Merge pull request #554 from better-together-org/dependabot/bundler/rails-7.1.3.4

rsmithlal · web-flow · commit 02ee4061a860 · 2024-06-11T17:18:23.000-02:30
Bump rails from 7.0.8.3 to 7.1.3.4
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -39,75 +39,84 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.8.4)
-      actionpack (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
+    actioncable (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.8.4)
-      actionpack (= 7.0.8.4)
-      activejob (= 7.0.8.4)
-      activerecord (= 7.0.8.4)
-      activestorage (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
+      zeitwerk (~> 2.6)
+    actionmailbox (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.8.4)
-      actionpack (= 7.0.8.4)
-      actionview (= 7.0.8.4)
-      activejob (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
+    actionmailer (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      actionview (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
-      rails-dom-testing (~> 2.0)
-    actionpack (7.0.8.4)
-      actionview (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
-      rack (~> 2.0, >= 2.2.4)
+      rails-dom-testing (~> 2.2)
+    actionpack (7.1.3.4)
+      actionview (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.8.4)
-      actionpack (= 7.0.8.4)
-      activerecord (= 7.0.8.4)
-      activestorage (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actiontext (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.8.4)
-      activesupport (= 7.0.8.4)
+    actionview (7.1.3.4)
+      activesupport (= 7.1.3.4)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.8.4)
-      activesupport (= 7.0.8.4)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.3.4)
+      activesupport (= 7.1.3.4)
       globalid (>= 0.3.6)
-    activemodel (7.0.8.4)
-      activesupport (= 7.0.8.4)
-    activerecord (7.0.8.4)
-      activemodel (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
+    activemodel (7.1.3.4)
+      activesupport (= 7.1.3.4)
+    activerecord (7.1.3.4)
+      activemodel (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      timeout (>= 0.4.0)
     activerecord-import (1.7.0)
       activerecord (>= 4.2)
-    activerecord-postgis-adapter (8.0.3)
-      activerecord (~> 7.0.0)
+    activerecord-postgis-adapter (9.0.2)
+      activerecord (~> 7.1.0)
       rgeo-activerecord (~> 7.0.0)
-    activestorage (7.0.8.4)
-      actionpack (= 7.0.8.4)
-      activejob (= 7.0.8.4)
-      activerecord (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
+    activestorage (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       marcel (~> 1.0)
-      mini_mime (>= 1.1.0)
-    activesupport (7.0.8.4)
+    activesupport (7.1.3.4)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
     addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
@@ -207,6 +216,7 @@ GEM
     docile (1.4.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
+    drb (2.2.1)
     dry-auto_inject (1.0.1)
       dry-core (~> 1.0)
       zeitwerk (~> 2.6)
@@ -270,6 +280,10 @@ GEM
       actionpack (>= 6.0.0)
       activesupport (>= 6.0.0)
       railties (>= 6.0.0)
+    io-console (0.7.2)
+    irb (1.13.1)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
     jmespath (1.6.2)
     json (2.7.2)
     json-schema (4.3.0)
@@ -309,6 +323,7 @@ GEM
       mobility (~> 1.2)
     msgpack (1.7.2)
     multi_json (1.15.0)
+    mutex_m (0.2.0)
     net-imap (0.4.12)
       date
       net-protocol
@@ -333,50 +348,58 @@ GEM
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
+    psych (5.1.2)
+      stringio
     public_suffix (5.0.5)
     puma (6.4.2)
       nio4r (~> 2.0)
     pundit (2.3.2)
       activesupport (>= 3.0.0)
     racc (1.8.0)
-    rack (2.2.9)
+    rack (3.0.11)
     rack-cors (2.0.2)
       rack (>= 2.0.0)
     rack-mini-profiler (3.3.1)
       rack (>= 1.2.0)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
     rack-protection (3.2.0)
       base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.8.4)
-      actioncable (= 7.0.8.4)
-      actionmailbox (= 7.0.8.4)
-      actionmailer (= 7.0.8.4)
-      actionpack (= 7.0.8.4)
-      actiontext (= 7.0.8.4)
-      actionview (= 7.0.8.4)
-      activejob (= 7.0.8.4)
-      activemodel (= 7.0.8.4)
-      activerecord (= 7.0.8.4)
-      activestorage (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rails (7.1.3.4)
+      actioncable (= 7.1.3.4)
+      actionmailbox (= 7.1.3.4)
+      actionmailer (= 7.1.3.4)
+      actionpack (= 7.1.3.4)
+      actiontext (= 7.1.3.4)
+      actionview (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activemodel (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       bundler (>= 1.15.0)
-      railties (= 7.0.8.4)
+      railties (= 7.1.3.4)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.0.8.4)
-      actionpack (= 7.0.8.4)
-      activesupport (= 7.0.8.4)
-      method_source
+    railties (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
     rb-fsevent (0.11.2)
@@ -387,6 +410,8 @@ GEM
       ffi (>= 1.0.6)
       msgpack (>= 0.4.3)
       optimist (>= 3.0.0)
+    rdoc (6.7.0)
+      psych (>= 4.0.0)
     redis (5.2.0)
       redis-client (>= 0.22.0)
     redis-client (0.22.2)
@@ -399,6 +424,8 @@ GEM
       activemodel (>= 5.0)
       reform (>= 2.3.1, < 3.0.0)
     regexp_parser (2.9.2)
+    reline (0.5.8)
+      io-console (~> 0.5)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
@@ -530,6 +557,7 @@ GEM
     stackprof (0.2.26)
     stimulus-rails (1.3.3)
       railties (>= 6.0.0)
+    stringio (3.1.0)
     strscan (3.1.0)
     sync (0.5.0)
     term-ansicolor (1.7.1)
@@ -565,6 +593,7 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
+    webrick (1.8.1)
     webdrivers (5.2.0)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
diff --git a/config/initializers/action_text.rb b/config/initializers/action_text.rb
@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
 Rails.application.config.after_initialize do
-  ActionText::ContentHelper.allowed_attributes << 'style'
+  # Example of safe array modification
+  if ActionText::ContentHelper.allowed_attributes.frozen?
+    ActionText::ContentHelper.allowed_attributes = ActionText::ContentHelper.allowed_attributes.to_a + ['style']
+  else
+    ActionText::ContentHelper.allowed_attributes << 'style'
+  end
 end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -14,15 +14,9 @@
   # confirmation, reset password and unlock tokens in the database.
   # Devise will use the `secret_key_base` as its `secret_key`
   # by default. You can change it below and use your own secret key.
-  config.secret_key = ENV.fetch(
-    'DEVISE_SECRET',
-    'fe066f312d07ecef37a5ae4db05e94b0659ef63f600df6e602380e244647b198eaa4d1d5d566f614b77552ad84104983d49f25b45122f7d0ff'
-  )
+  config.secret_key = ENV.fetch('DEVISE_SECRET', nil)
 
-  config.pepper = ENV.fetch(
-    'DEVISE_PEPPER',
-    '9ebf452639e24c753af6eb4877933a620afa2fd1a031a6360be14fbf3828a55729b04adb64c860e097656fe2169474711b85bbafa9feadf510'
-  )
+  config.pepper = ENV.fetch('DEVISE_PEPPER', nil)
 
   # ==> Controller configuration
   # Configure the parent class to the devise controllers.
@@ -318,10 +312,7 @@
   # config.sign_in_after_change_password = true
 
   config.jwt do |jwt|
-    jwt.secret = ENV.fetch(
-      'DEVISE_SECRET',
-      'fe066f312d07ecef37a5ae4db05e94b0659ef63f600df6e602380e244647b198eaa4d1d5d566f614b77552ad84104983d49f25b45122f7d0'
-    )
+    jwt.secret = ENV.fetch('DEVISE_SECRET', nil)
     jwt.dispatch_requests = [
       ['POST', %r{^/bt/api/auth/sign-in$}]
     ]
diff --git a/lib/better_together/engine.rb b/lib/better_together/engine.rb
@@ -22,7 +22,7 @@ class Engine < ::Rails::Engine
     engine_name 'better_together'
     isolate_namespace BetterTogether
 
-    config.autoload_paths << File.expand_path('lib/better_together', __dir__)
+    config.autoload_paths += Dir["#{config.root}/lib/better_together/**/"]
 
     config.generators do |g|
       g.orm :active_record, primary_key_type: :uuid
@@ -54,18 +54,18 @@ class Engine < ::Rails::Engine
     config.time_zone = ENV.fetch('APP_TIME_ZONE', 'Newfoundland')
 
     initializer 'better_together.importmap', before: 'importmap' do |app|
-      app.config.importmap.paths << Engine.root.join('config/importmap.rb')
-
-      # Ensure the cache is swept in development and test environments
-      app.config.importmap.cache_sweepers << root.join('app/assets/javascripts')
-      app.config.importmap.cache_sweepers << root.join('app/javascript')
+      # Ensure we are not modifying frozen arrays
+      app.config.importmap.paths = [Engine.root.join('config/importmap.rb')] + app.config.importmap.paths.to_a
+      app.config.importmap.cache_sweepers = [root.join('app/assets/javascripts'),
+                                             root.join('app/javascript')] + app.config.importmap.cache_sweepers.to_a
     end
 
     # Add engine manifest to precompile assets in production
     initializer 'better_together.assets' do |app|
+      # Ensure we are not modifying frozen arrays
       app.config.assets.precompile += %w[better_together_manifest.js]
-      app.config.assets.paths << root.join('app', 'assets', 'images')
-      app.config.assets.paths << root.join('app', 'javascript')
+      app.config.assets.paths = [root.join('app', 'assets', 'images'),
+                                 root.join('app', 'javascript')] + app.config.assets.paths.to_a
     end
 
     initializer 'better_together.turbo' do |app|
diff --git a/spec/dummy/config/application.rb b/spec/dummy/config/application.rb
@@ -31,8 +31,6 @@ class Application < Rails::Application
       g.test_framework :rspec
     end
 
-    config.active_record.legacy_connection_handling = false
-
     # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
     # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
     # config.i18n.default_locale = :de
diff --git a/spec/dummy/config/initializers/filter_parameter_logging.rb b/spec/dummy/config/initializers/filter_parameter_logging.rb
@@ -5,6 +5,6 @@
 # Configure parameters to be filtered from the log file. Use this to limit dissemination of
 # sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
 # notations and behaviors.
-Rails.application.config.filter_parameters += %i[
+Rails.application.config.filter_parameters = %i[
   passw secret token _key crypt salt certificate otp ssn
-]
+] + Rails.application.config.filter_parameters.to_a
diff --git a/spec/dummy/config/secrets.yml b/spec/dummy/config/secrets.yml
@@ -11,10 +11,10 @@
 # if you're sharing your code publicly.
 
 development:
-  secret_key_base: 9d31c46cecdb77414fc9a60f93307393b83c81ccb368961ed7d8a2e96c8deab21d1f165a99b8701d58c0b34079b9799bb7734251752f5da68c14f8045aab0105
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
 
 test:
-  secret_key_base: d7d9c077ce00f9222773a2cdeeb53b0bb54481468bd557314b3f68095d7ec1ee5933737e09efb42ac008baef4e0ba1308f8b5d77e179a136d2b116ad7858646f
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
 
 # Do not keep production secrets in the repository,
 # instead read values from the environment.
