Upgrade/ruby 3.4.9

.rubocop.yml

@@ -12,8 +12,8 @@ require:
 Rails:
   Enabled: true
 AllCops:
-  TargetRubyVersion: 3.2.5
-  TargetRailsVersion: 7.1
+  TargetRubyVersion: 3.4
+  TargetRailsVersion: 7.2
 
 Style/StringLiterals:
   EnforcedStyle: single_quotes

.ruby-version

@@ -1 +1 @@
-3.2.5
+3.4.9

CHANGELOG.md

@@ -1,3 +1,16 @@
+### 1.22.0
+
+**Rails 7.2 Upgrade**
+The primary goal of this release is to upgrade the Rails version without causing
+any breaking changes to functionality.
+
+* Upgrades Rails 7.1.3.4 to 7.2.3.1
+* Upgrades Ruby 3.2.5 to 3.4.9
+* Some dependency updates/changes allowed or required by the above:
+  * Upgraded `sprockets` from 3.7.2 to 4.0.3
+  * Upgraded `papertrail` from 15.1.0 to 17.0.0
+  * Upgraded `acts-as-taggable-on` from 10.0.0 to 12.0.0
+
 ### 1.21.2
 
 **Species+**

Dockerfile

@@ -4,7 +4,7 @@
 # or SUS-ORS project.
 
 # Dockerfile
-FROM ruby:3.2.5
+FROM ruby:3.4.9
 
 # Rails and SAPI has some additional dependencies, e.g. rake requires a JS
 # runtime, so attempt to get these from apt, where possible
@@ -21,11 +21,13 @@ RUN apt-get update && apt-get install -y --force-yes \
 RUN mkdir /SAPI
 WORKDIR /SAPI
 
-#
-# Don't need to do these, as we have done this with Docker bindings
-#   COPY Gemfile /SAPI/Gemfile
-#   COPY Gemfile.lock /SAPI/Gemfile.lock
-RUN gem install bundler -v 2.5.17
+COPY Gemfile.lock /SAPI/Gemfile.lock
+
+RUN grep -A1 '^BUNDLED WITH$' Gemfile.lock | tail -n1 | tr -d ' ' \
+  | xargs -I _BUNDLER_VERSION_ gem install bundler -v _BUNDLER_VERSION_
+
+# Don't this any more, as we get it with Docker bindings
+RUN rm /SAPI/Gemfile.lock
 
 ##
 # This happens in the entrypoint

Dockerfile.cap-deploy

@@ -1,5 +1,5 @@
 # Dockerfile
-FROM ruby:3.2.5
+FROM ruby:3.4.9
 
 ENV DEBIAN_FRONTEND=noninteractive
 # Rails and SAPI has some additional dependencies, e.g. rake requires a JS
@@ -20,7 +20,7 @@ WORKDIR /SAPI
 # https://stackoverflow.com/questions/43612927/how-to-correctly-install-rvm-in-docker
 RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
 RUN curl -sSL https://get.rvm.io | bash -s
-RUN /bin/bash -l -c ". /etc/profile.d/rvm.sh && rvm install 3.2.5"
+RUN /bin/bash -l -c ". /etc/profile.d/rvm.sh && rvm install 3.4.9"
 # RVM installed in multi-user mode. However cap assume rvm is installed in single user mode.
 # Create a soft link to fake it.
 RUN mkdir -p ~/.rvm/bin && ln -s /usr/local/rvm/bin/rvm ~/.rvm/bin/rvm
@@ -29,9 +29,11 @@ COPY Gemfile /SAPI/Gemfile
 COPY Gemfile.lock /SAPI/Gemfile.lock
 
 ENV BUNDLE_SILENCE_ROOT_WARNING=1
+
 RUN /bin/bash -c "source /etc/profile.d/rvm.sh \
-  && gem install bundler:2.5.17 \
-  && bundle"
+  && grep -A1 '^BUNDLED WITH$' Gemfile.lock | tail -n1 | tr -d ' ' \
+  | xargs -I _BUNDLER_VERSION_ gem install bundler -v _BUNDLER_VERSION_ \
+  && bundle install"
 
 ENTRYPOINT ["/bin/bash", "-l"]
 

Gemfile

@@ -1,9 +1,9 @@
 source 'https://rubygems.org'
 
-ruby '3.2.5'
+ruby '3.4.9'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '7.1.3.4'
+gem 'rails', '7.2.3.1'
 
 # Configure Cross-Origin resource sharing
 gem 'rack-cors'
@@ -14,15 +14,10 @@ gem 'rack-cors'
 gem 'puma', '~> 5.0'
 
 # Use SCSS for stylesheets
-# TODO: Can't upgrade sass-rails to 6.0, it raise the following error when running `RAILS_ENV=staging rake assets:precompile`.
-# SassC::SyntaxError: Error: Invalid CSS after "...in-bottom:-3px;": expected "}", was ".margin-bottom:-3px"
-#         on line 3712:5063 of stdin
-# >> ction=135,Strength=3)";_margin-bottom:-3px;.margin-bottom:-3px;}/*!Add round
-# gem 'sass-rails', '>= 6'
-gem 'sass-rails', '~> 5.0'
+gem 'sass-rails', '~> 6'
 
 # https://stackoverflow.com/questions/55213868/rails-6-how-to-disable-webpack-and-use-sprockets-instead
-gem 'sprockets', '3.7.2'
+gem 'sprockets', '~> 4'
 gem 'sprockets-rails', require: 'sprockets/railtie'
 
 # Use Terser as compressor for JavaScript assets
@@ -34,10 +29,10 @@ gem 'coffee-rails', '~> 5.0'
 # gem 'mini_racer', platforms: :ruby
 
 gem 'active_model_serializers', '0.8.4' # Deprecated
-gem "active_storage_validations", "~> 2.0"
+gem 'active_storage_validations', '~> 2.0'
 
 # Use redis for caching
-gem "redis", "~> 4.8"
+gem 'redis', '~> 4.8'
 
 # Use PostgreSQL database
 gem 'pg', '~> 1.5', '>= 1.5.4'
@@ -53,6 +48,7 @@ gem 'devise', '~> 4.9', '>= 4.9.3'
 gem 'cancancan', '~> 3.5'
 gem 'ahoy_matey', '~> 5.0', '>= 5.0.2'
 gem 'uuidtools', '~> 2.2' # For Ahoy. (https://github.com/ankane/ahoy/blob/v2.2.1/docs/Ahoy-2-Upgrade.md#activerecordstore)
+gem 'csv', '~> 3.3.5' # no longer a default gem from Ruby 3.4.0 onwards
 
 gem 'wicked', '2.0.0'
 
@@ -70,7 +66,7 @@ gem 'httparty', '~> 0.21.0'
 
 gem 'kaminari', '~> 1.2', '>= 1.2.2' # TODO: Suggest migrate to pagy gem.
 
-gem 'acts-as-taggable-on', '~> 10.0' # TODO: refuses to install against Rails 7.2
+gem 'acts-as-taggable-on', '~> 12.0'
 gem 'carrierwave', '~> 3.0', '>= 3.0.5'
 
 # PDF
@@ -98,17 +94,22 @@ gem 'bootsnap', '>= 1.4.4', require: false
 # To use Jbuilder templates for JSON
 # gem 'jbuilder', '~> 2.7'
 
+gem 'erb', '~> 6.0.2'
+
 group :development do
+  ##
   # Adds comments at the top of models describing table column
   # (replaces annotate)
-  gem 'annotaterb', '~> 4.10.2'
+  gem 'annotaterb', '~> 4.22.0'
 
+  ##
   # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'web-console', '>= 4.1.0'
+  gem 'web-console'
+
   # Display performance information such as SQL time and flame graphs for each request in your browser.
   # Can be configured to work on production as well see: https://github.com/MiniProfiler/rack-mini-profiler/blob/master/README.md
-  gem 'rack-mini-profiler', '~> 2.0'
-  gem 'listen', '~> 3.3'
+  gem 'rack-mini-profiler', '~> 4.0.1'
+  gem 'listen', '~> 3.10.0'
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
 
@@ -145,11 +146,15 @@ group :development do
   gem 'bcrypt_pbkdf', '1.1.0'
   gem 'ed25519', '1.2.4'
 
-  # @TODO: bring back when ruby updated to > 2.6 # gem 'net-ssh', '7.0.0.beta1' # openssl 3.0 compatibility @see https://stackoverflow.com/q/72068406/1090438
+  ##
+  # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
+  gem 'brakeman', require: false
+
+  gem 'net-ssh', '7.3.2'
 end
 
 group :test, :development do
-  gem 'rspec-rails', '~> 6.1', '>= 6.1.1'
+  gem 'rspec-rails', '~> 7.1'
   gem 'rspec-collection_matchers', '~> 1.2', '>= 1.2.1'
   gem 'json_spec', '~> 1.1', '>= 1.1.5'
   gem 'database_cleaner', '~> 2.0', '>= 2.0.2'
@@ -161,20 +166,20 @@ end
 group :test do
   # Adds support for Capybara system testing and selenium driver
   gem 'capybara', '>= 3.26'
-  gem 'selenium-webdriver', '>= 4.0.0.rc1'
+  gem 'selenium-webdriver', '~> 4.41'
   # Easy installation and use of web drivers to run system tests with browsers
   gem 'webdrivers'
 
   gem 'rails-controller-testing'
-  gem 'factory_bot_rails', '5.2.0'
+  gem 'factory_bot_rails', '~> 6.5.1'
   gem 'simplecov', '~> 0.22.0', require: false
   gem 'coveralls_reborn', '~> 0.28.0', require: false
 end
 
 gem 'geoip', '1.3.5' # TODO: no change logs, no idea if safe to update. Latest version is 1.6.4 @ 2018
 
 gem 'request_store', '~> 1.5', '>= 1.5.1'
-gem 'paper_trail', '15.1.0'
+gem 'paper_trail', '~> 17.0.0'
 
 gem 'dotenv-rails', '2.0.1'
 
@@ -228,6 +233,4 @@ gem 'handlebars-source', '1.0.12' # TODO: just a wrapwrapper. Any update will ch
 #
 # It might be possible to fix this if we had an nginx version which supported
 # the config: `passenger_preload_bundler on;`
-gem 'base64', '0.1.1'
-
-
+gem 'base64', '0.2.0'