Commit Graph

118 Commits

Author SHA1 Message Date
Kevin McConnell f6ed923e75 Merge pull request #2651 from basecamp/update-thruster-0.1.18
Update Thruster to v0.1.18
2026-03-03 13:41:23 +00:00
Kevin McConnell 6e3ee266ec Update Thruster to v0.1.18 2026-03-03 13:30:55 +00:00
Jorge Manrubia 7ef343e83d Revert "Sync Gemfile.saas.lock"
This reverts commit 2fef068ad0.
2026-03-03 14:06:13 +01:00
Jorge Manrubia 4853536ced Revert "Fix Gemfile.saas.lock: add missing thruster 0.1.18 platform variants"
This reverts commit a515f1f007.
2026-03-03 14:06:04 +01:00
Jorge Manrubia a515f1f007 Fix Gemfile.saas.lock: add missing thruster 0.1.18 platform variants
The saas.lock sync only bumped the version number but never added the
platform-specific entries that were present for 0.1.17.
2026-03-03 14:01:50 +01:00
Jorge Manrubia 8ae619891c Bump solid_queue from 1.3.1 to 1.3.2 and importmap-rails from 2.2.2 to 2.2.3 2026-03-03 14:01:36 +01:00
github-actions[bot] 2fef068ad0 Sync Gemfile.saas.lock 2026-03-03 14:01:36 +01:00
Jorge Manrubia 6d7e0dbe99 Revert "Sync Gemfile.saas.lock"
This reverts commit e1ffecb4f6.
2026-03-03 13:57:42 +01:00
Jorge Manrubia 41cc11d2c0 Revert "Bump solid_queue from 1.3.1 to 1.3.2 and importmap-rails from 2.2.2 to 2.2.3"
This reverts commit 14a57c2b90.
2026-03-03 13:57:12 +01:00
Jorge Manrubia b1495153cd Revert "Restore platform-specific thruster entries in Gemfile.saas.lock"
This reverts commit c295af7baf.
2026-03-03 13:57:12 +01:00
Jorge Manrubia c295af7baf Restore platform-specific thruster entries in Gemfile.saas.lock
The dependabot PR that bumped solid_queue and importmap-rails accidentally
dropped the platform variants for thruster 0.1.18 from Gemfile.saas.lock,
causing "Unsupported platform: x86_64-linux" boot failures on production.
2026-03-03 13:42:12 +01:00
Jorge Manrubia 14a57c2b90 Bump solid_queue from 1.3.1 to 1.3.2 and importmap-rails from 2.2.2 to 2.2.3 2026-03-03 11:36:26 +01:00
Jorge Manrubia 991e31bd66 Merge pull request #2634 from basecamp/dependabot/bundler/stackprof-0.2.28
Bump stackprof from 0.2.27 to 0.2.28
2026-03-03 11:34:58 +01:00
Jorge Manrubia 6f33d09471 Merge pull request #2630 from basecamp/dependabot/bundler/thruster-0.1.18
Bump thruster from 0.1.17 to 0.1.18
2026-03-03 11:34:52 +01:00
Mike Dalessio 6a9121078e dep: Fix up Gemfile.saas.lock 2026-02-28 10:06:55 -05:00
dependabot[bot] 9128fb276b Bump the development-dependencies group with 2 updates (#2629)
* Bump the development-dependencies group with 2 updates

Bumps the development-dependencies group with 2 updates: [web-console](https://github.com/rails/web-console) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium).


Updates `web-console` from `bdbb391` to `90e3474`
- [Release notes](https://github.com/rails/web-console/releases)
- [Commits](https://github.com/rails/web-console/compare/bdbb39114348b037a515b2ce75a47457b0e647d1...90e3474306f2367cfeaf2875e91e2bc2d71b5f0f)

Updates `selenium-webdriver` from 4.40.0 to 4.41.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.40.0...selenium-4.41.0)

---
updated-dependencies:
- dependency-name: web-console
  dependency-version: 90e3474306f2367cfeaf2875e91e2bc2d71b5f0f
  dependency-type: direct:development
  dependency-group: development-dependencies
- dependency-name: selenium-webdriver
  dependency-version: 4.41.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-27 23:46:48 -08:00
github-actions[bot] 763af3f4a4 Sync Gemfile.saas.lock 2026-02-27 20:26:07 +00:00
github-actions[bot] e1ffecb4f6 Sync Gemfile.saas.lock 2026-02-27 20:24:55 +00:00
Rosa Gutierrez 92cb749e16 Fix tests for renamed fixtures and new stacked notifications
Clear assignee's existing notifications in setup since Notifier now
uses create_or_find_by instead of create, and reload the association
to avoid caching after destroy_all.

Update fixture references after rebase: use `logo_assignment_kevin`
as base notification and `logo_mentioned_david` for mention tests.
Update source to `logo_published` in tests that need generic card events.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 155fa2da97 Go back to RubyGems version of action_push_native
After releasing the new version: https://github.com/rails/action_push_native/releases/tag/v0.3.1
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 34fd62faf1 Move devices table to saas database
Use ActionPushNative's new on_load hook to configure the database connection,
following the same pattern as Active Storage and Action Text:

  ActiveSupport.on_load(:action_push_native_record) do
    connects_to database: { writing: :saas, reading: :saas }
  end

This allows ApplicationPushDevice to inherit directly from ActionPushNative::Device
without needing an intermediate abstract class.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez d3cc79a5bc Simplify device routes and use ActiveRecord validations
- Use RESTful DELETE /devices/:id where :id can be token or database ID
- Remove redundant unregister collection route
- Remove old Users::DevicesController
- Return 404 when device not found instead of silently succeeding
- Return 422 for invalid platform via ActiveRecord validation
- Update action_push_native to main branch (includes validate: true on enum)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 2121b6dc3d Use version of action_push_native with proper config paths support
See https://github.com/rails/action_push_native/pull/89

Now we can delete the OSS version of `config/push.yml`, no longer needed.
2026-02-25 19:31:13 +01:00
Fernando Olivares 3c54cd84fc Add native push notification infrastructure
- Add action_push_native gem and SaaS configuration
- Add device registration API and UI
- Add User::Devices concern
- Add NotificationPusher::Native for push delivery
- Add tests and fixtures for native push
2026-02-25 19:31:13 +01:00
Samuel Péchèr 0038641ede Update Lexxy to 0.7.6.beta 2026-02-24 20:25:07 +00:00
dependabot[bot] 395cc06f5c Bump aws-sdk-s3 from 1.211.0 to 1.213.0 (#2502)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.211.0 to 1.213.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-version: 1.213.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:53:45 -05:00
dependabot[bot] b0b14ead28 Bump sqlite3 from 2.8.0 to 2.9.0 (#2386)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v2.8.0...v2.9.0)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:48:52 -05:00
dependabot[bot] 3063a40f0f Bump trilogy from 2.9.0 to 2.10.0 (#2388)
Bumps [trilogy](https://github.com/trilogy-libraries/trilogy) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/trilogy-libraries/trilogy/releases)
- [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trilogy-libraries/trilogy/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: trilogy
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:43:47 -05:00
dependabot[bot] 361d4a7a52 Bump solid_queue from 1.2.4 to 1.3.1 (#2425)
Bumps [solid_queue](https://github.com/rails/solid_queue) from 1.2.4 to 1.3.1.
- [Release notes](https://github.com/rails/solid_queue/releases)
- [Commits](https://github.com/rails/solid_queue/compare/v1.2.4...v1.3.1)

---
updated-dependencies:
- dependency-name: solid_queue
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:42:48 -05:00
dependabot[bot] 6f99e43f5b Bump puma from 7.1.0 to 7.2.0 (#2462)
* Bump puma from 7.1.0 to 7.2.0

Bumps [puma](https://github.com/puma/puma) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](https://github.com/puma/puma/compare/v7.1.0...v7.2.0)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:25:30 -05:00
dependabot[bot] 85bb2aa1fa Bump turbo-rails from 2.0.21 to 2.0.23 (#2501)
* Bump turbo-rails from 2.0.21 to 2.0.23

Bumps [turbo-rails](https://github.com/hotwired/turbo-rails) from 2.0.21 to 2.0.23.
- [Release notes](https://github.com/hotwired/turbo-rails/releases)
- [Commits](https://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.23)

---
updated-dependencies:
- dependency-name: turbo-rails
  dependency-version: 2.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:09:22 -05:00
dependabot[bot] 446640b8e9 Bump the development-dependencies group with 2 updates (#2588)
* Bump the development-dependencies group with 2 updates

Bumps the development-dependencies group with 2 updates: [brakeman](https://github.com/presidentbeef/brakeman) and [mocha](https://github.com/freerange/mocha).


Updates `brakeman` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v8.0.1...v8.0.2)

Updates `mocha` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: mocha
  dependency-version: 3.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:44 -05:00
dependabot[bot] d8908c4b92 Bump bootsnap from 1.22.0 to 1.23.0 (#2589)
* Bump bootsnap from 1.22.0 to 1.23.0

Bumps [bootsnap](https://github.com/rails/bootsnap) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:17 -05:00
Mike Dalessio 3b229e9aab Pin web-console to GitHub main for Rails compatibility
web-console 4.2.1 overrides the now-renamed filter_proxies method in
ActionDispatch::RemoteIp::GetIp. The fix (rails/web-console#344) is on
main but not yet released.
2026-02-18 15:16:21 -05:00
Mike Dalessio 41c2bd38af Update Rails to 12e24ea (363 commits past 60d92e4)
Also updates transitive dependencies:
- action_text-trix ~> 2.1.15 → ~> 2.1.16
- irb 1.16.0 → 1.17.0
- json 2.18.0 → 2.18.1
- net-imap 0.6.2 → 0.6.3
- nokogiri 1.19.0 → 1.19.1
- prism 1.8.0 → 1.9.0
- rack 3.2.4 → 3.2.5
- rdoc 7.0.3 → 7.2.0
2026-02-18 13:37:13 -05:00
Mike Dalessio 1c3b3c55ef Update rails_structured_logging to v0.3.0
v0.3.0 removes usage of the INTERNAL_PARAMS constant which is being
removed from ActionController in an upcoming Rails upgrade.
2026-02-18 13:33:10 -05:00
Jeremy Daer 8da0c47a5f Add actionpack-xml_parser to Gemfile.saas (production bundle)
The prior commit added it to saas/Gemfile but the production Docker
build uses Gemfile.saas (via BUNDLE_GEMFILE). This ensures the XML
parameter parser is present in the actual runtime environment.
2026-02-17 20:37:31 -08:00
dependabot[bot] 38ff89de09 Bump bootsnap from 1.21.1 to 1.22.0 (#2544)
* Bump bootsnap from 1.21.1 to 1.22.0

Bumps [bootsnap](https://github.com/rails/bootsnap) from 1.21.1 to 1.22.0.
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.21.1...v1.22.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-16 16:09:22 -08:00
dependabot[bot] 0ead67f85b Bump the development-dependencies group across 1 directory with 3 updates (#2546)
* Bump the development-dependencies group across 1 directory with 3 updates

Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman), [faker](https://github.com/faker-ruby/faker) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium).


Updates `brakeman` from 7.1.2 to 8.0.1
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1)

Updates `faker` from 3.5.3 to 3.6.0
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0)

Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: faker
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: selenium-webdriver
  dependency-version: 4.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Auto-sync Gemfile.saas.lock on Dependabot PRs

Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock
drifts whenever it bumps shared gems in Gemfile.lock.

Add `bin/bundle-drift forward` to push oss lockfile changes into the
saas lockfile (the reverse of `correct`), and a GitHub Actions workflow
that runs it automatically on Dependabot bundler branches.

* Update brakeman ignore fingerprint for 8.0.1

Brakeman 8.0.1 changed how it computes warning fingerprints, so the
existing ignore entry for the safe_constantize warning in Notifier
became obsolete. Update to the new fingerprint.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2026-02-16 15:29:51 -08:00
Jeremy Daer a5a5a62169 Add GVL contention metrics via gvltools (#2538)
* Add GVL contention metrics via gvltools and Yabeda

Expose per-request and process-wide GVL wait time as Prometheus metrics
to diagnose suspected GVL contention from Solid Cable and Action Cable
threads in Puma workers.

Metrics: gvl_request_wait_seconds (histogram), gvl_waiting_threads
(gauge), gvl_global_timer_total_seconds (gauge).

* Add unit: :seconds to GVL histogram for consistency
2026-02-12 16:28:29 -08:00
Mike Dalessio 851f13a934 Render inline code in card titles (#2518)
* Remove unused marked JS dependency

* Remove unused redcarpet dependency

* Render inline code in card titles

Add card_html_title helper that HTML-escapes input then converts
backtick-wrapped text to <code> elements. Apply to card titles in
board preview, card detail, public views, and notification emails.
Style inline code elements in titles to match description styling.

Co-authored-by: Andy Smith <andy@37signals.com>

---------

Co-authored-by: Andy Smith <andy@37signals.com>
2026-02-12 12:07:40 -05:00
Donal McBreen 1506624cd3 Add stackprof for profiling
So you can do something like this:

```ruby
  require "stackprof"

  report = StackProf.run(mode: :wall, interval: 100) do
    Account.find_by(external_account_id: 123)
  end

  StackProf::Report.new(report).print_text
```
2026-02-12 15:42:50 +00:00
Zoltan Hosszu 2ee745cf82 Lexxy version bump 2026-02-12 09:54:20 +01:00
Mike Dalessio bd1ef1f650 dep: bump console1984 to 746cd443 (#2495)
to pick up the session incineration fix

ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9552285400
2026-02-06 10:24:04 -05:00
Stanko K.R. de69d2e6fe Add import cleanup 2026-02-02 12:36:48 +01:00
Mike Dalessio 4e61b64d9a Update to feature branch of audits1984 2026-01-28 14:13:51 -05:00
Rosa Gutierrez 1083784a98 Update turbo-rails to get latest Turbo version
In preparation for offline mode.
2026-01-19 19:40:08 +01:00
Jorge Manrubia 4ab1e3ff7d Solve problem when Action Text raises on missing attachables
Reverts the previous patch. The problem was that I hadn't update
 Lexxy in the saas version https://github.com/basecamp/lexxy/pull/596
2026-01-16 17:32:41 +01:00
Stanko K.R. a811ba1b2a Bump Bootsnap to v1.21.1 2026-01-16 14:26:46 +01:00
Zoltan Hosszu 43fa7fb6aa Update to Lexxy 0.7.0beta 2026-01-15 16:34:56 +01:00