Jason Zimdars
abbf226c3a
Merge pull request #1729 from basecamp/avatar-bulletproofing
...
Add defensive styles for non-square avatar images
2025-11-25 16:56:02 -06:00
Jason Zimdars
d825447e6b
Add defensive styles for non-square avatar images
2025-11-25 16:51:07 -06:00
Mike Dalessio
64a39b3139
Merge pull request #1726 from basecamp/flavorjones/better-useragent-behavior
...
Allow requests from Google Image Proxy
2025-11-25 17:15:38 -05:00
Jason Zimdars
9a8905dbc1
Merge pull request #1728 from basecamp/update-bundle-mailer
...
Make it clear this is just notifications, not comprehensive activity
2025-11-25 16:12:13 -06:00
Jason Zimdars
88765f5244
Update test for copy changes
2025-11-25 16:10:34 -06:00
Jeremy Daer
426420a406
Missed commit
2025-11-25 14:10:26 -08:00
Jeremy Daer
62fb1a46af
AI: standardize on https://agents.md
2025-11-25 14:09:53 -08:00
Jason Zimdars
154cbf0cde
Make it clear this is just notifications, not comprehensive activity
2025-11-25 16:08:11 -06:00
Jeremy Daer
92199c4ae7
AI: configure MCP servers for Chrome, Grafana, and Sentry ( #1727 )
2025-11-25 13:33:07 -08:00
Jason Zimdars
14650df246
Merge pull request #1723 from basecamp/fix-scroll-jump
...
Prevent autoscroll to the columns container to remove jump on page load
2025-11-25 15:31:26 -06:00
Mike Dalessio
b767d6edcb
Allow requests from Google Image Proxy
...
which should fix email notifications' avatars rendering as broken
images in GMail.
ref: https://app.fizzy.do/5986089/cards/1740
2025-11-25 16:26:15 -05:00
Mike Dalessio
0bf62ba4cf
Update to basecamp's useragent fork
...
and assert it's working by testing for Baidu
2025-11-25 16:18:23 -05:00
Rosa Gutierrez
fac9f3c369
Clean up a little bit the CSRF reporting code
...
Small follow-up to https://github.com/basecamp/fizzy/pull/1721
2025-11-25 21:28:50 +01:00
Jeremy Daer
525efb2de8
Claude: production observability guidance ( #1725 )
2025-11-25 12:23:01 -08:00
Jorge Manrubia
ca10e4ba4e
Prevent autoscroll to the root columns container to prevent jump on page load
...
https://app.fizzy.do/5986089/cards/3160
2025-11-25 21:01:18 +01:00
Mike Dalessio
396c1ffdcf
Merge pull request #1722 from basecamp/fwt-user-list-improvement
...
Prioritize current user and assigned users in assignment dropdown
2025-11-25 14:36:14 -05:00
Jason Zimdars
3d429c1dea
Include full name string so you can type your name to filter
2025-11-25 13:19:33 -06:00
Mike Dalessio
3811088db3
Prioritize current user and assigned users in assignment dropdown
...
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-25 13:46:14 -05:00
Rosa Gutierrez
d88949288c
Check and report on Sec-Fetch-Site header for forgery protection
...
This is a great, solid alternative to CSRF tokens for CSRF protection
when we aren't worried about older browsers or other kind of actors
doing modifying requests in our app, and could be a good test for future
upstreaming to Rails (although there we'd need to continue using CSRF
tokens or at least letting people opt out manually).
Let's start checking the header and reporting on it when CSRF fails or
when it doesn't match the other checks Rails does, and then promote this
to be the only way to defend from CSRF.
2025-11-25 19:19:50 +01:00
Donal McBreen
97bcdf1853
Enforce column limits via concern
...
SQLite columns lengths are purely informational, so we'll enforce the
limits via a concern that checks the lengths from the schema.
2025-11-25 15:32:34 +00:00
Mike Dalessio
51860d6c66
Merge pull request #1719 from basecamp/flavorjones/dep-update-20251125
...
bundle update - 20251125
2025-11-25 10:30:51 -05:00
Mike Dalessio
f0a22ea608
bundle update
2025-11-25 10:28:12 -05:00
Mike Dalessio
9707ed0af9
Merge pull request #1615 from basecamp/dependabot/bundler/bootsnap-1.19.0
...
Bump bootsnap from 1.18.6 to 1.19.0
2025-11-25 10:22:47 -05:00
Mike Dalessio
0b4896654a
Merge pull request #1706 from basecamp/dependabot/bundler/rails-17f6e00
...
Bump rails from `077c3ad` to `17f6e00`
2025-11-25 10:21:38 -05:00
dependabot[bot]
62dbae568b
Bump bootsnap from 1.18.6 to 1.19.0
...
Bumps [bootsnap](https://github.com/rails/bootsnap ) from 1.18.6 to 1.19.0.
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rails/bootsnap/compare/v1.18.6...v1.19.0 )
---
updated-dependencies:
- dependency-name: bootsnap
dependency-version: 1.19.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-25 15:16:29 +00:00
dependabot[bot]
e2f5eaa93f
Bump rails from 077c3ad to 17f6e00
...
Bumps [rails](https://github.com/rails/rails ) from `077c3ad` to `17f6e00`.
- [Release notes](https://github.com/rails/rails/releases )
- [Commits](https://github.com/rails/rails/compare/077c3ad60db4c43cccb8f4637b53b8d8eb7a3c19...17f6e00bce8c35b6c5355450331da170c768e3e0 )
---
updated-dependencies:
- dependency-name: rails
dependency-version: 17f6e00bce8c35b6c5355450331da170c768e3e0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-25 15:14:12 +00:00
Mike Dalessio
8ad59e75d4
Merge pull request #1709 from basecamp/dependabot/bundler/aws-sdk-s3-1.205.0
...
Bump aws-sdk-s3 from 1.201.0 to 1.205.0
2025-11-25 10:13:38 -05:00
Mike Dalessio
1059220b2a
Merge pull request #1626 from basecamp/dependabot/bundler/development-dependencies-a98687e030
...
Bump the development-dependencies group across 1 directory with 3 updates
2025-11-25 10:12:22 -05:00
Mike Dalessio
2c838f2aa2
Merge pull request #1707 from basecamp/dependabot/bundler/prometheus-client-mmap-1.3.0
...
Bump prometheus-client-mmap from 1.2.10 to 1.3.0
2025-11-25 10:11:24 -05:00
Mike Dalessio
0ddf356e7d
Merge pull request #1704 from basecamp/dependabot/bundler/yabeda-puma-plugin-0.9.0
...
Bump yabeda-puma-plugin from 0.8.0 to 0.9.0
2025-11-25 10:10:07 -05:00
Mike Dalessio
17011d4047
Merge pull request #1703 from basecamp/dependabot/bundler/solid_cache-1.0.10
...
Bump solid_cache from 1.0.8 to 1.0.10
2025-11-25 10:08:34 -05:00
Mike Dalessio
213f5749bb
Merge pull request #1708 from basecamp/dependabot/bundler/autotuner-1.1.0
...
Bump autotuner from 1.0.2 to 1.1.0
2025-11-25 10:05:53 -05:00
Donal McBreen
67f648f356
Enforce MySQL string/text limits in SQLite
...
To ensure consistent column lengths, we'll add limits to string and text
columns which match MySQL defaults.
2025-11-25 14:50:40 +00:00
Stanko Krtalić
a165334cbd
Merge pull request #1718 from basecamp/fix-cards-getting-stuck-in-edit-mode
...
Fix cards getting stuck in edit mode
2025-11-25 15:37:44 +01:00
Stanko K.R.
a7df8260c3
Fix cards getting stuck in edit mode
2025-11-25 15:36:13 +01:00
Donal McBreen
c2eb840e2b
Use Uuid type directly
2025-11-25 13:47:08 +00:00
Kevin McConnell
f086981dac
Merge pull request #1717 from basecamp/sentry-ignore-concurrent-migration-exception
...
Don't report `ConcurrentMigrationError` to Sentry
2025-11-25 13:28:42 +00:00
Kevin McConnell
b238a5b45b
Don't report ConcurrentMigrationError to Sentry
2025-11-25 13:24:07 +00:00
Stanko Krtalić
6753860c05
Merge pull request #1716 from basecamp/add-staff-flag-to-identities
...
Determine staff members based on flag
2025-11-25 14:11:38 +01:00
Kevin McConnell
efae77efd6
Merge pull request #1715 from basecamp/mysql-max-execution-time
...
Set MySQL max statement timeout to 5s
2025-11-25 13:10:19 +00:00
Stanko K.R.
f64a49dcc0
Determine staff members based on flag
...
This replaces the old system based on email addresses, the aim is to make it more generic and thus appropriate for OSS/self-hosting
See: https://3.basecamp.com/2914079/buckets/37331921/todos/9302705265#__recording_9320051455
2025-11-25 14:09:31 +01:00
Kevin McConnell
b6e31a234a
Set MySQL max statement timeout to 5s
2025-11-25 12:58:17 +00:00
Donal McBreen
e07419e953
Update config/database.yml
...
Co-authored-by: Mike Dalessio <mike.dalessio@gmail.com >
2025-11-25 11:38:21 +00:00
Donal McBreen
b96ea6e9d0
Update config/database.yml
...
Co-authored-by: Mike Dalessio <mike.dalessio@gmail.com >
2025-11-25 11:38:13 +00:00
Donal McBreen
b571303385
Don't use Current.account for search records
...
It doesn't actually work, and even if we could make it work reliably
we are better off if the records always know to go to the right shard.
It does make the interface a bit more complicated as we need to select
the right shard class with `for(account_id)`.
2025-11-25 11:34:41 +00:00
Stanko Krtalić
aab3a56d31
Merge pull request #1714 from basecamp/allow-long-user-agent-strings
...
Allow long user agent strings
2025-11-25 12:11:50 +01:00
Stanko K.R.
cc49a1b772
Allow long user agent strings
...
Copied this from BC and HEY which also use a string with a 4096 character length
See: https://app.fizzy.do/5986089/cards/3066
2025-11-25 12:09:02 +01:00
Stanko Krtalić
01dc7c1ce0
Merge pull request #1713 from basecamp/put-tags-the-card-is-tagged-with-first
...
Show tags the card is tagged with first
2025-11-25 11:34:04 +01:00
Stanko K.R.
4e52f9b9a9
Show tags the card is tagged with first
2025-11-25 11:24:21 +01:00
Stanko Krtalić
c8169c1972
Merge pull request #1712 from basecamp/fix-background-image-previews
...
Fix background images not showing up after upload
2025-11-25 08:15:20 +01:00