* main:
Use decimals for ordered lists
Update cached fragments
Revert "Merge pull request #1865 from basecamp/public-avatar-caching"
Show only public cards on public boards
Swap order of avatar links
Limit length of full name during signup
Make layout bulletproof
Serve own avatar from its own endpoint
* main: (119 commits)
Bust comment view cache
Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta
Fix unexpected remove empty line from README
Lightbox uses Stimulus target callbacks instead of data-action
Add test coverage for the image lightbox
Add tests for tenancy middleware and timezone cookie
Refactor: Simplify TimeWindowParser using Rails convenience methods
SMTP: support SMTPS on port 465 (#2132)
Bump fizzy-saas to retain fewer docker images (#2134)
Add test coverage for with_golden_first scope (#2130)
Refactor: improve query scope composition with merge syntax (#2131)
Validate avatar sizes
Introduce Vips configuration
Tailscale serve support (#2126)
Update tests with final method naming: record! -> record
CSP config to allow Minio in development
Update fizzy-saas to get employee restriction in staging
Drop staff restriction in beta and staging
Unused
Use new FIZZY_GH_TOKEN with limited access
...
Remove data-action from the sanitizer allowlist to disallow injection
of potentially malicious Stimulus actions in user-provided
content. The lightbox controller now uses imageTarget callbacks to
handle clicks on image links.
Also add the file name as a caption in the light box, and fix the
caption color for dark mode visibility.
* main: (117 commits)
Explain that the upload URL is account-scope
Allow direct uploads via API
Storage: ignore jobs for now-deleted targets
API: Support `created_at` for API card and comment creation (#2056)
Enforce CSP (#2070)
CSP: full config with env vars per source (#2069)
Speedy, auditable, deadlock-resistant storage tracking (#2026)
Gitleaks: ignore legit non-sensitive API keys and tokens in docs/ and test/ (#2068)
Get gitleaks-audit green again
Bump actions/checkout from 4 to 6 (#2047)
Bump docker/login-action from 3.5.0 to 3.6.0 (#2046)
Bump docker/metadata-action from 5.8.0 to 5.10.0 (#2045)
Bump sigstore/cosign-installer from 3.9.2 to 4.0.0 (#2044)
make MySQL SSL mode configurable via env var (#2036)
Update tip text for turning a card into a Golden Ticket
Revert "Fix Lexxy prompt list padding by lowering rich-text specificity"
Fix Lexxy prompt list padding by lowering rich-text specificity
Improve phrasing
Fix crash due to missing partial
Fix status and filter mistakes
...
GitHub's font stack with proper support for:
- macOS/iOS: -apple-system, BlinkMacSystemFont
- Windows: Segoe UI
- Linux: Noto Sans
- Emoji: Apple Color Emoji, Segoe UI Emoji
* main:
Remove semver-major-days from Dependabot on GH actions
Allow chromium unstable endpoint
Bump Rails to current ast-immediate-variants-process-locally branch
Rails seeded parallel tests (#2037)
Add blank slate to the main menu
Fixing Lexxy prompt menu spacing
Make SMTP config conditional on SMTP_ADDRESS
default to smtp
configurable actionmailer settings (ENV)
* main: (70 commits)
bin/ci: run OSS suite in SAAS mode for full coverage (#2029)
Fix flaky tests caused by leaky show_exceptions twiddling (#2028)
Fix ActiveStorage FileNotFoundError with immediate variant processing (#2022)
Immediate avatar and embed variants (#2002)
Should be in global gitignore
Account for browser button styled and adjust mobile padding for perma BG
Wrap the overflow menu
doc: update style doc reference for LLM agents
Fix Identity destruction callback ordering
Ensure user toggles on board edit page are cached properly
Adopt a cooldown period for dependency updates
Add lazy error context for Rails error reporter (#2014)
Disable board edit buttons for select all/none when not privileged
Autotuner: use structured logging instead of Sentry (#2011)
Add datetime to the search results
Fix involvement button label
Bump mittens to 0.3.1 (#2006)
No need to pass Currentl.user since it is the default value for the param
Validate email before creating identity during join code redemption
Ignore RubyMine project files in .gitignore
...