From 7c77a781760b189d086aecc0ed11a5713a18625b Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Mon, 3 Feb 2025 16:15:21 +0000 Subject: [PATCH 1/6] Update Rails gem to 8.0.1 --- Gemfile | 2 +- Gemfile.lock | 121 ++++++++++++++++++++++++++------------------------- 2 files changed, 62 insertions(+), 61 deletions(-) diff --git a/Gemfile b/Gemfile index 17d7984b2..d0af5e008 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" ruby "~> 3.3.1" -gem "rails", "7.2.2" +gem "rails", "8.0.1" gem "bootsnap", require: false gem "faraday" diff --git a/Gemfile.lock b/Gemfile.lock index bc277ed74..7ec1d2bbd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,66 +1,65 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.2.2) - actionpack (= 7.2.2) - activesupport (= 7.2.2) + actioncable (8.0.1) + actionpack (= 8.0.1) + activesupport (= 8.0.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.2) - actionpack (= 7.2.2) - activejob (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + actionmailbox (8.0.1) + actionpack (= 8.0.1) + activejob (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) mail (>= 2.8.0) - actionmailer (7.2.2) - actionpack (= 7.2.2) - actionview (= 7.2.2) - activejob (= 7.2.2) - activesupport (= 7.2.2) + actionmailer (8.0.1) + actionpack (= 8.0.1) + actionview (= 8.0.1) + activejob (= 8.0.1) + activesupport (= 8.0.1) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.2) - actionview (= 7.2.2) - activesupport (= 7.2.2) + actionpack (8.0.1) + actionview (= 8.0.1) + activesupport (= 8.0.1) nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4, < 3.2) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.2) - actionpack (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + actiontext (8.0.1) + actionpack (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.2) - activesupport (= 7.2.2) + actionview (8.0.1) + activesupport (= 8.0.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.2) - activesupport (= 7.2.2) + activejob (8.0.1) + activesupport (= 8.0.1) globalid (>= 0.3.6) - activemodel (7.2.2) - activesupport (= 7.2.2) - activerecord (7.2.2) - activemodel (= 7.2.2) - activesupport (= 7.2.2) + activemodel (8.0.1) + activesupport (= 8.0.1) + activerecord (8.0.1) + activemodel (= 8.0.1) + activesupport (= 8.0.1) timeout (>= 0.4.0) - activestorage (7.2.2) - actionpack (= 7.2.2) - activejob (= 7.2.2) - activerecord (= 7.2.2) - activesupport (= 7.2.2) + activestorage (8.0.1) + actionpack (= 8.0.1) + activejob (= 8.0.1) + activerecord (= 8.0.1) + activesupport (= 8.0.1) marcel (~> 1.0) - activesupport (7.2.2) + activesupport (8.0.1) base64 benchmark (>= 0.3) bigdecimal @@ -72,6 +71,7 @@ GEM minitest (>= 5.1) securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) @@ -115,8 +115,8 @@ GEM ffi (>= 1.15.0) expgen (0.1.1) parslet - factory_bot (6.5.0) - activesupport (>= 5.0.0) + factory_bot (6.5.1) + activesupport (>= 6.1.0) factory_bot_rails (6.4.4) factory_bot (~> 6.5) railties (>= 5.0.0) @@ -239,7 +239,7 @@ GEM bigdecimal (~> 3.1) net-http (0.6.0) uri - net-imap (0.5.1) + net-imap (0.5.5) date net-protocol net-pop (0.1.2) @@ -551,20 +551,20 @@ GEM rackup (1.0.1) rack (< 3) webrick - rails (7.2.2) - actioncable (= 7.2.2) - actionmailbox (= 7.2.2) - actionmailer (= 7.2.2) - actionpack (= 7.2.2) - actiontext (= 7.2.2) - actionview (= 7.2.2) - activejob (= 7.2.2) - activemodel (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + rails (8.0.1) + actioncable (= 8.0.1) + actionmailbox (= 8.0.1) + actionmailer (= 8.0.1) + actionpack (= 8.0.1) + actiontext (= 8.0.1) + actionview (= 8.0.1) + activejob (= 8.0.1) + activemodel (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) bundler (>= 1.15.0) - railties (= 7.2.2) + railties (= 8.0.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -572,9 +572,9 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (7.2.2) - actionpack (= 7.2.2) - activesupport (= 7.2.2) + railties (8.0.1) + actionpack (= 8.0.1) + activesupport (= 8.0.1) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -727,7 +727,8 @@ GEM crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) webrick (1.9.1) - websocket-driver (0.7.6) + websocket-driver (0.7.7) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) with_advisory_lock (5.1.0) @@ -765,7 +766,7 @@ DEPENDENCIES pg plek pry-byebug - rails (= 7.2.2) + rails (= 8.0.1) ratelimit redcarpet rspec-rails From d35b3cd77395fa9cd974f9c84423bb28caa46d3f Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Mon, 3 Feb 2025 16:19:07 +0000 Subject: [PATCH 2/6] Run bin/rails app:update --- bin/brakeman | 7 +++++ bin/dev | 2 ++ bin/rubocop | 8 +++++ config/initializers/assets.rb | 7 +---- .../initializers/filter_parameter_logging.rb | 4 +-- .../new_framework_defaults_8_0.rb | 30 +++++++++++++++++++ 6 files changed, 50 insertions(+), 8 deletions(-) create mode 100755 bin/brakeman create mode 100755 bin/dev create mode 100755 bin/rubocop create mode 100644 config/initializers/new_framework_defaults_8_0.rb diff --git a/bin/brakeman b/bin/brakeman new file mode 100755 index 000000000..ace1c9ba0 --- /dev/null +++ b/bin/brakeman @@ -0,0 +1,7 @@ +#!/usr/bin/env ruby +require "rubygems" +require "bundler/setup" + +ARGV.unshift("--ensure-latest") + +load Gem.bin_path("brakeman", "brakeman") diff --git a/bin/dev b/bin/dev new file mode 100755 index 000000000..5f91c2054 --- /dev/null +++ b/bin/dev @@ -0,0 +1,2 @@ +#!/usr/bin/env ruby +exec "./bin/rails", "server", *ARGV diff --git a/bin/rubocop b/bin/rubocop new file mode 100755 index 000000000..40330c0ff --- /dev/null +++ b/bin/rubocop @@ -0,0 +1,8 @@ +#!/usr/bin/env ruby +require "rubygems" +require "bundler/setup" + +# explicit rubocop config increases performance slightly while avoiding config confusion. +ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__)) + +load Gem.bin_path("rubocop", "rubocop") diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index 9c7a620b5..68fd3a0a4 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -1,12 +1,7 @@ # Be sure to restart your server when you modify this file. # Version of your assets, change this if you want to expire all your assets. -# Rails.application.config.assets.version = '1.0' +# Rails.application.config.assets.version = "1.0" # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path - -# Precompile additional assets. -# application.js, application.css, and all non-JS/CSS in the app/assets -# folder are already added. -# Rails.application.config.assets.precompile += %w( admin.js admin.css ) diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 262e86202..c0b717f7e 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -3,6 +3,6 @@ # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. # Use this to limit dissemination of sensitive information. # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. -Rails.application.config.filter_parameters += %i[ - passw secret token _key crypt salt certificate otp ssn +Rails.application.config.filter_parameters += [ + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc ] diff --git a/config/initializers/new_framework_defaults_8_0.rb b/config/initializers/new_framework_defaults_8_0.rb new file mode 100644 index 000000000..92efa9515 --- /dev/null +++ b/config/initializers/new_framework_defaults_8_0.rb @@ -0,0 +1,30 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Specifies whether `to_time` methods preserve the UTC offset of their receivers or preserves the timezone. +# If set to `:zone`, `to_time` methods will use the timezone of their receivers. +# If set to `:offset`, `to_time` methods will use the UTC offset. +# If `false`, `to_time` methods will convert to the local system UTC offset instead. +#++ +# Rails.application.config.active_support.to_time_preserves_timezone = :zone + +### +# When both `If-Modified-Since` and `If-None-Match` are provided by the client +# only consider `If-None-Match` as specified by RFC 7232 Section 6. +# If set to `false` both conditions need to be satisfied. +#++ +# Rails.application.config.action_dispatch.strict_freshness = true + +### +# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks. +#++ +# Regexp.timeout = 1 From c5388ebaa60352cc889895df652424370109a8b5 Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Mon, 3 Feb 2025 16:24:09 +0000 Subject: [PATCH 3/6] lint: fix filter parameters --- config/initializers/filter_parameter_logging.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index c0b717f7e..f72dcdfaa 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -3,6 +3,6 @@ # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. # Use this to limit dissemination of sensitive information. # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. -Rails.application.config.filter_parameters += [ - :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc +Rails.application.config.filter_parameters += %i[ + passw email secret token _key crypt salt certificate otp ssn cvv cvc ] From c4ebfcd868aaf450cd4dede29acb8133d018d647 Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Mon, 3 Feb 2025 17:02:56 +0000 Subject: [PATCH 4/6] Update subscription as_json to use merges - Tests complain here that the options array being passed in is frozen. Replace mutation with a merge and return pattern to avoid this issue. --- app/models/subscription.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/subscription.rb b/app/models/subscription.rb index e669cc4c5..1cd959172 100644 --- a/app/models/subscription.rb +++ b/app/models/subscription.rb @@ -58,8 +58,8 @@ class Subscription < ApplicationRecord } def as_json(options = {}) - options[:except] ||= %i[signon_user_uid subscriber_list_id subscriber_id] - options[:include] ||= %i[subscriber_list subscriber] + options = options.merge(except: %i[signon_user_uid subscriber_list_id subscriber_id]) unless options.key?(:except) + options = options.merge(include: %i[subscriber_list subscriber]) unless options.key?(:include) super(options) end From 49578b4dd41e3b592ee17c5fdd68dc34cca4fa04 Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Mon, 3 Feb 2025 17:06:03 +0000 Subject: [PATCH 5/6] Set framework defaults --- config/application.rb | 2 +- .../new_framework_defaults_8_0.rb | 30 ------------------- 2 files changed, 1 insertion(+), 31 deletions(-) delete mode 100644 config/initializers/new_framework_defaults_8_0.rb diff --git a/config/application.rb b/config/application.rb index 4840354af..c26097414 100644 --- a/config/application.rb +++ b/config/application.rb @@ -23,7 +23,7 @@ module EmailAlertApi class Application < Rails::Application config.api_only = true - config.load_defaults 7.1 + config.load_defaults 8.0 # Please, add to the `ignore` list any other `lib` subdirectories that do # not contain `.rb` files, or that should not be reloaded or eager loaded. diff --git a/config/initializers/new_framework_defaults_8_0.rb b/config/initializers/new_framework_defaults_8_0.rb deleted file mode 100644 index 92efa9515..000000000 --- a/config/initializers/new_framework_defaults_8_0.rb +++ /dev/null @@ -1,30 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file eases your Rails 8.0 framework defaults upgrade. -# -# Uncomment each configuration one by one to switch to the new default. -# Once your application is ready to run with all new defaults, you can remove -# this file and set the `config.load_defaults` to `8.0`. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. -# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html - -### -# Specifies whether `to_time` methods preserve the UTC offset of their receivers or preserves the timezone. -# If set to `:zone`, `to_time` methods will use the timezone of their receivers. -# If set to `:offset`, `to_time` methods will use the UTC offset. -# If `false`, `to_time` methods will convert to the local system UTC offset instead. -#++ -# Rails.application.config.active_support.to_time_preserves_timezone = :zone - -### -# When both `If-Modified-Since` and `If-None-Match` are provided by the client -# only consider `If-None-Match` as specified by RFC 7232 Section 6. -# If set to `false` both conditions need to be satisfied. -#++ -# Rails.application.config.action_dispatch.strict_freshness = true - -### -# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks. -#++ -# Regexp.timeout = 1 From b5fd3a12ba430719050ab2d533213b19bd19e704 Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Wed, 5 Feb 2025 10:41:16 +0000 Subject: [PATCH 6/6] Update order of match criteria - Match criteria seem to have stabilised order (this now matches the order we ask for them when converting the matching criterai to json here: https://github.com/alphagov/email-alert-api/blob/5b4be94377f3dc78baf1df15bd244bd3946fa960/lib/reports/subscriber_lists_report_row.rb#L28-L35 ...so it seems reasonable to accept this update. --- spec/lib/reports/subscriber_lists_report_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/lib/reports/subscriber_lists_report_spec.rb b/spec/lib/reports/subscriber_lists_report_spec.rb index c32216461..5e1c84505 100644 --- a/spec/lib/reports/subscriber_lists_report_spec.rb +++ b/spec/lib/reports/subscriber_lists_report_spec.rb @@ -15,8 +15,8 @@ end it "returns data around active lists for the given date" do - expected_criteria_bits = '{"document_type":"","tags":{"tribunal_decision_categories":{"any":["agency-workers"]}},' \ - '"links":{},"email_document_supertype":"","government_document_supertype":""}' + expected_criteria_bits = '{"links":{},"tags":{"tribunal_decision_categories":{"any":["agency-workers"]}},' \ + '"email_document_supertype":"","government_document_supertype":"","document_type":""}' expected = CSV.generate do |csv| csv << %w[