Merge pull request #211 from basecamp/clean-202606

Security dependency updates and general maintenance
This commit is contained in:
Mike Dalessio
2026-06-09 12:47:49 -04:00
committed by GitHub
7 changed files with 48 additions and 30 deletions
+1 -1
View File
@@ -26,7 +26,7 @@ FROM base AS build
# Install packages need to build gems
RUN apt-get update -qq && \
apt-get install -y build-essential git pkg-config libyaml-dev && \
apt-get install -y build-essential git pkg-config libyaml-dev libssl-dev && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
# Install application gems
+2 -1
View File
@@ -12,7 +12,7 @@ gem "sqlite3"
gem "redis", "~> 5.4"
# Deployment
gem "puma", "~> 6.6"
gem "puma", "~> 7.2", ">= 7.2.1"
# Jobs
gem "resque", "~> 2.7.0"
@@ -48,6 +48,7 @@ gem "thruster"
group :development, :test do
gem "debug"
gem "rubocop-rails-omakase", require: false
gem "bundler-audit", require: false
gem "faker", require: false
gem "brakeman", require: false
end
+35 -22
View File
@@ -128,18 +128,21 @@ GIT
GEM
remote: https://rubygems.org/
specs:
action_text-trix (2.1.15)
action_text-trix (2.1.19)
railties
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
addressable (2.9.0)
public_suffix (>= 2.0.2, < 8.0)
ast (2.4.3)
base64 (0.3.0)
bcrypt (3.1.20)
bcrypt (3.1.22)
benchmark (0.5.0)
bigdecimal (3.3.1)
brakeman (8.0.4)
racc
builder (3.3.0)
bundler-audit (0.9.3)
bundler (>= 1.2.0)
thor (~> 1.0)
capybara (3.40.0)
addressable
matrix
@@ -161,11 +164,14 @@ GEM
irb (~> 1.10)
reline (>= 0.3.8)
drb (2.2.3)
erb (6.0.0)
erb (6.0.4)
erubi (1.13.1)
faker (3.5.2)
i18n (>= 1.8.11, < 2)
ffi (1.17.2)
ffi (1.17.2-aarch64-linux-gnu)
ffi (1.17.2-arm64-darwin)
ffi (1.17.2-x86_64-darwin)
ffi (1.17.2-x86_64-linux-gnu)
geared_pagination (1.2.0)
activesupport (>= 5.0)
addressable (>= 2.5.0)
@@ -186,7 +192,7 @@ GEM
actionview (>= 7.0.0)
activesupport (>= 7.0.0)
json (2.13.2)
jwt (3.1.2)
jwt (3.2.0)
base64
kredis (1.8.0)
activemodel (>= 6.0.0)
@@ -209,7 +215,6 @@ GEM
mini_magick (5.3.1)
logger
mini_mime (1.1.5)
mini_portile2 (2.8.9)
minitest (5.26.2)
mocha (2.7.1)
ruby2_keywords (>= 0.0.5)
@@ -219,7 +224,7 @@ GEM
ruby2_keywords (~> 0.0.1)
net-http-persistent (4.0.6)
connection_pool (~> 2.2, >= 2.2.4)
net-imap (0.5.12)
net-imap (0.6.4)
date
net-protocol
net-pop (0.1.2)
@@ -229,8 +234,13 @@ GEM
net-smtp (0.5.1)
net-protocol
nio4r (2.7.5)
nokogiri (1.18.10)
mini_portile2 (~> 2.8.2)
nokogiri (1.19.3-aarch64-linux-gnu)
racc (~> 1.4)
nokogiri (1.19.3-arm64-darwin)
racc (~> 1.4)
nokogiri (1.19.3-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.19.3-x86_64-linux-gnu)
racc (~> 1.4)
openssl (3.3.0)
ostruct (0.6.3)
@@ -249,15 +259,15 @@ GEM
date
stringio
public_suffix (6.0.2)
puma (6.6.1)
puma (7.2.1)
nio4r (~> 2.0)
racc (1.8.1)
rack (3.2.4)
rack-protection (4.1.1)
rack (3.2.6)
rack-protection (4.2.1)
base64 (>= 0.1.0)
logger (>= 1.6.0)
rack (>= 3.0.0, < 4)
rack-session (2.1.1)
rack-session (2.1.2)
base64 (>= 0.1.0)
rack (>= 3.0.0)
rack-test (2.2.0)
@@ -298,7 +308,7 @@ GEM
resque-pool (0.7.1)
rake (>= 10.0, < 14.0)
resque (>= 1.22, < 3)
rexml (3.4.1)
rexml (3.4.4)
rqrcode (3.2.0)
chunky_png (~> 1.0)
rqrcode_core (~> 2.0)
@@ -350,15 +360,17 @@ GEM
sentry-ruby (5.26.0)
bigdecimal
concurrent-ruby (~> 1.0, >= 1.0.2)
sinatra (4.1.1)
sinatra (4.2.1)
logger (>= 1.6.0)
mustermann (~> 3.0)
rack (>= 3.0.0, < 4)
rack-protection (= 4.1.1)
rack-protection (= 4.2.1)
rack-session (>= 2.0.0, < 3)
tilt (~> 2.0)
sqlite3 (2.7.3)
mini_portile2 (~> 2.8.0)
sqlite3 (2.7.3-aarch64-linux-gnu)
sqlite3 (2.7.3-arm64-darwin)
sqlite3 (2.7.3-x86_64-darwin)
sqlite3 (2.7.3-x86_64-linux-gnu)
stimulus-rails (1.3.4)
railties (>= 6.0.0)
stringio (3.1.8)
@@ -403,6 +415,7 @@ DEPENDENCIES
bcrypt
benchmark
brakeman
bundler-audit
capybara
debug
faker
@@ -416,7 +429,7 @@ DEPENDENCIES
ostruct
platform_agent
propshaft!
puma (~> 6.6)
puma (~> 7.2, >= 7.2.1)
rails!
rails_autolink
redis (~> 5.4)
@@ -435,4 +448,4 @@ DEPENDENCIES
webmock
BUNDLED WITH
2.5.9
4.0.13
+1 -1
View File
@@ -16,7 +16,7 @@ class Users::SidebarsController < ApplicationController
def find_direct_placeholder_users
exclude_user_ids = user_ids_already_in_direct_rooms_with_current_user.including(Current.user.id)
User.active.where.not(id: exclude_user_ids).order(:created_at).limit([DIRECT_PLACEHOLDERS - exclude_user_ids.count, 0].max)
User.active.where.not(id: exclude_user_ids).order(:created_at).limit([ DIRECT_PLACEHOLDERS - exclude_user_ids.count, 0 ].max)
end
def user_ids_already_in_direct_rooms_with_current_user
+4 -1
View File
@@ -60,7 +60,10 @@ echo
if command -v brew &>/dev/null; then
step "Installing packages" brew install sqlite ffmpeg mise
elif command -v pacman &>/dev/null; then
step "Installing packages" sudo pacman -S --noconfirm --needed sqlite ffmpeg mise
packages=(sqlite ffmpeg mise)
if ! pacman -Q "${packages[@]}" >/dev/null 2>&1; then
step "Installing packages" sudo pacman -S --noconfirm --needed "${packages[@]}"
fi
elif command -v apt &>/dev/null; then
step "Installing packages" sudo apt-get install --no-install-recommends -y libsqlite3-0 ffmpeg
fi
+1 -1
View File
@@ -5,7 +5,7 @@ pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
pin "@hotwired/turbo-rails", to: "turbo.js"
pin "@rails/actioncable", to: "actioncable.esm.js"
pin "@rails/request.js", to: "@rails--request.js" # @0.0.8
pin "trix", to: "trix.esm.min.js" # @2.0.10
pin "trix", to: "trix.esm.min.js" # @2.1.19
pin "@rails/actiontext", to: "actiontext.js"
pin "highlight.js", to: "highlight.js/core.js"
+4 -3
View File
File diff suppressed because one or more lines are too long