Commit Graph

8109 Commits

Author SHA1 Message Date
Jeremy Daer 94e991df07 Gitleaks: ignore legit non-sensitive API keys and tokens in docs/ and test/ (#2068) 2025-12-10 14:23:55 -08:00
Mike Dalessio d750c9e5f2 Merge pull request #2067 from basecamp/flavorjones/gitleaks-20251210
Get gitleaks-audit green again
2025-12-10 17:14:40 -05:00
Mike Dalessio 3191c4ec1e Get gitleaks-audit green again 2025-12-10 17:05:19 -05:00
dependabot[bot] ef538abb4f Bump actions/checkout from 4 to 6 (#2047)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:42 -08:00
dependabot[bot] 19cd7bfeec Bump docker/login-action from 3.5.0 to 3.6.0 (#2046)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:17 -08:00
dependabot[bot] 9ee8b131c5 Bump docker/metadata-action from 5.8.0 to 5.10.0 (#2045)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.8.0 to 5.10.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.8.0...v5.10.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:02 -08:00
dependabot[bot] a90ad88bab Bump sigstore/cosign-installer from 3.9.2 to 4.0.0 (#2044)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.2 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.9.2...v4.0.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:24:47 -08:00
Hosmel Quintana df9a4b255c make MySQL SSL mode configurable via env var (#2036) 2025-12-10 13:22:38 -08:00
Andy Smith bed0e4bd9e Merge pull request #2009 from nqst/clickable-checkbox-labels
Make toggle switch labels clickable
2025-12-10 14:47:51 -06:00
Andy Smith 0e9350d637 Revert "Fix Lexxy prompt list padding by lowering rich-text specificity"
This reverts commit 31fec69822.
2025-12-10 14:12:34 -06:00
Andy Smith 31fec69822 Fix Lexxy prompt list padding by lowering rich-text specificity 2025-12-10 14:12:14 -06:00
Stanko Krtalić 96b6c6e9dc Merge pull request #2060 from basecamp/improve-api-docs-phrasing
Improve phrasing
2025-12-10 20:54:34 +01:00
Stanko K.R. 3f2e3e6b62 Improve phrasing 2025-12-10 20:49:36 +01:00
Stanko Krtalić ce4be3462c Merge pull request #2057 from basecamp/api-fixes
Followup API fixes
2025-12-10 18:52:45 +01:00
Stanko K.R. 4e092407ab Fix crash due to missing partial 2025-12-10 18:47:00 +01:00
Stanko K.R. b0b90cef66 Fix status and filter mistakes 2025-12-10 18:42:23 +01:00
Kevin McConnell 858439a5de Merge pull request #2051 from basecamp/run-jobs-by-default
In non-SaaS, run jobs in container by default
2025-12-10 16:59:24 +00:00
Mike Dalessio 6c73049261 Merge pull request #2053 from basecamp/flavorjones/fix-system-comment-injection
Prevent HTML injection into system comments (card activity feed)
2025-12-10 11:01:34 -05:00
Mike Dalessio cb4883a655 Merge pull request #2052 from basecamp/flavorjones/fix-join-codes-bignum
Add validation for the join code usage limit
2025-12-10 10:50:54 -05:00
Mike Dalessio e0c821f69b Autolinking is more robust
and handles URLs with CGI params, recognizes more (and multiple)
trailing punctuation marks including entity-encoded punctuation like
`&quot;`.
2025-12-10 10:42:24 -05:00
Mike Dalessio c5721b8187 Avoid unescaping characters when auto-linking
which could lead to Nokogiri unintentionally parsing tags from a
previously-escaped text node.
2025-12-10 10:38:43 -05:00
Mike Dalessio 83360ec6f3 Escape the names used to generate system comments
including user names, board titles, column names, and card titles.
2025-12-10 10:38:42 -05:00
Mike Dalessio fa118a7d83 Add validation for the join code usage limit
which is preferred to generating a database error
2025-12-10 10:10:08 -05:00
Stanko Krtalić 754aaa5a76 Merge pull request #1766 from basecamp/basic-api
Add basic API
2025-12-10 15:43:58 +01:00
Kevin McConnell 2a3fda02f4 Merge pull request #1939 from hosmelq/active-storage-env-config
Make Active Storage service configurable
2025-12-10 14:36:47 +00:00
Stanko K.R. 714f7642b2 Rename /identity to /my/identity in docs 2025-12-10 15:32:50 +01:00
Stanko K.R. 3257e4a6e9 Inline partials 2025-12-10 15:27:56 +01:00
Stanko K.R. 5ce71bf941 Move Identities to My::Identities 2025-12-10 15:13:35 +01:00
Kevin McConnell a5396bbb1a Don't overwrite storage service from engine 2025-12-10 14:08:08 +00:00
Stanko K.R. 90e6322092 Return no content on update 2025-12-10 15:07:22 +01:00
Stanko K.R. 566def581e Remove redundant respond_to 2025-12-10 15:05:13 +01:00
Kevin McConnell 6f002b66d8 In non-SaaS, run jobs in container by default 2025-12-10 12:32:35 +00:00
Stanko K.R. 79e77a3780 Handle user update failures 2025-12-10 09:23:53 +01:00
Stanko K.R. 8dc6c48db5 Remove composite cache key
This prevents jbuilder from fetching multiple records at once, but it's no longer needed as the column and board touch all their associated cards on update so we can remove it
2025-12-10 09:23:53 +01:00
Stanko K.R. cbbddf9ffe Add cache directives 2025-12-10 09:23:53 +01:00
Stanko K.R. 462470ed1d Remove endpoints section
It was too easy to get lost in the ### sections for each resource. With rescources being ## sections I hope it will be easier to find things.
2025-12-10 09:23:53 +01:00
Stanko K.R. a7ca41e548 Move the tags section close to the cards 2025-12-10 09:23:53 +01:00
Stanko K.R. 7b30ca203e Add index actions for Comments and Columns
Also, fix crash when a deactivated user is serialized (they don't have
an identity).
2025-12-10 09:23:52 +01:00
Stanko K.R. bea8e60fd0 Document Card-related APIs 2025-12-10 09:23:52 +01:00
Stanko K.R. 707bf45063 Add steps to cards 2025-12-10 09:23:52 +01:00
Stanko K.R. 86aed7b7b7 Add detailed guide for creating access tokens 2025-12-10 09:23:52 +01:00
Stanko K.R. d655074685 Document users API endpoints 2025-12-10 09:23:52 +01:00
Stanko K.R. 0c75712e83 Document notifications endpoints 2025-12-10 09:23:52 +01:00
Stanko K.R. db22745d64 Ignore documentation in Docker images 2025-12-10 09:23:52 +01:00
Stanko K.R. 6b229424a3 Lower the number of returned unread notifications
After talking to the mobile team we cam to the conclusion that for the API and the mobile apps speed is of the utmost importance when working with notifications. So we agreed to lower the unread notifications limit to 100 like we have in Basecamp. This strikes a balance between speed and usability.
2025-12-10 09:23:52 +01:00
Stanko K.R. bf51950007 Add API for reading notifications 2025-12-10 09:23:52 +01:00
Stanko K.R. 1a24c1373c Add API for creating and updating boards 2025-12-10 09:23:52 +01:00
Stanko K.R. f3ff0c605e Add pagination to most places and fix cards pagination 2025-12-10 09:23:52 +01:00
Stanko K.R. eb787fb590 Replace external_account_id with slug
The account ID isn't useful on its own since it has to be formatted to be used as part of a URL. Therfore let's return the slug instead.
2025-12-10 09:23:52 +01:00
Stanko K.R. ba30a301dc Add API for updating and deactivating users 2025-12-10 09:23:52 +01:00