From 6abc0cc391bd22bace72e792240dfcfa2250c28b Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Wed, 8 Apr 2026 14:32:05 +0100 Subject: [PATCH 01/11] fix: typo in manifest filename --- app/assets/config/{mainfest.js => manifest.js} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename app/assets/config/{mainfest.js => manifest.js} (100%) diff --git a/app/assets/config/mainfest.js b/app/assets/config/manifest.js similarity index 100% rename from app/assets/config/mainfest.js rename to app/assets/config/manifest.js From 528d27ced36bb4d1105eff515e4958a51d967234 Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Tue, 7 Apr 2026 11:52:15 +0100 Subject: [PATCH 02/11] chore: upgrade Rails from 7.1.3.4 to 7.2.3.1 (Gemfile only) --- Gemfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 100a8b7da..cf512d207 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' ruby '3.2.5' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '7.1.3.4' +gem 'rails', '7.2.3.1' # Configure Cross-Origin resource sharing gem 'rack-cors' @@ -34,10 +34,10 @@ gem 'coffee-rails', '~> 5.0' # gem 'mini_racer', platforms: :ruby gem 'active_model_serializers', '0.8.4' # Deprecated -gem "active_storage_validations", "~> 2.0" +gem 'active_storage_validations', '~> 2.0' # Use redis for caching -gem "redis", "~> 4.8" +gem 'redis', '~> 4.8' # Use PostgreSQL database gem 'pg', '~> 1.5', '>= 1.5.4' @@ -229,5 +229,3 @@ gem 'handlebars-source', '1.0.12' # TODO: just a wrapwrapper. Any update will ch # It might be possible to fix this if we had an nginx version which supported # the config: `passenger_preload_bundler on;` gem 'base64', '0.1.1' - - From 8a4a4dc1fe0d5a7f7a455ecc9cf9977b580db5a4 Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Wed, 8 Apr 2026 10:21:36 +0100 Subject: [PATCH 03/11] chore: bundle upgrade rails to 7.2 and acts-as-taggable-on --- Gemfile | 2 +- Gemfile.lock | 487 ++++++++++++++++++++++++++++----------------------- 2 files changed, 265 insertions(+), 224 deletions(-) diff --git a/Gemfile b/Gemfile index cf512d207..3c466031c 100644 --- a/Gemfile +++ b/Gemfile @@ -70,7 +70,7 @@ gem 'httparty', '~> 0.21.0' gem 'kaminari', '~> 1.2', '>= 1.2.2' # TODO: Suggest migrate to pagy gem. -gem 'acts-as-taggable-on', '~> 10.0' # TODO: refuses to install against Rails 7.2 +gem 'acts-as-taggable-on', '~> 12.0' gem 'carrierwave', '~> 3.0', '>= 3.0.5' # PDF diff --git a/Gemfile.lock b/Gemfile.lock index d9acef088..b8ba233dd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,52 +2,49 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.0.3) - actioncable (7.1.3.4) - actionpack (= 7.1.3.4) - activesupport (= 7.1.3.4) + actioncable (7.2.3.1) + actionpack (= 7.2.3.1) + activesupport (= 7.2.3.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.3.4) - actionpack (= 7.1.3.4) - activejob (= 7.1.3.4) - activerecord (= 7.1.3.4) - activestorage (= 7.1.3.4) - activesupport (= 7.1.3.4) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.1.3.4) - actionpack (= 7.1.3.4) - actionview (= 7.1.3.4) - activejob (= 7.1.3.4) - activesupport (= 7.1.3.4) - mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp + actionmailbox (7.2.3.1) + actionpack (= 7.2.3.1) + activejob (= 7.2.3.1) + activerecord (= 7.2.3.1) + activestorage (= 7.2.3.1) + activesupport (= 7.2.3.1) + mail (>= 2.8.0) + actionmailer (7.2.3.1) + actionpack (= 7.2.3.1) + actionview (= 7.2.3.1) + activejob (= 7.2.3.1) + activesupport (= 7.2.3.1) + mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.1.3.4) - actionview (= 7.1.3.4) - activesupport (= 7.1.3.4) + actionpack (7.2.3.1) + actionview (= 7.2.3.1) + activesupport (= 7.2.3.1) + cgi nokogiri (>= 1.8.5) racc - rack (>= 2.2.4) + rack (>= 2.2.4, < 3.3) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.3.4) - actionpack (= 7.1.3.4) - activerecord (= 7.1.3.4) - activestorage (= 7.1.3.4) - activesupport (= 7.1.3.4) + useragent (~> 0.16) + actiontext (7.2.3.1) + actionpack (= 7.2.3.1) + activerecord (= 7.2.3.1) + activestorage (= 7.2.3.1) + activesupport (= 7.2.3.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.3.4) - activesupport (= 7.1.3.4) + actionview (7.2.3.1) + activesupport (= 7.2.3.1) builder (~> 3.1) + cgi erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) @@ -55,67 +52,74 @@ GEM ember-data-source (>= 1.13, < 3.0) active_model_serializers (0.8.4) activemodel (>= 3.0) - active_storage_validations (2.0.3) + active_storage_validations (2.0.4) activejob (>= 6.1.4) activemodel (>= 6.1.4) activestorage (>= 6.1.4) activesupport (>= 6.1.4) marcel (>= 1.0.3) - activejob (7.1.3.4) - activesupport (= 7.1.3.4) + activejob (7.2.3.1) + activesupport (= 7.2.3.1) globalid (>= 0.3.6) - activemodel (7.1.3.4) - activesupport (= 7.1.3.4) - activerecord (7.1.3.4) - activemodel (= 7.1.3.4) - activesupport (= 7.1.3.4) + activemodel (7.2.3.1) + activesupport (= 7.2.3.1) + activerecord (7.2.3.1) + activemodel (= 7.2.3.1) + activesupport (= 7.2.3.1) timeout (>= 0.4.0) - activestorage (7.1.3.4) - actionpack (= 7.1.3.4) - activejob (= 7.1.3.4) - activerecord (= 7.1.3.4) - activesupport (= 7.1.3.4) + activestorage (7.2.3.1) + actionpack (= 7.2.3.1) + activejob (= 7.2.3.1) + activerecord (= 7.2.3.1) + activesupport (= 7.2.3.1) marcel (~> 1.0) - activesupport (7.1.3.4) + activesupport (7.2.3.1) base64 + benchmark (>= 0.3) bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) - minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) - acts-as-taggable-on (10.0.0) - activerecord (>= 6.1, < 7.2) - addressable (2.8.7) - public_suffix (>= 2.0.2, < 7.0) + logger (>= 1.4.2) + minitest (>= 5.1, < 6) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + acts-as-taggable-on (12.0.0) + activerecord (>= 7.1, < 8.1) + zeitwerk (>= 2.4, < 3.0) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) afm (0.2.2) - ahoy_matey (5.1.0) - activesupport (>= 6.1) + ahoy_matey (5.4.2) + activesupport (>= 7.1) + cgi device_detector (>= 1) safely_block (>= 0.4) - airbrussh (1.5.2) + airbrussh (1.6.1) sshkit (>= 1.6.1, != 1.7.0) annotaterb (4.10.2) appsignal (3.13.1) rack - ast (2.4.2) - aws-eventstream (1.3.0) - aws-partitions (1.961.0) - aws-sdk-core (3.201.3) + ast (2.4.3) + aws-eventstream (1.4.0) + aws-partitions (1.1236.0) + aws-sdk-core (3.244.0) aws-eventstream (~> 1, >= 1.3.0) - aws-partitions (~> 1, >= 1.651.0) - aws-sigv4 (~> 1.8) + aws-partitions (~> 1, >= 1.992.0) + aws-sigv4 (~> 1.9) + base64 + bigdecimal jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.88.0) - aws-sdk-core (~> 3, >= 3.201.0) + logger + aws-sdk-kms (1.123.0) + aws-sdk-core (~> 3, >= 3.244.0) aws-sigv4 (~> 1.5) - aws-sdk-s3 (1.157.0) - aws-sdk-core (~> 3, >= 3.201.0) + aws-sdk-s3 (1.219.0) + aws-sdk-core (~> 3, >= 3.244.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.5) - aws-sigv4 (1.9.1) + aws-sigv4 (1.12.1) aws-eventstream (~> 1, >= 1.0.2) babel-source (5.8.35) babel-transpiler (0.7.0) @@ -125,11 +129,12 @@ GEM ember-source (>= 1.0, < 3.1) execjs (>= 1.2, < 3) base64 (0.1.1) - bcrypt (3.1.20) + bcrypt (3.1.22) bcrypt_pbkdf (1.1.0) - bigdecimal (3.1.8) + benchmark (0.5.0) + bigdecimal (4.1.1) bindex (0.8.1) - bootsnap (1.18.3) + bootsnap (1.23.0) msgpack (~> 1.2) bootstrap-sass (2.3.2.2) sass (~> 3.2) @@ -137,7 +142,8 @@ GEM concurrent-ruby (~> 1.0, >= 1.0.5) redis (>= 1.0, < 6) builder (3.3.0) - byebug (11.1.3) + byebug (13.0.0) + reline (>= 0.6.0) cancancan (3.6.1) capistrano (3.18.0) airbrussh (>= 1.0.0) @@ -171,14 +177,15 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - carrierwave (3.0.7) + carrierwave (3.1.2) activemodel (>= 6.0.0) activesupport (>= 6.0.0) addressable (~> 2.6) image_processing (~> 1.1) marcel (~> 1.0.0) ssrf_filter (~> 1.0) - chartkick (5.0.7) + cgi (0.5.1) + chartkick (5.2.1) chronic_duration (0.10.6) numerizer (~> 0.1.1) coffee-rails (5.0.0) @@ -188,21 +195,21 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.3.5) - connection_pool (2.5.0) + concurrent-ruby (1.3.6) + connection_pool (2.5.5) coveralls_reborn (0.28.0) simplecov (~> 0.22.0) term-ansicolor (~> 1.7) thor (~> 1.2) tins (~> 1.32) crass (1.0.6) - database_cleaner (2.0.2) + database_cleaner (2.1.0) database_cleaner-active_record (>= 2, < 3) - database_cleaner-active_record (2.2.0) + database_cleaner-active_record (2.2.2) activerecord (>= 5.a) - database_cleaner-core (~> 2.0.0) + database_cleaner-core (~> 2.0) database_cleaner-core (2.0.1) - date (3.4.1) + date (3.5.1) device_detector (1.1.3) devise (4.9.4) bcrypt (~> 3.0) @@ -210,12 +217,12 @@ GEM railties (>= 4.1.0) responders warden (~> 1.2.3) - diff-lcs (1.5.1) + diff-lcs (1.6.2) docile (1.4.1) dotenv (2.0.1) dotenv-rails (2.0.1) dotenv (= 2.0.1) - drb (2.2.1) + drb (2.2.3) ed25519 (1.2.4) ember-cli-assets (0.0.37) ember-data-source (1.13.0) @@ -238,59 +245,62 @@ GEM railties (>= 4.2) ember-source (1.8.0) handlebars-source (~> 1.0) - erubi (1.13.0) - et-orbi (1.2.11) + erb (6.0.2) + erubi (1.13.1) + et-orbi (1.4.0) tzinfo - execjs (2.9.1) + execjs (2.10.1) factory_bot (5.2.0) activesupport (>= 4.2.0) factory_bot_rails (5.2.0) factory_bot (~> 5.2.0) railties (>= 4.2.0) - ffi (1.17.0) + ffi (1.17.4) file_exists (0.2.0) - fugit (1.11.0) - et-orbi (~> 1, >= 1.2.11) + fugit (1.12.1) + et-orbi (~> 1.4) raabro (~> 1.4) geoip (1.3.5) - globalid (1.2.1) + globalid (1.3.0) activesupport (>= 6.1) - gon (6.4.0) + gon (6.6.0) actionpack (>= 3.0.20) i18n (>= 0.7) multi_json request_store (>= 1.0) - groupdate (6.4.0) - activesupport (>= 6.1) + groupdate (6.7.0) + activesupport (>= 7.1) handlebars-source (1.0.12) - has_scope (0.8.2) - actionpack (>= 5.2) - activesupport (>= 5.2) + has_scope (0.9.0) + actionpack (>= 7.0) + activesupport (>= 7.0) hashery (2.1.2) httparty (0.21.0) mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) - i18n (1.14.5) + i18n (1.14.8) concurrent-ruby (~> 1.0) - image_processing (1.13.0) - mini_magick (>= 4.9.5, < 5) + image_processing (1.14.0) + mini_magick (>= 4.9.5, < 6) ruby-vips (>= 2.0.17, < 3) inherited_resources (1.14.0) actionpack (>= 6.0) has_scope (>= 0.6) railties (>= 6.0) responders (>= 2) - io-console (0.7.2) - irb (1.14.0) + io-console (0.8.2) + irb (1.17.0) + pp (>= 0.6.0) + prism (>= 1.3.0) rdoc (>= 4.0.0) reline (>= 0.4.2) jmespath (1.6.2) - jquery-rails (4.6.0) + jquery-rails (4.6.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) jslint_on_rails (1.1.1) - json (2.7.2) + json (2.19.3) json_spec (1.1.5) multi_json (~> 1.0) rspec (>= 2.0, < 4.0) @@ -306,65 +316,72 @@ GEM activerecord kaminari-core (= 1.2.2) kaminari-core (1.2.2) - language_server-protocol (3.17.0.3) + language_server-protocol (3.17.0.5) launchy (2.4.3) addressable (~> 2.3) - listen (3.9.0) + lint_roller (1.1.0) + listen (3.10.0) + logger rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.0) - loofah (2.24.0) + logger (1.7.0) + loofah (2.25.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) - mail (2.8.1) + mail (2.9.0) + logger mini_mime (>= 0.1.1) net-imap net-pop net-smtp marcel (1.0.4) - matrix (0.4.2) - mini_magick (4.13.2) + matrix (0.4.3) + mini_magick (5.3.1) + logger mini_mime (1.1.5) - mini_portile2 (2.8.8) - minitest (5.24.1) - mobility (1.2.9) + mini_portile2 (2.8.9) + minitest (5.27.0) + mize (0.6.1) + mobility (1.3.2) i18n (>= 0.6.10, < 2) request_store (~> 1.0) - msgpack (1.7.2) - multi_json (1.15.0) - multi_xml (0.6.0) - mutex_m (0.2.0) + msgpack (1.8.0) + multi_json (1.19.1) + multi_xml (0.8.1) + bigdecimal (>= 3.1, < 5) nested-hstore (0.1.2) activerecord activesupport nested_form (0.3.2) - net-imap (0.4.20) + net-imap (0.6.3) date net-protocol net-pop (0.1.2) net-protocol net-protocol (0.2.2) timeout - net-scp (4.0.0) + net-scp (4.1.0) net-ssh (>= 2.6.5, < 8.0.0) net-sftp (4.0.0) net-ssh (>= 5.0.0, < 8.0.0) - net-smtp (0.5.0) + net-smtp (0.5.1) net-protocol - net-ssh (7.2.3) - nio4r (2.7.3) - nokogiri (1.18.8) + net-ssh (7.3.2) + nio4r (2.7.5) + nokogiri (1.19.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) numerizer (0.1.1) - oj (3.16.4) + oj (3.16.16) bigdecimal (>= 3.0) + ostruct (>= 0.2) orm_adapter (0.5.0) + ostruct (0.6.3) paper_trail (15.1.0) activerecord (>= 6.1) request_store (~> 1.4) - parallel (1.25.1) - parser (3.3.4.0) + parallel (1.28.0) + parser (3.3.11.1) ast (~> 2.4.1) racc pdf-reader (1.4.1) @@ -374,69 +391,76 @@ GEM ruby-rc4 ttfunk pdfkit (0.8.7.3) - pg (1.5.7) + pg (1.6.3) pg_array_parser (0.0.9) - pg_search (2.3.6) - activerecord (>= 5.2) - activesupport (>= 5.2) + pg_search (2.3.7) + activerecord (>= 6.1) + activesupport (>= 6.1) + pp (0.6.3) + prettyprint prawn (0.13.2) pdf-reader (~> 1.2) ruby-rc4 ttfunk (~> 1.0.3) - psych (5.1.2) + prettyprint (0.2.0) + prism (1.9.0) + psych (5.3.1) + date stringio - public_suffix (6.0.1) - puma (5.6.8) + public_suffix (7.0.5) + puma (5.6.9) nio4r (~> 2.0) raabro (1.4.0) racc (1.8.1) - rack (2.2.14) + rack (2.2.23) rack-cors (2.0.2) rack (>= 2.0.0) rack-mini-profiler (2.3.4) rack (>= 1.2.0) rack-session (1.0.2) rack (< 3) - rack-test (2.1.0) + rack-test (2.2.0) rack (>= 1.3) - rackup (1.0.0) + rackup (1.0.1) rack (< 3) webrick - rails (7.1.3.4) - actioncable (= 7.1.3.4) - actionmailbox (= 7.1.3.4) - actionmailer (= 7.1.3.4) - actionpack (= 7.1.3.4) - actiontext (= 7.1.3.4) - actionview (= 7.1.3.4) - activejob (= 7.1.3.4) - activemodel (= 7.1.3.4) - activerecord (= 7.1.3.4) - activestorage (= 7.1.3.4) - activesupport (= 7.1.3.4) + rails (7.2.3.1) + actioncable (= 7.2.3.1) + actionmailbox (= 7.2.3.1) + actionmailer (= 7.2.3.1) + actionpack (= 7.2.3.1) + actiontext (= 7.2.3.1) + actionview (= 7.2.3.1) + activejob (= 7.2.3.1) + activemodel (= 7.2.3.1) + activerecord (= 7.2.3.1) + activestorage (= 7.2.3.1) + activesupport (= 7.2.3.1) bundler (>= 1.15.0) - railties (= 7.1.3.4) + railties (= 7.2.3.1) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) - rails-dom-testing (2.2.0) + rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.1) - loofah (~> 2.21) + rails-html-sanitizer (1.7.0) + loofah (~> 2.25) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (7.1.3.4) - actionpack (= 7.1.3.4) - activesupport (= 7.1.3.4) - irb + railties (7.2.3.1) + actionpack (= 7.2.3.1) + activesupport (= 7.2.3.1) + cgi + irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) + tsort (>= 0.2) zeitwerk (~> 2.6) rainbow (3.1.1) - rake (13.2.1) + rake (13.3.1) rb-fsevent (0.11.2) rb-inotify (0.11.1) ffi (~> 1.0) @@ -444,33 +468,37 @@ GEM ffi rbnacl-libsodium (1.0.16) rbnacl (>= 3.0.1) - rdoc (6.7.0) + rdoc (7.2.0) + erb psych (>= 4.0.0) + tsort + readline (0.0.4) + reline redis (4.8.1) - regexp_parser (2.9.2) - reline (0.5.9) + regexp_parser (2.12.0) + reline (0.6.3) io-console (~> 0.5) request_store (1.7.0) rack (>= 1.4) - responders (3.1.1) - actionpack (>= 5.2) - railties (>= 5.2) - rexml (3.3.9) - rspec (3.13.0) + responders (3.2.0) + actionpack (>= 7.0) + railties (>= 7.0) + rexml (3.4.4) + rspec (3.13.2) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) rspec-mocks (~> 3.13.0) rspec-collection_matchers (1.2.1) rspec-expectations (>= 2.99.0.beta1) - rspec-core (3.13.0) + rspec-core (3.13.6) rspec-support (~> 3.13.0) - rspec-expectations (3.13.1) + rspec-expectations (3.13.5) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-mocks (3.13.1) + rspec-mocks (3.13.8) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-rails (6.1.3) + rspec-rails (6.1.5) actionpack (>= 6.1) activesupport (>= 6.1) railties (>= 6.1) @@ -478,52 +506,55 @@ GEM rspec-expectations (~> 3.13) rspec-mocks (~> 3.13) rspec-support (~> 3.13) - rspec-support (3.13.1) - rubocop (1.65.1) + rspec-support (3.13.7) + rubocop (1.86.0) json (~> 2.3) - language_server-protocol (>= 3.17.0) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 2.4, < 3.0) - rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.31.1, < 2.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.49.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.31.3) - parser (>= 3.3.1.0) - rubocop-capybara (2.21.0) - rubocop (~> 1.41) - rubocop-factory_bot (2.26.1) - rubocop (~> 1.61) - rubocop-minitest (0.35.1) - rubocop (>= 1.61, < 2.0) - rubocop-ast (>= 1.31.1, < 2.0) - rubocop-performance (1.21.1) - rubocop (>= 1.48.1, < 2.0) - rubocop-ast (>= 1.31.1, < 2.0) - rubocop-rails (2.25.1) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.49.1) + parser (>= 3.3.7.2) + prism (~> 1.7) + rubocop-capybara (2.22.1) + lint_roller (~> 1.1) + rubocop (~> 1.72, >= 1.72.1) + rubocop-factory_bot (2.28.0) + lint_roller (~> 1.1) + rubocop (~> 1.72, >= 1.72.1) + rubocop-performance (1.26.1) + lint_roller (~> 1.1) + rubocop (>= 1.75.0, < 2.0) + rubocop-ast (>= 1.47.1, < 2.0) + rubocop-rails (2.34.3) activesupport (>= 4.2.0) + lint_roller (~> 1.1) rack (>= 1.1) - rubocop (>= 1.33.0, < 2.0) - rubocop-ast (>= 1.31.1, < 2.0) - rubocop-rails-omakase (1.0.0) - rubocop - rubocop-minitest - rubocop-performance - rubocop-rails - rubocop-rspec (3.0.3) - rubocop (~> 1.61) - rubocop-rspec_rails (2.30.0) - rubocop (~> 1.61) - rubocop-rspec (~> 3, >= 3.0.1) + rubocop (>= 1.75.0, < 2.0) + rubocop-ast (>= 1.44.0, < 2.0) + rubocop-rails-omakase (1.1.0) + rubocop (>= 1.72) + rubocop-performance (>= 1.24) + rubocop-rails (>= 2.30) + rubocop-rspec (3.9.0) + lint_roller (~> 1.1) + rubocop (~> 1.81) + rubocop-rspec_rails (2.32.0) + lint_roller (~> 1.1) + rubocop (~> 1.72, >= 1.72.1) + rubocop-rspec (~> 3.5) ruby-progressbar (1.13.0) ruby-rc4 (0.1.5) - ruby-vips (2.2.2) + ruby-vips (2.3.0) ffi (~> 1.12) logger - rubyzip (2.3.2) - safely_block (0.4.0) + rubyzip (2.4.1) + safely_block (0.5.0) sass (3.4.25) sass-rails (5.1.0) railties (>= 5.2.0) @@ -531,6 +562,7 @@ GEM sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) + securerandom (0.4.1) selenium-webdriver (4.16.0) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) @@ -556,14 +588,14 @@ GEM docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) - simplecov-html (0.12.3) + simplecov-html (0.13.2) simplecov_json_formatter (0.1.4) sitemap_generator (6.3.0) builder (~> 3.0) slackistrano (0.1.9) capistrano (>= 3.0.1) json - spring (4.2.1) + spring (4.4.2) sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -571,32 +603,40 @@ GEM actionpack (>= 6.1) activesupport (>= 6.1) sprockets (>= 3.0.0) - sshkit (1.23.0) + sshkit (1.25.0) base64 + logger net-scp (>= 1.1.2) net-sftp (>= 2.1.2) net-ssh (>= 2.8.0) - ssrf_filter (1.1.2) - stringio (3.1.1) + ostruct + ssrf_filter (1.5.0) + stringio (3.2.0) strong_migrations (1.8.0) activerecord (>= 5.2) susy (2.2.14) sass (>= 3.3.0, < 3.5) sync (0.5.0) - term-ansicolor (1.11.1) - tins (~> 1.0) - terser (1.2.3) + term-ansicolor (1.11.3) + tins (~> 1) + terser (1.2.7) execjs (>= 0.3.0, < 3) - thor (1.3.2) - tilt (2.4.0) - timeout (0.4.3) - tins (1.33.0) + thor (1.5.0) + tilt (2.7.0) + timeout (0.6.1) + tins (1.52.0) bigdecimal + mize (~> 0.6) + readline sync + tsort (0.2.0) ttfunk (1.0.3) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unicode-display_width (2.5.0) + unicode-display_width (3.2.0) + unicode-emoji (~> 4.1) + unicode-emoji (4.2.0) + useragent (0.16.11) uuidtools (2.2.0) warden (1.2.9) rack (>= 2.0.9) @@ -609,17 +649,18 @@ GEM nokogiri (~> 1.6) rubyzip (>= 1.3.0) selenium-webdriver (~> 4.0) - webrick (1.8.2) + webrick (1.9.2) websocket (1.2.11) - websocket-driver (0.7.6) + websocket-driver (0.8.0) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) wicked (2.0.0) railties (>= 3.0.7) - wkhtmltopdf-binary (0.12.6.7) + wkhtmltopdf-binary (0.12.6.10) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.17) + zeitwerk (2.7.5) PLATFORMS ruby @@ -627,7 +668,7 @@ PLATFORMS DEPENDENCIES active_model_serializers (= 0.8.4) active_storage_validations (~> 2.0) - acts-as-taggable-on (~> 10.0) + acts-as-taggable-on (~> 12.0) ahoy_matey (~> 5.0, >= 5.0.2) annotaterb (~> 4.10.2) appsignal (~> 3.13.1) @@ -685,7 +726,7 @@ DEPENDENCIES puma (~> 5.0) rack-cors rack-mini-profiler (~> 2.0) - rails (= 7.1.3.4) + rails (= 7.2.3.1) rails-controller-testing rbnacl (= 4.0.2) rbnacl-libsodium (= 1.0.16) From b0ecec85e2aeb9a03d122df766c04782e1ec9e2b Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Wed, 8 Apr 2026 12:30:50 +0100 Subject: [PATCH 04/11] chore: bundle exec rails app:update (to Rails 7.2) --- bin/rubocop | 8 ++ bin/setup | 5 ++ config/environments/development.rb | 6 +- config/environments/test.rb | 2 + .../0_new_framework_defaults_7_2.rb | 70 +++++++++++++++ .../initializers/filter_parameter_logging.rb | 2 +- config/puma.rb | 53 ++++++----- public/404.html | 88 +++++++++---------- public/422.html | 88 +++++++++---------- public/500.html | 88 +++++++++---------- 10 files changed, 245 insertions(+), 165 deletions(-) create mode 100755 bin/rubocop create mode 100644 config/initializers/0_new_framework_defaults_7_2.rb diff --git a/bin/rubocop b/bin/rubocop new file mode 100755 index 000000000..40330c0ff --- /dev/null +++ b/bin/rubocop @@ -0,0 +1,8 @@ +#!/usr/bin/env ruby +require "rubygems" +require "bundler/setup" + +# explicit rubocop config increases performance slightly while avoiding config confusion. +ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__)) + +load Gem.bin_path("rubocop", "rubocop") diff --git a/bin/setup b/bin/setup index 3cd5a9d78..bb61d6ef0 100755 --- a/bin/setup +++ b/bin/setup @@ -3,6 +3,7 @@ require "fileutils" # path to your application root. APP_ROOT = File.expand_path("..", __dir__) +APP_NAME = "sapi" def system!(*args) system(*args, exception: true) @@ -30,4 +31,8 @@ FileUtils.chdir APP_ROOT do puts "\n== Restarting application server ==" system! "bin/rails restart" + + # puts "\n== Configuring puma-dev ==" + # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}" + # system "curl -Is https://#{APP_NAME}.test/up | head -n 1" end diff --git a/config/environments/development.rb b/config/environments/development.rb index f994d2d70..296375591 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -40,6 +40,8 @@ # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Print deprecation notices to the Rails logger. @@ -80,12 +82,12 @@ # config.i18n.raise_on_missing_translations = true # Annotate rendered view with file names. - # config.action_view.annotate_rendered_view_with_filenames = true + config.action_view.annotate_rendered_view_with_filenames = true # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true ### diff --git a/config/environments/test.rb b/config/environments/test.rb index 0ecd0a654..6d4d4e6f9 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -38,6 +38,8 @@ # Store uploaded files on the local file system in a temporary directory. config.active_storage.service = :test + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Tell Action Mailer not to deliver emails to the real world. diff --git a/config/initializers/0_new_framework_defaults_7_2.rb b/config/initializers/0_new_framework_defaults_7_2.rb new file mode 100644 index 000000000..b549c4a25 --- /dev/null +++ b/config/initializers/0_new_framework_defaults_7_2.rb @@ -0,0 +1,70 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.2 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.2`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Controls whether Active Job's `#perform_later` and similar methods automatically defer +# the job queuing to after the current Active Record transaction is committed. +# +# Example: +# Topic.transaction do +# topic = Topic.create(...) +# NewTopicNotificationJob.perform_later(topic) +# end +# +# In this example, if the configuration is set to `:never`, the job will +# be enqueued immediately, even though the `Topic` hasn't been committed yet. +# Because of this, if the job is picked up almost immediately, or if the +# transaction doesn't succeed for some reason, the job will fail to find this +# topic in the database. +# +# If `enqueue_after_transaction_commit` is set to `:default`, the queue adapter +# will define the behaviour. +# +# Note: Active Job backends can disable this feature. This is generally done by +# backends that use the same database as Active Record as a queue, hence they +# don't need this feature. +#++ +# Rails.application.config.active_job.enqueue_after_transaction_commit = :default + +### +# Adds image/webp to the list of content types Active Storage considers as an image +# Prevents automatic conversion to a fallback PNG, and assumes clients support WebP, as they support gif, jpeg, and png. +# This is possible due to broad browser support for WebP, but older browsers and email clients may still not support +# WebP. Requires imagemagick/libvips built with WebP support. +#++ +# Rails.application.config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif image/webp] + +### +# Enable validation of migration timestamps. When set, an ActiveRecord::InvalidMigrationTimestampError +# will be raised if the timestamp prefix for a migration is more than a day ahead of the timestamp +# associated with the current time. This is done to prevent forward-dating of migration files, which can +# impact migration generation and other migration commands. +# +# Applications with existing timestamped migrations that do not adhere to the +# expected format can disable validation by setting this config to `false`. +#++ +# Rails.application.config.active_record.validate_migration_timestamps = true + +### +# Controls whether the PostgresqlAdapter should decode dates automatically with manual queries. +# +# Example: +# ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.select_value("select '2024-01-01'::date") #=> Date +# +# This query used to return a `String`. +#++ +# Rails.application.config.active_record.postgresql_adapter_decode_dates = true + +### +# Enables YJIT as of Ruby 3.3, to bring sizeable performance improvements. If you are +# deploying to a memory constrained environment you may want to set this to `false`. +#++ +# Rails.application.config.yjit = true diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index c2d89e28a..c010b83dd 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -4,5 +4,5 @@ # Use this to limit dissemination of sensitive information. # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ - :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/puma.rb b/config/puma.rb index 58e1c205b..03c166f4c 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -2,34 +2,33 @@ # are invoked here are part of Puma's configuration DSL. For more information # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. -# Puma can serve each request in a thread from an internal thread pool. -# The `threads` method setting takes two numbers: a minimum and maximum. -# Any libraries that use thread pools should be configured to match -# the maximum value specified for Puma. Default is set to 5 threads for minimum -# and maximum; this matches the default thread size of Active Record. -max_threads_count = ENV.fetch('RAILS_MAX_THREADS') { 5 } -min_threads_count = ENV.fetch('RAILS_MIN_THREADS') { max_threads_count } -threads min_threads_count, max_threads_count - -# Specifies that the worker count should equal the number of processors in production. -if ENV['RAILS_ENV'] == 'production' - require 'concurrent-ruby' - worker_count = Integer(ENV.fetch('WEB_CONCURRENCY') { Concurrent.physical_processor_count }) - workers worker_count if worker_count > 1 -end - -# Specifies the `worker_timeout` threshold that Puma will use to wait before -# terminating a worker in development environments. -worker_timeout 3600 if ENV.fetch('RAILS_ENV', 'development') == 'development' +# Puma starts a configurable number of processes (workers) and each process +# serves each request in a thread from an internal thread pool. +# +# The ideal number of threads per worker depends both on how much time the +# application spends waiting for IO operations and on how much you wish to +# to prioritize throughput over latency. +# +# As a rule of thumb, increasing the number of threads will increase how much +# traffic a given process can handle (throughput), but due to CRuby's +# Global VM Lock (GVL) it has diminishing returns and will degrade the +# response time (latency) of the application. +# +# The default is set to 3 threads as it's deemed a decent compromise between +# throughput and latency for the average Rails application. +# +# Any libraries that use a connection pool or another resource pool should +# be configured to provide at least as many connections as the number of +# threads. This includes Active Record's `pool` parameter in `database.yml`. +threads_count = ENV.fetch("RAILS_MAX_THREADS", 3) +threads threads_count, threads_count # Specifies the `port` that Puma will listen on to receive requests; default is 3000. -port ENV.fetch('PORT') { 3000 } - -# Specifies the `environment` that Puma will run in. -environment ENV.fetch('RAILS_ENV') { 'development' } +port ENV.fetch("PORT", 3000) -# Specifies the `pidfile` that Puma will use. -pidfile ENV.fetch('PIDFILE') { 'tmp/pids/server.pid' } - -# Allow puma to be restarted by `rails restart` command. +# Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart + +# Specify the PID file. Defaults to tmp/pids/server.pid in development. +# In other environments, only set the PID file if requested. +pidfile ENV["PIDFILE"] if ENV["PIDFILE"] diff --git a/public/404.html b/public/404.html index f028a6e83..2be3af26f 100644 --- a/public/404.html +++ b/public/404.html @@ -1,57 +1,56 @@ - The page you were looking for doesn't exist (404) @@ -65,5 +64,4 @@

The page you were looking for doesn't exist.

If you are the application owner check the logs for more information.

- diff --git a/public/422.html b/public/422.html index 33dda348e..c08eac0d1 100644 --- a/public/422.html +++ b/public/422.html @@ -1,57 +1,56 @@ - The change you wanted was rejected (422) @@ -65,5 +64,4 @@

The change you wanted was rejected.

If you are the application owner check the logs for more information.

- diff --git a/public/500.html b/public/500.html index 90beade75..78a030af2 100644 --- a/public/500.html +++ b/public/500.html @@ -1,57 +1,56 @@ - We're sorry, but something went wrong (500) @@ -64,5 +63,4 @@

We're sorry, but something went wrong.

If you are the application owner check the logs for more information.

- From f4a4901eb3c1edd49ca4bec6eeb3f111b6a7d642 Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Wed, 8 Apr 2026 14:17:37 +0100 Subject: [PATCH 05/11] chore: Rails 7.2 changes informed by railsdiff and FastRuby and official Rails upgrade guides --- Gemfile | 6 ++- Gemfile.lock | 6 ++- app/controllers/application_controller.rb | 3 ++ app/models/ahoy/visit.rb | 2 + bin/docker-entrypoint | 5 ++ config/environments/test.rb | 3 ++ public/406-unsupported-browser.html | 66 +++++++++++++++++++++++ 7 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 public/406-unsupported-browser.html diff --git a/Gemfile b/Gemfile index 3c466031c..9e43c0d15 100644 --- a/Gemfile +++ b/Gemfile @@ -145,7 +145,11 @@ group :development do gem 'bcrypt_pbkdf', '1.1.0' gem 'ed25519', '1.2.4' - # @TODO: bring back when ruby updated to > 2.6 # gem 'net-ssh', '7.0.0.beta1' # openssl 3.0 compatibility @see https://stackoverflow.com/q/72068406/1090438 + ## + # Static analysis for security vulnerabilities [https://brakemanscanner.org/] + gem 'brakeman', require: false + + gem 'net-ssh', '7.0.0.beta1' end group :test, :development do diff --git a/Gemfile.lock b/Gemfile.lock index b8ba233dd..a401d600b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -138,6 +138,8 @@ GEM msgpack (~> 1.2) bootstrap-sass (2.3.2.2) sass (~> 3.2) + brakeman (8.0.4) + racc brpoplpush-redis_script (0.1.3) concurrent-ruby (~> 1.0, >= 1.0.5) redis (>= 1.0, < 6) @@ -366,7 +368,7 @@ GEM net-ssh (>= 5.0.0, < 8.0.0) net-smtp (0.5.1) net-protocol - net-ssh (7.3.2) + net-ssh (7.0.0.beta1) nio4r (2.7.5) nokogiri (1.19.2) mini_portile2 (~> 2.8.2) @@ -677,6 +679,7 @@ DEPENDENCIES bcrypt_pbkdf (= 1.1.0) bootsnap (>= 1.4.4) bootstrap-sass (= 2.3.2.2) + brakeman byebug cancancan (~> 3.5) capistrano (= 3.18.0) @@ -715,6 +718,7 @@ DEPENDENCIES mobility (~> 1.2, >= 1.2.9) nested-hstore (~> 0.1.2) nested_form (~> 0.3.2) + net-ssh (= 7.0.0.beta1) nokogiri (~> 1.18) oj (~> 3.16, >= 3.16.3) paper_trail (= 15.1.0) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 815be2559..dbb08db6e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,4 +1,7 @@ class ApplicationController < ActionController::Base + # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has. + allow_browser versions: :modern + before_action :track_who_does_it_current_user before_action :set_locale before_action :configure_permitted_parameters, if: :devise_controller? diff --git a/app/models/ahoy/visit.rb b/app/models/ahoy/visit.rb index 648a62e0e..fb3bfdeca 100644 --- a/app/models/ahoy/visit.rb +++ b/app/models/ahoy/visit.rb @@ -48,6 +48,8 @@ class Visit < ApplicationRecord # (https://github.com/ankane/ahoy/blob/v1.0.1/lib/generators/ahoy/stores/templates/active_record_visits_migration.rb) # However it has changed since version 1.4.0, from `id` to `visit_token`, and from `visitor_id` to `visitor_token`. # (https://github.com/ankane/ahoy/blob/v1.4.0/lib/generators/ahoy/stores/templates/active_record_visits_migration.rb) + # Note that this will bypass custom methods on the original attribute, which thankfully we don't have: + # (https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#alias-attribute-now-bypasses-custom-methods-on-the-original-attribute) alias_attribute :visit_token, :id alias_attribute :visitor_token, :visitor_id end diff --git a/bin/docker-entrypoint b/bin/docker-entrypoint index cd970544f..0690f2576 100755 --- a/bin/docker-entrypoint +++ b/bin/docker-entrypoint @@ -4,6 +4,11 @@ if [[ "${@}" =~ "rails server" ]]; then rm -f ./tmp/pids/server.pid; fi +# Enable jemalloc for reduced memory usage and latency. +if [ -z "${LD_PRELOAD+x}" ] && [ -f /usr/lib/*/libjemalloc.so.2 ]; then + export LD_PRELOAD="$(echo /usr/lib/*/libjemalloc.so.2)" +fi + bundle install mkdir -p {./,spec/}public/downloads/checklist diff --git a/config/environments/test.rb b/config/environments/test.rb index 6d4d4e6f9..67ea3090c 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -29,6 +29,9 @@ config.action_controller.perform_caching = false config.cache_store = :null_store + # https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#all-tests-now-respect-the-active-job-queue-adapter-config + config.active_job.queue_adapter = :test + # Render exception templates for rescuable exceptions and raise for other exceptions. config.action_dispatch.show_exceptions = :rescuable diff --git a/public/406-unsupported-browser.html b/public/406-unsupported-browser.html new file mode 100644 index 000000000..7cf1e168e --- /dev/null +++ b/public/406-unsupported-browser.html @@ -0,0 +1,66 @@ + + + + Your browser is not supported (406) + + + + + + +
+
+

Your browser is not supported.

+

Please upgrade your browser to continue.

+
+
+ + From 8815168a7d16aa5058aebcf68fbc8ffb03aa1f11 Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Wed, 8 Apr 2026 15:37:31 +0100 Subject: [PATCH 06/11] chore: more dependency upgrades, to fix a sprockets build issue --- Gemfile | 30 ++++++------- Gemfile.lock | 69 ++++++++++++++++-------------- app/views/layouts/species.html.erb | 2 +- 3 files changed, 54 insertions(+), 47 deletions(-) diff --git a/Gemfile b/Gemfile index 9e43c0d15..410277377 100644 --- a/Gemfile +++ b/Gemfile @@ -14,15 +14,10 @@ gem 'rack-cors' gem 'puma', '~> 5.0' # Use SCSS for stylesheets -# TODO: Can't upgrade sass-rails to 6.0, it raise the following error when running `RAILS_ENV=staging rake assets:precompile`. -# SassC::SyntaxError: Error: Invalid CSS after "...in-bottom:-3px;": expected "}", was ".margin-bottom:-3px" -# on line 3712:5063 of stdin -# >> ction=135,Strength=3)";_margin-bottom:-3px;.margin-bottom:-3px;}/*!Add round -# gem 'sass-rails', '>= 6' -gem 'sass-rails', '~> 5.0' +gem 'sass-rails', '~> 6' # https://stackoverflow.com/questions/55213868/rails-6-how-to-disable-webpack-and-use-sprockets-instead -gem 'sprockets', '3.7.2' +gem 'sprockets', '~> 4' gem 'sprockets-rails', require: 'sprockets/railtie' # Use Terser as compressor for JavaScript assets @@ -98,17 +93,22 @@ gem 'bootsnap', '>= 1.4.4', require: false # To use Jbuilder templates for JSON # gem 'jbuilder', '~> 2.7' +gem 'erb', '~> 6.0.2' + group :development do + ## # Adds comments at the top of models describing table column # (replaces annotate) - gem 'annotaterb', '~> 4.10.2' + gem 'annotaterb', '~> 4.22.0' + ## # Access an interactive console on exception pages or by calling 'console' anywhere in the code. - gem 'web-console', '>= 4.1.0' + gem 'web-console' + # Display performance information such as SQL time and flame graphs for each request in your browser. # Can be configured to work on production as well see: https://github.com/MiniProfiler/rack-mini-profiler/blob/master/README.md - gem 'rack-mini-profiler', '~> 2.0' - gem 'listen', '~> 3.3' + gem 'rack-mini-profiler', '~> 4.0.1' + gem 'listen', '~> 3.10.0' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' @@ -149,11 +149,11 @@ group :development do # Static analysis for security vulnerabilities [https://brakemanscanner.org/] gem 'brakeman', require: false - gem 'net-ssh', '7.0.0.beta1' + gem 'net-ssh', '7.3.2' end group :test, :development do - gem 'rspec-rails', '~> 6.1', '>= 6.1.1' + gem 'rspec-rails', '~> 7.1' gem 'rspec-collection_matchers', '~> 1.2', '>= 1.2.1' gem 'json_spec', '~> 1.1', '>= 1.1.5' gem 'database_cleaner', '~> 2.0', '>= 2.0.2' @@ -170,7 +170,7 @@ group :test do gem 'webdrivers' gem 'rails-controller-testing' - gem 'factory_bot_rails', '5.2.0' + gem 'factory_bot_rails', '~> 6.5.1' gem 'simplecov', '~> 0.22.0', require: false gem 'coveralls_reborn', '~> 0.28.0', require: false end @@ -178,7 +178,7 @@ end gem 'geoip', '1.3.5' # TODO: no change logs, no idea if safe to update. Latest version is 1.6.4 @ 2018 gem 'request_store', '~> 1.5', '>= 1.5.1' -gem 'paper_trail', '15.1.0' +gem 'paper_trail', '~> 17.0.0' gem 'dotenv-rails', '2.0.1' diff --git a/Gemfile.lock b/Gemfile.lock index a401d600b..17e836f52 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -98,7 +98,9 @@ GEM safely_block (>= 0.4) airbrussh (1.6.1) sshkit (>= 1.6.1, != 1.7.0) - annotaterb (4.10.2) + annotaterb (4.22.0) + activerecord (>= 6.0.0) + activesupport (>= 6.0.0) appsignal (3.13.1) rack ast (2.4.3) @@ -252,11 +254,11 @@ GEM et-orbi (1.4.0) tzinfo execjs (2.10.1) - factory_bot (5.2.0) - activesupport (>= 4.2.0) - factory_bot_rails (5.2.0) - factory_bot (~> 5.2.0) - railties (>= 4.2.0) + factory_bot (6.5.6) + activesupport (>= 6.1.0) + factory_bot_rails (6.5.1) + factory_bot (~> 6.5) + railties (>= 6.1.0) ffi (1.17.4) file_exists (0.2.0) fugit (1.12.1) @@ -368,7 +370,7 @@ GEM net-ssh (>= 5.0.0, < 8.0.0) net-smtp (0.5.1) net-protocol - net-ssh (7.0.0.beta1) + net-ssh (7.3.2) nio4r (2.7.5) nokogiri (1.19.2) mini_portile2 (~> 2.8.2) @@ -379,8 +381,8 @@ GEM ostruct (>= 0.2) orm_adapter (0.5.0) ostruct (0.6.3) - paper_trail (15.1.0) - activerecord (>= 6.1) + paper_trail (17.0.0) + activerecord (>= 7.1) request_store (~> 1.4) parallel (1.28.0) parser (3.3.11.1) @@ -417,7 +419,7 @@ GEM rack (2.2.23) rack-cors (2.0.2) rack (>= 2.0.0) - rack-mini-profiler (2.3.4) + rack-mini-profiler (4.0.1) rack (>= 1.2.0) rack-session (1.0.2) rack (< 3) @@ -500,10 +502,10 @@ GEM rspec-mocks (3.13.8) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-rails (6.1.5) - actionpack (>= 6.1) - activesupport (>= 6.1) - railties (>= 6.1) + rspec-rails (7.1.1) + actionpack (>= 7.0) + activesupport (>= 7.0) + railties (>= 7.0) rspec-core (~> 3.13) rspec-expectations (~> 3.13) rspec-mocks (~> 3.13) @@ -558,12 +560,16 @@ GEM rubyzip (2.4.1) safely_block (0.5.0) sass (3.4.25) - sass-rails (5.1.0) - railties (>= 5.2.0) - sass (~> 3.1) - sprockets (>= 2.8, < 4.0) - sprockets-rails (>= 2.0, < 4.0) - tilt (>= 1.1, < 3) + sass-rails (6.0.0) + sassc-rails (~> 2.1, >= 2.1.1) + sassc (2.4.0) + ffi (~> 1.9) + sassc-rails (2.1.2) + railties (>= 4.0.0) + sassc (>= 2.0) + sprockets (> 3.0) + sprockets-rails + tilt securerandom (0.4.1) selenium-webdriver (4.16.0) rexml (~> 3.2, >= 3.2.5) @@ -598,7 +604,7 @@ GEM capistrano (>= 3.0.1) json spring (4.4.2) - sprockets (3.7.2) + sprockets (4.0.3) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.5.2) @@ -672,7 +678,7 @@ DEPENDENCIES active_storage_validations (~> 2.0) acts-as-taggable-on (~> 12.0) ahoy_matey (~> 5.0, >= 5.0.2) - annotaterb (~> 4.10.2) + annotaterb (~> 4.22.0) appsignal (~> 3.13.1) aws-sdk-s3 (~> 1.143) base64 (= 0.1.1) @@ -702,7 +708,8 @@ DEPENDENCIES ember-data-source (= 1.13.0) ember-rails (~> 0.21.0) ember-source (= 1.8.0) - factory_bot_rails (= 5.2.0) + erb (~> 6.0.2) + factory_bot_rails (~> 6.5.1) file_exists (~> 0.2.0) geoip (= 1.3.5) gon (~> 6.4) @@ -714,14 +721,14 @@ DEPENDENCIES json_spec (~> 1.1, >= 1.1.5) kaminari (~> 1.2, >= 1.2.2) launchy (= 2.4.3) - listen (~> 3.3) + listen (~> 3.10.0) mobility (~> 1.2, >= 1.2.9) nested-hstore (~> 0.1.2) nested_form (~> 0.3.2) - net-ssh (= 7.0.0.beta1) + net-ssh (= 7.3.2) nokogiri (~> 1.18) oj (~> 3.16, >= 3.16.3) - paper_trail (= 15.1.0) + paper_trail (~> 17.0.0) pdfkit (~> 0.8.7.3) pg (~> 1.5, >= 1.5.4) pg_array_parser (~> 0.0.9) @@ -729,7 +736,7 @@ DEPENDENCIES prawn (= 0.13.2) puma (~> 5.0) rack-cors - rack-mini-profiler (~> 2.0) + rack-mini-profiler (~> 4.0.1) rails (= 7.2.3.1) rails-controller-testing rbnacl (= 4.0.2) @@ -738,7 +745,7 @@ DEPENDENCIES request_store (~> 1.5, >= 1.5.1) responders (~> 3.1, >= 3.1.1) rspec-collection_matchers (~> 1.2, >= 1.2.1) - rspec-rails (~> 6.1, >= 6.1.1) + rspec-rails (~> 7.1) rubocop rubocop-capybara rubocop-factory_bot @@ -747,7 +754,7 @@ DEPENDENCIES rubocop-rspec rubocop-rspec_rails rubyzip (~> 2.3, >= 2.3.2) - sass-rails (~> 5.0) + sass-rails (~> 6) selenium-webdriver (>= 4.0.0.rc1) sidekiq (< 7) sidekiq-cron (~> 1.12) @@ -757,13 +764,13 @@ DEPENDENCIES sitemap_generator (~> 6.3) slackistrano (= 0.1.9) spring - sprockets (= 3.7.2) + sprockets (~> 4) sprockets-rails strong_migrations (~> 1.7) susy (~> 2.2, >= 2.2.14) terser (~> 1.2.3) uuidtools (~> 2.2) - web-console (>= 4.1.0) + web-console webdrivers wicked (= 2.0.0) wkhtmltopdf-binary (~> 0.12.6.6) diff --git a/app/views/layouts/species.html.erb b/app/views/layouts/species.html.erb index 054f63979..eccb413dc 100644 --- a/app/views/layouts/species.html.erb +++ b/app/views/layouts/species.html.erb @@ -8,7 +8,7 @@ - <%= stylesheet_link_tag "species" %> + <%= stylesheet_link_tag "species" %> From 5fdd94d373e1e2e08f31c22512562919f80068ce Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Wed, 8 Apr 2026 15:50:02 +0100 Subject: [PATCH 07/11] chore: upgrade target version in .rubocop.yml --- .rubocop.yml | 4 ++-- config/initializers/0_new_framework_defaults_7_2.rb | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 0d729d038..e0992f781 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -12,8 +12,8 @@ require: Rails: Enabled: true AllCops: - TargetRubyVersion: 3.2.5 - TargetRailsVersion: 7.1 + TargetRubyVersion: 3.2 + TargetRailsVersion: 7.2 Style/StringLiterals: EnforcedStyle: single_quotes diff --git a/config/initializers/0_new_framework_defaults_7_2.rb b/config/initializers/0_new_framework_defaults_7_2.rb index b549c4a25..683cc7b63 100644 --- a/config/initializers/0_new_framework_defaults_7_2.rb +++ b/config/initializers/0_new_framework_defaults_7_2.rb @@ -32,7 +32,7 @@ # backends that use the same database as Active Record as a queue, hence they # don't need this feature. #++ -# Rails.application.config.active_job.enqueue_after_transaction_commit = :default +Rails.application.config.active_job.enqueue_after_transaction_commit = :default ### # Adds image/webp to the list of content types Active Storage considers as an image @@ -40,7 +40,7 @@ # This is possible due to broad browser support for WebP, but older browsers and email clients may still not support # WebP. Requires imagemagick/libvips built with WebP support. #++ -# Rails.application.config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif image/webp] +Rails.application.config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif image/webp] ### # Enable validation of migration timestamps. When set, an ActiveRecord::InvalidMigrationTimestampError @@ -51,7 +51,7 @@ # Applications with existing timestamped migrations that do not adhere to the # expected format can disable validation by setting this config to `false`. #++ -# Rails.application.config.active_record.validate_migration_timestamps = true +Rails.application.config.active_record.validate_migration_timestamps = true ### # Controls whether the PostgresqlAdapter should decode dates automatically with manual queries. @@ -61,10 +61,10 @@ # # This query used to return a `String`. #++ -# Rails.application.config.active_record.postgresql_adapter_decode_dates = true +Rails.application.config.active_record.postgresql_adapter_decode_dates = true ### # Enables YJIT as of Ruby 3.3, to bring sizeable performance improvements. If you are # deploying to a memory constrained environment you may want to set this to `false`. #++ -# Rails.application.config.yjit = true +Rails.application.config.yjit = true From 3dddf49a9ed57ed79baa15a57c20979e4c51cab0 Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Wed, 8 Apr 2026 15:55:48 +0100 Subject: [PATCH 08/11] chore: add Rails 7.2 upgrade to changelog --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c88f2f20..9eff57692 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +### 1.22.0 + +**Rails 7.2 Upgrade** +The primary goal of this release is to upgrade the Rails version without causing +any breaking changes to functionality. + +* Upgrades Rails 7.1.3.4 to 7.2.3.1 +* Some dependency updates/changes allowed or required by the above: + * Upgraded `sprockets` from 3.7.2 to 4.0.3 + * Upgraded `papertrail` from 15.1.0 to 17.0.0 + * Upgraded `acts-as-taggable-on` from 10.0.0 to 12.0.0 + ### 1.21.2 **Species+** From bad866e4c4ebb3180bfa338e140f80a5c60d798b Mon Sep 17 00:00:00 2001 From: Daniel Perrett Date: Thu, 9 Apr 2026 11:32:25 +0100 Subject: [PATCH 09/11] fix: Open Sans is not loading after sprockets upgrade https://github.com/rails/sprockets/issues/785 --- app/assets/stylesheets/mobile/mobile.scss | 2 -- app/assets/stylesheets/species/all.scss | 1 - app/views/layouts/mobile.html.erb | 4 ++++ app/views/layouts/species.html.erb | 4 ++++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/app/assets/stylesheets/mobile/mobile.scss b/app/assets/stylesheets/mobile/mobile.scss index b4a7ddb10..efff1051d 100644 --- a/app/assets/stylesheets/mobile/mobile.scss +++ b/app/assets/stylesheets/mobile/mobile.scss @@ -1,6 +1,4 @@ // Settings (mobile-first) -@import url('https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap'); - $navy: #253848; $black: #2D2D2D; $medium-grey: #dddddd; diff --git a/app/assets/stylesheets/species/all.scss b/app/assets/stylesheets/species/all.scss index b28ec7f5e..a18e844fb 100755 --- a/app/assets/stylesheets/species/all.scss +++ b/app/assets/stylesheets/species/all.scss @@ -3,7 +3,6 @@ License: none (public domain) */ -@import url(https://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,600,700); @import './variables'; html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { diff --git a/app/views/layouts/mobile.html.erb b/app/views/layouts/mobile.html.erb index f37c2e414..eef38bf48 100644 --- a/app/views/layouts/mobile.html.erb +++ b/app/views/layouts/mobile.html.erb @@ -7,6 +7,10 @@ + + <%= stylesheet_link_tag "mobile" %> <%= javascript_include_tag "application" %> <%= csrf_meta_tags %> diff --git a/app/views/layouts/species.html.erb b/app/views/layouts/species.html.erb index eccb413dc..10a4f6590 100644 --- a/app/views/layouts/species.html.erb +++ b/app/views/layouts/species.html.erb @@ -8,6 +8,10 @@ + + <%= stylesheet_link_tag "species" %>