Bump rails from 7.0.8 to 7.1.3

[dependabot]

Bumps rails from 7.0.8 to 7.1.3.

Release notes

Sourced from rails's releases.

7.1.3

Active Support

• Handle nil backtrace_locations in ActiveSupport::SyntaxErrorProxy.

  Eugene Kenny

• Fix ActiveSupport::JSON.encode to prevent duplicate keys.

  If the same key exist in both String and Symbol form it could lead to the same key being emitted twice.

  Manish Sharma

• Fix ActiveSupport::Cache::Store#read_multi when using a cache namespace and local cache strategy.

  Mark Oleson

• Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

  There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone.

  Aleksei Chernenkov

• Fix :unless_exist option for MemoryStore#write (et al) when using a cache namespace.

  S. Brent Faulkner

• Fix ActiveSupport::Deprecation to handle blaming generated code.

  Jean Boussier, fatkodima

Active Model

• No changes.

Active Record

• Fix Migrations with versions older than 7.1 validating options given to add_reference.

... (truncated)

Commits

• 36c1591 Preparing for 7.1.3 release
• a84622f Sync changelog
• 1f505f0 Merge pull request #50771 from rails/backport-preview-nplus1
• d8a8dd9 Merge pull request #50758 from rails/fix-video-preview-nplus1
• a0eef52 Merge pull request #50767 from rporrasluc/fix-db-runtime-calculation
• 8a0767d Fix test setup to raise SyntaxError on Ruby 2.7
• 894f933 Merge pull request #50764 from eugeneius/syntax_error_proxy_nil_backtrace_loc...
• b02f6c9 Merge pull request #48957 from cmaruz/48326
• c1e8b36 Merge pull request #50466 from skipkayhil/hm-fix-to-symbol-raising-nomethoderror
• 16cd025 Add CHANGELOG entry for ee70ff4
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

This application is owned by the Access & Permissions team.

⚠️ This repo is Continuously Deployed: make sure you follow the guidance ⚠️

Follow these steps if you are doing a Rails upgrade.

[floehopper]

I started work on this, but didn't get anywhere near completing it. However, I made the following notes which might be useful to someone taking this on:

• config.action_view.annotate_rendered_view_with_filenames = true was enabled in development as part of the upgrade to Rails v6.1 without explanation; perhaps accidentally.
  • https://github.com/alphagov/signon/pull/1676/files#diff-d3c4b3f41072daa416f1920511e9b2e26caea8c5cec0a14cb9508589a4dafa47R72
  • I've left it in place, because it seems somewhat useful in development.
• config.file_watcher = ActiveSupport::EventedFileUpdateChecker should probably have been removed (along with the listen gem) in the upgrade to Rails v7.0; it's unclear whether it was left in place intentionally or not.
  • 32ff9e5#diff-d3c4b3f41072daa416f1920511e9b2e26caea8c5cec0a14cb9508589a4dafa47
  • https://railsdiff.org/6.1.7.6/7.0.8#diff-8500f459a88e53326371bb4539b381b209e48c01
  • I've left it in place for now.
• Rack::Attack.enabled = false was added to the development & test config in Enable rate limiting for the password reset form #1671 along with the rack-attack gem
  • I've left it in place.
• config.active_support.test_order = :random in test environment is the default, so could probably be removed

[floehopper]

It's worth noting that this app currently still uses Rails UJS in a few places (e.g. here). However, Turbo became the default solution in Rails v7.0 and I believe Rails UJS was deprecated at that point. It's unclear at what point Rails UJS will stop working, although it seems as if the @rails/ujs package was definitely removed in Rails v7.2.

I'm not certain whether the existing UJS links are all actually tested, so it'd be worth watching out for that.

Anyway, at some point someone will need to decide whether to migrate the existing usages to use Turbo or (probably more sensibly) convert the UI to use a fuller conventional HTML form without JS.

cc @chrislo @chrisroos @JonathanHallam @jkempster34

[jkempster34]

Created a card for this and converted it to draft so that it doesn't get picked up by Dependapanda

[dependabot]

Superseded by #2733.