Merge tag 'v1.6.38'

# Conflicts:
#	Gemfile.lock

.nvmrc

@@ -1 +1 @@
-20.11.0
+20.11.1

Gemfile

@@ -112,7 +112,7 @@ end
 
 # We use a constant here so that we can ensure that all of the bullet_train-*
 # packages are on the same version.
-BULLET_TRAIN_VERSION = "1.6.35"
+BULLET_TRAIN_VERSION = "1.6.38"
 
 # Core packages.
 gem "bullet_train", BULLET_TRAIN_VERSION

Gemfile.lock

@@ -127,7 +127,7 @@ GEM
     bootsnap (1.17.1)
       msgpack (~> 1.2)
     builder (3.2.4)
-    bullet_train (1.6.35)
+    bullet_train (1.6.38)
       awesome_print
       bullet_train-has_uuid
       bullet_train-roles
@@ -160,7 +160,7 @@ GEM
       unicode-emoji
       valid_email
       xxhash
-    bullet_train-api (1.6.35)
+    bullet_train-api (1.6.38)
       bullet_train
       bullet_train-super_scaffolding
       colorizer
@@ -171,61 +171,61 @@ GEM
       pagy_cursor
       rack-cors
       rails (>= 6.0.0)
-    bullet_train-fields (1.6.35)
+    bullet_train-fields (1.6.38)
       chronic
       cloudinary
       phonelib
       rails (>= 6.0.0)
-    bullet_train-has_uuid (1.6.35)
+    bullet_train-has_uuid (1.6.38)
       rails (>= 6.0.0)
-    bullet_train-incoming_webhooks (1.6.35)
+    bullet_train-incoming_webhooks (1.6.38)
       bullet_train
       bullet_train-api
       bullet_train-super_scaffolding
       rails (>= 6.0.0)
-    bullet_train-integrations (1.6.35)
+    bullet_train-integrations (1.6.38)
       rails (>= 6.0.0)
-    bullet_train-integrations-stripe (1.6.35)
+    bullet_train-integrations-stripe (1.6.38)
       omniauth
       omniauth-rails_csrf_protection
       omniauth-stripe-connect
       rails (>= 6.0.0)
       stripe
-    bullet_train-obfuscates_id (1.6.35)
+    bullet_train-obfuscates_id (1.6.38)
       hashids
       rails (>= 6.0.0)
-    bullet_train-outgoing_webhooks (1.6.35)
+    bullet_train-outgoing_webhooks (1.6.38)
       public_suffix
       rails (>= 6.0.0)
-    bullet_train-roles (1.6.35)
+    bullet_train-roles (1.6.38)
       active_hash
       activesupport
       cancancan
     bullet_train-routes (1.0.0)
       rails (>= 6.0.0)
-    bullet_train-scope_questions (1.6.35)
+    bullet_train-scope_questions (1.6.38)
       rails (>= 6.0.0)
-    bullet_train-scope_validator (1.6.35)
+    bullet_train-scope_validator (1.6.38)
       rails
-    bullet_train-sortable (1.6.35)
+    bullet_train-sortable (1.6.38)
       rails (>= 6.0.0)
-    bullet_train-super_load_and_authorize_resource (1.6.35)
+    bullet_train-super_load_and_authorize_resource (1.6.38)
       cancancan
       rails (>= 6.0.0)
-    bullet_train-super_scaffolding (1.6.35)
+    bullet_train-super_scaffolding (1.6.38)
       colorizer
       indefinite_article
       masamune-ast (~> 2.0.2)
       rails (>= 6.0.0)
-    bullet_train-themes (1.6.35)
+    bullet_train-themes (1.6.38)
       bullet_train-fields
       nice_partials (~> 0.9)
       rails (>= 6.0.0)
-    bullet_train-themes-light (1.6.35)
+    bullet_train-themes-light (1.6.38)
       bullet_train-themes-tailwind_css
       masamune-ast (~> 2.0.2)
       rails (>= 6.0.0)
-    bullet_train-themes-tailwind_css (1.6.35)
+    bullet_train-themes-tailwind_css (1.6.38)
       bullet_train-themes
       rails (>= 6.0.0)
     cable_ready (5.0.3)
@@ -400,7 +400,7 @@ GEM
       activesupport (>= 4.1.0)
     mime-types (3.5.2)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2024.0206)
+    mime-types-data (3.2024.0305)
     mini_magick (4.12.0)
     mini_mime (1.1.5)
     mini_portile2 (2.8.5)
@@ -463,14 +463,14 @@ GEM
       ast (~> 2.4.1)
       racc
     pg (1.5.4)
-    phonelib (0.8.7)
+    phonelib (0.8.8)
     possessive (1.0.1)
     postmark (1.25.0)
       json
     postmark-rails (0.22.1)
       actionmailer (>= 3.0.0)
       postmark (>= 1.21.3, < 2.0)
-    premailer (1.22.0)
+    premailer (1.23.0)
       addressable
       css_parser (>= 1.12.0)
       htmlentities (>= 4.0.0)
@@ -493,7 +493,7 @@ GEM
     pwned (2.0.2)
     racc (1.7.1)
     rack (2.2.8)
-    rack-cors (2.0.1)
+    rack-cors (2.0.2)
       rack (>= 2.0.0)
     rack-mini-profiler (3.1.1)
       rack (>= 1.2.0)
@@ -654,7 +654,7 @@ GEM
     stimulus-rails (1.3.0)
       railties (>= 6.0.0)
     stringio (3.0.8)
-    stripe (10.11.0)
+    stripe (10.12.0)
     terser (1.1.20)
       execjs (>= 0.3.0, < 3)
     thor (1.3.0)
@@ -676,7 +676,7 @@ GEM
       unicode-version (~> 1.0)
     unicode-version (1.4.0)
     uri (0.13.0)
-    valid_email (0.2.0)
+    valid_email (0.2.1)
       activemodel
       mail (>= 2.6.1)
       simpleidn
@@ -712,24 +712,24 @@ DEPENDENCIES
   avo (>= 3.1.7)
   aws-sdk-s3
   bootsnap
-  bullet_train (= 1.6.35)
-  bullet_train-api (= 1.6.35)
-  bullet_train-fields (= 1.6.35)
-  bullet_train-has_uuid (= 1.6.35)
-  bullet_train-incoming_webhooks (= 1.6.35)
-  bullet_train-integrations (= 1.6.35)
-  bullet_train-integrations-stripe (= 1.6.35)
-  bullet_train-obfuscates_id (= 1.6.35)
-  bullet_train-outgoing_webhooks (= 1.6.35)
-  bullet_train-roles (= 1.6.35)
-  bullet_train-scope_questions (= 1.6.35)
-  bullet_train-scope_validator (= 1.6.35)
-  bullet_train-sortable (= 1.6.35)
-  bullet_train-super_load_and_authorize_resource (= 1.6.35)
-  bullet_train-super_scaffolding (= 1.6.35)
-  bullet_train-themes (= 1.6.35)
-  bullet_train-themes-light (= 1.6.35)
-  bullet_train-themes-tailwind_css (= 1.6.35)
+  bullet_train (= 1.6.38)
+  bullet_train-api (= 1.6.38)
+  bullet_train-fields (= 1.6.38)
+  bullet_train-has_uuid (= 1.6.38)
+  bullet_train-incoming_webhooks (= 1.6.38)
+  bullet_train-integrations (= 1.6.38)
+  bullet_train-integrations-stripe (= 1.6.38)
+  bullet_train-obfuscates_id (= 1.6.38)
+  bullet_train-outgoing_webhooks (= 1.6.38)
+  bullet_train-roles (= 1.6.38)
+  bullet_train-scope_questions (= 1.6.38)
+  bullet_train-scope_validator (= 1.6.38)
+  bullet_train-sortable (= 1.6.38)
+  bullet_train-super_load_and_authorize_resource (= 1.6.38)
+  bullet_train-super_scaffolding (= 1.6.38)
+  bullet_train-themes (= 1.6.38)
+  bullet_train-themes-light (= 1.6.38)
+  bullet_train-themes-tailwind_css (= 1.6.38)
   capybara (~> 3.39)
   capybara-email
   capybara-lockstep

bin/configure

@@ -114,11 +114,12 @@ when "linux"
     exit
   end
 
-  if system_packages.include?("redis") && system_packages.include?("redis-server")
-    version_information = `redis-server --version`
-    redis_version = version_information.split("\s")[2]
+  # TODO: system_packages should include `redis`.
+  # https://github.com/bullet-train-co/bullet_train/issues/1330
+  begin
+    redis_version = `redis-cli --version`.chomp.split("\s").last
     puts "Redis #{redis_version} is installed.".green
-  else
+  rescue
     puts "You don't have Redis installed. Please see the installation instructions at https://redis.io/docs/getting-started/installation/install-redis-on-linux/ .".red
     exit
   end

config/initializers/devise.rb

@@ -190,27 +190,27 @@
   # Defines which strategy will be used to lock an account.
   # :failed_attempts = Locks an account after a number of failed attempts to sign in.
   # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
+  config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [:email]
+  config.unlock_keys = [:email]
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
   # :both  = Enables both strategies
   # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
+  config.unlock_strategy = :both
 
   # Number of authentication tries before locking an account if lock_strategy
   # is failed attempts.
-  # config.maximum_attempts = 20
+  config.maximum_attempts = 20
 
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
+  config.unlock_in = 1.hour
 
   # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = true
+  config.last_attempt_warning = true
 
   # ==> Configuration for :recoverable
   #

db/migrate/20240123092400_add_lockable_to_devise_users.rb

@@ -0,0 +1,26 @@
+class AddLockableToDeviseUsers < ActiveRecord::Migration[7.1]
+  def up
+    ## Lockable
+    unless column_exists?(:users, :failed_attempts)
+      # Only if lock strategy is :failed_attempts
+      add_column :users, :failed_attempts, :integer, default: 0, null: false
+    end
+
+    unless column_exists?(:users, :unlock_token)
+      # Only if unlock strategy is :email or :both
+      add_column :users, :unlock_token, :string
+    end
+
+    unless column_exists?(:users, :locked_at)
+      add_column :users, :locked_at, :datetime
+    end
+
+    add_index :users, :unlock_token, unique: true unless index_exists?(:users, :unlock_token)
+  end
+
+  def down
+    remove_column :users, :failed_attempts
+    remove_column :users, :unlock_token
+    remove_column :users, :locked_at
+  end
+end

package.json

@@ -2,12 +2,12 @@
   "name": "app",
   "private": true,
   "dependencies": {
-    "@bullet-train/bullet-train": "1.6.35",
-    "@bullet-train/bullet-train-sortable": "1.6.35",
-    "@bullet-train/fields": "1.6.35",
+    "@bullet-train/bullet-train": "1.6.38",
+    "@bullet-train/bullet-train-sortable": "1.6.38",
+    "@bullet-train/fields": "1.6.38",
     "@esbuild-plugins/node-globals-polyfill": "^0.2.3",
     "@fullhuman/postcss-purgecss": "5.0.0",
-    "@hotwired/turbo-rails": "^8.0.3",
+    "@hotwired/turbo-rails": "^8.0.4",
     "@icon/themify-icons": "^1.0.1-alpha.3",
     "@rails/actioncable": "^7.1.3",
     "@rails/actiontext": "^7.1.3",
@@ -17,14 +17,14 @@
     "@redocly/cli": "^1.0.0-beta.111",
     "@tailwindcss/forms": "^0.5.7",
     "@tailwindcss/typography": "^0.5.10",
-    "autoprefixer": "^10.4.17",
+    "autoprefixer": "^10.4.18",
     "cable_ready": "^5.0.3",
     "dragula": "^3.7.3",
-    "esbuild": "^0.20.1",
+    "esbuild": "^0.20.2",
     "glob": "^10.3.10",
     "jquery": "^3.7.0",
     "jstz": "^2.1.1",
-    "postcss": "^8.4.35",
+    "postcss": "^8.4.36",
     "postcss-css-variables": "^0.19.0",
     "postcss-extend-rule": "^4.0.0",
     "postcss-import": "^16.0.1",

test/application_system_test_case.rb

@@ -305,13 +305,18 @@ def select2_select(label, string)
 
   # https://stackoverflow.com/a/50794401/2414273
 
+  # Anonymous block forwarding was introduced in ruby 3.1, and then standardrb
+  # added it as a rule. In case downstream apps are still using ruby 3.0.x
+  # we're going to disable this rule for now.
+  # standard:disable Style/ArgumentsForwarding
   def assert_no_js_errors &block
     if use_cuprite?
       assert_no_js_errors_cuprite(&block)
     else
       assert_no_js_errors_selenium(&block)
     end
   end
+  # standard:enable Style/ArgumentsForwarding
 
   private def assert_no_js_errors_cuprite &block
     last_timestamp = page.driver.browser.options.logger.logs

test/mailers/previews/devise_mailer_preview.rb

@@ -8,10 +8,9 @@ def reset_password_instructions
     Devise::Mailer.reset_password_instructions(User.first, "faketoken")
   end
 
-  # TODO: Do we want to turn on the :lockable feature?
-  # def unlock_instructions
-  #   Devise::Mailer.unlock_instructions(User.first, "faketoken")
-  # end
+  def unlock_instructions
+    Devise::Mailer.unlock_instructions(User.first, "faketoken")
+  end
 
   def email_changed
     Devise::Mailer.email_changed(User.first)