dependabot[bot]
0ead67f85b
Bump the development-dependencies group across 1 directory with 3 updates ( #2546 )
...
* Bump the development-dependencies group across 1 directory with 3 updates
Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman ), [faker](https://github.com/faker-ruby/faker ) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium ).
Updates `brakeman` from 7.1.2 to 8.0.1
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1 )
Updates `faker` from 3.5.3 to 3.6.0
- [Release notes](https://github.com/faker-ruby/faker/releases )
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md )
- [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0 )
Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases )
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES )
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-version: 8.0.1
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: development-dependencies
- dependency-name: faker
dependency-version: 3.6.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
- dependency-name: selenium-webdriver
dependency-version: 4.40.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Auto-sync Gemfile.saas.lock on Dependabot PRs
Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock
drifts whenever it bumps shared gems in Gemfile.lock.
Add `bin/bundle-drift forward` to push oss lockfile changes into the
saas lockfile (the reverse of `correct`), and a GitHub Actions workflow
that runs it automatically on Dependabot bundler branches.
* Update brakeman ignore fingerprint for 8.0.1
Brakeman 8.0.1 changed how it computes warning fingerprints, so the
existing ignore entry for the safe_constantize warning in Notifier
became obsolete. Update to the new fingerprint.
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Daer <jeremy@37signals.com >
2026-02-16 15:29:51 -08:00
Jeremy Daer
a5a5a62169
Add GVL contention metrics via gvltools ( #2538 )
...
* Add GVL contention metrics via gvltools and Yabeda
Expose per-request and process-wide GVL wait time as Prometheus metrics
to diagnose suspected GVL contention from Solid Cable and Action Cable
threads in Puma workers.
Metrics: gvl_request_wait_seconds (histogram), gvl_waiting_threads
(gauge), gvl_global_timer_total_seconds (gauge).
* Add unit: :seconds to GVL histogram for consistency
2026-02-12 16:28:29 -08:00
Mike Dalessio
851f13a934
Render inline code in card titles ( #2518 )
...
* Remove unused marked JS dependency
* Remove unused redcarpet dependency
* Render inline code in card titles
Add card_html_title helper that HTML-escapes input then converts
backtick-wrapped text to <code> elements. Apply to card titles in
board preview, card detail, public views, and notification emails.
Style inline code elements in titles to match description styling.
Co-authored-by: Andy Smith <andy@37signals.com >
---------
Co-authored-by: Andy Smith <andy@37signals.com >
2026-02-12 12:07:40 -05:00
Donal McBreen
1506624cd3
Add stackprof for profiling
...
So you can do something like this:
```ruby
require "stackprof"
report = StackProf.run(mode: :wall, interval: 100) do
Account.find_by(external_account_id: 123)
end
StackProf::Report.new(report).print_text
```
2026-02-12 15:42:50 +00:00
Zoltan Hosszu
2ee745cf82
Lexxy version bump
2026-02-12 09:54:20 +01:00
Mike Dalessio
bd1ef1f650
dep: bump console1984 to 746cd443 ( #2495 )
...
to pick up the session incineration fix
ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9552285400
2026-02-06 10:24:04 -05:00
Stanko K.R.
de69d2e6fe
Add import cleanup
2026-02-02 12:36:48 +01:00
Mike Dalessio
4e61b64d9a
Update to feature branch of audits1984
2026-01-28 14:13:51 -05:00
Rosa Gutierrez
1083784a98
Update turbo-rails to get latest Turbo version
...
In preparation for offline mode.
2026-01-19 19:40:08 +01:00
Jorge Manrubia
4ab1e3ff7d
Solve problem when Action Text raises on missing attachables
...
Reverts the previous patch. The problem was that I hadn't update
Lexxy in the saas version https://github.com/basecamp/lexxy/pull/596
2026-01-16 17:32:41 +01:00
Stanko K.R.
a811ba1b2a
Bump Bootsnap to v1.21.1
2026-01-16 14:26:46 +01:00
Zoltan Hosszu
43fa7fb6aa
Update to Lexxy 0.7.0beta
2026-01-15 16:34:56 +01:00
Jorge Manrubia
ce1c04803e
Update to latest Lexxy
2026-01-15 16:34:56 +01:00
Stanko K.R.
d5f270fe3a
Update development dependencies in SAAS lockfile
2026-01-13 12:06:43 +01:00
Stanko K.R.
f6557856f7
Update runtime dependencies
...
Updated kamal, bootsnap, rqrcode, net-http-persistent, web-push, aws-sdk-s3, bcrypt & rouge
2026-01-13 12:03:43 +01:00
Rosa Gutierrez
182d36aee9
Update Rails
2026-01-02 18:56:28 +01:00
Stanko K.R.
090582cd98
Update SAAS AWS dependencies
2025-12-19 19:16:39 +01:00
Robin Brandt
dddaf861d4
Bump mittens gem to support build on FreeBSD ( #2196 )
2025-12-18 10:56:24 -08:00
Jeremy Daer
c691d39ecf
Integrate fizzy-saas as vendored gem at saas/
...
- Update Gemfile.saas to use path: "saas" instead of GitHub source
- Update config/database.yml to reference local saas/ directory
- Update bin/setup to source saas/bin/setup directly
- Remove redundant dotfiles (ruby-version, gitignore, rubocop, github workflows)
- Add saas/db exclusions to root rubocop config
2025-12-16 12:25:22 -08:00
Jorge Manrubia
ee80b87c8c
Add billing system with Stripe
...
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Jason Zimdars <jz@37signals.com >
2025-12-16 16:44:20 +01:00
Kevin McConnell
14f337739d
Update Thruster
2025-12-16 13:28:49 +00:00
Jorge Manrubia
2e66fdff4a
Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta
2025-12-14 18:53:23 +01:00
Jeremy Daer
3d3593c8f6
Bump fizzy-saas to retain fewer docker images ( #2134 )
...
References https://github.com/basecamp/fizzy-saas/pull/32
2025-12-13 10:39:01 -08:00
Mike Dalessio
43fd8ab691
Update fizzy-saas to get employee restriction in staging
2025-12-12 15:31:22 -05:00
Mike Dalessio
430caed61e
saas: Bump queenbee gem for new staging location
2025-12-12 11:52:30 -05:00
Matthew Kent
eb06884ea7
Bump fizzy-saas to pickup another staging change.
2025-12-11 16:19:06 -08:00
Fernando Álvarez
ef3c49d9ad
Bump fizzy-saas
...
Related to updating URL on staging environment.
2025-12-11 18:26:01 +01:00
Kevin McConnell
4edd49374a
Update Gemfile.saas.lock
...
To bring in line with change in [36419c3600 ]
2025-12-11 16:04:55 +00:00
Kevin McConnell
3f2938dd8e
Bump fizzy-saas to set config option
2025-12-11 12:24:59 +00:00
Jeremy Daer
90452a4236
Enforce CSP ( #2070 )
2025-12-10 17:55:02 -08:00
Jeremy Daer
22da6dc19d
CSP: full config with env vars per source ( #2069 )
...
* Configure all sources with CSP_* vars. Space separated source list.
* Fall back to `config.x.content_security_policy.*`
* Move our sources to fizzy-saas
References https://github.com/basecamp/fizzy-saas/pull/24
2025-12-10 17:21:09 -08:00
Jeremy Daer
8a732b081d
Bump Rails to current ast-immediate-variants-process-locally branch
2025-12-09 15:54:06 -08:00
Jeremy Daer
85bd5c2df5
Rails seeded parallel tests ( #2037 )
...
Enable work stealing by default for a tiny speedup at the cost of small
loss in reproducibility.
References https://github.com/rails/rails/pull/56175
2025-12-09 15:50:01 -08:00
Jeremy Daer
8eb01da057
Process blob variants using local files
...
Rails does post-upload variant processing using the same file upload
in https://github.com/rails/rails/pull/56327
Unrelated Lexxy bump:
Pulls in https://github.com/basecamp/lexxy/pull/493 to work around `dom_id`
removal from ActionText tag in https://github.com/rails/rails/pull/51238
2025-12-08 23:41:15 -08:00
Jorge Manrubia
cb0e9b9962
Immediate avatar and embed variants ( #2002 )
...
Reverts #2001
Restores #1955
2025-12-08 14:17:06 -08:00
Jeremy Daer
dcc005be34
Add lazy error context for Rails error reporter ( #2014 )
...
Register a middleware with Rails.error that adds identity_id and
account_id from Current attributes. Only evaluated when an error
is actually reported, avoiding the cost on successful requests.
2025-12-08 11:00:40 -08:00
Jorge Manrubia
c8c91259c7
Revert "Immediate avatar and embed variants"
2025-12-07 12:06:03 +01:00
Jorge Manrubia
91017c9208
Merge pull request #1955 from basecamp/immediate-variants
...
Immediate avatar and embed variants
2025-12-07 11:50:02 +01:00
Jorge Manrubia
ffb357becf
Merge pull request #1742 from basecamp/latest-lexxy
...
Update lexxy to latest
2025-12-06 10:31:19 +01:00
Jeremy Daer
6006491ab4
Content Security Policy ( #1964 )
...
Default to a very narrow policy since there are no CDNs or third-party
resources to contend with.
Configurable via:
- config.x.content_security_policy.* for fizzy-saas gem overrides
- DISABLE_CSP to skip entirely
- CSP_REPORT_ONLY to enable report-only mode
- CSP_REPORT_URI for violation reporting
2025-12-05 14:57:50 -08:00
Jorge Manrubia
48ef7d0b98
Update Lexxy and hide the highlighter for now
2025-12-05 11:24:52 +01:00
Jeremy Daer
21f3f72647
Immediate avatar and embed variants
...
Process variants synchronously on attachment to close the window between
image upload and variant availability, guaranteeing that we won't have
lazy variant processing attempts in GET requests.
Tradeoff is that we do variant processing in upload requests, which is
actually desirable. We're working with images that should take
milliseconds to resize given that we'll already have the file on hand.
References https://github.com/rails/rails/pull/51951
2025-12-04 23:54:37 -08:00
Mike Dalessio
912bb8a8e5
Bump fizzy-saas to enable console auditing
...
ref: https://app.fizzy.do/5986089/cards/2469
ref: https://github.com/basecamp/fizzy-saas/pull/20
2025-12-04 12:25:54 -05:00
Lewis Buckley
4bcedbbd77
Upgrade prometheus-client-mmap to ~> 1.4.0
2025-12-03 20:46:23 +00:00
Jeremy Daer
085d47613f
Bundler: normalize platforms ( #1822 )
...
```bash
bundle lock --normalize-platforms
BUNDLE_GEMFILE=Gemfile.saas bundle lock --normalize-platforms
```
2025-12-02 13:37:36 -08:00
Mike Dalessio
ca7ada5e47
Bump fizzy-saas for tuning of GC params
2025-12-02 12:10:29 -05:00
Jorge Manrubia
8d1a09808f
Update gem
2025-12-02 15:51:23 +01:00
Kevin McConnell
d24726c1d3
Merge pull request #1768 from basecamp/data-exports
...
Add "data export" feature
2025-12-02 09:56:40 +00:00
Andy Smith
a8e8c1ded6
Mac gemfile update
2025-12-01 14:04:10 -06:00
Kevin McConnell
e16cc21b0a
Add "data export" feature
...
- Adds a button in Account Settings where you can request a ZIP export of your
Fizzy data
- Export files are created in the background. When ready, a link to
download them is sent to the requester.
- Exports expire after 24 hours. And are limited to 10 per day.
2025-12-01 15:23:26 +00:00