Rosa Gutierrez
92cb749e16
Fix tests for renamed fixtures and new stacked notifications
...
Clear assignee's existing notifications in setup since Notifier now
uses create_or_find_by instead of create, and reload the association
to avoid caching after destroy_all.
Update fixture references after rebase: use `logo_assignment_kevin`
as base notification and `logo_mentioned_david` for mention tests.
Update source to `logo_published` in tests that need generic card events.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-02-25 19:31:13 +01:00
Rosa Gutierrez
155fa2da97
Go back to RubyGems version of action_push_native
...
After releasing the new version: https://github.com/rails/action_push_native/releases/tag/v0.3.1
2026-02-25 19:31:13 +01:00
Rosa Gutierrez
34fd62faf1
Move devices table to saas database
...
Use ActionPushNative's new on_load hook to configure the database connection,
following the same pattern as Active Storage and Action Text:
ActiveSupport.on_load(:action_push_native_record) do
connects_to database: { writing: :saas, reading: :saas }
end
This allows ApplicationPushDevice to inherit directly from ActionPushNative::Device
without needing an intermediate abstract class.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-02-25 19:31:13 +01:00
Rosa Gutierrez
d3cc79a5bc
Simplify device routes and use ActiveRecord validations
...
- Use RESTful DELETE /devices/:id where :id can be token or database ID
- Remove redundant unregister collection route
- Remove old Users::DevicesController
- Return 404 when device not found instead of silently succeeding
- Return 422 for invalid platform via ActiveRecord validation
- Update action_push_native to main branch (includes validate: true on enum)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-02-25 19:31:13 +01:00
Rosa Gutierrez
2121b6dc3d
Use version of action_push_native with proper config paths support
...
See https://github.com/rails/action_push_native/pull/89
Now we can delete the OSS version of `config/push.yml`, no longer needed.
2026-02-25 19:31:13 +01:00
Fernando Olivares
3c54cd84fc
Add native push notification infrastructure
...
- Add action_push_native gem and SaaS configuration
- Add device registration API and UI
- Add User::Devices concern
- Add NotificationPusher::Native for push delivery
- Add tests and fixtures for native push
2026-02-25 19:31:13 +01:00
Samuel Péchèr
0038641ede
Update Lexxy to 0.7.6.beta
2026-02-24 20:25:07 +00:00
dependabot[bot]
395cc06f5c
Bump aws-sdk-s3 from 1.211.0 to 1.213.0 ( #2502 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.211.0 to 1.213.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-version: 1.213.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:53:45 -05:00
dependabot[bot]
b0b14ead28
Bump sqlite3 from 2.8.0 to 2.9.0 ( #2386 )
...
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby ) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases )
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v2.8.0...v2.9.0 )
---
updated-dependencies:
- dependency-name: sqlite3
dependency-version: 2.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:48:52 -05:00
dependabot[bot]
3063a40f0f
Bump trilogy from 2.9.0 to 2.10.0 ( #2388 )
...
Bumps [trilogy](https://github.com/trilogy-libraries/trilogy ) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/trilogy-libraries/trilogy/releases )
- [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md )
- [Commits](https://github.com/trilogy-libraries/trilogy/compare/v2.9.0...v2.10.0 )
---
updated-dependencies:
- dependency-name: trilogy
dependency-version: 2.10.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:43:47 -05:00
dependabot[bot]
361d4a7a52
Bump solid_queue from 1.2.4 to 1.3.1 ( #2425 )
...
Bumps [solid_queue](https://github.com/rails/solid_queue ) from 1.2.4 to 1.3.1.
- [Release notes](https://github.com/rails/solid_queue/releases )
- [Commits](https://github.com/rails/solid_queue/compare/v1.2.4...v1.3.1 )
---
updated-dependencies:
- dependency-name: solid_queue
dependency-version: 1.3.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:42:48 -05:00
dependabot[bot]
6f99e43f5b
Bump puma from 7.1.0 to 7.2.0 ( #2462 )
...
* Bump puma from 7.1.0 to 7.2.0
Bumps [puma](https://github.com/puma/puma ) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/puma/puma/releases )
- [Changelog](https://github.com/puma/puma/blob/main/History.md )
- [Commits](https://github.com/puma/puma/compare/v7.1.0...v7.2.0 )
---
updated-dependencies:
- dependency-name: puma
dependency-version: 7.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:25:30 -05:00
dependabot[bot]
85bb2aa1fa
Bump turbo-rails from 2.0.21 to 2.0.23 ( #2501 )
...
* Bump turbo-rails from 2.0.21 to 2.0.23
Bumps [turbo-rails](https://github.com/hotwired/turbo-rails ) from 2.0.21 to 2.0.23.
- [Release notes](https://github.com/hotwired/turbo-rails/releases )
- [Commits](https://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.23 )
---
updated-dependencies:
- dependency-name: turbo-rails
dependency-version: 2.0.23
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:09:22 -05:00
dependabot[bot]
446640b8e9
Bump the development-dependencies group with 2 updates ( #2588 )
...
* Bump the development-dependencies group with 2 updates
Bumps the development-dependencies group with 2 updates: [brakeman](https://github.com/presidentbeef/brakeman ) and [mocha](https://github.com/freerange/mocha ).
Updates `brakeman` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v8.0.1...v8.0.2 )
Updates `mocha` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md )
- [Commits](https://github.com/freerange/mocha/compare/v3.0.1...v3.0.2 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-version: 8.0.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development-dependencies
- dependency-name: mocha
dependency-version: 3.0.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:44 -05:00
dependabot[bot]
d8908c4b92
Bump bootsnap from 1.22.0 to 1.23.0 ( #2589 )
...
* Bump bootsnap from 1.22.0 to 1.23.0
Bumps [bootsnap](https://github.com/rails/bootsnap ) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/rails/bootsnap/releases )
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rails/bootsnap/compare/v1.22.0...v1.23.0 )
---
updated-dependencies:
- dependency-name: bootsnap
dependency-version: 1.23.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:17 -05:00
Mike Dalessio
3b229e9aab
Pin web-console to GitHub main for Rails compatibility
...
web-console 4.2.1 overrides the now-renamed filter_proxies method in
ActionDispatch::RemoteIp::GetIp. The fix (rails/web-console#344 ) is on
main but not yet released.
2026-02-18 15:16:21 -05:00
Mike Dalessio
41c2bd38af
Update Rails to 12e24ea (363 commits past 60d92e4)
...
Also updates transitive dependencies:
- action_text-trix ~> 2.1.15 → ~> 2.1.16
- irb 1.16.0 → 1.17.0
- json 2.18.0 → 2.18.1
- net-imap 0.6.2 → 0.6.3
- nokogiri 1.19.0 → 1.19.1
- prism 1.8.0 → 1.9.0
- rack 3.2.4 → 3.2.5
- rdoc 7.0.3 → 7.2.0
2026-02-18 13:37:13 -05:00
Mike Dalessio
1c3b3c55ef
Update rails_structured_logging to v0.3.0
...
v0.3.0 removes usage of the INTERNAL_PARAMS constant which is being
removed from ActionController in an upcoming Rails upgrade.
2026-02-18 13:33:10 -05:00
Jeremy Daer
8da0c47a5f
Add actionpack-xml_parser to Gemfile.saas (production bundle)
...
The prior commit added it to saas/Gemfile but the production Docker
build uses Gemfile.saas (via BUNDLE_GEMFILE). This ensures the XML
parameter parser is present in the actual runtime environment.
2026-02-17 20:37:31 -08:00
dependabot[bot]
38ff89de09
Bump bootsnap from 1.21.1 to 1.22.0 ( #2544 )
...
* Bump bootsnap from 1.21.1 to 1.22.0
Bumps [bootsnap](https://github.com/rails/bootsnap ) from 1.21.1 to 1.22.0.
- [Release notes](https://github.com/rails/bootsnap/releases )
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rails/bootsnap/compare/v1.21.1...v1.22.0 )
---
updated-dependencies:
- dependency-name: bootsnap
dependency-version: 1.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-16 16:09:22 -08:00
dependabot[bot]
0ead67f85b
Bump the development-dependencies group across 1 directory with 3 updates ( #2546 )
...
* Bump the development-dependencies group across 1 directory with 3 updates
Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman ), [faker](https://github.com/faker-ruby/faker ) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium ).
Updates `brakeman` from 7.1.2 to 8.0.1
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1 )
Updates `faker` from 3.5.3 to 3.6.0
- [Release notes](https://github.com/faker-ruby/faker/releases )
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md )
- [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0 )
Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases )
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES )
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-version: 8.0.1
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: development-dependencies
- dependency-name: faker
dependency-version: 3.6.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
- dependency-name: selenium-webdriver
dependency-version: 4.40.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Auto-sync Gemfile.saas.lock on Dependabot PRs
Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock
drifts whenever it bumps shared gems in Gemfile.lock.
Add `bin/bundle-drift forward` to push oss lockfile changes into the
saas lockfile (the reverse of `correct`), and a GitHub Actions workflow
that runs it automatically on Dependabot bundler branches.
* Update brakeman ignore fingerprint for 8.0.1
Brakeman 8.0.1 changed how it computes warning fingerprints, so the
existing ignore entry for the safe_constantize warning in Notifier
became obsolete. Update to the new fingerprint.
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Daer <jeremy@37signals.com >
2026-02-16 15:29:51 -08:00
Jeremy Daer
a5a5a62169
Add GVL contention metrics via gvltools ( #2538 )
...
* Add GVL contention metrics via gvltools and Yabeda
Expose per-request and process-wide GVL wait time as Prometheus metrics
to diagnose suspected GVL contention from Solid Cable and Action Cable
threads in Puma workers.
Metrics: gvl_request_wait_seconds (histogram), gvl_waiting_threads
(gauge), gvl_global_timer_total_seconds (gauge).
* Add unit: :seconds to GVL histogram for consistency
2026-02-12 16:28:29 -08:00
Mike Dalessio
851f13a934
Render inline code in card titles ( #2518 )
...
* Remove unused marked JS dependency
* Remove unused redcarpet dependency
* Render inline code in card titles
Add card_html_title helper that HTML-escapes input then converts
backtick-wrapped text to <code> elements. Apply to card titles in
board preview, card detail, public views, and notification emails.
Style inline code elements in titles to match description styling.
Co-authored-by: Andy Smith <andy@37signals.com >
---------
Co-authored-by: Andy Smith <andy@37signals.com >
2026-02-12 12:07:40 -05:00
Donal McBreen
1506624cd3
Add stackprof for profiling
...
So you can do something like this:
```ruby
require "stackprof"
report = StackProf.run(mode: :wall, interval: 100) do
Account.find_by(external_account_id: 123)
end
StackProf::Report.new(report).print_text
```
2026-02-12 15:42:50 +00:00
Zoltan Hosszu
2ee745cf82
Lexxy version bump
2026-02-12 09:54:20 +01:00
Mike Dalessio
bd1ef1f650
dep: bump console1984 to 746cd443 ( #2495 )
...
to pick up the session incineration fix
ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9552285400
2026-02-06 10:24:04 -05:00
Stanko K.R.
de69d2e6fe
Add import cleanup
2026-02-02 12:36:48 +01:00
Mike Dalessio
4e61b64d9a
Update to feature branch of audits1984
2026-01-28 14:13:51 -05:00
Rosa Gutierrez
1083784a98
Update turbo-rails to get latest Turbo version
...
In preparation for offline mode.
2026-01-19 19:40:08 +01:00
Jorge Manrubia
4ab1e3ff7d
Solve problem when Action Text raises on missing attachables
...
Reverts the previous patch. The problem was that I hadn't update
Lexxy in the saas version https://github.com/basecamp/lexxy/pull/596
2026-01-16 17:32:41 +01:00
Stanko K.R.
a811ba1b2a
Bump Bootsnap to v1.21.1
2026-01-16 14:26:46 +01:00
Zoltan Hosszu
43fa7fb6aa
Update to Lexxy 0.7.0beta
2026-01-15 16:34:56 +01:00
Jorge Manrubia
ce1c04803e
Update to latest Lexxy
2026-01-15 16:34:56 +01:00
Stanko K.R.
d5f270fe3a
Update development dependencies in SAAS lockfile
2026-01-13 12:06:43 +01:00
Stanko K.R.
f6557856f7
Update runtime dependencies
...
Updated kamal, bootsnap, rqrcode, net-http-persistent, web-push, aws-sdk-s3, bcrypt & rouge
2026-01-13 12:03:43 +01:00
Rosa Gutierrez
182d36aee9
Update Rails
2026-01-02 18:56:28 +01:00
Stanko K.R.
090582cd98
Update SAAS AWS dependencies
2025-12-19 19:16:39 +01:00
Robin Brandt
dddaf861d4
Bump mittens gem to support build on FreeBSD ( #2196 )
2025-12-18 10:56:24 -08:00
Jeremy Daer
c691d39ecf
Integrate fizzy-saas as vendored gem at saas/
...
- Update Gemfile.saas to use path: "saas" instead of GitHub source
- Update config/database.yml to reference local saas/ directory
- Update bin/setup to source saas/bin/setup directly
- Remove redundant dotfiles (ruby-version, gitignore, rubocop, github workflows)
- Add saas/db exclusions to root rubocop config
2025-12-16 12:25:22 -08:00
Jorge Manrubia
ee80b87c8c
Add billing system with Stripe
...
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Jason Zimdars <jz@37signals.com >
2025-12-16 16:44:20 +01:00
Kevin McConnell
14f337739d
Update Thruster
2025-12-16 13:28:49 +00:00
Jorge Manrubia
2e66fdff4a
Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta
2025-12-14 18:53:23 +01:00
Jeremy Daer
3d3593c8f6
Bump fizzy-saas to retain fewer docker images ( #2134 )
...
References https://github.com/basecamp/fizzy-saas/pull/32
2025-12-13 10:39:01 -08:00
Mike Dalessio
43fd8ab691
Update fizzy-saas to get employee restriction in staging
2025-12-12 15:31:22 -05:00
Mike Dalessio
430caed61e
saas: Bump queenbee gem for new staging location
2025-12-12 11:52:30 -05:00
Matthew Kent
eb06884ea7
Bump fizzy-saas to pickup another staging change.
2025-12-11 16:19:06 -08:00
Fernando Álvarez
ef3c49d9ad
Bump fizzy-saas
...
Related to updating URL on staging environment.
2025-12-11 18:26:01 +01:00
Kevin McConnell
4edd49374a
Update Gemfile.saas.lock
...
To bring in line with change in [36419c3600 ]
2025-12-11 16:04:55 +00:00
Kevin McConnell
3f2938dd8e
Bump fizzy-saas to set config option
2025-12-11 12:24:59 +00:00
Jeremy Daer
90452a4236
Enforce CSP ( #2070 )
2025-12-10 17:55:02 -08:00