* Implement ability to send direct messages from the user menu

* Implement message warning users that direct messages are visible to all mentioned users

* Update locales

Cache API is not supported on Safari 11.0 / iOS 11.

Since those caching is optional, this patch simply ignores it.

`notification.status` may not be present, e.g. follow notification.

That way, they are displayed in a list below the corresponding toot.

add <div.zoomable-image__margin/> to keep margin of the image on zooming
move setting `scrollLeft` and `scrollTop` of container from callback of
`setState` to `componentDidUpdate`
add 'hammerjs' package for touch gesture detection
rewrite `ZoomableImage` using 'hammerjs'

max_id in the fetch request should be a status id, but media attachment id was used.

`Response.prototype.clone()` must be called before the response used.

This fixes an error from ServiceWorker and failing to load image when the
image is not cached.

This patch adds null item (i.e. gap) handling on below functions to avoid TypeError.

* `filterNotifications` called on user mute/block
* `deleteByStatus` called on status deletion

Note that this spec has a pending test about dots in the username,
because allowing it has been reverted for now.

Comparison was downcasing only one side, therefore if previously
existing account had a non-lowercase spelling, it would be ignored
when checking for duplicates.

New rake task `mastodon:maintenance:find_duplicate_usernames` will
help find constraint violations that might have occured from the
presence of this bug.

Bump version to 2.3.3

to_s method of HTTP::Response keeps blocking while it receives the whole
content, no matter how it is big. This means it may waste time to receive
unacceptably large files. It may also consume memory and disk in the
process. This solves the inefficency by checking response length while
receiving.

* Refactoring scss

introduce scss variables for the media modal
fix css block structure corresponding to react components
fix flex layouts
remove background image of the loaded image on the media modal

* Fix typo

* Fix stack overflow on importFetchedAccounts

  When the account has moved property, it should process destination
  account instead of source account itself.

* Set account id instead of account object for moved property

  This restores "foo has moved to" indication on account view, and
  fixes `reblog` index on `accounts` object store.

Signed-off-by: Marcin Mikołajczak <me@m4sk.in>

This reverts commit 40871caa.

Signed-off-by: Marcin Mikołajczak <me@m4sk.in>

* Invites: Add '1 week' as expire option

IMO a max. of 1 day is too short. Not everyone has the time and motivation to use an invite in a 24 hour period. 1 week as a max. is I think a good compromise between convenience and security.

* Invites: Add '1 week' as expire option

IMO a max. of 1 day is too short. Not everyone has the time and motivation to use an invite in a 24 hour period. 1 week as a max. is I think a good compromise between convenience and security.

* Update en.yml

HTTP connections must be explicitly closed in many cases, and letting
perform method close connections makes its callers less redundant and
prevent them from forgetting to close connections.

* Translated using Weblate (Galician)

Currently translated at 100.0% (587 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/gl/

* Translated using Weblate (Dutch)

Currently translated at 100.0% (587 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/nl/

* Translated using Weblate (Catalan)

Currently translated at 100.0% (587 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ca/

* Translated using Weblate (Arabic)

Currently translated at 76.4% (449 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (Japanese)

Currently translated at 99.8% (586 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Slovak)

Currently translated at 92.3% (542 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/sk/

* Translated using Weblate (Slovak)

Currently translated at 92.3% (542 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/sk/

* Translated using Weblate (Slovak)

Currently translated at 100.0% (58 of 58 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/sk/

* Translated using Weblate (Polish)

Currently translated at 98.9% (581 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/pl/

* Translated using Weblate (French)

Currently translated at 99.6% (585 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/fr/

* Translated using Weblate (Portuguese (Brazil))

Currently translated at 99.8% (586 of 587 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/pt_BR/

* Translated using Weblate (Catalan)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ca/

* bundle exec i18n-tasks normalize && yarn manage:translations

* Update oc.yml

* Update simple_form.oc.yml

* Update oc.json

* Update oc.yml

* bundle exec i18n-tasks normalize

Fix performance regression from #6836

Usernames with dots in them do not work with routes, because the dot usually separates the desired page format (e.g. json). I don't want to mess with changing route constraints for this patch release.

Fixes CVE-2018-8048 and CVE-2018-3740, two medium-severity XSS
vulnerabilities present in these gems when built against
libxml2 >= 2.9.2.