downgrade rack to 2.x

Signed-off-by: Andrew Fader <[email protected]>

Author: andrewfader

Gemfile

@@ -21,14 +21,14 @@ ruby File.read('.ruby-version').strip
 # Loading only what we use reduces memory use & attack surface.
 # gem 'actioncable' # Not used. Client/server comm channel.
 # gem 'activestorage' # Not used. Attaches cloud files to ActiveRecord.
-gem 'actionmailer', '~> 7.2.2' # Rails. Send email.
-gem 'actionpack', '~> 7.2.2' # Rails. MVC framework.
-gem 'actionview', '~> 7.2.2' # Rails. View.
-gem 'activejob', '~> 7.2.2' # Rails. Async jobs.
-gem 'activemodel', '~> 7.2.2' # Rails. Model basics.
-gem 'activerecord', '~> 7.2.2' # Rails. ORM and query system.
+gem 'actionmailer', '~> 8.0.1' # Rails. Send email.
+gem 'actionpack', '~> 8.0.1' # Rails. MVC framework.
+gem 'actionview', '~> 8.0.1' # Rails. View.
+gem 'activejob', '~> 8.0.1' # Rails. Async jobs.
+gem 'activemodel', '~> 8.0.1' # Rails. Model basics.
+gem 'activerecord', '~> 8.0.1' # Rails. ORM and query system.
 # gem 'activestorage' # Not used. Attaches cloud files to ActiveRecord.
-gem 'activesupport', '~> 7.2.2' # Rails. Underlying library.
+gem 'activesupport', '~> 8.0.1' # Rails. Underlying library.
 # gem 'activetext' # Not used. Text editor that fails to support markdown.
 gem 'attr_encrypted', '~> 4'
 gem 'bcrypt', '~> 3.1.18' # Security - for salted hashed interacted passwords
@@ -81,20 +81,21 @@ gem 'omniauth-github', '~> 2.0' # Authentication to GitHub (get project info)
 gem 'omniauth-rails_csrf_protection'
 gem 'pagy', '~> 6.0'
 gem 'paleta', '~> 0.3' # Color manipulation, used for badges
-gem 'paper_trail', '~> 15.2.0' # Record previous versions of project data
+gem 'paper_trail', '~> 16.0' # Record previous versions of project data
 gem 'pg', '~> 1.4' # PostgreSQL database, used for data storage
 gem 'pg_search', '~> 2.3' # PostgreSQL full-text search
 gem 'puma', '~> 6.5' # Faster webserver; recommended by Heroku
 gem 'puma_worker_killer', '~> 1.0' # Band-aid: Restart to limit memory use
+gem 'rack', '< 3'
 gem 'rack-attack', '~> 6.7' # Implement rate limiting
 gem 'rack-cors', '~> 2.0' # Enable CORS so JavaScript clients can get JSON
 gem 'rack-headers_filter', '~> 0.0.1' # Filter out "dangerous" headers
 # We no longer say: gem 'rails', '6.1.7.3' # Our web framework
 # but instead load only what we use (to reduce memory use and attack surface).
 # We load sprockets-rails, but its version number isn't kept in sync.
 # Note: Update the gem versions of action* and railties in sync.
-gem 'railties', '~> 7.2.2' # Rails. Rails core, loads rest of Rails
-gem 'rails-i18n', '~> 7.0.10' # Localizations for Rails built-ins # not 7.2.2
+gem 'railties', '~> 8.0.1' # Rails. Rails core, loads rest of Rails
+gem 'rails-i18n', '~> 8.0.1' # Localizations for Rails built-ins
 gem 'redcarpet', '~> 3.5' # Process markdown in form textareas (justifications)
 gem 'sassc-rails' # compiles .scss (css replacement) drop-in replacement for sass-rails
 gem 'scout_apm' # Monitor for memory leaks
@@ -151,7 +152,7 @@ group :development do
   # We bring in full rails in development in case we need it for debugging;
   # this also keeps some gems happy that don't realize that loading
   # only *parts* of Rails is fine:
-  gem 'rails', '~> 7.2.2' # Rails (our web framework)
+  gem 'rails', '~> 8.0.1' # Rails (our web framework)
   # To update the translation gem, see the process docs in doc/testing.md
   gem 'translation', '1.37' # translation.io - translation service
   gem 'web-console' # In-browser debugger; use <% console %> or console

Gemfile.lock

@@ -1,66 +1,65 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.2.2.1)
-      actionpack (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actioncable (8.0.1)
+      actionpack (= 8.0.1)
+      activesupport (= 8.0.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.2.2.1)
-      actionpack (= 7.2.2.1)
-      activejob (= 7.2.2.1)
-      activerecord (= 7.2.2.1)
-      activestorage (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actionmailbox (8.0.1)
+      actionpack (= 8.0.1)
+      activejob (= 8.0.1)
+      activerecord (= 8.0.1)
+      activestorage (= 8.0.1)
+      activesupport (= 8.0.1)
       mail (>= 2.8.0)
-    actionmailer (7.2.2.1)
-      actionpack (= 7.2.2.1)
-      actionview (= 7.2.2.1)
-      activejob (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actionmailer (8.0.1)
+      actionpack (= 8.0.1)
+      actionview (= 8.0.1)
+      activejob (= 8.0.1)
+      activesupport (= 8.0.1)
       mail (>= 2.8.0)
       rails-dom-testing (~> 2.2)
-    actionpack (7.2.2.1)
-      actionview (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actionpack (8.0.1)
+      actionview (= 8.0.1)
+      activesupport (= 8.0.1)
       nokogiri (>= 1.8.5)
-      racc
-      rack (>= 2.2.4, < 3.2)
+      rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
       useragent (~> 0.16)
-    actiontext (7.2.2.1)
-      actionpack (= 7.2.2.1)
-      activerecord (= 7.2.2.1)
-      activestorage (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actiontext (8.0.1)
+      actionpack (= 8.0.1)
+      activerecord (= 8.0.1)
+      activestorage (= 8.0.1)
+      activesupport (= 8.0.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actionview (8.0.1)
+      activesupport (= 8.0.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activejob (7.2.2.1)
-      activesupport (= 7.2.2.1)
+    activejob (8.0.1)
+      activesupport (= 8.0.1)
       globalid (>= 0.3.6)
-    activemodel (7.2.2.1)
-      activesupport (= 7.2.2.1)
-    activerecord (7.2.2.1)
-      activemodel (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    activemodel (8.0.1)
+      activesupport (= 8.0.1)
+    activerecord (8.0.1)
+      activemodel (= 8.0.1)
+      activesupport (= 8.0.1)
       timeout (>= 0.4.0)
-    activestorage (7.2.2.1)
-      actionpack (= 7.2.2.1)
-      activejob (= 7.2.2.1)
-      activerecord (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    activestorage (8.0.1)
+      actionpack (= 8.0.1)
+      activejob (= 8.0.1)
+      activerecord (= 8.0.1)
+      activesupport (= 8.0.1)
       marcel (~> 1.0)
-    activesupport (7.2.2.1)
+    activesupport (8.0.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
@@ -72,6 +71,7 @@ GEM
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ansi (1.5.0)
@@ -264,7 +264,7 @@ GEM
       bigdecimal (~> 3.1)
     net-http (0.6.0)
       uri
-    net-imap (0.5.3)
+    net-imap (0.5.4)
       date
       net-protocol
     net-pop (0.1.2)
@@ -311,7 +311,7 @@ GEM
       omniauth (~> 2.0)
     pagy (6.5.0)
     paleta (0.3.0)
-    paper_trail (15.2.0)
+    paper_trail (16.0.0)
       activerecord (>= 6.1)
       request_store (~> 1.4)
     parallel (1.26.3)
@@ -359,37 +359,37 @@ GEM
       get_process_mem (>= 0.2)
       puma (>= 2.7)
     racc (1.8.1)
-    rack (3.1.8)
+    rack (2.2.10)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (2.0.2)
       rack (>= 2.0.0)
     rack-headers_filter (0.0.1)
-    rack-protection (4.1.1)
+    rack-protection (3.2.0)
       base64 (>= 0.1.0)
-      logger (>= 1.6.0)
-      rack (>= 3.0.0, < 4)
-    rack-session (2.0.0)
-      rack (>= 3.0.0)
-    rack-test (2.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    rack-session (1.0.2)
+      rack (< 3)
+    rack-test (2.2.0)
       rack (>= 1.3)
     rack-timeout (0.7.0)
-    rackup (2.2.1)
-      rack (>= 3)
-    rails (7.2.2.1)
-      actioncable (= 7.2.2.1)
-      actionmailbox (= 7.2.2.1)
-      actionmailer (= 7.2.2.1)
-      actionpack (= 7.2.2.1)
-      actiontext (= 7.2.2.1)
-      actionview (= 7.2.2.1)
-      activejob (= 7.2.2.1)
-      activemodel (= 7.2.2.1)
-      activerecord (= 7.2.2.1)
-      activestorage (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    rackup (1.0.1)
+      rack (< 3)
+      webrick
+    rails (8.0.1)
+      actioncable (= 8.0.1)
+      actionmailbox (= 8.0.1)
+      actionmailer (= 8.0.1)
+      actionpack (= 8.0.1)
+      actiontext (= 8.0.1)
+      actionview (= 8.0.1)
+      activejob (= 8.0.1)
+      activemodel (= 8.0.1)
+      activerecord (= 8.0.1)
+      activestorage (= 8.0.1)
+      activesupport (= 8.0.1)
       bundler (>= 1.15.0)
-      railties (= 7.2.2.1)
+      railties (= 8.0.1)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -401,9 +401,9 @@ GEM
     rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
       nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
-    rails-i18n (7.0.10)
+    rails-i18n (8.0.1)
       i18n (>= 0.7, < 2)
-      railties (>= 6.0.0, < 8)
+      railties (>= 8.0.0, < 9)
     rails_12factor (0.0.3)
       rails_serve_static_assets
       rails_stdout_logging
@@ -417,9 +417,9 @@ GEM
       ruby-progressbar
     rails_serve_static_assets (0.0.5)
     rails_stdout_logging (0.0.5)
-    railties (7.2.2.1)
-      actionpack (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    railties (8.0.1)
+      actionpack (= 8.0.1)
+      activesupport (= 8.0.1)
       irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -509,8 +509,7 @@ GEM
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
     stringio (3.1.2)
-    terminal-table (3.0.2)
-      unicode-display_width (>= 1.1.1, < 3)
+    terminal-table (1.6.0)
     text (1.3.1)
     thor (1.3.2)
     tilt (2.5.0)
@@ -522,7 +521,9 @@ GEM
       concurrent-ruby (~> 1.0)
     uglifier (4.2.1)
       execjs (>= 0.3.0, < 3)
-    unicode-display_width (2.6.0)
+    unicode-display_width (3.1.2)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
     uniform_notifier (1.16.0)
     uri (1.0.2)
     useragent (0.16.11)
@@ -537,6 +538,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    webrick (1.9.1)
     websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -565,13 +567,13 @@ PLATFORMS
   x86_64-linux-musl
 
 DEPENDENCIES
-  actionmailer (~> 7.2.2)
-  actionpack (~> 7.2.2)
-  actionview (~> 7.2.2)
-  activejob (~> 7.2.2)
-  activemodel (~> 7.2.2)
-  activerecord (~> 7.2.2)
-  activesupport (~> 7.2.2)
+  actionmailer (~> 8.0.1)
+  actionpack (~> 8.0.1)
+  actionview (~> 8.0.1)
+  activejob (~> 8.0.1)
+  activemodel (~> 8.0.1)
+  activerecord (~> 8.0.1)
+  activesupport (~> 8.0.1)
   attr_encrypted (~> 4)
   awesome_print
   bcrypt (~> 3.1.18)
@@ -607,7 +609,7 @@ DEPENDENCIES
   omniauth-rails_csrf_protection
   pagy (~> 6.0)
   paleta (~> 0.3)
-  paper_trail (~> 15.2.0)
+  paper_trail (~> 16.0)
   pg (~> 1.4)
   pg_search (~> 2.3)
   pronto (~> 0.11)
@@ -617,15 +619,16 @@ DEPENDENCIES
   pry-byebug
   puma (~> 6.5)
   puma_worker_killer (~> 1.0)
+  rack (< 3)
   rack-attack (~> 6.7)
   rack-cors (~> 2.0)
   rack-headers_filter (~> 0.0.1)
   rack-timeout (~> 0.7.0)
-  rails (~> 7.2.2)
+  rails (~> 8.0.1)
   rails-controller-testing (~> 1.0)
-  rails-i18n (~> 7.0.10)
+  rails-i18n (~> 8.0.1)
   rails_12factor (~> 0.0.3)
-  railties (~> 7.2.2)
+  railties (~> 8.0.1)
   redcarpet (~> 3.5)
   rubocop (~> 1.6)
   rubocop-performance (~> 1.20)

config/application.rb

@@ -29,7 +29,9 @@ class Application < Rails::Application
 end
 
 # Prepare for future deprecation.
-# to_time will always preserve the timezone offset of the receiver in Rails 8.0.
-# This opts into the new 8.0 behavior
+# to_time will always preserve the full timezone rather than the
+# offset of the receiver in Rails 8.1.
+# This opts into the new 8.1 behavior.
+# In our case it doesn't matter, the only timezone we use is UTC.
 
-ActiveSupport.to_time_preserves_timezone = true
+ActiveSupport.to_time_preserves_timezone = :zone

config/environment.rb

@@ -7,5 +7,13 @@
 # Load the Rails application.
 require_relative 'application'
 
+# Eliminate deprecation warning that
+# > `to_time` will always preserve the receiver timezone rather than
+# > system local time in Rails 8.1. To opt in to the new behavior,
+# > set `config.active_support.to_time_preserves_timezone = :zone`
+# In practice we only use UTC in operational systems anyway.
+
+Rails.configuration.active_support.to_time_preserves_timezone = :zone
+
 # Initialize the Rails application.
 Rails.application.initialize!