Commit Graph

168 Commits

Author SHA1 Message Date
dependabot[bot] b5ea94e99f Bump selenium-webdriver from 4.41.0 to 4.43.0 in the development-dependencies group (#2855)
* Bump selenium-webdriver in the development-dependencies group

Bumps the development-dependencies group with 1 update: [selenium-webdriver](https://github.com/SeleniumHQ/selenium).


Updates `selenium-webdriver` from 4.41.0 to 4.43.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.41.0...selenium-4.43.0)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-version: 4.43.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-18 17:03:49 -07:00
Mike Dalessio 2d9a00ed05 dep: fix dependency drift 2026-04-09 13:39:00 -04:00
dependabot[bot] 0c30fa7937 Bump kamal from 2.10.1 to 2.11.0 (#2767)
* Bump kamal from 2.10.1 to 2.11.0

Bumps [kamal](https://github.com/basecamp/kamal) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/basecamp/kamal/releases)
- [Commits](https://github.com/basecamp/kamal/compare/v2.10.1...v2.11.0)

---
updated-dependencies:
- dependency-name: kamal
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-09 13:19:30 -04:00
dependabot[bot] b64c1e8895 Bump aws-sdk-s3 from 1.216.0 to 1.218.0 (#2768) 2026-04-09 13:18:47 -04:00
Jorge Manrubia 1c6141c131 Update lexxy to 0.9.5.beta (#2820)
* Update lexxy to 0.9.5.beta

* Fix syntax highlight controller for lexxy 0.9.5.beta

The highlightAll export was renamed to highlightCode.

---------

Co-authored-by: Mike Dalessio <mike@37signals.com>
2026-04-09 13:06:59 -04:00
Mike Dalessio 759e6079e8 Update bin/bundle-drift to catch dependency requirement diffs (#2821)
* Detect dependency requirement drift in bin/bundle-drift

The checker only compared resolved spec versions between Gemfile.lock
and Gemfile.saas.lock. When dependabot bumped solid_queue from ~> 1.3
to ~> 1.4, the forward command patched the resolved version but left
the stale dependency requirement. The checker didn't catch it because
both lockfiles resolved to the same version.

Now find_drift also compares dependency requirements for shared direct
dependencies, and forward patches the DEPENDENCIES section too.

Includes built-in self-test (bin/bundle-drift self-test).

* Sync solid_queue dependency requirement in Gemfile.saas.lock

Updates ~> 1.3 to ~> 1.4 to match Gemfile.lock.
2026-04-09 12:19:52 -04:00
dependabot[bot] 659ec1e6e6 Bump solid_queue from 1.3.2 to 1.4.0 (#2766)
* Bump solid_queue from 1.3.2 to 1.4.0

Bumps [solid_queue](https://github.com/rails/solid_queue) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/rails/solid_queue/releases)
- [Commits](https://github.com/rails/solid_queue/compare/v1.3.2...v1.4.0)

---
updated-dependencies:
- dependency-name: solid_queue
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-09 11:16:29 -04:00
Mike Dalessio 8908ee46f8 Upgrade addressable to 2.9.0 (#2815)
* Upgrade addressable from 2.8.9 to 2.9.0

Security release fixing ReDoS vulnerabilities in Addressable::Template#match.
No application impact — fizzy does not use Addressable::Template directly.

* dep: fix saas drift
2026-04-08 15:45:23 -04:00
dependabot[bot] f3bacffe2b Bump lexxy from 0.9.0.beta to 0.9.1.beta (#2796)
* Bump lexxy from 0.9.0.beta to 0.9.1.beta

Bumps [lexxy](https://github.com/basecamp/lexxy) from 0.9.0.beta to 0.9.1.beta.
- [Release notes](https://github.com/basecamp/lexxy/releases)
- [Commits](https://github.com/basecamp/lexxy/compare/v0.9.0.beta...v0.9.1.beta)

---
updated-dependencies:
- dependency-name: lexxy
  dependency-version: 0.9.1.beta
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-07 11:36:12 -07:00
dependabot[bot] b2021e1e74 Bump trilogy from 2.10.0 to 2.11.1 (#2794)
* Bump trilogy from 2.10.0 to 2.11.1

Bumps [trilogy](https://github.com/trilogy-libraries/trilogy) from 2.10.0 to 2.11.1.
- [Release notes](https://github.com/trilogy-libraries/trilogy/releases)
- [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trilogy-libraries/trilogy/compare/v2.10.0...v2.11.1)

---
updated-dependencies:
- dependency-name: trilogy
  dependency-version: 2.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-07 10:09:41 -07:00
dependabot[bot] adc1b02d7a Bump thruster from 0.1.19 to 0.1.20 (#2797)
* Bump thruster from 0.1.19 to 0.1.20

Bumps [thruster](https://github.com/basecamp/thruster) from 0.1.19 to 0.1.20.
- [Changelog](https://github.com/basecamp/thruster/blob/v0.1.20/CHANGELOG.md)
- [Commits](https://github.com/basecamp/thruster/compare/v0.1.19...v0.1.20)

---
updated-dependencies:
- dependency-name: thruster
  dependency-version: 0.1.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-04-07 10:08:59 -07:00
dependabot[bot] 08faa17584 Bump action_text-trix from 2.1.17 to 2.1.18 (#2771)
* Bump action_text-trix from 2.1.17 to 2.1.18

Bumps [action_text-trix](https://github.com/basecamp/trix) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/basecamp/trix/releases)
- [Commits](https://github.com/basecamp/trix/compare/v2.1.17...v2.1.18)

---
updated-dependencies:
- dependency-name: action_text-trix
  dependency-version: 2.1.18
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-29 14:43:08 -07:00
dependabot[bot] 509d8d158f Bump the development-dependencies group with 2 updates (#2765)
* Bump the development-dependencies group with 2 updates

Bumps the development-dependencies group with 2 updates: [webmock](https://github.com/bblimke/webmock) and [mocha](https://github.com/freerange/mocha).


Updates `webmock` from 3.26.1 to 3.26.2
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.26.1...v3.26.2)

Updates `mocha` from 3.0.2 to 3.1.0
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v3.0.2...v3.1.0)

---
updated-dependencies:
- dependency-name: webmock
  dependency-version: 3.26.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: mocha
  dependency-version: 3.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-29 12:54:45 -07:00
Stanko K.R. 61580ec58f Update AWS SDK 2026-03-25 18:30:01 +01:00
Stanko Krtalić 01b4698e13 Merge pull request #2751 from basecamp/passkey-improvements
Passkey improvements
2026-03-25 18:19:09 +01:00
Stanko K.R. 5820480c0c Update SAAS gemfile 2026-03-25 18:10:11 +01:00
Stanko K.R. 37ff66d552 Fix gemfile drift 2026-03-25 17:42:27 +01:00
Stanko Krtalić dac4d9233c Merge pull request #2741 from basecamp/dependabot/bundler/aws-sdk-s3-1.216.0
Bump aws-sdk-s3 from 1.215.0 to 1.216.0
2026-03-25 17:28:50 +01:00
Stanko Krtalić 70c08877b7 Merge pull request #2735 from basecamp/dependabot/bundler/bcrypt-3.1.22
Bump bcrypt from 3.1.21 to 3.1.22
2026-03-25 17:23:26 +01:00
github-actions[bot] 940fb2fafc Sync Gemfile.saas.lock 2026-03-20 20:24:28 +00:00
Jorge Manrubia 8c46ff52b4 Bump Lexxy to 0.9.0.beta (#2739) 2026-03-20 17:37:09 +01:00
github-actions[bot] 6097ac79cc Sync Gemfile.saas.lock 2026-03-19 18:58:13 +00:00
dependabot[bot] 6538cf80a9 Bump json from 2.19.1 to 2.19.2 (#2730)
* Bump json from 2.19.1 to 2.19.2

Bumps [json](https://github.com/ruby/json) from 2.19.1 to 2.19.2.
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](https://github.com/ruby/json/compare/v2.19.1...v2.19.2)

---
updated-dependencies:
- dependency-name: json
  dependency-version: 2.19.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-19 09:35:47 -07:00
Mike Dalessio 06735bb991 dep: fix Gemfile.saas gemfile drift 2026-03-17 22:09:48 -04:00
Mike Dalessio 7fec94449f Merge pull request #2721 from basecamp/flavorjones/dep-update-sqlite3-2.9.2
dep: update sqlite3 to 2.9.2
2026-03-17 22:02:24 -04:00
Mike Dalessio 806f5ca0dd Merge pull request #2704 from basecamp/dependabot/bundler/thruster-0.1.19
Bump thruster from 0.1.18 to 0.1.19
2026-03-17 22:01:03 -04:00
Mike Dalessio 801b10eb05 Merge pull request #2705 from basecamp/dependabot/bundler/aws-sdk-s3-1.215.0
Bump aws-sdk-s3 from 1.213.0 to 1.215.0
2026-03-17 22:00:29 -04:00
Mike Dalessio c62be7afde dep: update sqlite3 to 2.9.2 2026-03-17 21:59:09 -04:00
Mike Dalessio 50d067fec9 Merge pull request #2702 from basecamp/dependabot/bundler/development-dependencies-aa185b57ca
Bump faker from 3.6.0 to 3.6.1 in the development-dependencies group
2026-03-17 21:55:16 -04:00
Mike Dalessio 4cf7ad5e3e Merge pull request #2697 from basecamp/dependabot/bundler/action_text-trix-2.1.17
Bump action_text-trix from 2.1.16 to 2.1.17
2026-03-17 21:54:05 -04:00
Mike Dalessio 29a29094bd Configure Lexxy to add extra spacing between block elements
Updating Lexxy to v0.8.5 for the insert-markdown event.
2026-03-17 10:31:46 -04:00
Jorge Manrubia 964915bc66 Remove payment/subscription system and card/storage limits
Fizzy is now free. Remove the entire Stripe billing system,
subscription management, and card/storage limit enforcement.

Removes from saas/: Plan model, Account::Billing, Account::Subscription,
Account::Limited, Account::OverriddenLimits, Account::BillingWaiver,
all subscription/billing controllers and views, Stripe webhook handler,
card creation/publishing limit enforcement, admin account override UI,
usage report rake task, and all related tests.

Removes from main app: Fizzy.saas? guards for subscription panel,
SaaS card footer override, near-limit notices, and saas.css stylesheet.

Adds migration to drop billing tables from the SaaS database.

Non-billing SaaS features (push notifications, signup, authorization,
telemetry, console1984/audits1984) are preserved.
2026-03-17 09:22:04 +01:00
github-actions[bot] d579b6409c Sync Gemfile.saas.lock 2026-03-13 20:25:58 +00:00
github-actions[bot] d9f3301125 Sync Gemfile.saas.lock 2026-03-13 20:25:45 +00:00
github-actions[bot] 09ac251445 Sync Gemfile.saas.lock 2026-03-13 20:24:48 +00:00
github-actions[bot] 585375b3ec Sync Gemfile.saas.lock 2026-03-12 17:36:05 +00:00
Mike Dalessio 3959d91148 Revert "Configure Lexxy to add extra spacing between block elements"
This reverts commit d6bf103efd.
2026-03-12 12:24:35 -04:00
Mike Dalessio d6bf103efd Configure Lexxy to add extra spacing between block elements
Updating Lexxy to v0.8.0 for the insert-markdown event.
2026-03-11 22:17:07 -04:00
Mike Dalessio ab5283441d SaaS usage reporting (#2690)
* Add saas:usage_report rake task and extract Subscription.paid scope

Add a rake task to generate a CSV usage report with per-account data:
Queenbee ID, sign up date, paid date, card count, storage used, and
last active date.

Extract the paid subscriptions query from Admin::StatsController into
an Account::Subscription.paid scope so both the controller and the
new rake task can share it.

* Add comped and account name columns to usage report

* Update saas/lib/tasks/fizzy/usage_report.rake

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Preload storage_total to avoid N+1 in usage report

* Batch last_active_at queries to avoid per-account aggregates

* Add tests for Account::Subscription.paid scope

* Update saas/app/models/account/subscription.rb

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Aggregate paid dates in SQL instead of loading all subscriptions

* Fix paid scope to derive plan keys from Plan.all instead of PLANS hash

* Move paid dates and comped lookups into per-batch queries

* Materialize batch IDs to avoid cross-database subquery

SaasRecord models live on a separate database (fizzy_saas) that doesn't
have the accounts table. Using batch.select(:id) generated a subquery
that ran on the saas database, causing a table-not-found error. Using
pluck(:id) materializes the IDs into an array instead.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-11 10:11:13 -04:00
Rosa Gutierrez 1855490f80 Revert CORS fetch mode for Active Storage
CORS mode doesn't work with redirect-based Active Storage URLs
when the storage bucket uses wildcard Access-Control-Allow-Origin.
Relying on maxEntries alone until specific origin CORS is available.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 10:20:54 +01:00
Rosa Gutierrez 67d629f722 Use CORS fetch mode for Active Storage to enable maxEntrySize checks
Otherwise, for resources like images loaded via <img> tags, the browser
sets `mode: "no-cors"` (as these aren't CORS requests), so the service
worker gets an opaque response even though the server sends CORS
headers.

We could upgrade all no-cors requests to cors mode, sending a `mode:
"cors"` request to a server that doesn't send CORS headers will fail
entirely: the `fetch` call throws a `TypeError` (network error), and the
browser blocks the response. So the resource wouldn't load at all, not
even as opaque. We wouldn't be able to cache it at all.

By opting in via `fetchOptions`, we can do it only for rules where we
know the server will send CORS headers.
2026-03-10 10:20:54 +01:00
Rosa Gutierrez de6d70cc2e Bump turbo-rails for Turbo.offline.clearCache()
Simplify the clear-offline-cache controller to use the new
Turbo.offline.clearCache() API instead of messaging the service
worker directly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 10:20:54 +01:00
Rosa Gutierrez 089fcf94f8 Preload resources after service worker installation
When the service worker is registered for the first time, resources loaded
before it becomes active won't go through the service worker. These resources
may be served from the browser's HTTP cache on subsequent requests, bypassing
the service worker cache entirely.

The new `preload` option accepts a regex pattern. On first visit (when no
controller exists), it waits for the service worker to take control, then
sends a message with URLs from `performance.getEntriesByType("resource")`
that match the pattern. The service worker fetches and caches these resources.
2026-03-10 10:20:54 +01:00
Rosa Gutierrez 9b264483d1 Bump turbo-rails for cache size limits 2026-03-10 10:20:54 +01:00
Rosa Gutierrez 32134be882 Bump turbo-rails for network-first strategy fix on network error 2026-03-10 10:20:54 +01:00
Rosa Gutierrez 90d5a351f0 Bump turbo-rails for Range requests support
Cached video and audio files.
2026-03-10 10:20:54 +01:00
Rosa Gutierrez cf8d92afea Enable offline caching for all web users
Previously, offline caching was conditionally enabled only for Hotwire
Native apps. This removes that restriction and enables offline support
for all users, including PWAs and regular browsers.

This Uses the new `fetchOptions` support in `TurboOffline` handlers
to pass `cache: "no-cache"` for document fetches, which we need
to work around a quite annoying Safari PWA bug
(see https://github.com/basecamp/fizzy/pull/1014).

Also, simplify a bit the cache names and remove the `misc` one.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-10 10:20:54 +01:00
Rosa Gutierrez a949f1e3ae Clear offline cache when logging out
Adds a logout Stimulus controller that sends a message to the service
worker to clear all cached content when the user logs out. This ensures
that cached data from one user isn't accessible after logout.

The implementation:
- Adds logout_controller.js that posts { action: "clearCache" } to the
  service worker via postMessage
- Updates logout buttons to use the controller on form submission

Also fixes data-turbo placement: moved from button to form element where
it actually takes effect for disabling Turbo Drive form submissions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-10 10:20:54 +01:00
Rosa Gutierrez ada4688c4e Take a first stab at offline mode support 2026-03-10 10:20:54 +01:00
dependabot[bot] 17112fa0ee Bump brakeman from 8.0.2 to 8.0.4 in the development-dependencies group (#2669)
* Bump brakeman from 8.0.2 to 8.0.4 in the development-dependencies group

Bumps the development-dependencies group with 1 update: [brakeman](https://github.com/presidentbeef/brakeman).


Updates `brakeman` from 8.0.2 to 8.0.4
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v8.0.2...v8.0.4)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-09 08:58:36 -07:00