dependabot[bot]
0c30fa7937
Bump kamal from 2.10.1 to 2.11.0 ( #2767 )
...
* Bump kamal from 2.10.1 to 2.11.0
Bumps [kamal](https://github.com/basecamp/kamal ) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/basecamp/kamal/releases )
- [Commits](https://github.com/basecamp/kamal/compare/v2.10.1...v2.11.0 )
---
updated-dependencies:
- dependency-name: kamal
dependency-version: 2.11.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-09 13:19:30 -04:00
dependabot[bot]
b64c1e8895
Bump aws-sdk-s3 from 1.216.0 to 1.218.0 ( #2768 )
2026-04-09 13:18:47 -04:00
Jorge Manrubia
1c6141c131
Update lexxy to 0.9.5.beta ( #2820 )
...
* Update lexxy to 0.9.5.beta
* Fix syntax highlight controller for lexxy 0.9.5.beta
The highlightAll export was renamed to highlightCode.
---------
Co-authored-by: Mike Dalessio <mike@37signals.com >
2026-04-09 13:06:59 -04:00
dependabot[bot]
659ec1e6e6
Bump solid_queue from 1.3.2 to 1.4.0 ( #2766 )
...
* Bump solid_queue from 1.3.2 to 1.4.0
Bumps [solid_queue](https://github.com/rails/solid_queue ) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/rails/solid_queue/releases )
- [Commits](https://github.com/rails/solid_queue/compare/v1.3.2...v1.4.0 )
---
updated-dependencies:
- dependency-name: solid_queue
dependency-version: 1.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-09 11:16:29 -04:00
Mike Dalessio
8908ee46f8
Upgrade addressable to 2.9.0 ( #2815 )
...
* Upgrade addressable from 2.8.9 to 2.9.0
Security release fixing ReDoS vulnerabilities in Addressable::Template#match.
No application impact — fizzy does not use Addressable::Template directly.
* dep: fix saas drift
2026-04-08 15:45:23 -04:00
dependabot[bot]
f3bacffe2b
Bump lexxy from 0.9.0.beta to 0.9.1.beta ( #2796 )
...
* Bump lexxy from 0.9.0.beta to 0.9.1.beta
Bumps [lexxy](https://github.com/basecamp/lexxy ) from 0.9.0.beta to 0.9.1.beta.
- [Release notes](https://github.com/basecamp/lexxy/releases )
- [Commits](https://github.com/basecamp/lexxy/compare/v0.9.0.beta...v0.9.1.beta )
---
updated-dependencies:
- dependency-name: lexxy
dependency-version: 0.9.1.beta
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-07 11:36:12 -07:00
dependabot[bot]
b2021e1e74
Bump trilogy from 2.10.0 to 2.11.1 ( #2794 )
...
* Bump trilogy from 2.10.0 to 2.11.1
Bumps [trilogy](https://github.com/trilogy-libraries/trilogy ) from 2.10.0 to 2.11.1.
- [Release notes](https://github.com/trilogy-libraries/trilogy/releases )
- [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md )
- [Commits](https://github.com/trilogy-libraries/trilogy/compare/v2.10.0...v2.11.1 )
---
updated-dependencies:
- dependency-name: trilogy
dependency-version: 2.11.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-07 10:09:41 -07:00
dependabot[bot]
adc1b02d7a
Bump thruster from 0.1.19 to 0.1.20 ( #2797 )
...
* Bump thruster from 0.1.19 to 0.1.20
Bumps [thruster](https://github.com/basecamp/thruster ) from 0.1.19 to 0.1.20.
- [Changelog](https://github.com/basecamp/thruster/blob/v0.1.20/CHANGELOG.md )
- [Commits](https://github.com/basecamp/thruster/compare/v0.1.19...v0.1.20 )
---
updated-dependencies:
- dependency-name: thruster
dependency-version: 0.1.20
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-07 10:08:59 -07:00
dependabot[bot]
08faa17584
Bump action_text-trix from 2.1.17 to 2.1.18 ( #2771 )
...
* Bump action_text-trix from 2.1.17 to 2.1.18
Bumps [action_text-trix](https://github.com/basecamp/trix ) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/basecamp/trix/releases )
- [Commits](https://github.com/basecamp/trix/compare/v2.1.17...v2.1.18 )
---
updated-dependencies:
- dependency-name: action_text-trix
dependency-version: 2.1.18
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-29 14:43:08 -07:00
dependabot[bot]
509d8d158f
Bump the development-dependencies group with 2 updates ( #2765 )
...
* Bump the development-dependencies group with 2 updates
Bumps the development-dependencies group with 2 updates: [webmock](https://github.com/bblimke/webmock ) and [mocha](https://github.com/freerange/mocha ).
Updates `webmock` from 3.26.1 to 3.26.2
- [Release notes](https://github.com/bblimke/webmock/releases )
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md )
- [Commits](https://github.com/bblimke/webmock/compare/v3.26.1...v3.26.2 )
Updates `mocha` from 3.0.2 to 3.1.0
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md )
- [Commits](https://github.com/freerange/mocha/compare/v3.0.2...v3.1.0 )
---
updated-dependencies:
- dependency-name: webmock
dependency-version: 3.26.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development-dependencies
- dependency-name: mocha
dependency-version: 3.1.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-29 12:54:45 -07:00
Stanko Krtalić
01b4698e13
Merge pull request #2751 from basecamp/passkey-improvements
...
Passkey improvements
2026-03-25 18:19:09 +01:00
Stanko K.R.
6ba1814f26
Update bcrypt and loofah
2026-03-25 17:30:39 +01:00
Stanko Krtalić
dac4d9233c
Merge pull request #2741 from basecamp/dependabot/bundler/aws-sdk-s3-1.216.0
...
Bump aws-sdk-s3 from 1.215.0 to 1.216.0
2026-03-25 17:28:50 +01:00
Stanko Krtalić
70c08877b7
Merge pull request #2735 from basecamp/dependabot/bundler/bcrypt-3.1.22
...
Bump bcrypt from 3.1.21 to 3.1.22
2026-03-25 17:23:26 +01:00
dependabot[bot]
4f0a51785e
Bump aws-sdk-s3 from 1.215.0 to 1.216.0
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.215.0 to 1.216.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-version: 1.216.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-20 20:24:17 +00:00
Jorge Manrubia
8c46ff52b4
Bump Lexxy to 0.9.0.beta ( #2739 )
2026-03-20 17:37:09 +01:00
dependabot[bot]
a0c0fd3b1f
Bump bcrypt from 3.1.21 to 3.1.22
...
Bumps [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby ) from 3.1.21 to 3.1.22.
- [Release notes](https://github.com/bcrypt-ruby/bcrypt-ruby/releases )
- [Changelog](https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG )
- [Commits](https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22 )
---
updated-dependencies:
- dependency-name: bcrypt
dependency-version: 3.1.22
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-19 18:57:58 +00:00
dependabot[bot]
6538cf80a9
Bump json from 2.19.1 to 2.19.2 ( #2730 )
...
* Bump json from 2.19.1 to 2.19.2
Bumps [json](https://github.com/ruby/json ) from 2.19.1 to 2.19.2.
- [Release notes](https://github.com/ruby/json/releases )
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md )
- [Commits](https://github.com/ruby/json/compare/v2.19.1...v2.19.2 )
---
updated-dependencies:
- dependency-name: json
dependency-version: 2.19.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-19 09:35:47 -07:00
Mike Dalessio
7fec94449f
Merge pull request #2721 from basecamp/flavorjones/dep-update-sqlite3-2.9.2
...
dep: update sqlite3 to 2.9.2
2026-03-17 22:02:24 -04:00
Mike Dalessio
806f5ca0dd
Merge pull request #2704 from basecamp/dependabot/bundler/thruster-0.1.19
...
Bump thruster from 0.1.18 to 0.1.19
2026-03-17 22:01:03 -04:00
Mike Dalessio
801b10eb05
Merge pull request #2705 from basecamp/dependabot/bundler/aws-sdk-s3-1.215.0
...
Bump aws-sdk-s3 from 1.213.0 to 1.215.0
2026-03-17 22:00:29 -04:00
Mike Dalessio
c62be7afde
dep: update sqlite3 to 2.9.2
2026-03-17 21:59:09 -04:00
Mike Dalessio
50d067fec9
Merge pull request #2702 from basecamp/dependabot/bundler/development-dependencies-aa185b57ca
...
Bump faker from 3.6.0 to 3.6.1 in the development-dependencies group
2026-03-17 21:55:16 -04:00
Mike Dalessio
4cf7ad5e3e
Merge pull request #2697 from basecamp/dependabot/bundler/action_text-trix-2.1.17
...
Bump action_text-trix from 2.1.16 to 2.1.17
2026-03-17 21:54:05 -04:00
Mike Dalessio
29a29094bd
Configure Lexxy to add extra spacing between block elements
...
Updating Lexxy to v0.8.5 for the insert-markdown event.
2026-03-17 10:31:46 -04:00
dependabot[bot]
521b7ffb85
Bump aws-sdk-s3 from 1.213.0 to 1.215.0
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.213.0 to 1.215.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-version: 1.215.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 20:25:49 +00:00
dependabot[bot]
b3fe9cba82
Bump thruster from 0.1.18 to 0.1.19
...
Bumps [thruster](https://github.com/basecamp/thruster ) from 0.1.18 to 0.1.19.
- [Changelog](https://github.com/basecamp/thruster/blob/main/CHANGELOG.md )
- [Commits](https://github.com/basecamp/thruster/compare/v0.1.18...v0.1.19 )
---
updated-dependencies:
- dependency-name: thruster
dependency-version: 0.1.19
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 20:25:34 +00:00
dependabot[bot]
e5fd8e30de
Bump faker from 3.6.0 to 3.6.1 in the development-dependencies group
...
Bumps the development-dependencies group with 1 update: [faker](https://github.com/faker-ruby/faker ).
Updates `faker` from 3.6.0 to 3.6.1
- [Release notes](https://github.com/faker-ruby/faker/releases )
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md )
- [Commits](https://github.com/faker-ruby/faker/compare/v3.6.0...v3.6.1 )
---
updated-dependencies:
- dependency-name: faker
dependency-version: 3.6.1
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 20:24:36 +00:00
dependabot[bot]
ad30df0ac5
Bump action_text-trix from 2.1.16 to 2.1.17
...
Bumps [action_text-trix](https://github.com/basecamp/trix ) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/basecamp/trix/releases )
- [Commits](https://github.com/basecamp/trix/compare/v2.1.16...v2.1.17 )
---
updated-dependencies:
- dependency-name: action_text-trix
dependency-version: 2.1.17
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-12 17:35:54 +00:00
Mike Dalessio
3959d91148
Revert "Configure Lexxy to add extra spacing between block elements"
...
This reverts commit d6bf103efd .
2026-03-12 12:24:35 -04:00
Mike Dalessio
d6bf103efd
Configure Lexxy to add extra spacing between block elements
...
Updating Lexxy to v0.8.0 for the insert-markdown event.
2026-03-11 22:17:07 -04:00
Rosa Gutierrez
1855490f80
Revert CORS fetch mode for Active Storage
...
CORS mode doesn't work with redirect-based Active Storage URLs
when the storage bucket uses wildcard Access-Control-Allow-Origin.
Relying on maxEntries alone until specific origin CORS is available.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
67d629f722
Use CORS fetch mode for Active Storage to enable maxEntrySize checks
...
Otherwise, for resources like images loaded via <img> tags, the browser
sets `mode: "no-cors"` (as these aren't CORS requests), so the service
worker gets an opaque response even though the server sends CORS
headers.
We could upgrade all no-cors requests to cors mode, sending a `mode:
"cors"` request to a server that doesn't send CORS headers will fail
entirely: the `fetch` call throws a `TypeError` (network error), and the
browser blocks the response. So the resource wouldn't load at all, not
even as opaque. We wouldn't be able to cache it at all.
By opting in via `fetchOptions`, we can do it only for rules where we
know the server will send CORS headers.
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
de6d70cc2e
Bump turbo-rails for Turbo.offline.clearCache()
...
Simplify the clear-offline-cache controller to use the new
Turbo.offline.clearCache() API instead of messaging the service
worker directly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
089fcf94f8
Preload resources after service worker installation
...
When the service worker is registered for the first time, resources loaded
before it becomes active won't go through the service worker. These resources
may be served from the browser's HTTP cache on subsequent requests, bypassing
the service worker cache entirely.
The new `preload` option accepts a regex pattern. On first visit (when no
controller exists), it waits for the service worker to take control, then
sends a message with URLs from `performance.getEntriesByType("resource")`
that match the pattern. The service worker fetches and caches these resources.
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
9b264483d1
Bump turbo-rails for cache size limits
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
32134be882
Bump turbo-rails for network-first strategy fix on network error
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
90d5a351f0
Bump turbo-rails for Range requests support
...
Cached video and audio files.
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
cf8d92afea
Enable offline caching for all web users
...
Previously, offline caching was conditionally enabled only for Hotwire
Native apps. This removes that restriction and enables offline support
for all users, including PWAs and regular browsers.
This Uses the new `fetchOptions` support in `TurboOffline` handlers
to pass `cache: "no-cache"` for document fetches, which we need
to work around a quite annoying Safari PWA bug
(see https://github.com/basecamp/fizzy/pull/1014 ).
Also, simplify a bit the cache names and remove the `misc` one.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
a949f1e3ae
Clear offline cache when logging out
...
Adds a logout Stimulus controller that sends a message to the service
worker to clear all cached content when the user logs out. This ensures
that cached data from one user isn't accessible after logout.
The implementation:
- Adds logout_controller.js that posts { action: "clearCache" } to the
service worker via postMessage
- Updates logout buttons to use the controller on form submission
Also fixes data-turbo placement: moved from button to form element where
it actually takes effect for disabling Turbo Drive form submissions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
ada4688c4e
Take a first stab at offline mode support
2026-03-10 10:20:54 +01:00
Rosa Gutierrez
5d084a46ce
Switch to turbo-rails version with offline mode support
2026-03-10 10:20:54 +01:00
dependabot[bot]
17112fa0ee
Bump brakeman from 8.0.2 to 8.0.4 in the development-dependencies group ( #2669 )
...
* Bump brakeman from 8.0.2 to 8.0.4 in the development-dependencies group
Bumps the development-dependencies group with 1 update: [brakeman](https://github.com/presidentbeef/brakeman ).
Updates `brakeman` from 8.0.2 to 8.0.4
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v8.0.2...v8.0.4 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-version: 8.0.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-09 08:58:36 -07:00
Kevin McConnell
f6ed923e75
Merge pull request #2651 from basecamp/update-thruster-0.1.18
...
Update Thruster to v0.1.18
2026-03-03 13:41:23 +00:00
Kevin McConnell
6e3ee266ec
Update Thruster to v0.1.18
2026-03-03 13:30:55 +00:00
Jorge Manrubia
4c2b6626e7
Revert "Bump thruster from 0.1.17 to 0.1.18"
...
This reverts commit a0dcc26cda .
2026-03-03 14:06:13 +01:00
Jorge Manrubia
8ae619891c
Bump solid_queue from 1.3.1 to 1.3.2 and importmap-rails from 2.2.2 to 2.2.3
2026-03-03 14:01:36 +01:00
dependabot[bot]
a0dcc26cda
Bump thruster from 0.1.17 to 0.1.18
...
Bumps [thruster](https://github.com/basecamp/thruster ) from 0.1.17 to 0.1.18.
- [Changelog](https://github.com/basecamp/thruster/blob/main/CHANGELOG.md )
- [Commits](https://github.com/basecamp/thruster/compare/v0.1.17...v0.1.18 )
---
updated-dependencies:
- dependency-name: thruster
dependency-version: 0.1.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 14:01:36 +01:00
Jorge Manrubia
ea88e7f458
Revert "Bump thruster from 0.1.17 to 0.1.18"
...
This reverts commit a21e93611e .
2026-03-03 13:57:42 +01:00
Jorge Manrubia
41cc11d2c0
Revert "Bump solid_queue from 1.3.1 to 1.3.2 and importmap-rails from 2.2.2 to 2.2.3"
...
This reverts commit 14a57c2b90 .
2026-03-03 13:57:12 +01:00