* mobile-app/scoped-styles:
Replace android and ios css layers with platform layer
Change how show-on-native works
Use the correct css layers for Android and iOS
Addresses an issue where User#familiar_name assumed `name` was always
present, potentially raising an exception during view rendering. Now
User validates name presence, and User#familiar_name handles blank
strings without error, in case any existing invalid records exist.
* main:
Use decimals for ordered lists
Update cached fragments
Revert "Merge pull request #1865 from basecamp/public-avatar-caching"
Show only public cards on public boards
Swap order of avatar links
Limit length of full name during signup
Make layout bulletproof
Serve own avatar from its own endpoint
If the conditional CSS rules failed to match for some reason, we should
prefer the general avatar image rather than the "my" avatar one. That
way the fallback mode will still look correct.
If we don't validate for length, then signups that overflow the database
columns will unnecessarily create and cancel a tenant. Adding a
validation means we can avoid this.
* main: (119 commits)
Bust comment view cache
Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta
Fix unexpected remove empty line from README
Lightbox uses Stimulus target callbacks instead of data-action
Add test coverage for the image lightbox
Add tests for tenancy middleware and timezone cookie
Refactor: Simplify TimeWindowParser using Rails convenience methods
SMTP: support SMTPS on port 465 (#2132)
Bump fizzy-saas to retain fewer docker images (#2134)
Add test coverage for with_golden_first scope (#2130)
Refactor: improve query scope composition with merge syntax (#2131)
Validate avatar sizes
Introduce Vips configuration
Tailscale serve support (#2126)
Update tests with final method naming: record! -> record
CSP config to allow Minio in development
Update fizzy-saas to get employee restriction in staging
Drop staff restriction in beta and staging
Unused
Use new FIZZY_GH_TOKEN with limited access
...
Remove data-action from the sanitizer allowlist to disallow injection
of potentially malicious Stimulus actions in user-provided
content. The lightbox controller now uses imageTarget callbacks to
handle clicks on image links.
Also add the file name as a caption in the light box, and fix the
caption color for dark mode visibility.
- Replace `beginning_of_day..end_of_day` with `all_day`
- Replace `beginning_of_week..end_of_week` with `all_week`
- Replace `beginning_of_month..end_of_month` with `all_month`
- Replace `beginning_of_year..end_of_year` with `all_year`
These changes improve code readability by using idiomatic Rails
methods that accomplish the same thing in a more concise and
expressive way.