Bump rails from 7.0.8 to 7.1.3.2 #2745
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
|
This application is owned by the Access & Permissions team. Follow these steps if you are doing a Rails upgrade. |
brucebolt
force-pushed
the
dependabot/bundler/rails-7.1.3.2
branch
2 times, most recently
from
35c293e
to
41b1fd1
Compare
Bumps [rails](https://github.com/rails/rails) from 7.0.8 to 7.1.3.2. - [Release notes](https://github.com/rails/rails/releases) - [Commits](rails/rails@v7.0.8...v7.1.3.2) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Rails 7.1 no longer adds autoloaded paths into `$LOAD_PATH`. However we make use of this for the doorkeeper gem, so must keep this setting enabled.
Prior to Rails 7.1, this defaulted to YAML. Now we must specify it.
This fixes the following warning: ``` DEPRECATION WARNING: Passing the class as positional argument is deprecated and will be removed in Rails 7.2. Please pass the class as a keyword argument: serialize :applications_and_permissions, type: Hash ```
This fixes the following deprecation warning: ``` DEPRECATION WARNING: Setting action_dispatch.show_exceptions to false is deprecated. Set to :none instead. ```
Prior to Rails 7.1, `ActionController::Parameters` was equivalent to `Hash` when compared. This has now been deprecated, so we need to explicitly include a hash rather than assuming it'll be converted for us.
All deprecations and breaking changes have now been resolved, so we can switch to Rails 7.1 defaults.
Rails 7.1 deprecates the use of Rails.application.secrets in favour of `Rails.application.credentials`. The credentials system introduces the burden of master encryption key administration at no benefit to us, because we manage our production secrets using environment variables instead of committing them to Git. This commit loads the existing secret values and merges them into the credentials object. This approach was copied from commit 8937b172be530a5d91bd999f4538e5a722dcab19 on the GOV.UK account-api project.
This brings all gems up to date with the latest supported version.
This removes legacy migrations that have already been run in production. Keeping around legacy migrations makes it difficult to identify which code needs to be changed when making large scale changes and clutters the results of searches. Prior art for this occurred in 3797cd9.
In Rails 7.1, encryption uses SHA256 whereas Rails 7.0 uses SHA1. As we have data encrypted in SHA1, we need to enable support. A later PR will migrate all data to use SHA256, then we will remove support for SHA1.
brucebolt
force-pushed
the
dependabot/bundler/rails-7.1.3.2
branch
from
41b1fd1
to
90d4cf0
Compare
jkempster34
approved these changes
Feb 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps rails from 7.0.8 to 7.1.3.2.
Release notes
Sourced from rails's releases.
... (truncated)
Commits
6f0d1adPreparing for 7.1.3.2 releasec25f0fcRespect raise_on_missing_ in controllerd73ed95Preparing for 7.1.3.1 release43037d8update changelog5187a9efix XSS vulnerability when using translationb4d3bfbFix ReDoS in accept header scanning36c1591Preparing for 7.1.3 releasea84622fSync changelog1f505f0Merge pull request #50771 from rails/backport-preview-nplus1d8a8dd9Merge pull request #50758 from rails/fix-video-preview-nplus1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Trello card