From 7f49c4e59c3e5760e31b4ab0b483f3633fc8a02d Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 09:29:43 -0400 Subject: [PATCH 01/17] Rails 8 bundle update --- Gemfile | 11 +-- Gemfile.lock | 169 ++++++++++++++++++++---------------------- README.md | 2 - config/application.rb | 2 +- 4 files changed, 89 insertions(+), 95 deletions(-) diff --git a/Gemfile b/Gemfile index 9ad77f9a..46d72bce 100644 --- a/Gemfile +++ b/Gemfile @@ -13,13 +13,15 @@ gem 'flipflop' gem 'graphql' gem 'jwt' gem 'lograge' -gem 'mitlibraries-theme', git: 'https://github.com/mitlibraries/mitlibraries-theme', tag: 'v1.4' +gem "mitlibraries-theme", + git: "https://github.com/MITLibraries/mitlibraries-theme.git", + branch: "rails8" gem 'opensearch-aws-sigv4' gem 'opensearch-ruby' gem 'puma' gem 'rack-attack' gem 'rack-cors' -gem 'rails', '~> 7.2.0' +gem 'rails', '~> 8.0.0' gem 'redis' gem 'sass-rails' gem 'sentry-rails' @@ -27,7 +29,7 @@ gem 'sentry-ruby' gem 'uglifier' group :production do - gem 'connection_pool', '< 3' # 3.x requires keyword args; pin to 2.x for Rails 7.2.3 + gem 'connection_pool' gem 'pg' end @@ -38,7 +40,6 @@ group :development, :test do end group :development do - gem 'annotate' gem 'jekyll' gem 'jekyll-remote-theme' gem 'jekyll-seo-tag' @@ -51,7 +52,7 @@ end group :test do gem 'capybara' gem 'climate_control' - gem 'minitest', '< 6' # required for Rails 7.2.3 + gem 'minitest' gem 'mocha' gem 'selenium-webdriver' gem 'simplecov', require: false diff --git a/Gemfile.lock b/Gemfile.lock index c0640219..9fda8483 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,77 +1,74 @@ GIT - remote: https://github.com/mitlibraries/mitlibraries-theme - revision: ba5bdc9840ef817ba0b92e522b92da3f52669fc3 - tag: v1.4 + remote: https://github.com/MITLibraries/mitlibraries-theme.git + revision: e3651e2bafeff277d3ed12a65060df9cf627af95 + branch: rails8 specs: - mitlibraries-theme (1.0.2) - rails (>= 6, < 8) + mitlibraries-theme (1.1.0) + rails (>= 6, < 9) sassc-rails (~> 2) GEM remote: https://rubygems.org/ specs: - actioncable (7.2.3.1) - actionpack (= 7.2.3.1) - activesupport (= 7.2.3.1) + actioncable (8.0.5) + actionpack (= 8.0.5) + activesupport (= 8.0.5) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.3.1) - actionpack (= 7.2.3.1) - activejob (= 7.2.3.1) - activerecord (= 7.2.3.1) - activestorage (= 7.2.3.1) - activesupport (= 7.2.3.1) + actionmailbox (8.0.5) + actionpack (= 8.0.5) + activejob (= 8.0.5) + activerecord (= 8.0.5) + activestorage (= 8.0.5) + activesupport (= 8.0.5) mail (>= 2.8.0) - actionmailer (7.2.3.1) - actionpack (= 7.2.3.1) - actionview (= 7.2.3.1) - activejob (= 7.2.3.1) - activesupport (= 7.2.3.1) + actionmailer (8.0.5) + actionpack (= 8.0.5) + actionview (= 8.0.5) + activejob (= 8.0.5) + activesupport (= 8.0.5) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.3.1) - actionview (= 7.2.3.1) - activesupport (= 7.2.3.1) - cgi + actionpack (8.0.5) + actionview (= 8.0.5) + activesupport (= 8.0.5) nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4, < 3.3) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.3.1) - actionpack (= 7.2.3.1) - activerecord (= 7.2.3.1) - activestorage (= 7.2.3.1) - activesupport (= 7.2.3.1) + actiontext (8.0.5) + actionpack (= 8.0.5) + activerecord (= 8.0.5) + activestorage (= 8.0.5) + activesupport (= 8.0.5) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.3.1) - activesupport (= 7.2.3.1) + actionview (8.0.5) + activesupport (= 8.0.5) builder (~> 3.1) - cgi erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.3.1) - activesupport (= 7.2.3.1) + activejob (8.0.5) + activesupport (= 8.0.5) globalid (>= 0.3.6) - activemodel (7.2.3.1) - activesupport (= 7.2.3.1) - activerecord (7.2.3.1) - activemodel (= 7.2.3.1) - activesupport (= 7.2.3.1) + activemodel (8.0.5) + activesupport (= 8.0.5) + activerecord (8.0.5) + activemodel (= 8.0.5) + activesupport (= 8.0.5) timeout (>= 0.4.0) - activestorage (7.2.3.1) - actionpack (= 7.2.3.1) - activejob (= 7.2.3.1) - activerecord (= 7.2.3.1) - activesupport (= 7.2.3.1) + activestorage (8.0.5) + actionpack (= 8.0.5) + activejob (= 8.0.5) + activerecord (= 8.0.5) + activesupport (= 8.0.5) marcel (~> 1.0) - activesupport (7.2.3.1) + activesupport (8.0.5) base64 benchmark (>= 0.3) bigdecimal @@ -80,14 +77,12 @@ GEM drb i18n (>= 1.6, < 2) logger (>= 1.4.2) - minitest (>= 5.1, < 6) + minitest (>= 5.1) securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) addressable (2.9.0) public_suffix (>= 2.0.2, < 8.0) - annotate (3.2.0) - activerecord (>= 3.2, < 8.0) - rake (>= 10.4, < 14.0) ast (2.4.3) aws-eventstream (1.4.0) aws-partitions (1.1269.0) @@ -126,11 +121,10 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - cgi (0.5.2) climate_control (1.2.0) colorator (1.1.0) concurrent-ruby (1.3.7) - connection_pool (2.5.5) + connection_pool (3.0.2) crack (1.0.1) bigdecimal rexml @@ -170,7 +164,7 @@ GEM activesupport (>= 4.0) terminal-table (>= 1.8) forwardable-extended (2.6.0) - globalid (1.3.0) + globalid (1.4.0) activesupport (>= 6.1) google-protobuf (4.35.1) bigdecimal @@ -244,25 +238,27 @@ GEM loofah (2.25.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) - mail (2.9.0) + mail (2.9.1) logger mini_mime (>= 0.1.1) net-imap net-pop net-smtp - marcel (1.1.0) + marcel (1.2.1) matrix (0.4.3) mercenary (0.4.0) mini_mime (1.1.5) mini_portile2 (2.8.9) - minitest (5.27.0) + minitest (6.0.6) + drb (~> 2.0) + prism (~> 1.5) mocha (3.1.0) ruby2_keywords (>= 0.0.5) msgpack (1.8.3) multi_json (1.19.1) net-http (0.9.1) uri (>= 0.11.1) - net-imap (0.6.2) + net-imap (0.6.4.1) date net-protocol net-pop (0.1.2) @@ -294,9 +290,6 @@ GEM prettyprint prettyprint (0.2.0) prism (1.9.0) - psych (5.4.0) - date - stringio public_suffix (7.0.5) puma (8.0.2) nio4r (~> 2.0) @@ -314,20 +307,20 @@ GEM rack (>= 1.3) rackup (2.3.1) rack (>= 3) - rails (7.2.3.1) - actioncable (= 7.2.3.1) - actionmailbox (= 7.2.3.1) - actionmailer (= 7.2.3.1) - actionpack (= 7.2.3.1) - actiontext (= 7.2.3.1) - actionview (= 7.2.3.1) - activejob (= 7.2.3.1) - activemodel (= 7.2.3.1) - activerecord (= 7.2.3.1) - activestorage (= 7.2.3.1) - activesupport (= 7.2.3.1) + rails (8.0.5) + actioncable (= 8.0.5) + actionmailbox (= 8.0.5) + actionmailer (= 8.0.5) + actionpack (= 8.0.5) + actiontext (= 8.0.5) + actionview (= 8.0.5) + activejob (= 8.0.5) + activemodel (= 8.0.5) + activerecord (= 8.0.5) + activestorage (= 8.0.5) + activesupport (= 8.0.5) bundler (>= 1.15.0) - railties (= 7.2.3.1) + railties (= 8.0.5) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -335,10 +328,9 @@ GEM rails-html-sanitizer (1.7.0) loofah (~> 2.25) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (7.2.3.1) - actionpack (= 7.2.3.1) - activesupport (= 7.2.3.1) - cgi + railties (8.0.5) + actionpack (= 8.0.5) + activesupport (= 8.0.5) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -350,9 +342,14 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.11.1) ffi (~> 1.0) - rdoc (7.2.0) + rbs (4.0.3) + logger + prism (>= 1.6.0) + tsort + rdoc (8.0.0) erb - psych (>= 4.0.0) + prism (>= 1.6.0) + rbs (>= 4.0.0) tsort redis (5.4.1) redis-client (>= 0.22.0) @@ -431,13 +428,12 @@ GEM sprockets (>= 3.0.0) sqlite3 (2.9.5) mini_portile2 (~> 2.8.0) - stringio (3.2.0) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) thor (1.5.0) - tilt (2.6.1) + tilt (2.8.0) timecop (0.9.11) - timeout (0.6.0) + timeout (0.6.1) tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) @@ -460,7 +456,7 @@ GEM hashdiff (>= 0.4.0, < 2.0.0) webrick (1.9.2) websocket (1.2.11) - websocket-driver (0.8.0) + websocket-driver (0.8.2) base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -472,7 +468,6 @@ PLATFORMS ruby DEPENDENCIES - annotate aws-sdk-lambda aws-sdk-sts aws-sigv4 @@ -480,7 +475,7 @@ DEPENDENCIES byebug capybara climate_control - connection_pool (< 3) + connection_pool devise dotenv-rails faraday_middleware-aws-sigv4 @@ -492,7 +487,7 @@ DEPENDENCIES jwt listen lograge - minitest (< 6) + minitest mitlibraries-theme! mocha opensearch-aws-sigv4 @@ -501,7 +496,7 @@ DEPENDENCIES puma rack-attack rack-cors - rails (~> 7.2.0) + rails (~> 8.0.0) redis rubocop rubocop-rails diff --git a/README.md b/README.md index 91df7493..d4e923cf 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,6 @@ additional records with a standardized template. ## Developing this application -- please `bundle exec annotate` when making changes to models to update the - internal documentation - don't commit your .env or .env.development, but do commit .env.test after confirming your test values are not actual secrets that need protecting diff --git a/config/application.rb b/config/application.rb index 74f6d572..2f05c06d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -26,7 +26,7 @@ class Application < Rails::Application config.flipflop.dashboard_access_filter = -> { head :forbidden } # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 7.2 + config.load_defaults 8.0 # Please, add to the `ignore` list any other `lib` subdirectories that do # not contain `.rb` files, or that should not be reloaded or eager loaded. From 7037c99edaa149415a62d45d859feb3a9500e419 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 09:35:45 -0400 Subject: [PATCH 02/17] bin/rails app:update fully accepted changes --- bin/dev | 2 + bin/setup | 13 +- config/initializers/assets.rb | 5 - .../initializers/filter_parameter_logging.rb | 2 +- config/puma.rb | 11 +- public/400.html | 114 +++++++++++ public/404.html | 179 +++++++++++------- public/406-unsupported-browser.html | 178 ++++++++++------- public/422.html | 179 +++++++++++------- public/500.html | 178 ++++++++++------- public/icon.png | Bin 5599 -> 4166 bytes public/icon.svg | 4 +- 12 files changed, 585 insertions(+), 280 deletions(-) create mode 100755 bin/dev create mode 100644 public/400.html diff --git a/bin/dev b/bin/dev new file mode 100755 index 00000000..5f91c205 --- /dev/null +++ b/bin/dev @@ -0,0 +1,2 @@ +#!/usr/bin/env ruby +exec "./bin/rails", "server", *ARGV diff --git a/bin/setup b/bin/setup index 48833ab3..be3db3c0 100755 --- a/bin/setup +++ b/bin/setup @@ -2,7 +2,6 @@ require "fileutils" APP_ROOT = File.expand_path("..", __dir__) -APP_NAME = "timdex" def system!(*args) system(*args, exception: true) @@ -14,7 +13,6 @@ FileUtils.chdir APP_ROOT do # Add necessary setup steps to this file. puts "== Installing dependencies ==" - system! "gem install bundler --conservative" system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" @@ -28,10 +26,9 @@ FileUtils.chdir APP_ROOT do puts "\n== Removing old logs and tempfiles ==" system! "bin/rails log:clear tmp:clear" - puts "\n== Restarting application server ==" - system! "bin/rails restart" - - # puts "\n== Configuring puma-dev ==" - # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}" - # system "curl -Is https://#{APP_NAME}.test/up | head -n 1" + unless ARGV.include?("--skip-server") + puts "\n== Starting development server ==" + STDOUT.flush # flush the output before exec(2) so that it displays + exec "bin/dev" + end end diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index bd5bcd2b..48732442 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -5,8 +5,3 @@ # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path - -# Precompile additional assets. -# application.js, application.css, and all non-JS/CSS in the app/assets -# folder are already added. -# Rails.application.config.assets.precompile += %w[ admin.js admin.css ] diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index c010b83d..c0b717f7 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -4,5 +4,5 @@ # Use this to limit dissemination of sensitive information. # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ - :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc ] diff --git a/config/puma.rb b/config/puma.rb index 03c166f4..a248513b 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -1,13 +1,17 @@ # This configuration file will be evaluated by Puma. The top-level methods that # are invoked here are part of Puma's configuration DSL. For more information # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. - +# # Puma starts a configurable number of processes (workers) and each process # serves each request in a thread from an internal thread pool. # +# You can control the number of workers using ENV["WEB_CONCURRENCY"]. You +# should only set this value when you want to run 2 or more workers. The +# default is already 1. +# # The ideal number of threads per worker depends both on how much time the # application spends waiting for IO operations and on how much you wish to -# to prioritize throughput over latency. +# prioritize throughput over latency. # # As a rule of thumb, increasing the number of threads will increase how much # traffic a given process can handle (throughput), but due to CRuby's @@ -29,6 +33,9 @@ # Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart +# Run the Solid Queue supervisor inside of Puma for single-server deployments +plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"] + # Specify the PID file. Defaults to tmp/pids/server.pid in development. # In other environments, only set the PID file if requested. pidfile ENV["PIDFILE"] if ENV["PIDFILE"] diff --git a/public/400.html b/public/400.html new file mode 100644 index 00000000..282dbc8c --- /dev/null +++ b/public/400.html @@ -0,0 +1,114 @@ + + + + + + + The server cannot process the request due to a client error (400 Bad Request) + + + + + + + + + + + + + +
+
+ +
+
+

The server cannot process the request due to a client error. Please check the request and try again. If you’re the application owner check the logs for more information.

+
+
+ + + + diff --git a/public/404.html b/public/404.html index 2be3af26..c0670bc8 100644 --- a/public/404.html +++ b/public/404.html @@ -1,67 +1,114 @@ - - - - The page you were looking for doesn't exist (404) - - - - - - -
-
-

The page you were looking for doesn't exist.

-

You may have mistyped the address or the page may have moved.

-
-

If you are the application owner check the logs for more information.

-
- + + + + + + + The page you were looking for doesn’t exist (404 Not found) + + + + + + + + + + + + + +
+
+ +
+
+

The page you were looking for doesn’t exist. You may have mistyped the address or the page may have moved. If you’re the application owner check the logs for more information.

+
+
+ + + diff --git a/public/406-unsupported-browser.html b/public/406-unsupported-browser.html index 7cf1e168..9532a9cc 100644 --- a/public/406-unsupported-browser.html +++ b/public/406-unsupported-browser.html @@ -1,66 +1,114 @@ - - - - Your browser is not supported (406) - - - - - - -
-
-

Your browser is not supported.

-

Please upgrade your browser to continue.

-
-
- + + + + + + + Your browser is not supported (406 Not Acceptable) + + + + + + + + + + + + + +
+
+ +
+
+

Your browser is not supported.
Please upgrade your browser to continue.

+
+
+ + + diff --git a/public/422.html b/public/422.html index c08eac0d..8bcf0601 100644 --- a/public/422.html +++ b/public/422.html @@ -1,67 +1,114 @@ - - - - The change you wanted was rejected (422) - - - - - - -
-
-

The change you wanted was rejected.

-

Maybe you tried to change something you didn't have access to.

-
-

If you are the application owner check the logs for more information.

-
- + + + + + + + The change you wanted was rejected (422 Unprocessable Entity) + + + + + + + + + + + + + +
+
+ +
+
+

The change you wanted was rejected. Maybe you tried to change something you didn’t have access to. If you’re the application owner check the logs for more information.

+
+
+ + + diff --git a/public/500.html b/public/500.html index 78a030af..d77718c3 100644 --- a/public/500.html +++ b/public/500.html @@ -1,66 +1,114 @@ - - - - We're sorry, but something went wrong (500) - - - - - - -
-
-

We're sorry, but something went wrong.

-
-

If you are the application owner check the logs for more information.

-
- + + + + + + + We’re sorry, but something went wrong (500 Internal Server Error) + + + + + + + + + + + + + +
+
+ +
+
+

We’re sorry, but something went wrong.
If you’re the application owner check the logs for more information.

+
+
+ + + diff --git a/public/icon.png b/public/icon.png index f3b5abcbde91cf6d7a6a26e514eb7e30f476f950..c4c9dbfbbd2f7c1421ffd5727188146213abbcef 100644 GIT binary patch literal 4166 zcmd6qU;WFw?|v@m)Sk^&NvB8tcujdV-r1b=i(NJxn&7{KTb zX$3(M+3TP2o^#KAo{#tIjl&t~(8D-k004kqPglzn0HFG(Q~(I*AKsD#M*g7!XK0T7 zN6P7j>HcT8rZgKl$v!xr806dyN19Bd4C0x_R*I-a?#zsTvb_89cyhuC&T**i|Rc zq5b8M;+{8KvoJ~uj9`u~d_f6`V&3+&ZX9x5pc8s)d175;@pjm(?dapmBcm0&vl9+W zx1ZD2o^nuyUHWj|^A8r>lUorO`wFF;>9XL-Jy!P}UXC{(z!FO%SH~8k`#|9;Q|eue zqWL0^Bp(fg_+Pkm!fDKRSY;+^@BF?AJE zCUWpXPst~hi_~u)SzYBDZroR+Z4xeHIlm_3Yc_9nZ(o_gg!jDgVa=E}Y8uDgem9`b zf=mfJ_@(BXSkW53B)F2s!&?_R4ptb1fYXlF++@vPhd=marQgEGRZS@B4g1Mu?euknL= z67P~tZ?*>-Hmi7GwlisNHHJDku-dSm7g@!=a}9cSL6Pa^w^2?&?$Oi8ibrr>w)xqx zOH_EMU@m05)9kuNR>>4@H%|){U$^yvVQ(YgOlh;5oU_-vivG-p4=LrN-k7D?*?u1u zsWly%tfAzKd6Fb=`eU2un_uaTXmcT#tlOL+aRS=kZZf}A7qT8lvcTx~7j` z*b>=z)mwg7%B2_!D0!1IZ?Nq{^Y$uI4Qx*6T!E2Col&2{k?ImCO=dD~A&9f9diXy^$x{6CwkBimn|1E09 zAMSezYtiL?O6hS37KpvDM?22&d{l)7h-!F)C-d3j8Z`c@($?mfd{R82)H>Qe`h{~G z!I}(2j(|49{LR?w4Jspl_i!(4T{31|dqCOpI52r5NhxYV+cDAu(xp*4iqZ2e-$YP= zoFOPmm|u*7C?S{Fp43y+V;>~@FFR76bCl@pTtyB93vNWy5yf;HKr8^0d7&GVIslYm zo3Tgt@M!`8B6IW&lK{Xk>%zp41G%`(DR&^u z5^pwD4>E6-w<8Kl2DzJ%a@~QDE$(e87lNhy?-Qgep!$b?5f7+&EM7$e>|WrX+=zCb z=!f5P>MxFyy;mIRxjc(H*}mceXw5a*IpC0PEYJ8Y3{JdoIW)@t97{wcUB@u+$FCCO z;s2Qe(d~oJC^`m$7DE-dsha`glrtu&v&93IZadvl_yjp!c89>zo;Krk+d&DEG4?x$ zufC1n+c1XD7dolX1q|7}uelR$`pT0Z)1jun<39$Sn2V5g&|(j~Z!wOddfYiZo7)A< z!dK`aBHOOk+-E_xbWCA3VR-+o$i5eO9`rMI#p_0xQ}rjEpGW;U!&&PKnivOcG(|m9 z!C8?WC6nCXw25WVa*eew)zQ=h45k8jSIPbq&?VE{oG%?4>9rwEeB4&qe#?-y_es4c|7ufw%+H5EY#oCgv!Lzv291#-oNlX~X+Jl5(riC~r z=0M|wMOP)Tt8@hNg&%V@Z9@J|Q#K*hE>sr6@oguas9&6^-=~$*2Gs%h#GF@h)i=Im z^iKk~ipWJg1VrvKS;_2lgs3n1zvNvxb27nGM=NXE!D4C!U`f*K2B@^^&ij9y}DTLB*FI zEnBL6y{jc?JqXWbkIZd7I16hA>(f9T!iwbIxJj~bKPfrO;>%*5nk&Lf?G@c2wvGrY&41$W{7HM9+b@&XY@>NZM5s|EK_Dp zQX60CBuantx>|d#DsaZ*8MW(we|#KTYZ=vNa#d*DJQe6hr~J6{_rI#?wi@s|&O}FR zG$kfPxheXh1?IZ{bDT-CWB4FTvO-k5scW^mi8?iY5Q`f8JcnnCxiy@m@D-%lO;y0pTLhh6i6l@x52j=#^$5_U^os}OFg zzdHbo(QI`%9#o*r8GCW~T3UdV`szO#~)^&X_(VW>o~umY9-ns9-V4lf~j z`QBD~pJ4a#b`*6bJ^3RS5y?RAgF7K5$ll97Y8#WZduZ`j?IEY~H(s^doZg>7-tk*t z4_QE1%%bb^p~4F5SB$t2i1>DBG1cIo;2(xTaj*Y~hlM{tSDHojL-QPg%Mo%6^7FrpB*{ z4G0@T{-77Por4DCMF zB_5Y~Phv%EQ64W8^GS6h?x6xh;w2{z3$rhC;m+;uD&pR74j+i22P5DS-tE8ABvH(U~indEbBUTAAAXfHZg5QpB@TgV9eI<)JrAkOI z8!TSOgfAJiWAXeM&vR4Glh;VxH}WG&V$bVb`a`g}GSpwggti*&)taV1@Ak|{WrV|5 zmNYx)Ans=S{c52qv@+jmGQ&vd6>6yX6IKq9O$3r&0xUTdZ!m1!irzn`SY+F23Rl6# zFRxws&gV-kM1NX(3(gnKpGi0Q)Dxi~#?nyzOR9!en;Ij>YJZVFAL*=R%7y%Mz9hU% zs>+ZB?qRmZ)nISx7wxY)y#cd$iaC~{k0avD>BjyF1q^mNQ1QcwsxiTySe<6C&cC6P zE`vwO9^k-d`9hZ!+r@Jnr+MF*2;2l8WjZ}DrwDUHzSF{WoG zucbSWguA!3KgB3MU%HH`R;XqVv0CcaGq?+;v_A5A2kpmk5V%qZE3yzQ7R5XWhq=eR zyUezH=@V)y>L9T-M-?tW(PQYTRBKZSVb_!$^H-Pn%ea;!vS_?M<~Tm>_rWIW43sPW z=!lY&fWc1g7+r?R)0p8(%zp&vl+FK4HRkns%BW+Up&wK8!lQ2~bja|9bD12WrKn#M zK)Yl9*8$SI7MAwSK$%)dMd>o+1UD<2&aQMhyjS5R{-vV+M;Q4bzl~Z~=4HFj_#2V9 zB)Gfzx3ncy@uzx?yzi}6>d%-?WE}h7v*w)Jr_gBl!2P&F3DX>j_1#--yjpL%<;JMR z*b70Gr)MMIBWDo~#<5F^Q0$VKI;SBIRneuR7)yVsN~A9I@gZTXe)E?iVII+X5h0~H zx^c(fP&4>!*q>fb6dAOC?MI>Cz3kld#J*;uik+Ps49cwm1B4 zZc1|ZxYyTv;{Z!?qS=D)sgRKx^1AYf%;y_V&VgZglfU>d+Ufk5&LV$sKv}Hoj+s; xK3FZRYdhbXT_@RW*ff3@`D1#ps#~H)p+y&j#(J|vk^lW{fF9OJt5(B-_&*Xgn9~3N literal 5599 zcmeHL-D}fO6hCR_taXJlzs3}~RuB=Iujyo=i*=1|1FN%E=zNfMTjru|Q<6v{J{U!C zBEE}?j6I3sz>fzN!6}L_BKjcuASk~1;Dg|U_@d{g?V8mM`~#9U+>>*Ezw>c(PjYWA z4(;!cgge6k5E&d$G5`S-0}!Ik>CV(0Y#1}s-v_gAHhja2=W1?nBAte9D2HG<(+)uj z!5=W4u*{VKMw#{V@^NNs4TClr!FAA%ID-*gc{R%CFKEzG<6gm*9s_uy)oMGW*=nJf zw{(Mau|2FHfXIv6C0@Wk5k)F=3jo1srV-C{pl&k&)4_&JjYrnbJiul}d0^NCSh(#7h=F;3{|>EU>h z6U8_p;^wK6mAB(1b92>5-HxJ~V}@3?G`&Qq-TbJ2(&~-HsH6F#8mFaAG(45eT3VPO zM|(Jd<+;UZs;w>0Qw}0>D%{~r{uo_Fl5_Bo3ABWi zWo^j^_T3dxG6J6fH8X)$a^%TJ#PU!=LxF=#Fd9EvKx_x>q<(KY%+y-08?kN9dXjXK z**Q=yt-FTU*13ouhCdqq-0&;Ke{T3sQU9IdzhV9LhQIpq*P{N)+}|Mh+a-VV=x?R} c>%+pvTcMWshj-umO}|qP?%A)*_KlqT3uEqhU;qFB diff --git a/public/icon.svg b/public/icon.svg index 78307ccd..04b34bf8 100644 --- a/public/icon.svg +++ b/public/icon.svg @@ -1,3 +1,3 @@ - - + + From 9d5bf49b73d14a909ba152aee75d0b35d1fe69e3 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 09:38:23 -0400 Subject: [PATCH 03/17] bin/rails app:update partially accepted changes --- config/application.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/application.rb b/config/application.rb index 2f05c06d..124aa62b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -31,8 +31,7 @@ class Application < Rails::Application # Please, add to the `ignore` list any other `lib` subdirectories that do # not contain `.rb` files, or that should not be reloaded or eager loaded. # Common ones are `templates`, `generators`, or `middleware`, for example. - - config.autoload_lib(ignore: %w(assets tasks)) + config.autoload_lib(ignore: %w[assets tasks]) # Configuration for the application, engines, and railties goes here. # From a80ea759d1903a2f8f72227af5b10a811ee46da3 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 09:43:24 -0400 Subject: [PATCH 04/17] bin/rails app:update partially accepted changes --- config/environments/test.rb | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/config/environments/test.rb b/config/environments/test.rb index 9a392b71..6b6da7d7 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,5 +1,3 @@ -require "active_support/core_ext/integer/time" - # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped @@ -21,13 +19,12 @@ # loading is working properly before deploying your code. config.eager_load = ENV["CI"].present? - # Configure public file server for tests with Cache-Control for performance. + # Configure public file server for tests with cache-control for performance. config.public_file_server.enabled = true - config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" } + config.public_file_server.headers = { "cache-control" => "public, max-age=3600" } - # Show full error reports and disable caching. + # Show full error reports. config.consider_all_requests_local = true - config.action_controller.perform_caching = false config.cache_store = :null_store # Render exception templates for rescuable exceptions and raise for other exceptions. @@ -36,28 +33,17 @@ # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false - # Disable caching for Action Mailer templates even if Action Controller - # caching is enabled. - config.action_mailer.perform_caching = false - # Tell Action Mailer not to deliver emails to the real world. # The :test delivery method accumulates sent emails in the # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Unlike controllers, the mailer instance doesn't have any context about the - # incoming request so you'll need to provide the :host parameter yourself. - config.action_mailer.default_url_options = { host: "www.example.com" } + # Set host to be used by links generated in mailer templates. + config.action_mailer.default_url_options = { host: "example.com" } # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true From edace7bbb65de7017e2a71444abac0217aa8ea43 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 10:08:38 -0400 Subject: [PATCH 05/17] bin/rails app:update partially accepted changes --- config/environments/development.rb | 35 +++++++++++------------------- 1 file changed, 13 insertions(+), 22 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index 5be627de..94818dc0 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -7,9 +7,7 @@ # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded any time - # it changes. This slows down response time but is perfect for development - # since you don't have to restart the web server when you make code changes. + # Make code changes take effect immediately without server restart. config.enable_reloading = true # Do not eager load code on boot. @@ -21,50 +19,43 @@ # Enable server timing. config.server_timing = true - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. + # Enable/disable Action Controller caching. By default Action Controller caching is disabled. + # Run rails dev:cache to toggle Action Controller caching. if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true - - config.cache_store = :memory_store - config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" } + config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false - - config.cache_store = :null_store end + # Change to :null_store to avoid any caching. + config.cache_store = :memory_store + # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false - # Disable caching for Action Mailer templates even if Action Controller - # caching is enabled. + # Make template changes take effect immediately. config.action_mailer.perform_caching = false + # Set localhost to be used by links generated in mailer templates. config.action_mailer.default_url_options = { host: "localhost", port: 3000 } # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true + # Append comments with runtime information tags to SQL queries in logs. + config.active_record.query_log_tags_enabled = true + # Highlight code that enqueued background job in logs. config.active_job.verbose_enqueue_logs = true - # Suppress logger output for asset requests. - config.assets.quiet = true - # Allow changing log level in development config.log_level = ENV['RAILS_LOG_LEVEL'] || :debug @@ -76,7 +67,7 @@ config.logger = ActiveSupport::TaggedLogging.new(logger) # Annotate rendered view with file names. - # config.action_view.annotate_rendered_view_with_filenames = true + config.action_view.annotate_rendered_view_with_filenames = false # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true From 0c3acad431ac5df33bcb3759c59edbd388c4e1d2 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 10:22:34 -0400 Subject: [PATCH 06/17] bin/rails app:update partially accepted changes --- config/environments/production.rb | 49 ++++++++++++------------------- 1 file changed, 18 insertions(+), 31 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 4c913ae1..6c00b4ed 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -6,26 +6,23 @@ # Code is not reloaded between requests. config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. + # Full error reports are disabled. config.consider_all_requests_local = false + + # Turn on fragment caching in view templates. config.action_controller.perform_caching = true - # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment - # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). - # config.require_master_key = true + # Cache assets for far-future expiry since they are all digest stamped. + config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" } # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? # Compress CSS using a preprocessor. config.assets.js_compressor = Uglifier.new(harmony: true) - # config.assets.css_compressor = :sass # Do not fall back to assets pipeline if a precompiled asset is missed. config.assets.compile = false @@ -33,18 +30,8 @@ # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.asset_host = "http://assets.example.com" - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache - # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX - - # Mount Action Cable outside main process or domain. - # config.action_cable.mount_path = nil - # config.action_cable.url = "wss://example.com/cable" - # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] - # Assume all access to the app is happening through a SSL-terminating reverse proxy. - # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. - # config.assume_ssl = true + config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true @@ -57,21 +44,23 @@ .tap { |logger| logger.formatter = ::Logger::Formatter.new } .then { |logger| ActiveSupport::TaggedLogging.new(logger) } - # Prepend all log lines with the following tags. + # Log to STDOUT with the current request id as a default log tag. config.log_tags = [ :request_id ] - # "info" includes generic and useful information about system operation, but avoids logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). If you - # want to log everything, set the level to "debug". + # Change to "debug" to log everything (including potentially personally-identifiable information!) config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") - # Use a different cache store in production. - # config.cache_store = :mem_cache_store + # Prevent health checks from clogging up the logs. + config.silence_healthcheck_path = "/up" + + # Don't log any deprecations. + config.active_support.report_deprecations = false + + # Replace the default in-process memory cache store with a durable alternative. config.cache_store = :redis_cache_store, { url: ENV['REDIS_URL'] } - # Use a real queuing backend for Active Job (and separate queues per environment). + # Replace the default in-process and non-durable queuing backend for Active Job. # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "timdex_production" # Disable caching for Action Mailer templates even if Action Controller # caching is enabled. @@ -95,9 +84,6 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Don't log any deprecations. - config.active_support.report_deprecations = false - # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false @@ -109,6 +95,7 @@ # "example.com", # Allow requests from example.com # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` # ] + # # Skip DNS rebinding protection for the default health check endpoint. # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end From 3d67c77dd8c7077f7e0a9594492c8b80f8298739 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 10:30:39 -0400 Subject: [PATCH 07/17] Update renovate.json --- renovate.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json b/renovate.json index e79a64f6..7409904d 100644 --- a/renovate.json +++ b/renovate.json @@ -8,13 +8,13 @@ "matchPackageNames": [ "ruby" ], - "allowedVersions": "<3.5" + "allowedVersions": "<4" }, { "matchPackageNames": [ "rails" ], - "allowedVersions": "<8" + "allowedVersions": "<8.1" } ] } From 93e472dd12ee4ac7f86e0efd5a733b0de87bfffd Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 10:48:34 -0400 Subject: [PATCH 08/17] Reintroduce annotate via annotaterb gem --- Gemfile | 7 ++++--- Gemfile.lock | 4 ++++ README.md | 2 ++ app/models/user.rb | 21 ++++++++++++++------- test/fixtures/users.yml | 21 ++++++++++++++------- test/models/user_test.rb | 21 ++++++++++++++------- 6 files changed, 52 insertions(+), 24 deletions(-) diff --git a/Gemfile b/Gemfile index 46d72bce..e49bcddf 100644 --- a/Gemfile +++ b/Gemfile @@ -13,9 +13,9 @@ gem 'flipflop' gem 'graphql' gem 'jwt' gem 'lograge' -gem "mitlibraries-theme", - git: "https://github.com/MITLibraries/mitlibraries-theme.git", - branch: "rails8" +gem 'mitlibraries-theme', + git: 'https://github.com/MITLibraries/mitlibraries-theme.git', + branch: 'rails8' gem 'opensearch-aws-sigv4' gem 'opensearch-ruby' gem 'puma' @@ -40,6 +40,7 @@ group :development, :test do end group :development do + gem 'annotaterb' gem 'jekyll' gem 'jekyll-remote-theme' gem 'jekyll-seo-tag' diff --git a/Gemfile.lock b/Gemfile.lock index 9fda8483..cb432103 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -83,6 +83,9 @@ GEM uri (>= 0.13.1) addressable (2.9.0) public_suffix (>= 2.0.2, < 8.0) + annotaterb (4.23.0) + activerecord (>= 6.0.0) + activesupport (>= 6.0.0) ast (2.4.3) aws-eventstream (1.4.0) aws-partitions (1.1269.0) @@ -468,6 +471,7 @@ PLATFORMS ruby DEPENDENCIES + annotaterb aws-sdk-lambda aws-sdk-sts aws-sigv4 diff --git a/README.md b/README.md index d4e923cf..0d29355d 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,8 @@ additional records with a standardized template. ## Developing this application +- please `bundle exec annotaterb models` when making changes to models to update the + internal documentation - don't commit your .env or .env.development, but do commit .env.test after confirming your test values are not actual secrets that need protecting diff --git a/app/models/user.rb b/app/models/user.rb index db9c9615..ecf25345 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -3,21 +3,28 @@ # Table name: users # # id :integer not null, primary key +# confirmation_sent_at :datetime +# confirmation_token :string +# confirmed_at :datetime # email :string default(""), not null # encrypted_password :string default(""), not null -# reset_password_token :string -# reset_password_sent_at :datetime +# failed_attempts :integer default(0), not null +# locked_at :datetime # remember_created_at :datetime -# confirmation_token :string -# confirmed_at :datetime -# confirmation_sent_at :datetime +# reset_password_sent_at :datetime +# reset_password_token :string # unconfirmed_email :string -# failed_attempts :integer default(0), not null # unlock_token :string -# locked_at :datetime # created_at :datetime not null # updated_at :datetime not null # +# Indexes +# +# index_users_on_confirmation_token (confirmation_token) UNIQUE +# index_users_on_email (email) UNIQUE +# index_users_on_reset_password_token (reset_password_token) UNIQUE +# index_users_on_unlock_token (unlock_token) UNIQUE +# class User < ApplicationRecord devise :database_authenticatable, :registerable, diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 22f6ebc6..0773d1d7 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -3,21 +3,28 @@ # Table name: users # # id :integer not null, primary key +# confirmation_sent_at :datetime +# confirmation_token :string +# confirmed_at :datetime # email :string default(""), not null # encrypted_password :string default(""), not null -# reset_password_token :string -# reset_password_sent_at :datetime +# failed_attempts :integer default(0), not null +# locked_at :datetime # remember_created_at :datetime -# confirmation_token :string -# confirmed_at :datetime -# confirmation_sent_at :datetime +# reset_password_sent_at :datetime +# reset_password_token :string # unconfirmed_email :string -# failed_attempts :integer default(0), not null # unlock_token :string -# locked_at :datetime # created_at :datetime not null # updated_at :datetime not null # +# Indexes +# +# index_users_on_confirmation_token (confirmation_token) UNIQUE +# index_users_on_email (email) UNIQUE +# index_users_on_reset_password_token (reset_password_token) UNIQUE +# index_users_on_unlock_token (unlock_token) UNIQUE +# # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html diff --git a/test/models/user_test.rb b/test/models/user_test.rb index cd6a8c12..b2bea7b6 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -3,21 +3,28 @@ # Table name: users # # id :integer not null, primary key +# confirmation_sent_at :datetime +# confirmation_token :string +# confirmed_at :datetime # email :string default(""), not null # encrypted_password :string default(""), not null -# reset_password_token :string -# reset_password_sent_at :datetime +# failed_attempts :integer default(0), not null +# locked_at :datetime # remember_created_at :datetime -# confirmation_token :string -# confirmed_at :datetime -# confirmation_sent_at :datetime +# reset_password_sent_at :datetime +# reset_password_token :string # unconfirmed_email :string -# failed_attempts :integer default(0), not null # unlock_token :string -# locked_at :datetime # created_at :datetime not null # updated_at :datetime not null # +# Indexes +# +# index_users_on_confirmation_token (confirmation_token) UNIQUE +# index_users_on_email (email) UNIQUE +# index_users_on_reset_password_token (reset_password_token) UNIQUE +# index_users_on_unlock_token (unlock_token) UNIQUE +# require 'test_helper' From 91613914de9c18b85d10d19567ca12f779d531f6 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 10:53:28 -0400 Subject: [PATCH 09/17] Add /up route --- config/routes.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/routes.rb b/config/routes.rb index de942187..c5012df5 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -3,7 +3,11 @@ # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html post "/graphql", to: "graphql#execute" devise_for :users - + + # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500. + # Can be used by load balancers and uptime monitors to verify that the app is live. + get "up" => "rails/health#show", as: :rails_health_check + root to: 'static#index' namespace :api do From 6cc3e728c70190ff60f068a98f9adda46d617a9b Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 11:23:36 -0400 Subject: [PATCH 10/17] Rails 8.1 bundle update rails --- Gemfile | 2 +- Gemfile.lock | 114 ++++++++++++++++++++++++++------------------------- 2 files changed, 59 insertions(+), 57 deletions(-) diff --git a/Gemfile b/Gemfile index e49bcddf..41910435 100644 --- a/Gemfile +++ b/Gemfile @@ -21,7 +21,7 @@ gem 'opensearch-ruby' gem 'puma' gem 'rack-attack' gem 'rack-cors' -gem 'rails', '~> 8.0.0' +gem 'rails', '~> 8.1.0' gem 'redis' gem 'sass-rails' gem 'sentry-rails' diff --git a/Gemfile.lock b/Gemfile.lock index cb432103..fb9dc23f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,29 +10,31 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (8.0.5) - actionpack (= 8.0.5) - activesupport (= 8.0.5) + action_text-trix (2.1.19) + railties + actioncable (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.0.5) - actionpack (= 8.0.5) - activejob (= 8.0.5) - activerecord (= 8.0.5) - activestorage (= 8.0.5) - activesupport (= 8.0.5) + actionmailbox (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) - actionmailer (8.0.5) - actionpack (= 8.0.5) - actionview (= 8.0.5) - activejob (= 8.0.5) - activesupport (= 8.0.5) + actionmailer (8.1.3) + actionpack (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.0.5) - actionview (= 8.0.5) - activesupport (= 8.0.5) + actionpack (8.1.3) + actionview (= 8.1.3) + activesupport (= 8.1.3) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -40,42 +42,43 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.0.5) - actionpack (= 8.0.5) - activerecord (= 8.0.5) - activestorage (= 8.0.5) - activesupport (= 8.0.5) + actiontext (8.1.3) + action_text-trix (~> 2.1.15) + actionpack (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.0.5) - activesupport (= 8.0.5) + actionview (8.1.3) + activesupport (= 8.1.3) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.0.5) - activesupport (= 8.0.5) + activejob (8.1.3) + activesupport (= 8.1.3) globalid (>= 0.3.6) - activemodel (8.0.5) - activesupport (= 8.0.5) - activerecord (8.0.5) - activemodel (= 8.0.5) - activesupport (= 8.0.5) + activemodel (8.1.3) + activesupport (= 8.1.3) + activerecord (8.1.3) + activemodel (= 8.1.3) + activesupport (= 8.1.3) timeout (>= 0.4.0) - activestorage (8.0.5) - actionpack (= 8.0.5) - activejob (= 8.0.5) - activerecord (= 8.0.5) - activesupport (= 8.0.5) + activestorage (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activesupport (= 8.1.3) marcel (~> 1.0) - activesupport (8.0.5) + activesupport (8.1.3) base64 - benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + json logger (>= 1.4.2) minitest (>= 5.1) securerandom (>= 0.3) @@ -107,7 +110,6 @@ GEM aws-eventstream (~> 1, >= 1.0.2) base64 (0.3.0) bcrypt (3.1.21) - benchmark (0.5.0) bigdecimal (4.1.2) bindex (0.8.1) bootsnap (1.24.6) @@ -310,20 +312,20 @@ GEM rack (>= 1.3) rackup (2.3.1) rack (>= 3) - rails (8.0.5) - actioncable (= 8.0.5) - actionmailbox (= 8.0.5) - actionmailer (= 8.0.5) - actionpack (= 8.0.5) - actiontext (= 8.0.5) - actionview (= 8.0.5) - activejob (= 8.0.5) - activemodel (= 8.0.5) - activerecord (= 8.0.5) - activestorage (= 8.0.5) - activesupport (= 8.0.5) + rails (8.1.3) + actioncable (= 8.1.3) + actionmailbox (= 8.1.3) + actionmailer (= 8.1.3) + actionpack (= 8.1.3) + actiontext (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activemodel (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) bundler (>= 1.15.0) - railties (= 8.0.5) + railties (= 8.1.3) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -331,9 +333,9 @@ GEM rails-html-sanitizer (1.7.0) loofah (~> 2.25) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.0.5) - actionpack (= 8.0.5) - activesupport (= 8.0.5) + railties (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -500,7 +502,7 @@ DEPENDENCIES puma rack-attack rack-cors - rails (~> 8.0.0) + rails (~> 8.1.0) redis rubocop rubocop-rails From e13dfb6b1f87f114cbee88346297e1a9563d913b Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 11:28:33 -0400 Subject: [PATCH 11/17] Rails 8.1 bin/rails app:update fully accepted changes --- bin/ci | 6 ++ bin/rubocop | 2 +- bin/setup | 1 + config/ci.rb | 22 ++++++ .../initializers/content_security_policy.rb | 4 + .../new_framework_defaults_8_1.rb | 74 +++++++++++++++++++ config/puma.rb | 5 +- public/400.html | 31 ++++++-- public/404.html | 33 +++++++-- public/406-unsupported-browser.html | 29 +++++++- public/422.html | 31 ++++++-- public/500.html | 33 +++++++-- 12 files changed, 242 insertions(+), 29 deletions(-) create mode 100755 bin/ci create mode 100644 config/ci.rb create mode 100644 config/initializers/new_framework_defaults_8_1.rb diff --git a/bin/ci b/bin/ci new file mode 100755 index 00000000..4137ad5b --- /dev/null +++ b/bin/ci @@ -0,0 +1,6 @@ +#!/usr/bin/env ruby +require_relative "../config/boot" +require "active_support/continuous_integration" + +CI = ActiveSupport::ContinuousIntegration +require_relative "../config/ci.rb" diff --git a/bin/rubocop b/bin/rubocop index 40330c0f..5a205047 100755 --- a/bin/rubocop +++ b/bin/rubocop @@ -2,7 +2,7 @@ require "rubygems" require "bundler/setup" -# explicit rubocop config increases performance slightly while avoiding config confusion. +# Explicit RuboCop config increases performance slightly while avoiding config confusion. ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__)) load Gem.bin_path("rubocop", "rubocop") diff --git a/bin/setup b/bin/setup index be3db3c0..81be011e 100755 --- a/bin/setup +++ b/bin/setup @@ -22,6 +22,7 @@ FileUtils.chdir APP_ROOT do puts "\n== Preparing database ==" system! "bin/rails db:prepare" + system! "bin/rails db:reset" if ARGV.include?("--reset") puts "\n== Removing old logs and tempfiles ==" system! "bin/rails log:clear tmp:clear" diff --git a/config/ci.rb b/config/ci.rb new file mode 100644 index 00000000..7e3f04c4 --- /dev/null +++ b/config/ci.rb @@ -0,0 +1,22 @@ +# Run using bin/ci + +CI.run do + step "Setup", "bin/setup --skip-server" + + step "Style: Ruby", "bin/rubocop" + + step "Security: Importmap vulnerability audit", "bin/importmap audit" + step "Tests: Rails", "bin/rails test" + step "Tests: Seeds", "env RAILS_ENV=test bin/rails db:seed:replant" + + # Optional: Run system tests + # step "Tests: System", "bin/rails test:system" + + # Optional: set a green GitHub commit status to unblock PR merge. + # Requires the `gh` CLI and `gh extension install basecamp/gh-signoff`. + # if success? + # step "Signoff: All systems go. Ready for merge and deploy.", "gh signoff" + # else + # failure "Signoff: CI failed. Do not merge or deploy.", "Fix the issues and try again." + # end +end diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index b3076b38..d51d7139 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -20,6 +20,10 @@ # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } # config.content_security_policy_nonce_directives = %w(script-src style-src) # +# # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag` +# # if the corresponding directives are specified in `content_security_policy_nonce_directives`. +# # config.content_security_policy_nonce_auto = true +# # # Report violations without enforcing the policy. # # config.content_security_policy_report_only = true # end diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb new file mode 100644 index 00000000..8569b5b1 --- /dev/null +++ b/config/initializers/new_framework_defaults_8_1.rb @@ -0,0 +1,74 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.1 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.1`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Skips escaping HTML entities and line separators. When set to `false`, the +# JSON renderer no longer escapes these to improve performance. +# +# Example: +# class PostsController < ApplicationController +# def index +# render json: { key: "\u2028\u2029<>&" } +# end +# end +# +# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":"

<>&"}` with the config +# set to `false`. +# +# Applications that want to keep the escaping behavior can set the config to `true`. +#++ +# Rails.configuration.action_controller.escape_json_responses = false + +### +# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. +# +# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. +# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. +#++ +# Rails.configuration.active_support.escape_js_separators_in_json = false + +### +# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values +# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or +# `primary_key`) to fall back on. +# +# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in +# Rails 8.2. +#++ +# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true + +### +# Controls how Rails handles path relative URL redirects. +# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` +# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. +# +# Example: +# redirect_to "example.com" # Raises UnsafeRedirectError +# redirect_to "@attacker.com" # Raises UnsafeRedirectError +# redirect_to "/safe/path" # Works correctly +# +# Applications that want to allow these redirects can set the config to `:log` (previous default) +# to only log warnings, or `:notify` to send ActiveSupport notifications. +#++ +# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise + +### +# Use a Ruby parser to track dependencies between Action View templates +#++ +# Rails.configuration.action_view.render_tracker = :ruby + +### +# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields +# included in `button_to` forms will omit the `autocomplete="off"` attribute. +# +# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. +#++ +# Rails.configuration.action_view.remove_hidden_field_autocomplete = true diff --git a/config/puma.rb b/config/puma.rb index a248513b..38c4b865 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -7,7 +7,8 @@ # # You can control the number of workers using ENV["WEB_CONCURRENCY"]. You # should only set this value when you want to run 2 or more workers. The -# default is already 1. +# default is already 1. You can set it to `auto` to automatically start a worker +# for each available processor. # # The ideal number of threads per worker depends both on how much time the # application spends waiting for IO operations and on how much you wish to @@ -33,7 +34,7 @@ # Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart -# Run the Solid Queue supervisor inside of Puma for single-server deployments +# Run the Solid Queue supervisor inside of Puma for single-server deployments. plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"] # Specify the PID file. Defaults to tmp/pids/server.pid in development. diff --git a/public/400.html b/public/400.html index 282dbc8c..640de033 100644 --- a/public/400.html +++ b/public/400.html @@ -35,12 +35,35 @@ font-weight: 400; letter-spacing: -0.0025em; line-height: 1.4; - min-height: 100vh; + min-height: 100dvh; place-items: center; text-rendering: optimizeLegibility; -webkit-text-size-adjust: 100%; } + #error-description { + fill: #d30001; + } + + #error-id { + fill: #f0eff0; + } + + @media (prefers-color-scheme: dark) { + body { + background: #101010; + color: #e0e0e0; + } + + #error-description { + fill: #FF6161; + } + + #error-id { + fill: #2c2c2c; + } + } + a { color: inherit; font-weight: 700; @@ -83,13 +106,11 @@ } main article br { - display: none; @media(min-width: 48em) { display: inline; } - } @@ -102,10 +123,10 @@
- +
-

The server cannot process the request due to a client error. Please check the request and try again. If you’re the application owner check the logs for more information.

+

The server cannot process the request due to a client error. Please check the request and try again. If you're the application owner check the logs for more information.

diff --git a/public/404.html b/public/404.html index c0670bc8..d7f0f142 100644 --- a/public/404.html +++ b/public/404.html @@ -4,7 +4,7 @@ - The page you were looking for doesn’t exist (404 Not found) + The page you were looking for doesn't exist (404 Not found) @@ -35,12 +35,35 @@ font-weight: 400; letter-spacing: -0.0025em; line-height: 1.4; - min-height: 100vh; + min-height: 100dvh; place-items: center; text-rendering: optimizeLegibility; -webkit-text-size-adjust: 100%; } + #error-description { + fill: #d30001; + } + + #error-id { + fill: #f0eff0; + } + + @media (prefers-color-scheme: dark) { + body { + background: #101010; + color: #e0e0e0; + } + + #error-description { + fill: #FF6161; + } + + #error-id { + fill: #2c2c2c; + } + } + a { color: inherit; font-weight: 700; @@ -83,13 +106,11 @@ } main article br { - display: none; @media(min-width: 48em) { display: inline; } - } @@ -102,10 +123,10 @@
- +
-

The page you were looking for doesn’t exist. You may have mistyped the address or the page may have moved. If you’re the application owner check the logs for more information.

+

The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved. If you're the application owner check the logs for more information.

diff --git a/public/406-unsupported-browser.html b/public/406-unsupported-browser.html index 9532a9cc..43d2811e 100644 --- a/public/406-unsupported-browser.html +++ b/public/406-unsupported-browser.html @@ -35,12 +35,35 @@ font-weight: 400; letter-spacing: -0.0025em; line-height: 1.4; - min-height: 100vh; + min-height: 100dvh; place-items: center; text-rendering: optimizeLegibility; -webkit-text-size-adjust: 100%; } + #error-description { + fill: #d30001; + } + + #error-id { + fill: #f0eff0; + } + + @media (prefers-color-scheme: dark) { + body { + background: #101010; + color: #e0e0e0; + } + + #error-description { + fill: #FF6161; + } + + #error-id { + fill: #2c2c2c; + } + } + a { color: inherit; font-weight: 700; @@ -83,13 +106,11 @@ } main article br { - display: none; @media(min-width: 48em) { display: inline; } - } @@ -102,7 +123,7 @@
- +

Your browser is not supported.
Please upgrade your browser to continue.

diff --git a/public/422.html b/public/422.html index 8bcf0601..f12fb4aa 100644 --- a/public/422.html +++ b/public/422.html @@ -35,12 +35,35 @@ font-weight: 400; letter-spacing: -0.0025em; line-height: 1.4; - min-height: 100vh; + min-height: 100dvh; place-items: center; text-rendering: optimizeLegibility; -webkit-text-size-adjust: 100%; } + #error-description { + fill: #d30001; + } + + #error-id { + fill: #f0eff0; + } + + @media (prefers-color-scheme: dark) { + body { + background: #101010; + color: #e0e0e0; + } + + #error-description { + fill: #FF6161; + } + + #error-id { + fill: #2c2c2c; + } + } + a { color: inherit; font-weight: 700; @@ -83,13 +106,11 @@ } main article br { - display: none; @media(min-width: 48em) { display: inline; } - } @@ -102,10 +123,10 @@
- +
-

The change you wanted was rejected. Maybe you tried to change something you didn’t have access to. If you’re the application owner check the logs for more information.

+

The change you wanted was rejected. Maybe you tried to change something you didn't have access to. If you're the application owner check the logs for more information.

diff --git a/public/500.html b/public/500.html index d77718c3..e4eb18a7 100644 --- a/public/500.html +++ b/public/500.html @@ -4,7 +4,7 @@ - We’re sorry, but something went wrong (500 Internal Server Error) + We're sorry, but something went wrong (500 Internal Server Error) @@ -35,12 +35,35 @@ font-weight: 400; letter-spacing: -0.0025em; line-height: 1.4; - min-height: 100vh; + min-height: 100dvh; place-items: center; text-rendering: optimizeLegibility; -webkit-text-size-adjust: 100%; } + #error-description { + fill: #d30001; + } + + #error-id { + fill: #f0eff0; + } + + @media (prefers-color-scheme: dark) { + body { + background: #101010; + color: #e0e0e0; + } + + #error-description { + fill: #FF6161; + } + + #error-id { + fill: #2c2c2c; + } + } + a { color: inherit; font-weight: 700; @@ -83,13 +106,11 @@ } main article br { - display: none; @media(min-width: 48em) { display: inline; } - } @@ -102,10 +123,10 @@
- +
-

We’re sorry, but something went wrong.
If you’re the application owner check the logs for more information.

+

We're sorry, but something went wrong.
If you're the application owner check the logs for more information.

From 9417493ce7789756613adf252a08f63155476e23 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 11:31:21 -0400 Subject: [PATCH 12/17] Rails 8.1 bin/rails app:update dev changes --- config/environments/development.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index 94818dc0..52f95f10 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -59,6 +59,9 @@ # Allow changing log level in development config.log_level = ENV['RAILS_LOG_LEVEL'] || :debug + # Highlight code that triggered redirect in logs. + config.action_dispatch.verbose_redirect_logs = true + # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true @@ -67,7 +70,7 @@ config.logger = ActiveSupport::TaggedLogging.new(logger) # Annotate rendered view with file names. - config.action_view.annotate_rendered_view_with_filenames = false + config.action_view.annotate_rendered_view_with_filenames = true # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true From 6d6ede31f65abaf9b8a393fa17437d7f065ff773 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 11:33:53 -0400 Subject: [PATCH 13/17] Rails 8.1 bin/rails app:update prod changes --- config/environments/production.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 6c00b4ed..8e03c1bf 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -47,7 +47,7 @@ # Log to STDOUT with the current request id as a default log tag. config.log_tags = [ :request_id ] - # Change to "debug" to log everything (including potentially personally-identifiable information!) + # Change to "debug" to log everything (including potentially personally-identifiable information!). config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") # Prevent health checks from clogging up the logs. From c7272b26a3fc1911a0d767b71d60018db9e2bd9e Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 11:44:33 -0400 Subject: [PATCH 14/17] Rails 8.1 set new framework defaults --- config/application.rb | 2 +- .../new_framework_defaults_8_1.rb | 74 ------------------- 2 files changed, 1 insertion(+), 75 deletions(-) delete mode 100644 config/initializers/new_framework_defaults_8_1.rb diff --git a/config/application.rb b/config/application.rb index 124aa62b..10b28804 100644 --- a/config/application.rb +++ b/config/application.rb @@ -26,7 +26,7 @@ class Application < Rails::Application config.flipflop.dashboard_access_filter = -> { head :forbidden } # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 8.0 + config.load_defaults 8.1 # Please, add to the `ignore` list any other `lib` subdirectories that do # not contain `.rb` files, or that should not be reloaded or eager loaded. diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb deleted file mode 100644 index 8569b5b1..00000000 --- a/config/initializers/new_framework_defaults_8_1.rb +++ /dev/null @@ -1,74 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file eases your Rails 8.1 framework defaults upgrade. -# -# Uncomment each configuration one by one to switch to the new default. -# Once your application is ready to run with all new defaults, you can remove -# this file and set the `config.load_defaults` to `8.1`. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. -# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html - -### -# Skips escaping HTML entities and line separators. When set to `false`, the -# JSON renderer no longer escapes these to improve performance. -# -# Example: -# class PostsController < ApplicationController -# def index -# render json: { key: "\u2028\u2029<>&" } -# end -# end -# -# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":"

<>&"}` with the config -# set to `false`. -# -# Applications that want to keep the escaping behavior can set the config to `true`. -#++ -# Rails.configuration.action_controller.escape_json_responses = false - -### -# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. -# -# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. -# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. -#++ -# Rails.configuration.active_support.escape_js_separators_in_json = false - -### -# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values -# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or -# `primary_key`) to fall back on. -# -# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in -# Rails 8.2. -#++ -# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true - -### -# Controls how Rails handles path relative URL redirects. -# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` -# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. -# -# Example: -# redirect_to "example.com" # Raises UnsafeRedirectError -# redirect_to "@attacker.com" # Raises UnsafeRedirectError -# redirect_to "/safe/path" # Works correctly -# -# Applications that want to allow these redirects can set the config to `:log` (previous default) -# to only log warnings, or `:notify` to send ActiveSupport notifications. -#++ -# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise - -### -# Use a Ruby parser to track dependencies between Action View templates -#++ -# Rails.configuration.action_view.render_tracker = :ruby - -### -# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields -# included in `button_to` forms will omit the `autocomplete="off"` attribute. -# -# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. -#++ -# Rails.configuration.action_view.remove_hidden_field_autocomplete = true From 0d6208ab96d3e88ebfbf7c6b40aa02197486d014 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 11:46:50 -0400 Subject: [PATCH 15/17] Update renovate.json --- renovate.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 7409904d..59012a68 100644 --- a/renovate.json +++ b/renovate.json @@ -14,7 +14,7 @@ "matchPackageNames": [ "rails" ], - "allowedVersions": "<8.1" + "allowedVersions": "<8.2" } ] } From d1b95c413df6c52ce73d10847ba3b0dcdb9ca9f0 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 13:59:18 -0400 Subject: [PATCH 16/17] Pin mitlibraries-theme to 1.5 --- Gemfile | 4 ++-- Gemfile.lock | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 41910435..5d3f8fc6 100644 --- a/Gemfile +++ b/Gemfile @@ -14,8 +14,8 @@ gem 'graphql' gem 'jwt' gem 'lograge' gem 'mitlibraries-theme', - git: 'https://github.com/MITLibraries/mitlibraries-theme.git', - branch: 'rails8' + git: 'https://github.com/mitlibraries/mitlibraries-theme', + tag: 'v1.5' gem 'opensearch-aws-sigv4' gem 'opensearch-ruby' gem 'puma' diff --git a/Gemfile.lock b/Gemfile.lock index fb9dc23f..3edb777d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ GIT - remote: https://github.com/MITLibraries/mitlibraries-theme.git - revision: e3651e2bafeff277d3ed12a65060df9cf627af95 - branch: rails8 + remote: https://github.com/mitlibraries/mitlibraries-theme + revision: 135390daff870937212f1d9020abb6aea53c87d9 + tag: v1.5 specs: mitlibraries-theme (1.1.0) rails (>= 6, < 9) From 4c5a66af9f03485967d37dae3e2aad7ac8754c12 Mon Sep 17 00:00:00 2001 From: Jeremy Prevost Date: Wed, 15 Jul 2026 14:11:12 -0400 Subject: [PATCH 17/17] Apply suggestions from code review Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- config/ci.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/ci.rb b/config/ci.rb index 7e3f04c4..9014db21 100644 --- a/config/ci.rb +++ b/config/ci.rb @@ -5,7 +5,7 @@ step "Style: Ruby", "bin/rubocop" - step "Security: Importmap vulnerability audit", "bin/importmap audit" + # step "Security: Importmap vulnerability audit", "bin/importmap audit" step "Tests: Rails", "bin/rails test" step "Tests: Seeds", "env RAILS_ENV=test bin/rails db:seed:replant"