While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.

This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.

* Document AUTHORIZED_FETCH mode and WHITELIST_MODE

* Replace extended description with a link to the online docs

Fixes #12921

Fixes #12920

This activates if the streaming base URL does not start with "ws".
All currently-live streaming base URLs start with "wss://".

Fix regression introduced by #12879

Bumps [@babel/core](https://github.com/babel/babel) from 7.7.7 to 7.8.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.7.7...v7.8.3

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Fix unused role routes being generated

* Remove unused JavaScript code

* Refactor filters code to be DRYer

* Fix `.count == 0` comparisons to `.empty?` in views

* Fix filters in views

Bumps [httplog](https://github.com/trusche/httplog) from 1.3.3 to 1.4.0.
- [Release notes](https://github.com/trusche/httplog/releases)
- [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md)
- [Commits](https://github.com/trusche/httplog/compare/v1.3.3...v1.4.0

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel) from 7.8.0 to 7.8.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.8.0...v7.8.3

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.30.0 to 2.30.1.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.30.0...v2.30.1

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [faker](https://github.com/faker-ruby/faker) from 2.10.0 to 2.10.1.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/commits

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [react-swipeable-views](https://github.com/oliviertassinari/react-swipeable-views) from 0.13.3 to 0.13.4.
- [Release notes](https://github.com/oliviertassinari/react-swipeable-views/releases)
- [Changelog](https://github.com/oliviertassinari/react-swipeable-views/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oliviertassinari/react-swipeable-views/compare/v0.13.3...v0.13.4

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.8.0 to 7.8.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.8.3/packages/babel-runtime

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@babel/plugin-proposal-class-properties](https://github.com/babel/babel) from 7.7.4 to 7.8.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.7.4...v7.8.3

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.3 to 9.7.4.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.3...9.7.4

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [wavesurfer.js](https://github.com/katspaugh/wavesurfer.js) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/katspaugh/wavesurfer.js/releases)
- [Changelog](https://github.com/katspaugh/wavesurfer.js/blob/master/CHANGES.md)
- [Commits](https://github.com/katspaugh/wavesurfer.js/compare/3.3.0...3.3.1

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [eslint-plugin-import](https://github.com/benmosher/eslint-plugin-import) from 2.19.1 to 2.20.0.
- [Release notes](https://github.com/benmosher/eslint-plugin-import/releases)
- [Changelog](https://github.com/benmosher/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/benmosher/eslint-plugin-import/compare/v2.19.1...v2.20.0

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [compression-webpack-plugin](https://github.com/webpack-contrib/compression-webpack-plugin) from 3.0.1 to 3.1.0.
- [Release notes](https://github.com/webpack-contrib/compression-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/compression-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/compression-webpack-plugin/compare/v3.0.1...v3.1.0

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [capistrano-rbenv](https://github.com/capistrano/rbenv) from 2.1.4 to 2.1.6.
- [Release notes](https://github.com/capistrano/rbenv/releases)
- [Changelog](https://github.com/capistrano/rbenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/capistrano/rbenv/compare/v2.1.4...v2.1.6

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [webmock](https://github.com/bblimke/webmock) from 3.7.6 to 3.8.0.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.7.6...v3.8.0

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.29 to 0.9.30.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.29...v0.9.30

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [oj](https://github.com/ohler55/oj) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.0...v3.10.1

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Fix #12869

Also:

- Fix Mastodon logo not showing up in status embeds
- Fix blurhash not being used in status embeds
- Fix blurhash not being used in admin UI
- Fix autoplay param not working correctly on status embeds

Consider admins and moderators as trusted, for the purpose of the
spam checker.

Fixes #12872

* Update config.yml

* Update Gemfile

* Update README.md

* Update Gemfile

* Update Gemfile

* Update Gemfile

* Update README.md

* Update README.md

Bumps [browser](https://github.com/fnando/browser) from 2.7.1 to 3.0.3.
- [Release notes](https://github.com/fnando/browser/releases)
- [Changelog](https://github.com/fnando/browser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v2.7.1...v3.0.3

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@babel/preset-react](https://github.com/babel/babel) from 7.7.4 to 7.8.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.7.4...v7.8.3

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

happy new year 

Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.7.7 to 7.8.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.7.7...v7.8.3

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@babel/plugin-transform-react-inline-elements](https://github.com/babel/babel) from 7.7.4 to 7.8.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.7.4...v7.8.0

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>