Commit Graph

7496 Commits

Author SHA1 Message Date
Jason Zimdars abbf226c3a Merge pull request #1729 from basecamp/avatar-bulletproofing
Add defensive styles for non-square avatar images
2025-11-25 16:56:02 -06:00
Jason Zimdars d825447e6b Add defensive styles for non-square avatar images 2025-11-25 16:51:07 -06:00
Mike Dalessio 64a39b3139 Merge pull request #1726 from basecamp/flavorjones/better-useragent-behavior
Allow requests from Google Image Proxy
2025-11-25 17:15:38 -05:00
Jason Zimdars 9a8905dbc1 Merge pull request #1728 from basecamp/update-bundle-mailer
Make it clear this is just notifications, not comprehensive activity
2025-11-25 16:12:13 -06:00
Jason Zimdars 88765f5244 Update test for copy changes 2025-11-25 16:10:34 -06:00
Jeremy Daer 426420a406 Missed commit 2025-11-25 14:10:26 -08:00
Jeremy Daer 62fb1a46af AI: standardize on https://agents.md 2025-11-25 14:09:53 -08:00
Jason Zimdars 154cbf0cde Make it clear this is just notifications, not comprehensive activity 2025-11-25 16:08:11 -06:00
Jeremy Daer 92199c4ae7 AI: configure MCP servers for Chrome, Grafana, and Sentry (#1727) 2025-11-25 13:33:07 -08:00
Jason Zimdars 14650df246 Merge pull request #1723 from basecamp/fix-scroll-jump
Prevent autoscroll to the columns container to remove jump on page load
2025-11-25 15:31:26 -06:00
Mike Dalessio b767d6edcb Allow requests from Google Image Proxy
which should fix email notifications' avatars rendering as broken
images in GMail.

ref: https://app.fizzy.do/5986089/cards/1740
2025-11-25 16:26:15 -05:00
Mike Dalessio 0bf62ba4cf Update to basecamp's useragent fork
and assert it's working by testing for Baidu
2025-11-25 16:18:23 -05:00
Rosa Gutierrez fac9f3c369 Clean up a little bit the CSRF reporting code
Small follow-up to https://github.com/basecamp/fizzy/pull/1721
2025-11-25 21:28:50 +01:00
Jeremy Daer 525efb2de8 Claude: production observability guidance (#1725) 2025-11-25 12:23:01 -08:00
Jorge Manrubia ca10e4ba4e Prevent autoscroll to the root columns container to prevent jump on page load
https://app.fizzy.do/5986089/cards/3160
2025-11-25 21:01:18 +01:00
Mike Dalessio 396c1ffdcf Merge pull request #1722 from basecamp/fwt-user-list-improvement
Prioritize current user and assigned users in assignment dropdown
2025-11-25 14:36:14 -05:00
Jason Zimdars 3d429c1dea Include full name string so you can type your name to filter 2025-11-25 13:19:33 -06:00
Mike Dalessio 3811088db3 Prioritize current user and assigned users in assignment dropdown
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-25 13:46:14 -05:00
Rosa Gutierrez d88949288c Check and report on Sec-Fetch-Site header for forgery protection
This is a great, solid alternative to CSRF tokens for CSRF protection
when we aren't worried about older browsers or other kind of actors
doing modifying requests in our app, and could be a good test for future
upstreaming to Rails (although there we'd need to continue using CSRF
tokens or at least letting people opt out manually).

Let's start checking the header and reporting on it when CSRF fails or
when it doesn't match the other checks Rails does, and then promote this
to be the only way to defend from CSRF.
2025-11-25 19:19:50 +01:00
Donal McBreen 97bcdf1853 Enforce column limits via concern
SQLite columns lengths are purely informational, so we'll enforce the
limits via a concern that checks the lengths from the schema.
2025-11-25 15:32:34 +00:00
Mike Dalessio 51860d6c66 Merge pull request #1719 from basecamp/flavorjones/dep-update-20251125
bundle update - 20251125
2025-11-25 10:30:51 -05:00
Mike Dalessio f0a22ea608 bundle update 2025-11-25 10:28:12 -05:00
Mike Dalessio 9707ed0af9 Merge pull request #1615 from basecamp/dependabot/bundler/bootsnap-1.19.0
Bump bootsnap from 1.18.6 to 1.19.0
2025-11-25 10:22:47 -05:00
Mike Dalessio 0b4896654a Merge pull request #1706 from basecamp/dependabot/bundler/rails-17f6e00
Bump rails from `077c3ad` to `17f6e00`
2025-11-25 10:21:38 -05:00
dependabot[bot] 62dbae568b Bump bootsnap from 1.18.6 to 1.19.0
Bumps [bootsnap](https://github.com/rails/bootsnap) from 1.18.6 to 1.19.0.
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.18.6...v1.19.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-25 15:16:29 +00:00
dependabot[bot] e2f5eaa93f Bump rails from 077c3ad to 17f6e00
Bumps [rails](https://github.com/rails/rails) from `077c3ad` to `17f6e00`.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/077c3ad60db4c43cccb8f4637b53b8d8eb7a3c19...17f6e00bce8c35b6c5355450331da170c768e3e0)

---
updated-dependencies:
- dependency-name: rails
  dependency-version: 17f6e00bce8c35b6c5355450331da170c768e3e0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-25 15:14:12 +00:00
Mike Dalessio 8ad59e75d4 Merge pull request #1709 from basecamp/dependabot/bundler/aws-sdk-s3-1.205.0
Bump aws-sdk-s3 from 1.201.0 to 1.205.0
2025-11-25 10:13:38 -05:00
Mike Dalessio 1059220b2a Merge pull request #1626 from basecamp/dependabot/bundler/development-dependencies-a98687e030
Bump the development-dependencies group across 1 directory with 3 updates
2025-11-25 10:12:22 -05:00
Mike Dalessio 2c838f2aa2 Merge pull request #1707 from basecamp/dependabot/bundler/prometheus-client-mmap-1.3.0
Bump prometheus-client-mmap from 1.2.10 to 1.3.0
2025-11-25 10:11:24 -05:00
Mike Dalessio 0ddf356e7d Merge pull request #1704 from basecamp/dependabot/bundler/yabeda-puma-plugin-0.9.0
Bump yabeda-puma-plugin from 0.8.0 to 0.9.0
2025-11-25 10:10:07 -05:00
Mike Dalessio 17011d4047 Merge pull request #1703 from basecamp/dependabot/bundler/solid_cache-1.0.10
Bump solid_cache from 1.0.8 to 1.0.10
2025-11-25 10:08:34 -05:00
Mike Dalessio 213f5749bb Merge pull request #1708 from basecamp/dependabot/bundler/autotuner-1.1.0
Bump autotuner from 1.0.2 to 1.1.0
2025-11-25 10:05:53 -05:00
Donal McBreen 67f648f356 Enforce MySQL string/text limits in SQLite
To ensure consistent column lengths, we'll add limits to string and text
columns which match MySQL defaults.
2025-11-25 14:50:40 +00:00
Stanko Krtalić a165334cbd Merge pull request #1718 from basecamp/fix-cards-getting-stuck-in-edit-mode
Fix cards getting stuck in edit mode
2025-11-25 15:37:44 +01:00
Stanko K.R. a7df8260c3 Fix cards getting stuck in edit mode 2025-11-25 15:36:13 +01:00
Donal McBreen c2eb840e2b Use Uuid type directly 2025-11-25 13:47:08 +00:00
Kevin McConnell f086981dac Merge pull request #1717 from basecamp/sentry-ignore-concurrent-migration-exception
Don't report `ConcurrentMigrationError` to Sentry
2025-11-25 13:28:42 +00:00
Kevin McConnell b238a5b45b Don't report ConcurrentMigrationError to Sentry 2025-11-25 13:24:07 +00:00
Stanko Krtalić 6753860c05 Merge pull request #1716 from basecamp/add-staff-flag-to-identities
Determine staff members based on flag
2025-11-25 14:11:38 +01:00
Kevin McConnell efae77efd6 Merge pull request #1715 from basecamp/mysql-max-execution-time
Set MySQL max statement timeout to 5s
2025-11-25 13:10:19 +00:00
Stanko K.R. f64a49dcc0 Determine staff members based on flag
This replaces the old system based on email addresses, the aim is to make it more generic and thus appropriate for OSS/self-hosting

See: https://3.basecamp.com/2914079/buckets/37331921/todos/9302705265#__recording_9320051455
2025-11-25 14:09:31 +01:00
Kevin McConnell b6e31a234a Set MySQL max statement timeout to 5s 2025-11-25 12:58:17 +00:00
Donal McBreen e07419e953 Update config/database.yml
Co-authored-by: Mike Dalessio <mike.dalessio@gmail.com>
2025-11-25 11:38:21 +00:00
Donal McBreen b96ea6e9d0 Update config/database.yml
Co-authored-by: Mike Dalessio <mike.dalessio@gmail.com>
2025-11-25 11:38:13 +00:00
Donal McBreen b571303385 Don't use Current.account for search records
It doesn't actually work, and even if we could make it work reliably
we are better off if the records always know to go to the right shard.

It does make the interface a bit more complicated as we need to select
the right shard class with `for(account_id)`.
2025-11-25 11:34:41 +00:00
Stanko Krtalić aab3a56d31 Merge pull request #1714 from basecamp/allow-long-user-agent-strings
Allow long user agent strings
2025-11-25 12:11:50 +01:00
Stanko K.R. cc49a1b772 Allow long user agent strings
Copied this from BC and HEY which also use a string with a 4096 character length

See: https://app.fizzy.do/5986089/cards/3066
2025-11-25 12:09:02 +01:00
Stanko Krtalić 01dc7c1ce0 Merge pull request #1713 from basecamp/put-tags-the-card-is-tagged-with-first
Show tags the card is tagged with first
2025-11-25 11:34:04 +01:00
Stanko K.R. 4e52f9b9a9 Show tags the card is tagged with first 2025-11-25 11:24:21 +01:00
Stanko Krtalić c8169c1972 Merge pull request #1712 from basecamp/fix-background-image-previews
Fix background images not showing up after upload
2025-11-25 08:15:20 +01:00