dependabot[bot]
a21e93611e
Bump thruster from 0.1.17 to 0.1.18
...
Bumps [thruster](https://github.com/basecamp/thruster ) from 0.1.17 to 0.1.18.
- [Changelog](https://github.com/basecamp/thruster/blob/main/CHANGELOG.md )
- [Commits](https://github.com/basecamp/thruster/compare/v0.1.17...v0.1.18 )
---
updated-dependencies:
- dependency-name: thruster
dependency-version: 0.1.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-27 20:24:45 +00:00
Rosa Gutierrez
34fd62faf1
Move devices table to saas database
...
Use ActionPushNative's new on_load hook to configure the database connection,
following the same pattern as Active Storage and Action Text:
ActiveSupport.on_load(:action_push_native_record) do
connects_to database: { writing: :saas, reading: :saas }
end
This allows ApplicationPushDevice to inherit directly from ActionPushNative::Device
without needing an intermediate abstract class.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-02-25 19:31:13 +01:00
Samuel Péchèr
0038641ede
Update Lexxy to 0.7.6.beta
2026-02-24 20:25:07 +00:00
dependabot[bot]
395cc06f5c
Bump aws-sdk-s3 from 1.211.0 to 1.213.0 ( #2502 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.211.0 to 1.213.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
---
updated-dependencies:
- dependency-name: aws-sdk-s3
dependency-version: 1.213.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:53:45 -05:00
dependabot[bot]
b0b14ead28
Bump sqlite3 from 2.8.0 to 2.9.0 ( #2386 )
...
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby ) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases )
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v2.8.0...v2.9.0 )
---
updated-dependencies:
- dependency-name: sqlite3
dependency-version: 2.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:48:52 -05:00
dependabot[bot]
3063a40f0f
Bump trilogy from 2.9.0 to 2.10.0 ( #2388 )
...
Bumps [trilogy](https://github.com/trilogy-libraries/trilogy ) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/trilogy-libraries/trilogy/releases )
- [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md )
- [Commits](https://github.com/trilogy-libraries/trilogy/compare/v2.9.0...v2.10.0 )
---
updated-dependencies:
- dependency-name: trilogy
dependency-version: 2.10.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:43:47 -05:00
dependabot[bot]
361d4a7a52
Bump solid_queue from 1.2.4 to 1.3.1 ( #2425 )
...
Bumps [solid_queue](https://github.com/rails/solid_queue ) from 1.2.4 to 1.3.1.
- [Release notes](https://github.com/rails/solid_queue/releases )
- [Commits](https://github.com/rails/solid_queue/compare/v1.2.4...v1.3.1 )
---
updated-dependencies:
- dependency-name: solid_queue
dependency-version: 1.3.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:42:48 -05:00
dependabot[bot]
6f99e43f5b
Bump puma from 7.1.0 to 7.2.0 ( #2462 )
...
* Bump puma from 7.1.0 to 7.2.0
Bumps [puma](https://github.com/puma/puma ) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/puma/puma/releases )
- [Changelog](https://github.com/puma/puma/blob/main/History.md )
- [Commits](https://github.com/puma/puma/compare/v7.1.0...v7.2.0 )
---
updated-dependencies:
- dependency-name: puma
dependency-version: 7.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:25:30 -05:00
dependabot[bot]
85bb2aa1fa
Bump turbo-rails from 2.0.21 to 2.0.23 ( #2501 )
...
* Bump turbo-rails from 2.0.21 to 2.0.23
Bumps [turbo-rails](https://github.com/hotwired/turbo-rails ) from 2.0.21 to 2.0.23.
- [Release notes](https://github.com/hotwired/turbo-rails/releases )
- [Commits](https://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.23 )
---
updated-dependencies:
- dependency-name: turbo-rails
dependency-version: 2.0.23
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:09:22 -05:00
dependabot[bot]
446640b8e9
Bump the development-dependencies group with 2 updates ( #2588 )
...
* Bump the development-dependencies group with 2 updates
Bumps the development-dependencies group with 2 updates: [brakeman](https://github.com/presidentbeef/brakeman ) and [mocha](https://github.com/freerange/mocha ).
Updates `brakeman` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v8.0.1...v8.0.2 )
Updates `mocha` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md )
- [Commits](https://github.com/freerange/mocha/compare/v3.0.1...v3.0.2 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-version: 8.0.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development-dependencies
- dependency-name: mocha
dependency-version: 3.0.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:44 -05:00
dependabot[bot]
d8908c4b92
Bump bootsnap from 1.22.0 to 1.23.0 ( #2589 )
...
* Bump bootsnap from 1.22.0 to 1.23.0
Bumps [bootsnap](https://github.com/rails/bootsnap ) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/rails/bootsnap/releases )
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rails/bootsnap/compare/v1.22.0...v1.23.0 )
---
updated-dependencies:
- dependency-name: bootsnap
dependency-version: 1.23.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:17 -05:00
Mike Dalessio
3b229e9aab
Pin web-console to GitHub main for Rails compatibility
...
web-console 4.2.1 overrides the now-renamed filter_proxies method in
ActionDispatch::RemoteIp::GetIp. The fix (rails/web-console#344 ) is on
main but not yet released.
2026-02-18 15:16:21 -05:00
Mike Dalessio
41c2bd38af
Update Rails to 12e24ea (363 commits past 60d92e4)
...
Also updates transitive dependencies:
- action_text-trix ~> 2.1.15 → ~> 2.1.16
- irb 1.16.0 → 1.17.0
- json 2.18.0 → 2.18.1
- net-imap 0.6.2 → 0.6.3
- nokogiri 1.19.0 → 1.19.1
- prism 1.8.0 → 1.9.0
- rack 3.2.4 → 3.2.5
- rdoc 7.0.3 → 7.2.0
2026-02-18 13:37:13 -05:00
dependabot[bot]
38ff89de09
Bump bootsnap from 1.21.1 to 1.22.0 ( #2544 )
...
* Bump bootsnap from 1.21.1 to 1.22.0
Bumps [bootsnap](https://github.com/rails/bootsnap ) from 1.21.1 to 1.22.0.
- [Release notes](https://github.com/rails/bootsnap/releases )
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rails/bootsnap/compare/v1.21.1...v1.22.0 )
---
updated-dependencies:
- dependency-name: bootsnap
dependency-version: 1.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Sync Gemfile.saas.lock
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-16 16:09:22 -08:00
dependabot[bot]
0ead67f85b
Bump the development-dependencies group across 1 directory with 3 updates ( #2546 )
...
* Bump the development-dependencies group across 1 directory with 3 updates
Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman ), [faker](https://github.com/faker-ruby/faker ) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium ).
Updates `brakeman` from 7.1.2 to 8.0.1
- [Release notes](https://github.com/presidentbeef/brakeman/releases )
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md )
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1 )
Updates `faker` from 3.5.3 to 3.6.0
- [Release notes](https://github.com/faker-ruby/faker/releases )
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md )
- [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0 )
Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases )
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES )
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0 )
---
updated-dependencies:
- dependency-name: brakeman
dependency-version: 8.0.1
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: development-dependencies
- dependency-name: faker
dependency-version: 3.6.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
- dependency-name: selenium-webdriver
dependency-version: 4.40.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* Auto-sync Gemfile.saas.lock on Dependabot PRs
Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock
drifts whenever it bumps shared gems in Gemfile.lock.
Add `bin/bundle-drift forward` to push oss lockfile changes into the
saas lockfile (the reverse of `correct`), and a GitHub Actions workflow
that runs it automatically on Dependabot bundler branches.
* Update brakeman ignore fingerprint for 8.0.1
Brakeman 8.0.1 changed how it computes warning fingerprints, so the
existing ignore entry for the safe_constantize warning in Notifier
became obsolete. Update to the new fingerprint.
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Daer <jeremy@37signals.com >
2026-02-16 15:29:51 -08:00
Mike Dalessio
851f13a934
Render inline code in card titles ( #2518 )
...
* Remove unused marked JS dependency
* Remove unused redcarpet dependency
* Render inline code in card titles
Add card_html_title helper that HTML-escapes input then converts
backtick-wrapped text to <code> elements. Apply to card titles in
board preview, card detail, public views, and notification emails.
Style inline code elements in titles to match description styling.
Co-authored-by: Andy Smith <andy@37signals.com >
---------
Co-authored-by: Andy Smith <andy@37signals.com >
2026-02-12 12:07:40 -05:00
Donal McBreen
1506624cd3
Add stackprof for profiling
...
So you can do something like this:
```ruby
require "stackprof"
report = StackProf.run(mode: :wall, interval: 100) do
Account.find_by(external_account_id: 123)
end
StackProf::Report.new(report).print_text
```
2026-02-12 15:42:50 +00:00
Zoltan Hosszu
2ee745cf82
Lexxy version bump
2026-02-12 09:54:20 +01:00
Stanko K.R.
992f15066b
Replace RubyZip with ZipKit
...
ZipKit can read and write files directly from S3 which makes both imports and exports way more efficient in terms of disk usage.
2026-02-02 12:36:48 +01:00
Rosa Gutierrez
1083784a98
Update turbo-rails to get latest Turbo version
...
In preparation for offline mode.
2026-01-19 19:40:08 +01:00
Stanko K.R.
a811ba1b2a
Bump Bootsnap to v1.21.1
2026-01-16 14:26:46 +01:00
Jorge Manrubia
af9f53d82d
Update lexxy to latest
2026-01-15 16:38:07 +01:00
Zoltan Hosszu
43fa7fb6aa
Update to Lexxy 0.7.0beta
2026-01-15 16:34:56 +01:00
Jorge Manrubia
ce1c04803e
Update to latest Lexxy
2026-01-15 16:34:56 +01:00
Stanko K.R.
f6557856f7
Update runtime dependencies
...
Updated kamal, bootsnap, rqrcode, net-http-persistent, web-push, aws-sdk-s3, bcrypt & rouge
2026-01-13 12:03:43 +01:00
Stanko K.R.
40a5d6211e
Update development dependencies
2026-01-13 11:52:10 +01:00
Rosa Gutierrez
182d36aee9
Update Rails
2026-01-02 18:56:28 +01:00
Stanko K.R.
6be2f94581
Update aws-sdk-s3
...
Fixes a security warning raised by gem audit
2025-12-19 19:09:40 +01:00
Jorge Manrubia
3c078ae078
Merge pull request #2145 from bslobodin/bs-intel-mac
...
Update `Gemfile.lock` after `bin/setup` on Intel-based mac
2025-12-19 11:27:50 +01:00
Robin Brandt
dddaf861d4
Bump mittens gem to support build on FreeBSD ( #2196 )
2025-12-18 10:56:24 -08:00
Boris Slobodin
5fb1f6feb4
update Gemfile.lock after bin/setup on intel mac
2025-12-18 09:08:34 -05:00
Kevin McConnell
14f337739d
Update Thruster
2025-12-16 13:28:49 +00:00
Jorge Manrubia
2e66fdff4a
Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta
2025-12-14 18:53:23 +01:00
Jeremy Daer
586015c3f9
Bundle drift detection and correction ( #2101 )
...
Gemfile.saas evals Gemfile, so shared gems should have identical versions
in both lockfiles. This adds bin/bundle-drift to detect and fix drift:
* `bin/bundle-drift check` compares shared gem versions
* `bin/bundle-drift correct` seeds Gemfile.lock from Gemfile.saas.lock
and re-locks, letting Bundler prune SaaS-only gems while preserving
shared versions
Adds drift check to bin/ci and GitHub CI. Corrects existing drift.
2025-12-11 21:32:34 -08:00
Thiago Youssef
36419c3600
Bump rails version to remove svg renderer patch ( #2081 )
2025-12-11 15:15:54 +01:00
Jeremy Daer
8a732b081d
Bump Rails to current ast-immediate-variants-process-locally branch
2025-12-09 15:54:06 -08:00
Jeremy Daer
85bd5c2df5
Rails seeded parallel tests ( #2037 )
...
Enable work stealing by default for a tiny speedup at the cost of small
loss in reproducibility.
References https://github.com/rails/rails/pull/56175
2025-12-09 15:50:01 -08:00
Jeremy Daer
8eb01da057
Process blob variants using local files
...
Rails does post-upload variant processing using the same file upload
in https://github.com/rails/rails/pull/56327
Unrelated Lexxy bump:
Pulls in https://github.com/basecamp/lexxy/pull/493 to work around `dom_id`
removal from ActionText tag in https://github.com/rails/rails/pull/51238
2025-12-08 23:41:15 -08:00
Jorge Manrubia
cb0e9b9962
Immediate avatar and embed variants ( #2002 )
...
Reverts #2001
Restores #1955
2025-12-08 14:17:06 -08:00
Robin Brandt
2110fba227
Bump mittens to 0.3.1 ( #2006 )
2025-12-08 15:26:39 +01:00
Jorge Manrubia
c8c91259c7
Revert "Immediate avatar and embed variants"
2025-12-07 12:06:03 +01:00
Jorge Manrubia
91017c9208
Merge pull request #1955 from basecamp/immediate-variants
...
Immediate avatar and embed variants
2025-12-07 11:50:02 +01:00
Jorge Manrubia
48ef7d0b98
Update Lexxy and hide the highlighter for now
2025-12-05 11:24:52 +01:00
Jorge Manrubia
67f36886a1
Update lexxy to latest
...
Color highlighter, more code languages...
2025-12-05 11:17:29 +01:00
Jeremy Daer
21f3f72647
Immediate avatar and embed variants
...
Process variants synchronously on attachment to close the window between
image upload and variant availability, guaranteeing that we won't have
lazy variant processing attempts in GET requests.
Tradeoff is that we do variant processing in upload requests, which is
actually desirable. We're working with images that should take
milliseconds to resize given that we'll already have the file on hand.
References https://github.com/rails/rails/pull/51951
2025-12-04 23:54:37 -08:00
David Heinemeier Hansson
d729cf59f9
Beautify board watchers list ( #1946 )
...
* Beautify board_watchers_list by escaping the concat jungle
* Correct it and clean it
* Latest Rails to get the content tag fix
* Test against original collection
2025-12-04 16:14:52 -08:00
Jeremy Daer
085d47613f
Bundler: normalize platforms ( #1822 )
...
```bash
bundle lock --normalize-platforms
BUNDLE_GEMFILE=Gemfile.saas bundle lock --normalize-platforms
```
2025-12-02 13:37:36 -08:00
Jorge Manrubia
f64d5841b6
Merge pull request #1786 from basecamp/dependabot/bundler/rqrcode-3.1.1
...
Bump rqrcode from 3.1.0 to 3.1.1
2025-12-02 17:32:58 +01:00
Jorge Manrubia
ca60760504
Merge pull request #1784 from basecamp/dependabot/bundler/sqlite3-2.8.1
...
Bump sqlite3 from 2.8.0 to 2.8.1
2025-12-02 17:32:50 +01:00
Jorge Manrubia
40301ffa8f
Merge pull request #1782 from basecamp/dependabot/bundler/development-dependencies-b9e97ca7ce
...
Bump bundler-audit from 0.9.2 to 0.9.3 in the development-dependencies group
2025-12-02 17:32:43 +01:00