ -1 +1 @@
 .4.9
 .3.5