Commit Graph

446 Commits

Author SHA1 Message Date
Rosa Gutierrez 34fd62faf1 Move devices table to saas database
Use ActionPushNative's new on_load hook to configure the database connection,
following the same pattern as Active Storage and Action Text:

  ActiveSupport.on_load(:action_push_native_record) do
    connects_to database: { writing: :saas, reading: :saas }
  end

This allows ApplicationPushDevice to inherit directly from ActionPushNative::Device
without needing an intermediate abstract class.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Samuel Péchèr 0038641ede Update Lexxy to 0.7.6.beta 2026-02-24 20:25:07 +00:00
dependabot[bot] 395cc06f5c Bump aws-sdk-s3 from 1.211.0 to 1.213.0 (#2502)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.211.0 to 1.213.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-version: 1.213.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:53:45 -05:00
dependabot[bot] b0b14ead28 Bump sqlite3 from 2.8.0 to 2.9.0 (#2386)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v2.8.0...v2.9.0)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:48:52 -05:00
dependabot[bot] 3063a40f0f Bump trilogy from 2.9.0 to 2.10.0 (#2388)
Bumps [trilogy](https://github.com/trilogy-libraries/trilogy) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/trilogy-libraries/trilogy/releases)
- [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trilogy-libraries/trilogy/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: trilogy
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:43:47 -05:00
dependabot[bot] 361d4a7a52 Bump solid_queue from 1.2.4 to 1.3.1 (#2425)
Bumps [solid_queue](https://github.com/rails/solid_queue) from 1.2.4 to 1.3.1.
- [Release notes](https://github.com/rails/solid_queue/releases)
- [Commits](https://github.com/rails/solid_queue/compare/v1.2.4...v1.3.1)

---
updated-dependencies:
- dependency-name: solid_queue
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:42:48 -05:00
dependabot[bot] 6f99e43f5b Bump puma from 7.1.0 to 7.2.0 (#2462)
* Bump puma from 7.1.0 to 7.2.0

Bumps [puma](https://github.com/puma/puma) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](https://github.com/puma/puma/compare/v7.1.0...v7.2.0)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:25:30 -05:00
dependabot[bot] 85bb2aa1fa Bump turbo-rails from 2.0.21 to 2.0.23 (#2501)
* Bump turbo-rails from 2.0.21 to 2.0.23

Bumps [turbo-rails](https://github.com/hotwired/turbo-rails) from 2.0.21 to 2.0.23.
- [Release notes](https://github.com/hotwired/turbo-rails/releases)
- [Commits](https://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.23)

---
updated-dependencies:
- dependency-name: turbo-rails
  dependency-version: 2.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:09:22 -05:00
dependabot[bot] 446640b8e9 Bump the development-dependencies group with 2 updates (#2588)
* Bump the development-dependencies group with 2 updates

Bumps the development-dependencies group with 2 updates: [brakeman](https://github.com/presidentbeef/brakeman) and [mocha](https://github.com/freerange/mocha).


Updates `brakeman` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v8.0.1...v8.0.2)

Updates `mocha` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: mocha
  dependency-version: 3.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:44 -05:00
dependabot[bot] d8908c4b92 Bump bootsnap from 1.22.0 to 1.23.0 (#2589)
* Bump bootsnap from 1.22.0 to 1.23.0

Bumps [bootsnap](https://github.com/rails/bootsnap) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:17 -05:00
Mike Dalessio 3b229e9aab Pin web-console to GitHub main for Rails compatibility
web-console 4.2.1 overrides the now-renamed filter_proxies method in
ActionDispatch::RemoteIp::GetIp. The fix (rails/web-console#344) is on
main but not yet released.
2026-02-18 15:16:21 -05:00
Mike Dalessio 41c2bd38af Update Rails to 12e24ea (363 commits past 60d92e4)
Also updates transitive dependencies:
- action_text-trix ~> 2.1.15 → ~> 2.1.16
- irb 1.16.0 → 1.17.0
- json 2.18.0 → 2.18.1
- net-imap 0.6.2 → 0.6.3
- nokogiri 1.19.0 → 1.19.1
- prism 1.8.0 → 1.9.0
- rack 3.2.4 → 3.2.5
- rdoc 7.0.3 → 7.2.0
2026-02-18 13:37:13 -05:00
dependabot[bot] 38ff89de09 Bump bootsnap from 1.21.1 to 1.22.0 (#2544)
* Bump bootsnap from 1.21.1 to 1.22.0

Bumps [bootsnap](https://github.com/rails/bootsnap) from 1.21.1 to 1.22.0.
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.21.1...v1.22.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-16 16:09:22 -08:00
dependabot[bot] 0ead67f85b Bump the development-dependencies group across 1 directory with 3 updates (#2546)
* Bump the development-dependencies group across 1 directory with 3 updates

Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman), [faker](https://github.com/faker-ruby/faker) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium).


Updates `brakeman` from 7.1.2 to 8.0.1
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1)

Updates `faker` from 3.5.3 to 3.6.0
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0)

Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: faker
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: selenium-webdriver
  dependency-version: 4.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Auto-sync Gemfile.saas.lock on Dependabot PRs

Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock
drifts whenever it bumps shared gems in Gemfile.lock.

Add `bin/bundle-drift forward` to push oss lockfile changes into the
saas lockfile (the reverse of `correct`), and a GitHub Actions workflow
that runs it automatically on Dependabot bundler branches.

* Update brakeman ignore fingerprint for 8.0.1

Brakeman 8.0.1 changed how it computes warning fingerprints, so the
existing ignore entry for the safe_constantize warning in Notifier
became obsolete. Update to the new fingerprint.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2026-02-16 15:29:51 -08:00
Mike Dalessio 851f13a934 Render inline code in card titles (#2518)
* Remove unused marked JS dependency

* Remove unused redcarpet dependency

* Render inline code in card titles

Add card_html_title helper that HTML-escapes input then converts
backtick-wrapped text to <code> elements. Apply to card titles in
board preview, card detail, public views, and notification emails.
Style inline code elements in titles to match description styling.

Co-authored-by: Andy Smith <andy@37signals.com>

---------

Co-authored-by: Andy Smith <andy@37signals.com>
2026-02-12 12:07:40 -05:00
Donal McBreen 1506624cd3 Add stackprof for profiling
So you can do something like this:

```ruby
  require "stackprof"

  report = StackProf.run(mode: :wall, interval: 100) do
    Account.find_by(external_account_id: 123)
  end

  StackProf::Report.new(report).print_text
```
2026-02-12 15:42:50 +00:00
Zoltan Hosszu 2ee745cf82 Lexxy version bump 2026-02-12 09:54:20 +01:00
Stanko K.R. 992f15066b Replace RubyZip with ZipKit
ZipKit can read and write files directly from S3 which makes both imports and exports way more efficient in terms of disk usage.
2026-02-02 12:36:48 +01:00
Rosa Gutierrez 1083784a98 Update turbo-rails to get latest Turbo version
In preparation for offline mode.
2026-01-19 19:40:08 +01:00
Stanko K.R. a811ba1b2a Bump Bootsnap to v1.21.1 2026-01-16 14:26:46 +01:00
Jorge Manrubia af9f53d82d Update lexxy to latest 2026-01-15 16:38:07 +01:00
Zoltan Hosszu 43fa7fb6aa Update to Lexxy 0.7.0beta 2026-01-15 16:34:56 +01:00
Jorge Manrubia ce1c04803e Update to latest Lexxy 2026-01-15 16:34:56 +01:00
Stanko K.R. f6557856f7 Update runtime dependencies
Updated kamal, bootsnap, rqrcode, net-http-persistent, web-push, aws-sdk-s3, bcrypt & rouge
2026-01-13 12:03:43 +01:00
Stanko K.R. 40a5d6211e Update development dependencies 2026-01-13 11:52:10 +01:00
Rosa Gutierrez 182d36aee9 Update Rails 2026-01-02 18:56:28 +01:00
Stanko K.R. 6be2f94581 Update aws-sdk-s3
Fixes a security warning raised by gem audit
2025-12-19 19:09:40 +01:00
Jorge Manrubia 3c078ae078 Merge pull request #2145 from bslobodin/bs-intel-mac
Update `Gemfile.lock` after `bin/setup` on Intel-based mac
2025-12-19 11:27:50 +01:00
Robin Brandt dddaf861d4 Bump mittens gem to support build on FreeBSD (#2196) 2025-12-18 10:56:24 -08:00
Boris Slobodin 5fb1f6feb4 update Gemfile.lock after bin/setup on intel mac 2025-12-18 09:08:34 -05:00
Kevin McConnell 14f337739d Update Thruster 2025-12-16 13:28:49 +00:00
Jorge Manrubia 2e66fdff4a Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta 2025-12-14 18:53:23 +01:00
Jeremy Daer 586015c3f9 Bundle drift detection and correction (#2101)
Gemfile.saas evals Gemfile, so shared gems should have identical versions
in both lockfiles. This adds bin/bundle-drift to detect and fix drift:

* `bin/bundle-drift check` compares shared gem versions
* `bin/bundle-drift correct` seeds Gemfile.lock from Gemfile.saas.lock
  and re-locks, letting Bundler prune SaaS-only gems while preserving
  shared versions

Adds drift check to bin/ci and GitHub CI. Corrects existing drift.
2025-12-11 21:32:34 -08:00
Thiago Youssef 36419c3600 Bump rails version to remove svg renderer patch (#2081) 2025-12-11 15:15:54 +01:00
Jeremy Daer 8a732b081d Bump Rails to current ast-immediate-variants-process-locally branch 2025-12-09 15:54:06 -08:00
Jeremy Daer 85bd5c2df5 Rails seeded parallel tests (#2037)
Enable work stealing by default for a tiny speedup at the cost of small
loss in reproducibility.

References https://github.com/rails/rails/pull/56175
2025-12-09 15:50:01 -08:00
Jeremy Daer 8eb01da057 Process blob variants using local files
Rails does post-upload variant processing using the same file upload
in https://github.com/rails/rails/pull/56327

Unrelated Lexxy bump:
Pulls in https://github.com/basecamp/lexxy/pull/493 to work around `dom_id`
removal from ActionText tag in https://github.com/rails/rails/pull/51238
2025-12-08 23:41:15 -08:00
Jorge Manrubia cb0e9b9962 Immediate avatar and embed variants (#2002)
Reverts #2001
Restores #1955
2025-12-08 14:17:06 -08:00
Robin Brandt 2110fba227 Bump mittens to 0.3.1 (#2006) 2025-12-08 15:26:39 +01:00
Jorge Manrubia c8c91259c7 Revert "Immediate avatar and embed variants" 2025-12-07 12:06:03 +01:00
Jorge Manrubia 91017c9208 Merge pull request #1955 from basecamp/immediate-variants
Immediate avatar and embed variants
2025-12-07 11:50:02 +01:00
Jorge Manrubia 48ef7d0b98 Update Lexxy and hide the highlighter for now 2025-12-05 11:24:52 +01:00
Jorge Manrubia 67f36886a1 Update lexxy to latest
Color highlighter, more code languages...
2025-12-05 11:17:29 +01:00
Jeremy Daer 21f3f72647 Immediate avatar and embed variants
Process variants synchronously on attachment to close the window between
image upload and variant availability, guaranteeing that we won't have
lazy variant processing attempts in GET requests.

Tradeoff is that we do variant processing in upload requests, which is
actually desirable. We're working with images that should take
milliseconds to resize given that we'll already have the file on hand.

References https://github.com/rails/rails/pull/51951
2025-12-04 23:54:37 -08:00
David Heinemeier Hansson d729cf59f9 Beautify board watchers list (#1946)
* Beautify board_watchers_list by escaping the concat jungle

* Correct it and clean it

* Latest Rails to get the content tag fix

* Test against original collection
2025-12-04 16:14:52 -08:00
Jeremy Daer 085d47613f Bundler: normalize platforms (#1822)
```bash
bundle lock --normalize-platforms
BUNDLE_GEMFILE=Gemfile.saas bundle lock --normalize-platforms
```
2025-12-02 13:37:36 -08:00
Jorge Manrubia f64d5841b6 Merge pull request #1786 from basecamp/dependabot/bundler/rqrcode-3.1.1
Bump rqrcode from 3.1.0 to 3.1.1
2025-12-02 17:32:58 +01:00
Jorge Manrubia ca60760504 Merge pull request #1784 from basecamp/dependabot/bundler/sqlite3-2.8.1
Bump sqlite3 from 2.8.0 to 2.8.1
2025-12-02 17:32:50 +01:00
Jorge Manrubia 40301ffa8f Merge pull request #1782 from basecamp/dependabot/bundler/development-dependencies-b9e97ca7ce
Bump bundler-audit from 0.9.2 to 0.9.3 in the development-dependencies group
2025-12-02 17:32:43 +01:00
dependabot[bot] a3127e8fc1 Bump rqrcode from 3.1.0 to 3.1.1
Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/whomwah/rqrcode/releases)
- [Changelog](https://github.com/whomwah/rqrcode/blob/main/CHANGELOG.md)
- [Commits](https://github.com/whomwah/rqrcode/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: rqrcode
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-02 09:58:52 +00:00