Stanko K.R.
fbe9252db1
Auto-suggest name for new Passkeys
...
- Use plain client data json everywhere
- Expose AAGUID and backed_up on Credentials
- Make attestation verifiers configurable
- Auto-suggest names for passkeys and show icons
2026-03-18 11:49:59 +01:00
Stanko K.R.
b23660d897
Fix --tailscale not printing hostname
2026-03-18 11:49:59 +01:00
Stanko K.R.
da69039476
Implement Passkey authentication
2026-03-18 11:49:23 +01:00
Andy Smith
70c19e4881
Style polish
2026-03-18 11:49:23 +01:00
Stanko K.R.
6c58fd9bdd
Implement Passkey registration
...
- Create Identity credentials
- Add management UI and registration flow
2026-03-18 11:48:52 +01:00
Stanko K.R.
4bb0a2929c
Implement WebAuthn protocol
...
- Add a CBOR decoder
- Add public key credential options
- Add COSE key decoder
- Add authenticator attestation and assertion
- Add credentials
- Add exclude_credentials
2026-03-18 11:47:48 +01:00
Mike Dalessio
ba6fc495da
ci: fix bin/bundle-drift forward to support native gems ( #2723 )
...
See #2704 where only the ruby platform gem for thruster was replaced.
2026-03-17 22:29:47 -04:00
Mike Dalessio
fd7986391d
Merge pull request #2722 from basecamp/flavorjones/gemfile-lock-drift
...
dep: fix Gemfile.saas gemfile drift
2026-03-17 22:14:48 -04:00
Mike Dalessio
06735bb991
dep: fix Gemfile.saas gemfile drift
2026-03-17 22:09:48 -04:00
Mike Dalessio
7fec94449f
Merge pull request #2721 from basecamp/flavorjones/dep-update-sqlite3-2.9.2
...
dep: update sqlite3 to 2.9.2
2026-03-17 22:02:24 -04:00
Mike Dalessio
806f5ca0dd
Merge pull request #2704 from basecamp/dependabot/bundler/thruster-0.1.19
...
Bump thruster from 0.1.18 to 0.1.19
2026-03-17 22:01:03 -04:00
Mike Dalessio
801b10eb05
Merge pull request #2705 from basecamp/dependabot/bundler/aws-sdk-s3-1.215.0
...
Bump aws-sdk-s3 from 1.213.0 to 1.215.0
2026-03-17 22:00:29 -04:00
Mike Dalessio
c62be7afde
dep: update sqlite3 to 2.9.2
2026-03-17 21:59:09 -04:00
Mike Dalessio
50d067fec9
Merge pull request #2702 from basecamp/dependabot/bundler/development-dependencies-aa185b57ca
...
Bump faker from 3.6.0 to 3.6.1 in the development-dependencies group
2026-03-17 21:55:16 -04:00
Mike Dalessio
4cf7ad5e3e
Merge pull request #2697 from basecamp/dependabot/bundler/action_text-trix-2.1.17
...
Bump action_text-trix from 2.1.16 to 2.1.17
2026-03-17 21:54:05 -04:00
Mike Dalessio
3bf2f17e2b
Merge pull request #2720 from basecamp/dependabot/github_actions/github-actions-ce779b418e
...
Bump the github-actions group with 4 updates
2026-03-17 21:51:45 -04:00
dependabot[bot]
66c22f4636
Bump the github-actions group with 4 updates
...
Bumps the github-actions group with 4 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ), [docker/login-action](https://github.com/docker/login-action ), [docker/metadata-action](https://github.com/docker/metadata-action ) and [docker/build-push-action](https://github.com/docker/build-push-action ).
Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd )
Updates `docker/login-action` from 3.7.0 to 4.0.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2 )
Updates `docker/metadata-action` from 5.10.0 to 6.0.0
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](https://github.com/docker/metadata-action/compare/c299e40c65443455700f0fdfc63efafe5b349051...030e881283bb7a6894de51c315a6bfe6a94e05cf )
Updates `docker/build-push-action` from 6.19.2 to 7.0.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...d08e5c354a6adb9ed34480a06d141179aa583294 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: docker/login-action
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: docker/metadata-action
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: docker/build-push-action
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-18 01:45:09 +00:00
Mike Dalessio
01d1af9f9c
Merge pull request #2645 from basecamp/flavorjones/harden-github-actions
...
ci: harden GitHub Actions workflows
2026-03-17 21:43:28 -04:00
Mike Dalessio
e518d638f2
ci: suppress dependabot-execution warning in dependabot config
2026-03-17 18:27:45 -04:00
Mike Dalessio
fa12aca387
ci: update pinned github versions (minor bump)
2026-03-17 18:08:11 -04:00
Mike Dalessio
58f94b0cc1
ci: add job to lint github actions
...
using zizmor
2026-03-17 18:08:09 -04:00
Mike Dalessio
dd7f7005b2
ci: fix template injection by passing tags through env vars
2026-03-17 17:57:34 -04:00
Mike Dalessio
bc6703b0df
ci: disable credential persistence after checkout
...
suppress artipacked warning in dependabot lockfile sync workflow
2026-03-17 17:57:34 -04:00
Mike Dalessio
310e271908
ci: suppress zizmor secrets-outside-env in test workflow
2026-03-17 17:57:34 -04:00
Mike Dalessio
b6e00b77e3
ci: scope permissions to jobs in publish-image workflow
2026-03-17 17:57:32 -04:00
Mike Dalessio
99e683125b
ci: batch github actions dependabot updates into a single PR
2026-03-17 17:39:54 -04:00
Mike Dalessio
463f289072
ci: pin github actions
...
using `pinact`
2026-03-17 17:19:37 -04:00
Mike Dalessio
3e1b22632b
Merge pull request #2719 from basecamp/fix-card-view-m-hotkey
...
Fix card view M hotkey using stale user from fragment cache
2026-03-17 14:54:23 -04:00
Mike Dalessio
7f65f4aabd
Fix card view "M" hotkey using stale user from fragment cache
...
The hidden "Assign to me" button on the card detail view baked
Current.user.id into the form action at render time. When served from
fragment cache, a stale user ID could be embedded, assigning cards to
the wrong person.
Switch to card_self_assignment_path which resolves the current user at
request time via SelfAssignmentsController, matching the fix already
applied to the board view in 2527f073 .
ref: https://app.fizzy.do/5986089/cards/3722
2026-03-17 14:43:05 -04:00
Jorge Manrubia
22f46e73c9
Merge pull request #2715 from basecamp/revert-2713-add-storage-limit-notice
...
Revert "Add 1GB storage cap with self-host notice"
2026-03-17 17:51:21 +01:00
Jorge Manrubia
0be8041953
Revert "Add 1GB storage cap with self-host notice"
2026-03-17 17:51:07 +01:00
Jorge Manrubia
0b0f1c4891
Merge pull request #2713 from basecamp/add-storage-limit-notice
...
Add 1GB storage cap with self-host notice
2026-03-17 17:45:20 +01:00
Mike Dalessio
c29e785fc1
Merge pull request #2708 from basecamp/dep-lexxy-082
...
Configure Lexxy to add extra spacing between block elements
2026-03-17 12:42:17 -04:00
Andy Smith
b5b3d1cd37
Style messages for account limits
2026-03-17 11:33:49 -05:00
Jay Ohms
096af59f8f
Merge pull request #2714 from basecamp/mobile/application-bridge-components
...
Apply Hotwire Native bridge attributes to the `<body>` element from the user-agent
2026-03-17 12:26:23 -04:00
Jay Ohms
f029fbfbeb
Merge pull request #2683 from basecamp/mobile/bridge-button-slot
...
Mobile / Bridge button slot
2026-03-17 12:25:36 -04:00
Jay Ohms
e65db1897c
Merge pull request #2676 from basecamp/mobile/bridge-done-stamp
...
Mobile / Bridge "Done" stamp
2026-03-17 12:24:49 -04:00
Jay Ohms
2a19bb94a0
Merge branch 'main' into mobile/bridge-button-slot
...
* main: (33 commits)
Remove payment/subscription system and card/storage limits
Conditionally disable peer verification for ZIP streaming
Prevent HTML injection through filenames
Revert "Configure Lexxy to add extra spacing between block elements"
Configure Lexxy to add extra spacing between block elements
SaaS usage reporting (#2690 )
Update app/models/user/named.rb
Prevent line breaks in the middle of familiar_name
Tweak the layout
Set the list of importable models based on the record sets in the manifest
Validate polymorphic types against importable models allowlist
Fix that the "maybe" stream wouldn't be replaced after triaging a card
Use x_user_agent cookie for platform detection in Hotwire Native
Add JSON response format to entropy endpoints (#2673 )
Fix path traversal vulnerability in ActiveStorage blob key import
Enable CORS fetch mode for storage requests
Revert CORS fetch mode for Active Storage
Use CORS fetch mode for Active Storage to enable `maxEntrySize` checks
Only start offline mode when signed in
Exclude service worker and edit/pin/watch/new pages from main cache
...
2026-03-17 11:24:39 -04:00
Jay Ohms
4d2866dec6
Update additional tests to ensure that the body element contains the correct bridge attributes
2026-03-17 11:04:39 -04:00
Jay Ohms
8920946cb2
Update regex and add test coverage for empty/multiple lists
2026-03-17 10:45:37 -04:00
Zoltan Hosszu
1f24ed662b
Increase max width for mention prompts
2026-03-17 10:31:53 -04:00
Zoltan Hosszu
ea871757f2
Mention delete button fix
2026-03-17 10:31:53 -04:00
Zoltan Hosszu
24446afba7
Image gallery size fixes
2026-03-17 10:31:53 -04:00
Mike Dalessio
fc18ba8e07
Add system tests for markdown paste in Lexxy editor
...
Test that pasting markdown with block separators produces extra spacing
between blocks, and that single line breaks are preserved.
2026-03-17 10:31:53 -04:00
Mike Dalessio
29a29094bd
Configure Lexxy to add extra spacing between block elements
...
Updating Lexxy to v0.8.5 for the insert-markdown event.
2026-03-17 10:31:46 -04:00
Adrien Maston
780607dddc
Merge branch 'main' into mobile/bridge-done-stamp
...
* main: (43 commits)
Remove payment/subscription system and card/storage limits
Conditionally disable peer verification for ZIP streaming
Prevent HTML injection through filenames
Revert "Configure Lexxy to add extra spacing between block elements"
Configure Lexxy to add extra spacing between block elements
SaaS usage reporting (#2690 )
Update app/models/user/named.rb
Prevent line breaks in the middle of familiar_name
Tweak the layout
Set the list of importable models based on the record sets in the manifest
Validate polymorphic types against importable models allowlist
Fix that the "maybe" stream wouldn't be replaced after triaging a card
Use x_user_agent cookie for platform detection in Hotwire Native
Add JSON response format to entropy endpoints (#2673 )
Fix path traversal vulnerability in ActiveStorage blob key import
Enable CORS fetch mode for storage requests
Revert CORS fetch mode for Active Storage
Use CORS fetch mode for Active Storage to enable `maxEntrySize` checks
Only start offline mode when signed in
Exclude service worker and edit/pin/watch/new pages from main cache
...
2026-03-17 15:27:29 +01:00
Jay Ohms
139f4cb869
Add test coverage for native bridge user agents
2026-03-17 10:12:56 -04:00
Jay Ohms
09e4bb13d3
Preset the data-bridge-platform and data-bridge-components on the body element from the user-agent. This prevents css flashes before the native bridge is registered in the app.
2026-03-17 09:59:45 -04:00
Jay Ohms
5c1f3a1f4f
Refactor stamp component and observe element changes so subsequent "connect" messages will be sent
2026-03-17 08:12:57 -04:00
Jay Ohms
00b588fcef
Don't display the "Mark done" bridge component button when the card has been marked as "Not Now"
2026-03-17 07:43:13 -04:00